• Welcome to Valhalla Legends Archive.
 

[Solved] Sending Bad 0x51

Started by Spilled, August 04, 2006, 02:15 AM

Previous topic - Next topic

Spilled

I'm sending an incorrect 0x51, can you spot the problem?

packetlog:

3  Hide  Hide  123  Send 
0000  FF 51 7B 00 A3 D4 26 22 34 37 32 31 00 4A 33 7F    .Q{...&"4721.J3.
0010  01 00 00 00 00 00 00 00 0D 00 00 00 01 00 00 00    ................
0020  E9 60 31 00 00 00 00 00 B9 ED 56 07 DA B3 3C EF    .`1.......V...<.
0030  15 1D D7 F9 E0 01 D3 17 73 19 FC F8 FF FF FF FF    ........s.......
0040  64 FD 3D 01 45 55 40 73 74 61 72 63 72 61 66 74    d.=.EU@starcraft
0050  2E 65 78 65 20 30 37 2F 30 39 2F 30 36 20 30 36    .exe 07/09/06 06
0060  3A 30 37 3A 33 37 20 31 32 31 36 35 31 32 00 53    :07:37 1216512.S
0070  70 69 6C 6C 65 64 5B 44 57 5D 00                            pilled[DW].


Thanks in advance!

UserLoser

Executable version looks rather wrong, along with your checksum value.

Spilled

hrmm... i dont see how im recieving the checksum or hashdata incorrectly


              s << cWhite << s.getTime() << cGreen << "Recieved SID_AUTH_INFO\n";
              s << cWhite << s.getTime() << cGreen << "Sending SID_AUTH_CHECK\n";
              key = *(long *)(strData + 8);
              unsigned long num = *(long *)(strData + 12);
              UINT verID = 0;
              DWORD CheckSum = 0;
              DWORD ClientToken = GetTickCount();
              int mpqNum = 0;
              char exeInfo[300];
      char *hash = (strData + strlen( (strData + 0x18)) + 0x19);
              char *tmp = strchr( (strData + 0x18), '.');
  if (tmp)
      mpqNum = atoi( tmp - 1);
              LPCTSTR files[] = {".\\STAR\\starcraft.exe", ".\\STAR\\storm.dll", ".\\STAR\\battle.snp"};
              char* mpqnum = strData+24;
              //csutil b;
              if(checkRevision(hash,files,3,mpqNum,&CheckSum) == 0)
              {
                    s << cWhite << s.getTime() << cRed << "CheckRevision Failed!\n";
                    closesocket( wSock );
                    return;
              }
             
              int returnValue = 0;
              returnValue = getExeInfo(files[0],exeInfo, 300,&verID,1);           
              if(returnValue == 0)
              {
                       s << cWhite << s.getTime() << cRed << "Failed to retrieve exe information!\n";
                       closesocket( wSock);
                       return;
              }

             
              UINT PubVal = 0, ProdID = 0;
              char HashData[20];
              if(kd_quick(CDKey,ClientToken,key,&PubVal,&ProdID, HashData,20) == 0)
              {
                     s << cWhite << s.getTime() << cRed << "Failed to decode cdkey!\n";
                     closesocket( wSock );
                     return;                             
              }


Here is my code

warz


Hero


MyndFyre

I see you don't actually give us the code that builds your packet.....  Gooooood thinking.
QuoteEvery generation of humans believed it had all the answers it needed, except for a few mysteries they assumed would be solved at any moment. And they all believed their ancestors were simplistic and deluded. What are the odds that you are the first generation of humans who will understand reality?

After 3 years, it's on the horizon.  The new JinxBot, and BN#, the managed Battle.net Client library.

Quote from: chyea on January 16, 2009, 05:05 PM
You've just located global warming.

Spilled

#6
Quote from: MyndFyre[vL] on August 04, 2006, 05:04 AM
I see you don't actually give us the code that builds your packet.....  Gooooood thinking.


             p.InsertDWORD(ClientToken);
             p.InsertDWORD(verID);
             p.InsertDWORD(CheckSum);
             p.InsertDWORD(1);
             p.InsertDWORD(0);
             p.InsertDWORD(13);
             p.InsertDWORD(ProdID);
             p.InsertDWORD(PubVal);
             p.InsertDWORD(0);
             p.InsertNonNTString(HashData);
             p.InsertNTString(exeInfo);
             p.InsertNTString("Spilled[DW]");
                 p.SendBNCSPacket(wSock,0x51);


Sorry about that MyndFyre

warz: I posted for help fixing my problem, if your not gonna help why post? If its a stupid mistake atleast point it out before getting your immature laugh in.

UserLoser

You should be using things like strcpy.

i.e. instead of:

char *hash = (strData + strlen( (strData + 0x18)) + 0x19);


use:
strcpy(hash, strData+offset);

strcpy will copy the strData until it gets to a null character in the stream

warz

wow, i really dont even remember making that post. notice it's at 03:22:19 AM. my bad, but userloser brings a good point. strcpy is a good function, and even better, strncpy if you know there's an exact length. another thing you might like to clue us in on is how this is a bad example of an 0x51 packet. are you being ip banned? receiving an error response? help us help you.

Spilled

Quote from: warz on August 05, 2006, 03:43 PM
wow, i really dont even remember making that post. notice it's at 03:22:19 AM. my bad, but userloser brings a good point. strcpy is a good function, and even better, strncpy if you know there's an exact length. another thing you might like to clue us in on is how this is a bad example of an 0x51 packet. are you being ip banned? receiving an error response? help us help you.

Yes I am being ipbanned and im not recieving any response from 0x51, just connection closed after sending.

UL: Thanks

Spilled

Problem solved, Sorry about the double post but wanted to post my solution. I threw a memset() call in like so:


              char HashData[100];
              memset(HashData,0x0,100);
              if(kd_quick(CDKey,ClientToken,key,&PubVal,&ProdID, HashData,20) == 0)
              {
                     s << cWhite << s.getTime() << cRed << "Failed to decode cdkey!\n";
                     closesocket( wSock );
                     return;                             
              }


How this affected it I have no idea, can someone perhaps explain ?