General Programming | CD KEY GENERATOR

Author	Message	Time
vonLandenhausen	please do not remove... ::) hi, i found a quite intresting pdf file about how blizzard checks cd keys. [sub]5 To log on to the Battle.net service and access Battle.net mode, the game initiates a authentication sequence or "secret handshake" between the game and Battle.net server. First, the game and Battle.net server exchange random numbers (one provided by the game and one provided by the server). The game then takes the random numbers, as well as information from the CD Key, and calculates an encrypted alphanumeric sequence which is sent to the Battle.net server. The game performs this encryption to prevent individuals from stealing the game's CD Key when it is transmitted over the Internet to a Battle.net server. The Battle.net server receives the alphanumeric sequence sent by the game, along with other information sent by the game, and uses this data to determine whether the CD Key information sent by the game is valid. If the CD Key information is valid, the Battle.net server will determine whether the same CD Key is already being used by another game that is currently logged on to that Battle.net server gateway.2 If the CD Key is both valid and not currently being used by other players on the same Battle.net gateway, the Battle.net server sends a signal to the game that allows the game to enter the Battle.net mode and use the Battle.net gaming services. The Blizzard game waits for this signal before entering Battle.net mode. Battle.net uses an encryption algorithm for this process based on a common encryption algorithm.[/sub] you can find the whole text at: http://www.freedom-to-tinker.com/doc/2004/bnetd_30sep.pdf so, is it possible to make a 100% working SC working and if yes... how?	October 7, 2004, 11:04 AM
vonLandenhausen	by the way: its the court decision blizz vs bnetd :'(	October 7, 2004, 11:06 AM
iago	[quote]and uses this data to determine whether the CD Key information sent by the game is valid.[/quote] That's the important part, and it doesn't really say much. The rest, about generating the random seed values and such, is a pretty standard encryptoin method.	October 7, 2004, 12:23 PM
Kp	[quote author=vonLandenhausen link=topic=9041.msg83551#msg83551 date=1097147095]so, is it possible to make a 100% working SC working and if yes... how?[/quote] Yes, it is possible. All you need to do is restrict your output to the set of keys for which secret_value == SecretFromID(id), where id is the number sent in the clear and secret_value is the number which is not sent in the clear. The only difficulty is that nobody outside Blizzard has (and admits to having) the source or executable code for SecretFromID. Thus, it's a little bit hard to make since any given user has access to only a very small number of (id,secret) pairs, and you'd need to determine the relation (which could be linear, quadratic, exponential, or something else entirely), and the constants used therein, in order to implement it. So, it's possible to do in the same way that breaking a 1024-bit RSA encryption is possible: it can be done, but the effort expended to do it is horribly prohibitive, and you're not likely to gain much from it. :) [quote author=iago link=topic=9041.msg83560#msg83560 date=1097151822]The rest, about generating the random seed values and such, is a pretty standard encryptoin method.[/quote] Also, it's worth noting that it's not a particularly good idea to rely on court decisions for technical information. Among other things, that decision discusses "Starcraft: Brood of War". There were other parts (including misspelling of a case citation) that gave me the impression that this document was not well read before release.	October 7, 2004, 1:56 PM
JoeTheOdd	Or just make keys, attempt to use them with a CSB or something, and then see if they work.	October 15, 2004, 4:36 PM
crashtestdummy	It seems battle.net would have some form of protection for this. Like an IP ban if you use a certain number of bad keys. But I may be wrong.	October 15, 2004, 5:19 PM
UserLoser.	[quote author=muert0 link=topic=9041.msg84565#msg84565 date=1097860743] It seems battle.net would have some form of protection for this. Like an IP ban if you use a certain number of bad keys. But I may be wrong. [/quote] Using one bad CDkey results in an IPban of usually around 60 minutes long	October 15, 2004, 9:21 PM
Soul Taker	It'd make sense to only try cd-keys which are not totally invalid, though.	October 16, 2004, 12:12 AM
crashtestdummy	But what would you define as totally invalid there are so many combinations that could seem valid but are not.	October 16, 2004, 8:55 PM
iago	Well, ones that decode to sane products and decoded values would be a step in the right direction.	October 16, 2004, 11:55 PM

Author

Message

Time

vonLandenhausen

please do not remove... ::)

hi,
i found a quite intresting pdf file about how blizzard checks cd keys.

[sub]5
To log on to the Battle.net service and access Battle.net mode, the game initiates a
authentication sequence or "secret handshake" between the game and Battle.net server. First, the
game and Battle.net server exchange random numbers (one provided by the game and one provided
by the server). The game then takes the random numbers, as well as information from the CD Key,
and calculates an encrypted alphanumeric sequence which is sent to the Battle.net server. The game
performs this encryption to prevent individuals from stealing the game's CD Key when it is transmitted
over the Internet to a Battle.net server. The Battle.net server receives the alphanumeric sequence sent
by the game, along with other information sent by the game, and uses this data to determine whether
the CD Key information sent by the game is valid. If the CD Key information is valid, the Battle.net
server will determine whether the same CD Key is already being used by another game that is currently
logged on to that Battle.net server gateway.2 If the CD Key is both valid and not currently being used
by other players on the same Battle.net gateway, the Battle.net server sends a signal to the game that
allows the game to enter the Battle.net mode and use the Battle.net gaming services. The Blizzard
game waits for this signal before entering Battle.net mode. Battle.net uses an encryption algorithm
for this process based on a common encryption algorithm.[/sub]
you can find the whole text at: http://www.freedom-to-tinker.com/doc/2004/bnetd_30sep.pdf

so, is it possible to make a 100% working SC working and if yes... how?

October 7, 2004, 11:04 AM

vonLandenhausen

by the way: its the court decision blizz vs bnetd :'(

October 7, 2004, 11:06 AM

iago

[quote]and uses this data to determine whether the CD Key information sent by the game is valid.[/quote]

That's the important part, and it doesn't really say much.

The rest, about generating the random seed values and such, is a pretty standard encryptoin method.

October 7, 2004, 12:23 PM

[quote author=vonLandenhausen link=topic=9041.msg83551#msg83551 date=1097147095]so, is it possible to make a 100% working SC working and if yes... how?[/quote]

Yes, it is possible. All you need to do is restrict your output to the set of keys for which secret_value == SecretFromID(id), where id is the number sent in the clear and secret_value is the number which is not sent in the clear. The only difficulty is that nobody outside Blizzard has (and admits to having) the source or executable code for SecretFromID. Thus, it's a little bit hard to make since any given user has access to only a very small number of (id,secret) pairs, and you'd need to determine the relation (which could be linear, quadratic, exponential, or something else entirely), and the constants used therein, in order to implement it. So, it's possible to do in the same way that breaking a 1024-bit RSA encryption is possible: it can be done, but the effort expended to do it is horribly prohibitive, and you're not likely to gain much from it. :)

[quote author=iago link=topic=9041.msg83560#msg83560 date=1097151822]The rest, about generating the random seed values and such, is a pretty standard encryptoin method.[/quote]

Also, it's worth noting that it's not a particularly good idea to rely on court decisions for technical information. Among other things, that decision discusses "Starcraft: Brood of War". There were other parts (including misspelling of a case citation) that gave me the impression that this document was not well read before release.

October 7, 2004, 1:56 PM

JoeTheOdd

Or just make keys, attempt to use them with a CSB or something, and then see if they work.

October 15, 2004, 4:36 PM

crashtestdummy

It seems battle.net would have some form of protection for this. Like an IP ban if you use a certain number of bad keys. But I may be wrong.

October 15, 2004, 5:19 PM

UserLoser.

[quote author=muert0 link=topic=9041.msg84565#msg84565 date=1097860743]
It seems battle.net would have some form of protection for this. Like an IP ban if you use a certain number of bad keys. But I may be wrong.
[/quote]

Using one bad CDkey results in an IPban of usually around 60 minutes long

October 15, 2004, 9:21 PM

Soul Taker

It'd make sense to only try cd-keys which are not totally invalid, though.

October 16, 2004, 12:12 AM

crashtestdummy

But what would you define as totally invalid there are so many combinations that could seem valid but are not.

October 16, 2004, 8:55 PM

iago

Well, ones that decode to sane products and decoded values would be a step in the right direction.

October 16, 2004, 11:55 PM

Valhalla Legends Forums Archive | General Programming | CD KEY GENERATOR