• Welcome to Valhalla Legends Archive.
 

Need help. Logging BNet... [NOT solved]

Started by z-stars, July 22, 2004, 01:47 PM

Previous topic - Next topic
|

UserLoser.

#45
Quote from: z-stars on July 24, 2004, 01:33 PM

3  Hide  Hide  8  Recv  
0000  FF 25 08 00 3E 6B CB 97                            .%..>k..

5  Hide  Hide  9  Send  
0000  FF 25 08 00 F3 2A 9F 4D CC                         .%...*.M.


That's your problem.

z-stars

#46
Quote from: UserLoser. on July 24, 2004, 01:51 PM
Quote from: z-stars on July 24, 2004, 01:33 PM

3  Hide  Hide  8  Recv  
0000  FF 25 08 00 3E 6B CB 97                            .%..>k..

5  Hide  Hide  9  Send  
0000  FF 25 08 00 F3 2A 9F 4D CC                         .%...*.M.


That's your problem.

I removed the PingPacket and I received the sixth packet :) I'll try to parse it as soon as I get my IP ban removed.

z-stars

#47
I've tried to parse the 0x51 packet I receive but it doesn't seem to be any of  the BNetDoc values... Maybe I am parsing it wrong... I am just parsing the first CD Key1 values because I'm not sure how to parse the ones of the second cd key.

This is the new packet log...

1  Hide  Hide  1  Send  
0000  01                                                 .

2  Hide  Hide  50  Send  
0000  FF 50 32 00 00 00 00 00 36 38 58 49 50 58 32 44    .P2.....68XIPX2D
0010  0A 00 00 00 53 45 73 65 50 23 6B 1D 88 FF FF FF    ....SEseP#k.....
0020  0A 0C 00 00 0A 0C 00 00 45 53 50 00 53 70 61 69    ........ESP.Spai
0030  6E 00                                              n.

3  Hide  Hide  8  Recv  
0000  FF 25 08 00 C2 DD 48 48                            .%....HH

4  Hide  Hide  99  Recv  
0000  FF 50 63 00 00 00 00 00 26 E6 3A 18 79 67 26 00    .Pc.....&.:.yg&.
0010  00 92 72 76 91 E7 C3 01 49 58 38 36 76 65 72 31    ..rv....IX86ver1
0020  2E 6D 70 71 00 41 3D 33 33 31 38 36 34 32 38 34    .mpq.A=331864284
0030  20 42 3D 37 36 30 38 31 39 34 30 37 20 43 3D 31     B=760819407 C=1
0040  36 39 32 32 32 38 33 35 20 34 20 41 3D 41 2B 53    69222835 4 A=A+S
0050  20 42 3D 42 2D 43 20 43 3D 43 5E 41 20 41 3D 41     B=B-C C=C^A A=A
0060  5E 42 00                                           ^B.

5  Hide  Hide  136  Send  
0000  FF 51 86 00 6E 61 EF 00 00 0A 00 00 90 8D E7 00    .Q..na..........
0010  02 00 00 00 00 00 00 00 10 00 00 00 00 00 00 00    ................
0020  00 13 7D 6C 00 00 00 00 XX XX XX XX XX XX XX XX    ..}l.......V....
0030  XX XX XX XX XX XX XX XX XX XX XX XX 10 00 00 00    ...%.x...+m.....
0040  00 00 00 00 XX XX XX XX 00 00 00 00 XX XX XX XX    .....1.`.......5
0050  XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX    .....t....R5...r
0060  47 61 6D 65 2E 65 78 65 20 30 35 2F 31 36 2F 30    Game.exe 05/16/0
0070  34 20 32 31 3A 33 31 3A 33 36 20 31 31 39 38 38    4 21:31:36 11988
0080  35 37 00 4D 65 00 CD CD                            57.Me...

6  Hide  Hide  9  Recv  
0000  FF 51 09 00 01 01 00 00 00                         .Q.......


And here the code I use to parse the packet:

LTBNSixthPacket()
{
   int n = 0;
   BEFORE_RECV;
   n = RecvPacket(crSixthPacket.packet, 50);
   if(n == -1) error(9, "RecvPacket");
   else cout << "Packet 6 Recv. Bytes: " << n << endl;
   
   memset(r_SID_AUTH_CHECK.AdditionalInformation, 0,
      sizeof(r_SID_AUTH_CHECK.AdditionalInformation));
   crSixthPacket.ReadByte(&r_SID_AUTH_CHECK.IntegrityCheck);
   crSixthPacket.ReadByte(&r_SID_AUTH_CHECK.PacketID);
   crSixthPacket.ReadWord(0, &r_SID_AUTH_CHECK.PacketLen);
   // Im converting this dword to big endian before parsing it.
   crSixthPacket.ReadDWord(0, &r_SID_AUTH_CHECK.Result);
   crSixthPacket.ReadString(r_SID_AUTH_CHECK.AdditionalInformation);

   cout << endl;
   switch(r_SID_AUTH_CHECK.Result)
   {
   case 0x000: cout << "Passed Challenge" << endl; break;
   case 0x100: cout << "Old Game Version" << endl; break;
   case 0x001: cout << "Invalid Version" << endl; break;

   case 0x200: cout << "Invalid CDKey" << endl; break;
   case 0x201: cout << "CDKey in use" << endl; break;
   case 0x202: cout << "Banned CDKey" << endl; break;
   case 0x203: cout << "Wrong Product" << endl; break;
   default: cout << "Undefined" << endl;
   }


And the cr_SID_AUTH_CHECK struct:

struct sr_SID_AUTH_CHECK
{
   BYTE IntegrityCheck;
   BYTE PacketID;
   WORD PacketLen;
   DWORD Result;
   char AdditionalInformation[200];
};


BTW, the output from this part of the code is:

Packet 6 recv. Bytes: 9

Undefined
ADDITIONAL INFORMATION:



Also, battle.net still IP Bans me.


BNETDocs description of the packet:

Packet ID: 0x51
Direction: Server -> Client (Received)
Format:
Help (DWORD)       Result
(STRING)       Additional Information
Remarks: Reports success/failure on version & CD Key check.

Result:
0x000: Passed challenge
0x100: Old game version (Additional info field supplies patch MPQ filename)
0x101: Invalid version

0x200: Invalid CD key
0x201: CD key in use (Additional info field supplies name of user)
0x202: Banned key
0x203: Wrong product

The last 4 codes also apply to the second cdkey, as indicated by a bitwise combination with 0x010.


UserLoser.

#48
You're sending two extra bytes which shouldn't be there at the very end of your 0x51 packet which is causing the IPban.  As far as the invalid version (0x101) response, do you have the newest hash files?  Are you sure you're using the expansion files and not classic?

ChR0NiC

#49
Quote from: z-stars on July 24, 2004, 02:44 PM


5  Hide  Hide  136  Send  
0000  FF 51 86 00 6E 61 EF 00 00 0A 00 00 90 8D E7 00    .Q..na..........
0010  02 00 00 00 00 00 00 00 10 00 00 00 00 00 00 00    ................
0020  00 13 7D 6C 00 00 00 00 XX XX XX XX XX XX XX XX    ..}l.......V....
0030  XX XX XX XX XX XX XX XX XX XX XX XX 10 00 00 00    ...%.x...+m.....
0040  00 00 00 00 XX XX XX XX 00 00 00 00 XX XX XX XX    .....1.`.......5
0050  XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX    .....t....R5...r
0060  47 61 6D 65 2E 65 78 65 20 30 35 2F 31 36 2F 30    Game.exe 05/16/0
0070  34 20 32 31 3A 33 31 3A 33 36 20 31 31 39 38 38    4 21:31:36 11988
0080  35 37 00 4D 65 00 CD CD                            57.Me...



After "Me" which is shown being sent here Null Terminated, you have included two bytes here and that will DEFINITELY cause an IP Ban, could also be what's screwing you over with the invalid game version error.

z-stars

Quote from: UserLoser. on July 24, 2004, 02:49 PM
You're sending two extra bytes which shouldn't be there at the very end of your 0x51 packet which is causing the IPban.  As far as the invalid version (0x101) response, do you have the newest hash files?  Are you sure you're using the expansion files and not classic?

Mhh didn't know it was invalid version response, my switch goes to the default for some reason, but about the hash files no I'm not sure, which files are the hash files?

ChR0NiC

#51
Quote from: UserLoser. on July 24, 2004, 02:49 PM
You're sending two extra bytes which shouldn't be there at the very end of your 0x51 packet which is causing the IPban.  As far as the invalid version (0x101) response, do you have the newest hash files?  Are you sure you're using the expansion files and not classic?

Quote from: z-stars on July 24, 2004, 02:55 PM
Mhh didn't know it was invalid version response, my switch goes to the default for some reason, but about the hash files no I'm not sure, which files are the hash files?

That would be your Game.exe, D2Client.dll and BNClient.dll I believe

z-stars

Quote from: ChR0NiC on July 24, 2004, 02:56 PM
Quote from: UserLoser. on July 24, 2004, 02:49 PM
You're sending two extra bytes which shouldn't be there at the very end of your 0x51 packet which is causing the IPban.  As far as the invalid version (0x101) response, do you have the newest hash files?  Are you sure you're using the expansion files and not classic?

Quote from: z-stars on July 24, 2004, 02:55 PM
Mhh didn't know it was invalid version response, my switch goes to the default for some reason, but about the hash files no I'm not sure, which files are the hash files?

That would be your Game.exe, D2Client.dll and BNClient.dll I believe

Ahh, I'll try with D2Client.dll

z-stars

#53
Well we're advancing, now it doesn't ban me :) but the packet I receive is the same...

New log:

1  Hide  Hide  1  Send  
0000  01                                                 .

2  Hide  Hide  50  Send  
0000  FF 50 32 00 00 00 00 00 36 38 58 49 50 58 32 44    .P2.....68XIPX2D
0010  0A 00 00 00 53 45 73 65 50 23 6B 1D 88 FF FF FF    ....SEseP#k.....
0020  0A 0C 00 00 0A 0C 00 00 45 53 50 00 53 70 61 69    ........ESP.Spai
0030  6E 00                                              n.

3  Hide  Hide  8  Recv  
0000  FF 25 08 00 D3 E8 8C 69                            .%.....i

4  Hide  Hide  100  Recv  
0000  FF 50 64 00 00 00 00 00 88 EE 54 4C 41 44 0E 00    .Pd.......TLAD..
0010  00 FA FB 7F 91 E7 C3 01 49 58 38 36 76 65 72 35    ........IX86ver5
0020  2E 6D 70 71 00 41 3D 31 30 32 36 37 38 35 35 33    .mpq.A=102678553
0030  39 20 42 3D 32 38 34 34 36 37 34 33 32 20 43 3D    9 B=284467432 C=
0040  35 33 31 36 32 30 36 30 37 20 34 20 41 3D 41 5E    531620607 4 A=A^
0050  53 20 42 3D 42 2B 43 20 43 3D 43 2D 41 20 41 3D    S B=B+C C=C-A A=
0060  41 2B 42 00                                        A+B.

5  Hide  Hide  134  Send  
0000  FF 51 86 00 ED D9 0C 00 00 0A 00 00 A8 D0 6E 00    .Q............n.
0010  02 00 00 00 00 00 00 00 10 00 00 00 00 00 00 00    ................
0020  00 13 7D 6C 00 00 00 00 XX XX XX XX XX XX XX XX    ..}l.....Y......
0030  XX XX XX XX XX XX XX XX XX XX XX XX 10 00 00 00    ..%}.=.}.:......
0040  00 00 00 00 XX XX XX XX 00 00 00 00 XX XX XX XX    .....1.`.......5
0050  XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX    .....t....R5...r
0060  47 61 6D 65 2E 65 78 65 20 30 35 2F 31 36 2F 30    Game.exe 05/16/0
0070  34 20 32 31 3A 33 31 3A 33 36 20 31 31 39 38 38    4 21:31:36 11988
0080  35 37 00 4D 65 00                                  57.Me.

6  Hide  Hide  9  Recv  
0000  FF 51 09 00 01 01 00 00 00            


BTW, the CheckRevision call...

bCheckRevision =
      CheckRevision("C:\\Archivos de programa\\Diablo II\\Game.exe",
         "C:\\Archivos de programa\\Diablo II\\D2Client.dll",
         "C:\\Archivos de programa\\Diablo II\\BnClient.dll",
         r_SID_AUTH_INFO.ValueString,
         &dwVersion, &dwChecksum,
         CRExeInfo,
         r_SID_AUTH_INFO.IX86ver_filename);
   if(bCheckRevision == FALSE)
      cout << "ERROR: CheckRevision() Failed" << endl;
   else cout << "CheckRevision() Success" << endl;

It returns TRUE.
I posted the CheckRevision() function at the first page of the topic.

z-stars

#54
Does anyone know what can be failing? :(

dxoigmn

#55
Quote from: UserLoser. on July 24, 2004, 11:57 PM
Quote from: $t0rm on July 24, 2004, 10:21 PM
Quote from: UserLoser. on July 24, 2004, 11:41 AM
Quote from: $t0rm on July 24, 2004, 09:49 AMsemi-OT, but how did you find the offset in battle.snp?

disassembly.

never thought of that :P

But seriously, what tools did you use? Did you just breakpoint CreateFile on stardat.mpq and trace from there?

All starts from send.  You find the call to send used for BNCS related packets.  You then trace it back to 0x51. Then you go back on each call and see what they do and what's being passed into it.  So setting some breakpoints would help.  Or, just search for mov     cl and find mov     cl, 51h

Thats how I started ;)

[Kp edit: no changes to original post, just an explanation.  Per Adron's hint, I've split the reverse-engineering section out into its own thread.  This response and the one after it are remnants of that side discussion, which deserved its own thread.]

z-stars

Quote from: Adron on July 25, 2004, 05:55 AM
Wish I could steal this part of the thread to the advanced programming forum, or somewhere that the hints on reverse engineering wouldn't be buried in newbie questions so quickly :)

And I wish someone would answer my last newbie question so I can finish my bot :)

Banana fanna fo fanna

#57
What's a good debugger on winxp?


Banana fanna fo fanna


|