• Welcome to Valhalla Legends Archive.
 

Clearing some things up...?

Started by GoaL, February 01, 2007, 01:49 AM

Previous topic - Next topic

GoaL

Well, I try to keep my self updated with the current ideas and solutions to Blizzards constant battle against us rogue programmers, that continue to play tit for tat with them. However the recent solutions confuse me, to my knowledge there is only 3 solutions:

BNLS (Obvious)
A Connection Caching Databae (Which to my knowledge was fooled, but the way I understood it, they only added a few thousand more values, is that true or is this been completely patched out)
"warz"'s fix (Calling the data right out of the files themselves with some API calls, but I was told this was a theroy not a reality..)

I'm just looking for some clarification on what all is going on. I've been learning C#, and am awaiting MyndFyre's additon of BNLS to MBNCSUtil, however if there is a non-bnls solution, I would like to incorporate it into my projects. Thanks for anything you can tell me.

MysT_DooM

the database still works fine. 

also i dont think warz fully reversed lockdown. you can check his website, i still think it has his research on it.


vb6, something about that combination of numbers and letters is sexy

Smarter

Ok, my name is fixed now (Goal Here), which database is the most complete? Also, I only see usage sources out in VB... Porting isn't my special, lol.
Since '99

BrutalNet.Net

l2k-Shadow

all you have to do is see how the file is arranged.. then you can write your own buffer for processing queries.
Quote from: replaced on November 04, 2006, 11:54 AM
I dunno wat it means, someone tell me whats ix86 and pmac?
Can someone send me a working bot source (with bnls support) to my email?  Then help me copy and paste it to my bot? ;D
Já jsem byl určenej abych tady žil,
Dával si ovar, křen a k tomu pivo pil.
Tam by ses povídaj jak prase v žitě měl,
Já nechci před nikym sednout si na prdel.

Já nejsem z USA, já nejsem z USA, já vážně nejsem z USA... a snad se proto na mě nezloběj.

Ante

Quote from: GoaL on February 01, 2007, 01:49 AM

A Connection Caching Databae (Which to my knowledge was fooled, but the way I understood it, they only added a few thousand more values, is that true or is this been completely patched out)

it's been completely patched out. a friend of mine tested (on the 19th or something of january) all of the 1998 values that were logged by me (on the 6th to 9th of january) and converted to better form by hdx (on around the 14th).
of several thousand connection attempts, none were in the database of 1998 checkrevisions. this was done without the use of bnls.
this shows that bnet either switched the values to anotehr 2000, or made it fully random
Efficiency is the Key to Productivity, and
Productivity is the Key to Success.

MysT_DooM

no it hasnt been completely patched out.
Clicky


vb6, something about that combination of numbers and letters is sexy

Ante

#6
hm...if it works, does anyone have at least 50% of the checkrevisons?

unless connections are done en masse, logging them would be way too slow...
Efficiency is the Key to Productivity, and
Productivity is the Key to Success.

MysT_DooM

Quote from: Ante on February 03, 2007, 02:29 PM
hm...if it works, does anyone have at least 50% of the checkrevisons?

yes people do


vb6, something about that combination of numbers and letters is sexy

Ante

if someone has it, could they post a link?
Efficiency is the Key to Productivity, and
Productivity is the Key to Success.

MysT_DooM

Quote from: Ante on February 03, 2007, 02:36 PM
if someone has it, could they post a link?

No, they shud keep it to themselves


vb6, something about that combination of numbers and letters is sexy

Hell-Lord


brew

#11
hey guys, i'm back ;]
and no, topaz im not deleting my account again sorry

Okay, we know even if we do "collect" all the possible checksums we need, blizzard is just one click away from screwing it up on us again. This is a very, bad temporary solution seeing how they added a much larger amount of possible checksum "formulas". This was obviously directed torwards bots, because it was patched literally 2 days after all these checkrevision database .dlls or .ocxes started popping up. It seems the only (semi) permanent solution for the lockdown mpqs is to acually solve it. I just came up with this idea, a little while ago. Probably someone more experienced in reverse engineering can get the specifics.... But, the checkrevision is a function. And some value must be passed to it, such as a hash of the memory. This memory hash MUST be the exact same for every call of the checkrevision function (must be confirmed because of blizzard's new required work mpqs) since the bits of memory taken in account for are the same for every patch, and this value is passed to the mpq specific function which is then hashed with the checksum formula and then creates a viable value for the checksum, which blizzard's server calculates then compares your reported checksum with it's value. If it is the same, you pass. Different, you phail. So what I'm basically trying to say, is that someone with much experience with reverse engineering should be able to pull a value out, namely the one being passed to checkrevision then use the mpq's formula to calculate it then send to bnet. Correct me if I'm wrong with any of this.

Also please note, this ever growing collection of the checkrevision data is what Ante previously referred to as "brute forcing" the checkrevision, and had received bad publicity from vL-types in the past. I have no clue why you people are supporting it in lieu of a permanent and certainly more intelligable solution.
<3 Zorm
Quote[01:08:05 AM] <@Zorm> haha, me get pussy? don't kid yourself quik
Scio te esse, sed quid sumne? :P

Barabajagal

Two problems:
1) the checksum hash is derived from memory values of (publicly) unknown size. if you do reverse the function and find out what memory it reads and hashes, that memory will have to be stored, and changed whenever a new update for a client comes out (similar to hash files of old).
2) once we reverse it, blizzard's just gonna release lockdown 2.0, or something worse. If they ever enforce perfect emulation in all forms, most all the bots are gonna be screwed, since most people don't even call SID_CHECKAD.

brew

1). I ment to also state this, but forgot. Yes, I know it would need to be re-fixed every patch, but that's what we had to do with what we called hash files in the past also, except this is "different" in some ways. In time, we will be able to find an easier way to retrieve this value. And yes, it may be varible length but don't forget some debuggers have advanced options to find values such as that. For now, I'm assuming it is 32 bits.
2). If Blizzard does enforce complete emulation, it wouldn't matter. All bots would have to evolve, along with the rest of Battle.net itself. And please, don't forget they hound these forums like dogs and you certainly don't want to give blizzard any new ideas, do you :]

My point is, we can't use BNLS for everything. Skywing should indeed release his way of formulating the checksum. There is no harm in it. And as for "massload" bots, they have been getting around fine using BNLS so far. Releasing the solution won't effect much but make bot development as a whole much easier.
<3 Zorm
Quote[01:08:05 AM] <@Zorm> haha, me get pussy? don't kid yourself quik
Scio te esse, sed quid sumne? :P

Barabajagal

You can get the values yourself by running the game and spoofing the server. I've done so many times. It's how I get values for my online cache database for games that BNLS doesn't support. I don't know how Skywing does BNLS, but he could be doing the same thing using VMWare or something of the sort, or spoofing the games some other way without having the actual function.
Also, I highly doubt blizzard hasn't thought of almost any new ideas we have regarding their system. They just wait for us to catch up to them so they can push our faces in the mud and run ahead again.

NP topaz.