As I'm sure you've heard, between myself, Maddox, UserLoser, Telos, and TheMinistered, we have reversed the Warcraft 3 and War3xp login, and Maddox has written code which successfully implements it.
I'm just posting this here so people can confirm rumours they may of heard, and to open it up to discussion (because we're proud). I didn't put it in botdev, because we aren't really developing anything.
Anyway, thanks to everybody who helped with this, even if in a small way (Kane, Adron [for explaining __thiscall], and probably others).
There'll be more news in the future about what we're actually going to do with this information.
How long did it take you? And wasn't Skywing and Yoni the first ones to hash WAR3 and W3XP?
Quote from: LW-Falcon on May 16, 2004, 10:03 PM
And wasn't Skywing and Yoni the first ones to hash WAR3 and W3XP?
Yes, they reversed the new logon system over two years ago.
Quote from: LW-Falcon on May 16, 2004, 10:03 PM
How long did it take you? And wasn't Skywing and Yoni the first ones to hash WAR3 and W3XP?
I worked on it for about a week, but others were working it (with some effort) from about a week or two before that.
And at no point did I claim to be the first - although I think (though can't confirm) that we're the second.
Thanks to...
Userloser for telling us it was SRP and doing some dirty packet testing.
Telos for work on the CD-Key decode.
TheMinistered for his work on the interleaved session-key hash.
...and of course iago, for work on the session-key hash, providing over a hundred storm functions, and general collaboration and discussion.
Edit: iago always has a lowercase i.
Quote from: Maddox on May 16, 2004, 10:50 PM
Edit: iago always has a lowercase i.
haha, yeah.
Quote from: Spht on May 16, 2004, 10:09 PM
Quote from: LW-Falcon on May 16, 2004, 10:03 PM
And wasn't Skywing and Yoni the first ones to hash WAR3 and W3XP?
Yes, they reversed the new logon system over two years ago.
Bad math, it was released in July of 2002. Beta was different than the current login.
Quote from: Maddox on May 17, 2004, 01:30 AM
Quote from: Spht on May 16, 2004, 10:09 PM
Quote from: LW-Falcon on May 16, 2004, 10:03 PM
And wasn't Skywing and Yoni the first ones to hash WAR3 and W3XP?
Yes, they reversed the new logon system over two years ago.
Bad math, it was released in July of 2002. Beta was different than the current login.
They had reversed NLS v1.00 (beta) in March 2002, which helped lead to a very quick upgrade (couple hours) to NLS v1.01 in June.
Quote from: Spht on May 17, 2004, 06:11 PM
Quote from: Maddox on May 17, 2004, 01:30 AM
Quote from: Spht on May 16, 2004, 10:09 PM
Quote from: LW-Falcon on May 16, 2004, 10:03 PM
And wasn't Skywing and Yoni the first ones to hash WAR3 and W3XP?
Yes, they reversed the new logon system over two years ago.
Bad math, it was released in July of 2002. Beta was different than the current login.
They had reversed NLS v1.00 (beta) in March 2002, which helped lead to a very quick upgrade (couple hours) to NLS v1.01 in June.
Hah, I was only messing around with you because you seemed quick to point out we were late.
old news (like 1.5 days!) ;)
Good job iago. :)
Yes, congratulations. ;D
iago, I have the sorse coed. I hacked your phone modum with the knive, then stole it from your html.
J/k
This means Warcraft 3 bots with out BNLS, yay. ^^
Good job. 8)
Quote from: Vicious on May 17, 2004, 08:49 PM
iago, I have the sorse coed. I hacked your phone modum with the knive, then stole it from your html.
J/k
This means Warcraft 3 bots with out BNLS, yay. ^^
Good job. 8)
You should hack an english teacher, eh? (/flame)
Quote from: Vicious on May 17, 2004, 08:49 PM
iago, I have the sorse coed. I hacked your phone modum with the knive, then stole it from your html.
J/k
This means Warcraft 3 bots with out BNLS, yay. ^^
Good job. 8)
If he decides to release it to the public.
Quote from: Vicious on May 17, 2004, 08:49 PM
iago, I have the sorse coed. I hacked your phone modum with the knive, then stole it from your html.
J/k
This means Warcraft 3 bots with out BNLS, yay. ^^
Good job. 8)
Nothing wrong with BNLS. I don't understand why people get so biased about a remote hashing service. Makes no sense to me when I see people say "I will never use a remote hashing service like BNLS."
Wow, our post was 2 seconds apart lol. Alot of people don't like BNLS because they think its ALOT slower than local hasing, which is not true.
Quote from: LW-Falcon on May 17, 2004, 09:01 PM
Wow, our post was 2 seconds apart lol. Alot of people don't like BNLS because they think its ALOT slower than local hasing, which is not true.
It's definently not "a lot" slower. The CheckRevision algorithm which BNLS uses is about 6-7 times faster than the C implementation floating around. So depending on your ping to server, you'll possibly be getting even better performance when using it than when doing it locally.
It also depends on system speed. From a user standpoint, running the public CheckRevision() on my computer takes an undetectable amount of time - it appears to be instantaneous. I would have to programatically benchmark it to be able to get any idea of the difference.
Which is an insignificant difference unless you're one of those people who cares about a 1 millisecond or even less difference in speed or doing some kind of large-scale scienteific/mathematical calculations with it. ;)
I've never had a problem with using remote hashing. In fact, it makes things significantly easier to work with when you're testing a Battle.net client out, instead of having to deal with all the local hash function calls, and putting the hash files some place the bot can find them. It's faster just to use BNLS, and frankly easy and just as reliable.
Quote from: Mephisto on May 17, 2004, 09:58 PM
and frankly easy and just as reliable.
impossible
The fact that the server is remote , requires it to have an uptime for you to hash your stuff , so it therefore cannot be as reliable as doing it yourself.
How many times have you experienced the BNLS system is down? Not once for me, so I'd say its pretty reliable.
Quote from: LW-Falcon on May 17, 2004, 10:16 PM
How many times have you experienced the BNLS system is down? Not once for me, so I'd say its pretty reliable.
BNLS goes down quite often and when it does it's down for hours, but I'm not complaining. :p
BNLS goes down rarely, but it does. Besides, I'm happier to have options. Options are good, monopoly is evil :)
BNLS defeats the whole purpose of the login system they have in place, to increase security and protect against eavesdropping.
Another advantage of using BNLS is that it is kept updated for us by Skywing and Yoni. ;D
Quote from: Maddox on May 17, 2004, 10:35 PM
BNLS defeats the whole purpose of the login system they have in place, to increase security and protect against eavesdropping.
Actually there have been plans for a BNLS over a secured standard protocol with readily-available libraries useable from many languages, but it didn't seem like enough people would use it to justify the time (among other problems).
I just used it for the hashing, so i didnt have to deal with hash files, and did the password functions my self.
Quote from: Skywing on May 17, 2004, 11:05 PM
Quote from: Maddox on May 17, 2004, 10:35 PM
BNLS defeats the whole purpose of the login system they have in place, to increase security and protect against eavesdropping.
Actually there have been plans for a BNLS over a secured standard protocol with readily-available libraries useable from many languages, but it didn't seem like enough people would use it to justify the time (among other problems).
I think he meant that because BNLS requires your password and CD-Key when you connect to the server, and BNLS returns what you need to connect to Battle.net. Battle.net should be the only ones to see your CD-Key, and the purpose of hashing is to protect people from getting that information easily. With added implementation, creators of BNLS could easily log CD-Key, password, and account information and use it for whatever reasons. Though this is not really a concern for most people, it is for those paranoid people, and people who think that it's wrong for others to have that access to your information. But it hasn't proven to be any real threat/situation in the years BNLS has been around has it?
Kind of, I meant that battle.net goes through hoops to ensure that your password for Warcraft III is not only hashed but in a way that that protects against almost all dictionary/denning-sacco/eavesdropping sort of attacks, but it is all for nothing because you sent your password to BNLS in plain text.
I don't doubt the integrity of Skywing and Yoni operating the server.
Quote from: Mephisto on May 18, 2004, 12:31 AM
Quote from: Skywing on May 17, 2004, 11:05 PM
Quote from: Maddox on May 17, 2004, 10:35 PM
BNLS defeats the whole purpose of the login system they have in place, to increase security and protect against eavesdropping.
Actually there have been plans for a BNLS over a secured standard protocol with readily-available libraries useable from many languages, but it didn't seem like enough people would use it to justify the time (among other problems).
I think he meant that because BNLS requires your password and CD-Key when you connect to the server, and BNLS returns what you need to connect to Battle.net. Battle.net should be the only ones to see your CD-Key, and the purpose of hashing is to protect people from getting that information easily. With added implementation, creators of BNLS could easily log CD-Key, password, and account information and use it for whatever reasons. Though this is not really a concern for most people, it is for those paranoid people, and people who think that it's wrong for others to have that access to your information. But it hasn't proven to be any real threat/situation in the years BNLS has been around has it?
Like Skywing said, which you seem to misinterpret, is that not enough bot developers were interested enough in supporting a secure login to BNLS, so Skywing never botherd to take the time to implemented it.
Granted - but that doesn't change the fact that you're sending keys in plaintext. Just because more people think something's right doesn't make it right (that's why democracy is wrong) :)
I wish more people would be interested in a secure BNLS protocol. I would definitely like to see it made. I like the idea of BNLS because it is a good way to keep idiots from using my bot inappropriately.
I second that.
Quote from: Tuberload on May 18, 2004, 03:36 PM
I wish more people would be interested in a secure BNLS protocol. I would definitely like to see it made. I like the idea of BNLS because it is a good way to keep idiots from using my bot inappropriately.
How does BNLS keep people from misusing your bot? Isn't it's only purpose to log on to Battle.net without needing the files or the protocol to do so yourself?
Quote from: Dyndrilliac on May 22, 2004, 06:24 PM
Quote from: Tuberload on May 18, 2004, 03:36 PM
I wish more people would be interested in a secure BNLS protocol. I would definitely like to see it made. I like the idea of BNLS because it is a good way to keep idiots from using my bot inappropriately.
How does BNLS keep people from misusing your bot? Isn't it's only purpose to log on to Battle.net without needing the files or the protocol to do so yourself?
Simple, I don't release it with my BNLS ID/Password. I make them supply their own. If they cant get a BNLS ID that's their problem.
I was told one day a reason that BNLS is allowed is because it provides a method for controlling Binary Gateway access. This way if people abuse my bot they will get shut down, not everyone else as well.
What's up with all the ranting and raving? Why can't you guys ever just give a simple, "Good work!"? -- That's my 2cents! :)