Author Topic: Battle.net says wrong password, I say otherwise  (Read 4931 times)

0 Members and 2 Guests are viewing this topic.

Offline TyC-Pros

  • Newbie
  • *
  • Posts: 13
    • View Profile
Battle.net says wrong password, I say otherwise
« on: February 26, 2007, 03:05:33 pm »
I'm using JavaOP 41 beta, trying to connect as a WarCraft 2 client

Code: [Select]
[20:55:31.593] INFO: Trying BNLS server: bnls.valhallalegends.com
[20:55:31.640] INFO: Resolving ip for server: useast.battle.net
[20:55:31.656] INFO: Resolves to 12 different addresses
[20:55:31.656] INFO: Choosing address 9 [useast.battle.net/63.240.202.138]
[20:55:31.656] INFO: Attempting to connect
[20:55:31.875] INFO: Connected to /63.240.202.138:6112
[20:55:31.890] INFO: Trying BNLS server: bnls.valhallalegends.com
[20:55:31.890] INFO: Connected to useast.battle.net:6112
[20:55:31.890] INFO: Sending protocol byte (0x01).
[20:55:31.906] INFO: Switching to Binary protocol.
[20:55:31.906] INFO: Sending authorization.
[20:55:32.281] INFO: Authorization sent, waiting for reply.
[20:55:32.281] INFO: Beginning to receive packets
[20:55:32.812] INFO: CDKey and Version check sent.
[20:55:32.921] INFO: CDKey and Version check successful.  Attempting to log in.
[20:55:33.125] Bot tried to use an invalid password.
[20:55:33.140] exceptions.InvalidPassword: Login failed -- invalid password.
[20:55:33.140] Login.checkLogonResponse(Login.java:302)
[20:55:33.140] PluginMain.processedPacket(PluginMain.java:345)
[20:55:33.140] pluginmanagers.PluginRegistration.processedIncomingPacket(PluginRegistration.java:722)
[20:55:33.140] bot.PacketThread.run(PacketThread.java:179)

The SID_LOGONRESPONSE2 I am receiving:

Code: [Select]
ff 3a 08 00 02 00 00 00

According to the Bnetdocs page about 0x3A I found in Google's cache this is indeed the packet that says I am trying to give it the wrong password, but I'm certain I'm using the right password, so my guess is that there's something wrong with the way the password is sent.

That same page also tells that SID_LOGONRESPONSE2 (0x3A) is meant for Diablo 2 and LoD, not for WarCraft 2 (which according to my Google skills should be SID_LOGONRESPONSE (0x29)), of course, this information may be out of date, and one of the replies says 0x3A is also possible.

If I understood the JavaOP source correctly, this is what is being sent to Battle.net:

(DWORD) Client Token
(DWORD) Server Token
6x (DWORD) Password hash
(NTSTRING) Username

So, an error in the hashing algorithm perhaps?
« Last Edit: February 26, 2007, 03:26:58 pm by TyC-Pros »

trust

  • Guest
Re: Battle.net says wrong password, I say otherwise
« Reply #1 on: February 26, 2007, 05:51:09 pm »
Can you login alright with the client or a different bot?

Offline Joe

  • B&
  • Moderator
  • Hero Member
  • *****
  • Posts: 10319
  • In Soviet Russia, text read you!
    • View Profile
    • Github
Re: Battle.net says wrong password, I say otherwise
« Reply #2 on: February 27, 2007, 12:39:37 am »
You're not the first one to report a broken password. :-\.

I'll look into it.

EDIT -
Nope. I still pass on both east and west.

Try making a new account with the client and try passing with JavaOp. Try making a new account with JavaOp.

Since you're the second one to bring this up I'm kind of reluctant to say this but I want to guess you have the wrong password.
« Last Edit: February 27, 2007, 12:41:41 am by Joe[x86] »
I'd personally do as Joe suggests

You might be right about that, Joe.


Offline TyC-Pros

  • Newbie
  • *
  • Posts: 13
    • View Profile
Re: Battle.net says wrong password, I say otherwise
« Reply #3 on: February 27, 2007, 12:46:31 pm »
Quote
Can you login alright with the client or a different bot?

Haven't tried any other bots - most bots I know use BNLS for everything and I don't like my CD-Keys going across the wire in plain text.

The real client lets me login just fine, tried it with several accounts actually.

Quote
You're not the first one to report a broken password.

Might it have something to do with the length of the password? Both accounts I tried used a 12 character password, perhaps it gets truncated by one of the algorithms?

Quote
Try making a new account with the client and try passing with JavaOp.

Made a new account with the client, 5 character password, connects without a problem. Next, changed the password of my old account to something slightly smaller (11 chars), same problem, changed it to 8 chars, still the same problem. Changed it to 6 chars, without alternating lower/uppercase and no numbers: login works.

Quote
Try making a new account with JavaOp.

I made a new account with the same difficult password my old account has, and this time it did log in - relogging also works.

Quote
Since you're the second one to bring this up I'm kind of reluctant to say this but I want to guess you have the wrong password.

No need to be reluctant, this was of course one of the possibilities, so let's summarize:

1) Old password doesn't work, slightly smaller variations either don't
2) Password of 6 chars with just lowercase does work
3) New account by WarCraft 2 client with simple password does log in (haven't tried new account with complex password)
4) New account by JavaOP with difficult password does log in

Offline Joe

  • B&
  • Moderator
  • Hero Member
  • *****
  • Posts: 10319
  • In Soviet Russia, text read you!
    • View Profile
    • Github
Re: Battle.net says wrong password, I say otherwise
« Reply #4 on: February 27, 2007, 04:41:25 pm »
I think I've got it. One last idea, if you will:

Try making a password that's all uppercase. Does it work?

Try making a password that's all lowercase. Does it work?

Try making a password with mixed cases. Does it work?

I'll put it out there that my password passes and is all lower-case. I'm not sure how to treat passwords before hashing them but I think they're supposed to be converted to a single case, which JavaOp might now do. I'm not sure -- that was coded during iago's term as maintainer.

EDIT -
Heres the code for how JavaOp does it's CD-Key hashing. Most of BNetLogin has changed but the password code is still current.
« Last Edit: February 27, 2007, 04:43:17 pm by Joe[x86] »
I'd personally do as Joe suggests

You might be right about that, Joe.


Offline TyC-Pros

  • Newbie
  • *
  • Posts: 13
    • View Profile
Re: Battle.net says wrong password, I say otherwise
« Reply #5 on: March 01, 2007, 04:38:57 am »
Quote
Try making a password that's all uppercase. Does it work?

No

Quote
Try making a password that's all lowercase. Does it work?

Yes

Quote
Try making a password with mixed cases. Does it work?

No

---

All three tests used the same password, with the first being all lowercase, the second all uppercase, and the third alternating upper/lowercase

Hope this helps
« Last Edit: March 01, 2007, 01:10:22 pm by TyC-Pros »

Offline Joe

  • B&
  • Moderator
  • Hero Member
  • *****
  • Posts: 10319
  • In Soviet Russia, text read you!
    • View Profile
    • Github
Re: Battle.net says wrong password, I say otherwise
« Reply #6 on: March 03, 2007, 01:33:08 pm »
Yep -- confirms my theory.

I'll work on getting that fixed when I get home. SID_CREATEACCOUNT apparently lowercases properly, but the login packet doesn't.
I'd personally do as Joe suggests

You might be right about that, Joe.