Valhalla Legends Forums Archive | Battle.net Bot Development | S->C 0x5E, how to deal with it?

AuthorMessageTime
LockesRabb
What's the best way to deal with 0x5E?

[10:17:35 AM] Received Packet: 0xA (SID_ENTERCHAT)
[10:17:35 AM] Received Packet: 0xF (SID_CHATEVENT)
[10:17:35 AM] Received Packet: 0xF (SID_CHATEVENT)
[10:17:37 AM] Received Packet: 0x5E (UNKNOWN BNET PACKET!)
[10:17:37 AM] Dumping packet...
[pre]0000: FF 5E 29 00 AF 6F C0 FC E5 B0 18 57 9D AA 4D 1C  ÿ^).¯oÀüå°W?ªM
0010: 07 21 78 F0 D7 F7 FC 4A 03 27 74 53 28 99 EF 80  !xð×÷üJ'tS(™ï€
0020: F2 21 6C 7E F4 66 62 4B 24                      ò!l~ôfbK$.......[/pre]

Thanks in advance for any and all responses.
July 7, 2007, 5:30 PM
Barabajagal
Dude... it's still on the first page, even! https://davnit.net/bnet/vL/index.php?topic=16758.0
July 7, 2007, 7:24 PM
LockesRabb
Pardon my stupidity, but the thread doesn't say what exactly needs to be sent as a response to the 0x5E. So elaboration would most definitely be appreciated.

The thread had gone off-topic and hadn't be splitted, so I figured it'd be okay to post a separate thread.
July 9, 2007, 4:29 AM
Spilled[DW]
[quote author=Kyro link=topic=16856.msg170844#msg170844 date=1183955359]
Pardon my stupidity, but the thread doesn't say what exactly needs to be sent as a response to the 0x5E. So elaboration would most definitely be appreciated.
[/quote]

If you would take the time to READ, the response to 0x5E is unknown as of right now.
July 9, 2007, 5:12 AM
Barabajagal
I didn't mean to offend you, it's just... it was in an obvious location. And that thread's all the public info there is on it.
July 9, 2007, 5:15 AM
LockesRabb
No offense taken. Thanks for pointing out there's no solution as of yet. I wasn't sure in that case, but thanks once more for the clarification.
July 9, 2007, 6:50 AM
Barabajagal
Well... there is a solution.. sort of. I'm gonna make another database! ;)
July 9, 2007, 7:10 AM
LockesRabb
Would it be possible that right after the packet header, it has the size? From what I've seen in the other thread, it seems like the client is downloading data. So perhaps the first few bytes after the header is the file size, and the rest file data?

Or perhaps it's like a patch, not an actual file, but a series of mini-updates-- perhaps the first few bytes of each 0x5E packet after the header tell the size of the updates. Something similar to anti-virus. Perhaps it downloads a new uhhh what's its called... Signature for a hack, scans the client memoryspace for the hack, hashes the results and sends it back to bnet. From what it appears, it's an one time thing. I'm grabbing at straws here and theorizing, but hey. :P

On Tues (my day off work), I'll log the 0x5E about thirty times (with a timer so I don't get ip'ed), and compare the results. Maybe there'll be a pattern. I'll paste the results here if you haven't already.
July 9, 2007, 8:41 AM
DDA-TriCk-E
[quote author=Kyro link=topic=16856.msg170853#msg170853 date=1183970502]
Would it be possible that right after the packet header, it has the size? From what I've seen in the other thread, it seems like the client is downloading data. So perhaps the first few bytes after the header is the file size, and the rest file data?

Or perhaps it's like a patch, not an actual file, but a series of mini-updates-- perhaps the first few bytes of each 0x5E packet after the header tell the size of the updates. Something similar to anti-virus. Perhaps it downloads a new uhhh what's its called... Signature for a hack, scans the client memoryspace for the hack, hashes the results and sends it back to bnet. From what it appears, it's an one time thing. I'm grabbing at straws here and theorizing, but hey. :P

On Tues (my day off work), I'll log the 0x5E about thirty times (with a timer so I don't get ip'ed), and compare the results. Maybe there'll be a pattern. I'll paste the results here if you haven't already.
[/quote]
It is assembly code which checks for hacks running in memory, if it were a "patch" files would be getting patched every 5 seconds which would be overkill.

You can read in-depth about Warden here:
http://www.edgeofnowhere.cc/viewtopic.php?t=311204

More about reverse engineering Warden can be found here:
http://www.bwhacks.com/forums/showthread.php?t=24708
July 9, 2007, 9:39 AM

Search