Hey there!

Recently I've written a battle.net bot in python which runs on my linux server 24/7.
At the moment I'm using BNLS to deal with the logon sequence. But since I want to be independet of the availability of the BNLS servers I want to do this stuff by hand as a second option.

I wrote my first battle.net bot in 2003(?) using C++ on a Windows machine. I remember that there was a library called BNCSUtil.dll which did some hashing stuff for me.

Since my new bot is running on a linux machine I am not able to use this .dll anymore so it seems I have to do write a python hashing module, which I would public when it's done of course.


[u]Now my questions:[/u]

1. (DWORD) EXE Hash
What does the battle.net excactly wants here? I remember that you originaly had to put the CRC32 hash of the Starcraft.exe file in here, but since some patch it is some value of the memory right!?

2. (DWORD) CD-key's public value
What is that? What does this "decoded cd-key" stuff mean? How to decode?

3. (DWORD) [5] Hashed Key Data

BnetDocs say:
[quote]
The data that should be hashed for 'Hashed Key Data' is:

  1. Client Token
  2. Server Token
  3. Key Product (from decoded CD key)
  4. Key Public (from decoded CD key)
  5. (DWORD) 0
  6. Key Private (from decoded CD key)
[/quote]

1. clear
2. clear
3. decded CD key? (Keyproduct = 0x01 for Starcraft?)
4./6. public,private? sounds like an asymmetric encryption


I know that the hasing is done by "broken sha-1".
I also know that the password is hashed twice but I don't know the right order.

it is like:

hashed_pw = bsha1(password)
double_hash = bsha1( ? + hashed_pw)
   
4. last but not least, how to deal with the MPQ-Version and the Formula?

Hello.

Can you share your bot lib, or whole bot?

You can watch any open source bot lib in language that you understand to get clear what you need to do. For example, BNCSUtil you mentioned.

AFAIK local crc32 calculation (aka lokal hashing) is useless - it doesn't work on battle.net, and on pvpgn you can make it much easier by placing values directly from versioncheck.conf. I almost never used bots on bnet, but i thing BNLS is your only option. Ask others to be sure.

As for starcraft,
HashPassword = bsha1(lowercase(pass))
DoubleHashPassword = bsha1(clienttoken . servertoken. HashPassword(pass))

Hashing cdkeys with external server is highly questional.
1. It can be easily made local. There were no changes in algorithm since ancient times.
2. Who knows what happens to CDKeys you send?

[quote author=xpeh link=topic=17998.msg183006#msg183006 date=1246544367]
Hello.

Can you share your bot lib, or whole bot?
[/quote]
It's not stable right now, so I still have to fix some things but I will release the source when its done. ;)


[quote]
You can watch any open source bot lib in language that you understand to get clear what you need to do. For example, BNCSUtil you mentioned.
[/quote]
LOL! I didn't know that BNCSutil is open source these days. When I looked a few years for it it wasn't. I found a c++ implementation which I will now convert to python.
When it's done I will realease the module here. ;)


[quote]
Hashing cdkeys with external server is highly questional.
1. It can be easily made local. There were no changes in algorithm since ancient times.
2. Who knows what happens to CDKeys you send?
[/quote]


Yea, thats another reason. I heard that some guy of a JBLS server has stolen CD-Keys by logging the traffic.

Can you upload your work to svn, even if it's beta?

Or just give me a link :)

Btw dont ask me how to auth on Bnet (0x51). Ask others. But i'm sure  that local hashing is outdated.

xeph, you're a moron, 'Local Hashing' can't be 'outdated'. Quit trying to get code from other people, and please stop posting.
ThePro:
BNCSutil is open source as is MBNCSutil and JBLS
If you want to work on it look at those three sources plus SkullSecurity, Lockdown Check Revision, It has a few other Bnet related pages.
neways to answer your questions.
[quote author=ThePro link=topic=17998.msg183005#msg183005 date=1246542692]1. (DWORD) EXE Hash
What does the battle.net excactly wants here? I remember that you originaly had to put the CRC32 hash of the Starcraft.exe file in here, but since some patch it is some value of the memory right!?[/quote] For lockdown it's the 1st dword of the final SHA1 digest. For older checkrevisions it's the final checksum.
[quote author=ThePro link=topic=17998.msg183005#msg183005 date=1246542692]2. (DWORD) CD-key's public value
What is that? What does this "decoded cd-key" stuff mean? How to decode?[/quote]
Depends on the style of CDKey you are trying to decode. Look at a few of the sources linked to above for there decoding functions. They are rather simple.
[quote author=ThePro link=topic=17998.msg183005#msg183005 date=1246542692]3. (DWORD) [5] Hashed Key Data

BnetDocs say:
[quote]
The data that should be hashed for 'Hashed Key Data' is:

  1. Client Token
  2. Server Token
  3. Key Product (from decoded CD key)
  4. Key Public (from decoded CD key)
  5. (DWORD) 0
  6. Key Private (from decoded CD key)
[/quote]

1. clear
2. clear
3. decded CD key? (Keyproduct = 0x01 for Starcraft?)
4./6. public,private? sounds like an asymmetric encryption[/quote]All 3 of those values are decoded from the cdkey themselves. Do a little research into cdkey decoding and it'll become clear.

[quote author=ThePro link=topic=17998.msg183005#msg183005 date=1246542692]I know that the hasing is done by "broken sha-1".
I also know that the password is hashed twice but I don't know the right order.

it is like:

hashed_pw = bsha1(password)
double_hash = bsha1( ? + hashed_pw)[/quote]
XSHA1(ClientToken, ServerToken, XSHA1(Password))

[quote author=ThePro link=topic=17998.msg183005#msg183005 date=1246542692]4. last but not least, how to deal with the MPQ-Version and the Formula?[/quote]
That again falls under check revision, simply take a look at the functions from the sources i've linked you to/said. CheckRevision as a concept is pretty simple to get:
The Client Receives a File name, and a Seed string [more accurate to call it seed values then formula because of lockdown] It then downloads the file, Calls a exported function inside of it called CheckRevivion() Passing it the seed values, That function return 3 values, 2 32-bit ints and 1 Null terminated string.

In your case you would pass them to your implementation of the functions as needed.

If you have questions on a particular aspect rather then 10 different ones :P I'd be more then happy to answer.

[quote author=Hdx link=topic=17998.msg183011#msg183011 date=1246580106]
xeph, you're a moron, 'Local Hashing' can't be 'outdated'.
[/quote]
I said extra - i'm not a specialist, since i dont use Bnet.

[quote author=Hdx link=topic=17998.msg183011#msg183011 date=1246580106]
Quit trying to get code from other people, and please stop posting.
[/quote]
Quit telling me what i have to do, unless you want to eat cocks for the rest of your life, stupid peace of shit.

[quote author=Hdx link=topic=17998.msg183011#msg183011 date=1246580106]
XSHA1(ClientToken, ServerToken, XSHA1(Password))
[/quote]
Don't you forget lowercase(), cockrider fag?

And write my nick properly next time, if such a fag like you with asshole diameter like metro tunnel can even copypaste.

LCase is NOT needed. The clients do it yes, But not doing so allows you to have case sensitive passwords, which is always a good thing. Having to copy/paste someone name is just fucking sad. And calling me a fag, how original, your parents must be proud. If you have something actually intelligent and helpful to post then go for it, Aside from that, fuck right off.

[quote author=Hdx link=topic=17998.msg183013#msg183013 date=1246603017]
LCase is NOT needed. The clients do it yes, But not doing so allows you to have case sensitive passwords, which is always a good thing.
[/quote]
How nice, you'll be unable to log on with your game client..

[quote author=Hdx link=topic=17998.msg183013#msg183013 date=1246603017]
Having to copy/paste someone name is just fucking sad. And calling me a fag, how original, your parents must be proud. If you have something actually intelligent and helpful to post then go for it, Aside from that, fuck right off.
[/quote]
So learn to write it properly without copy-paste.


[quote author=Hdx link=topic=17998.msg183013#msg183013 date=1246603017]
And calling me a fag, how original, your parents must be proud.
[/quote]
I'm really sure you are one. Do you actually go to kidergarten or already to school?

[quote author=Hdx link=topic=17998.msg183013#msg183013 date=1246603017]
If you have something actually intelligent and helpful to post then go for it, Aside from that, fuck right off.
[/quote]
If i need someone to make me blowjob, then you are welcome to open your mouth. Otherwise, please shut the fuck up, unless you need to get your shoulder toilet bowl to be filled, guess with what. If you still haven't undestood, i dont care about your stupid word diarrhea that you smear all over this thread.

[quote author=Hdx]
xeph, you're a moron, 'Local Hashing' can't be 'outdated'. Quit trying to get code from other people, and please stop posting.
[/quote]
I think he wanted to say, that local hashing isn't usual this days, because everyone uses BNLS/JBLS.

[quote author=xpeh]
How nice, you'll be unable to log on with your game client..
[/quote]
This dont have to be a disadvantage. If you never plan to use a specific account with a blizzard client then it is a very good idea to choose a case sensitive password because only people hwo use 3rd party clients would be able to get your account by guessing your password, what increases the security alot.

[quote author=Hdx]
If you have questions on a particular aspect rather then 10 different ones Tongue I'd be more then happy to answer.
[/quote]
Good to know, I will keep that in mind. :)
This are my first questions:

1. Arent you the guy hwo made this JBLS server?
2. If yes, will you add Warden support to JBLS?
3. What happend to JBLS.org, it seems to be down!?

[quote author=ThePro link=topic=17998.msg183017#msg183017 date=1246664818]I think he wanted to say, that local hashing isn't usual this days, because everyone uses BNLS/JBLS.[/quote] Thats irrelevant, 'Local Hashing' can't be outdated.
[quote author=ThePro link=topic=17998.msg183017#msg183017 date=1246664818]This dont have to be a disadvantage. If you never plan to use a specific account with a blizzard client then it is a very good idea to choose a case sensitive password because only people hwo use 3rd party clients would be able to get your account by guessing your password, what increases the security alot.[/quote]I personally have my main account use a case sensitive password, and then have my gaming accounts which do not have access to any bots use the normal lased() passwords.
[quote author=ThePro link=topic=17998.msg183017#msg183017 date=1246664818]Good to know, I will keep that in mind. :)
This are my first questions:

1. Arent you the guy hwo made this JBLS server?
2. If yes, will you add Warden support to JBLS?
3. What happend to JBLS.org, it seems to be down!?[/quote]1) Yes, along with TheFool, Ron, etc.
2) No, I will not, atleast not anytime soon, It's written in Java which can not run Raw machiene code which is currently the only way to handle Warden.
3) The website is gone, never actually put anything on it so meh. But the server itself is running fine, just use it as a JBLS server.

[quote author=Hdx link=topic=17998.msg183018#msg183018 date=1246665462]
3) The website is gone, never actually put anything on it so meh. But the server itself is running fine, just use it as a JBLS server.
[/quote]

Throw up an index.html and put a little info on there imo.

"Server Status:"
"Current Server Time:"
"Number of connections:"
"Uptime:"
<Link to JBLS Tech Forums on sb.net>

[quote author=Sixen link=topic=17998.msg183019#msg183019 date=1246681643]Throw up an index.html and put a little info on there imo.

"Server Status:"
"Current Server Time:"
"Number of connections:"
"Uptime:"
<Link to JBLS Tech Forums on sb.net>[/quote]It's hosted on Ron's box, which the web page *should* show www.x86Labs.org So putting up a temp site won't work, and Theres no simple way to redirect things based on port :/ *wishes DNS resolution could be determined by port :(*

[quote author=ThePro link=topic=17998.msg183017#msg183017 date=1246664818]
[quote author=xpeh]
How nice, you'll be unable to log on with your game client..
[/quote]
This dont have to be a disadvantage. If you never plan to use a specific account with a blizzard client then it is a very good idea to choose a case sensitive password because only people hwo use 3rd party clients would be able to get your account by guessing your password, what increases the security alot.
[/quote]
ORLY? Select 6+ character letter-digit non-dictionary password, and it's highly questionally that it can be bruteforced. You dont need to break compability for this. Releasing this in public library is incompetent, since most users dont know about this issue, and those, who are bruteforcing other's passwords, can know about it.
If you are emulating battle.net clients, emulate them properly.

So is there a library that gives up-to-date working local hashing for battle.net?

Its the actual text box itself that limits the characters to lower case IIRC. But anyways I *thought* this type of crap was common knowledge for people who actual knew anything about writing bots.

I am all for emulating things properly [i'm pretty sure you aren't doing the same EXACT things the games do as that's a bitch], but, this is a developers choice, If you're actually gunna have a 'hash password' function in whatever you're making, you might want to have both lcase and non. BUT if you do it as you *should* and simply have a XSHA1 class and let the bot programmer deal with utilizing it themselves, then this is a moot issue.

Becider digest class you will have HashPassword() and DoubleHashPassword(), and they will handle with passwords directly.

[quote author=Hdx link=topic=17998.msg183022#msg183022 date=1246685598]
But anyways I *thought* this type of crap was common knowledge for people who actual knew anything about writing bots. [/quote]
You are wrong in your opinion. After using some of bots (especially written in VB) i had a strong feeling most of them wrote a bot as their second program directly after helloworld, the rest - 3rd or 4th.

And the meaning of the library is to help people knowing less about bnet (but programming language knowing is still needed :D) to write bnet bots.

You can even use sha1 insteand of bsha1, or any other hash that gives 20-byte result. Or append random string to the password before hashing. So nobody will able to login using any other program that you used. Isn't it nice?

[quote author=xpeh link=topic=17998.msg183023#msg183023 date=1246693165]Becider digest class you will have HashPassword() and DoubleHashPassword(), and they will handle with passwords directly.[/quote]Yes, this is true, but in my opinion something such as this should not be included in the library itself. The lib should simply be a collection of the more difficult standard function.
Example, 'HashPassword' does not describe if its lcased, does not describe that it is xsha1 [as opposed to NLS] or anything of the like. Something like that is my personal opinion, which i am entitled to and can express, you may disagree which is all fine for you. It's all up to whomever actually creates the library. I honestly don't care as I won't be using it [I don't use python]

[quote author=xpeh link=topic=17998.msg183023#msg183023 date=1246693165]You are wrong in your opinion. After using some of bots (especially written in VB) i had a strong feeling most of them wrote a bot as their second program directly after helloworld, the rest - 3rd or 4th.[/quote]The people doing this are wrong. They should stop it, stop it right now!
You should know the basics of network programming, encryption, and the battle.net protocol [its not like its hard to find] before even attempting to write a bot.

[quote author=xpeh link=topic=17998.msg183023#msg183023 date=1246693165]And the meaning of the library is to help people knowing less about bnet (but programming language knowing is still needed :D) to write bnet bots.[/quote] True, In a sense. People are still in the mindset of CSB, they want everything done for them and this simply shouldnt be the case. Implementing XSHA1 password hashing yourself with a proper XSHA1 library takes like 8 lines of code.
psudo-code:
[code]Dim ctx as XSHA1
Dim digest[16] as byte
digest = ctx.digest(lcase(password))
ctx.update(client token)
ctx.update(server token)
digest = ctx.digest(digest)
ctx.cleanup()
return digest[/code]
Not that difficult, and anyone who gets annoied at having to implement that them selves are jsut lazy :/ But thats my opinion.
[quote author=xpeh link=topic=17998.msg183023#msg183023 date=1246693165]You can even use sha1 insteand of bsha1, or any other hash that gives 20-byte result. Or append random string to the password before hashing. So nobody will able to login using any other program that you used. Isn't it nice?[/quote]For the while password hashing no, you must use XSHA1, but you are correct you can use w/e the hell you want as the initial password hash, Blizzard does not care.
Point being with a properly exported utility [XSHA1] the actual functionality and how precise they want to emulate the client is up to the programmer themselves.

But, its a moot point as I have said above as all of this is simply my opinion and the final word on how things are implemented is solely defendant on whoever does the implementing [which I doubt will be you] and i really don't care, once again ThePro, if you need help feel free to ask.

thepro, i have been using the bncs lockdown revision on linux for quite some time, it works well on 32bit.
(and it doesnt compile in 64 bit sadly)
robs lockdown lib doesnt work in 64 bit either (https://davnit.net/bnet/vL/index.php?topic=17924.0)