I'm making a C++ bot using BNLS... I want it to, among other things, be able to try passwords. I have noticed that in the real BNET you can try as many accounts as you wish, as long as you only try each account once. My bot at the moment is able to send the packets till SID_LOGONRESPONSE2 (not included), and then try a password with an account, using BNLS to get the hash data. The problem comes when I repeat the Try Account process several times. After like 15 times, sometimes more sometimes less, BNET stops receiving SID_LOGONRESPONSE2. The recv() doesn't return error like when you are ip banned, but it just blocks. Trying to debug the problem, I have discovered some things:

-If you close the program, and run it again, it doesn't receive any SID_LOGONRESPONSE2. (Again blocking).
-Using the real D2 LOD client, it DOES receive it.
-Restarting the computer, my program DOES receive it again (till it tries around 15 accounts, then it starts blocking again).

That makes me think that the problem may be in my code.
Because it blocked and I had to close my program using the close button in the title bar, I thought that it may be that I wasn't closing the sockets, so I started using select() to check if recv() was gonna block, and if it was going to, I closed them and called WSACleanUp(). That didn't work, when select() detected that recv was gonna block, and closed the sockets, when I restarted the program it didn't receive SID_LOGONRESPONSE2 either.

Any idea what could be wrong?
Thx in advance everyone...

PS: I'll post the main function of my bot, if anyone wants me to post any other piece of code just tell me.

Main function
[code]
int main()
{
system("pause");
InitAll();
ReadConfig();
//Acc.Open(cfgAccDataFile);
Test1();
OpenBNLSConnection();
OpenBNETConnection();
BNETDoProtoByteToAuthCheck();
int n;
int i = 0;
while(i < 30)
{
Sleep(1000);
n = TryAccount(GenRndAccName(), "passss");
if(n == -2)
{
EndAll();
goto lblPROG_END;
CloseBNLSConnection();
CloseBNETConnection();
WSACleanup();
system("pause");
extern WSADATA wsainfo;
if(WSAStartup(MAKEWORD(1, 1), &wsainfo) != 0)
error(11, "WSAStartup() Failed");
log("WSAStartup() called...");
OpenBNLSConnection();
OpenBNETConnection();
BNETDoProtoByteToAuthCheck();
}
cout << "THIS IS N: " << n << endl;
i++;
}
//n = TryAccount(cfgAccount, cfgPassword);
//cout << "THIS IS N: " << n << endl;
// BNETDoAccountLog(cfgAccount, cfgPassword);
EndAll();
/* REMOVED SOME ATM NOT USED FUNCTIONS HERE */
EndAll();
lblPROG_END:
return 0;
}
[/code]
[code][/code]

[quote author=z-stars link=topic=9459.msg87787#msg87787 date=1099852559]
The problem comes when I repeat the Try Account process several times. After like 15 times, sometimes more sometimes less, BNET stops receiving SID_LOGONRESPONSE2.[/quote]

That sounds about right, except for Battle.net just stops caring

[quote author=UserLoser link=topic=9459.msg87789#msg87789 date=1099853348]
[quote author=z-stars link=topic=9459.msg87787#msg87787 date=1099852559]
The problem comes when I repeat the Try Account process several times. After like 15 times, sometimes more sometimes less, BNET stops receiving SID_LOGONRESPONSE2.[/quote]

That sounds about right, except for Battle.net just stops caring
[/quote]

Yeah, but BNET stopping caring makes my bot completly useless : (

This is part of Battle.net's anti-password-bruteforcer protection.

[quote author=Skywing link=topic=9459.msg87817#msg87817 date=1099862605]
This is part of Battle.net's anti-password-bruteforcer protection.
[/quote]


It isn't. I'm trying with 12 letter completly random account names, so Battle.net's anti password bruteforcer doesn't take effect. Furthermore, when my program doesn't work, the real client does.  And when I restart my computer, my program works again too. (See my first post for more info).


EDIT: My program works again too after like 20 min, without restarting the computer. (Restarting the computer it works straight).

[quote author=z-stars link=topic=9459.msg87819#msg87819 date=1099862945]
[quote author=Skywing link=topic=9459.msg87817#msg87817 date=1099862605]
This is part of Battle.net's anti-password-bruteforcer protection.
[/quote]


It isn't. I'm trying with 12 letter completly random account names, so Battle.net's anti password bruteforcer doesn't take effect. Furthermore, when my program doesn't work, the real client does.  And when I restart my computer, my program works again too. (See my first post for more info).
[/quote]
Have you measured the time between your trying it with the real client and your program no longer getting responses?  It's possible that depending on how long until you decided to try with the official client, the logon temp-ban wore off (a client that tries to log on while temp-banned will IIRC always have to reconnect as it will never got a response).

My program does like 15 tries... then stops receiving SID_LOGONRESPONSE2... then I try restarting my program... it doesn't receive a single SID_LOGONRESPONSE2... then I start D2 client... I do a couple tries... work perfectly... I restart my program... still doesn't receive any SID_LOGONRESPONSE2... :(

[quote author=z-stars link=topic=9459.msg87819#msg87819 date=1099862945]
[quote author=Skywing link=topic=9459.msg87817#msg87817 date=1099862605]
This is part of Battle.net's anti-password-bruteforcer protection.
[/quote]


It isn't.
[/quote]

Are you so sure?  I'm not sure of Battle.net's methods for determining whether or not to lock you out of account logon, but I think failing to access accounts 15 times might trigger it.  Then by the time you pull out your client, BNET has cut back the ban.  Bnet's anti-password-bruteforcer does not terminate connections, it just "stops caring" when you try to logon.

[quote author=The-FooL link=topic=9459.msg87853#msg87853 date=1099872849]
[quote author=z-stars link=topic=9459.msg87819#msg87819 date=1099862945]
[quote author=Skywing link=topic=9459.msg87817#msg87817 date=1099862605]
This is part of Battle.net's anti-password-bruteforcer protection.
[/quote]


It isn't.
[/quote]

Are you so sure?  I'm not sure of Battle.net's methods for determining whether or not to lock you out of account logon, but I think failing to access accounts 15 times might trigger it.  Then by the time you pull out your client, BNET has cut back the ban.  Bnet's anti-password-bruteforcer does not terminate connections, it just "stops caring" when you try to logon.
[/quote]


I know, but as I said, when my program's SID_LOGONRESPONSE2 stops working, after seeing it works when I try with the real client, my program [u]still does not work[/u]. An example:

12:00 AM -> I start my program.
12:30 AM -> My program starts receiving SID_LOGONRESPONSE2. It has done 16 tries.
12:31 AM -> I close my program. I restart it. It doesn't receive a single SID_LOGONRESPONSE2.
12:32 AM -> I open D2 real client. It works perfectly, and I try 5 accounts.
12:34 AM -> I restart my program again. Still doesn't receive a single SID_LOGONRESPONSE2.


[HYPOTHETICAL WAY NUMBER 1]
12:35 AM -> I restart my computer. I restart my program. It works again.

[HYPOTHETICAL WAY NUMBER 2]
12:35 AM -> I do nothing. I wait for around 20 minutes.
12:55 AM -> My program sends SID_LOGONRESPONSE2 again.


__________________________________________________

I hope that clarifies it a bit...

HAHA I THINK I GOT IT  ;D

Apparently, each realm has several ip's. My program was obtaining the ip using gethostbyname using x.battle.net (being x the realm name) and that returned always the same ip. Normally that wouldn't care, but apparently, the anti password brute forcing protection of battle.net DOES ban you for some time (except that it only bans you in a certain ip, so for the real client, that uses many ip's, doesn't have effect).


Ok so now I need to somehow get all the ip's (or at least a random ip) of the chosen realm... does anyone know how does D2 client get a random (assuming it is random) ip to connect to?

The anti-bruteforce protection bans you on all servers on the gateway...

[quote author=Skywing link=topic=9459.msg87932#msg87932 date=1099937932]
The anti-bruteforce protection bans you on all servers on the gateway...
[/quote]

It seems to ban you from all servers on the gateway only for trying with the same account name. If you try with different account names, it only bans you from one of the ip's of the gateway.

Nobody knows how can I get all the servers of a gateway?

[quote author=z-stars link=topic=9459.msg87940#msg87940 date=1099944106]
Nobody knows how can I get all the servers of a gateway?
[/quote]
Perhaps look at the additional addresses returned by gethostbyname()?

[quote author=Skywing link=topic=9459.msg87942#msg87942 date=1099944260]
[quote author=z-stars link=topic=9459.msg87940#msg87940 date=1099944106]
Nobody knows how can I get all the servers of a gateway?
[/quote]
Perhaps look at the additional addresses returned by gethostbyname()?
[/quote]


cool that seems to work :)