Last night and this morning I spent a little time and figured out how Battle.net's server signatures work. It's a simple RSA decryption, r = sk % n, where n is a 128-byte constant, k is a 4-byte constant, and s is the 128-byte signature. See this document for more details:
http://www.javaop.com/~iago/ServerSig.html
Silly blizzard. Good job iago. :)
I.e. it's a RSA signature... Might be good to add that ;)
Yeah, I should. I updated the document:
- Now mentions RSA a couple times
- Now has a sample implementation
And incidentally, this won't help people create pirate servers (that'll work with the actual game client) unless somebody feels like brute-forcing Blizzard's private key :P
[22:33] iago: So if you had every atom in the Universe, and all the time in the Universe, you still couldn't brute force the key :)
You've wasted you time you nub!!!!!! <3
Incidentally, if you're wondering why they pad it with 0xBB, think about this. As a signed byte, 0xBB is -69. I think somebody as blizzard has a dirty mind :)
The character &HBB is also the >> symbol.
Quote from: Networks on March 19, 2005, 11:37 PM
[22:33] iago: So if you had every atom in the Universe, and all the time in the Universe, you still couldn't brute force the key :)
You've wasted you time you nub!!!!!! <3
Actually if you had an infinite amount of time, at some point a monkey on a type writer would crack it :P
0xBB isn't any standard character. Anything over 0x7F isn't standard. I still think they like the -69 :)
Lenny -- I didn't say infinite time I said all the time in the Universe. Something like 50 billion years.
Quote from: Lenny on March 20, 2005, 12:38 AM
Quote from: Networks on March 19, 2005, 11:37 PM
[22:33] iago: So if you had every atom in the Universe, and all the time in the Universe, you still couldn't brute force the key :)
You've wasted you time you nub!!!!!! <3
Actually if you had an infinite amount of time, at some point a monkey on a type writer would crack it :P
nah...the monkey would die, maybe several billion monkeys.
Quote from: Networks on March 20, 2005, 09:09 AM
nah...the monkey would die, maybe several billion monkeys.
You're thinking way too small. A billion is nothing when we're talking about 1024-bit encryption.
I guessed and got it right :D
lmao
Quote from: iago on March 20, 2005, 09:25 AM
Quote from: Networks on March 20, 2005, 09:09 AM
nah...the monkey would die, maybe several billion monkeys.
You're thinking way too small. A billion is nothing when we're talking about 1024-bit encryption.
Oh right we went over this 1 billion to the power of 1 billion? (that might be medium)
That's a little too big :P
It's on the order of 10**300 possible keys :P
There I cracked it:
--------------------------------
Oh wait, that was my mom's wedding goblet. Sorry I thought we were tallking about drinking cups.
~Tagban
[shameless plug]
BNCSutil (http://bncsutil.ionws.com) is now capable of verifying server signatures.
[/shameless plug]
Quote from: shadypalm88 on March 20, 2005, 07:54 PM
[shameless plug]
BNCSutil (http://bncsutil.ionws.com) is now capable of verifying server signatures.
[/shameless plug]
[shameless plug]
It was totally because of me:
(15:56:38) iagox86: I have a job for you! :)
(15:56:51) IonWSEric: oh?
(15:56:58) iagox86: You should add the code to authenticate the server's signature to BNCSUtil
(15:57:06) iagox86: the 128-byte signature it sends in 0x50
[/shameless plug]
I take full 100% credit. So there. :P