| Author | Message | Time |
|---|---|---|
| Fatalshrooms | I'm learning about packet's and I thought a good place to start was to create a BNET bot. I'm using c++. So far I've established a connection with the server, and made some packet transactions: [code] C > S [0x50] SID_AUTH_INFO S > C [0x25] SID_PING S > C [0x50] SID_AUTH_INFO C > S [0x25] SID_PING (Optional) C > S [0x51] SID_AUTH_CHECK [/code] I'm at a point that seems to be an obvious problem for noobs like me ;D. C > S [0x51] SID_AUTH_CHECK. Here's the contents of the packet for reference: [code] (DWORD) Client Token (DWORD) EXE Version (DWORD) EXE Hash (DWORD) Number of CD-keys in this packet (BOOLEAN) Spawn CD-key For Each Key: (DWORD) Key Length (DWORD) CD-key's product value (DWORD) CD-key's public value (DWORD) Unknown (0) (DWORD) [5] Hashed Key Data (STRING) Exe Information (STRING) CD-Key owner name * [/code] I have spent a day reading and I know what I need to do, I just dont know how to do it. So I can either get this information by 1)passing some of the s>c 0x50 packets data into a checkrevision() function. I'm guessing its located in storm.dll or something. That seems to be the harder way. 2)passing some of the s>c 0x50 packets data to a c>s BNLS_VERSIONCHECKEX2 transmission. This seems to be the easy way. While trying method two I seem to always trip something with the server and get my IP temporarily banned. Here's some of my packet data: [code] C>S 0x50 ff 50 3a 00 00 00 00 00 36 38 .P :.....68 0040 58 49 50 58 33 57 18 00 00 00 53 55 6e 65 00 00 XIPX3W.. ..SUne.. 0050 00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 53 ........ ......US 0060 41 00 55 6e 69 74 65 64 20 53 74 61 74 65 73 00 A.United States. S>C 0x50 ff 50 e8 00 02 00 00 00 7a 99 .P ......z. 0040 53 53 8b a3 25 00 00 31 ef 00 70 5f c7 01 76 65 SS..%..1 ..p_..ve 0050 72 2d 49 58 38 36 2d 35 2e 6d 70 71 00 41 3d 32 r-IX86-5 .mpq.A=2 0060 32 33 37 35 36 36 38 36 31 20 42 3d 33 35 38 30 23756686 1 B=3580 0070 35 34 38 31 35 39 20 43 3d 33 39 35 39 35 37 38 548159 C =3959578 0080 39 35 31 20 34 20 41 3d 41 2b 53 20 42 3d 42 5e 951 4 A= A+S B=B^ 0090 43 20 43 3d 43 2b 41 20 41 3d 41 2d 42 00 43 02 C C=C+A A=A-B.C. 00a0 ed ce 9b 37 2d 12 22 9a 86 25 6f 7b 05 c9 7e 4a ...7-.". .%o{..~J 00b0 7d c6 76 23 90 03 97 95 7b c8 10 c6 78 e2 ec af }.v#.... {...x... 00c0 fb 3a 87 b3 29 f0 d5 d7 de df 33 17 c3 7c 5d 76 .:..)... ..3..|]v 00d0 0d cb 31 65 35 e5 94 75 c5 9a ea 37 b2 a6 87 cc ..1e5..u ...7.... 00e0 70 0a 77 af 53 07 3f b7 42 19 07 f8 23 4c d1 fd p.w.S.?. B...#L.. 00f0 5f a6 17 76 3a bf 63 5b cb 00 73 f6 2e c2 f4 eb _..v:.c[ ..s..... 0100 ea b5 7d cb e1 ab 90 f4 44 ed a7 01 f1 10 0d c3 ..}..... D....... 0110 5d 77 fa 9a 0c 5b a3 36 73 d5 b5 e1 f9 25 ]w...[.6 s....% C>S 0x1A (BNLS_VERSIONCHECKEX2) 67 00 1a 08 00 00 00 00 00 00 g. ........ 0040 00 00 00 00 00 00 31 ef 00 70 5f c7 01 76 65 72 ......1. .p_..ver 0050 2d 49 58 38 36 2d 35 2e 6d 70 71 00 00 3d 32 32 -IX86-5. mpq..=22 0060 33 37 35 36 36 38 36 31 20 42 3d 33 35 38 30 35 37566861 B=35805 0070 34 38 31 35 39 20 43 3d 33 39 35 39 35 37 38 39 48159 C= 39595789 0080 35 31 20 34 20 41 3d 41 2b 53 20 42 3d 42 5e 43 51 4 A=A +S B=B^C 0090 20 43 3d 43 2b 41 20 41 3d 41 2d 42 00 00 C=C+A A =A-B.. Response: D/C with a temporary IP ban [/code] I think I have the first byte totally wrong. I would be ok receiving the hashed data through checkrevision, I just dont know where to start... any help would be appreciated!!! SIDE NOTE: im new to forum so I dont know hoe to do the equivilent of <code>some code</code>, tell me and I will edit this post! ;) (EDITED TO FIX/align packets ty dale ;)) | January 25, 2010, 12:22 AM |
| dlStevens | replace the "<" and ">" with "[" and "]" no quotes... | January 25, 2010, 3:01 AM |
| BreW | [me=brew]facepalm[/me] no, bnls is a different server designed to help you retrieve the values you need for crafting the 0x51 packet you need to send. | January 25, 2010, 3:48 AM |
| Fatalshrooms | OMG... so i need a different IP/port? rofl im dumb, and would I be correct to assume that that server is made by a 3rd party? | January 25, 2010, 3:55 AM |
| Fatalshrooms | Hmm I think i will try to do some local hashing, sending my CD-Key to a 3rd party is pretty iffy rofl... | January 25, 2010, 4:25 AM |
| Sixen | [quote author=Fatalshrooms link=topic=18148.msg183997#msg183997 date=1264391731] [quote author=Fatalshrooms link=topic=18148.msg183998#msg183998 date=1264393546] OMG... so i need a different IP/port? rofl im dumb, and would I be correct to assume that that server is made by a 3rd party? [/quote] Hmm I think i will try to do some local hashing, sending my CD-Key to a 3rd party is pretty iffy rofl... [/quote] That's correct. Hashing would solve that problem, if you know how to do it. | January 25, 2010, 8:23 AM |
| BreW | [quote author=Fatalshrooms link=topic=18148.msg183998#msg183998 date=1264393546] Hmm I think i will try to do some local hashing, sending my CD-Key to a 3rd party is pretty iffy rofl... [/quote] You could mix and match the sources of your information for that packet. I would assume you would want to locally decode and hash your CDKey, while you retrieve the CheckRevision results from a BNLS server (yes, it is 3rd party). According to http://www.d3scene.com/forum/stealthbot-support/6828-bnls-servers.html (the first result on google) some current BNLS servers are: [quote]pyro.no-ip.biz jbls.org hdx.jbls.org haste.jbls.org funnel.jbls.org berz.jbls.org logon.berzerkerjbls.com sexydev.jbls.org bas.jbls.org bnls.valhallalegends.com[/quote] | January 25, 2010, 7:28 PM |
| rabbit | http://toshley.net/py/status.php | January 26, 2010, 3:57 AM |