Valhalla Legends Archive

Excellent, I see these values and understand how it works now. Thanks very much for everyone's help.

Thanks for the information.
How were the seed values initially determined for the mpqs? I am interested in the process of determining them myself at runtime.

Hello,

When logging in to battle.net, the client is told the name of an MPQ file (IX86ver1-7.mpq for the IX86 platform for example), which is then downloaded (if not already in bncache), and some checksum of this file is then used in the challenge calculation in SID_AUTH_CHECK. In all implementations of CheckRevision that I have seen, the programmer uses a hardcoded list of checksums for these files.

How are those checksums generated? I have tried taking the CRC32 of the mpq file, but that doesn't match. Neither is it the CRC32 of the file contained within the MPQ file. I am very interested if anyone knows what process is used to generate these values. Hopefully someone has knowledge of this area that they can share.

Thanks for your help!

I posted about the 0xAE and 0x66 packets in the "D2GS Packet Research" thread. It's complex hack-detection, not a checksum.

Diablo II is now a windows service, I hear, so WPE can't attach to it easily. There are tricks you can do to work around this, but I don't recommend using non-transparent packet senders/sniffers for safety reasons. Although it's unlikely that Blizzard would care about it, they could detect WPE now if they chose to.

Blizzard's new anti-hack system called "Warden" was patched into D2 in 1.11 (I believe it was also added to WoW in 1.6.1). A search for the string literal "WardenClient.cpp" in D2client.dll or WoW.exe will show this.

Warden requests are encrypted with RC4 and sent in the payload of the 0xAE packet. The client responds with an RC4 encrypted response in the 0x66 packet. The requests generally contain a list of DLLs to look for in memory (d2jsp, d2hackit, r2d2, d2maphack), and the replies state whether they were found or not.

Be aware that Warden downloads up-to-date anti-hack code upon game connection (the first 0xAE packet has the name of such a ".mod" file), and blizzard can transparently change this server-side without a clientside patch. So far I have only seen one such .mod file and it contains code that allows them to search for DLLs such as the ones I listed above.

They have also added memory-checking capabilities to the (received)0x8F and (sent)0x6D packet pair.