Valhalla Legends Forums Archive | Battle.net Bot Development | [BNCS] SID_AUTH_CHECK [0x51]

AuthorMessageTime
mime
Hello, I have some questions about data of SID_AUTH_CHECK packet.

This packet have next arguments:
[code]
(DWORD) Client Token
(DWORD) EXE Version
(DWORD) EXE Hash
(DWORD) Number of keys in this packet
(BOOLEAN) Using Spawn (32-bit)
[/code]

How to learn this arguments?

How I understand, what ClientToke this simple random number? :)

And EXE Version the string of a format: "Diablo II 11/18/09 00:00:00 36864" ?

And how then to learn EXE Hash (simple way :)).

And last question..., if I use the my bot for not official  servers where there is no need in CD-keys what to specify in arguments "CD key" ? :)

Thanks.
November 18, 2009, 4:55 PM
Imperceptus
Are you familiar with how to use a packet capture utitlity? I would suggest Ethereal/Wireshark. Capture a session of you using one of the real clients then piece together what you need from there. 

Exe hashing, Search the forums... Its gotta be here somewhere.
November 18, 2009, 5:57 PM
Myndfyr
I suggest using the search term CheckRevision.  That's what goes into this packet.
November 18, 2009, 8:01 PM
HdxBmx27
The Client Token is a random number generated by your client, it is used to further randomize the encryption used on Battle.net, In short, Pick a random number, and use it for the eintire connection wherever 'Client Token' is referanced.

Exe Version is actually a DWORD, hence why it's labeled (DWORD).  This is retreived from the Exe, EXA if the file's version was 1.1.1 the DWORD would be: 0x01010001 (roughly)

The EXE Hash is calculated by running the 'CheckRevision' function that is in the DLL inside the MPQ that is sen't to you by battle.net in 0x50. But luckally people have reverse engineered that function so you don't have to! There are a few libraries out there that you can use to do this function: BNCSutil.dll, My Warden.dll, BNHash.dll etc...

The simplest way to get these values, is to use BNLS, BNLS will send you all of that information in S->C BNLS_VERSIONCHECKEX2 which you request with C-> BNLS_VERSIONCHECKEX2.

So basically, send BNLS everything you get in 0x50 and it will send you everything you need to send in 0x51

As for unofficial servers that 'dont need a cdkey' they still do, it just doesn't have to be a unbanned/real key. It just needs to decode properly.
November 18, 2009, 8:03 PM
mime
Hdx, MyndFyre, Imperceptus, thanks  for your answers.

I  received a version byte, version hash and statstring with BNLS. (S->C BNLS_VERSIONCHECKEX2).

I build and send SID_AUTH_CHECK packet, But I have problem in next packets :)

S -> C SID_AUTH_CHECK return:  0(success) , But SID_LOGONRESPONSE2 return 2 (ivalid password).

I dont know what the problem :(

Thanks.

My code:
[code]out.writeByte(0x01);
out.flush();


BNCSPacket packet = new BNCSPacket(PacketIDs.SID_AUTH_INFO);
packet.addDWord(0);
packet.addDWord(PlatformIDs.PLATFORM_IX86);
packet.addDWord(ProductIDs.D2XP);
packet.addDWord(BNLSCheckRevision.getVersionByte());
packet.addDWord(0);
packet.addDWord(0);
packet.addDWord(0);
packet.addDWord(0);
packet.addDWord(0);
packet.addNTString(Locale.getDefault().getISO3Country());
packet.addNTString(Locale.getDefault().getDisplayCountry());
out.write(packet.getBytes());
out.flush();


BNetInputStream receive = parse(in);
System.out.println("Ping:" + receive.readDWord());

receive = parse(in);
int logonType = receive.readWord();
int serverToken = receive.readDWord();
int udpValue = receive.readDWord();
long mpqFileTime = receive.readQWord();
String mpqFileName = receive.readNTString();
byte[] formula = receive.readNTBytes();

CheckRevisionResults revRes = BNLSCheckRevision.checkRevision(
(byte) 0x05, mpqFileName, mpqFileTime, formula);

int clientToken = Math.abs(new Random().nextInt());

BNCSPacket p = new BNCSPacket(PacketIDs.SID_AUTH_CHECK);
p.addDWord(clientToken);
p.addDWord(revRes.getVerhash());
p.addDWord(revRes.getChecksum());
p.addDWord(0);
p.addNtByteArray(revRes.getStatstring());
p.addDWord(0);
out.write(p.getBytes());
out.flush();

receive = parse(in);
System.out.println("SID_AUTH_CHECK result code: 0x" + Integer.toHexString(receive.readDWord()));
System.out.println(receive.readNTString());

BNCSPacket lp = new BNCSPacket(PacketIDs.SID_LOGONRESPONSE2);
lp.addDWord(clientToken);
lp.addDWord(serverToken);
int[] myPass = DoubleHash.doubleHash(password, clientToken,
serverToken);
for(int i = 0; i < 5; i++) {
            lp.addDWord(myPass[i]);
}
lp.addNTString(name);
out.write(lp.getBytes());
out.flush();

receive = parse(in);
System.out.println("SID_LOGONRESPONSE2 result code: 0x" + Integer.toHexString(receive.readDWord())); [/code]
November 19, 2009, 3:27 PM
HdxBmx27
You're not always garenteeded to get SID_PING before you get SID_AUTH_INFO
You should split your incoming packets and handel them based on ID.
What exactly is parse()?
And have you tried comparing the values you get for Client/Server tokens with a packetlog of the connection?
November 19, 2009, 3:33 PM
rabbit
That's great.  Thank you for posting the code you use to send SID_LOGONRESPONSE2 so we can help you.

O wait, you didn't.

Your problem is probably that you aren't hashing the password, or if you are, you're probably not double-hashing it like you need to be.  Or if you are double-hashing it, you're probably not using the same client token you used earlier.  I can say this with confidence because you have no idea how to use the language you are, let alone anything about the protocol.
November 19, 2009, 3:36 PM
mime
[quote author=rabbit link=topic=18117.msg183727#msg183727 date=1258644998]
That's great.  Thank you for posting the code you use to send SID_LOGONRESPONSE2 so we can help you.

O wait, you didn't.

Your problem is probably that you aren't hashing the password, or if you are, you're probably not double-hashing it like you need to be.  Or if you are double-hashing it, you're probably not using the same client token you used earlier.  I can say this with confidence because you have no idea how to use the language you are, let alone anything about the protocol.
[/quote]

You evil :(
I'm really newbie in bnet protocol and java network programming. Yes, I found javaop and bnutbot sources  and get there classes, But all rights saved.
I simply wished to write very simple bot what to check up myself here.

As I understand, my password, not hashed? And to use DoubleHash it is not correct?


2 Hdx:
SID_PING get before SID_ATH_INFO. So showing programlog....

Program log:
[code]Send game protocol byte.
Send SID_AUTH_INFO packet...
ProductID: 5
Version Byte: 11
Receive packet: 0x25
Ping:40379269
Receive packet: 0x50
Logon Type:0
Server token:1992884224
UdpValue:79238906
MPQ File Time: -2217295427437330432
MPQ File Name: �IX86ver1.mpq
Formula: [B@a20892
Start check revision
verhash: 0
checksum: 0
statstring: [B@1e0bc08
Generate clientToken...
ClientToken:1992642644

Send SID_AUTH_CHECK packet...
Receive packet: 0x51
SID_AUTH_CHECK result code:0

Send SID_LOGONRESPONSE2 packet...
Receive packet: 0x3a
SID_LOGONRESPONSE2 result code:2 [/code]

November 19, 2009, 5:41 PM
MyStiCaL
[code]
int[] myPass = DoubleHash.doubleHash(password, clientToken, serverToken);
[/code]

quick glance looks like he double hashed to me
November 19, 2009, 7:54 PM
rabbit
[quote author=mime link=topic=18117.msg183730#msg183730 date=1258652474]
[quote author=rabbit link=topic=18117.msg183727#msg183727 date=1258644998]
That's great.  Thank you for posting the code you use to send SID_LOGONRESPONSE2 so we can help you.

O wait, you didn't.

Your problem is probably that you aren't hashing the password, or if you are, you're probably not double-hashing it like you need to be.  Or if you are double-hashing it, you're probably not using the same client token you used earlier.  I can say this with confidence because you have no idea how to use the language you are, let alone anything about the protocol.
[/quote]

You evil :(
I'm really newbie in bnet protocol and java network programming. Yes, I found javaop and bnutbot sources  and get there classes, But all rights saved.
I simply wished to write very simple bot what to check up myself here.

As I understand, my password, not hashed? And to use DoubleHash it is not correct?


2 Hdx:
SID_PING get before SID_ATH_INFO. So showing programlog....

Program log:
[code]Send game protocol byte.
Send SID_AUTH_INFO packet...
ProductID: 5
Version Byte: 11
Receive packet: 0x25
Ping:40379269
Receive packet: 0x50
Logon Type:0
Server token:1992884224
UdpValue:79238906
MPQ File Time: -2217295427437330432
MPQ File Name: �IX86ver1.mpq
Formula: [B@a20892
Start check revision
verhash: 0
checksum: 0
statstring: [B@1e0bc08
Generate clientToken...
ClientToken:1992642644

Send SID_AUTH_CHECK packet...
Receive packet: 0x51
SID_AUTH_CHECK result code:0

Send SID_LOGONRESPONSE2 packet...
Receive packet: 0x3a
SID_LOGONRESPONSE2 result code:2 [/code]


[/quote]

I'm not evil, just blunt.  Anyway, you're not extracting the MPQ archive name properly.  That will cause problems.

[edit]
Now that I've looked over your code, I have a question: did you just copy the send routines to post, or is that how your actual code is?  If that's what the actual code is, you're not actually parsing response, you're just blindly sending packets.
November 19, 2009, 9:04 PM
HdxBmx27
Post a Proper PacketLog
And Post your entire code, we have things like pastebin for a reason.
November 19, 2009, 9:11 PM
mime
[quote]
Now that I've looked over your code, I have a question: did you just copy the send routines to post, or is that how your actual code is?  If that's what the actual code is, you're not actually parsing response, you're just blindly sending packets.
[/quote]

It not an actual code, it simply preparations what to check up working capacity of the found source codes.
Maybe  blindly sending... I followed this instruction http://www.bnetdocs.org/?op=doc&did=10

I badly understand as it works. Probably I dont have enough knowledge for bot writing. I will probably forget about it.

Thanks for spent time.
November 19, 2009, 10:24 PM
rabbit
That's not right.  Don't give up because I was being rude (which I admit I was).  What you need to do is read through whatever code you've got.  Try to understand what's going on.  And I just want to make sure you know that it is possible to learn a language the way you're doing it, but you need to do more reading before asking these kinds of questions.  And in case you don't believe me: the first project I did in VB6 was a binary bot, and the same for VB.Net (which, admittedly was easier because I already knew VB6 very well).
November 19, 2009, 10:41 PM
mime
[quote author=rabbit link=topic=18117.msg183744#msg183744 date=1258670514]
That's not right.  Don't give up because I was being rude (which I admit I was).  What you need to do is read through whatever code you've got.  Try to understand what's going on.  And I just want to make sure you know that it is possible to learn a language the way you're doing it, but you need to do more reading before asking these kinds of questions.  And in case you don't believe me: the first project I did in VB6 was a binary bot, and the same for VB.Net (which, admittedly was easier because I already knew VB6 very well).
[/quote]

Thanks for support!

I understand a few structure of a bot (and a few source codes) But badly I understand  binary network and  packet sending/capture  programms (wirechark, wpe etc... ) and bitwise operations...

You an experienced, tell that I should know to fully understand bot work and bnet protocol.

Thanks.
November 19, 2009, 11:40 PM
Imperceptus
my two cents man. Dont think that knowing how to program in vb6 makes you a competent programmer.  I use to think that... oy was I in for a shock.  vb.net is alot better if you take advantage of the new things you can achieve.  If I were you would visit the library or get an online subscription to a site like http://my.safaribooksonline.com/ and read.  I hated how people pointed to the books when I was like "but I know vb6 in and out"... but they were right. Theres alot of room to grow, take it slow and don't get discouraged. Nothing in life is free
November 19, 2009, 11:57 PM
PiaNKA
I think you could make the argument that knowing VB6 well does in fact make you a competent programmer.  As a programmer is someone who writes programs, knowing VB6 is a pretty easy way to accomplish that.  However, you could also make the argument that only knowing VB6 doesn't mean you're a competent developer;  where a developer is someone who can work as part of a team building robust applications and systems for real users.

Also, is competency judged simply by the frameworks, languages and paradigms you use?  Would a proficient assembly programmer be incompetent because they don't know how to use .NET?
November 20, 2009, 8:29 AM
Myndfyr
It doesn't matter, what platform you're on or what library you're using.  You can be a competent programmer in VB6, Java, C#, C++, C, Ada, Pascal, Python - the list goes on. 

However, it's a pretty commonplace perception that VB6 enables you to program without being competent, very easily.  It forgives you SO MUCH for pretty much anything that you do.

Now, that's not to say that you can't be incompetent and program in other languages.  It's just with VB6 being so widespread, it's gotten into the hands of a lot of stupid people, and their search to be able to get work done has ended up with them infecting the web with a lot of crappy code samples, that happen to function, but nobody knows why.
November 20, 2009, 6:06 PM
Myndfyr
An interesting quote I just read applies here:
[quote author=Joel Spolsky]A lot of programmers that you might interview these days are apt to consider recursion, pointers, and even data structures to be a silly implementation detail which has been abstracted away by today’s many happy programming languages. “When was the last time you had to write a sorting algorithm?” they snicker.

Still, I don’t really care. I want my ER doctor to understand anatomy, even if all she has to do is put the computerized defibrillator nodes on my chest and push the big red button, and I want programmers to know programming down to the CPU level, even if Ruby on Rails does read your mind and build a complete Web 2.0 social collaborative networking site for you with three clicks of the mouse.
[/quote]

Source: http://www.joelonsoftware.com/articles/GuerrillaInterviewing3.html
November 20, 2009, 7:12 PM
Imperceptus
I had to write a jagged sort from scratch a few weeks ago. god it was a nightmare. works but jeeeez
November 20, 2009, 8:00 PM
mime
Hello :)

I have questions again...

What to specify in the field cd-key in SID_AUTH_CHECK packet if I play a piracy server and I have no cd-key?

I wrote:
[code]packet = new BNetPacket(PacketIDs.SID_AUTH_CHECK);
packet.addDWord(clientToken);
packet.addDWord(results.getVerhash());
packet.addDWord(results.getChecksum());
packet.addDWord(0);
packet.addDWord(results.getChecksum());
packet.addString("");
logger.info("\n" + packet);
out.write(packet.getBytes());
out.flush();[/code]


How correctly to specify the password in SID_LOGONRESPONSE2?

I wrote:
[code]packet = new BNetPacket(PacketIDs.SID_LOGONRESPONSE2);
packet.addDWord(clientToken);
packet.addDWord(serverToken);
int[] myPass = DoubleHash.doubleHash(password, clientToken, serverToken);
for (int i = 0; i < 5; i++)
    packet.addDWord(myPass[i]);
packet.addNTString(name);
logger.info("\n" + packet);
out.write(packet.getBytes());
out.flush(); [/code]

My program log:
[code]
23.11.2009 0:13:07 bot.core.Bot main
INFO: Create socket and I/O streams...
23.11.2009 0:13:07 bot.core.Bot main
INFO: Send game protocol byte
23.11.2009 0:13:07 bot.core.Bot main
INFO: Build SID_AUTH_INFO packet...
23.11.2009 0:13:07 bot.core.Bot main
INFO: Get version byte...
23.11.2009 0:13:07 bot.core.Bot main
INFO: Version byte=12
23.11.2009 0:13:07 bot.core.Bot main
INFO:
Buffer contents:
ff 50 33 00 00 00 00 00 36 38 58 49 50 58 32 44 .P3.....68XIPX2D
0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 52 55 53 00 20 3e 41 41 ........RUS. >AA
38 4f 00                                        8O.
Length: 51

23.11.2009 0:13:07 bot.core.Bot main
INFO: Sent!
23.11.2009 0:13:07 bot.core.Bot main
INFO: Read response...
23.11.2009 0:13:07 bot.core.Bot main
INFO: Receive packet: 0x25
23.11.2009 0:13:07 bot.core.Bot main
INFO:
Buffer contents:
ff 25 08 00 2a 10 07 04                          .%..*...
Length: 8

23.11.2009 0:13:07 bot.core.Bot main
INFO: Receive packet: 0x50
23.11.2009 0:13:07 bot.core.Bot main
INFO:
Buffer contents:
ff 50 65 00 00 00 00 00 61 4d 33 68 ef 02 00 00 .Pe.....aM3h....
80 75 8e 95 3a e1 c3 01 49 58 38 36 76 65 72 31 .u..:...IX86ver1
2e 6d 70 71 00 41 3d 33 38 34 35 35 38 31 36 33 .mpq.A=384558163
34 20 42 3d 38 38 30 38 32 33 35 38 30 20 43 3d 4 B=880823580 C=
31 33 36 33 39 33 37 31 30 33 20 34 20 41 3d 41 1363937103 4 A=A
2d 53 20 42 3d 42 2d 43 20 43 3d 43 2d 41 20 41 -S B=B-C C=C-A A
3d 41 2d 42 00                                  =A-B.
Length: 101

23.11.2009 0:13:07 bot.core.Bot main
INFO:
Values:
LogonType=0
serverToken=1748192609
udpValue=751
pqFileTim=e127192856230000000
mpqFileName=IX86ver1.mpq
formula=[B@2808b3
23.11.2009 0:13:07 bot.core.Bot main
INFO: Generate clientToken...
23.11.2009 0:13:07 bot.core.Bot main
INFO: clientToken=-1459806719
23.11.2009 0:13:07 bot.core.Bot main
INFO: Start check revison...
23.11.2009 0:13:08 bot.core.Bot main
INFO:
verhash=1
checksum=16780288
staststring=[B@503429
23.11.2009 0:13:08 bot.core.Bot main
INFO:
Buffer contents:
ff 51 18 00 01 1e fd a8 01 00 00 00 00 0c 00 01 .Q..............
00 00 00 00 00 0c 00 01                          ........
Length: 24

23.11.2009 0:13:08 bot.core.Bot main
INFO: Receive packet: 0x51
23.11.2009 0:13:08 bot.core.Bot main
INFO:
Buffer contents:
ff 51 09 00 01 01 00 00 00                      .Q.......
Length: 9

23.11.2009 0:13:08 bot.core.Bot main
INFO: Result:257
01 1e fd a8 61 4d 33 68 e7 a2 73 23 92 f3 ad ec ....aM3h..s#....
1c 16 ac 4a 9f 2c 23 b4 96 7b 59 98              ...J.,#..{Y.
Length: 28

23.11.2009 0:13:08 bot.core.Bot main
INFO:
Buffer contents:
ff 3a 29 00 01 1e fd a8 61 4d 33 68 37 49 6d 19 .:).....aM3h7Im.
7f 38 f2 2c e2 3f 23 d6 80 c0 99 2f db 4a 87 48 8.,.?#..../.J.H
64 72 75 67 66 72 65 65 00                      drugfree.
Length: 41

23.11.2009 0:13:08 bot.core.Bot main
INFO: Receive packet: 0x3a
23.11.2009 0:13:08 bot.core.Bot main
INFO:
Buffer contents:
ff 3a 29 00 01 1e fd a8 61 4d 33 68 37 49 6d 19 .:).....aM3h7Im.
7f 38 f2 2c e2 3f 23 d6 80 c0 99 2f db 4a 87 48 8.,.?#..../.J.H
64 72 75 67 66 72 65 65 00                      drugfree.
Length: 41

23.11.2009 0:13:08 bot.core.Bot main
INFO: Result:a8fd1e01
[/code]


Please help!
November 22, 2009, 10:15 PM
rabbit
First: any password that passes install checks will work on 3rd part servers.

Second:[code] packet.addDWord(results.getChecksum());
packet.addDWord(0);
packet.addDWord(results.getChecksum());[/code] Why are you inserting results.getChecksum() twice?

Third: I don't know what library you're using for your hashing, but it looks fine?
November 23, 2009, 12:37 AM
mime
[quote]
First: any password that passes install checks will work on 3rd part servers.
[/quote]
I do not understand, it is possible more in detail?

[quote]
Second:[code] packet.addDWord(results.getChecksum());
packet.addDWord(0);
packet.addDWord(results.getChecksum());[/code] Why are you inserting results.getChecksum() twice?
[/quote]
[code]
packet = new BNetPacket(PacketIDs.SID_AUTH_CHECK);
packet.addDWord(clientToken);
packet.addDWord(results.getVerhash());
packet.addDWord(results.getChecksum());
packet.add(0); // CD-key
packet.addNtByteArray(results.getStatstring());
packet.addNTString(""); // username
logger.info("\n" + packet);
out.write(packet.getBytes());
out.flush();
[/code]

[quote]
Third: I don't know what library you're using for your hashing, but it looks fine?
[/quote]
I'm use this classes for hashing :
http://code.google.com/p/jbls2/source/browse/#svn/trunk/JBLS/src/Hashing
November 23, 2009, 5:04 AM
mime
Hurrah!!!! I have come into a chat :)
November 23, 2009, 6:19 AM
HdxBmx27
1) Dear gone someone butchered JBLS more than Joe/I did!
2) Your password must be double hashes jsut like normal for fake servers as well as real ones
3) For CDKey, you need to send it a valid cdkey IIRC 3333333333333 works.
November 23, 2009, 6:24 AM
mime
[quote author=Hdx link=topic=18117.msg183759#msg183759 date=1258957454]
1) Dear gone someone butchered JBLS more than Joe/I did!
[/quote]
What?:) I do not understand :(
November 23, 2009, 9:53 AM
rabbit
[quote author=mime link=topic=18117.msg183760#msg183760 date=1258970019]
[quote author=Hdx link=topic=18117.msg183759#msg183759 date=1258957454]
1) Dear gone someone butchered JBLS more than Joe/I did!
[/quote]
What?:) I do not understand :(
[/quote]He said it's a hacked version of a hacked version of JBLS, and it sucks.
November 23, 2009, 4:22 PM
Camel
[quote author=Hdx link=topic=18117.msg183759#msg183759 date=1258957454]
3) For CDKey, you need to send it a valid cdkey IIRC 3333333333333 works.
[/quote]
To elaborate, it has to decode. It doesn't have to be accepted by [the real] Battle.net, or probably even have the right product ID.
November 23, 2009, 7:40 PM

Search