Packet 0x51 Information #2

K · May 05, 2003, 03:04 PM

Hullo. I'm having a bit of trouble with this packet which is causing me no end of frustration. Here's the offending code (c++ with managed extensions)

Code Select


    void KBin::Send0x51(Packet *s50)
   {
      // Read managed strings from buffer.
      String *msFilename = s50->sRead(20, Packet::UNTIL_NULL);
      String *msValueString = s50->sRead(msFilename->Length + 21, Packet::UNTIL_NULL);
      int iLenVS = msValueString->Length;
      int iLenFn = msFilename->Length;

      char *szFilename = new char[iLenFn + 1];
      char *szValueString = new char[iLenVS + 1];

      // managed string to zero terminated string
      KBinary::mstosz(msFilename, szFilename);
      KBinary::mstosz(msValueString, szValueString);



      // Read unmanaged values
      DWORD dwLogonType = s50->dRead(0);
      DWORD dwServerToken = s50->dRead(4);
      DWORD dwChecksum = 0;
      DWORD dwVersion = 0;
      DWORD dwClientToken = GetTickCount();
      DWORD dwProdId = 0, dwValue1 = 0, dwValue2 = 0;

      char *szExeInfo = new char[128];
      // compatability with unsigned char __gc[]
      unsigned char *bKeyHash = new unsigned char[20];


      if (dwLogonType != 0)
         throw new Exception("Unhandled Logon Version");
   
      if (!CheckRevision("C:\\downloads\\hash\\starcraft.exe",
                     "C:\\downloads\\hash\\storm.dll",
                       "C:\\downloads\\hash\\battle.snp",
            szValueString, &dwVersion, &dwChecksum, szExeInfo, szFilename))
      {
            throw new Exception("CheckRevision Failed");
      }

      
      ///<fixme type = "hardcoding" id = "cdkey value"/>
      if (!DecodeCDKey("123456789ABCD", &dwProdId, &dwValue1, &dwValue2))
         throw new Exception("DecodeCDKey Failed");
      

      DWORD dwHashBuff[6];
      dwHashBuff[0] = dwClientToken;
      dwHashBuff[1] = dwServerToken;
      dwHashBuff[2] = dwProdId;
      dwHashBuff[3] = dwValue1;
      dwHashBuff[4] = 0;
      dwHashBuff[5] = dwValue2;

      calchashbuf((DWORD *)bKeyHash, dwHashBuff, 6 * 4);

      Packet *p = new Packet();
      p->Clear();
      p->Command = 0x51;
      p->dInsert(dwClientToken);
      p->dInsert(dwVersion); 
      p->dInsert(dwChecksum);
      ///<fixme type = "hardcoding" id = "key amount"/>
      p->dInsert(0x01); 
      ///<fixme type = "hardcoding" id = "spawn flag"/>
      p->dInsert(0x00); 
      ///<fixme type = "hardcoding" id = "key length"/>
      p->dInsert(0x0D);
      p->dInsert(dwProdId);
      p->dInsert(dwValue1);
      p->dInsert(0x00);
      
      p->bInsert(bKeyHash, 0, 20);

      p->sInsert(szExeInfo, true);
      ///<fixme type = "hardcoding" id = "username"/>
      p->sInsert("Solumaeus",true);
      p->Send();

      delete [] bKeyHash;
      delete [] szValueString;
      delete [] szFilename;
   }

Thanks in advance for any pointers. Critiques / Comments on style welcome as well.

Edit: looks like the forum mauled my hex dump. sorry.
Edit: hex dump removed. Moved to later post.

Skywing · May 05, 2003, 04:07 PM

The sz prefix traditionally denotes a "string, zero terminated". If you must use Hungarian notation, it's best to not use inaccurate prefixes!

All of those byte-copy for loops look pretty slow - isn't there some sort of direct copy/assignment you could use instead?

Anyways, you didn't really specify what was going wrong. Maybe if you tell us that, we can be of more assistance.

K · May 05, 2003, 10:08 PM

Quote
The sz prefix traditionally denotes a "string, zero terminated". If you must use Hungarian notation, it's best to not use inaccurate prefixes!

Thanks.

Quote
All of those byte-copy for loops look pretty slow - isn't there some sort of direct copy/assignment you could use instead?

The managed string to char * routines I played with before seemed to be more expensive, but I went back and put them in anyway. I tried to weasel my way around converting an unsigned char array to an unsigned char __gc[] since my packetbuffer class is written in C#. Anyway, I just put an "unsafe" bInsert() function into my packetbuffer class that takes a byte* and a count, so that should deal with that.

Quote
Anyways, you didn't really specify what was going wrong. Maybe if you tell us that, we can be of more assistance.

As far as I can tell nothing -- except I get an invalid version response at best and ip banned usually. I've compared packet logs of my client with that of the starcraft client and damned if I can find a difference. I am generating the same Checksum / Version information that starcraft does, and If I set my ClientToken to the one used by the client on any particular connection, I can generate the same hash. I'm looking for any reason why I would be IP banned.

Note: original code updated.

Zakath · May 06, 2003, 08:07 AM

Looks like he set it up as a byte array of size 20, then inserted 20 elements. 5 * 4 is 20, is it not?

At any rate, I can't see anything that *looks* wrong...you're correctly calculating the packet size, right?

K · May 06, 2003, 08:58 AM

I think so; so far the only thing that I can think of is that I am having some sort of big endian / little endian problem in my packetbuffer class; since i'm using the System::BitConverter to convert other types to byte arrays, I'm having a hard time double checking.

tA-Kane · May 06, 2003, 11:47 AM

Quote from: K on May 06, 2003, 08:58 AMThe only thing that I can think of is that I am having some sort of big endian / little endian problem in my packetbuffer class.

You usually don't need to do endian conversions; what's your target platform?

K · May 06, 2003, 12:23 PM

I realize that my platform and battle.Net are both little endian, but I'm unsure of whether or not the bitconverter is honoring this.

Skywing · May 06, 2003, 01:46 PM

Quote from: K on May 06, 2003, 12:23 PM
I realize that my platform and battle.Net are both little endian, but I'm unsure of whether or not the bitconverter is honoring this.

If you're not sure about this, I'd recommend running something like 0x12345678 through the "bit converter" and checking the result with a byte hex dump...

K · May 06, 2003, 02:27 PM

I actually went back and rewrote my packetbuffer class in c++ without the use of the BitConverter just to make sure. Unfortunantly, I'm still getting IP banned.

I managed to log myself being IP banned as well as recieving an invald version response. Maybe someone will have a breakthrough with this. I've looked it over and I didnt see anything, but that doesn't mean someone else won't see something. (I modified my dumping function to not log high ascii value characters, so hopefully the forum wont choke)

Code Select


[b]Invalid Version Response[/b]
[KBin] Sent Packet: 0x50
FF 50 3A 00 00 00 00 00 36 38 58 49 52 41 54 53                ÿP:.....68XIRATS
C7 00 00 00 00 00 00 00 C0 A8 01 65 2C 01 00 00                ?.......A"?e,?..
09 04 00 00 09 04 00 00 55 53 41 00 55 6E 69 74                .?...?..USA.Unit
65 64 20 53 74 61 74 65 73 00                                  ed.States.

[KBin] Caught Packet: 0x25
FF 25 08 00 71 7E 22 A1                                        ÿ.q~¡

[KBin] Sent Packet: 0x25
FF 25 08 00 71 7E 22 A1                                        ÿ.q~¡


[KBin] Caught Packet: 0x50
FF 50 64 00 00 00 00 00 63 46 2E 66 44 CF 73 00                ÿPd.....cF.fDIs.
00 3C 5B A5 63 E8 C0 01 49 58 38 36 76 65 72 31                .<[?c?A?IX86ver1
2E 6D 70 71 00 41 3D 31 30 34 38 36 38 31 39 36                .mpq.A=104868196
36 20 42 3D 34 35 35 35 36 30 30 38 31 20 43 3D                6.B=455560081.C=
38 33 35 33 32 37 35 39 34 20 34 20 41 3D 41 2B                835327594.4.A=A+
53 20 42 3D 42 5E 43 20 43 3D 43 2D 41 20 41 3D                S.B=B^C.C=C-A.A=
41 2B 42 00                                                    A+B.

[KBin] Sent Packet: 0x51
FF 51 6E 00 19 ED 26 01 01 00 01 01 87 A7 C8 6A                ÿQn.??&??.????Ej
01 00 00 00 00 00 00 00 0D 00 00 00 01 00 00 00                ?...........?...
7F F7 03 00 00 00 00 00                                        ???.....        
                                    73 74 61 72                            star
63 72 61 66 74 2E 65 78 65 20 30 37 2F 32 37 2F                craft.exe.07/27/
30 31 20 32 33 3A 34 37 3A 32 38 20 31 30 36 34                01.23:47:28.1064
39 36 30 00 53 6F 6C 75 6D 61 65 75 73 00                      960.Solumaeus.

[KBin] Caught Packet: 0x51
FF 51 09 00 01 01 00 00 00                                     ÿQ..??...

Code Select


[b]IP Banned[/b]
[KBin] Sent Packet: 0x50
FF 50 3A 00 00 00 00 00 36 38 58 49 52 41 54 53                ÿP:.....68XIRATS
C7 00 00 00 00 00 00 00 C0 A8 01 65 2C 01 00 00                ?.......A"?e,?..
09 04 00 00 09 04 00 00 55 53 41 00 55 6E 69 74                .?...?..USA.Unit
65 64 20 53 74 61 74 65 73 00                                  ed.States.

[KBin] Caught Packet: 0x25
FF 25 08 00 07 D7 03 6F                                        ÿ.x?o

[KBin] Sent Packet: 0x25
FF 25 08 00 07 D7 03 6F                                        ÿ.x?o

[KBin] Caught Packet: 0x50
FF 50 63 00 00 00 00 00 BE 0E 40 02 2B D0 73 00                ÿPc.....????+Ds.
00 3C 5B A5 63 E8 C0 01 49 58 38 36 76 65 72 36                .<[?c?A?IX86ver6
2E 6D 70 71 00 41 3D 33 32 35 37 35 33 37 31 37                .mpq.A=325753717
20 42 3D 32 30 39 32 37 34 37 37 31 20 43 3D 32                .B=209274771.C=2
30 37 35 37 37 32 31 36 20 34 20 41 3D 41 5E 53                07577216.4.A=A^S
20 42 3D 42 2D 43 20 43 3D 43 5E 41 20 41 3D 41                .B=B-C.C=C^A.A=A
5E 42 00                                                       ^B.

[KBin] Sent Packet: 0x51
FF 51 6E 00 FD 79 29 01 01 00 01 01 06 3B AB EB                ÿQn.yy???.???;??
01 00 00 00 00 00 00 00 0D 00 00 00 01 00 00 00                ?...........?...
7F F7 03 00 00 00 00 00                                        ???.....        
                                    73 74 61 72                            star
63 72 61 66 74 2E 65 78 65 20 30 37 2F 32 37 2F                craft.exe.07/27/
30 31 20 32 33 3A 34 37 3A 32 38 20 31 30 36 34                01.23:47:28.1064
39 36 30 00 53 6F 6C 75 6D 61 65 75 73 00                      960.Solumaeus.

[KBin] Connection closed.

tA-Kane · May 06, 2003, 05:10 PM

Quote from: K on May 06, 2003, 02:27 PM
Code Select Expand
[KBin] Caught Packet: 0x51 FF 51 09 00 01 01 00 00 00 ÿQ..??...

I beleive that result code is invalid version. Check to make sure that your hash files are correct.

K · May 06, 2003, 05:39 PM

Right; I plan to deal with that after I can connect without being IP banned 3/4 times.

tA-Kane · May 06, 2003, 05:57 PM

The data appears to be correct. Verify that your CD key data is correct.

If you have no means of doing this, BNLS can be used. You can compare what BNLS returns to you verses what your code returns. To see the correct CD key encryption for 0x51, use CDKEY_EX packets (you could use CDKEY packets, but those do not allow you to specify what the client key is). To see if your hashing algorithm is correct, use the HASHDATA packets. With common sense, you can use a combination of your own code and BNLS's packets to find your problem.

K · May 06, 2003, 06:09 PM

Does Battle.net IP ban for invalid key data? Wouldn't I just get an invalid cd key response?

Kp · May 06, 2003, 08:50 PM

Quote from: K on May 06, 2003, 06:09 PM
Does Battle.net IP ban for invalid key data? Wouldn't I just get an invalid cd key response?

The server will ban you for invalid cdkeys. Apparently the theory is that anyone with an invalid key is probably an illegal user anyway, so it is no loss to ban them.

Arta · May 06, 2003, 08:52 PM

I think it does ban for an invalid key, but I'm not sure. This makes sense when you consider that the games won't let you install without a valid key, therefore, no official client should ever supply an invalid one.