• Welcome to Valhalla Legends Archive.
 

Uncovering 0x5E - Warden

Started by devcode, September 24, 2007, 11:47 PM

Previous topic - Next topic

Don Cullen

Could we please focus on the development aspect rather than debate on whether it's worth doing? :)
Regards,
Don
-------

Don't wonder why people suddenly are hostile when you treat them the way they shouldn't be- it's called 'Mutual Respect'.

brew

#16
Quote from: Andy on November 09, 2007, 01:36 PM
I meant that they'll do more than change how those bytes are gathered if they need to. And "They" are Blizzard.
No. That would require a patch, and they're aiming for a no-starcraft-patch antihack system. Looks like they've got it. It'd take more effort then you'd think: We could easily find the encryption key values again. They can only patch oh-so-many times.
Speaking of which, did anyone find the address where battle.snp actually parses the warden packet? I can only find where it sends it. (19019C15)
<3 Zorm
Quote[01:08:05 AM] <@Zorm> haha, me get pussy? don't kid yourself quik
Scio te esse, sed quid sumne? :P

Ringo

Quote from: Andy on November 09, 2007, 01:36 PM
I meant that they'll do more than change how those bytes are gathered if they need to. And "They" are Blizzard.

huh? so what?
I think you missed the point, the 16 bytes inquestion, were the decoded cdkey.
If your saying that by pointing out that the 1st dword of the cdkey hash relates the warden traffic, that blizzard will change the way the client generates the key, then I dont think anyone cares. Its not rocket science to work out again, its very simple 1st step. ;)
You must embrace change, the future brings much of it.

Barabajagal

CDKey? Warden's response is dependent on the CDKey now, too?

brew

#19
Quote from: Andy on November 10, 2007, 03:48 PM
CDKey? Warden's response is dependent on the CDKey now, too?
Now? It's always been based on the cdkey. And the client/server tokens.

EDIT*** Well, warden's response isn't dependent on the cdkey, I ment the key used to encrypt/decrypt it.

EDIT

I was looking into warden a bit more, and the send function is called by 03820078. Well, it's not called by that, but called a few bytes before that. That's just the ESI at the time of calling. I'm not exactly sure what module this thread is from, and nor does my debugger. It seems like this might be warden being executed? Am I on the right track, at least? And I'm still not able to find where it's being parsed at on receive :/... But I'm pretty sure it's not battle.snp anymore.
<3 Zorm
Quote[01:08:05 AM] <@Zorm> haha, me get pussy? don't kid yourself quik
Scio te esse, sed quid sumne? :P

warz

Quote from: brew on November 10, 2007, 04:08 PMAm I on the right track, at least?

Getting there. Keep at it.

Rob

Quote from: brew on November 10, 2007, 04:08 PM
I was looking into warden a bit more, and the send function is called by 03820078. Well, it's not called by that, but called a few bytes before that. That's just the ESI at the time of calling. I'm not exactly sure what module this thread is from, and nor does my debugger. It seems like this might be warden being executed? Am I on the right track, at least? And I'm still not able to find where it's being parsed at on receive :/... But I'm pretty sure it's not battle.snp anymore.


19019D90 is the warden handler function.  Its called from the function @ 190200D0 which is responsible for receiving the data and dispatching each packet.

In your case, 03820078 would be the address space of the loaded warden module.
Rob@USEast

brew

Quote from: Rob on November 13, 2007, 12:04 AM
19019D90 is the warden handler function.  Its called from the function @ 190200D0 which is responsible for receiving the data and dispatching each packet.

Ah. so that's the packet parse function? I've looked at that before, but I concluded that it isn't the packet handler (packets like 0x01 and 0x03 were apparently parsed there, both of which i have never heard of, also i found it odd that nothing was passed as a parameter in the function called by the 0x0F handler). Thanks, Rob.
<3 Zorm
Quote[01:08:05 AM] <@Zorm> haha, me get pussy? don't kid yourself quik
Scio te esse, sed quid sumne? :P

moh.vze.com

Can't we just hire a real "Eningeer" and have them solve this or something?

brew

Quote from: moh.vze.com on November 13, 2007, 09:14 PM
Can't we just hire a real "Eningeer" and have them solve this or something?
Most of the people here are on par with, if not above a real "engineer" as you call it. Sure, I guess you can, but when you said "we", you meant "you". :)
<3 Zorm
Quote[01:08:05 AM] <@Zorm> haha, me get pussy? don't kid yourself quik
Scio te esse, sed quid sumne? :P

Falcon[anti-yL]

Quote from: brew on November 13, 2007, 09:45 PM
Quote from: moh.vze.com on November 13, 2007, 09:14 PM
Can't we just hire a real "Eningeer" and have them solve this or something?
Most of the people here are on par with, if not above a real "engineer" as you call it. Sure, I guess you can, but when you said "we", you meant "you". :)
Uhhh no.

UserLoser

Not trying to break anything here, but once you guys eventually (if ever) figure out how to encrypt/decrypt the message, how are you going to handle the hundreds of different challenges? i.e. memory checks, loaded libraries checks, etc.

Mystical

Quote from: UserLoser on November 13, 2007, 11:33 PM
Not trying to break anything here, but once you guys eventually (if ever) figure out how to encrypt/decrypt the message, how are you going to handle the hundreds of different challenges? i.e. memory checks, loaded libraries checks, etc.

are you saying its impossible? That's sad, the last 2 patches have only affected bots, and barley any hacks at all.

brew

Quote from: Falcon[anti-yL] on November 13, 2007, 10:56 PM
Quote from: brew on November 13, 2007, 09:45 PM
Quote from: moh.vze.com on November 13, 2007, 09:14 PM
Can't we just hire a real "Eningeer" and have them solve this or something?
Most of the people here are on par with, if not above a real "engineer" as you call it. Sure, I guess you can, but when you said "we", you meant "you". :)
Uhhh no.
Oh please. Perhaps, you're talking about your own ability. (or lack thereof)

Quote
are you saying its impossible? That's sad, the last 2 patches have only affected bots, and barley any hacks at all.
No, it's not impossible. He's saying it'll take a while to figure out. Lockdown took about a year and a half, right? But we solved it. So why wouldn't we be able to solve warden as well?
<3 Zorm
Quote[01:08:05 AM] <@Zorm> haha, me get pussy? don't kid yourself quik
Scio te esse, sed quid sumne? :P

warz

#29
Quote from: brew on November 14, 2007, 09:46 AMLockdown took about a year and a half, right? But we solved it.

No, lockdown didn't take a year and a half to solve. It came out towards the end of 2006, and we had fixes in a month, or two. I made our code public not long after that.

Quote from: brew on November 13, 2007, 09:45 PM
Quote from: moh.vze.com on November 13, 2007, 09:14 PM
Can't we just hire a real "Eningeer" and have them solve this or something?
Sure, I guess you can, but when you said "we", you meant "you". :)


Quote from: brew on November 14, 2007, 09:46 AMBut we solved it. So why wouldn't we...

While you're being a technical asshole, I'll take a moment to point out that you had nothing to do with the progression of either of the two lockdown projects that were eventually released, at all.

|