Valhalla Legends Archive

I'm attempting to make a bot with WAR3 hashing... So, I have packet logged WarCraft 3 and found a few different packets. I connected 2 times while packet logging and here's the different packets:

First Connect:
Packet #8 (The packet that showed up 8th) starts with:
00 00 00 00 00 46 37 7B 91 E7 C3 01 16 08 B0 00 .....F7{........

Packet #9 starts with:
FF 51 86 00 2B 07 B0 00 9C 0F 00 01 C2 7B E4 ED .Q..+........{..

Second Connect:
Packet #8 starts with:
00 00 00 00 00 81 8F 83 91 E7 C3 01 AD C7 BD 00 ...............

Packet #9 starts with:
FF 51 86 00 D3 C6 BD 00 9C 0F 00 01 C4 0F 19 BC .Q.............

Could anyone please tell me what these packets are (0xXX)? Also, what would these packets contain and what would make them change each connect?

Any help is much appreciated. Thanks

Quote from: Anubis on July 01, 2004, 01:01 PM
I'm attempting to make a bot with WAR3 hashing... So, I have packet logged WarCraft 3 and found a few different packets. I connected 2 times while packet logging and here's the different packets:

First Connect:
Packet #8 (The packet that showed up 8th) starts with:
00 00 00 00 00 46 37 7B 91 E7 C3 01 16 08 B0 00 .....F7{........

Packet #9 starts with:
FF 51 86 00 2B 07 B0 00 9C 0F 00 01 C2 7B E4 ED .Q..+........{..

Second Connect:
Packet #8 starts with:
00 00 00 00 00 81 8F 83 91 E7 C3 01 AD C7 BD 00 ...............

Packet #9 starts with:
FF 51 86 00 D3 C6 BD 00 9C 0F 00 01 C4 0F 19 BC .Q.............

Could anyone please tell me what these packets are (0xXX)? Also, what would these packets contain and what would make them change each connect?

Any help is much appreciated. Thanks

Best of wishes to you.... there are some stuff about war3 hashing ( tables *arrays*) ect on the forum already... you can do a search on them and that may be some help to get you started...


Packet #9 starts with:
FF 51 86 00 2B 07 B0 00 9C 0F 00 01 C2 7B E4 ED .Q..+........{..

FF 51 = Header

the packet is in the header... &H51 or 0x51

so then would packet 00 00 00 00 00 46 37 7B 91 E7 C3 01 16 08 B0 00 be 0x00? Packets are so confusing  

Quote from: Anubis on July 01, 2004, 01:13 PM
so then would packet 00 00 00 00 00 46 37 7B 91 E7 C3 01 16 08 B0 00 be 0x00? Packets are so confusing  

&H0 but i think thats what bnet sent to you on recieve... use WPE Pro and post the packet log and i will help you..

Whenever I copy the packets from WPE it coemes out like this (Also, here's the whole packet):

00 00 00 00 00 46 37 7B 91 E7 C3 01 16 08 B0 00 1A 00 00 00 0E 00 00 00 15 E0 1F 00 00 00 00 00 29 92 82 38 CB AE C1 F3 BB 0D 1E 61 BF 31 A9 01 ED 94 BF 7B 49 58 38 36 76 65 72 33 2E 6D 70 71 00

And the text for it is:

.....F7{........................)..8.......a.1.....{IX86ver3.mpq.

Quote from: Anubis on July 01, 2004, 01:22 PM
Whenever I copy the packets from WPE it coemes out like this (Also, here's the whole packet):

00 00 00 00 00 46 37 7B 91 E7 C3 01 16 08 B0 00 1A 00 00 00 0E 00 00 00 15 E0 1F 00 00 00 00 00 29 92 82 38 CB AE C1 F3 BB 0D 1E 61 BF 31 A9 01 ED 94 BF 7B 49 58 38 36 76 65 72 33 2E 6D 70 71 00

And the text for it is:

.....F7{........................)..8.......a.1.....{IX86ver3.mpq.

it should tell you send / recieve...


heres an example

Quote
1  Hide  Hide  67  Send  
0000  01 FF 50 3A 00 00 00 00 00 36 38 58 49 50 58 45    ..P:.....68XIPXE
0010  53 C9 00 00 00 00 00 00 00 00 00 00 00 00 00 00    S...............
0020  00 00 00 00 00 00 00 00 00 55 53 41 00 55 6E 69    .........USA.Uni
0030  74 65 64 20 53 74 61 74 65 73 00 FF 25 08 00 00    ted States..%...
0040  00 00 00                                           ...

2  Hide  Hide  8  Recv  
0000  FF 25 08 00 19 98 BC BF                            .%......

3  Hide  Hide  99  Recv  
0000  FF 50 63 00 00 00 00 00 7A 5F 1F 3A 42 99 00 00    .Pc.....z_.:B...
0010  00 81 8F 83 91 E7 C3 01 49 58 38 36 76 65 72 37    ........IX86ver7
0020  2E 6D 70 71 00 41 3D 33 36 39 38 35 30 33 35 30    .mpq.A=369850350
0030  20 42 3D 37 36 34 39 39 31 32 34 36 20 43 3D 34     B=764991246 C=4
0040  37 39 36 38 30 34 35 38 20 34 20 41 3D 41 5E 53    79680458 4 A=A^S
0050  20 42 3D 42 5E 43 20 43 3D 43 2B 41 20 41 3D 41     B=B^C C=C+A A=A
0060  5E 42 00      

how do u make etneral show what is sent and what is recv i could never find it

How do I copy the whole thing? I can't seem to find a copy button around there...

Oh and do you want me to paste everything logged or just packet 8?

i think he wants the full thing and also there is a save log to txt file

Oh, sorry I didn't see the save to txt/log... Anyway here's the full log:

1  0.0.0.0:1380  :0  35  SendTo  
0000  00 03 01 00 00 01 00 00 00 00 00 00 06 75 73 77    .............usw
0010  65 73 74 06 62 61 74 74 6C 65 03 6E 65 74 00 00    est.battle.net..
0020  01 00 01                                           ...

2  :0  0.0.0.0:1380  387  RecvFrom  
0000  00 03 81 80 00 01 00 0C 00 04 00 04 06 75 73 77    .............usw
0010  65 73 74 06 62 61 74 74 6C 65 03 6E 65 74 00 00    est.battle.net..
0020  01 00 01 C0 0C 00 01 00 01 00 00 01 47 00 04 3F    ............G..?
0030  F1 53 6F C0 0C 00 01 00 01 00 00 01 47 00 04 3F    .So.........G..?
0040  F1 53 70 C0 0C 00 01 00 01 00 00 01 47 00 04 3F    .Sp.........G..?
0050  F1 53 07 C0 0C 00 01 00 01 00 00 01 47 00 04 3F    .S..........G..?
0060  F1 53 08 C0 0C 00 01 00 01 00 00 01 47 00 04 3F    .S..........G..?
0070  F1 53 09 C0 0C 00 01 00 01 00 00 01 47 00 04 3F    .S..........G..?
0080  F1 53 0B C0 0C 00 01 00 01 00 00 01 47 00 04 3F    .S..........G..?
0090  F1 53 0C C0 0C 00 01 00 01 00 00 01 47 00 04 3F    .S..........G..?
00A0  F1 53 0D C0 0C 00 01 00 01 00 00 01 47 00 04 3F    .S..........G..?
00B0  F1 53 6B C0 0C 00 01 00 01 00 00 01 47 00 04 3F    .Sk.........G..?
00C0  F1 53 6C C0 0C 00 01 00 01 00 00 01 47 00 04 3F    .Sl.........G..?
00D0  F1 53 6D C0 0C 00 01 00 01 00 00 01 47 00 04 3F    .Sm.........G..?
00E0  F1 53 6E C0 13 00 02 00 01 00 00 1A 93 00 0C 09    .Sn.............
00F0  65 75 72 2D 67 75 61 72 64 C0 13 C0 13 00 02 00    eur-guard.......
0100  01 00 00 1A 93 00 0C 09 6B 6F 72 2D 67 75 61 72    ........kor-guar
0110  64 C0 13 C0 13 00 02 00 01 00 00 1A 93 00 0C 09    d...............
0120  75 73 65 2D 67 75 61 72 64 C0 13 C0 13 00 02 00    use-guard.......
0130  01 00 00 1A 93 00 0C 09 75 73 77 2D 67 75 61 72    ........usw-guar
0140  64 C0 13 C0 EF 00 01 00 01 00 01 38 7A 00 04 D5    d..........8z...
0150  F8 6A FB C1 07 00 01 00 01 00 01 38 7A 00 04 D3    .j.........8z...
0160  E9 00 7B C1 1F 00 01 00 01 00 00 8E 8C 00 04 3F    ..{............?
0170  F0 CA B2 C1 37 00 01 00 01 00 01 38 7A 00 04 3F    ....7......8z..?
0180  F1 53 3B                                           .S;

3  10.0.0.4:1381  63.241.83.107:6112  1  Send  
0000  01                                                 .

4  10.0.0.4:1381  63.241.83.107:6112  58  Send  
0000  FF 50 3A 00 00 00 00 00 36 38 58 49 50 58 33 57    .P:.....68XIPX3W
0010  0F 00 00 00 53 55 6E 65 0A 00 00 04 68 01 00 00    ....SUne....h...
0020  09 04 00 00 09 04 00 00 55 53 41 00 55 6E 69 74    ........USA.Unit
0030  65 64 20 53 74 61 74 65 73 00                      ed States.

5  10.0.0.4:1381  63.241.83.107:6112  8  Send  
0000  FF 25 08 00 D0 8C 21 A7                            .%....!.

6  10.0.0.4:1382  63.241.83.107:6112  1  Send  
0000  02                                                 .

7  10.0.0.4:1382  63.241.83.107:6112  20  Send  
0000  14 00 00 02 36 38 58 49 50 58 33 57 00 00 00 00    ....68XIPX3W....
0010  00 00 00 00                                        ....

8  10.0.0.4:1382  63.241.83.107:6112  65  Send  
0000  00 00 00 00 00 46 37 7B 91 E7 C3 01 16 08 B0 00    .....F7{........
0010  1A 00 00 00 0E 00 00 00 15 E0 1F 00 00 00 00 00    ................
0020  29 92 82 38 CB AE C1 F3 BB 0D 1E 61 BF 31 A9 01    )..8.......a.1..
0030  ED 94 BF 7B 49 58 38 36 76 65 72 33 2E 6D 70 71    ...{IX86ver3.mpq
0040  00                                                 .

Edit: I noticed there's only one receive packet. Why isn't there more listed?

Edit2: Took some advice from another post

You shouldn't post whole packetlog's ( they include valuable data like username/password/cdkey ) which can be Extracted via some sneaky people crawling around these forums ^_^

Joyous days I can see Gosu is not only being not helpful, he's providing incorrect information.


Anubis, you're off to a good start.  You have the right idea.

Here's what happens when a Warcraft client connects to Battle.net:

Sent: the byte value 0x01, or just 1.  This identifies to Battle.net that you are using the binary/game protocol.  This is the only transmission that doesn't conform to the packet header format (see below).
Sent: Packet 0x50, SID_AUTH_INFO, documented in BnetDocs.
Recv: Packet 0x50, SID_AUTH_INFO, 0x25, SID_PING.
Sent: 0x25 SID_PING (optional), 0x51, SID_AUTH_CHECK
Recv: Packet 0x51, SID_AUTH_CHECK

How you go from here varies based on what you do at the login screen.  But, SID_AUTH_CHECK verifies your cd-key(s).

Packet headers for Battle.net are in the following format:

BYTE   0xff (constant)
BYTE   packet ID
WORD   packet length

The rest of the packet data comes after that.

If a packet doesn't begin with 0xff, it's either a continuation (unlikely -- Ethereal will tell you if that's the case), or it's not part of the BNCS (Battle.net Chat Server) protocol communication.  It might be DNS resolution or something like that.

I've found that Ethereal does a really good job about keeping data apart from the TCP headers, and it starts typically around offset 0x37 if I recall correctly.  That's what you want to look at -- ignore the first part of packet headers.  Go strictly for the data, which it looks like that's what you've been copying.

Anyway, I would suggest checking out the BNLS Protocol Spec, which contains information about packets 0x50, 0x51, and the other Warcraft-III-related packets which aren't contained in the public section of BnetDocs, which I also highly recommend.  This is the information you'll need to emulate the Warcraft III client, and unless you have the hashing algorithms, you'll probably end up using BNLS.

Also, read the private message I'm about to send you.

Quote from: BaDDBLooD on July 01, 2004, 03:35 PM
You shouldn't post whole packetlog's ( they include valuable data like username/password/cdkey ) which can be Extracted via some sneaky people crawling around these forums ^_^

*looks around for 0x3A*

Nope he's just fine -.-

I meant, posting whole packetlog's is dangerous in general.

Quote from: Myndfyre on July 01, 2004, 03:36 PM
Joyous days I can see Gosu is not only being not helpful, he's providing incorrect information.

Sent: the byte value 0x01, or just 1.  This identifies to Battle.net that you are using the binary/game protocol.  This is the only transmission that doesn't conform to the packet header format (see below).
Sent: Packet 0x50, SID_AUTH_INFO, documented in BnetDocs.
Recv: Packet 0x50, SID_AUTH_INFO, 0x25, SID_PING.
Sent: 0x25 SID_PING (optional), 0x51, SID_AUTH_CHECK
Recv: Packet 0x51, SID_AUTH_CHECK

Packet headers for Battle.net are in the following format:

BYTE   0xff (constant)
BYTE   packet ID
WORD   packet length
BnetDocs, which I also highly recommend.  This is the information you'll need to emulate the Warcraft III client, and unless you have the hashing algorithms, you'll probably end up using BNLS.

I'm trying to send the 0x50 packet with the BufferPacket class made by darkminion... I've done everything up to these instruction but I'm not getitng a response in vb winsock.

This DataArrival event in vb for winsock... I'm not recieving anything at all omg

Private Sub SID_AUTH_INFO()
   Dim PBuf As New PacketBuffer
   PBuf.InsertDWORD 0
   PBuf.InsertNonNTString "68XI"
   PBuf.InsertNonNTString "RATS"
   PBuf.InsertDWORD &HC9
   PBuf.InsertDWORD 0
   PBuf.InsertDWORD 0
   PBuf.InsertDWORD 0
   PBuf.InsertDWORD 0
   PBuf.InsertDWORD 0
   PBuf.InsertNTString "USA"
   PBuf.InsertNTString "United States"
   PBuf.SendPacket ws, &H50
   
End Sub

I don't think anything is wrong!  I"m not getitng a response goddamnit.

Am I not suppose to use this DataArrival event or something b/c everything I try I get nothing from it!