Valhalla Legends Archive

Naturally, I had to correct them:
http://www.skullsecurity.org/blog/2012/battle-net-authentication-misconceptions

It's been awhile, was fun to dig up my old code and remember how stuff worked.

As you all know, I did a bunch of work and sorted out how Starcraft handles Warden.

However, I'd like to update my wiki a bit, and talk about how other clients handle Warden. I'm totally out of touch with "the scene" these days, so I was hoping somebody could tell me:
- Which games do/don't use Warden?
- Do they all use the same encryption (RC4, I'm told)?
- Where do they get the key from? (Starcraft, for example, generates it from the first 4 digits of the CDKey -- are other clients similar? The function seemed generic and could handle any size inputs)
- What's the structure of Warden's 0x02 packet (request and response)? I realize somebody posted it in the other thread, but I figure that it's been cleaned up since then, and I'd like to get the newest possible info

Thanks! And keep in mind that anything you tell me will become public information. But really, why not share details without implementation? I've done a lot of work on Battle.net stuff that I've given away, and I hope others appreciate it enough to contribute as well.

I've posted information about how to decrypt, verify, prepare, and save modules for Warden. I'm sure others have done this already, but whatever, it was for my own education. You'll find complete info there about how to generate the keys and decrypt Warden packets, as well as how to read and respond to 0x00 and 0x01. Nothing there about how to respond to 0x02, though. I'm putting the project on hold for an indefinite amount of time, and wanted to share what I've done so far.

http://www.skullsecurity.org/wiki/index.php/Starcraft_Warden

I encourage people to help expand it, if possible, since I have no plans to for awhile. If you intend to edit the wiki (which is fine, if you can contribute useful information), I'd appreciate it if you asked me first (send me a PM here, I'll get back to you).

If you want more info/implementation, get in touch with me. I've written a module downloader/saver.

Me and a couple co-workers put together a site called zombiemeter.org (http://www.zombiemeter.org/index.php). Basically, the goal is to watch the news for zombie activities and report on them. It's actually been a lot of fun to write it, and should be just as much fun to read it.

It also has an RSS Feed if you're into that kind of thing.

Enjoy!

I need to create a wiki with some specific characteristics:
- User accounts required which can have varied access (basically, view or edit)
- Has to be modifyable, since some features are needed that I can easily write, but that wouldn't generally be included
- Fairly user friendly and intuitive, especially to edit, since the guy who'll be using this isn't really a computer guy. Doesn't require really difficult code.

If nothing else, I'm going to try out mediawiki, although I'm not sure what kind of user account access it allows. I figured I'd ask here first, just in case somebody else has experience with this.

I don't know who knows or cares, or even that this is the best place to post this in, but eh. Here are my current Storm.dll ordinals:
http://www.javaop.com/~ron/documents/Storm.txt

The vast majority of them were found by me, and have the actual names.

If you have any to add to the list, or any corrections, let me know. I update that file every once in awhile, so check back.

I was beat to it by a day! I was going to release mine tomorrow! ++

http://www.skullsecurity.org/wiki/index.php/Lockdown
http://www.javaop.com/~ron/code/lockdown

Pure C.

Not as pretty as Warz's code, but it's complete

lea esp, [esp+0]

Is that some trick that I'm not familiar with? It seems to me that it would do nothing, but I see it in code..

So while I was writing that tutorial posted here, I was playing around in Starcraft. I noticed a couple functions that had funny calling conventions. For example, I notice parameters being passed in eax, occasionally, and once (shown below), parameters are passed in esi and edi.

Is using esi and edi for parameters some known calling convention? Or Is that an optimization?

Here's the code I noticed:
.text:0041F060 ; vsnprintf_wrapper
.text:0041F060
.text:0041F060 arg_0           = dword ptr  8
.text:0041F060 arg_4           = byte ptr  0Ch
.text:0041F060
.text:0041F060                 push    ebp
.text:0041F061                 mov     ebp, esp
.text:0041F063                 mov     ecx, [ebp+arg_0]
.text:0041F066                 lea     eax, [ebp+arg_4]
.text:0041F069                 push    eax             ; va_list
.text:0041F06A                 push    ecx             ; char *
.text:0041F06B                 push    esi             ; size_t
.text:0041F06C                 push    edi             ; char *
.text:0041F06D                 call    __vsnprintf
.text:0041F072                 add     esp, 10h
.text:0041F075                 mov     byte ptr [edi+esi-1], 0
.text:0041F07A                 pop     ebp
.text:0041F07B                 retn
.text:0041F07B vsnprintf_wrapper endp


test

As much as I hate posting about this kind of thing, this has me stumped! 

I was asked to fix my sister's computer.  It would crash while booting.  So I figured the first thing I'd do is pull out the harddrive and put it in another computer.  So I did that, and it BSOD'd with a useless message.  Great, the harddrive is bad! 

So just to make sure, I put a Linux drive in her computer.  When it starts booting, the text is all... well, the letters are wrong.  Here's a couple pictures (the second one sucks):
http://www.javaop.com/~iago/weirddisplay1.jpg
http://www.javaop.com/~iago/weirddisplay2.jpg

It has all the right words, but the letters are wrong. 

Anybody know what could possibly cause that? 

If you're worried that you're safe from being spied on because you don't consort with terrorists, well, there's another way to get a red flag by your name: pay off your credit card.  Full story.

Quotethe amount they had sent in was much larger than their normal monthly payment. And if the increase hits a certain percentage higher than that normal payment, Homeland Security has to be notified. And the money doesn't move until the threat alert is lifted.

Walter called television stations, the American Civil Liberties Union and me. And he went on the Internet to see what he could learn. He learned about changes in something called the Bank Privacy Act.

"The more I'm on, the scarier it gets," he said. "It's scary how easily someone in Homeland Security can get permission to spy."

So for those of you who aren't worried about giving up your privacy for safety, keep in mind that it could be you who is targetted. 

I'm just wondering, what is the eventual outcome of a country having a huge dept?  Like the USA, for example, (apparently) has a debt of approximately $8,837,000,000,000 [source].  From what I understand, your budget causes something like a $250,000,000 debt each year, if I'm not mistaken.  So the USA is going way further into debt each year:
revenues: $2.119 trillion
expenditures: $2.466 trillion


Canada, on the other hand, is $600,700,000,000 in debt.  That's still a huge number.  However, we are slowly paying off the debt by spending less than we earn:
revenues: $159.6 billion
expenditures: $152.6 billion
source (apparently, according to that site, Canada is a "illicit producer of cannabis for the domestic drug market and export to US" -- but that's neither here nor there)


Anyway, my point is: why is Canada bothering to work itself out of debt?  The billions of dollars that it is over by could be put into important programs like healthcare and our military.  We get made fun of for having a small military, but at the same time we're working our way out of debt. 

My question is, why?  What effect does being in debt have on a country?  Who do you actually owe those 8 trillian dollars to?

Hope that makes sense..

Here is a packet log of my attempt to upgrade (I'll post the important packets at the end of this):
http://www.javaop.com/~iago/upgrade.txt

For some reason, Battle.net doesn't respond to SID_AUTH_ACCOUNTUPGRADEPROOF.  Any idea why?  Isn't it supposed to send SID_AUTH_ACCOUNTLOGONPROOF back? 

Here are the important packets:

I send SID_AUTH_ACCOUNTLOGON:
ff 53 2f 00 3b 5c b4 8a c5 14 19 fc 5b d4   .H.S/.;\......[.
0050  1c 9b 3b ba 99 84 7f ba 2c 8f b1 f9 c3 b5 fe 20   ..;.....,......
0060  3f ed ea 85 a2 cf 72 6f 6e 69 73 63 6f 6f 6c 32   ?.....roniscool2
0070  00                                                .

Battle.net tells me to upgrade: [SID_AUTH_ACCOUNTLOGON]
ff 53 48 00 05 00 00 00 00 00 00 00 00 00   .w.SH...........
0050  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0060  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0070  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0080  00 00 00 00 00 00 00 00 00 00                     ..........

I send it a request to upgrade: [SID_AUTH_ACCOUNTUPGRADE]
ff 57 04 00                                 .K.W..

My request is accepted, and my the server token is provided: [SID_AUTH_ACCOUNTUPGRADE]
ff 57 0c 00 00 00 00 00 56 2c db d9         .O.W......V,..

I do the SHA1 as well as calculating s and v, then send them: [SID_AUTH_ACCOUNTUPGRADEPROOF]
ff 58 5c 00 9e be 7f 54 cc 8c 47 8e 74 87   .M.X\....T..G.t.
0050  b1 67 75 c9 7f cb 08 75 c4 54 84 5b 5d 98 55 d0   .gu....u.T.[].U.
0060  42 ab 45 6f 71 7f 3d 6a b6 28 d7 fa 9d 48 10 58   B.Eoq.=j.(...H.X
0070  50 c2 04 66 35 6b ce 36 db 2c a0 fc d8 50 35 65   P..f5k.6.,...P5e
0080  da 3c 4b d8 b4 1d 08 36 24 51 64 56 dc 5f 04 2a   .<K....6$QdV._.*
0090  3a 1e 6e 95 06 f2 4c bd 43 81 cc de 8e 3c         :.n...L.C....<

..... and get no response.  Any clue why?  My only thought was that they don't have it implemented, which seems silly..

I know it's been discussed before, but has anybody done any work on deriving the version byte from the game's files?  I've always meant to go back and figure out where it comes from, but I've never gotten around to it. 

I read a great article today:
http://www.livescience.com/othernews/060124_political_decisions.html

To summarize, when a strong partisan is shown a clip of his party leader speaking, the logical part of his brain goes unused; instead, the emotional part lights up, followed by activity in the "reward" part of the brain (the part linked with addictions).  Further, they see no contraction in what their chosen candidate says, but they see it in what the opposed candidate says.  They also see contradictions made by Tom Hanks.  People who are neutral to both parties tend to notice both contradictions. 

I'm glad somebody did a study like this, actually.  When I hear both American candidates or both main Canadian candidates talking, it bothers me about how dishonest they are, and how much they contradict themselves.  I hate politics, period. 

Does anybody have any details on how GetFileVersionInfo works?  I'd like to have an implementation in Java, it would save me some work in other areas, but I can't seem to find any details on how it's implemented. 

I don't care what language, as long as it's not making the Win32 call GetFileVersionInfo

It's less than a week until the Canadian federal election, so I'm curious what other Canadians/educated Americans (if any of you know about Canada) think. 

So far, of the three main parties, here's what I think:

NDP (New Democrat): They are pro-giving away money to homeless and anti-technology.  I'm not a fan of keeping homeless poor (by giving them free money), and I like technology.  I don't like what they've been doing in Manitoba since they took over. 

Liberal: They've been elected in the last 2 (probably more than 2) elections.  They have proven, time and time again, that they can't be trusted.  They steal, lie, and get caught at it.  Chretien and Martin were both losers. 

PC (Progressive Conservative): Honestly, I don't know anything about them.  But the other 2 parties suck, so I'm hoping they win. 

Reform/Alliance: Do they still exist?  I seem to remember that the Canadian Reform Alliance Party (CRAP) didn't last for very long..

I was wondering if it's ever possible for sockets to block writing.  When implement select(), waiting to send packets is really annoying, since I don't normally wait on writefds, I have to adds it to a queue, set a flag, wake up the select() call, and tell it to wait for writing.  Is this necessary for sockets? Or is that only designed for other select() uses?

Thanks

I don't pretend to understand economics, but:

http://www.dissidentvoice.org/Apr05/Whitney0411.htm