• Welcome to Valhalla Legends Archive.
 

Connecting to bnet

Started by soccerist, April 14, 2004, 03:10 AM

Previous topic - Next topic

soccerist

When I trying to log onto battle.net, I am successful connecting to the server.  I then proceed to send the protocol byte and the 0x50 packet.  

After that I'm waiting for any packet from bnet, but none ever comes.  I'm lost as to what to try next in assessing the situation.

Any ideas or suggestions?

The ethereal log of my bot is here if it helps:
www.filebox.vt.edu/users/rluu/stuff/ethereal_log_4_13_04b

soccerist

Looking at the debug output of my program, it seems to be only getting recv's of 0 bytes.   :-\

tA-Kane

Quote from: soccerist on April 14, 2004, 03:10 AMThe ethereal log of my bot is here if it helps:
www.filebox.vt.edu/users/rluu/stuff/ethereal_log_4_13_04b
A more useful log would be one which is stored in hex.

And preferrably, even contains messages to show the differences between receiving data and sending data (for example "sending data 'xyz' ... receiving data 'abc'").
Macintosh programmer and enthusiast.
Battle.net Bot Programming: http://www.bash.org/?240059
I can write programs. Can you right them?

http://www.clan-mac.com
http://www.eve-online.com

iago

This'll make an interesting test for broken AV:
QuoteX5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*


soccerist

Ok.  My apologies.

33899 Is the port I binded to and port 6112 is bnet.


http://www.filebox.vt.edu/users/rluu/stuff/ethereal_log

synth

Right click on one of the packet titles and click "Follow TCP Stream".  It gets rid of that extra gibberish, so that all you see is from "ff 50" on.  It made things a lot easier for me.

iago

At the bottom, under filters, type this:

tcp.flags.push == 1

and hit enter.  That'll get rid of empty packets.  Do that, then repost, if you don't mind :)

The stuff before 0xFF... isn't that big of a deal since the offset into the packet is always the same.
This'll make an interesting test for broken AV:
QuoteX5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*


Adron

Quote from: iago on April 14, 2004, 10:58 AM
At the bottom, under filters, type this:

tcp.flags.push == 1

I have a log here with a whole lot of data sent in packets without push set.

iago

#8
Quote from: Adron on April 14, 2004, 11:29 AM
Quote from: iago on April 14, 2004, 10:58 AM
At the bottom, under filters, type this:

tcp.flags.push == 1

I have a log here with a whole lot of data sent in packets without push set.

hmm, that's always worked for me.  Is there a better way to filter packets without data?  I don't even know what push IS, but it seems to work :)

<edit> too cool, me and Adron posted in the same second!
This'll make an interesting test for broken AV:
QuoteX5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*


Adron

Quote

6112 > 33899 [fin, ack]  Len = 0

0000  00 09 5b 74 00 e9 00 0c  41 35 07 da 08 00 45 00   ..[t.... A5....E.
0010  00 34 b1 ad 00 00 70 06  43 aa 3f f1 53 6d c0 a8   .4....p. C.?.Sm..
0020  01 66 17 e0 84 6b f7 c9  06 34 31 fc da a2 80 11   .f...k.. .41.....
0030  ff fe 0c f4 00 00 01 01  08 0a 00 07 59 89 06 64   ........ ....Y..d
0040  0d 80        


I'd like to point out that battle.net is disconnecting you at this point...

iago

eww, you have the gamecode wrong.

SXEP != SEXP

gogo fix! :)
This'll make an interesting test for broken AV:
QuoteX5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*


Adron

#11
Quote from: iago on April 14, 2004, 11:32 AM
Quote from: Adron on April 14, 2004, 11:29 AM
I have a log here with a whole lot of data sent in packets without push set.

hmm, that's always worked for me.  Is there a better way to filter packets without data?  I don't even know what push IS, but it seems to work :)

Well, I tend to just use "follow tcp stream". The first file he posted loaded fine in Ethereal, and was easy to look at. The second file he posted had the right data easily locatable since he'd pointed out the right packet:

Quote

33899 > 6112 [psh, ack]  Len = 58
Send:  This contains my packet 0x50

0000  00 0c 41 35 07 da aa aa  03 00 00 00 08 00 45 00   ..A5.... ......E.
0010  00 6e d6 83 40 00 40 06  0e 9a c0 a8 01 66 3f f1   .n..@.@. .....f?.
0020  53 6d 84 6b 17 e0 31 fc  da 68 f7 c9 06 34 80 18   Sm.k..1. .h...4..
0030  16 d0 49 f1 00 00 01 01  08 0a 06 64 0d 80 00 07   ..I..... ...d....
0040  59 89 ff 50 3a 00 00 00  00 00 36 38 58 49 50 45   Y..P:... ..68XIPE
0050  58 53 c7 00 00 00 00 00  00 00 00 00 00 00 2c 01   XS...... ......,.
0060  00 00 09 04 00 00 09 04  00 00 55 53 41 00 55 6e   ........ ..USA.Un
0070  69 74 65 64 20 53 74 61  74 65 73 00               ited Sta tes.    




edit: Ah, good job iago, I was just about to go dig up bnetdocs and take the packet apart, but then you posted the probably correct answer :)

soccerist

Ahh, thank you so much iago & everyone else for looking at this. ;D

I was going crazy trying to figure it out.

I had all the other TCP sends with Len = 0 there because I thought that maybe one of those were causing it.  


It works now.  :)