• Welcome to Valhalla Legends Archive.
 

invalid game version - log included

Started by aton, July 17, 2008, 08:44 AM

Previous topic - Next topic

aton

i tried to figure out my mistake for some hours now, but i dont get it:

resolving europe.battle.net...success
connected to europe.battle.net
snd SID_AUTH_INFO
[15:39:22] [+] 52 bytes:
0000: ff 50 34 00 00 00 00 00 36 38 58 49 50 58 45 53  .P4.....68XIPXES
0010: d1 00 00 00 45 44 65 64 00 00 00 00 00 00 00 00  ....EDed........
0020: 00 00 00 00 00 00 00 00 44 45 55 00 47 65 72 6d  ........DEU.Germ
0030: 61 6e 79 00                                      any.

datalen: 8, packet: 8
single packet!
parsing packet of 8 bytes
[15:39:22] [+] 8 bytes:
0000: ff 25 08 00 dc 7e a2 8d                          .%...~..

recvd SID_PING (0x25)
snd SID_PING (0x25)
datalen: 62, packet: 62
single packet!
parsing packet of 62 bytes
[15:39:22] [+] 62 bytes:
0000: ff 50 3e 00 00 00 00 00 e4 23 47 b1 1c 3c 05 00  .P>......#G..<..
0010: 00 f8 0b ce 72 fc c6 01 6c 6f 63 6b 64 6f 77 6e  ....r...lockdown
0020: 2d 49 58 38 36 2d 30 38 2e 6d 70 71 00 a7 70 28  -IX86-08.mpq..p(
0030: d8 4c f2 dd d8 0c 6f ea e7 4e 4d c1 49 00        .L....o..NM.I.

recv SID_AUTH_INFO (0x50)
ix86verfname: lockdown-IX86-08.mpq
valuestring: a77028d84cf2ddd8c6feae74e4dc149
extracted number: 8
calculating revision checksum from "hashfiles/lockdown-IX86-08.dll"... 8e70b007
version: 10f0201
digest: e4545c97e1fd524a582f4ccc5c5d3dc9
decoding cdkey... snd SID_AUTH_CHECK (0x51)
[15:39:24] [+] 108 bytes:
0000: ff 51 6c 00 de ad be ef 01 00 0b 00 07 b0 70 8e  .Ql...........p.
0010: 01 00 00 00 00 00 00 00 0d 00 00 00 02 00 00 00  ................
0020: 01 69 31 00 00 00 00 00 97 a5 b5 59 cd 47 40 f0  .i1........Y.G@.
0030: 0f 92 1f 4b 06 35 e2 9f d5 e0 c2 d2 73 74 61 72  ...K.5......star
0040: 63 72 61 66 74 2e 65 78 65 20 31 36 2f 30 37 2f  craft.exe 16/07/
0050: 30 38 20 31 37 3a 34 35 3a 32 37 20 31 32 32 30  08 17:45:27 1220
0060: 36 30 38 00 63 68 69 6e 2e 66 75 00              608.chin.fu.

datalen: 9, packet: 9
single packet!
parsing packet of 9 bytes
[15:39:24] [+] 9 bytes:
0000: ff 51 09 00 01 01 00 00 00                       .Q.......

recvd SID_AUTH_CHECK (0x51)
[15:39:24] [X] error: bnetlogin() failed: invalid game version


i am using bncsutil to do the key decoding and the lockdown library that rob posted

brew

Quote from: UserLoser on July 16, 2008, 02:54 PM
SID_AUTH_CHECK looks like it's supplying wrong values for the file hash (string before CD-key owner name)
way to ignore ul...

How are you getting your exe info string?
<3 Zorm
Quote[01:08:05 AM] <@Zorm> haha, me get pussy? don't kid yourself quik
Scio te esse, sed quid sumne? :P

Barabajagal

"starcraft.exe 16/07/08 17:45:27 1220608" is not a lockdown result, it's a ver result. Here's a good snippet to help you with using rob's lockdown dll:

    If InStr(LCase$(dllName), "ix86ver") > 0 Then 'Way Old
      CRet = CheckRevisionA(HashFiles(0), HashFiles(1), HashFiles(2), CRevRequest, EXEVersion, Checksum, CRevResult, dllName)
    ElseIf InStr(LCase$(dllName), "ver-ix86") > 0 Then 'D2/W3
      CRet = CheckRevisionB(HashFiles(0), HashFiles(1), HashFiles(2), CRevRequest, EXEVersion, Checksum, CRevResult, dllName)
    Else 'Lockdown
      CRet = CheckRevisionEx(HashFiles(0), HashFiles(1), HashFiles(2), CRevRequest, EXEVersion, Checksum, CRevResult, SettingsFolder & "\Tmp\MPQs\" & dllName, vbNullString, HashFiles(3))
    End If

aton

#3
i just hardcoded the exe info into that packet...

andi, i am using only the third of your possibilities:

if(!CheckRevision(fnames[0], fnames[1], fnames[2], valuestring, &version, &checksum, digest, ix86verfname, fnames[3]))


fnames[0] is "Starcraft.exe"
fnames[1] is "storm.dll"
fnames[2] is "battle.snp"
valuestring is a 16 byte hex value (from the 0x50 packet)
version is the variable that will hold the version that checkrevision gives me
checksum is the variable that will hold the checksum that checkrevision gives me
digest
ix86verfname is "lockdown-IX86-xx.dll" (from the 0x50 packet)
fnames[3] is "STAR.bin" (screendump)

brew

Well, that exe info string should be the "digest".
<3 Zorm
Quote[01:08:05 AM] <@Zorm> haha, me get pussy? don't kid yourself quik
Scio te esse, sed quid sumne? :P

aton

ah, i didnt know that. this is what i have now, i insert the digest instead of my selfmade string:

resolving europe.battle.net...success
connected to europe.battle.net
snd SID_AUTH_INFO
[00:18:42] [+] 52 bytes:
0000: ff 50 34 00 00 00 00 00 36 38 58 49 50 58 45 53  .P4.....68XIPXES
0010: d1 00 00 00 45 44 65 64 00 00 00 00 00 00 00 00  ....EDed........
0020: 00 00 00 00 00 00 00 00 44 45 55 00 47 65 72 6d  ........DEU.Germ
0030: 61 6e 79 00                                      any.

datalen: 8, packet: 8
single packet!
parsing packet of 8 bytes
[00:18:42] [+] 8 bytes:
0000: ff 25 08 00 ee c4 33 f0                          .%....3.

recvd SID_PING (0x25)
snd SID_PING (0x25)
datalen: 62, packet: 62
single packet!
parsing packet of 62 bytes
[00:18:42] [+] 62 bytes:
0000: ff 50 3e 00 00 00 00 00 41 31 d8 54 da 70 06 00  .P>.....A1.T.p..
0010: 00 52 6e d0 72 fc c6 01 6c 6f 63 6b 64 6f 77 6e  .Rn.r...lockdown
0020: 2d 49 58 38 36 2d 30 39 2e 6d 70 71 00 18 0a 95  -IX86-09.mpq....
0030: 4c e1 f1 d9 24 05 e3 41 75 56 31 4f 4c 00        L...$..AuV1OL.

recv SID_AUTH_INFO (0x50)
ix86verfname: lockdown-IX86-09.mpq
valuestring: 18a954ce1f1d9245e3417556314f4c
extracted number: 9
calculating revision checksum from "hashfiles/lockdown-IX86-09.dll"... f7c21f00
version: 10f0201
digest: 0a6e356a9df3a2ca4ed8620fcd69031002
decoding cdkey... snd SID_AUTH_CHECK (0x51)
[00:18:43] [+] 86 bytes:
0000: ff 51 56 00 de ad be ef 01 00 0b 00 00 1f c2 f7  .QV.............
0010: 01 00 00 00 00 00 00 00 0d 00 00 00 02 00 00 00  ................
0020: 01 69 31 00 00 00 00 00 17 ac e7 a2 89 b1 e8 6b  .i1............k
0030: 05 db e3 a3 eb 9f 1a ac ff 06 5c 52 0a 6e 35 6a  ..........\R.n5j
0040: 9d f3 a2 ca 4e d8 62 0f cd 69 03 10 02 00 63 68  ....N.b..i....ch
0050: 69 6e 2e 66 75 00                                in.fu.

datalen: 9, packet: 9
single packet!
parsing packet of 9 bytes
[00:18:43] [+] 9 bytes:
0000: ff 51 09 00 01 01 00 00 00                       .Q.......

recvd SID_AUTH_CHECK (0x51)
[00:18:43] [X] error: bnetlogin() failed: invalid game version


i still need the cdkey owner "chin.fu", right?

aton

ah i got it, my last mistake was a wrong exeVersion value.

pkt_insertdword(&tcppacket, 0x0f010102); // exeVersion


do i have to sniff this value for each patch? like the version byte?

Barabajagal

ExeVersion is already extracted in your code as "&version".

aton