Starcraft Keys

UserLoser. · November 29, 2005, 09:20 PM

This whole idea is very bad. This shouldn't be on a public forum like this...especially when it's populated by nothing but Battle.netters.....just letting you know ahead of time.

Newby · November 29, 2005, 09:56 PM

Quote from: UserLoser on November 29, 2005, 09:20 PM
This whole idea is very bad. This shouldn't be on a public forum like this...especially when it's populated by nothing but Battle.netters.....just letting you know ahead of time.

To UserLoser: Are you excluding yourself from the Battle.netters? I'm curious.

Who cares if they figure out how to differentiate real CD-Keys from fake CD-Keys? Does Battle.net REALLY mean that much to you? Do you REALLY think they're going to get anywhere, and if they do, and Battle.net ends up dying (which it probably won't, since they still have Diablo II/Warcraft III) what does it matter?

UserLoser. · November 29, 2005, 10:21 PM

Quote from: Newby on November 29, 2005, 09:56 PM
Quote from: UserLoser on November 29, 2005, 09:20 PM
This whole idea is very bad. This shouldn't be on a public forum like this...especially when it's populated by nothing but Battle.netters.....just letting you know ahead of time.

To UserLoser: Are you excluding yourself from the Battle.netters? I'm curious.

Who cares if they figure out how to differentiate real CD-Keys from fake CD-Keys? Does Battle.net REALLY mean that much to you? Do you REALLY think they're going to get anywhere, and if they do, and Battle.net ends up dying (which it probably won't, since they still have Diablo II/Warcraft III) what does it matter?

No I'm not excluding my self, but I'm not about to become one of the morons who ruin a free service like B.net for the rest of us. The whole point is all you stupid kiddies out there who sit there all day chatting on your Starcraft bots will be stuck in public channels like Diablo is. What's your problem anyways? You always have to come back with such a direct personal attack to me. You have nothing to contribute to this thread or this development forum as a whole. I already put my two cents in and I'm not about to help them figure out how to generate working CdKeys from what I know. Go to hell, get a job, get a girl, just get a life and don't reply to my posts anymore.

Joe[x86] · November 29, 2005, 10:31 PM

UserLoser, I hate to break it to you, but Battle.net is already dying. All we can do is speed its agonizing death.

Another thing, how many random people who come to this website know how to program? I mean, sure, we know what this stuff means, but programmers are a small fraction of the world. Beyond that, how many of us would write a program (and release it) that spews out every single real key, so that a floodbot could easily use it. I don't know about you guys, but I wouldn't.

l2k-Shadow · November 29, 2005, 11:02 PM

Also I'd like to point out, myself (and I'm sure quite others who are contributing to this research) are only doing this as an interest factor in our free time... we have nothing to gain or lose by this but it's an interesting topic to entertain us with. If it wasn't, then I'm sure it would not have been discussed for 4 pages of replies.

MyndFyre · November 30, 2005, 12:39 AM

Quote from: Joe on November 29, 2005, 10:31 PM
UserLoser, I hate to break it to you, but Battle.net is already dying. All we can do is speed its agonizing death.

If its death is SO agonizing, then 1.) Blizzard would have just shut it down, and 2.) why don't you just go do something else?

Why do you want to finish off something that's free and fun?

Joe[x86] · November 30, 2005, 06:56 AM

See the next paragraph. I hope the programmers of the world are more responsible than that.

Arta · November 30, 2005, 10:21 AM

Quote from: UserLoser on November 29, 2005, 09:20 PM
This whole idea is very bad. This shouldn't be on a public forum like this...especially when it's populated by nothing but Battle.netters.....just letting you know ahead of time.

Userloser is exactly right. I'll pass on the advice Sky gave me when I was doing some of this stuff a few years back: if you figure it out, Blizzard will probably add the same restrictions to Starcraft that exist for Diablo 1.

Quote from: l2k-Shadow on November 29, 2005, 08:36 PM
Also, Arta, if I may ask, where do you conclude that there is an actual computation you can do to derive a private value from a public value?

Because that's how the system works. We deduce that this is possible because it's the only way that Battle.net could verify your hashed cd key data.

All the other data in the hash is passed in plaintext: the private is not (hence the name). Thus, in order to compute a hash and compare it to the hash provided by the client, Battle.net must be able to compute the value of the private *somehow*. If you think about it, and look at the other data available during the logon, it becomes clear that the key's private value is the only real candidate.

I think that this is a worthwhile thing to be looking into, but I also think that there are ethical concerns that you should take into account. If you did figure out the public->private formula, or even if you just bruteforce all the valid keys (it would take a while, but I'm sure it's tractible - you can do it in constant time, I think: O(10^10)), you're going to be producing keys that other people have paid for, and using those keys wouldn't really be very polite. Additionally, it's likely that any successful attempt on your part would lead to the restriction of stacraft and broodwar clients on Battle.net. I think you should proceed carefully.

MyndFyre · November 30, 2005, 11:09 AM

You can't "unhash." Hashing functions (at least the ones used by Battle.net) are one-way. Theoretically, you could hash multiple values and have the same hash value (this is called a collision, and it's how bruteforce hash-cracking works), but you'll never know with certainty which of the values was the one used to compute the initial hash. There are 2¹⁶⁰ possible values for SHA-1, which means that ideally there are 2¹⁶⁰ possible inputs that each produce distinct values.

MyndFyre · November 30, 2005, 12:11 PM

Because you hash something and the output is always the same.

A very trivial hashing function H(x) might only emit values 1-10 for any particular input. For example:
H("a") = 1
H("b") = 2
H("c") = 3
...
H("j") = 10
H("k") = 1

But no matter what, H("a") is always equal to 1. So, Blizzard can verify whether I know my password without them actually knowing my password if I simply give them a hash of it.

H("password") always equals H("password"). And, if they store H("password") on their server, they know the hash of my password, and then if we do H(client key + server key + H("password")) or some other type of similar order, then the hash will always be the same given that input. That's why the client and server keys are exchanged; the password hash itself is always known by both sides, and the client/server keys add a random element that would make someone sniffing packets do twice as much work just to bruteforce one password.

l2k-Shadow · November 30, 2005, 12:41 PM

Quote from: Ringo on November 30, 2005, 10:46 AM
Quote from: Arta[vL] on November 30, 2005, 10:21 AM
All the other data in the hash is passed in plaintext: the private is not (hence the name). Thus, in order to compute a hash and compare it to the hash provided by the client, Battle.net must be able to compute the value of the private *somehow*. If you think about it, and look at the other data available during the logon, it becomes clear that the key's private value is the only real candidate.
I was thinking about this, and the best idea of how it was all going on bnet's end was that:
when bnet gets your cdkey hash, it uses the product code in the packet to check for wrong product (and maybe the key lengh), and if that pass's, it uses then client token and the server token issued to unhash the cdkey hash data (maybe a quick function to get 1 DWORD of it?) to get the private value.
Then uses the product value in the packet/unhash cdkey, to point to a data base/box, or somthing to check the cdkey in.
When that thing gets the private value (witch would be a pointer to another data base maybe) which searchs a public value list for a match and return invalid if not found.
Thats probly far from how it works, hah

I have some pritty crazzy ideas of how things work

If I understand correctly, I don't think the server token/client token have anything to do with the cd-key... since the private value is always the same for every key, how would u use 2 random values to calculate it? -.- I think it's more to do with the public value itself OR public value + the CDKey hash. Now I think we should figure out if it uses only public value or the public value and CDKey hash... before trying to make any computations.

l2k-Shadow · November 30, 2005, 12:48 PM

Right, sorry I misread Arta's reply post.

dxoigmn · November 30, 2005, 12:52 PM

Quote from: Arta[vL] on November 30, 2005, 10:21 AM
Because that's how the system works. We deduce that this is possible because it's the only way that Battle.net could verify your hashed cd key data.

All the other data in the hash is passed in plaintext: the private is not (hence the name). Thus, in order to compute a hash and compare it to the hash provided by the client, Battle.net must be able to compute the value of the private *somehow*. If you think about it, and look at the other data available during the logon, it becomes clear that the key's private value is the only real candidate.

What is stopping Battle.net from looking up the public and product values in a database for the corresponding private value and comparing hashes that way? Would be one huge database, but it would also be very fast.

Edit: If this is the case, then it is possible private values are completely random.

MyndFyre · November 30, 2005, 01:20 PM

Quote from: l2k-Shadow on November 30, 2005, 12:41 PM
If I understand correctly, I don't think the server token/client token have anything to do with the cd-key... since the private value is always the same for every key, how would u use 2 random values to calculate it? -.- I think it's more to do with the public value itself OR public value + the CDKey hash. Now I think we should figure out if it uses only public value or the public value and CDKey hash... before trying to make any computations.

It doesn't necessarily. I was referring to the username/password authentication scheme where Battle.net requires a double-hash of data, the second time including the server and client tokens. Since he was asking about hashing in general, I thought I'd illustrate that example.

Arta · November 30, 2005, 08:29 PM

Quote from: dxoigmn on November 30, 2005, 12:52 PM
What is stopping Battle.net from looking up the public and product values in a database for the corresponding private value and comparing hashes that way? Would be one huge database, but it would also be very fast.

Edit: If this is the case, then it is possible private values are completely random.

I suppose that's plausible for Starcraft keys, but I think a computation would be quicker (and definitely more memory-efficient). Additionally, it would be completely implausible for Diablo II or Warcraft III keys, and I rather suspect that they all use the same system, but with different key formats/calculations.

Starcraft Keys

UserLoser.

UserLoser.