gaim-bnet-devel

[gaim-bnet-devel] Binary Support?

[Ron <ia...@va...>]

Hey guys,

I just subscribed to this list, so I hope I'm not being rude by posting 
right away, but here we go anyway.

I've been an active Battle.net developer for some time.  I worked with 
the first group to publicly reverse engineer the Warcraft 3 (NLS) login, 
and I have a very strong understanding of all the workings of any Binary 
login.

Anyway, I was considering writing a gaim binary bot at some point; 
however, it seems like you guys have already gotten the groundwork done, 
which can probably save me a lot of time.

I also helped my friend develop the BNCSUtil library, which is all the 
functions needed to connect to Battle.net on any game/platform. 
http://bncsutil.ionws.com/

I also run a server called RCRS, or Remote CheckRevision Server.  It 
does the version checks for you, which means that when Starcraft (or 
whatever) updates, you don't have to update each client, you just have 
to update the server.  It doesn't, however, do any password or cdkey 
encryption, that is done 100% locally in the libraries.

I hope this project does well, and all the best to you.  I'm more than 
happy to help out theoretically, and, when school slows down, possibly 
even to help physically. 

Thanks!
Ron

Re: [gaim-bnet-devel] Binary Support?

[Zilo <ko...@ic...>]

On 03/16/05 04:46:36, Ron wrote:
> [...]
> I hope this project does well, and all the best to you.  I'm more =20
> than happy to help out theoretically, and, when school slows down, =20
> possibly even to help physically.
> Thanks!
> Ron

Well, I know you :)
I've already seen your site, and thanks to your bot code I coded a gaim =20
plugin for the bnet BIN protocol too...

It's still sperimental but it works, you can see it at
www.sf.net/projects/gaim-bnetg

It doesn't use RCRS now but simply read from a xml file what's needed =20
and calculate checksums of files directly... anyway it will be easy to =20
add RCRS support too in the future :)

If you want to use it simply download the sources and put in your =20
~/.gaim directory:
bnetg/games.xml (in attach to this message)
bnetg/sc/battle.snp
bnetg/sc/starcraft.exe
bnetg/sc/storm.dll

Let me know what you think about it :)

--
Dario Zilocchi
ko...@gm...

Listening: Nine Inch Nails - Where Is Everybody

Re: [gaim-bnet-devel] Binary Support?

[Ron <ia...@va...>]

> Well, I know you :)
> I've already seen your site, and thanks to your bot code I coded a 
> gaim  plugin for the bnet BIN protocol too...
>
> It's still sperimental but it works, you can see it at
> www.sf.net/projects/gaim-bnetg
>
> It doesn't use RCRS now but simply read from a xml file what's needed  
> and calculate checksums of files directly... anyway it will be easy 
> to  add RCRS support too in the future :)
>
> If you want to use it simply download the sources and put in your  
> ~/.gaim directory:
> bnetg/games.xml (in attach to this message)
> bnetg/sc/battle.snp
> bnetg/sc/starcraft.exe
> bnetg/sc/storm.dll
>
> Let me know what you think about it :)
>

Very cool, I'll have a look at it when I get some time.  Which clients 
does it support? 

I highly recommend BNCSUtil if you haven't already looked at it. 

Re: [gaim-bnet-devel] Binary Support?

[Zilo <ko...@ic...>]

On 03/16/05 15:42:16, Ron wrote:
> Very cool, I'll have a look at it when I get some time.  Which =20
> clients does it support?

I tested it only for starcraft/broodwar and it works... for the others =20
clients updating the games.xml file should be enough I think.

> I highly recommend BNCSUtil if you haven't already looked at it.

I'm reading now some headers... thinking about it...

--
Dario Zilocchi
ko...@gm...

Listening: Nine Inch Nails - Complication

Re: [gaim-bnet-devel] Binary Support?

[Ron <ia...@va...>]

The problem is that the cdkey decryption is different for War2 and D2 
(and is common beween the two of them), and the login is totally 
different for War3.  War3 uses different messages (SID_AUTH_ACCOUNTLOGON 
[0x53] and SID_AUTH_ACCOUNTLOGONPROOF [0x54]) to log in.  The packets 
are described in a document I wrote, 
http://www.javaop.com/~iago/SRP.html.  They are cryptographically 
strong, and also pretty hard to do it in C.  BNCSUtil, of course, can do 
it :P

By the way, if you've never seen it, have a look at 
http://bnetdocs.valhallalegends.com.  That's maintained by Arta[vL] and 
others (including me).  It has tons of great information.

Just for fun, I'll give the history of the war3 login.

When War3 was first released, Skywing and Yoni (both members of vL) 
reversed the entire thing, privately, and made a server called BNLS.  
Basically, you send your cdkey and password to it and it encrypts them 
for you.  I personally hated it, and think that the whole idea of a 
server like that is asinine.

Last summer, me, Maddox, and TheMinistered (from 
forum.valhallalegends.com) reversed it ourself to C++ code.  The C++ 
code relied heavily on the storm.dll library, which we didn't like.  We 
were planning on cleaning it up and releasing it. 

Unfortunately, the source (including a .dll for using it) was stolen off 
TheMinistered's the computer due to a stupid VNC password.  Somebody 
released it, and we never supported it.  The project kinda died, and 
people used the stolen code.

Evenually, I got Maddox and TheMinistered's permission to port it to 
Java and opensource it.  I did that, and about a month ago I wrote 
documentation on it (SRP.html from above).  Using that documentation, 
Cloaked or shadypalm wrote BNCSUtil, which is back to C++.

Kind of a neat story.  To me, anyway.

Zilo wrote:

> On 03/16/05 15:42:16, Ron wrote:
>
>> Very cool, I'll have a look at it when I get some time.  Which  
>> clients does it support?
>
>
> I tested it only for starcraft/broodwar and it works... for the 
> others  clients updating the games.xml file should be enough I think.
>
>> I highly recommend BNCSUtil if you haven't already looked at it.
>
>
> I'm reading now some headers... thinking about it...
>
> -- 
> Dario Zilocchi
> ko...@gm...
>
> Listening: Nine Inch Nails - Complication
>
>
>
>
> -------------------------------------------------------
> SF email is sponsored by - The IT Product Guide
> Read honest & candid reviews on hundreds of IT Products from real users.
> Discover which products truly live up to the hype. Start reading now.
> http://ads.osdn.com/?ad_ide95&alloc_id396&op=click
> _______________________________________________
> gaim-bnet-devel mailing list
> gai...@li...
> https://lists.sourceforge.net/lists/listinfo/gaim-bnet-devel
>
>

Re: [gaim-bnet-devel] Binary Support?

[Zilo <ko...@ic...>]

On 03/16/05 21:45:21, Ron wrote:
> The problem is that the cdkey decryption is different for War2 and D2 =20
> (and is common beween the two of them), and the login is totally =20
> different for War3.  War3 uses different messages =20
> (SID_AUTH_ACCOUNTLOGON [0x53] and SID_AUTH_ACCOUNTLOGONPROOF [0x54]) =20
> to log in.  The packets are described in a document I wrote, =20
> http://www.javaop.com/~iago/SRP.html.  They are cryptographically =20
> strong, and also pretty hard to do it in C.  BNCSUtil, of course, can =20
> do it :P

Sorry, I didn't undestand... so, my new answer is that it support only =20
starcraft like games (for cdkey and login) :)

I'm reading your headers, and apart from classes (plugin is in C) and =20
small problems (ex, nls_account_create() and nls_account_logon() create =20
packets in form of buffers to send, and my plugin manage packets in =20
others ways I'd like to keep) I think that all the rest should be =20
easily used as is. I'll check better anyway...

> By the way, if you've never seen it, have a look at =20
> http://bnetdocs.valhallalegends.com.  That's maintained by Arta[vL] =20
> and others (including me).  It has tons of great information.

I used it together with your java bot for my code, very very useful =20
thanks :)

> Just for fun, I'll give the history of the war3 login.
> [...]
> Kind of a neat story.  To me, anyway.

Cool, really.
And how do you succeed to reverse the login process? Well, simply =20
reading the program disassembled code, or other?
Very difficult anyway :/

Anyway, if you want to join the project on sourceforge, just create an =20
account on it (if you haven't one already) and I'll let you enter. The =20
more we are, the better is :)

--
Dario Zilocchi
ko...@gm...

Listening: 03 radiohead amnesiac - pulk pull revolving doors

Re: [gaim-bnet-devel] Binary Support?

[Zilo <ko...@ic...>]

On 03/16/05 22:27:12, Zilo wrote:
> ...and small problems (ex, nls_account_create() and
> nls_account_logon() create packets in form of buffers to send, and my =20
> plugin manage packets in others ways I'd like to keep)...

Well I thinked they whould create an entire packet and not only it's =20
contents... anyway it isn't a real problem anymore! Good work :)

--
Dario Zilocchi
ko...@gm...

Listening: Two Lone Swordsmen - Sex Beat

Re: [gaim-bnet-devel] Binary Support?

[Ron <ia...@va...>]

I have an account, although I forget what it is.  I'm not in a big hurry 
since it's big homework time right now.  My courses end at the beginning 
of April, so we're in the crunch time.

We reversed it first by packet logging.  We got an idea of what changes 
and what doesn't.  Somebody at some point recognized that the NLS was 
very similar to SRP (http://srp.stanford.edu), so that was a bit of a 
starting point.  After that, a couple guys (before I got in on the 
project) faced a lot of difficulties, such as calls to weird Storm.dll 
functions (the ordinals were 601 - 647).  I had a look and managed to 
identify a couple, and from those I managed to get the rest from the Mac 
version of Storm.dll (which actually has function names).  You can see 
them here:
http://www.javaop.com/~iago/Storm.txt

Armed with that, there wasn't actually much more to do.  If you read 
through SRP.html, I make a couple comments about where it differs from 
standard SRP.  Mainly, where it calculates M[1] and K.  Me and 
TheMinistered did K, and Maddox did M[1].  Maddox put it all together 
and coded it in C++ and got it all working.  It was actually a lot 
easier than it seemed to be.

What we had, at that point, was just a mess of code.  Variables weren't 
named well and such.  But it worked.  I converted it, line by line, to 
Java.  It was still a mess.

It wasn't until about a month ago when I cleaned it all up and named the 
functions after their corresponding variables from SRP.  And wrote 
SRP.html.  Now that I've done that, I understand it pretty well. 

I'll get back to you with my SourceForge username when I find it.  It's 
probably iago, though :)

If you need to contact me via IM, feel free:
aim: iagox86
msn: ia...@d2...
icq: 96228890

I rather like discussing it here, though, where others can see.

Ron

Zilo wrote:

> On 03/16/05 21:45:21, Ron wrote:
>
>> The problem is that the cdkey decryption is different for War2 and 
>> D2  (and is common beween the two of them), and the login is totally  
>> different for War3.  War3 uses different messages  
>> (SID_AUTH_ACCOUNTLOGON [0x53] and SID_AUTH_ACCOUNTLOGONPROOF [0x54])  
>> to log in.  The packets are described in a document I wrote,  
>> http://www.javaop.com/~iago/SRP.html.  They are cryptographically  
>> strong, and also pretty hard to do it in C.  BNCSUtil, of course, 
>> can  do it :P
>
>
> Sorry, I didn't undestand... so, my new answer is that it support 
> only  starcraft like games (for cdkey and login) :)
>
> I'm reading your headers, and apart from classes (plugin is in C) and  
> small problems (ex, nls_account_create() and nls_account_logon() 
> create  packets in form of buffers to send, and my plugin manage 
> packets in  others ways I'd like to keep) I think that all the rest 
> should be  easily used as is. I'll check better anyway...
>
>> By the way, if you've never seen it, have a look at  
>> http://bnetdocs.valhallalegends.com.  That's maintained by Arta[vL]  
>> and others (including me).  It has tons of great information.
>
>
> I used it together with your java bot for my code, very very useful  
> thanks :)
>
>> Just for fun, I'll give the history of the war3 login.
>> [...]
>> Kind of a neat story.  To me, anyway.
>
>
> Cool, really.
> And how do you succeed to reverse the login process? Well, simply  
> reading the program disassembled code, or other?
> Very difficult anyway :/
>
> Anyway, if you want to join the project on sourceforge, just create 
> an  account on it (if you haven't one already) and I'll let you enter. 
> The  more we are, the better is :)
>
> -- 
> Dario Zilocchi
> ko...@gm...
>
> Listening: 03 radiohead amnesiac - pulk pull revolving doors
>
>
>
>