Battle.net Bot Development | invalid game version

Author	Message	Time
aton	i tried to figure out my mistake for some hours now, but i dont get it: [code]resolving europe.battle.net...success connected to europe.battle.net snd SID_AUTH_INFO [15:39:22] [+] 52 bytes: 0000: ff 50 34 00 00 00 00 00 36 38 58 49 50 58 45 53 .P4.....68XIPXES 0010: d1 00 00 00 45 44 65 64 00 00 00 00 00 00 00 00 ....EDed........ 0020: 00 00 00 00 00 00 00 00 44 45 55 00 47 65 72 6d ........DEU.Germ 0030: 61 6e 79 00 any. datalen: 8, packet: 8 single packet! parsing packet of 8 bytes [15:39:22] [+] 8 bytes: 0000: ff 25 08 00 dc 7e a2 8d .%...~.. recvd SID_PING (0x25) snd SID_PING (0x25) datalen: 62, packet: 62 single packet! parsing packet of 62 bytes [15:39:22] [+] 62 bytes: 0000: ff 50 3e 00 00 00 00 00 e4 23 47 b1 1c 3c 05 00 .P>......#G..<.. 0010: 00 f8 0b ce 72 fc c6 01 6c 6f 63 6b 64 6f 77 6e ....r...lockdown 0020: 2d 49 58 38 36 2d 30 38 2e 6d 70 71 00 a7 70 28 -IX86-08.mpq..p( 0030: d8 4c f2 dd d8 0c 6f ea e7 4e 4d c1 49 00 .L....o..NM.I. recv SID_AUTH_INFO (0x50) ix86verfname: lockdown-IX86-08.mpq valuestring: a77028d84cf2ddd8c6feae74e4dc149 extracted number: 8 calculating revision checksum from "hashfiles/lockdown-IX86-08.dll"... 8e70b007 version: 10f0201 digest: e4545c97e1fd524a582f4ccc5c5d3dc9 decoding cdkey... snd SID_AUTH_CHECK (0x51) [15:39:24] [+] 108 bytes: 0000: ff 51 6c 00 de ad be ef 01 00 0b 00 07 b0 70 8e .Ql...........p. 0010: 01 00 00 00 00 00 00 00 0d 00 00 00 02 00 00 00 ................ 0020: 01 69 31 00 00 00 00 00 97 a5 b5 59 cd 47 40 f0 .i1........Y.G@. 0030: 0f 92 1f 4b 06 35 e2 9f d5 e0 c2 d2 73 74 61 72 ...K.5......star 0040: 63 72 61 66 74 2e 65 78 65 20 31 36 2f 30 37 2f craft.exe 16/07/ 0050: 30 38 20 31 37 3a 34 35 3a 32 37 20 31 32 32 30 08 17:45:27 1220 0060: 36 30 38 00 63 68 69 6e 2e 66 75 00 608.chin.fu. datalen: 9, packet: 9 single packet! parsing packet of 9 bytes [15:39:24] [+] 9 bytes: 0000: ff 51 09 00 01 01 00 00 00 .Q....... recvd SID_AUTH_CHECK (0x51) [15:39:24] [X] error: bnetlogin() failed: invalid game version [/code] i am using bncsutil to do the key decoding and the lockdown library that rob posted	July 17, 2008, 1:44 PM
BreW	[quote author=UserLoser link=topic=17571.msg178947#msg178947 date=1216238060] SID_AUTH_CHECK looks like it's supplying wrong values for the file hash (string before CD-key owner name) [/quote] way to ignore ul... How are you getting your exe info string?	July 17, 2008, 2:26 PM
Barabajagal	"starcraft.exe 16/07/08 17:45:27 1220608" is not a lockdown result, it's a ver result. Here's a good snippet to help you with using rob's lockdown dll: [code] If InStr(LCase$(dllName), "ix86ver") > 0 Then 'Way Old CRet = CheckRevisionA(HashFiles(0), HashFiles(1), HashFiles(2), CRevRequest, EXEVersion, Checksum, CRevResult, dllName) ElseIf InStr(LCase$(dllName), "ver-ix86") > 0 Then 'D2/W3 CRet = CheckRevisionB(HashFiles(0), HashFiles(1), HashFiles(2), CRevRequest, EXEVersion, Checksum, CRevResult, dllName) Else 'Lockdown CRet = CheckRevisionEx(HashFiles(0), HashFiles(1), HashFiles(2), CRevRequest, EXEVersion, Checksum, CRevResult, SettingsFolder & "\Tmp\MPQs\" & dllName, vbNullString, HashFiles(3)) End If[/code]	July 17, 2008, 3:04 PM
aton	i just hardcoded the exe info into that packet... andi, i am using only the third of your possibilities: [code] if(!CheckRevision(fnames[0], fnames[1], fnames[2], valuestring, &version, &checksum, digest, ix86verfname, fnames[3])) [/code] fnames[0] is "Starcraft.exe" fnames[1] is "storm.dll" fnames[2] is "battle.snp" valuestring is a 16 byte hex value (from the 0x50 packet) version is the variable that will hold the version that checkrevision gives me checksum is the variable that will hold the checksum that checkrevision gives me digest ix86verfname is "lockdown-IX86-xx.dll" (from the 0x50 packet) fnames[3] is "STAR.bin" (screendump)	July 17, 2008, 3:47 PM
BreW	Well, that exe info string should be the "digest".	July 17, 2008, 5:04 PM
aton	ah, i didnt know that. this is what i have now, i insert the digest instead of my selfmade string: [code]resolving europe.battle.net...success connected to europe.battle.net snd SID_AUTH_INFO [00:18:42] [+] 52 bytes: 0000: ff 50 34 00 00 00 00 00 36 38 58 49 50 58 45 53 .P4.....68XIPXES 0010: d1 00 00 00 45 44 65 64 00 00 00 00 00 00 00 00 ....EDed........ 0020: 00 00 00 00 00 00 00 00 44 45 55 00 47 65 72 6d ........DEU.Germ 0030: 61 6e 79 00 any. datalen: 8, packet: 8 single packet! parsing packet of 8 bytes [00:18:42] [+] 8 bytes: 0000: ff 25 08 00 ee c4 33 f0 .%....3. recvd SID_PING (0x25) snd SID_PING (0x25) datalen: 62, packet: 62 single packet! parsing packet of 62 bytes [00:18:42] [+] 62 bytes: 0000: ff 50 3e 00 00 00 00 00 41 31 d8 54 da 70 06 00 .P>.....A1.T.p.. 0010: 00 52 6e d0 72 fc c6 01 6c 6f 63 6b 64 6f 77 6e .Rn.r...lockdown 0020: 2d 49 58 38 36 2d 30 39 2e 6d 70 71 00 18 0a 95 -IX86-09.mpq.... 0030: 4c e1 f1 d9 24 05 e3 41 75 56 31 4f 4c 00 L...$..AuV1OL. recv SID_AUTH_INFO (0x50) ix86verfname: lockdown-IX86-09.mpq valuestring: 18a954ce1f1d9245e3417556314f4c extracted number: 9 calculating revision checksum from "hashfiles/lockdown-IX86-09.dll"... f7c21f00 version: 10f0201 digest: 0a6e356a9df3a2ca4ed8620fcd69031002 decoding cdkey... snd SID_AUTH_CHECK (0x51) [00:18:43] [+] 86 bytes: 0000: ff 51 56 00 de ad be ef 01 00 0b 00 00 1f c2 f7 .QV............. 0010: 01 00 00 00 00 00 00 00 0d 00 00 00 02 00 00 00 ................ 0020: 01 69 31 00 00 00 00 00 17 ac e7 a2 89 b1 e8 6b .i1............k 0030: 05 db e3 a3 eb 9f 1a ac ff 06 5c 52 0a 6e 35 6a ..........\R.n5j 0040: 9d f3 a2 ca 4e d8 62 0f cd 69 03 10 02 00 63 68 ....N.b..i....ch 0050: 69 6e 2e 66 75 00 in.fu. datalen: 9, packet: 9 single packet! parsing packet of 9 bytes [00:18:43] [+] 9 bytes: 0000: ff 51 09 00 01 01 00 00 00 .Q....... recvd SID_AUTH_CHECK (0x51) [00:18:43] [X] error: bnetlogin() failed: invalid game version [/code] i still need the cdkey owner "chin.fu", right?	July 17, 2008, 10:20 PM
aton	ah i got it, my last mistake was a wrong exeVersion value. pkt_insertdword(&tcppacket, 0x0f010102); // exeVersion do i have to sniff this value for each patch? like the version byte?	July 17, 2008, 10:28 PM
Barabajagal	ExeVersion is already extracted in your code as "&version".	July 17, 2008, 10:44 PM
aton	ah! of course, thanks	July 17, 2008, 11:31 PM

Author

Message

Time

aton

i tried to figure out my mistake for some hours now, but i dont get it:

[code]resolving europe.battle.net...success
connected to europe.battle.net
snd SID_AUTH_INFO
[15:39:22] [+] 52 bytes:
0000: ff 50 34 00 00 00 00 00 36 38 58 49 50 58 45 53 .P4.....68XIPXES
0010: d1 00 00 00 45 44 65 64 00 00 00 00 00 00 00 00 ....EDed........
0020: 00 00 00 00 00 00 00 00 44 45 55 00 47 65 72 6d ........DEU.Germ
0030: 61 6e 79 00 any.

datalen: 8, packet: 8
single packet!
parsing packet of 8 bytes
[15:39:22] [+] 8 bytes:
0000: ff 25 08 00 dc 7e a2 8d .%...~..

recvd SID_PING (0x25)
snd SID_PING (0x25)
datalen: 62, packet: 62
single packet!
parsing packet of 62 bytes
[15:39:22] [+] 62 bytes:
0000: ff 50 3e 00 00 00 00 00 e4 23 47 b1 1c 3c 05 00 .P>......#G..<..
0010: 00 f8 0b ce 72 fc c6 01 6c 6f 63 6b 64 6f 77 6e ....r...lockdown
0020: 2d 49 58 38 36 2d 30 38 2e 6d 70 71 00 a7 70 28 -IX86-08.mpq..p(
0030: d8 4c f2 dd d8 0c 6f ea e7 4e 4d c1 49 00 .L....o..NM.I.

recv SID_AUTH_INFO (0x50)
ix86verfname: lockdown-IX86-08.mpq
valuestring: a77028d84cf2ddd8c6feae74e4dc149
extracted number: 8
calculating revision checksum from "hashfiles/lockdown-IX86-08.dll"... 8e70b007
version: 10f0201
digest: e4545c97e1fd524a582f4ccc5c5d3dc9
decoding cdkey... snd SID_AUTH_CHECK (0x51)
[15:39:24] [+] 108 bytes:
0000: ff 51 6c 00 de ad be ef 01 00 0b 00 07 b0 70 8e .Ql...........p.
0010: 01 00 00 00 00 00 00 00 0d 00 00 00 02 00 00 00 ................
0020: 01 69 31 00 00 00 00 00 97 a5 b5 59 cd 47 40 f0 .i1........Y.G@.
0030: 0f 92 1f 4b 06 35 e2 9f d5 e0 c2 d2 73 74 61 72 ...K.5......star
0040: 63 72 61 66 74 2e 65 78 65 20 31 36 2f 30 37 2f craft.exe 16/07/
0050: 30 38 20 31 37 3a 34 35 3a 32 37 20 31 32 32 30 08 17:45:27 1220
0060: 36 30 38 00 63 68 69 6e 2e 66 75 00 608.chin.fu.

datalen: 9, packet: 9
single packet!
parsing packet of 9 bytes
[15:39:24] [+] 9 bytes:
0000: ff 51 09 00 01 01 00 00 00 .Q.......

recvd SID_AUTH_CHECK (0x51)
[15:39:24] [X] error: bnetlogin() failed: invalid game version
[/code]

i am using bncsutil to do the key decoding and the lockdown library that rob posted

July 17, 2008, 1:44 PM

BreW

[quote author=UserLoser link=topic=17571.msg178947#msg178947 date=1216238060]
SID_AUTH_CHECK looks like it's supplying wrong values for the file hash (string before CD-key owner name)
[/quote]
way to ignore ul...

How are you getting your exe info string?

July 17, 2008, 2:26 PM

Barabajagal

"starcraft.exe 16/07/08 17:45:27 1220608" is not a lockdown result, it's a ver result. Here's a good snippet to help you with using rob's lockdown dll:

[code] If InStr(LCase$(dllName), "ix86ver") > 0 Then 'Way Old
CRet = CheckRevisionA(HashFiles(0), HashFiles(1), HashFiles(2), CRevRequest, EXEVersion, Checksum, CRevResult, dllName)
ElseIf InStr(LCase$(dllName), "ver-ix86") > 0 Then 'D2/W3
CRet = CheckRevisionB(HashFiles(0), HashFiles(1), HashFiles(2), CRevRequest, EXEVersion, Checksum, CRevResult, dllName)
Else 'Lockdown
CRet = CheckRevisionEx(HashFiles(0), HashFiles(1), HashFiles(2), CRevRequest, EXEVersion, Checksum, CRevResult, SettingsFolder & "\Tmp\MPQs\" & dllName, vbNullString, HashFiles(3))
End If[/code]

July 17, 2008, 3:04 PM

aton

i just hardcoded the exe info into that packet...

andi, i am using only the third of your possibilities:
[code]
if(!CheckRevision(fnames[0], fnames[1], fnames[2], valuestring, &version, &checksum, digest, ix86verfname, fnames[3]))
[/code]

fnames[0] is "Starcraft.exe"
fnames[1] is "storm.dll"
fnames[2] is "battle.snp"
valuestring is a 16 byte hex value (from the 0x50 packet)
version is the variable that will hold the version that checkrevision gives me
checksum is the variable that will hold the checksum that checkrevision gives me
digest
ix86verfname is "lockdown-IX86-xx.dll" (from the 0x50 packet)
fnames[3] is "STAR.bin" (screendump)

July 17, 2008, 3:47 PM

BreW

Well, that exe info string should be the "digest".

July 17, 2008, 5:04 PM

aton

ah, i didnt know that. this is what i have now, i insert the digest instead of my selfmade string:

[code]resolving europe.battle.net...success
connected to europe.battle.net
snd SID_AUTH_INFO
[00:18:42] [+] 52 bytes:
0000: ff 50 34 00 00 00 00 00 36 38 58 49 50 58 45 53 .P4.....68XIPXES
0010: d1 00 00 00 45 44 65 64 00 00 00 00 00 00 00 00 ....EDed........
0020: 00 00 00 00 00 00 00 00 44 45 55 00 47 65 72 6d ........DEU.Germ
0030: 61 6e 79 00 any.

datalen: 8, packet: 8
single packet!
parsing packet of 8 bytes
[00:18:42] [+] 8 bytes:
0000: ff 25 08 00 ee c4 33 f0 .%....3.

recvd SID_PING (0x25)
snd SID_PING (0x25)
datalen: 62, packet: 62
single packet!
parsing packet of 62 bytes
[00:18:42] [+] 62 bytes:
0000: ff 50 3e 00 00 00 00 00 41 31 d8 54 da 70 06 00 .P>.....A1.T.p..
0010: 00 52 6e d0 72 fc c6 01 6c 6f 63 6b 64 6f 77 6e .Rn.r...lockdown
0020: 2d 49 58 38 36 2d 30 39 2e 6d 70 71 00 18 0a 95 -IX86-09.mpq....
0030: 4c e1 f1 d9 24 05 e3 41 75 56 31 4f 4c 00 L...$..AuV1OL.

recv SID_AUTH_INFO (0x50)
ix86verfname: lockdown-IX86-09.mpq
valuestring: 18a954ce1f1d9245e3417556314f4c
extracted number: 9
calculating revision checksum from "hashfiles/lockdown-IX86-09.dll"... f7c21f00
version: 10f0201
digest: 0a6e356a9df3a2ca4ed8620fcd69031002
decoding cdkey... snd SID_AUTH_CHECK (0x51)
[00:18:43] [+] 86 bytes:
0000: ff 51 56 00 de ad be ef 01 00 0b 00 00 1f c2 f7 .QV.............
0010: 01 00 00 00 00 00 00 00 0d 00 00 00 02 00 00 00 ................
0020: 01 69 31 00 00 00 00 00 17 ac e7 a2 89 b1 e8 6b .i1............k
0030: 05 db e3 a3 eb 9f 1a ac ff 06 5c 52 0a 6e 35 6a ..........\R.n5j
0040: 9d f3 a2 ca 4e d8 62 0f cd 69 03 10 02 00 63 68 ....N.b..i....ch
0050: 69 6e 2e 66 75 00 in.fu.

datalen: 9, packet: 9
single packet!
parsing packet of 9 bytes
[00:18:43] [+] 9 bytes:
0000: ff 51 09 00 01 01 00 00 00 .Q.......

recvd SID_AUTH_CHECK (0x51)
[00:18:43] [X] error: bnetlogin() failed: invalid game version
[/code]

i still need the cdkey owner "chin.fu", right?

July 17, 2008, 10:20 PM

aton

ah i got it, my last mistake was a wrong exeVersion value.

pkt_insertdword(&tcppacket, 0x0f010102); // exeVersion

do i have to sniff this value for each patch? like the version byte?

July 17, 2008, 10:28 PM

Barabajagal

ExeVersion is already extracted in your code as "&version".

July 17, 2008, 10:44 PM

aton

ah! of course, thanks

July 17, 2008, 11:31 PM

Valhalla Legends Forums Archive | Battle.net Bot Development | invalid game version - log included