Alot of issues with SID_AUTH_INFO packet

[Wesley]

First of all the checksum value from CheckRevision doesn't match a packet log I have that the client sent to the server. Using the same Client and Server token in a previous login session I should have been able to emulate the SID_AUTH_INFO packet that was sent to the server. The hashes are off, the public key values are off, the checkrevision checksum is off as well using bncsutil 1.2.0. The structs and format is dead on it's the values that are incorrect.

I know it's a bit sloppy, but bear with me.

Code Select Expand


SID_AUTH_INFO_IN * pTmp2 = (SID_AUTH_INFO_IN*)pTmp->pkt_data;
_MainConnection->ServerToken = pTmp2->ServerToken;
DWORD ClientToken;
unsigned int EXEVersion;
DWORD EXEHash;
int FileSize = 0;
const char * cdkey1;
const char * cdkey2;
int decoder1 = 0;
int decoder2 = 0;
int HashLength1 = 0;
int HashLength2 = 0;
char CdkeyHash1[100];
memset(CdkeyHash1,0x0,100);
char CdkeyHash2[100];
memset(CdkeyHash2,0x0,100);
char EXEInfo[100];
memset(EXEInfo,0x0,100);
unsigned long checksum = 0;
unsigned long servertoken = pTmp2->ServerToken;
#pragma pack(1)
struct Response
{
DWORD ClientToken;
DWORD EXEVersion;
DWORD EXEHash;
DWORD NumberOfKeys;
BOOL  UsingSpawn;

DWORD KeyLength;
DWORD KeyProduct;
DWORD KeyPublic;
DWORD Unknown;
unsigned char hashdata[20];
DWORD KeyLength2;
DWORD KeyProduct2;
DWORD KeyPublic2;
DWORD Unknown2;

unsigned char hashdata2[20];
char EXEInformation[35];
char OwnerInfo[5];
}Packet;
// XXXXXXXXXXXXXXXX replaces what used to be real cdkeys.
cdkey1 = "XXXXXXXXXXXXXXXX";
cdkey2 = "XXXXXXXXXXXXXXXX";
ClientToken = GetTickCount();
decoder1 = kd_create(cdkey1,strlen(cdkey1));
HashLength1 = kd_calculateHash(decoder1,ClientToken,servertoken);
kd_getHash(decoder1,CdkeyHash1);

decoder2 = kd_create(cdkey2,strlen(cdkey2));
HashLength2 = kd_calculateHash(decoder2,ClientToken,servertoken);
kd_getHash(decoder2,CdkeyHash2);

HANDLE hF = CreateFileA("C:/Games/Diablo II/game.exe",GENERIC_READ,FILE_SHARE_READ,NULL,OPEN_EXISTING,0,NULL);
FileSize = GetFileSize(hF,0);
CloseHandle(hF);

getExeInfo("C:/Games/Diablo II/game.exe",EXEInfo,FileSize,&EXEVersion,1);
checkRevisionFlat(pTmp2->FormulaString,"C:/Games/Diablo II/Game.exe","C:/Games/Diablo II/bnclient.dll","C:/Games/Diablo II/d2client.dll",extractMPQNumber(pTmp2->File),&checksum);

Packet.ClientToken = ClientToken;
Packet.EXEVersion = EXEVersion;
Packet.EXEHash = checksum;
Packet.NumberOfKeys = 0x02;
Packet.UsingSpawn = 0x00;
Packet.KeyLength = strlen(cdkey1);
Packet.KeyProduct = kd_product(decoder1);
Packet.KeyPublic = kd_val1(decoder1);
Packet.Unknown = 0x00000000;
memcpy(Packet.hashdata,CdkeyHash1,20);
Packet.KeyLength2 = strlen(cdkey2);
Packet.KeyProduct2 = kd_product(decoder2);
Packet.KeyPublic2 = kd_val1(decoder2);
Packet.Unknown2 = 0x00000000;
memcpy(Packet.hashdata2,CdkeyHash2,20);
EXEInfo[0] = ::toupper(EXEInfo[0]);
strcpy(Packet.EXEInformation,EXEInfo);
strcpy(Packet.OwnerInfo,"Owner");
BNCS pTmp8;
pTmp8.pHead.header = 0xFF;
pTmp8.pHead.Opcode = 0x51;
pTmp8.pHead.pLen = (sizeof(BNCSHeader) + sizeof(Packet));
memcpy(pTmp8.pkt_data,&Packet,sizeof(Packet));
_MainConnection->_MainSocket->Send((const char*)&pTmp8,pTmp8.pHead.pLen);


[MyndFyre]

Are you providing the game files in the correct order to CheckRevision?

[Newby]

I'm surprised in a Windows C++ project, you can use forward slashes in a file path.

I always thought it would be a '\\' versus a '/'.

Just something I found interesting.

[Wesley]

Yeah you can use forward slashes.

The following code reads the packet saved raw packet dump into `buffer` to use as if it just received it from the server.

Code Select Expand


SID_AUTH_INFO_IN * pTmp2 = (SID_AUTH_INFO_IN*)buffer;
unsigned long checksum;
printf("Success: %d\n", checkRevisionFlat(pTmp2->FormulaString,"C:/Games/Diablo II/d2client.dll","C:/Games/Diablo II/bnclient.dll","C:/Games/Diablo II/Game.exe",extractMPQNumber(pTmp2->File),&checksum));
printf("Test: %X\n", checksum);
printf("Success: %d\n", checkRevisionFlat(pTmp2->FormulaString,"C:/Games/Diablo II/d2client.dll","C:/Games/Diablo II/Game.exe","C:/Games/Diablo II/bnclient.dll",extractMPQNumber(pTmp2->File),&checksum));
printf("Test: %X\n", checksum);
printf("Success: %d\n", checkRevisionFlat(pTmp2->FormulaString,"C:/Games/Diablo II/Game.exe","C:/Games/Diablo II/bnclient.dll","C:/Games/Diablo II/d2client.dll",extractMPQNumber(pTmp2->File),&checksum));
printf("Test: %X\n", checksum);
printf("Success: %d\n", checkRevisionFlat(pTmp2->FormulaString,"C:/Games/Diablo II/Game.exe","C:/Games/Diablo II/d2client.dll","C:/Games/Diablo II/bnclient.dll",extractMPQNumber(pTmp2->File),&checksum));
printf("Test: %X\n", checksum);
printf("Success: %d\n", checkRevisionFlat(pTmp2->FormulaString,"C:/Games/Diablo II/bnclient.dll","C:/Games/Diablo II/Game.exe","C:/Games/Diablo II/d2client.dll",extractMPQNumber(pTmp2->File),&checksum));
printf("Test: %X\n", checksum);
printf("Success: %d\n", checkRevisionFlat(pTmp2->FormulaString,"C:/Games/Diablo II/bnclient.dll","C:/Games/Diablo II/d2client.dll","C:/Games/Diablo II/Game.exe",extractMPQNumber(pTmp2->File),&checksum));
printf("Test: %X\n", checksum);


Output:

Code Select Expand


Success: 1
Test: 94A7A8
Success: 1
Test: 12F3F8
Success: 1
Test: 12F3F8
Success: 1
Test: 12F3F8
Success: 1
Test: 12F3F8
Success: 1
Test: 12F3F8