[BNCS] SID_AUTH_CHECK [0x51]

mime · November 18, 2009, 10:55 AM

Hello, I have some questions about data of SID_AUTH_CHECK packet.

This packet have next arguments:


(DWORD)   Client Token
(DWORD)   EXE Version
(DWORD)   EXE Hash
(DWORD)   Number of keys in this packet
(BOOLEAN)  Using Spawn (32-bit)

How to learn this arguments?

How I understand, what ClientToke this simple random number?

And EXE Version the string of a format: "Diablo II 11/18/09 00:00:00 36864" ?

And how then to learn EXE Hash (simple way

).

And last question..., if I use the my bot for not official servers where there is no need in CD-keys what to specify in arguments "CD key" ?

Thanks.

Imperceptus · November 18, 2009, 11:57 AM

Are you familiar with how to use a packet capture utitlity? I would suggest Ethereal/Wireshark. Capture a session of you using one of the real clients then piece together what you need from there.

Exe hashing, Search the forums... Its gotta be here somewhere.

MyndFyre · November 18, 2009, 02:01 PM

I suggest using the search term CheckRevision. That's what goes into this packet.

Hdx · November 18, 2009, 02:03 PM

The Client Token is a random number generated by your client, it is used to further randomize the encryption used on Battle.net, In short, Pick a random number, and use it for the eintire connection wherever 'Client Token' is referanced.

Exe Version is actually a DWORD, hence why it's labeled (DWORD). This is retreived from the Exe, EXA if the file's version was 1.1.1 the DWORD would be: 0x01010001 (roughly)

The EXE Hash is calculated by running the 'CheckRevision' function that is in the DLL inside the MPQ that is sen't to you by battle.net in 0x50. But luckally people have reverse engineered that function so you don't have to! There are a few libraries out there that you can use to do this function: BNCSutil.dll, My Warden.dll, BNHash.dll etc...

The simplest way to get these values, is to use BNLS, BNLS will send you all of that information in S->C BNLS_VERSIONCHECKEX2 which you request with C-> BNLS_VERSIONCHECKEX2.

So basically, send BNLS everything you get in 0x50 and it will send you everything you need to send in 0x51

As for unofficial servers that 'dont need a cdkey' they still do, it just doesn't have to be a unbanned/real key. It just needs to decode properly.

mime · November 19, 2009, 09:27 AM

Hdx, MyndFyre, Imperceptus, thanks for your answers.

I received a version byte, version hash and statstring with BNLS. (S->C BNLS_VERSIONCHECKEX2).

I build and send SID_AUTH_CHECK packet, But I have problem in next packets

S -> C SID_AUTH_CHECK return: 0(success) , But SID_LOGONRESPONSE2 return 2 (ivalid password).

I dont know what the problem

Thanks.

My code:

Code Select

out.writeByte(0x01);
 out.flush();

 
 BNCSPacket packet = new BNCSPacket(PacketIDs.SID_AUTH_INFO);
 packet.addDWord(0);
 packet.addDWord(PlatformIDs.PLATFORM_IX86);
 packet.addDWord(ProductIDs.D2XP);
 packet.addDWord(BNLSCheckRevision.getVersionByte());
 packet.addDWord(0);
 packet.addDWord(0);
 packet.addDWord(0);
 packet.addDWord(0);
 packet.addDWord(0);
 packet.addNTString(Locale.getDefault().getISO3Country());
 packet.addNTString(Locale.getDefault().getDisplayCountry());
 out.write(packet.getBytes());
 out.flush();


 BNetInputStream receive = parse(in);
 System.out.println("Ping:" + receive.readDWord());

 receive = parse(in);
 int logonType = receive.readWord();
 int serverToken = receive.readDWord();
 int udpValue = receive.readDWord();
 long mpqFileTime = receive.readQWord();
 String mpqFileName = receive.readNTString();
 byte[] formula = receive.readNTBytes();

 CheckRevisionResults revRes = BNLSCheckRevision.checkRevision(
  (byte) 0x05, mpqFileName, mpqFileTime, formula);

 int clientToken = Math.abs(new Random().nextInt());

 BNCSPacket p = new BNCSPacket(PacketIDs.SID_AUTH_CHECK);
 p.addDWord(clientToken);
 p.addDWord(revRes.getVerhash());
 p.addDWord(revRes.getChecksum());
 p.addDWord(0);
 p.addNtByteArray(revRes.getStatstring());
 p.addDWord(0);
 out.write(p.getBytes());
 out.flush();

 receive = parse(in);
 System.out.println("SID_AUTH_CHECK result code: 0x" + Integer.toHexString(receive.readDWord()));
 System.out.println(receive.readNTString());

 BNCSPacket lp = new BNCSPacket(PacketIDs.SID_LOGONRESPONSE2);
 lp.addDWord(clientToken);
 lp.addDWord(serverToken);
 int[] myPass = DoubleHash.doubleHash(password, clientToken,
  serverToken);
 for(int i = 0; i < 5; i++) {
            lp.addDWord(myPass[i]);
 }
 lp.addNTString(name);
 out.write(lp.getBytes());
 out.flush();

 receive = parse(in);
 System.out.println("SID_LOGONRESPONSE2 result code: 0x" + Integer.toHexString(receive.readDWord()));

Hdx · November 19, 2009, 09:33 AM

You're not always garenteeded to get SID_PING before you get SID_AUTH_INFO
You should split your incoming packets and handel them based on ID.
What exactly is parse()?
And have you tried comparing the values you get for Client/Server tokens with a packetlog of the connection?

rabbit · November 19, 2009, 09:36 AM

That's great. Thank you for posting the code you use to send SID_LOGONRESPONSE2 so we can help you.

O wait, you didn't.

Your problem is probably that you aren't hashing the password, or if you are, you're probably not double-hashing it like you need to be. Or if you are double-hashing it, you're probably not using the same client token you used earlier. I can say this with confidence because you have no idea how to use the language you are, let alone anything about the protocol.

mime · November 19, 2009, 11:41 AM

Quote from: rabbit on November 19, 2009, 09:36 AM
That's great. Thank you for posting the code you use to send SID_LOGONRESPONSE2 so we can help you.

O wait, you didn't.

Your problem is probably that you aren't hashing the password, or if you are, you're probably not double-hashing it like you need to be. Or if you are double-hashing it, you're probably not using the same client token you used earlier. I can say this with confidence because you have no idea how to use the language you are, let alone anything about the protocol.

You evil

I'm really newbie in bnet protocol and java network programming. Yes, I found javaop and bnutbot sources and get there classes, But all rights saved.
I simply wished to write very simple bot what to check up myself here.

As I understand, my password, not hashed? And to use DoubleHash it is not correct?

2 Hdx:
SID_PING get before SID_ATH_INFO. So showing programlog....

Program log:

Code Select

Send game protocol byte.
Send SID_AUTH_INFO packet... 
ProductID: 5
Version Byte: 11
Receive packet: 0x25
Ping:40379269
Receive packet: 0x50
Logon Type:0
Server token:1992884224
UdpValue:79238906
MPQ File Time: -2217295427437330432
MPQ File Name: �IX86ver1.mpq
Formula: [B@a20892
Start check revision
verhash: 0
checksum: 0
statstring: [B@1e0bc08
Generate clientToken... 
 ClientToken:1992642644

Send SID_AUTH_CHECK packet... 
Receive packet: 0x51
SID_AUTH_CHECK result code:0

Send SID_LOGONRESPONSE2 packet... 
Receive packet: 0x3a
SID_LOGONRESPONSE2 result code:2

Mystical · November 19, 2009, 01:54 PM

Code Select


 int[] myPass = DoubleHash.doubleHash(password, clientToken, serverToken);

quick glance looks like he double hashed to me

rabbit · November 19, 2009, 03:04 PM

Quote from: mime on November 19, 2009, 11:41 AM
Quote from: rabbit on November 19, 2009, 09:36 AM
That's great. Thank you for posting the code you use to send SID_LOGONRESPONSE2 so we can help you.

O wait, you didn't.

Your problem is probably that you aren't hashing the password, or if you are, you're probably not double-hashing it like you need to be. Or if you are double-hashing it, you're probably not using the same client token you used earlier. I can say this with confidence because you have no idea how to use the language you are, let alone anything about the protocol.

You evil
I'm really newbie in bnet protocol and java network programming. Yes, I found javaop and bnutbot sources and get there classes, But all rights saved.
I simply wished to write very simple bot what to check up myself here.

As I understand, my password, not hashed? And to use DoubleHash it is not correct?

2 Hdx:
SID_PING get before SID_ATH_INFO. So showing programlog....

Program log:
Code Select Expand
Send game protocol byte. Send SID_AUTH_INFO packet... ProductID: 5 Version Byte: 11 Receive packet: 0x25 Ping:40379269 Receive packet: 0x50 Logon Type:0 Server token:1992884224 UdpValue:79238906 MPQ File Time: -2217295427437330432 MPQ File Name: �IX86ver1.mpq Formula: [B@a20892 Start check revision verhash: 0 checksum: 0 statstring: [B@1e0bc08 Generate clientToken... ClientToken:1992642644 Send SID_AUTH_CHECK packet... Receive packet: 0x51 SID_AUTH_CHECK result code:0 Send SID_LOGONRESPONSE2 packet... Receive packet: 0x3a SID_LOGONRESPONSE2 result code:2

I'm not evil, just blunt. Anyway, you're not extracting the MPQ archive name properly. That will cause problems.

[edit]
Now that I've looked over your code, I have a question: did you just copy the send routines to post, or is that how your actual code is? If that's what the actual code is, you're not actually parsing response, you're just blindly sending packets.

Hdx · November 19, 2009, 03:11 PM

Post a Proper PacketLog
And Post your entire code, we have things like pastebin for a reason.

mime · November 19, 2009, 04:24 PM

Quote
Now that I've looked over your code, I have a question: did you just copy the send routines to post, or is that how your actual code is? If that's what the actual code is, you're not actually parsing response, you're just blindly sending packets.

It not an actual code, it simply preparations what to check up working capacity of the found source codes.
Maybe blindly sending... I followed this instruction http://www.bnetdocs.org/?op=doc&did=10

I badly understand as it works. Probably I dont have enough knowledge for bot writing. I will probably forget about it.

Thanks for spent time.

rabbit · November 19, 2009, 04:41 PM

That's not right. Don't give up because I was being rude (which I admit I was). What you need to do is read through whatever code you've got. Try to understand what's going on. And I just want to make sure you know that it is possible to learn a language the way you're doing it, but you need to do more reading before asking these kinds of questions. And in case you don't believe me: the first project I did in VB6 was a binary bot, and the same for VB.Net (which, admittedly was easier because I already knew VB6 very well).

mime · November 19, 2009, 05:40 PM

Quote from: rabbit on November 19, 2009, 04:41 PM
That's not right. Don't give up because I was being rude (which I admit I was). What you need to do is read through whatever code you've got. Try to understand what's going on. And I just want to make sure you know that it is possible to learn a language the way you're doing it, but you need to do more reading before asking these kinds of questions. And in case you don't believe me: the first project I did in VB6 was a binary bot, and the same for VB.Net (which, admittedly was easier because I already knew VB6 very well).

Thanks for support!

I understand a few structure of a bot (and a few source codes) But badly I understand binary network and packet sending/capture programms (wirechark, wpe etc... ) and bitwise operations...

You an experienced, tell that I should know to fully understand bot work and bnet protocol.

Thanks.

Imperceptus · November 19, 2009, 05:57 PM

my two cents man. Dont think that knowing how to program in vb6 makes you a competent programmer. I use to think that... oy was I in for a shock. vb.net is alot better if you take advantage of the new things you can achieve. If I were you would visit the library or get an online subscription to a site like http://my.safaribooksonline.com/ and read. I hated how people pointed to the books when I was like "but I know vb6 in and out"... but they were right. Theres alot of room to grow, take it slow and don't get discouraged. Nothing in life is free