Valhalla Legends Forums Archive | Battle.net Bot Development | 0x51 CDKEY hashing

AuthorMessageTime
taylorjonl
I am trying to get a little CDKEY spoofer. Basically it is a proxy that will replace the CDKEY sent to battlenet with a valid CDKEY. It will not affect any part of the packet except for bytes 24-96 since D2 has 2 CDKEYs at 36 bytes per key. I am having some issues with the CDKEY hashing. I have seen the bnetauth.dll and it has a prototype of

[code]HashCDKey(char* outbuf, unsigned long serverhash, unsigned long prodid, unsigned long val1, unsigned long val2, unsigned long Seed)[/code]

The 3rd, 4th and 5th arg come from CheckRevision(). Not a problem since those are included in the 0x51 packet or I can get those values easily. The 2nd and 6th are the ones I am a little confused about. I think he 2nd is the Server Token from the 0x50 packet. The Seed I am totally confused about. The bnetdocs state you need both the client and server tokens. Is it the client token?

I have been just printing my attempts at hashing and they are not the same as what is sent to battlenet. Is this normal? Will it differ each time it is hashed on the same connection or do only different connections with a different token differ?

I would like to ask before I retry since I have already been IP banned a few times for failed attempts. Does anyone have any insight they would like to share or does a DLL exits that does the CheckRevision and all my hashing needs, including Password hashing in case I need it in the future?
February 1, 2004, 3:25 AM
UserLoser.
The client token is up to you, hence "client". I'd use 0xbaadbeef for that
February 1, 2004, 3:51 AM
taylorjonl
[quote author=UserLoser. link=board=17;threadid=5021;start=0#msg42045 date=1075607487]
The client token is up to you, hence "client". I'd use 0xbaadbeef for that
[/quote]

Can you elaborate on how it fits into the puzzle? Is it the SEED? or is it just not relevent when hashing the CDKEY?
February 1, 2004, 3:53 AM
UserLoser.
[quote author=taylorjonl link=board=17;threadid=5021;start=0#msg42046 date=1075607596]
[quote author=UserLoser. link=board=17;threadid=5021;start=0#msg42045 date=1075607487]
The client token is up to you, hence "client". I'd use 0xbaadbeef for that
[/quote]

Can you elaborate on how it fits into the puzzle? Is it the SEED? or is it just not relevent when hashing the CDKEY?
[/quote]

Seed, is client token; which you the client choose. The client token and server token are both used with hashing the CDKey (five DWORDs), along with 3 values that are decoded from the CDKey, along with a Null DWORD.. Server token is recieved in 0x50. As far as decoding the CDKey, it's up to you to find the public source/disassemble/use BNLS to get those values

5 DWORD CDKey hash:
[quote]
Client Token
Server Token
Key Product (from decoded CD key)
Key Value1 (from decoded CD key)
(DWORD) 0
Key Value2 (from decoded CD key)
[/quote]

Yes, it's important when hashing the CDKey
February 1, 2004, 3:58 AM
taylorjonl
Thx a lot.

I know how to do the other 3 values it was just the Server and Client tokens I didn't know what to do with.

Again, I appreciate the information.
February 1, 2004, 4:04 AM

Search