About the whole RCRS and BNLS thingy

[TyC-Pros]

Greetings,

first of all congratulations to Joe and iago on a great job. I absolutely love JavaOP, and have used it with great pleasure in the past.

I may be using it again in the near future, but there are a few questions I have first. Since RCRS has been removed from JavaOP and replaced by BNLS, I am wondering about the following:

For what tasks in the login process is BNLS used? One of the main advantages of RCRS was that it did not send any private data (CD keys, passwords) across the network, which most BNLS-based bots do. From what I recall BNLS can be used in this way as well - does the current version of JavaOP only use BNLS for the things it used RCRS in the past, or does it do more?

Edit: I just took a look at the source and it seems the latest versions use BNLS for pretty much everything. I haven't been following the whole Bot Development scene for a while, but from what I understand the whole new "lockdown" thingy only affects the Checkrevision part. Would it be possible for me to modify the Login procedure so it only uses BNLS for the Checkrevision and do everything else locally? (similar to the way I believe RCRS was used in the past)

With regards,

TyC-Pros

[Hdx]

From what joe has told me, all BNLS is used for is crev.
If it is used for anything else, i'll kick him.
But he said the BNLS class was made in the same interface as the RCRS.
So that they could be easily swpped.
Meh, we'll see
~Hdx

[Joe]

I connect to BNLS, request a BNLS_GETVERSIONBYTE, send SID_AUTH_INFO and with that information, I request a BNLS_VERSIONCHECKEX2.

Key hashing and password hashing is done locally, as it has always been and always will be. I think it's a pretty dumb idea to send your CD-Key and password over the wire in plain-text. I trust Yoni and Skywing, but a JBLS server is ridiculously easy to rig up to steal such information.

[TyC-Pros]

Ok thanks for clearing that up - I must admit I haven't looked at the source beyond the BNETLogin plugin

[Hdx]

I wish to make a note:
JBLS is in no way setup to steal any personal information sent to it.
A user must specifically edit it and recompile it to make it do such a thing.
So only use a server that you can trust, and the host is a trustworthy person. *cough*mine*cough*
~Hdx

[Joe]

Hdx is completely right. His can be trusted as a legit source for hashing your CD-Keys and passwords, although it's still stupid to send them over the wire (man in the middle) when you can do them locally with minimal effort.

[TyC-Pros]

Hdx, I don't suppose your server supports WarCraft 2 logins? And I understand the standard version of JBLS isn't rigged to do anything with CD-keys and passwords - wouldn't be good for your reputation

Anyway, I've been trying to connect for about an hour now, BNLS is down so that obviously doesn't work, and I'm getting invalid password notifications when using alternatives.

So I'm guessing I'll have to wait until BNLS gets back online. Tried some alternatives that were posted on the Stealthbot forums (by Hdx no less ), but that didn't work out either.

Does beta 41 even support WarCraft 2 at the moment? Seem to recall some part of the 42 patchnotes that mentioned it being disabled, or I might have read it too fast.

In any case, thanks for your help, both of you of course

[Joe]

You read too fast. 42 isn't released yet, due to BNLS being down, and if I understand correctly, you're referring to me stating that local CheckRevision was re-enabled for W2BN.

[TyC-Pros]

you're referring to me stating that local CheckRevision was re-enabled for W2BN

Yeah, got the whole thing confused it seems.