• Welcome to Valhalla Legends Archive.
 

Diablo 1, 0x07 S->C

Started by Hdx, January 03, 2007, 10:52 PM

Previous topic - Next topic

Hdx

I've come along this during my work on creating a emu server, But anyways.
For some reason Diablo 1 Will think it failed the version check even when  it recieves success unless it recieves 255 extra bytes of random data....

21  63.241.83.107:6112  192.168.0.10:4406  264  Recv 
0000  FF 07 08 01 02 00 00 00 00 00 CF 02 F9 26 00 10    .............&..
0010  61 68 68 61 68 61 00 00 00 00 00 00 80 EB 43 00    ahhaha........C.
0020  40 57 6D 11 D8 F0 CF 02 A0 F1 CF 02 F0 78 AA 01    @Wm..........x..
0030  00 00 00 60 CA D1 1E 51 A8 F0 CF 02 AD EC 43 00    ...`...Q......C.
0040  D8 F0 CF 02 E0 87 87 0D 77 23 77 2E 63 2E 7A 00    ........w#w.c.z.
0050  72 65 65 77 69 6E 73 00 F0 25 17 03 00 00 00 60    reewins..%.....`
0060  CC F0 CF 02 14 33 44 00 E9 22 00 10 D0 F0 CF 02    .....3D.."......
0070  2A 65 72 75 00 00 00 00 68 43 C4 01 68 43 C4 01    *eru....hC..hC..
0080  FF 00 00 00 01 00 00 00 F4 F0 CF 02 F9 26 00 10    .............&..
0090  E9 22 00 10 F8 F0 CF 02 1F 23 00 10 01 00 00 00    .".......#......
00A0  F8 07 00 00 30 02 A4 01 09 00 00 00 00 00 00 00    ....0...........
00B0  AC F1 CF 02 2F 32 45 00 00 01 5F 02 00 27 00 10    ..../2E..._..'..
00C0  00 00 00 00 18 F1 CF 02 DC F1 CF 02 01 00 00 00    ................
00D0  00 E0 CE B7 B5 65 00 00 00 00 00 00 00 00 00 10    .....e..........
00E0  00 00 20 00 10 00 00 00 E4 F1 CF 02 01 00 00 00    .. .............
00F0  77 00 00 00 14 A9 E9 01 00 00 00 59 00 00 00 00    w..........Y....
0100  00 00 20 00 14 A9 E9 01                            .. .....

This is only seen in 1.09, other versions accept it correctly without the extra data...
17  127.0.0.1:6112  127.0.0.1:4332  9  Recv 
0000  FF 07 09 00 02 00 00 00 00                         .........

Has anyone attempted to look into exactly what D1 does with this data? It does not care what the data is, but this should be documented none the less....
Anyone got anything to input?
~-~(HDX)~-~

Proud host of the JBLS server www.JBLS.org.
JBLS.org Status:
JBLS/BNLS Server Status

UserLoser

Hmm old news.  This appears to be just a random memory chunk from the server.  A while back Skywing and I analyzed it somewhat and didn't find anything significant.  It's probably just some sort of internal structure used to store data.

Hdx

Ya, I remember talking about it with you a long time ago. The main thing I wanted to know, is exactly WHY does the client say it fails if it is not there? So I was hoping someone could poke a round a little and look at the actual client.
~-~(HDX)~-~

Proud host of the JBLS server www.JBLS.org.
JBLS.org Status:
JBLS/BNLS Server Status

Ringo

Remember 0x07 has 2 strings following the DWORD, not 1 :P
afaik, d1/w2 wont read past offset 0x0A for packet 0x07.


1  127.0.0.1:3668  127.0.0.1:6112  1  Recv 
0000  01                                                 .

2  127.0.0.1:3668  127.0.0.1:6112  26  Recv 
0000  FF 1E 1A 00 01 00 00 00 00 00 00 00 00 00 00 00    ................
0010  00 00 00 00 00 00 00 00 00 00                      ..........

3  127.0.0.1:6112  127.0.0.1:3668  20  Send 
0000  FF 05 14 00 00 00 00 00 00 00 00 00 00 00 00 00    ................
0010  00 00 00 00                                        ....

4  127.0.0.1:3668  127.0.0.1:6112  62  Recv 
0000  FF 12 3E 00 C0 BF AF 70 E9 2F C7 01 C0 BF AF 70    ..>....p./.....p
0010  E9 2F C7 01 00 00 00 00 09 04 00 00 09 08 00 00    ./..............
0020  09 08 00 00 45 4E 47 00 34 34 00 47 42 52 00 55    ....ENG.44.GBR.U
0030  6E 69 74 65 64 20 4B 69 6E 67 64 6F 6D 00          nited Kingdom.

5  127.0.0.1:6112  127.0.0.1:3668  12  Send 
0000  FF 1D 0C 00 01 00 00 00 02 00 00 00                ............

6  127.0.0.1:3668  127.0.0.1:6112  20  Recv 
0000  FF 06 14 00 36 38 58 49 4C 54 52 44 2A 00 00 00    ....68XILTRD*...
0010  00 00 00 00                                        ....

7  127.0.0.1:6112  127.0.0.1:3668  8  Send 
0000  FF 25 08 00 81 8E B7 0E                            .%......

8  127.0.0.1:6112  127.0.0.1:3668  50  Send 
0000  FF 06 32 00 00 9E A9 CB 72 FC C6 01 6C 6F 63 6B    ..2.....r...lock
0010  64 6F 77 6E 2D 49 58 38 36 2D 30 37 2E 6D 70 71    down-IX86-07.mpq
0020  00 05 A9 CB 95 D6 93 FC 98 2A A6 DA 99 0C A8 54    .........*.....T
0030  50 00                                              P.

9  :0  127.0.0.1:6112  12  RecvFrom 
0000  09 00 00 00 02 00 00 00 01 00 00 00                ............

10  127.0.0.1:6112  :0  8  SendTo 
0000  05 00 00 00 74 65 6E 62                            ....tenb

11  127.0.0.1:6112  :0  8  SendTo 
0000  05 00 00 00 74 65 6E 62                            ....tenb

12  :0  127.0.0.1:6112  12  RecvFrom 
0000  09 00 00 00 02 00 00 00 01 00 00 00                ............

13  127.0.0.1:6112  :0  8  SendTo 
0000  05 00 00 00 74 65 6E 62                            ....tenb

14  127.0.0.1:6112  :0  8  SendTo 
0000  05 00 00 00 74 65 6E 62                            ....tenb

15  127.0.0.1:3668  127.0.0.1:6112  8  Recv 
0000  FF 25 08 00 81 8E B7 0E                            .%......

16  :0  127.0.0.1:6112  12  RecvFrom 
0000  09 00 00 00 02 00 00 00 01 00 00 00                ............

17  127.0.0.1:6112  :0  8  SendTo 
0000  05 00 00 00 74 65 6E 62                            ....tenb

18  127.0.0.1:6112  :0  8  SendTo 
0000  05 00 00 00 74 65 6E 62                            ....tenb

19  127.0.0.1:3668  127.0.0.1:6112  41  Recv 
0000  FF 07 29 00 36 38 58 49 4C 54 52 44 2A 00 00 00    ..).68XILTRD*...
0010  01 09 00 01 B4 9A 28 27 DC A6 09 1C 7B 6E 33 E3    ......('....{n3.
0020  D9 50 BC 43 98 41 82 90 00                         .P.C.A...

20  127.0.0.1:6112  127.0.0.1:3668  10  Send 
0000  FF 07 0A 00 02 00 00 00 00 00                      ..........

21  127.0.0.1:3668  127.0.0.1:6112  4  Recv 
0000  FF 2D 04 00                                        .-..

22  127.0.0.1:3668  127.0.0.1:6112  8  Recv 
0000  FF 14 08 00 74 65 6E 62                            ....tenb

23  127.0.0.1:3668  127.0.0.1:6112  24  Recv 
0000  FF 33 18 00 1A 00 00 00 00 00 00 00 74 6F 73 5F    .3..........tos_
0010  55 53 41 2E 74 78 74 00                            USA.txt.

24  127.0.0.1:3668  127.0.0.1:6112  25  Recv 
0000  FF 33 19 00 1B 00 00 00 00 00 00 00 62 6E 73 65    .3..........bnse
0010  72 76 65 72 2E 69 6E 69 00                         rver.ini.

25  127.0.0.1:3668  127.0.0.1:6112  36  Recv 
0000  FF 29 24 00 58 AF B7 0E 02 00 00 00 17 7F E1 C7    .)$.X...........
0010  36 CF 47 CF 22 AE 20 9E E9 95 A8 AD E5 8C F7 3E    6.G.". ........>
0020  68 75 68 00                                        huh.

26  127.0.0.1:6112  127.0.0.1:3668  8  Send 
0000  FF 29 08 00 01 00 00 00                            .)......

27  127.0.0.1:3668  127.0.0.1:6112  37  Recv 
0000  FF 0A 25 00 68 75 68 00 4C 54 52 44 20 31 20 30    ..%.huh.LTRD 1 0
0010  20 30 20 33 30 20 31 30 20 32 30 20 32 35 20 31     0 30 10 20 25 1
0020  37 33 20 30 00                                     73 0.

28  127.0.0.1:3668  127.0.0.1:6112  8  Recv 
0000  FF 0B 08 00 4C 54 52 44                            ....LTRD

29  127.0.0.1:3668  127.0.0.1:6112  42  Recv 
0000  FF 0C 16 00 01 00 00 00 44 69 61 62 6C 6F 20 52    ........Diablo R
0010  65 74 61 69 6C 00 FF 15 14 00 36 38 58 49 4C 54    etail.....68XILT
0020  52 44 00 00 00 00 1A D4 9C 45                      RD.......E


Quote from: UserLoser on January 03, 2007, 11:46 PM
Hmm old news.  This appears to be just a random memory chunk from the server.  A while back Skywing and I analyzed it somewhat and didn't find anything significant.  It's probably just some sort of internal structure used to store data.
Its the send packet buffer, no?
http://forum.valhallalegends.com/index.php?topic=15674.0
I Asumed its just not been overwriten, because that extra given space is not ment to be there :P

Hdx

http://bnetdocs.valhallalegends.com/content.php?Section=m&Code=25
Seince when does it have two strings? (Documented)
And doh >.< I remembered talking with UL about it, but I didn't remember posting it.
But its still not documented anywhere... Any possible idea what that string use to be used for? What does D1 actually do with it?
~-~(HDX)~-~

Proud host of the JBLS server www.JBLS.org.
JBLS.org Status:
JBLS/BNLS Server Status

Skywing

There have been two strings since day one.

TheMinistered

If you want to know why the client fails without the data.  Do the following:  Get Diablo1 installed and run it in a debugger and/or analyze via disassembler.  Find where it handles that certain packet and under what case causes it to signal failure.

Hdx

Quote from: Skywing on January 04, 2007, 12:14 PMThere have been two strings since day one.
Then why isnt it documented?
Thats my main point I guess. As for debugging it myself, I can do that this weekend,  Right now for the most part I am out of my house useing a friends laptop, and she dosen't have IDA intalled.
~-~(HDX)~-~

Proud host of the JBLS server www.JBLS.org.
JBLS.org Status:
JBLS/BNLS Server Status

Skywing

#8
Quote from: Hdx on January 04, 2007, 06:18 PM
Quote from: Skywing on January 04, 2007, 12:14 PMThere have been two strings since day one.
Then why isnt it documented?
Thats my main point I guess. As for debugging it myself, I can do that this weekend,  Right now for the most part I am out of my house useing a friends laptop, and she dosen't have IDA intalled.
~-~(HDX)~-~

Presumably because not everyone who has done research into the Battle.net protocol has posted all of their findings on BnetDocs.  My recollection is that the second string specified an auxiliary patch file (or files - it is treated as an array that is double null terminated, I believe) that should be applied in addition to the patch file given in the first string.  This capability was never used by the server, to my knowledge (likely because bnupdate supports splitting patches into multiple sub-MPQs encapsulated by a single outer MPQ anyway).

Hdx

Humm okay, thanks for the information.
I still beleave that Bnet docs should have some sort of mention of it. So I posted a comment.
My jumpdrive got currupted somehow -.- so my BNCS server project is gone... So I'll have to restart it. Anyone know of a way to recover a USB Flash Drive?
~-~(HDX)~-~

Proud host of the JBLS server www.JBLS.org.
JBLS.org Status:
JBLS/BNLS Server Status

Zorm

Quote from: Hdx on January 05, 2007, 09:18 PM
Humm okay, thanks for the information.
I still beleave that Bnet docs should have some sort of mention of it. So I posted a comment.
My jumpdrive got currupted somehow -.- so my BNCS server project is gone... So I'll have to restart it. Anyone know of a way to recover a USB Flash Drive?
~-~(HDX)~-~

While I've never tried it you might look at http://www.cgsecurity.org/wiki/PhotoRec. Someone suggested it once on a photography forum, figured it might be of interest to you if you haven't solved the problem already.
"Now, gentlemen, let us do something today which the world make talk of hereafter."
- Admiral Lord Collingwood

Hdx

I jsut snagged a few mins with ghost at school.
Ive been able to snag ~75% of the data. So its all good, I'm still trying to get everything working. (It works, jsut need to re-work my user management, right now it is extramly gay [allow for multiple logins w/o chaning name, dosen't remove user when they disconnect, etc])
~-~(HDX)~-~

Proud host of the JBLS server www.JBLS.org.
JBLS.org Status:
JBLS/BNLS Server Status

Zorm

Ah thats cool, atleast you were able to recover some of it.
"Now, gentlemen, let us do something today which the world make talk of hereafter."
- Admiral Lord Collingwood

ShaDoWDeM

just wanted to share this, i thought it was kinda wierd/funny that it replied cool


FF 25 08 00 3B FB 27 C7  FF 25 08 00 00 00 00 00   .%..;.'. .%......
FF 07 29 00 36 38 58 49  4C 54 52 44 2A 00 00 00   ..).68XI LTRD*...
01 00 09 01 C6 3F 13 37  ED 0D 12 66 07 58 E2 7C   .....?.7 ...f.X.|
49 B0 BE A4 87 F0 21 62  00                        I.....!b .

[1/21/2007 2:39:13 PM:739]
FF 07 08 01 02 00 00 00  00 00 00 00 00 00 00 00   ........ ........
63 6F 6F 6C 00 00 00 00  00 00 00 00 00 00 00 00   cool.... ........
00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00   ........ ........
00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00   ........ ........
00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00   ........ ........
00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00   ........ ........
00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00   ........ ........
00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00   ........ ........
00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00   ........ ........
00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00   ........ ........
00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00   ........ ........
00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00   ........ ........
00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00   ........ ........
00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00   ........ ........
00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00   ........ ........
00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00   ........ ........
00 00 00 00 00 00 00 00                            ........