• Welcome to Valhalla Legends Archive.
 

Connect to Realm Server

Started by smoke, May 23, 2003, 10:54 PM

Previous topic - Next topic

smoke

I've managed to get my d2xp client to authenticate and successfully log into battle.net chat, however, I am still having difficulty with what I am supposed to do with the returned IP address and port from 0x3e.  On most gateways, the IP according to the BnetDocs doesn't seem to be a valid host at all, much less one that would respond on the port provided.

What exactly do I need to do to initiate my realm connection?

Thanks,
-smoke

Kp

Quote from: smoke on May 23, 2003, 10:54 PM
I've managed to get my d2xp client to authenticate and successfully log into battle.net chat, however, I am still having difficulty with what I am supposed to do with the returned IP address and port from 0x3e.  On most gateways, the IP according to the BnetDocs doesn't seem to be a valid host at all, much less one that would respond on the port provided.

What exactly do I need to do to initiate my realm connection?

Thanks,
-smoke
What address are you receiving?  Packet dump of 0x3e preferred.
[19:20:23] (BotNet) <[vL]Kp> Any idiot can make a bot with CSB, and many do!

smoke

#2
Realm Logon Packet (0x3E - 83): 0x01 0x00 0x00 0x00 0x73 0x91 0xA6 0xFC 0x3F 0xF1 0x53 0x6E 0x36 0x1B 0x05 0x00 0x3F 0xF1 0x53 0x12 0x17 0xE0 0x00 0x00 0x00 0x00 0x00 0x00 0xA0 0x8A 0x38 0x00 0xEE 0xF6 0x28 0x17 0x50 0x58 0x32 0x44 0x36 0x38 0x58 0x49 0x3F 0xF1 0x53 0x6E 0x00 0x00 0x00 0x00 0xAD 0x78 0x32 0xA0 0x9C 0x95 0xF8 0xA0 0x48 0x70 0xEE 0x37 0x76 0xFA 0x88 0x8B 0xC0 0xC7 0x30 0x79 0x5B 0x6D 0x5D 0x73 0x6D 0x6F 0x6B 0x65 0x00 0x16 0x01

This is the packet I am receiving after I send a 0x3E packet to the server.  The IP Address is the 5th dword of this packet.  So it is 0x3F 0xF1 0x53 0x12, which is something like 63.241.83.18 (it may be reversed, I am uncertain in this particular case).  Regardless, neither this case or the reversed case appear to be "valid" IP addresses.  The port in which it tries to communicate is 57367 (reversing the 2 bytes gives the expected 6112... meaning this is in big-endian order instead of little-endian).  I am assuming that once I am given this IP address and Port number, I am to open a new socket which then uses the MCP protocol instead of the BNCS protocol.  Are there any other special packets I need to send before or after 0x3E in order to connect to the realm server?

I would just sniff out packets directly from a diablo ii exp session, however, I don't have it installed where I am at the moment.  So, it kind of makes things difficult to reverse-engineer.

Thanks,
smoke

smoke

Even for the realm server?  What does the port in the 0x3e client -> server packet relate to then?  Anybody that has experience with these packets, please add clearification comments to the BNetDocs.  The description currently there is very vague.

Thanks,
-smoke

smoke

Well, Noodlez just helped me realize that unlike most values in these packets, the Port value is actually in Big-Endian order rather than the common Little-Endian.  This is why the port number I was not 6112 as it should be.  Thanks for you help guys.

-smoke

smoke

Are there any specific bytes of data that I must send to the MCP server before I start sending any MCP packets?  (i.e. protocol byte of some kind)

-smoke

smoke

I took a wild guess on there being a protocol byte of some kind... and passing 0x01 seems to make it work.  Thanks again for everybodies assistance (whether it be in comments, documentation, examples)

-smoke

Camel

Quote from: Maddox on May 24, 2003, 12:35 AM
The port is always 6112.

while probably true, i wouldn't assume that. if it was inteded to be static, the port would probably not be provided in the packet. also, certain battle.net clone servers such as bnetd don't have native realm support, so seperate add-on programs are used that listen on non-6112 ports.

l)ragon

Quote from: Camel on May 24, 2003, 09:48 PM
Quote from: Maddox on May 24, 2003, 12:35 AM
The port is always 6112.

while probably true, i wouldn't assume that. if it was inteded to be static, the port would probably not be provided in the packet. also, certain battle.net clone servers such as bnetd don't have native realm support, so seperate add-on programs are used that listen on non-6112 ports.

that is if you pland to run the realm server from the same computer which would run normaly 6113, where as if you have two seperate computers you could very well do 6112.
*^~·.,¸¸,.·´¯`·.,¸¸,.-·~^*ˆ¨¯¯¨ˆ*^~·.,l)ragon,.-·~^*ˆ¨¯¯¨ˆ*^~·.,¸¸,.·´¯`·.,¸¸,.-·~^*

Camel

Quote from: dRAgoN on May 25, 2003, 04:02 PM
Quote from: Camel on May 24, 2003, 09:48 PM
Quote from: Maddox on May 24, 2003, 12:35 AM
The port is always 6112.

while probably true, i wouldn't assume that. if it was inteded to be static, the port would probably not be provided in the packet. also, certain battle.net clone servers such as bnetd don't have native realm support, so seperate add-on programs are used that listen on non-6112 ports.

that is if you pland to run the realm server from the same computer which would run normaly 6113, where as if you have two seperate computers you could very well do 6112.

so what? there are servers that use ports other than 6112. unless you support the port word, your bot will not work with those (realm) servers.

l)ragon

Quote from: Camel on May 26, 2003, 11:47 AM
so what? there are servers that use ports other than 6112. unless you support the port word, your bot will not work with those (realm) servers.

which gives good reason to parse it out of the packet and use it that way rather then out right bind your port to 6112 just because someone says its always that.
*^~·.,¸¸,.·´¯`·.,¸¸,.-·~^*ˆ¨¯¯¨ˆ*^~·.,l)ragon,.-·~^*ˆ¨¯¯¨ˆ*^~·.,¸¸,.·´¯`·.,¸¸,.-·~^*

smoke

The only complaint I have is the misdocumentation on that portion of the packet.  In the BnetDocs, it states it is a DWORD and not a word... that is the first error.  Secondly, it doesn't state the byte-ordering which appears to be backwards from most everything else (big-endian vs the common x86 native little-endian).  Personally, I try to rely on packets to tell me what to do instead of making assumptions which aren't necessarilly always true.  After finding out the correct format of the packet, it was clearly 6112, and it is good to be able to use that value directly from the packet to provide the best compatibility.

-smoke

Arta

This has now been corrected, thanks to an error report from Madd0x. Some extra information has also been added to the packet that should clear up any remaining confusion.

smoke

While on the topic of packets, does anybody have an idea why the Realm protocol frequently sends "55 55 55 55 55" packets for some reason?  It almost seems like an undocumented delimiter between packets.  I mean, if I were to assume that it was just like any other packet, this would result in my packet parsing code to assume a packet of length 0x5555 was being recieved.  This is clearly not the case.

Furthermore, has anybody documented the Diablo II Realm packets for creating/joining games?  If not, I have started to unpack the data that are within those particular packets and I will be happy to submit my findings when I am finished.

-Smoke

Soul Taker

Notes from back when I was working on getting my bot to create LoD games:


(Realm) Send
Word [Seq.]
Byte [Null?]
Byte [Difficulty flag]
Word [Null?]
Byte [0x01?]
Word [0x08FF?]
String [Name]
String [Pass]
String [Desc]
--
Starts game creation/join challenge
--
0000  15 00 03 11 00 00 00 00 00 01 FF 08 44 69 65 00    ............Die.
0010  4E 6F 77 00 00                                     Now..

0000  15 00 03 13 00 00 00 00 00 01 FF 08 44 69 65 00    ............Die.
0010  4E 6F 77 00 00                                     Now..

0000  17 00 03 17 00 00 00 00 00 01 FF 08 44 69 65 65    ............Diee
0010  00 4E 6F 77 77 00 00                               .Noww..

0000  19 00 03 04 00 00 10 00 00 01 06 05 44 69 69 69    ............Diii
0010  65 00 4E 6F 6F 6F 77 00 00                         e.Nooow..

0000  1B 00 03 09 00 00 20 00 00 01 07 06 44 69 69 65    ...... .....Diie
0010  00 4E 6F 6F 77 00 50 6C 6C 7A 00                   .Noow.Pllz.
--

(Realm) Recv
Dword [Pos. in line]
==
0000  07 00 14 18 00 00 00                               .......

0000  07 00 14 1B 00 00 00                               .......

0000  07 00 14 12 00 00 00                               .......
==

(Realm) Recv
Word [Seq.]
Word [Value used in sends to game server]
Word [Null?]
Dword [Flags?]
==
0000  0D 00 03 11 00 F5 03 00 00 00 00 00 00             .............

0000  0D 00 03 13 00 9F 02 00 00 00 00 00 00             .............

0000  0D 00 03 17 00 EC 03 00 00 00 00 00 00             .............
==

(Realm) Send
Word [Seq + 1]
String [Name]
String [Pass]
==
This is first when joining
==
0000  0D 00 04 12 00 44 69 65 00 4E 6F 77 00             .....Die.Now.

0000  0D 00 04 14 00 44 69 65 00 4E 6F 77 00             .....Die.Now.

0000  0F 00 04 18 00 44 69 65 65 00 4E 6F 77 77 00       .....Diee.Noww.
==

(Bnet) Send
Dword? [Create or join?]
4 Dwords [Null?]
String [Name]
String [Pass]
--
Seems to tell Bnet you should be shown as in this game
--
0000  FF 1C 21 00 01 00 00 00 00 00 00 00 00 00 00 00    ..!.............
0010  00 00 00 00 00 00 00 00 44 69 65 00 4E 6F 77 00    ........Die.Now.
0020  00                                                 .

0000  FF 1C 21 00 01 00 00 00 00 00 00 00 00 00 00 00    ..!.............
0010  00 00 00 00 00 00 00 00 44 69 65 00 4E 6F 77 00    ........Die.Now.
0020  00                                                 .


0000  FF 1C 23 00 01 00 00 00 00 00 00 00 00 00 00 00    ..#.............
0010  00 00 00 00 00 00 00 00 44 69 65 65 00 4E 6F 77    ........Diee.Now
0020  77 00 00                                           w..
--

(Realm) Recv
Word [Seq.]
Dword [Values in 0x03]
Dword [Gameserver IP]
Dword [Values sent to gameserver in 0x65]
Dword [Null?]
--
Used to connect to game server
--
0000  15 00 04 12 00 F5 03 00 00 3F F0 CA 38 99 70 1A    .........?..8.p.
0010  0B 00 00 00 00                                     .....

0000  15 00 04 14 00 9F 02 00 00 3F F0 CA 62 21 71 43    .........?..b!qC
0010  17 00 00 00 00                                     .....

0000  15 00 04 18 00 EC 03 00 00 3F F0 CA 3B 8C A4 C5    .........?..;...
0010  31 00 00 00 00                                     1....
--

(Bnet) Send
Dword [Game ID]
Dword [Version byte]
String [Name]
String [Pass]
--
0000  FF 22 14 00 50 58 32 44 09 00 00 00 44 69 65 00    ."..PX2D....Die.
0010  4E 6F 77 00                                        Now.

0000  FF 22 14 00 50 58 32 44 09 00 00 00 44 69 65 00    ."..PX2D....Die.
0010  4E 6F 77 00                                        Now.

0000  FF 22 16 00 50 58 32 44 09 00 00 00 44 69 65 65    ."..PX2D....Diee
0010  00 4E 6F 77 77 00                                  .Noww.
--

(Realm) Send
Empty
==
0000  03 00 13
==

(Bnet) Send
Empty
--
Leaves chat
--
0000  FF 10 04 00
--

*Connect to game server now*

(Game) Recv
==
0000  A7 01

(Game) Send
Dword [Values from 0x04]
Word [Values from 0x03 and 0x04]
Byte [Char class]
Byte [Version?]
Dword [Null?]
String [Char name] (fixed-len)
Byte [0x4c] (unless char name is 15 bytes, then the terminating null replaces this)
--
Needs to always be same len, can just put nulls in place of the junk data to make it this len.
0000  65 99 70 1A 0B F5 03 06 09 00 00 00 00 41 73 73    e.p..........Ass
0010  53 6F 75 6C 00 BB AA 6F 4B 00 00 00 4C             Soul...oK...L

0000  65 93 E1 F4 07 A6 03 04 09 00 00 00 00 59 78 7A    e............Yxz
0010  00 78 D4 77 E4 BB AA 6F 4B 00 00 00 4C             .x.w...oK...L

0000  65 C8 25 C3 27 36 03 04 09 00 00 00 00 51 7A 78    e.%.'6.......Qzx
0010  73 00 D4 77 E4 BB AA 6F 4B 00 00 00 4C             s..w...oK...L

0000  65 4A F6 3B 32 48 01 02 09 00 00 00 00 46 69 66    eJ.;2H.......Fif
0010  74 65 65 6E 43 68 61 72 73 48 75 6B 00             teenCharsHuk.

0000  65 00 D6 76 16 0C 02 00 09 00 00 00 00 48 65 49    e..v.........HeI
0010  49 5F 53 6C 61 79 65 72 00 00 00 00 4C             I_Slayer....L
--

(Game) Recv
--
No clue
--
0000  05 7A 09 A5 E0  
Got this instead only on Heii_Slayer?? 0000  06 75 D0 1D 9A 5E
--

(Game) Send
No idea
Seems you can send anything in this and will get the same response - using it to keep connection active now
--
0000  6A 1B 04 7D 06 00 00 00 00                         j..}.....

0000  6A 1D FE 7D 06 00 00 00 00                         j..}.....

0000  6A E1 D2 7E 06 00 00 00 00                         j..~.....

0000  6A 43 03 1A 00 00 00 00 00                         jC.......

0000  6A 8E 58 AB 00 00 00 00 00                         j.X......

0000  6A 46 1F AD 00 00 00 00 00                         jF.......

0000  6A EA CD 83 00 00 00 00 00                         j........
--

(Game) Recv
--
0000  02 5C                                              .\
--

(Game) Recv
--
0000  07 1F 7F FF FF FF C0                               .......
--

(Game) Send
--
Last packet before tons of data, game info
--
0000  68                                                 h
--

(Game) Send
--
Leaves game
--
0000  66                   f