Hey,
I've been continuing my bot project a little more, and after a lot of refactoring I've made it to implementing the login sequence. Sadly, S0x1A (broodwars) always fails. I've spent an hour trying to figure out what's the issue and now I'm sleepy. Hopefully one of you with sharp eyes may spot my fault.
SENT (0x1A)
00000007 48 00 1a 02 00 00 00 00 00 00 00 0c 00 00 00 00 H....... ........
00000017 ba f7 d9 72 fc c6 01 6c 6f 63 6b 64 6f 77 6e 2d ...r...l ockdown-
00000027 49 58 38 36 2d 31 33 2e 6d 70 71 00 c2 84 c3 99 IX86-13. mpq.....
00000037 c3 a7 c2 83 56 c2 b1 c3 96 49 c2 88 42 c2 a3 c3 ....V... .I..B...
00000047 9f 67 c2 bd 7d 01 02 00 .g..}...
RESPONSE (0x1A)
0000000B 0b 00 1a 00 00 00 00 0c 00 00 00 ........ ...
It would probably help to not send defunct packets.
How the hell is 0x1A defunct... It's currently the most advanced BNLS checksum packet made, and just about everybody on these forums use it.
What I use:
Public Sub BNLSSend0x1A()
With pbuffer
.InsertDWORD GetClient(Bot.Client) 'The client code for BNLS
.InsertDWORD 0 'Flags, must be set to 0 for now.
.InsertDWORD &H3713 'cookie :D
.InsertNonNTString Bot.mpqFileTime †
.InsertNTString Bot.mpqName ††
.InsertNTString Bot.ChecksumFormula 'Checksum formula.
.SendBNLSPacket &H1A
End With
End Sub
Public Function GetClient(Client As String) As Long
On Error GoTo Err
Select Case Client
Case "STAR": GetClient = 1
Case "SEXP": GetClient = 2
Case "W2BN": GetClient = 3
Case "D2DV": GetClient = 4
Case "D2XP": GetClient = 5
Case "JSTR": GetClient = 6
Case "WAR3": GetClient = 7
Case "W3XP": GetClient = 8
Case Else: GetClient = 0
End Select
Exit Function
Err:
GetClient = 1
End Function
†'What I just did for this was.... (in the S > C 0x50) Bot.mpqFileTime = Mid(Data, 17, 8) Works great, and it's easier to do it this way because VB6 can't handle unsigned 64 bit data types.
††'The file name of the mpq-- BNLS can extract the mpq number itself, taking some load off your bot
Anotherwords, I think you're sending what is supposed to be the cookie and flags in the reverse order. Like I said-- The flags MUST be set to 0, and the cookie value can be anything. I hope this helps :D
edit** haha, i brainfartted too. You're sending them in the correct order, your packetlog breaks it up in groups of 64 bits that kinda confuzzled me for a second
he's sending this to BNLS, but what server?
His packet looks right.
~Hdx
[edit]
Brew, I fucking hate you, CHECK YOUR CODE BEFORE YOU POST. Don't break the god dammen tables.
Good you fixed it
~Hdx
Wow. Brainfart. I thought he was talking about BNCS 0x1a, which is defunct, not BNLS 0x1a :X
Still, no luck.
Are we not supposed to be using "bnls.valhallalegends.com" ?
You can! but also you can check here for other servers including BNLS & JBLS and to see which ones are running compliments of HDX =)
http://jbls.org/?p=Servers
Note:
Starcraft, Starcraft Broodwar, Warcraft II only work on the BNLS server and IP listed BNLS servers.
Warcraft III only works on JBLS servers.
Diablo II is lame and works on both =)
JBLS dosent support lockdown yet, so thats why I asked.
Post a full log, including ips.
Everything looks right. so...
~Hdx
Still, same issue.
Here are some example representations of the data I'm receiving/sending.
S0x50 {
s50_logonType = 0,
s50_serverToken = 2111859351,
s50_udpValue = 2102977,
s50_mpqFiletime = 128067209560000000,
s50_IX86ver = LPS ["lockdown-IX86-11.mpq\NUL"],
s50_valueString = LPS ["|RP\239\179\f\221\180\v\202\155\223A\135b\180\NUL"]
}
From this, I construct:
BNLS_C0x1A {
lc1A_productID = 2,
lc1A_flags = 0,
lc1A_cookie = 0,
lc1A_mpqFiletime = 128067209560000000,
lc1A_IX86ver = LPS ["lockdown-IX86-11.mpq\NUL"],
lc1A_valueString = LPS ["|RP\239\179\f\221\180\v\202\155\223A\135b\180\NUL"]
}
I feel like a dumbass, but im not quite sure exactly what language that is?
Hrm... possibly java.
Those aren't my datastructures. They're members of Haskell's "Show" Typeclass, I just printed them out.
Here's my function that constructs and sends the versioncheck packet.
As you can see, it takes a handle (bnls), and three parameters (a,b,c).
bnls_version_check bnls a b c = do
putStrLn "bnls_version_check"
let packet = BNLS_C0x1A { lc1A_productID = 0x02
, lc1A_flags = 0
, lc1A_cookie = 0
, lc1A_mpqFiletime = a
, lc1A_IX86ver = b
, lc1A_valueString = c }
print packet
sendPacket bnls packet
bnls2Type bnls :: IO BNLS_S0x1A
Here I instantiate the values a,b,c that are passed to the function that sends the packet:
let a = s50_mpqFiletime rauth :: Word64
let b = s50_IX86ver rauth :: B.ByteString
let c = s50_valueString rauth :: B.ByteString
rcheck <- bnls_version_check bnls a b c
I think what I should ask is:
Are the values I'm using for making the 0x1A correct? Are the last three fields supposed to come from the s0x50 as I'm currently doing?
Ya its fine but...
Quote from: Hdx on April 22, 2007, 04:49 PMPost a full log, including ips.
~Hdx
~Hdx
My BNLS connection is the standard valhalla something or another one: 63.161.183.205
As you can see, it works perfectly with versionbyte. It also works perfectly with ckdey, however, I've omitted its call.
-- init
00000000 01 .
-- bnls c>0x10
00000000 07 00 10 02 00 00 00 .......
-- bnls s>0x10
00000000 0b 00 10 02 00 00 00 cf 00 00 00 ........ ...
-- bnet c>0x50
00000001 ff 50 3a 00 00 00 00 00 36 38 58 49 50 58 45 53 .P:..... 68XIPXES
00000011 cf 00 00 00 53 55 6e 65 00 00 00 00 a4 01 00 00 ....SUne ........
00000021 00 00 00 00 00 00 00 00 55 53 41 00 55 6e 69 74 ........ USA.Unit
00000031 65 64 20 53 74 61 74 65 73 00 ed State s
-- bnet s>0x25
00000000 ff 25 08 00 0b ee 75 1b .%....u.
-- bnet s>0x50
00000008 ff 50 3e 00 00 00 00 00 1f ab 74 0a 4f ec 27 00 .P>..... ..t.O.'.
00000018 00 09 ef c0 72 fc c6 01 6c 6f 63 6b 64 6f 77 6e ....r... lockdown
00000028 2d 49 58 38 36 2d 30 33 2e 6d 70 71 00 89 c5 f1 -IX86-03 .mpq....
00000038 38 66 d5 23 81 a6 ff 4f cf 91 fb 2c 7d 00 8f.#...O ...,}.
-- bnls c>0x1A
0000001C 47 00 1a 02 00 00 00 00 00 00 00 00 00 00 00 00 G....... ........
0000002C 09 ef c0 72 fc c6 01 6c 6f 63 6b 64 6f 77 6e 2d ...r...l ockdown-
0000003C 49 58 38 36 2d 30 33 2e 6d 70 71 00 c2 89 c3 85 IX86-03. mpq.....
0000004C c3 b1 38 66 c3 95 23 c2 81 c2 a6 c3 bf 4f c3 8f ..8f..#. .....O..
0000005C c2 91 c3 bb 2c 7d 00 ....,}.
-- bnls s>0x1A
0000003A 0b 00 1a 00 00 00 00 00 00 00 00 ........ ...
-- bnet c>x025
0000003B ff 25 08 00 0b ee 75 1b .%....u.
-- I would send C0x51 here, but BNLS is returning an error packet.
Hmm, I just spotted an extra 'C2' byte that's immediately following the IX86ver's null terminator in the BNLS packet and not the S0x50. Furthermore, it seems as if that entire string is mangled. Perhaps this is it! Now to find out where it's coming from.
In general, any "lockdown" version check challenge string which does not fit the size limitation of 16 bytes is unlikely to be valid.
uhm.. no. Lockdown strings are 15, 16, or 17 bytes. There is no limitation.
You're arguing with the only guy to have definitely reversed lockdown? WTF are you smoking?
RealityRipple is obviously addled in the brain o_o;
Hes arguing due to the fact that value strings of length 15-17 have been seen in the wild.
Also, from what ive seen, it dosen't care about the length of the value string, it only uses the 1st 16 bytes.
~Hdx
how can it use the first 16 if there's only 15?