Valhalla Legends Forums Archive | Battle.net Bot Development | UDP support for StarCraft

AuthorMessageTime
Antarctica
I want to try to add UDP support for a program that routes the Starcraft's connection through a vb6 program.  How do I use the UDP protocol for this?  I have no idea how to use the Bind command.  Please help.

Here's what i have for the two bind commands (sckMainUDP will connect to starcraft, sckBNETUDP will connect to Bnet)
[code]
sckMainUDP.Bind "6112", "127.0.0.1"
sckBNETUDP.Bind
[/code]
June 30, 2008, 9:27 PM
BreW
UDP support? Connection? UDP is a stateless protocol. Perhaps you mean to use TCP.
It would help to know what you're trying to accomplish. Something on the order of capturing the UDP packets starcraft sends/receives during a game?
June 30, 2008, 10:25 PM
Antarctica
Yeah i just want to run my Starcraft's connection through a vb6 app to sniff the packets and maybe inject some.  However, TCP doesn't seem to be enough, because with out it, SC wants to say "You do not have UDP support" and therefore I can't play any games.
June 30, 2008, 10:39 PM
Myndfyr
You'll need to hook Windows API calls within the Starcraft.exe process or inject yourself as a driver on the networking stack.  I'm pretty sure you can't just man-in-the-middle it here.
June 30, 2008, 11:36 PM
Antarctica
And how would I hook Windows API calls within the Starcraft.exe process?
June 30, 2008, 11:38 PM
Kp
The same way you hook Windows API calls in any process.  Rewrite the caller's IAT, detour the API, or put a detour in the caller (listed in order of easiest to hardest).

If you just want to see the traffic, get a network analyzer like tcpdump or Wireshark.  Those will let you monitor the traffic without needing to manipulate the SC process in any way.  However, they're read-only, so you can't use them to inject any new traffic.

On the other hand, the SC UDP protocol has a primitive integrity check built in, so hooking the send call won't let you inject traffic into a game without fixing up the integrity checksum.  The other side will reject the packet because of the checksum mismatch, and the injected packet will be discarded.
July 1, 2008, 3:32 AM
Camel
[quote author=MyndFyre[vL] link=topic=17546.msg178731#msg178731 date=1214869010]
I'm pretty sure you can't just man-in-the-middle it here.
[/quote]

Depends what UDP traffic you're trying to MITM; should be pretty easy to do it against the simple UDP ping, but actually performing this attack on game traffic would be pretty hard, since you'd have to intercept the game lsit packet and rewrite the ip address. Then, you'd have to make sure you're forwarding the UDP traffic to the right place.

Even if you accomplish that, what Kp said still holds true.
July 1, 2008, 11:29 AM
Antarctica
I was just looking for a way to, when creating a game, do /whereis <username> for every user that joins.  Then, if the return is that the user is in any other place than the game I created, have the player automatically banned.  How hard would that be?  ???
July 1, 2008, 9:40 PM
dlStevens
[quote author=Antarctica link=topic=17546.msg178752#msg178752 date=1214948438]
I was just looking for a way to, when creating a game, do /whereis <username> for every user that joins.  Then, if the return is that the user is in any other place than the game I created, have the player automatically banned.  How hard would that be?  ???
[/quote]

You wouldn't necessarily have to intercept packets for that.
July 1, 2008, 10:41 PM
Kp
As Dale notes, you don't need to mess with the UDP stream for that.  As such, it's pretty easy, albeit not completely accurate.  Last I looked, the name advertised when joining didn't have the #number suffix that gets applied to clones, so you might end up banning legitimate players if they happen to join while cloned.

Hook in around the spot where SC sends the /astat command to query the new player's statistics.  Replace it with the /whereis or add your own, as appropriate.  Replacing is safer, since adding it doubles your transmissions and could more easily flood you off.  Save a record that this player is in a provisional state, and check those records when you get /whereis responses.  The only hard part is automatically banning the player on failure.  If you're willing to just display a note to the user that he ought to ban that player, then it's trivially easy.
July 2, 2008, 3:06 AM
iago
[quote author=Antarctica link=topic=17546.msg178752#msg178752 date=1214948438]
How hard would that be?  ???
[/quote]
It would be fairly easy, for somebody who's experienced with that kind of thing.

It would be fairly difficult (steep learning curve) for anybody who isn't.
July 2, 2008, 9:22 PM
Camel
[quote author=Kp link=topic=17546.msg178755#msg178755 date=1214968012]
As Dale notes, you don't need to mess with the UDP stream for that.  As such, it's pretty easy, albeit not completely accurate.  Last I looked, the name advertised when joining didn't have the #number suffix that gets applied to clones, so you might end up banning legitimate players if they happen to join while cloned.

Hook in around the spot where SC sends the /astat command to query the new player's statistics.  Replace it with the /whereis or add your own, as appropriate.  Replacing is safer, since adding it doubles your transmissions and could more easily flood you off.  Save a record that this player is in a provisional state, and check those records when you get /whereis responses.  The only hard part is automatically banning the player on failure.  If you're willing to just display a note to the user that he ought to ban that player, then it's trivially easy.
[/quote]

/whois is exactly the same as /whereis, and is the same length as /astat


Be careful though, you're risking a warden failure when you do stuff like this. It seems unlikely that they'd be checking whether you're overwriting the /astat command, though :P
July 3, 2008, 10:50 PM
Kp
He seemed very focused on using /whereis, so I didn't want to confuse the issue by switching to a more appropriate command.

Even if Warden doesn't object to changing the text of the /astat, there's still the issue that he needs to be hooked into the returning data stream to parse the server responses.  That almost guarantees a Warden failure.  He never specifically said he wanted this to work on official BNCSs, though.
July 4, 2008, 2:54 AM
BreW
As you may recall, the focus of most hacks, and consequentially warden, is within the module starcraft.exe. There is no reason modifying the Storm Network Provider at any time should be *unsafe* in terms of turning up a false positive for hacks. Although unlikely, Blizzard still can change easily change all of this with one warden request address update.
July 4, 2008, 5:09 AM
UserLoser
[quote author=Antarctica link=topic=17546.msg178728#msg178728 date=1214861268]
I want to try to add UDP support for a program that routes the Starcraft's connection through a vb6 program.  How do I use the UDP protocol for this?  I have no idea how to use the Bind command.  Please help.

Here's what i have for the two bind commands (sckMainUDP will connect to starcraft, sckBNETUDP will connect to Bnet)
[code]
sckMainUDP.Bind "6112", "127.0.0.1"
sckBNETUDP.Bind
[/code]
[/quote]

lol.  try setting the address to the b.net server and dont use a port already in use
July 4, 2008, 9:15 AM

Search