• Welcome to Valhalla Legends Archive.
 
Menu

Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Messages - Trunning

#31
Fd? That's leading me to believe a DWORD then a WORD, but I need 2 DWORDS...
#32
Well a DWORD is 4 bytes, and there is 6 bytes of cd, so I'm unsure.
#33
Something isn't being set properly, I guess that because of the cd's.
#34
Done, sending this though:

0000   17 00 0b 03 00 6c 6f 6c 08 23 e7 4b d4 1a 6a a3  .....lol.#.K..j.
0010   cd cd cd cd cd cd fd                             .......
#35
Well I get runtime errors if I don't.

#36
I didn't bother thinking of that level, and you missed out on the +1 for pass_len...

Anyway your code is sending...
0000   17 00 0b 04 00 6c 6f 6c 00 50 1e e7 4b 5f 5d 2c  .....lol.P..K_],
0010   70 cd cd cd cd cd cd                             p......


#37
int main_gap = &packet.Data - &packet.Size;
error C2040: '-' : 'void **' differs in levels of indirection from 'DWORD *'


I think you're trying to take away the length of Data from Size, which doesn't make sense.
#38
I meant &packet + 8!

Well I know a DWORD is 4 bytes, so I'm copying over the 1st 2 DWORDS then I'm putting my password in the buffer, but 8 bytes along, after the 2 DWORDS, then I'm putting the last 2 DWORDS after that.

Oh shit, I just realized the buffer size isn't including the 4 bytes for the password, gimme a sec now...

CMSG_BNLS_HASHDATA packet;
packet.Size = 4;
packet.Flags = 0x02;
packet.Data = (void*)malloc(4);
strcpy_s((char*)packet.Data, 4, "lol");
packet.ClientKey = g_Cookie;
packet.ServerKey = g_ServerToken;

char *buffer = (char*)malloc(20); // 4 dwords and my password

memcpy(buffer, &packet, 8);
strcpy_s(buffer + 8, 4, "lol");
memcpy(buffer + 12, &packet + 9, 8);
#39
Ok I seriously don't see why this isn't being constructed properly. Nor do I know where this uninitialized memory is coming from.

CMSG_BNLS_HASHDATA packet;
packet.Size = 4;
packet.Flags = 0x02;
packet.Data = (void*)malloc(4);
strcpy_s((char*)packet.Data, 4, "lol");
packet.ClientKey = g_Cookie;
packet.ServerKey = g_ServerToken;

int size = sizeof(DWORD) * 4;
char *buffer = (char*)malloc(size);

memcpy(buffer, &packet, 8);
strcpy_s(buffer + 8, 4, "lol");
memcpy(buffer + 12, &packet + 8, 8);


0000   17 00 0b 04 00 00 00 02 00 00 00 6c 6f 6c 00 cc  ...........lol..
0010   cc cc cc cc cc cc cc                             .......


#40
In my head this makes sense to me, but I'm not sending what I expect.

CMSG_BNLS_HASHDATA packet;
packet.Size = 4;
packet.Flags = 0x02;
packet.Data = (void*)malloc(4);
strcpy_s((char*)packet.Data, 4, "lol");
packet.ClientKey = g_Cookie;
packet.ServerKey = g_ServerToken;

char *buffer = (char*)malloc(sizeof(packet));
memcpy(buffer, &packet, sizeof(DWORD) * 2);
memcpy(buffer + sizeof(DWORD) * 2, packet.Data, 4);
memcpy(buffer + sizeof(DWORD) * 2 + 4, &packet + sizeof(DWORD) * 2, sizeof(DWORD) * 2);


0000   17 00 0b 04 00 00 00 02 00 00 00 6c 6f 6c 00 cc  ...........lol..
0010   cc cc cc cc cc cc cc                             .......
#41
And I seen the 2 sends in the bncs_send(), but why aren't all packets separated then?

Oh and I'm adding the ClientKey and ServerKey now, since I know I have to use double hash.

And ClientKey is a tracking value? And ServerKey = Server Token?
struct CMSG_BNLS_HASHDATA {
DWORD Size;
DWORD Flags;
void *Data;
};
#42
Cc's gone, I guess I could make the DWORD Flags a byte, but I can't see how that'll fix this.

0000   0f 00 0b 04 00 00 00 01 00 00 00 6c 6f 6c 00     ...........lol.
#43
I really can't see what I'm doing wrong there, unless I'm using the wrong flag. Or you mean the cc's? Ok well simple fix there.

CMSG_BNLS_HASHDATA packet;
packet.Size = 4; // Size of the data to be hashed?
packet.Flags = 0x01;

char *buffer = (char*)malloc(sizeof(packet) + 4);
memcpy(buffer, &packet, sizeof(packet));
strcpy_s(buffer + sizeof(packet), 4, "lol");
#44
Probably left some CDKey related stuff there.

0000   01                                               .

0000   00 04 ed 6f a5 60 00 26 18 7f 24 a2 08 00 45 00  ...o.`.&..$...E.
0010   00 62 c4 08 40 00 80 06 e1 1f c0 a8 01 65 3f f1  [email protected]?.
0020   53 6f 10 bb 17 e0 09 0a 7b 7a 29 99 0d f0 50 18  So......{z)...P.
0030   ff ff 5b 55 00 00 ff 50 3a 00 00 00 00 00 36 38  ..[U...P:.....68
0040   58 49 56 44 32 44 0d 00 00 00 09 04 00 00 c0 a8  XIVD2D..........
0050   01 64 a8 fd ff ff 09 04 00 00 09 04 00 00 55 53  .d............US
0060   41 00 55 6e 69 74 65 64 20 53 74 61 74 65 73 00  A.United States.


0000   ff 25 08 00 e4 b8 00 50                          .%.....P

0000   ff 25 08 00                                      .%..

0000   ff 50 68 00 00 00 00 00 ed 51 b0 3f 51 13 78 00  .Ph......Q.?Q.x.
0010   00 8b 51 03 70 5f c7 01 76 65 72 2d 49 58 38 36  ..Q.p_..ver-IX86
0020   2d 30 2e 6d 70 71 00 43 3d 34 31 31 38 38 36 39  -0.mpq.C=4118869
0030   33 32 35 20 42 3d 33 34 30 39 37 33 35 30 36 38  325 B=3409735068
0040   20 41 3d 33 30 35 37 30 30 38 30 32 36 20 34 20   A=3057008026 4
0050   41 3d 41 2d 53 20 42 3d 42 5e 43 20 43 3d 43 2b  A=A-S B=B^C C=C+
0060   41 20 41 3d 41 2d 42 00                          A A=A-B.

0000   e4 b8 00 50                                      ...P

0000   67 00 1a 04 00 00 00 00 00 00 00 21 f6 e6 4b 00  g..........!..K.
0010   8b 51 03 70 5f c7 01 76 65 72 2d 49 58 38 36 2d  .Q.p_..ver-IX86-
0020   30 2e 6d 70 71 00 43 3d 34 31 31 38 38 36 39 33  0.mpq.C=41188693
0030   32 35 20 42 3d 33 34 30 39 37 33 35 30 36 38 20  25 B=3409735068
0040   41 3d 33 30 35 37 30 30 38 30 32 36 20 34 20 41  A=3057008026 4 A
0050   3d 41 2d 53 20 42 3d 42 5e 43 20 43 3d 43 2b 41  =A-S B=B^C C=C+A
0060   20 41 3d 41 2d 42 00                              A=A-B.

0000   38 00 1a 01 00 00 00 00 0d 00 01 4a 04 6c 1f 67  8..........J.l.g
0010   61 6d 65 2e 65 78 65 20 30 32 2f 30 38 2f 31 30  ame.exe 02/08/10
0020   20 32 33 3a 31 31 3a 30 30 20 35 37 33 34 34 00   23:11:00 57344.
0030   21 f6 e6 4b 0d 00 00 00                          !..K....

Won't include CDKey being sent, and the hash received, but there both here.

0000   ff 51 61 00                                      .Qa.

Packet containing CDKey hash.

0000   ff 51 09 00 00 00 00 00 00                       .Q.......

0000   13 00 0b 04 00 00 00 01 00 00 00 cc cc cc cc 6c  ...............l
0010   6f 6c 00                                         ol.

I believe cc's here because there is no additional information for the result, since it's success.

0000   17 00 0b 21 54 57 aa 61 e4 be 7b 99 38 12 cc e6  ...!TW.a..{.8...
0010   66 f8 64 59 f9 85 bd                             f.dY...

0000   ff 3a 2d 00                                      .:-.

Don't know why the BNCS_HEADER is seperated

0000   94 6d d5 68 ed 51 b0 3f 21 54 57 aa 61 e4 be 7b  .m.h.Q.?!TW.a..{
0010   99 38 12 cc e6 66 f8 64 59 f9 85 bd 63 6c 69 65  .8...f.dY...clie
0020   6e 74 6c 65 73 73 79 61 00                       ntlessya.

0000   ff 3a 08 00 02 00 00 00                          .:......
#45
I'm using the exact same function to send the last packet, but it's being split for god knows why.