[C -> S] 0x51

[Trunning]

From the Data Array from 0x01 BNLS_CDKEY, what am I suppose to use for 0x51?

DWORD - ClientToken - Tracking Value
DWORD - Exe Version - Got this from 0x1A
DWORD - Exe Hash - Got this from 0x1a
DWORD - Key Count - Simple
DWORD - Spawn - Only 1 ( True ) for STAR or W2BN

Per Key // using 1 key
DWORD - Key Length - 16, Ex: AAAABBBBCCCCDDDD
DWORD - Key Product - D2DV Maybe?
DWORD - Key Public Value - The actual key?
DWORD - Unknown - Always zero

DWORD - Hashed Key Data -
   1. Client Token - Tracking Value
   2. Server Token - Got this from 0x50
   3. Key Product (from decoded CD key) - Don't know
   4. Key Public (from decoded CD key) - Don't know
   5. (DWORD) 0 - Always zero
   6. Key Private (from decoded CD key) - Don't Know

String - Exe Info - Got this from 0x1A
String - Owner - Well this isn't obvious at all

[l)ragon]

Code Select Expand

   NumberOfCDKeys = GetNumberOfKeys(typ)
     
   CDKeyOneBuf = HashC.DoCDKeyOne(CDK1, sKey, cKey) 'CDKEY ONE
   
   Select Case NumberOfCDKeys
       Case 0
           'LTRD, RHSD, RHSS can also use this function, (proven fact pre-lockdown).
       Case 1
           CDKeyHashDat = CDKeyOneBuf
       Case 2
           CDKeyTwoBuf = HashC.DoCDKeyTwo(CDK2, sKey, cKey) 'CDKEY TWO
           CDKeyHashDat = CDKeyOneBuf & CDKeyTwoBuf
       Case Else
           'There are no products that have more then 2
           'cdkeys as of yet, But.. since the packet
           'could take more then 2, possibly they're
           'setting up for some expansion to an expansion
           'games?
   End Select
   
   
   With pb
       .InsertDWORD cKey
       .InsertDWORD version
       .InsertDWORD Checksum
       .InsertDWORD NumberOfCDKeys
       .InsertDWORD Spawn
       .InsertNonNTString CDKeyHashDat
       .InsertNTString exeinfo
       .InsertNTString CDKeyUsername
       .SendBuffer sck, Bnet, &H51
   End With
   
   Set pb = Nothing

Leave it to you to figure out what CDKeyHashDat actually is.

[Hdx]

Code Select Expand

For Each Key:
  (DWORD) Key Length
  (DWORD) CD-key's product value
  (DWORD) CD-key's public value
  (DWORD) Unknown (0)
  (DWORD) [5] Hashed Key Data
1+1+1+1+5=?

[Trunning]

Code Select Expand

For Each Key:
  (DWORD) Key Length
  (DWORD) CD-key's product value
  (DWORD) CD-key's public value
  (DWORD) Unknown (0)
  (DWORD) [5] Hashed Key Data
1+1+1+1+5=?

9, the array I'm getting from 0x01

[Trunning]

Damn I'm good, IPBanned from all four servers, ah well, this will a painfully long trial and error process.

[lord2800]

Damn I'm good, IPBanned from all four servers, ah well, this will a painfully long trial and error process.

PvPGN helps a lot when testing. Especially setting up a local instance.

[Trunning]

I can change my Ip, otherwise I probably would

I'm getting result 512 back from 0x51, ah well I got some work to do.

[l)ragon]

Damn I'm good, IPBanned from all four servers, ah well, this will a painfully long trial and error process.

PvPGN helps a lot when testing. Especially setting up a local instance.

PvPGN is for failures, only way for you to get real results is by using and abusing the real system.

[l)ragon]

I can change my Ip, otherwise I probably would

I'm getting result 512 back from 0x51, ah well I got some work to do.

0x200 = Invalid CDKey

[Trunning]

Edit: Wasn't putting in the client token and server token into the HashedKeyData array, trying that now.

Can't see why, I sent 0x01 to BNLS, got the Data array, and assigned it like so.

Code Select Expand

packet.KeyLength = pkt.Data[0];
packet.CDKeyProduct = pkt.Data[1];
packet.CDKeyPublic = pkt.Data[2];
packet.Unknown = pkt.Data[3]; // 0 either way
packet.HashedKeyData[0] = pkt.Data[4];
packet.HashedKeyData[1] = pkt.Data[5];
packet.HashedKeyData[2] = pkt.Data[6];
packet.HashedKeyData[3] = pkt.Data[7];
packet.HashedKeyData[4] = pkt.Data[8];

[Trunning]

Edit: Still getting invalid CDKey...

I'm about to try this, but I have still haven't used pkt.Data[7] or [8] elements, so I doubt this will work, I'm basing my code on this.

Code Select Expand

CMSG_SID_AUTH_CHECK packet;
packet.ClientToken = g_Cookie;
packet.ExeVersion = g_ExeVersion;
packet.ExeHash = g_ExeHash;
packet.KeyCount = 1;
packet.Spawn = 0;
packet.KeyLength = pkt.Data[0];
packet.CDKeyProduct = pkt.Data[1];
packet.CDKeyPublic = pkt.Data[2];
packet.Unknown = pkt.Data[3]; // 0 either way
packet.HashedKeyData[0] = g_Cookie;
packet.HashedKeyData[1] = g_ServerToken;
packet.HashedKeyData[2] = pkt.Data[4];
packet.HashedKeyData[3] = pkt.Data[5];
packet.HashedKeyData[4] = 0;
packet.HashedKeyData[5] = pkt.Data[6];
packet.ExeInfo = g_ExeInfo;
packet.Owner = (char*)malloc(4);
strcpy_s(packet.Owner, 4, "abc");

Code Select Expand

struct CMSG_SID_AUTH_CHECK {
DWORD ClientToken;
DWORD ExeVersion;
DWORD ExeHash;
DWORD KeyCount;
DWORD Spawn;
// --------------------
DWORD KeyLength;
DWORD CDKeyProduct;
DWORD CDKeyPublic;
DWORD Unknown;
DWORD HashedKeyData[6];
// --------------------
char* ExeInfo;
char* Owner;
};

[lord2800]

PvPGN is for failures, only way for you to get real results is by using and abusing the real system.

Of course you don't use PvPGN and say your code works, but it sure does make getting the BNCS sequence down easier. It saved me hours of waiting every time I screwed something innocuous up that took me 30 seconds to fix (and had to wait 5 minutes to test again).

[Trunning]

This is my current code, for constructing the packet. It's commented, if anything is wrong tell me, which it is because it's not working.

Code Select Expand

CMSG_SID_AUTH_CHECK packet;
packet.ClientToken = pkt.ClientToken; // Tracking Value
packet.ExeVersion = g_ExeVersion; // Version from BNLS 0x1A
packet.ExeHash = g_ExeHash; // Checksum from BNLS 0x1A
packet.KeyCount = 1; // Only using 1 key, Diablo 2
packet.Spawn = 0; // Only true for STAR and W2BN

packet.KeyLength = pkt.Data[0]; // Unsure if these are right
packet.ProductVal = pkt.Data[1];
packet.PublicVal = pkt.Data[2];
packet.Unknown = pkt.Data[3];
packet.KeyData[0] = pkt.ClientToken; // Same tracking value from above
packet.KeyData[1] = g_ServerToken; // ServerToken from S -> C BNCS 0x50
packet.KeyData[2] = pkt.Data[4];
packet.KeyData[3] = pkt.Data[5];
packet.KeyData[4] = 0; // 0
packet.KeyData[5] = pkt.Data[6];

packet.ExeInfo = g_ExeInfo; // Pointer to the stat string from BNLS 0x1A
packet.Owner = (char*)malloc(4);
strcpy_s(packet.Owner, 4, "abc");

CMSG_SID_AUTH_CHECK Structure

Code Select Expand

struct CMSG_SID_AUTH_CHECK {
DWORD ClientToken;
DWORD ExeVersion;
DWORD ExeHash;
DWORD KeyCount;
DWORD Spawn;

// --------------------

DWORD KeyLength;
DWORD ProductVal;
DWORD PublicVal;
DWORD Unknown;
DWORD KeyData[6];

// --------------------

char* ExeInfo;
char* Owner;
};

[l)ragon]

PvPGN is for failures, only way for you to get real results is by using and abusing the real system.

Of course you don't use PvPGN and say your code works, but it sure does make getting the BNCS sequence down easier. It saved me hours of waiting every time I screwed something innocuous up that took me 30 seconds to fix (and had to wait 5 minutes to test again).

You must be retarded now unless PvPGN has access to blizzards CDKey database, how bright do you think what your saying is when his current problem is with CDKeys.

[l)ragon]

Code Select Expand

packet.KeyLength = pkt.Data[0]; // Unsure if these are right
packet.ProductVal = pkt.Data[1];
packet.PublicVal = pkt.Data[2];
packet.Unknown = pkt.Data[3];
packet.KeyData[0] = pkt.ClientToken; // Same tracking value from above
packet.KeyData[1] = g_ServerToken; // ServerToken from S -> C BNCS 0x50
packet.KeyData[2] = pkt.Data[4];
packet.KeyData[3] = pkt.Data[5];
packet.KeyData[4] = 0; // 0
packet.KeyData[5] = pkt.Data[6];
is where your problem is, the entire data should be 9 DWORDS in length within this section.
I thought BNLS gave you this entire section?