News:

Holy shit, it's 2018 2019 2020 2021 2022 2023 2024, and the US isn't a fascist country! What a time to be alive.

Main Menu

Status of War3 Warden implementation?

Started by thebigred, May 12, 2009, 11:13:03 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

thebigred

How far along is the Warden implementation? 

Is there any code documentation for JavaOP i can use and specifications of Warden?  I ran HDX's Warden proxy and noticed it produces some binary data (RC4 keys?).  I'm guessing Blizzard is using a challenge - reply for authentication of some sort? 

Assuming I've never messed with connections, I'll have to use bnetdocs as well.  I've got a few weeks before I start work and gives me a chance to brush up on Java.  Any svn or cvs server with latest Javaop work?


EDIT:
Links I've been looking at :
http://forum.valhallalegends.com/index.php?topic=17910.0
http://www.skullsecurity.org/wiki/index.php/Warden_Packets

All data is sent encrypted using the key specified in the skullsecurity link (can I assume it's the first four bytes of the War3 key hash?  I'm guessing there is a function to get the cd key hash). 
BNET sends a 0, I send a 0
BNET sends a lot of packets that total the length from the original 0 packet received

What is the relationship between game.dll and warden?  I'm seeing all these game.dll offsets used in Warden implementations.

Feel free to give me more links to read up on.  I'm clearly missing a lot of info.

Joe

I haven't touched the code since I released the latest beta, and all the code should be in the JARs for you to get a start. If you'd like, I can zip up my workspace and give it to you too.
Quote from: Camel on June 09, 2009, 04:12:23 PMI'd personally do as Joe suggests

Quote from: AntiVirus on October 19, 2010, 02:36:52 PM
You might be right about that, Joe.


Hdx

Considering that to currently implement warden you have to actually run the module, which Java can not do.
So pretty much you're screwed. If you're doing it in Java.

Warden reads your game's memory, hence why its reading game.dll

http://img140.exs.cx/img140/6720/hdxnew6lb.gif
09/08/05 - Clan SBs @ USEast
[19:59:04.000] <DeadHelp> We don't like customers.
[19:59:05.922] <DeadHelp> They're assholes
[19:59:08.094] <DeadHelp> And they're never right.

thebigred

Quote from: Hdx on May 14, 2009, 03:59:55 PM
Considering that to currently implement warden you have to actually run the module, which Java can not do.
So pretty much you're screwed. If you're doing it in Java.

Warden reads your game's memory, hence why its reading game.dll



I'm unfamiliar with what happens when you load the game, but do we know how much changes in memory, so we can't just dump the memory contents and change what we need?

Hdx

Considering you have no idea what you're talking about, I can say this, shutup. [I'm being nice]
Reading the game data isn't a problem, like I said, you have to actually RUN the code that is sent to you by bnet right now in order to run warden. This is because people have not taken the time to reverse 0x05/0x04.
Until such a time, java users are fucked, because java has no way of running x86 code.
http://img140.exs.cx/img140/6720/hdxnew6lb.gif
09/08/05 - Clan SBs @ USEast
[19:59:04.000] <DeadHelp> We don't like customers.
[19:59:05.922] <DeadHelp> They're assholes
[19:59:08.094] <DeadHelp> And they're never right.

thebigred

oh I see what you meant.  That clears up a lot for me.  I was wondering why I was getting warnings from an IPS about executing shellcode.  And those .bin files that are saved from the bypass are the code that gets executed on our end right? 

Thanks for all the info! 

Hdx

Quote from: thebigred on May 14, 2009, 07:16:51 PM
oh I see what you meant.  That clears up a lot for me.  I was wondering why I was getting warnings from an IPS about executing shellcode.  And those .bin files that are saved from the bypass are the code that gets executed on our end right? 

Thanks for all the info! 
The compressed encrypted version yes.

http://img140.exs.cx/img140/6720/hdxnew6lb.gif
09/08/05 - Clan SBs @ USEast
[19:59:04.000] <DeadHelp> We don't like customers.
[19:59:05.922] <DeadHelp> They're assholes
[19:59:08.094] <DeadHelp> And they're never right.

iago

You should implement a x86 interpreter/sandbox in Java that can run it. :D

Camel

You can run native modules from Java (heck, half the Java API is native anyways), but you have to follow a particular convention so that the VM can import and run the code. It would be feasible to write an adapter to do that, but it'd still only work on Windows machines.

Quote from: iago on May 15, 2009, 10:55:04 AM
You should implement a x86 interpreter/sandbox in Java that can run it. :D
Oh, the irony!

<Camel> i said what what
<Blaze> in the butt
<Camel> you want to do it in my butt?
<Blaze> in my butt
<Camel> let's do it in the butt
<Blaze> Okay!

iago

Quote from: Camel on May 15, 2009, 02:07:49 PM
Quote from: iago on May 15, 2009, 10:55:04 AM
You should implement a x86 interpreter/sandbox in Java that can run it. :D
Oh, the irony!
Especially if it's complete enough to run a JVM :)

thebigred

When I want to edit the Java control panel, there is a proxy option.  However, when I select a proxy server, my java apps (JavaOP in this case) does not use the proxy.  Is there any built-in java functionality to connect via a proxy? 

I'm wondering how much functionality needs to be implemented to run JavaOP through Ringo's or Hdx's Warden bypass.

Camel

Java does not inherently provide proxy support, but adding SOCKS4 is a trivial task.

Here's the Socket class I use in my bot; it supports SOCKS4 and SOCKS4a (Hdx's proxy does not presently support the SOCK4a extension): SOCKS4ProxySocket.java.

<Camel> i said what what
<Blaze> in the butt
<Camel> you want to do it in my butt?
<Blaze> in my butt
<Camel> let's do it in the butt
<Blaze> Okay!

Hdx

Camel, if you'd like to msg me on bnet I'll see if I can add 4a in real fast.
http://img140.exs.cx/img140/6720/hdxnew6lb.gif
09/08/05 - Clan SBs @ USEast
[19:59:04.000] <DeadHelp> We don't like customers.
[19:59:05.922] <DeadHelp> They're assholes
[19:59:08.094] <DeadHelp> And they're never right.