| Author | Message | Time |
|---|---|---|
| Anubis | I'm attempting to make a bot with WAR3 hashing... So, I have packet logged WarCraft 3 and found a few different packets. I connected 2 times while packet logging and here's the different packets: First Connect: Packet #8 (The packet that showed up 8th) starts with: 00 00 00 00 00 46 37 7B 91 E7 C3 01 16 08 B0 00 .....F7{........ Packet #9 starts with: FF 51 86 00 2B 07 B0 00 9C 0F 00 01 C2 7B E4 ED .Q..+........{.. Second Connect: Packet #8 starts with: 00 00 00 00 00 81 8F 83 91 E7 C3 01 AD C7 BD 00 ............... Packet #9 starts with: FF 51 86 00 D3 C6 BD 00 9C 0F 00 01 C4 0F 19 BC .Q............. Could anyone please tell me what these packets are (0xXX)? Also, what would these packets contain and what would make them change each connect? Any help is much appreciated. Thanks | July 1, 2004, 6:01 PM |
| GoSuGaMING | [quote author=Anubis link=board=17;threadid=7524;start=0#msg68092 date=1088704883] I'm attempting to make a bot with WAR3 hashing... So, I have packet logged WarCraft 3 and found a few different packets. I connected 2 times while packet logging and here's the different packets: First Connect: Packet #8 (The packet that showed up 8th) starts with: 00 00 00 00 00 46 37 7B 91 E7 C3 01 16 08 B0 00 .....F7{........ Packet #9 starts with: FF 51 86 00 2B 07 B0 00 9C 0F 00 01 C2 7B E4 ED .Q..+........{.. Second Connect: Packet #8 starts with: 00 00 00 00 00 81 8F 83 91 E7 C3 01 AD C7 BD 00 ............... Packet #9 starts with: FF 51 86 00 D3 C6 BD 00 9C 0F 00 01 C4 0F 19 BC .Q............. Could anyone please tell me what these packets are (0xXX)? Also, what would these packets contain and what would make them change each connect? Any help is much appreciated. Thanks [/quote] Best of wishes to you.... there are some stuff about war3 hashing ( tables *arrays*) ect on the forum already... you can do a search on them and that may be some help to get you started... Packet #9 starts with: FF 51 86 00 2B 07 B0 00 9C 0F 00 01 C2 7B E4 ED .Q..+........{.. FF 51 = Header the packet is in the header... &H51 or 0x51 | July 1, 2004, 6:04 PM |
| Anubis | so then would packet 00 00 00 00 00 46 37 7B 91 E7 C3 01 16 08 B0 00 be 0x00? Packets are so confusing :-\ | July 1, 2004, 6:13 PM |
| GoSuGaMING | [quote author=Anubis link=board=17;threadid=7524;start=0#msg68098 date=1088705596] so then would packet 00 00 00 00 00 46 37 7B 91 E7 C3 01 16 08 B0 00 be 0x00? Packets are so confusing :-\ [/quote] &H0 but i think thats what bnet sent to you on recieve... use WPE Pro and post the packet log and i will help you.. | July 1, 2004, 6:16 PM |
| Anubis | Whenever I copy the packets from WPE it coemes out like this (Also, here's the whole packet): 00 00 00 00 00 46 37 7B 91 E7 C3 01 16 08 B0 00 1A 00 00 00 0E 00 00 00 15 E0 1F 00 00 00 00 00 29 92 82 38 CB AE C1 F3 BB 0D 1E 61 BF 31 A9 01 ED 94 BF 7B 49 58 38 36 76 65 72 33 2E 6D 70 71 00 And the text for it is: .....F7{........................)..8.......a.1.....{IX86ver3.mpq. | July 1, 2004, 6:22 PM |
| GoSuGaMING | [quote author=Anubis link=board=17;threadid=7524;start=0#msg68101 date=1088706145] Whenever I copy the packets from WPE it coemes out like this (Also, here's the whole packet): 00 00 00 00 00 46 37 7B 91 E7 C3 01 16 08 B0 00 1A 00 00 00 0E 00 00 00 15 E0 1F 00 00 00 00 00 29 92 82 38 CB AE C1 F3 BB 0D 1E 61 BF 31 A9 01 ED 94 BF 7B 49 58 38 36 76 65 72 33 2E 6D 70 71 00 And the text for it is: .....F7{........................)..8.......a.1.....{IX86ver3.mpq. [/quote] it should tell you send / recieve... heres an example [quote] 1 Hide Hide 67 Send 0000 01 FF 50 3A 00 00 00 00 00 36 38 58 49 50 58 45 ..P:.....68XIPXE 0010 53 C9 00 00 00 00 00 00 00 00 00 00 00 00 00 00 S............... 0020 00 00 00 00 00 00 00 00 00 55 53 41 00 55 6E 69 .........USA.Uni 0030 74 65 64 20 53 74 61 74 65 73 00 FF 25 08 00 00 ted States..%... 0040 00 00 00 ... 2 Hide Hide 8 Recv 0000 FF 25 08 00 19 98 BC BF .%...... 3 Hide Hide 99 Recv 0000 FF 50 63 00 00 00 00 00 7A 5F 1F 3A 42 99 00 00 .Pc.....z_.:B... 0010 00 81 8F 83 91 E7 C3 01 49 58 38 36 76 65 72 37 ........IX86ver7 0020 2E 6D 70 71 00 41 3D 33 36 39 38 35 30 33 35 30 .mpq.A=369850350 0030 20 42 3D 37 36 34 39 39 31 32 34 36 20 43 3D 34 B=764991246 C=4 0040 37 39 36 38 30 34 35 38 20 34 20 41 3D 41 5E 53 79680458 4 A=A^S 0050 20 42 3D 42 5E 43 20 43 3D 43 2B 41 20 41 3D 41 B=B^C C=C+A A=A 0060 5E 42 00 [/quote] | July 1, 2004, 6:27 PM |
| Twix | how do u make etneral show what is sent and what is recv i could never find it | July 1, 2004, 6:29 PM |
| Anubis | How do I copy the whole thing? I can't seem to find a copy button around there... Oh and do you want me to paste everything logged or just packet 8? | July 1, 2004, 6:30 PM |
| Twix | i think he wants the full thing and also there is a save log to txt file | July 1, 2004, 6:31 PM |
| Anubis | Oh, sorry I didn't see the save to txt/log... Anyway here's the full log: 1 0.0.0.0:1380 :0 35 SendTo 0000 00 03 01 00 00 01 00 00 00 00 00 00 06 75 73 77 .............usw 0010 65 73 74 06 62 61 74 74 6C 65 03 6E 65 74 00 00 est.battle.net.. 0020 01 00 01 ... 2 :0 0.0.0.0:1380 387 RecvFrom 0000 00 03 81 80 00 01 00 0C 00 04 00 04 06 75 73 77 .............usw 0010 65 73 74 06 62 61 74 74 6C 65 03 6E 65 74 00 00 est.battle.net.. 0020 01 00 01 C0 0C 00 01 00 01 00 00 01 47 00 04 3F ............G..? 0030 F1 53 6F C0 0C 00 01 00 01 00 00 01 47 00 04 3F .So.........G..? 0040 F1 53 70 C0 0C 00 01 00 01 00 00 01 47 00 04 3F .Sp.........G..? 0050 F1 53 07 C0 0C 00 01 00 01 00 00 01 47 00 04 3F .S..........G..? 0060 F1 53 08 C0 0C 00 01 00 01 00 00 01 47 00 04 3F .S..........G..? 0070 F1 53 09 C0 0C 00 01 00 01 00 00 01 47 00 04 3F .S..........G..? 0080 F1 53 0B C0 0C 00 01 00 01 00 00 01 47 00 04 3F .S..........G..? 0090 F1 53 0C C0 0C 00 01 00 01 00 00 01 47 00 04 3F .S..........G..? 00A0 F1 53 0D C0 0C 00 01 00 01 00 00 01 47 00 04 3F .S..........G..? 00B0 F1 53 6B C0 0C 00 01 00 01 00 00 01 47 00 04 3F .Sk.........G..? 00C0 F1 53 6C C0 0C 00 01 00 01 00 00 01 47 00 04 3F .Sl.........G..? 00D0 F1 53 6D C0 0C 00 01 00 01 00 00 01 47 00 04 3F .Sm.........G..? 00E0 F1 53 6E C0 13 00 02 00 01 00 00 1A 93 00 0C 09 .Sn............. 00F0 65 75 72 2D 67 75 61 72 64 C0 13 C0 13 00 02 00 eur-guard....... 0100 01 00 00 1A 93 00 0C 09 6B 6F 72 2D 67 75 61 72 ........kor-guar 0110 64 C0 13 C0 13 00 02 00 01 00 00 1A 93 00 0C 09 d............... 0120 75 73 65 2D 67 75 61 72 64 C0 13 C0 13 00 02 00 use-guard....... 0130 01 00 00 1A 93 00 0C 09 75 73 77 2D 67 75 61 72 ........usw-guar 0140 64 C0 13 C0 EF 00 01 00 01 00 01 38 7A 00 04 D5 d..........8z... 0150 F8 6A FB C1 07 00 01 00 01 00 01 38 7A 00 04 D3 .j.........8z... 0160 E9 00 7B C1 1F 00 01 00 01 00 00 8E 8C 00 04 3F ..{............? 0170 F0 CA B2 C1 37 00 01 00 01 00 01 38 7A 00 04 3F ....7......8z..? 0180 F1 53 3B .S; 3 10.0.0.4:1381 63.241.83.107:6112 1 Send 0000 01 . 4 10.0.0.4:1381 63.241.83.107:6112 58 Send 0000 FF 50 3A 00 00 00 00 00 36 38 58 49 50 58 33 57 .P:.....68XIPX3W 0010 0F 00 00 00 53 55 6E 65 0A 00 00 04 68 01 00 00 ....SUne....h... 0020 09 04 00 00 09 04 00 00 55 53 41 00 55 6E 69 74 ........USA.Unit 0030 65 64 20 53 74 61 74 65 73 00 ed States. 5 10.0.0.4:1381 63.241.83.107:6112 8 Send 0000 FF 25 08 00 D0 8C 21 A7 .%....!. 6 10.0.0.4:1382 63.241.83.107:6112 1 Send 0000 02 . 7 10.0.0.4:1382 63.241.83.107:6112 20 Send 0000 14 00 00 02 36 38 58 49 50 58 33 57 00 00 00 00 ....68XIPX3W.... 0010 00 00 00 00 .... 8 10.0.0.4:1382 63.241.83.107:6112 65 Send 0000 00 00 00 00 00 46 37 7B 91 E7 C3 01 16 08 B0 00 .....F7{........ 0010 1A 00 00 00 0E 00 00 00 15 E0 1F 00 00 00 00 00 ................ 0020 29 92 82 38 CB AE C1 F3 BB 0D 1E 61 BF 31 A9 01 )..8.......a.1.. 0030 ED 94 BF 7B 49 58 38 36 76 65 72 33 2E 6D 70 71 ...{IX86ver3.mpq 0040 00 . Edit: I noticed there's only one receive packet. Why isn't there more listed? Edit2: Took some advice from another post ;) | July 1, 2004, 6:33 PM |
| BaDDBLooD | You shouldn't post whole packetlog's ( they include valuable data like username/password/cdkey ) which can be Extracted via some sneaky people crawling around these forums ^_^ | July 1, 2004, 8:35 PM |
| Myndfyr | Joyous days I can see Gosu is not only being not helpful, he's providing incorrect information. [me=Myndfyre]sighs[/me] Anubis, you're off to a good start. You have the right idea. Here's what happens when a Warcraft client connects to Battle.net: Sent: the byte value 0x01, or just 1. This identifies to Battle.net that you are using the binary/game protocol. This is the only transmission that doesn't conform to the packet header format (see below). Sent: Packet 0x50, SID_AUTH_INFO, documented in BnetDocs. Recv: Packet 0x50, SID_AUTH_INFO, 0x25, SID_PING. Sent: 0x25 SID_PING (optional), 0x51, SID_AUTH_CHECK Recv: Packet 0x51, SID_AUTH_CHECK How you go from here varies based on what you do at the login screen. But, SID_AUTH_CHECK verifies your cd-key(s). Packet headers for Battle.net are in the following format: BYTE 0xff (constant) BYTE packet ID WORD packet length The rest of the packet data comes after that. If a packet doesn't begin with 0xff, it's either a continuation (unlikely -- Ethereal will tell you if that's the case), or it's not part of the BNCS (Battle.net Chat Server) protocol communication. It might be DNS resolution or something like that. I've found that Ethereal does a really good job about keeping data apart from the TCP headers, and it starts typically around offset 0x37 if I recall correctly. That's what you want to look at -- ignore the first part of packet headers. Go strictly for the data, which it looks like that's what you've been copying. Anyway, I would suggest checking out the BNLS Protocol Spec, which contains information about packets 0x50, 0x51, and the other Warcraft-III-related packets which aren't contained in the public section of BnetDocs, which I also highly recommend. This is the information you'll need to emulate the Warcraft III client, and unless you have the hashing algorithms, you'll probably end up using BNLS. Also, read the private message I'm about to send you. | July 1, 2004, 8:36 PM |
| ChR0NiC | [quote author=BaDDBLooD link=board=17;threadid=7524;start=0#msg68115 date=1088714141] You shouldn't post whole packetlog's ( they include valuable data like username/password/cdkey ) which can be Extracted via some sneaky people crawling around these forums ^_^ [/quote] *looks around for 0x3A* Nope he's just fine -.- | July 7, 2004, 6:40 AM |
| BaDDBLooD | I meant, posting whole packetlog's is dangerous in general. | July 7, 2004, 3:35 PM |
| bethra | [quote author=Myndfyre link=board=17;threadid=7524;start=0#msg68117 date=1088714180] Joyous days I can see Gosu is not only being not helpful, he's providing incorrect information. Sent: the byte value 0x01, or just 1. This identifies to Battle.net that you are using the binary/game protocol. This is the only transmission that doesn't conform to the packet header format (see below). Sent: Packet 0x50, SID_AUTH_INFO, documented in BnetDocs. Recv: Packet 0x50, SID_AUTH_INFO, 0x25, SID_PING. Sent: 0x25 SID_PING (optional), 0x51, SID_AUTH_CHECK Recv: Packet 0x51, SID_AUTH_CHECK Packet headers for Battle.net are in the following format: BYTE 0xff (constant) BYTE packet ID WORD packet length BnetDocs, which I also highly recommend. This is the information you'll need to emulate the Warcraft III client, and unless you have the hashing algorithms, you'll probably end up using BNLS. [/quote] I'm trying to send the 0x50 packet with the BufferPacket class made by darkminion... I've done everything up to these instruction but I'm not getitng a response in vb winsock. This DataArrival event in vb for winsock... I'm not recieving anything at all omg Private Sub SID_AUTH_INFO() Dim PBuf As New PacketBuffer PBuf.InsertDWORD 0 PBuf.InsertNonNTString "68XI" PBuf.InsertNonNTString "RATS" PBuf.InsertDWORD &HC9 PBuf.InsertDWORD 0 PBuf.InsertDWORD 0 PBuf.InsertDWORD 0 PBuf.InsertDWORD 0 PBuf.InsertDWORD 0 PBuf.InsertNTString "USA" PBuf.InsertNTString "United States" PBuf.SendPacket ws, &H50 End Sub I don't think anything is wrong! I"m not getitng a response goddamnit. Am I not suppose to use this DataArrival event or something b/c everything I try I get nothing from it! | July 7, 2004, 6:03 PM |
| iago | [quote author=BaDDBLooD link=board=17;threadid=7524;start=0#msg68115 date=1088714141] You shouldn't post whole packetlog's ( they include valuable data like username/password/cdkey ) which can be Extracted via some sneaky people crawling around these forums ^_^ [/quote] War3's login is designed in such a way that the password can't be bruteforced, no matter how much time you have. SRP makes it impossible. For some info, see Userloser's link: http://www.userloser.net/packetref/nlspackets.asp | July 7, 2004, 6:13 PM |
| BaDDBLooD | Oh ok =) | July 7, 2004, 6:29 PM |
| ChR0NiC | [quote author=iago link=board=17;threadid=7524;start=15#msg69045 date=1089224032] For some info, see Userloser's link: http://www.userloser.net/packetref/nlspackets.asp [/quote] Yay, no more having to look through that ugly ProtoSpec for 0x52 - 0x56 Packet Information :P | July 7, 2004, 7:09 PM |
| UserLoser. | [quote author=iago link=board=17;threadid=7524;start=15#msg69045 date=1089224032] [quote author=BaDDBLooD link=board=17;threadid=7524;start=0#msg68115 date=1088714141] You shouldn't post whole packetlog's ( they include valuable data like username/password/cdkey ) which can be Extracted via some sneaky people crawling around these forums ^_^ [/quote] War3's login is designed in such a way that the password can't be bruteforced, no matter how much time you have. SRP makes it impossible. For some info, see Userloser's link: http://www.userloser.net/packetref/nlspackets.asp [/quote] Bah, should finish all the pages :) | July 7, 2004, 11:29 PM |
| Maddox | [quote author=iago link=board=17;threadid=7524;start=15#msg69045 date=1089224032] [quote author=BaDDBLooD link=board=17;threadid=7524;start=0#msg68115 date=1088714141] You shouldn't post whole packetlog's ( they include valuable data like username/password/cdkey ) which can be Extracted via some sneaky people crawling around these forums ^_^ [/quote] War3's login is designed in such a way that the password can't be bruteforced, no matter how much time you have. SRP makes it impossible. For some info, see Userloser's link: http://www.userloser.net/packetref/nlspackets.asp [/quote] Some of those are incorrect. | July 10, 2004, 10:19 AM |
| ChR0NiC | Like which ones?? I would like to know, before I attempt to do anything and result in one of those blasted IP Bans >:( [quote] S => C (BYTE) Ladder type (WORD) *How many bytes all of the packets are (WORD) *How many bytes this packet is (WORD) *How many bytes have not been recieved yet in other packets (WORD) Always zero, except in the last packet recieved from the server includes a zero-based rank of the starting entries recieved (WORD) Unknown (0) (VOID) Ladder data * Excludes the first byte of the packet, and it's first 5 WORDs. Format of ladder data (DWORD) Experience (DWORD) Unknown (0) (BYTE) Character class (BYTE) Character name prefix (WORD) Character level (STRING) **Character name Possible character classes: 0x00: Amazon 0x01: Sorceress 0x02: Necromancer 0x03: Paladin 0x04: Barbarian 0x05: Druid 0x06: Assassin Character name prefixes are the same as they appear in statstring. ** Always 16 BYTEs long; if the character name is less than 15 characters, it is followed with null BYTEs. The server may send you multiple amounts of these packets for one request. It's up to you to figure out which data goes where, usually you have to concatnate the packets recieved in a backwards order; so the last packet recieved would be the first part of the buffer to be parsed while the first packet recieved is the last part of the buffer to be parsed. [/quote] This one confused me a little bit, where it said [quote] * Excludes the first byte of the packet, and it's first 5 WORDs. [/quote] Cuz I don't know if it's referring to the overall packet or each Ladder Data. And if either, are we talking about the beginning or end of the packet? I realize that if I would just take the time to try and plug that format into one of my packet logs it probably wouldn't be too hard to figure out, but not everyone is able to do this and not everyone is blessed with WPE Pro (being that it can only be used on Win XP) | July 10, 2004, 6:14 PM |
| kamakazie | [quote author=ChR0NiC link=board=17;threadid=7524;start=15#msg69546 date=1089483263] Like which ones?? I would like to know, before I attempt to do anything and result in one of those blasted IP Bans >:( [quote] S => C (BYTE) Ladder type (WORD) *How many bytes all of the packets are (WORD) *How many bytes this packet is (WORD) *How many bytes have not been recieved yet in other packets (WORD) Always zero, except in the last packet recieved from the server includes a zero-based rank of the starting entries recieved (WORD) Unknown (0) (VOID) Ladder data * Excludes the first byte of the packet, and it's first 5 WORDs. Format of ladder data (DWORD) Experience (DWORD) Unknown (0) (BYTE) Character class (BYTE) Character name prefix (WORD) Character level (STRING) **Character name Possible character classes: 0x00: Amazon 0x01: Sorceress 0x02: Necromancer 0x03: Paladin 0x04: Barbarian 0x05: Druid 0x06: Assassin Character name prefixes are the same as they appear in statstring. ** Always 16 BYTEs long; if the character name is less than 15 characters, it is followed with null BYTEs. The server may send you multiple amounts of these packets for one request. It's up to you to figure out which data goes where, usually you have to concatnate the packets recieved in a backwards order; so the last packet recieved would be the first part of the buffer to be parsed while the first packet recieved is the last part of the buffer to be parsed. [/quote] This one confused me a little bit, where it said [quote] * Excludes the first byte of the packet, and it's first 5 WORDs. [/quote] Cuz I don't know if it's referring to the overall packet or each Ladder Data. And if either, are we talking about the beginning or end of the packet? I realize that if I would just take the time to try and plug that format into one of my packet logs it probably wouldn't be too hard to figure out, but not everyone is able to do this and not everyone is blessed with WPE Pro (being that it can only be used on Win XP) [/quote] I'm pretty sure this is the correct way to parse the ladder data for Diablo II. I messaged UserLoser with this information but I don't know if he received it and he hasn't updated his site to reflect the changes. You receive the packets in the following manner. Each time you receive data you should append to the ladder data to any other data you already receive in another buffer. When you've receive the full ladder data, then you move on to parsing it. (BYTE) Ladder Type (WORD) Ladder Data Full Length (WORD) Ladder Data Current Recv Length (WORD) Ladder Data Already Recv Length (VOID) Ladder Data After recieve the full ladder data then you parse that data as follows: --- Ladder Data --- (DWORD) Rank Start (DWORD) Number of Player Records (DWORD) Rank End (VOID) Player Records This is the structure for each player record. I'm pretty sure that is a QWORD (2 DWORDS), however I am not entirely sure. Perhaps someone can correct this? --- Player Record --- (QWORD) Experience (BYTE) Class (BYTE) Title (BYTE) Level (BYTE) Unknown (STRING) Character (padded to 16 bytes) | July 11, 2004, 1:41 AM |
| iago | [quote author=GoSuGaMING link=board=17;threadid=7524;start=15#msg69614 date=1089512287] [quote author=Eibro[yL] link=board=17;threadid=7524;start=15#msg69613 date=1089512225] [quote author=GoSuGaMING link=board=17;threadid=7524;start=15#msg69610 date=1089511788] I'm not that dumb to leak that :P ;D [/quote]What, you mean this? [/quote] yeah but it uses a modified SRP code... [/quote] Not really. Incidentally, that link you posted is Arta's cdkey decode. Where'd you get it from? | July 11, 2004, 7:05 AM |
| Maddox | [quote author=iago link=board=17;threadid=7524;start=15#msg69650 date=1089529528] [quote author=GoSuGaMING link=board=17;threadid=7524;start=15#msg69614 date=1089512287] [quote author=Eibro[yL] link=board=17;threadid=7524;start=15#msg69613 date=1089512225] [quote author=GoSuGaMING link=board=17;threadid=7524;start=15#msg69610 date=1089511788] I'm not that dumb to leak that :P ;D [/quote]What, you mean this? [/quote] yeah but it uses a modified SRP code... [/quote] Not really. Incidentally, that link you posted is Arta's cdkey decode. Where'd you get it from? [/quote] No, it's not. It's mine, and an old one at that. The 2nd function is different however. | July 11, 2004, 8:15 AM |
| UserLoser. | I wish I'd stop getting blamed for this. Apparently I gave this out sometime over the last few days (which I didn't), but all you newbies who all have me on AIM and bug me 24/7 should have known that I've obviously had an away message on almost 24/7 for the last week, saying i'm on Warcraft III. I didn't give out this code, I never had full Madd0x cdkey decode, nor do I use his cdkey decode; so stop blaming and pointing at me Clan Exile and fellow newbie programmers. | July 11, 2004, 9:07 AM |
| BinaryzL | [quote author=UserLoser. link=board=17;threadid=7524;start=30#msg69665 date=1089536824] I wish I'd stop getting blamed for this. Apparently I gave this out sometime over the last few days (which I didn't), but all you newbies who all have me on AIM and bug me 24/7 should have known that I've obviously had an away message on almost 24/7 for the last week, saying i'm on Warcraft III. I didn't give out this code, I never had full Madd0x cdkey decode, nor do I use his cdkey decode; so stop blaming and pointing at me Clan Exile and fellow newbie programmers. [/quote] Yeah, he didn't give it out nor do I know who did. | July 11, 2004, 1:22 PM |