Help 0x51 SID_AUTH_CHECK

[iNsaNe]

I have searched other topics on 0x51 but I can't get my head around it. I have added MBNCSUtil and I have read http://forum.valhallalegends.com/index.php?topic=15325.0, but I decided not to add anything because that topic was started in July of last year. This is what I have:

Code Select Expand

    Public Sub SEND_SIDAUTHCHECK()

        'C -> S 0x51 (SID_AUTH_CHECK)

        AddChat(Color.Yellow, "-> Sending 0x51...")

        If strProduct = "Warcraft III RoC" Then

            '                                (DWORD)         Client Token
            '                                (DWORD) EXE Version
            '                                (DWORD) EXE Hash
            InsertDWORD(&H1)                '(DWORD) Number of keys in this packet
            InsertDWORD(&H0)                '(BOOLEAN)      Using Spawn (32-bit)
            '
            'For Each Key:
            InsertDWORD(Len(strCDKey))      '(DWORD) Key Length
            '                                (DWORD) CD key's product value
            '                                (DWORD) CD key's public value
            InsertDWORD(&H0)                '(DWORD) Unknown (0)
            '                                (DWORD[5])      Hashed Key Data
            '
            '                                (STRING)      Exe Information
            InsertNonNTString(strUsername)  '(STRING)      CD Key owner name

            SendPacket(&H51)

        End If

    End Sub

Btw, I have already attempted the code in that forum and it didn't work.

[brew]

Well ofcourse it wouldn't work, you're missing half the information of the packet. You might want to add:
The client token.
The EXEVersion.
The Checksum.
Private & Public value of cdkey
CDkey hash.
EXEInfo

Maybe if you add those it might work
All those, minus the client token, requires MBNCSUtil to retrieve values for.
I'm unfamiliar with MBNCSUtil, but for the values in 0x51, it would be something like this (the code is all in vb6):

EDIT***** Oops, heh I didn't read your post too well and I didnt realize you were talking about the code in that link. Anymore, battle.net requires a valid value for the EXEInfo string. (which fapiko's bot doesn't give) among other things.

Code Select Expand


EXEVersion = getExeInfo(App.Path & File(0), EXEInfo) 'For the exeversion and exeinfo....

Also you can use this to get the checksum value which is passed by refrence..

If Not checkRevision(ChecksumFormula, App.Path & File(0), App.Path & File(1), App.Path & File(2), mpqNumber, Checksum) Then
            AddChat vbRed, "Missing " & Client & " hashes."
            Disconnect
        Exit Sub
End If

Same with the private value, public value, and keyhash:

    If kd_quick(CDKey, ClientToken, ServerToken, PublicValue, ProductValue, Keyhash, 20) = 0 Then
        AddChat vbRed, "Invalid hashed CDKey."
        Disconnect
        Exit Sub
    End If


Public Declare Function checkRevision_Raw Lib "bncsutil.dll" Alias "checkRevisionFlat" (ByVal ValueString
As String, ByVal File1 As String, ByVal File2 As String, ByVal file3 As String, ByVal mpqNumber As Long,
ByRef Checksum As Long) As Long
Public Declare Function getExeInfo_Raw Lib "bncsutil.dll" Alias "getExeInfo" (ByVal Filename As String,
ByVal exeInfoString As String, ByVal infoBufferSize As Long, Version As Long, ByVal Platform As Long) As
Long

Public Function getExeInfo(EXEFile As String, InfoString As String, Optional ByVal Platform As Long = 1) As Long
Dim Version As Long, InfoSize As Long, Result As Long
Dim i&
  InfoSize = 256
  InfoString = String$(256, vbNullChar)
  Result = getExeInfo_Raw(EXEFile, InfoString, InfoSize, Version, Platform)
  If Result = 0 Then
    getExeInfo = 0
    Exit Function
  End If
  While Result > InfoSize
    If InfoSize > 1024 Then
      getExeInfo = 0
      Exit Function
    End If
    InfoSize = InfoSize + 256
    InfoString = String$(InfoSize, vbNullChar)
    Result = getExeInfo_Raw(EXEFile, InfoString, InfoSize, Version, Platform)
  Wend
  getExeInfo = Version
  i = InStr(InfoString, vbNullChar)
  If i = 0 Then Exit Function
  InfoString = Left$(InfoString, i - 1)
End Function

Public Function checkRevision(ValueString As String, File1 As String, File2 As String, file3 As String,
mpqNumber As Long, Checksum As Long) As Boolean
  checkRevision = (checkRevision_Raw(ValueString, File1, File2, file3, mpqNumber, Checksum) > 0)
End Function


[Edit: broke up some long lines.]

[iNsaNe]

edit: nvm, lemme go mess around a bit more.

For Warcraft III would the files be game.dll, storm.dll, and war3.exe?

[Sorc.Polgara]

Next time post all of your code.  It's really hard go by just the code you've given and make assumptions as to exactly what code from the link you've incorporated.

[iNsaNe]

Can someone explain to me what the HashCommand and ServerToken are?

[Sorc.Polgara]

In the case of that person's code, it's the value string which the server sends you in 0x50.

Calculates the revision check for the specified files.

public static int DoCheckRevision(
   string valueString,
   string[] files,
   int mpqNumber
);

Parameters

valueString
    The value string for the check revision function specified by Battle.net's SID_AUTH_INFO message.
files
    The list of files for the given game client. This parameter must be exactly three files long.
mpqNumber
    The number of the MPQ file. To extract this number, see the ExtractMPQNumber method.

Return Value

The checksum value.

The server token is what the server sends you in 0x50 as well.

Computes the 20-byte hash value of the CD key.

public byte[] GetHash(
   int clientToken,
   int serverToken
);

Parameters
clientToken
A randomly-generated token value that is determined by session at the client.
serverToken
A randomly-generated token value that is determined by session at the server.
Return Value
A 20-byte array containing the hash value of the specified key.

EDIT:  Found by using the MBNCSutil documentation @ http://www.jinxbot.net/mbncsutil/

Note, in Firefox the left navigation frame is kinda messed up.

EDIT2: Since BnetDocs is down you can always use http://www.valhallalegends.com/yoni/BNLSProtocolSpec.txt as a reference too.

[iNsaNe]

Code Select Expand

0030                     ff 50 e6 00 02 00 00 00 e9 e6  .P........
0040   bb 68 1c 57 1a 00 00 20 58 7d 99 cb c6 01 76 65  .h.W... X}....ve
0050   72 2d 49 58 38 36 2d 31 2e 6d 70 71 00 43 3d 31  r-IX86-1.mpq.C=1
0060   33 33 33 36 35 30 35 32 35 20 42 3d 37 35 32 37  333650525 B=7527
0070   37 34 37 38 34 20 41 3d 36 36 34 31 38 35 33 39  74784 A=66418539
0080   31 20 34 20 41 3d 41 5e 53 20 42 3d 42 2b 43 20  1 4 A=A^S B=B+C
0090   43 3d 43 2b 41 20 41 3d 41 2d 42 00 86 18 96 a1  C=C+A A=A-B.....
00a0   d9 33 80 73 30 92 89 fe d8 34 2d 0d 3e f1 22 8a  .3.s0....4-.>.".
00b0   ef 91 2f 19 27 5b 78 e5 9f 0a cd b9 29 1a fd 84  ../.'[x.....)...
00c0   c9 f2 7b f0 81 3e 4a c3 c5 a9 1b 27 8d 8c 05 d4  ..{..>J....'....
00d0   c8 d0 2a 6b 2b d1 9f e9 7b b2 e5 fe 6c 62 5d 81  ..*k+...{...lb].
00e0   29 bb f1 a4 90 f6 62 41 40 71 1e 67 52 25 42 25  )[email protected]%B%
00f0   3e ec 3e 0e d2 7e 70 76 45 78 19 b7 19 61 d3 5a  >.>..~pvEx...a.Z
0100   ab c7 48 fb 37 65 96 36 7e 4f 37 9e c8 2c 0f 1b  ..H.7e.6~O7..,..
0110   9b d6 b4 c8 a3 00 8d 90 1b e0 89 8d              ............

if you can point out which is the Server Token and Value String i would appreciate it thought im guessing C=1333650525 B=752774784 A=664185391 4 A=A^S B=B+C C=C+A A=A-B is the value string?

[Ersan]

e9 e6 bb 68 is the server token in that example and yes that is the value string.

http://ersan.us/src/bnetdocs/content2148.html

[iNsaNe]

Confused... the value string is the entire data after the ix86ver filename? or just the numbers i posted above?

[Hdx]

Just the string you posted is the 'ValueString'
Everything after the 0x00 is the server signature. http://www.javaop.com/~iago/documents/ServerSig.html
Once you start useing a good buffer class. It will be alot easier. Just remove EVERYTHING exactly as described on BnetDocs and you'll be good.
~Hdx

[Sorc.Polgara]

I'm assuming he's now using the buffer classes in MBNCSutil, at least he might as well.

[iNsaNe]

I'm still having troubles. This is my code so far:

Code Select Expand

    Private Sub winSock_DataArrival(ByVal sender As System.Object, ByVal e As
AxMSWinsockLib.DMSWinsockControlEvents_DataArrivalEvent) Handles winSock.DataArrival

        Dim Data As String
        winSock.GetData(Data, vbString, e.bytesTotal)

        If InStr(Data, HexToStr("FF50")) Then

            AddChat(Color.SpringGreen, "<- Received: 0x50!")

            Get_SIDAUTHINFO = Data

            Get_SIDAUTHINFO_ValueString = Split(Get_SIDAUTHINFO, ".mpq" & Chr(0))(1)
            Get_SIDAUTHINFO_ValueString = Split(Get_SIDAUTHINFO_ValueString, Chr(0))(0)

            Get_SIDAUTHINFO_MPQ = Split(Get_SIDAUTHINFO, "ver")(1)
            Get_SIDAUTHINFO_MPQ = Split(Get_SIDAUTHINFO_MPQ, Chr(0))(0)
            Get_SIDAUTHINFO_MPQ = "ver" & Get_SIDAUTHINFO_MPQ

            PBuff.Get_SERVERTOKEN()
            PBuff.SEND_SIDAUTHCHECK()
            'Send SID_AUTH_CHECK
        End If

End Sub
And my PacketBuffer class:

Code Select Expand

Public Sub Get_SERVERTOKEN()

        ServerToken = Left(Get_SIDAUTHINFO, 12)
        ServerToken = Right(ServerToken, 4)

    End Sub

Public Sub SEND_SIDAUTHCHECK()

        'C -> S 0x51 (SID_AUTH_CHECK)

        Dim ClientToken As UInteger
        Dim CheckRevision As Long

        Dim MPQNumber As Byte

        Dim KeyHash As String
        Dim HashLength() As Byte

        Dim EXEInfo As String
        Dim EXEVersion As Integer

        Dim Files(2) As String
        Dim CDKeyDecoded As MBNCSUtil.CdKey

        AddChat(Color.Yellow, "-> Sending 0x51...")
        ClientToken = Right(GetTickCount, 5)

        If strProduct = "Warcraft III RoC" Then

            Files(0) = "C:\Program Files\Warcraft III\war3.exe"
            Files(1) = "C:\Program Files\Warcraft III\game.dll"
            Files(2) = "C:\Program Files\Warcraft III\Storm.dll"

            CDKeyDecoded = MBNCSUtil.CdKey.CreateDecoder(strCDKey)

            HashLength = CDKeyDecoded.GetHash(ClientToken, CUInt(ServerToken))
            EXEVersion = MBNCSUtil.CheckRevision.GetExeInfo(Files(0), EXEInfo)

            MPQNumber = MBNCSUtil.CheckRevision.ExtractMPQNumber(Get_SIDAUTHINFO_MPQ)
            CheckRevision = MBNCSUtil.CheckRevision.DoCheckRevision(Get_SIDAUTHINFO_ValueString, Files, MPQNumber)
            KeyHash = CDKeyDecoded.GetHashCode

            InsertDWORD(ClientToken)
            InsertDWORD(EXEVersion)
            InsertDWORD(CheckRevision)
            InsertDWORD(&H1)
            InsertDWORD(&H0)

            InsertDWORD(Len(strCDKey))
            InsertDWORD(CDKeyDecoded.Product)
            InsertDWORD(CDKeyDecoded.Value1)
            InsertDWORD(&H0)

            InsertNonNTString(ASCII.GetString(HashLength))
            InsertNTString(EXEInfo)
            InsertNonNTString(strUsername)
            'This isnt nulled because the packet is automatically nulled at the end anyways

            SendPacket(&H51)

        End If

    End Sub


Please don't get on my case about how bad my coding is. I am just trying to make a bot log in for the first time. My ServerToken is initially a string, but converted to a UInt. That's not the source of my problems but the packet isnt even being sent. Code stops at "CDKeyDecoded = MBNCSUtil.CdKey.CreateDecoder(strCDKey)". I am using MBNCSUtil 2.0

[Edit: broke up a long line.]

[brew]

When you say "it stops" do you mean stops executing, or freezes up and crashes vb? that would be most likely because of a type mismatch in your arguments. other then that ionno what to tell you.

[iNsaNe]

Stops executing

[rabbit]

When you say "it stops" do you mean stops executing, or freezes up and crashes vb? that would be most likely because of a type mismatch in your arguments. other then that ionno what to tell you.

You need to stop trying to sound like you know what you're talking about, because you really have no idea what you're talking about.  Really.  Just stop.

Just from the way you explained it, I can say that you're trying to implement CreateDecoder() incorrectly.  I don't know the specifics of MBNCSUtil, so that's as much help as I can give.