Understanding how hashing works

[BaDDBLooD]

Ok, i was talking with UserLoser about Packet 0x50, learned a few things;  Still have a few questions.

When blizzard sends you back 0x50

You recieve a Revision Number?

There are a Couple Responses

0x00 = XSHA-1 ( Why is it Called XSHA-1, What's with PSUEDO Sha-1, Broken Sha-1, and all that stuff )
0x01 = SRP
0x02 = Modified SRP? or What!?

What is Server Key? Some time of Authentication Signature?

What is UDP Value?

Filetime, Used in order to upgrade patch or something?

Version FileName, No idea what this is used for.
Hash Command, All Randomly Generated By the server.  Where S is Constant and found in... Storm.dll??? What is this used for?

Server Signature? What is this used for?

Thanks Alot

- BaDDBLooD

[ChR0NiC]

Ok, i was talking with UserLoser about Packet 0x50, learned a few things;  Still have a few questions.
0x00 = XSHA-1 ( Why is it Called XSHA-1, What's with PSUEDO Sha-1, Broken Sha-1, and all that stuff )
0x01 = SRP
0x02 = Modified SRP? or What!?

0x01 <- W3 Beta
0x02 <- W3 and W3XP Standard SHA-1

[BaDDBLooD]

So than what's 0x00?

[ChR0NiC]

You had the Broken SHA-1 correct, but the other two needed some correcting.

[BaDDBLooD]

Where does SRP Come in than?

[iago]

SRP is the authentication that Warcraft 3 uses to verify passworsd.  It's a 4-part process, and you can find official documetnation at http://srp.stanford.edu .

[Soul Taker]

Where does SRP Come in than?

Hashing used to log in your account with the NLS (revision 0x1 or 0x2).

Edit: SCREW YOU iago

[ChR0NiC]

Here is some Psuedo Code for SHA-1 I doubt it is the exact same as Broken SHA-1 but here ya go.

A description of SHA-1

Code Select Expand


a = h0 = 0x67452301
b = h1 = 0xEFCDAB89
c = h2 = 0x98BADCFE
d = h3 = 0x10325476
e = h4 = 0xC3D2E1F0
(Pre-processing:)
paddedmessage = (message) append 1
while length(paddedmessage) < 512n - 64:
paddedmessage = paddedmessage append 0
paddedmessage = paddedmessage append (length(message) in 64-bit format)
(Process the message in successive 512-bit chunks:)
while 512-bit chunk(s) remain(s):
break the current chunk into sixteen 32-bit words w(i), 0 <= i <= 15
(Extend the sixteeen 32-bit words into eighty 32-bit words:)
for i from 16 to 79:
w(i) = (w(i-3) xor w(i-8) xor w(i-14) xor w(i-16)) leftrotate 1
(Main loop:)
for i from 0 to 79:
temp = (a leftrotate 5) + f(b,c,d) + e + k + w(i) (note: all addition is mod 2^32)
where:
(0 <= i <= 19): f(b,c,d) = (b and c) or ((not b) and d), k = 0x5A827999
(20 <= i <= 39): f(b,c,d) = (b xor c xor d), k = 0x6ED9EBA1
(40 <= i <= 59): f(b,c,d) = (b and c) or (b and d) or (c and d), k = 0x8F1BBCDC
(60 <= i <= 79): f(b,c,d) = (b xor c xor d), k = 0xCA62C1D6
e = d
d = c
c = b leftrotate 30
b = a
a = temp
h0 = h0 + a
h1 = h1 + b
h2 = h2 + c
h3 = h3 + d
h4 = h4 + e
digest = hash = h0 append h1 append h2 append h3 append h4
Note: Instead of the formulation from FIPS PUB 180-1 shown, the following may be used for improved efficiency:

(0 <= i <= 19): f(b,c,d) = (d xor (b and (c xor d)))
(40 <= i <= 59): f(b,c,d) = (b and c) or (d and (b or c)))


Oh and in case you didn't know SHA = Secure Hash Algorithm and the -1 means the version. Battle.net modified this a little bit and is called Broken SHA-1, just their own kind of version I believe.

[Soul Taker]

Not very related, but if true could change a lot:
http://www.freedom-to-tinker.com/archives/000661.html

[BaDDBLooD]

Where does SRP Come in than?

Hashing used to log in your account with the NLS (revision 0x1 or 0x2).

Edit: SCREW YOU iago

So what are the Resvision Status codes? You guys got me all fricking Confused now!

0x00 = Broken SHA-1
0x01 = SRP For WAR3 Beta
0x02 = SRP for WAR3/W3XP

Broken SHA-1 And SRP are both used to hash passwords?

EDIT: Can you guys answer all my other questions as well?

[ChR0NiC]

I believe SRP is used to hash W3 passwords only and SHA-1 is used to hash old product passwords and all cdkey'd products, though I am informed from a reliable source

[BaDDBLooD]

What exactly is SRP Sha-1 used to hash?

[UserLoser.]

Also, Diablo II and Starcraft both support the logon version 0x01. (Or NLS Revision as some refer to it as)

[UserLoser.]

Ok, i was talking with UserLoser about Packet 0x50, learned a few things;  Still have a few questions.

When blizzard sends you back 0x50

You recieve a Revision Number?

There are a Couple Responses

0x00 = XSHA-1 ( Why is it Called XSHA-1, What's with PSUEDO Sha-1, Broken Sha-1, and all that stuff )
0x01 = SRP
0x02 = Modified SRP? or What!?

What is Server Key? Some time of Authentication Signature?

What is UDP Value?

Filetime, Used in order to upgrade patch or something?

Version FileName, No idea what this is used for.
Hash Command, All Randomly Generated By the server.  Where S is Constant and found in... Storm.dll??? What is this used for?

Server Signature? What is this used for?

Thanks Alot

- BaDDBLooD

ServerKey: Used for hashing password and CDKey.
UDPValue: Sent back in UDP packet 0x9.
Filetime: FILETIME struct of the filetime for the versioning MPQ.
Filename: Contains the versioning .DLL, which is then downloaded from Battle.net by the Blizzard clients (or such clients as UserLoserBot), then extracts the .DLL and calls CheckRevision later on.
Hash command: Used for CheckRevision to calculate checksum.
Server signature: Used to verify the server's signature based on it's IP address

[BaDDBLooD]

How is the Server key used to hash password / cdkey

How Can starcraft/Diablo2 use NLS Revison 0x01?.. lost me there

What exactly is the FILETIME used for?

What is the Checksum used for that comes from the hash command?

I STill don't understand what Server Signature is.