Battle.net Bot Development | Transparent proxy over Warcraft3! Man In Middle attack foiled ?

Author	Message	Time
leax	hey guys i tried relay war3 packets over a proxy run on localhost, through 1. mapped uswest.battle.net to 127.0.0.1 and the porxy server would connect to the real battle net ip and relay the packets in the middle or 2. change the registry, the gateway Lorderon point to localhost, and relay the packets in the middle now the proxy logged the 0x1 then 0x50 ID_AUTH_INFO packet being sent, but as soon as it relayed the received 0x50 from server the war3 client dc itself so i tried the packet dump with and without the proxy, the results are 1. the 0x50 send is identical when war3 client connected to bnet or conencted to proxy 2. the 0x50 receive contain the same 128 byte Server Signiture does any one know how the hell war3 client figure out that it is getting proxied ? thanks	June 6, 2010, 11:38 AM
RealityRipple	The Server Signature at the end of SID_AUTH_INFO for WAR3 and W3XP is based on the server's IP. See this post for example code of checking a signature.	June 6, 2010, 2:33 PM
leax	thanks but the sample code seems incomplete 1. what is sig string, and array K, variable key and mod seems to be undeclared 2. N i assume to be the private hash key, but didnt hdx say its 128bit not 128 byte 3. no clue what &HBB is used for do u know the steps in general on how the signature is generated, i think i better off learning the concepts rather than figure out partial codes thanks [quote] Public Function checkServerSignature(sig As String, ip As String) As Boolean Dim I As Integer, Ret As Boolean Dim K() As Byte: Let K = Array(0, 1, 1, 0) Dim N() As Byte: Let N = Array(&HD5, &HA3, &HD6, &HAB, &HF, &HD, &HC5, &HF, &HC3, &HFA, &H6E, &H78, &H9D, &HB, &HE3, &H32, &HB0, &HFA, &H20, &HE8, &H42, &H19, &HB4, &HA1, &H3A, &H3B, &HCD, &HE, &H8F, &HB5, &H56, &HB5, &HDC, &HE5, &HC1, &HFC, &H2D, &HBA, &H56, &H35, &H29, &HF, &H48, &HB, &H15, &H5A, &H39, &HFC, &H88, &H7, &H43, &H9E, &HCB, &HF3, &HB8, &H73, &HC9, &HE1, &H77, &HD5, &HA1, &H6, &HA6, &H20, &HD0, &H82, &HC5, &H2D, &H4D, &HD3, &H25, &HF4, &HFD, &H26, &HFC, &HE4, &HC2, &H0, &HDD, &H98, &H2A, &HF4, &H3D, &H5E, &H8, &H8A, &HD3, &H20, &H41, &H84, &H32, &H69, &H8E, &H8A, &H34, &H76, &HEA, &H16, &H8E, &H66, &H40, &HD9, &H32, &HB0, &H2D, &HF5, &HBD, &HE7, &H57, &H51, &H78, &H96, &HC2, &HED, &H40, &H41, &HCC, &H54, &H9D, &HFD, &HB6, &H8D, &HC2, &HBA, &H7F, &H69, &H8D, &HCF) 'Do the calculation byte []result = new BigIntegerEx(BigIntegerEx.LITTLE_ENDIAN, sig).modPow(key, mod).toByteArray(); Dim CorrectResult As String: CorrectResult = String(Len(Result), Chr(&HBB)) CorrectResult = ip & Mid(CorrectResult, 5) Ret = True For I = 0 To Len(Result) Step 1 If Result(I) <> CorrectResult(I) Then Ret = False End If Next I End Function [/quote]	June 7, 2010, 4:16 AM
RealityRipple	Eh... I can't get a simple signature check working, so I can't invert the function... K = key, N = mod, for your reference, and that K appears to be wrong as well. Try using ValidateServerSignature from NLS.cs in MBNCSUtil.	June 7, 2010, 8:05 AM
HdxBmx27	http://en.wikipedia.org/wiki/RSA As I said in my old post its been a while, and again, it's been a while. But it's 128-byte(1024-bit) not 128-bit. N is the modulus which is agreed upon before hand, so is K. (In the image bellow, K is d) [quote][size=5]Decryption:[/size] Alice can recover m from c by using her private key exponent d by the following computation: [img]http://upload.wikimedia.org/math/5/a/1/5a1263b066c3fe90cbe062a789988ba3.png[/img] Given m, she can recover the original message M by reversing the padding scheme. (In practice, there are more efficient methods of calculating cd using the pre computed values above.)[/quote] The 0xBB's are used to pad the message up to a 128 byte boundary. So basically after decryption the signature looks like this: 11223344BBBBBBBBBBBB......etc where 11223344 is the server's IP. So the reason you are failing is because the Game is seeing: 3FF1530CBBBBBBBB.... When its expecting: 7F000001BBBBBBBB.... Anyways, if you're thinking of generating a fake signature, STOP NOW it uses a 1024-bit private key, which you will NEVER be able to figure out. So your best bet is to remove the check itself from the client. This is actually rather simple, just look for the Modulus (N) in the game's files. (I think it's in Game.dll) track it around to where it's used, and then make that function 'return true;' You'l have to do your own checkrevision, but thats really simple these days.	June 7, 2010, 8:54 PM

Author

Message

Time

leax

hey guys
i tried relay war3 packets over a proxy run on localhost, through
1. mapped uswest.battle.net to 127.0.0.1 and the porxy server would connect to the real battle net ip and relay the packets in the middle
or
2. change the registry, the gateway Lorderon point to localhost, and relay the packets in the middle

now the proxy logged the 0x1 then 0x50 ID_AUTH_INFO packet being sent, but as soon as it relayed the received 0x50 from server the war3 client dc itself

so i tried the packet dump with and without the proxy, the results are
1. the 0x50 send is identical when war3 client connected to bnet or conencted to proxy
2. the 0x50 receive contain the same 128 byte Server Signiture

does any one know how the hell war3 client figure out that it is getting proxied ?

thanks

June 6, 2010, 11:38 AM

RealityRipple

The Server Signature at the end of SID_AUTH_INFO for WAR3 and W3XP is based on the server's IP. See this post for example code of checking a signature.

June 6, 2010, 2:33 PM

leax

thanks

but the sample code seems incomplete
1. what is sig string, and array K, variable key and mod seems to be undeclared
2. N i assume to be the private hash key, but didnt hdx say its 128bit not 128 byte
3. no clue what &HBB is used for

do u know the steps in general on how the signature is generated, i think i better off learning the concepts rather than figure out partial codes

thanks

[quote]
Public Function checkServerSignature(sig As String, ip As String) As Boolean
Dim I As Integer, Ret As Boolean
Dim K() As Byte: Let K = Array(0, 1, 1, 0)
Dim N() As Byte: Let N = Array(&HD5, &HA3, &HD6, &HAB, &HF, &HD, &HC5, &HF, &HC3, &HFA, &H6E, &H78, &H9D, &HB, &HE3, &H32, &HB0, &HFA, &H20, &HE8, &H42, &H19, &HB4, &HA1, &H3A, &H3B, &HCD, &HE, &H8F, &HB5, &H56, &HB5, &HDC, &HE5, &HC1, &HFC, &H2D, &HBA, &H56, &H35, &H29, &HF, &H48, &HB, &H15, &H5A, &H39, &HFC, &H88, &H7, &H43, &H9E, &HCB, &HF3, &HB8, &H73, &HC9, &HE1, &H77, &HD5, &HA1, &H6, &HA6, &H20, &HD0, &H82, &HC5, &H2D, &H4D, &HD3, &H25, &HF4, &HFD, &H26, &HFC, &HE4, &HC2, &H0, &HDD, &H98, &H2A, &HF4, &H3D, &H5E, &H8, &H8A, &HD3, &H20, &H41, &H84, &H32, &H69, &H8E, &H8A, &H34, &H76, &HEA, &H16, &H8E, &H66, &H40, &HD9, &H32, &HB0, &H2D, &HF5, &HBD, &HE7, &H57, &H51, &H78, &H96, &HC2, &HED, &H40, &H41, &HCC, &H54, &H9D, &HFD, &HB6, &H8D, &HC2, &HBA, &H7F, &H69, &H8D, &HCF)

'Do the calculation
byte []result = new BigIntegerEx(BigIntegerEx.LITTLE_ENDIAN, sig).modPow(key, mod).toByteArray();

Dim CorrectResult As String: CorrectResult = String(Len(Result), Chr(&HBB))
CorrectResult = ip & Mid(CorrectResult, 5)

Ret = True
For I = 0 To Len(Result) Step 1
If Result(I) <> CorrectResult(I) Then
Ret = False
End If
Next I
End Function
[/quote]

June 7, 2010, 4:16 AM

RealityRipple

Eh... I can't get a simple signature check working, so I can't invert the function... K = key, N = mod, for your reference, and that K appears to be wrong as well. Try using ValidateServerSignature from NLS.cs in MBNCSUtil.

June 7, 2010, 8:05 AM

HdxBmx27

http://en.wikipedia.org/wiki/RSA
As I said in my old post its been a while, and again, it's been a while.
But it's 128-byte(1024-bit) not 128-bit.
N is the modulus which is agreed upon before hand, so is K. (In the image bellow, K is d)

[quote][size=5]Decryption:[/size]

Alice can recover m from c by using her private key exponent d by the following computation:
[img]http://upload.wikimedia.org/math/5/a/1/5a1263b066c3fe90cbe062a789988ba3.png[/img]
Given m, she can recover the original message M by reversing the padding scheme.
(In practice, there are more efficient methods of calculating cd using the pre computed values above.)[/quote]
The 0xBB's are used to pad the message up to a 128 byte boundary. So basically after decryption the signature looks like this:
11223344BBBBBBBBBBBB......etc where 11223344 is the server's IP.
So the reason you are failing is because the Game is seeing:
3FF1530CBBBBBBBB.... When its expecting:
7F000001BBBBBBBB....

Anyways, if you're thinking of generating a fake signature, STOP NOW it uses a 1024-bit private key, which you will NEVER be able to figure out.
So your best bet is to remove the check itself from the client. This is actually rather simple, just look for the Modulus (N) in the game's files. (I think it's in Game.dll) track it around to where it's used, and then make that function 'return true;' You'l have to do your own checkrevision, but thats really simple these days.

June 7, 2010, 8:54 PM

Valhalla Legends Forums Archive | Battle.net Bot Development | Transparent proxy over Warcraft3! Man In Middle attack foiled ?