New Auth System on battle.net?

ThePro · November 12, 2006, 03:26 PM

Hello there!
About a year ago I wrote my own Bot which was able to enter battle.net.
Since my reversing skills aren't very good, I used the BNCS-Util to generate the hashes for 0x51.

Since Blizzard released a new patch, I'm not able to connect to bnet anymore. I've corrected the version byte, put the new Starcraft.exe, battle.snp and storm.dll in the botfolder but I still get an error right behind 0x51 (SID_AUTH_CHECK).
When I used a packet sniffer I found out that Blizzard changed the names of the MPQ files.
Instead "IX86ver7.mpq" they are called now something like "lockdown-IX86-16.mpq".

The BNLS Server don't seem to be updated, so I can't use it. BNCS-Util isn't updated too yet.

Is there a way to calculate the right hashes anyway?

l2k-Shadow · November 12, 2006, 03:29 PM

The BNLS server is updated, however you must use the BNLS_CHECKVERSIONEX2 packet. However, if you would like to not use BNLS, you can login using PMAC. PMAC dlls have not been patched yet.

ThePro · November 12, 2006, 03:37 PM

you mean I have to fool battle.net that I'm using a mac?

LordNevar · November 12, 2006, 04:06 PM

He's a smart one this guy.

ThePro · November 12, 2006, 04:20 PM

The Idea with the PMAC is smart but I need the executable and the other files for mac, don't I?

Kp · November 12, 2006, 04:39 PM

Yes. Since it sounds like you have no objection to using BNLS, the simplest course would be for you to switch to using the new BNLS_VERSIONCHECKEX2 message that Shadow linked above. It allows you to pass the new style version check, and is more extensible in the event of future changes to CheckRevision.

ThePro · November 12, 2006, 04:43 PM

Hm yes, it seems it is the best way.
I have no code to connect to BNLS yet, that's why I wanted to use BNCS-Util.
It will be no problem to add this into my bot, but It's a bit more of work now.

I hope the BNLS Server will never shutdown, else I'd be fucked.

Kp · November 12, 2006, 05:28 PM

You and many, many others.

Jaquio · November 12, 2006, 07:59 PM

I get invalid version whenever I try using BNLS to connect. Any idea why? You still send the same things, but use BNLS_VERSIONCHECKEX2 instead?

Joe[x86] · November 12, 2006, 08:23 PM

Quote from: l2k-Shadow on November 12, 2006, 03:29 PM
The BNLS server is updated, however you must use the BNLS_CHECKVERSIONEX2 packet. However, if you would like to not use BNLS, you can login using PMAC. PMAC dlls have not been patched yet.

Of course the DLL's haven't changed! Dynamic link libraries don't exist in the Mac world.

l2k-Shadow · November 12, 2006, 08:24 PM

Quote from: Joex86] link=topic=16022.msg161158#msg161158 date=1163384611]
Quote from: l2k-Shadow on November 12, 2006, 03:29 PM
The BNLS server is updated, however you must use the BNLS_CHECKVERSIONEX2 packet. However, if you would like to not use BNLS, you can login using PMAC. PMAC dlls have not been patched yet.

Of course the DLL's haven't changed! Dynamic link libraries don't exist in the Mac world.

smartass shush

Skywing · November 12, 2006, 08:35 PM

Quote from: Jaquio on November 12, 2006, 07:59 PM
I get invalid version whenever I try using BNLS to connect. Any idea why? You still send the same things, but use BNLS_VERSIONCHECKEX2 instead?

You should use the new message as it moves the onus of figuring out the vercheck module differences onto BNLS instead of clients.

Note that in the current implementation, there are now two digits of significant identifying information in the vercheck module filenames, instead of just one as used previously. If you are using the old, deprecated messages and only checking one digit, this will often result in bad version check data.

MyndFyre · November 12, 2006, 10:57 PM

Quote from: Joex86] link=topic=16022.msg161158#msg161158 date=1163384611]
Quote from: l2k-Shadow on November 12, 2006, 03:29 PM
The BNLS server is updated, however you must use the BNLS_CHECKVERSIONEX2 packet. However, if you would like to not use BNLS, you can login using PMAC. PMAC dlls have not been patched yet.

Of course the DLL's haven't changed! Dynamic link libraries don't exist in the Mac world.

Depends which Mac world you're talking about. If OS X, which is *nix-based, then you're wrong - .so, shared object files, serve the same purpose as dynamically-linked libraries.

Jaquio · November 12, 2006, 11:43 PM

Quote from: Skywing on November 12, 2006, 08:35 PM
Quote from: Jaquio on November 12, 2006, 07:59 PM
I get invalid version whenever I try using BNLS to connect. Any idea why? You still send the same things, but use BNLS_VERSIONCHECKEX2 instead?
You should use the new message as it moves the onus of figuring out the vercheck module differences onto BNLS instead of clients.

Note that in the current implementation, there are now two digits of significant identifying information in the vercheck module filenames, instead of just one as used previously. If you are using the old, deprecated messages and only checking one digit, this will often result in bad version check data.

I have fixed the problem and made it use both digits instead... I don't know why it keeps saying invalid version.. Here it is from BNLS_VersionCheckEx2 to 0x51..

Code Select


[BNLS] Sent:2d 00 1a 02 00 00 00 00 00 00 00 e6 5e f5 4f 00  -...........^.O.
14 5a dc 72 fc c6 01 31 34 00 00 a3 bd 3a 98 95  .Z.r...14....:..
b6 e0 c0 53 aa 6f c7 57 3c 6f c2 00 00           ...S.o.W
[BNLS] Performing CheckRevision...
[BNLS] Received: 28 00 1a 01 00 00 00 01 00 0e 01 73 64 80 e3 5e  (..........sd..^
52 af 0b 3c 24 ae 11 9f a9 27 ff 3d 63 be bf 00  R..<$....'.=c...
e6 5e f5 4f cf 00 00 00                          .^.O....
Length: 40
[BNET] Sent:ff 51 59 00 e6 5e f5 4f 01 00 0e 01 73 64 80 e3  .QY..^.O....sd..
01 00 00 00 00 00 00 00 0d 00 00 00 01 00 00 00  ................
81 92 10 00 00 00 00 00 bc 91 56 83 c8 50 56 85  ..........V..PV.
b9 a2 11 11 34 2e ef 7f 27 9b 3a 13 5e 52 af 0b  ....4..'.:.^R..
3c 24 ae 11 9f a9 27 ff 3d 63 be bf 00 50 48 50  <$....'.=c...PHP
42 6f 74 20 76 31 2e 30 00                       Bot v1.0.
Length: 89
[BNET] Attempting to answer challenge..
[BNET] Received: ff 51 09 00 01 01 00 00 00                       .Q.......
Length: 9
[BNET] Invalid version.

l2k-Shadow · November 12, 2006, 11:58 PM

BNLS_VERSIONCHECKEX2 requires
(STRING) Version check archive filename.

Code Select


Battle.net->Client 0x50
                         ff 50 3e 00 00 00 00 00 20 48  ...K...P>..... H
0040   8c 78 f2 dd 28 00 00 90 82 c4 72 fc c6 01 6c 6f  .x..(.....r...lo
0050   63 6b 64 6f 77 6e 2d 49 58 38 36 2d 30 34 2e 6d  ckdown-IX86-04.m
0060   70 71 00 2f 20 52 8b b5 28 2f 7b 5b 21 4f 35 da  pq./ R..(/{[!O5.
0070   e0 0a 1f 00                                      ....

Client->BNLS 0x1A

                         3d 00 1a 02 00 00 00 00 00 00  ......=.........
0040   00 00 00 00 00 00 90 82 c4 72 fc c6 01 6c 6f 63  .........r...loc
0050   6b 64 6f 77 6e 2d 49 58 38 36 2d 30 34 2e 6d 70  kdown-IX86-04.mp
0060   71 00 2f 20 52 8b b5 28 2f 7b 5b 21 4f 35 da e0  q./ R..(/{[!O5..
0070   0a 1f 00                                         ...