i guess starcraft2 will have warden, as starcraft1 has with the latest patch (the 0x5e packets). they replace they SID_PING packets (0x25) almost completely, although not 100%.
these packets have to be answered correctly, otherwise you will be disconnected after about 2 minutes.
i found a way to get my bot online, but just through a trick. i cannot calculate the warden responses.
has anyone reversed the routines and could give an outline in a high level language?
thanks and greetings,
aton
You logged onto the starcraft 2 server?
no i didnt(is there one?), but just noticed the other post about 0x5e warden packets...
Quote from: aton on June 26, 2007, 01:01 AM
i guess starcraft2 will have warden, as starcraft1 has with the latest patch (the 0x5e packets). they replace they SID_PING packets (0x25) almost completely, although not 100%.
these packets have to be answered correctly, otherwise you will be disconnected after about 2 minutes.
i found a way to get my bot online, but just through a trick. i cannot calculate the warden responses.
has anyone reversed the routines and could give an outline in a high level language?
thanks and greetings,
aton
what do you mean by replacing the ping msg?
as you might have noticed, before warden was activated SID_PING (0x25) requests were sent pretty often, but now they are very rare. I think they reduced them (to some special situations) because warden does the keepalive checking anyways.
0x5E is called after loging into battle.net with an account,
so i guess 0x25 will be still there since you can stay before logon phase where you send 0x3D for creating accounts or change password packet.
I've looked at the dissasembly of the routines generating the bytes in the 0x5E packet off and on, and I'm slowly getting there but I'm not too focused on this project, cause you know, playin starcraft beats debugging :). Basic gist of what I see happening is a some sort of hash array being used and the input is being xored with certain elements in the hash array. I can't fully explain what's going on, it's kinda difficult but we'll see how it goes as time passes ;)
as i understood, warden is capable of and does download binary code from blizzard and executes this code to do checks on the starcraft process itself and other processes. if thats the case, then this cannot possibly be tricked. even if the mighty bot would receive the binary code, execute it etc, it would not have the starcraft process to do checksums (the checksum'ed ranges might differ each minute).
so i guess warden means: log on only with starcraft.exe ?
It might help to understand how Warden works (http://www.edgeofnowhere.cc/viewtopic.php?t=311204) before trying to trick it. Warden cannot be prevented.
To even begin to consider if it can be prevented or countered you need to do an in depth analysis of what exactly warden does line by line at the code level.
From a first look, it seems to look solid. Don't expect this to hold true once you start fully looking at it's innerworkings. It should then be possible to find a flaw in the implementation, and leverage that to your will.
Just how much leveraging and exploiting you can do remains to be seen, this will all change as Warden starts to get the eye of more and more reverse engineers. Same thing happened with Lockdown, same thing will happen here.
This topic should be split since everything except the beginning of the first topic is about starcraft and battle.net in general nothing else of it has to do with starcraft 2 bots. Infact starcraft 2 bots shouldn't even need to be discussed since there will be major changes to battle.net before starcraft 2 is made available on battle.net anyway.
Quote from: Denial on June 27, 2007, 12:12 PM
This topic should be split since everything except the beginning of the first topic is about starcraft and battle.net in general nothing else of it has to do with starcraft 2 bots. Infact starcraft 2 bots shouldn't even need to be discussed since there will be major changes to battle.net before starcraft 2 is made available on battle.net anyway.
I agree.
well what can we expect for starcraft2 bots?
bncs will be the same? or pretty much i guess.
for the game it will be tcp, the ladder games running over server connections (wc3 style) and the open games peer to peer, but tcp too, right?
Quote from: aton on July 01, 2007, 06:50 AM
well what can we expect for starcraft2 bots?
bncs will be the same? or pretty much i guess.
for the game it will be tcp, the ladder games running over server connections (wc3 style) and the open games peer to peer, but tcp too, right?
Anything anyone says at this point is a stab in the dark.
From what has been going on i believe they plan to revamp battle.net. So anything is possible at the moment.
No doubt there will be a better version of Warden on StarCraft 2 as well :'(
Quote from: Chriso on July 01, 2007, 08:20 PM
No doubt there will be a better version of Warden on StarCraft 2 as well :'(
Uh, how is that even possible? I don't really see how they can improve on warden. They can change the way they check for any kinds of hacks at absolutely any time.
Always room for improvements.
Quote from: brew on July 01, 2007, 08:47 PM
Quote from: Chriso on July 01, 2007, 08:20 PM
No doubt there will be a better version of Warden on StarCraft 2 as well :'(
Uh, how is that even possible? I don't really see how they can improve on warden. They can change the way they check for any kinds of hacks at absolutely any time.
Perhaps by running it sooner? or more often...
Doesn't warden only check for hacks when you login? Technically, couldn't a hack be run after warden is responded to?
░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░
░░░░░░░░░░░░░░░░░██████░░░░██████░░░░░░░░░░░░░░░░
░░░░░░░░░░░░░░░░░░░░░██░░░░██░░░░░░░░░░░░░░░░░░░░
░░░░░░░░░░▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒░░░░░░░░
░░░░░░░░░░▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒░░░░░░░░
░░░░░░░░░░▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒░░░░██░░
░░░░░░░░░░▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒░░░░██░░
░░░░░░░░░░▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒░░██░░░░
░░░░░░░░░░▒▒▒▒▒▒▒▒▒▒██████████▒▒▒▒▒▒▒▒▒▒▒██░░░░░░
░░████████▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒░░░░░░░░░░
░░██░░░░░░░░▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒░░░░░░░░░░
░░██░░░░░░░░▒██▒▒▒████▒▒▒▒▒████▒▒▒██▒▒▒░░░░░░░░░░
░░██░░░░░░░░▒▒▒██▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒██▒▒▒▒▒░░░░░░░░░░
░████░░░░░░░▒▒▒▒▒██▒▒▒▒▒▒▒▒▒▒▒██▒▒▒▒▒▒▒▒░░░░░░░░░
░░▌▐░░░░░░░░▒▒▒▒▒▒▒██▒▒▒▒▒▒▒██▒▒▒▒▒▒▒▒▒▒░░░░░░░░░
░░▌▐░░░░░░░░▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒░░░░░░░░░
░░░░░░░░░░░░▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒░░░░░░░░░
░░░░░░░░░░░░▒▒▒▒▒▒▒▒▒▒▒▒░░▒▒▒▒▒▒▒▒░░░░░░░░░░░░░░░
░░░░░░░░░░░░▒▒▒▒▒▒░░░░░░░░▒▒▒▒▒▒▒▒░░░░░░░░░░░░░░░
░░░░░░░░░░░░▒▒▒▒▒▒░░░░░░░░▒▒▒▒▒▒▒▒░░░░░░░░░░░░░░░
░░░░░░░░░░░░▒▒▒▒▒▒░░░░░░░░░░▒▒▒▒▒▒░░░░░░░░░░░░░░░
░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░
Quote from: Chriso on July 02, 2007, 12:23 AM
Quote from: brew on July 01, 2007, 08:47 PM
Quote from: Chriso on July 01, 2007, 08:20 PM
No doubt there will be a better version of Warden on StarCraft 2 as well :'(
Uh, how is that even possible? I don't really see how they can improve on warden. They can change the way they check for any kinds of hacks at absolutely any time.
Perhaps by running it sooner? or more often...
Doesn't warden only check for hacks when you login? Technically, couldn't a hack be run after warden is responded to?
warden performs a check every 5 seconds.
I only ever receive one, unless they changed it?
Quote from: Chriso on July 02, 2007, 02:42 AM
I only ever receive one, unless they changed it?
Are you
responding correctly to the first packet? we're talking about what it does in starcraft, the actual game. After the first response (a single byte) a file is sent by battle.net, via BNCS protocol. Then after that, every 10 seconds or so another 0x5E packet is sent to you by battle.net. OK?
Quote from: brew on July 02, 2007, 11:44 AM
Quote from: Chriso on July 02, 2007, 02:42 AM
I only ever receive one, unless they changed it?
Are you responding correctly to the first packet? we're talking about what it does in starcraft, the actual game. After the first response (a single byte) a file is sent by battle.net, via BNCS protocol. Then after that, every 10 seconds or so another 0x5E packet is sent to you by battle.net. OK?
Oh okay I was unaware of that, that is kinda hard to work around then lol ;\