D2DV Version Info (0x51 problem)

[Ryan Marcus]

Its time for the next round of "the x86 forums tells Ryan whats wrong, even though its REALLY simple!"

Alright, the first question is:

I am having problems sending 0x51 to battle.net. Here is a packet log:

Send option management request (T_OPTMGMT_REQ = 108).

Receive option management ack (T_OPTMGMT_ACK = 131).

Send bind request (T_BIND_REQ = 101).
  Bind to «Any Address»
  Connection Indication Number = 0

Receive bind ack (T_BIND_ACK = 122).
  Bind to port 58127
  Connection Indication Number = 0

Send connection request (T_CONN_REQ = 102).
  Connect to 63.241.83.9:6112

Receive connection confirmation (T_CONN_CON = 123).
  Connect from 63.241.83.9:6112

Send data (1 bytes).
<00000000< 01                                                  .

Send data (58 bytes).
<00000001< FF 50 3A 00  00 00 00 00  43 41 4D 58  56 44 32 44  .P:.....CAMXVD2D
<00000011< 0B 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00  ................
<00000021< 00 00 00 00  00 00 00 00  55 53 41 00  55 6E 69 74  ........USA.Unit
<00000031< 65 64 20 53  74 61 74 65  73 00                     ed States.

Receive data (8 bytes).
>00000000> FF 25 08 00  CE 63 EB D1                            .%...c..

Receive data (98 bytes).
>00000008> FF 50 62 00  00 00 00 00  44 F4 4D 1D  EA AF 08 00  .Pb.....D.M.....
>00000018> 00 A4 E4 AE  63 E8 C0 01  58 4D 41 43  76 65 72 30  ....c...XMACver0
>00000028> 2E 6D 70 71  00 41 3D 34  32 36 32 37  38 30 39 20  .mpq.A=42627809
>00000038> 42 3D 33 31  38 39 33 31  35 31 31 20  43 3D 35 34  B=318931511 C=54
>00000048> 30 33 36 31  32 31 34 20  34 20 41 3D  41 2D 53 20  0361214 4 A=A-S
>00000058> 42 3D 42 2D  43 20 43 3D  43 2B 41 20  41 3D 41 2D  B=B-C C=C+A A=A-
>00000068> 42 00                                               B.

Send data (97 bytes).
<0000003B< FF 51 61 00  FB 00 00 00  31 31 00 00  32 33 30 30  .Qa.....11..2300
<0000004B< 01 00 00 00  DE 92 9C 10  00 00 06 00  00 E5 53 B2  ..............S.
<0000005B< 00 00 00 00  93 0E 98 07  BF E9 5E A8  C5 A0 B4 10  ..........^.....
<0000006B< AB 6F 13 8F  48 CB 03 46  47 61 6D 65  2E 65 78 65  .o..H..FGame.exe
<0000007B< 20 30 37 2F  31 36 2F 30  35 20 31 38  3A 31 31 3A   07/16/05 18:11:
<0000008B< 34 34 20 32  31 32 35 38  32 34 00 4C  75 78 65 72  44 2125824.Luxer
<0000009B< 00                                                  .

Receive data (9 bytes).
>0000006A> FF 51 09 00  01 01 00 00  00                        .Q.......

Send data (46 bytes).
<0000009C< FF 00 2E 00  FB 00 00 00  1D 4D F4 44  71 88 81 9C  .........M.Dq...
<000000AC< 73 0C AC EC  2A A0 CF CB  D4 C3 69 38  BA D9 71 EC  s...*.....i8..q.
<000000BC< 41 62 73 6F  6C 75 74 65  2E 5A 65 72  6F 00        Absolute.Zero.

Receive orderly release indication (T_ORDREL_IND = 132).

Send orderly release request (T_ORDREL_REQ = 109).

Send unbind request (T_UNBIND_REQ = 110).

As far as I can tell, the formating is correct... But maybe not. Here are the RCRS logs:

Send option management request (T_OPTMGMT_REQ = 108).

Receive option management ack (T_OPTMGMT_ACK = 131).

Send bind request (T_BIND_REQ = 101).
  Bind to «Any Address»
  Connection Indication Number = 0

Receive bind ack (T_BIND_ACK = 122).
  Bind to port 58128
  Connection Indication Number = 0

Send connection request (T_CONN_REQ = 102).
  Connect to 67.189.101.218:8321

Receive connection confirmation (T_CONN_CON = 123).
  Connect from 67.189.101.218:8321

Send data (9 bytes).
<00000000< 44 32 44 56  0D 0A 30 0D  0A                        D2DV..0..

Send data (9 bytes).
<00000009< 44 32 44 56  0D 0A 31 0D  0A                        D2DV..1..

Send data (9 bytes).
<00000012< 44 32 44 56  0D 0A 33 0D  0A                        D2DV..3..

Receive data (3 bytes).
>00000000> 31 31 0A                                            11.

Receive data (9 bytes).
>00000003> 31 36 37 38  30 30 33 32  0A                        16780032.

Receive data (35 bytes).
>0000000C> 47 61 6D 65  2E 65 78 65  20 30 37 2F  31 36 2F 30  Game.exe 07/16/0
>0000001C> 35 20 31 38  3A 31 31 3A  34 34 20 32  31 32 35 38  5 18:11:44 21258
>0000002C> 32 34 0A                                            24.

Whats wrong?


Thanks in advance!

[Newby]

Send data (46 bytes).
<0000009C< FF 00 2E 00  FB 00 00 00  1D 4D F4 44  71 88 81 9C  .........M.Dq...
<000000AC< 73 0C AC EC  2A A0 CF CB  D4 C3 69 38  BA D9 71 EC  s...*.....i8..q.
<000000BC< 41 62 73 6F  6C 75 74 65  2E 5A 65 72  6F 00        Absolute.Zero.

I may be wrong, but I don't think 0x00 has data associated with it.

You're fucking that packet up. 0x2E != 0x00. Remove the non-necessary nulls.

[Ryan Marcus]

hehe.. Ya, that was the problem. I did not spell the name of my constant correctly ;).

Next problem:

In battle.net's reply to 0x50, the 2nd DWORD is a server token.. You need to send this back in 0x29. Should I reverse the server token, or send it exactly how it came in 0x50?

If the server token is B2 D8 05 10, should I send B2 D8 05 10 or 10 05 D8 B2? If you think this should be a in a new thread, let me know.

Thanks in advance!

[Newby]

Send it back the same way you got it IIRC.

[Joe]

The way I handle it is GetDWORD to cast it to a long and store it in a public variable. Then MakeDWORD to cast it to a string (nobody shoot me for saying that) and send it back in that form.

EDIT -
PS: [.pre] makes hex dumps easier to read.

[rabbit]

* rabbit shoots Joe

[Joe]

Missed me.

* Joe[e2] pulls out his rabbit-hunting gun and elmer fudd hat.

[rabbit]

Hasn't anyone ever noticed that Elmer Fudd NEVER KILLS THE FUCKING RABBIT?

[Mythix]

Probably because hes from wisconsin, those badgers can't shoot worth a shit.