• Welcome to Valhalla Legends Archive.
 

Need help. Logging BNet... [NOT solved]

Started by z-stars, July 22, 2004, 01:47 PM

Previous topic - Next topic
|

UserLoser.

dwPublic shouldn't be changing at all, and it doesn't look like the code you posted is modifying it in any way.  I'd blame your WriteDWord/outgoing packet buffer class.  Try printf("%08x\n", dwPublic); or something to see if it really is changing. (which it shouldn't)

z-stars

Quote from: UserLoser. on July 25, 2004, 09:22 PM
dwPublic shouldn't be changing at all, and it doesn't look like the code you posted is modifying it in any way.  I'd blame your WriteDWord/outgoing packet buffer class.  Try printf("%08x\n", dwPublic); or something to see if it really is changing. (which it shouldn't)

Sorry you are right dwPublic doesn't change, I was using an old log to compare or something, but the dwPublic the program sends is different than the one d2 client sends.

z-stars

Quote from: dxoigmn on July 25, 2004, 09:02 PM
Here is what I would do.  Packet log the real client then in your client emulate that packet log exactly without connecting to battle.net.   That means fixing the values of the client salt, server salt, the equation string, the mpq file.  Make sure you use the same cdkeys as your real client too.   This should save you a load of headaches when you start debugging your cdkey stuff because battle.net will start ip banning you for several minutes.  Alternatively, you could create a test server using Arta's TestBNCS and connect locally.

I'm not sure to understand that, I can't copy exactly a packet log because a lot of values change.

UserLoser.

#78
Quote from: z-stars on July 26, 2004, 06:36 AM
Quote from: UserLoser. on July 25, 2004, 09:22 PM
dwPublic shouldn't be changing at all, and it doesn't look like the code you posted is modifying it in any way.  I'd blame your WriteDWord/outgoing packet buffer class.  Try printf("%08x\n", dwPublic); or something to see if it really is changing. (which it shouldn't)

Sorry you are right dwPublic doesn't change, I was using an old log to compare or something, but the dwPublic the program sends is different than the one d2 client sends.

Did you install the game with the same CDKeys that you're using now?

z-stars

Quote from: UserLoser. on July 26, 2004, 11:31 AM
Quote from: z-stars on July 26, 2004, 06:36 AM
Quote from: UserLoser. on July 25, 2004, 09:22 PM
dwPublic shouldn't be changing at all, and it doesn't look like the code you posted is modifying it in any way.  I'd blame your WriteDWord/outgoing packet buffer class.  Try printf("%08x\n", dwPublic); or something to see if it really is changing. (which it shouldn't)

Sorry you are right dwPublic doesn't change, I was using an old log to compare or something, but the dwPublic the program sends is different than the one d2 client sends.

Did you install the game with the same CDKeys that you're using now?

yes

z-stars

Mhh dunno what I have done that now it doesn't remove the '1' from dwVersion, but BNet keeps sending me that Invalid Version packet...
I dont know what to do, should I post the full source?

z-stars

I have put together some logs... The first two logs are from the real d2 lod client, the other 2 logs are from my program.



FF 51 86 00    header
ED E7 B4 11    client token
00 0A 00 01    exe version
D5 AD 18 D6    exe hash  
02 00 00 00    keys num
00 00 00 00    using spawn

10 00 00 00    key 1length
06 00 00 00       cdkey1 product
D9 15 0D 00    cdkey1 value1
00 00 00 00    key1 unknown

xx xx xx xx
xx xx xx xx
xx xx xx xx    KEY1 HASHED DATA
xx xx xx xx
xx xx xx xx

10 00 00 00      k2 len
0A 00 00 00    k2 product
FB F9 12 00    k2 value1
00 00 00 00    k2 unknown

xx xx xx xx
xx xx xx xx
xx xx xx xx    KEY2 HASHED DATA
xx xx xx xx
xx xx xx xx
 
47 61 6D 65 2E 65 78 65 20 31 30 2F 31 33 2F 30    Game.exe 10/13/0
33 20 30 38 3A 33 35 3A 33 30 20 31 31 39 38 38    3 08:35:30 11988
35 37 00 4D 65 00                                  57.Me.


__________________________________________________________________________



FF 51 86 00    header
1B 13 43 DF    client token
00 0A 00 01    exe version
DF F5 4A EE       exe hash
02 00 00 00    keys num
00 00 00 00    using spawn

10 00 00 00    key 1 length
06 00 00 00     cdkey1 product
D9 15 0D 00    cdkey1 value1
00 00 00 00    key1 unknown

xx xx xx xx
xx xx xx xx
xx xx xx xx    KEY1 HASHED DATA
xx xx xx xx
xx xx xx xx

10 00 00 00     k2 len
0A 00 00 00    k2 product
FB F9 12 00    k2 value1
00 00 00 00    k1 unknown

xx xx xx xx
xx xx xx xx
xx xx xx xx    KEY2 HASHED DATA
xx xx xx xx
xx xx xx xx

47 61 6D 65 2E 65 78 65 20 31 30 2F 31 33 2F 30    Game.exe 10/13/0
33 20 30 38 3A 33 35 3A 33 30 20 31 31 39 38 38    3 08:35:30 11988
35 37 00 4D 65 00                                  57.Me.


____________________________________________________________________________________________________



FF 51 86 00    header...
D9 DA 69 00    client token
00 0A 00 01    exe version
AF 3C 9C 00    exe hash         
02 00 00 00   keys num
00 00 00 00    using spawn

10 00 00 00    key 1 length
00 00 00 00     key 1 product
00 12 F9 FB    cdkey1 value1
00 00 00 00    key1 unknown

xx xx xx xx
xx xx xx xx
xx xx xx xx    KEY1 HASHED DATA
xx xx xx xx
xx xx xx xx

10 00 00 00   k2 len
00 00 00 00    k2 product
00 C3 9C E9    key2 value1
00 00 00 00   key2 unknown

xx xx xx xx
xx xx xx xx
xx xx xx xx    KEY2 HASHED DATA
xx xx xx xx
xx xx xx xx

47 61 6D 65 2E 65 78 65 20 30 35 2F 31 36 2F 30    Game.exe 05/16/0
34 20 32 31 3A 33 31 3A 33 36 20 31 31 39 38 38    4 21:31:36 11988
35 37 00 4D 65 00                                  57.Me.

___________________________________________________________________________________



FF 51 86 00    header
12 82 E0 01    client token
00 0A 00 01    exe version
56 4A 75 70   exe hash
02 00 00 00    keys num
00 00 00 00    using spawn

10 00 00 00    k1 len
00 00 00 00   k1 product
00 12 F9 FB    k1 value1
00 00 00 00    k1 unknown

xx xx xx xx
xx xx xx xx
xx xx xx xx    KEY1 HASHED DATA
xx xx xx xx
xx xx xx xx

10 00 00 00   k2 len
00 00 00 00    k2 product
D8 C3 9C E9   k2 value1
00 00 00 00    k2 unknown

xx xx xx xx
xx xx xx xx
xx xx xx xx    KEY2 HASHED DATA
xx xx xx xx
xx xx xx xx

47 61 6D 65 2E 65 78 65 20 30 35 2F 31 36 2F 30    Game.exe 05/16/0
34 20 32 31 3A 33 31 3A 33 36 20 31 31 39 38 38    4 21:31:36 11988
35 37 00 4D 65 00                                  57.Me.


Differences:
-The "CDKey Number 1" of each cd key.
-The last string. D2 client sends "Game.exe 10/13/04 21:31:36 11988" while for some reason my program sends "Game.exe 05/16/04 21:31:36 11988"
-Also, the product of my program is 00 00 00 00. I thought RunCDKeyDecode wrote the product in dwProduct, do I have to write the product id in a variable myself?

UserLoser.

#82
10 00 00 00    key 1length
06 00 00 00       cdkey1 product
D9 15 0D 00    cdkey1 value1
00 00 00 00    key1 unknown

10 00 00 00      k2 len
0A 00 00 00    k2 product
FB F9 12 00    k2 value1
00 00 00 00    k2 unknown

10 00 00 00    key 1 length
06 00 00 00     cdkey1 product
D9 15 0D 00    cdkey1 value1
00 00 00 00    key1 unknown

10 00 00 00     k2 len
0A 00 00 00    k2 product
FB F9 12 00    k2 value1
00 00 00 00    k1 unknown



10 00 00 00    key 1 length
00 00 00 00     key 1 product
00 12 F9 FB    cdkey1 value1
00 00 00 00    key1 unknown

10 00 00 00   k2 len
00 00 00 00    k2 product
00 C3 9C E9    key2 value1
00 00 00 00   key2 unknown

10 00 00 00    k1 len
00 00 00 00   k1 product
00 12 F9 FB    k1 value1
00 00 00 00    k1 unknown

10 00 00 00   k2 len
00 00 00 00    k2 product
D8 C3 9C E9   k2 value1
00 00 00 00    k2 unknown

Your classic CDKeys appear to be the same, but the expansion ones are not.  The way you're inserting them in your outgoing packetbuffer seems to be a problem.  They should be inserted without modification to them.  Your not giving a product id, which comes from RunDecodeCDKey.  If you're using the same CDkeys, everything on the top should be identical to the bottom two.  If i'm understanding your WriteDword function, the first parameter should be a 0 for all this

z-stars

#83
I found an error in my code (In RuncdKeyDecode, I used some first cd key vars with the second cd key), I have fixed it I think. (But it still gives the wrong version packet).
The new code:

// S SID_AUTH_CHECK
// This function is supossed to build and send the fifth packet (0x51)
// At the start of this function, csFifthPacket.packet (the packet 0x51 that
// this function sends to battle.net at the end) is EMPTY.
int LTBNFifthPacket()
{
   /* Globals... */
   BEFORE_SEND;
   int n = 0;
   char * CDKeyOwner = "Me";
   //DWORD Key1Product = 0x06;
   //DWORD Key2Product = 0x0A;
   /* End of Globals */

   /* First, load Battle.snp to do the hashing for us */
   HMODULE battlesnp;
   battlesnp = LoadLibrary("Battle.snp");
   if(!battlesnp) cout << "Couldn't load battle.snp" << endl;
   /* Battlesnp Loaded */


   /* CHECK REVISION */
   /* Call CheckRevision() to get the some of the values to send */
   /* The values we get are: ExeHash and Version (dwExeHash, and dwVersion) */
   /* Also, we get an ExeInfo string. (To CRExeInfo). */
   DWORD dwVersion = 0;
   DWORD dwChecksum = 0;
   char CRExeInfo[5000];
   memset(CRExeInfo, 0, 5000);
   //strcpy(CRExeInfo, ExeInfo);
   BOOL bCheckRevision = 0;
   bCheckRevision =
      CheckRevision("C:\\Archivos de programa\\Diablo II\\Game.exe",
         "C:\\Archivos de programa\\Diablo II\\storm.dll",
         "C:\\Archivos de programa\\Diablo II\\BNClient.dll",
         r_SID_AUTH_INFO.ValueString,
         &dwVersion, &dwChecksum,
         CRExeInfo,
         r_SID_AUTH_INFO.IX86ver_filename);
   if(bCheckRevision == FALSE)
   {
      cout << "ERROR: Check Revision() Failed" << endl;
      system("pause");
   }
   else cout << "CheckRevision() Success" << endl;
   /*printf("dwVersion: %x  || dwChecksum: %x || ExeInfo: %s",
      dwVersion, dwChecksum, CRExeInfo);*/
   /* END OF CHECK REVISION */

   cout << "dwVersion: " << hex << dwVersion << endl;
         

   /* VARIABLES TO PUT IN THE PACKET DECLARATIONS */
   int x = 0;
   BYTE FirstByte = 0xFF; // It's always 0xFF
   BYTE PacketID = 0x51; // PacketId's 0x51
   WORD PacketLen = 132 + strlen(CDKeyOwner); // Packet Length is 132 + ownerlen
   DWORD ClientToken = GetTickCount(); // I use GetTickCount() to get that
   DWORD ExeVersion = dwVersion; // From CheckRevision()
   DWORD ExeHash = dwChecksum; // From CheckRevision()
   DWORD CDKeyNumber = 2; // 1 D2 cd key, 1 Lod cd key.
   DWORD UsingOfKeys = 0; // 0

   DWORD Key1Len = 0x10; // Length of D2 CdKey: 16 (0x10)
   DWORD Key1Num1 = x; // This is supossed to be the First Number of the first cd key.
                  // I'm not sure how to get it.
   DWORD Key1Unknown = 0; // Unknown(0)

   DWORD Key2Len = 0x10; // Same...
   
   DWORD Key2Num1 = x;      // Same...
   DWORD Key2Unknown = 0; // Unknown (0)
   /* END OF VARIABLES TO PUT IN THE PACKET DECLARATIONS */

   /* CALL RUNCDKEYDECODE */
   DWORD dwKey1Product = 0;
   DWORD dwKey1Private = 0;
   DWORD dwKey1Public = 0;
   RunCDkeyDecode(&dwKey1Product, &dwKey1Public, &dwKey1Private, szD2CdKey);
   ////
   //cout << endl << "RUNCDKEYDECODE" << endl;
   //cout << "dwProduct: " << hex << dwProduct << endl;
   //cout << "dwPublic: " << hex << dwPublic << endl;
   //cout << "dwPrivate: " << hex << dwPrivate << endl;
   //cout << endl << endl;
   /* END OF CALL RUNCDKEYDECODE */

   /* CALL HASHDATA FOR CDKEY1*/
   DWORD dwKey1HashBuffer[6];
   DWORD dwKey1OutBuffer[5]; // This is supossed to be the CDKey1 Data.
   dwKey1HashBuffer[0] = ClientToken; // We got this with GetTickCount()
   dwKey1HashBuffer[1] = r_SID_AUTH_INFO.Server_Token; // Bnet sent this in the last packet
   dwKey1HashBuffer[2] = dwKey1Product; // We got this with RunCDKeyDecode
   dwKey1HashBuffer[3] = dwKey1Public; // We got this with RunCDKeyDecode too
   dwKey1HashBuffer[4] = 0; // 0...
   dwKey1HashBuffer[5] = dwKey1Private; // Also, we got this with RunCDKeyDecode
   HashData(24, dwKey1OutBuffer, dwKey1HashBuffer);
   /* END OF CALL HASHDATA */

   /* DO THE SAME FOR CDKEY2 */
   DWORD dwKey2Product = 0;
   DWORD dwKey2Private = 0;
   DWORD dwKey2Public = 0;
   RunCDkeyDecode(&dwKey2Product, &dwKey2Public, &dwKey2Private, szLODCdKey);

   DWORD dwKey2HashBuffer[6];
   DWORD dwKey2OutBuffer[5];
   dwKey2HashBuffer[0] = GetTickCount();
   dwKey2HashBuffer[1] = r_SID_AUTH_INFO.Server_Token;
   dwKey2HashBuffer[2] = dwKey2Product;
   dwKey2HashBuffer[3] = dwKey2Public;
   dwKey2HashBuffer[4] = 0;
   dwKey2HashBuffer[5] = dwKey2Private;
   HashData(24, dwKey2OutBuffer, dwKey2HashBuffer);
   /* ~~ */


   /* WRITE EVERYTHING IN THE PACKET */

   // Info about csFifthPacket class:
   // The packet itself is csFifthPacket.packet and it is a
   // dynamically allocated BYTE array.
   // The position the next function will write to is stored at
   // nByte2Write and is increased automatically with each WriteX function
   // call.
   // WriteByte writes a byte to packet. (csFifthPacket.packet).
   // WriteWord and WriteDWord take 2 arguments. The first one tells
   // if it has to convert the Word or DWord given to Little Endian before
   // putting it in packet or not. If the first argument is 0, it will
   // convert the DWORD given to Little Endian, and then put it in the
   // packet. If it is 1, it will put it in the packet directly without
   // converting it.
   // WriteString() just writes a string and a null terminator to packet.

   csFifthPacket.WriteByte(0xFF);
   csFifthPacket.WriteByte(0x51);
   // Gotta solve this bug some day...
   csFifthPacket.WriteWord(0, 132 + strlen(CDKeyOwner));
   
   csFifthPacket.WriteDWord(0, ClientToken);
   cout << "dwVersion: " << hex << dwVersion << endl;
   cout << "ExeVersion: " << hex << ExeVersion << endl;
   cout << "hdwVersion: " << hex << htonl(dwVersion) << endl;
   csFifthPacket.WriteDWord(0, ExeVersion); // From CheckRevision()
   csFifthPacket.WriteDWord(0, ExeHash);  // From CheckRevision()
   csFifthPacket.WriteDWord(0, CDKeyNumber);
   csFifthPacket.WriteDWord(0, UsingOfKeys);

   cout << "dwKey1Public: " << hex << dwKey1Public << endl;
   cout << "dwKey1Private: " << hex << dwKey1Private << endl;
   cout << "dwKey2Public: " << hex << dwKey2Public << endl;
   cout << "dwKey2Private: " << hex << dwKey2Private << endl;

   csFifthPacket.WriteDWord(0, Key1Len);
   cout << "dwKey1Product: " << hex << dwKey1Product << endl;
   cout << "dwKey2Product: " << hex << dwKey2Product << endl;
//   cout << "Key1Product: " << hex << Key1Product << endl;
//   cout << "Key2Product: " << hex << Key2Product << endl;
   csFifthPacket.WriteDWord(1, dwKey1Product);
   csFifthPacket.WriteDWord(1, dwKey1Public); //dwPu
   csFifthPacket.WriteDWord(0, Key1Unknown);
   csFifthPacket.WriteDWord(1,dwKey1OutBuffer[0]);
   csFifthPacket.WriteDWord(1,dwKey1OutBuffer[1]);
   csFifthPacket.WriteDWord(1,dwKey1OutBuffer[2]);
   csFifthPacket.WriteDWord(1,dwKey1OutBuffer[3]);
   csFifthPacket.WriteDWord(1,dwKey1OutBuffer[4]);

   csFifthPacket.WriteDWord(0, Key2Len);
   csFifthPacket.WriteDWord(1, dwKey2Product);
   csFifthPacket.WriteDWord(1, dwKey2Private); //dwPr
   csFifthPacket.WriteDWord(0, Key2Unknown);
   csFifthPacket.WriteDWord(1,dwKey2OutBuffer[0]);
   csFifthPacket.WriteDWord(1,dwKey2OutBuffer[1]);
   csFifthPacket.WriteDWord(1,dwKey2OutBuffer[2]);
   csFifthPacket.WriteDWord(1,dwKey2OutBuffer[3]);
   csFifthPacket.WriteDWord(1,dwKey2OutBuffer[4]);

   csFifthPacket.WriteString(CRExeInfo); // From CheckRevision()
   csFifthPacket.WriteString(CDKeyOwner);

   // These two sentences set the packet size word of packet to the packet
   // len. (Previously it was 136 instead 134).
   
   /* END OF WRITE EVERYTHING AT THE PACKET */

   
   /* SEND csFifthPacket.packet TO BATTLE.NET */
   n = SendPacket(csFifthPacket.packet, csFifthPacket.GetPacketLen());
   if(n == -1) error(10, "SendPacket");
   else cout << "Packet 0x51 Sent " << "Bytes: " << n << endl;
   /* END OF SEND PACKET TO BATTLE.NET */

   return n;
}


void HashData(DWORD length, LPVOID outbuf, LPVOID tohash)
{
  DWORD len = length;
  __asm {
     push ecx
     push edx
     mov ecx, outbuf
     mov edx, tohash
     push len
     call HashFunction
     pop edx
     pop ecx
  }
}


void RunCDkeyDecode(DWORD *Product, DWORD *CDKeyVal1, DWORD *CDKeyVal2, const char *CDKey)
{

  __asm
  {
     push ecx
     push edx
     mov ecx, CDKey
     mov edx, Product
     push CDKeyVal2
     push CDKeyVal1
     call DecodeCDKeyFunction
     pop edx
     pop ecx
  }
}



LTBNSixthPacket()
{
   int n = 0;
   BEFORE_RECV;
   n = RecvPacket(crSixthPacket.packet, 50);
   if(n == -1) error(9, "RecvPacket");
   else cout << "Packet 6 Recv. Bytes: " << n << endl;
   
   memset(r_SID_AUTH_CHECK.AdditionalInformation, 0,
      sizeof(r_SID_AUTH_CHECK.AdditionalInformation));
   crSixthPacket.ReadByte(&r_SID_AUTH_CHECK.IntegrityCheck);
   crSixthPacket.ReadByte(&r_SID_AUTH_CHECK.PacketID);
   crSixthPacket.ReadWord(0, &r_SID_AUTH_CHECK.PacketLen);
   // Im converting this dword to big endian before parsing it.
   crSixthPacket.ReadWord(0, &r_SID_AUTH_CHECK.Result1);
   crSixthPacket.ReadWord(0, &r_SID_AUTH_CHECK.Result2);
   crSixthPacket.ReadString(r_SID_AUTH_CHECK.AdditionalInformation);

   cout << endl;
   switch(r_SID_AUTH_CHECK.Result1)
   {
   case 0x000: cout << "Passed Challenge" << endl; break;
   case 0x100: cout << "Old Game Version" << endl; break;
   case 0x101: cout << "Invalid Version" << endl; break;

   case 0x200: cout << "Invalid CDKey" << endl; break;
   case 0x201: cout << "CDKey in use" << endl; break;
   case 0x202: cout << "Banned CDKey" << endl; break;
   case 0x203: cout << "Wrong Product" << endl; break;
   default: cout << "Undefined" << endl;
   }

   switch(r_SID_AUTH_CHECK.Result2)
   {
   case 0x200: cout << "Invalid CDKey" << endl; break;
   case 0x201: cout << "CDKey in use" << endl; break;
   case 0x202: cout << "Banned CDKey" << endl; break;
   case 0x203: cout << "Wrong Product" << endl; break;
   default: cout << "Undefined" << endl;
   }


   cout << "ADDITIONAL INFORMATION: " <<
      r_SID_AUTH_CHECK.AdditionalInformation << endl;

   crSixthPacket.dbgShowPacket();

   return n;
}



I'll get another packet log to see how it works now. About the first argument of WriteDWord(), if it is 0, it thinks the number is Big Endian, so it converts it to Little Endian to put it in the packet, if it is 1, it doesn't modify it.



The new packet log: The first 2 logs are from the real d2 LOD client, the last log is from my program


FF 51 86 00    header
ED E7 B4 11    client token
00 0A 00 01    exe version
D5 AD 18 D6    exe hash  
02 00 00 00    keys num
00 00 00 00    using spawn

10 00 00 00    key 1length
06 00 00 00       cdkey1 product
D9 15 0D 00    cdkey1 value1
00 00 00 00    key1 unknown

xx xx xx xx
xx xx xx xx
xx xx xx xx    KEY1 HASHED DATA
xx xx xx xx
xx xx xx xx

10 00 00 00      k2 len
0A 00 00 00    k2 product
FB F9 12 00    k2 value1
00 00 00 00    k2 unknown

xx xx xx xx
xx xx xx xx
xx xx xx xx    KEY2 HASHED DATA
xx xx xx xx
xx xx xx xx
 
47 61 6D 65 2E 65 78 65 20 31 30 2F 31 33 2F 30    Game.exe 10/13/0
33 20 30 38 3A 33 35 3A 33 30 20 31 31 39 38 38    3 08:35:30 11988
35 37 00 4D 65 00                                  57.Me.


__________________________________________________________________________



FF 51 86 00    header
1B 13 43 DF    client token
00 0A 00 01    exe version
DF F5 4A EE       exe hash
02 00 00 00    keys num
00 00 00 00    using spawn

10 00 00 00    key 1 length
06 00 00 00     cdkey1 product
D9 15 0D 00    cdkey1 value1
00 00 00 00    key1 unknown

xx xx xx xx
xx xx xx xx
xx xx xx xx    KEY1 HASHED DATA
xx xx xx xx
xx xx xx xx

10 00 00 00     k2 len
0A 00 00 00    k2 product
FB F9 12 00    k2 value1
00 00 00 00    k1 unknown

xx xx xx xx
xx xx xx xx
xx xx xx xx    KEY2 HASHED DATA
xx xx xx xx
xx xx xx xx

47 61 6D 65 2E 65 78 65 20 31 30 2F 31 33 2F 30    Game.exe 10/13/0
33 20 30 38 3A 33 35 3A 33 30 20 31 31 39 38 38    3 08:35:30 11988
35 37 00 4D 65 00                                  57.Me.


____________________________________________________________________________________________________



FF 51 86 00    header
34 8F 63 02    client token
00 0A 00 01    exe version
76 59 2C B2   exe hash
02 00 00 00    keys num
00 00 00 00    using spawn

10 00 00 00    k1 len   
00 00 00 06   k1 product
00 0D 15 D9    k1 val1
00 00 00 00    k1 unknown

xx xx xx xx
xx xx xx xx
xx xx xx xx    KEY1 HASHED DATA
xx xx xx xx
xx xx xx xx

10 00 00 00   k2 len
00 00 00 0A   k2 product
D8 C3 9C E9    k2 val1
00 00 00 00    k2 unknown

xx xx xx xx
xx xx xx xx
xx xx xx xx    KEY2 HASHED DATA
xx xx xx xx
xx xx xx xx

47 61 6D 65 2E 65 78 65 20 30 35 2F 31 36 2F 30
34 20 32 31 3A 33 31 3A 33 36 20 31 31 39 38 38    4 21:31:36 11988
35 37 00 4D 65 00                                  57.Me.



EDIT: Products are given in Big Endian, changed the code to convert em to Little Endian before putting em in the packet, so now the products should be well.

z-stars

#84
Mhh it seems that Decode Cd Key function gives everything in Big Endian, but I dont know why the second cd key doesn't match, I have looked the cd key with Onlyer's Show CdKey program. (erm it was Onlyer's I think I'm not sure now)

EDIT: BTW, here is my WriteDWord function:


int BNETsPacket::WriteDWord(int mode, DWORD dword)
{
   BYTE buf[5];
   memset(buf, 0, sizeof(buf));

   BYTE* bFourBytes = reinterpret_cast<BYTE*>(&dword);
   buf[3] = (bFourBytes[0]);
   buf[2] = (bFourBytes[1]);
   buf[1] = (bFourBytes[2]);
   buf[0] = (bFourBytes[3]);

   if(mode == 0)
   {
      WriteDWord(0, buf);
   }
   else if(mode == 1)
   {
      WriteDWord(1, buf);
   }

   return 0;
}



int BNETsPacket::WriteDWord(int mode, BYTE * bytes)
{
   if(bAutoSize == true)
      AllocBytes(4);
   if(mode == P_WM_BE)
   {
      packet[nByte2Write] = bytes[3];
      packet[nByte2Write+1] = bytes[2];
      packet[nByte2Write+2] = bytes[1];
      packet[nByte2Write+3] = bytes[0];
   }
   else if(mode == P_WM_LE)
   {
      packet[nByte2Write] = bytes[0];
      packet[nByte2Write+1] = bytes[1];
      packet[nByte2Write+2] = bytes[2];
      packet[nByte2Write+3] = bytes[3];
   }
   nByte2Write += 4;
   nPacketLen += 4;
   return 0;
}



EDIT:

#define P_WM_LE     1
#define P_WM_BE     0


OnlyMeat

Why dont you just use memcpy ?

The amount of asm that will be  generated from that code is just silly :(

Using memcpy will translate to about 2 asm lines!

z-stars

Quote from: OnlyMeat on July 26, 2004, 06:20 PM
Why dont you just use memcpy ?

The amount of asm that will be  generated from that code is just silly :(

Using memcpy will translate to about 2 asm lines!


I dont think it would translate to 2 asm lines, but how would I use memcpy to do the same?

UserLoser.

#87
Insert the cdkey values as they are.  Don't swap the bytes around.  Little endian not big.

z-stars

#88
Quote from: UserLoser. on July 26, 2004, 07:03 PM
Insert the cdkey values as they are.  Don't swap the bytes around.  Little endian not big.

I'm not swapping em, if mode == 0 they are given in Little Endian so it doesn't swap em.
But should I swap the values returned by cdKeydecode?

z-stars

#89
For some reason my program's Key2 Value1 is different from the real Key2 Value 1 that my Diablo II client sends to battle.net. That's strange because I am pretty sure that the cdkey is the same (I have copy&pasted it with a ShowCDKey program)
Another problem is that I don't know where CheckRevision() gets its exe info from, because the real d2 client gets different exe info. I'm passing as arguments the paths to: Game.exe, storm.dll, BnClient.dll.

First 2 logs are the real client, the other logs are from my prog.

FF 51 86 00    header
ED E7 B4 11    client token
00 0A 00 01    exe version
D5 AD 18 D6    exe hash  
02 00 00 00    keys num
00 00 00 00    using spawn

10 00 00 00    key 1length
06 00 00 00       cdkey1 product
D9 15 0D 00    cdkey1 value1
00 00 00 00    key1 unknown

xx xx xx xx
xx xx xx xx
xx xx xx xx    KEY1 HASHED DATA
xx xx xx xx
xx xx xx xx

10 00 00 00      k2 len
0A 00 00 00    k2 product
FB F9 12 00    k2 value1
00 00 00 00    k2 unknown

xx xx xx xx
xx xx xx xx
xx xx xx xx    KEY2 HASHED DATA
xx xx xx xx
xx xx xx xx
 
47 61 6D 65 2E 65 78 65 20 31 30 2F 31 33 2F 30    Game.exe 10/13/0
33 20 30 38 3A 33 35 3A 33 30 20 31 31 39 38 38    3 08:35:30 11988
35 37 00 4D 65 00                                  57.Me.


__________________________________________________________________________



FF 51 86 00    header
1B 13 43 DF    client token
00 0A 00 01    exe version
DF F5 4A EE       exe hash
02 00 00 00    keys num
00 00 00 00    using spawn

10 00 00 00    key 1 length
06 00 00 00     cdkey1 product
D9 15 0D 00    cdkey1 value1
00 00 00 00    key1 unknown

xx xx xx xx
xx xx xx xx
xx xx xx xx    KEY1 HASHED DATA
xx xx xx xx
xx xx xx xx

10 00 00 00     k2 len
0A 00 00 00    k2 product
FB F9 12 00    k2 value1
00 00 00 00    k1 unknown

xx xx xx xx
xx xx xx xx
xx xx xx xx    KEY2 HASHED DATA
xx xx xx xx
xx xx xx xx

47 61 6D 65 2E 65 78 65 20 31 30 2F 31 33 2F 30    Game.exe 10/13/0
33 20 30 38 3A 33 35 3A 33 30 20 31 31 39 38 38    3 08:35:30 11988
35 37 00 4D 65 00                                  57.Me.


____________________________________________________________________________________________________


___________________________________________________________________________________



FF 51 86 00    header
B4 BB C2 02    c token
00 0A 00 01    exe v.
4A 04 8A D9   exe hash
02 00 00 00    nKeys
00 00 00 00    using spawn

10 00 00 00    key 1 length
00 00 00 06   key 1 product    
00 0D 15 D9    key value 1
00 00 00 00    key1 unknown

xx xx xx xx
xx xx xx xx
xx xx xx xx    KEY1 HASHED DATA
xx xx xx xx
xx xx xx xx

10 00 00 00   key 2 len
00 00 00 0A    key 2 product
D8 C3 9C E9    key 2 value 1
00 00 00 00    key 2 unknown

xx xx xx xx
xx xx xx xx
xx xx xx xx    KEY2 HASHED DATA
xx xx xx xx
xx xx xx xx

47 61 6D 65 2E 65 78 65 20 30 35 2F 31 36 2F 30      Game.exe 05/16/0      
34 20 32 31 3A 33 31 3A 33 36 20 31 31 39 38 38    4 21:31:36 11988
35 37 00 4D 65 00                                  57.Me.



__________________________________

FF 51 86 00    header...
D9 DA 69 00    client token
00 0A 00 01    exe version
AF 3C 9C 00    exe hash         
02 00 00 00   keys num
00 00 00 00    using spawn

10 00 00 00    key 1 length
00 00 00 00     key 1 product
00 12 F9 FB    cdkey1 value1
00 00 00 00    key1 unknown

xx xx xx xx
xx xx xx xx
xx xx xx xx    KEY1 HASHED DATA
xx xx xx xx
xx xx xx xx

10 00 00 00   k2 len
00 00 00 00    k2 product
00 C3 9C E9    key2 value1
00 00 00 00   key2 unknown

xx xx xx xx
xx xx xx xx
xx xx xx xx    KEY2 HASHED DATA
xx xx xx xx
xx xx xx xx

47 61 6D 65 2E 65 78 65 20 30 35 2F 31 36 2F 30    Game.exe 05/16/0
34 20 32 31 3A 33 31 3A 33 36 20 31 31 39 38 38    4 21:31:36 11988
35 37 00 4D 65 00                                  57.Me.


|