Valhalla Legends Archive

thanks

but the sample code seems incomplete
1. what is sig string, and array K, variable key and mod seems to be undeclared
2. N i assume to be the private hash key, but didnt hdx say its 128bit not 128 byte
3. no clue what &HBB is used for

do u know the steps in general on how the signature is generated, i think i better off learning the concepts rather than figure out partial codes

thanks

Quote
Public Function checkServerSignature(sig As String, ip As String) As Boolean
    Dim I As Integer, Ret As Boolean
    Dim K() As Byte: Let K = Array(0, 1, 1, 0)
    Dim N() As Byte: Let N = Array(&HD5, &HA3, &HD6, &HAB, &HF, &HD, &HC5, &HF, &HC3, &HFA, &H6E, &H78, &H9D, &HB, &HE3, &H32, &HB0, &HFA, &H20, &HE8, &H42, &H19, &HB4, &HA1, &H3A, &H3B, &HCD, &HE, &H8F, &HB5, &H56, &HB5, &HDC, &HE5, &HC1, &HFC, &H2D, &HBA, &H56, &H35, &H29, &HF, &H48, &HB, &H15, &H5A, &H39, &HFC, &H88, &H7, &H43, &H9E, &HCB, &HF3, &HB8, &H73, &HC9, &HE1, &H77, &HD5, &HA1, &H6, &HA6, &H20, &HD0, &H82, &HC5, &H2D, &H4D, &HD3, &H25, &HF4, &HFD, &H26, &HFC, &HE4, &HC2, &H0, &HDD, &H98, &H2A, &HF4, &H3D, &H5E, &H8, &H8A, &HD3, &H20, &H41, &H84, &H32, &H69, &H8E, &H8A, &H34, &H76, &HEA, &H16, &H8E, &H66, &H40, &HD9, &H32, &HB0, &H2D, &HF5, &HBD, &HE7, &H57, &H51, &H78, &H96, &HC2, &HED, &H40, &H41, &HCC, &H54, &H9D, &HFD, &HB6, &H8D, &HC2, &HBA, &H7F, &H69, &H8D, &HCF)
   
    'Do the calculation
    byte []result = new BigIntegerEx(BigIntegerEx.LITTLE_ENDIAN, sig).modPow(key, mod).toByteArray();
   
    Dim CorrectResult As String: CorrectResult = String(Len(Result), Chr(&HBB))
    CorrectResult = ip & Mid(CorrectResult, 5)
       
    Ret = True
    For I = 0 To Len(Result) Step 1
        If Result(I) <> CorrectResult(I) Then
            Ret = False
        End If
    Next I
End Function

hey guys
i tried relay war3 packets over a proxy run on localhost, through
1. mapped uswest.battle.net to 127.0.0.1 and the porxy server would connect to the real battle net ip and relay the packets in the middle
or
2. change the registry, the gateway Lorderon point to localhost, and relay the packets in the middle

now the proxy logged the 0x1 then 0x50 ID_AUTH_INFO packet being sent, but as soon as it relayed the received 0x50 from server the war3 client dc itself

so i tried the packet dump with and without the proxy, the results are
1. the 0x50 send is identical when war3 client connected to bnet or conencted to proxy
2. the 0x50 receive contain the same 128 byte Server Signiture

does any one know how the hell war3 client figure out that it is getting proxied ?

thanks

hi, im have consolidated and expanded most of the practical set of W3GS and finally wrote a working and tested host bot.
its been used on leagues and pvpgn server for afew month now
although it is only limited to Dota and not other melee maps but i believe it is still good refernce regardless

the source is rar packaged, written  in VB.NET Visual Studio Express 2008 , which is free too
main site link  -  http://laineth.googlepages.com/
forum source  -  http://leax.netfreehost.com/leax-forum-7.html

why dont u just implment a set of protocol based interface like that of BNET or BNLS, since im sure u are already familiar with BNET style protocol formats, its perfect for exchanging info with ur botnet as well perhaps other bot developers. coz recently i just done a similar thing with my bot, i only got the structure down by basing upon the BNET protocol so that other bot can get info from my bot http://laineth.googlepages.com/lenp.html

thanks, works great

just a question, i think i get 1/50 chance of not passing the password proof for war3 tft accounts at times, anyone else notice that or just me

previous post on this topic link is at http://forum.valhallalegends.com/index.php?topic=16670.msg171064#msg171064  if ur still interested

i had the same problem back then, if u want a work around for now, just get the NLS class from JavaOP which is open sourced, compile it in J# into a dll and use that for the fix, its basically fix the calculateM1 function

if ur in .NET say VB
u can actaully import the java class so essentiall u can access the BigInteger class (ref: vjslib.dll)
though u gota manually convert signed and unsigned byte arrays

also regarding  SHA1(g) XOR SHA1(N) in this case is pretty much a constant which you can also dig up from iago's NLS class in javaOP


*edit
result = New Byte() {108, 14, 151, 237, 10, 249, 107, 171, 177, 88, 137, 235, 139, 186, 37, 164, 240, 140, 1, 248}

i finally fig out the "lalalalalala" 's are actually action thats documetned on the W3GS_action.txt and W3GS_format.txt in war3 replay parser sites, so does many other actions like right clicks, units selects and etc

though the hardest part is a constant flow of non action packets which are troubling, they look similar to ping packets for which the client repond with a pong but with 5 bytes of looks randomish data, maybe hash/encrypted or maybe an inbuilt random sequence. 
btw i tested with a observer client with host only, so client wont be sending any actions  only maintaing idle state


s->c      f7 0c 06 00 f9 00                        simiar to ping type of server packets
c->s      f7 27 09 00 5c 8c 68 e9 2b client alywas respond with 5 byte of weird stuff
s->c      f7 0c 06 00 fa 00
c->s      f7 27 09 00 5c 6e e9 5e b2
s->c      f7 0c 06 00 09 01
c->s      f7 27 09 00 5c 4a 5d ce 83
s->c      f7 0c 06 00 fa 00
c->s      f7 27 09 00 5c e7 d0 ca 0a
s->c      f7 0c 06 00 f9 00
c->s      f7 27 09 00 5c 2c c5 db 81
s->c      f7 0c 06 00 fa 00
c->s      f7 27 09 00 5c 89 4c 6c 0f
s->c      f7 0c 06 00 f9 00
c->s      f7 27 09 00 5c 56 38 7c 86
s->c      f7 0c 06 00 fa 00
c->s      f7 27 09 00 5c 73 83 e2 0d
s->c      f7 0c 06 00 fa 00
c->s      f7 27 09 00 5c 0d 4f 7b 9b
s->c      f7 0c 06 00 f9 00



does nayone know how to generate thses 5 bytes of client response

hi

i m just wondering if anyone knows about the war3 custom game protocol, as in i m trying to stay idle after the game starts or better still parse some game data

heres what i logged right after game started


s->c      f7 0b ....  finish counting down
c->s f7 23 ....  this one should mean i have finish loading the map and waiting for everyone else to load
s->c f7 08 ....  think this one means other play have finish loading the map

stuff below i cant make any sense of, this is where game officially started

c->s f7 26 13 00 2c 26 2e eb 1a 1a 1a 1a 1a 1a 1a 1a 1a 1a 1a
s->c f7 0c 06 00 fa 00
s->c f7 0c 40 00 fa 00 be 14 0a 0b 00 1a 1a 1a 1a 1a 1a 1a 1a 1a 1a 1a 05 0b 00 1a 1a 1a 1a 1a 1a 1a 1a 1a 1a 1a 01 0b 00 1a 1a 1a 1a 1a 1a 1a 1a 1a 1a 1a 02 0b 00 1a 1a 1a 1a 1a 1a 1a 1a 1a 1a 1a
c->s f7 27 09 00 a8 13 76 fa b4
s->c f7 0c 16 00 fa 00 64 fb 07 0b 00 1a 1a 1a 1a 1a 1a 1a 1a 1a 1a 1a f7 0c 06 00 fa 00
c->s f7 27 09 00 52 cd 82 0b 1e
s->c f7 0c 40 00 fa 00 0a da 04 0b 00 1a 1a 1a 1a 1a 1a 1a 1a 1a 1a 1a 03 0b 00 1a 1a 1a 1a 1a 1a 1a 1a 1a 1a 1a 08 0b 00 1a 1a 1a 1a 1a 1a 1a 1a 1a 1a 1a 09 0b 00 1a 1a 1a 1a 1a 1a 1a 1a 1a 1a 1a
c->s f7 27 09 00 18 78 cc 1d 67
c->s f7 27 09 00 00 da 59 ac d9
s->c f7 0c 38 00 fa 00 3a 10 01 0d 00 62 7a 5a 00 00 bb 6b 00 00 01 00 00 00 03 0d 00 62 7a 5a 00 00 bb 6b 00 00 01 00 00 00 08 0d 00 62 7a 5a 00 00 bb 6b 00 00 01 00 00 00
c->s f7 27 09 00 00 69 d4 21 84
c->s f7 26 15 00 29 70 26 8f 62 7a 5a 00 00 bb 6b 00 00 01 00 00 00
s->c f7 0c 66 00 fa 00 fc 8c 06 0b 00 1a 1a 1a 1a 1a 1a 1a 1a 1a 1a 1a 04 0d 00 62 7a 5a 00 00 bb 6b 00 00 01 00 00 00 05 0d 00 62 7a 5a 00 00 bb 6b 00 00 01 00 00 00 09 0d 00 62 7a 5a 00 00 bb 6b 00 00 01 00 00 00 0a 0d 00 62 7a 5a 00 00 bb 6b 00 00 01 00 00 00 02 0d 00 62 7a 5a 00 00 bb 6b 00 00 01 00 00 00
c->s f7 27 09 00 44 70 6d d3 30


so if anyone can shed some light on these packet and their meaning would be greatly appreciated
thanks!

its just i been stuck on this for a few days and couldnt really get anywhere
so i tried everything to get that error to go away

for background info, im trying to convert my existing BNLS code to MBNCSUTIL and am currently working on BNLS_LOGONPROOF which is the 20 bytes length M1 Hash result normally returned by the BNLS server. so i thought the fastest way to achieve this in MBNCSUTIL is via


nls = New NLS(username, password)
packet = New BncsPacket(CType(clsProtocolBNET.Protocol.SID_AUTH_ACCOUNTLOGON, Byte))
nls.LoginAccount(packet)

.....
BNET SID_AUTH_ACCOUNTLOGON happens here using the publickey genreated
.....

packet = New BncsPacket(CType(clsProtocolBNET.Protocol.SID_AUTH_ACCOUNTLOGONPROOF, Byte))
nls.LoginProof(packet, salt, serverkey)             '<------------- null exception caught inside here where im totally stuck

If packet.GetData().Length = 24 Then
    clientpasswordproof = New Byte(20 - 1) {}
    Array.Copy(packet.GetData(), 4, clientpasswordproof, 0, clientpasswordproof.Length)   'Extract the M1 result from the packet
    Return True
End If


i been reading the MBNCSUTIL HELP documentation, the remark section on LoginProof states i just need to call LoginAccount after the NLS instantiation and that should be enough... though my code is stuffed somehow and gives that null exception still.
so if anyone can point to me where i went wrong or where i can get further info on MBNCSUTIL usage examples and such that would be very much appreciated

thanks

*edit

found something interesting in NLS.cs CalculateM1 function line 654 - 672


for (int i = 0, j = 0; i < bytes_s.Length; i += 2, j++)
{
even_s[j] = bytes_s[i];
odds_s[j] = bytes_s[i + 1];
}
byte[] even_hash = s_sha.ComputeHash(even_s);
byte[] odds_hash = s_sha.ComputeHash(odds_s);
byte[] local_k = new byte[bytes_s.Length];
for (int i = 0; i < k.Length; i++)
{
if ((i & 1) == 0)
{
local_k[i] = even_hash[i];
}
else
{
local_k[i] = odds_hash[i];
}
}


bytes_s is length 32 and split into even_s length 16 and odd_s length 16 which are subsequently hashed
but even_hash and odd_hash are length 20 each so if they are combined back to form local_k, then local_k's length needs to be 40 as well right
but local_k length is bytes_s length which is 32, is this a bug ?

I tried calling LoginAccount first then LoginProof this time, still no luck, null exception error at the same place

           
nls = New NLS(username, password)
packet = New BncsPacket(CType(clsProtocolBNET.Protocol.SID_AUTH_ACCOUNTLOGON, Byte))
nls.LoginAccount(packet)
packet = New BncsPacket(CType(clsProtocolBNET.Protocol.SID_AUTH_ACCOUNTLOGONPROOF, Byte))
nls.LoginProof(packet, salt, serverkey)             '<------------- null exception caught inside


maybe im using the LoginProof() wrongly
is there anyone out there got the NLS.LoginProof working in MBNCSUtil of any version and got the correct hashed result ?

heres my calling procedure

'vb.NET
packet = New BncsPacket(CType(clsProtocolBNET.Protocol.SID_AUTH_ACCOUNTLOGONPROOF, Byte))
nls = New NLS(username, password)
nls.LoginProof(packet, salt, serverkey) 'salt and serverkey are both 32 bytes long


just reporting a similar problem with LoginProof() in MBNCSUtil 1.3.1.8 .NET 1.1 version

after the change was made

if (verifier == null)
with
if (object.ReferenceEquals(verifier, null))

an error occurred down the line
caught at NLS.cs : private void CalculateM1(byte[] salt, byte[] serverKey)  line 579

byte[] local_k = new byte[bytes_s.Length];
for (int i = 0; i < k.Length; i++)    <-------- this line, k is null
{


            

thanks Hdx, you were right about the version byte been set wrongly, i changed to 0x15 now i no longer get the old version error which is good ~~
but i m getting a new invalid version error now...


*edit
just found a similar thread answering my own question http://forum.valhallalegends.com/index.php?topic=16022.0
guess i should be using BNLS_CHECKVERSIONEX2


i downloaded wpepro to grab these packets, somehow only sending packets are caught, maybe a xp thing oh well


1  203.194.#.#:4299  63.241.83.109:6112  1  WSASend 
0000  01                                                 .

2  203.194.#.#:4299  63.241.83.109:6112  54  WSASend 
0000  FF 50 36 00 00 00 00 00 36 38 58 49 50 58 33 57    .P6.....68XIPX3W
0010  15 00 00 00 53 55 6E 65 7F 00 00 01 6C FD FF FF    ....SUne....l...
0020  09 0C 00 00 09 04 00 00 41 55 53 00 41 75 73 74    ........AUS.Aust
0030  72 61 6C 69 61 00                                  ralia.

3  203.194.#.#:4299  63.241.83.109:6112  8  WSASend 
0000  FF 25 08 00 78 F1 A2 91                            .%..x...

4  203.194.#.#:4300  64.183.189.104:9367  7  WSASend 
0000  07 00 0D 02 00 00 00                               .......

5  203.194.#.#:4300  64.183.189.104:9367  70  WSASend 
0000  46 00 0C 00 00 00 00 02 01 00 00 00 CC 33 78 5D    F............3x]
0010  46 5A 57 59 36 46 43 37 46 34 58 39 52 59 5A 58    FZWY6FC7F4X9RYZX
0020  45 37 34 32 47 47 4D 32 46 36 00 32 43 47 52 43    E742GGM2F6.2CGRC
0030  34 57 48 48 39 48 34 45 58 59 4B 59 4E 4B 43 45    4WHH9H4EXYKYNKCE
0040  46 46 32 39 4D 00                                  FF29M.

6  203.194.#.#:4300  64.183.189.104:9367  76  WSASend 
0000  4C 00 09 08 00 00 00 04 00 00 00 41 3D 32 39 31    L..........A=291
0010  37 31 33 38 38 35 32 20 42 3D 32 34 39 38 38 30    7138852 B=249880
0020  33 39 38 35 20 43 3D 31 32 32 32 32 31 37 38 32    3985 C=122221782
0030  35 20 34 20 41 3D 41 5E 53 20 42 3D 42 5E 43 20    5 4 A=A^S B=B^C
0040  43 3D 43 2D 41 20 41 3D 41 2D 42 00                C=C-A A=A-B.

7  203.194.#.#:4299  63.241.83.109:6112  148  WSASend 
0000  FF 51 94 00 99 62 A1 A4 BA 04 14 01 76 EE B3 0C    .Q...b......v...
0010  02 00 00 00 00 00 00 00 1A 00 00 00 0E 00 00 00    ................
0020  B1 5D 2F 00 00 00 00 00 31 FC 41 32 74 46 69 98    .]/.....1.A2tFi.
0030  4A 69 D9 64 B1 23 94 2F 3C 41 50 0B 1A 00 00 00    Ji.d.#./<AP.....
0040  12 00 00 00 65 78 1E 00 00 00 00 00 DC E6 7A B0    ....ex........z.
0050  7A 03 D0 CD 9C 94 92 1C 05 1D 07 94 95 79 D5 BA    z............y..
0060  57 61 72 33 2E 65 78 65 20 30 36 2F 31 33 2F 30    War3.exe 06/13/0
0070  36 20 30 36 3A 31 33 3A 30 35 20 31 35 37 32 33    6 06:13:05 15723
0080  30 37 00 44 65 73 63 61 72 74 65 73 20 30 2E 33    07.Descartes 0.3
0090  37 36 31 00                                        761.