Valhalla Legends Archive

QuoteThe server stores the Identifier (I) and salt (s), it does NOT store the password. It stores a password verifier (v) which is generated using the password. So it's safe.
The username is actually sent to you by the server. I would assume this is done to allow you to change your email address in the future.
You send the e-mail and your random (A), and it returns the associated Identifier (I) and salt (s) as well as it's random (B)
So, in order to 'sniff' the protocol, you need 2 things.
a - a random number generated by the client which is never sent over the wire.
N - The unique modulus for use in SRP, this is in Password.dll somewhere.
g - The generator used in SRP, this is also in Password.dll somewhere

yea i read the documentation, it says the server stores the password, but you are probably right, they store a hash(v), not the password.
you say "you send the email and your random(A)" ... which means A hits the wire. The server returns I, s and B, so they hit the wire too.
now all thats missing is N and g, which are fixed values/functions and can be found in password.dll.

is this right?

as i understood it, the server stores then (pre-shared) username and password and a salt and when the client establishes the connection, it sends the salt. now if i knew the username and password and could sniff the salt, couldnt i create the shared session key which would let me decrypt the traffic?

(i am not very good with crypto stuff)

is it a pre-shared key?

so can it be decrypted only by watching network packets?

looks encrypted to me, perhaps same as d2?

rob, your code segfaults on 64 bit linux, i posted that already i think

heh nice work, if it works.

i didnt care to simplify it, i just took the c function and translated it line by line (more or less)

in case someone is interested...

    def checksum(self, data):
        """ calculates the battle.net udp checksum
            in: data(str), checksum doesnt matter
            out: cksum(str)
        """
        sum1=0
        sum2=0
       
        buf="\x00\x00" # null checksum
        buf+=data[6:] # dont copy leading 4 zeroes and old checksum
   
        for i in range(len(buf), 2, -1):
            sum2+=ord(buf[i-1])
            if sum2>0xff:
                sum2-=0xff
            sum1+=sum2
       
        subsum=long( ((sum2&0xff)<<8) | ((sum1%0xff) & 0xff) )
        a=long( 0xff - ((subsum&0xff) + (subsum>>8)) % 0xff )
        b=long( ((((0xff - (a+(subsum>>8))%0xff) &0xff) | (a<<8))) )
        ret=""
        ret+=chr(b&0x00ff)
        ret+=chr((b&0xff00)>>8)
       
        return ret


thepro, i have been using the bncs lockdown revision on linux for quite some time, it works well on 32bit.
(and it doesnt compile in 64 bit sadly)
robs lockdown lib doesnt work in 64 bit either (http://forum.valhallalegends.com/index.php?topic=17924.0)

i just posted a link to the ready module...

my conversion of the bncsutil function:

import struct
import bsha1

def doubleHashPassword(password, clienttoken, servertoken):
    b1=bsha1.bsha()
    b1.update(password)
    b2=bsha1.bsha()
    b2.update(struct.pack("I", clienttoken)+struct.pack("I", servertoken)+b1.digest())
    return b2.digest()


works with the bsha1 module i posted here:

http://forum.valhallalegends.com/index.php?topic=17932.0

ah okay i was just looking at the bncsutil source and realised that its the same old bsha1

i am looking for the python code.

(before a flaming starts again, this is just a kind question, i am not expecting anyone to do anything for me. if nobody has done this yet, i will convert some c code on my own. no offense.)

i didnt expect this thread to become so ugly.
to make some things clear: i dont expect anything from anyone.
i was just asking if someone *had already* ported it, so that i could save some time. if not, fine, bad luck, i will do it myself.

i dont like the bnls/jnls route because i dont like relying on other peoples servers running if i can avoid it. i have been having problems with bnls servers going down/not responding, etc. and i dont like the idea that i send my cleartext cdkeys to some private persons computer in cleartext (thats why i always just did the revision check over bnls)

i dont remember the name of the one who said i need to understand code before i use it... well dude, you are wrong. if i read all the code that i use from libraries, i'd be a grandma before even having read 1%. and libraries are made for re-use without having to know the internals, arent they?
i am not having a problem with sitting down and understanding things thorougly, if thats what you mean.

i was wondering if someone could save me the work, anything wrong about it?