CDKey Location

PunK · August 19, 2008, 03:31 PM

I couldn't really find a more appropriate place to put this topic. But anyways, does anyone know where the CDKey for warcraft III is stored? I searched regedit and no luck.

Barabajagal · August 19, 2008, 04:53 PM

None of the keys are stored in the registry. They're stored in the MPQs. For Warcraft 3, it's in War3.mpq. I never bothered to find out exactly where, though.

PunK · August 19, 2008, 07:59 PM

Yeah I read up about it. But uh... How would I read it?

MyndFyre · August 20, 2008, 11:01 AM

Quote from: PunK on August 19, 2008, 07:59 PM
Yeah I read up about it. But uh... How would I read it?

Well, you'd need to be able to read a file from the MPQ....

PunK · August 20, 2008, 11:10 AM

I got an MPQ extractor. It extractor somewhere from 10,000 files. I wrote a quicky that checked multiple file contents. No luck =[

iago · August 20, 2008, 01:02 PM

It's encrypted, too.

Best thing is to load the game, connect to Battle.net, and search memory. Of course, you kind of have to know where to look..

brew · August 20, 2008, 01:02 PM

Quote from: PunK on August 20, 2008, 11:10 AM
I got an MPQ extractor. It extractor somewhere from 10,000 files. I wrote a quicky that checked multiple file contents. No luck =[

Yeah, i tried that too, except for starcraft. No luck, it must be encrypted or something. Reversing is the only way to find out for sure...
Dunno if this'll help you, but the second param to storm!SNetInitializeProvider is the address of the struct passed through to the main SNP initialization function at 19014310h (note: not DllMain) which contains a bunch of goodies, namely

Code Select


typedef struct _snpstruct {
    int structlen; //0x3C
    char *gamename;
    char *verstring;
    int gamecode;
    int verbyte;
    int unk00; //value 0
    int unk01; //value 8
    int unk02; //value 0
    int unk03; //value 0
    int unk04; //value 0
    int unk05; //value 0xFF
    char *cdkey; //01D50088h
    char *cdkeyowner;
    int unk06; //value 0
    int langid; //value 1033
} SNPSTRUCT, *LPSNPSTRUCT;

Hope this helps!

PunK · August 20, 2008, 06:45 PM

Thanks brew. Looks like I have a project at hand...

brew · August 20, 2008, 09:00 PM

Good luck!

aton · September 01, 2008, 09:09 AM

easiest way to find out would be to use some tools from sysinternals or ollydbg and check out what the cd-key changer does

(both links on your own risk, i just googled them in a few seconds)

greetings

brew · September 01, 2008, 01:51 PM

That one is specificially for Starcraft products, when he mentioned he needed the location of the Warcraft 3 CDKey. I checked it out a while ago in IDA- it looks like it's an official Blizzard installer which cuts off on writing the CDKey files in the game's main MoPaQ.
On another note, it seems nobody took a decent stab at the CDKey encryption but me. I spent a few hours dabbling around on the Starcraft implementation, but I got bored and realized there's no need to reverse this.
Pretty much, the decryption fills a 20 byte buffer with random bytes and does some nice crypto stuff involving SHA1 (not sure if it's standard, probably not though) and two other easy bit twiddler functions which somehow decrypt two 0x48 sized blocks whos addresses are stored in 0051CE60 0051CE68, the cdkey and cdkey owner, respectively.
481B90 is the function you want to really look at. I'm pretty sure (but not positive) that all of blizzard's other products are close if not the same, since it's secure through obscurity, mostly due to the lack of interest among developers.
I'm suprised nobody ever cared enough to look at it within the 10 years of Starcraft being around- it'll make for an interesting project :-P

CDKey Location

Barabajagal