• Welcome to Valhalla Legends Archive.
 

SC/BW Anthrology CDKeys?

Started by Mesiah / haiseM, February 11, 2010, 03:32 PM

Previous topic - Next topic

Mesiah / haiseM

I recently bought the SC/BW anthrology at wal mart for 20 bucks, and tried to use it's new 26 char alpha numeric cdkey on a few bots. Ipbanned on every single one. Mirage, Stealth, My own..

I havn't logged the client yet to see if anything different is taking place (i wouldn't be able to tell probably anyways, im no good at reading encoded stuff), but the client works just fine..

Can anybody else comfirm that battle.net has NOT changed anything reguarding hashing new sc anthrology keys??
]HighBrow Innovations
Coming soon...

AIM Online Status: 

MysT_DooM

its using the war3 algo for the keys


vb6, something about that combination of numbers and letters is sexy

Hdx

I took a look at it and it hasn't changed anything in the algo seince before and after anthology keys were introduced, but some of the 'new' keys the online store is generating are being decoded improperly by all of our implementations of the function.
I dont have the tools to look into it much, but the public and product are being decoded fine iirc, its either the private, or the hash.

Proud host of the JBLS server www.JBLS.org.
JBLS.org Status:
JBLS/BNLS Server Status

Ringo

*shrugs*
I did the w3 cdkey decode from BW battle.snp some months ago, altho it looks pretty raw still, but works iirc. Id be interested to hear if this works with out fail or not.
Assuming ur standard SHA1 hashing the key, I would have thought it should be fine.

Idk if this helps anyway or not, figured id post it anyway, before I forget about it.


Private byte_1903A720(255)      As Byte
Private byte_1903A540(479)      As Byte
Private m_W3Init                As Boolean
Public Function DecodeW3Key(ByRef sKey As String, _
                           ByRef lProduct As Long, _
                           ByRef lPublic As Long, _
                           ByRef lPrivate As Long) As Boolean
   Dim bKey()          As Byte
   Dim var_44(3)       As Long
   Dim var_34(51)      As Byte
   If (Not Len(sKey) = 26) Then Exit Function
   If (m_W3Init = False) Then Call InitKeyTables
   m_W3Init = True
   bKey = StrConv(sKey, vbFromUnicode)
   Call sub_19003B10(bKey(), var_34())
   For i = 51 To 0 Step -1
       Call sub_19003AD0(4, 5, var_44(), var_34(i))
   Next i
   Call sub_19003E40(var_44())
   Call sub_19003B70(var_44())
   lProduct = RS(var_44(0), 10&)
   lPublic = LS((var_44(0) And &H3FF&), 16) Or RS(var_44(1), 16)
   Call CopyMemory(ByVal VarPtr(lPrivate) + 0, var_44(1), 2)
   Call CopyMemory(ByVal VarPtr(lPrivate) + 2, var_44(2), 8)
   DecodeW3Key = True
End Function
Private Sub InitKeyTables()
   Call FillByteArray(byte_1903A720(), _
       &HFF, &HFF, &HFF, &HFF, &HFF, &HFF, &HFF, &HFF, &HFF, &HFF, &HFF, &HFF, &HFF, &HFF, &HFF, &HFF, _
       &HFF, &HFF, &HFF, &HFF, &HFF, &HFF, &HFF, &HFF, &HFF, &HFF, &HFF, &HFF, &HFF, &HFF, &HFF, &HFF, _
       &HFF, &HFF, &HFF, &HFF, &HFF, &HFF, &HFF, &HFF, &HFF, &HFF, &HFF, &HFF, &HFF, &HFF, &HFF, &HFF, _
       &HFF, &HFF, &H0, &HFF, &H1, &HFF, &H2, &H3, &H4, &H5, &HFF, &HFF, &HFF, &HFF, &HFF, &HFF, _
       &HFF, &HFF, &H6, &H7, &H8, &H9, &HA, &HB, &HC, &HFF, &HD, &HE, &HFF, &HF, &H10, &HFF, _
       &H11, &HFF, &H12, &HFF, &H13, &HFF, &H14, &H15, &H16, &H17, &H18, &HFF, &HFF, &HFF, &HFF, &HFF, _
       &HFF, &HFF, &H6, &H7, &H8, &H9, &HA, &HB, &HC, &HFF, &HD, &HE, &HFF, &HF, &H10, &HFF, _
       &H11, &HFF, &H12, &HFF, &H13, &HFF, &H14, &H15, &H16, &H17, &H18, &HFF, &HFF, &HFF, &HFF, &HFF, _
       &HFF, &HFF, &HFF, &HFF, &HFF, &HFF, &HFF, &HFF, &HFF, &HFF, &HFF, &HFF, &HFF, &HFF, &HFF, &HFF, _
       &HFF, &HFF, &HFF, &HFF, &HFF, &HFF, &HFF, &HFF, &HFF, &HFF, &HFF, &HFF, &HFF, &HFF, &HFF, &HFF, _
       &HFF, &HFF, &HFF, &HFF, &HFF, &HFF, &HFF, &HFF, &HFF, &HFF, &HFF, &HFF, &HFF, &HFF, &HFF, &HFF, _
       &HFF, &HFF, &HFF, &HFF, &HFF, &HFF, &HFF, &HFF, &HFF, &HFF, &HFF, &HFF, &HFF, &HFF, &HFF, &HFF, _
       &HFF, &HFF, &HFF, &HFF, &HFF, &HFF, &HFF, &HFF, &HFF, &HFF, &HFF, &HFF, &HFF, &HFF, &HFF, &HFF, _
       &HFF, &HFF, &HFF, &HFF, &HFF, &HFF, &HFF, &HFF, &HFF, &HFF, &HFF, &HFF, &HFF, &HFF, &HFF, &HFF, _
       &HFF, &HFF, &HFF, &HFF, &HFF, &HFF, &HFF, &HFF, &HFF, &HFF, &HFF, &HFF, &HFF, &HFF, &HFF, &HFF, _
       &HFF, &HFF, &HFF, &HFF, &HFF, &HFF, &HFF, &HFF, &HFF, &HFF, &HFF, &HFF, &HFF, &HFF, &HFF, &HFF)
   Call FillByteArray(byte_1903A540(), _
       &H9, &H4, &H7, &HF, &HD, &HA, &H3, &HB, &H1, &H2, &HC, &H8, &H6, &HE, &H5, &H0, &H9, &HB, &H5, &H4, &H8, &HF, &H1, &HE, &H7, &H0, &H3, &H2, &HA, &H6, &HD, &HC, _
       &HC, &HE, &H1, &H4, &H9, &HF, &HA, &HB, &HD, &H6, &H0, &H8, &H7, &H2, &H5, &H3, &HB, &H2, &H5, &HE, &HD, &H3, &H9, &H0, &H1, &HF, &H7, &HC, &HA, &H6, &H4, &H8, _
       &H6, &H2, &H4, &H5, &HB, &H8, &HC, &HE, &HD, &HF, &H7, &H1, &HA, &H0, &H3, &H9, &H5, &H4, &HE, &HC, &H7, &H6, &HD, &HA, &HF, &H2, &H9, &H1, &H0, &HB, &H8, &H3, _
       &HC, &H7, &H8, &HF, &HB, &H0, &H5, &H9, &HD, &HA, &H6, &HE, &H2, &H4, &H3, &H1, &H3, &HA, &HE, &H8, &H1, &HB, &H5, &H4, &H2, &HF, &HD, &HC, &H6, &H7, &H9, &H0, _
       &HC, &HD, &H1, &HF, &H8, &HE, &H5, &HB, &H3, &HA, &H9, &H0, &H7, &H2, &H4, &H6, &HD, &HA, &H7, &HE, &H1, &H6, &HB, &H8, &HF, &HC, &H5, &H2, &H3, &H0, &H4, &H9, _
       &H3, &HE, &H7, &H5, &HB, &HF, &H8, &HC, &H1, &HA, &H4, &HD, &H0, &H6, &H9, &H2, &HB, &H6, &H9, &H4, &H1, &H8, &HA, &HD, &H7, &HE, &H0, &HC, &HF, &H2, &H3, &H5, _
       &HC, &H7, &H8, &HD, &H3, &HB, &H0, &HE, &H6, &HF, &H9, &H4, &HA, &H1, &H5, &H2, &HC, &H6, &HD, &H9, &HB, &H0, &H1, &H2, &HF, &H7, &H3, &H4, &HA, &HE, &H8, &H5, _
       &H3, &H6, &H1, &H5, &HB, &HC, &H8, &H0, &HF, &HE, &H9, &H4, &H7, &HA, &HD, &H2, &HA, &H7, &HB, &HF, &H2, &H8, &H0, &HD, &HE, &HC, &H1, &H6, &H9, &H3, &H5, &H4, _
       &HA, &HB, &HD, &H4, &H3, &H8, &H5, &H9, &H1, &H0, &HF, &HC, &H7, &HE, &H2, &H6, &HB, &H4, &HD, &HF, &H1, &H6, &H3, &HE, &H7, &HA, &HC, &H8, &H9, &H2, &H5, &H0, _
       &H9, &H6, &H7, &H0, &H1, &HA, &HD, &H2, &H3, &HE, &HF, &HC, &H5, &HB, &H4, &H8, &HD, &HE, &H5, &H6, &H1, &H9, &H8, &HC, &H2, &HF, &H3, &H7, &HB, &H4, &H0, &HA, _
       &H9, &HF, &H4, &H0, &H1, &H6, &HA, &HE, &H2, &H3, &H7, &HD, &H5, &HB, &H8, &HC, &H3, &HE, &H1, &HA, &H2, &HC, &H8, &H4, &HB, &H7, &HD, &H0, &HF, &H6, &H9, &H5, _
       &H7, &H2, &HC, &H6, &HA, &H8, &HB, &H0, &HF, &H4, &H3, &HE, &H9, &H1, &HD, &H5, &HC, &H4, &H5, &H9, &HA, &H2, &H8, &HD, &H3, &HF, &H1, &HE, &H6, &H7, &HB, &H0, _
       &HA, &H8, &HE, &HD, &H9, &HF, &H3, &H0, &H4, &H6, &H1, &HC, &H7, &HB, &H2, &H5, &H3, &HC, &H4, &HA, &H2, &HF, &HD, &HE, &H7, &H0, &H5, &H8, &H1, &H6, &HB, &H9, _
       &HA, &HC, &H1, &H0, &H9, &HE, &HD, &HB, &H3, &H7, &HF, &H8, &H5, &H2, &H4, &H6, &HE, &HA, &H1, &H8, &H7, &H6, &H5, &HC, &H2, &HF, &H0, &HD, &H3, &HB, &H4, &H9, _
       &H3, &H8, &HE, &H0, &H7, &H9, &HF, &HC, &H1, &H6, &HD, &H2, &H5, &HA, &HB, &H4, &H3, &HA, &HC, &H4, &HD, &HB, &H9, &HE, &HF, &H6, &H1, &H7, &H2, &H0, &H5, &H8)
End Sub
Private Sub FillByteArray(ByRef bOut() As Byte, ParamArray bArray() As Variant)
   Dim i As Long
   For i = 0 To UBound(bArray)
       bOut(i) = CByte(bArray(i))
   Next i
End Sub
Private Sub sub_19003B10(ByRef bKey() As Byte, ByRef bOut() As Byte)
   Dim i         As Long
   Dim A         As Long
   Dim B         As Long
   B = 33&
   For i = 0& To 25&
       A = (B + 1973&) Mod 52&
       B = (A + 1973&) Mod 52&
       bOut(A) = byte_1903A720(bKey(i)) \ 5&
       bOut(B) = byte_1903A720(bKey(i)) Mod 5&
   Next i
End Sub
Private Function sub_19003AD0(ByVal lCount As Long, ByVal lMulti As Long, ByRef lOut() As Long, ByVal C As Long) As Long
   Dim i           As Long
   Dim i64         As Double
   For i = (lCount - 1) To 0 Step -1
       If (lOut(i) And &H80000000) Then
           i64 = CDbl(CDbl(lOut(i)) + 4294967296#) * CDbl(lMulti)
       Else
           i64 = CDbl(lOut(i)) * CDbl(lMulti)
       End If
       lOut(i) = WDbl(i64 + CDbl(C))
       C = WDbl(i64 / 4294967296#)  '>>32
       If (lOut(i) And &H80000000) Then C = C - 1
   Next i
   sub_19003AD0 = C
End Function
Private Sub sub_19003E40(ByRef lOut() As Long)
   Dim lHold       As Long
   Dim i           As Long
   Dim i2          As Long
   Dim lTmp        As Long
   Dim lTmp2       As Long
   Dim lTmp3       As Long
   Dim lTmp16      As Long
   For i = 29& To 0& Step -1&
       lTmp2 = ((i And 7&) * 4&) And 255&
       lTmp3 = (3& - (i \ 8&))
       lTmp16 = (i * 16)
       lHold = RS((lOut(lTmp3) And LS(15&, lTmp2)), lTmp2)
       'For i2 = 29& To 0 Step -1& '//probly slower
       '    If (Not i2 = i) Then
       For i2 = 29& To (i + 1) Step -1&
           lTmp = ((i2 And 7&) * 4&)
           lHold = byte_1903A540((RS((lOut(3& - (i2 \ 8&)) And LS(15&, lTmp)), lTmp) Xor byte_1903A540(lHold + lTmp16)) + lTmp16)
       Next i2
       For i2 = (i - 1) To 0 Step -1&
           lTmp = ((i2 And 7&) * 4&)
           lHold = byte_1903A540((RS((lOut(3& - (i2 \ 8&)) And LS(15&, lTmp)), lTmp) Xor byte_1903A540(lHold + lTmp16)) + lTmp16)
       Next i2
       lOut(lTmp3) = (LS((byte_1903A540(lHold + lTmp16) And 15&), lTmp2) Or (Not (LS(&HF, lTmp2)) And lOut(lTmp3)))
   Next i
End Sub
Private Sub sub_19003B70(ByRef lOut() As Long)
   Dim i               As Long
   Dim i2              As Long
   Dim lTmp            As Long
   Dim lOld(3)         As Long
   Call CopyMemory(lOld(0), lOut(0), 16&)
   For i = 0& To 119&
       lTmp = ((i * 11) Mod 120&)
       i2 = (3& - RS(i, 5))
       lOut(i2) = (LS((RS((lOld((12 - LS(RS(lTmp, 5), 2)) / 4) And LS(1, (lTmp And 31&))), (lTmp And 31&)) And 1), (i And 31&)) Or (Not LS(1, (i And 31&)) And lOut(i2)))
   Next i
End Sub
Private Function RS(ByVal N As Long, ByVal S As Long) As Long
   'right shift bits
   If (S < 0) Or (S > 31) Then
       RS = 0
   ElseIf (S = 0) Then
       RS = N
   Else
       If ((N And &H80000000) = &H80000000) Then
           N = (N And &H7FFFFFFF)
           If (S = 31) Then 'stop over flow when shifting 31bits
               N = N / 2147483648#
           Else
               N = N \ (2 ^ S)
           End If
           RS = N Or (2 ^ (31 - S))
       Else
           RS = Int(CDbl(N) / CDbl(2 ^ S))
           'RS = N \ (2 ^ S)
       End If
   End If
End Function
Private Function LS(ByVal N As Long, ByVal S As Long) As Long
   'left shift bits
   If (S < 0) Or (S > 31) Then
       LS = 0
   ElseIf S = 0 Then
       LS = N
   Else
       N = N And (2 ^ (32 - S) - 1)
       LS = WDbl(CDbl(N) * CDbl(WDbl(2 ^ S)))
   End If
End Function
Private Function WDbl(ByVal N As Double) As Long
   'wrap a double back to a long
   While N > &H7FFFFFFF
       N = N - 4294967296#
   Wend
   While N < &H80000000
       N = N + 4294967296#
   Wend
   WDbl = N
End Function


MyndFyre

Quote from: Hdx on February 12, 2010, 12:47 PM
I took a look at it and it hasn't changed anything in the algo seince before and after anthology keys were introduced, but some of the 'new' keys the online store is generating are being decoded improperly by all of our implementations of the function.
I dont have the tools to look into it much, but the public and product are being decoded fine iirc, its either the private, or the hash.
I bought D2 and SC keys from the online store, and they're being decoded fine by MBNCSUtl.  *shrug*
QuoteEvery generation of humans believed it had all the answers it needed, except for a few mysteries they assumed would be solved at any moment. And they all believed their ancestors were simplistic and deluded. What are the odds that you are the first generation of humans who will understand reality?

After 3 years, it's on the horizon.  The new JinxBot, and BN#, the managed Battle.net Client library.

Quote from: chyea on January 16, 2009, 05:05 PM
You've just located global warming.

Ringo

#5
HDX just pm'ed me a 26 character cdkey, responcible for IP banning.
It would apear, the cdkey has a 4 byte public value, as aposed to the normal 3 bytes (0x01XXXXXX, rather than 0x00XXXXXX, which is what BNCSutli outputs)
After passing it though 1.16.1 battle.snp, and the above VB6 port of, I noticed that they were returning the full 4 byte public value, rather than the 3 bytes (4th 0x00) BNCSulti.dll returns.
I've not tryed it on bnet, but id assume that would be a possible cause.

Hope this helps.

Hdx

#6
From some quick notepad work, it looks like 26 char cdkeys get decoded into the following:
Product: 22 bits 0x3FFFFF
Public: 26 bits  0x03FFFFFF
Private: 80 bits 0xFFFFFFFFFFFFFFFFFFFF

Bit layout:
22222222222222222222223333333333
33333333333333334444444444444444
44444444444444444444444444444444
44444444444444444444444444444444

2 = product
3 = public
4 = private
I havent seen BNCSutil's decoder in a long time, but MBNCSutil can be fixed by changing:
val1 = SWAP4(br.ReadUInt32() & 0xffffff00);
to
val1 = SWAP4(br.ReadUInt32() & 0xffffff03);
But I would assume BNCSutil.dll does the same (00 not 03)

Proud host of the JBLS server www.JBLS.org.
JBLS.org Status:
JBLS/BNLS Server Status

MyndFyre

Good call, Hdx.  You're correct on the patch submission for MBNCSUtil.

Before I commit, will that impact older CD keys or Warcraft 3 CD keys at all?
QuoteEvery generation of humans believed it had all the answers it needed, except for a few mysteries they assumed would be solved at any moment. And they all believed their ancestors were simplistic and deluded. What are the odds that you are the first generation of humans who will understand reality?

After 3 years, it's on the horizon.  The new JinxBot, and BN#, the managed Battle.net Client library.

Quote from: chyea on January 16, 2009, 05:05 PM
You've just located global warming.

Hdx

#8
It shouldn't, as the actual function has not changed. You were simply not returning all of the correct values. And I guess they have finally gotten to the 0x01000000+ public key :P
Any code that bit shifts like the real game does [((buf[0] & 0x03FF) << 16) | ((buf[1] & 0xFFFF0000) >> 16)] should be fine.

Yup, I was correct about BNCSutil.dll, it does exactly the same thing you do.
http://filebeam.com/b75cd7ec6dcdb98b19c0b912f8ab4b50
I've hexed BNCSutil.dll and fixed it. Alls good now <3

Proud host of the JBLS server www.JBLS.org.
JBLS.org Status:
JBLS/BNLS Server Status

Mesiah / haiseM

You guys never cease to amaze me. Thanks alot Hdx :)
]HighBrow Innovations
Coming soon...

AIM Online Status: