• Welcome to Valhalla Legends Archive.
 

Need help. Logging BNet... [NOT solved]

Started by z-stars, July 22, 2004, 01:47 PM

Previous topic - Next topic
Print
|
Go Down Pages 1 2 3 4 5 ... 8
User actions

z-stars

#15
July 23, 2004, 11:30 AM Last Edit: July 23, 2004, 11:34 AM by z-stars
I'm trying to implement that code u have posted but I'm having some problems...

I have written this function...
I need to get the "x" values.
Could anyone help me to do that plz?

I don't know how to apply OnlyMeat's code cuz I dont have most of the functions / classes / overloaded operators called, and I dont have battle.snp cuz it is a d2 bot :(

Thx in advance.

Code Select

// This function is supossed to build and send the fifth packet (0x51)
int LTBNFifthPacket()
{
   // S SID_AUTH_CHECK

   int x = 0; // If it's X I dont know what to place in em.

   BYTE FirstByte = 0xFF;
   BYTE PacketID = 0x51;
   WORD PacketLen = 136;
   DWORD ClientToken = x;
   DWORD ExeVersion = 0x000A0001; // Alredy in Little Endian.
   DWORD ExeHash = x;
   DWORD CDKeyNumber = 2;
   DWORD UsingOfKeys = 0;

   DWORD Key1Len = 10;
   DWORD Key1Product = 0x06000000;
   DWORD Key1Num1 = 0x00000000; // I set this to zeros.
   DWORD Key1Unknown = 0;
   DWORD Key1HashedData[5] = {x, x, x, x, x};

   DWORD Key2Len = 10;
   DWORD Key2Product = 0x0A000000;
   DWORD Key2Num1 = 0x00000000; // I set this to zeros.
   DWORD Key2Unknown = 0;
   DWORD Key2HashedData[5] = {x, x, x, x, x};

   char * ExeInfo = "Game.exe 10/13/03 08:35:30 1198857";
   char * CDKeyOwner = "Me";
   
   int n = 0;

   // The packet itself is stored at csFifthPacket.packet and is a
   // dynamically allocated BYTE array.

   // WriteByte writes a byte to the packet. (This is the first call
   // so it will write it at packet[0].
   csFifthPacket.WriteByte(0xFF);
   csFifthPacket.WriteByte(0x51);
   // This function writes a word to the packet. If first argument is 0,
   // it will convert it to LittleEndian before writting it.
   // If it's 1, it wont.
   csFifthPacket.WriteWord(0, 136);
   // WriteDWord is like WriteWord but it writes a DWORD.
   csFifthPacket.WriteDWord(0, ClientToken);
   csFifthPacket.WriteDWord(1, ExeVersion);
   csFifthPacket.WriteDWord(0, ExeHash);
   csFifthPacket.WriteDWord(0, CDKeyNumber);
   csFifthPacket.WriteDWord(0, UsingOfKeys);

   csFifthPacket.WriteDWord(0, Key1Len);
   csFifthPacket.WriteDWord(1, Key1Product);
   csFifthPacket.WriteDWord(1, Key1Num1);
   csFifthPacket.WriteDWord(0, Key1Unknown);
   csFifthPacket.WriteDWord(0, Key1HashedData[4]);
   csFifthPacket.WriteDWord(0, Key1HashedData[3]);
   csFifthPacket.WriteDWord(0, Key1HashedData[2]);
   csFifthPacket.WriteDWord(0, Key1HashedData[1]);
   csFifthPacket.WriteDWord(0, Key1HashedData[0]);

   csFifthPacket.WriteDWord(0, Key2Len);
   csFifthPacket.WriteDWord(1, Key2Product);
   csFifthPacket.WriteDWord(1, Key2Num1);
   csFifthPacket.WriteDWord(0, Key2Unknown);
   csFifthPacket.WriteDWord(0, Key2HashedData[4]);
   csFifthPacket.WriteDWord(0, Key2HashedData[3]);
   csFifthPacket.WriteDWord(0, Key2HashedData[2]);
   csFifthPacket.WriteDWord(0, Key2HashedData[1]);
   csFifthPacket.WriteDWord(0, Key2HashedData[0]);

   // Writes an string and a null terminator.
   csFifthPacket.WriteString(ExeInfo);
   csFifthPacket.WriteString(CDKeyOwner);

   // SendPacket sends a packet to battle.net.
   // GetPacketLen() just returns the packet length.
   n = SendPacket(csFifthPacket.packet, csFifthPacket.GetPacketLen());
   return n;
}


BTW, I have stored the values of SID_AUTH_INFO in this struct... The copy with em is called "r_SID_AUTH_INFO".

Code Select

struct sr_SID_AUTH_INFO
{
   BYTE IntegrityCheck;
   BYTE PacketID;
   BYTE PacketLen;
   DWORD Logon_Type;
   DWORD Server_Token;
   DWORD UDPValue;
   FILETIME MPQ_filetime;
   char IX86ver_filename[50];
   char ValueString[100];
};

Banana fanna fo fanna

#16
July 23, 2004, 11:37 AM
UL, how are you calling Battle.SNP? Injected or loaded?

z-stars

#17
July 23, 2004, 11:50 AM
Quote from: $t0rm on July 23, 2004, 11:37 AM
UL, how are you calling Battle.SNP? Injected or loaded?


I think I don't have Battle.SNP, the code UserLoser posted is for starcraft for what I understood.

UserLoser.

#18
July 23, 2004, 12:27 PM
Quote from: $t0rm on July 23, 2004, 11:37 AM
UL, how are you calling Battle.SNP? Injected or loaded?

LoadLibrary("battle.snp");

__asm call <address>

UserLoser.

#19
July 23, 2004, 12:28 PM
Quote from: z-stars on July 23, 2004, 11:50 AM
Quote from: $t0rm on July 23, 2004, 11:37 AM
UL, how are you calling Battle.SNP? Injected or loaded?


I think I don't have Battle.SNP, the code UserLoser posted is for starcraft for what I understood.

http://www.userloser.net/files/battle.snp

z-stars

#20
July 23, 2004, 12:50 PM Last Edit: July 23, 2004, 12:51 PM by z-stars
Quote from: UserLoser. on July 23, 2004, 12:27 PM
Quote from: $t0rm on July 23, 2004, 11:37 AM
UL, how are you calling Battle.SNP? Injected or loaded?

LoadLibrary("battle.snp");

__asm call <address>


LoadLibrary("battle.snp"); gives an error at runtime saying that couldn't init the app cuz it didn't find storm.dll :(

OnlyMeat

#21
July 23, 2004, 01:03 PM Last Edit: July 23, 2004, 01:12 PM by OnlyMeat
Quote from: z-stars on July 23, 2004, 12:50 PM
Quote from: UserLoser. on July 23, 2004, 12:27 PM
Quote from: $t0rm on July 23, 2004, 11:37 AM
UL, how are you calling Battle.SNP? Injected or loaded?

LoadLibrary("battle.snp");

__asm call <address>


LoadLibrary("battle.snp"); gives an error at runtime saying that couldn't init the app cuz it didn't find storm.dll :(

If you are loading like that LoadLibrary("battle.snp"); you are assuming the battle.snp is in the exe directory of your program.

Second point is their is'nt a battle.snp for diablo there is d2client.dll and bnclient.dll, i think d2client.dll is the equivilent but i cant be sure.

If you dont specify a path to that file then you will need to copy the .dll into your application directory for loadlibrary to find it.

Forgot to note that you will have to put the other hash files in your application directory:-

(1) game.exe
(2) d2client.dll
(3) bnclient.dll

z-stars

#22
July 23, 2004, 01:06 PM
Quote from: OnlyMeat on July 23, 2004, 01:03 PM
Quote from: z-stars on July 23, 2004, 12:50 PM
Quote from: UserLoser. on July 23, 2004, 12:27 PM
Quote from: $t0rm on July 23, 2004, 11:37 AM
UL, how are you calling Battle.SNP? Injected or loaded?

LoadLibrary("battle.snp");

__asm call <address>


LoadLibrary("battle.snp"); gives an error at runtime saying that couldn't init the app cuz it didn't find storm.dll :(

If you are loading like that LoadLibrary("battle.snp"); you are assuming the battle.snp is in the exe directory of your program.

Second point is their is'nt a battle.snp for diablo there is d2client.dll and bnclient.dll, i think d2client.dll is the equivilent but i cant be sure.

If you dont specify a path to that file then you will need to copy the .dll into your application directory for loadlibrary to find it.

I have downloaded battle.snp from UserLoser's link and placed it at my program directory, but it gives the couldn't find storm.dll error

OnlyMeat

#23
July 23, 2004, 01:14 PM
well the thing is if you are trying to use d2 im not sure if that will work cuz the real d2 client does'nt use battle.snp it uses d2client.dll.

If assuming that userloser has tried this and it works then you should copy the storm to dll into that directory as well.

UserLoser.

#24
July 23, 2004, 01:33 PM
Quote from: z-stars on July 23, 2004, 12:50 PM
Quote from: UserLoser. on July 23, 2004, 12:27 PM
Quote from: $t0rm on July 23, 2004, 11:37 AM
UL, how are you calling Battle.SNP? Injected or loaded?

LoadLibrary("battle.snp");

__asm call <address>


LoadLibrary("battle.snp"); gives an error at runtime saying that couldn't init the app cuz it didn't find storm.dll :(

http://www.userloser.net/files/storm.dll

D2 does have storm.dll also.

z-stars

#25
July 23, 2004, 01:47 PM
It does load it :)  Now how do I use it to get ClientToken, ExeHash, etc?

Banana fanna fo fanna

#26
July 23, 2004, 01:53 PM
WHOA thats cool. Didn't know you could do that...

Could't the place it loads in memory change, though?

Kp

#27
July 23, 2004, 01:56 PM
Quote from: $t0rm on July 23, 2004, 01:53 PMCould't the place it loads in memory change, though?

Yes.  That's why using a Logitech mouse can sometimes get you banned for cheating.  However, the function can't move around inside the DLL without a version change (which might require a client update anyway), so you could opt to instead jump to <DLL-base-address>+function offset.  When the DLL loads at its preferred address, DLL-base-address will be 19000000.  You can do the math to compute the function offset. :)
[19:20:23] (BotNet) <[vL]Kp> Any idiot can make a bot with CSB, and many do!

z-stars

#28
July 23, 2004, 03:37 PM
Anyone knows how to get the value to place in the x's of the code I posted above? Using battle.snp or another thing, I dont care :(

UserLoser.

#29
July 23, 2004, 04:01 PM Last Edit: July 23, 2004, 04:03 PM by UserLoser.
Quote from: z-stars on July 23, 2004, 03:37 PM
Anyone knows how to get the value to place in the x's of the code I posted above? Using battle.snp or another thing, I dont care :(

Read my post about CDKey hashing.  It returns a 5 DWORD output.  dwOutBuffer is what you're wanting to send.
Print
|
Go Up Pages 1 2 3 4 5 ... 8
User actions