Emulate Battle.net

MADCATX · February 25, 2010, 02:45:24 AM

Quote from: unsobill on February 24, 2010, 07:15:57 PM
Sorry if i bug you MADCATX, Can you explain if possible, how capture with authenticated information would help? I'm just curios, if that will be efficient information to emulate BAttle.net server, or there must be custom API to be written or such in order to emulate ? As far as i understand Blizzards side server currently "hosting" maps and synchronize players in the game ? How in this case capture authentication traffic would help ? Which kind of traffic is expected to be captured and what needs to be performed? Reason i'm asking is We should educate masses and have them do it without risk of them loosing their keys - everyone is suspicious about their authentication data. Please share your mind with us. Thank you !

First of all, if someone want to submit this data, they should change their password before doing so. It's not the only packets I ask, they should also load some map. Packets dumps will play some scenario of interacting with battle.net between client and server, that we can repeat. I don't know if there is some interaction between the client and server in the game it self with only one player presented. If there is, then it will be hard to repeat. Everything else can be done by repeating the packets scenario.
If someone cracked the battle.net.dll, and has data mined information about packet structures, then it will be more valuable then packets dumps.

Coldfusionstorm · February 25, 2010, 06:36:17 AM

SO you need someone who is able to login?, i can only get to login screen. but i sounds like you allready have those packets

Xzotica · February 25, 2010, 06:54:09 AM

I have a working cd key of my own. And i think i may be able to help depending on what you want me to do.

MADCATX · February 25, 2010, 08:28:16 AM

Quote from: Xzotica on February 25, 2010, 06:54:09 AM
I have a working cd key of my own. And i think i may be able to help depending on what you want me to do.

I posted FAQ how to do so here: http://darkblizz.org/Forum2/index.php?topic=526.0

Highdroponic · February 25, 2010, 08:55:17 AM

yay xzotica!!!!

Xzotica · February 25, 2010, 09:36:59 AM

File sent to drealecs now. And i say it here aswell. If you guys need further help. then feel free to ask, and ill see what i can do.

WildFire · February 25, 2010, 10:52:11 AM

Quote from: Xzotica on February 25, 2010, 09:36:59 AM
File sent to drealecs now. And i say it here aswell. If you guys need further help. then feel free to ask, and ill see what i can do.

your a life saver!!!!! thanks man...

newbiz · February 25, 2010, 10:53:56 AM

Thank you very much Xzotica ^^ Very kind of you !

aChnorr · February 25, 2010, 12:03:52 PM

MADCATX, are you reading the package header/information or just sending what you captured with wireshark without knowing what it means? Can you please post what you know about the protocol here.

MADCATX · February 25, 2010, 01:09:58 PM

Quote from: aChnorr on February 25, 2010, 12:03:52 PM
MADCATX, are you reading the package header/information or just sending what you captured with wireshark without knowing what it means? Can you please post what you know about the protocol here.

I try to differentiate packets with answers to the same command, if they differ then there is simething to do with it.
I've found that packet coming from server to auth command always have different bytes, starting from byte 46, so this packet have some header information and the rest is the seesion key.
US auth header:
420861757468005553428f52906a2c85b416a595702251570f96d3522f39237603115f2f1ab24962043c500100
EU auth header:
421061757468004555428f52906a2c85b416a595702251570f96d3522f39237603115f2f1ab24962043c500100
Possible differences EU in place of US and so on (4555=EU)(5553=US)...
However EU session key is longer then US by 554 bytes. You also can't login to US server with EU client and vice versa. What is stored in this 554 bytes I do not imagine.

Steeled209 · February 25, 2010, 03:10:51 PM

OMG i´ll cannot play from Eu with the US client with crack patched?

aChnorr · February 25, 2010, 03:45:00 PM

//Auth C->S
// 52 bytes + username in plain text username: er@er.er
// protocolID 0x40?
0x40, 0x00, 0x00, 0x0a, 0x66, 0x02, 0x0a, 0xed,
0x2d, 0x66, 0xad, 0xca, 0xaa, 0x0b, 0x01, 0x00,
0x29, 0x99, 0x46, 0xb0, 0xb6, 0xb2, 0x01, 0x00,
0x1b, 0x21, 0x01, 0x00, 0x29, 0x99, 0x00, 0x2b,
0xb4, 0xb7, 0x00, 0x00, 0x1b, 0x21, 0x43, 0x37,
0x32, 0xba, 0x00, 0x2b, 0xb4, 0xb7, 0x00, 0x00,
//
// l---------l different depending of usernamelength ( format? )
// l l e r @ e
0x21, 0xf9, 0x02, 0x05, 0x65, 0x72, 0x40, 0x65,
// r . e r
0x72, 0x2e, 0x65, 0x72

//Auth S->C
//protocolID 0x42?
// a u t h U
0x42, 0x10, 0x61, 0x75, 0x74, 0x68, 0x00, 0x55,
//S B
0x53, 0x42, 0x8f, 0x52, 0x90, 0x6a, 0x2c, 0x85,
// session key?? password?? crap??
0xb4, 0x16, 0xa5, 0x95, 0x70, 0x22, 0x51, 0x57,
0x0f, 0x96, 0xd3, 0x52, 0x2f, 0x39, 0x23, 0x76,
.....and so on....( 919 byte )

C-> Bad server..
This is as far as i know...
How can the client determine that my program is a bad server?? it sends exactly the same data as i captured in wireshark.

MADCATX · February 25, 2010, 04:07:12 PM

Quote from: aChnorr on February 25, 2010, 03:45:00 PM
//Auth C->S
// 52 bytes + username in plain text username: er@er.er
// protocolID 0x40?
0x40, 0x00, 0x00, 0x0a, 0x66, 0x02, 0x0a, 0xed,
0x2d, 0x66, 0xad, 0xca, 0xaa, 0x0b, 0x01, 0x00,
0x29, 0x99, 0x46, 0xb0, 0xb6, 0xb2, 0x01, 0x00,
0x1b, 0x21, 0x01, 0x00, 0x29, 0x99, 0x00, 0x2b,
0xb4, 0xb7, 0x00, 0x00, 0x1b, 0x21, 0x43, 0x37,
0x32, 0xba, 0x00, 0x2b, 0xb4, 0xb7, 0x00, 0x00,
//
// l---------l different depending of usernamelength ( format? )
// l l e r @ e
0x21, 0xf9, 0x02, 0x05, 0x65, 0x72, 0x40, 0x65,
// r . e r
0x72, 0x2e, 0x65, 0x72

//Auth S->C
//protocolID 0x42?
// a u t h U
0x42, 0x10, 0x61, 0x75, 0x74, 0x68, 0x00, 0x55,
//S B
0x53, 0x42, 0x8f, 0x52, 0x90, 0x6a, 0x2c, 0x85,
// session key?? password?? crap??
0xb4, 0x16, 0xa5, 0x95, 0x70, 0x22, 0x51, 0x57,
0x0f, 0x96, 0xd3, 0x52, 0x2f, 0x39, 0x23, 0x76,
.....and so on....( 919 byte )

C-> Bad server..
This is as far as i know...
How can the client determine that my program is a bad server?? it sends exactly the same data as i captured in wireshark.

Bad server means the you use US client, but send EU auth data, I'm currently downloading EU client to test it...

imsorrisuck · February 25, 2010, 04:53:49 PM

Now I'm no brainiac at this stuff, & what I'm saying may be completely wrong... But what if the file you are tinkering with isn't the correct file? I played WOTLK before it was released, on a private server it was way to easy. I think they may try to make this one harder. Now you say that it keeps connecting to there server even after you put yours in. What if they hid the actual file somewhere else that connects to the server and the one that you guys are messing with is just a decoy? Again I may be completely off but just trying to help out anyway possible!! Hope all is going well!!

Plasmacid · February 25, 2010, 05:18:48 PM

Quote from: Xzotica on February 25, 2010, 09:36:59 AM
File sent to drealecs now. And i say it here aswell. If you guys need further help. then feel free to ask, and ill see what i can do.

I want to marry you! ^^

Now, with this info, will we be able to successfully emulate battle.net?