• Welcome to Valhalla Legends Archive.
 

[C++] SID_AUTH_CHECK I can't solve it

Started by Tejjoj, September 12, 2007, 09:45 AM

Previous topic - Next topic

Tejjoj



The Sourecode of the function I use to encrypt the cdkey via BNLS

Quote
#define PACKET_GENERATE() BYTE PACKET_BUF[8000]; INT PACKET_POS; PACKET_POS=0; memset(PACKET_BUF,NULL,8000);
#define PACKET_ADDDWORD(x) *(DWORD*)&PACKET_BUF[PACKET_POS] = (DWORD)x; PACKET_POS+=sizeof(DWORD);
#define PACKET_ADDWORD(x) *(WORD*)&PACKET_BUF[PACKET_POS] = (WORD)x; PACKET_POS+=sizeof(WORD);
#define PACKET_ADDCHAR(x) *(CHAR*)&PACKET_BUF[PACKET_POS] = (CHAR)x; PACKET_POS+=sizeof(CHAR);
#define PACKET_ADDBYTE(x) *(BYTE*)&PACKET_BUF[PACKET_POS] = (BYTE)x; PACKET_POS+=sizeof(BYTE);
#define PACKET_ADDINT(x) *(INT*)&PACKET_BUF[PACKET_POS] = (INT)x; PACKET_POS+=sizeof(INT);
#define PACKET_ADDSTRING(x) strcpy((CHAR*)PACKET_BUF+PACKET_POS,x); PACKET_POS+=strlen(x);
#define PACKET_ADDNULLSTRING(x) strcpy((CHAR*)PACKET_BUF+PACKET_POS,x); PACKET_POS+=strlen(x) + 1;
#define PACKET_SEND(x) SendPacket(PACKET_BUF,x,PACKET_POS);
#define PACKET_CPY(x,y) memcpy(PACKET_BUF+PACKET_POS,x,y); PACKET_POS += y;



VOID BNLS_HashKey(CHAR* CDKey, BYTE KeyHash[9*4])
{
   BYTE CDKEY_HASH[100] = {0};
   DWORD pSize = 0;
   *(DWORD*)&CDKEY_HASH[0] = BNET.ServerToken;
   pSize += sizeof(DWORD);
   strcpy((char*)CDKEY_HASH+pSize,CDKey);
   pSize += strlen(CDKey) + 1;
   SendBNLSPacket(CDKEY_HASH,BNLS_CDKEY,pSize);
   printf("[BNLS] CDKey Hash sent!\n");

   pSize = 0;
   CHAR CDKEY_RESPONSE[100];

   DWORD dwSize = recv(BNLS.sock,CDKEY_RESPONSE,100,0);
   printf("[BNLS] CDKey Response! Packet Size: %d\n",dwSize);
   pSize = sizeof(BYTE) + sizeof(WORD); // Cutting away the Header
   printf("[BNLS] CDKey Hash Bool %d\n",CDKEY_RESPONSE[pSize]);
   pSize += sizeof(BOOL);
   printf("[BNLS] CDKey Client Session Key 0x%x\n",*(DWORD*)&CDKEY_RESPONSE[pSize]);
   BNET.ClientToken = *(DWORD*)&CDKEY_RESPONSE[pSize];
   pSize += sizeof(DWORD);
   memcpy(KeyHash,CDKEY_RESPONSE+pSize,sizeof(DWORD)*9);
}

VOID PrintKeyHash(BYTE* HashKey)
{
   DWORD Pos = 0;
   printf("[Info] Key Length: 0x%X\n",*(DWORD*)&HashKey[Pos]);
   Pos += sizeof(DWORD);
   printf("[Info] CD key's product value: 0x%X\n",*(DWORD*)&HashKey[Pos]);
   Pos += sizeof(DWORD);
   printf("[Info] CD key's public value: 0x%X\n",*(DWORD*)&HashKey[Pos]);
   Pos += sizeof(DWORD);
   printf("[Info] Unknown: 0x%X\n",*(DWORD*)&HashKey[Pos]);
   Pos += sizeof(DWORD);
   printf("[Info] Hash key Data(1): 0x%X\n",*(DWORD*)&HashKey[Pos]);
   Pos += sizeof(DWORD);
   printf("[Info] Hash key Data(2): 0x%X\n",*(DWORD*)&HashKey[Pos]);
   Pos += sizeof(DWORD);
   printf("[Info] Hash key Data(3): 0x%X\n",*(DWORD*)&HashKey[Pos]);
   Pos += sizeof(DWORD);
   printf("[Info] Hash key Data(4): 0x%X\n",*(DWORD*)&HashKey[Pos]);
   Pos += sizeof(DWORD);
   printf("[Info] Hash key Data(5): 0x%X\n",*(DWORD*)&HashKey[Pos]);
}

VOID BNLS_HashKeyEX(CHAR* CKey,DWORD SessionKey,BYTE* KeyHashBuffer)
{
   #define CDKEY_SAME_SESSION_KEY          (0x01)
   #define CDKEY_GIVEN_SESSION_KEY         (0x02)
   #define CDKEY_MULTI_SERVER_SESSION_KEYS (0x04)
   #define CDKEY_OLD_STYLE_RESPONSES       (0x08)

   BYTE CDKEY_HASH[100] = {0};
   DWORD pSize = 0;
   *(DWORD*)&CDKEY_HASH[pSize] = 0xDEADC0DE;            // Cookie
   pSize+= sizeof(DWORD);
   *(BYTE*)&CDKEY_HASH[pSize] = 1;                     // Amount of CDKeys
   pSize+= sizeof(BYTE);
   *(DWORD*)&CDKEY_HASH[pSize] = CDKEY_GIVEN_SESSION_KEY;   // Flag
   pSize+= sizeof(DWORD);
   *(DWORD*)&CDKEY_HASH[pSize] = BNET.ServerToken;         // Server Session Key
   pSize+= sizeof(DWORD);
   *(DWORD*)&CDKEY_HASH[pSize] = SessionKey;            // Client Session Key
   pSize+= sizeof(DWORD);
   strcpy((CHAR*)CDKEY_HASH+pSize,CKey);               // CD-Key
   pSize+= strlen(CKey) + 1;

   SendBNLSPacket(CDKEY_HASH,BNLS_CDKEY_EX,pSize);

   BYTE CDKEY_RESPONSE[1024] = {0};
   DWORD dwSize = recv(BNLS.sock,(CHAR*)CDKEY_RESPONSE,sizeof(CDKEY_RESPONSE),0);

   pSize = 3; // Cutting away the Header

   printf("[BNLS] BNLS_CDKEY_EX Response! Cookie: 0x%x\n",*(DWORD*)&CDKEY_RESPONSE[pSize]);
   pSize += sizeof(DWORD);
   printf("[BNLS] Requested CDKeys %d\n",*(BYTE*)&CDKEY_RESPONSE[pSize]);
   pSize += sizeof(BYTE);
   printf("[BNLS] Encrypted CDKeys %d\n",*(BYTE*)&CDKEY_RESPONSE[pSize]);
   pSize += sizeof(BYTE);
   printf("[BNLS] Bit Mask 0x%x\n",*(DWORD*)&CDKEY_RESPONSE[pSize]);
   pSize += sizeof(DWORD);
   printf("[BNLS] Client Session Key 0x%x\n",*(DWORD*)&CDKEY_RESPONSE[pSize]);
   BNET.ClientToken = *(DWORD*)&CDKEY_RESPONSE[pSize];
   pSize += sizeof(DWORD);
   memcpy(KeyHashBuffer,CDKEY_RESPONSE+pSize, 9 * sizeof(DWORD));
   pSize += sizeof(DWORD) * 9;
}

VOID BNLS_CheckRevision(VOID)
{
   DWORD pSize = 0;
   BYTE VERSIONCHECK[1024] = {0};
   BYTE VERSIONCHECK_RESPONSE[1024] = {0};

   *(DWORD*)&VERSIONCHECK[pSize] = PRODUCT_LORDOFDESTRUCTION;
   pSize += sizeof(DWORD);
   *(DWORD*)&VERSIONCHECK[pSize] = BNET.MPQNo;
   pSize += sizeof(DWORD);
   strcpy((CHAR*)VERSIONCHECK+pSize,BNET.ValueForma);
   pSize += strlen(BNET.ValueForma) + 1;

   SendBNLSPacket(VERSIONCHECK,BNLS_VERSIONCHECK,pSize);
   printf("[BNLS] VERSIONCHECK sent!\n");

   DWORD dwSize = recv(BNLS.sock,(CHAR*)VERSIONCHECK_RESPONSE,1024,0);
   printf("[BNLS] VERSIONCHECK response!\n");

   pSize = 3; // Remove the BNLS Header

   printf("[BNLS] VERSIONCHECK_RESPONSE %s(%d)\n", VERSIONCHECK_RESPONSE[pSize] ? "was sucessfull" : "failed", VERSIONCHECK_RESPONSE[pSize]);
   pSize+=sizeof(BOOL);

   BNET.EXEVersion = *(DWORD*)&VERSIONCHECK_RESPONSE[pSize];
   pSize+=sizeof(DWORD);
   BNET.EXEChecksum = *(DWORD*)&VERSIONCHECK_RESPONSE[pSize];
   pSize += sizeof(DWORD);
   strcpy(BNET.ExeInformations,(CHAR*)VERSIONCHECK_RESPONSE+pSize);
}


VOID SID_AUTH_INFO_HANDLER(BYTE* data,DWORD dwSize)
{
   printf("[BNET] AUTH_INFO response\n");

   CHAR ExeInfo[1024] = {0};
   CHAR Mpqname[1024] = {0};

   strcpy(Mpqname,(CHAR*)data + (sizeof(DWORD)*3) + sizeof(FILETIME) + 4);

   BNET.ServerToken = *(DWORD*)&data[7];   // Extracting the Server Token


   BNET.MPQNo = extractMPQNumber((CHAR*)data + (sizeof(DWORD)*3) + sizeof(FILETIME) + 4);
   strcpy(BNET.ValueForma,(CHAR*)data + ( (sizeof(DWORD)*3) + sizeof(FILETIME) + strlen((CHAR*)data + (sizeof(DWORD)*3) + sizeof(FILETIME) + 4) + 5));

   BNLS_HashKey(CDKEY_CLASSIC,BNET.KeyClassic);
   BNLS_HashKeyEX(CDKEY_LOD,BNET.ClientToken,BNET.KeyLoD);

   printf("ServerToken: 0x%x\nClientToken: 0x%x\nMPQNumber: %d (%s)\nValueForma: %s\n",BNET.ServerToken,BNET.ClientToken,BNET.MPQNo,(CHAR*)data + (sizeof(DWORD)*3) + sizeof(FILETIME) + 4,BNET.ValueForma);

   BNLS_CheckRevision();

   printf("EXEChecksum: 0x%x\nEXEVersion: 0x%x\nEXEInformations: %s\n",BNET.EXEChecksum,BNET.EXEVersion,BNET.ExeInformations);


   printf("Classic Key Infos: \n");
   PrintKeyHash(BNET.KeyClassic);
   printf("LoD Key Infos: \n");
   PrintKeyHash(BNET.KeyLoD);

   PACKET_GENERATE()               
   PACKET_ADDDWORD(BNET.ClientToken)         //   (DWORD) Client Token
   PACKET_ADDDWORD(BNET.EXEVersion)         //   (DWORD) EXE Version
   PACKET_ADDDWORD(BNET.EXEChecksum)         //   (DWORD) EXE Hash
   PACKET_ADDDWORD(2)                     //   (DWORD) Number of keys in this packet
   PACKET_ADDDWORD(0)                     //   (BOOLEAN) Using Spawn (32-bit)

   PACKET_CPY(BNET.KeyClassic,sizeof(DWORD)*9)   // Key Classic
   PACKET_CPY(BNET.KeyLoD,sizeof(DWORD)*9)      // Key LoD

   PACKET_ADDNULLSTRING(BNET.ExeInformations)   // (STRING) Exe Information
   PACKET_ADDNULLSTRING("Heiligeswasser")      // (STRING) CD Key owner name
   PACKET_SEND(SID_AUTH_CHECK)
}

The PacketLog:

Quote
00A308F8  FF 51 92 00 10 A1 4F 4B  ÿQ'.¡OK
00A30900  00 0B 00 01 61 C8 A0 6A  . .aÈ j
00A30908  02 00 00 00 00 00 00 00  .......
00A30910  10 00 00 00 06 00 00 00  ......
00A30918  4F B9 D6 00 00 00 00 00  O¹Ö.....
00A30920  52 BA A4 A8 F1 DA 19 5F  Rº¤¨ñÚ_
00A30928  1A C0 9D 59 9C DE A5 36  À?YœÞ¥6
00A30930  2F DC 70 B8 10 00 00 00  /Üp¸...
00A30938  0A 00 00 00 F6 25 3E 00  ....ö%>.
00A30940  00 00 00 00 8A 7A CF 33  ....ŠzÏ3
00A30948  6F AD 03 AB 6F 5B 92 8C  o­«o['Œ
00A30950  53 FE DE 7C 5B C4 B5 49  SþÞ|[ĵI
00A30958  67 61 6D 65 2E 65 78 65  game.exe
00A30960  20 30 34 2F 30 39 2F 30   04/09/0
00A30968  37 20 32 32 3A 31 35 3A  7 22:15:
00A30970  33 34 20 32 31 32 39 39  34 21299
00A30978  32 30 00 48 65 69 6C 69  20.Heili
00A30980  67 65 73 77 61 73 73 65  geswasse
00A30988  72 00                    r.

I keep getting ip ban after i send the packet. I really don't know what is wrong there! I hope you guys can help me fixing this problem. I made a new Thread with all new informations because it seems no one looks into the old thread. Thanks guys

l2k-Shadow

you're getting a response of 0x200 which is "Invalid CD Key". should be self-explanatory.
Quote from: replaced on November 04, 2006, 11:54 AM
I dunno wat it means, someone tell me whats ix86 and pmac?
Can someone send me a working bot source (with bnls support) to my email?  Then help me copy and paste it to my bot? ;D
Já jsem byl určenej abych tady žil,
Dával si ovar, křen a k tomu pivo pil.
Tam by ses povídaj jak prase v žitě měl,
Já nechci před nikym sednout si na prdel.

Já nejsem z USA, já nejsem z USA, já vážně nejsem z USA... a snad se proto na mě nezloběj.

Tejjoj

Quote from: l2k-Shadow on September 12, 2007, 08:38 PM
you're getting a response of 0x200 which is "Invalid CD Key". should be self-explanatory.

My BNLS Response is correct. You can see how I send the packet. If I would know where the problem is i wouldn't ask :|

Don Cullen

Quote from: Tejjoj on September 13, 2007, 10:40 AM
Quote from: l2k-Shadow on September 12, 2007, 08:38 PM
you're getting a response of 0x200 which is "Invalid CD Key". should be self-explanatory.

My BNLS Response is correct. You can see how I send the packet. If I would know where the problem is i wouldn't ask :|

He's not saying your BNLS response is incorrect. He's saying your CD-Key is incorrect. Maybe you left out a number/letter from your CDKey, or made a typo and mistakenly put in the wrong letter/number into the cdkey? Basically, you need to look at your CD key. Try testing your cd key with stealth and see if it works. If it works, then the problem here probably is on how you're hashing your cdkey for submission to BNLS.

You also need to know that regardless of how you set up your cdkey hash, BNLS will not catch errors in your hashing-- as long as the packet is set up correctly, BNLS will not catch errors in the hash, and will calculate its response based on the hash, even if the hash is incorrect.
Regards,
Don
-------

Don't wonder why people suddenly are hostile when you treat them the way they shouldn't be- it's called 'Mutual Respect'.

Tejjoj

I just noticed.. I am grabbing the ServerToken from the wrong position .. It must be BNET.ServerToken = *(DWORD*)&data[8]; gosh ..

Don Cullen

Quote from: Tejjoj on September 13, 2007, 01:38 PM
I just noticed.. I am grabbing the ServerToken from the wrong position .. It must be BNET.ServerToken = *(DWORD*)&data[8]; gosh ..

Glad to hear you solved it. :)
Regards,
Don
-------

Don't wonder why people suddenly are hostile when you treat them the way they shouldn't be- it's called 'Mutual Respect'.

Tejjoj

Quote from: Don Cullen on September 13, 2007, 01:45 PM
Quote from: Tejjoj on September 13, 2007, 01:38 PM
I just noticed.. I am grabbing the ServerToken from the wrong position .. It must be BNET.ServerToken = *(DWORD*)&data[8]; gosh ..

Glad to hear you solved it. :)

Thanks for all your help. This is a great community it works now fine :]