Warden Inactivated.

devcode · September 22, 2007, 09:39 PM

Quote from: Hdx on September 22, 2007, 09:32 PM
[flame]devcode. Please STFU with the insults untill you start producing something. I jsut reviewed all of your posts. None are productive in any manor.
before you flame me back, Yes Most of my posts arnt productive. But i help where I can. Nothing you have posted sofar can be considered 'help'.[/flame]
On-topic: I jsut poked warden with a stick, and it bit me (by bit I mean froze my comp and forced me to re-boot). But I see the layers of encoding you've mentioned.
~Hdx

[flame]I'm cool, Andy's not, SO YEAH BABY WASUP[/flame]
BSHA1=BrokenSHA1/Bnet's SHA1

KEY->BSHA1->GenerateKeyForARC4(more BSHA1)->InitARC4->Data->BSHA1->EncryptDataARC4 (0x5E reply)

Goes something like that

Barabajagal · September 22, 2007, 10:03 PM

Congratulations! Nobody likes you!

devcode · September 22, 2007, 10:27 PM

Quote from: Andy on September 22, 2007, 10:03 PM
Congratulations! Nobody likes you!

I got mah careface on just fo you

Yegg · September 22, 2007, 11:41 PM

Quote from: devcode on September 22, 2007, 10:27 PM
Quote from: Andy on September 22, 2007, 10:03 PM
Congratulations! Nobody likes you!

I got mah careface on just fo you

I like how you edited your post from "CAREFACE=0N" to "I got mah careface on just fo you

".

UserLoser · September 23, 2007, 01:44 AM

Quote from: devcode on September 22, 2007, 07:51 PM
Quote from: UserLoser on September 22, 2007, 02:18 PM
They can't just "change the structure" of a message without patching the millions of Starcraft clients out there, that would be unpractical and just stupid

Actually they can but you wouldn't know anything about that. Seriously, where do these idiots come from? TEH HEAVENZ ABOVE?

Uh, no. By all means of a 'packet structure', it means the format of it and the way the client handles it. That's like saying, for example, for chat messages they can just insert a random string before the actual text and after the username and the client will know how to properly sort it without a patch--not going to happen buddy.

What wouldn't I know? I've gone far into every client's network handlers (and beyond) and I'm pretty sure I know what I'm talking about..

You're calling me an idiot? I'm not being cocky or anything, but please do your research before posting stuff like this towards me (and about this topic) because you just make yourself look like a fool

It's been known for years that they use RC4, and it's been reversed and people (not mentioning names) know how it works and have clients that emulate the warden. However, for obvious reasons this information isn't shared (and I'm not about to give you anything with attitude like that)

brew · September 23, 2007, 09:18 AM

So anotherwords, the warden module isn't passed the raw decrypted data from the packet, but instead all of the data it needs to make the response is cut into cute little pieces to process. That's almost too convenient. Starcraft wouldn't be able to handle a new warden packet format without a patch, whereas if the warden module was passed raw data, it could parse it on it's own, which would be a bit more easier for blizzard in the long run. But then again, why would they need to change the packet's structure? Just to throw us off? That's just too crewl. I haven't looked at the warden modules myself, by the way. I'm just speculating about all of this. We also can't forget how the packets are received, at first the inital 37 bytes are recieved, and probably based on the response, it determines of the warden module that starcraft was using to generate that response was out of date, etc. If it isn't, then nothing else happens. If it is, however, the server sends a mass of data via 0x5E packets (probably a file, like a warden module.) It's encrypted too, by the way. The new byte response is created, and sent to battle.net. So if it has to support both versions of the warden module, what would be the point of changing the packet's decrypted stucture? That would just "break" starcraft. Which is what Blizzard is trying not to do. Sorry, devcode, but UserLoser is right :/

devcode · September 23, 2007, 10:19 AM

I don't need your info lulz, I've been reversin fo years boi, I can look at any disassembly and obtain the original src superquick. I started looking into Warden seriously when Don Cullen mentioned it, and 4-5 hours of work and kaboom, dumped the warden module, reversed the whole mechanism. So plz, don't act like you're cool cause ur not and we both know i run NY and i get money.

Quote from: UserLoser on September 23, 2007, 01:44 AM
Quote from: devcode on September 22, 2007, 07:51 PM
Quote from: UserLoser on September 22, 2007, 02:18 PM
They can't just "change the structure" of a message without patching the millions of Starcraft clients out there, that would be unpractical and just stupid

Actually they can but you wouldn't know anything about that. Seriously, where do these idiots come from? TEH HEAVENZ ABOVE?

Uh, no. By all means of a 'packet structure', it means the format of it and the way the client handles it. That's like saying, for example, for chat messages they can just insert a random string before the actual text and after the username and the client will know how to properly sort it without a patch--not going to happen buddy.

What wouldn't I know? I've gone far into every client's network handlers (and beyond) and I'm pretty sure I know what I'm talking about..

You're calling me an idiot? I'm not being cocky or anything, but please do your research before posting stuff like this towards me (and about this topic) because you just make yourself look like a fool

It's been known for years that they use RC4, and it's been reversed and people (not mentioning names) know how it works and have clients that emulate the warden. However, for obvious reasons this information isn't shared (and I'm not about to give you anything with attitude like that)

devcode · September 23, 2007, 10:20 AM

Hdx · September 23, 2007, 10:45 AM

http://jbls.org/files/noobdev.idb
Gogo!
You're almost as bad as this guy:

Quotei don't know what the hell jbls is but its downloadeble, creating a macro that opens it delete the temp internet files and redownload it, if u have a datalimit that really makes up my day.

~Hdx

devcode · September 23, 2007, 10:56 AM

Quote from: Hdx on September 23, 2007, 10:45 AM
http://jbls.org/files/noobdev.idb
Gogo!
You're almost as bad as this guy:
Quotei don't know what the hell jbls is but its downloadeble, creating a macro that opens it delete the temp internet files and redownload it, if u have a datalimit that really makes up my day.
~Hdx

Cool.

Banana fanna fo fanna · September 23, 2007, 11:13 AM

Quote from: devcode on September 23, 2007, 10:19 AM
So plz, don't act like you're cool cause ur not and we both know i run NY and i get money.

I love you.

Hdx · September 23, 2007, 11:45 AM

http://jbls.org/files/noobdev.txt
Lovely convo don't cha think? <3 how he flips sides.
~Hdx

devcode · September 23, 2007, 11:47 AM

Quote from: Hdx on September 23, 2007, 11:45 AM
http://jbls.org/files/noobdev.txt
Lovely convo don't cha think? <3 how he flips sides.
~Hdx

Best convo piece I've seen in a while! I woulda posted it but you got to it before me. Gj.

Yegg · September 23, 2007, 11:59 AM

Devcode is an idiot. It's impossible to convert disassembly into "original src superquick" and the code I showed brew was not C++. Case closed.

devcode · September 23, 2007, 12:02 PM

Quote from: Yegg on September 23, 2007, 11:59 AM
Devcode is an idiot. It's impossible to convert disassembly into "original src superquick" and the code I showed brew was not C++. Case closed.

Get known. <3 you.

Warden Inactivated.

Barabajagal

UserLoser