Main Menu

The Lost Packets

Started by brew, August 06, 2010, 07:52:23 PM

Previous topic - Next topic

brew

I know of 5 completely undocumented (that is, not widely known and not on BnetDocs) packets that I'd like to share with everyone. It isn't until recently that I've aggregated enough information about their structure, function, and usage until now. While it is true that none of these have been seen, nevertheless they provide some historical background of Battle.net and may be interesting to a few people and undoubtedly deserve documented status.
I found these a while ago while researching Warden, but didn't really think much of them. Hdx recently made a thread about them on Valhalla Legends, and I believe iago posted about them at one point, too. Neither are anywhere near complete descriptions nor are they of documentation quality, however.
Without further adieu:

---------------------------------------------------------------------

0x17 - SID_READMEMORY

Structure:

(S -> C)
    (DWORD) Request ID
    (DWORD) Address
    (DWORD) Length

(C -> S)
    (DWORD) Request ID
    (VOID) Memory


Purpose:
Rudimentary hack detection system. Was never used probably due to terrible implementation with little security. Yes, it is possible for a PvPGN server to read _EVERYTHING_ that is in the process' memory, including sensitive information such as your CDKey.

Found at:
battle!1901D470h (as of 1.16.1)

---------------------------------------------------------------------

0x20 SID_ANNOUNCEMENT

Structure:

(S -> C)
    (STRING) Text


Purpose:
Very simply prints out text with the string at 1903B9FBh (the default string, used anyway if the username field is NULL in the chat event struct -- currently a single 0x7F char) as the username. Used to send announcements and arbitrary messages to the user, but this was soon superseded by SID_CHAT subcommands such as EID_INFO, EID_ERROR, and EID_BROADCAST. Printed out with the same color and style as an EID_BROADCAST.

Found at:
battle!1901DDA0h (as of 1.16.1)

---------------------------------------------------------------------

0x23 SID_WRITECOOKIE

Structure:

(S -> C)
    (DWORD) unknown/unparsed -- Flags, Request ID?
    (DWORD) unknown/unparsed -- Timestamp?
    (STRING) Registry key name
    (STRING) Registry key value



0x24 SID_READCOOKIE

(S -> C)
    (DWORD) Echoed back, Request ID?
    (DWORD) Echoed back, Timestamp?
    (STRING) Registry key name

(C -> S)
    (DWORD) First DWORD from S -> C
    (DWORD) Second DWORD from S -> C
    (STRING) Registry key name
    (STRING) Registry key value


Purposes:
Much like a website cookie, simply stores some arbitrary string to a 'cookie jar' to save preferences et al. which can be retrieved later by the server. Not used because it was quickly discovered that storing preferences produces less problems and were faster by storing them server-side, associating them with the account. It is somewhat curious that these packet IDs are close to SID_PROFILE/SID_WRITEPROFILE (0x26 & 0x27).

Found at: battle!190216FBh and battle!1901D660h, respectively.

---------------------------------------------------------------------

0x43 SID_WARCRAFTSOMETHING

(S -> C)
    (DWORD) Unknown (0)


Purpose:
Unknown. I am unable to disassemble Warcraft 3's game.dll without a lot of trouble, and therefore I have limited knowledge of it. It has been seen once, after SID_LOGONPROOF (0x54) in the NLS logon sequence.

Found at: game.dll

---------------------------------------------------------------------


It would be nice if somebody updated BnetDocs with this information.

Jailout2000

#1

Updated per your documentation:


S>C 0x17 SID_READMEMORY
C>S 0x17 SID_READMEMORY
S>C 0x20 SID_ANNOUNCEMENT
S>C 0x23 SID_WRITECOOKIE
S>C 0x24 SID_READCOOKIE
C>S 0x24 SID_READCOOKIE
S>C 0x43 SID_WARCRAFTUNKNOWN


- Jailout2000


P.S. Sorry for bumping a really old thread. Just thought I'd share that I added these packets.