lockdown-IX86-XX.mpq update?

[warz]

You surely do have some crazy looking string values there. :-P
These are the two I've been working with...

char seed00[] = { 0xAD, 0x09, 0xEA, 0xB3, 0x63, 0x41, 0x98, 0xA2, 0xF8, 0xE2, 0xA8, 0xB3, 0x99, 0xC2, 0xCB, 0xB2, 0x00 };
char seed13[] = { 0xD8, 0x85, 0xA8, 0x15, 0x91, 0x23, 0x10, 0x26, 0x2D, 0x22, 0x55, 0xC3, 0x91, 0x62, 0x37, 0xD9, 0x00 };

[Ersan]

Code Select Expand

00
A3 10 AD 4F 97 A7 F6 A4 9B DE 5E F5 5B 3D B5 EF 00
CE 4F F8 EC 20 AC 60 D2 A3 63 A9 2A CA 80 A3 6B 00

05
3B 04 51 FF 6E 79 AF 9C EA 87 A7 8C ED A2 EB AB 00

06
B8 27 1E DD AD 58 26 1A 69 60 80 CD 3C 98 1B F0 00
82 7A 8B 92 A1 86 23 20 53 7F 71 93 21 B0 57 8E 00

08
5E C8 9C 82 92 3F 4A 83 AA 8F 25 93 91 38 CC 73 00
B7 1C 98 62 DC F9 E1 FC 38 35 D3 B6 B4 82 DD E3 00

10
3B EB 99 F4 B8 E1 09 0E 4C D6 BB 33 B2 EB 6B C4 00

14
AC 10 BB 6E 52 B3 36 C2 6E E4 16 C4 8F F0 64 2E 00

15
DC 98 46 72 D2 1F 11 E4 E1 EF 05 E5 92 EE DD 3A 00

19
5B 3F FF B0 7D 7D 8E F8 27 7B CF 81 08 31 CA 7F 00

I stopped getting values because it appears to be a waste of time.

warz, im me.

[Yegg]

Can you morons please shut the fuck about that crap, this thread is about reversing the new changes.

Yes, you can download the mpq from bnftp and extract the dll and run the function, but this requires starcraft to be running for you to connect your bot and is not good enough.

It requires Starcraft to be running? This also means that you could just hook starcraft.exe as Ringo did, correct? Or did something just fly right over my head?

[rabbit]

You can't hook Starcraft until after it logs in (old NBBot style, anyone?) because the new check revision examines the memory.  If you download, extract, and run the check revision from BNFTP with Starcraft open, it will work fine.  Then you can close Starcraft.  What would be nice is to find a way to just logon without needing Starcraft open at all.

[l)ragon]

You can't hook Starcraft until after it logs in (old NBBot style, anyone?) because the new check revision examines the memory.  If you download, extract, and run the check revision from BNFTP with Starcraft open, it will work fine.  Then you can close Starcraft.  What would be nice is to find a way to just logon without needing Starcraft open at all.

Dump starcrafts memory to a file.

[warz]

C'mon guys, think about this for a minute. If you're receiving this seed value from bnet, and it's known that the exact value from bnet is passed to checkrevision without being modified, and checkrevision returns values based on this seed - doesn't it sound probable that the problem here is not the seed value? The problem lies in what checkrevision does, and certain functions it calls to check certain things - what's storm 350, anyone?

The seed value most likely only affects the returned values. For example, it probably uses this seed for certain calculations within checkrevision.

[UserLoser]

Can you morons please shut the fuck about that crap, this thread is about reversing the new changes.

Yes, you can download the mpq from bnftp and extract the dll and run the function, but this requires starcraft to be running for you to connect your bot and is not good enough.

No...Starcraft does not have to be running.  There is a way to do this.

[Ersan]

With a stock lockdown MPQ?

[l2k-Shadow]

I tried calling the lib when starcraft was running but it didn't work. returned 0 for checksum

[LordNevar]

This is a packet log from the client.

Code Select Expand


HIDDEN  HIDDEN 62  Recv 
0000  FF 50 3E 00 00 00 00 00 C3 3E B8 E3 73 74 2F 00    .P>......>..st/.
0010  00 09 EF C0 72 FC C6 01 6C 6F 63 6B 64 6F 77 6E    ....r...lockdown
0020  2D 49 58 38 36 2D 30 33 2E 6D 70 71 00 CA 55 DB    -IX86-03.mpq..U.
0030  69 B3 E5 DA 54 D7 D9 5F 5B 2C D1 E4 B1 00          i...T.._[,....


This is a packet log from a bot.

Code Select Expand


HIDDEN  HIDDEN  62  Recv 
0000  FF 50 3E 00 00 00 00 00 EF E1 1D 69 75 76 05 00    .P>........iuv..
0010  00 09 EF C0 72 FC C6 01 6C 6F 63 6B 64 6F 77 6E    ....r...lockdown
0020  2D 49 58 38 36 2D 30 33 2E 6D 70 71 00 BF E9 2D    -IX86-03.mpq...-
0030  1E CF 67 D7 49 82 18 AF 46 23 F1 B7 29 00          ..g.I...F#..).


Not sure if this is helpful to anyone, but if it is than here ya go.

[warz]

With a stock lockdown MPQ?

No, I think I've already mentioned hooking certain API calls. This checkrevision uses both unicode and ansi versions of getmodulefilename, and uses getmodulehandle.

[Ersan]

You can logon using PMAC, in case anyone doesn't know...  This is the 'super secret solution' everyone is going on about.  This is also how SBFix.exe works.  You need mac hashes though, good luck finding them.

Whether they're going to patch pmac or not, I have no idea.  I don't think they're having big problems with cheaters on mac.

[Newby]

You can logon using PMAC, in case anyone doesn't know...  This is the 'super secret solution' everyone is going on about.  This is also how SBFix.exe works.  You need mac hashes though, good luck finding them.

Whether they're going to patch pmac or not, I have no idea.  I don't think they're having big problems with cheaters on mac.

Yeah. I'm not surprised that all the "1337" bot building kiddies couldn't figure it out and decided to change the login to "PMAC"... nobody posted an open source solution yet!

Problem, Ersan: When they realize that the number of PMAC clients outnumber their X86 clients, they'll catch on and patch it!

[NetNX]

You can logon using PMAC, in case anyone doesn't know...  This is the 'super secret solution' everyone is going on about.  This is also how SBFix.exe works.  You need mac hashes though, good luck finding them.

Whether they're going to patch pmac or not, I have no idea.  I don't think they're having big problems with cheaters on mac.

Yeah. I'm not surprised that all the "1337" bot building kiddies couldn't figure it out and decided to change the login to "PMAC"... nobody posted an open source solution yet!

Problem, Ersan: When they realize that the number of PMAC clients outnumber their X86 clients, they'll catch on and patch it!

O_o why not XMAC?

[Ersan]

Because I'd assume osx-x86 addresses memory in the same fashion that windows does so it'll be easier for them to patch.