Messages

Actually i never wanted to find the private key battle.net uses (as this operation will take about 100 years). I just want to make warcraft believe that my localhost server is NOT fake server. Hex editing of game.dll didn't actually work (perhaps private key is in another file too).

So i suppose patching the client (so as to skip verifying server) will be a solution...
But WHERE is such a patch?!??!?!? ??? ???

Reply to myself :P

After tingling with warcraft3 files a little I found that the modulo parameter n is located in the file game.dll offset 0x00722B70

I changed it to all BB's except the last 4 bytes : 0x01000080 (which is {the hex representation of 127.0.0.1 in reverse order} + 1)

After the n is the key k (offset 0x00722BF0). Replaced it with dec 1 (hex: 0x00000001)

So now the sig we have to send to warcraft 3 is all BB's except the last 4 bytes : 0x0100007F

Is there any way to create a signature for localhost ip (127.0.0.1)???

What i want to do is interfere between Warcraft and battle.net.
I use a modified JavaOp version for THE REAL client (this connects to battle.net) and some extra classes as a server (listens to 127.0.0.1:6112)

Then i let all packets pass through this filter except the SID_AUTH_INFO, which is replaced by a packet with a cdkey different than the one used in war3 mpq files.

That way i am able to change cdkeys on the fly.

The only problem is that the signature my program sents to warcraft is baaad.