Other clients' wardens?

iago · April 03, 2008, 04:24 PM

As you all know, I did a bunch of work and sorted out how Starcraft handles Warden.

However, I'd like to update my wiki a bit, and talk about how other clients handle Warden. I'm totally out of touch with "the scene" these days, so I was hoping somebody could tell me:
- Which games do/don't use Warden?
- Do they all use the same encryption (RC4, I'm told)?
- Where do they get the key from? (Starcraft, for example, generates it from the first 4 digits of the CDKey -- are other clients similar? The function seemed generic and could handle any size inputs)
- What's the structure of Warden's 0x02 packet (request and response)? I realize somebody posted it in the other thread, but I figure that it's been cleaned up since then, and I'd like to get the newest possible info

Thanks! And keep in mind that anything you tell me will become public information. But really, why not share details without implementation? I've done a lot of work on Battle.net stuff that I've given away, and I hope others appreciate it enough to contribute as well.

Ringo · April 03, 2008, 05:08 PM

IIRC, D2/W3/WoW has it over the game servers.
I have never got into WoW or W3, so not sure what value seeds the encryption. (probly some connetion data)
D2 is seeded with the game hash (see here, listed as D2GS Hash) which gets copyed over from d2 realm S>C 0x04 (join game responce)
Your welcome to use the stuff i PMed you about d2 0x02 if you like, if any of its any use.
Stuff like the warden SHA1 of the MPQ files (from patch_d2.mpq mostly)

iago · April 03, 2008, 05:29 PM

All right, so the hash is a 4-byte value sent, per that link. Is it used the same way as the first 4 bytes of Starcraft's CDKey hash (first two bytes are used to generate one key, and next two for the other), or is that done differently?

Ringo · April 03, 2008, 05:42 PM

ye, exacly the same as SC/BW, just differnt value seeds the random data, which seeds the RC4 keys.
The game hash's source comes from:
http://ersan.us/src/bnetdocs/content0722.html?Section=m&Code=364
Then gets send to the game server in the logon via 0x68

Insolence · April 05, 2008, 05:40 PM

Quote from: Ringo on April 03, 2008, 05:08 PMStuff like the warden SHA1 of the MPQ files (from patch_d2.mpq mostly)

I'm confused--what does that have to do with anything? Could you be a bit more detailed?

Ringo · April 06, 2008, 05:08 AM

Quote from: Insolence on April 05, 2008, 05:40 PM
Quote from: Ringo on April 03, 2008, 05:08 PMStuff like the warden SHA1 of the MPQ files (from patch_d2.mpq mostly)
I'm confused--what does that have to do with anything? Could you be a bit more detailed?

Some of the warden requests in d2, require you to extract files from the mpqs and return a SHA1 hash of them.

For example, some of the files currently checked are:

Code Select


data\global\excel\charstats.txt
data\global\excel\charstats.bin
data\global\AnimData.D2

And for example, charstats.bin would hash to:

Code Select


34 69 78 63 07 9E 9C 62 46 4A 20 DB 06 C4 12 7C AF 9B 60 07

IIRC, these files are extracted from patch_d2.mpq.

UserLoser · April 06, 2008, 11:18 PM

what relevance do those have to hacks? are those files that someone in theory could modify to have better stats or something?

Tazo · April 07, 2008, 11:50 AM

Quote from: UserLoser on April 06, 2008, 11:18 PM
what relevance do those have to hacks? are those files that someone in theory could modify to have better stats or something?

Yep, you can change your cast rate/attack speed and change the way things are displayed client-side, giving you an advantage.

UserLoser · April 07, 2008, 01:37 PM

Quote from: Tazo on April 07, 2008, 11:50 AM
Quote from: UserLoser on April 06, 2008, 11:18 PM
what relevance do those have to hacks? are those files that someone in theory could modify to have better stats or something?
Yep, you can change your cast rate/attack speed and change the way things are displayed client-side, giving you an advantage.

how does that give you an advantage if it's just client side?

warz · April 07, 2008, 01:41 PM

maybe like... removing certain spell animations that clutter the screen and cause possible client-side lag?

Barabajagal · April 07, 2008, 04:15 PM

Sorta like the old d1 "Fast attack" hack?

Warrior · April 07, 2008, 06:02 PM

Quote from: Andy on April 07, 2008, 04:15 PM
Sorta like the old d1 "Fast attack" hack?

yea sorta. I think they had "fast" in common.

Tazo · April 07, 2008, 09:34 PM

Quote from: UserLoser on April 07, 2008, 01:37 PM
Quote from: Tazo on April 07, 2008, 11:50 AM
Quote from: UserLoser on April 06, 2008, 11:18 PM
what relevance do those have to hacks? are those files that someone in theory could modify to have better stats or something?
Yep, you can change your cast rate/attack speed and change the way things are displayed client-side, giving you an advantage.

how does that give you an advantage if it's just client side?

The cast rate/attack speed is not a client-side change

D2 left it up to the client to determine FCR/attack speed, less load on the server I guess.

The animation changes can benefit you greatly in PvP, I'd imagine. I've never messed with it myself but from the looks of it, PvP is much easier when people are little black blocks and their attacks are simple animations that don't cloud the screen

Joe[x86] · April 12, 2008, 06:18 AM

If I wanted to force an animation to not show up, I'd probably hook DirectX, not change files.

iago · April 12, 2008, 09:34 AM

Quote from: Joex86] link=topic=17424.msg177586#msg177586 date=1207999115]
If I wanted to force an animation to not show up, I'd probably hook DirectX, not change files.

Changing the files takes absolutely no skill, though, it's just a matter of finding the proper one with an MPQ-editor and changing it. Way easier, faster, and basically brainless.

Hooking DirectX barely makes sense. You'd have to use some kind of AI algorithm to detect when a certain animation was happening and find a way to change it.

Other clients' wardens?

UserLoser

UserLoser

warz

Barabajagal