• Welcome to Valhalla Legends Archive.
 

[BNCS] SID_AUTH_CHECK [0x51]

Started by mime, November 18, 2009, 10:55 AM

Previous topic - Next topic

mime

Hello, I have some questions about data of SID_AUTH_CHECK packet.

This packet have next arguments:

(DWORD) Client Token
(DWORD) EXE Version
(DWORD) EXE Hash
(DWORD) Number of keys in this packet
(BOOLEAN) Using Spawn (32-bit)


How to learn this arguments?

How I understand, what ClientToke this simple random number? :)

And EXE Version the string of a format: "Diablo II 11/18/09 00:00:00 36864" ?

And how then to learn EXE Hash (simple way :)).

And last question..., if I use the my bot for not official  servers where there is no need in CD-keys what to specify in arguments "CD key" ? :)

Thanks.

Imperceptus

Are you familiar with how to use a packet capture utitlity? I would suggest Ethereal/Wireshark. Capture a session of you using one of the real clients then piece together what you need from there. 

Exe hashing, Search the forums... Its gotta be here somewhere.
Quote from: Hazard on August 07, 2003, 03:15 PM
Highlight your entire code. Press the delete key. Start over again using Cuphead's CSB tutorial and work your way from their rather than raping code from downloaded sources meant purely for learning purposes. If this does not fix the problem, uninstall Visual Basic and get a new hobby. I suggest Cricket.

MyndFyre

I suggest using the search term CheckRevision.  That's what goes into this packet.
QuoteEvery generation of humans believed it had all the answers it needed, except for a few mysteries they assumed would be solved at any moment. And they all believed their ancestors were simplistic and deluded. What are the odds that you are the first generation of humans who will understand reality?

After 3 years, it's on the horizon.  The new JinxBot, and BN#, the managed Battle.net Client library.

Quote from: chyea on January 16, 2009, 05:05 PM
You've just located global warming.

Hdx

The Client Token is a random number generated by your client, it is used to further randomize the encryption used on Battle.net, In short, Pick a random number, and use it for the eintire connection wherever 'Client Token' is referanced.

Exe Version is actually a DWORD, hence why it's labeled (DWORD).  This is retreived from the Exe, EXA if the file's version was 1.1.1 the DWORD would be: 0x01010001 (roughly)

The EXE Hash is calculated by running the 'CheckRevision' function that is in the DLL inside the MPQ that is sen't to you by battle.net in 0x50. But luckally people have reverse engineered that function so you don't have to! There are a few libraries out there that you can use to do this function: BNCSutil.dll, My Warden.dll, BNHash.dll etc...

The simplest way to get these values, is to use BNLS, BNLS will send you all of that information in S->C BNLS_VERSIONCHECKEX2 which you request with C-> BNLS_VERSIONCHECKEX2.

So basically, send BNLS everything you get in 0x50 and it will send you everything you need to send in 0x51

As for unofficial servers that 'dont need a cdkey' they still do, it just doesn't have to be a unbanned/real key. It just needs to decode properly.

Proud host of the JBLS server www.JBLS.org.
JBLS.org Status:
JBLS/BNLS Server Status

mime

#4
Hdx, MyndFyre, Imperceptus, thanks  for your answers.

I  received a version byte, version hash and statstring with BNLS. (S->C BNLS_VERSIONCHECKEX2).

I build and send SID_AUTH_CHECK packet, But I have problem in next packets :)

S -> C SID_AUTH_CHECK return:  0(success) , But SID_LOGONRESPONSE2 return 2 (ivalid password).

I dont know what the problem :(

Thanks.

My code:
out.writeByte(0x01);
out.flush();


BNCSPacket packet = new BNCSPacket(PacketIDs.SID_AUTH_INFO);
packet.addDWord(0);
packet.addDWord(PlatformIDs.PLATFORM_IX86);
packet.addDWord(ProductIDs.D2XP);
packet.addDWord(BNLSCheckRevision.getVersionByte());
packet.addDWord(0);
packet.addDWord(0);
packet.addDWord(0);
packet.addDWord(0);
packet.addDWord(0);
packet.addNTString(Locale.getDefault().getISO3Country());
packet.addNTString(Locale.getDefault().getDisplayCountry());
out.write(packet.getBytes());
out.flush();


BNetInputStream receive = parse(in);
System.out.println("Ping:" + receive.readDWord());

receive = parse(in);
int logonType = receive.readWord();
int serverToken = receive.readDWord();
int udpValue = receive.readDWord();
long mpqFileTime = receive.readQWord();
String mpqFileName = receive.readNTString();
byte[] formula = receive.readNTBytes();

CheckRevisionResults revRes = BNLSCheckRevision.checkRevision(
(byte) 0x05, mpqFileName, mpqFileTime, formula);

int clientToken = Math.abs(new Random().nextInt());

BNCSPacket p = new BNCSPacket(PacketIDs.SID_AUTH_CHECK);
p.addDWord(clientToken);
p.addDWord(revRes.getVerhash());
p.addDWord(revRes.getChecksum());
p.addDWord(0);
p.addNtByteArray(revRes.getStatstring());
p.addDWord(0);
out.write(p.getBytes());
out.flush();

receive = parse(in);
System.out.println("SID_AUTH_CHECK result code: 0x" + Integer.toHexString(receive.readDWord()));
System.out.println(receive.readNTString());

BNCSPacket lp = new BNCSPacket(PacketIDs.SID_LOGONRESPONSE2);
lp.addDWord(clientToken);
lp.addDWord(serverToken);
int[] myPass = DoubleHash.doubleHash(password, clientToken,
serverToken);
for(int i = 0; i < 5; i++) {
            lp.addDWord(myPass[i]);
}
lp.addNTString(name);
out.write(lp.getBytes());
out.flush();

receive = parse(in);
System.out.println("SID_LOGONRESPONSE2 result code: 0x" + Integer.toHexString(receive.readDWord()));

Hdx

You're not always garenteeded to get SID_PING before you get SID_AUTH_INFO
You should split your incoming packets and handel them based on ID.
What exactly is parse()?
And have you tried comparing the values you get for Client/Server tokens with a packetlog of the connection?

Proud host of the JBLS server www.JBLS.org.
JBLS.org Status:
JBLS/BNLS Server Status

rabbit

That's great.  Thank you for posting the code you use to send SID_LOGONRESPONSE2 so we can help you.

O wait, you didn't.

Your problem is probably that you aren't hashing the password, or if you are, you're probably not double-hashing it like you need to be.  Or if you are double-hashing it, you're probably not using the same client token you used earlier.  I can say this with confidence because you have no idea how to use the language you are, let alone anything about the protocol.
Grif: Yeah, and the people in the red states are mad because the people in the blue states are mean to them and want them to pay money for roads and schools instead of cool things like NASCAR and shotguns.  Also, there's something about ketchup in there.

mime

#7
Quote from: rabbit on November 19, 2009, 09:36 AM
That's great.  Thank you for posting the code you use to send SID_LOGONRESPONSE2 so we can help you.

O wait, you didn't.

Your problem is probably that you aren't hashing the password, or if you are, you're probably not double-hashing it like you need to be.  Or if you are double-hashing it, you're probably not using the same client token you used earlier.  I can say this with confidence because you have no idea how to use the language you are, let alone anything about the protocol.

You evil :(
I'm really newbie in bnet protocol and java network programming. Yes, I found javaop and bnutbot sources  and get there classes, But all rights saved.
I simply wished to write very simple bot what to check up myself here.

As I understand, my password, not hashed? And to use DoubleHash it is not correct?


2 Hdx:
SID_PING get before SID_ATH_INFO. So showing programlog....

Program log:
Send game protocol byte.
Send SID_AUTH_INFO packet...
ProductID: 5
Version Byte: 11
Receive packet: 0x25
Ping:40379269
Receive packet: 0x50
Logon Type:0
Server token:1992884224
UdpValue:79238906
MPQ File Time: -2217295427437330432
MPQ File Name: �IX86ver1.mpq
Formula: [B@a20892
Start check revision
verhash: 0
checksum: 0
statstring: [B@1e0bc08
Generate clientToken...
ClientToken:1992642644

Send SID_AUTH_CHECK packet...
Receive packet: 0x51
SID_AUTH_CHECK result code:0

Send SID_LOGONRESPONSE2 packet...
Receive packet: 0x3a
SID_LOGONRESPONSE2 result code:2



Mystical


int[] myPass = DoubleHash.doubleHash(password, clientToken, serverToken);


quick glance looks like he double hashed to me

rabbit

#9
Quote from: mime on November 19, 2009, 11:41 AM
Quote from: rabbit on November 19, 2009, 09:36 AM
That's great.  Thank you for posting the code you use to send SID_LOGONRESPONSE2 so we can help you.

O wait, you didn't.

Your problem is probably that you aren't hashing the password, or if you are, you're probably not double-hashing it like you need to be.  Or if you are double-hashing it, you're probably not using the same client token you used earlier.  I can say this with confidence because you have no idea how to use the language you are, let alone anything about the protocol.

You evil :(
I'm really newbie in bnet protocol and java network programming. Yes, I found javaop and bnutbot sources  and get there classes, But all rights saved.
I simply wished to write very simple bot what to check up myself here.

As I understand, my password, not hashed? And to use DoubleHash it is not correct?


2 Hdx:
SID_PING get before SID_ATH_INFO. So showing programlog....

Program log:
Send game protocol byte.
Send SID_AUTH_INFO packet...
ProductID: 5
Version Byte: 11
Receive packet: 0x25
Ping:40379269
Receive packet: 0x50
Logon Type:0
Server token:1992884224
UdpValue:79238906
MPQ File Time: -2217295427437330432
MPQ File Name: �IX86ver1.mpq
Formula: [B@a20892
Start check revision
verhash: 0
checksum: 0
statstring: [B@1e0bc08
Generate clientToken...
ClientToken:1992642644

Send SID_AUTH_CHECK packet...
Receive packet: 0x51
SID_AUTH_CHECK result code:0

Send SID_LOGONRESPONSE2 packet...
Receive packet: 0x3a
SID_LOGONRESPONSE2 result code:2




I'm not evil, just blunt.  Anyway, you're not extracting the MPQ archive name properly.  That will cause problems.

[edit]
Now that I've looked over your code, I have a question: did you just copy the send routines to post, or is that how your actual code is?  If that's what the actual code is, you're not actually parsing response, you're just blindly sending packets.
Grif: Yeah, and the people in the red states are mad because the people in the blue states are mean to them and want them to pay money for roads and schools instead of cool things like NASCAR and shotguns.  Also, there's something about ketchup in there.

Hdx

Post a Proper PacketLog
And Post your entire code, we have things like pastebin for a reason.

Proud host of the JBLS server www.JBLS.org.
JBLS.org Status:
JBLS/BNLS Server Status

mime

Quote
Now that I've looked over your code, I have a question: did you just copy the send routines to post, or is that how your actual code is?  If that's what the actual code is, you're not actually parsing response, you're just blindly sending packets.

It not an actual code, it simply preparations what to check up working capacity of the found source codes.
Maybe  blindly sending... I followed this instruction http://www.bnetdocs.org/?op=doc&did=10

I badly understand as it works. Probably I dont have enough knowledge for bot writing. I will probably forget about it.

Thanks for spent time.

rabbit

That's not right.  Don't give up because I was being rude (which I admit I was).  What you need to do is read through whatever code you've got.  Try to understand what's going on.  And I just want to make sure you know that it is possible to learn a language the way you're doing it, but you need to do more reading before asking these kinds of questions.  And in case you don't believe me: the first project I did in VB6 was a binary bot, and the same for VB.Net (which, admittedly was easier because I already knew VB6 very well).
Grif: Yeah, and the people in the red states are mad because the people in the blue states are mean to them and want them to pay money for roads and schools instead of cool things like NASCAR and shotguns.  Also, there's something about ketchup in there.

mime

#13
Quote from: rabbit on November 19, 2009, 04:41 PM
That's not right.  Don't give up because I was being rude (which I admit I was).  What you need to do is read through whatever code you've got.  Try to understand what's going on.  And I just want to make sure you know that it is possible to learn a language the way you're doing it, but you need to do more reading before asking these kinds of questions.  And in case you don't believe me: the first project I did in VB6 was a binary bot, and the same for VB.Net (which, admittedly was easier because I already knew VB6 very well).

Thanks for support!

I understand a few structure of a bot (and a few source codes) But badly I understand  binary network and  packet sending/capture  programms (wirechark, wpe etc... ) and bitwise operations...

You an experienced, tell that I should know to fully understand bot work and bnet protocol.

Thanks.

Imperceptus

my two cents man. Dont think that knowing how to program in vb6 makes you a competent programmer.  I use to think that... oy was I in for a shock.  vb.net is alot better if you take advantage of the new things you can achieve.  If I were you would visit the library or get an online subscription to a site like http://my.safaribooksonline.com/ and read.  I hated how people pointed to the books when I was like "but I know vb6 in and out"... but they were right. Theres alot of room to grow, take it slow and don't get discouraged. Nothing in life is free
Quote from: Hazard on August 07, 2003, 03:15 PM
Highlight your entire code. Press the delete key. Start over again using Cuphead's CSB tutorial and work your way from their rather than raping code from downloaded sources meant purely for learning purposes. If this does not fix the problem, uninstall Visual Basic and get a new hobby. I suggest Cricket.