I writed java server application(with response to login packets) and changed my IP to 12.129.206.131, however game don't want to connect to this address, further investigation showed that game connects to 12.129.206.133:bnetfile(1120) to download battle.net settings file. After that file redirects to 12.129.206.131. Protocol to get the file is Blizzard HTTP(User-Agent: Blizzard Web Client, Host: us-beta.patch.battle.net:1120). To emulate server we need to change this file and log all packets to battle.net with WireShark.
to connect to your server modifies the host file and adds
127.0.0.1 us-beta.logon.battle.net
127.0.0.1 s.launcher.battle.net
127.0.0.1 enUS.logon.battle.net
Itry to create a battlenet emulator, but when connecting to battlenetsends a different package each time, is 919 bytes, some data are equalbut some are different.
http://www.plunder.com/Data-download-74b008a2a4.htm (http://www.plunder.com/Data-download-74b008a2a4.htm)
if I put one of those "data" gives me error
Image Error.
(http://img168.imageshack.us/img168/9158/errorxn.jpg)
PD: Ctrl+alt+F to see FPS ingame.
Nice But there is no way to make this error goo away like the loginn screen ?
Quote from: hectorzx on February 22, 2010, 10:39:15 AM
to connect to your server modifies the host file and adds
127.0.0.1 us-beta.logon.battle.net
127.0.0.1 s.launcher.battle.net
127.0.0.1 enUS.logon.battle.net
Itry to create a battlenet emulator, but when connecting to battlenetsends a different package each time, is 919 bytes, some data are equalbut some are different.
http://www.plunder.com/Data-download-74b008a2a4.htm (http://www.plunder.com/Data-download-74b008a2a4.htm)
if I put one of those "data" gives me error
have you tried comparing the outgoing and incoming packets? it may be that the client is requesting slightly different information, or information in a different order each time.
if you get the same responce for each packet, you will just have to program the roesponces to each request. if it seems more random, you may have to wait till we can decompile the packets and see what exactly is being sent and recived.
A changing message stream from session to session indicates either:
- A context-dependent message sent from the client (i.e. sending local timestamp or something similar)
- A session-dependent message sent accordingly to a received message from the server (most likely).
As the 2nd case is the most likely, either cryptanalyze the previous received message against the newly sent one (should be linear).
Or in case of a hash-like formula (non linear), you should quickly recognize the hash signature in any disassembler.
Btw, why do you bother emulating a bnet server while a client patch skipping the remote call & hard coded map list would be enough ?
(ps: sorry, i'm not native english speaker :/)
I totaly agree with newbiz except emulating a bnet server could lead us to our supreme goal... multiplayer games maybe :D
The sc2 server I have written in java yesterday, link to the server:
JRE(must install to run) - http://www.java.com/ru/download/manual.jsp, (http://www.java.com/ru/download/manual.jsp,) Server(Only Login with responses - badPass/NoSC2) - http://loino.co.cc/upload-files/tmp/SC2BattleNET.jar (http://loino.co.cc/upload-files/tmp/SC2BattleNET.jar)
I need packets dump or sc2 key in order to furter develop it.
Quote from: MADCATX on February 23, 2010, 03:40:28 PM
The sc2 server I have written in java yesterday, link to the server:
JRE(must install to run) - http://www.java.com/ru/download/manual.jsp, (http://www.java.com/ru/download/manual.jsp,) Server(Only Login with responses - badPass/NoSC2) - http://loino.co.cc/upload-files/tmp/SC2BattleNET.jar (http://loino.co.cc/upload-files/tmp/SC2BattleNET.jar)
I need packets dump or sc2 key in order to furter develop it.
Wow man excellent job! If you created a server does that mean we could theoratically play both AI and multiplayer (multiplayer against only for those who join the fake bnet server)?
If it's your server than how come you still need a key? Sorry, I'm a newb and I'm just trying to understand the progress. :)
he is just emulating server response.... as he does not have the auth packet he is using the one he has....
He needs an authorized session to continue his work..
In my opinion it's the right way to go to....
Quote from: Gamewiz on February 23, 2010, 04:54:05 PM
Wow man excellent job! If you created a server does that mean we could theoratically play both AI and multiplayer (multiplayer against only for those who join the fake bnet server)?
If it's your server than how come you still need a key? Sorry, I'm a newb and I'm just trying to understand the progress. :)
I created server logic(Open/Close Sockets, send Packets, patch windows hosts file, etc...), but I still don't know what packets I must send to client so client can login. All data server sends is data mined by me with wireshark. I don't have the key to SC2, so i can't data mine other data, needed to client to Interact with BNet.
wow man way to go... wish I had a key to let you use :(
Quote from: MADCATX on February 23, 2010, 05:00:51 PM
Quote from: Gamewiz on February 23, 2010, 04:54:05 PM
Wow man excellent job! If you created a server does that mean we could theoratically play both AI and multiplayer (multiplayer against only for those who join the fake bnet server)?
If it's your server than how come you still need a key? Sorry, I'm a newb and I'm just trying to understand the progress. :)
I created server logic(Open/Close Sockets, send Packets, patch windows hosts file, etc...), but I still don't know what packets I must send to client so client can login. All data server sends is data mined by me with wireshark. I don't have the key to SC2, so i can't data mine other data, needed to client to Interact with BNet.
See if you can "borrow" the key from the guy who is updating the twitter. Since he apparantly got one, you'd think he'd help us all in the progress of getting this up and running...
Quote from: Gamewiz on February 23, 2010, 05:19:37 PM
Quote from: MADCATX on February 23, 2010, 05:00:51 PM
Quote from: Gamewiz on February 23, 2010, 04:54:05 PM
Wow man excellent job! If you created a server does that mean we could theoratically play both AI and multiplayer (multiplayer against only for those who join the fake bnet server)?
If it's your server than how come you still need a key? Sorry, I'm a newb and I'm just trying to understand the progress. :)
I created server logic(Open/Close Sockets, send Packets, patch windows hosts file, etc...), but I still don't know what packets I must send to client so client can login. All data server sends is data mined by me with wireshark. I don't have the key to SC2, so i can't data mine other data, needed to client to Interact with BNet.
See if you can "borrow" the key from the guy who is updating the twitter. Since he apparantly got one, you'd think he'd help us all in the progress of getting this up and running...
yeah all you need it for is what an hour maybe? I dont see the problem... also mention I will donate 10$ if you all can host a bnet server :D
Quote from: MADCATX on February 23, 2010, 05:00:51 PM
Quote from: Gamewiz on February 23, 2010, 04:54:05 PM
Wow man excellent job! If you created a server does that mean we could theoratically play both AI and multiplayer (multiplayer against only for those who join the fake bnet server)?
If it's your server than how come you still need a key? Sorry, I'm a newb and I'm just trying to understand the progress. :)
I created server logic(Open/Close Sockets, send Packets, patch windows hosts file, etc...), but I still don't know what packets I must send to client so client can login. All data server sends is data mined by me with wireshark. I don't have the key to SC2, so i can't data mine other data, needed to client to Interact with BNet.
You should just hop on the IRC chat and talk with some of the devs. I'm sure they have the information you need.
Quote from: hegemonwiggin on February 23, 2010, 05:51:50 PM
You should just hop on the IRC chat and talk with some of the devs. I'm sure they have the information you need.
I tried to, but no one answers...
Quote from: MADCATX on February 23, 2010, 06:09:57 PM
Quote from: hegemonwiggin on February 23, 2010, 05:51:50 PM
You should just hop on the IRC chat and talk with some of the devs. I'm sure they have the information you need.
I tried to, but no one answers...
Apparantly start shouting microman jokes to get their attention... :( Seems like that's all that's going on in there.
You should pm usmc23. thats what the wiki says
http://botdev.org/doku.php (http://botdev.org/doku.php)
I thought this thread might being going somewhere, but like so many others as of late, it has degenerated into another microman conversation. Any chance of this thread being cleaned up for a valid discussion?
Back to the point. Are there any packet caps of a valid beta connection available? (preferably scrubbed)
Quote from: diz on February 24, 2010, 01:29:49 PM
I thought this thread might being going somewhere, but like so many others as of late, it has degenerated into another microman conversation. Any chance of this thread being cleaned up for a valid discussion?
Back to the point. Are there any packet caps of a valid beta connection available? (preferably scrubbed)
he said he needed a beta key to continue his work.... I dont got one do you? someone needs to check what the packets are...
If I had one, I would be posting caps, rather than asking for them.
If anyone comes across this and actually has a key, but isn't sure how to go about getting a capture, PM me, or google "how to use wireshark". And at the very least, change your password before uploading anything.
Shame the devs can't work together for a common goal,
which should be cracking/playing Starcraft2.
Quote from: sc2_switcher on February 24, 2010, 02:20:29 PM
Shame the devs can't work together for a common goal,
which should be cracking/playing Starcraft2.
dont bash the devs please.... they are working hard....
do not pm usmc with random questions, only pm him if your questions can either be beneficial to there work or you are skilled in computer programming.
I'm not bashing the devs, im working with them, just saying
there should be better communication between them (over different groups).
Yes there is some drafts of Battle.net 2.0 Communication. LInk included
http://botdev.org/doku.php?id=bnet2_protcol (http://botdev.org/doku.php?id=bnet2_protcol)
maybe you want to look at
http://sc2c.pastebin.com/D7kcCBdt (http://sc2c.pastebin.com/D7kcCBdt)
and
http://sc2c.pastebin.com/8C4PJ8kx (http://sc2c.pastebin.com/8C4PJ8kx)
Quote from: drealecs on February 24, 2010, 04:41:19 PM
maybe you want to look at
http://sc2c.pastebin.com/D7kcCBdt (http://sc2c.pastebin.com/D7kcCBdt)
and
http://sc2c.pastebin.com/8C4PJ8kx (http://sc2c.pastebin.com/8C4PJ8kx)
There is no successful authentication packets, search for string: 42 48 21 02(SC2 Auth), answer to this packet is 40 28 00 e8 00 00 00 00(Bad password). I already implemented this type of packets in server, I also written the code for alert and bnetfile protocols.
Sorry if i bug you MADCATX, Can you explain if possible, how capture with authenticated information would help? I'm just curios, if that will be efficient information to emulate BAttle.net server, or there must be custom API to be written or such in order to emulate ? As far as i understand Blizzards side server currently "hosting" maps and synchronize players in the game ? How in this case capture authentication traffic would help ? Which kind of traffic is expected to be captured and what needs to be performed? Reason i'm asking is We should educate masses and have them do it without risk of them loosing their keys - everyone is suspicious about their authentication data. Please share your mind with us. Thank you !
Quote from: MADCATX on February 24, 2010, 05:51:42 PM
Quote from: drealecs on February 24, 2010, 04:41:19 PM
maybe you want to look at
http://sc2c.pastebin.com/D7kcCBdt (http://sc2c.pastebin.com/D7kcCBdt)
and
http://sc2c.pastebin.com/8C4PJ8kx (http://sc2c.pastebin.com/8C4PJ8kx)
There is no successful authentication packets, search for string: 42 48 21 02(SC2 Auth), answer to this packet is 40 28 00 e8 00 00 00 00(Bad password). I already implemented this type of packets in server, I also written the code for alert and bnetfile protocols.
Quote from: MADCATX on February 24, 2010, 05:51:42 PM
There is no successful authentication packets, search for string: 42 48 21 02(SC2 Auth), answer to this packet is 40 28 00 e8 00 00 00 00(Bad password). I already implemented this type of packets in server, I also written the code for alert and bnetfile protocols.
Sorry. I really thought it was. As soon as I'll find one I'll post here.
I'm afraid we will need a few of those auth messages to recognize pattern.
try tweaking this its the original battle.net emulator
http://www.chiark.greenend.org.uk/~owend/free/bnetd.html (http://www.chiark.greenend.org.uk/%7Eowend/free/bnetd.html)
Quote from: unsobill on February 24, 2010, 07:15:57 PM
Sorry if i bug you MADCATX, Can you explain if possible, how capture with authenticated information would help? I'm just curios, if that will be efficient information to emulate BAttle.net server, or there must be custom API to be written or such in order to emulate ? As far as i understand Blizzards side server currently "hosting" maps and synchronize players in the game ? How in this case capture authentication traffic would help ? Which kind of traffic is expected to be captured and what needs to be performed? Reason i'm asking is We should educate masses and have them do it without risk of them loosing their keys - everyone is suspicious about their authentication data. Please share your mind with us. Thank you !
First of all, if someone want to submit this data, they should change their password before doing so. It's not the only packets I ask, they should also load some map. Packets dumps will play some scenario of interacting with battle.net between client and server, that we can repeat. I don't know if there is some interaction between the client and server in the game it self with only one player presented. If there is, then it will be hard to repeat. Everything else can be done by repeating the packets scenario.
If someone cracked the battle.net.dll, and has data mined information about packet structures, then it will be more valuable then packets dumps.
SO you need someone who is able to login?, i can only get to login screen. but i sounds like you allready have those packets
I have a working cd key of my own. And i think i may be able to help depending on what you want me to do.
Quote from: Xzotica on February 25, 2010, 06:54:09 AM
I have a working cd key of my own. And i think i may be able to help depending on what you want me to do.
I posted FAQ how to do so here: http://darkblizz.org/Forum2/index.php?topic=526.0 (http://darkblizz.org/Forum2/index.php?topic=526.0)
yay xzotica!!!!
File sent to drealecs now. And i say it here aswell. If you guys need further help. then feel free to ask, and ill see what i can do.
Quote from: Xzotica on February 25, 2010, 09:36:59 AM
File sent to drealecs now. And i say it here aswell. If you guys need further help. then feel free to ask, and ill see what i can do.
your a life saver!!!!! thanks man...
Thank you very much Xzotica ^^ Very kind of you !
MADCATX, are you reading the package header/information or just sending what you captured with wireshark without knowing what it means? Can you please post what you know about the protocol here.
Quote from: aChnorr on February 25, 2010, 12:03:52 PM
MADCATX, are you reading the package header/information or just sending what you captured with wireshark without knowing what it means? Can you please post what you know about the protocol here.
I try to differentiate packets with answers to the same command, if they differ then there is simething to do with it.
I've found that packet coming from server to auth command always have different bytes, starting from byte 46, so this packet have some header information and the rest is the seesion key.
US auth header:
420861757468005553428f52906a2c85b416a595702251570f96d3522f39237603115f2f1ab24962043c500100
EU auth header:
421061757468004555428f52906a2c85b416a595702251570f96d3522f39237603115f2f1ab24962043c500100
Possible differences EU in place of US and so on (4555=EU)(5553=US)...
However EU session key is longer then US by 554 bytes. You also can't login to US server with EU client and vice versa. What is stored in this 554 bytes I do not imagine.
OMG i´ll cannot play from Eu with the US client with crack patched? :(
//Auth C->S
// 52 bytes + username in plain text username: er@er.er
// protocolID 0x40?
0x40, 0x00, 0x00, 0x0a, 0x66, 0x02, 0x0a, 0xed,
0x2d, 0x66, 0xad, 0xca, 0xaa, 0x0b, 0x01, 0x00,
0x29, 0x99, 0x46, 0xb0, 0xb6, 0xb2, 0x01, 0x00,
0x1b, 0x21, 0x01, 0x00, 0x29, 0x99, 0x00, 0x2b,
0xb4, 0xb7, 0x00, 0x00, 0x1b, 0x21, 0x43, 0x37,
0x32, 0xba, 0x00, 0x2b, 0xb4, 0xb7, 0x00, 0x00,
//
// l---------l different depending of usernamelength ( format? )
// l l e r @ e
0x21, 0xf9, 0x02, 0x05, 0x65, 0x72, 0x40, 0x65,
// r . e r
0x72, 0x2e, 0x65, 0x72
//Auth S->C
//protocolID 0x42?
// a u t h U
0x42, 0x10, 0x61, 0x75, 0x74, 0x68, 0x00, 0x55,
//S B
0x53, 0x42, 0x8f, 0x52, 0x90, 0x6a, 0x2c, 0x85,
// session key?? password?? crap??
0xb4, 0x16, 0xa5, 0x95, 0x70, 0x22, 0x51, 0x57,
0x0f, 0x96, 0xd3, 0x52, 0x2f, 0x39, 0x23, 0x76,
.....and so on....( 919 byte )
C-> Bad server..
This is as far as i know...
How can the client determine that my program is a bad server?? it sends exactly the same data as i captured in wireshark.
Quote from: aChnorr on February 25, 2010, 03:45:00 PM
//Auth C->S
// 52 bytes + username in plain text username: er@er.er
// protocolID 0x40?
0x40, 0x00, 0x00, 0x0a, 0x66, 0x02, 0x0a, 0xed,
0x2d, 0x66, 0xad, 0xca, 0xaa, 0x0b, 0x01, 0x00,
0x29, 0x99, 0x46, 0xb0, 0xb6, 0xb2, 0x01, 0x00,
0x1b, 0x21, 0x01, 0x00, 0x29, 0x99, 0x00, 0x2b,
0xb4, 0xb7, 0x00, 0x00, 0x1b, 0x21, 0x43, 0x37,
0x32, 0xba, 0x00, 0x2b, 0xb4, 0xb7, 0x00, 0x00,
//
// l---------l different depending of usernamelength ( format? )
// l l e r @ e
0x21, 0xf9, 0x02, 0x05, 0x65, 0x72, 0x40, 0x65,
// r . e r
0x72, 0x2e, 0x65, 0x72
//Auth S->C
//protocolID 0x42?
// a u t h U
0x42, 0x10, 0x61, 0x75, 0x74, 0x68, 0x00, 0x55,
//S B
0x53, 0x42, 0x8f, 0x52, 0x90, 0x6a, 0x2c, 0x85,
// session key?? password?? crap??
0xb4, 0x16, 0xa5, 0x95, 0x70, 0x22, 0x51, 0x57,
0x0f, 0x96, 0xd3, 0x52, 0x2f, 0x39, 0x23, 0x76,
.....and so on....( 919 byte )
C-> Bad server..
This is as far as i know...
How can the client determine that my program is a bad server?? it sends exactly the same data as i captured in wireshark.
Bad server means the you use US client, but send EU auth data, I'm currently downloading EU client to test it...
Now I'm no brainiac at this stuff, & what I'm saying may be completely wrong... But what if the file you are tinkering with isn't the correct file? I played WOTLK before it was released, on a private server it was way to easy. I think they may try to make this one harder. Now you say that it keeps connecting to there server even after you put yours in. What if they hid the actual file somewhere else that connects to the server and the one that you guys are messing with is just a decoy? Again I may be completely off but just trying to help out anyway possible!! Hope all is going well!!
Quote from: Xzotica on February 25, 2010, 09:36:59 AM
File sent to drealecs now. And i say it here aswell. If you guys need further help. then feel free to ask, and ill see what i can do.
I want to marry you! ^^
Now, with this info, will we be able to successfully emulate battle.net?
QuoteNow I'm no brainiac at this stuff, & what I'm saying may becompletely wrong... But what if the file you are tinkering with isn'tthe correct file? I played WOTLK before it was released, on a privateserver it was way to easy. I think they may try to make this oneharder. Now you say that it keeps connecting to there server even afteryou put yours in. What if they hid the actual file somewhere else thatconnects to the server and the one that you guys are messing with isjust a decoy? Again I may be completely off but just trying to help outanyway possible!! Hope all is going well!!
we do not "tinkering" with any files, but just trying to understand the language of 'em 8)
QuoteBad server means the you use US client, but send EU auth data, I'm currently downloading EU client to test it...
are you sure ?? I just replicating the data that the real server sends which mean that i would get a "bad server" respond even when i connect to real-bnet, and thats not the case.
so how close are u guys from nailing it? hope i can be of some assistance but im afraid programing is not my cup of tea sorry... i just wanna play this thing and practice til the final retail comes out... chow guys gudluck on ur mission! godspeed
Apparently, Battlenet is going to be down for 10 minutes, and there will be a client patch:
http://forums.battle.net/thread.html?topicId=23240933862&sid=5010 (http://forums.battle.net/thread.html?topicId=23240933862&sid=5010)
Hope the protocol won't be updated :/
Ok understand it then. But what if your trying to understand the wrong file? I know a little about getting into networks & watching them. One of the main things that a lot of people do is put out decoys. Aka fake files while the real ones are sitting behind or berried into the files. Just make sure your looking at the wrong one. You guys are doing an amazing job! Just wanna help as much as possible!!
If WE are to help, I suggest we start either to look for someone with a US beta and legit key, or perhaps setup paypal account for MADCATX to buy key off e-bay for him, and donate dollar each. We need to address current issue with authentication traffic everywhere and massively propagate request for help from beta testers - MADCATX what is your second e-mail ? here is little memo we can advertise around to bring more help in project...
MEMO
-TO ALL WHO MAY BE CONCERNED TO BE INVOLVED IN SCII BETA SERVER PROJECT-
PLEASE CHANGE YOUR PASSWORD TO YOUR ACCOUNT IF YOU CONCERN WITH YOUR BATTLENET BETA ACCOUNT - YOUR INFORMATION WILL NOT BE REVEALED - YOU ACCOUNT WILL NOT BE BANNED - YOUR PASSWORD WILL NOT BE USED - WE LOOKING FOR PACKET PATTERN EXCHANGE IN ORDER TO LOAD MAP+AI - YOUR PACKET INFORMATION WILL ONLY BE USED BY SINGLE GENIUS DEVELOPER AND NEEDED IN ORDERD TO CREATE FREE VERSION OF STARCRAFT 2 SERVER. NOW IF YOU READY AND WILLING TO HELP - please proceed with..
Here is how we can help - IF you beta tester with legit key -
run traffic capture (manual is here http://darkblizz.org/Forum2/index.php?topic=526.0 (http://darkblizz.org/Forum2/index.php?topic=526.0))
Load map or multiple maps and select only AI as opponent - keep traffic capture running in the background.
Try loading more maps to see if there's traffic change or pattern.
Once done - please save capture and submit to following MADCATX e-mail - "". 8)
I'm all for buying the devs a key.
lets all donate a buck and get this man a key!
MADCATX - what do you think? we need you e-mail then if yes, to send donations - just needs to be slightly careful with this too - as long as bad guys don't donate bad money - that happens many times i know before, but in any case it was always bad guys fault... I would donate 5 buks if you legit and REALLY need key to get either crack or virtual server going ! I TRUST YOU MAN! 8)
Quote from: unsobill on February 25, 2010, 09:00:03 PM
MADCATX - what do you think? we need you e-mail then if yes, to send donations - just needs to be slightly careful with this too - as long as bad guys don't donate bad money - that happens many times i know before, but in any case it was always bad guys fault... I would donate 5 buks if you legit and REALLY need key to get either crack or virtual server going ! I TRUST YOU MAN! 8)
I don't think that you guys need to donate to get me a key. Money carries great responsibility, and I don't want to be responsible for something :). Packets dumps will be enough.
Quote from: aChnorr on February 25, 2010, 05:19:13 PM
are you sure ?? I just replicating the data that the real server sends which mean that i would get a "bad server" respond even when i connect to real-bnet, and thats not the case.
I downloaded EU client, it seems that this is the case only for EU server(which sends additional 554 bytes). If you try to redirect to your server via hosts file then it says "Bad server". Probably this 554 bytes contains server IP. Try changing your IP to 213.248.127.131(enGB.logon.battle.net). It works for me, still can't authenticate...
Its funny...people with keys dont want to see the game get developed...funny how that works...
Quote from: Gigalisk on February 26, 2010, 04:55:10 AM
Its funny...people with keys dont want to see the game get developed...funny how that works...
people, by nature, are greedy ..
devs here are not ordinary people :D
Quote from: Gigalisk on February 26, 2010, 04:55:10 AM
Its funny...people with keys dont want to see the game get developed...funny how that works...
ofc they dont .. what will happend when their precious keys wont be abled to be selld on any market because some1 deliverd a crack that every1 can use?
= stock market looser
_________
epsi-slow
It seems that auth packet response differs from time to time, based on what is sent by client. The good thing is that WoW also uses battle.net protocol and there is already emulator written. If someone want to help, please check their authentication code: http://www.arcemu.info/wiki/index.php?title=Getting_the_source_code (http://www.arcemu.info/wiki/index.php?title=Getting_the_source_code) .
Silly question I know, but it sounds like you haven't figured out the packet encryption yet. You would naturally get different packet data each time before it has been decrypted. I don't know if blizzard has encryption, but it would be immensely stupid for them not to encrypt their packets. When I was working on a private server for ROSE a few years back the very first thing we had to do was crack the packet encryption. Soon as that was done we wrote a tool that took encrypted packets as input and spat out the actual packets before we did any kind of packet mining. Also included in this tool was a function to blank out any sensitive data such as username/password, names of friends etc... This meant that we had tens if not hundreds of people submitting packets with total anonymity and already pre-encrypted so that we could analyze them.
Also this encryption obviously had to be built into our finished server, with every packet being run through an encrypt_packet() function before being sent and its inverse before being processed.
Quote from: MADCATX on February 25, 2010, 01:09:58 PM
Quote from: aChnorr on February 25, 2010, 12:03:52 PM
MADCATX, are you reading the package header/information or just sending what you captured with wireshark without knowing what it means? Can you please post what you know about the protocol here.
I try to differentiate packets with answers to the same command, if they differ then there is simething to do with it.
I've found that packet coming from server to auth command always have different bytes, starting from byte 46, so this packet have some header information and the rest is the seesion key.
US auth header:
420861757468005553428f52906a2c85b416a595702251570f96d3522f39237603115f2f1ab24962043c500100
EU auth header:
421061757468004555428f52906a2c85b416a595702251570f96d3522f39237603115f2f1ab24962043c500100
Possible differences EU in place of US and so on (4555=EU)(5553=US)...
However EU session key is longer then US by 554 bytes. You also can't login to US server with EU client and vice versa. What is stored in this 554 bytes I do not imagine.
First, because this article through translator should apologize for shit.(Sadly, I can read English too slowly, but that did not use it well..)Packet Capture with various conditions that I was trying.
"42 08 .." begins with a header that does not exist if one appeared in EMAIL.
"42 10 .." begins with a header that appeared to exist when using EMAIL.I was in South Korea. (lang.ko-kr) Therefore, I do not think this is to do with area code.Of course I could be wrong even higher. (Because I'm not programmer or something like that.)If I'm too old and Thread quotation or, if you already know I'll apologize in advance.Not Exist EMAIL
42 08 61 75 74 68 00 4B 52 42 8F 52 90 6A 2C 85
B4 16 A5 95 70 22 51 57 0F 96 D3 52 2F 39 23 76
03 11 5F 2F 1A B2 49 62 04 3C 50 01 00
Exist EMAIL
42 10 61 75 74 68 00 4B 52 42 8F 52 90 6A 2C 85
B4 16 A5 95 70 22 51 57 0F 96 D3 52 2F 39 23 76
03 11 5F 2F 1A B2 49 62 04 3C 50 01 00
ps. in korean server, recv(after send id) packet is 919bytes(when i use not exist email, got 365bytes). (but.. i can't sure, because i'm not beta tester.)
The problem is that auth packet has encoded data(which differs every time), and I can't understand the pattern. When client authorize on server it sends the password hash(sha1) and key for another encryption algorithm. Server sends back account data + some data encrypted using client's key. If you try to send back data which you have got from dumps client says that the server is bad and closes it's connection, because he decrypts the data with the key generated, but data was encrypted using another key.
As far as I know WoW uses the same encryption, so we can look at the WoW emu's sourcecodes, but there is no documentation and it's quite hard to find what we need.
http://www.arcemu.info/wiki/index.php?title=Getting_the_source_code (http://www.arcemu.info/wiki/index.php?title=Getting_the_source_code)
http://getmangos.com/ (http://getmangos.com/)
So i believe it goes like this:
void WowCrypt::Init(uint8 *K)
{
static const uint8 s[16] = { 0xF4, 0x66, 0x31, 0x59, 0xFC, 0x83, 0x6E, 0x31, 0x31, 0x02, 0x51, 0xD5, 0x44, 0x31, 0x67, 0x98 };
static const uint8 r[16] = { 0x22, 0xBE, 0xE5, 0xCF, 0xBB, 0x07, 0x64, 0xD9, 0x00, 0x45, 0x1B, 0xD0, 0x24, 0xB8, 0xD5, 0x45 };
uint8 encryptHash[SHA_DIGEST_LENGTH];
uint8 decryptHash[SHA_DIGEST_LENGTH];
uint8 pass[1024];
uint32 md_len;
// generate c->s key
HMAC(EVP_sha1(), s, 16, K, 40, decryptHash, &md_len);
assert(md_len == SHA_DIGEST_LENGTH);
// generate s->c key
HMAC(EVP_sha1(), r, 16, K, 40, encryptHash, &md_len);
assert(md_len == SHA_DIGEST_LENGTH);
// initialize rc4 structs
RC4_set_key(&m_clientDecrypt, SHA_DIGEST_LENGTH, decryptHash);
RC4_set_key(&m_serverEncrypt, SHA_DIGEST_LENGTH, encryptHash);
// initial encryption pass -- this is just to get key position,
// the data doesn't actually have to be initialized as discovered
// by client debugging.
RC4(&m_serverEncrypt, 1024, pass, pass);
RC4(&m_clientDecrypt, 1024, pass, pass);
m_initialized = true;
}
HMAC (http://www.openssl.org/docs/crypto/hmac.html) is function from the OpenSSL project and its definition is: HMAC is a MAC (message authentication code), i.e. a keyed hash functionused for message authentication, which is based on a hash function.
All of this is from AscentEMU source in folders:
extras\arcemu-windows-libraries\VC\include\openssl
src\arcemu-shared\Auth
Quote from: Anonymious_BG on February 27, 2010, 05:58:41 PM
So i believe it goes like this
I have read this file, but the question is where to get the Key, as you can see this function requires key to initialize(Init(uint8 *K)).
It appears to be a session key:
// Pull the session key.
// uint8 K[40];
recvData.read(K, 40);
and then starts with initialization of encryption:
_crypt.Init(K);
BigNumber BNK;
BNK.SetBinary(K, 40);
...
Sha1Hash sha;
uint8 digest[20];
pAuthenticationPacket->read(digest, 20);
...
sha.UpdateData((uint8 *)&t, 4);
sha.UpdateData((uint8 *)&mClientSeed, 4);
sha.UpdateData((uint8 *)&mSeed, 4);
sha.UpdateBigNumbers(&BNK, NULL);
sha.Finalize();
if (memcmp(sha.GetDigest(), digest, 20))
{
// AUTH_UNKNOWN_ACCOUNT = 21
OutPacket(SMSG_AUTH_RESPONSE, 1, "\x15");
return;
}
The whole communication is in: src\arcemu-world\WorldSocket.cpp
This appears to be the authentication packet in WoW:
*recvPacket >> mClientBuild;
*recvPacket >> unk2;
*recvPacket >> account;
*recvPacket >> unk3;
*recvPacket >> mClientSeed;
*recvPacket >> unk4;
Hey guys, I'm not exactly knowledgable when it comes down to packet editing... But it seems to me that you are relating authorization packets from WOW, to the ones from SC2. Maybe you should listen to the latest podcast from blizzard, as they mentioned something about working on a future update for wow that will have something to do with sc2. Maybe they will provide you with the missing pieces in time?
Sorry if this is irrelevant and does not help.
If a emulated battle net server goes up, how long do u guys think it will take blizzard to take it down?
Quote from: StarALaMod on February 28, 2010, 04:32:12 PM
If a emulated battle net server goes up, how long do u guys think it will take blizzard to take it down?
Just like war3 or wow private servers - never.
sense there is so many starcraft fans out there as soon as u make a "private server" wouldnt it be completely overloaded with people?
Quote from: Silentl3ob on February 28, 2010, 07:11:22 PM
sense there is so many starcraft fans out there as soon as u make a "private server" wouldnt it be completely overloaded with people?
Ya, but getting and moving it to a newer server won't make it crash.
Or, you just made it to play with your clan and friends for training/fun ;D i allready have a server standingby for sc2 bnet emu server.. i hope they want to release a unix version when is time to release something
any ETA?
or is it just obnoxious for me to ask lol
keep up the hard work
i don`t know any eta.. i`m just waiting... and perfectioning my game strategy ;D
Quote from: matrixn on February 28, 2010, 10:17:04 PM
i don`t know any eta.. i`m just waiting... and perfectioning my game strategy ;D
perfecting your strategy against AI? :D
any updates?..
i sendt you a pm btw ;)
What is the progress of the [/size]Team Lazytown[/size][/font] ? Do you think they are able to work SC 2 on online with private server ?
[/size]
[/size]
maybe this will help, it is String folder out of battlenet.mpq, it contains some xml files with uid for different client/server states.
im now praying for this..
go go go emulate sc2 server and lets kick ass.
make sure you're jumping into the right IRC server: irc.rizon.net channel: #sc2c
dont goto irc.synirc.net #sc2 its dead in there
I realize it's just a skeleton now, but would you mind sharing the source?
Quote from: waxypants on March 01, 2010, 10:44:45 PM
I realize it's just a skeleton now, but would you mind sharing the source?
Ok, here you go: http://loino.co.cc/upload-files/tmp/sc2serverP.zip (http://loino.co.cc/upload-files/tmp/sc2serverP.zip) (hosting is free and used for other purposes, say me if you can't download the file)
It's a java project for NetBeans IDE(http://netbeans.org/downloads/index.html (http://netbeans.org/downloads/index.html)). I wasn't able to decrypt the packets, maybe you will succeed.
great work.. getting along now..
we still need to patch the game, so it returns vaild ip whatever ip it gets the packets from.
if we have to set the ip adress we will not be able to do LAN..
also think it will be alot easier to run ollydbg on it and find a routine around the authentication method instead of emulating it...
Quote from: MADCATX on March 02, 2010, 05:26:31 AM
Quote from: waxypants on March 01, 2010, 10:44:45 PM
I realize it's just a skeleton now, but would you mind sharing the source?
Ok, here you go: http://loino.co.cc/upload-files/tmp/sc2serverP.zip (http://loino.co.cc/upload-files/tmp/sc2serverP.zip) (hosting is free and used for other purposes, say me if you can't download the file)
It's a java project for NetBeans IDE(http://netbeans.org/downloads/index.html (http://netbeans.org/downloads/index.html)). I wasn't able to decrypt the packets, maybe you will succeed.
Hi! Thank you for posting the source but I can't download it. It redirects to http://4sql.net/notify/2.php (http://4sql.net/notify/2.php) . Can you upload it to a filesharing site for example? I want to take a look at it. I am trying to understand this. Do you have any other information on
[BNet
-IN]Battlenet::Client::Authentication::ProofRequest not documented in http://sc2c.pastebin.com/E30JdTCE (http://sc2c.pastebin.com/E30JdTCE) and http://darkblizz.org/wiki/doku.php?id=bnet2_protcol (http://darkblizz.org/wiki/doku.php?id=bnet2_protcol) ? There are some things that are not the same from these two sources.
Is this Battlenet::Client::Stalker::ChallengeResponse another packet or it's in the ProofRequest one?
Thank you :)
i could not fetch the file either..
worked with ie not firefox..
Quote from: stoffern on March 02, 2010, 09:03:06 AM
i could not fetch the file either..
worked with ie not firefox..
True. Thanks.
I will look into it now. I am just playing around with this in VB.NET because working on an actual example makes learning these TCP packet/encryption algorythm stuff much easier.
I have some experience with coding emulators because I have AION emulator with fully working authentication and in-game movement :D . So if someone has more information about the packets post-authentication please share it.
Quote from: stoffern on March 02, 2010, 09:03:06 AM
i could not fetch the file either..
worked with ie not firefox..
Ok, i'll attach it to post.
Quote from: MADCATX on March 02, 2010, 05:26:31 AM
Quote from: waxypants on March 01, 2010, 10:44:45 PM
I realize it's just a skeleton now, but would you mind sharing the source?
Ok, here you go: http://loino.co.cc/upload-files/tmp/sc2serverP.zip (http://loino.co.cc/upload-files/tmp/sc2serverP.zip) (hosting is free and used for other purposes, say me if you can't download the file)
It's a java project for NetBeans IDE(http://netbeans.org/downloads/index.html (http://netbeans.org/downloads/index.html)). I wasn't able to decrypt the packets, maybe you will succeed.
So are you giving up? D: I have some knowledge in Networking and Security but probably not enough to figure it out. I will take a look though when I get time, I was mostly curious and wanted to play with it. Thanks for the codes.
Thanks again for the source. Do you have any dumps of what happens after a successful authentication?
Good luck with this :p i think it uses the Battle net v2 authentication token, which is encrypted, quite well i would assume, as that is the same encryption as WoW uses.
Quote from: MADCATX on March 02, 2010, 05:54:12 PM
Quote from: stoffern on March 02, 2010, 09:03:06 AM
i could not fetch the file either..
worked with ie not firefox..
Ok, i'll attach it to post.
tells me bad server :/
Someone still work on this projekt?
grabbed from another forum which u guys probably already realize but still:
"<blockquote>Murdock1337 wrote:You are extremely ignorant of how programming, especially network programming, works if you think it's as simple as making a "bnetd 2.0" or something along those lines. Previous solutions to battle.net relied on the fact that the network tech used back then was nowhere near as advanced as now. Also SC1 had LAN code working out of the box, it was a feature fully supported. SC2 has NO LAN code, so the developers of any sort of multiplayer are going to have to emulate battle.net 2.0, which is no small task. It's encrypted and is COMPLETELY different structurally than the original battle.net, and in fact more closely resembles WoW private servers.
I would be extremely surprised if there are private servers running up that are decent/stable by the time the beta ends. Don't get your hopes up kids.</blockquote>
i think you're not aware of the fact that sc2 games are still p2p and not hosted by bnet servers. that means that all you have to emulate is:
- login
- game creation
- joining games (listing games)
- map validation
and you're done ( as far as i know )"
Quote from: r3ddrag0nx on March 03, 2010, 09:55:18 AM
grabbed from another forum which u guys probably already realize but still:
"<blockquote>Murdock1337 wrote:You are extremely ignorant of how programming, especially network programming, works if you think it's as simple as making a "bnetd 2.0" or something along those lines. Previous solutions to battle.net relied on the fact that the network tech used back then was nowhere near as advanced as now. Also SC1 had LAN code working out of the box, it was a feature fully supported. SC2 has NO LAN code, so the developers of any sort of multiplayer are going to have to emulate battle.net 2.0, which is no small task. It's encrypted and is COMPLETELY different structurally than the original battle.net, and in fact more closely resembles WoW private servers.
I would be extremely surprised if there are private servers running up that are decent/stable by the time the beta ends. Don't get your hopes up kids.</blockquote>
i think you're not aware of the fact that sc2 games are still p2p and not hosted by bnet servers. that means that all you have to emulate is:
- login
- game creation
- joining games (listing games)
- map validation
and you're done ( as far as i know )"
This is true but the hard part is finding out the packets' structure without being able to actually login to the official server.
I ask again if someone with a beta key has a packet dump please share it.
I would be up for distributing my beta key when I do get it, but preferably for some amount of money. But seriously, if anyone happens to get a key, do try and talk to LazyTown or any of the various teams as they'll need some to experiment with.
Quote from: r3ddrag0nx on March 03, 2010, 11:25:13 AM
I would be up for distributing my beta key when I do get it, but preferably for some amount of money. But seriously, if anyone happens to get a key, do try and talk to LazyTown or any of the various teams as they'll need some to experiment with.
You shouldn't tell others what to do just because you don't want to. It's ignorant and selfish. Although I do know that you want to be able to play with the beta key, its better to just shut up about it.
Quote from: KennYblu3 on March 03, 2010, 08:40:52 AM
Someone still work on this projekt?
Yes, there is still being work done on this, but it's at somewhat of a standstill until a packet dump from the beta is released and understood.
Quote from: itsarabbit on March 03, 2010, 02:14:15 PM
Quote from: r3ddrag0nx on March 03, 2010, 11:25:13 AM
I would be up for distributing my beta key when I do get it, but preferably for some amount of money. But seriously, if anyone happens to get a key, do try and talk to LazyTown or any of the various teams as they'll need some to experiment with.
You shouldn't tell others what to do just because you don't want to. It's ignorant and selfish. Although I do know that you want to be able to play with the beta key, its better to just shut up about it.
ur such a clown. that wasn't what i was trying to say. i'm saying whoever gets it first should send one so they get more time to work with it. if i got mine early, i'd do it, just rather get some sort of compensation or lien on my money.
how long will it still take to emulate the server? im getting bored playing ai :'(
and worst part cant view replays anymore since the newest patch huhuhu.. even P2Ai cant view it anymore wont log on recent folder :'(
i just really hope that the rumors about the 2nd wave is true and hope to have a beta key then and definitely going to share it to you guys and prayed emulation successful
Quote from: dodongbadong on March 03, 2010, 08:11:48 PM
how long will it still take to emulate the server? im getting bored playing ai :'(
and worst part cant view replays anymore since the newest patch huhuhu.. even P2Ai cant view it anymore wont log on recent folder :'(
i just really hope that the rumors about the 2nd wave is true and hope to have a beta key then and definitely going to share it to you guys and prayed emulation successful
Did you even read any of the other posts??
if you need wow encryption protocol, you can find it in open source wow servers, ascent is a great source if you need that info.
as i remember wow uses srp6 as encryption protocol :)
as for the server programming, use python with twisted python and you'll ready :D
Quote from: Gamewiz on February 23, 2010, 04:54:05 PM
Quote from: MADCATX on February 23, 2010, 03:40:28 PM
The sc2 server I have written in java yesterday, link to the server:
JRE(must install to run) - http://www.java.com/ru/download/manual.jsp, (http://www.java.com/ru/download/manual.jsp,) Server(Only Login with responses - badPass/NoSC2) - http://loino.co.cc/upload-files/tmp/SC2BattleNET.jar (http://loino.co.cc/upload-files/tmp/SC2BattleNET.jar)
I need packets dump or sc2 key in order to furter develop it.
Wow man excellent job! If you created a server does that mean we could theoratically play both AI and multiplayer (multiplayer against only for those who join the fake bnet server)?
If it's your server than how come you still need a key? Sorry, I'm a newb and I'm just trying to understand the progress. :)
May I suggest to collect a donation and buy one key from ebay ? I mean, if everyone donates 1 buck i am sure we can collect enough for 1 key.
I just donated to site darkblizz.com on main page, hope it will help :)
I thing it woud be bettter if admins would make same progress bar for collecting money for beta-key so anyone can see progress and see that he can really help and make donation! ;)
Quote from: Fuksito on March 05, 2010, 07:19:39 AM
I just donated to site darkblizz.com on main page, hope it will help :)
I thing it woud be bettter if admins would make same progress bar for collecting money for beta-key so anyone can see progress and see that he can really help and make donation! ;)
Just did the same thing :)
Anyone figured out where are the SRP6 values in the request packets?
With this emulate Bnet, are u able to play with friends over hamachi?
Blizzard is shutting down all the selling of ebay keys. Enless we raise 300 dollars today we have no hope in that regard
Apparently some guy @ Teknogod (http://teknogods.com/phpbb/viewtopic.php?f=13&t=2168&sid=bc4bfc71091c1ce8890800fe1ed4727d) gifted his key to the admins, maybe you ask them for a packet dump.
Hey,
I just got beta, if you need a packet dump still just let me know. I'll check back in a bit.
Cya,
Josh
Dump after successful authorization will be great
Quote from: thelegacy on March 06, 2010, 03:58:47 AM
Hey,
I just got beta, if you need a packet dump still just let me know. I'll check back in a bit.
Cya,
Josh
Dont forget to remove your logindetails.
i think the logindetails are only sent in a hash or something similar, so the original credentials, like the password won't be extrable from a network trace.
btw use microsoft network monitor (http://www.microsoft.com/downloads/details.aspx?FamilyID=983b941d-06cb-4658-b7f6-3088333d062f&displaylang=en (http://www.microsoft.com/downloads/details.aspx?FamilyID=983b941d-06cb-4658-b7f6-3088333d062f&displaylang=en)) for the tracing as it is capable of filtering network traces on a per-process basis, so you can basically just retrieve the network traffic generated by SCII.exe.
For anyone considering dumping their packets and posting the results up here, please for your own safety, change your password before you do it :) Otherwise you'll end up a saaaad panda :p
you should as well mask your ip, as blizzard might be able to trace your account just by correlating your ip with the login time
btw as far as i figured, the games are not p2p at all, but are completely hosted on blizzard servers (even custom games)
Quote from: Freundschaft on March 08, 2010, 07:27:58 AM
you should as well mask your ip, as blizzard might be able to trace your account just by correlating your ip with the login time
btw as far as i figured, the games are not p2p at all, but are completely hosted on blizzard servers (even custom games)
Um.. What makes you think that?
i did some traces, joined a custom game and played a game with 4 players.
the only ip i was able to trace during the game was the ip of a server located somewhere at telia (presumably battle.net server)
what could also be possible though is that one player is hosting the game and that all players connect to the hosting player, but i'd have to figure this out
Quote from: Freundschaft on March 08, 2010, 09:06:46 AM
i did some traces, joined a custom game and played a game with 4 players.
the only ip i was able to trace during the game was the ip of a server located somewhere at telia (presumably battle.net server)
what could also be possible though is that one player is hosting the game and that all players connect to the hosting player, but i'd have to figure this out
What port are you scanning on? Because most propably p2p will operate on different port than battle.net
hey all, i have wireshark installed, ready for a packed dump... just waiting for my password change to go through. its changed on battle.net but not in sc2 for some reason yet
i use the microsoft network analyzer which performs traces on a process/application basis, so basically i get all of the traffic caused by the starcraft application
could you send me a link? ill do both.
Nevermind i see it and am installing now
Ok my password changed finally ;D and im uploading the packed capture now. should i send this to someone specific? or just post it here?
Quote from: mini.dude_@2 on March 08, 2010, 08:02:52 PM
Ok my password changed finally ;D and im uploading the packed capture now. should i send this to someone specific? or just post it here?
Whatever you wish. But can I get a copy? :)
http://www.multiupload.com/OQEDMN66NE (http://www.multiupload.com/OQEDMN66NE)
There you all go, its a rar with 2 captures in it :D hope this will help with the emulater
link for ms packet tracer:
http://www.microsoft.com/downloads/details.aspx?FamilyID=983b941d-06cb-4658-b7f6-3088333d062f&displaylang=en (http://www.microsoft.com/downloads/details.aspx?FamilyID=983b941d-06cb-4658-b7f6-3088333d062f&displaylang=en)
anyone here who managed to perform a correct logon?
I am having problems with the AUTH_COMPLETE blob response to the PROOF_REQUEST of the client.
it has to be hashed with the challenge sent by the client somehow, but i wasnt able to get it from the wow source. anyone got a good documentation on the topic?
btw if you want to mess around with some packets, ive uploaded my server source
http://www.multiupload.com/DGCYEATMAM (http://www.multiupload.com/DGCYEATMAM)
Quote from: Freundschaft on March 09, 2010, 08:10:50 AM
link for ms packet tracer:
http://www.microsoft.com/downloads/details.aspx?FamilyID=983b941d-06cb-4658-b7f6-3088333d062f&displaylang=en (http://www.microsoft.com/downloads/details.aspx?FamilyID=983b941d-06cb-4658-b7f6-3088333d062f&displaylang=en)
anyone here who managed to perform a correct logon?
I am having problems with the AUTH_COMPLETE blob response to the PROOF_REQUEST of the client.
it has to be hashed with the challenge sent by the client somehow, but i wasnt able to get it from the wow source. anyone got a good documentation on the topic?
Perhaps we can share some information :D What I've found out so far is that it uses SRP-6 http://www.ipa.go.jp/security/rfc/RFC5054EN.html#253 (http://www.ipa.go.jp/security/rfc/RFC5054EN.html#253) . In the specifications we can see that the server should send the values of N, g, s, B. N and g is in the auth file (does someone have a way of getting them or modifying the auth file?) and s & B is sent with the ProofRequest in the ModuleData field. http://sc2c.pastebin.com/E30JdTCE (http://sc2c.pastebin.com/E30JdTCE) (after the ModuleID). There are 2 salts which never change for the same account. They are generated when you register or change your password. But why 2 Challenges? B and what? M1 ?
The ModuleData of the second module doesn't seem to change even when switching accounts (correct me if i'm wrong here).
WoW I think acts a little differently. It doesn't have an auth file so it sends N and g along in the packet.
We shouldn't be trying to skip this step and move on if we cannot understand the encryption because most probably the next packets will be encrypted with the generated session key somehow.
EDIT: We are sharing so... Here is my server source. The PacketBase class isn't complete since I don't know the encryption which is used after authentication. Also I'm writing in VB.NET if you want to take a look ( http://www.multiupload.com/D3Z879UHTD (http://www.multiupload.com/D3Z879UHTD) ). The skeleton is an emulator I used to write for AION.
ah cool, thanks :D
as the logon mechanism is pretty similar, i think we should at least be able to get a succesful login to work somehow, ill have a look at some old wow dev stuff that i might find.
i think if we can handle that salt / hashes thingy, we should get past the problem.
regarding http://sc2c.pastebin.com/E30JdTCE (http://sc2c.pastebin.com/E30JdTCE) i do understand that the first module is the auth file, what is the second one?
btw, is that the output of the auth client that has been written? is there an output of the thing with a succesful logon somewhere?
EDIT:
think this might help?
http://forum.gamedeception.net/threads/14426-wow-SRP6-challenge-lookup?14426-=Array (http://forum.gamedeception.net/threads/14426-wow-SRP6-challenge-lookup?14426-=Array)
further reading
http://www.mmowned.com/forums/wow-memory-editing/231740-understanding-wow-communication-protocol.html (http://www.mmowned.com/forums/wow-memory-editing/231740-understanding-wow-communication-protocol.html)
http://trevp.net/tls_srp/draft-ietf-tls-srp-10.html#intro (http://trevp.net/tls_srp/draft-ietf-tls-srp-10.html#intro)
http://arcemu.info/trac/arcemu/browser/trunk/src/arcemu-shared/Auth/WowCrypt.cpp?rev=2078 (http://arcemu.info/trac/arcemu/browser/trunk/src/arcemu-shared/Auth/WowCrypt.cpp?rev=2078)
anyone had luck on disassembling password.dll? which is basically the auth file
Quote from: Freundschaft on March 09, 2010, 08:54:03 PM
ah cool, thanks :D
as the logon mechanism is pretty similar, i think we should at least be able to get a succesful login to work somehow, ill have a look at some old wow dev stuff that i might find.
i think if we can handle that salt / hashes thingy, we should get past the problem.
regarding http://sc2c.pastebin.com/E30JdTCE (http://sc2c.pastebin.com/E30JdTCE) i do understand that the first module is the auth file, what is the second one?
btw, is that the output of the auth client that has been written? is there an output of the thing with a succesful logon somewhere?
EDIT:
think this might help?
http://forum.gamedeception.net/threads/14426-wow-SRP6-challenge-lookup?14426-=Array (http://forum.gamedeception.net/threads/14426-wow-SRP6-challenge-lookup?14426-=Array)
further reading
http://www.mmowned.com/forums/wow-memory-editing/231740-understanding-wow-communication-protocol.html (http://www.mmowned.com/forums/wow-memory-editing/231740-understanding-wow-communication-protocol.html)
http://trevp.net/tls_srp/draft-ietf-tls-srp-10.html#intro (http://trevp.net/tls_srp/draft-ietf-tls-srp-10.html#intro)
http://arcemu.info/trac/arcemu/browser/trunk/src/arcemu-shared/Auth/WowCrypt.cpp?rev=2078 (http://arcemu.info/trac/arcemu/browser/trunk/src/arcemu-shared/Auth/WowCrypt.cpp?rev=2078)
anyone had luck on disassembling password.dll? which is basically the auth file
The second module is also an auth file. But what does it contain? Where is it used? Its moduleData seems to be constant.
To get the encryption to work we need those N and g values from password.dll . I don't have experience in looking up things in dlls. Maybe someone can?
the http://github.com/kow/Starcraft-2-Battle.Net-Wrapper (http://github.com/kow/Starcraft-2-Battle.Net-Wrapper)
contains a C++ library which accesses password.dll and exposes some functions for key retrieval, if this works, this would basically be it
http://github.com/kow/Starcraft-2-Battle.Net-Wrapper/blob/master/AuthInterface/AuthInterface/Main.cpp (http://github.com/kow/Starcraft-2-Battle.Net-Wrapper/blob/master/AuthInterface/AuthInterface/Main.cpp)
ill check out if they work later on.
plus there is the wiki page http://darkblizz.org/wiki/doku.php?id=password.dll (http://darkblizz.org/wiki/doku.php?id=password.dll) i dont really understand what it means though.
sooo, not to interrupt here, but it looks like you are actually coming close to emulate it?
Quote from: itsarabbit on March 10, 2010, 09:51:25 AM
sooo, not to interrupt here, but it looks like you are actually coming close to emulate it?
Authentication is the first step in this way.
BTW I'm almost certain that there is something those guys over at Teknogods aren't sharing. They must have like a few beta keys and I'm sure they aren't just playing the game...
Freundschaft I think this AuthInterface uses Password.dll's functions which are doing the calculations on the client side. Since the math on the server side is different I think we can't use these functions directly. If I'm right with this we need to get only the values we need from it.
I got another idea reading the link about WoW you posted. It seems that wow client stores the computed session key at a specific address in memory. Maybe if we can find this address for SC2 then with a launcher we could send it to the server so it can decrypt the packets. Of course it will be much easier if we could just get the N and g from password.dll . Anyone that can help out there?
Hey guys! I'm new here... trying to help someway...
I'd like to make a simple summary of everything known here:
1) [1] has a pretty decent description of the protocol, except on the parts regarding the successfull login;
2) [2], [3] and [4] suggest that both client and server generates a common key, which is used to encrypt some data exchanged between them (it's to note, however, that some dumps on successfull logins show plain text map and settings xml being transferred);
3) [4], however, says that once it was easy to get this key on WoW (since it was used to simply XOR the contents), but now they are using it as a key for the RC4 encryption (I still didn't follow their protected links yet though);
Now some questions:
1) It was suggested by stormbreaker to read game RAM and check the key generated. I thought that too but how can we retrieve the key generated? I was thinking about getting the calls to encryption methods [5] and try to figure code in its vicinity.
2) It was strongly suggested [4] to look at mangos source code. Maybe its better than Arcemu?
Did I forget something? What do you people think we could do?
Sorry for my english...
[1] http://darkblizz.org/wiki/doku.php?id=bnet2_protcol (http://darkblizz.org/wiki/doku.php?id=bnet2_protcol)
[2] http://trevp.net/tls_srp/draft-ietf-tls-srp-10.html#intro (http://trevp.net/tls_srp/draft-ietf-tls-srp-10.html#intro)
[3] http://forum.gamedeception.net/threads/14426-wow-SRP6-challenge-lookup?14426-=Array (http://forum.gamedeception.net/threads/14426-wow-SRP6-challenge-lookup?14426-=Array)
[4] http://www.mmowned.com/forums/wow-memory-editing/231740-understanding-wow-communication-protocol.html (http://www.mmowned.com/forums/wow-memory-editing/231740-understanding-wow-communication-protocol.html)
[5] http://darkblizz.org/wiki/doku.php?id=battle.net.dll#known_crypto (http://darkblizz.org/wiki/doku.php?id=battle.net.dll#known_crypto)
okay, so as far as i can see, we need the N and g values?
im not sure wheather i completely understand this. with default SRP-6, the values of N and g are sent to the client. If this were the case, the client would not be able to distinguish our server from the original one, cause we could directly sniff N and g off the network.
But with SC2, the N and g values are not sent directly, but instead are stored in the auth file. That's why we have to determine the correct N and g values from this auth file?
and regarding this, additional packet traces with passwords probably won't help us either, cause as far as i see it, there is no possibility to calculate N and g based on the network trace, even if the password is known.
Am i correct?
As I see it you are correct. Actually I'm not 100% sure these N and g things are in the auth file. This was said in a comment in the wiki. The other things the user has written seem to be correct.
The N ( Modulus ) seems to be constant in Wow as well as in SC2. Its 32 bytes long.
The g value is 1 byte long (its 1 byte in battlenet1 and in wow)
B is the server public key ( generated each time ) and its 32 bytes long.
s is the salt, also 32 bytes. BUT. In WoW and bnet1 its only one. Here there are two salts? They are both a unique constant for every account. Maybe one is for the username and one for the password? But why for the username?
... it's so much harder than wow lol http://forum.gamedeception.net/threads/14426-wow-SRP6-challenge-lookup?14426-=Array (http://forum.gamedeception.net/threads/14426-wow-SRP6-challenge-lookup?14426-=Array)
Also here are the docs for bnet1. There are a few similarities http://www.bnetdocs.org/old/content4323.html?Section=d&id=18 (http://www.bnetdocs.org/old/content4323.html?Section=d&id=18)
Once we have the N and g constants for SC2 we can make the authentication work. Suggestions on how to get them?
EDIT: Another idea. The password.dll is loaded in memory just before the client tries to send the password ( I read this somewhere ) so theoretically we should be able to get the N and g from the memory. We can distinguish them by the time they are initialized. Does one of you have experience with memory hacking?
QuoteDoes one of you have experience with memory hacking?
absolutely not sorry, if i had more time I'd surely try to learn it, but unfortunately exam time strikes in a week, so no chance for this. :(
There are some programs that take a "snapshot" of the process memory. Then we can diff it before and after typing the username (since I think - not sure though - that the auth file is downloaded and "executed" just before the user types his password).
I think I'll take a look at that in the next days.
btw i dont know if we need it but here's the sc2.exe that starts without launcher
(version 14259)
http://www.multiupload.com/5JJ9IZHRV8 (http://www.multiupload.com/5JJ9IZHRV8)
just copy to StarCraft II Beta\Versions\Base14259 and run
EDIT:
I'm reading http://www.woodmann.com/crackz/Tutorials/IdaTut.zip (http://www.woodmann.com/crackz/Tutorials/IdaTut.zip) now, dont konw if this will give me some benefit over the matter
I confirmed that these Ng values aren't in the packet itself. Also confirmed that the first and the second salt are unique for every account and the moduleData for the second module is constant. The other things are different each time.
There is a thing in the moduleData blob that isn't documented. The blob length field says its 321 bytes long. But the first byte is always null (0x00). After it we can read the two 32 byte salts and the two 128 things (I still don't know which are these but they differ every time so one must be the server proof). When we do the math 2 * 32 + 2 * 128 = 320 exactly the blob size minus the null byte at the beginning.
If we don't account for the null byte we get out of sync and get the wrong values.
I made a little packet comparer for debugging inside my emu code. Logger.LogDebug(message, packet1 as Byte(), packet2 as Byte())
You can run tests to compare my packets and these from the user that posted dumps.
Just write in the console window:
"runtest 1" - disect packet I captured
"runtest 2" - disect packet dump from other user
"runtest diff 1" - disect and compare two packets from different users
"runtest diff 2" - same as above but with different second packet
"runtest diff 22" - compare the two packets from two dumps with the same account
Almost forgot... http://www.multiupload.com/56OS9AJ6IQ (http://www.multiupload.com/56OS9AJ6IQ)
i tried messing around a bit with ida.
it seems like we need to have a look at the requestpassword function, which provides a blob response for a blob request sent with the proof request
in code this looks like
sub_3896C9A0 proc near ; DATA XREF: .rdata:3896D080�o
.text:3896C9A0 push offset aRequestpasswor ; "RequestPassword"
.text:3896C9A5 mov ecx, offset unk_3896E428
.text:3896C9AA call sub_38962A10
.text:3896C9AF push offset nullsub_3
.text:3896C9B4 call sub_3896C190
.text:3896C9B9 pop ecx
.text:3896C9BA retn
.text:3896C9BA sub_3896C9A0 endp
still have to figure out what this does
Quote from: Freundschaft on March 11, 2010, 07:54:33 PM
i tried messing around a bit with ida.
it seems like we need to have a look at the requestpassword function, which provides a blob response for a blob request sent with the proof request
in code this looks like
sub_3896C9A0 proc near ; DATA XREF: .rdata:3896D080�o
.text:3896C9A0 push offset aRequestpasswor ; "RequestPassword"
.text:3896C9A5 mov ecx, offset unk_3896E428
.text:3896C9AA call sub_38962A10
.text:3896C9AF push offset nullsub_3
.text:3896C9B4 call sub_3896C190
.text:3896C9B9 pop ecx
.text:3896C9BA retn
.text:3896C9BA sub_3896C9A0 endp
still have to figure out what this does
+1 ;)
Maybe you can modify the function to send the raw password or just a sha1 hash for example. This way we can send the client a different modified password.dll and make things much easier.
I will write a module in my server to handle delivering the auth file so you can test modifying it. :)
Just a random thought... After looking at this site: http://www.code-gen.net/sc2beta/ (http://www.code-gen.net/sc2beta/) it looks like they are getting really close. Do you think it would help to try and share some info with each other? Maybe you can help them speed up their progress. I dunno, just throwing it out there. Keep up the good work guys.
Quote from: Gamewiz on March 12, 2010, 11:41:53 AM
Just a random thought... After looking at this site: http://www.code-gen.net/sc2beta/ (http://www.code-gen.net/sc2beta/) it looks like they are getting really close. Do you think it would help to try and share some info with each other? Maybe you can help them speed up their progress. I dunno, just throwing it out there. Keep up the good work guys.
lol.... i just see a kid trying to get a BETA KEY.
Quote from: Draugur on March 12, 2010, 12:02:44 PM
Quote from: Gamewiz on March 12, 2010, 11:41:53 AM
Just a random thought... After looking at this site: http://www.code-gen.net/sc2beta/ (http://www.code-gen.net/sc2beta/) it looks like they are getting really close. Do you think it would help to try and share some info with each other? Maybe you can help them speed up their progress. I dunno, just throwing it out there. Keep up the good work guys.
lol.... i just see a kid trying to get a BETA KEY.
It's possible, but you could say the same about DarkBlizz, or Teknogod's Team Lazytown. They are asking for keys as well. Are they just kids wanting a key?
This guy shows nothing, absolutely nothing.
I mean, i *could* understand that he does not want to release something, but he doesn't even give any technical information.
This really _is_ a fake.
Hey. Please don't argue in this topic. As for:
Quote from: Gamewiz on March 12, 2010, 11:41:53 AM
Just a random thought... After looking at this site: http://www.code-gen.net/sc2beta/ (http://www.code-gen.net/sc2beta/) it looks like they are getting really close. Do you think it would help to try and share some info with each other? Maybe you can help them speed up their progress. I dunno, just throwing it out there. Keep up the good work guys.
In order to do so, both sides must be willing to share. As you can see we have everything public here... even if it's not much of a progress and they probably have this figured out weeks ago.
Freundschaft, making any progress?
Quote from: newbiz on March 12, 2010, 12:11:04 PM
This guy shows nothing, absolutely nothing.
I mean, i *could* understand that he does not want to release something, but he doesn't even give any technical information.
This really _is_ a fake.
Believe what you will.
Quote from: stormbreaker on March 12, 2010, 12:11:49 PM
Hey. Please don't argue in this topic. As for:
Quote from: Gamewiz on March 12, 2010, 11:41:53 AM
Just a random thought... After looking at this site: http://www.code-gen.net/sc2beta/ (http://www.code-gen.net/sc2beta/) it looks like they are getting really close. Do you think it would help to try and share some info with each other? Maybe you can help them speed up their progress. I dunno, just throwing it out there. Keep up the good work guys.
In order to do so, both sides must be willing to share. As you can see we have everything public here... even if it's not much of a progress and they probably have this figured out weeks ago.
Freundschaft, making any progress?
Sorry, never intended to get off topic. Maybe try emailing them (they have a link for email) to see if you could join forces? I'll leave you to your work now. :)
QuoteFreundschaft, making any progress?
sorry, im having exams right now, will have more time after next wednesday ;)
Quote from: Freundschaft on March 12, 2010, 01:57:32 PM
QuoteFreundschaft, making any progress?
sorry, im having exams right now, will have more time after next wednesday ;)
Aboslutely no problem :)
if sc2 has the same auth method as wow .. then here goes the wow srp6 auth
Quote from: iZOTOPE on March 12, 2010, 03:59:41 PM
if sc2 has the same auth method as wow .. then here goes the wow srp6 auth
It doesn't. And that's the problem. :)
btw, AccountSalt & PasswordSalt are clear to me, they're some value unique to the account & pw, but what's the ServerChallenge & Secondarychallenge?
If I try to compute B with some dummy values for N and g, I only get a 32 byte long B, but where's the missing 256 bytes for both challenges coming from?
Quote from: Freundschaft on March 11, 2010, 07:54:33 PM
i tried messing around a bit with ida.
it seems like we need to have a look at the requestpassword function, which provides a blob response for a blob request sent with the proof request
in code this looks like
sub_3896C9A0 proc near ; DATA XREF: .rdata:3896D080�o
.text:3896C9A0 push offset aRequestpasswor ; "RequestPassword"
.text:3896C9A5 mov ecx, offset unk_3896E428
.text:3896C9AA call sub_38962A10
.text:3896C9AF push offset nullsub_3
.text:3896C9B4 call sub_3896C190
.text:3896C9B9 pop ecx
.text:3896C9BA retn
.text:3896C9BA sub_3896C9A0 endp
still have to figure out what this does
Where did this code come from?
disassembly of the auth file
Quote from: Freundschaft on March 14, 2010, 10:20:13 AM
disassembly of the auth file
Sorry for being dumb, but which file exactly? Reading through the thread I'm getting a little confused about which files you guys are talking about and where they are coming from.
it's a file downloaded by the client during the authentication process.
check
http://darkblizz.org/wiki/doku.php?id=bnet2_protcol (http://darkblizz.org/wiki/doku.php?id=bnet2_protcol)
ModuleId is the SHA1 hash of the contents of the file and also the name of the file, downloaded over HTTP from (realm).depot.battle.net:1119/(B1)/(B2)/(B3)/(B4)/(SHA1).ext i.e. 8f52906a2c85b416a595702251570f96d3522f39237603115f2f1ab24962043c.auth on realm USB (U.S. Beta) is http://usb.depot.battle.net:1119/8f/52/90/6a/8f52906a2c85b416a595702251570f96d3522f39237603115f2f1ab24962043c.auth (http://usb.depot.battle.net:1119/8f/52/90/6a/8f52906a2c85b416a595702251570f96d3522f39237603115f2f1ab24962043c.auth) . All realms appear to use the same auth file during the beta so far, but it is downloaded in this fashion presumably to make it easier for Blizzard to change the file, and thus the SRP6a auth seeds (N and g - http://srp.stanford.edu/design.html (http://srp.stanford.edu/design.html)). This file is originally named "Password.dll" and contains cryptographic calls used for login. A second file is also downloaded and used during the login procedure.
(http://www.w3bbo.com/forums/Cliche-Double_post.jpg) (http://www.w3bbo.com/forums/Cliche-Double_post.jpg)
Quote from: waxypants on March 14, 2010, 04:33:28 PM
Quote from: Freundschaft on March 14, 2010, 10:20:13 AM
disassembly of the auth file
Sorry for being dumb, but which file exactly? Reading through the thread I'm getting a little confused about which files you guys are talking about and where they are coming from.
Read the comment in http://darkblizz.org/wiki/doku.php?id=bnet2_protcol (http://darkblizz.org/wiki/doku.php?id=bnet2_protcol)
LOL that was cool :D
Ahhh thanks, I see now. That code is really hard to follow ???
oTc SC2 research is now public: http://s2dev.onlythechosen.com/forum/index.php (http://s2dev.onlythechosen.com/forum/index.php)
You are welcome to hang out with us. And i hope this help to speed up the progress on this project.
hey good job :thumbsup:
you guys got any further than we have?
Quote from: Freundschaft on March 15, 2010, 08:45:38 PM
hey good job :thumbsup:
you guys got any further than we have?
Yes. Rob already emulated SC2 login authorization. With the information we provide you can successfully connect to battle.net 2.0 using Starcraft II protocol. Rob explains everything.
This is actually a big step, people can now focus on researching the rest of the packets, this should speed up the process for developing a server emulator.
Quote from: Draugur on March 16, 2010, 12:09:41 AM
Quote from: Freundschaft on March 15, 2010, 08:45:38 PM
hey good job :thumbsup:
you guys got any further than we have?
Yes. Rob already emulated SC2 login authorization. With the information we provide you can successfully connect to battle.net 2.0 using Starcraft II protocol. Rob explains everything.
This is actually a big step, people can now focus on researching the rest of the packets, this should speed up the process for developing a server emulator.
Yes, Rob has done some fantastic documentation and a great deal of work very quickly. It's fantastic that he's releasing all the information as well.
Thats alot of good info you guys have found, if guys want to continue this you can join the starcack IRC irc.rizon.com #sc2c, and make sure to PM me. But right now im wondering if you guys got passed the Battlenet::Client::Authentication::ProofRequest, cause for us I can't figure out how to get passed the "bad server" error.
(http://img19.imageshack.us/img19/418/emusecondpacket.th.png) (http://img19.imageshack.us/i/emusecondpacket.png/)
Quote from: usmc23 on March 16, 2010, 02:33:34 AM
Thats alot of good info you guys have found, if guys want to continue this you can join the starcack IRC irc.rizon.com #sc2c, and make sure to PM me. But right now im wondering if you guys got passed the Battlenet::Client::Authentication::ProofRequest, cause for us I can't figure out how to get passed the "bad server" error.
(http://img19.imageshack.us/img19/418/emusecondpacket.th.png) (http://img19.imageshack.us/i/emusecondpacket.png/)
Hey,
theres enough information on the forums to pass it.
You are welcome to join the forums, there Rob will assist you in anyway he cans.
do i understand this correctly that rob has only provided emulation for the client side of bnet2?
meaning that he's managed to develop an applicaition that successfully authenticates with the official bnet2 server if you have correct credentials?
correct me if im wrong
but i think this step will unfortunately not help us developing a server emu, cause we can't look into what requestpassword does in detail for the key generation.
we just provide a plain text password here and get the response which is then sent in return to the server, we don't get any information about how the server should behave here
Quote from: usmc23 on March 16, 2010, 02:33:34 AM
Thats alot of good info you guys have found, if guys want to continue this you can join the starcack IRC irc.rizon.com #sc2c, and make sure to PM me. But right now im wondering if you guys got passed the Battlenet::Client::Authentication::ProofRequest, cause for us I can't figure out how to get passed the "bad server" error.
(http://img19.imageshack.us/img19/418/emusecondpacket.th.png) (http://img19.imageshack.us/i/emusecondpacket.png/)
I think the best way to do this is by modifying the auth file (password.dll) to bypass the SRP6 encryption or at least make it simplier. Maybe someone on your team can do it?
I think we should move this discussion here (http://s2dev.onlythechosen.com/forum/index.php) and work together. I'm sure we'll come up with something. I'm almost certain the password.dll makes the verification if the things in the blob are correct.
not that hard, the same type of verification has been done before. i don't see how this is the stumbling point of anyone, since it's not obfuscated at all.
also, what you send for the 0x02 password module response is the key you both use to decrypt/encrypt packets, FYI.
Quote from: brew on March 16, 2010, 08:39:29 AM
not that hard, the same type of verification has been done before. i don't see how this is the stumbling point of anyone, since it's not obfuscated at all.
also, what you send for the 0x02 password module response is the key you both use to decrypt/encrypt packets, FYI.
Which one and how did you get this information? Is it confirmed?
Perhaps you know why we all get "bad server" error when sending the rights (we think) data.
In the general interest of "sharing info", here is where im at. The ProofRequest packet sends TWO auth modules, one is password.dll the other is thumbprint.dll. ThumbPrint.dll recieves a 16byte IP address of the server if it doesn't match the hardcoded vals in ThumPrint.dll it fails(aka WoW). Now the catch 22 is we can't modify that dll because teh b.net.dll does a integrity check, if it fails you get the same "bad server" error message.
My thought was doing a EAT patch on LoadLibrary and intercept the LoadLibrary calls to the auth modules, the hook works just fine but there isnt a direct call to those dll's.
Quote from: usmc23 on March 16, 2010, 01:54:13 PM
In the general interest of "sharing info", here is where im at. The ProofRequest packet sends TWO auth modules, one is password.dll the other is thumbprint.dll. ThumbPrint.dll recieves a 16byte IP address of the server if it doesn't match the hardcoded vals in ThumPrint.dll it fails(aka WoW). Now the catch 22 is we can't modify that dll because teh b.net.dll does a integrity check, if it fails you get the same "bad server" error message.
My thought was doing a EAT patch on LoadLibrary and intercept the LoadLibrary calls to the auth modules, the hook works just fine but there isnt a direct call to those dll's.
I found out that, too. I managed to work around the second module easily.
It seems that the client uses it, but it doesn't REQUIRE it.
So by sending only the first auth module:
(http://img690.imageshack.us/img690/2818/noerror.th.jpg) (http://img690.imageshack.us/i/noerror.jpg/)
EDIT: I'm going to mess around with the next packets tomorrow.
Thats some good stuff, you should come into IRC : ), but right now im having trouble writing two bytes before the "auth" module struct. Right now i have to force the two bytes to be "42 10", I thought it was just supposed to be int:3 numModules?
We got passed the ProofRequest packet and we sent both auth dll's : ).
(http://img260.imageshack.us/img260/7599/emuprogress2.th.png) (http://img260.imageshack.us/i/emuprogress2.png/)
Quote from: usmc23 on March 16, 2010, 07:58:16 PM
We got passed the ProofRequest packet and we sent both auth dll's : ).
(http://img260.imageshack.us/img260/7599/emuprogress2.th.png) (http://img260.imageshack.us/i/emuprogress2.png/)
congratulations :)
Quote from: usmc23 on March 16, 2010, 07:58:16 PM
We got passed the ProofRequest packet and we sent both auth dll's : ).
(http://img260.imageshack.us/img260/7599/emuprogress2.th.png) (http://img260.imageshack.us/i/emuprogress2.png/)
Awesome, great job.
Quote from: usmc23 on March 16, 2010, 07:58:16 PM
We got passed the ProofRequest packet and we sent both auth dll's : ).
(http://img260.imageshack.us/img260/7599/emuprogress2.th.png) (http://img260.imageshack.us/i/emuprogress2.png/)
GJ. But what is the point in sending both packets if it doesn't need it?
Anyway, did you modify the dll or hack through it?
Quote from: usmc23 on March 16, 2010, 04:39:17 PM
Thats some good stuff, you should come into IRC : ), but right now im having trouble writing two bytes before the "auth" module struct. Right now i have to force the two bytes to be "42 10", I thought it was just supposed to be int:3 numModules?
Are you putting there the header bytes?
Quoteint:6 PacketID; // The packet id of this packet.bool:1 HasChannel // Boolean value specifying whether or not the channel id is included in the header.
int:4 ChannelID; // The channel id of this packet.
I can't join the IRC because my ISP is redirecting all the IRC traffic to their server... And I never was a mirc fan.
OOps sorry for double posting....
It might be a lil old, but if it helps you its all good: http://0x1337.org/index.html?page=sciidbg (http://0x1337.org/index.html?page=sciidbg)
Quote from: 2g4u on March 17, 2010, 03:47:38 PM
It might be a lil old, but if it helps you its all good: http://0x1337.org/index.html?page=sciidbg (http://0x1337.org/index.html?page=sciidbg)
Does that work on the b.net screen?
We just got it so when you type the password in the client it sends out the next packet(Thanks Tom), you can't just not send the thumbprint.dll you have to make it return one when it tests against the hash in the dll vs ur servers IP.
This was a combined effort of the entire Starcrack team, but here is what we have as of now:
(http://img407.imageshack.us/img407/8226/emuprogress3.th.png) (http://img407.imageshack.us/i/emuprogress3.png/)
Quote from: usmc23 on March 17, 2010, 08:09:29 PM
This was a combined effort of the entire Starcrack team, but here is what we have as of now:
(http://img407.imageshack.us/img407/8226/emuprogress3.th.png) (http://img407.imageshack.us/i/emuprogress3.png/)
Have you done some research on the packet encryption after login?
human language please :)
actually how far is this? how much long.. CANT WAIT :))))
is the password, session keys transmitted in the 2nd packet from the c -> s and vice versa?
This is all greek to me, but it's very exciting greek. Keep up the good work, guys. There's a lot of people who will be very grateful when you succeed!
Quote from: usmc23 on March 18, 2010, 01:11:02 AM
is the password, session keys transmitted in the 2nd packet from the c -> s and vice versa?
That information is already explained in our forums :O,
i would recommend you to start posting there since the one doing the research is Rob and theres already alot of information and alot more to come and he is willing to answer any question.
nvm.. delte it :/
Were going to open source our EMU sometime today or tomarrow we made some progress by putting our EMU in a VM(thanks d0ccrazy) we got to packet 0x05.
(http://img406.imageshack.us/img406/2931/emuprogress4.th.png) (http://img406.imageshack.us/i/emuprogress4.png/)
Any idea's how (approximately) long till the emulated server is released :P?
Quote from: ProoM on March 20, 2010, 08:01:49 AM
Any idea's how (approximately) long till the emulated server is released :P ?
What i have heard about some development teams is that they are advancing very slow...
We (as oTc) might work on emulating battle.net 2.0 server but this is not official yet... as you all know Rob has made some great progress on his Starcraft II protocol research, we have talked about it and he said he might add Starcraft II protocol to Emnet (Battle.net emulator he made that supports previous blizzard games), but he havn't decided yet.
Edit: Btw, if any other developer is working on this, feel free to come visit our forums and we will support you in anyway we can.
And also the link to the forum: http://s2dev.onlythechosen.com/forum/ (http://s2dev.onlythechosen.com/forum/)
so awesome ! *_* relase it first possible *_* we love it
Quote from: ProoM on March 20, 2010, 08:01:49 AM
Any idea's how (approximately) long till the emulated server is released :P ?
I saw on the tekno gods forum someone said that we should be able to play a 1v1 within a week. Can anyone confirm that?
In case someone has read this and hasn't bothered to read the thread about the StarCrack emu (or they arrive to this thread through google): the Starcrack team is getting close to getting working matches. At this rate, it won't be long at all before matches are possible. That is, unless they hit a snag and something slows down the development.
Freakin Awesome! :D I love the developers of StarCrack! :jig: I've been waiting for something that you can use for multiplayer/lan but haven't found anything. Just a site where they´re making an emulator but if they get this to work I have no idéa what im going to do! Scream or shoot myself! xD
Quote from: Dystino on April 02, 2010, 05:32:14 AM
Freakin Awesome! :D I love the developers of StarCrack! :jig: I've been waiting for something that you can use for multiplayer/lan but haven't found anything. Just a site where they´re making an emulator but if they get this to work I have no idéa what im going to do! Scream or shoot myself! xD
hahaha! :D yeah me2 LOL.. this is simply AWESOME!
Quote from: Bobbias on April 01, 2010, 05:23:14 PM
In case someone has read this and hasn't bothered to read the thread about the StarCrack emu (or they arrive to this thread through google): the Starcrack team is getting close to getting working matches. At this rate, it won't be long at all before matches are possible. That is, unless they hit a snag and something slows down the development.
Actually at this point I don't think Starcrack has even looked at getting matches to work. I believe they are just emulating battle.net (and doing a freaking great job I need to add).
So far codegen is the only group I have seen post progress on coding/decoding the actually games/packets/commands sent between players.
I could be wrong, they may be working on that as well. I could also be wrong and the emulated battle.net service may have these codes imbedded in it already? Who knows. Not I.
I don't know the low down cause I have the beta and even if i didnt, playing sc a month or 2 in advance at the risk of getting my computer bumfucked by someone who can hack, yeah ill wait haha
When can we expect the release? I saw videos where they entered Battle net and it had full menus, but i heard not all is ready. Does any1 know a beta, smth that we can have very soon of this emulator?
it seems that the community started doing its own emulation althought this looks verry promising ill still wait for the RCe team they al already past the log in and almost finished game packets , if anything happened to them someone pls tell me(they haven't updated for a looong time)
Quote from: Zexon on April 10, 2010, 06:02:09 AM
it seems that the community started doing its own emulation althought this looks verry promising ill still wait for the RCe team they al already past the log in and almost finished game packets , if anything happened to them someone pls tell me(they haven't updated for a looong time)
\they just posted a update the medivac is proving to be a problem but they r getting there :jig: :jig: :jig:
:jig: how much longer is this gonna take? I can't wait :) Thankyouuuuu SOOOOOOOOOOOOO much!
I hope you have goodluck with the emulation! I just got my sc2 beta key just right now!!!
Hi!
If u wanna get a GFW Live CD key for 1SC2 beta key, pls search me: sajisan20@gmail.com (e-mail)
If u write me, i will send my msn address.
the CD key is NOT Fake!
Quote from: Saji on April 20, 2010, 09:59:18 AM
Hi!
If u wanna get a GFW Live CD key for 1SC2 beta key, pls search me: sajisan20@gmail.com (e-mail)
If u write me, i will send my msn address.
the CD key is NOT Fake!
1) I'm sure this is not the place to post this...
2) If you post your emails on forums, you will get massive amounts of spam. (yummm...)
We must pray that this project must be successful if not, we are all doomed playing with AI(except those who have an beta key) :'( I wish that his project will be successful so everyone will be happy playing in it... :cheers:
Ok ok ok... Some ppl don't understand me.
I write it again, now pls check this:
YOU give me a Starcraft 2 Beta key/invite AND I give you a Games for Windows Live CD Key.
Understand? This is the deal.
good luck on this emulation guys ^^ hehehe hope it comes out soon coz i got my beta invite yesterday
Quote from: xavis on April 22, 2010, 04:21:54 AM
good luck on this emulation guys ^^ hehehe hope it comes out soon coz i got my beta invite yesterday
<- Another team is down.
Quote<- Another team is down.
Yeah I just talked to Rob, that is some serious shit. Now I know why all the devs literally disappeared.
Quote from: Myst on April 22, 2010, 01:07:50 PM
Quote<- Another team is down.
Yeah I just talked to Rob, that is some serious shit. Now I know why all the devs literally disappeared.
see I was right. I posted somewhere on the forum before that the if blizzard gave away keys to enough people, they will not have pirating issues before their release.
hmmm.. i still havent got a battle.net key yet :(
why not? you can preorder the game from Gamestop and get a free beta key. it's 5 dollars to preorder, and you don't even have to pick up the game at release.
of course, i'm definately gonna go get mine. already have the special edition 100% paid for. just glad i didn't preorder it a month ago, otherwise i would have had to preorder another one for a beta key :P
sigh.. if any 1 can share battle.net accounts with me it would be much appreciated... :)
would be even better if you could give me a beta key :D
ill trade a demonoid invite... its all i have to trade... :'(
How about you just preorder the real game so u can get the Beta key for $5???
Quote from: ilmman on April 26, 2010, 03:22:11 PM
How about you just preorder the real game so u can get the Beta key for $5???
How about you do it for me because I live in UK and we don't have Gamestop over here, and if you want to pre-order online you have to pay full price + postage cost
sorry for off topic post
Quote from: Jachu on April 26, 2010, 03:59:29 PM
Quote from: ilmman on April 26, 2010, 03:22:11 PM
How about you just preorder the real game so u can get the Beta key for $5???
How about you do it for me because I live in UK and we don't have Gamestop over here, and if you want to pre-order online you have to pay full price + postage cost
sorry for off topic post
lol, can you do it for me too? We don't have gamestop in China either..
cant u just post overseas? like i did... getting my beta key tommrow
Would it be possible to emulate the server on localhost and then use it for, say, LAN games?