Valhalla Legends Forums Archive | Battle.net Bot Development References | Lag Spoof Still Possible?

AuthorMessageTime
timbo
apparently lag spoofing is still possible.  I dont understand flags of 16  I would assume these flags allow latency to be misrepresented.   I've not seen anyone with flags like this before (i've not joined bliz tech support to see what they are flagged with tho)

I was under the impression that when you attempted to misrepresent latency with 0 or -1 it now resulted in tripping bnet's "not a real client and ban" feature.

there's alot more where this came from.  quite an annoying bot, logs on, spams joins/leaves, logs off before you can ban it 90% of the time, rotates cd keys and it comes right back.

[code]
[23:03:09] *** NuLLFLooD-00004  [-1ms]  [SEXP]  [16]  has joined the channel.
[23:03:09] *** NuLLFLooD-00004 has left the channel.
[23:03:09] *** NuLLFLooD-00004  [-1ms]  [SEXP]  [16]  has joined the channel.
[23:03:09] *** NuLLFLooD-00004 has left the channel.
[23:03:09] *** NuLLFLooD-00004  [-1ms]  [SEXP]  [16]  has joined the channel.
[23:03:09] *** NuLLFLooD-00004 has left the channel.
[/code]
January 4, 2003, 9:17 PM
RhiNo
Whats wrong with keeping the lag icon you get when you log on? Its not like that little icon on the right is anything special.
January 4, 2003, 10:43 PM
UserLoser
Skip packet 25 upon connecting (Dont respond to it)
January 4, 2003, 10:43 PM
timbo
[quote]please dont get started with flood bot all over again.  just /squelch it and its fine[/quote]

logon
join
leave
join
leave
join
leave
join
leave
join
leave
join
leave
join
leave
join
logoff

how does squelch help that?  thats alot of spam when there are multiple threads running this =\
January 4, 2003, 10:49 PM
RhiNo
Well you could start by taking off join/leave notifications. If you dont want to do that forever make it an option.
January 4, 2003, 10:50 PM
erase
personally, join/leave notifications are annoying...That's what the channel list is for?
January 4, 2003, 10:56 PM
MesiaH
That -1 latency thing is not really spoofing, you just ignore 0x25.

As for the flags of 16, this flag is obtained by sending invalid data in 0x14, or not sending it at all. This is when you see a little "plug" instead of a lag bar, indicating the client is not processing UDP packets.

Ive taken note that most of these flood bots have -1 ping, so if you want your IP ban to be more accurate, make it check to see if the user is squelched, and has -1 ping.
January 4, 2003, 10:58 PM
MesiaH
Just create dynamic chat filters, or make a filtering system, and add the filter urself..
January 4, 2003, 11:07 PM
timbo
i use join/leaves most the time unless there's alot of ppl around and i turn it off

udp plug = 16 and -1ms, thx

ya custom filter works no prob ^_^
January 4, 2003, 11:17 PM
Zakath
Someone's displaying flags in decimal rather than hex. Silly persons.

Plug should be flags of 0x10, not 16. :P
Incidentally, you have the same flags whenever you have a UDP plug regardless of whether or not you send the response to 0x25.

To prove my point...

[22:47:03] ZakBot is here using Starcraft (0 normal game wins), with a ping time of 47ms and flags of 10.

and

[22:48:02] ZakBot is here using Starcraft (0 normal game wins), with a ping time of -1ms and flags of 10.
January 4, 2003, 11:48 PM
tA-Kane
The reason that's occuring (in case you haven't already figured it out) is because 0x25 is sent over the existing TCP connection, whereas the 0x14 packet signifies that the client was (or the absence of, was not) able to receive Battle.net's UDP responses.

The ping time is generated by 0x25. 0x14 simply tells the server that the client shouldn't be able to join/create games (I have not tested to see if the client is still able to join/create games, though, but it wouldn't surprise me), which in turn changes the ping icon, to let other users know that the user will not be able to play games with them.

Since the user is not able to play games, the user's ping time is useless to most other users, because the ping time shows the other users an approximate latency for the user, and so the "plug" icon replaces the ping icon, instead of being displayed in its own location.
January 5, 2003, 2:10 AM
MiCrOz
You can skip packet 0x25 for the -1ms but is it possible to "spoof" ur ping? like have 1337ms or something, or is the ping determened by server through 0x25?
January 5, 2003, 4:12 AM
Etheran
You can delay sending 0x25 x seconds to achieve [actual ping + x] ms.  There's a good example of this in EthBot.  I used Sleep() to delay, so it will freeze your program.(unless you process that packet on another thread.)  ;D
http://aodw.hypermart.net/EthBotFull.zip
January 5, 2003, 6:45 AM
MesiaH
using Sleep() to delay your ping packet is horrible, it will stop all messages being sent and received from your application.

But he is right, you can delay the packet (which will also delay the login time) to make your latency higher. And if you wanted to be even more cool, you can delay the packet, and not send 0x14, so anybody with join/leave notifications will see a huge ass ping, with a lil plug icon, fun++ :P

microz, you cant spoof your ping to anything, all that comes in the 0x25 is random "stuff", and i assume the server now just calculates the time it takes to return the "stuff", in order to acheive your latency.
January 5, 2003, 6:45 PM
Zakath
The calculation is still flawed in some way. Else, I would not have been able to get the server to report a ping time of 0 - which it has done for me on numerous occasions via the OC3 connection I use at school.
January 9, 2003, 1:10 AM
Zakath
Yes, but it isn't possible to ping a server in a different state than me in 0 milliseconds!

All I'm saying is that it isn't simple substraction. The calculation is screwy somehow.
January 9, 2003, 1:19 AM
Arta
That's because they use a low resolution time (like GetTickCount) to calculate pings.
January 9, 2003, 1:58 AM

Search