• Welcome to Valhalla Legends Archive.
 

New Auth System on battle.net?

Started by ThePro, November 12, 2006, 03:26 PM

Previous topic - Next topic

Logitech

Can I just check, you send 0x1A after you receive 0x50, right?

UserLoser

Quote from: Logitech on November 13, 2006, 01:49 AM
Can I just check, you send 0x1A after you receive 0x50, right?

You can send it whenever you like ;)

Sending it after that is the ideal time to send it...so yes.

Jaquio

Quote from: l2k-Shadow on November 12, 2006, 11:58 PM
BNLS_VERSIONCHECKEX2 requires
(STRING) Version check archive filename.


Battle.net->Client 0x50
                         ff 50 3e 00 00 00 00 00 20 48  ...K...P>..... H
0040   8c 78 f2 dd 28 00 00 90 82 c4 72 fc c6 01 6c 6f  .x..(.....r...lo
0050   63 6b 64 6f 77 6e 2d 49 58 38 36 2d 30 34 2e 6d  ckdown-IX86-04.m
0060   70 71 00 2f 20 52 8b b5 28 2f 7b 5b 21 4f 35 da  pq./ R..(/{[!O5.
0070   e0 0a 1f 00                                      ....

Client->BNLS 0x1A

                         3d 00 1a 02 00 00 00 00 00 00  ......=.........
0040   00 00 00 00 00 00 90 82 c4 72 fc c6 01 6c 6f 63  .........r...loc
0050   6b 64 6f 77 6e 2d 49 58 38 36 2d 30 34 2e 6d 70  kdown-IX86-04.mp
0060   71 00 2f 20 52 8b b5 28 2f 7b 5b 21 4f 35 da e0  q./ R..(/{[!O5..
0070   0a 1f 00                                         ...


Ohh, ok I didn't see that thought you still had to send the xx values(lockdown-IX86-xx.mpq). But it still didn't work, here is a full log(BNLS_CDKey removed).


[BNLS] Connecting...
[BNLS] BNLS Server bnls.valhallalegends.com Connected on port 9367!
[BNLS] Sent:
07 00 10 02 00 00 00                            .......
Length: 7


[BNLS] Getting verbyte...
[BNLS] Received:
0b 00 10 02 00 00 00 cf 00 00 00                ...........
Length: 11


[BNLS] Using verbyte:0xcf
[BNET] Connecting...
[BNET] BNET Server useast.battle.net Connected on port 6112!
[BNET] Sent:
ff 50 3a 00 00 00 00 00 36 38 58 49 50 58 45 53 .P:.....68XIPXES
cf 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 55 53 41 00 55 6e 69 74 ........USA.Unit
65 64 20 53 74 61 74 65 73 00                    ed States.
Length: 58


[BNET] Requesting authorization..
[BNET] Received:
ff 25 08 00 ea 4a 03 10                          .%...J..
Length: 8


[BNET] Received:
ff 50 3e 00 00 00 00 00 0f 26 63 c4 32 02 43 00 .P>......&c.2.C.
00 09 ef c0 72 fc c6 01 6c 6f 63 6b 64 6f 77 6e ....r...lockdown
2d 49 58 38 36 2d 30 33 2e 6d 70 71 00 29 e8 27 -IX86-03.mpq.).'
3f b5 0a 9c 15 dd 94 76 70 25 f6 ce ea 00        ?......vp%....
Length: 62


[BNET] Sent:
ff 25 08 00 ea 4a 03 10                          .%...J..
Length: 8


[BNLS] Sent:
3f 00 1a 02 00 00 00 00 00 00 00 06 b9 b5 50 00 ?.............P.
09 ef c0 72 fc c6 01 6c 6f 63 6b 64 6f 77 6e 2d ...r...lockdown-
49 58 38 36 2d 30 33 2e 6d 70 71 00 00 29 e8 27 IX86-03.mpq..).'
3f b5 0a 9c 15 dd 94 76 70 25 f6 ce ea 00 00    ?......vp%.....
Length: 63


[BNLS] Performing CheckRevision...
[BNLS] Received:
28 00 1a 01 00 00 00 01 00 0e 01 ab 05 b4 13 81 (...............
ac 39 92 2d 9c 68 a6 c4 66 e1 04 df a3 93 76 00 .9.-.h..f.....v.
06 b9 b5 50 cf 00 00 00                          ...P....
Length: 40


[BNET] Sent:
ff 51 59 00 06 b9 b5 50 01 00 0e 01 ab 05 b4 13 .QY....P........
01 00 00 00 00 00 00 00 0d 00 00 00 01 00 00 00 ................
81 92 10 00 00 00 00 00 3e ff 69 24 86 ed 26 bc ........>.i$..&.
f7 3c 2e c2 e3 1f 46 5d d0 e2 43 d6 81 ac 39 92 .<....F]..C...9.
2d 9c 68 a6 c4 66 e1 04 df a3 93 76 00 50 48 50 -.h..f.....v.PHP
42 6f 74 20 76 31 2e 30 00                      Bot v1.0.
Length: 89


[BNET] Attempting to answer challenge..
[BNET] Received:
ff 51 09 00 01 01 00 00 00                      .Q.......
Length: 9


[BNET] Invalid version.


Any idea what could be wrong?

Ringo

#18
Quote from: Jaquio on November 13, 2006, 03:10 AM
[BNLS] Sent:
3f 00 1a 02 00 00 00 00 00 00 00 06 b9 b5 50 00    ?.............P.
09 ef c0 72 fc c6 01 6c 6f 63 6b 64 6f 77 6e 2d    ...r...lockdown-
49 58 38 36 2d 30 33 2e 6d 70 71 00 00 29 e8 27    IX86-03.mpq..).'
3f b5 0a 9c 15 dd 94 76 70 25 f6 ce ea 00 00       ?......vp%.....
The problems right there I think, your nullstrings are double null'ed :)

[EDIT]: Shouldnt BNLS rejected an over sized request like that?  ::)

UserLoser

Quote from: Ringo on November 13, 2006, 03:18 AM
Quote from: Jaquio on November 13, 2006, 03:10 AM
[BNLS] Sent:
3f 00 1a 02 00 00 00 00 00 00 00 06 b9 b5 50 00    ?.............P.
09 ef c0 72 fc c6 01 6c 6f 63 6b 64 6f 77 6e 2d    ...r...lockdown-
49 58 38 36 2d 30 33 2e 6d 70 71 00 00 29 e8 27    IX86-03.mpq..).'
3f b5 0a 9c 15 dd 94 76 70 25 f6 ce ea 00 00       ?......vp%.....
The problems right there I think, your nullstrings are double null'ed :)

[EDIT]: Shouldnt BNLS rejected an over sized request like that?  ::)

I suppose if they designed the server to be strict like say, Battle.net, then sure, but I think their intention is to be user friendly and not worry about extra moot :)

Jaquio

#20
Quote from: Ringo on November 13, 2006, 03:18 AM
Quote from: Jaquio on November 13, 2006, 03:10 AM
[BNLS] Sent:
3f 00 1a 02 00 00 00 00 00 00 00 06 b9 b5 50 00    ?.............P.
09 ef c0 72 fc c6 01 6c 6f 63 6b 64 6f 77 6e 2d    ...r...lockdown-
49 58 38 36 2d 30 33 2e 6d 70 71 00 00 29 e8 27    IX86-03.mpq..).'
3f b5 0a 9c 15 dd 94 76 70 25 f6 ce ea 00 00       ?......vp%.....
The problems right there I think, your nullstrings are double null'ed :)

[EDIT]: Shouldnt BNLS rejected an over sized request like that?  ::)

Only the ones at the end? If so, I just fixed that and now it is returning 0x203(Wrong product) any idea why on that one? Also is the ValueString always 16 bytes?

I kept refreshing the page and got cd-key hashing failed... Why different returns? Must be doing something wrong?

Ringo

#21
Quote from: Jaquio on November 13, 2006, 03:37 AM
Quote from: Ringo on November 13, 2006, 03:18 AM
Quote from: Jaquio on November 13, 2006, 03:10 AM
[BNLS] Sent:
3f 00 1a 02 00 00 00 00 00 00 00 06 b9 b5 50 00    ?.............P.
09 ef c0 72 fc c6 01 6c 6f 63 6b 64 6f 77 6e 2d    ...r...lockdown-
49 58 38 36 2d 30 33 2e 6d 70 71 00 00 29 e8 27    IX86-03.mpq..).'
3f b5 0a 9c 15 dd 94 76 70 25 f6 ce ea 00 00       ?......vp%.....
The problems right there I think, your nullstrings are double null'ed :)

[EDIT]: Shouldnt BNLS rejected an over sized request like that?  ::)

Only the ones at the end? If so, I just fixed that and now it is returning 0x203(Wrong product) any idea why on that one? Also is the ValueString always 16 bytes?

I kept refreshing the page and got cd-key hashing failed... Why different returns? Must be doing something wrong?


Well, on BNLS, it says:

(DWORD) Product ID.*
(DWORD) Flags.**
(DWORD) Cookie.
(ULONGLONG) Timestamp for version check archive.
(STRING) Version check archive filename.
(STRING) Checksum formula.

And when we compare it with your packet log:

3f 00 1a 02 00 00 00 00 00 00 00 06 b9 b5 50 00 ?.............P.
09 ef c0 72 fc c6 01 6c 6f 63 6b 64 6f 77 6e 2d ...r...lockdown-
49 58 38 36 2d 30 33 2e 6d 70 71 00 00 29 e8 27 IX86-03.mpq..).'
3f b5 0a 9c 15 dd 94 76 70 25 f6 ce ea 00 00    ?......vp%.....

You can see that BNLS wasnt reading/useing your supplyed version check string:

(DWORD) 02 00 00 00       ....
(DWORD) 00 00 00 00       ....
(DWORD) 06 b9 b5 50       ...P
(ULONGLONG) 09 ef c0 72 fc c6 01      ....r...
(STRING) 6c 6f 63 6b 64 6f 77 6e 2d 49 58 38 36 2d 30 33 2e 6d 70 71 00   lockdown-IX86-03.mpq.
(STRING) 00    .

~~~ extra/over flow ~~~
(STRING) 29 e8 27 3f b5 0a 9c 15 dd 94 76 70 25 f6 ce ea 00    ).'?......vp%....
(STRING) 00      .

So just useing 1 null byte to terminate the string, rather than 2, will make it fall into place.

Aside from that, if your now getting 0x203 back in 0x51, then your passing the version check for bnet to be going onto the cdkey check :)
Now your next task would be, to try a differnt cdkey, check the cdkey is being decoded/handled/hashed correctly.




Quote from: UserLoser on November 13, 2006, 03:33 AM
I suppose if they designed the server to be strict like say, Battle.net, then sure, but I think their intention is to be user friendly and not worry about extra moot :)
I guess :P, I was a little supprised BNLS sent him a result back, when the check version string was blank.
Or maybe it did, and he's parseing the responce as success all the time :)

Jaquio

Have tried W2BN,STAR and SEXP... None work all say wrong product. So I guess I have another problem to work out...


[BNLS] Connecting...
[BNLS] BNLS Server bnls.valhallalegends.com Connected on port 9367!
[BNLS] Sent:
07 00 10 03 00 00 00                            .......
Length: 7

[BNLS] Getting verbyte...
[BNLS] Received:
0b 00 10 03 00 00 00 4f 00 00 00                .......O...
Length: 11

[BNLS] Using verbyte:0x4f
[BNET] Connecting...
[BNET] BNET Server useast.battle.net Connected on port 6112!
[BNET] Sent:
ff 50 3a 00 00 00 00 00 36 38 58 49 4e 42 32 57 .P:.....68XINB2W
4f 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 O...............
00 00 00 00 00 00 00 00 55 53 41 00 55 6e 69 74 ........USA.Unit
65 64 20 53 74 61 74 65 73 00                    ed States.
Length: 58

[BNET] Requesting authorization..
[BNET] Received:
ff 25 08 00 79 5c 6f 6a                          .%..y\oj
Length: 8

[BNET] Received:
ff 50 3e 00 00 00 00 00 15 d7 48 ca ec 21 43 00 .P>.......H..!C.
00 ea e4 c6 72 fc c6 01 6c 6f 63 6b 64 6f 77 6e ....r...lockdown
2d 49 58 38 36 2d 30 35 2e 6d 70 71 00 59 03 90 -IX86-05.mpq.Y..
e4 fb 2e e7 66 02 47 44 59 64 3e d3 86 00        ....f.GDYd>...
Length: 62

[BNET] Sent:
ff 25 08 00 79 5c 6f 6a                          .%..y\oj
Length: 8

[BNLS] Sent:
3d 00 1a 03 00 00 00 00 00 00 00 83 a0 a4 51 00 =.............Q.
ea e4 c6 72 fc c6 01 6c 6f 63 6b 64 6f 77 6e 2d ...r...lockdown-
49 58 38 36 2d 30 35 2e 6d 70 71 00 59 03 90 e4 IX86-05.mpq.Y...
fb 2e e7 66 02 47 44 59 64 3e d3 86 00          ...f.GDYd>...
Length: 61

[BNLS] Performing CheckRevision...
[BNLS] Received:
28 00 1a 01 00 00 00 00 02 00 02 b6 fa ff 22 27 (............."'
3d 31 01 e2 b3 14 2c 37 08 de 16 05 5e 62 f6 00 =1....,7....^b..
83 a0 a4 51 4f 00 00 00                          ...QO...
Length: 40

[BNET] Sent:
ff 51 59 00 83 a0 a4 51 00 02 00 02 b6 fa ff 22 .QY....Q......."
01 00 00 00 00 00 00 00 11 00 00 00 04 00 00 00 ................
f6 2c 2b 00 00 00 00 00 a7 bd 4b 86 d5 8c a5 27 .,+.......K....'
2c a6 e6 11 c9 64 96 29 2d 8a b0 0e 27 3d 31 01 ,....d.)-...'=1.
e2 b3 14 2c 37 08 de 16 05 5e 62 f6 00 50 48 50 ...,7....^b..PHP
42 6f 74 20 76 31 2e 30 00                      Bot v1.0.
Length: 89

[BNET] Attempting to answer challenge..
[BNET] Received:
ff 51 09 00 03 02 00 00 00                      .Q.......
Length: 9
[BNET] Wrong product.

Ringo

Quote from: Jaquio on November 13, 2006, 07:28 AM
Have tried W2BN,STAR and SEXP... None work all say wrong product. So I guess I have another problem to work out...

[BNET] Sent:
ff 51 59 00 83 a0 a4 51 00 02 00 02 b6 fa ff 22 .QY....Q......."
01 00 00 00 00 00 00 00 11 00 00 00 04 00 00 00 ................
......

Think how the server reads the message, from start to finish:


Stores Client token: 83 a0 a4 51
Checks EXE version vs Product+Version byte: 00 02 00 02
Checks Version Checksum:   b6 fa ff 22
Stores/Checks number of cdkeys: 01 00 00 00
Stores Spawn flag: 00 00 00 00
Then for each cdkey:
Checks cdkey lengh: 11 00 00 00
Failed. No current products have a cdkey with 17 characters

Jaquio

Heh, don't know why I am having trouble with this.. I got my VB bot working just fine, it's my PHPBot giving me problems.. I never used the keylength dword in 0x51 ever... But I added it in there and got a return of 0x101 again. Better then 0x203 I guess.. I am about to give up, because I cannot figure it out.


[BNLS] Connecting...
[BNLS] BNLS Server bnls.valhallalegends.com Connected on port 9367!
[BNLS] Sent:
07 00 10 02 00 00 00                            .......
Length: 7

[BNLS] Getting verbyte...
[BNLS] Received:
0b 00 10 02 00 00 00 cf 00 00 00                ...........
Length: 11

[BNLS] Using verbyte:0xcf
[BNET] Connecting...
[BNET] BNET Server useast.battle.net Connected on port 6112!
[BNET] Sent:
ff 50 3a 00 00 00 00 00 36 38 58 49 50 58 45 53 .P:.....68XIPXES
cf 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 55 53 41 00 55 6e 69 74 ........USA.Unit
65 64 20 53 74 61 74 65 73 00                    ed States.
Length: 58

[BNET] Requesting authorization..
[BNET] Received:
ff 25 08 00 d9 88 00 cb                          .%......
Length: 8

[BNET] Received:
ff 50 3e 00 00 00 00 00 7b 66 27 0b 5c a7 49 00 .P>.....{f'.\.I.
00 6e bc de 72 fc c6 01 6c 6f 63 6b 64 6f 77 6e .n..r...lockdown
2d 49 58 38 36 2d 31 35 2e 6d 70 71 00 9c 41 82 -IX86-15.mpq..A.
d1 77 8d fd 20 4a f1 97 d5 5c 1c 4e 29 00        .w.. J...\.N).
Length: 62

[BNET] Sent:
ff 25 08 00 d9 88 00 cb                          .%......
Length: 8

[BNET] Received authorization challenge.
[BNLS] Sent:
3d 00 1a 02 00 00 00 00 00 00 00 5c 08 e5 51 00 =..........\..Q.
6e bc de 72 fc c6 01 6c 6f 63 6b 64 6f 77 6e 2d n..r...lockdown-
49 58 38 36 2d 31 35 2e 6d 70 71 00 9c 41 82 d1 IX86-15.mpq..A..
77 8d fd 20 4a f1 97 d5 5c 1c 4e 29 00          w.. J...\.N).
Length: 61

[BNLS] Performing CheckRevision...
[BNLS] Received:
28 00 1a 01 00 00 00 01 00 0e 01 dc 46 63 b8 30 (...........Fc.0
d7 7d db b6 68 60 2a 8a 19 ea d8 d3 f9 3e 91 00 .}..h`*......>..
5c 08 e5 51 cf 00 00 00                          \..Q....
Length: 40

[BNET] Sent:
ff 51 61 00 5c 08 e5 51 01 00 0e 01 dc 46 63 b8 .Qa.\..Q.....Fc.
01 00 00 00 00 00 00 00 0d 00 00 00 00 00 00 00 ................
0e 00 00 00 01 00 00 00 81 92 10 00 00 00 00 00 ................
55 ee 61 73 a6 2b b9 aa db bf 57 92 72 4a c9 41 U.as.+....W.rJ.A
89 d8 ba 94 30 d7 7d db b6 68 60 2a 8a 19 ea d8 ....0.}..h`*....
d3 f9 3e 91 00 50 48 50 42 6f 74 20 76 31 2e 30 ..>..PHPBot v1.0
00                                              .
Length: 97

[BNET] Attempting to answer challenge..
[BNET] Received:
ff 51 09 00 01 01 00 00 00                      .Q.......
Length: 9

[BNET] Invalid version.

Ringo

#25
Quote from: Jaquio on November 13, 2006, 08:49 AM
Heh, don't know why I am having trouble with this.. I got my VB bot working just fine, it's my PHPBot giving me problems.. I never used the keylength dword in 0x51 ever... But I added it in there and got a return of 0x101 again. Better then 0x203 I guess.. I am about to give up, because I cannot figure it out.

[BNET] Sent:
ff 51 61 00 5c 08 e5 51 01 00 0e 01 dc 46 63 b8 .Qa.\..Q.....Fc.
01 00 00 00 00 00 00 00 0d 00 00 00 00 00 00 00 ................
0e 00 00 00 01 00 00 00 81 92 10 00 00 00 00 00 ................
55 ee 61 73 a6 2b b9 aa db bf 57 92 72 4a c9 41 U.as.+....W.rJ.A
89 d8 ba 94 30 d7 7d db b6 68 60 2a 8a 19 ea d8 ....0.}..h`*....
d3 f9 3e 91 00 50 48 50 42 6f 74 20 76 31 2e 30 ..>..PHPBot v1.0
00                                              .

Whats that bit extra?  :P


ff 51 61 00 5c 08 e5 51 01 00 0e 01 dc 46 63 b8 .Qa.\..Q.....Fc.
01 00 00 00 00 00 00 00 0d 00 00 00 ?? ?? ?? ?? ................
?? ?? ?? ?? 01 00 00 00 81 92 10 00 00 00 00 00 ................
55 ee 61 73 a6 2b b9 aa db bf 57 92 72 4a c9 41 U.as.+....W.rJ.A
89 d8 ba 94 30 d7 7d db b6 68 60 2a 8a 19 ea d8 ....0.}..h`*....
d3 f9 3e 91 00 50 48 50 42 6f 74 20 76 31 2e 30 ..>..PHPBot v1.0
00                                              .

Jaquio

Heh, it was that 'unknown(0)' tid-bit. Not sure why it was there, I removed it but still 0x101..


    BNLS_CDKey($CDKey, $ServerKey);
    BNLS_VersionCheckEx2($Product, 0, $IX86FileTime, $IX86Filename, $CheckRevStr);
    insert_int32($ClientKey);
    insert_int32($VerHash);
    insert_int32($CheckSum);
    insert_int32(1); //Number of CD-Keys(1 for non-expansion games, 2 for expansion games)
    insert_int32(0); //Using Spawn(0 - no, 1 - yes)
    insert_int32(strlen($CDKey)); //CD-Key Length
    insert_void($KeyHash); //CD-Key Hash
    insert_string($EXEInfo); //EXE Info
    insert_string("PHPBot v1.0"); //CD-Key Owner
    BNCS_Send(0x51);


My 0x51, lol pretty shitty I know... But oh well. Just want it to work! Lol

Skywing

#27
Assuming you are getting your CD-key data from BNLS, the blob that BNLS sends back to you should include the length of the CD-key, and you should not be sending that to Battle.net in addition to another field including the CD-key length.

The BNLS protocol specification includes details on where the blobs sent back by BNLS should be used when communicating with Battle.net.  It should be your first choice when troubleshooting problems like this.

ThePro

#28
I have the same Problem, I always get an invalid version error.
What do I have to send to bnet Server on 0x51 now?

BnetDocs say:
(DWORD)       Client Token (Generates BNLS in BNLS_CDKEY)
(DWORD)       EXE Version (Generates BNLS in BNLS_VERSIONCHECKEX2)
(DWORD)       EXE Hash (Generates BNLS in BNLS_VERSIONCHECKEX2)
(DWORD)       Number of keys in this packet (1)
(BOOLEAN)    Using Spawn (0)
(DWORD)       Key Length (13)
(DWORD)       CD key's product value (1 = Starcraft)
(DWORD)       CD key's public value (How can I calculate this? I copy and pasted it of my packet sniffer)
(DWORD)       Unknown (0)
(DWORD[5])    Hashed Key Data (Generates BNLS but BNLS Spec says DWORD[9] instead DWORD[5]!!?? I noticed, that blizzard removed the exe String)

(STRING)     Exe Information (seems to be removed)
(STRING)     CD Key owner name (ThePro)

1.) Do I just have to copy the result of BNLS_CDKEY (DWORD HashedKeyData[9]) into SID_AUTH_CHECK and send it to bnet?
2.) Where do I have to use the VersionCheckStatstring returned by BNLS_VERSIONCHECKEX2?

Skywing

#29
The four cleartext and five digest ulong values are all included in the blob returned from BNLS, which contains all the CD-key related data you need to send to Battle.net.  You should not duplicate any of this information in your SID_AUTHCHECK request; simply include the CD-key blob "as-is" with your SID_AUTHCHECK request.  The only CD-key related data that you must supply are the count of CD-key blobs and the spawn/retail flag.

"Exe Information" and "VersionCheckStatstring" are synonomous in this particular context.  "Exe Information" is the string value returned by BNLS_VERSIONCHECKEX2.

|