Here is a packet log of my attempt to upgrade (I'll post the important packets at the end of this):
http://www.javaop.com/~iago/upgrade.txt
For some reason, Battle.net doesn't respond to SID_AUTH_ACCOUNTUPGRADEPROOF. Any idea why? Isn't it supposed to send SID_AUTH_ACCOUNTLOGONPROOF back?
Here are the important packets:
I send SID_AUTH_ACCOUNTLOGON:
ff 53 2f 00 3b 5c b4 8a c5 14 19 fc 5b d4 .H.S/.;\......[.
0050 1c 9b 3b ba 99 84 7f ba 2c 8f b1 f9 c3 b5 fe 20 ..;.....,......
0060 3f ed ea 85 a2 cf 72 6f 6e 69 73 63 6f 6f 6c 32 ?.....roniscool2
0070 00 .
Battle.net tells me to upgrade: [SID_AUTH_ACCOUNTLOGON]
ff 53 48 00 05 00 00 00 00 00 00 00 00 00 .w.SH...........
0050 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0060 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0070 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0080 00 00 00 00 00 00 00 00 00 00 ..........
I send it a request to upgrade: [SID_AUTH_ACCOUNTUPGRADE]
ff 57 04 00 .K.W..
My request is accepted, and my the server token is provided: [SID_AUTH_ACCOUNTUPGRADE]
ff 57 0c 00 00 00 00 00 56 2c db d9 .O.W......V,..
I do the SHA1 as well as calculating s and v, then send them: [SID_AUTH_ACCOUNTUPGRADEPROOF]
ff 58 5c 00 9e be 7f 54 cc 8c 47 8e 74 87 .M.X\....T..G.t.
0050 b1 67 75 c9 7f cb 08 75 c4 54 84 5b 5d 98 55 d0 .gu....u.T.[].U.
0060 42 ab 45 6f 71 7f 3d 6a b6 28 d7 fa 9d 48 10 58 B.Eoq.=j.(...H.X
0070 50 c2 04 66 35 6b ce 36 db 2c a0 fc d8 50 35 65 P..f5k.6.,...P5e
0080 da 3c 4b d8 b4 1d 08 36 24 51 64 56 dc 5f 04 2a .<K....6$QdV._.*
0090 3a 1e 6e 95 06 f2 4c bd 43 81 cc de 8e 3c :.n...L.C....<
..... and get no response. Any clue why? My only thought was that they don't have it implemented, which seems silly..
You experienced this on real Battle.net? On what circumstances? (server, product, ...)?
While support for upgrades is implemented on various recent Battle.net clients, the server continues to request that everybody use the old-style logon protocol. I'd be very interested if you've found a case in which the server wants you to perform an actual upgrade.
Edit: Looked at your packet log. IIRC, for War3 accounts, the upgrade packets have a meaning other than that the account really needs to be upgraded. I recall somebody else (Spht perhaps?) running into this situation before, but I don't remember what the exact reason was.
You might try logging in with the official client to see what it does. I don't have my notes on the War3 handler for that particular message here to check.
I created the account using a bot and SID_CREATEACCOUNT2 and the SHA1 of my password. I did this on all 4 realms, although I don't know the specific servers.
When I then connected using a regular login (SID_AUTH_ACCOUNTLOGON) and that account, it gives me the "this account must be upgraded" response.
I was doing it as Warcraft 3, when I tried sending SID_AUTH_ACCOUNTLOGON with Starcraft, I was disconnected.
I more or less wanted to make sure I implemented it correctly, so it was an contrived situation. You never know when they might move D2 or SC or any of those clients to NLS (unlikely, but who knows?)
When I tried with the official client, I got the message, "Warcraft 3 cannot login with that account type" or something similar. It never got past SID_AUTH_ACCOUNTLOGON, it gave up after that point.
Ah - I would recommend a local Battle.net server which understands SRP. That was the solution I used for testing it. It also lets you verify it against a Blizzard client as a nice bonus.
I'll look into adding a message to enable a "developer mode" on BNLS to always return zero from all randomized calculations in case anyone wants to use it to verify implementations.
QuoteWhen I tried with the official client, I got the message, "Warcraft 3 cannot login with that account type" or something similar. It never got past SID_AUTH_ACCOUNTLOGON, it gave up after that point.
Ahem, I was the one who tried with the client =p
Quote from: Skywing on February 02, 2006, 09:01 PM
Ah - I would recommend a local Battle.net server which understands SRP. That was the solution I used for testing it. It also lets you verify it against a Blizzard client as a nice bonus.
I'll look into adding a message to enable a "developer mode" on BNLS to always return zero from all randomized calculations in case anyone wants to use it to verify implementations.
I'm actually not sure how the values were derived, it was a friend of mine who did it. But the fact that it matched the change password packet seemed logical enough.
And yeah, that would be a neat feature.. although this is the only thing I haven't implemented (besides WoW, but I don't see that as being terribly likely), and I'm reasonably sure it's right :)
Quote from: Joe on February 02, 2006, 09:48 PM
Ahem, I was the one who tried with the client =p
True, but that wasn't particularily relevant to the conversation, so I left it out.
Quote from: Skywing on February 02, 2006, 09:01 PM
I'll look into adding a message to enable a "developer mode" on BNLS to always return zero from all randomized calculations in case anyone wants to use it to verify implementations.
Please, this would be a wonderfull feature, All* of my research for Upgrading accounts has come from BNLS considering I have never encountered it in the wild. Addition of such a feature will help me greatly in conferming JBLS compliance with BNLS.
~-~(HDX)~-~
Quote from: HdxBmx27 on February 03, 2006, 12:25 AM
Quote from: Skywing on February 02, 2006, 09:01 PM
I'll look into adding a message to enable a "developer mode" on BNLS to always return zero from all randomized calculations in case anyone wants to use it to verify implementations.
Please, this would be a wonderfull feature, All* of my research for Upgrading accounts has come from BNLS considering I have never encountered it in the wild. Addition of such a feature will help me greatly in conferming JBLS compliance with BNLS.
~-~(HDX)~-~
In other words, "Help me write a competitor!" :)
I would like to point out that I discovered this some time ago and maybe the other topic might help
Click Here (http://forum.valhallalegends.com/index.php?topic=12407.0)
Yeah, you "discovered" it the same way I do it. And for the record, I didn't do it by accident, I figured it out myself :-P
And no, it doesn't help, I actually tried doing the upgrade but without success.. :(
I don't usually bump old topics like this, but is that method (using createaccount2 with war3) still a capability? I'd like to get upgrading implemented in my bot, and need a way to test...
As far as I know, there's no way to test.
Back when I was playing with this (and I might have said so in this thread, I don't remember), if you tried logging on with NLS but used the old way to create an account, it would create it and kick you off. If you then tried to log into that using NLS, it would request an upgrade. I don't remember if it was actually possible to upgrade, though.
So:
- Connect as Warcraft 3
- Create an account the way you would on OLS (SID_CREATEACCOUNT(2?))
- Reconnect as Warcraft 3
- Send SID_AUTH_ACCOUNTLOGON with that username
It should send you an upgrade request, if nothing's changed.
I vaguely remember that this didn't quite work, but give it a shot.
Yay, I'm IPBanned from Asia now. Way to go me.
Quote from: Andy on April 15, 2008, 01:34 AMI don't usually bump old topics like this, but is that method (using createaccount2 with war3) still a capability? I'd like to get upgrading implemented in my bot, and need a way to test...
Yea it is; I was just able to do it now (by changing the call to 0x53 to call 0x3D instead, and have it logon immediately after with 0x53 and not 0x3A):
[Tuesday, April 15, 2008 4:48:06 PM] Welcome to Felbot v1.1 Dev by Joe[x86] and Ribose!
[4:48:06 PM] This bot is open source. Feel free to visit the project at: http://code.google.com/p/felbot/.
[4:48:06 PM] Profile Ribose.E loaded.
[4:48:11 PM] [BNET] Connecting to useast.battle.net..
[4:48:12 PM] [BNET] Connected!
[4:48:12 PM] [BNET] SENT BYTE 0x1
[4:48:12 PM] [BNET] SENT PACKET 0x50:
0000 ff 50 3a 00 00 00 00 00 36 38 58 49 33 52 41 57 ÿP:.....68XI3RAW
0010 15 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0020 00 00 00 00 00 00 00 00 55 53 41 00 55 6e 69 74 ........USA.Unit
0030 65 64 20 53 74 61 74 65 73 00 ed States.
[4:48:12 PM] [BNET] SENT PACKET 0x25:
0000 ff 25 08 00 13 37 00 00 ÿ%...7..
[4:48:12 PM] [BNET] Requesting logon authorization..
[4:48:12 PM] [BNET] RECIEVED PACKET 0x25:
0000 ff 25 08 00 89 0a 59 83 ÿ%....Y.
[4:48:12 PM] [BNET] RECIEVED PACKET 0x50:
0000 ff 50 e7 00 02 00 00 00 81 6a bb c3 7c 43 3a 00 ÿPç......j»Ã|C:.
0010 00 20 58 7d 99 cb c6 01 76 65 72 2d 49 58 38 36 . X}.ËÆ.ver-IX86
0020 2d 31 2e 6d 70 71 00 41 3d 34 30 32 33 38 34 37 -1.mpq.A=4023847
0030 37 37 37 20 42 3d 33 33 36 34 37 32 37 38 32 35 777 B=3364727825
0040 20 43 3d 33 33 35 38 30 30 31 35 31 20 34 20 41 C=335800151 4 A
0050 3d 41 2b 53 20 42 3d 42 5e 43 20 43 3d 43 5e 41 =A+S B=B^C C=C^A
0060 20 41 3d 41 2b 42 00 fd f7 3f 3f e0 15 7d 2d 63 A=A+B.ý÷??à.}-c
0070 2f b8 78 03 5c bf 25 f7 fa b0 e0 6d 92 20 50 76 /¸x.\¿%÷ú°àm. Pv
0080 86 52 cf 9a 69 86 63 a6 91 6b 67 3c 22 66 60 93 .RÏ.i.c¦.kg<"f`.
0090 cc a0 69 54 66 e7 af 49 79 ae 86 dc c3 cb 2d 6c Ì.iTfç¯Iy®.ÜÃË-l
00a0 49 77 e5 ac a9 51 37 52 bf ac 7f 2d 94 4b 61 67 Iw嬩Q7R¿¬.-.Kag
00b0 be ee 01 c5 ad e6 4e fc 1b 31 6a 10 d9 9a 26 f3 .î.ÅæNü.1j.Ù.&ó
00c0 80 0f 8d eb 32 42 8b 38 08 68 5b 6b ea ee 54 ef ...ë2B.8.h[kêîTï
00d0 87 9c 2b f1 b3 f4 21 7f f3 cb 80 3d 35 e7 5d 17 ..+ñ.ô!.óË.=5ç].
00e0 3b 01 c5 2a 3c 55 4a ;.Å*<UJ
[4:48:12 PM] [BNET] Received authorization challenge!
[4:48:14 PM] [BNET] SENT PACKET 0x51:
0000 ff 51 64 00 13 37 00 00 9c 19 15 01 7a b6 75 af ÿQd..7......z¶u¯
0010 01 00 00 00 00 00 00 00 1a 00 00 00 0e 00 00 00 ................
0020 07 ef 70 00 00 00 00 00 e8 22 4f 91 a4 55 81 ab .ïp.....è"O.¤U.«
0030 81 2d 98 81 cb 51 d9 fb be 7d b3 d6 57 61 72 33 .-..ËQÙû.}.ÖWar3
0040 2e 65 78 65 20 37 2f 31 39 2f 30 37 20 31 38 3a .exe 7/19/07 18:
0050 34 31 3a 31 32 20 34 30 39 36 36 30 00 46 65 6c 41:12 409660.Fel
0060 62 6f 74 00 bot.
[4:48:14 PM] [BNET] Answering authorization challenge..
[4:48:15 PM] [BNET] RECIEVED PACKET 0x51:
0000 ff 51 09 00 00 00 00 00 00 ÿQ.......
[4:48:15 PM] [BNET] Passed authorization challenge!
[4:48:15 PM] [BNET] SENT PACKET 0x53:
0000 ff 53 2f 00 7c b3 96 55 5c 45 c2 83 fd d6 c9 76 ÿS/.|..U\EÂ.ýÖÉv
0010 08 d3 33 0b ea 55 d4 a9 86 d2 06 71 ac 31 ce 04 .Ó3.êUÔ©.Ò.q¬1Î.
0020 3b 0b 34 09 52 69 62 6f 73 65 2d 35 2e 31 00 ;.4.Ribose-5.1.
[4:48:15 PM] [BNET] Authenticating with logon credentials..
[4:48:15 PM] [BNET] RECIEVED PACKET 0x53:
0000 ff 53 48 00 05 00 00 00 00 00 00 00 00 00 00 00 ÿSH.............
0010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0020 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0040 00 00 00 00 00 00 00 00 ........
[4:48:15 PM] [BNET] Authentication failed. Account requires upgrade!
[4:48:15 PM] [BNET] SENT PACKET 0x57:
0000 ff 57 04 00 ÿW..
[4:48:15 PM] [BNET] Attempting to upgrade account..
[4:48:15 PM] [BNET] RECIEVED PACKET 0x57:
0000 ff 57 0c 00 00 00 00 00 e0 49 bf 6f ÿW......àI¿o
[4:48:15 PM] [BNET] Upgrade request valid!
[4:48:15 PM] [BNET] SENT PACKET 0x58:
0000 ff 58 5c 00 13 37 00 00 d4 1b 32 88 81 aa 3b 69 ÿX\..7..Ô.2..ª;i
0010 64 a1 2b 76 1b ef 14 a2 77 ea 3e bc 8a 88 e4 88 d¡+v.ï.¢wê>...ä.
0020 91 6b 17 fa 83 72 19 24 ef 20 df 9b 7a ef bc 45 .k.ú.r.$ï ß.zï.E
0030 a4 b1 16 25 61 e3 34 d2 d9 43 b7 7d 74 ec ed 30 ¤±.%aã4ÒÙC·}tìí0
0040 98 33 db 82 e6 cd 85 d3 ab c7 42 89 25 7d d8 64 .3Û.æÍ.Ó«ÇB.%}Ød
0050 cd 25 fc fa f7 7b 5e a3 3c 08 fa ea Í%üú÷{^£<.úê
[4:48:15 PM] [BNET] Proving account upgrade..It doesn't respond still.
Quote from: Andy on April 15, 2008, 03:13 PM
Yay, I'm IPBanned from Asia now. Way to go me.
I got IP'd a few times, however its not as bad as an IPBan for messing up 0x51 badly.
I just tried the account with the client.
Here's the client's response:
"The account specified is not supported by WarCraft III.
Please select 'Create New Account' and choose a new name and password."
Great, looks like its not implemented. Don't create your accounts with 0x3D on WarCraft III. :o
Oh, my IP was cause I sent LogonResponse2 right after createaccount2...
And... what do you mean it's not implemented?
Only problem I've got is how to generate the ACCOUNTUPGRADEPROOF send packet... I'm trying to use BNLS to figure out exactly what to send it, but every time I send 0x08, I get disconnected.
Quote from: Andy on April 15, 2008, 04:18 PM
Oh, my IP was cause I sent LogonResponse2 right after createaccount2...
And... what do you mean it's not implemented?
I meant WarCraft III doesn't attempt to upgrade it, so obviously the whole upgrade system doesn't seem to be enabled (so then the Battle.net side not responding wouldn't be surprising).
Just cause the client doesn't work doesn't mean the server can't do it. Have you tried packet logging to see what the client actually does?
Quote from: Andy on April 15, 2008, 04:32 PM
Just cause the client doesn't work doesn't mean the server can't do it. Have you tried packet logging to see what the client actually does?
Since WPE doesn't recognize WarCraft III I can't =[. When I tried Ethereal (someone directed me to it) the installer is corrupt or something. But, I'd assume that WarCraft III just recieves response 0x05 and says oops! and gives me the message box I described. If you have a packet logger that works, link me. :/
Sending 0x58 doesn't IPBan me (my other bot stays online) or give me an error code or simply disconnect me when it's in this format:
(DWORD) client token
(BYTE[20]) old password hash
(BYTE[32]) NLS salt (s)
(BYTE[32]) NLS verifier (v)
but why wouldn't it respond (iago's question as well).
Mm.. Then ya, it's probably disabled. Still, I'd like to add support for it. How are the salt and verifier generated? I don't know much of anything about NLS. Nevermind. Stupid question. And Ethereal's always worked for me... I dunno.
Quote from: Andy on April 15, 2008, 05:33 PM
Mm.. Then ya, it's probably disabled. Still, I'd like to add support for it. How are the salt and verifier generated? I don't know much of anything about NLS. And Ethereal's always worked for me... I dunno.
The salt and verifier is the (BYTE[64]) (or (DWORD[16])) that you send in SID_AUTH_ACCOUNTCREATE, or SID_AUTH_ACCOUNTCHANGEPROOF.
Looking at BNETDocs' documentation on BNLS, I'd do:
[BNLS] C -> S 0x04 BNLS_CREATEACCOUNT (since it appears to return the s + v)
[BNLS] S -> C 0x04 (store the 64 bytes)
[BNET] C -> S 0x58
(DWORD) Client token
(BYTE[20]) old password hash
(BYTE[64]) NLS s + v (the 64 bytes)lol, you answered it yourself before I posted I guess...
Wait, is it for the new password or the old one? Seems like it should be the new one to me...
And just in case anyone else happens to be doing this in the future, here's some easy-to-steal example code:
Public Sub SID_Send_AUTH_ACCOUNTUPGRADEPROOF(ByVal SToken As Long)
Dim UpNLS As Long
Dim BufLen As Long
Dim Buffer As String
Dim S As String
Dim V As String
BufLen = &H41 + Len(Config.Username)
Buffer = String$(BufLen, vbNullChar)
UpNLS = nls_init(UCase$(Config.Username), UCase$(Config.Password))
nls_account_create UpNLS, Buffer, BufLen
nls_free UpNLS
S = Left$(Buffer, &H20)
V = Mid$(Buffer, &H21, &H20)
BNCSPacket.ClearOutbound
BNCSPacket.InsertDWORD ClientToken
BNCSPacket.InsertString DoubleHashPassword(LCase$(Config.Password), ClientToken, SToken)
BNCSPacket.InsertString S
BNCSPacket.InsertString V
AddQueue BNCSPacket.SendBNCSPacket(SID_AUTH_ACCOUNTUPGRADEPROOF)
End Sub
Quote from: Andy on April 15, 2008, 06:04 PM
And just in case anyone else happens to be doing this in the future, here's some easy-to-steal example code:
Public Sub SID_Send_AUTH_ACCOUNTUPGRADEPROOF(ByVal SToken As Long)
Dim UpNLS As Long
Dim BufLen As Long
Dim Buffer As String
Dim S As String
Dim V As String
BufLen = &H41 + Len(Config.Username)
Buffer = String$(BufLen, vbNullChar)
UpNLS = nls_init(UCase$(Config.Username), UCase$(Config.Password))
nls_account_create UpNLS, Buffer, BufLen
nls_free UpNLS
S = Left$(Buffer, &H20)
V = Mid$(Buffer, &H21, &H20)
BNCSPacket.ClearOutbound
BNCSPacket.InsertDWORD ClientToken
BNCSPacket.InsertString DoubleHashPassword(LCase$(Config.Password), ClientToken, SToken)
BNCSPacket.InsertString S
BNCSPacket.InsertString V
AddQueue BNCSPacket.SendBNCSPacket(SID_AUTH_ACCOUNTUPGRADEPROOF)
End Sub
Lol... you leave easy-to-steal stuff everywhere. :P
And, yea, that's basically my code (except that is VB, and uses BNLS).
Hmm? It doesn't use BNLS.
iirc, I documented the packet:
http://www.javaop.com/~ron/documents/SRP.html
Never tested it, but me and Maddox reversed it.
Might wanna add (for new password) next to s and v for ACCOUNTUPGRADEPROOF then. And it doesn't matter anyway cause the packet isn't responded to... Except maybe on private servers.
Quote from: iago on April 15, 2008, 09:06 PM
iirc, I documented the packet:
http://www.javaop.com/~ron/documents/SRP.html
Never tested it, but me and Maddox reversed it.
Oh, well, it's not documented in BnetDocs (it looks like someone just was too lazy to finish that part/left it with only the server response), and I didn't know where your notes were. :o
Mm... speaking of Documentation, I think I'll add SID_ACCOUNTUPGRADEPROOF C>S to Bnetdocs.org.