| Author | Message | Time |
|---|---|---|
| shadypalm88 | Has anyone ever had Battle.Net ignore a LOGONRESPONSE(2) packet? I sent it, Battle.net gave an ACK and did not close the connection, but didn't send anything back. This is an account I created to test account creation on my bot connected as Brood War. And no, Battle.Net does not ask for e-mail registration. Any ideas? | May 12, 2004, 1:23 AM |
| tA-Kane | [quote author=shadypalm88 link=board=17;threadid=6763;start=0#msg59682 date=1084325019]Battle.net gave an ACK ... but didn't send anything back.[/quote]You lost me there. Battle.net did or did not send anything back? If it didn't send anything back, then perhaps you should define ACK for me? | May 12, 2004, 1:34 AM |
| shadypalm88 | That's what shows up in Ethereal (packet logger). ACK is a TCP flag that Battle.net sent back saying that it recieved the LOGONRESPONSE2 packet. So it goes through, I don't get IP-banned, but I don't log on either. | May 12, 2004, 1:35 AM |
| tA-Kane | Do you have a packetlog? What client were you trying to emulate? | May 12, 2004, 1:52 AM |
| LoRd | If you enter an invalid password too many times, Battle.net will temporarily lock you out of the account without warning. | May 12, 2004, 2:10 AM |
| LW-Falcon | Its 5 times. | May 12, 2004, 2:26 AM |
| hismajesty | Yea, which client? Not all clients require e-mail accounts which could be why it didn't request one? :P | May 12, 2004, 2:45 AM |
| shadypalm88 | Nah, I'm thinking it's a lockout. My bot probably is creating accounts with incorrect passwords. Thanks. | May 12, 2004, 2:49 AM |
| LW-Falcon | You get locked out when you use the wrong password for an account 5 times. | May 12, 2004, 3:25 AM |
| Myndfyr | Nope, I send SID_LOGONRESPONSE2 for SC/BW/W2/D2/LoD and I connect fine. | May 12, 2004, 6:01 PM |
| Skywing | [quote author=LoRd[nK] link=board=17;threadid=6763;start=0#msg59692 date=1084327832] If you enter an invalid password too many times, Battle.net will temporarily lock you out of the account without warning. [/quote] IIRC, the lockout scheme is something like: start at a 20 second delay, and after each further failure double the delay time. At some point, Blizzard may have implemented sharing of lockout delays between all servers in a server cluster. | May 13, 2004, 1:02 AM |
| shadypalm88 | I'm just going to ressurect this briefly to add a note. I recently added "hashed" connections to my bot, with a slightly modified version of BnetAuth.dll. When it got to sending SID_LOGONRESPONSE2, this same thing was happenning, Battle.Net received the packet but apparently ignored it. When I logged on this account with the Brood War game, not more than 30 seconds later, the account was not locked, and Battle.Net did not report any failed login attempts. There was apparently a problem with the hashing routine because when I rewrote PasswordHash (A on some .dll's) in VB, it connected fine. So I guess Battle.Net will ignore your login packet if your hashing routine is horribly broken, even if your account is not locked. | May 29, 2004, 7:23 PM |
| UserLoser. | [quote author=shadypalm88 link=board=17;threadid=6763;start=0#msg62654 date=1085858580] I'm just going to ressurect this briefly to add a note. I recently added "hashed" connections to my bot, with a slightly modified version of BnetAuth.dll. When it got to sending SID_LOGONRESPONSE2, this same thing was happenning, Battle.Net received the packet but apparently ignored it. When I logged on this account with the Brood War game, not more than 30 seconds later, the account was not locked, and Battle.Net did not report any failed login attempts. There was apparently a problem with the hashing routine because when I rewrote PasswordHash (A on some .dll's) in VB, it connected fine. So I guess Battle.Net will ignore your login packet if your hashing routine is horribly broken, even if your account is not locked. [/quote] So before you were logging in without hashing any data? That's kind of hard. If your hash function is broken, it shouldn't matter because you'd get an invalid password response from Battle.net as long as it's still producing a 5 DWORD result. Otherwise, most likely you would get banned for a bad 0x3A packet size. | May 30, 2004, 2:53 AM |
| Adron | [quote author=UserLoser. link=board=17;threadid=6763;start=0#msg62726 date=1085885621] Otherwise, most likely you would get banned for a bad 0x3A packet size. [/quote] Unless you're sending the correct packet length, but your actual data is too short. Then it would seem to you that b.net is ignoring your packet. | May 30, 2004, 10:27 AM |
| shadypalm88 | [quote author=Adron link=board=17;threadid=6763;start=0#msg62765 date=1085912870] [quote author=UserLoser. link=board=17;threadid=6763;start=0#msg62726 date=1085885621] Otherwise, most likely you would get banned for a bad 0x3A packet size. [/quote] Unless you're sending the correct packet length, but your actual data is too short. Then it would seem to you that b.net is ignoring your packet. [/quote]Only I don't believe that it was just that Battle.Net was waiting for more data. It was a valid packet where the actual length matched the length in the header. You see, I tested this on an account that didn't exist yet. The first time the bot tried to log on, Battle.Net came back and said the account didn't exist. My bot created it. Then, when it went to actually log it on, using the same password hashing routine as it did when it tried to log on the first time, Battle.net "ignored" the packet. | May 30, 2004, 6:03 PM |
| Networks | [quote author=LoRd[nK] link=board=17;threadid=6763;start=0#msg59692 date=1084327832] If you enter an invalid password too many times, Battle.net will temporarily lock you out of the account without warning. [/quote] Does this lock everyone out for a amount of time or just the IP entering the invalid password? *possible exploit?* | May 31, 2004, 12:18 AM |
| Skywing | Just the IP address. | May 31, 2004, 12:21 AM |