Valhalla Legends Forums Archive | Battle.net Bot Development | [VB]STAR ~ Recieving Unrecognized Game Ver (101)

AuthorMessageTime
John420
[code]Using Rob's CheckRevision.dll.

C>S
[code]0000  01 FF 50 3A 00 00 00 00 00 36 38 58 49 52 41 54    ..P:.....68XIRAT
0010  53 D1 00 00 00 33 10 00 00 00 00 00 00 2C 01 00    S....3.......,..
0020  00 09 04 00 00 09 04 00 00 55 53 41 00 55 6E 69    .........USA.Uni
0030  74 65 64 20 53 74 61 74 65 73 00                   ted States.[/code]

S>C
[code]0000  FF 25 08 00 23 BF F5 08 FF 50 3E 00 00 00 00 00    .%..#....P>.....
0010  6E DD CE C0 34 47 05 00 00 14 5A DC 72 FC C6 01    n...4G....Z.r...
0020  6C 6F 63 6B 64 6F 77 6E 2D 49 58 38 36 2D 31 34    lockdown-IX86-14
0030  2E 6D 70 71 00 9F 8B 5D 97 C2 4F 31 D8 38 D2 99    .mpq...]..O1.8..
0040  46 31 0C E0 64 00                                  F1..d.[/code]

C>S
[code]0000  FF 25 08 00 23 BF F5 08 FF 51 73 00 98 85 0E 06    .%..#....Qs.....
0010  01 02 0F 01 4D 17 A8 61 01 00 00 00 00 00 00 00    ....M..a........
0020  0D 00 00 00 01 00 00 00 66 DB 5A 00 00 00 00 00    ........f.Z.....
0030  02 96 15 2B 26 1D 2E 16 F1 61 C5 6A B8 2C AB 60    ...+&....a.j.,.`
0040  E1 8C 37 A2 53 74 61 72 63 72 61 66 74 2E 65 78    ..7.Starcraft.ex
0050  65 20 30 33 2F 31 34 2F 30 38 20 32 31 3A 33 35    e 03/14/08 21:35
0060  3A 32 31 20 31 32 32 30 36 30 38 00 54 68 65 20    :21 1220608.The
0070  4D 75 66 66 69 6E 20 4D 61 6E 00                   Muffin Man.[/code]

S>C
[code]
0000  FF 51 09 00 01 01 00 00 00                         .Q.......[/code]

Which part of the packet was contructed wrong?
[/code]
March 16, 2008, 1:44 AM
BreW
The exe info field.
March 16, 2008, 2:00 AM
HdxBmx27
To be more helpful then brew:
Your packet formats are correct.
However your data is off, it seems that the CheckRevision dll you are using still uses the IX86Ver#.dll function as opposed to the lockdown function.
In lockdown the 'exe info' string is actually part of a [god i cant remember, I think SHA] digest. So it wont have "Starcraft.exe ..." it will be raw data.
March 16, 2008, 2:30 AM
John420
[code]Ok I believe I've fixed the ExeInfo. Heres a new packet dump. Same response.

S>C
[code]0000  FF 25 08 00 20 EA 7F 07 FF 50 3E 00 00 00 00 00    .%.. ....P>.....
0010  BE 39 28 89 D3 CE 05 00 00 14 5A DC 72 FC C6 01    .9(.......Z.r...
0020  6C 6F 63 6B 64 6F 77 6E 2D 49 58 38 36 2D 31 34    lockdown-IX86-14
0030  2E 6D 70 71 00 23 9D 75 26 EC 23 E3 64 DD 78 40    .mpq.#.u&.#.d.x@
0040  D8 54 C1 62 6B 00                                  .T.bk.[/code]

C>S
0000  FF 25 08 00 20 EA 7F 07 FF 51 5C 00 36 CE 68 07    .%.. ....Q\.6.h.
0010  01 02 0F 01 23 A8 C0 61 01 00 00 00 00 00 00 00    ....#..a........
0020  0D 00 00 00 01 00 00 00 66 DB 5A 00 00 00 00 00    ........f.Z.....
0030  BF 9C 82 2F 76 3C 1C 6E AD 5F 96 FE 93 B9 4C 69    .../v<.n._....Li
0040  8C F4 68 42 33 70 BC 38 71 E0 D4 30 ED 31 FC D8    ..hB3p.8q..0.1..
0050  C9 77 56 5C 00 54 68 65 20 4D 75 66 66 69 6E 20    .wV\.The Muffin
0060  4D 61 6E 00                                        Man.[/code]

S>C
[code]0000  FF 51 09 00 01 01 00 00 00                        .Q.......[/code]

Thanks again in advance.
March 16, 2008, 7:47 AM
HdxBmx27
Jesus christ, you do not know how to fucking post a packet log.
[code]asdasdfasdfasdf
asdfasdfasdfasdf[/code]
Its not hard, Anyways, Poke around the forums, find a few test values for your crev. Or hell, shoot some test packets at BNLS/JBLS.
I don't have the time right now to be testing it for you. [its 1am -.-]
I've got the source to BNCSutil now, so within the next few days i'll be adding lockdown, rc4, etc.. into it.

But like I said, grab some test values from a live source [bnls/jbls] Or hell, I would suggest simply implementing in the one BNLS packet [0x1a] thats all you really need.
March 16, 2008, 7:53 AM
UserLoser
sending correct version code in SID_AUTH_INFO?
March 16, 2008, 9:31 AM
John420
I have BNLS 0x1A supported already, though I get some wierd results. Sometimes I'll receive x101 and othertimes (the majority) I'll get ipbanned. My browser fucks up the code tags when I use them, sorry.

Heres a dump using BNLS.

[code]
BNCS C>S
0000  01 FF 50 3A 00 00 00 00 00 36 38 58 49 52 41 54    ..P:.....68XIRAT
0010  53 D1 00 00 00 33 10 00 00 00 00 00 00 2C 01 00    S....3.......,..
0020  00 09 04 00 00 09 04 00 00 55 53 41 00 55 6E 69    .........USA.Uni
0030  74 65 64 20 53 74 61 74 65 73 00                  ted States.

BNCS S>C
0000  FF 25 08 00 52 0F 48 1E FF 50 3E 00 00 00 00 00    .%..R.H..P>.....
0010  CC 68 4E A0 78 B0 A4 00 00 C8 1E E1 72 FC C6 01    .hN.x.......r...
0020  6C 6F 63 6B 64 6F 77 6E 2D 49 58 38 36 2D 31 36    lockdown-IX86-16
0030  2E 6D 70 71 00 07 F8 5E 94 2A 1F B4 93 C6 4F 61    .mpq...^.*....Oa
0040  64 C4 B1 3A 0A 00                                  d..:..

BNLS C>S
0000  3D 00 1A 01 00 00 00 00 00 00 00 01 00 00 00 78    =..............x
0010  B0 A4 00 00 C8 1E E1 6C 6F 63 6B 64 6F 77 6E 2D    .......lockdown-
0020  49 58 38 36 2D 31 36 2E 6D 70 71 00 07 F8 5E 94    IX86-16.mpq...^.
0030  2A 1F B4 93 C6 4F 61 64 C4 B1 3A 0A 00            *....Oad..:..

BNLS S>C
0000  28 00 1A 01 00 00 00 00 01 0F 01 E8 5B BA AB AF    (...........[...
0010  21 54 DD 6A 34 67 67 E1 34 47 12 2C 8B 4E C6 00    !T.j4gg.4G.,.N..
0020  01 00 00 00 D1 00 00 00                            ........

BNCS C>S 
0000  FF 25 08 00 52 0F 48 1E FF 51 64 00 19 CB 98 0A    .%..R.H..Qd.....
0010  00 01 0F 01 E8 5B BA AB 01 00 00 00 00 00 00 00    .....[..........
0020  0D 00 00 00 01 00 00 00 66 DB 5A 00 00 00 00 00    ........f.Z.....
0030  A4 4B DD 3D 54 45 C7 3D 76 5E 9C AD 82 B2 B4 28    .K.=TE.=v^.....(
0040  C0 66 F8 83 AF 21 54 DD 6A 34 67 67 E1 34 47 12    .f...!T.j4gg.4G.
0050  2C 8B 4E C6 00 01 00 00 00 D1 00 00 00 54 68 65    ,.N..........The
0060  20 4D 75 66 66 69 6E 20 4D 61 6E 00                Muffin Man.
[/code]

The end result is an ip ban.
March 16, 2008, 10:39 PM
UserLoser
not sure if it would help but try using BNLS_CHOOSENLSREVISION before performing any sort of hashing
March 16, 2008, 10:42 PM
HdxBmx27
Don't bother with that, that is only needed for the SRP part of NLS, nothing to do with checkrevision.
Give me a moment I will disect your log. [Hey hey! I'm not drunk so I can do it!]
What BNLS server are you using?
I don't know if BNLS is up for the new sc patch, try JBLS.org
March 16, 2008, 10:48 PM
John420
bnls.valhallalegends.com
March 16, 2008, 10:49 PM
Myndfyr
Which version of Visual Basic are you using?
March 16, 2008, 11:08 PM
John420
MS Visual Studio 6.0
March 16, 2008, 11:09 PM
HdxBmx27
[code]BNCS C>S
01 . -Protocol Byte
FF 50 3A 00 .P:. - Header
00 00 00 00 .... - Protocol ID (0)
36 38 58 49 68XI - Platform ID
52 41 54 53 RATS - Product ID
D1 00 00 00 .... - Version Byte
33 10 00 00 3... - Product language
00 00 00 00 .... - Local IP for NAT compatibility* [You should be setting this to your lan IP]
2C 01 00 00 ,... - Time zone bias*
09 04 00 00 .... - Locale ID*
09 04 00 00 .... - Language ID*
55 53 41 00 USA. - Country abreviation
55 6E 69 74 65 64 20 53 74 61 74 65 73 00 United States. - Country

BNCS S>C
FF 25 08 00 .%.. - Header
52 0F 48 1E R.H. - Ping Value

FF 50 3E 00 .P>. - Header
00 00 00 00 .... - Logon Type
CC 68 4E A0 .hN. - Server Token
78 B0 A4 00 x... - UDPValue *
00 C8 1E E1 72 FC C6 01 ....r... - MPQ filetime
6C 6F 63 6B 64 6F 77 6E 2D 49 58 38 36 2D 31 36 2E 6D 70 71 00 lockdown-IX86-16.mpq. - IX86ver filename
07 F8 5E 94 2A 1F B4 93 C6 4F 61 64 C4 B1 3A 0A 00 ..^.*....Oad..:.. - ValueString

BNLS C>S
3D 00 1A =.. - Header
01 00 00 00 .... - Product ID.*
00 00 00 00 .... - Flags.**
01 00 00 00 .... - Cookie.
78 B0 A4 00 00 C8 1E E1 x....... - Timestamp for version check archive.
[This is messed up, you're sending the UDP token, and the 1st 1/2 of the timestamp]
6C 6F 63 6B 64 6F 77 6E 2D 49 58 38 36 2D 31 36 2E 6D 70 71 00 lockdown-IX86-16.mpq. - Version check archive filename.
07 F8 5E 94 2A 1F B4 93 C6 4F 61 64 C4 B1 3A 0A 00 ..^.*....Oad..:.. - Checksum formula.

BNLS S>C
28 00 1A (.. - Header
01 00 00 00 .... - Success*
00 01 0F 01 .... - Version.
E8 5B BA AB .[.. - Checksum.
AF 21 54 DD 6A 34 67 67 E1 34 47 12 2C 8B 4E C6 00 .!T.j4gg.4G.,.N.. - Version check stat string.
01 00 00 00 .... - Cookie.
D1 00 00 00 .... - The latest version code for this product.

BNCS C>S 
FF 25 08 00 .%.. - Header
52 0F 48 1E R.H. - Ping Value

FF 51 64 00 .Qd. - Header
19 CB 98 0A .... - Client Token
00 01 0F 01 .... - EXE Version
E8 5B BA AB .[.. - EXE Hash
01 00 00 00 .... - Number of keys in this packet
00 00 00 00 .... - Using Spawn (32-bit)
   0D 00 00 00 .... - Key Length
   01 00 00 00 .... - CD key's product value
   66 DB 5A 00 f.Z. - CD key's public value
   00 00 00 00 .... - Unknown (0)
   A4 4B DD 3D .K.= - Hashed Key Data 1
   54 45 C7 3D TE.= - Hashed Key Data 2
   76 5E 9C AD v^.. - Hashed Key Data 3
   82 B2 B4 28 ...( - Hashed Key Data 4
   C0 66 F8 83 .f.. - Hashed Key Data 5
AF 21 54 DD 6A 34 67 67 E1 34 47 12 2C 8B 4E C6 00 .!T.j4gg.4G.,.N.. - Crev String [This is correct]
01 00 00 00 .... - Why the fuck is the cookie here?
D1 00 00 00 .... - Why the fuck is the Version Byte here?
54 68 65 20 4D 75 66 66 69 6E 20 4D 61 6E 00 The Muffin Man. - CDKey Owner[/code]
You fucked up parsing the Check revision String from 0x1a. So you're sending extra data in 0x51, hence the IPBan
You also messed up the mpq timestamp in 0x1a C->S
March 16, 2008, 11:20 PM
John420
Heres my code for parsing BNCS 0x50

And for building BNLS 0x1A

And parsing BNLS 0x1A
March 16, 2008, 11:42 PM
HdxBmx27
Get a proper buffer class!!!!
[code]Hashing.ServerToken = Stuff.GetDWORD(Mid(Data, 9, 4))
            Hashing.mpqLow = Stuff.GetDWORD(Mid(Data, 13, 4))
            Hashing.mpqHigh = Stuff.GetDWORD(Mid(Data, 17, 4))
            Select Case Settings.Product
            Case "SEXP", "PXES", "RATS", "STAR", "W2BN", "NB2W"
                Hashing.mpqName = CStr(Mid(Mid(Data, InStr(1, Data, "lockdown-IX86-"), Len(Data)), 1, 20))
                Hashing.Hash = Mid(Data, 45, Len(Data) - 2)[/code] My Eyes they burn!!!
Post your Settings.PacketBuffer

[code]
dim buf as new Buffer
with buf
  .data  = Data
  logon   = .remove(DWORD)
  stoken = .remove(DWORD)
  udp      = .remove(DWORD)
  filetime = .remove(LONG)
  archive = .remove(NTSTRING)
  seeds   = .remove(NTSTRING)
end with
[/code]

Hell of a lot cleaner then yours.
March 16, 2008, 11:46 PM
John420
PBuffer Class:
March 16, 2008, 11:57 PM
HdxBmx27
[code]Option Explicit
Private Declare Sub CopyMemory Lib "kernel32" Alias "RtlMoveMemory" (Destination As Any, Source As Any, ByVal length As Long)
Public Enum DataTypes
    DWORD
    WORD
    void
    NTString
    NBYTE
    NLONG
End Enum
Public Enum PacketTypes
    BNCS
    BNLS
    RAW
End Enum
Private buffer As String
Private position As Integer


Private Function CreateWORD(ByVal Value As Integer) As String
    Dim Result As String * 2
    CopyMemory ByVal Result, Value, 2
    CreateWORD = Result
End Function
Private Function CreateDWORD(ByVal Value As Long) As String
    Dim Result As String * 4
    CopyMemory ByVal Result, Value, 4
    CreateDWORD = Result
End Function
Private Function CreateLONG(ByVal Value As Double) As String
    Dim Result As String * 8
    CopyMemory ByVal Result, Value, 8
    CreateLONG = Result
End Function
Private Function GetWORD(ByVal Value As String) As Integer
    Dim Result As Integer
    CopyMemory Result, ByVal Value, 2
    GetWORD = Result
End Function
Private Function GetDWORD(ByVal Value As String) As Long
    Dim Result As Long
    CopyMemory Result, ByVal Value, 4
    GetDWORD = Result
End Function
Private Function GetLONG(ByVal Value As String) As Double
    Dim Result As Double
    CopyMemory Result, ByVal Value, 8
    GetLONG = Result
End Function
Private Function HasData(ByVal length As Long) As Boolean
    HasData = True
    If (Len(buffer) < position + length - 1) Then HasData = False
End Function

Public Function Push(ByVal DataType As DataTypes, ByVal Data As Variant, Optional Increment As Boolean = True)
    Dim Append As String
    Select Case DataType
        Case DWORD:    Append = CreateDWORD(Data)
        Case WORD:     Append = CreateWORD(Data)
        Case void:     Append = Data
        Case NBYTE:    Append = Chr(Data)
        Case NLONG:    Append = CreateLONG(Data)
        Case NTString: Append = Data & Chr$(0)
    End Select
    If (Increment) Then position = position + Len(Append)
    buffer = buffer & Append
End Function

Public Function Pop(ByVal DataType As DataTypes, Optional length As Long = 0, Optional Peek As Boolean = False) As Variant
    Dim Result As Variant
    Select Case DataType
        Case DWORD:
            If (HasData(4)) Then
                Result = GetDWORD(Mid(buffer, position, 4))
                If (!Peek) Then position = position + 4
            End If
        Case WORD:
            If (HasData(2)) Then
                Result = GetDWORD(Mid(buffer, position, 2))
                If (!Peek) Then position = position + 2
            End If
        Case void:
            If (HasData(length)) Then
                Result = Mid(buffer, position, length)
                If (!Peek) Then position = position + length
            End If
        Case NBYTE:
            If (HasData(1)) Then
                Result = Asc(Mid(buffer, position, 1))
                If (!Peek) Then position = position + 1
            End If
        Case NLONG:
            If (HasData(8)) Then
                Result = GetLONG(Mid(buffer, position, 8))
                If (!Peek) Then position = position + 8
            End If
        Case NTString:
            Dim ntpos As Integer
            ntpos = InStr(position, buffer, Chr$(0))
            If (ntpos > 0) Then
                Result = Mid(buffer, position, ntpos - position)
                If (!Peek) Then position = ntpos + 1
            End If
    End Select
    Pop = Result
End Function

Public Function Peek(ByVal DataType As DataTypes, Optional length As Long = 0) As Variant
    Peek = Pop(DataType, length, True)
End Function

Public Function Clear()
    buffer = vbNullString
    position = 1
End Function

Public Function GetPacket(ByVal PacketType As PacketTypes, Optional ID As Byte = 0) As String
    Dim Header As String
    Select Case PacketType
        Case BNCS: Header = Chr$(&HFF) & Chr$(ID) & CreateWORD(Len(buffer) + 4)
        Case BNLS: Header = CreateWORD(Len(buffer) + 3) & Chr$(ID)
    End Select
    GetPacket = Header & buffer
    Clear
End Function

Private Sub Class_Initialize()
    buffer = vbNullString
    position = 1
End Sub[/code]
Heres something I wipped up special for you.
Pretty self exploratory how to use.

[code]Public Sub Main()
  Dim test As New clsBuffer
  With test
    .Push DWORD, 1, False
    .Push WORD, 2, False
    .Push NBYTE, 3, False
    .Push NLONG, 4, False
    .Push NTString, "5", False
    .Push void, "6", False
    Debug.Print .Pop(DWORD)
    Debug.Print .Pop(WORD)
    Debug.Print .Pop(NBYTE)
    Debug.Print .Pop(NLONG)
    Debug.Print .Pop(NTString)
    Debug.Print .Pop(void, 1)
  End With
End Sub[/code]
Note the 'False' on the .Push's
This will make it not increment its position. Which is good for the whole 'debuffer' aspect
exa for SID_PING:
[code]Dim inBuf as new clsBuffer
With inBuf
  .Push void, PacketData, False
  Debug.print "Header Byte: " & .Pop(NBYTE)
  Debug.print "Packet ID: 0x" & Right("00" & Hex(.Pop(NBYTE)), 2)
  Debug.print "Length: " & .Pop(WORD)
  Debug.print "Ping Value: 0x" & Right("00000000" & Hex(.Pop(DWORD)), 8)
End With[/code]
March 17, 2008, 1:14 AM
Spht
We have such a community...  there's not many programming forums where you can paste a bunch of code and say "fix"
March 17, 2008, 3:14 PM
Myndfyr
[quote author=Spht link=topic=17387.msg177074#msg177074 date=1205766874]
We have such a community...  there's not many programming forums where you can paste a bunch of code and say "fix"
[/quote]

Nope.  Good thing, too....  People might get critical if you refused to just "fix."
March 17, 2008, 9:50 PM
HdxBmx27
He was bitching about me.
I don't consider giving him a buffer class is 'fixing' 'his' code, for 1) He didn't make the code hes using now 2) hes a dumb fuck who prolly doesn't even understand what a buffer is 3) Its vb 4) For the love of god I am so bored i'd do anything.
March 18, 2008, 12:00 AM
John420
5) You're assumptions are wrong. 6) You're nothing but a stupid egomaniac who thinks he's better than everyone else and spends hours upon hours on these forums. 7) You're not as cool as you think you are, nor as smart.
March 18, 2008, 3:00 AM
MysT_DooM
hey private, lock it up...get in the front leaning rest...hdx assumptions are based upon the aura of the questions you have asked the replies you have given....
March 18, 2008, 3:15 AM

Search