• Welcome to Valhalla Legends Archive.
 

Warden anti-hack is back..

Started by brew, August 29, 2007, 07:01 PM

Previous topic - Next topic
|

Barabajagal

#60
Nobody can join Backstage unless they're @Blizzard accounts and are on the blizzard rep/admin database list.
And ya, there's ways of getting JSTR into channels it's not supposed to be in, but if you get caught doing it, you'll ruin it for everyone -.-
Plus, the only reason to use JSTR is cause its icon is better than any other icons :D

brew

Hey guys so i heard some guy on bnet called leaky has a private "warden fix" stealthbot script which magically allows people to stay connected and respond to warden. W O W, right? I haven't seen it myself, but I bet it's just some cheezy loopback connection that has starcraft do the warden processing. The average stealthbot user will most likely jump for joy. And you have to have starcraft and all of it's dependencies running (of course) while connected to battle.net, which isn't really a problem for the average stealthbot user, but that's to be expected. Since we can't really "fix" warden yet I say we make a stand alone .exe to "patch" other bots too. All it would require additionally is to hook a few sockets, the bot's window caption, so on. I dont know about you, but I say we split this up into two parts (the warden request processor and the actual packet sender) and since RealityRipple has such an interest in doing stuff like that maybe he should make some quick warden response server, bnet is saved, blah blah.  ^^
<3 Zorm
Quote[01:08:05 AM] <@Zorm> haha, me get pussy? don't kid yourself quik
Scio te esse, sed quid sumne? :P

Barabajagal

NTY. Done fighting against Blizzard.

Explicit

I'm awake in the infinite cold.

[13:41:45]<@Fapiko> Why is TehUser asking for wang pictures?
[13:42:03]<@TehUser> I wasn't asking for wang pictures, I was looking at them.
[13:47:40]<@TehUser> Mine's fairly short.

Barabajagal

Quote from: Explicit[nK] on September 03, 2007, 11:08 PM
Quote from: Andy on September 03, 2007, 08:33 PM
NTY. Done fighting against Blizzard.

Wise decision.

It's easier to let other people fight and wait for it to be incorporated into JBLS or a DLL or something :)

Dale

But it's still fun to fight against Blizzard.

Don Cullen

Basically, how the Stealth solution works is as you have stated, it has Starcraft running in the background, and when Warden on the Battle.net server sends Warden packets to Stealth, the bot redirects it to StarCraft client, which in turn generates the appropriate response.

Now, before you ask, yes, this can be done with ANY bot. All it would require is some simple hooking, although it'd still require StarCraft to be running in the background for as long as you wanted to maintain the connection. While it's a workaround, it's not a solution, nor a viable workaround as it's totally dependent on StarCraft.

For two, in regards to a Warden response server based on the above method, I've already tried the route of having StarCraft process the data. I was trying to write a Warden server. I basically wrote a proxy for bots and StarCraft, so bots could send warden packets to my server running StarCraft, and it'd generate the appropriate response and send it back to the bot, which in turn would send it to Battle.net. But unfortunately, after nearly finishing the proxy, I found out that this solution was not doable. instead of explaining it myself, I'll paste a conversation I had with the l2uthless bot creater, l2k-Shadow. While I unfortunately gave him a headache from my attempts to understand how it basically worked, perhaps I can save him and others from future headaches by pasting here so people can follow the conversation along and figure it out as well. Keep in mind I only had 3 hours of sleep the night before, so I'm somewhat slow in the conversation. :P Many thanks to l2k-Shadow for his patience.

QuoteSession Start (Kyro:l2k-Shadow): Sun Sep 02 11:21:56 2007
[11:21] Kyro: hey
[11:21] Kyro: got time?
[11:22] l2k-Shadow: depends what the time is for
[11:22] Kyro: tech support :P
[11:22] Kyro: im coding a warden proxy
[11:22] l2k-Shadow: that's a little vague
[11:22] l2k-Shadow: alright
[11:22] Kyro: basically, the way i have it set up is
[11:23] Kyro: two pcs, gateway on one, starcraft on the other
[11:23] Kyro: when i start gateway, it listens for starcraft
[11:23] Kyro: i have starcraft connect to my laptop (the gateway)
[11:23] Kyro: ah hell i'll just paste and save you the trouble
[11:23] Kyro:
[11:20:47 AM] SYSTEM> Initializing relay...
[11:20:47 AM] SYSTEM> Initalized. Waiting for StarCraft...
[11:20:52 AM] SYSTEM> StarCraft connected!
[11:20:52 AM] SYSTEM> Connecting to battle.net...
[11:20:52 AM] STARCRAFT> Received GameByte.
[11:20:52 AM] STARCRAFT> Received Packet: 0x50 (SID_AUTH_INFO)
[11:20:52 AM] SYSTEM> Connected to Battle.net!
[11:20:52 AM] BATTLE.NET> 0x01 Emulation Byte sent.
[11:20:52 AM] BATTLE.NET> 0x50 (SID_AUTH_INFO) Sent to Battle.net.
[11:20:52 AM] BATTLE.NET> Received Packet: 0x25 (SID_PING)
[11:20:52 AM] SYSTEM> Packet: 0x25 (SID_PING) sent to STARCRAFT.
[11:20:52 AM] BATTLE.NET> Received Packet: 0x50 (SID_AUTH_INFO)
[11:20:52 AM] SYSTEM> Packet: 0x50 (SID_AUTH_INFO) sent to STARCRAFT.
[11:20:52 AM] STARCRAFT> Received Packet: 0x25 (SID_PING)
[11:20:52 AM] SYSTEM> Packet: 0x25 (SID_PING) sent to BATTLE.NET.
[11:22:31 AM] BATTLE.NET> Received Packet: 0x0 (SID_NULL)
[11:22:31 AM] SYSTEM> Packet: 0x0 (SID_NULL) sent to STARCRAFT.
[11:24] l2k-Shadow: and
[11:24] Kyro: well basically
[11:25] Kyro: the goal here is to get starcraft completely loaded, (aka in channel) via proxy (my laptop is acting as proxy). Once starcraft is completely connected, my proxy would disconnect from battle.net, but maintain the connection with starcraft
[11:25] Kyro: would keep connection alive via pings/nulls
[11:26] Kyro: then any bot could connect to my laptop, send it a warden packet that was sent to them by battle.net, which my laptop in turn would relay it to starcraft, starcraft would construct the appropriate response thinking it's from battle.net, and send it to my proxy, which in turn would send it to the bot requesting the warden response
[11:27] Kyro: make sense?
[11:27] l2k-Shadow: good idea
[11:27] l2k-Shadow: but
[11:27] l2k-Shadow: that won't work
[11:27] l2k-Shadow: sorry
[11:27] l2k-Shadow: (which is why no one else has done it)
[11:27] Kyro: why wont it work
[11:27] l2k-Shadow: because of the nature of warden
[11:27] l2k-Shadow: warden is encrypted using a key-based encryption
[11:27] l2k-Shadow: this key is generated from the key hash
[11:27] l2k-Shadow: so the encryption is different for every bot
[11:27] l2k-Shadow: so
[11:27] l2k-Shadow: gl
[11:28] l2k-Shadow: so u can do this
[11:28] Kyro: ahh damn.
[11:28] l2k-Shadow: but only with 1 bot at a time
[11:28] Kyro: key, as in, cdkey based
[11:28] Kyro: right?
[11:28] l2k-Shadow: no
[11:28] l2k-Shadow: key-based as in the encryption
[11:28] l2k-Shadow: uses a key
[11:28] l2k-Shadow: this key comes from your CD-Key hash
[11:28] Kyro: damn.
[11:28] l2k-Shadow: and therefore
[11:28] l2k-Shadow: it is different
[11:28] l2k-Shadow: every time u login
[11:29] Kyro: becase my starcraft cdkey isn't the same from the botuser's cdkey, the warden proxy would fail.
[11:29] Kyro: damn.
[11:29] l2k-Shadow: not even that
[11:29] l2k-Shadow: even if they used the same cdkey it would fail because the cdkey hash is different per login
[11:29] l2k-Shadow: due to different client and server tokens
[11:29] Kyro: double damn.
[11:29] Kyro: theres goes my idea.
[11:30] Kyro: thanks for your time
[11:30] l2k-Shadow: i tried doing your idea
[11:30] l2k-Shadow: like day after warden came out
[11:30] l2k-Shadow: when i was researching it
[11:30] l2k-Shadow: then i found this out
[11:30] l2k-Shadow: so
[11:30] l2k-Shadow: yeah
[11:31] l2k-Shadow: one thing you COULD do
[11:31] l2k-Shadow: is mess with starcraft's memory
[11:31] l2k-Shadow: and change the cdkey hash
[11:31] l2k-Shadow: with the warden request
[11:31] l2k-Shadow: i tried doing that but failed
[11:31] l2k-Shadow: somehow
[11:31] l2k-Shadow: but the general idea remains the same.
[11:33] Kyro: i dont suppose reversing the logon sequence via assembly and porting it over is doable?
[11:33] l2k-Shadow: what does that have to do with anything?
[11:33] Kyro: im not tryin to reverse the entireity of warden, just the 0x5E packet
[11:34] l2k-Shadow: well.. the main problem is that you're trying to do something you don't know much about
[11:34] l2k-Shadow: -.-
[11:34] Kyro: yeah, time for me to take ASM classes.
[11:34] l2k-Shadow: it's not just a packet.
[11:34] l2k-Shadow: regardless if u know asm or not
[11:35] Kyro: from what little i know, 0x5E seems to tell starcraft to run a check on memory searching for hacks/etc, contains known current signatures to check for, then starcraft compiles a response and sends the response, then bnet sends what i think is a confirmation
[11:35] Kyro: that about right?
[11:36] l2k-Shadow: about
[11:36] l2k-Shadow: not quite right though
[11:36] l2k-Shadow: when sc first logs in and receives the first warden request
[11:36] l2k-Shadow: warden is a program
[11:36] l2k-Shadow: inside
[11:36] l2k-Shadow: sc
[11:36] l2k-Shadow: it sends version of warden back
[11:36] l2k-Shadow: if its up to date or not
[11:36] l2k-Shadow: if it isnt sc sends you updated warden module
[11:37] l2k-Shadow: then 0x5e sends warden what to look for
[11:37] l2k-Shadow: and warden compiles a response
[11:37] l2k-Shadow: and sends it back
[11:37] l2k-Shadow: the problem with making a server
[11:37] l2k-Shadow: for this
[11:37] l2k-Shadow: is few things
[11:37] l2k-Shadow: warden can be updated at any time
[11:37] l2k-Shadow: and warden sends a check every 5 seconds
[11:37] l2k-Shadow: that means
[11:37] l2k-Shadow: people who use your server
[11:37] l2k-Shadow: would have to remain constantly connected
[11:38] l2k-Shadow: to it
[11:38] l2k-Shadow: #1
[11:38] Kyro: that'd butcher my bandwidth.
[11:38] l2k-Shadow: #2 it would get abused
[11:38] l2k-Shadow: by people trying to load bots
[11:38] l2k-Shadow: which would butcher your bandwidth and your server.
[11:38] Kyro: in other words, not worth considering
[11:38] l2k-Shadow: precisely.
[11:39] l2k-Shadow: unlike BNLS, warden isn't something that you could do server-side
[...]
[11:41] Kyro: ah well.
[11:41] Kyro: is the 0x5E also in effect for other game clients, or just SC?
[11:41] l2k-Shadow: sc only
[11:41] l2k-Shadow: it is not implemented
[11:42] l2k-Shadow: in any other games
[11:42] Kyro: probably plan on it.
[11:42] l2k-Shadow: i dont think so
[...]
[11:43] l2k-Shadow: and there is a good reason it wont be in another clients
[11:43] Kyro: so wouldnt solve the problem, unless the 0x5E packet was made a requirement prior to finishing logon
[11:43] l2k-Shadow: it won't be in w2
[11:43] l2k-Shadow: because w2 is no longer updated
[11:43] l2k-Shadow: by blizzard
[11:44] l2k-Shadow: it won't be in d2
[11:44] l2k-Shadow: because d2 has warden in game
[11:44] l2k-Shadow: it won't be in w3.. same reason
[11:44] l2k-Shadow: so there u go.
[11:44] Kyro: sc has warden in game, so why are they using it outgame?
[11:44] l2k-Shadow: no it doesn't.
[11:44] Kyro: i could have sworn it did.
[11:44] l2k-Shadow: no.
[11:44] l2k-Shadow: because
[11:44] l2k-Shadow: since sc games
[11:44] l2k-Shadow: are
[11:44] l2k-Shadow: p2p
[11:44] Kyro: the rest arent?
[11:44] l2k-Shadow: warden has to be controlled
[11:45] l2k-Shadow: by the battle.net server
[11:45] l2k-Shadow: for sc
[11:45] l2k-Shadow: since d2 games and w3 games
[11:45] l2k-Shadow: are
[11:45] l2k-Shadow: client->server->client
[11:45] l2k-Shadow: warden for those games can be controlled by the game server.
[11:45] Kyro: i see.
[11:46] Kyro: wouldn't it make sense for blizz to make the game p2s2p?
[11:46] Kyro: then warden'd be ingame
[11:46] l2k-Shadow: it would but that would require them to recode a major portion of starcraft
[11:46] Kyro: unless their code for the game didn't permit for ease of implementation
[11:46] l2k-Shadow: which they won't do.
[11:46] Kyro: yea.
[11:46] Kyro: but from what you say
[11:47] Kyro: wouldn't that mean all a hacker had to do was join a game, then load their hacks. they'd be relatively safe from warden, and prior to finishing the game, the hacks could then be unloaded.
[11:47] Kyro: all theyd have to do would be avoid having hacks running when not in game
[11:48] l2k-Shadow: no..
[11:48] l2k-Shadow: they remain connected to the battle.net server throughout the game.
[11:48] Kyro: but you just said warden doesnt run ingame.
[11:48] Kyro: im referring to sc.
[11:48] l2k-Shadow: warden for sc runs all the time
[11:48] l2k-Shadow: regardless of ingame or out of game
[11:49] Kyro: then why do they have need for the 0x5E packet, when the other games have no need for it?
[...]
[11:52] l2k-Shadow: l2k-Shadow: warden has to be controlled
l2k-Shadow: by the battle.net server
l2k-Shadow: for sc
l2k-Shadow: since d2 games and w3 games
l2k-Shadow: are
l2k-Shadow: client->server->client
l2k-Shadow: warden for those games can be controlled by the game server.
[11:53] Kyro: [11:52] l2k-Shadow: warden has to be controlled by the battle.net server
[11:53] Kyro: but isnt sc p2p? meaning no interaction with the server?
[11:54] l2k-Shadow: *SIGH*
[11:54] l2k-Shadow: when you enter a starcraft game
[11:54] l2k-Shadow: you don't disconnect from battle.net
[11:54] l2k-Shadow: you exchange UDP data with the other players in the game
[11:54] l2k-Shadow: warden is still controlled by battle.net
[11:54] l2k-Shadow: sending u 0x5E packets.
[11:54] l2k-Shadow: the same way
[11:54] l2k-Shadow: if u talk in game
[11:54] l2k-Shadow: when you talk in game
[11:54] l2k-Shadow: you just send that data to other players via UDP
[11:55] l2k-Shadow: but lets say u want to whisper
[11:55] l2k-Shadow: when you whisper you send that data via Battle.net server.
[11:57] l2k-Shadow: however the warden is now controlled
[11:57] l2k-Shadow: by the server you play the game on
[11:58] l2k-Shadow: not the main battle.net server
[11:58] l2k-Shadow: which is why warden for sc is still active while you are in lobby
[11:58] l2k-Shadow: but d2 warden is not
[11:58] l2k-Shadow: because d2 warden is only active while on a game server
[11:59] Kyro: ah, so that's why the bots can get on via emulating other clients, no warden outgame
[11:59] l2k-Shadow: Right
[11:59] Kyro: battle.net servers are both lobby/game servers, while for the other games, lobby/game servers are separate
[11:59] Kyro: right?
[12:00] l2k-Shadow: no
[12:00] l2k-Shadow: battle.net server is lobby only
[12:00] l2k-Shadow: for all gaems
[12:00] l2k-Shadow: games
[12:01] Kyro: let me rephrase, starcraft only makes one connection: bnet, hence why warden is always in effect, while for the other games, two connections are made, one for the lobby for bnet, and another one for the game servers
[12:01] Kyro: about right?
[12:01] l2k-Shadow: correct
[12:01] l2k-Shadow: congratulations
[12:01] l2k-Shadow: -_-
[12:02] Kyro: yeah, thanks. it feels great to not be so dumb now.
[12:02] l2k-Shadow: lol
[...]
[12:03] Kyro: based on it, it sounds like the 0x5E packet being in effect outgame wasn't intentional, it was just a permanent side effect, due to it being on same server as battle.net
[12:03] Kyro: sucks.
[12:03] l2k-Shadow: right
[12:07] Kyro: does the fact that warden isn't centralized, is keybased, encrypted, etc, etc mean you're fresh out of ideas?
[12:08] l2k-Shadow: it can be done
[12:08] l2k-Shadow: but no solution is pemanent
[12:08] l2k-Shadow: because warden can always be updated
[12:08] l2k-Shadow: server-side
[12:08] l2k-Shadow: so even if u wrote a workaround
[12:08] l2k-Shadow: for the current warden
[12:08] Kyro: so it'd be a tit for tat, in other words not worth it
[12:08] l2k-Shadow: right
[12:08] l2k-Shadow: of course there are people
[12:08] l2k-Shadow: who have done it
[12:08] l2k-Shadow: im sure
[12:08] l2k-Shadow: probably skywing/adron
[12:08] l2k-Shadow: etc
[12:09] l2k-Shadow: but i mena
[12:09] l2k-Shadow: lol
[12:09] Kyro: alright, thanks for ur time
[12:09] Kyro: sorry to have given you a headache.
[12:09] l2k-Shadow: i've had worse.
[...]
Session Close (l2k-Shadow): Sun Sep 02 12:27:49 2007
Regards,
Don
-------

Don't wonder why people suddenly are hostile when you treat them the way they shouldn't be- it's called 'Mutual Respect'.

Camel

Quote from: Andy on September 03, 2007, 12:38 AM
They controlled chat. It was allowed in like... Public Chat channels... and that's it.

And they disabled it entirely when people figured out how to whisper flood.

Barabajagal

Quote from: Camel on September 04, 2007, 10:53 AM
Quote from: Andy on September 03, 2007, 12:38 AM
They controlled chat. It was allowed in like... Public Chat channels... and that's it.

And they disabled it entirely when people figured out how to whisper flood.

And yet you can still whisper flood on any other non-keyed client. And it's easy to just do /dnd anyway!

brew

Quote from: Don Cullen on September 04, 2007, 10:07 AM
[11:27] l2k-Shadow: because of the nature of warden
[11:27] l2k-Shadow: warden is encrypted using a key-based encryption
[11:27] l2k-Shadow: this key is generated from the key hash
[11:27] l2k-Shadow: so the encryption is different for every bot
where you could store all the nessisary values, then patch the memory addresses of the warden encryption key values (we already have the offsets from the previous warden topic) very easy if you ask me.
<3 Zorm
Quote[01:08:05 AM] <@Zorm> haha, me get pussy? don't kid yourself quik
Scio te esse, sed quid sumne? :P

Camel

Quote from: brew on September 04, 2007, 02:20 PM
Quote from: Don Cullen on September 04, 2007, 10:07 AM
[11:27] l2k-Shadow: because of the nature of warden
[11:27] l2k-Shadow: warden is encrypted using a key-based encryption
[11:27] l2k-Shadow: this key is generated from the key hash
[11:27] l2k-Shadow: so the encryption is different for every bot
where you could store all the nessisary values, then patch the memory addresses of the warden encryption key values (we already have the offsets from the previous warden topic) very easy if you ask me.
Don't bother. Blizzard will just update warden to break your algorithm. If you're going to shim, then shim; multiple people have had success with that. You can't half-ass warden, so save yourself some lost effort and stop trying.

brew

Quote from: Camel on September 04, 2007, 03:26 PM
Quote from: brew on September 04, 2007, 02:20 PM
Quote from: Don Cullen on September 04, 2007, 10:07 AM
[11:27] l2k-Shadow: because of the nature of warden
[11:27] l2k-Shadow: warden is encrypted using a key-based encryption
[11:27] l2k-Shadow: this key is generated from the key hash
[11:27] l2k-Shadow: so the encryption is different for every bot
where you could store all the nessisary values, then patch the memory addresses of the warden encryption key values (we already have the offsets from the previous warden topic) very easy if you ask me.
Don't bother. Blizzard will just update warden to break your algorithm. If you're going to shim, then shim; multiple people have had success with that. You can't half-ass warden, so save yourself some lost effort and stop trying.

Who said it was an algorithm, and so far people have been half-assing warden with great success. Besides, it's not like blizzard is working against bot makers. They are, however, working against hack makers.
<3 Zorm
Quote[01:08:05 AM] <@Zorm> haha, me get pussy? don't kid yourself quik
Scio te esse, sed quid sumne? :P

rabbit

You haven't read Blizzard's TOS or EULA, have you?
Grif: Yeah, and the people in the red states are mad because the people in the blue states are mean to them and want them to pay money for roads and schools instead of cool things like NASCAR and shotguns.  Also, there's something about ketchup in there.

brew

Quote from: rabbit on September 04, 2007, 04:27 PM
You haven't read Blizzard's TOS or EULA, have you?
I have. Why didn't they make something to prevent Diablo 2 bots connecting? Or warcraft 2? Hell, even their beloved warcraft 3? Why didn't they encrypt all of their packets. *Hint* They're not trying to "kill the botz"
<3 Zorm
Quote[01:08:05 AM] <@Zorm> haha, me get pussy? don't kid yourself quik
Scio te esse, sed quid sumne? :P

Michael

I'd have to agree that bots are not of a great concern to blizzard at the time being, maybe in the old days they were and in the future they might but going by their current stance I am led to the conclusion that they do not have any problems with normal bots. (By normal bots I do not include loaders or flooders)

|