SID_AUTH_CHECK Info:
Quote(DWORD) Client Token
(DWORD) EXE Version
(DWORD) EXE Hash
(DWORD) Number of keys in this packet
(BOOLEAN) Using Spawn (32-bit)
For Each Key:
(DWORD) Key Length
(DWORD) CD key's product value
(DWORD) CD key's public value
(DWORD) Unknown (0)
(DWORD[5]) Hashed Key Data
(STRING) Exe Information
(STRING) CD Key owner name
After studying the BNETDocs, I tried to code a 0x51 packet, and got stuck in the process. The Client Token was easy enough, only had to use GetTickCount() API for that one.
EXE Version: Does that follow a specific format? And how can this be obtained dynamically without hard-coding it?
How is a EXE Hash formatted, and how does one go about hashing an EXE? I'm assuming here that it's the Starcraft.exe that needs to be hashed...
(DWORD) Number of keys in this packet
Number of keys? As in number of cdkeys, or how many numbers inside the cdkey, or what?
For Spawn, can I just do:
.INSERTDWORD &H0 'Zero, boolean for false
Or does it have to be done another way?
Use BNCSUtil Hashing Library (http://bncsutil.ionws.com) to get those values... a vb example source on how to use it is also on the site.
Quote(DWORD) Number of keys in this packet
Number of keys? As in number of cdkeys, or how many numbers inside the cdkey, or what?
Yeah, number of cdkeys. 0x00000001 for STAR, SEXP, W2BN, D2DV, WAR3 and 0x00000002 for D2XP and W3XP.
Quote
For Spawn, can I just do:
.INSERTDWORD &H0 'Zero, boolean for false
Or does it have to be done another way?
that works :)
So, because I'll be only using one cdkey (it being Starcraft), I should just put down:
.InsertDWORD &H1 'only one cdkey, if two cdkeys, &H2
Right?
Right.
Since this is a very sensitive packet to battle.net (high risk of ipban), is there a server I can test the bot on so I won't have to worry about ipban?
[Edit: added to avoid double post]
Oh and-- how do I know I've gotten IPBanned? Does Battle.net send a packet informing me of ipban before disconnecting?
No, it just disconnects you and when you attempt to connect again you'll receive winsock error 10053.
' Check server signature.
If (UseNLS) Then
ServerSignature = P.GetFixedString(128)
If (Not nls_check_socket_signature(frmMain.WS.SocketHandle, ServerSignature)) Then
Disconnect
MsgBox "Server signature check failed.", vbExclamation, "Example Bot"
End If
End If
This section errored out-- says Sub/Function not defined. nls_check_socket_signature() was the one highlighted. I decided to do some checking around, and found out there was not only no sub/function for it which means it's in bncsutil.dll, but the declaration for it also was missing.
Do you by any perchance have the declaration for that particular sub?
This DL has all of the current declerations. (http://bncsutil.ionws.com/bncsutil-1.1.0-win32.zip)
BTW what packet buffer are you using?
EDIT: You know, you don't have to use that declare anyway...
I'm using Dark Minion's Packet Buffer class.
QuoteWhat's the "mpqNumber" argument in checkRevision?
This is the number in the filename received in 0x50 (SID_AUTH_INFO) that looks like "IX86ver#.mpq". You can get this number by using the extractMPQNumber function.
Why does the mpq number matter?
Quote from: Kyro on September 11, 2005, 10:42 PM
Why does the mpq number matter?
The MPQ number is which IX86Ver?.dll to emulate.
Quote from: Shout on September 11, 2005, 10:45 PM
Quote from: Kyro on September 11, 2005, 10:42 PM
Why does the mpq number matter?
The MPQ number is which IX86Ver?.dll to emulate.
In more understandable words, Battle.net assigns you a .dll file with which to use CheckRevision(). There are 8 dlls and each has it's own unique checksum key. BNCSUtil, however, has all of these 8 checksum keys inside itself, so by the MPQ number, you're telling it which one to use.
Alright, got it. I'm curious about something:
' Check server signature.
If (UseNLS) Then
ServerSignature = P.GetFixedString(128)
If (Not nls_check_socket_signature(frmMain.WS.SocketHandle, ServerSignature)) Then
Disconnect
MsgBox "Server signature check failed.", vbExclamation, "Example Bot"
End If
End If
Why check the server signature?
I think it's to make sure that the server is authentic bnet server, there is no use for it really.
'SID_AUTH_CHECK
Public Sub P0x51(ServerToken As Long, Ix86verfilename As String, ChecksumFormula As String)
AddC vbMagenta, "Assembling 0x51 SID_AUTH_CHECK Packet..."
Dim ClientToken As Long
Dim EXEVersion As Long
Dim EXEHash As Long
Dim KeyLen As Long
Dim CDKeyProductValue As Long
Dim CDKeyPublicValue As Long
Dim HashedKeyData As Long
Dim EXEInformation As String
Dim CDKeyOwnerName As String
Dim EXEPath As String, DLLPath As String, ThirdPath As String
EXEPath = ProgHashPath & ProgFileName
DLLPath = ProgHashPath & DLLFileName
ThirdPath = ProgHashPath & ThirdFileName
ClientToken = GetTickCount()
EXEVersion = getExeInfo(EXEPath, EXEInfo)
mpqNumber = extractMPQNumber(Ix86verfilename)
' Perform revision check operations.
If (checkRevision(ChecksumFormula, EXEPath, DLLPath, ThirdPath, mpqNumber, Checksum) = False) Then
DMBot.BNET.Close
Call DMBot.BNET_Close
AddC vbRed, "CheckRevision failed."
Exit Sub
End If
AddC vbMagenta, "Done."
'Now data for the packet has been gathered,
'begin assembling the packet
End Sub
How does that look so far? Any errors?
Looks good so far :)
Excellent, I'll begin coding the packet assemblement. Thanks!
Testing Server (http://forum.valhallalegends.com/phpbbs/index.php?board=49.0)
TestBNCS Server Checks:
Server: joe.x86labs.org
Owner: Joe[x86]
Status: Nonoperational
Notes: Joe[x86] *did* warn it's not a 24/7 server, so he has an excuse.
Server: TheHague.Shacknet.nu
Owner: Trance
Status: Nonoperational
Server: 68.39.37.231/usnorth.no-ip.org
Owner: Remain
Status: Nonoperational
Server: Pyroserver.no-ip.org
Owner: BNCSFan (Guest)
Status: Nonoperational
:(
Try hdx.no-ip.org
@Joe- hdx.no-ip.org didn't respond to my bot either. Asia, USWest, USEast, Europe all responded to my bot. So I assume hdx.no-ip.org is also nonoperational.
@Everyone-- warning- this is a long post. Done coding the C->S 0x51 Packet Sub and the 0x51 handler. Please, if alright with you, look at the sub and tell me if it looks good, and if there's any flaws. If you see any way I can improve on it, I'm always open to suggestions!
'SID_AUTH_CHECK
Public Sub P0x51(ServerToken As Long, Ix86verfilename As String, ChecksumFormula As String)
AddC vbMagenta, "Assembling 0x51 SID_AUTH_CHECK Packet..."
Dim ClientToken As Long
Dim EXEVersion As Long
Dim EXEHash As Long
Dim NumberOfKeys As Long
Dim KeyLen As Long
Dim CDKeyProductValue As Long
Dim CDKeyPublicValue As Long
Dim HashedKeyData As Long
Dim EXEInformation As String
Dim CDKeyOwnerName As String
Dim EXEPath As String, DLLPath As String, ThirdPath As String
EXEPath = ProgHashPath & ProgFileName
DLLPath = ProgHashPath & "storm.dll"
ThirdPath = ProgHashPath & "battle.snp"
ClientToken = GetTickCount()
EXEVersion = getExeInfo(EXEPath, EXEInfo)
mpqNumber = extractMPQNumber(Ix86verfilename)
' Perform revision check operations.
If (checkRevision(ChecksumFormula, EXEPath, DLLPath, ThirdPath, mpqNumber, Checksum) = False) Then
DMBot.BNET.Close
Call DMBot.BNET_Close
AddC vbRed, "CheckRevision failed."
Exit Sub
End If
'Decode the main CD-key.
decoder = kd_create(bnetcdkey, Len(bnetcdkey))
If (decoder = -1) Then
DMBot.BNET.Close
Call DMBot.BNET_Close
AddC vbRed, "Failed to decode your CD-key."
Exit Sub
End If
' Calculate key hash.
HashLength = kd_calculateHash(decoder, ClientToken, ServerToken)
If (HashLength = 0) Then
DMBot.BNET.Close
Call DMBot.BNET_Close
AddC vbRed, "Failed to hash your CD-key."
Exit Sub
End If
' Retrieve key hash.
KeyHash = String$(HashLength, vbNullChar) ' Initialize buffer.
Call kd_getHash(decoder, KeyHash)
AddC vbMagenta, "Done gathering data, finalizing assembly..."
'Now data for the packet has been gathered,
'begin assembling the packet
With PacketBuf
.InsertDWORD ClientToken 'Client Token
.InsertDWORD EXEVersion 'EXE Version
.InsertDWORD Checksum 'EXE Hash
.InsertDWORD &H1 'only one cdkey, if two cdkeys, &H2
.InsertDWORD &H0 'Spawn = False
.InsertDWORD Len(bnetcdkey) 'CDKey Length
.InsertDWORD kd_product(decoder) 'CD key's product value
.InsertDWORD kd_val1(decoder) 'CD key's public value
.InsertDWORD 0 'Unknown, just put zero
.InsertNonNTString KeyHash 'Hashed Key Data
.InsertString EXEInfo 'EXE Info
.InsertString "Don Cullen" 'CDKey owner.
.SendPacket DMBot.BNET, &H51 'Send 0x51 packet
End With
' Release the key decoder.
Call kd_free(decoder)
AddC vbMagenta, "0x51 SID_AUTH_CHECK packet sent."
End Sub
Also, if you have time, check out my 0x50 and 0x51 response handler and give me your thoughts- I worked all day on those two packets, and would appreciate input on them:
Case &H50
AddC vbYellow, "BNET: Gimme your cdkey. And who are you?"
Dim LogonType As Long
Dim ServerToken As Long
Dim UDPValue As Long
Dim MPQFileTime As String
Dim Ix86verfilename As String
Dim ValueString As String
LogonType = PktDeBuf.rDWORD
ServerToken = PktDeBuf.rDWORD
UDPValue = PktDeBuf.rDWORD
MPQFileTime = PktDeBuf.rFILETIME(True)
Ix86verfilename = PktDeBuf.rNTString
ValueString = PktDeBuf.rNTString
AddC vbWhite, ValueString
If LogonType = &H0 Then
AddC vbWhite, "LogonType = STAR/SEXP/D2DV/D2XP"
ElseIf LogonType = &H1 Then
AddC vbWhite, "LogonType = War3Beta"
ElseIf LogonType = &H2 Then
AddC vbWhite, "Logon Type = War3"
Else
AddC vbRed, "Unrecognized logon type var: " & LogonType
End If
'Now send 0x51
'Call P0X51(ServerToken, Ix86verfilename, ValueString)
AddC vbYellow, "DMBot: There ya go. Happy?"
BNETDiscReq = True
DMBot.BNET.Close
DumpPacket (PacketData)
AddC vbWhite, "Forced Disconnect to avoid ipban since we haven't done 0x51 yet."
Call DMBot.BNET_Close
Exit Sub
Case &H51
AddC vbYellow, "BNET: Well..." 'They got authenication info
Dim BNETResponse As Long
BNETResponse = PktDeBuf.rDWORD
Select Case BNETResponse
Case &H0
'OK.
AddC vbYellow, "BNET: Fine, I'll accept that..."
Case &H100
DMBot.BNET.Close
AddC vbRed, "BNET: Nope. Jeez, your game version is old! Update it, dude! Bye..."
Call DMBot.BNET_Close
DumpPacket (PacketData)
Exit Sub
Case &H101
DMBot.BNET.Close
AddC vbRed, "BNET: Nope. Invalid game version. Bye."
Call DMBot.BNET_Close
DumpPacket (PacketData)
Exit Sub
Case &H102
DMBot.BNET.Close
AddC vbRed, "BNET: Nope. Your game needs to be downgraded. Bye."
Call DMBot.BNET_Close
DumpPacket (PacketData)
Exit Sub
Case &H200
DMBot.BNET.Close
AddC vbWhite, "BNET: Nope. Invalid CDKey. Bye."
Call DMBot.BNET_Close
DumpPacket (PacketData)
Exit Sub
Case &H201
strTMP = rNTString()
DMBot.BNET.Close
If LenB(strTMP) > 0 Then
AddC vbWhite, "BNET: Dude, " & strTMP & "'s using your CDKey! Sorry... Bye."
Else
AddC vbWhite, "BNET: Dude, someone's using your CDKey! Sorry... Bye."
End If
DumpPacket (PacketData)
Call DMBot.BNET_Close
Exit Sub
Case &H202
DMBot.BNET.Close
AddC vbWhite, "BNET: Dude- that CDKey's banned and ain't welcome to BNET! Bye!"
Call DMBot.BNET_Close
DumpPacket (PacketData)
Exit Sub
Case &H203
DMBot.BNET.Close
AddC vbWhite, "BNET: LOL dude- that CDKey's for a different game! Heh, bye!"
Call DMBot.BNET_Close
DumpPacket (PacketData)
Exit Sub
Case &H210
DMBot.BNET.Close
AddC vbWhite, "BNET: Invalid Expansion CDKey! Sorry, ain't letting you in! Bye!"
Call DMBot.BNET_Close
DumpPacket (PacketData)
Exit Sub
Case &H211
strTMP = rNTString()
DMBot.BNET.Close
If LenB(strTMP) > 0 Then
AddC vbWhite, "BNET: Dude, " & strTMP & "'s using your Expansion CDKey! Sorry... Bye."
Else
AddC vbWhite, "BNET: Dude, someone's using your Expansion CDKey! Sorry... Bye."
End If
DumpPacket (PacketData)
Call DMBot.BNET_Close
Exit Sub
Case &H212
DMBot.BNET.Close
AddC vbWhite, "BNET: Dude- that Expansion CDKey's banned and ain't welcome to BNET! Bye!"
Call DMBot.BNET_Close
DumpPacket (PacketData)
Exit Sub
Case &H213
DMBot.BNET.Close
AddC vbWhite, "BNET: LOL dude- that Expansion CDKey's for a different game! Heh, bye!"
Call DMBot.BNET_Close
DumpPacket (PacketData)
Exit Sub
Case CLng("&H" & VerByte)
DMBot.BNET.Close
AddC vbWhite, "BNET: Nope. Invalid VerByte, never heard of it. Bye."
Call DMBot.BNET_Close
DumpPacket (PacketData)
Exit Sub
Case Else
DMBot.BNET.Close
AddC vbWhite, "BNET: SID_AUTH_CHECK failed for an unknown reason."
AddC vbWhite, "BNET: Maybe it's because I don't like you? LOL! Bye..."
DumpPacket (PacketData)
Call DMBot.BNET_Close
Exit Sub
End Select
Everything look good?
I plan on testing the bot on Asia.Battle.net tomorrow, and if it works, I plan on getting to work on sending and handling the 0x3A packet, and if that goes smoothly, I'll move onto the 0x14 and 0x0A packets. I'll check your posts in response to this first thing after class BEFORE I test bot- I want you guys, if you guys don't mind, to confirm the code looks safe enough to not get me ipbanned before I test it. If you guys are willing to look it over, it'd be much appreciated-- if not, thanks for your time anyway! Thanks to everyone who has helped me to learn so much as to get this far!!! ;D
Note on style, you should not use 'P0x51' as a function name, it will make it harder to read and maintain.
Quote from: Kyro on September 12, 2005, 03:29 AM
AddC vbYellow, "DMBot: There ya go. Happy?"
DMBot!?
DM = Demented Minds, DM is abbrev of that. For proof, www.dementedminds.org , and here's the source for a script coded for DM: http://www.doncullen.net/bnetphp.txt . My DM aka is Kyro[DM]. I realize this is confusing, since there's also a DMBot by Dark Minion, so I'm renaming bot to something else, like DementedBot or something. Not sure of name. I left it to DMBot for now, until I get the basic functionalities completed.
[Edit: fixed links]
As for P0x51, it's easy for me to read, so that isn't really a problem. When I see P0x51, I automatically think Packet 0x51. And besides, I originally wanted:
Private Sub 0x51(vars, here)
'yadda yadda
End Sub
But VB doesn't allow sub/function names to start with numbers. Other than style, do u see any bugs/errors/flaws?
I'm going to hit the shower and head out--- gotta catch bus in half hour for college class. Will check back here after class. Thanks for the input so far.
My server is up, I sjut took it down cuz after 12 weeks.. without a SINGLE login. It looked kind of pointless. But its back up now for your testing purposes. Have fun. Only thing is, BNLS dosent work for the latest SC patch, Nither does my JBLS server report the correct ver for testBNCS ... but it does for normal BNCS.. I'll look into it tonight
~-~(HDX)~-~
My bot doesn't use BNLS, so it's no problem. Thanks! That'll let me test my bot without worrying about getting ipbanned for a screw up in coding process... Heh.
I just tested my bot on Asia.battle.net, and Europe.battle.net, apparently it works fine without any problems. But if you don't mind, I'd love some input on my code, I'm always looking for ways to improve it...
I plan on using your server for testing my bot, you can feel free to shut it off after a few weeks if you want- by then, I should have the basic stuff done, and can relax and not worry about an ipban. Thanks!
[Edited to avoid double posting]
This might interest you, I just told my bot to connect to hdx.no-ip.org, it connected fine, but my vb program crashed when it tried to send the 0x51 packet. Now get this, I just checked my code to see why- apparently it's setting the socket to hdx.no-ip.org, when it should stay BNET (the name of my winsock is BNET), and the packet ID that it's being told to sent is 81. I'm like, WTH, there shouldn't be a packet 0x81, so I checked my code-- I don't have any 0x81 packet code in there?!? So why is it trying to send that one? I also checked all lines that sent packets- they all correctly state for SendPacket to use the BNET winsock, and also all correctly state the right packet... This is very unusual...
What I don't get is, why does it work for asia.battle.net, and europe.battle.net (haven't tested on uswest nor useast- wanted to hold off on that until I'm danged sure my code is safe), but crashes when it tries to connect to hdx.no-ip.org?