D2 Logon

[Jaquio]

Alright, well I am wondering..

What exactly is the correct logon sequence? I know it is posted on BNetDocs, but it doesn't say which BNLS packets to send with it. So could someone tell me that exact packets to send including BNLS packets?

[Spilled]

I know it is posted on BNetDocs

Everything You need is there, what else do you need? Are you trying to log on your character or as open character?

[Jaquio]

Closed BNet character.

Everything isn't there, it tells just the bncs packet sequence. It doesn't have the BNLS with it.

[Hdx]

Well dua, anyone with 1/2 an IQ could figure out that 'Hay I need to get the Double hash of this string.. What BNLS Packet Hashes Strings... OMG BNLS_HASHDATA!!!!'
Basic things lik that...
You should actually TRY before youask for help.
~-~(HDX)~-~

[MyndFyre]

I know it is posted on BNetDocs

Here's the BNLS protocol specification:
http://www.valhallalegends.com/yoni/bnlsprotocolspec.txt

I've typed it so many times I know it by memory.

[Jaquio]

Heh.. OKay I have gotten it up to hashing the CDKeys. On 0x0C where

"(STRING[])    CD-keys. No dashes or spaces."

Do I just insert two strings into the packet(one for each CDKey) or insert an actually array there? And if so, how would I do that...

[Spilled]

Heh.. OKay I have gotten it up to hashing the CDKeys. On 0x0C where

"(STRING[])    CD-keys. No dashes or spaces."

Do I just insert two strings into the packet(one for each CDKey) or insert an actually array there? And if so, how would I do that...

Well, What does BnetDocs say?

(DWORD) Cookie. This value has no special meaning to the server and will simply be echoed to the client in the response.
(BYTE) Amount of CD-keys to encrypt. Must be between 1 and 32.
(DWORD) Flags.*
(DWORD or DWORDs) Server session key(s), depending on the flags.
(Optional DWORD or DWORDs) Client session key(s), depending on the flags.
(String or strings) CD-keys. No dashes or spaces. The client can use multiple types of CD-keys in the same packet.

hrmm, looks like "(string or Strings)" would mean if there are 2 keys, then there would be 2 strings.
so wouldn't that mean:

InsertNTString cdkey1
InsertNTString cdkey2

.... I believe so

[Jaquio]

Code Select Expand


1  192.168.1.105:2513  63.161.183.205:9367  7  Send 
0000  07 00 10 05 00 00 00                               .......

2  63.161.183.205:9367  192.168.1.105:2513  11  Recv 
0000  0B 00 10 05 00 00 00 0B 00 00 00                   ...........

3  192.168.1.105:2514  63.240.202.139:6112  59  Send 
0000  01 FF 50 3A 00 00 00 00 00 36 38 58 49 50 58 32    ..P:.....68XIPX2
0010  44 0B 00 00 00 00 00 00 00 00 00 00 00 00 00 00    D...............
0020  00 00 00 00 00 00 00 00 00 55 53 41 00 55 6E 69    .........USA.Uni
0030  74 65 64 20 53 74 61 74 65 73 00                   ted States.

4  63.240.202.139:6112  192.168.1.105:2514  8  Recv 
0000  FF 25 08 00 94 D7 38 21                            .%....8!

5  63.240.202.139:6112  192.168.1.105:2514  104  Recv 
0000  FF 50 68 00 00 00 00 00 56 AD E9 10 EB 89 25 00    .Ph.....V.....%.
0010  00 4D 89 7E 99 CB C6 01 76 65 72 2D 49 58 38 36    .M.~....ver-IX86
0020  2D 36 2E 6D 70 71 00 42 3D 32 37 36 32 36 32 37    -6.mpq.B=2762627
0030  39 33 37 20 41 3D 31 35 34 37 34 37 34 38 30 31    937 A=1547474801
0040  20 43 3D 33 37 37 34 34 32 36 35 36 32 20 34 20     C=3774426562 4
0050  41 3D 41 2B 53 20 42 3D 42 5E 43 20 43 3D 43 5E    A=A+S B=B^C C=C^
0060  41 20 41 3D 41 2B 42 00                            A A=A+B.

6  192.168.1.105:2513  63.161.183.205:9367  114  Send 
0000  72 00 1A 05 00 00 00 00 00 00 00 20 6B 43 03 32    r.......... kC.2
0010  39 38 30 35 34 36 35 20 32 31 32 32 39 32 37 33    9805465 21229273
0020  36 30 76 65 72 2D 49 58 38 36 2D 36 2E 6D 70 71    60ver-IX86-6.mpq
0030  00 42 3D 32 37 36 32 36 32 37 39 33 37 20 41 3D    .B=2762627937 A=
0040  31 35 34 37 34 37 34 38 30 31 20 43 3D 33 37 37    1547474801 C=377
0050  34 34 32 36 35 36 32 20 34 20 41 3D 41 2B 53 20    4426562 4 A=A+S
0060  42 3D 42 5E 43 20 43 3D 43 5E 41 20 41 3D 41 2B    B=B^C C=C^A A=A+
0070  42 00                                              B.

7  63.161.183.205:9367  192.168.1.105:2513  58  Recv 
0000  3A 00 1A 01 00 00 00 00 0B 00 01 A2 F0 9E 0F 47    :..............G
0010  61 6D 65 2E 65 78 65 20 30 38 2F 31 37 2F 30 35    ame.exe 08/17/05
0020  20 30 31 3A 31 32 3A 33 37 20 32 31 32 39 39 32     01:12:37 212992
0030  30 00 20 6B 43 03 0B 00 00 00                      0. kC.....

'0x0C removed

10  192.168.1.105:2514  63.240.202.139:6112  118  Send 
0000  FF 25 08 00 94 D7 38 21 FF 51 6E 00 20 6B 43 03    .%....8!.Qn. kC.
0010  00 0B 00 01 A2 F0 9E 0F 02 00 00 00 00 00 00 00    ................
0020  10 00 00 00 10 00 00 00 0A 00 00 00 B7 C5 7A 00    ..............z.
0030  00 00 00 00 4F 0B D3 19 76 92 8C 36 B1 99 17 AC    ....O...v..6....
0040  17 AC 0E 19 45 13 F0 C9 10 00 00 00 47 61 6D 65    ....E.......Game
0050  2E 65 78 65 20 30 38 2F 31 37 2F 30 35 20 30 31    .exe 08/17/05 01
0060  3A 31 32 3A 33 37 20 32 31 32 39 39 32 30 00 4A    :12:37 2129920.J
0070  61 71 75 69 6F 00                                  aquio.

11  63.240.202.139:6112  192.168.1.105:2514  9  Recv 
0000  FF 51 09 00 03 02 00 00 00                         .Q.......


Anyidea what is wrong there?

[brew]

You should have said d2 realm logon. There is an entire different set of packets for that. And no, you can still use BNCSUtil's method of getting a checksum by making a message digest of the three "hash" files. So you don't need BNLS at all. If you're are thinking of 0x09, 0x18, or the 0x1A, that's a different story.

[MyndFyre]

Anyidea what is wrong there?

Yes.  Error code 0x203: wrong product.

Code Select Expand


10  192.168.1.105:2514  63.240.202.139:6112  118  Send  
0000  FF 25 08 00 94 D7 38 21 FF 51 6E 00 20 6B 43 03    .%....8!.Qn. kC.
0010  00 0B 00 01 A2 F0 9E 0F 02 00 00 00 00 00 00 00    ................
0020  10 00 00 00 10 00 00 00 0A 00 00 00 B7 C5 7A 00    ..............z.
0030  00 00 00 00 4F 0B D3 19 76 92 8C 36 B1 99 17 AC    ....O...v..6....
0040  17 AC 0E 19 45 13 F0 C9 10 00 00 00 47 61 6D 65    ....E.......Game
0050  2E 65 78 65 20 30 38 2F 31 37 2F 30 35 20 30 31    .exe 08/17/05 01
0060  3A 31 32 3A 33 37 20 32 31 32 39 39 32 30 00 4A    :12:37 2129920.J
0070  61 71 75 69 6F 00                                  aquio.

Breaking down 0x51 into components:
0x03436b20 - client token.  
0x01000b00 - EXE version.
0x0f9ef0a2 - EXE hash.  
0x00000002 - keys in this packet.  
0x00000000 - using spawn.  

[Key 1]
0x00000010 - key length.  
0x00000010 - key product.  
0x0000000a - key public.  
0x007ac5b7 - unknown (should be 0).  
00 00 00 00 - 4F 0B D3 19 - 76 92 8C 36 - B1 99 17 AC - 17 AC 0E 19 - key hash.  

[Key 2]
0xc9f01345 - key length key 2.  
0x00000010 - key product key 2.
[Omitted] Key public, unknown, key hash (7 DWORDs).

[0x4c-0x6e] EXE information
[0x6f-0x75] CD key owner

Looks like you're missing quite a bit of data.

[Jaquio]

What should Key Product and Key public be set as? And where do they come from?

[brew]

....You're using BNCSUtil.dll, right?
Try using kd_quick(). -_-

Code Select Expand

Public Declare Function kd_quick Lib "bncsutil.dll" _
(ByVal CDKey As String, ByVal ClientToken As Long, _
ByVal ServerToken As Long, PublicValue As Long, Product As Long, _
ByVal HashBuffer As String, ByVal BufferLen As Long) As Long


[MyndFyre]

....You're using BNCSUtil.dll, right?
Try using kd_quick(). -_-

I think it's pretty obvious that he's been using BNLS up to this point....

Investigate BNLS_CDKEY and BNLS_CDKEY_EX.

[brew]

I thought he was only using BNLS for the checksum. Bah... Anyways you should use the BNLS 0x01, I forget, but I think it goes like
The 3-byte header
The cookie (any value DWORD)
And the CDKey as an NT string.

[MyndFyre]

I thought he was only using BNLS for the checksum.

So you missed his first post?

So could someone tell me that exact packets to send including BNLS packets?