• Welcome to Valhalla Legends Archive.
 

Dll contains CheckRevision()

Started by Trunning, April 30, 2010, 05:16 PM

Previous topic - Next topic

Trunning

Hmm?

int ss_len = strlen(ss) + 1;

Hdx

ya i skimmed over it.
it wasnt in your original
anyways with what you have learned, you should be online within 1/2 hr tops.
Get a crackin.

Proud host of the JBLS server www.JBLS.org.
JBLS.org Status:
JBLS/BNLS Server Status

Trunning

Sadly I don't agree. Also I'm assuming a checksum can be a negative value.

Here is my output:

Recv: 53
Success: 1
Version: 16780544
Checksum: -1485220444
Ver SS: game.exe 02/08/10 23:11:00 57344
Cookie: 0
Latest Version: 0


And the code:
void recv_BNLS_VERCHECK(SOCKET sockBNLS, char *data, int length)
{
SMSG_BNLS_VERCHECK pkt;
memset((void*)&pkt, 0, sizeof(pkt));

int raw_gap = (sizeof(DWORD) * 3);
char *ss = data + raw_gap;
int ss_len = strlen(ss) + 1;

pkt.VerCheck = (char*)malloc(ss_len);
memcpy(&pkt, data, raw_gap);
memcpy(pkt.VerCheck, ss, ss_len);
memcpy(&pkt + raw_gap + ss_len, data + raw_gap + ss_len, (sizeof(DWORD) * 2));

printf("Success: %d\n", pkt.Success);
printf("Version: %d\n", pkt.Version);
printf("Checksum: %d\n", pkt.Checksum);
printf("Ver SS: %s\n", pkt.VerCheck);
printf("Cookie: %d\n", pkt.Cookie);
printf("Latest Version: %d\n", pkt.LatestVer);
}

Hdx

You're not supposto use ss_len in the last memcpy.
memcpy(&pkt + raw_gap + 4, data + raw_gap + ss_len, (sizeof(DWORD) * 2));
And as with most things on Battle.net the checksum is actually a 32-but unsigned variable. Negatives are fine, but arnt really negs.

Proud host of the JBLS server www.JBLS.org.
JBLS.org Status:
JBLS/BNLS Server Status

Trunning

Still both zero, took out + ss_len, and put in + 4, didn't work. I tried several other things, but all failed.

Hdx

Define several other things, seriously, be more descriptive.
Anyways your code *should* work.
Do you have packet logs?

Proud host of the JBLS server www.JBLS.org.
JBLS.org Status:
JBLS/BNLS Server Status

Trunning

3 Other Things:
+ 1
+ sizeof(char)
+ 4 // yours

And this is 0x1A, S -> C.

0000   00 26 18 7f 24 a2 00 04 ed 6f a5 60 08 00 45 00  .&..$....o.`..E.
0010   00 60 5f b4 40 00 70 06 42 58 cc 98 d9 e5 c0 a8  .`[email protected]......
0020   01 65 24 97 06 5f d8 7c 70 8e 02 b6 d5 d4 50 18  .e$.._.|p.....P.
0030   ff 98 f4 99 00 00 38 00 1a 01 00 00 00 00 0d 00  ......8.........
0040   01 02 e0 ec 37 67 61 6d 65 2e 65 78 65 20 30 32  ....7game.exe 02
0050   2f 30 38 2f 31 30 20 32 33 3a 31 31 3a 30 30 20  /08/10 23:11:00
0060   35 37 33 34 34 00 b8 56 e3 4b 0d 00 00 00        57344..V.K....

Hdx

Well, the code  posted 2 posts ago should work fine. dunno what you're doing wrong.

Proud host of the JBLS server www.JBLS.org.
JBLS.org Status:
JBLS/BNLS Server Status

Trunning


Trunning

Ok well I've tried everything I can think of, I rewrote the memcpy() twice, I'm getting pretty desperate.

Trunning

Wow the solution was so simple, type casting pkt to a character pointer.

Trunning

Yeah I know you told me to use diablo 1, but if I change the ProductID and VerByte, server gives me a weird seed, plus I feel fine sending a couple extra packets.

When my code gets to the following function, the array in SMSG_BNLS_CDKEY is being set, but I get a runtime error "Run-Time Check Failure #2 - Stack around the variable 'pkt' was corrupted.".
void recv_BNLS_CDKEY(SOCKET sockBNLS, char *data, int length)
{
SMSG_BNLS_CDKEY pkt;
memset((void*)&pkt, 0, sizeof(pkt));
memcpy(&pkt, data, length);

printf("Sucess: %d\n", pkt.Result);
}


Struct
struct SMSG_BNLS_CDKEY {
BYTE Result;
DWORD ClientToken;
DWORD Data[9];
};

l)ragon

#72
your using DRTL there is no cdkey used for it, so you shouldent be asking BNLS for that data.
edit: nm apparently your using d2 again, either way not seeing your send for that in the code posted so dont know why you would be recieveing that
*^~·.,¸¸,.·´¯`·.,¸¸,.-·~^*ˆ¨¯¯¨ˆ*^~·.,l)ragon,.-·~^*ˆ¨¯¯¨ˆ*^~·.,¸¸,.·´¯`·.,¸¸,.-·~^*

Trunning

Here it is, the struct, and the code to send, and receive.

struct CMSG_BNLS_CDKEY {
DWORD ServerToken;
char* CDKey;
};


CMSG_BNLS_CDKEY packet;
packet.ServerToken = g_ServerToken; // Copying the actual value here
packet.CDKey = g_CDKey; // g_CDKey is a char*, so I'm just copying the address

int pack_size = ((sizeof(packet) - 4) + strlen(g_CDKey) + 1);

char* buffer = (char*)malloc(pack_size);
memcpy(buffer, (void*)&packet, sizeof(DWORD));
memcpy(buffer + sizeof(DWORD), g_CDKey, strlen(g_CDKey) + 1);

bnls_send(sockBNLS, 0x01, buffer, pack_size);
printf("Well ...\n");
free(buffer);

// Recv the response
BNLS_HEADER san;
recv(sockBNLS, (char*)&san, sizeof(BNLS_HEADER), NULL);

int body = san.Length - sizeof(BNLS_HEADER);
char* adata;
if (body > 0){
adata = (char*)malloc(body);
int count =  recv(sockBNLS, adata, body, NULL);
printf("Got 0x01 from BNLS, Size: %d\n", count);
recv_BNLS_CDKEY(sockBNLS, adata, count);
free(adata);
}

Trunning

#74
BYTE - Success
Was actually a DWORD, but BnetDocs didn't actually specifically say this.

|