Dll contains CheckRevision()

Trunning · May 06, 2010, 05:12 PM

Hmm?

int ss_len = strlen(ss) + 1;

Hdx · May 06, 2010, 05:27 PM

ya i skimmed over it.
it wasnt in your original
anyways with what you have learned, you should be online within 1/2 hr tops.
Get a crackin.

Trunning · May 06, 2010, 05:36 PM

Sadly I don't agree. Also I'm assuming a checksum can be a negative value.

Here is my output:

Code Select


Recv: 53
Success: 1
Version: 16780544
Checksum: -1485220444
Ver SS: game.exe 02/08/10 23:11:00 57344
Cookie: 0
Latest Version: 0

And the code:

Code Select

void recv_BNLS_VERCHECK(SOCKET sockBNLS, char *data, int length)
{
 SMSG_BNLS_VERCHECK pkt;
 memset((void*)&pkt, 0, sizeof(pkt));

 int  raw_gap  = (sizeof(DWORD) * 3);
 char *ss   = data + raw_gap;
 int  ss_len  = strlen(ss) + 1;

 pkt.VerCheck = (char*)malloc(ss_len);
 memcpy(&pkt, data, raw_gap);
 memcpy(pkt.VerCheck, ss, ss_len);
 memcpy(&pkt + raw_gap + ss_len, data + raw_gap + ss_len, (sizeof(DWORD) * 2));

 printf("Success: %d\n", pkt.Success);
 printf("Version: %d\n", pkt.Version);
 printf("Checksum: %d\n", pkt.Checksum);
 printf("Ver SS: %s\n", pkt.VerCheck);
 printf("Cookie: %d\n", pkt.Cookie);
 printf("Latest Version: %d\n", pkt.LatestVer);
}

Hdx · May 06, 2010, 06:32 PM

You're not supposto use ss_len in the last memcpy.

Code Select

memcpy(&pkt + raw_gap + 4, data + raw_gap + ss_len, (sizeof(DWORD) * 2));
And as with most things on Battle.net the checksum is actually a 32-but unsigned variable. Negatives are fine, but arnt really negs.

Trunning · May 06, 2010, 06:38 PM

Still both zero, took out + ss_len, and put in + 4, didn't work. I tried several other things, but all failed.

Hdx · May 06, 2010, 06:49 PM

Define several other things, seriously, be more descriptive.
Anyways your code *should* work.
Do you have packet logs?

Trunning · May 06, 2010, 06:55 PM

3 Other Things:
+ 1
+ sizeof(char)
+ 4 // yours

And this is 0x1A, S -> C.

Code Select

0000   00 26 18 7f 24 a2 00 04 ed 6f a5 60 08 00 45 00  .&..$....o.`..E.
0010   00 60 5f b4 40 00 70 06 42 58 cc 98 d9 e5 c0 a8  .`[email protected]......
0020   01 65 24 97 06 5f d8 7c 70 8e 02 b6 d5 d4 50 18  .e$.._.|p.....P.
0030   ff 98 f4 99 00 00 38 00 1a 01 00 00 00 00 0d 00  ......8.........
0040   01 02 e0 ec 37 67 61 6d 65 2e 65 78 65 20 30 32  ....7game.exe 02
0050   2f 30 38 2f 31 30 20 32 33 3a 31 31 3a 30 30 20  /08/10 23:11:00 
0060   35 37 33 34 34 00 b8 56 e3 4b 0d 00 00 00        57344..V.K....

Hdx · May 06, 2010, 07:13 PM

Well, the code posted 2 posts ago should work fine. dunno what you're doing wrong.

Trunning · May 06, 2010, 07:16 PM

Ok well here is my entire code.

http://pastebin.com/fEGpHbVc

Trunning · May 07, 2010, 12:59 AM

Ok well I've tried everything I can think of, I rewrote the memcpy() twice, I'm getting pretty desperate.

Trunning · May 07, 2010, 05:55 AM

Wow the solution was so simple, type casting pkt to a character pointer.

Trunning · May 07, 2010, 07:40 AM

Yeah I know you told me to use diablo 1, but if I change the ProductID and VerByte, server gives me a weird seed, plus I feel fine sending a couple extra packets.

When my code gets to the following function, the array in SMSG_BNLS_CDKEY is being set, but I get a runtime error "Run-Time Check Failure #2 - Stack around the variable 'pkt' was corrupted.".

Code Select

void recv_BNLS_CDKEY(SOCKET sockBNLS, char *data, int length)
{
 SMSG_BNLS_CDKEY pkt;
 memset((void*)&pkt, 0, sizeof(pkt));
 memcpy(&pkt, data, length);

 printf("Sucess: %d\n", pkt.Result);
}

Struct

Code Select

struct SMSG_BNLS_CDKEY {
 BYTE Result;
 DWORD ClientToken;
 DWORD Data[9];
};

l)ragon · May 07, 2010, 08:05 AM

your using DRTL there is no cdkey used for it, so you shouldent be asking BNLS for that data.
edit: nm apparently your using d2 again, either way not seeing your send for that in the code posted so dont know why you would be recieveing that

Trunning · May 07, 2010, 08:19 AM

Here it is, the struct, and the code to send, and receive.

Code Select

struct CMSG_BNLS_CDKEY {
 DWORD ServerToken;
 char* CDKey;
};

Code Select

CMSG_BNLS_CDKEY packet;
packet.ServerToken = g_ServerToken; // Copying the actual value here
packet.CDKey  = g_CDKey; // g_CDKey is a char*, so I'm just copying the address

int pack_size = ((sizeof(packet) - 4) + strlen(g_CDKey) + 1);

char* buffer = (char*)malloc(pack_size);
memcpy(buffer, (void*)&packet, sizeof(DWORD));
memcpy(buffer + sizeof(DWORD), g_CDKey, strlen(g_CDKey) + 1);

bnls_send(sockBNLS, 0x01, buffer, pack_size);
printf("Well ...\n");
free(buffer);

// Recv the response
BNLS_HEADER san;
recv(sockBNLS, (char*)&san, sizeof(BNLS_HEADER), NULL);

int  body = san.Length - sizeof(BNLS_HEADER);
char* adata;
if (body > 0){
 adata = (char*)malloc(body);
 int count =  recv(sockBNLS, adata, body, NULL);
 printf("Got 0x01 from BNLS, Size: %d\n", count);
 recv_BNLS_CDKEY(sockBNLS, adata, count);
 free(adata);
}

Trunning · May 07, 2010, 10:09 AM

Code Select

BYTE - Success
Was actually a DWORD, but BnetDocs didn't actually specifically say this.