[quote author=iago link=board=17;threadid=8685;start=30#msg80755 date=1095542663]
[quote author=Laff link=board=17;threadid=8685;start=30#msg80738 date=1095529264]
i'm trying to port the java into c++ but i'm running into trouble with finding the equivalent way to do messagedigest.update. i'm looking into the classes right now. if anyone can help, i'd appreciate it.
[/quote]

It's standard SHA-1.
[/quote]

Look at this: It's an example of someone using code that has actually been released instead of using stolen code. It gets you help from the author, and a good reputation on the forum.

Adron, im not going to lie... i couldnt even if i wanted too my java and c++ skills are minimal i will continue using NLS.dll as im sure others will until a better alternitive is released to the public

Except that NLS.DLL isn't public

EDIT: isn't that why BNLS is there?

What I'm hearing is, "I'm too lazy to learn, so I'd rather cheat".

And good job, Adron :D

[quote author=NetNX link=board=17;threadid=8740;start=0#msg80845 date=1095607556]
Adron, im not going to lie... i couldnt even if i wanted too my java and c++ skills are minimal i will continue using NLS.dll as im sure others will until a better alternitive is released to the public
[/quote]

Very well. Don't expect much help from us.

Jeez you spammed the entire forums with your questions regarding NLS.dll I suggest we put them in a cute little bundle and send them straight to the trash can where it belongs.

yeh well i don't like using stolen code, which is why i'm attempting to adapt other public code. i've never heard of nls.dll, and don't want to use bnls, and would like to have standalone code over someone else's library anyway. if i get it to work, i'll gladly post it giving the REAL authors (not me) their due.

Not you. I commend you. The other fool using NLS.dll

oh i was directing that to adron for the original post. i also hate when people rather take the easy shortcut than actually learn something. go figure that if he ever releases his bot that he will give the original authors of that stolen library their props.

[quote author=NetNX link=board=17;threadid=8740;start=0#msg80845 date=1095607556]
Adron, im not going to lie... i couldnt even if i wanted too my java and c++ skills are minimal i will continue using NLS.dll as im sure others will until a better alternitive is released to the public
[/quote]

That's no excuse, when I had hardly any knowledge of C-style syntax'd languages (minus PHP) I was still able to port bnetauth.dll to Visual Basic in a couple of days. iago's Warcraft III Java code would probably be a bit more difficult, but I'm sure if you have any general programming syntax knowledge, and an internet browser that can access google, you'll be fine. I think the whole thing is you're just too lazy and would rather it be done for you.

Laff: The difference is that, if you're using my Java code, you're using code that I intentionally and knowingly released into public domain with the permission of all appropriate people (the people who originally wrote the C code and helped me reverse it gave me permission to port the C to Java). I think that's perfectly fine, it's why I work in OpenSource, because I like people being helped.

[quote author=iago link=board=17;threadid=8740;start=0#msg80990 date=1095641313]
Laff: The difference is that, if you're using my Java code, you're using code that I intentionally and knowingly released into public domain with the permission of all appropriate people (the people who originally wrote the C code and helped me reverse it gave me permission to port the C to Java). I think that's perfectly fine, it's why I work in OpenSource, because I like people being helped.
[/quote]

I love the open source SRP Java code, in fact I have learned a great deal from it. If you bother to learn, it makes a huge difference. iago hasn't been given enough credit for doing this and being so kind about it.

[quote author=Minus link=board=17;threadid=8740;start=0#msg81013 date=1095649035]
[quote author=iago link=board=17;threadid=8740;start=0#msg80990 date=1095641313]
Laff: The difference is that, if you're using my Java code, you're using code that I intentionally and knowingly released into public domain with the permission of all appropriate people (the people who originally wrote the C code and helped me reverse it gave me permission to port the C to Java). I think that's perfectly fine, it's why I work in OpenSource, because I like people being helped.
[/quote]

I love the open source SRP Java code, in fact I have learned a great deal from it. If you bother to learn, it makes a huge difference. iago hasn't been given enough credit for doing this and being so kind about it.
[/quote]

<3

Actually, if you read up on RSA and other Private Key Cryptography, you'll see a lot of similarities to SRP.

I looked at the source code briefly when it was first leaked. The biggest thing I learned is that I need to find out how to use BigInteger, and find out if there's an equivalent on the Mac side, or if not, figure out how to write my own.

I'm sure it's not hard... I just don't have the time for it at the moment.

[quote author=tA-Kane link=board=17;threadid=8740;start=0#msg81104 date=1095711004]
I looked at the source code briefly when it was first leaked. The biggest thing I learned is that I need to find out how to use BigInteger, and find out if there's an equivalent on the Mac side, or if not, figure out how to write my own.

I'm sure it's not hard... I just don't have the time for it at the moment.
[/quote]

There are several cross platform open source implementations you could use; specifically, MAPM and GMP

Or you could write your own. I started writing one a while back and just now got around to finishing it it off. My division algorithm is rather slow though.

It's probably comparable to Blizzard's, which I'm told is considerably slower than public versions.

[quote author=iago link=board=17;threadid=8740;start=15#msg81119 date=1095714632]
It's probably comparable to Blizzard's, which I'm told is considerably slower than public versions.
[/quote]
Actually, Blizzard's is far faster than any public (in source code form) CheckRevision implementation I know of. Faster as in tens or hundreds of times faster.

[quote author=Skywing link=board=17;threadid=8740;start=15#msg81168 date=1095719389]
[quote author=iago link=board=17;threadid=8740;start=15#msg81119 date=1095714632]
It's probably comparable to Blizzard's, which I'm told is considerably slower than public versions.
[/quote]
Actually, Blizzard's is far faster than any public (in source code form) CheckRevision implementation I know of. Faster as in tens or hundreds of times faster.
[/quote]

I think we're talking about their BigInteger class?

[quote author=K link=board=17;threadid=8740;start=15#msg81174 date=1095721081]
[quote author=Skywing link=board=17;threadid=8740;start=15#msg81168 date=1095719389]
[quote author=iago link=board=17;threadid=8740;start=15#msg81119 date=1095714632]
It's probably comparable to Blizzard's, which I'm told is considerably slower than public versions.
[/quote]
Actually, Blizzard's is far faster than any public (in source code form) CheckRevision implementation I know of. Faster as in tens or hundreds of times faster.
[/quote]

I think we're talking about their BigInteger class?
[/quote]
Whoops. Yes, in that case just about everything is faster than the version Blizzard uses.

[quote author=iago link=board=17;threadid=8740;start=0#msg81029 date=1095652440]
Actually, if you read up on RSA and other Private Key Cryptography, you'll see a lot of similarities to SRP.
[/quote]

I thought RSA & SRP were forms of public key encryption?

Wow, I have been gone awhile been very busy with school and stuff come back to see there is a new .dll? What does it do? i have read up some on the forums and gather:
1. something to do with warcraft 3.
2. was stolen.
3. some moron now uses it.
4. it is used in bnls?

Not sure so please inform me so i can be up to date with current events

[quote author=dxoigmn link=board=17;threadid=8740;start=15#msg81186 date=1095724049]
[quote author=iago link=board=17;threadid=8740;start=0#msg81029 date=1095652440]
Actually, if you read up on RSA and other Private Key Cryptography, you'll see a lot of similarities to SRP.
[/quote]

I thought RSA & SRP were forms of public key encryption?
[/quote]

Same thing. It's "Private/Public Key" encryption :-P

Michael, all right except for 4.

[quote author=iago link=board=17;threadid=8740;start=15#msg81234 date=1095736902]
Same thing. It's "Private/Public Key" encryption :-P
[/quote]

Lies!!!

How exactly is code leaked? I mean someone would have to hax your computer to get to it?

Or did someone you trust leak it...

HL2...

[quote author=bethra link=board=17;threadid=8740;start=15#msg81282 date=1095799617]
How exactly is code leaked? I mean someone would have to hax your computer to get to it?

Or did someone you trust leak it...
[/quote]

Reputedly, someone picked a bad password to protect their things.

[quote author=bethra link=board=17;threadid=8740;start=15#msg81282 date=1095799617]
How exactly is code leaked? I mean someone would have to hax your computer to get to it?

Or did someone you trust leak it...

HL2...
[/quote]

To switch your post around a bit which should answer your question.

How exactly are houses broken into.

It was on a friend's computer, who we won't bother naming right now. But he went on vacation with VNC running, and a lousy password on it. Many people knew his ip and the password, and any of them could have taken it. It ended up in the hands of somebody called "gosugaming" who eventually used it to blackmail me into unbanning him from vL's channel. Of course I didn't, so he released it, and now he has no blackmail material.

Anyway, most good people aren't using it, out of respect. There is a Java version I wrote and released, and if people can work with that, then that's all the better.

[quote author=iago link=board=17;threadid=8740;start=15#msg81289 date=1095801007]
It was on a friend's computer, who we won't bother naming right now. But he went on vacation with VNC running, and a lousy password on it. Many people knew his ip and the password, and any of them could have taken it. It ended up in the hands of somebody called "gosugaming" who eventually used it to blackmail me into unbanning him from vL's channel. Of course I didn't, so he released it, and now he has no blackmail material.

Anyway, most good people aren't using it, out of respect. There is a Java version I wrote and released, and if people can work with that, then that's all the better.
[/quote]

BOOOOOOO, omg. I'm going to change all my passwords now... they are stupid... but then again, I don't have anything of value except my CDKeys and pr0n ^_^


Yeah, I wouldn't use NLS if I had it. I've almost done the logon sequence!!!! yay. I started it awhile ago and got frustrated so I stopped, but I just started up again and I'm getting the hang of it now. Don't flame... I know... I'm noob...

Packet loggers help alot. I'm using WEPro b/c it was alot easier for me to use... I mean I installed it and could easily figure out how to use it. Ethereal is suppose to be better but I couldn't quit figure out all that settings stuff...

and also, what is the easier way, logging on with SHA-1 or WC3?

[quote]and also, what is the easier way, logging on with SHA-1 or WC3? [/quote]

I don't think SHA-1 is a game client. :P

[quote author=hismajesty[yL] link=board=17;threadid=8740;start=15#msg81301 date=1095805878]
[quote]and also, what is the easier way, logging on with SHA-1 or WC3? [/quote]

I don't think SHA-1 is a game client. :P
[/quote]

well it represents a group of clients... the way they logon... I think.

[quote author=bethra link=board=17;threadid=8740;start=15#msg81305 date=1095807627]
[quote author=hismajesty[yL] link=board=17;threadid=8740;start=15#msg81301 date=1095805878]
[quote]and also, what is the easier way, logging on with SHA-1 or WC3? [/quote]

I don't think SHA-1 is a game client. :P
[/quote]

well it represents a group of clients... the way they logon... I think.
[/quote]

But they (SHA-1 and WC3) are not mutually-exclusive.

do they use srp without any modification?

WEll, i would say choose the method that best suits your level of programing.

[quote author=-MichaeL- link=board=17;threadid=8740;start=15#msg81225 date=1095733865]
Wow, I have been gone awhile been very busy with school and stuff come back to see there is a new .dll? What does it do? i have read up some on the forums and gather:
1. something to do with warcraft 3.
2. was stolen.
3. some moron now uses it.
4. it is used in bnls?

Not sure so please inform me so i can be up to date with current events

[/quote]

Simply hashes Warcraft III for you, but it was stolen and out of respect for the people who spent so much time working on it you shouldn't use it. For example iago did alot of reversing, and although he thinks in ASM, I am sure it was boring as hell.

[quote author=$t0rm link=board=17;threadid=8740;start=30#msg81324 date=1095814363]
do they use srp without any modification?
[/quote]

No, they made a couple small changes (mistakes?) in their implementation. It's very close, though.

[quote author=Minus link=board=17;threadid=8740;start=30#msg81402 date=1095867597]
[quote author=-MichaeL- link=board=17;threadid=8740;start=15#msg81225 date=1095733865]
Wow, I have been gone awhile been very busy with school and stuff come back to see there is a new .dll? What does it do? i have read up some on the forums and gather:
1. something to do with warcraft 3.
2. was stolen.
3. some moron now uses it.
4. it is used in bnls?

Not sure so please inform me so i can be up to date with current events

[/quote]

Simply hashes Warcraft III for you, but it was stolen and out of respect for the people who spent so much time working on it you shouldn't use it. For example iago did alot of reversing, and although he thinks in ASM, I am sure it was boring as hell.
[/quote]

It wasn't boring, it was fun. I did the reversing, then didn't even bother putting the code into my bot for a couple months, because I didn't reallyc are about logging on with war3, I just wanted the fun of reversing it :)

so basicly nls.dll is everything you need to make a bot load war3? also isnt there some way you can umm get justice for them stealing your hard work. it would piss me off greatly if someone stole my work before it was even released. but if i released it public i guess i would have to put up with that becuase dont make it public if you don't want people useing your codes.

[quote author=-MichaeL- link=board=17;threadid=8740;start=30#msg81434 date=1095884219]
so basicly nls.dll is everything you need to make a bot load war3? also isnt there some way you can umm get justice for them stealing your hard work. it would piss me off greatly if someone stole my work before it was even released. but if i released it public i guess i would have to put up with that becuase dont make it public if you don't want people useing your codes.
[/quote]

Suggestions? Somebody got Bsd to DDoS his site for a couple hours, but that didn't change anything.

There's nothing we can do except not help people who can't use it. If somebody wants to use my Java version, I'll help them with it. If they're trying to convert the Java version to another language, I'll help them. But if they're using the stolen version, I'm not going to help them.

thats cool, iago i was woundering if you had any spare time to help me learn java :(

[quote author=-MichaeL- link=board=17;threadid=8740;start=30#msg81458 date=1095892351]
thats cool, iago i was woundering if you had any spare time to help me learn java :(
[/quote]

If you read my reply to your question in the Java forum, you should be well on your way to learning the language.

By stealing the dll, people have sunk to a new low. By using the dll, the people deserve to be shot.

[quote author=Kk)Blaze(kK link=board=17;threadid=8740;start=30#msg81494 date=1095901357]
By stealing the dll, people have sunk to a new low. By using the dll, the people deserve to be shot.
[/quote]

I wouldn't exactly say "new".

The authors expected to release the source to NLS.dll at some point or another. iago. has done so in a manner of speaking by providing it in Java form.

They were not planning on charging for its use, either.

Tell me, Blaze, do you have any pirated software on your computer whatsoever, that you did not pay to license?

ohhh I DO.

I don't!!

Well, not on Linux anyway.

Iago has some uh... "stuff" on his FTP ^_^

[quote author=$t0rm link=board=17;threadid=8740;start=30#msg81324 date=1095814363]
do they use srp without any modification?
[/quote]

They use an optimized SRP. It's not the out-of-the-box SRP implementation you'll find on the Stanford website. It's also not the latest version, although I believe WoW is.

[quote author=Maddox link=board=17;threadid=8740;start=45#msg81901 date=1096092866]
[quote author=$t0rm link=board=17;threadid=8740;start=30#msg81324 date=1095814363]
do they use srp without any modification?
[/quote]

They use an optimized SRP. It's not the out-of-the-box SRP implementation you'll find on the Stanford website. It's also not the latest version, although I believe WoW is.
[/quote]

I guess the jerk who stole the NLS stuff from sneakcharm blew our chance of ever seeing hash support for that >:(. Am I right?

[quote author=Maddox link=board=17;threadid=8740;start=45#msg81901 date=1096092866]
[quote author=$t0rm link=board=17;threadid=8740;start=30#msg81324 date=1095814363]
do they use srp without any modification?
[/quote]

They use an optimized SRP. It's not the out-of-the-box SRP implementation you'll find on the Stanford website. It's also not the latest version, although I believe WoW is.
[/quote]
Based on how slow their implementation is, I think you'd call it a de-optimized SRP...

In any case, none of their implementations are truly standard compliant due to bugs or nonstandard implementation decisions.

[quote author=Skywing link=board=17;threadid=8740;start=45#msg81982 date=1096135261]
[quote author=Maddox link=board=17;threadid=8740;start=45#msg81901 date=1096092866]
[quote author=$t0rm link=board=17;threadid=8740;start=30#msg81324 date=1095814363]
do they use srp without any modification?
[/quote]

They use an optimized SRP. It's not the out-of-the-box SRP implementation you'll find on the Stanford website. It's also not the latest version, although I believe WoW is.
[/quote]
Based on how slow their implementation is, I think you'd call it a de-optimized SRP...

In any case, none of their implementations are truly standard compliant due to bugs or nonstandard implementation decisions.
[/quote]

I wasn't refering to their implementation speed. If you look on the Stanford SRP site you'll see they call Blizzard's message order "optimized" because it cuts down on the number of packets needed.

[quote author=Maddox link=board=17;threadid=8740;start=45#msg82076 date=1096181339]
[quote author=Skywing link=board=17;threadid=8740;start=45#msg81982 date=1096135261]
[quote author=Maddox link=board=17;threadid=8740;start=45#msg81901 date=1096092866]
[quote author=$t0rm link=board=17;threadid=8740;start=30#msg81324 date=1095814363]
do they use srp without any modification?
[/quote]

They use an optimized SRP. It's not the out-of-the-box SRP implementation you'll find on the Stanford website. It's also not the latest version, although I believe WoW is.
[/quote]
Based on how slow their implementation is, I think you'd call it a de-optimized SRP...

In any case, none of their implementations are truly standard compliant due to bugs or nonstandard implementation decisions.
[/quote]

I wasn't refering to their implementation speed. If you look on the Stanford SRP site you'll see they call Blizzard's message order "optimized" because it cuts down on the number of packets needed.
[/quote]
They don't do this safely, though. For instance, when changing your password you tell the server what your new password is before the server proves that it knows your old password.

Speaking of safety, on your implementation do you verify the server's proof in the second packet they send back? I'm thinking of adding that to my code, just to make sure I'm not connecting to a fake server :)

I'm also thinking of checking the hash of the server's ip properly some time.

[quote author=iago link=board=17;threadid=8740;start=45#msg82151 date=1096223428]
Speaking of safety, on your implementation do you verify the server's proof in the second packet they send back? I'm thinking of adding that to my code, just to make sure I'm not connecting to a fake server :)

I'm also thinking of checking the hash of the server's ip properly some time.
[/quote]

Of course. That's what BNLS_CONFIRMLOGON is for -- to confirm that the server really knows the password.

[quote author=iago link=topic=8740.msg82151#msg82151 date=1096223428]
Speaking of safety, on your implementation do you verify the server's proof in the second packet they send back?  I'm thinking of adding that to my code, just to make sure I'm not connecting to a fake server :)

I'm also thinking of checking the hash of the server's ip properly some time.
[/quote]
Yes.

[quote author=Spht link=topic=8740.msg82158#msg82158 date=1096226380]
[quote author=iago link=board=17;threadid=8740;start=45#msg82151 date=1096223428]
Speaking of safety, on your implementation do you verify the server's proof in the second packet they send back?  I'm thinking of adding that to my code, just to make sure I'm not connecting to a fake server :)

I'm also thinking of checking the hash of the server's ip properly some time.
[/quote]

Of course.  That's what BNLS_CONFIRMLOGON is for -- to confirm that the server really knows the password.
[/quote]

Well, the thing is that I've never programming anything that uses bnls, or even read the documentation for it, so i didn't know that. 

Thanks, though, I was curious about that.  It's an easy change to make, but I'm working on other stuff

I am done porting the Java code to C++ and once I figure out one last thing it should be ready for me to use, without any objections from any authors. I suggest alot of other people do the same f***ing thing too to avoid this mess again. Because trust me, it's not that hard to port it to C++ since it was ported from C++ to Java to begin with. So far I've only done the CD key decode, but I hope if I get this working 100% I'll try and port the SRP over too. Therefore my work will be objection free from all people who want the message across that using stolen code is wrong.

Edit: Yes iago helped me a bit, because he is the best !!