Clan x86
Technical (Development, Security, etc.) => General Programming => Botdev => Topic started by: iago on March 19, 2005, 03:42:52 pm
-
Last night and this morning I spent a little time and figured out how Battle.net's server signatures work. It's a simple RSA decryption, r = sk % n, where n is a 128-byte constant, k is a 4-byte constant, and s is the 128-byte signature. See this document for more details:
http://www.javaop.com/~iago/ServerSig.html
-
Har. Good work.
Was that documented anywhere else?
-
Not that I know of. I knew going in that it was the IP, encrypted, which made it a little easier. But Skywing told me that directly, a long time ago.
-
Is there any way to create a signature for localhost ip (127.0.0.1)???
What i want to do is interfere between Warcraft and battle.net.
I use a modified JavaOp version for THE REAL client (this connects to battle.net) and some extra classes as a server (listens to 127.0.0.1:6112)
Then i let all packets pass through this filter except the SID_AUTH_INFO, which is replaced by a packet with a cdkey different than the one used in war3 mpq files.
That way i am able to change cdkeys on the fly.
The only problem is that the signature my program sents to warcraft is baaad.
-
Reply to myself :P
After tingling with warcraft3 files a little I found that the modulo parameter n is located in the file game.dll offset 0x00722B70
I changed it to all BB's except the last 4 bytes : 0x01000080 (which is {the hex representation of 127.0.0.1 in reverse order} + 1)
After the n is the key k (offset 0x00722BF0). Replaced it with dec 1 (hex: 0x00000001)
So now the sig we have to send to warcraft 3 is all BB's except the last 4 bytes : 0x0100007F
-
Doesn't that mean that now you can't get onto the real Battle.net?
-
Doesn't that mean that now you can't get onto the real Battle.net?
Oh well. ::)
-
The point of the server signature is to prevent fake servers, such as yours. It would be computationally infeasable to get Blizzard's private key and thus to make your own signature without patching the client.
Maddox says that he found the private key, but I don't believe him.
-
How can you decrypt something you can't encrypt? Perhaps Blizzard's key will be in the WarCraft III client.
-
How can you decrypt something you can't encrypt? Perhaps Blizzard's key will be in the WarCraft III client.
By using public key cryptography:
A public key can be derived from a private key, but a private key can NOT be derived from the public key.
If a message is encrypted with a private key a, it can only be decrypted with the matching public key A. That provides proof that a message was sent from the source with the private key.
If a message is encrypted with a public key B, it can only be decrypted with the matching private key b. That provides confidentiallity since only the person with the matching private key can ever see your message.
When logging into Battle.net as War3, it uses ephemeral (http://dictionary.reference.com/search?q=ephemeral) (temporary) public/private keys that are based on the password to verify the other's identity.
For more information, and lots of links, see:
http://en.wikipedia.org/wiki/Public-key_cryptography
-
AHH
-
Actually i never wanted to find the private key battle.net uses (as this operation will take about 100 years). I just want to make warcraft believe that my localhost server is NOT fake server. Hex editing of game.dll didn't actually work (perhaps private key is in another file too).
So i suppose patching the client (so as to skip verifying server) will be a solution...
But WHERE is such a patch?!??!?!? ??? ???
-
(as this operation will take about 100 years)
No, for this reason: If it took one computer 100 years, it would take 100 computers 1 year, or 36,500 computers 1 day. It would actually take something on the order of 10^100 (that's a 1 with 100 zeroes after it, 10000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000) years. At least.
So i suppose patching the client (so as to skip verifying server) will be a solution...
But WHERE is such a patch?!??!?!? ??? ???
Dunno. I could probably go back and find it, but that sounds like work.. :)
-
(as this operation will take about 100 years)
No, for this reason: If it took one computer 100 years, it would take 100 computers 1 year, or 36,500 computers 1 day. It would actually take something on the order of 10^100 (that's a 1 with 100 zeroes after it, 10000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000) years. At least.
*cough* Botnets *cough*
-
(as this operation will take about 100 years)
No, for this reason: If it took one computer 100 years, it would take 100 computers 1 year, or 36,500 computers 1 day. It would actually take something on the order of 10^100 (that's a 1 with 100 zeroes after it, 10000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000) years. At least.
*cough* Botnets *cough*
No, because you're fighting an expontential problem with multiplication. Say you had a botnet of 100 billion computers (100,000,000,000). That would still take 10000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 / 100000000000, or 100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 years. Which really doesn't make a difference.
If you ever take an algorithm analysis course, you'll learn that you can't fight exponential problems with multiplication.
-
OMG I SOLVED IT!!!!
log(10000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000)
I win.
-
wtf? Anyhow, heres an (almost) port to VB of the checking function. Theres one line thats (cleary) still in Java, so iago or somebody can fix that, or I will eventually.
'---------------------------------------------------------------------------------------
' Module : modServerSig
' Author : Joe[x86]
' www.x86labs.org
' Purpose : Verification of WAR3/W3XP Battle.net server signatures.
'---------------------------------------------------------------------------------------
Option Explicit
Public Function checkServerSignature(sig As String, ip As String) As Boolean
Dim I As Integer, Ret As Boolean
Dim K() As Byte: Let K = Array(0, 1, 1, 0)
Dim N() As Byte: Let N = Array(&HD5, &HA3, &HD6, &HAB, &HF, &HD, &HC5, &HF, &HC3, &HFA, &H6E, &H78, &H9D, &HB, &HE3, &H32, &HB0, &HFA, &H20, &HE8, &H42, &H19, &HB4, &HA1, &H3A, &H3B, &HCD, &HE, &H8F, &HB5, &H56, &HB5, &HDC, &HE5, &HC1, &HFC, &H2D, &HBA, &H56, &H35, &H29, &HF, &H48, &HB, &H15, &H5A, &H39, &HFC, &H88, &H7, &H43, &H9E, &HCB, &HF3, &HB8, &H73, &HC9, &HE1, &H77, &HD5, &HA1, &H6, &HA6, &H20, &HD0, &H82, &HC5, &H2D, &H4D, &HD3, &H25, &HF4, &HFD, &H26, &HFC, &HE4, &HC2, &H0, &HDD, &H98, &H2A, &HF4, &H3D, &H5E, &H8, &H8A, &HD3, &H20, &H41, &H84, &H32, &H69, &H8E, &H8A, &H34, &H76, &HEA, &H16, &H8E, &H66, &H40, &HD9, &H32, &HB0, &H2D, &HF5, &HBD, &HE7, &H57, &H51, &H78, &H96, &HC2, &HED, &H40, &H41, &HCC, &H54, &H9D, &HFD, &HB6, &H8D, &HC2, &HBA, &H7F, &H69, &H8D, &HCF)
'Do the calculation
byte []result = new BigIntegerEx(BigIntegerEx.LITTLE_ENDIAN, sig).modPow(key, mod).toByteArray();
Dim CorrectResult As String: CorrectResult = String(Len(Result), Chr(&HBB))
CorrectResult = ip & Mid(CorrectResult, 5)
Ret = True
For I = 0 To Len(Result) Step 1
If Result(I) <> CorrectResult(I) Then
Ret = False
End If
Next I
End Function
EDIT -
Hrm, got somewhere with porting BigIntegerEx too!
Public Const BIG_ENDIAN As Integer = 0
Public Const LITTLE_ENDIAN As Integer = 1
Public Const BIGINT_SIZE = 32
-
byte []result = new BigIntegerEx(BigIntegerEx.LITTLE_ENDIAN, sig).modPow(key, mod).toByteArray();
That's the most important line, and the one line that I'm pretty sure you can't do in Visual Basic. First, it creates an arbitrary length integer from the signature, then does the calculation (signaturekey % mod) (where % is modular division). This is the standard formula for encryption/decrypting/creating keys. ab%c with arbitrary length integers is cryptographically the most important function.
-
function poiuytrewq(a as long, b as long, c as long) as currency
poiuytrewq = (a ^ b) mod c
end function
?
-
function poiuytrewq(a as long, b as long, c as long) as currency
poiuytrewq = (a ^ b) mod c
end function
?
I think he's trying to implement modpow with short variables. A "long" isn't arbitrary length.
-
currency is the closest to arbitrary you can get, and long ...eh...whatever I give up. VB sucks that way.
-
I don't think a currency can do 1024-bit numbers, though, which is what the server signature is.
-
byte []result = new BigIntegerEx(BigIntegerEx.LITTLE_ENDIAN, sig).modPow(key, mod).toByteArray();
That's the most important line, and the one line that I'm pretty sure you can't do in Visual Basic. First, it creates an arbitrary length integer from the signature, then does the calculation (signaturekey % mod) (where % is modular division). This is the standard formula for encryption/decrypting/creating keys. ab%c with arbitrary length integers is cryptographically the most important function.
I'm pretty sure you can do ab%c.
You just have to use an API call for the ab
Wait, never mind. If the numbers are 1024-bit, good luck I guess!