Quick Question: BNLS_HASHDATA (0x0B)

Don Cullen · February 14, 2007, 03:56 PM

Private Sub BNLS_HASHDATA() '0x0B
    DataLen = Len(m_Password) + 1
    With PacketBuf
        .Clear
        .InsertDWORD DataLen
        .InsertDWORD &H2
        .InsertNTString m_Password
        .InsertDWORD ClientToken
        .InsertDWORD ServerToken
        .SendBNLSPacket sckBNLS, &HB    'Send 0x0B packet
        .Clear
    End With
    RaiseEvent DebugOutput("0x0B BNLS_HASHDATA packet sent.")
End Sub

The password is a typical string variable containing the password in plain text. Nothing special has been done to it, ie: lowercase, etc, etc. Does the packet look about right? Or am I going about it in the wrong way?

UserLoser · February 14, 2007, 04:00 PM

That is incorrect, you don't hash the null terminator at the end of your password

Don Cullen · February 14, 2007, 04:08 PM

Code Select

Private Sub BNLS_HASHDATA() '0x0B
    DataLen = Len(m_Password)
    With PacketBuf
        .Clear
        .InsertDWORD DataLen
        .InsertDWORD &H2
        .InsertNTString lcase(m_Password)
        .InsertDWORD ClientToken
        .InsertDWORD ServerToken
        .SendBNLSPacket sckBNLS, &HB    'Send 0x0B packet
        .Clear
    End With
    RaiseEvent DebugOutput("0x0B BNLS_HASHDATA packet sent.")
End Sub

Took out the +1. thought the len would include the NT. I was reading the 0x29 C->S packet doc at BNETDocs, and found out that passwords are supposed to be converted to lowercase prior to hashing. So I added lcase.

So otherwise, it looks fine?

UserLoser · February 14, 2007, 04:11 PM

They don't have to be converted to lowercase. The only reason it states that is because the official Blizzard clients convert your password to lowercase prior to hashing it.

Don Cullen · February 14, 2007, 04:13 PM

so it'll return the same data regardless of case? in other words, bnls_hashdata is case-insensitive?

UserLoser · February 14, 2007, 04:32 PM

Quote from: Kyro on February 14, 2007, 04:13 PM
so it'll return the same data regardless of case? in other words, bnls_hashdata is case-insensitive?

BNLS doesn't care what the case is. Just the official Blizzard client puts your password to lower case. You can have BNLS hash anything, not only account passwords for Battle.net.

Don Cullen · February 14, 2007, 05:17 PM

I'm having problems....

Look:

QuoteReady.
Username set.
Password set.
GameCode set to SEXP.
CDKey set.
Connecting to BNLS...
Connected to BNLS.
Connected to BNET.
0x01 SID_EmuByte sent.
0x50 SID_AUTH_INFO packet sent.
Received Packet: 0x25 (SID_PING)
0x25 SID_PING packet sent.
Received 0x25 from BNET. 0x25 transmitted back to BNET.
Received Packet: 0x50 (SID_AUTH_INFO)
0x01 BNLS_CDKEY packet sent.
Receiving incoming data...
Parsing BNLS packet...
Received Packet: 0x1 (BNLS_CDKEY)
0x1A BNLS_VERSIONCHECKEX2 packet sent.
Receiving incoming data...
Parsing BNLS packet...
Received Packet: 0x1A (BNLS_VERSIONCHECKEX2)
0x51 SID_AUTH_CHECK packet sent.
Received Packet: 0x51 (SID_AUTH_CHECK)
0x51 Response: Authenication information accepted.
0x0B BNLS_HASHDATA packet sent.
Received Packet: 0x4C (SID_REQUIREDWORK)
0x4C (SID_REQUIREDWORK) disregarded.
BNLS connection closed.
BNLS connection aborted by server!
Received Packet: 0x0 (SID_NULL)
0x00 SID_NULL packet sent.
Received 0x00 from BNET. 0x00 transmitted back to BNET.
Sockets closed.
Disconnected. (User Action)

This is my 0x0B code:

Code Select

Private Sub BNLS_HASHDATA() '0x0B
    Dim DataLen As Long
    DataLen = Len(m_Password)
    With PacketBuf
        .Clear
        .InsertDWORD DataLen
        .InsertDWORD &H2
        .InsertNTString LCase(m_Password)
        .InsertDWORD ClientToken
        .InsertDWORD ServerToken
        .SendBNLSPacket sckBNLS, &HB    'Send 0x0B packet
        .Clear
    End With
    RaiseEvent DebugOutput("0x0B BNLS_HASHDATA packet sent.")
End Sub

Right after it's sent, BNLS disconnects me. So I presume I must be doing something wrong...

BNLS 0x0B C->S info:

QuoteOptional:
(DWORD) Client Key (Double Hash only)
(DWORD) Server Key (Double Hash only)

The client key data is obtained from:

S->C 0x01 BNLS_CDKEY

Quote(DWORD) Client Token

And the server key data is obtained from:

S->C 0x50 SID_AUTH_INFO

Quote(DWORD) Server Token

Does all of that seem correct?

Barabajagal · February 14, 2007, 05:22 PM

ClientToken is just a value you set once and use for the rest of the connection... usually a GetTickCount you set when you first start to connect. Where are you getting it from?

Don Cullen · February 14, 2007, 05:25 PM

The client key data is being obtained from

S->C 0x01 BNLS_CDKEY

Quote(DWORD) Client Token

Hdx · February 14, 2007, 06:23 PM

Code Select

(VOID) Data to be hashed.
You are inserting it as a STRING you need to insert it as a VOID.
If you're using my old packet Buffer I *think* there is a InsertNonNTString and a InsertVoid depends on what ver of my buffer you're using.
~Hdx

Hdx · February 14, 2007, 06:24 PM

Quote from: Hdx on February 14, 2007, 06:23 PM
Code Select Expand
(VOID) Data to be hashed.
You are inserting it as a STRING you need to insert it as a VOID.
If you're using my old packet Buffer I *think* there is a InsertNonNTString and a InsertVoid depends on what ver of my buffer you're using.
Also, you should lowercase your password, because the game does and it will result in a invalid password result if you don't.
~Hdx

Whops hit the wrong button sorry yall.
~Hdx

Don Cullen · February 14, 2007, 07:16 PM

Nope, was using DarkMinion's packet buffer class. The debuffer class although is definitely yours. :-)

But to answer your question, no, I don't see any insertvoid sub or function at all. It was one of the first things I checked when I first started coding this packet. Would have made things easier if I had that sub.

[Edit] I tried changing it to InsertNONNTString. That pretty much solved the problem, thanks Hdx! Here's results:

QuoteReady.
Username set.
Password set.
GameCode set to SEXP.
CDKey set.
Connecting to BNLS...
Connected to BNLS.
Connected to BNET.
0x01 SID_EmuByte sent.
0x50 SID_AUTH_INFO packet sent.
Received Packet: 0x25 (SID_PING)
0x25 SID_PING packet sent.
Received 0x25 from BNET. 0x25 transmitted back to BNET.
Received Packet: 0x50 (SID_AUTH_INFO)
0x01 BNLS_CDKEY packet sent.
Receiving incoming data...
Parsing BNLS packet...
Received Packet: 0x1 (BNLS_CDKEY)
0x1A BNLS_VERSIONCHECKEX2 packet sent.
Receiving incoming data...
Parsing BNLS packet...
Received Packet: 0x1A (BNLS_VERSIONCHECKEX2)
0x51 SID_AUTH_CHECK packet sent.
Received Packet: 0x51 (SID_AUTH_CHECK)
0x51 Response: Authenication information accepted.
0x0B BNLS_HASHDATA packet sent.
Received Packet: 0x4C (SID_REQUIREDWORK)
0x4C (SID_REQUIREDWORK) disregarded.
Receiving incoming data...
Parsing BNLS packet...
Received Packet: 0xB (BNLS_HASHDATA)
0x29 SID_LOGONRESPONSE packet sent.
Received Packet: 0x29 (SID_LOGONRESPONSE)
Successfully logged on Battle.net!
Sockets closed.
Disconnected.

Hdx · February 14, 2007, 07:21 PM

Ah ok, Its exactly the same as InsertNTString except remove the & Chr(0) part at the end.
If I could figure out where my old backups of my laptop are I could post my best Buffer class for VB. But alas I cant find it.
~-~(HDX)~-~

Don Cullen · February 14, 2007, 07:25 PM

At least you have backups! When my laptop hd failed, I was offically screwed. Everything I ever had was in there -- zero backups. I had financial info, homework, artwork, games, stuff like that in there. I was so morose about it... I tried buying a drive bay with USB to see if I could hook it up to another PC and recover the data. Even with data recovery programs I downloaded off the internet, none of them could manage to interface with the data. I was sooooo depressed. No backups.... :-(

Quick Question: BNLS_HASHDATA (0x0B)

UserLoser

UserLoser

UserLoser

Barabajagal