• Welcome to Valhalla Legends Archive.
 

WarCraft 3 Connection/Login Packets

Started by Anubis, July 01, 2004, 01:01 PM

Previous topic - Next topic

iago

Quote from: BaDDBLooD on July 01, 2004, 03:35 PM
You shouldn't post whole packetlog's ( they include valuable data like username/password/cdkey ) which can be Extracted via some sneaky people crawling around these forums ^_^

War3's login is designed in such a way that the password can't be bruteforced, no matter how much time you have.  SRP makes it impossible.

For some info, see Userloser's link:
http://www.userloser.net/packetref/nlspackets.asp

This'll make an interesting test for broken AV:
QuoteX5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*


BaDDBLooD

There are only two kinds of people who are really fascinating: people who know absolutely everything, and people who know absolutely nothing.

ChR0NiC

Quote from: iago on July 07, 2004, 01:13 PM
For some info, see Userloser's link:
http://www.userloser.net/packetref/nlspackets.asp

Yay, no more having to look through that ugly ProtoSpec for 0x52 - 0x56 Packet Information :P

UserLoser.

Quote from: iago on July 07, 2004, 01:13 PM
Quote from: BaDDBLooD on July 01, 2004, 03:35 PM
You shouldn't post whole packetlog's ( they include valuable data like username/password/cdkey ) which can be Extracted via some sneaky people crawling around these forums ^_^

War3's login is designed in such a way that the password can't be bruteforced, no matter how much time you have.  SRP makes it impossible.

For some info, see Userloser's link:
http://www.userloser.net/packetref/nlspackets.asp



Bah, should finish all the pages :)

Maddox

Quote from: iago on July 07, 2004, 01:13 PM
Quote from: BaDDBLooD on July 01, 2004, 03:35 PM
You shouldn't post whole packetlog's ( they include valuable data like username/password/cdkey ) which can be Extracted via some sneaky people crawling around these forums ^_^

War3's login is designed in such a way that the password can't be bruteforced, no matter how much time you have.  SRP makes it impossible.

For some info, see Userloser's link:
http://www.userloser.net/packetref/nlspackets.asp



Some of those are incorrect.
asdf.

ChR0NiC

#20
Like which ones?? I would like to know, before I attempt to do anything and result in one of those blasted IP Bans >:(

Quote
S => C

(BYTE) Ladder type
(WORD) *How many bytes all of the packets are
(WORD) *How many bytes this packet is
(WORD) *How many bytes have not been recieved yet in other packets
(WORD) Always zero, except in the last packet recieved from the server includes a zero-based rank of the starting entries recieved
(WORD) Unknown (0)
(VOID) Ladder data
* Excludes the first byte of the packet, and it's first 5 WORDs.

Format of ladder data

(DWORD) Experience
(DWORD) Unknown (0)
(BYTE) Character class
(BYTE) Character name prefix
(WORD) Character level
(STRING) **Character name
Possible character classes:

0x00: Amazon
0x01: Sorceress
0x02: Necromancer
0x03: Paladin
0x04: Barbarian
0x05: Druid
0x06: Assassin
Character name prefixes are the same as they appear in statstring.

** Always 16 BYTEs long; if the character name is less than 15 characters, it is followed with null BYTEs.

The server may send you multiple amounts of these packets for one request. It's up to you to figure out which data goes where, usually you have to concatnate the packets recieved in a backwards order; so the last packet recieved would be the first part of the buffer to be parsed while the first packet recieved is the last part of the buffer to be parsed.

This one confused me a little bit, where it said
Quote
* Excludes the first byte of the packet, and it's first 5 WORDs.

Cuz I don't know if it's referring to the overall packet or each Ladder Data. And if either, are we talking about the beginning or end of the packet?

I realize that if I would just take the time to try and plug that format into one of my packet logs it probably wouldn't be too hard to figure out, but not everyone is able to do this and not everyone is blessed with WPE Pro (being that it can only be used on Win XP)

dxoigmn

Quote from: ChR0NiC on July 10, 2004, 01:14 PM
Like which ones?? I would like to know, before I attempt to do anything and result in one of those blasted IP Bans >:(

Quote
S => C

(BYTE) Ladder type
(WORD) *How many bytes all of the packets are
(WORD) *How many bytes this packet is
(WORD) *How many bytes have not been recieved yet in other packets
(WORD) Always zero, except in the last packet recieved from the server includes a zero-based rank of the starting entries recieved
(WORD) Unknown (0)
(VOID) Ladder data
* Excludes the first byte of the packet, and it's first 5 WORDs.

Format of ladder data

(DWORD) Experience
(DWORD) Unknown (0)
(BYTE) Character class
(BYTE) Character name prefix
(WORD) Character level
(STRING) **Character name
Possible character classes:

0x00: Amazon
0x01: Sorceress
0x02: Necromancer
0x03: Paladin
0x04: Barbarian
0x05: Druid
0x06: Assassin
Character name prefixes are the same as they appear in statstring.

** Always 16 BYTEs long; if the character name is less than 15 characters, it is followed with null BYTEs.

The server may send you multiple amounts of these packets for one request. It's up to you to figure out which data goes where, usually you have to concatnate the packets recieved in a backwards order; so the last packet recieved would be the first part of the buffer to be parsed while the first packet recieved is the last part of the buffer to be parsed.

This one confused me a little bit, where it said
Quote
* Excludes the first byte of the packet, and it's first 5 WORDs.

Cuz I don't know if it's referring to the overall packet or each Ladder Data. And if either, are we talking about the beginning or end of the packet?

I realize that if I would just take the time to try and plug that format into one of my packet logs it probably wouldn't be too hard to figure out, but not everyone is able to do this and not everyone is blessed with WPE Pro (being that it can only be used on Win XP)

I'm pretty sure this is the correct way to parse the ladder data for Diablo II.  I messaged UserLoser with this information but I don't know if he received it and he hasn't updated his site to reflect the changes.

You receive the packets in the following manner. Each time you receive data you should append to the ladder data to any other data you already receive in another buffer.  When you've receive the full ladder data, then you move on to parsing it.

(BYTE) Ladder Type
(WORD) Ladder Data Full Length
(WORD) Ladder Data Current Recv Length
(WORD) Ladder Data Already Recv Length
(VOID) Ladder Data

After recieve the full ladder data then you parse that data as follows:

--- Ladder Data ---
(DWORD) Rank Start
(DWORD) Number of Player Records
(DWORD) Rank End
(VOID) Player Records

This is the structure for each player record.  I'm pretty sure that is a QWORD (2 DWORDS), however I am not entirely sure.  Perhaps someone can correct this?
--- Player Record ---
(QWORD) Experience
(BYTE) Class
(BYTE) Title
(BYTE) Level
(BYTE) Unknown
(STRING) Character (padded to 16 bytes)

iago

Quote from: GoSuGaMING on July 10, 2004, 09:18 PM
Quote from: Eibro[yL] on July 10, 2004, 09:17 PM
Quote from: GoSuGaMING on July 10, 2004, 09:09 PM
I'm not that dumb to leak that :P  ;D
What, you mean this?

yeah but it uses a modified SRP code...

Not really.  

Incidentally, that link you posted is Arta's cdkey decode.  Where'd you get it from?
This'll make an interesting test for broken AV:
QuoteX5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*


Maddox

Quote from: iago on July 11, 2004, 02:05 AM
Quote from: GoSuGaMING on July 10, 2004, 09:18 PM
Quote from: Eibro[yL] on July 10, 2004, 09:17 PM
Quote from: GoSuGaMING on July 10, 2004, 09:09 PM
I'm not that dumb to leak that :P  ;D
What, you mean this?

yeah but it uses a modified SRP code...

Not really.  

Incidentally, that link you posted is Arta's cdkey decode.  Where'd you get it from?

No, it's not. It's mine, and an old one at that. The 2nd function is different however.
asdf.

UserLoser.

#24
I wish I'd stop getting blamed for this.  Apparently I gave this out sometime over the last few days (which I didn't), but all you newbies who all have me on AIM and bug me 24/7 should have known that I've obviously had an away message on almost 24/7 for the last week, saying i'm on Warcraft III.  I didn't give out this code, I never had full Madd0x cdkey decode, nor do I use his cdkey decode; so stop blaming and pointing at me Clan Exile and fellow newbie programmers.

BinaryzL

#25
Quote from: UserLoser. on July 11, 2004, 04:07 AM
I wish I'd stop getting blamed for this.  Apparently I gave this out sometime over the last few days (which I didn't), but all you newbies who all have me on AIM and bug me 24/7 should have known that I've obviously had an away message on almost 24/7 for the last week, saying i'm on Warcraft III.  I didn't give out this code, I never had full Madd0x cdkey decode, nor do I use his cdkey decode; so stop blaming and pointing at me Clan Exile and fellow newbie programmers.

Yeah, he didn't give it out nor do I know who did.