FAQ: How to dump packets

Started by MADCATX, February 24, 2010, 05:38:13 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions

MADCATX

February 24, 2010, 05:38:13 PM
jokinglygo asked me how to dump packets, so I will post it here, may be some one else will

find it useful too.


1) Download WireShark ( http://www.wireshark.org/download.html )

2) Install the WireShark ( click Next all the way :) )

3) Open WireShark

4) Open "Show capture options dialog", see screen-shot 1

5) Select adapter you use to connect to the Internet, open capture filter dialog, see screen-

shot 2

6) Create new filter and type "port 1119" into filter string and click ok, see screen-shot 3

7) Change your Battle.net password to something else

8) Click Start in "capture options dialog"

9) Open Starcraft 2 game and push all the buttons you can in the battle.net

10) Close game, you should be able to see all the interaction between the SC2 client and

battle.net server in WireShark, stop the capture of packets, see screen-shot 4

11) Save as file, choosing all packets captured, see screen-shots 5 and 6


12) Restore your original Battle.net password

Screen-shot 1:



Screen-shot 2:



Screen-shot 3:



Screen-shot 4:



Screen-shot 5:



Screen-shot 6:

2g4u

#1
February 24, 2010, 06:10:00 PM Last Edit: February 24, 2010, 06:13:19 PM by 2g4u
I can provide you with a useful dump(the whole Auth process, Profile edit, Searching for players process, game in progress, scoreboard after the game end... whatever you need from the live beta functions just post in this topic), but if you can tell me which is the "password recognition" part of a dump? I need to remove it cause the acc that I use to play is not mine(so I can't change the pass) and there is a WoW acc attached to it, which costs more then 500$. And if I got my friend's acc hacked he will be mad.

/offtopic

I think that the Devs got some kind of SC2Beta enabled acc for testing purposes, have you tried asking in the dev channel for such dump(s) ?
"Only two things are infinite, the universe and human stupidity, and I'm not sure about the former!" Albert Einstein

Myst

#2
February 24, 2010, 06:32:23 PM
I have a couple logs, full login connections.  I'll post them up sometime later.

drealecs

#3
February 25, 2010, 12:34:31 AM Last Edit: February 25, 2010, 12:39:11 AM by drealecs
Password encription is useful too. If someone can provide us with an auth dump and password  used and change their password before sending the dump it would be great.
It could be great if there will be multiple auth dumps with diferent passwords.

2g4u, you could:

1. change the password to something else (password1)
2. dump the auth process
3. change the password back to your original friend account
4. send us the dump and the password1
5. posibbly repeat step 1 and 2 for more diferent passwords authentication dumps.

Will you?

MADCATX

#4
February 25, 2010, 03:30:38 AM
Quote from: 2g4u on February 24, 2010, 06:10:00 PM
I can provide you with a useful dump(the whole Auth process, Profile edit, Searching for players process, game in progress, scoreboard after the game end... whatever you need from the live beta functions just post in this topic), but if you can tell me which is the "password recognition" part of a dump? I need to remove it cause the acc that I use to play is not mine(so I can't change the pass) and there is a WoW acc attached to it, which costs more then 500$. And if I got my friend's acc hacked he will be mad.

/offtopic

I think that the Devs got some kind of SC2Beta enabled acc for testing purposes, have you tried asking in the dev channel for such dump(s) ?
I tried asking devs if I can help, they said that they don't need more people helping them. And they won't give any dumps.
42 48 21 02 (BH!.) - Auth command, after that goes encrypted password.

There is also possibility that your real name and Starcraft2 nickname is returned in answer to this command (WoW auth returns this values as Strings).

Change any personal info you can, dump packets, restore original personal info.

If you can't edit personal info, then you should edit saved dump file with program like xvi32 or notepad++(not changing the encoding).

Screen-shot(edited):

ropman

#5
February 25, 2010, 09:27:50 AM
Quote from: MADCATX on February 25, 2010, 03:30:38 AM
I tried asking devs if I can help, they said that they don't need more people helping them. And they won't give any dumps.


lol thats really weird i wonder if the "devs" are real and not some agents from blizzard just pretending to work in order to delay it as much as possible :) if u would have the dumps, probably the basic AI playable emulated server would already be here at least. but i still think dumps dont have to be enough, because there might be some session dependant data what is hard to analyze with just 1 dump... key would be much better :) the only problem is once somebody got it, there is no motivation for the person to make emulated server anymore :)

prefix331

#6
March 03, 2010, 02:35:27 AM
Quote from: 2g4u on February 24, 2010, 06:10:00 PM
I can provide you with a useful dump(the whole Auth process, Profile edit, Searching for players process, game in progress, scoreboard after the game end... whatever you need from the live beta functions just post in this topic), but if you can tell me which is the "password recognition" part of a dump? I need to remove it cause the acc that I use to play is not mine(so I can't change the pass) and there is a WoW acc attached to it, which costs more then 500$. And if I got my friend's acc hacked he will be mad.

/offtopic

I think that the Devs got some kind of SC2Beta enabled acc for testing purposes, have you tried asking in the dev channel for such dump(s) ?

If you have your friends account passord, surely you can change the password then just call him and agree upon another password to use? Or does he not know you are using his account? ;)
Print
Go Up Pages1
User actions