| Author | Message | Time |
|---|---|---|
| MesiaH | I recently bought the SC/BW anthrology at wal mart for 20 bucks, and tried to use it's new 26 char alpha numeric cdkey on a few bots. Ipbanned on every single one. Mirage, Stealth, My own.. I havn't logged the client yet to see if anything different is taking place (i wouldn't be able to tell probably anyways, im no good at reading encoded stuff), but the client works just fine.. Can anybody else comfirm that battle.net has NOT changed anything reguarding hashing new sc anthrology keys?? | February 11, 2010, 9:32 PM |
| MysT_DooM | its using the war3 algo for the keys | February 11, 2010, 11:38 PM |
| HdxBmx27 | I took a look at it and it hasn't changed anything in the algo seince before and after anthology keys were introduced, but some of the 'new' keys the online store is generating are being decoded improperly by all of our implementations of the function. I dont have the tools to look into it much, but the public and product are being decoded fine iirc, its either the private, or the hash. | February 12, 2010, 6:47 PM |
| Ringo | *shrugs* I did the w3 cdkey decode from BW battle.snp some months ago, altho it looks pretty raw still, but works iirc. Id be interested to hear if this works with out fail or not. Assuming ur standard SHA1 hashing the key, I would have thought it should be fine. Idk if this helps anyway or not, figured id post it anyway, before I forget about it. [code] Private byte_1903A720(255) As Byte Private byte_1903A540(479) As Byte Private m_W3Init As Boolean Public Function DecodeW3Key(ByRef sKey As String, _ ByRef lProduct As Long, _ ByRef lPublic As Long, _ ByRef lPrivate As Long) As Boolean Dim bKey() As Byte Dim var_44(3) As Long Dim var_34(51) As Byte If (Not Len(sKey) = 26) Then Exit Function If (m_W3Init = False) Then Call InitKeyTables m_W3Init = True bKey = StrConv(sKey, vbFromUnicode) Call sub_19003B10(bKey(), var_34()) For i = 51 To 0 Step -1 Call sub_19003AD0(4, 5, var_44(), var_34(i)) Next i Call sub_19003E40(var_44()) Call sub_19003B70(var_44()) lProduct = RS(var_44(0), 10&) lPublic = LS((var_44(0) And &H3FF&), 16) Or RS(var_44(1), 16) Call CopyMemory(ByVal VarPtr(lPrivate) + 0, var_44(1), 2) Call CopyMemory(ByVal VarPtr(lPrivate) + 2, var_44(2), 8) DecodeW3Key = True End Function Private Sub InitKeyTables() Call FillByteArray(byte_1903A720(), _ &HFF, &HFF, &HFF, &HFF, &HFF, &HFF, &HFF, &HFF, &HFF, &HFF, &HFF, &HFF, &HFF, &HFF, &HFF, &HFF, _ &HFF, &HFF, &HFF, &HFF, &HFF, &HFF, &HFF, &HFF, &HFF, &HFF, &HFF, &HFF, &HFF, &HFF, &HFF, &HFF, _ &HFF, &HFF, &HFF, &HFF, &HFF, &HFF, &HFF, &HFF, &HFF, &HFF, &HFF, &HFF, &HFF, &HFF, &HFF, &HFF, _ &HFF, &HFF, &H0, &HFF, &H1, &HFF, &H2, &H3, &H4, &H5, &HFF, &HFF, &HFF, &HFF, &HFF, &HFF, _ &HFF, &HFF, &H6, &H7, &H8, &H9, &HA, &HB, &HC, &HFF, &HD, &HE, &HFF, &HF, &H10, &HFF, _ &H11, &HFF, &H12, &HFF, &H13, &HFF, &H14, &H15, &H16, &H17, &H18, &HFF, &HFF, &HFF, &HFF, &HFF, _ &HFF, &HFF, &H6, &H7, &H8, &H9, &HA, &HB, &HC, &HFF, &HD, &HE, &HFF, &HF, &H10, &HFF, _ &H11, &HFF, &H12, &HFF, &H13, &HFF, &H14, &H15, &H16, &H17, &H18, &HFF, &HFF, &HFF, &HFF, &HFF, _ &HFF, &HFF, &HFF, &HFF, &HFF, &HFF, &HFF, &HFF, &HFF, &HFF, &HFF, &HFF, &HFF, &HFF, &HFF, &HFF, _ &HFF, &HFF, &HFF, &HFF, &HFF, &HFF, &HFF, &HFF, &HFF, &HFF, &HFF, &HFF, &HFF, &HFF, &HFF, &HFF, _ &HFF, &HFF, &HFF, &HFF, &HFF, &HFF, &HFF, &HFF, &HFF, &HFF, &HFF, &HFF, &HFF, &HFF, &HFF, &HFF, _ &HFF, &HFF, &HFF, &HFF, &HFF, &HFF, &HFF, &HFF, &HFF, &HFF, &HFF, &HFF, &HFF, &HFF, &HFF, &HFF, _ &HFF, &HFF, &HFF, &HFF, &HFF, &HFF, &HFF, &HFF, &HFF, &HFF, &HFF, &HFF, &HFF, &HFF, &HFF, &HFF, _ &HFF, &HFF, &HFF, &HFF, &HFF, &HFF, &HFF, &HFF, &HFF, &HFF, &HFF, &HFF, &HFF, &HFF, &HFF, &HFF, _ &HFF, &HFF, &HFF, &HFF, &HFF, &HFF, &HFF, &HFF, &HFF, &HFF, &HFF, &HFF, &HFF, &HFF, &HFF, &HFF, _ &HFF, &HFF, &HFF, &HFF, &HFF, &HFF, &HFF, &HFF, &HFF, &HFF, &HFF, &HFF, &HFF, &HFF, &HFF, &HFF) Call FillByteArray(byte_1903A540(), _ &H9, &H4, &H7, &HF, &HD, &HA, &H3, &HB, &H1, &H2, &HC, &H8, &H6, &HE, &H5, &H0, &H9, &HB, &H5, &H4, &H8, &HF, &H1, &HE, &H7, &H0, &H3, &H2, &HA, &H6, &HD, &HC, _ &HC, &HE, &H1, &H4, &H9, &HF, &HA, &HB, &HD, &H6, &H0, &H8, &H7, &H2, &H5, &H3, &HB, &H2, &H5, &HE, &HD, &H3, &H9, &H0, &H1, &HF, &H7, &HC, &HA, &H6, &H4, &H8, _ &H6, &H2, &H4, &H5, &HB, &H8, &HC, &HE, &HD, &HF, &H7, &H1, &HA, &H0, &H3, &H9, &H5, &H4, &HE, &HC, &H7, &H6, &HD, &HA, &HF, &H2, &H9, &H1, &H0, &HB, &H8, &H3, _ &HC, &H7, &H8, &HF, &HB, &H0, &H5, &H9, &HD, &HA, &H6, &HE, &H2, &H4, &H3, &H1, &H3, &HA, &HE, &H8, &H1, &HB, &H5, &H4, &H2, &HF, &HD, &HC, &H6, &H7, &H9, &H0, _ &HC, &HD, &H1, &HF, &H8, &HE, &H5, &HB, &H3, &HA, &H9, &H0, &H7, &H2, &H4, &H6, &HD, &HA, &H7, &HE, &H1, &H6, &HB, &H8, &HF, &HC, &H5, &H2, &H3, &H0, &H4, &H9, _ &H3, &HE, &H7, &H5, &HB, &HF, &H8, &HC, &H1, &HA, &H4, &HD, &H0, &H6, &H9, &H2, &HB, &H6, &H9, &H4, &H1, &H8, &HA, &HD, &H7, &HE, &H0, &HC, &HF, &H2, &H3, &H5, _ &HC, &H7, &H8, &HD, &H3, &HB, &H0, &HE, &H6, &HF, &H9, &H4, &HA, &H1, &H5, &H2, &HC, &H6, &HD, &H9, &HB, &H0, &H1, &H2, &HF, &H7, &H3, &H4, &HA, &HE, &H8, &H5, _ &H3, &H6, &H1, &H5, &HB, &HC, &H8, &H0, &HF, &HE, &H9, &H4, &H7, &HA, &HD, &H2, &HA, &H7, &HB, &HF, &H2, &H8, &H0, &HD, &HE, &HC, &H1, &H6, &H9, &H3, &H5, &H4, _ &HA, &HB, &HD, &H4, &H3, &H8, &H5, &H9, &H1, &H0, &HF, &HC, &H7, &HE, &H2, &H6, &HB, &H4, &HD, &HF, &H1, &H6, &H3, &HE, &H7, &HA, &HC, &H8, &H9, &H2, &H5, &H0, _ &H9, &H6, &H7, &H0, &H1, &HA, &HD, &H2, &H3, &HE, &HF, &HC, &H5, &HB, &H4, &H8, &HD, &HE, &H5, &H6, &H1, &H9, &H8, &HC, &H2, &HF, &H3, &H7, &HB, &H4, &H0, &HA, _ &H9, &HF, &H4, &H0, &H1, &H6, &HA, &HE, &H2, &H3, &H7, &HD, &H5, &HB, &H8, &HC, &H3, &HE, &H1, &HA, &H2, &HC, &H8, &H4, &HB, &H7, &HD, &H0, &HF, &H6, &H9, &H5, _ &H7, &H2, &HC, &H6, &HA, &H8, &HB, &H0, &HF, &H4, &H3, &HE, &H9, &H1, &HD, &H5, &HC, &H4, &H5, &H9, &HA, &H2, &H8, &HD, &H3, &HF, &H1, &HE, &H6, &H7, &HB, &H0, _ &HA, &H8, &HE, &HD, &H9, &HF, &H3, &H0, &H4, &H6, &H1, &HC, &H7, &HB, &H2, &H5, &H3, &HC, &H4, &HA, &H2, &HF, &HD, &HE, &H7, &H0, &H5, &H8, &H1, &H6, &HB, &H9, _ &HA, &HC, &H1, &H0, &H9, &HE, &HD, &HB, &H3, &H7, &HF, &H8, &H5, &H2, &H4, &H6, &HE, &HA, &H1, &H8, &H7, &H6, &H5, &HC, &H2, &HF, &H0, &HD, &H3, &HB, &H4, &H9, _ &H3, &H8, &HE, &H0, &H7, &H9, &HF, &HC, &H1, &H6, &HD, &H2, &H5, &HA, &HB, &H4, &H3, &HA, &HC, &H4, &HD, &HB, &H9, &HE, &HF, &H6, &H1, &H7, &H2, &H0, &H5, &H8) End Sub Private Sub FillByteArray(ByRef bOut() As Byte, ParamArray bArray() As Variant) Dim i As Long For i = 0 To UBound(bArray) bOut(i) = CByte(bArray(i)) Next i End Sub Private Sub sub_19003B10(ByRef bKey() As Byte, ByRef bOut() As Byte) Dim i As Long Dim A As Long Dim B As Long B = 33& For i = 0& To 25& A = (B + 1973&) Mod 52& B = (A + 1973&) Mod 52& bOut(A) = byte_1903A720(bKey(i)) \ 5& bOut(B) = byte_1903A720(bKey(i)) Mod 5& Next i End Sub Private Function sub_19003AD0(ByVal lCount As Long, ByVal lMulti As Long, ByRef lOut() As Long, ByVal C As Long) As Long Dim i As Long Dim i64 As Double For i = (lCount - 1) To 0 Step -1 If (lOut(i) And &H80000000) Then i64 = CDbl(CDbl(lOut(i)) + 4294967296#) * CDbl(lMulti) Else i64 = CDbl(lOut(i)) * CDbl(lMulti) End If lOut(i) = WDbl(i64 + CDbl(C)) C = WDbl(i64 / 4294967296#) '>>32 If (lOut(i) And &H80000000) Then C = C - 1 Next i sub_19003AD0 = C End Function Private Sub sub_19003E40(ByRef lOut() As Long) Dim lHold As Long Dim i As Long Dim i2 As Long Dim lTmp As Long Dim lTmp2 As Long Dim lTmp3 As Long Dim lTmp16 As Long For i = 29& To 0& Step -1& lTmp2 = ((i And 7&) * 4&) And 255& lTmp3 = (3& - (i \ 8&)) lTmp16 = (i * 16) lHold = RS((lOut(lTmp3) And LS(15&, lTmp2)), lTmp2) 'For i2 = 29& To 0 Step -1& '//probly slower ' If (Not i2 = i) Then For i2 = 29& To (i + 1) Step -1& lTmp = ((i2 And 7&) * 4&) lHold = byte_1903A540((RS((lOut(3& - (i2 \ 8&)) And LS(15&, lTmp)), lTmp) Xor byte_1903A540(lHold + lTmp16)) + lTmp16) Next i2 For i2 = (i - 1) To 0 Step -1& lTmp = ((i2 And 7&) * 4&) lHold = byte_1903A540((RS((lOut(3& - (i2 \ 8&)) And LS(15&, lTmp)), lTmp) Xor byte_1903A540(lHold + lTmp16)) + lTmp16) Next i2 lOut(lTmp3) = (LS((byte_1903A540(lHold + lTmp16) And 15&), lTmp2) Or (Not (LS(&HF, lTmp2)) And lOut(lTmp3))) Next i End Sub Private Sub sub_19003B70(ByRef lOut() As Long) Dim i As Long Dim i2 As Long Dim lTmp As Long Dim lOld(3) As Long Call CopyMemory(lOld(0), lOut(0), 16&) For i = 0& To 119& lTmp = ((i * 11) Mod 120&) i2 = (3& - RS(i, 5)) lOut(i2) = (LS((RS((lOld((12 - LS(RS(lTmp, 5), 2)) / 4) And LS(1, (lTmp And 31&))), (lTmp And 31&)) And 1), (i And 31&)) Or (Not LS(1, (i And 31&)) And lOut(i2))) Next i End Sub Private Function RS(ByVal N As Long, ByVal S As Long) As Long 'right shift bits If (S < 0) Or (S > 31) Then RS = 0 ElseIf (S = 0) Then RS = N Else If ((N And &H80000000) = &H80000000) Then N = (N And &H7FFFFFFF) If (S = 31) Then 'stop over flow when shifting 31bits N = N / 2147483648# Else N = N \ (2 ^ S) End If RS = N Or (2 ^ (31 - S)) Else RS = Int(CDbl(N) / CDbl(2 ^ S)) 'RS = N \ (2 ^ S) End If End If End Function Private Function LS(ByVal N As Long, ByVal S As Long) As Long 'left shift bits If (S < 0) Or (S > 31) Then LS = 0 ElseIf S = 0 Then LS = N Else N = N And (2 ^ (32 - S) - 1) LS = WDbl(CDbl(N) * CDbl(WDbl(2 ^ S))) End If End Function Private Function WDbl(ByVal N As Double) As Long 'wrap a double back to a long While N > &H7FFFFFFF N = N - 4294967296# Wend While N < &H80000000 N = N + 4294967296# Wend WDbl = N End Function [/code] | February 12, 2010, 6:59 PM |
| Myndfyr | [quote author=Hdx link=topic=18165.msg184120#msg184120 date=1266000443] I took a look at it and it hasn't changed anything in the algo seince before and after anthology keys were introduced, but some of the 'new' keys the online store is generating are being decoded improperly by all of our implementations of the function. I dont have the tools to look into it much, but the public and product are being decoded fine iirc, its either the private, or the hash. [/quote] I bought D2 and SC keys from the online store, and they're being decoded fine by MBNCSUtl. *shrug* | February 12, 2010, 8:58 PM |
| Ringo | HDX just pm'ed me a 26 character cdkey, responcible for IP banning. It would apear, the cdkey has a 4 byte public value, as aposed to the normal 3 bytes (0x01XXXXXX, rather than 0x00XXXXXX, which is what BNCSutli outputs) After passing it though 1.16.1 battle.snp, and the above VB6 port of, I noticed that they were returning the full 4 byte public value, rather than the 3 bytes (4th 0x00) BNCSulti.dll returns. I've not tryed it on bnet, but id assume that would be a possible cause. Hope this helps. | February 13, 2010, 8:31 PM |
| HdxBmx27 | From some quick notepad work, it looks like 26 char cdkeys get decoded into the following: Product: 22 bits 0x3FFFFF Public: 26 bits 0x03FFFFFF Private: 80 bits 0xFFFFFFFFFFFFFFFFFFFF Bit layout: 22222222222222222222223333333333 33333333333333334444444444444444 44444444444444444444444444444444 44444444444444444444444444444444 2 = product 3 = public 4 = private I havent seen BNCSutil's decoder in a long time, but MBNCSutil can be fixed by changing: val1 = SWAP4(br.ReadUInt32() & 0xffffff00); to val1 = SWAP4(br.ReadUInt32() & 0xffffff03); But I would assume BNCSutil.dll does the same (00 not 03) | February 15, 2010, 9:50 PM |
| Myndfyr | Good call, Hdx. You're correct on the patch submission for MBNCSUtil. Before I commit, will that impact older CD keys or Warcraft 3 CD keys at all? | February 16, 2010, 4:41 AM |
| HdxBmx27 | It shouldn't, as the actual function has not changed. You were simply not returning all of the correct values. And I guess they have finally gotten to the 0x01000000+ public key :P Any code that bit shifts like the real game does [((buf[0] & 0x03FF) << 16) | ((buf[1] & 0xFFFF0000) >> 16)] should be fine. Yup, I was correct about BNCSutil.dll, it does exactly the same thing you do. http://filebeam.com/b75cd7ec6dcdb98b19c0b912f8ab4b50 I've hexed BNCSutil.dll and fixed it. Alls good now <3 | February 16, 2010, 6:24 AM |
| MesiaH | You guys never cease to amaze me. Thanks alot Hdx :) | February 17, 2010, 3:31 AM |