• Welcome to Valhalla Legends Archive.
 

starcraft2 network traffic

Started by aton, March 19, 2010, 09:48 AM

Previous topic - Next topic

aton

looks encrypted to me, perhaps same as d2?

brew

yes it's encrypted.
it's suspected to be the value of A in srp.
<3 Zorm
Quote[01:08:05 AM] <@Zorm> haha, me get pussy? don't kid yourself quik
Scio te esse, sed quid sumne? :P

Hdx

Quote from: brew on March 19, 2010, 01:57 PM
yes it's encrypted.
it's suspected to be the value of A in srp.
K*

Proud host of the JBLS server www.JBLS.org.
JBLS.org Status:
JBLS/BNLS Server Status

brew

<3 Zorm
Quote[01:08:05 AM] <@Zorm> haha, me get pussy? don't kid yourself quik
Scio te esse, sed quid sumne? :P

Hdx

No you moron, it's encrypted with K. Just like WoW is.

Proud host of the JBLS server www.JBLS.org.
JBLS.org Status:
JBLS/BNLS Server Status


brew

Quote from: Hdx on March 19, 2010, 04:21 PM
No you moron
Woah, fuck off dude.

Yeah, I stood corrected. So what?

Thanks for turning more than half this thread into prime Thrash Can material.
<3 Zorm
Quote[01:08:05 AM] <@Zorm> haha, me get pussy? don't kid yourself quik
Scio te esse, sed quid sumne? :P

aton

so can it be decrypted only by watching network packets?

brew

Quote from: aton on March 20, 2010, 11:41 AM
so can it be decrypted only by watching network packets?
No. K is never sent over the network. I suggest that you, for now, hook Password!389613B0h. There are 16 bytes of CCh padding at the end of that function, so you could write a jmp to your own interception code over the ret.
<3 Zorm
Quote[01:08:05 AM] <@Zorm> haha, me get pussy? don't kid yourself quik
Scio te esse, sed quid sumne? :P

aton


Hdx

Quote from: brew on March 20, 2010, 12:57 AM
Quote from: Hdx on March 19, 2010, 04:21 PM
No you moron
Woah, fuck off dude.

Yeah, I stood corrected. So what?

Thanks for turning more than half this thread into prime Thrash Can material.
All of my replies are on topic and informative. You're the one who somewhat correct info(which I corrected) and then gave ludicrous info.

Anyways, no aton, k is not pre-shared it is calculated during SRP.
If you read the specs I linked earlier you will understand things more.

Proud host of the JBLS server www.JBLS.org.
JBLS.org Status:
JBLS/BNLS Server Status

aton

as i understood it, the server stores then (pre-shared) username and password and a salt and when the client establishes the connection, it sends the salt. now if i knew the username and password and could sniff the salt, couldnt i create the shared session key which would let me decrypt the traffic?

(i am not very good with crypto stuff)

Hdx

#12
The server stores the Identifier (I) and salt (s), it does NOT store the password. It stores a password verifier (v) which is generated using the password. So it's safe.
The username is actually sent to you by the server. I would assume this is done to allow you to change your email address in the future.
You send the e-mail and your random (A), and it returns the associated Identifier (I) and salt (s) as well as it's random (B)
So, in order to 'sniff' the protocol, you need 2 things.
a - a random number generated by the client which is never sent over the wire.
N - The unique modulus for use in SRP, this is in Password.dll somewhere.
g - The generator used in SRP, this is also in Password.dll somewhere

A bit of poking around in the dlls should be easy to find it.

Take a read of the specs I linked. It will help you identify most of the start of the protocol.

Proud host of the JBLS server www.JBLS.org.
JBLS.org Status:
JBLS/BNLS Server Status

brew

Quote from: Hdx on March 20, 2010, 02:53 PM
You're the one who somewhat correct info(which I corrected) and then gave ludicrous info.
You didn't have to break the combo!
This proves it. You have 0 sense of humour.
<3 Zorm
Quote[01:08:05 AM] <@Zorm> haha, me get pussy? don't kid yourself quik
Scio te esse, sed quid sumne? :P

Hdx

I don't know what combo you are talking about but anyways.
Anyone know where to find a good, modern loader for SC/D2? Something that will let me inject DLLs. I've been using Ron's but its.. lacking (AE: I can't load more then one) and I'd like to know what the current populous uses.

Proud host of the JBLS server www.JBLS.org.
JBLS.org Status:
JBLS/BNLS Server Status