• Welcome to Valhalla Legends Archive.
 

Starcraft Keys

Started by Guest, February 16, 2003, 01:29 PM

Previous topic - Next topic
|

LordNevar

#15
It's been confirmed that it is a strict BNLS issue, and the change works in any manner of manipulating the last number of the assigned key.

A good fortune may forbode a bad luck, which may in turn disguise a good fortune.
The greatest trick the Devil ever pulled, was convincing the world he didn't exsist.

QwertyMonster


LordNevar

#17
I have been doing alot of research on this with a massive list of working keys for battle.net, and I'm talking 10's of thousands of working keys. I have noticed something in there construction so far. This is just an observation not a confirmation of truth. This was done using the list provided by Joe, and Ringo, and also my personal lists, and some lists from other people. I did not test all these key's, nor want to spend the time too. So we'll take in affect that say 75% of them work.

Ex: 0000600003862 <~~~ Joe's First Key [Verified]

Now if I am correct this is how the basic structure of them is composed.
This table will be listed by first to last digit of the respective key.

1.)The first number cannot be higher than (4), as far as I know. I do not have any key's that start with a 5. They range from 0-4.

2.)The second number can be as high as (9).

3.)Third number can go as high as (6).

4.)Forth number can be as high as (9).

5.)Fifth number can be as high as (9).

6.)Sixth number can be as high as (9).

7.)Seventh number can be as high as (5).

8.)Eighth number can be as high as (9).

9.)Ninth number can be as high as (9).

10.)Tenth number can be as high as (7).

11.)Eleventh number can be as high as (9).

12.)Twelth number can be as high as (9).

13.)Thirteenth can be any number you want it to be from 0-9 as long as the key is correct, cause regardless if you change the last number of any starcraft/battle.net cdkey you can log on with it. Unless of course your using BNLS witch will give you an invalid key.

Note: If you change the last digit of any working stacraft/battle.net cdkey, if the key works or is muted or voided or inuse it will give you the same response for any number you assign to it.

This is just what I have so far, I have not gotten into the barebones of it. If anyone can supply a key that disproves any of my statements above, please contact me so I can make adjustments to this.

So far only creating keys in this sequence, I have managed to make 3 working key's out of 65 attempts at it, so I am obviously either very lucky or on the right track.




A good fortune may forbode a bad luck, which may in turn disguise a good fortune.
The greatest trick the Devil ever pulled, was convincing the world he didn't exsist.

Arta

You guys should figure out how the decode routine works if you want to do this properly.

Blaze

Pffft, everyone already knows that starcraft keys are really poorly encrypted love messages between Yoni and Skywing.
Quote
Mitosis: Haha, Im great arent I!
hismajesty[yL]: No

Mesiah / haiseM

Quote from: Blaze on November 26, 2005, 09:54 AM
Pffft, everyone already knows that starcraft keys are really poorly encrypted love messages between Yoni and Skywing.

For one, I didn't know cdkeys were encrypted at all....

For another, why would they use cdkeys as a means of sharing love? Isn't that why they made the Botnet?

Anyways, on a more productive side of things, Arta is correct. To decipher and interperet the decoding technique will play a key role in analyzing how these keys are truely put together. However the server validates them, we will never know. But what we can do, is take a look at the key ideas, and use them to help analyze the decoding methods while reversing.

I, personally, do not know what file would be decompiled to look for such data, But I have seen many examples of code to emulate this routine.

To emulate such a complex matter, we can verify that we know how to "spoof" this routine. But this does not mean that we have "cracked" it full-proof.

Any information on what should/could be reversed to help aid in this matter would be great. I'm not the greatest with asm, but with all this useful data, and active users on this topic, I think we are not too farfetched from our answer. So lets keep this going guys...

Imagine, releasing our bots, without the need of a personal cdkey purchased from a store...

Imagine, the ease of usage for our users, and users to come... This could be a good thing, as long as we keep it away from those vile fools who abuse such information. Keep up the good work.
]HighBrow Innovations
Coming soon...

AIM Online Status: 

Kp

Quote from: Mesiah / haiseM on November 26, 2005, 05:51 PMImagine, releasing our bots, without the need of a personal cdkey purchased from a store...

Imagine, the ease of usage for our users, and users to come... This could be a good thing, as long as we keep it away from those vile fools who abuse such information. Keep up the good work.

Do you really think that the information would be long withheld from abusers if it goes into a publicly released client?  Also, remember what Blizzard did when bots emulating Diablo (a cdkey-free product) became too troublesome: confined all Diablo clients to a fairly useless subset of channels.  Do you doubt that they'll do the same to Starcraft if it becomes possible for any average user to make up a working cdkey?  As soon as keys can be generated, their anti-piracy measures and anti-abuser measures are rendered totally useless.  Anyone can download an illegal copy of Starcraft, synthesize a key, and log on to play on battle.net.  (Yes, people can do this already with third-party servers, but Blizzard seems to be much less interested in this - perhaps because there's no easy way for them to stop it.)  I could go on about the other dangers associated with a publicly available algorithm for key generation, but I think you'll get the point.
[19:20:23] (BotNet) <[vL]Kp> Any idiot can make a bot with CSB, and many do!

UserLoser.

Pattern matching probably won't get you really far.  Do what Arta said first

shadypalm88

The last digit in a StarCraft CD key is a check digit:  A value computed from the other 12 digits is equal to this value in valid keys.

C(++) code that does this:int accum, i;
// Verification
accum = 3;
for (i = 0; i < (keyLen - 1); i++) {
    accum += ((cdkey[i] - '0') ^ (accum * 2));
}

if ((accum % 10) != (cdkey[12] - '0'))
    return 0;


So, seed the verification value with 3.  For each of the digits in the key, except for the last one, add that digit's numeric value XOR the current verification value x 2 to the current verification value.  The value modulo 10 (so that the check digit can be only one digit) should equal the last digit in the key.  If not, the key is invalid.

I guess you could just generate the first 12 digits and then calculate the check digit, but that's not very helpful.

Shuffling happens next during the decode and is fairly self-explanatory; here's a small program that takes a key, shuffles it, and then returns to the original key:
// file: keyshuffle.c
#include <string.h>
#include <stdio.h>

int main (int argc, char const* argv[])
{
char* cdkey;
int pos, i;
char temp;

if (argc < 2) {
fprintf(stderr, "usage: %s {cd-key}\n", argv[0]);
return 1;
}
cdkey = (char*) argv[1];
printf("Original   = \"%s\"\n", cdkey);

// Shuffling
pos = 0x0B;
for (i = 0xC2; i >= 7; i -= 0x11) {
temp = cdkey[pos];
cdkey[pos] = cdkey[i % 0x0C];
cdkey[i % 0x0C] = temp;
pos--;
}

printf("Shuffled   = \"%s\"\n", cdkey);

// Unshuffling
pos = 0;
for (i = 7; i <= 0xC2; i += 0x11) {
temp = cdkey[i % 0x0C];
cdkey[i % 0x0C] = cdkey[pos];
cdkey[pos] = temp;
pos++;
}

printf("Unshuffled = \"%s\"\n", cdkey);
return 0;
}
The last step in the process follows; I can't think atm how you would take the known product value, public value (value1), and private value (value2) and reverse this step (and then unshuffle it) to produce an actual key.  Maybe someone less mathematically ignorant than I am can shed light on this.// Final Value
for (i = (keyLen - 2); i >= 0; i--) {
temp = toupper(cdkey[i]);
cdkey[i] = temp;
if (temp <= '7') {
cdkey[i] ^= (char) (hashKey & 7);
hashKey >>= 3;
} else if (temp < 'A') {
cdkey[i] ^= ((char) i & 1);
}
}

// Final Calculations
sscanf(cdkey, "%2ld%7ld%3ld", &product, &value1, &value2);

Joe[x86]

I haven't studied the method used here, but as far as I know once the key is decoded to its three values, its basically like a hashing method. You're going to have to bruteforce to get the original key back.
Quote from: brew on April 25, 2007, 07:33 PM
that made me feel like a total idiot. this entire thing was useless.

Arta

If I remember rightly, the encode procedure is the same for encoding and decoding - it's an XOR cipher.

shadypalm88

Quote from: Arta[vL] on November 27, 2005, 04:23 PM
If I remember rightly, the encode procedure is the same for encoding and decoding - it's an XOR cipher.
Good call.

encodekey.c

Quote from: Terminal$  gcc -Wall -o sckey encodekey.c
$ ./sckey 2379322577914
Product       = 0x00000001
Public Value  = 0x0025FF9B
Private Value = 0x0000018C
$ ./sckey 0x0025FF9B 0x0000018C
CD-Key = 2379322577914

MyndFyre

I believe you shouldn't use Len(key) - 1.  That would be valid if you were using 0-based arrays, but since you're using i = 1 to ..., you'll probably want to go to Len(key).
QuoteEvery generation of humans believed it had all the answers it needed, except for a few mysteries they assumed would be solved at any moment. And they all believed their ancestors were simplistic and deluded. What are the odds that you are the first generation of humans who will understand reality?

After 3 years, it's on the horizon.  The new JinxBot, and BN#, the managed Battle.net Client library.

Quote from: chyea on January 16, 2009, 05:05 PM
You've just located global warming.

l2k-Shadow

#28
Ringo:
Code in my next post.

@ MyndFyre: Actually his way is correct because you only calculate the first 12 digits and not the 13th one which is the digit you are trying to end up with. His mistake was elsewhere though as you see..
Quote from: replaced on November 04, 2006, 11:54 AM
I dunno wat it means, someone tell me whats ix86 and pmac?
Can someone send me a working bot source (with bnls support) to my email?  Then help me copy and paste it to my bot? ;D
Já jsem byl určenej abych tady žil,
Dával si ovar, křen a k tomu pivo pil.
Tam by ses povídaj jak prase v žitě měl,
Já nechci před nikym sednout si na prdel.

Já nejsem z USA, já nejsem z USA, já vážně nejsem z USA... a snad se proto na mě nezloběj.

l2k-Shadow

#29
Sorry about that I kinda skimmed through it and didn't notice what I did... anyway this works:

Public Function VerifyKey(CdKey As String) As Boolean
' Function ported to VB6 from C++ by l2k-Shadow
    Dim Value As Long, i As Integer
    Value = 3
    For i = 1 To 12
        Value = Value + (Mid$(CdKey, i, 1) Xor (Value * 2))
    Next i
    If (Value Mod 10) = Right$(CdKey, 1) Then VerifyKey = True
End Function
Quote from: replaced on November 04, 2006, 11:54 AM
I dunno wat it means, someone tell me whats ix86 and pmac?
Can someone send me a working bot source (with bnls support) to my email?  Then help me copy and paste it to my bot? ;D
Já jsem byl určenej abych tady žil,
Dával si ovar, křen a k tomu pivo pil.
Tam by ses povídaj jak prase v žitě měl,
Já nechci před nikym sednout si na prdel.

Já nejsem z USA, já nejsem z USA, já vážně nejsem z USA... a snad se proto na mě nezloběj.

|