Realms

MindArchon · October 05, 2005, 08:44 PM

I am having trouble adding realm support to my bot.

From looking at http://forum.valhallalegends.com/phpbbs/index.php?topic=11383.0 I assume I start by sending 0x40 after logging in with 0x3A.

I have no idea what the difference between 0x40 and 0x34 are because they seem to do almost the same thing, but I used 0x40 because it was used in that sequence information. I recieved the realm name to send in 0x3E (Europe).

Because I am using BNLS, I hash "password" by sending 0x0B, I didn't know what to put as the client and server key. Leaving them blank disconnects me from BNLS, so I just put the information I put for hashing the login password. Here is the packet I am sending to BNLS.

Code Select

0000: 1B 00 0B 08 00 00 00 02 00 00 00 70 61 73 73 77  .......passw
0010: 6F 72 64 4E E8 CB 73 E7 D2 5C 3C                 ordNèËsçÒ\<.....

After that I recieve the response and stick it into packet 0x3E to get the server to connect to. Here is the packet I am sending.

Code Select

0000: FF 3E 23 00 00 00 00 00 C9 2C 83 9D 1B E2 E8 36  ÿ>#.....É,ƒ?âè6
0010: 66 87 76 5D 14 6D 98 C5 AC 24 6D 96 45 75 72 6F  f‡v]m˜Å¬$m–Euro
0020: 70 65 00                                         pe..............

I get a response but I recieve the status is 0x80000002 (Realm logon failed). I think its an error in hashing "password" but I don't know what I'm doing wrong.

Also, I noticed that the ip address returns in a dword. Isnt an ip address xx.xx.xxx, how do I connect to that ip address?

l2k-Shadow · October 05, 2005, 09:37 PM

1) You must send 0x0A before attempting to connect to realm.
2) The IP is a DWORD where it goes first byte.second byte.third byte.fourth byte
3) Client key is your GetTickCount (although you do not have to use that, using any number will pretty much work) and Server Key is the Server Token value you receive in S->C 0x50.

MindArchon · October 05, 2005, 10:59 PM

I am now sending 0x0A before I send 0x40.

I was sending Server Key correctly, but I changed Client key to GetTickCount, and I am still getting realm logon failed.

Hdx · October 05, 2005, 11:14 PM

try using the samer exact client token for the hash, as you did for the hashing in 0x51 (CD-Key hashing)
or 0x29 if it's diffrent.
~-~(HDX)~-~

MindArchon · October 05, 2005, 11:23 PM

I tried, it still gives me failed realm login.

Wouldn't BNET disconnect me if I submitted the wrong hash data? Am I doing something else wrong?

Hdx · October 05, 2005, 11:30 PM

Set the 'cookie' in your 0x3E packet to your client token, not the cookie form 0x0B.
If that dosent work, pease post the code for what your doing.
~-~(HDX)~-~

l2k-Shadow · October 05, 2005, 11:52 PM

In 0x3E I send 0x01 for the cookie and it works fine. I also tested 0x00... 0x00 DOES NOT work.

MindArchon · October 06, 2005, 12:02 AM

EDIT: l2k-Shadow - I tried 0x01 as I cookie and I still recieve that error

Nope not working. I have no idea where you want me to post my code from, So I'll guess I'll post it from right after I pass 0x3A.

Code Select

Select Case Asc(Mid(data, 5, 1))
    Case &H0 '// Login Information Correct

        buffer.InsertNTString GetFromINI("Connection", "Username", "", App.Path & "\config.ini")
        buffer.InsertBYTE &H0
        buffer.SendPacket &HA
...
(code continues on to deal with invalid login information)

That code executes after it recieves 0x3A

.. This code executes when 0x0A is recieved.

Code Select


UsernameLogged = KillNull(Mid(data, 5))
MainFRM.bnet.SendData Chr(&HFF)
MainFRM.bnet.SendData Chr(&H40)
MainFRM.bnet.SendData MakeWORD(4)
'//Sends packet 0x40, its empty.

And when 0x40 is recieved.

Code Select


'//RealmToConnect is a private vairable in the module.
If GetDWORD(Mid(data, 9, 4)) = 1 Then
RealmToConnect = KillNull(Mid(data, 17))
Else
RealmToConnect = GetFromIni("Connection", "Realm", "", App.Path & "\config.ini")
End if

OntoRealms = True '//Private module boolean

buffer.Clear
buffer.InsertDWORD Len("password")
buffer.InsertDWORD &H2
buffer.InsertNonNTString "password"
buffer.InsertDWORD GetTickCount
buffer.InsertDWORD sessionkey '//obtained from 0x50
buffer.SendBNLSPacket &HB

And my code for when 0x0B is recieved..

Code Select


HashedData =  Mid(Data, 4)

If OntoRealms = True Then

      buffer.Clear
      buffer.InsertDWORD sessionkey '//cookie
      buffer.InsertNonNTString HashedData
      buffer.InsertNTString RealmToConnect
      buffer.SendPacket &H3E

Else
...

0x3E returns with realm logon failed.

Ringo · October 06, 2005, 09:04 AM

Quote from: MindArchon on October 05, 2005, 08:44 PM
Because I am using BNLS, I hash "password" by sending 0x0B, I didn't know what to put as the client and server key. Leaving them blank disconnects me from BNLS, so I just put the information I put for hashing the login password. Here is the packet I am sending to BNLS.

Code Select Expand
0000: 1B 00 0B 08 00 00 00 02 00 00 00 70 61 73 73 77 .......passw 0010: 6F 72 64 4E E8 CB 73 E7 D2 5C 3C ordNèËsçÒ\<.....

After that I recieve the response and stick it into packet 0x3E to get the server to connect to. Here is the packet I am sending.

Code Select Expand
0000: FF 3E 23 00 00 00 00 00 C9 2C 83 9D 1B E2 E8 36 ÿ>#.....É,ƒ?âè6 0010: 66 87 76 5D 14 6D 98 C5 AC 24 6D 96 45 75 72 6F f‡v]m˜Å¬$m–Euro 0020: 70 65 00 pe..............

Hm, iv never once used BNLS, but im presuming your client and server key are 4E E8 CB 73 E7 D2 5C 3C from checking bnet docs.
Inorder for bnet to check the realm password, it needs to know the client token used in the client side hash (it already knows your server key), but your useing 4E E8 CB 73 as your client token in the hashing, and then telling bnet you did the hash with a null value.
AFAIK, client tokens cant be set to 0.
I think if you were to send it like this:

Code Select

0000: FF 3E 23 00 4E E8 CB 73 C9 2C 83 9D 1B E2 E8 36  ÿ>#.....É,ƒ?âè6
0010: 66 87 76 5D 14 6D 98 C5 AC 24 6D 96 45 75 72 6F  f‡v]m˜Å¬$m–Euro
0020: 70 65 00                                         pe..............

It would have worked.
And im not sure sending 0x0A before logging on a realm char is a good idea.

Hope this helps

MindArchon · October 06, 2005, 04:54 PM

Thanks Ringo!

Your response helped me to get it to work. Now a few questions.

So do I just do something like

Code Select

rPort = GetDWORD(Mid(data, 25, 4))

rIP = Asc(Mid(data, 21, 1)) & "." & Asc(Mid(data, 22, 1)) & "." & Asc(Mid(data, 23, 1)) & "." & Asc(Mid(data, 24, 1))

winsock.Connect rIP, rPort

Because its not connecting.

l2k-Shadow · October 06, 2005, 05:17 PM

I think u have to htons() the port, but you don't have to parse the port... it will always be 6112.

MindArchon · October 06, 2005, 05:49 PM

Connection works fine, but im my response to 0x01 I am recieving an unknown result according to bnetdocs

Here I am sending 0x01

Code Select

0000: 4D 00 01 70 5A 64 78 8D FA 07 DC D3 E9 00 35 3B  M.pZdx?úÜÓé.5;
0010: 1A 28 00 00 00 00 00 FE 69 90 06 EB 82 6D A7 50  (.....þi?ë,m§P
0020: 58 32 44 36 38 58 49 D3 E9 00 35 00 00 00 00 61  X2D68XIÓé.5....a
0030: 03 0A 77 51 30 EB 6E 9E 88 3B C5 AB F3 42 5F F0  .wQ0ënžˆ;Å«óB_ð
0040: 17 EE 48 74 65 73 74 61 63 63 35 35 00           îHtestacc55....

And here is the response.

Code Select

0000: 07 00 01 7E 00 00 00 .~............

Sorry guys, its just that I've never even looked at realms before.

I am sending the full 16 dwords of the data returned in 0x3E.

l2k-Shadow · October 06, 2005, 07:25 PM

Make sure you send the header byte 0x01 before sending the packet 0x01. Also a log of response to 0x3E would help in making sure you are sending the correct information in 0x01.

MindArchon · October 06, 2005, 07:45 PM

Ok. Here is the code I am sending when the winsock realm connects.

Code Select

MCPsck.SendData Chr(1)

buffer.Clear
buffer.InsertNonNTString MCP1
buffer.InsertNonNTString MCP2
buffer.InsertNTString BNCSu
buffer.SendPacketRealm &H1

Here is part of the code I use to parse 0x3E

Code Select

MCP1 = Mid(data, 5, 16)
MCP2 = Mid(data, 29, 48)
BNCSu = KillNull(Mid(data, 77))

And here is the response to 0x3E

Code Select

0000: FF 3E 58 00 BF E1 D0 78 70 6F 1B B6 D3 E9 00 35  ÿ>X.¿áÐxpo¶Óé.5
0010: 02 25 28 00 D3 E9 30 09 17 E0 00 00 00 00 00 00  %(.Óé0.à......
0020: FE 69 90 06 EB 82 6D A7 50 58 32 44 36 38 58 49  þi?ë,m§PX2D68XI
0030: D3 E9 00 35 00 00 00 00 66 E9 F9 3D D3 2E 7F FF  Óé.5....féù=Ó.ÿ
0040: 03 25 26 AB F3 99 F1 33 F4 79 24 EF 74 65 73 74  %&«ó™ñ3ôy$ïtest
0050: 61 63 63 35 35 00 63 35                          acc55.c5........

l2k-Shadow · October 06, 2005, 08:07 PM

Hmm that should work... if it still doesn't try using a different bnet server