• Welcome to Valhalla Legends Archive.
 

Trade Hack Possibility - Diablo II closed realm

Started by BlackLotus, July 19, 2004, 08:59 PM

Previous topic - Next topic

BlackLotus

My idea works like this :

1) log a trade session to get the Check Box packet format

2) get the traders ip, posibly netstat or tracert

3) Build a Check Box Packet spoofed to their IP

4) success?

I'm new to the diablo programming genre, feedback rather than flaming much appreciated.

Grok

Hi, welcome to vL forums.

Good start on your thinking.  However, a few things you don't know about D2 realms will prevent that from working.  #1, the game is not peer-to-peer, so you never know anyone else's IP.  #2, the nature of TCP is that you will not be able to spoof a packet from them to the realm server.

UserLoser.

Quote from: Grok on July 19, 2004, 09:47 PM
Hi, welcome to vL forums.

Good start on your thinking.  However, a few things you don't know about D2 realms will prevent that from working.  #1, the game is not peer-to-peer, so you never know anyone else's IP.  #2, the nature of TCP is that you will not be able to spoof a packet from them to the realm server.

D2 realms
D2 game servers
;)

BlackLotus

aww shucks! there goes that idea :-) Ty for the feedback though.

If I can't spoof their IP, what about tricking their computer into sendign it? It sounds impossible... I've experimented with buffer overflows and other methods of control, but to no avail.  I was thinking that it might be possible to send the server a packet that contains the item code and properties, but not actually put the item up there.  So that the item apears to them but they push it and... well... either they'd get it and ud lose nothing... ud be ip banned... or somethign really bad or really good... :-)  Any ideas?

UserLoser.

Quote from: BlackLotus on July 19, 2004, 09:57 PM
aww shucks! there goes that idea :-) Ty for the feedback though.

If I can't spoof their IP, what about tricking their computer into sendign it? It sounds impossible... I've experimented with buffer overflows and other methods of control, but to no avail.  I was thinking that it might be possible to send the server a packet that contains the item code and properties, but not actually put the item up there.  So that the item apears to them but they push it and... well... either they'd get it and ud lose nothing... ud be ip banned... or somethign really bad or really good... :-)  Any ideas?

Blizzard/Battle.net/whoever manages the servers have made the trade buffers pretty much hardasses on what you do.  If you try doing something that the client usually doesn't let you do, the server will most likely close the connection, and give you a long IP ban from the realm and possibly game servers.

BlackLotus

Well if the client alows you to put an item up there... who's to say that sending a packet with the item code as goign onto the trade screen would be considered wrong?

Say you have a cham rune... u send the item id for cham and it says oh hey its cham okay *voop* onto their screen.  They c cham click okay... the thing though is... cham never left ur invintory... so it can't take it away... what do u think?  I understand what you're saying though, that it would be a bad idea to go *voop* trading 40x zods that i dont have type thing.

I appreciate all the feedback.  As i said I am new to this and these are just ideas.  Totally hypothetical in my mind based off of things I have read on similar matters.  If I appear closed minded or arrogent in anyway I appologize and will refrain from anymore posts.

Ty in advance,
Lotus

UserLoser.

Quote from: BlackLotus on July 20, 2004, 12:57 AM
Well if the client alows you to put an item up there... who's to say that sending a packet with the item code as goign onto the trade screen would be considered wrong?

It's not wrong, you just wouldn't have that item anymore.

BlackLotus


MyndFyre

Quote from: Grok on July 19, 2004, 09:47 PM
Hi, welcome to vL forums.

#2, the nature of TCP is that you will not be able to spoof a packet from them to the realm server.

ehhhwha--huh?

Isn't that how most DoS attacks work, though?

I was looking at a reflexive attack (I'll post a link to it if vL wants me to -- otherwise they don't need 56k newbs flooding them all the time), and it uses raw sockets to spoof where the originating IP is.

Just a thought.
QuoteEvery generation of humans believed it had all the answers it needed, except for a few mysteries they assumed would be solved at any moment. And they all believed their ancestors were simplistic and deluded. What are the odds that you are the first generation of humans who will understand reality?

After 3 years, it's on the horizon.  The new JinxBot, and BN#, the managed Battle.net Client library.

Quote from: chyea on January 16, 2009, 05:05 PM
You've just located global warming.

dxoigmn

#9
Quote from: Myndfyre on July 20, 2004, 07:13 PM
Quote from: Grok on July 19, 2004, 09:47 PM
Hi, welcome to vL forums.

#2, the nature of TCP is that you will not be able to spoof a packet from them to the realm server.

ehhhwha--huh?

Isn't that how most DoS attacks work, though?

I was looking at a reflexive attack (I'll post a link to it if vL wants me to -- otherwise they don't need 56k newbs flooding them all the time), and it uses raw sockets to spoof where the originating IP is.

Just a thought.

A reflection attack does indeed spoof the orginating ip, however usually it does not contain any meaningful data.  If you read the TCP spec, you'll find that there are sequence numbers involved sending data across the network.  In order for a person to spoof an orginating IP and add some meaningful data (in this case to accept a trade) they would have to guess this sequence number which would be extremely difficult but not impossible.  I recall reading an article about the distribution of sequence numbers on differing operating systems and how it is actually feasible to guess the sequence number and other articles about actual attacks using this method.  Searching google should give you a better idea.

MyndFyre

#10
Quote from: dxoigmn on July 21, 2004, 04:24 AM
Quote from: Myndfyre on July 20, 2004, 07:13 PM
Quote from: Grok on July 19, 2004, 09:47 PM
Hi, welcome to vL forums.

#2, the nature of TCP is that you will not be able to spoof a packet from them to the realm server.

ehhhwha--huh?

Isn't that how most DoS attacks work, though?

I was looking at a reflexive attack (I'll post a link to it if vL wants me to -- otherwise they don't need 56k newbs flooding them all the time), and it uses raw sockets to spoof where the originating IP is.

Just a thought.

A reflection attack does indeed spoof the orginating ip, however usually it does not contain any meaningful data.  If you read the TCP spec, you'll find that there are sequence numbers involved sending data across the network.  In order for a person to spoof an orginating IP and add some meaningful data (in this case to accept a trade) they would have to guess this sequence number which would be extremely difficult but not impossible.  I recall reading an article about the distribution of sequence numbers on differing operating systems and how it is actually feasible to guess the sequence number and other articles about actual attacks using this method.  Searching google should give you a better idea.

If by some way you manage to get Winpcap installed on the target's machine, you could have a much better idea of how to do it, using remote ethereal, to extract out the next sequence number for both TCP and for Battle.net.

I'm well aware of the sequencing involved.  However, if you notice the way I quoted Grok, he stated #2 in a way that it seemed it would not be possible at all.  That's the only part I was attempting to clarify.
QuoteEvery generation of humans believed it had all the answers it needed, except for a few mysteries they assumed would be solved at any moment. And they all believed their ancestors were simplistic and deluded. What are the odds that you are the first generation of humans who will understand reality?

After 3 years, it's on the horizon.  The new JinxBot, and BN#, the managed Battle.net Client library.

Quote from: chyea on January 16, 2009, 05:05 PM
You've just located global warming.