Author | Message | Time |
---|---|---|
vonLandenhausen | please do not remove... ::) hi, i found a quite intresting pdf file about how blizzard checks cd keys. [sub]5 To log on to the Battle.net service and access Battle.net mode, the game initiates a authentication sequence or "secret handshake" between the game and Battle.net server. First, the game and Battle.net server exchange random numbers (one provided by the game and one provided by the server). The game then takes the random numbers, as well as information from the CD Key, and calculates an encrypted alphanumeric sequence which is sent to the Battle.net server. The game performs this encryption to prevent individuals from stealing the game's CD Key when it is transmitted over the Internet to a Battle.net server. The Battle.net server receives the alphanumeric sequence sent by the game, along with other information sent by the game, and uses this data to determine whether the CD Key information sent by the game is valid. If the CD Key information is valid, the Battle.net server will determine whether the same CD Key is already being used by another game that is currently logged on to that Battle.net server gateway.2 If the CD Key is both valid and not currently being used by other players on the same Battle.net gateway, the Battle.net server sends a signal to the game that allows the game to enter the Battle.net mode and use the Battle.net gaming services. The Blizzard game waits for this signal before entering Battle.net mode. Battle.net uses an encryption algorithm for this process based on a common encryption algorithm.[/sub] you can find the whole text at: http://www.freedom-to-tinker.com/doc/2004/bnetd_30sep.pdf so, is it possible to make a 100% working SC working and if yes... how? | October 7, 2004, 11:04 AM |
vonLandenhausen | by the way: its the court decision blizz vs bnetd :'( | October 7, 2004, 11:06 AM |
iago | [quote]and uses this data to determine whether the CD Key information sent by the game is valid.[/quote] That's the important part, and it doesn't really say much. The rest, about generating the random seed values and such, is a pretty standard encryptoin method. | October 7, 2004, 12:23 PM |
Kp | [quote author=vonLandenhausen link=topic=9041.msg83551#msg83551 date=1097147095]so, is it possible to make a 100% working SC working and if yes... how?[/quote] Yes, it is possible. All you need to do is restrict your output to the set of keys for which secret_value == SecretFromID(id), where id is the number sent in the clear and secret_value is the number which is not sent in the clear. The only difficulty is that nobody outside Blizzard has (and admits to having) the source or executable code for SecretFromID. Thus, it's a little bit hard to make since any given user has access to only a very small number of (id,secret) pairs, and you'd need to determine the relation (which could be linear, quadratic, exponential, or something else entirely), and the constants used therein, in order to implement it. So, it's possible to do in the same way that breaking a 1024-bit RSA encryption is possible: it can be done, but the effort expended to do it is horribly prohibitive, and you're not likely to gain much from it. :) [quote author=iago link=topic=9041.msg83560#msg83560 date=1097151822]The rest, about generating the random seed values and such, is a pretty standard encryptoin method.[/quote] Also, it's worth noting that it's not a particularly good idea to rely on court decisions for technical information. Among other things, that decision discusses "Starcraft: Brood of War". There were other parts (including misspelling of a case citation) that gave me the impression that this document was not well read before release. | October 7, 2004, 1:56 PM |
JoeTheOdd | Or just make keys, attempt to use them with a CSB or something, and then see if they work. | October 15, 2004, 4:36 PM |
crashtestdummy | It seems battle.net would have some form of protection for this. Like an IP ban if you use a certain number of bad keys. But I may be wrong. | October 15, 2004, 5:19 PM |
UserLoser. | [quote author=muert0 link=topic=9041.msg84565#msg84565 date=1097860743] It seems battle.net would have some form of protection for this. Like an IP ban if you use a certain number of bad keys. But I may be wrong. [/quote] Using one bad CDkey results in an IPban of usually around 60 minutes long | October 15, 2004, 9:21 PM |
Soul Taker | It'd make sense to only try cd-keys which are not totally invalid, though. | October 16, 2004, 12:12 AM |
crashtestdummy | But what would you define as totally invalid there are so many combinations that could seem valid but are not. | October 16, 2004, 8:55 PM |
iago | Well, ones that decode to sane products and decoded values would be a step in the right direction. | October 16, 2004, 11:55 PM |