WTF!

[Joe[x86]]

Yup. I'm inserting two DWORDs and then a string. My packet buffer isn't down with that aparently.

Code to create packet:

Code Select Expand

  function bnls_checkrevision($gameID, $mpq, $formula) {
  global $BV_VERHASH;
  global $BV_CHECKSUM;
  insert_int32(bnls_productID($gameID));
  insert_int32(extractMPQNum($mpq));
  insert_string($formula);
  bnls_send(return_bnls(0x09));
    output("Yellow", "[BNLS] Performing CheckRevision..");
    setbuffer(substr(bnls_recv(), 3));
    if(remove_int32() == 0) {
    output("Red", "[BNLS] CheckRevision failed");
    die();
    } else {
    $BV_VERHASH  = remove_int32();
    $BV_CHECKSUM = remove_int32();
    }
    buffer_clear();
  }

BNLS Send/Recieve:

Code Select Expand


  function bnls_send($data) {
  global $SCK_BNLS;
  global $CNFG_DEBUG;
  if($CNFG_DEBUG == "true") { output("Grey", "BNLS SEND: " . debugOutput($data)); }
  socket_write($SCK_BNLS, $data, strlen($data));
  }
  function bnls_recv() {
  global $SCK_BNLS;
  global $CNFG_DEBUG;
  $arysck = array($SCK_BNLS); socket_select($arysck, $a=NULL, $b=NULL, 1);
  $ret = socket_read($SCK_BNLS, 1024, PHP_BINARY_READ);
  if($CNFG_DEBUG == "true") { output("Grey", "BNLS RECV: " . debugOutput($ret)); }
  return $ret;
  }

Resulting packet:

Code Select Expand

BNLS SEND:

4b 00 09 00 41 3d 32 31 35 33 35 33 34 30 37 20 K...A=215353407
42 3d 37 32 37 30 39 37 33 37 36 20 43 3d 38 30 B=727097376 C=80
30 33 37 33 32 38 33 20 34 20 41 3d 41 5e 53 20 0373283 4 A=A^S
42 3d 42 5e 43 20 43 3d 43 5e 41 20 41 3d 41 5e B=B^C C=C^A A=A^
42 00 02 00 00 00 00 00 00 00 00                B..........
Length: 75

It may be worth noting I'm having an abnormal bad-luck streak. I installed a faulty hard drive, broke a NIC, knocked several things off my desk, fried a microwave, and accidentally convinced a kid to grab a popcorn bucket from a garbage can and ask for a refill. No joke. =(.

[dxoigmn]

Classic beginner's mistake, all solved in 3 minutes of debugging.

Change:

Code Select Expand


  function remove_string() {
    global $buffer;
    $position = strpos($buffer, chr(0));
    $ret = substr($buffer, 0, $position);   
    $buffer = substr($buffer, $position);
    return $ret;
  }


To:

Code Select Expand


  function remove_string() {
    global $buffer;
    $position = strpos($buffer, chr(0));
    $ret = substr($buffer, 0, $position);   
    $buffer = substr($buffer, $position+1);
    return $ret;
  }


edit: argh @ bold tags.

[l2k-Shadow]

Classic beginner's mistake, all solved in 3 minutes of debugging.

Change:

Code Select Expand


  function remove_string() {
    global $buffer;
    $position = strpos($buffer, chr(0));
    $ret = substr($buffer, 0, $position);   
    $buffer = substr($buffer, $position+1);
    return $ret;
  }


To:

Code Select Expand


  function remove_string() {
    global $buffer;
    $position = strpos($buffer, chr(0));
    $ret = substr($buffer, 0, $position);   
    $buffer = substr($buffer, $position+1);
    return $ret;
  }


edit: argh @ bold tags.

Those 2 functions are exactly the same..?

EDIT:
lol after dling the source code i see what was changed. yeah in the remove_string:

Code Select Expand


$buffer = substr($buffer, $position);


should be:

Code Select Expand


$buffer = substr($buffer, $position+1);


[Joe[x86]]

The problem was an outgoing packet, though =/

[dxoigmn]

Hehe whoops about the code samples. They're fixed now. Forgot to remove the +1 for the original example

The problem was an outgoing packet, though =/

Yeah but you were not removing stuff from the buffer, so the contents were left in the buffer, namely a null from the MPQ filename, and the rest of the equation string. Also, you're 2 DWORDs are being inserted, just at the end of the buffer. This fixed the problem, at least it worked for me.