Quote from: iago on September 18, 2004, 04:24 PM
Quote from: Laff on September 18, 2004, 12:41 PM
i'm trying to port the java into c++ but i'm running into trouble with finding the equivalent way to do messagedigest.update. i'm looking into the classes right now. if anyone can help, i'd appreciate it.
It's standard SHA-1.
Look at this: It's an example of someone using code that has actually been released instead of using stolen code. It gets you help from the author, and a good reputation on the forum.
Adron, im not going to lie... i couldnt even if i wanted too my java and c++ skills are minimal i will continue using NLS.dll as im sure others will until a better alternitive is released to the public
Except that NLS.DLL isn't public
EDIT: isn't that why BNLS is there?
What I'm hearing is, "I'm too lazy to learn, so I'd rather cheat".
And good job, Adron :D
Quote from: NetNX on September 19, 2004, 10:25 AM
Adron, im not going to lie... i couldnt even if i wanted too my java and c++ skills are minimal i will continue using NLS.dll as im sure others will until a better alternitive is released to the public
Very well. Don't expect much help from us.
Jeez you spammed the entire forums with your questions regarding NLS.dll I suggest we put them in a cute little bundle and send them straight to the trash can where it belongs.
yeh well i don't like using stolen code, which is why i'm attempting to adapt other public code. i've never heard of nls.dll, and don't want to use bnls, and would like to have standalone code over someone else's library anyway. if i get it to work, i'll gladly post it giving the REAL authors (not me) their due.
Not you. I commend you. The other fool using NLS.dll
oh i was directing that to adron for the original post. i also hate when people rather take the easy shortcut than actually learn something. go figure that if he ever releases his bot that he will give the original authors of that stolen library their props.
Quote from: NetNX on September 19, 2004, 10:25 AM
Adron, im not going to lie... i couldnt even if i wanted too my java and c++ skills are minimal i will continue using NLS.dll as im sure others will until a better alternitive is released to the public
That's no excuse, when I had hardly any knowledge of C-style syntax'd languages (minus PHP) I was still able to port bnetauth.dll to Visual Basic in a couple of days. iago's Warcraft III Java code would probably be a bit more difficult, but I'm sure if you have any general programming syntax knowledge, and an internet browser that can access google, you'll be fine. I think the whole thing is you're just too lazy and would rather it be done for you.
Laff: The difference is that, if you're using my Java code, you're using code that I intentionally and knowingly released into public domain with the permission of all appropriate people (the people who originally wrote the C code and helped me reverse it gave me permission to port the C to Java). I think that's perfectly fine, it's why I work in OpenSource, because I like people being helped.
Quote from: iago on September 19, 2004, 07:48 PM
Laff: The difference is that, if you're using my Java code, you're using code that I intentionally and knowingly released into public domain with the permission of all appropriate people (the people who originally wrote the C code and helped me reverse it gave me permission to port the C to Java). I think that's perfectly fine, it's why I work in OpenSource, because I like people being helped.
I love the open source SRP Java code, in fact I have learned a great deal from it. If you bother to learn, it makes a huge difference. iago hasn't been given enough credit for doing this and being so kind about it.
Quote from: Minus on September 19, 2004, 09:57 PM
Quote from: iago on September 19, 2004, 07:48 PM
Laff: The difference is that, if you're using my Java code, you're using code that I intentionally and knowingly released into public domain with the permission of all appropriate people (the people who originally wrote the C code and helped me reverse it gave me permission to port the C to Java). I think that's perfectly fine, it's why I work in OpenSource, because I like people being helped.
I love the open source SRP Java code, in fact I have learned a great deal from it. If you bother to learn, it makes a huge difference. iago hasn't been given enough credit for doing this and being so kind about it.
<3
Actually, if you read up on RSA and other Private Key Cryptography, you'll see a lot of similarities to SRP.
I looked at the source code briefly when it was first leaked. The biggest thing I learned is that I need to find out how to use BigInteger, and find out if there's an equivalent on the Mac side, or if not, figure out how to write my own.
I'm sure it's not hard... I just don't have the time for it at the moment.
Quote from: tA-Kane on September 20, 2004, 03:10 PM
I looked at the source code briefly when it was first leaked. The biggest thing I learned is that I need to find out how to use BigInteger, and find out if there's an equivalent on the Mac side, or if not, figure out how to write my own.
I'm sure it's not hard... I just don't have the time for it at the moment.
There are several cross platform open source implementations you could use; specifically, MAPM (http://www.tc.umn.edu/~ringx004/mapm-main.html) and GMP (http://www.swox.com/gmp/)
Or you could write your own. I started writing one a while back and just now got around to finishing it it off. My division algorithm is rather slow though.
It's probably comparable to Blizzard's, which I'm told is considerably slower than public versions.
Quote from: iago on September 20, 2004, 04:10 PM
It's probably comparable to Blizzard's, which I'm told is considerably slower than public versions.
Actually, Blizzard's is far faster than any public (in source code form) CheckRevision implementation I know of. Faster as in tens or hundreds of times faster.
Quote from: Skywing on September 20, 2004, 05:29 PM
Quote from: iago on September 20, 2004, 04:10 PM
It's probably comparable to Blizzard's, which I'm told is considerably slower than public versions.
Actually, Blizzard's is far faster than any public (in source code form) CheckRevision implementation I know of. Faster as in tens or hundreds of times faster.
I think we're talking about their BigInteger class?
Quote from: K on September 20, 2004, 05:58 PM
Quote from: Skywing on September 20, 2004, 05:29 PM
Quote from: iago on September 20, 2004, 04:10 PM
It's probably comparable to Blizzard's, which I'm told is considerably slower than public versions.
Actually, Blizzard's is far faster than any public (in source code form) CheckRevision implementation I know of. Faster as in tens or hundreds of times faster.
I think we're talking about their BigInteger class?
Whoops. Yes, in that case just about everything is faster than the version Blizzard uses.
Quote from: iago on September 19, 2004, 10:54 PM
Actually, if you read up on RSA and other Private Key Cryptography, you'll see a lot of similarities to SRP.
I thought RSA & SRP were forms of
public key encryption?
Wow, I have been gone awhile been very busy with school and stuff come back to see there is a new .dll? What does it do? i have read up some on the forums and gather:
1. something to do with warcraft 3.
2. was stolen.
3. some moron now uses it.
4. it is used in bnls?
Not sure so please inform me so i can be up to date with current events
Quote from: dxoigmn on September 20, 2004, 06:47 PM
Quote from: iago on September 19, 2004, 10:54 PM
Actually, if you read up on RSA and other Private Key Cryptography, you'll see a lot of similarities to SRP.
I thought RSA & SRP were forms of public key encryption?
Same thing. It's "Private/Public Key" encryption :-P
Michael, all right except for 4.
Quote from: iago on September 20, 2004, 10:21 PM
Same thing. It's "Private/Public Key" encryption :-P
Lies!!!
How exactly is code leaked? I mean someone would have to hax your computer to get to it?
Or did someone you trust leak it...
HL2...
Quote from: bethra on September 21, 2004, 03:46 PM
How exactly is code leaked? I mean someone would have to hax your computer to get to it?
Or did someone you trust leak it...
Reputedly, someone picked a bad password to protect their things.
Quote from: bethra on September 21, 2004, 03:46 PM
How exactly is code leaked? I mean someone would have to hax your computer to get to it?
Or did someone you trust leak it...
HL2...
To switch your post around a bit which should answer your question.
How exactly are houses broken into.
It was on a friend's computer, who we won't bother naming right now. But he went on vacation with VNC running, and a lousy password on it. Many people knew his ip and the password, and any of them could have taken it. It ended up in the hands of somebody called "gosugaming" who eventually used it to blackmail me into unbanning him from vL's channel. Of course I didn't, so he released it, and now he has no blackmail material.
Anyway, most good people aren't using it, out of respect. There is a Java version I wrote and released, and if people can work with that, then that's all the better.
Quote from: iago on September 21, 2004, 04:10 PM
It was on a friend's computer, who we won't bother naming right now. But he went on vacation with VNC running, and a lousy password on it. Many people knew his ip and the password, and any of them could have taken it. It ended up in the hands of somebody called "gosugaming" who eventually used it to blackmail me into unbanning him from vL's channel. Of course I didn't, so he released it, and now he has no blackmail material.
Anyway, most good people aren't using it, out of respect. There is a Java version I wrote and released, and if people can work with that, then that's all the better.
BOOOOOOO, omg. I'm going to change all my passwords now... they are stupid... but then again, I don't have anything of value except my CDKeys and pr0n ^_^
Yeah, I wouldn't use NLS if I had it. I've almost done the logon sequence!!!! yay. I started it awhile ago and got frustrated so I stopped, but I just started up again and I'm getting the hang of it now. Don't flame... I know... I'm noob...
Packet loggers help alot. I'm using WEPro b/c it was alot easier for me to use... I mean I installed it and could easily figure out how to use it. Ethereal is suppose to be better but I couldn't quit figure out all that settings stuff...
and also, what is the easier way, logging on with SHA-1 or WC3?
Quoteand also, what is the easier way, logging on with SHA-1 or WC3?
I don't think SHA-1 is a game client. :P
Quote from: hismajesty[yL] on September 21, 2004, 05:31 PM
Quoteand also, what is the easier way, logging on with SHA-1 or WC3?
I don't think SHA-1 is a game client. :P
well it represents a group of clients... the way they logon... I think.
Quote from: bethra on September 21, 2004, 06:00 PM
Quote from: hismajesty[yL] on September 21, 2004, 05:31 PM
Quoteand also, what is the easier way, logging on with SHA-1 or WC3?
I don't think SHA-1 is a game client. :P
well it represents a group of clients... the way they logon... I think.
But they (SHA-1 and WC3) are not mutually-exclusive.
do they use srp without any modification?
WEll, i would say choose the method that best suits your level of programing.
Quote from: -MichaeL- on September 20, 2004, 09:31 PM
Wow, I have been gone awhile been very busy with school and stuff come back to see there is a new .dll? What does it do? i have read up some on the forums and gather:
1. something to do with warcraft 3.
2. was stolen.
3. some moron now uses it.
4. it is used in bnls?
Not sure so please inform me so i can be up to date with current events
Simply hashes Warcraft III for you, but it was stolen and out of respect for the people who spent so much time working on it you shouldn't use it. For example iago did alot of reversing, and although he thinks in ASM, I am sure it was boring as hell.
Quote from: $t0rm on September 21, 2004, 07:52 PM
do they use srp without any modification?
No, they made a couple small changes (mistakes?) in their implementation. It's very close, though.
Quote from: Minus on September 22, 2004, 10:39 AM
Quote from: -MichaeL- on September 20, 2004, 09:31 PM
Wow, I have been gone awhile been very busy with school and stuff come back to see there is a new .dll? What does it do? i have read up some on the forums and gather:
1. something to do with warcraft 3.
2. was stolen.
3. some moron now uses it.
4. it is used in bnls?
Not sure so please inform me so i can be up to date with current events
Simply hashes Warcraft III for you, but it was stolen and out of respect for the people who spent so much time working on it you shouldn't use it. For example iago did alot of reversing, and although he thinks in ASM, I am sure it was boring as hell.
It wasn't boring, it was fun. I did the reversing, then didn't even bother putting the code into my bot for a couple months, because I didn't reallyc are about logging on with war3, I just wanted the fun of reversing it :)
so basicly nls.dll is everything you need to make a bot load war3? also isnt there some way you can umm get justice for them stealing your hard work. it would piss me off greatly if someone stole my work before it was even released. but if i released it public i guess i would have to put up with that becuase dont make it public if you don't want people useing your codes.
Quote from: -MichaeL- on September 22, 2004, 03:16 PM
so basicly nls.dll is everything you need to make a bot load war3? also isnt there some way you can umm get justice for them stealing your hard work. it would piss me off greatly if someone stole my work before it was even released. but if i released it public i guess i would have to put up with that becuase dont make it public if you don't want people useing your codes.
Suggestions? Somebody got Bsd to DDoS his site for a couple hours, but that didn't change anything.
There's nothing we can do except not help people who can't use it. If somebody wants to use my Java version, I'll help them with it. If they're trying to convert the Java version to another language, I'll help them. But if they're using the stolen version, I'm not going to help them.
thats cool, iago i was woundering if you had any spare time to help me learn java :(
Quote from: -MichaeL- on September 22, 2004, 05:32 PM
thats cool, iago i was woundering if you had any spare time to help me learn java :(
If you read my reply to your question in the Java forum, you should be well on your way to learning the language.
By stealing the dll, people have sunk to a new low. By using the dll, the people deserve to be shot.
Quote from: Kk)Blaze(kK on September 22, 2004, 08:02 PM
By stealing the dll, people have sunk to a new low. By using the dll, the people deserve to be shot.
I wouldn't exactly say "new".
The authors expected to release the source to NLS.dll at some point or another. iago. has done so in a manner of speaking by providing it in Java form.
They were not planning on charging for its use, either.
Tell me, Blaze, do you have
any pirated software on your computer
whatsoever, that you did not pay to license?
ohhh I DO.
I don't!!
Well, not on Linux anyway.
iago has some uh... "stuff" on his FTP ^_^
Quote from: $t0rm on September 21, 2004, 07:52 PM
do they use srp without any modification?
They use an optimized SRP. It's not the out-of-the-box SRP implementation you'll find on the Stanford website. It's also not the latest version, although I believe WoW is.
Quote from: Maddox on September 25, 2004, 01:14 AM
Quote from: $t0rm on September 21, 2004, 07:52 PM
do they use srp without any modification?
They use an optimized SRP. It's not the out-of-the-box SRP implementation you'll find on the Stanford website. It's also not the latest version, although I believe WoW is.
I guess the jerk who stole the NLS stuff from sneakcharm blew our chance of ever seeing hash support for that >:(. Am I right?
Quote from: Maddox on September 25, 2004, 01:14 AM
Quote from: $t0rm on September 21, 2004, 07:52 PM
do they use srp without any modification?
They use an optimized SRP. It's not the out-of-the-box SRP implementation you'll find on the Stanford website. It's also not the latest version, although I believe WoW is.
Based on how slow their implementation is, I think you'd call it a de-optimized SRP...
In any case, none of their implementations are truly standard compliant due to bugs or nonstandard implementation decisions.
Quote from: Skywing on September 25, 2004, 01:01 PM
Quote from: Maddox on September 25, 2004, 01:14 AM
Quote from: $t0rm on September 21, 2004, 07:52 PM
do they use srp without any modification?
They use an optimized SRP. It's not the out-of-the-box SRP implementation you'll find on the Stanford website. It's also not the latest version, although I believe WoW is.
Based on how slow their implementation is, I think you'd call it a de-optimized SRP...
In any case, none of their implementations are truly standard compliant due to bugs or nonstandard implementation decisions.
I wasn't refering to their implementation speed. If you look on the Stanford SRP site you'll see they call Blizzard's message order "optimized" because it cuts down on the number of packets needed.
Quote from: Maddox on September 26, 2004, 01:48 AM
Quote from: Skywing on September 25, 2004, 01:01 PM
Quote from: Maddox on September 25, 2004, 01:14 AM
Quote from: $t0rm on September 21, 2004, 07:52 PM
do they use srp without any modification?
They use an optimized SRP. It's not the out-of-the-box SRP implementation you'll find on the Stanford website. It's also not the latest version, although I believe WoW is.
Based on how slow their implementation is, I think you'd call it a de-optimized SRP...
In any case, none of their implementations are truly standard compliant due to bugs or nonstandard implementation decisions.
I wasn't refering to their implementation speed. If you look on the Stanford SRP site you'll see they call Blizzard's message order "optimized" because it cuts down on the number of packets needed.
They don't do this safely, though. For instance, when changing your password you tell the server what your new password is before the server proves that it knows your old password.
Speaking of safety, on your implementation do you verify the server's proof in the second packet they send back? I'm thinking of adding that to my code, just to make sure I'm not connecting to a fake server :)
I'm also thinking of checking the hash of the server's ip properly some time.
Quote from: iago on September 26, 2004, 01:30 PM
Speaking of safety, on your implementation do you verify the server's proof in the second packet they send back? I'm thinking of adding that to my code, just to make sure I'm not connecting to a fake server :)
I'm also thinking of checking the hash of the server's ip properly some time.
Of course. That's what BNLS_CONFIRMLOGON is for -- to confirm that the server really knows the password.
Quote from: iago on September 26, 2004, 01:30 PM
Speaking of safety, on your implementation do you verify the server's proof in the second packet they send back? I'm thinking of adding that to my code, just to make sure I'm not connecting to a fake server :)
I'm also thinking of checking the hash of the server's ip properly some time.
Yes.
Quote from: Spht on September 26, 2004, 02:19 PM
Quote from: iago on September 26, 2004, 01:30 PM
Speaking of safety, on your implementation do you verify the server's proof in the second packet they send back? I'm thinking of adding that to my code, just to make sure I'm not connecting to a fake server :)
I'm also thinking of checking the hash of the server's ip properly some time.
Of course. That's what BNLS_CONFIRMLOGON is for -- to confirm that the server really knows the password.
Well, the thing is that I've never programming anything that uses bnls, or even read the documentation for it, so i didn't know that.
Thanks, though, I was curious about that. It's an easy change to make, but I'm working on other stuff
I am done porting the Java code to C++ and once I figure out one last thing it should be ready for me to use, without any objections from any authors. I suggest alot of other people do the same f***ing thing too to avoid this mess again. Because trust me, it's not that hard to port it to C++ since it was ported from C++ to Java to begin with. So far I've only done the CD key decode, but I hope if I get this working 100% I'll try and port the SRP over too. Therefore my work will be objection free from all people who want the message across that using stolen code is wrong.
Edit: Yes iago helped me a bit, because he is the best !!