Verify wc3 cd key

Strilanc · October 23, 2009, 01:29 PM

Quote from: rabbit on October 23, 2009, 08:43 AMNot really. There's a lot of it.

But basically, you don't need to disassemble anything these days. There is code out there for checking CD-Keys in Python, Java, C, C++, C#, VB.Net, JavaScript, and PHP (at least).

You're also trying to tell Camel how the private, public, and product values work. He's got significantly more experience with this stuff than you do.

Right, which is why I made a post asking for a link instead of starting a disassembler.

I was telling Camel how I believed the values work, so that the answer I got back would explain what I was missing. It worked.

Quote from: Imperceptus on October 23, 2009, 11:45 AM
Correct me if im wrong, but weren't the keys that work generated and stored, amongst those a % of them flagged to be accepted on bnet?

Apparently the installer accepts any cd key with the correct product key. Bnet requires a correct product key as well as a correct public/private key pair. When you connect the public key is used to identify your cd key while the private key is used to authenticate it.

I believe the private is not related to the public key mathematically, it is just generated randomly. Blizzard stores all the information on cd keys it has generated, so when you connect to bnet they can lookup your private key given the public key.

Imperceptus · October 23, 2009, 01:32 PM

myst,
Then how do you equate that there are cdkey generators that generate valid codes to install the game but not to bet onto battle.net? Strilanc is getting at what im trying to say.

Strilanc · October 23, 2009, 01:36 PM

Quote from: Imperceptus on October 23, 2009, 01:32 PM
myst,
Then how do you equate that there are cdkey generators that generate valid codes to install the game but not to bet onto battle.net?

Because the battle.net check is significantly stronger. Also, if the private key is randomly generated, then there is no practical way to verify a generated key will work other than connecting to bnet and trying it.

Generating an installer cd key only requires starting with a correct product id, arbitrary public/private keys, and running the encoding process backwards.

Camel · October 23, 2009, 03:46 PM

Quote from: Strilanc on October 23, 2009, 01:29 PM
I believe the private is not related to the public key mathematically, it is just generated randomly. Blizzard stores all the information on cd keys it has generated, so when you connect to bnet they can lookup your private key given the public key.

That's extremely unlikely, considering there's a huge amount of evidence that the relationship is algorithmic. I don't recall all the details exactly, but there has been a great deal of work put in to studying the relationship, and someone was able to come up with code that generated a battle.net-acceptable SC key about 5% of the time. If it was truly random, they either used a really shitty random number generator, or all the moons were just perfectly aligned.

Really, the only way to know would be to ask someone who implemented it, but you'd have to be pretty crazy to believe that they're random.

Camel · October 23, 2009, 03:58 PM

Quote from: Strilanc on October 23, 2009, 01:36 PM
Because the battle.net check is significantly stronger.

This is sort of misleading; the installer just checks that the key is decodable, and is for the product - like buying a car on ebay based on the picture looking like a car instead of a motorcycle, but without starting it up to see if it runs. When you send the 3 DWORDs to Battle.net, it checks that the private key matches the other two values according to whatever algorithm they used to generate the CD keys in the first place.

Sort of going off on a tangent here, but the private value from the cd key is never sent in plain text; it's hashed (BS1) with 32 bits of salt from the client, and 32 more from the server, to protect the key from being sniffed off the wire. It's a pretty weak security measure, since it only takes a few hours in the worst case to brute the private key (it's only a 32-bit value) with a poor implementation of BS1 and a slow computer.

MysT_DooM · October 23, 2009, 04:24 PM

What Camel said.
There is somewhat of a mathematically algorithm of some sorts that derives the private value from the prod/pub. People have wasted many hours of their lifetime looking into this.
Check out the Starcraft Key topic; should be one of the most viewed topics when you click on Statistics.
So due to the mathematically correlation for certain digits in the private value, a hash table of all product public & their given private value I don't think is likely. But who knows.

Strilanc · October 23, 2009, 05:30 PM

Quote from: Camel on October 23, 2009, 03:46 PM
Quote from: Strilanc on October 23, 2009, 01:29 PM
I believe the private is not related to the public key mathematically, it is just generated randomly. Blizzard stores all the information on cd keys it has generated, so when you connect to bnet they can lookup your private key given the public key.
That's extremely unlikely, considering there's a huge amount of evidence that the relationship is algorithmic. I don't recall all the details exactly, but there has been a great deal of work put in to studying the relationship, and someone was able to come up with code that generated a battle.net-acceptable SC key about 5% of the time. If it was truly random, they either used a really shitty random number generator, or all the moons were just perfectly aligned.

Really, the only way to know would be to ask someone who implemented it, but you'd have to be pretty crazy to believe that they're random.

I was speaking specifically about the warcraft 3 cd keys. I've never done anything with starcraft keys. They may have switched strategies, but I can't speak about it with any confidence. Obviously I agree if you can generate a valid wc3 key a twentieth of the time then the private key isn't random, since if it was random your success rate would be more like one out of a trillion trillions.

Quote from: Camel on October 23, 2009, 03:58 PM
Quote from: Strilanc on October 23, 2009, 01:36 PM
Because the battle.net check is significantly stronger.
This is sort of misleading; the installer just checks that the key is decodable, and is for the product - like buying a car on ebay based on the picture looking like a car instead of a motorcycle, but without starting it up to see if it runs. When you send the 3 DWORDs to Battle.net, it checks that the private key matches the other two values according to whatever algorithm they used to generate the CD keys in the first place.

Sort of going off on a tangent here, but the private value from the cd key is never sent in plain text; it's hashed (BS1) with 32 bits of salt from the client, and 32 more from the server, to protect the key from being sniffed off the wire. It's a pretty weak security measure, since it only takes a few hours in the worst case to brute the private key (it's only a 32-bit value) with a poor implementation of BS1 and a slow computer.

Right. I'm aware of all that. Actually, I once wrote something so you could "lend" your keys to someone. Because the login process doesn't reveal the private key, you can just answer the login challenges for them. The key is "returned" once they log off.