JBLS_0015

Joe[x86] · May 17, 2005, 05:03 PM

SphtBot found a BNLS packet, 0x15, in a connect sequence today. Aparently, this is a news packet.

[15:00:14] Unrecognized BNLS packet BNLS_0015 received:
0000:  54 68 69 73 20 69 73 20 61 20 74 65 73 74 20 6E   This is a test n
0010:  65 77 73 20 6D 65 73 73 61 67 65 2E 00            ews message..
[15:00:14] Unrecognized BNLS packet BNLS_0015 received:
0000:  54 68 69 73 20 69 73 20 61 20 74 65 73 74 20 6E   This is a test n
0010:  65 77 73 20 6D 65 73 73 61 67 65 2E 00            ews message..
[15:00:15] Unrecognized BNLS packet BNLS_0015 received:
0000:  54 68 69 73 20 69 73 20 61 20 74 65 73 74 20 6E   This is a test n
0010:  65 77 73 20 6D 65 73 73 61 67 65 2E 00            ews message..
[15:00:15] Unrecognized BNLS packet BNLS_0015 received:
0000:  54 68 69 73 20 69 73 20 61 20 74 65 73 74 20 6E   This is a test n
0010:  65 77 73 20 6D 65 73 73 61 67 65 2E 00            ews message..
[15:00:17] Unrecognized BNLS packet BNLS_0015 received:
0000:  54 68 69 73 20 69 73 20 61 20 74 65 73 74 20 6E   This is a test n
0010:  65 77 73 20 6D 65 73 73 61 67 65 2E 00            ews message..

EDIT -
This isn't documented on BnetDocs, nor in the BNLS protocol specification, so..
(STRING) News (Null terminated)

Look! I contributed to the community by reversing a packet. I rawk. <3.

EDIT: Changed topic title.

Blaze · May 17, 2005, 05:21 PM

Quote from: Joex86] link=topic=11614.msg112759#msg112759 date=1116367388]
Look! I contributed to the community by reversing a packet. I rawk. <3.

How did you figure it out? It has to be encrypted with rot26 or something because I can't get anything out of it.

* Blaze adds support for his bot

Warrior · May 17, 2005, 06:44 PM

The packet must be in dissasembly for you to reverse it. Better luck next time.

Note: Most strings are null terminated. On special occasions are some not NTed (mostly programmers using a stupid workaround)

MyndFyre · May 17, 2005, 07:58 PM

Quote from: Warrior on May 17, 2005, 06:44 PM
Note: Most strings are null terminated. On special occasions are some not NTed (mostly programmers using a stupid workaround)

If you program in C. If you programmed in Pascal, which lived before C, then your string was prepended with a byte indicating the length of the string -- which limited string length to 255 characters.

Later editions of Pascal included "Wide Pascal" strings with a preceeding two bytes, for a maximum string length of 65,535 characters.

Warrior · May 17, 2005, 08:03 PM

Die Myndy :[. So pascal sucks, bite me.

:p <3

Joe[x86] · May 17, 2005, 09:06 PM

QuoteThe packet must be in dissasembly for you to reverse it. Better luck next time.

How so? I belive I got the use and format correct without using Dis-ASM, so I "reversed" it nontheless.

MyndFyre · May 17, 2005, 09:08 PM

Quote from: Joex86] link=topic=11614.msg112801#msg112801 date=1116381965]
QuoteThe packet must be in dissasembly for you to reverse it. Better luck next time.

How so? I belive I got the use and format correct without using Dis-ASM, so I "reversed" it nontheless.

I think he was trying to pick at your choice of terminology. I'm not sure that "reverse-engineering" was the appropriate term for what you did, I wasn't going to poke at it, although apparently he felt the need to. *shrug*

Joe[x86] · May 17, 2005, 09:18 PM

Well, I believe revese-engineering is finding the use of, and ways to create, things that are compiled, or assembled already. In this case, it was a packet that was caught durring transfer, compiled in the BNLS binary protocol type thingy. I, even though in my mind, reversed the meaning and use of the packet, as well as the way to create it, so I did indeed "revese-engineer" it, in my terms.

@Invert (Moving): Works for me.

Warrior · May 17, 2005, 09:24 PM

Myndy is right. Reverse engineering is converting a file into dissasemby (not assembled) and figuring out what it does therefore writing your own implementation of it in another language. You investigated a packet sent to you over a network, unless you dissasembled BNLS then you have not done any reverse engineering :]

Hdx · May 17, 2005, 09:51 PM

Noone can reverse this because it's only on my server, and Poke for original post on Quikness.com.

Quote
QuoteMessage ID: 0x15
Message Name: BNLS_SERVERMESSAGE
Direction: Server -> Client (Recived)
Format:
(STRING) Message.

Remarks: This packet is simply used to allow the host of the server a way to provide information to the users of his/her server. Main reason for implamenting this is to allow the host to notify the users of upcoming downtimes, and matanance.
if anyone is using my server and get an unknown packet, this is why, I added this.

Also iago, Fool, Someone give me the link on how to access iago's CVS, cuz it keeps messing up for me :/
~-~(HDX)~-~

So Joe, your a idiot, it's not BNLS you are using MY JBLS server!
~-~(HDX)~-~

Warrior · May 17, 2005, 09:53 PM

buahahah

Newby · May 17, 2005, 09:55 PM

This thread is comedy gold.

Hdx · May 17, 2005, 09:58 PM

Whops, I fuggered it up, it's sending it continuesly >., changing it to once only @ connect.
~-~(HDX)~-~

Warrior · May 17, 2005, 09:58 PM

So, it's like a news message? Neat.

MyndFyre · May 17, 2005, 10:12 PM

Quote from: Warrior on May 17, 2005, 09:24 PM
Myndy is right. Reverse engineering is converting a file into dissasemby (not assembled) and figuring out what it does therefore writing your own implementation of it in another language. You investigated a packet sent to you over a network, unless you dissasembled BNLS then you have not done any reverse engineering :]

Don't read too much into my remark. Wikipedia would disagree with your definition of reverse engineering, as would I. Reverse engineering is *not* strictly disassembling.

I would term RE as more of an exploration to determine *how* something works. I wouldn't term Joe's work as RE because he didn't look to see *how* the packet was created. Although, he could argue that it *is* RE because he was discovering how the protocol was extended.