starcraft2 network traffic

aton · March 19, 2010, 09:48 AM

looks encrypted to me, perhaps same as d2?

brew · March 19, 2010, 01:57 PM

yes it's encrypted.
it's suspected to be the value of A in srp.

Hdx · March 19, 2010, 03:57 PM

Quote from: brew on March 19, 2010, 01:57 PM
yes it's encrypted.
it's suspected to be the value of A in srp.

K*

brew · March 19, 2010, 03:58 PM

Quote from: Hdx on March 19, 2010, 03:57 PM
Quote from: brew on March 19, 2010, 01:57 PM
yes it's encrypted.
it's suspected to be the value of A in srp.
K*

L*

Hdx · March 19, 2010, 04:21 PM

No you moron, it's encrypted with K. Just like WoW is.

NiNe · March 19, 2010, 08:02 PM

http://s2dev.onlythechosen.com/forum/

brew · March 20, 2010, 12:57 AM

Quote from: Hdx on March 19, 2010, 04:21 PM
No you moron

Woah, fuck off dude.

Yeah, I stood corrected. So what?

Thanks for turning more than half this thread into prime Thrash Can material.

aton · March 20, 2010, 11:41 AM

so can it be decrypted only by watching network packets?

brew · March 20, 2010, 11:56 AM

Quote from: aton on March 20, 2010, 11:41 AM
so can it be decrypted only by watching network packets?

No. K is never sent over the network. I suggest that you, for now, hook Password!389613B0h. There are 16 bytes of CCh padding at the end of that function, so you could write a jmp to your own interception code over the ret.

aton · March 20, 2010, 01:30 PM

is it a pre-shared key?

Hdx · March 20, 2010, 02:53 PM

Quote from: brew on March 20, 2010, 12:57 AM
Quote from: Hdx on March 19, 2010, 04:21 PM
No you moron
Woah, fuck off dude.

Yeah, I stood corrected. So what?

Thanks for turning more than half this thread into prime Thrash Can material.

All of my replies are on topic and informative. You're the one who somewhat correct info(which I corrected) and then gave ludicrous info.

Anyways, no aton, k is not pre-shared it is calculated during SRP.
If you read the specs I linked earlier you will understand things more.

aton · March 20, 2010, 03:50 PM

as i understood it, the server stores then (pre-shared) username and password and a salt and when the client establishes the connection, it sends the salt. now if i knew the username and password and could sniff the salt, couldnt i create the shared session key which would let me decrypt the traffic?

(i am not very good with crypto stuff)

Hdx · March 20, 2010, 03:58 PM

The server stores the Identifier (I) and salt (s), it does NOT store the password. It stores a password verifier (v) which is generated using the password. So it's safe.
The username is actually sent to you by the server. I would assume this is done to allow you to change your email address in the future.
You send the e-mail and your random (A), and it returns the associated Identifier (I) and salt (s) as well as it's random (B)
So, in order to 'sniff' the protocol, you need 2 things.
a - a random number generated by the client which is never sent over the wire.
N - The unique modulus for use in SRP, this is in Password.dll somewhere.
g - The generator used in SRP, this is also in Password.dll somewhere

A bit of poking around in the dlls should be easy to find it.

Take a read of the specs I linked. It will help you identify most of the start of the protocol.

brew · March 20, 2010, 08:08 PM

Quote from: Hdx on March 20, 2010, 02:53 PM
You're the one who somewhat correct info(which I corrected) and then gave ludicrous info.

You didn't have to break the combo!
This proves it. You have 0 sense of humour.

Hdx · March 20, 2010, 09:41 PM

I don't know what combo you are talking about but anyways.
Anyone know where to find a good, modern loader for SC/D2? Something that will let me inject DLLs. I've been using Ron's but its.. lacking (AE: I can't load more then one) and I'd like to know what the current populous uses.