• Welcome to Valhalla Legends Archive.
 

CDKey Location

Started by PunK, August 19, 2008, 03:31 PM

Previous topic - Next topic

PunK

I couldn't really find a more appropriate place to put this topic. But anyways, does anyone know where the CDKey for warcraft III is stored? I searched regedit and no luck.

Barabajagal

None of the keys are stored in the registry. They're stored in the MPQs. For Warcraft 3, it's in War3.mpq. I never bothered to find out exactly where, though.

PunK

Yeah I read up about it. But uh... How would I read it?

MyndFyre

Quote from: PunK on August 19, 2008, 07:59 PM
Yeah I read up about it. But uh... How would I read it?

Well, you'd need to be able to read a file from the MPQ....
QuoteEvery generation of humans believed it had all the answers it needed, except for a few mysteries they assumed would be solved at any moment. And they all believed their ancestors were simplistic and deluded. What are the odds that you are the first generation of humans who will understand reality?

After 3 years, it's on the horizon.  The new JinxBot, and BN#, the managed Battle.net Client library.

Quote from: chyea on January 16, 2009, 05:05 PM
You've just located global warming.

PunK

I got an MPQ extractor. It extractor somewhere from 10,000 files. I wrote a quicky that checked multiple file contents. No luck =[

iago

It's encrypted, too.

Best thing is to load the game, connect to Battle.net, and search memory. Of course, you kind of have to know where to look.. :)
This'll make an interesting test for broken AV:
QuoteX5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*


brew

Quote from: PunK on August 20, 2008, 11:10 AM
I got an MPQ extractor. It extractor somewhere from 10,000 files. I wrote a quicky that checked multiple file contents. No luck =[
Yeah, i tried that too, except for starcraft. No luck, it must be encrypted or something. Reversing is the only way to find out for sure...
Dunno if this'll help you, but the second param to storm!SNetInitializeProvider is the address of the struct passed through to the main SNP initialization function at 19014310h (note: not DllMain) which contains a bunch of goodies, namely

typedef struct _snpstruct {
    int structlen; //0x3C
    char *gamename;
    char *verstring;
    int gamecode;
    int verbyte;
    int unk00; //value 0
    int unk01; //value 8
    int unk02; //value 0
    int unk03; //value 0
    int unk04; //value 0
    int unk05; //value 0xFF
    char *cdkey; //01D50088h
    char *cdkeyowner;
    int unk06; //value 0
    int langid; //value 1033
} SNPSTRUCT, *LPSNPSTRUCT;

Hope this helps!
<3 Zorm
Quote[01:08:05 AM] <@Zorm> haha, me get pussy? don't kid yourself quik
Scio te esse, sed quid sumne? :P

PunK

Thanks brew. Looks like I have a project at hand...

brew

#8
Good luck!
<3 Zorm
Quote[01:08:05 AM] <@Zorm> haha, me get pussy? don't kid yourself quik
Scio te esse, sed quid sumne? :P

aton

easiest way to find out would be to use some tools from sysinternals or ollydbg and check out what the cd-key changer does

(both links on your own risk, i just googled them in a few seconds)

greetings

brew

That one is specificially for Starcraft products, when he mentioned he needed the location of the Warcraft 3 CDKey. I checked it out a while ago in IDA- it looks like it's an official Blizzard installer which cuts off on writing the CDKey files in the game's main MoPaQ.
On another note, it seems nobody took a decent stab at the CDKey encryption but me. I spent a few hours dabbling around on the Starcraft implementation, but I got bored and realized there's no need to reverse this.
Pretty much, the decryption fills a 20 byte buffer with random bytes and does some nice crypto stuff involving SHA1 (not sure if it's standard, probably not though) and two other easy bit twiddler functions which somehow decrypt two 0x48 sized blocks whos addresses are stored in 0051CE60 0051CE68, the cdkey and cdkey owner, respectively.
481B90 is the function you want to really look at. I'm pretty sure (but not positive) that all of blizzard's other products are close if not the same, since it's secure through obscurity, mostly due to the lack of interest among developers.
I'm suprised nobody ever cared enough to look at it within the 10 years of Starcraft being around- it'll make for an interesting project :-P
<3 Zorm
Quote[01:08:05 AM] <@Zorm> haha, me get pussy? don't kid yourself quik
Scio te esse, sed quid sumne? :P