Valhalla Legends Forums Archive | Battle.net Bot Development | WCIII Login info?

AuthorMessageTime
0xdeadc0de
??? Is there any public info available on the wc3 login sequence?
October 10, 2002, 3:49 PM
Skywing
http://www.valhallalegends.com/yoni/BNLSProtocolSpec.txt
October 12, 2002, 12:45 PM
Spht
PacketBuf.InsertNTString m_Username
PacketBuf.InsertNTString m_Password
PacketBuf.SendBNLSPacket wsBNLS, &H2
October 13, 2002, 5:55 PM
Zeller
Using the bnls seems convenient enough. Dous any 1 here actually use it with there bot’s logon? Personally I would rather have all the calculations and crap built into my bot so it wouldn’t be so dependent on the stability of that server.
October 14, 2002, 6:38 PM
iago.
I think the whole point of skywing's BNLS is to force everybody to rely on his "monopoly" :-)
October 15, 2002, 3:04 PM
Skywing
Of course, nobody's forcing you to use it.  However, last time I checked, there had been over 60000 connections (since August)... that should give you an idea about how many people use it.

Keep in mind that you don't need to use all of BNLS's features; for example, you could use it to run the version check, but do the CD-key proceessing locally.  The primary advantages of using BNLS are not having to port the code for the various algorithms needed to logon, and compatibilitiy with future game versions with no changes to your client needed.  For example, BNLS can tell your client the current version code for a product, and it can run the version check on the latest game binaries.

Additionally, nobody else has come up with an implementation for the Warcraft III logon system, so you'll either have to come up with that on your own or use BNLS.

Obviously, it's your choice whether or not to use BNLS, but I think it makes things a whole lot easier.
October 17, 2002, 3:03 PM
WiLD
It has been said but some programmers that logging on with WAR3 using BNLS sends your cdkey away and it is not known if bnls logs your key or not. untill i am sure it doesnt log your key i will keep away from bnls using war3 personally.

also if using war3 with bnls would the client just be set to 3raw or what? please reply.
June 12, 2003, 11:54 PM
Camel
let's assume for a moment that bnls logs your key (even though it doesn't)
what would they possibly want to do with it? imagine, for example, if they have 5,000 cd keys (just a guess). even *if* they wanted to do something malicious (which would be incredibly stupid and probably would get their accounts banned), what is the chanse that you would even be affected? well, if they had 5,000 keys, there would be a 1/5000, or .02%, chanse that your key would be randomly selected. even flooders rarely use more than 20 or so keys. let's say a flooder has four ips and loads 8 bots on each (32 bots in total). assume said flooder is a leet haxor, and hacks valhallalegends.com bnls server to steal 32 keys (which by the way could never happen because bnls doesnt log cd keys). 32/5000 comes out to 0.64% of they keys being stolen. fortunately, a prerequisite of being leet is having the brain power to figgure some things out on one's own, and therefore most people who would be able to do such a thing (if it were possible, which it isn't) are mature enough to realise that flooding is lame. while not corroborated, i'd be willing to bet that any (public) flood bot you can find was written in vb with ripped off code (and probably is backdoored, at that).

besides, one could very easily get around this. cd key decoding (for sc and wc/d2 style keys at least) is public. one could decode one's key, and use the bnls broken sha-1 hashing function. that way, bnls wouldn't know that your cd key is a cd key. in fact, chanses are that even if somebody intercepted the packet, they wouldnt know what the hell you were sending because it would look like garbage.

i myself even plan on eventually adding bnls as a _feature_ in my bot. i've never used it and would probably never use it for password or cd key hashing (unless i decide to add war3 support and get lazy). i would use it more for the version checking stuff.
June 13, 2003, 12:28 PM
UserLoser
Actually, not to long ago 'c0ke' told me himself that he has completed a Warcraft III login doing all the hashing himself, he did say that it will get you 'IP-banned' about 20% of the time for the hashing being invalid. I doubt this is actually true because I've never seen him on a Warcraft III client at all before, and also with all of his scamming and everything else him and his clan does...
June 13, 2003, 4:23 PM
Kp
[quote author=UserLoser link=board=17;threadid=769;start=0#msg12270 date=1055521423]
Actually, not to long ago 'c0ke' told me himself that he has completed a Warcraft III login doing all the hashing himself, he did say that it will get you 'IP-banned' about 20% of the time for the hashing being invalid. I doubt this is actually true because I've never seen him on a Warcraft III client at all before, and also with all of his scamming and everything else him and his clan does...
[/quote]...then why're you telling us? :)
June 13, 2003, 7:10 PM
St0rm.iD
c0ke doesn't know shit.
June 13, 2003, 10:01 PM
SiMi
[quote author=Camel link=board=17;threadid=769;start=0#msg12258 date=1055507316]
let's assume for a moment that bnls logs your key (even though it doesn't)
what would they possibly want to do with it? imagine, for example, if they have 5,000 cd keys (just a guess). even *if* they wanted to do something malicious (which would be incredibly stupid and probably would get their accounts banned), what is the chanse that you would even be affected? well, if they had 5,000 keys, there would be a 1/5000, or .02%, chanse that your key would be randomly selected. even flooders rarely use more than 20 or so keys. let's say a flooder has four ips and loads 8 bots on each (32 bots in total). assume said flooder is a leet haxor, and hacks valhallalegends.com bnls server to steal 32 keys (which by the way could never happen because bnls doesnt log cd keys). 32/5000 comes out to 0.64% of they keys being stolen. fortunately, a prerequisite of being leet is having the brain power to figgure some things out on one's own, and therefore most people who would be able to do such a thing (if it were possible, which it isn't) are mature enough to realise that flooding is lame. while not corroborated, i'd be willing to bet that any (public) flood bot you can find was written in vb with ripped off code (and probably is backdoored, at that).
[/quote]
Would a leet haxor really need keys? I mean if he is so leet he probably has his own ways.
June 14, 2003, 9:48 PM
St0rm.iD
vL has been hacked before :)

Of course, it would probably be easier ddos'ing a router upstream from the backbone and vL, and taking that over and logging all traffic on the bnls port.
June 15, 2003, 12:56 AM
Grok
[quote author=St0rm.iD link=board=17;threadid=769;start=0#msg12353 date=1055638614]
vL has been hacked before :)[/quote]

Yes, that's true! And someday it will be hacked again. As long as the server does all that it does it will be a target.

[quote author=St0rm.iD link=board=17;threadid=769;start=0#msg12353 date=1055638614]Of course, it would probably be easier ddos'ing a router upstream from the backbone and vL, and taking that over and logging all traffic on the bnls port.[/quote]

Nah, too much work. While I don't know how you plan to go from DDOS to "taking that over", the easiest thing would be to call the morons at Sprint and SE someone into giving you access. Come up with any good sounding excuse, "this is Akheem Bulivar at NATUDEC computer alert systems advisory technical group. we are tracing a class 3 trinitron worm through block aut-41c-xp8 and you need to immediately set up a RipSub transponder log to prevent it from spreading further." "uh, i dont know how to do that" "damnit son, didn't you hear me? this is a class 3 worm and its in your block we don't have time for your games! either start up the RipSub transponder 10.4E program now or give me access to 63.185.90.1 immediately before the window of opportunity is lost!!"

HTH,
Grok
June 15, 2003, 4:54 PM
St0rm.iD
Yes but I'd probably start laughing.

On older cisco routers, you can telnet in if they are experiencing a massive ping flood...and the passwd file algorithm has been cracked.
June 15, 2003, 11:31 PM
Super
Thats the old school way to do it and completely reminds me of the movie Hackers.
June 17, 2003, 4:04 AM
tA-Kane
That movie was so unreal, it was funny
June 18, 2003, 8:40 PM
Yoni
I liked the part where the guy wakes up and the FBI come storming into his house like he's wanted for multiple murders or something...
June 18, 2003, 9:40 PM
Zakath
Oh yes...greatest computer/hacking movie ever! :D

Seriously, the way they graphicly depict hacking is fantastic. :)

"Colonel who?"
June 19, 2003, 10:06 PM
St0rm.iD
C'mon guys, the most realistic hacking movie has to be "The Net."

I love how she's like "DON'T PRESS THE ESCAPE KEY YOU'LL ACTIVATE THE VIRUS"
June 20, 2003, 2:22 PM

Search