Is there somewhere or some way I can find out how battle.net's modified SHA-1 is different from the original?
Look at how a bot's SHA-1 hashing function works, then look at the FIPS 180-1 (The real SHA-1 Standard), which is available here: http://www.itl.nist.gov/fipspubs/fip180-1.htm
Basically they mixed up the operands to the bit shifting/rotating functions. Instead of rotating X by Y, they rotate Y by X (for example, instead of rotating 0xbaaaad00 7 steps to the right, making 0175555A, they rotate 0x00000007 0xbaaaad00 steps to the right, making 0x00000007). You should notice that this most probably greatly reduces the security of the algorithm.
Quote from: Adron on October 15, 2003, 05:42 PM
You should notice that this most probably greatly reduces the security of the algorithm.
Do you have any idea why this was done?
Quote from: c0ol on October 21, 2003, 08:03 PM
Quote from: Adron on October 15, 2003, 05:42 PM
You should notice that this most probably greatly reduces the security of the algorithm.
Do you have any idea why this was done?
To make it harder to guess, I would imagine, so people can't just use an out-of-the-box SHA-1 algorithm
Maybe they did it by mistake, which would be typical of Blizzard... (Although now that I think of it, not so typical of the "old" Blizzard programmers who wrote this code to begin with.) Nobody really knows why.
If they had a macro with two arguments to do the actual rotate, and the arguments weren't named properly, rotating the wrong thing would be an easy mistake to make. And you wouldn't notice it unless you either checked the output with a reference implementation or carefully traced the code and checked the intermediate values. Both generate a random-looking output.
well if they wanted to use the standard SHA-1, wouldn't they just use a premade function?
Quote from: c0ol on October 22, 2003, 05:01 PM
well if they wanted to use the standard SHA-1, wouldn't they just use a premade function?
Blizzard's had a long history of insisting on doing things "the hard way" by reinventing the wheel. They've also had a long history of reinventing the wheel incorrectly, as in this case.
Quote from: Skywing on October 22, 2003, 05:24 PM
Quote from: c0ol on October 22, 2003, 05:01 PM
well if they wanted to use the standard SHA-1, wouldn't they just use a premade function?
Blizzard's had a long history of insisting on doing things "the hard way" by reinventing the wheel. They've also had a long history of reinventing the wheel incorrectly, as in this case.
Don't forget, they design their stuff to be platform-independant, so they'll often write their own to make sure it runs the same.
Not that that's an excuse for doing it the hard way, but eh? :)
Quote from: Yoni on October 22, 2003, 01:48 AM
Maybe they did it by mistake, which would be typical of Blizzard... (Although now that I think of it, not so typical of the "old" Blizzard programmers who wrote this code to begin with.) Nobody really knows why.
Actually, silly typo related mistakes abound in the old Blizzard code. Diablo is a great example of this; to this day, the spell Flash does incorrect damage because someone typed '2' instead of '20' in one of the equations, and they refuse to fix it even though people have told them exactly where the flaw is. Similarly, many perfectly functional bosses fail to appear because of mistakes in entering the appropriate dungeon level.
Quote from: iago on October 22, 2003, 05:31 PM
Quote from: Skywing on October 22, 2003, 05:24 PM
Quote from: c0ol on October 22, 2003, 05:01 PM
well if they wanted to use the standard SHA-1, wouldn't they just use a premade function?
Blizzard's had a long history of insisting on doing things "the hard way" by reinventing the wheel. They've also had a long history of reinventing the wheel incorrectly, as in this case.
Don't forget, they design their stuff to be platform-independant, so they'll often write their own to make sure it runs the same.
Not that that's an excuse for doing it the hard way, but eh? :)
Virtually all of these things had free implementations available that are much more portable than Blizzard's.
Oh, and don't forget their broken UTF-8 processing (violates standard and introduces security holes by processing redundant encodings).
How about the fact that I log on with Brood War using 0x07?
Quote from: St0rm.iD on October 22, 2003, 07:26 PM
How about the fact that I log on with Brood War using 0x07?
That's being lazy, which is something completely different. Someone who is lazy would probably not want to spend so much time writing things already written.