MBNCSUtil's [NLS]

iNsaNe · May 03, 2007, 12:08 AM

Okay, I've been connecting using Warcraft 3 RoC. I've been receiving a successfull SID_AUTH_ACCOUNTLOGON (0x53) everytime using MBNCSUtil's NLS.

When I go to use the same NLS instance I've created and use it to LoginProof or CreateAccount, neither of those work. Sort of like my other coding problems where the code just stops executing, and the NLS is returning no value, and the code is not moving on to the next statement. I receive no errors, my Salt and ServerKey are both 32 dimension byte arrays. The MBNCSUtil.INls.Com is initialized, and my username and password are there. The modulus, generator, etc.. is there.

Here's my packet log:

Code Select


C -> S 0x50:
0030                        ff 50 3a 00 00 00 00 00 36  ........P:.....6
0040   38 58 49 33 52 41 57 15 00 00 00 00 00 00 00 00  8XI3RAW.........
0050   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 55  ...............U
0060   53 41 00 55 6e 69 74 65 64 20 53 74 61 74 65 73  SA.United States
0070   00                                               .

S -> C 0x25:
0030                           ff 25 08 00 7f 14 23 a9  .......%....#.

S -> C 0x50:
0030                     ff 50 e7 00 02 00 00 00 f3 6e  .......P.......n
0040   ec 0e 89 fd 46 00 00 20 58 7d 99 cb c6 01 76 65  ....F.. X}....ve
0050   72 2d 49 58 38 36 2d 33 2e 6d 70 71 00 43 3d 32  r-IX86-3.mpq.C=2
0060   38 35 38 38 32 37 35 35 35 20 42 3d 32 39 37 39  858827555 B=2979
0070   32 39 33 32 38 37 20 41 3d 37 34 34 30 36 36 32  293287 A=7440662
0080   37 38 20 34 20 41 3d 41 2b 53 20 42 3d 42 2b 43  78 4 A=A+S B=B+C
0090   20 43 3d 43 5e 41 20 41 3d 41 5e 42 00 1e 16 a0   C=C^A A=A^B....
00a0   13 ec 24 8e 86 cd bd 6f 2b 31 d8 c5 de f4 c7 7d  ..$....o+1.....}
00b0   d3 bd 49 71 33 43 db c1 e2 2e d9 51 ad 40 67 e8  ..Iq3C.....Q.@g.
00c0   2c ba 0e 3c 92 8b 04 5f be 2b 74 f4 4a 7e 02 24  ,..<..._.+t.J~.$
00d0   ba 3d 35 9f 04 78 40 f4 86 da 83 49 9a 56 c4 50  [email protected]
00e0   01 7b 36 cb 78 d1 da b5 2a c3 f5 ae 52 98 b5 4c  .{6.x...*...R..L
00f0   86 89 f0 2e 60 f1 b3 18 07 54 13 5b c6 5f bc 5c  ....`....T.[._.\
0100   17 19 16 6f a7 54 d0 c9 b0 8e 25 3c d8 e0 af 7b  ...o.T....%<...{
0110   6c 54 58 e9 b5 29 b3 13 d8 a4 66 13 16           lTX..)....f..

C -> S 0x51:
0030                     ff 51 9a 00 80 00 73 01 77 18  ..k....Q....s.w.
0040   15 01 ed 2e 46 22 01 00 00 00 00 00 00 00 1a 00  ....F"..........
0050   00 00 0e 00 00 00 0a 66 70 00 00 00 00 00 16 b8  .......fp.......
0060   1b 6d fe bf a6 6b e8 2d 67 b9 6c 75 39 52 c0 0b  .m...k.-g.lu9R..
0070   28 c7 43 3a 2f 50 72 6f 67 72 61 6d 20 46 69 6c  (.C:/Program Fil
0080   65 73 2f 57 61 72 63 72 61 66 74 20 49 49 49 2f  es/Warcraft III/
0090   77 61 72 33 2e 65 78 65 20 31 32 2f 32 38 2f 30  war3.exe 12/28/0
00a0   36 20 32 30 3a 33 35 3a 32 31 20 31 35 37 32 33  6 20:35:21 15723
00b0   30 37 00 42 4e 69 2d 50 6f 77 65 52 2e 20 2d 20  07.BNi-PoweR. - 
00c0   49 6e 66 69 6e 69 74 65 20 42 6f 74 20 76 31 00  Infinite Bot v1.
00d0  
S -> C 0x51:
0030                        ff 51 09 00 00 00 00 00 00  .*'H...Q.......

C -> S 0x53:
0030                     ff 53 2f 00 69 4d 5c e4 0f 01  ..t[...S/.iM\...
0040   49 29 fc 7d 3e 9c c5 0d d2 6a 9f d4 ca 21 1a e3  I).}>....j...!..
0050   b9 b5 26 4d 5a 6d 68 ef ae 37 42 4e 69 2d 50 6f  ..&MZmh..7BNi-Po
0060   77 65 52 2e 00                                   weR..

S -> C 0x53:
0030                     ff 53 48 00 00 00 00 00 85 f3  .......SH.......
0040   1b 84 20 8b 1e f6 8f 4c b2 7f ec 0d 49 90 40 f0  .. ....L....I.@.
0050   4f 01 75 b4 7f 2f c3 46 8a b2 b7 b7 7c af ac f5  O.u../.F....|...
0060   bd de 5c d9 43 8b 1a 77 18 dd 97 0e 42 c2 22 be  ..\.C..w....B.".
0070   30 3b ed e0 23 e3 73 8f db 70 7d 1d 9f 82        0;..#.s..p}...

That's my packetlog, I don't think its relevant because the problem has to do with my code, which is here:

Code Select


        private NLS Logon;
        ...
        ...
        ...
                //...
  //...
  //0x51:
  case (byte)clsBotInfo.PacketIDs.SID_AUTH_CHECK:
                    BncsReader r0x51 = new BncsReader(Data);
                    Functions.AddChat(txtChatRoom, Color.LawnGreen, string.Format("<- Received: 0x51! - [{0} Bytes]", r0x51.Length));
                    int Result = r0x51.ReadInt32();
                    string ExtraInfo = r0x51.ReadCString();
                    switch (Result)
                    {
                        case 0x000:
                            BncsPacket p0x53 = new BncsPacket((byte)clsBotInfo.PacketIDs.SID_AUTH_ACCOUNTLOGON);
                            Logon = new NLS(biConnection.strConnectedUsername, biConnection.strConnectedPassword);
                            Logon.LoginAccount(p0x53);
       //^Works (1st Call)
                            Functions.AddChat(txtChatRoom, Color.Yellow, string.Format("-> Sending: 0x53! - [{0} Bytes]", p0x53.Count));
                            winSock.SendData(p0x53.GetData());
                            break;
      }
                //...
  //...
  //0x53:
  case (byte)clsBotInfo.PacketIDs.SID_AUTH_ACCOUNTLOGON:
                    BncsReader r0x53 = new BncsReader(Data);
                    Functions.AddChat(txtChatRoom, Color.LawnGreen, string.Format("<- Received: 0x53! - [{0} Bytes]", r0x53.Length));
                    Status = r0x53.ReadInt32();
                    switch (Status)
                    {
                        case 0x00: //Success
                            byte[] Salt = r0x53.ReadByteArray(32);
                            byte[] ServerKey = r0x53.ReadByteArray(32);
                            BncsPacket p0x54 = new BncsPacket((byte)clsBotInfo.PacketIDs.SID_AUTH_ACCOUNTLOGONPROOF);
                            Logon.LoginProof(p0x54, Salt, ServerKey);
       //^Does not execute (2nd Call)
                            //Pauses here
                            Functions.AddChat(txtChatRoom, Color.Yellow, string.Format("-> Sending: 0x54! - [{0} Bytes]", p0x54.Count));
                            winSock.SendData(p0x54.GetData());
                            break;
                        case 0x01: //Account Doesn't exist
                            BncsPacket p0x52 = new BncsPacket((byte)clsBotInfo.PacketIDs.SID_AUTH_ACCOUNTCREATE);
                            Functions.AddChat(txtChatRoom, Color.Red, string.Format("The account '{0}' does not exist.", biConnection.strConnectedUsername));
                            Functions.AddChat(txtChatRoom, Color.Red, string.Format("Attemping to create the account: '{0}' ...", biConnection.strConnectedUsername));
                            Logon.CreateAccount(p0x52);
       //^Does not execute (2nd Call)
                            //Pauses here
                            Functions.AddChat(txtChatRoom, Color.Yellow, string.Format("-> Sending: 0x52! - [{0} Bytes]", p0x52.Count));
                            winSock.SendData(p0x52.GetData());
                            break;
                    //...
                    //...
                    }
                    break;
      //...
      //...

MyndFyre · May 03, 2007, 03:10 AM

I did some research into this issue. I posted my findings about this on my blog.

I will not be releasing a hotfix to MBNCSUtil 2.0 as the current version is in beta. I will do my best to release a new version of the library with this fix within the next week. In the meantime, you can address the issue by replacing the following line of code in NLS.cs, within the function CalculateM1():

Code Select


if (verifier == null)

with

Code Select


if (object.ReferenceEquals(verifier, null))

This requires that you include the MBNCSUtil project as a project in your solution (or rebuild the library on your own). You can obtain SFmpq.dll, which is required for a complete build of MBNCSUtil 2.0, by Googling for "ShadowFlare's realm" - he calls it SFmpqAPI, or you can download it as part of WinMPQ.

It appears that your code is eating exceptions. This is a severe detriment to debugging - you should avoid this practice if possible. That's why your code is simply not executing - it branches off of a different, unseen path. (Yes, Lisp and Scheme nuts, come and point out that I'm listing one of the problems with non-functional programming).

leax · July 17, 2007, 12:39 PM

just reporting a similar problem with LoginProof() in MBNCSUtil 1.3.1.8 .NET 1.1 version

after the change was made

if (verifier == null)
with
if (object.ReferenceEquals(verifier, null))

an error occurred down the line
caught at NLS.cs : private void CalculateM1(byte[] salt, byte[] serverKey) line 579

byte[] local_k = new byte[bytes_s.Length];
for (int i = 0; i < k.Length; i++) <-------- this line, k is null
{

leax · July 18, 2007, 12:09 PM

maybe im using the LoginProof() wrongly
is there anyone out there got the NLS.LoginProof working in MBNCSUtil of any version and got the correct hashed result ?

heres my calling procedure

Code Select


'vb.NET
packet = New BncsPacket(CType(clsProtocolBNET.Protocol.SID_AUTH_ACCOUNTLOGONPROOF, Byte))
nls = New NLS(username, password) 
nls.LoginProof(packet, salt, serverkey) 'salt and serverkey are both 32 bytes long

MyndFyre · July 18, 2007, 09:00 PM

You're using it incorrectly. As the documentation clearly states, you need to call LoginAccount before calling LoginProof.

leax · July 18, 2007, 11:01 PM

I tried calling LoginAccount first then LoginProof this time, still no luck, null exception error at the same place

Code Select

            
nls = New NLS(username, password)
packet = New BncsPacket(CType(clsProtocolBNET.Protocol.SID_AUTH_ACCOUNTLOGON, Byte))
nls.LoginAccount(packet)
packet = New BncsPacket(CType(clsProtocolBNET.Protocol.SID_AUTH_ACCOUNTLOGONPROOF, Byte))
nls.LoginProof(packet, salt, serverkey)             '<------------- null exception caught inside

l2k-Shadow · July 19, 2007, 01:09 AM

I hope that that's just a code demonstration.

If that is really your code, you may want to look through the NLS login process and see when to call each of those corresponding functions, because you are doing it incorrectly.

leax · July 19, 2007, 02:41 AM

its just i been stuck on this for a few days and couldnt really get anywhere
so i tried everything to get that error to go away

for background info, im trying to convert my existing BNLS code to MBNCSUTIL and am currently working on BNLS_LOGONPROOF which is the 20 bytes length M1 Hash result normally returned by the BNLS server. so i thought the fastest way to achieve this in MBNCSUTIL is via

Code Select


nls = New NLS(username, password)
packet = New BncsPacket(CType(clsProtocolBNET.Protocol.SID_AUTH_ACCOUNTLOGON, Byte))
nls.LoginAccount(packet)

.....
BNET SID_AUTH_ACCOUNTLOGON happens here using the publickey genreated
.....

packet = New BncsPacket(CType(clsProtocolBNET.Protocol.SID_AUTH_ACCOUNTLOGONPROOF, Byte))
nls.LoginProof(packet, salt, serverkey)             '<------------- null exception caught inside here where im totally stuck

If packet.GetData().Length = 24 Then
    clientpasswordproof = New Byte(20 - 1) {}
    Array.Copy(packet.GetData(), 4, clientpasswordproof, 0, clientpasswordproof.Length)   'Extract the M1 result from the packet
    Return True
End If

i been reading the MBNCSUTIL HELP documentation, the remark section on LoginProof states i just need to call LoginAccount after the NLS instantiation and that should be enough... though my code is stuffed somehow and gives that null exception still.
so if anyone can point to me where i went wrong or where i can get further info on MBNCSUTIL usage examples and such that would be very much appreciated

thanks

*edit

found something interesting in NLS.cs CalculateM1 function line 654 - 672

Code Select


   for (int i = 0, j = 0; i < bytes_s.Length; i += 2, j++) 
   {
    even_s[j] = bytes_s[i];
    odds_s[j] = bytes_s[i + 1];
   }
   byte[] even_hash = s_sha.ComputeHash(even_s);
   byte[] odds_hash = s_sha.ComputeHash(odds_s);
   byte[] local_k = new byte[bytes_s.Length];
   for (int i = 0; i < k.Length; i++) 
   {
    if ((i & 1) == 0) 
    {
     local_k[i] = even_hash[i];
    } 
    else 
    {
     local_k[i] = odds_hash[i];
    }
   }

bytes_s is length 32 and split into even_s length 16 and odd_s length 16 which are subsequently hashed
but even_hash and odd_hash are length 20 each so if they are combined back to form local_k, then local_k's length needs to be 40 as well right
but local_k length is bytes_s length which is 32, is this a bug ?

MyndFyre · July 20, 2007, 03:07 AM

I've done a lot of tests on MBNCSUtil, against BNLS, BNCSUtil, and actually using it in my own development; not to mention that MBNCSUtil was the precursor work to my WoW client.

At this point, the machine I'm on is not equipped to deal with Battle.net development (games aren't installed, neither is a packet sniffer, etc.). It's something I can take a look at arranging this weekend.