• Welcome to Valhalla Legends Archive.
 

Alot of issues with SID_AUTH_INFO packet

Started by Wesley, August 03, 2006, 12:03 PM

Previous topic - Next topic

Wesley

First of all the checksum value from CheckRevision doesn't match a packet log I have that the client sent to the server. Using the same Client and Server token in a previous login session I should have been able to emulate the SID_AUTH_INFO packet that was sent to the server. The hashes are off, the public key values are off, the checkrevision checksum is off as well using bncsutil 1.2.0. The structs and format is dead on it's the values that are incorrect.

I know it's a bit sloppy, but bear with me.

SID_AUTH_INFO_IN * pTmp2 = (SID_AUTH_INFO_IN*)pTmp->pkt_data;
_MainConnection->ServerToken = pTmp2->ServerToken;
DWORD ClientToken;
unsigned int EXEVersion;
DWORD EXEHash;
int FileSize = 0;
const char * cdkey1;
const char * cdkey2;
int decoder1 = 0;
int decoder2 = 0;
int HashLength1 = 0;
int HashLength2 = 0;
char CdkeyHash1[100];
memset(CdkeyHash1,0x0,100);
char CdkeyHash2[100];
memset(CdkeyHash2,0x0,100);
char EXEInfo[100];
memset(EXEInfo,0x0,100);
unsigned long checksum = 0;
unsigned long servertoken = pTmp2->ServerToken;
#pragma pack(1)
struct Response
{
DWORD ClientToken;
DWORD EXEVersion;
DWORD EXEHash;
DWORD NumberOfKeys;
BOOL  UsingSpawn;

DWORD KeyLength;
DWORD KeyProduct;
DWORD KeyPublic;
DWORD Unknown;
unsigned char hashdata[20];
DWORD KeyLength2;
DWORD KeyProduct2;
DWORD KeyPublic2;
DWORD Unknown2;

unsigned char hashdata2[20];
char EXEInformation[35];
char OwnerInfo[5];
}Packet;
// XXXXXXXXXXXXXXXX replaces what used to be real cdkeys.
cdkey1 = "XXXXXXXXXXXXXXXX";
cdkey2 = "XXXXXXXXXXXXXXXX";
ClientToken = GetTickCount();
decoder1 = kd_create(cdkey1,strlen(cdkey1));
HashLength1 = kd_calculateHash(decoder1,ClientToken,servertoken);
kd_getHash(decoder1,CdkeyHash1);

decoder2 = kd_create(cdkey2,strlen(cdkey2));
HashLength2 = kd_calculateHash(decoder2,ClientToken,servertoken);
kd_getHash(decoder2,CdkeyHash2);

HANDLE hF = CreateFileA("C:/Games/Diablo II/game.exe",GENERIC_READ,FILE_SHARE_READ,NULL,OPEN_EXISTING,0,NULL);
FileSize = GetFileSize(hF,0);
CloseHandle(hF);

getExeInfo("C:/Games/Diablo II/game.exe",EXEInfo,FileSize,&EXEVersion,1);
checkRevisionFlat(pTmp2->FormulaString,"C:/Games/Diablo II/Game.exe","C:/Games/Diablo II/bnclient.dll","C:/Games/Diablo II/d2client.dll",extractMPQNumber(pTmp2->File),&checksum);

Packet.ClientToken = ClientToken;
Packet.EXEVersion = EXEVersion;
Packet.EXEHash = checksum;
Packet.NumberOfKeys = 0x02;
Packet.UsingSpawn = 0x00;
Packet.KeyLength = strlen(cdkey1);
Packet.KeyProduct = kd_product(decoder1);
Packet.KeyPublic = kd_val1(decoder1);
Packet.Unknown = 0x00000000;
memcpy(Packet.hashdata,CdkeyHash1,20);
Packet.KeyLength2 = strlen(cdkey2);
Packet.KeyProduct2 = kd_product(decoder2);
Packet.KeyPublic2 = kd_val1(decoder2);
Packet.Unknown2 = 0x00000000;
memcpy(Packet.hashdata2,CdkeyHash2,20);
EXEInfo[0] = ::toupper(EXEInfo[0]);
strcpy(Packet.EXEInformation,EXEInfo);
strcpy(Packet.OwnerInfo,"Owner");
BNCS pTmp8;
pTmp8.pHead.header = 0xFF;
pTmp8.pHead.Opcode = 0x51;
pTmp8.pHead.pLen = (sizeof(BNCSHeader) + sizeof(Packet));
memcpy(pTmp8.pkt_data,&Packet,sizeof(Packet));
_MainConnection->_MainSocket->Send((const char*)&pTmp8,pTmp8.pHead.pLen);

MyndFyre

Are you providing the game files in the correct order to CheckRevision?
QuoteEvery generation of humans believed it had all the answers it needed, except for a few mysteries they assumed would be solved at any moment. And they all believed their ancestors were simplistic and deluded. What are the odds that you are the first generation of humans who will understand reality?

After 3 years, it's on the horizon.  The new JinxBot, and BN#, the managed Battle.net Client library.

Quote from: chyea on January 16, 2009, 05:05 PM
You've just located global warming.

Newby

I'm surprised in a Windows C++ project, you can use forward slashes in a file path.

I always thought it would be a '\\' versus a '/'.

Just something I found interesting.
- Newby

Quote[17:32:45] * xar sets mode: -oooooooooo algorithm ban chris cipher newby stdio TehUser tnarongi|away vursed warz
[17:32:54] * xar sets mode: +o newby
[17:32:58] <xar> new rule
[17:33:02] <xar> me and newby rule all

Quote<TehUser> Man, I can't get Xorg to work properly.  This sucks.
<torque> you should probably kill yourself
<TehUser> I think I will.  Thanks, torque.

Wesley

Yeah you can use forward slashes.

The following code reads the packet saved raw packet dump into `buffer` to use as if it just received it from the server.


SID_AUTH_INFO_IN * pTmp2 = (SID_AUTH_INFO_IN*)buffer;
unsigned long checksum;
printf("Success: %d\n", checkRevisionFlat(pTmp2->FormulaString,"C:/Games/Diablo II/d2client.dll","C:/Games/Diablo II/bnclient.dll","C:/Games/Diablo II/Game.exe",extractMPQNumber(pTmp2->File),&checksum));
printf("Test: %X\n", checksum);
printf("Success: %d\n", checkRevisionFlat(pTmp2->FormulaString,"C:/Games/Diablo II/d2client.dll","C:/Games/Diablo II/Game.exe","C:/Games/Diablo II/bnclient.dll",extractMPQNumber(pTmp2->File),&checksum));
printf("Test: %X\n", checksum);
printf("Success: %d\n", checkRevisionFlat(pTmp2->FormulaString,"C:/Games/Diablo II/Game.exe","C:/Games/Diablo II/bnclient.dll","C:/Games/Diablo II/d2client.dll",extractMPQNumber(pTmp2->File),&checksum));
printf("Test: %X\n", checksum);
printf("Success: %d\n", checkRevisionFlat(pTmp2->FormulaString,"C:/Games/Diablo II/Game.exe","C:/Games/Diablo II/d2client.dll","C:/Games/Diablo II/bnclient.dll",extractMPQNumber(pTmp2->File),&checksum));
printf("Test: %X\n", checksum);
printf("Success: %d\n", checkRevisionFlat(pTmp2->FormulaString,"C:/Games/Diablo II/bnclient.dll","C:/Games/Diablo II/Game.exe","C:/Games/Diablo II/d2client.dll",extractMPQNumber(pTmp2->File),&checksum));
printf("Test: %X\n", checksum);
printf("Success: %d\n", checkRevisionFlat(pTmp2->FormulaString,"C:/Games/Diablo II/bnclient.dll","C:/Games/Diablo II/d2client.dll","C:/Games/Diablo II/Game.exe",extractMPQNumber(pTmp2->File),&checksum));
printf("Test: %X\n", checksum);


Output:

Success: 1
Test: 94A7A8
Success: 1
Test: 12F3F8
Success: 1
Test: 12F3F8
Success: 1
Test: 12F3F8
Success: 1
Test: 12F3F8
Success: 1
Test: 12F3F8