3RAW / PX3W / MD3W Packet Logs

Ringo · May 30, 2005, 08:28 AM

Hi

Im currently adding 3RAW and PX3W into my bot, but im having some problems.
Thanks to packet logging Stealthbot and reading abit of the BNCSuti examplebot i was able to make a logon in a few hours, but seems as i dont own a copy of 3RAW or PX3W its very hard for me to know what im ment to be sending, how im ment to be sending it and when im ment to be sending it.
My main problem at the moment, is when i pass 0x51 and request icons (0x2D) and filetime (0x33). My bot doesnt have icons_WAR3.bni (from 0x2D), and when i try conenct to the ftp server to download it, the ftp server closes connection on me. (like the file doesnt exist, or im on a bad client type) but 0x2D responce is telling me the file time, so it must be currently uploaded on the ftp server.
I dont have ANY logs of a legit 3RAW client logon so cant see what im doing wrong (i can download other files, like version mpqs, banners, etc)
I had a small problem like this when trying to download bnserver-D2DV.ini on PX2D (its purely for a VD2D request?)
On top of that i have no idea what files the client requests to check file time on (in 0x33).

I was wundering if somone who has a copyof the game and has done alot of packet logging on it, could send me as many logs as possible? that would be extramly helpfull if u can!

I mainly need :

A full logon of 3RAW and PX3W (Of game, not bot) - (mainly of file time)
If possible! a log witch cought icons_WAR3.bni being downloaded from the ftp server (so i can see what im not/over sending)

The game list being requested and recv (multiple types if there is multiple types...)
(Also the same for the ladder board if possible) or is that on blizzards site?

3RAW and PX3W joining some games (ladder and none ladder, i here 1 is udp and other is tcp?) a few of these if possible and maybe some ingame packets? (like idleing for awhile, some chatting, etc)
(if u could tag each packet in the log like "this is when i joined, this is when i was visible in the game room etc) that would be great!

Some clan packets (of all types if possible) and maybe a short explaination of how the structure of the "clan" works? like news, members, channel, requests etc

Some general logs of war3 in chat, like joinig empty channels, creating channels or anything that is differnt to other clients) would be helpfull to!

Sorry if it seems im asking alot, but if u can send me a small fraction of any of them things, or any explaination that i would need to know to help me with what im currently doing / stuck on, then it would be helpfull!

Im pritty sure a few logons of the clients would be all i needed tho (a log of somone else's bot downloading icons_WAR3.bni would be just as helpfull - anything that sends what the client sends)

Thanks in advance.

Edit:
Got this error on sending this post:
[error]
mail() [function.mail]: SMTP server response: 501 5.1.8 < "Valhalla Legends Forum" <[email protected]>>... Domain of sender address [email protected] does not exist

Lucky i didnt have to re typeo all that (it posted)

UserLoser. · May 30, 2005, 09:42 AM

You need to use the newer file transfer protocol to download icons-war3.bni along with other Warcraft 3 specific files. I don't know of any other bots besides mine in the past which was able to download those files, so looks like you're out of luck there for the meantime. I really think you should have read the pinned post here or at least gone here.

Ringo · May 30, 2005, 11:28 AM

Quote from: UserLoser on May 30, 2005, 09:42 AM
You need to use the newer file transfer protocol to download icons-war3.bni along with other Warcraft 3 specific files. I don't know of any other bots besides mine in the past which was able to download those files, so looks like you're out of luck there for the meantime. I really think you should have read the pinned post here or at least gone here.

Thanks, what version code would that be, and/or what else is differnt in the packets / sequances for downloading a file?
Can u post a packet log of your bot connecting to it and sending the file request and / or WAR3 its self doing this request? Id log it my self but i dont have the game..

Im not sure what pinned post you mean... and id rather not go to bnet docs.. i do thos kinda thing from packet logs and i expect u do 2.
Also im not sure bnet docs documents this 'newer ftp' protocol.

I just need some packet logs, thanks.

Ringo · May 30, 2005, 03:36 PM

Ah, iv spoken to LoRd[nK] today, and he has sent me some 3RAW and PX3W packet logs witch have helped a great deal! thanks!

He also said that for the newer ftp server, it uses hashing, witch sheads ALOT of light onto the subject...

I havent seen the hashing in question, but im taking a wild guess that it is server signature related, or is it a hashing of the older file to be updated (client side).
Maybe userloser could explain a little more about this and post a log of this packet in question, id like to know a little about it if possible, thanks.

Soul Taker · May 30, 2005, 03:42 PM

It uses your cd-key hash IIRC.

Ringo · May 30, 2005, 03:46 PM

Quote from: Soul Taker on May 30, 2005, 03:42 PM
It uses your cd-key hash IIRC.

Really? thanks!

In what manner is it used? is it rehashed in some sence?

Soul Taker · May 30, 2005, 03:55 PM

UL had the whole thing documented on his site before his computer exploded or whatever. I can't find any of my notes on it at the moment though, so I guess you'd have to ask him.

Ringo · May 30, 2005, 03:57 PM

Thanks, im starting to get a bigger picture of this now.
I will await UL's reply, thanks again!

UserLoser. · May 30, 2005, 05:42 PM

Sorry, dont have any notes/formats for it anymore. Bot was lost too with it's source.

Ringo · May 30, 2005, 06:14 PM

Quote from: UserLoser on May 30, 2005, 05:42 PM
Sorry, dont have any notes/formats for it anymore. Bot was lost too with it's source.

Sry to here that, it sucks when that happens

Can you recall any memerys of the way the cdkey was hased? (was it any differnt to how it is preformed in 0x50 or 0x36) also is the cdkey decoded before its hashed, and are any other values used in the hashing? and can you remember how long the hashed data was?

Im guessing the header of the request packet to be sent isnt much differnt to the 1st ftp server because by changing the version Word to 00 02 i can get a 4 byte reply before it close's connection.

If you could recall anything i would be most greatfull, thanks again.

Ringo · May 31, 2005, 07:30 AM

Well, it would seem UserLoser wont/doesnt want to talk about this subject, or at least not with me.

Am i asking to much? i dont want source codes, intence documentation or a back ride all the way through the connection.
I just want a few simple answers and a few packet logs so i can get on with it..

This is 1 main good reassion why i do not use bnetdocs unless i really have to, because bnet docs never documents the packet ur trying to reverse.
And in this case it would seem its because a editor is with holding the infomation (why doesnt that supprise me)

I never needed bnet docs when i steped through 80 + D2GS packet types / lenghs and all the internal values by my self and i dont expect i will need it to do this.
(Plz do not take this as a dig at bnet docs.. bnet docs is all good)

One thing i didnt need for this topic was UserLoser trying to proove a point in it.
Its just a FTP Game Server.... its not like im asking about online banking encryption ...

Thanks to Lord for telling me there is hashing involved and to soul for telling me its to do with the cdkey hash i now know what it intails, but they are 2 very valuable points that UserLoser failed to point out in his 1st post. (Asuming he was trying to proove somthing rather than being helpfull)
But his 1st post really didnt contribute to the descution in hand at all...

I really dont have the money to buy the client just so i can do this, and "this" is no big deal.. like i said its just a gaming FTP server, and blizzards hashing is some what basic as hashing goes.

Im asuming that UserLoser wasnt purely dependant on other people's knolage when he wrote the connection, and that he infact does remember some of it but is not willing to talk about it.

Im hoping somone can bring some more much needed infomation about this to the table, a packet log of the requests would be a great start, or anything about the hashing.

I expect UL will be quick to reply to this, as he will feel his point must be proven valid in some way...
I hope you can explain why you cant remember anything (When you were ment to have reversed it in the past)
Or why your not willing to talk about it.

Again thanks to ppl who have contributed to this topic and anyone who can do so in the not so distant future.

Thanks again

Arta · May 31, 2005, 08:13 AM

Quote from: Ringo on May 31, 2005, 07:30 AM
This is 1 main good reassion why i do not use bnetdocs unless i really have to, because bnet docs never documents the packet ur trying to reverse.
And in this case it would seem its because a editor is with holding the infomation (why doesnt that supprise me)

What messages are you trying to find? I don't think editors are in the business of witholding information.

Bnetdocs should provide you with enough information to write a WAR3/W3XP logon. If it does not, feel free to tell me what you feel is missing, so I can improve the site.

Ringo · May 31, 2005, 08:41 AM

Hello, and thanks for the quick responce.

The main thing im stuck with at the moment, is a limited supply of infomation on the War3 FTP Protocol (Version 2 im guessing)
Id like to download these files so i can later preform checking on them in the logon:

icons_WAR3.bni
termsofservice-enUS.txt
newaccount-enUS.txt
chathelp-war3-enUS.txt

But the infomation i have on this protocol is limited to what has been said in this topic already, and im yet to see a raw packet log of the packet in question

I mainly need info on the manner of hashing and a packet log of the packet (for format reassions) but i can see how this would be handy to document.

On another bnetdocs note, the packet logs Lord sent me contain 2 sent logon packets that are not listed on bnet docs (after file checking it sends 0x55 and 0x56)
0x55 looks like a account hash of some sort, 0x56 looks like pure hashed data, but im not sure what they are doing/requesting/checking in the logon.
I was wundering if they were important to later functions on the client?

Thanks

Arta · May 31, 2005, 10:21 AM

Hmm. Downloading those files isn't a required part of the logon, but you're right, BnFTP v2 should be documented. I'll write it up when I have a moment. 0x55/56 are the password change messages and they will be added to the site shortly - see this thread. That thread also contains a link to iago's NLS documentation which covers these messages.

If you're interested in reversing bnFTP v2 yourself, but do not own the game, you may wish to use my BnFTP utility to obtain a packet capture. The protocol is much the same, but with an added step for CD key validation, which is performed exactly as it is in the logon.

Ringo · May 31, 2005, 10:23 AM

Quote from: Arta[vL] on May 31, 2005, 10:21 AM
Hmm. Downloading those files isn't a required part of the logon, but you're right, BnFTP v2 should be documented. I'll write it up when I have a moment. 0x55/56 are the password change messages and they will be added to the site shortly - see this thread. That thread also contains a link to iago's NLS documentation which covers these messages.

If you're interested in reversing bnFTP v2 yourself, but do not own the game, you may wish to use my BnFTP utility to obtain a packet capture. The protocol is much the same, but with an added step for CD key validation, which is performed exactly as it is in the logon.

Thank you very much!

What you have provided is extramly resourcefull for this, thanks a million!

3RAW / PX3W / MD3W Packet Logs

UserLoser.

UserLoser.