Valhalla Legends Archive

LoL, I figured out that the code posted wasn't the problem -- my code was   

Quote from: Ringo on March 31, 2008, 08:01 AM

If I didnt know better, I would say replaced is aka NeSucks trying to get his load/flood bot working again


lol


I can think of better ways of fixing a loop that never exits


replaced: As said above, try reading the documentation iago posted, to gain a better understanding of the process rather than just copying the code andy posted.

haha to late newb, I already got warden working and its going to be implemented in my bot.

LISTEN UP PPL, ringo has cracked the sc key algorithm and i got keys from him 
thx ringo now i got 9k working sc

ringo liked to scan the product 2 keys

I need warden in genocide so other ppl can load to, I just use war3 and d2 keys right now

New problem,

it does respond to warden but something now happens that never happened before-

My bot freezes!  It NEVER has before and now does every time!

WOOHOO

FINALLY IT WORKS LOL

NOW THIS NIGHTMARE IS OVER 

I get EXACTLY 4 msg boxes of  "001"
I get EXACTLY 3 msg boxes of  "002"

It does the loop 3 times but at the 4th loop it stops the code "RtlMoveMemory addr(i), bRet(lPos), 4"


EDITTED - FIXED

NOW I GOT ANOTHER PROBLEM 


13  63.240.202.126:6112  192.168.0.100:6178  41  Recv 
0000  FF 5E 29 00 6B 75 E8 53 D6 F0 A1 5E FF F6 3B BE    .^).ku.S...^..;.
0010  58 D7 F3 A5 A3 05 B8 6F D2 30 0B 1A C0 87 1C B4    X......o.0......
0020  78 AD 2B C3 D2 BA 16 2E D3                         x.+......

14  192.168.0.100:6178  63.240.202.126:6112   5  Send 
0000  FF 5E 05 00 A5                                     .^...

15  63.240.202.126:6112  192.168.0.100:6178  28  Recv 
0000  FF 5E 1C 00 DA 64 C7 09 D4 9E 6B B1 E8 35 AE F4    .^...d....k..5..
0010  3B 3D 64 44 79 35 79 F6 E2 8B 8F FE                ;=dDy5y.....

16  192.168.0.100:6178  63.240.202.126:6112   82  Send 
0000  FF 5E 52 00 00 84 5E 0C 74 05 E8 F6 54 F9 FF 8B    .^R...^.t...T...
0010  76 04 85 00 00 83 00 00 00 8B 55 08 00 00 A3 68    v.........U....h
0020  CC 59 00 E8 DF 23 00 07 82 72 F7 B8 F7 17 A9 FE    .Y...#...r......
0030  90 70 07 99 D5 39 5B 5F 06 1B 25 D4 6D 4D F9 6A    .p...9[_..%.mM.j
0040  DD A0 5A 44 FB F7 8A AF C9 27 87 C7 41 24 E1 DB    ..ZD.....'..A$..
0050  4B 00                                              K.


DISCONNECT AFTER RESPONDING TO THE SECOND WARDEN REQUEST

Quote from: Hdx on March 30, 2008, 11:02 PM
What happens when you get to the 2nd opcode? Are you decoding it correctly?
Are you sure that your crypto states are being saved over multiple packets?

I guess i'm going to have to painfully put msgboxes all over the place to find out where it stops 

I think my crypto states are being saved over multiple packet, I got them publicly declared.  I'll see where it stops and check the values of the variables that I got.

editted, success!!

the entire problem was due to

Private cWarden         As New clsWarden

not being placed on the same module where my send 0x51 packet is


but now I get this...

10 63.240.202.126:6112  192.168.0.100:5753  41  Recv 
0000  FF 5E 29 00 2C C4 81 EA 60 3B B1 C6 12 F2 E0 A8    .^).,...`;......
0010  C7 FB CA 10 55 9C E4 93 B0 61 8A BA 8C 6B A3 FA    ....U....a...k..
0020  EA 12 9E AE 44 F9 E0 17 8E                         ....D....

11  192.168.0.100:5753  63.240.202.126:6112   5  Send 
0000  FF 5E 05 00 51                                     .^..Q

12  63.240.202.126:6112   192.168.0.100:5753  28  Recv 
0000  FF 5E 1C 00 E8 2D 91 03 78 6F 1C A2 AD DD C6 97    .^...-..xo......
0010  CB 6C 74 6C 5A BA 15 DC B8 12 66 2E                .ltlZ.....f.


Now my bot won't respond to the second warden packet, why?

Quote from: Andy on March 30, 2008, 05:42 PM
GetNull gets all the data from the current read position on. In your example it would be the second one, without the 4 byte header. You should at least read the documentation iago posted before trying to adapt my code.

Where's the documentation??

The 4 byte header one still gives me THE WRONG bRet(0)!

Maybe I got the code to initialize wrong

here's my code

   
Public Function Send0x51(datA As String)
AccountHash = String(20, vbNullChar)

    cWarden.Initialize Left$(AccountHash, 4)
    cWarden.StrToByteArray cWarden.GetBytes(&HF), bRet()
    cWarden.SimpleCrypt bRet(), wKeyOut()
    cWarden.StrToByteArray cWarden.GetBytes(&HF), bRet()
    cWarden.SimpleCrypt bRet(), wKeyIn()

In making the packet...
            .InsertDWORD &H0
           .InsertDWORD Len(CDKey)
            .InsertDWORD lngProdID
            .InsertDWORD lngValue1
            .InsertDWORD &H0
            .InsertNonNTString AccountHash


Am I suppose to use the AccountHash??

  sData = Mid$(datA, 5)
  cWarden.StrToByteArray sData, bData()
        'problem below
  cWarden.DoCrypt bData(), wKeyIn(), bRet()
      MsgBox ("HI3")

Right now it won't pass  cWarden.DoCrypt bData(), wKeyIn(), bRet()

msgbox("HI3") doesn't come up, ill now place msgboxes in docrypt and see where it stops

PROBLEM FOUND!

Public Sub DoCrypt(ByRef bData() As Byte, ByRef bKey() As Byte, ByRef bRet() As Byte)
Dim i      As Long
Dim temp   As Byte
Dim Y      As Long
Dim Z      As Long
  ReDim bRet(UBound(bData))
  RtlMoveMemory bRet(0), bData(0), UBound(bData) + 1
   MsgBox ("yes0")
     'msg box DOES COME UP
  Y = bKey(&H100)
  MsgBox ("yes1")
  'msg box does NOT COME UP
  Z = bKey(&H101)
  For i = 0 To UBound(bData)
    Y = (Y + 1) And &HFF
    Z = (Z + bKey(Y)) And &HFF
    temp = bKey(Y)
    bKey(Y) = bKey(Z)
    bKey(Z) = temp
    bRet(i) = bRet(i) Xor bKey((CInt(bKey(Y)) + CInt(bKey(Z))) And &HFF)
  Next i
  'bad
  bKey(&H100) = Y
  bKey(&H101) = Z
End Sub

at the code  "  Y = bKey(&H100)"

the msgbox after that does not come up

1 line of bad code


Public Sub DoCrypt(ByRef bData() As Byte, ByRef bKey() As Byte, ByRef bRet() As Byte)
Dim Y      As Long

  Y = bKey(&H100)

http://img509.imageshack.us/img509/5600/codeisbadhp3.jpg

Quote from: Andy on March 30, 2008, 04:07 PM
Use the code exactly as I gave it.

I'm unable to because I use a different packet buffer and I don't use BNCSutil

I got it to go all the way thru but it still doesn't send out the packet

what does Packet.GetNull do?
Packet.ClearOutbound same as clearing the packet that would be set out?

If packet.getnull gets the last packet (5e) would it be this?

0000  FF 5E 29 00 44 0D 06 0F 85 C0 E4 F3 D6 14 C1 EB    .^).D...........
0010  B7 F9 82 25 74 D8 7A 2F 07 25 4A 21 4B 65 02 07    ...%t.z/.%J!Ke..
0020  EC B6 52 D0 8C CE 27 02 57                         ..R...'.W

or this

0000  44 0D 06 0F 85 C0 E4 F3 D6 14 C1 EB    .^).D...........
0010  B7 F9 82 25 74 D8 7A 2F 07 25 4A 21 4B 65 02 07    ...%t.z/.%J!Ke..
0020  EC B6 52 D0 8C CE 27 02 57                         ..R...'.W

without the first 4 chars?


OK, now I just copy and pasted ur code with a few modifications otherwise it will not compile

Here's my result

Unknown Warden Packet:  FF 5E 29 00 F0 B2 9F 53 1D 0A 9E 1C 4E 0C 8F 22 4A 61 B3 A1 21 64 2E 05 8B 86 EC 89 75 86 DE F2 6A 3B F6 99 D1 C4 7C 8F 53
bRet(0):202

Here's my new code, more complete


Public Function ParsePacket(ByVal datA As String)
        If Len(datA) = 0 Or Asc(Left(datA, 1)) <> 255 Then Exit Function

        data2 = datA
        With clsI
            .SetBuffer datA
            .Skip 1
            PacketId = .GetByte
            .Skip 2
        End With
        Select Case PacketId
        Case &H5E
        SID_Recv_Warden datA
...
end function





Public Sub SID_Recv_Warden(datA As String)
Dim clsP As New clsPacket
  sData = datA
  cWarden.StrToByteArray sData, bData()
  cWarden.DoCrypt bData(), wKeyIn(), bRet()
Select Case bRet(0)
    Case &H0
    clsP.Clear
      ReDim bData(0)
      bData(0) = &H1
      cWarden.DoCrypt bData(), wKeyOut(), bRet()
      With clsP
      .InsertString cWarden.ByteArrayToStr(bRet())
      .sendPacket frmMain.sckBot, &HE
      End With
    Case Else
      AddChat vbRed, "Unknown Warden Packet: " & StrToHex(datA)
            AddChat vbRed, "bRet(0):" & bRet(0)
  End Select



Right now bret(0) equaled 202, not zero.

Know why?

I also tried sData = Mid$(datA, 5) and it still did not work - bret(0) equaled 233

Still does not work, found the problem but not the solution.

I get the msgbox "hello", but not hi1 or hi2
I don't have an "on error resume next" code in the sub


Dim clsP As New clsPacket
        With clsP
            .SetBuffer datA
            .Skip 1
            .Skip 2
            PackID = .GetByte
        End With
        bRet(0) = PackID
  datA = clsP.GetNTString
msgbox("hello")
cWarden.StrToByteArray datA, bData()
  MsgBox ("hi1")
  cWarden.DoCrypt bData(), wKeyIn(), bRet()
  MsgBox ("hi2")


"datA = clsP.GetNTString"  what code should this be??  I replaced "sData = Packet.GetNull" with that.

getnull same as get null terminated string?

whats packet.getnull do?

I just added this code ontop


Dim stringx As String
stringx = StrToHex(bData())
Open App.Path & "/debug.txt" For Append As #1
Print #1, stringx
stringx = StrToHex(wKeyIn())
Print #1, stringx
stringx = StrToHex(bRet())
Print #1, stringx
Close #1


this is what comes in my txt file

3F 3F 3F 3F 3F 3F 3F 3F 3F 3F 3F 3F 3F 3F 3F 3F 3F 3F 3F 3F 3F 3F 3F 3F 3F 3F 4D 3F 3F 3F 3F 3F 3F 3F 3F 3F 3F 3F 3F 3F 3F 3F 3F 3F 3F 3F 3F 3F 3F 3F 3F 3F 3F 3F 3F 3F 3F 3F 3F 3F 3F 3F 3F 3F 3F 3F 3F 3F 3F 3F 3F 3F 3F 3F 3F 3F 3F 3F 3F 3F 3F 3F 3F 3F 3F 3F 3F 3F 3F 3F 3F 3F 3F 3F 3F 3F 3F 3F 3F 3F 3F 3F 3F 3F 3F 3F 3F 3F 3F 3F 3F 3F 52 3F 3F 3F 3F 3F 3F 3F 3F 3F 3F 3F 3F 3F 3F 3F 00


thats it, 1 null value, then a bunch of 3F's, then another null value

Just post which values come from where, just like bnet docs b/c i've been playing around this for hours i'll even give war3 keys if some1 helps me ><!!

in my text file is now

FF 5E 29 00 06 FA C1 FC FB 0A DA 38 8A 2C A1 47 83 C3 31 11 E7 35 11 18 CF A8 9A 77 CD 38 42 98 34 C1 F4 DF 41 18 32 F3 B0
3F 3F 3F 3F 3F 3F 3F 3F 3F 3F 3F 3F 3F 3F 3F 3F 3F 3F 3F 3F 3F 3F 3F 3F 3F 3F 4D 3F 3F 3F 3F 3F 3F 3F 3F 3F 3F 3F 3F 3F 3F 3F 3F 3F 3F 3F 3F 3F 3F 3F 3F 3F 3F 3F 3F 3F 3F 3F 3F 3F 3F 3F 3F 3F 3F 3F 3F 3F 3F 3F 3F 3F 3F 3F 3F 3F 3F 3F 3F 3F 3F 3F 3F 3F 3F 3F 3F 3F 3F 3F 3F 3F 3F 3F 3F 3F 3F 3F 3F 3F 3F 3F 3F 3F 3F 3F 3F 3F 3F 3F 3F 3F 52 3F 3F 3F 3F 3F 3F 3F 3F 3F 3F 3F 3F 3F 3F 3F 00


now i get "Unknown Warden Packet: ÿ^)"

WTF is wrong with you people!

first someone tell me what value exactly do i put in InitializeWarden??

then is this code correct?


            With clsP
                .InsertBYTE &H1
                ToSend = DoCryptWarden(Data, wKeyOut)
                .InsertString ToSend
                .sendPacket frmMain.sckBot, &H5E
            End With


what does Data supposed to consist of?  The entire packet?

My bot gets on bnet on starcraft but then when it responds to the warden it gets disconnected.  Here is packet log of this.


1  192.168.0.100:3539  63.240.202.126:6112  59  Send 
0000  01 FF 50 3A 00 00 00 00 00 36 38 58 49 50 58 45    ..P:.....68XIPXE
0010  53 D1 00 00 00 00 00 00 00 00 00 00 00 00 00 00    S...............
0020  00 00 00 00 00 00 00 00 00 55 53 41 00 55 6E 69    .........USA.Uni
0030  74 65 64 20 53 74 61 74 65 73 00                             ted States.

2  63.240.202.126:6112  192.168.0.100:3539  70  Recv 
0000  FF 25 08 00 4A 61 A4 EE FF 50 3E 00 00 00 00 00    .%..Ja...P>.....
0010  6D 2F AE 03 E0 4C 13 00 00 BA F7 D9 72 FC C6 01    m/...L......r...
0020  6C 6F 63 6B 64 6F 77 6E 2D 49 58 38 36 2D 31 33    lockdown-IX86-13
0030  2E 6D 70 71 00 B5 EE 5D A9 2A E6 33 2A C4 77 3B    .mpq...].*.3*.w;
0040  4C DA 53 76 F6 00                                                      L.Sv..

3  192.168.0.100:3539  63.240.202.126:6112  8  Send 
0000  FF 25 08 00 00 00 00 00                            .%......

4  192.168.0.100:3539  63.240.202.126:6112  86  Send 
0000  FF 51 56 00 D2 02 96 49 01 02 0F 01 D6 1E B2 89    .QV....I........
0010  01 00 00 00 00 00 00 00 0D 00 00 00 02 00 00 00    ................
0020  E1 30 1F 00 00 00 00 00 43 8F D7 37 D8 B0 80 23    .0......C..7...#
0030  95 AF D8 17 7A 79 11 17 72 D9 1D F0 E5 3B 9A FB    ....zy..r....;..
0040  6E 70 92 12 96 32 95 F0 21 28 B8 92 00 4B 7A 55    np...2..!(...KzU
0050  4C 5A 70 49 56 00                                                     LZpIV.

5  63.240.202.126:6112  192.168.0.100:3539  9  Recv 
0000  FF 51 09 00 00 00 00 00 00                         .Q.......

6  192.168.0.100:3539  63.240.202.126:6112  53  Send 
0000  FF 14 08 00 74 65 6E 62 FF 3A 2D 00 59 49 6E 01    ....tenb.:-.YIn.
0010  6D 2F AE 03 A8 61 3A BE 7D 75 AD E8 DA 2D BA A9    m/...a:.}u...-..
0020  F4 28 4C 26 CC 9F 64 28 69 68 61 74 65 77 61 72    .(L&..d(ihatewar
0030  64 65 6E 33 00                                                           den3.

7  63.240.202.126:6112  192.168.0.100:3539  12  Recv 
0000  FF 59 04 00 FF 3A 08 00 00 00 00 00                .Y...:......

8  192.168.0.100:3539  63.240.202.126:6112  6  Send 
0000  FF 0A 06 00 00 00                                  ......

9  63.240.202.126:6112  192.168.0.100:3539  41  Recv 
0000  FF 5E 29 00 44 0D 06 0F 85 C0 E4 F3 D6 14 C1 EB    .^).D...........
0010  B7 F9 82 25 74 D8 7A 2F 07 25 4A 21 4B 65 02 07    ...%t.z/.%J!Ke..
0020  EC B6 52 D0 8C CE 27 02 57                                      ..R...'.W

10  192.168.0.100:3539  63.240.202.126:6112  47  Send 
0000  FF 5E  2F 00 01 CF 7C 29 30 78  F4 12 97 54 F5 A4      .^/...|)0x...T..
0010  36 4B 3D 39 47 EA 4E 6C DE 0D 3B 8C 0B F1 0F B1    6K=9G.Nl..;.....
0020  49 09 74 6D 88 48 CA C7 33 CB 7F B9 22 0F 00          I.tm.H..3..."..

BOOM DISCONNECT


After sending my response to warden (5E) I get disconnected I used code that ANDY posted.

Anyone see what I did wrong?  I'm really tired atm, so its possible i made some big mistakes -
Don't program when your really tired because you waste time   

-CODE-

        With clsP
        .SetBuffer dAta
            .Skip 1
            .Skip 2
            PackID = .GetByte
        End With
    Select Case PackID
        Case &H0
            pMD5 = clsP.GetString '(16)
            pKey = clsP.GetString '(16)
            pLen = clsP.GetDWORD

with clsp
                .InsertBYTE &H1
                ToSend = DoCryptWarden(dAta, wKeyOut)
                .InsertString ToSend
                .sendPacket frmMain.sckBot, &H5E, iNdex
end with


Thats it, nothing else


Public Function DoCryptWarden(ByVal sData As String, ByRef sKey As String) As String
Dim bKey() As Byte
Dim dAta() As Byte
Dim i      As Long
Dim temp   As Byte
Dim Y      As Long
Dim Z      As Long

    StrToByteArrayWarden sKey, bKey

    Y = bKey(&H100)
    Z = bKey(&H101)
    StrToByteArrayWarden sData, dAta
    For i = 0 To UBound(dAta)
        Y = (Y + 1) And &HFF
        Z = (Z + bKey(Y)) And &HFF
        temp = bKey(Y)
        bKey(Y) = bKey(Z)
        bKey(Z) = temp
        dAta(i) = dAta(i) Xor bKey((CInt(bKey(Y)) + CInt(bKey(Z))) And &HFF)
    Next i
    bKey(&H100) = Y
    bKey(&H101) = Z
    sKey = ByteArrayToStrWarden(bKey)
    DoCryptWarden = ByteArrayToStrWarden(dAta)
End Function


instead of class module i moved it to a regular module


Option Explicit
Private Declare Function StandardSHA Lib "RSHA.dll" (sVal As String) As String
Private Position        As Long
Private RandomData()    As Byte
Private RandomSource1() As Byte
Private RandomSource2() As Byte

Also, is position,RandomData, RandomSource1, RandomSource2 something that needs to be saved for later use?


dim stringforwarden as string * 20
            InitializeWarden Left$(stringforwarden , 4)


string for warden doesn't contain anything but 20 null values when passed onto InitializeWarden


wKeyOut = SimpleCryptWarden(GetBytesWarden(&HF))
wKeyIn = SimpleCryptWarden(GetBytesWarden(&HF))



Public Function GetBytesWarden(ByVal Bytes As Long) As String
Dim i           As Integer
Dim Buffer()    As Byte
    ReDim Buffer(Bytes) As Byte
    For i = 0 To Bytes
        Buffer(i) = GetByteWarden
    Next i
    GetBytesWarden = ByteArrayToStrWarden(Buffer)
End Function

Public Function ByteArrayToStrWarden(ByRef bByt() As Byte) As String
Dim sStr As String
Dim i    As Integer
    For i = 1 To UBound(bByt) + 1
        sStr = sStr & Chr$(bByt(i - 1))
    Next i
    ByteArrayToStrWarden = sStr
End Function

Help pls, I havn't gotten enough sleep last night and the sun is going to rise soon.

Quote from: Ersan on February 20, 2007, 06:40 AM
Using pure visual basic for all the algorithms used during logon is horribly inefficient, I would much prefer someone use a C++ library like bncsutil.

I'm sure there's some way to include the DLL inside your program binary and extract it to a temporary folder for usage, the license bncsutil uses permits this (LGPL).

Umm no

Instead of taking 2 milliseconds to complete it takes 4?

Wow, your an idiot if you think you'll have a programming job in 10 yrs, (think india / china, and think minimum wage)


http://odesk.com/ -- all the countries (esp india) charge less

http://books.slashdot.org/books/04/12/16/2319240.shtml?tid=192&tid=156&tid=103&tid=6 -- look what democrats want (lose ur job)



big companies almost always take over, that is what capitalism is about.

how u get this thing to work?  the exe keeps on giving me runtime error 424 "object required"

I inserted the object in the main form, it says coded by raidenmzx blah blah blah

Private Sub Form_Load()
ldocx.SetPassword "SetPassword"
ldocx.ReadyData

It gives me the runtime when  ldocx.SetPassword "SetPassword"  is called