[VB]STAR ~ Recieving Unrecognized Game Ver (101)

[John420]

Code Select Expand

Using Rob's CheckRevision.dll.

C>S
[code]0000  01 FF 50 3A 00 00 00 00 00 36 38 58 49 52 41 54    ..P:.....68XIRAT
0010  53 D1 00 00 00 33 10 00 00 00 00 00 00 2C 01 00    S....3.......,..
0020  00 09 04 00 00 09 04 00 00 55 53 41 00 55 6E 69    .........USA.Uni
0030  74 65 64 20 53 74 61 74 65 73 00                   ted States.

S>C

Code Select Expand

0000  FF 25 08 00 23 BF F5 08 FF 50 3E 00 00 00 00 00    .%..#....P>.....
0010  6E DD CE C0 34 47 05 00 00 14 5A DC 72 FC C6 01    n...4G....Z.r...
0020  6C 6F 63 6B 64 6F 77 6E 2D 49 58 38 36 2D 31 34    lockdown-IX86-14
0030  2E 6D 70 71 00 9F 8B 5D 97 C2 4F 31 D8 38 D2 99    .mpq...]..O1.8..
0040  46 31 0C E0 64 00                                  F1..d.

C>S

Code Select Expand

0000  FF 25 08 00 23 BF F5 08 FF 51 73 00 98 85 0E 06    .%..#....Qs.....
0010  01 02 0F 01 4D 17 A8 61 01 00 00 00 00 00 00 00    ....M..a........
0020  0D 00 00 00 01 00 00 00 66 DB 5A 00 00 00 00 00    ........f.Z.....
0030  02 96 15 2B 26 1D 2E 16 F1 61 C5 6A B8 2C AB 60    ...+&....a.j.,.`
0040  E1 8C 37 A2 53 74 61 72 63 72 61 66 74 2E 65 78    ..7.Starcraft.ex
0050  65 20 30 33 2F 31 34 2F 30 38 20 32 31 3A 33 35    e 03/14/08 21:35
0060  3A 32 31 20 31 32 32 30 36 30 38 00 54 68 65 20    :21 1220608.The
0070  4D 75 66 66 69 6E 20 4D 61 6E 00                   Muffin Man.

S>C

Code Select Expand


0000  FF 51 09 00 01 01 00 00 00                         .Q.......

Which part of the packet was contructed wrong?
[/code]

[brew]

The exe info field.

[Hdx]

To be more helpful then brew:
Your packet formats are correct.
However your data is off, it seems that the CheckRevision dll you are using still uses the IX86Ver#.dll function as opposed to the lockdown function.
In lockdown the 'exe info' string is actually part of a [god i cant remember, I think SHA] digest. So it wont have "Starcraft.exe ..." it will be raw data.

[John420]

Code Select Expand

Ok I believe I've fixed the ExeInfo. Heres a new packet dump. Same response.

S>C
[code]0000  FF 25 08 00 20 EA 7F 07 FF 50 3E 00 00 00 00 00    .%.. ....P>.....
0010  BE 39 28 89 D3 CE 05 00 00 14 5A DC 72 FC C6 01    .9(.......Z.r...
0020  6C 6F 63 6B 64 6F 77 6E 2D 49 58 38 36 2D 31 34    lockdown-IX86-14
0030  2E 6D 70 71 00 23 9D 75 26 EC 23 E3 64 DD 78 40    .mpq.#.u&.#.d.x@
0040  D8 54 C1 62 6B 00                                  .T.bk.

C>S
0000  FF 25 08 00 20 EA 7F 07 FF 51 5C 00 36 CE 68 07    .%.. ....Q\.6.h.
0010  01 02 0F 01 23 A8 C0 61 01 00 00 00 00 00 00 00    ....#..a........
0020  0D 00 00 00 01 00 00 00 66 DB 5A 00 00 00 00 00    ........f.Z.....
0030  BF 9C 82 2F 76 3C 1C 6E AD 5F 96 FE 93 B9 4C 69    .../v<.n._....Li
0040  8C F4 68 42 33 70 BC 38 71 E0 D4 30 ED 31 FC D8    ..hB3p.8q..0.1..
0050  C9 77 56 5C 00 54 68 65 20 4D 75 66 66 69 6E 20    .wV\.The Muffin
0060  4D 61 6E 00                                        Man.[/code]

S>C

Code Select Expand

0000  FF 51 09 00 01 01 00 00 00                         .Q.......

Thanks again in advance.

[Hdx]

Jesus christ, you do not know how to fucking post a packet log.

Code Select Expand

asdasdfasdfasdf
asdfasdfasdfasdf
Its not hard, Anyways, Poke around the forums, find a few test values for your crev. Or hell, shoot some test packets at BNLS/JBLS.
I don't have the time right now to be testing it for you. [its 1am -.-]
I've got the source to BNCSutil now, so within the next few days i'll be adding lockdown, rc4, etc.. into it.

But like I said, grab some test values from a live source [bnls/jbls] Or hell, I would suggest simply implementing in the one BNLS packet [0x1a] thats all you really need.

[UserLoser]

sending correct version code in SID_AUTH_INFO?

[John420]

I have BNLS 0x1A supported already, though I get some wierd results. Sometimes I'll receive x101 and othertimes (the majority) I'll get ipbanned. My browser fucks up the code tags when I use them, sorry.

Heres a dump using BNLS.

Code Select Expand


BNCS C>S
0000  01 FF 50 3A 00 00 00 00 00 36 38 58 49 52 41 54    ..P:.....68XIRAT
0010  53 D1 00 00 00 33 10 00 00 00 00 00 00 2C 01 00    S....3.......,..
0020  00 09 04 00 00 09 04 00 00 55 53 41 00 55 6E 69    .........USA.Uni
0030  74 65 64 20 53 74 61 74 65 73 00                   ted States.

BNCS S>C
0000  FF 25 08 00 52 0F 48 1E FF 50 3E 00 00 00 00 00    .%..R.H..P>.....
0010  CC 68 4E A0 78 B0 A4 00 00 C8 1E E1 72 FC C6 01    .hN.x.......r...
0020  6C 6F 63 6B 64 6F 77 6E 2D 49 58 38 36 2D 31 36    lockdown-IX86-16
0030  2E 6D 70 71 00 07 F8 5E 94 2A 1F B4 93 C6 4F 61    .mpq...^.*....Oa
0040  64 C4 B1 3A 0A 00                                  d..:..

BNLS C>S
0000  3D 00 1A 01 00 00 00 00 00 00 00 01 00 00 00 78    =..............x
0010  B0 A4 00 00 C8 1E E1 6C 6F 63 6B 64 6F 77 6E 2D    .......lockdown-
0020  49 58 38 36 2D 31 36 2E 6D 70 71 00 07 F8 5E 94    IX86-16.mpq...^.
0030  2A 1F B4 93 C6 4F 61 64 C4 B1 3A 0A 00             *....Oad..:..

BNLS S>C
0000  28 00 1A 01 00 00 00 00 01 0F 01 E8 5B BA AB AF    (...........[...
0010  21 54 DD 6A 34 67 67 E1 34 47 12 2C 8B 4E C6 00    !T.j4gg.4G.,.N..
0020  01 00 00 00 D1 00 00 00                            ........

BNCS C>S 
0000  FF 25 08 00 52 0F 48 1E FF 51 64 00 19 CB 98 0A    .%..R.H..Qd.....
0010  00 01 0F 01 E8 5B BA AB 01 00 00 00 00 00 00 00    .....[..........
0020  0D 00 00 00 01 00 00 00 66 DB 5A 00 00 00 00 00    ........f.Z.....
0030  A4 4B DD 3D 54 45 C7 3D 76 5E 9C AD 82 B2 B4 28    .K.=TE.=v^.....(
0040  C0 66 F8 83 AF 21 54 DD 6A 34 67 67 E1 34 47 12    .f...!T.j4gg.4G.
0050  2C 8B 4E C6 00 01 00 00 00 D1 00 00 00 54 68 65    ,.N..........The
0060  20 4D 75 66 66 69 6E 20 4D 61 6E 00                 Muffin Man.


The end result is an ip ban.

[UserLoser]

not sure if it would help but try using BNLS_CHOOSENLSREVISION before performing any sort of hashing

[Hdx]

Don't bother with that, that is only needed for the SRP part of NLS, nothing to do with checkrevision.
Give me a moment I will disect your log. [Hey hey! I'm not drunk so I can do it!]
What BNLS server are you using?
I don't know if BNLS is up for the new sc patch, try JBLS.org

[John420]

bnls.valhallalegends.com

[MyndFyre]

Which version of Visual Basic are you using?

[John420]

MS Visual Studio 6.0

[Hdx]

Code Select Expand

BNCS C>S
01 . -Protocol Byte
FF 50 3A 00 .P:. - Header
00 00 00 00 .... - Protocol ID (0)
36 38 58 49 68XI - Platform ID
52 41 54 53 RATS - Product ID
D1 00 00 00 .... - Version Byte
33 10 00 00 3... - Product language
00 00 00 00 .... - Local IP for NAT compatibility* [You should be setting this to your lan IP]
2C 01 00 00 ,... - Time zone bias*
09 04 00 00 .... - Locale ID*
09 04 00 00 .... - Language ID*
55 53 41 00 USA. - Country abreviation
55 6E 69 74 65 64 20 53 74 61 74 65 73 00 United States. - Country

BNCS S>C
FF 25 08 00 .%.. - Header
52 0F 48 1E R.H. - Ping Value

FF 50 3E 00 .P>. - Header
00 00 00 00 .... - Logon Type
CC 68 4E A0 .hN. - Server Token
78 B0 A4 00 x... - UDPValue *
00 C8 1E E1 72 FC C6 01 ....r... - MPQ filetime
6C 6F 63 6B 64 6F 77 6E 2D 49 58 38 36 2D 31 36 2E 6D 70 71 00 lockdown-IX86-16.mpq. - IX86ver filename
07 F8 5E 94 2A 1F B4 93 C6 4F 61 64 C4 B1 3A 0A 00 ..^.*....Oad..:.. - ValueString

BNLS C>S
3D 00 1A =.. - Header
01 00 00 00 .... - Product ID.*
00 00 00 00 .... - Flags.**
01 00 00 00 .... - Cookie.
78 B0 A4 00 00 C8 1E E1 x....... - Timestamp for version check archive.
[This is messed up, you're sending the UDP token, and the 1st 1/2 of the timestamp]
6C 6F 63 6B 64 6F 77 6E 2D 49 58 38 36 2D 31 36 2E 6D 70 71 00 lockdown-IX86-16.mpq. - Version check archive filename.
07 F8 5E 94 2A 1F B4 93 C6 4F 61 64 C4 B1 3A 0A 00 ..^.*....Oad..:.. - Checksum formula.

BNLS S>C
28 00 1A (.. - Header
01 00 00 00 .... - Success*
00 01 0F 01 .... - Version.
E8 5B BA AB .[.. - Checksum.
AF 21 54 DD 6A 34 67 67 E1 34 47 12 2C 8B 4E C6 00 .!T.j4gg.4G.,.N.. - Version check stat string.
01 00 00 00 .... - Cookie.
D1 00 00 00 .... - The latest version code for this product.

BNCS C>S 
FF 25 08 00 .%.. - Header
52 0F 48 1E R.H. - Ping Value

FF 51 64 00 .Qd. - Header
19 CB 98 0A .... - Client Token
00 01 0F 01 .... - EXE Version
E8 5B BA AB .[.. - EXE Hash
01 00 00 00 .... - Number of keys in this packet
00 00 00 00 .... - Using Spawn (32-bit)
   0D 00 00 00 .... - Key Length
   01 00 00 00 .... - CD key's product value
   66 DB 5A 00 f.Z. - CD key's public value
   00 00 00 00 .... - Unknown (0)
   A4 4B DD 3D .K.= - Hashed Key Data 1
   54 45 C7 3D TE.= - Hashed Key Data 2
   76 5E 9C AD v^.. - Hashed Key Data 3
   82 B2 B4 28 ...( - Hashed Key Data 4
   C0 66 F8 83 .f.. - Hashed Key Data 5
AF 21 54 DD 6A 34 67 67 E1 34 47 12 2C 8B 4E C6 00 .!T.j4gg.4G.,.N.. - Crev String [This is correct]
01 00 00 00 .... - Why the fuck is the cookie here?
D1 00 00 00 .... - Why the fuck is the Version Byte here?
54 68 65 20 4D 75 66 66 69 6E 20 4D 61 6E 00 The Muffin Man. - CDKey Owner
You fucked up parsing the Check revision String from 0x1a. So you're sending extra data in 0x51, hence the IPBan
You also messed up the mpq timestamp in 0x1a C->S

[John420]

Heres my code for parsing BNCS 0x50

And for building BNLS 0x1A

And parsing BNLS 0x1A

[Hdx]

Get a proper buffer class!!!!

Code Select Expand

Hashing.ServerToken = Stuff.GetDWORD(Mid(Data, 9, 4))
            Hashing.mpqLow = Stuff.GetDWORD(Mid(Data, 13, 4))
            Hashing.mpqHigh = Stuff.GetDWORD(Mid(Data, 17, 4))
            Select Case Settings.Product
            Case "SEXP", "PXES", "RATS", "STAR", "W2BN", "NB2W"
                Hashing.mpqName = CStr(Mid(Mid(Data, InStr(1, Data, "lockdown-IX86-"), Len(Data)), 1, 20))
                Hashing.Hash = Mid(Data, 45, Len(Data) - 2) My Eyes they burn!!!
Post your Settings.PacketBuffer

Code Select Expand


dim buf as new Buffer
with buf
  .data   = Data
  logon   = .remove(DWORD)
  stoken = .remove(DWORD)
  udp      = .remove(DWORD)
  filetime = .remove(LONG)
  archive = .remove(NTSTRING)
  seeds   = .remove(NTSTRING)
end with


Hell of a lot cleaner then yours.