Uncovering 0x5E - Warden

[Don Cullen]

Could we please focus on the development aspect rather than debate on whether it's worth doing?

[brew]

I meant that they'll do more than change how those bytes are gathered if they need to. And "They" are Blizzard.

No. That would require a patch, and they're aiming for a no-starcraft-patch antihack system. Looks like they've got it. It'd take more effort then you'd think: We could easily find the encryption key values again. They can only patch oh-so-many times.
Speaking of which, did anyone find the address where battle.snp actually parses the warden packet? I can only find where it sends it. (19019C15)

[Ringo]

I meant that they'll do more than change how those bytes are gathered if they need to. And "They" are Blizzard.

huh? so what?
I think you missed the point, the 16 bytes inquestion, were the decoded cdkey.
If your saying that by pointing out that the 1st dword of the cdkey hash relates the warden traffic, that blizzard will change the way the client generates the key, then I dont think anyone cares. Its not rocket science to work out again, its very simple 1st step.
You must embrace change, the future brings much of it.

[Barabajagal]

CDKey? Warden's response is dependent on the CDKey now, too?

[brew]

CDKey? Warden's response is dependent on the CDKey now, too?

Now? It's always been based on the cdkey. And the client/server tokens.

EDIT*** Well, warden's response isn't dependent on the cdkey, I ment the key used to encrypt/decrypt it.

EDIT

I was looking into warden a bit more, and the send function is called by 03820078. Well, it's not called by that, but called a few bytes before that. That's just the ESI at the time of calling. I'm not exactly sure what module this thread is from, and nor does my debugger. It seems like this might be warden being executed? Am I on the right track, at least? And I'm still not able to find where it's being parsed at on receive :/... But I'm pretty sure it's not battle.snp anymore.

[warz]

Am I on the right track, at least?

Getting there. Keep at it.

[Rob]

I was looking into warden a bit more, and the send function is called by 03820078. Well, it's not called by that, but called a few bytes before that. That's just the ESI at the time of calling. I'm not exactly sure what module this thread is from, and nor does my debugger. It seems like this might be warden being executed? Am I on the right track, at least? And I'm still not able to find where it's being parsed at on receive :/... But I'm pretty sure it's not battle.snp anymore.

19019D90 is the warden handler function.  Its called from the function @ 190200D0 which is responsible for receiving the data and dispatching each packet.

In your case, 03820078 would be the address space of the loaded warden module.

[brew]

19019D90 is the warden handler function.  Its called from the function @ 190200D0 which is responsible for receiving the data and dispatching each packet.

Ah. so that's the packet parse function? I've looked at that before, but I concluded that it isn't the packet handler (packets like 0x01 and 0x03 were apparently parsed there, both of which i have never heard of, also i found it odd that nothing was passed as a parameter in the function called by the 0x0F handler). Thanks, Rob.

[moh.vze.com]

Can't we just hire a real "Eningeer" and have them solve this or something?

[brew]

Can't we just hire a real "Eningeer" and have them solve this or something?

Most of the people here are on par with, if not above a real "engineer" as you call it. Sure, I guess you can, but when you said "we", you meant "you".

[Falcon[anti-yL]]

Can't we just hire a real "Eningeer" and have them solve this or something?

Most of the people here are on par with, if not above a real "engineer" as you call it. Sure, I guess you can, but when you said "we", you meant "you".

Uhhh no.

[UserLoser]

Not trying to break anything here, but once you guys eventually (if ever) figure out how to encrypt/decrypt the message, how are you going to handle the hundreds of different challenges? i.e. memory checks, loaded libraries checks, etc.

[Mystical]

Not trying to break anything here, but once you guys eventually (if ever) figure out how to encrypt/decrypt the message, how are you going to handle the hundreds of different challenges? i.e. memory checks, loaded libraries checks, etc.

are you saying its impossible? That's sad, the last 2 patches have only affected bots, and barley any hacks at all.

[brew]

Can't we just hire a real "Eningeer" and have them solve this or something?

Most of the people here are on par with, if not above a real "engineer" as you call it. Sure, I guess you can, but when you said "we", you meant "you".

Uhhh no.

Oh please. Perhaps, you're talking about your own ability. (or lack thereof)

are you saying its impossible? That's sad, the last 2 patches have only affected bots, and barley any hacks at all.

No, it's not impossible. He's saying it'll take a while to figure out. Lockdown took about a year and a half, right? But we solved it. So why wouldn't we be able to solve warden as well?

[warz]

Lockdown took about a year and a half, right? But we solved it.

No, lockdown didn't take a year and a half to solve. It came out towards the end of 2006, and we had fixes in a month, or two. I made our code public not long after that.

Can't we just hire a real "Eningeer" and have them solve this or something?

Sure, I guess you can, but when you said "we", you meant "you".

But we solved it. So why wouldn't we...

While you're being a technical asshole, I'll take a moment to point out that you had nothing to do with the progression of either of the two lockdown projects that were eventually released, at all.