• Welcome to Valhalla Legends Archive.
 

UDP support for StarCraft

Started by Antarctica, June 30, 2008, 04:27 PM

Previous topic - Next topic

Antarctica

I want to try to add UDP support for a program that routes the Starcraft's connection through a vb6 program.  How do I use the UDP protocol for this?  I have no idea how to use the Bind command.  Please help.

Here's what i have for the two bind commands (sckMainUDP will connect to starcraft, sckBNETUDP will connect to Bnet)

sckMainUDP.Bind "6112", "127.0.0.1"
sckBNETUDP.Bind

brew

UDP support? Connection? UDP is a stateless protocol. Perhaps you mean to use TCP.
It would help to know what you're trying to accomplish. Something on the order of capturing the UDP packets starcraft sends/receives during a game?
<3 Zorm
Quote[01:08:05 AM] <@Zorm> haha, me get pussy? don't kid yourself quik
Scio te esse, sed quid sumne? :P

Antarctica

Yeah i just want to run my Starcraft's connection through a vb6 app to sniff the packets and maybe inject some.  However, TCP doesn't seem to be enough, because with out it, SC wants to say "You do not have UDP support" and therefore I can't play any games.

MyndFyre

You'll need to hook Windows API calls within the Starcraft.exe process or inject yourself as a driver on the networking stack.  I'm pretty sure you can't just man-in-the-middle it here.
QuoteEvery generation of humans believed it had all the answers it needed, except for a few mysteries they assumed would be solved at any moment. And they all believed their ancestors were simplistic and deluded. What are the odds that you are the first generation of humans who will understand reality?

After 3 years, it's on the horizon.  The new JinxBot, and BN#, the managed Battle.net Client library.

Quote from: chyea on January 16, 2009, 05:05 PM
You've just located global warming.

Antarctica

And how would I hook Windows API calls within the Starcraft.exe process?

Kp

The same way you hook Windows API calls in any process.  Rewrite the caller's IAT, detour the API, or put a detour in the caller (listed in order of easiest to hardest).

If you just want to see the traffic, get a network analyzer like tcpdump or Wireshark.  Those will let you monitor the traffic without needing to manipulate the SC process in any way.  However, they're read-only, so you can't use them to inject any new traffic.

On the other hand, the SC UDP protocol has a primitive integrity check built in, so hooking the send call won't let you inject traffic into a game without fixing up the integrity checksum.  The other side will reject the packet because of the checksum mismatch, and the injected packet will be discarded.
[19:20:23] (BotNet) <[vL]Kp> Any idiot can make a bot with CSB, and many do!

Camel

Quote from: MyndFyre[vL] on June 30, 2008, 06:36 PM
I'm pretty sure you can't just man-in-the-middle it here.

Depends what UDP traffic you're trying to MITM; should be pretty easy to do it against the simple UDP ping, but actually performing this attack on game traffic would be pretty hard, since you'd have to intercept the game lsit packet and rewrite the ip address. Then, you'd have to make sure you're forwarding the UDP traffic to the right place.

Even if you accomplish that, what Kp said still holds true.

Antarctica

I was just looking for a way to, when creating a game, do /whereis <username> for every user that joins.  Then, if the return is that the user is in any other place than the game I created, have the player automatically banned.  How hard would that be?  ???

Dale

Quote from: Antarctica on July 01, 2008, 04:40 PM
I was just looking for a way to, when creating a game, do /whereis <username> for every user that joins.  Then, if the return is that the user is in any other place than the game I created, have the player automatically banned.  How hard would that be?  ???

You wouldn't necessarily have to intercept packets for that.

Kp

As Dale notes, you don't need to mess with the UDP stream for that.  As such, it's pretty easy, albeit not completely accurate.  Last I looked, the name advertised when joining didn't have the #number suffix that gets applied to clones, so you might end up banning legitimate players if they happen to join while cloned.

Hook in around the spot where SC sends the /astat command to query the new player's statistics.  Replace it with the /whereis or add your own, as appropriate.  Replacing is safer, since adding it doubles your transmissions and could more easily flood you off.  Save a record that this player is in a provisional state, and check those records when you get /whereis responses.  The only hard part is automatically banning the player on failure.  If you're willing to just display a note to the user that he ought to ban that player, then it's trivially easy.
[19:20:23] (BotNet) <[vL]Kp> Any idiot can make a bot with CSB, and many do!

iago

Quote from: Antarctica on July 01, 2008, 04:40 PM
How hard would that be?  ???
It would be fairly easy, for somebody who's experienced with that kind of thing.

It would be fairly difficult (steep learning curve) for anybody who isn't.
This'll make an interesting test for broken AV:
QuoteX5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*


Camel

Quote from: Kp on July 01, 2008, 10:06 PM
As Dale notes, you don't need to mess with the UDP stream for that.  As such, it's pretty easy, albeit not completely accurate.  Last I looked, the name advertised when joining didn't have the #number suffix that gets applied to clones, so you might end up banning legitimate players if they happen to join while cloned.

Hook in around the spot where SC sends the /astat command to query the new player's statistics.  Replace it with the /whereis or add your own, as appropriate.  Replacing is safer, since adding it doubles your transmissions and could more easily flood you off.  Save a record that this player is in a provisional state, and check those records when you get /whereis responses.  The only hard part is automatically banning the player on failure.  If you're willing to just display a note to the user that he ought to ban that player, then it's trivially easy.

/whois is exactly the same as /whereis, and is the same length as /astat


Be careful though, you're risking a warden failure when you do stuff like this. It seems unlikely that they'd be checking whether you're overwriting the /astat command, though :P

Kp

He seemed very focused on using /whereis, so I didn't want to confuse the issue by switching to a more appropriate command.

Even if Warden doesn't object to changing the text of the /astat, there's still the issue that he needs to be hooked into the returning data stream to parse the server responses.  That almost guarantees a Warden failure.  He never specifically said he wanted this to work on official BNCSs, though.
[19:20:23] (BotNet) <[vL]Kp> Any idiot can make a bot with CSB, and many do!

brew

As you may recall, the focus of most hacks, and consequentially warden, is within the module starcraft.exe. There is no reason modifying the Storm Network Provider at any time should be *unsafe* in terms of turning up a false positive for hacks. Although unlikely, Blizzard still can change easily change all of this with one warden request address update.
<3 Zorm
Quote[01:08:05 AM] <@Zorm> haha, me get pussy? don't kid yourself quik
Scio te esse, sed quid sumne? :P

UserLoser

Quote from: Antarctica on June 30, 2008, 04:27 PM
I want to try to add UDP support for a program that routes the Starcraft's connection through a vb6 program.  How do I use the UDP protocol for this?  I have no idea how to use the Bind command.  Please help.

Here's what i have for the two bind commands (sckMainUDP will connect to starcraft, sckBNETUDP will connect to Bnet)

sckMainUDP.Bind "6112", "127.0.0.1"
sckBNETUDP.Bind


lol.  try setting the address to the b.net server and dont use a port already in use