PvPGN Login Sequence

Ozzapoo · January 31, 2009, 06:48 PM

Hi. What's different with the PvPGN login sequence (and its packets), as opposed to the Battle.Net one? The password never seems to work and I can't find any documentation or anything.

Hdx · January 31, 2009, 06:56 PM

the login sequance should be the same. IIRC it simply hashes the passwords incorrectly, you'd have to look at its source to figure out exactly whats wrong.

Ozzapoo · January 31, 2009, 08:32 PM

If PvPGN hashes passwords incorrectly then wouldn't it have been fixed a long time ago?

Hdx · January 31, 2009, 08:34 PM

Nope thats why PVPGN sucks

Ozzapoo · January 31, 2009, 08:53 PM

Well isn't there any online source that details whats wrong with the hashing? Or did everyone who ever made a bot for PvPGN look at the source themselves =/?

Sixen · January 31, 2009, 08:59 PM

Just look at a PvPGN Bot's source code then.

Ozzapoo · January 31, 2009, 09:02 PM

I'm trying but I can't seem to find where it actually hashes the password >.<

I'm not all that good on C.

EDIT: I think I've pinpointed the calculate hash functions in both PvPGN and MBNCSUtil....But now I'm lost.

PvPGN:

Code Select


extern t_uint32 bn_int_get(bn_int const src)
{
    t_uint32 temp;
    
    if (!src)
    {
 eventlog(eventlog_level_error,__FUNCTION__,"got NULL src");
        return 0;
    }
    
    temp =  ((t_uint32)src[0])    ;
    temp |= ((t_uint32)src[1])<< 8;
    temp |= ((t_uint32)src[2])<<16;
    temp |= ((t_uint32)src[3])<<24;
    return temp;
}

The code that executes this (PvPGN):

Code Select


extern void bnhash_to_hash(bn_int const * bnhash, t_hash * hash)
{
    unsigned int i;
    
    if (!bnhash)
    {
 eventlog(eventlog_level_error,__FUNCTION__,"got NULL bnhash");
        return;
    }
    if (!hash)
    {
 eventlog(eventlog_level_error,__FUNCTION__,"got NULL hash");
        return;
    }
    
    for (i=0; i<5; i++)
        (*hash)[i] = bn_int_get(bnhash[i]);
}

MBNCSUtil:

Code Select


        private void calculateHash(uint clientToken, uint serverToken)
        {
            if (!valid)
                throw new InvalidOperationException(Resources.invalidCdKeyHashed);


            MemoryStream ms = new MemoryStream(26);
            BinaryWriter bw = new BinaryWriter(ms);
            bw.Write(clientToken);
            bw.Write(serverToken);


            switch (key.Length)
            {
                case 13:
                case 16:
                    bw.Write(product);
                    bw.Write(val1);
                    bw.Write((int)0);
                    bw.Write(val2);
                    bw.Write((short)0);


                    hash = XSha1.CalculateHash(ms.GetBuffer());
                    break;
                case 26:
                    bw.Write(product);
                    bw.Write(val1);
                    bw.Write(val2);
                    byte[] buffer = ms.GetBuffer();
                    SHA1 sha = new SHA1Managed();
                    hash = sha.ComputeHash(buffer);
                    break;
                default:
                    break;
            }
            ms.Close();
        }

I don't see how these two piece of code have got ANYTHING to do with eachother...=/ Can anyone explain it to me?

Ringo · February 01, 2009, 12:41 AM

iirc, PvPGN server compares password hash, by useing the client token used in 0x51.
So, if you use a differnt client token for password hashing than you did for cdkey hashing, it fails.
I think, the reall client's use the same client token through out the whole connection, and only change it when you change password (or somthing like that)

xpeh · February 01, 2009, 03:03 AM

Quote from: Hdx on January 31, 2009, 08:34 PM
Nope thats why PVPGN sucks

It sucks, but not so.
Relax dude, it works.

Ozzapoo · February 01, 2009, 03:11 AM

Oh no. I was looking at the completely wrong thing >.< It was PASSWORD hashes >.<

The password hash is sent in SID_AUTH_ACCOUNTLOGONPROOF (0x54), right?

xpeh · February 01, 2009, 03:17 AM

What about using sniffer?