[VB] Sending 0x51

Fapiko · July 02, 2006, 11:56 PM

Just guessing that somebody is going to complain about where I posted this because it has to do with the sending of a battle.net packet, or involves MBNCSUtil, or some other goofy thing like that, but I'm working with .NET so I chose to place it in the .NET forum.

The problem I am having is that I keep getting the 0x101 Invalid Version response to battle.net, and I cannot figure out what I am doing wrong. I thought it might be the conversion from the byte array to messing up some of the characters in the key hash, but in the end I don't think that's the problem. Here is my sub, if you can figure out what I may be doing wrong please reply.

Code Select


Friend Sub Send0x51(ByVal Index As Byte, ByVal ServerToken As UInteger, ByVal HashCommand As String, ByVal MPQNumber As Byte)
        'see packet reference: http://bnetdocs.valhallalegends.com/content.php?Section=m&Code=4

        Dim CRevision As Long
        Dim ClientToken As UInteger
        Dim Files(2) As String
        Dim KeyHash As String
        Dim HashLength() As Byte
        Dim Decoder As MBNCSUtil.CdKey

        Files(0) = Application.StartupPath & "\Hashes\W2BN\Warcraft II Bne.exe"
        Files(1) = Application.StartupPath & "\Hashes\W2BN\storm.dll"
        Files(2) = Application.StartupPath & "\Hashes\W2BN\battle.snp"

        CRevision = MBNCSUtil.CheckRevision.DoCheckRevision(HashCommand, Files, MPQNumber)
        If CRevision = 0 Then
            QueueAddC(Index, Color.Red, "Hashes did not pass check revision.")
            Exit Sub
        End If

        ClientToken = Right(GetTickCount(), 5)

        Decoder = MBNCSUtil.CdKey.CreateDecoder(Profiles(Index)(3))

        HashLength = Decoder.GetHash(ClientToken, ServerToken)
        KeyHash = Decoder.GetHashCode()

        With PBuffer
            .InsertDWORD(ClientToken)
            .InsertDWORD(0)
            .InsertDWORD(CRevision)
            .InsertDWORD(1)
            .InsertDWORD(0)
            .InsertDWORD(Len(Profiles(Index)(3))) ' CDKey
            .InsertDWORD(Decoder.Product)
            .InsertDWORD(Decoder.Value1)
            .InsertDWORD(0)
            .InsertNonNTString(ASCII.GetString(HashLength))
            .InsertNTString("")
            .InsertNTString("Fapiko")
            .SendPacket(Index, &H51)
        End With
    End Sub

Also, here is the log:

Code Select


Flappy Chat Bot v1.0
OUT [0x50]:
0000: 50 3A 00 00 00 00 00 36 38 58 49 4E 42 32 57 4F  P:.....68XINB2WO
0010: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
0020: 00 00 00 00 00 00 00 55 53 41 00 55 6E 69 74 65  .......USA.Unite
0030: 64 20 53 74 61 74 65 73 00                       d States.       

IN [0x25]:
0000: 25 08 00 0B 3F 2F 40                             %..?/@         

OUT [0x25]:
0000: 25 08 00 0B 3F 2F 40                             %..?/@         

IN [0x50]:
0000: 50 62 00 00 00 00 00 37 3F 3F 3F 3F 3F 24 00 00  Pb.....7?????$..
0010: 3F 41 43 25 0B 3F 01 49 58 38 36 76 65 72 34 2E  ?AC%.?IX86ver4.
0020: 6D 70 71 00 41 3D 31 30 31 32 34 33 34 32 31 38  mpq.A=1012434218
0030: 20 42 3D 31 33 39 37 36 35 39 37 31 20 43 3D 34   B=139765971 C=4
0040: 30 37 30 32 33 33 20 34 20 41 3D 41 5E 53 20 42  070233 4 A=A^S B
0050: 3D 42 2B 43 20 43 3D 43 2D 41 20 41 3D 41 2B 42  =B+C C=C-A A=A+B
0060: 00                                               .               

OUT [0x51]:
0000: 51 44 00 3F 67 00 00 00 00 00 00 3F 3F 3F 5E 01  QD.?g......???^
0010: 00 00 00 00 00 00 00 10 00 00 00 04 00 00 00 64  .............d
0020: 48 01 00 00 00 00 00 3F 6B 05 3F 7A 3F 2D 3F 43  H.....?k?z?-?C
0030: 3F 69 3F 3F 3F 4D 76 52 11 3F 3F 00 46 61 70 69  ?i???MvR??.Fapi
0040: 6B 6F 00                                         ko.             

IN [0x51]:
0000: 51 09 00 01 01 00 00 00                          Q.....

[MyndFyre edit: added code tags (to remove smileys), removed packet reference and replaced with link to BnetDocs]

Joe[x86] · July 03, 2006, 02:38 AM

The second DWORD you're sending is hardcoded to 0, but it should be a CheckRevison-related value.

MyndFyre · July 03, 2006, 04:07 AM

Joe is correct; also, you're not including the EXE "description" string. This is obtained via CheckRevision.GetExeInfo(string, &string).

Code Select


Dim ExeVer As Integer
Dim ExeInfo As String

ExeVer = MBNCSUtil.CheckRevision.GetExeInfo(Files(0), ByRef ExeInfo)

' Your "with PBuffer" code is modified below:
        With PBuffer
            .InsertDWORD(ClientToken)
            .InsertDWORD(ExeVer)
            .InsertDWORD(CRevision)
            .InsertDWORD(1)
            .InsertDWORD(0)
            .InsertDWORD(Len(Profiles(Index)(3))) ' CDKey
            .InsertDWORD(Decoder.Product)
            .InsertDWORD(Decoder.Value1)
            .InsertDWORD(0)
            .InsertNonNTString(ASCII.GetString(HashLength))
            .InsertNTString(ExeInfo)
            .InsertNTString("Fapiko")
            .SendPacket(Index, &H51)
        End With

Also, you shouldn't use Encoding.ASCII.GetString(hash) to insert the string. It's a byte array and should stay as such. With Encoding.ASCII you risk losing values greater than 0x7f, and a cursory glance at your packet log indicates that all the bytes in the hash are less than 0x7f. That's pretty surprising considering there are 20 bytes there!

Fapiko · July 03, 2006, 05:47 PM

You don't need the EXE info to successfully achieve a hashed connection to battle.net. Neither my VB6 bots nor my PHP bots ever include it, which leads me back to my previous belief that it may be the conversion from a byte array to a string that is causing the problem. How should I convert it to a string without using Encoding.ASCII? I tried Encoding.Unicode and Encoding.UTF8, but they got me IP'd. From reading previous posts on these forums, I know that MyndFire insists on people using byte arrays for their packet buffers but I would prefer to keep this one as a string for now.

MyndFyre · July 03, 2006, 06:05 PM

I suppose you could convert each to a character then a byte:

Code Select


For i = 0 To HashLength.Length
    .InsertByte(CByte(HashLength(i) And &Hff))
Next

Are you aware that MBNCSUtil also includes a packet buffer designed for Battle.net?

Fapiko · July 03, 2006, 11:42 PM

Well, I think I finally got it working, but now it's sending me Invalid Key every time. When I call Decoder.Key, it gives me some random string that is definatly not the key I put into it. Isn't it supposed to give me the cdkey I initialized the decoder with?

MyndFyre · July 04, 2006, 01:55 AM

No, once the key is initialized, it gives you the decoded version of the key in the Key property. I don't know any reason why you would need the physical key, though; the CdKey class gives you instance properties for the public/private/product.

I'll take it under advisement, though, that the Key property should be the original string and there should be a DecodedKey property. Thanks for the feedback.

Fapiko · July 04, 2006, 04:23 PM

Well, I was really just checking to see if it was messing my key up once it got it into the decoder since I was getting the Invalid Key response from battle.net after changing my packet buffer to use a byte array. Anyways, I suppose I'll do some more testing to make sure I'm doing everything like I'm supposed to, I was just curious as to what I was supposed to be getting back from the Key property because I didn't recall reading that it gave me the decoded key in the MBNCSUtil documentation.

MyndFyre · July 04, 2006, 06:59 PM

Yeah, you were right. I forgot that I reassigned the backing store for the key property after decoding.