Rudimentary Warden information

iago · February 28, 2008, 05:07 PM

I've posted information about how to decrypt, verify, prepare, and save modules for Warden. I'm sure others have done this already, but whatever, it was for my own education. You'll find complete info there about how to generate the keys and decrypt Warden packets, as well as how to read and respond to 0x00 and 0x01. Nothing there about how to respond to 0x02, though. I'm putting the project on hold for an indefinite amount of time, and wanted to share what I've done so far.

http://www.skullsecurity.org/wiki/index.php/Starcraft_Warden

I encourage people to help expand it, if possible, since I have no plans to for awhile. If you intend to edit the wiki (which is fine, if you can contribute useful information), I'd appreciate it if you asked me first (send me a PM here, I'll get back to you).

If you want more info/implementation, get in touch with me. I've written a module downloader/saver.

brew · February 28, 2008, 05:14 PM

d'oh! way to tell them, iago. now that the decryption/encryption is public, people are just going to make databases of warden requests/responses, you know the deal... the end is nigh.

Barabajagal · February 28, 2008, 05:46 PM

STFU, brew.

iago, I was looking over this earlier... before you deleted it the first time, or whatever.... and I'm confused about generating encryption keys...

QuoteGenerating the keys used for encrypting Warden packets is a somewhat convoluted algorithm, but it is fairly simple to implement. Here are the basic steps:

1. Create a source of shared random data based on a seed
2. Generate the outgoing key from the first 0x10 bytes, using the generation code in Crypto_and_Hashing#Xor_Encryption
3. Generate the incoming key from the next 0x10 bytes using that code

That part... where are these bytes coming from?

Ringo · February 28, 2008, 05:58 PM

Nice 1 iago, very nice, looks like you worked hard on it.
Interested in seeing where this goes

Soon everyone will have a bypass to warden

Quote from: brew on February 28, 2008, 05:14 PM
the end is nigh.

You mean the start is nigh?

I look faward to beating it again

Tolk me 30min to beat SC warden, should take me even less time to beat it again

afaik, me and rob@east had a working warden, soon everyone will have it

I have around about 5000+ of the 1st messages already, but my method was alittle more simple that iago's.
Aside, i dont think blizzard really care, they havent exacly done much with it since it got activated on SC/BW tbh

Newby · February 28, 2008, 05:59 PM

Quote from: Andy on February 28, 2008, 05:46 PM
STFU, brew.

/signed. brew, STFU. It's for educational purposes. There's no .ocx files or code that people can go and steal from the page, and I doubt anyone that still actively develops for Battle.net (in the old sense that people ripped bots and TCPConnect.cls and CleanSlateBot.ocx) can use it.

brew · February 28, 2008, 06:10 PM

hm, now that it's all over, ringo, why don't you tell us how you did it all from vb6? that's an insane feat tbh ;P

BTW, I was looking over iago's code and i noticed he was refering to a "WardenUnknownPointer1". At first I thought it was just a pointer to some struct, but i think it's the base address for a "class" because it also contains some function pointers. The battle.net developers used OO and all that other crap i hate ;/
and [global_0 + 18h] i was refering to for the longest time as "WardenStruct->oldLen". What is it really?
And then there's the function list. IIRC the real function list for warden is included within the module itself a bit below the actual code...

MysT_DooM · February 28, 2008, 06:15 PM

Quote from: Andy on February 28, 2008, 05:46 PM
STFU, brew.

iago, I was looking over this earlier... before you deleted it the first time, or whatever.... and I'm confused about generating encryption keys...
QuoteGenerating the keys used for encrypting Warden packets is a somewhat convoluted algorithm, but it is fairly simple to implement. Here are the basic steps:

1. Create a source of shared random data based on a seed
2. Generate the outgoing key from the first 0x10 bytes, using the generation code in Crypto_and_Hashing#Xor_Encryption
3. Generate the incoming key from the next 0x10 bytes using that code
That part... where are these bytes coming from?

the cdkey hash

iago · February 28, 2008, 06:16 PM

Quote from: Andy on February 28, 2008, 05:46 PM
iago, I was looking over this earlier... before you deleted it the first time, or whatever....

yeah, I realized it might be a bad idea to link it to my work's ip address, so I re-posted from home, hoping nobody would see it.

I'm not home right now, so I'll post answers to whatever I can later.

Barabajagal · February 28, 2008, 07:07 PM

Ah, okay... Maybe I'll make an OCX... JK JK!

And Myst... CDKey hashes are only 0x14 bytes long... how could I get two sets of 0x10 bytes from it?

MysT_DooM · February 28, 2008, 07:32 PM

Quote from: Andy on February 28, 2008, 07:07 PM
Ah, okay... Maybe I'll make an OCX... JK JK!

And Myst... CDKey hashes are only 0x14 bytes long... how could I get two sets of 0x10 bytes from it?

Should read http://www.skullsecurity.org/wiki/index.php/Warden_Packets and http://www.skullsecurity.org/wiki/index.php/Crypto_and_Hashing#Xor_Encryption

iago · February 28, 2008, 07:44 PM

Quote from: Andy on February 28, 2008, 07:07 PM
Ah, okay... Maybe I'll make an OCX... JK JK!

And Myst... CDKey hashes are only 0x14 bytes long... how could I get two sets of 0x10 bytes from it?

As Myst alluded to in his last post, maybe, you use something that I called "random source" or "random data" or something. It's some code that generates a random stream of data.

My server seems to have fallen over, right now. I'm leaving here shortly (although cycling through a snow storm, so no telling if I'll survive :-o), and will see what's going on when I get home.

Also keep in mind, this is NOT the end of the road. I only provided a starting point.

<edit> nevermind about the server, I was being stupid.

Barabajagal · February 28, 2008, 08:15 PM

~~Okay, let me rephrase my question... what's the seed?~~

Nevermind. I don't care enough about SC.

MysT_DooM · February 28, 2008, 08:36 PM

Quote from: Andy on February 28, 2008, 08:15 PM
~~Okay, let me rephrase my question... what's the seed?~~

Nevermind. I don't care enough about SC.

did rocky throw in the towel after gotten beaten by apollo?

l2k-Shadow · February 28, 2008, 08:54 PM

kudos man. gj

iago · February 28, 2008, 09:17 PM

Quote from: Andy on February 28, 2008, 08:15 PM
~~Okay, let me rephrase my question... what's the seed?~~

Nevermind. I don't care enough about SC.

Well, for anybody else who's wondering, the whole section about generating the keys is right here:
http://www.skullsecurity.org/wiki/index.php/Warden_Packets#Generating_encryption_keys

Read that carefully, and let me know if there's anything confusing in there.

I'm guessing other game clients' implements are similar or identical to that.

Rudimentary Warden information

Barabajagal

Barabajagal

Barabajagal