[Solved][VB] C-> S 0x51 Packet

[Don Cullen]

SID_AUTH_CHECK Info:

(DWORD)       Client Token
(DWORD)       EXE Version
(DWORD)       EXE Hash
(DWORD)       Number of keys in this packet
(BOOLEAN)    Using Spawn (32-bit)

For Each Key:
(DWORD)       Key Length
(DWORD)       CD key's product value
(DWORD)       CD key's public value
(DWORD)       Unknown (0)
(DWORD[5])    Hashed Key Data

(STRING)     Exe Information
(STRING)     CD Key owner name

After studying the BNETDocs, I tried to code a 0x51 packet, and got stuck in the process. The Client Token was easy enough, only had to use GetTickCount() API for that one.

EXE Version: Does that follow a specific format? And how can this be obtained dynamically without hard-coding it?

How is a EXE Hash formatted, and how does one go about hashing an EXE? I'm assuming here that it's the Starcraft.exe that needs to be hashed...

(DWORD)       Number of keys in this packet

Number of keys? As in number of cdkeys, or how many numbers inside the cdkey, or what?

For Spawn, can I just do:

.INSERTDWORD &H0  'Zero, boolean for false

Or does it have to be done another way?

[l2k-Shadow]

Use BNCSUtil Hashing Library to get those values... a vb example source on how to use it is also on the site.

(DWORD)       Number of keys in this packet

Number of keys? As in number of cdkeys, or how many numbers inside the cdkey, or what?

Yeah, number of cdkeys. 0x00000001 for STAR, SEXP, W2BN, D2DV, WAR3 and 0x00000002 for D2XP and W3XP.

For Spawn, can I just do:

.INSERTDWORD &H0  'Zero, boolean for false

Or does it have to be done another way?

that works

[Don Cullen]

So, because I'll be only using one cdkey (it being Starcraft), I should just put down:

Code Select Expand

.InsertDWORD &H1 'only one cdkey, if two cdkeys, &H2

Right?

[l2k-Shadow]

Right.

[Don Cullen]

Since this is a very sensitive packet to battle.net (high risk of ipban), is there a server I can test the bot on so I won't have to worry about ipban?

[Edit: added to avoid double post]

Oh and-- how do I know I've gotten IPBanned? Does Battle.net send a packet informing me of ipban before disconnecting?

[l2k-Shadow]

No, it just disconnects you and when you attempt to connect again you'll receive winsock error 10053.

[Don Cullen]

Code Select Expand

' Check server signature.
     If (UseNLS) Then
         ServerSignature = P.GetFixedString(128)
         If (Not nls_check_socket_signature(frmMain.WS.SocketHandle, ServerSignature)) Then
             Disconnect
             MsgBox "Server signature check failed.", vbExclamation, "Example Bot"
         End If
     End If

This section errored out-- says Sub/Function not defined. nls_check_socket_signature() was the one highlighted. I decided to do some checking around, and found out there was not only no sub/function for it which means it's in bncsutil.dll, but the declaration for it also was missing.

Do you by any perchance have the declaration for that particular sub?

[l2k-Shadow]

This DL has all of the current declerations.

BTW what packet buffer are you using?

EDIT: You know, you don't have to use that declare anyway...

[Don Cullen]

I'm using Dark Minion's Packet Buffer class.

What's the "mpqNumber" argument in checkRevision? 
This is the number in the filename received in 0x50 (SID_AUTH_INFO) that looks like "IX86ver#.mpq".  You can get this number by using the extractMPQNumber function.

Why does the mpq number matter?

[shout]

Why does the mpq number matter?

The MPQ number is which IX86Ver?.dll to emulate.

[l2k-Shadow]

Why does the mpq number matter?

The MPQ number is which IX86Ver?.dll to emulate.

In more understandable words, Battle.net assigns you a .dll file with which to use CheckRevision(). There are 8 dlls and each has it's own unique checksum key. BNCSUtil, however, has all of these 8 checksum keys inside itself, so by the MPQ number, you're telling it which one to use.

[Don Cullen]

Alright, got it. I'm curious about something:

Code Select Expand

    ' Check server signature.
    If (UseNLS) Then
        ServerSignature = P.GetFixedString(128)
        If (Not nls_check_socket_signature(frmMain.WS.SocketHandle, ServerSignature)) Then
            Disconnect
            MsgBox "Server signature check failed.", vbExclamation, "Example Bot"
        End If
    End If

Why check the server signature?

[l2k-Shadow]

I think it's to make sure that the server is authentic bnet server, there is no use for it really.

[Don Cullen]

Code Select Expand

'SID_AUTH_CHECK
Public Sub P0x51(ServerToken As Long, Ix86verfilename As String, ChecksumFormula As String)
    AddC vbMagenta, "Assembling 0x51 SID_AUTH_CHECK Packet..."
    Dim ClientToken As Long
    Dim EXEVersion As Long
    Dim EXEHash As Long
    Dim KeyLen As Long
    Dim CDKeyProductValue As Long
    Dim CDKeyPublicValue As Long
    Dim HashedKeyData As Long
    Dim EXEInformation As String
    Dim CDKeyOwnerName As String
    Dim EXEPath As String, DLLPath As String, ThirdPath As String
     
    EXEPath = ProgHashPath & ProgFileName
    DLLPath = ProgHashPath & DLLFileName
    ThirdPath = ProgHashPath & ThirdFileName
     
    ClientToken = GetTickCount()
    EXEVersion = getExeInfo(EXEPath, EXEInfo)
    mpqNumber = extractMPQNumber(Ix86verfilename)
         
    ' Perform revision check operations.
    If (checkRevision(ChecksumFormula, EXEPath, DLLPath, ThirdPath, mpqNumber, Checksum) = False) Then
        DMBot.BNET.Close
        Call DMBot.BNET_Close
        AddC vbRed, "CheckRevision failed."
        Exit Sub
    End If
     
    AddC vbMagenta, "Done."
    'Now data for the packet has been gathered,
    'begin assembling the packet
End Sub

How does that look so far? Any errors?

[l2k-Shadow]

Looks good so far