Author Topic: Battle.net Server Signature (Read 21704 times)

iago · « **on:** March 19, 2005, 03:42:52 pm »

Last night and this morning I spent a little time and figured out how Battle.net's server signatures work. It's a simple RSA decryption, r = s^k % n, where n is a 128-byte constant, k is a 4-byte constant, and s is the 128-byte signature. See this document for more details:

http://www.javaop.com/~iago/ServerSig.html

Newby · « **Reply #1 on:** March 19, 2005, 05:04:31 pm »

Har. Good work.

Was that documented anywhere else?

iago · « **Reply #2 on:** March 19, 2005, 06:29:13 pm »

Not that I know of. I knew going in that it was the IP, encrypted, which made it a little easier. But Skywing told me that directly, a long time ago.

yiourkas · « **Reply #3 on:** June 20, 2005, 07:44:13 pm »

Is there any way to create a signature for localhost ip (127.0.0.1)

What i want to do is interfere between Warcraft and battle.net.
I use a modified JavaOp version for THE REAL client (this connects to battle.net) and some extra classes as a server (listens to 127.0.0.1:6112)

Then i let all packets pass through this filter except the SID_AUTH_INFO, which is replaced by a packet with a cdkey different than the one used in war3 mpq files.

That way i am able to change cdkeys on the fly.

The only problem is that the signature my program sents to warcraft is baaad.

yiourkas · « **Reply #4 on:** June 22, 2005, 04:34:51 am »

Reply to myself

After tingling with warcraft3 files a little I found that the modulo parameter n is located in the file game.dll offset 0x00722B70

I changed it to all BB's except the last 4 bytes : 0x01000080 (which is {the hex representation of 127.0.0.1 in reverse order} + 1)

After the n is the key k (offset 0x00722BF0). Replaced it with dec 1 (hex: 0x00000001)

So now the sig we have to send to warcraft 3 is all BB's except the last 4 bytes : 0x0100007F

MyndFyre · « **Reply #5 on:** June 22, 2005, 01:59:32 pm »

Doesn't that mean that now you can't get onto the real Battle.net?

Newby · « **Reply #6 on:** June 22, 2005, 11:17:37 pm »

Quote from: Equality 7-2521 on June 22, 2005, 01:59:32 pm

Doesn't that mean that now you can't get onto the real Battle.net?

Oh well.

iago · « **Reply #7 on:** June 23, 2005, 11:07:27 pm »

The point of the server signature is to prevent fake servers, such as yours. It would be computationally infeasable to get Blizzard's private key and thus to make your own signature without patching the client.

Maddox says that he found the private key, but I don't believe him.

Joe · « **Reply #8 on:** June 27, 2005, 12:04:16 pm »

How can you decrypt something you can't encrypt? Perhaps Blizzard's key will be in the WarCraft III client.

iago · « **Reply #9 on:** June 27, 2005, 05:08:39 pm »

Quote from: Joe[x86] on June 27, 2005, 12:04:16 pm

How can you decrypt something you can't encrypt? Perhaps Blizzard's key will be in the WarCraft III client.

By using public key cryptography:

A public key can be derived from a private key, but a private key can NOT be derived from the public key.
If a message is encrypted with a private key a, it can only be decrypted with the matching public key A. That provides proof that a message was sent from the source with the private key.
If a message is encrypted with a public key B, it can only be decrypted with the matching private key b. That provides confidentiallity since only the person with the matching private key can ever see your message.

When logging into Battle.net as War3, it uses ephemeral (temporary) public/private keys that are based on the password to verify the other's identity.

For more information, and lots of links, see:
http://en.wikipedia.org/wiki/Public-key_cryptography

Joe · « **Reply #10 on:** June 27, 2005, 05:44:51 pm »

yiourkas · « **Reply #11 on:** July 01, 2005, 02:44:15 am »

Actually i never wanted to find the private key battle.net uses (as this operation will take about 100 years). I just want to make warcraft believe that my localhost server is NOT fake server. Hex editing of game.dll didn't actually work (perhaps private key is in another file too).

So i suppose patching the client (so as to skip verifying server) will be a solution...
But WHERE is such a patch?!??!?!?

iago · « **Reply #12 on:** July 01, 2005, 04:49:39 pm »

Quote from: yiourkas on July 01, 2005, 02:44:15 am

(as this operation will take about 100 years)

No, for this reason: If it took one computer 100 years, it would take 100 computers 1 year, or 36,500 computers 1 day. It would actually take something on the order of 10^100 (that's a 1 with 100 zeroes after it, 10000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000) years. At least.

Quote

So i suppose patching the client (so as to skip verifying server) will be a solution...
But WHERE is such a patch?!??!?!?

Dunno. I could probably go back and find it, but that sounds like work..

Krazed · « **Reply #13 on:** July 02, 2005, 08:35:38 pm »

Quote from: iago on July 01, 2005, 04:49:39 pm

Quote from: yiourkas on July 01, 2005, 02:44:15 am
(as this operation will take about 100 years)
No, for this reason: If it took one computer 100 years, it would take 100 computers 1 year, or 36,500 computers 1 day. It would actually take something on the order of 10^100 (that's a 1 with 100 zeroes after it, 10000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000) years. At least.

*cough* Botnets *cough*

iago · « **Reply #14 on:** July 02, 2005, 09:13:57 pm »

Quote from: Krazed on July 02, 2005, 08:35:38 pm

Quote from: iago on July 01, 2005, 04:49:39 pm
Quote from: yiourkas on July 01, 2005, 02:44:15 am
(as this operation will take about 100 years)
No, for this reason: If it took one computer 100 years, it would take 100 computers 1 year, or 36,500 computers 1 day. It would actually take something on the order of 10^100 (that's a 1 with 100 zeroes after it, 10000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000) years. At least.

*cough* Botnets *cough*

No, because you're fighting an expontential problem with multiplication. Say you had a botnet of 100 billion computers (100,000,000,000). That would still take 10000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 / 100000000000, or 100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 years. Which really doesn't make a difference.

If you ever take an algorithm analysis course, you'll learn that you can't fight exponential problems with multiplication.

rabbit · « **Reply #15 on:** July 02, 2005, 10:13:11 pm »

OMG I SOLVED IT!!!!
log(10000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000)

I win.

Joe · « **Reply #16 on:** July 03, 2005, 04:47:43 am »

wtf? Anyhow, heres an (almost) port to VB of the checking function. Theres one line thats (cleary) still in Java, so iago or somebody can fix that, or I will eventually.

Code: [Select]

'---------------------------------------------------------------------------------------
' Module    : modServerSig
' Author    : Joe[x86]
'             www.x86labs.org
' Purpose   : Verification of WAR3/W3XP Battle.net server signatures.
'---------------------------------------------------------------------------------------

Option Explicit

Public Function checkServerSignature(sig As String, ip As String) As Boolean
    Dim I As Integer, Ret As Boolean
    Dim K() As Byte: Let K = Array(0, 1, 1, 0)
    Dim N() As Byte: Let N = Array(&HD5, &HA3, &HD6, &HAB, &HF, &HD, &HC5, &HF, &HC3, &HFA, &H6E, &H78, &H9D, &HB, &HE3, &H32, &HB0, &HFA, &H20, &HE8, &H42, &H19, &HB4, &HA1, &H3A, &H3B, &HCD, &HE, &H8F, &HB5, &H56, &HB5, &HDC, &HE5, &HC1, &HFC, &H2D, &HBA, &H56, &H35, &H29, &HF, &H48, &HB, &H15, &H5A, &H39, &HFC, &H88, &H7, &H43, &H9E, &HCB, &HF3, &HB8, &H73, &HC9, &HE1, &H77, &HD5, &HA1, &H6, &HA6, &H20, &HD0, &H82, &HC5, &H2D, &H4D, &HD3, &H25, &HF4, &HFD, &H26, &HFC, &HE4, &HC2, &H0, &HDD, &H98, &H2A, &HF4, &H3D, &H5E, &H8, &H8A, &HD3, &H20, &H41, &H84, &H32, &H69, &H8E, &H8A, &H34, &H76, &HEA, &H16, &H8E, &H66, &H40, &HD9, &H32, &HB0, &H2D, &HF5, &HBD, &HE7, &H57, &H51, &H78, &H96, &HC2, &HED, &H40, &H41, &HCC, &H54, &H9D, &HFD, &HB6, &H8D, &HC2, &HBA, &H7F, &H69, &H8D, &HCF)
    
    'Do the calculation
    byte []result = new BigIntegerEx(BigIntegerEx.LITTLE_ENDIAN, sig).modPow(key, mod).toByteArray();
    
    Dim CorrectResult As String: CorrectResult = String(Len(Result), Chr(&HBB))
    CorrectResult = ip & Mid(CorrectResult, 5)
        
    Ret = True
    For I = 0 To Len(Result) Step 1
        If Result(I) <> CorrectResult(I) Then
            Ret = False
        End If
    Next I
End Function

EDIT -
Hrm, got somewhere with porting BigIntegerEx too!

Code: [Select]

Public Const BIG_ENDIAN As Integer = 0
Public Const LITTLE_ENDIAN As Integer = 1
Public Const BIGINT_SIZE = 32

iago · « **Reply #17 on:** July 03, 2005, 02:36:17 pm »

Quote from: Joe[x86] on July 03, 2005, 04:47:43 am

byte []result = new BigIntegerEx(BigIntegerEx.LITTLE_ENDIAN, sig).modPow(key, mod).toByteArray();

That's the most important line, and the one line that I'm pretty sure you can't do in Visual Basic. First, it creates an arbitrary length integer from the signature, then does the calculation (signature^key % mod) (where % is modular division). This is the standard formula for encryption/decrypting/creating keys. a^b%c with arbitrary length integers is cryptographically the most important function.

rabbit · « **Reply #18 on:** July 03, 2005, 09:51:28 pm »

Code: [Select]

function poiuytrewq(a as long, b as long, c as long) as currency
    poiuytrewq = (a ^ b) mod c
end function

?

iago · « **Reply #19 on:** July 03, 2005, 09:53:10 pm »

Quote from: R.a.B.B.i.T on July 03, 2005, 09:51:28 pm

Code: [Select]
function poiuytrewq(a as long, b as long, c as long) as currency poiuytrewq = (a ^ b) mod c end function?

I think he's trying to implement modpow with short variables. A "long" isn't arbitrary length.

rabbit · « **Reply #20 on:** July 03, 2005, 11:17:27 pm »

currency is the closest to arbitrary you can get, and long ...eh...whatever I give up. VB sucks that way.

iago · « **Reply #21 on:** July 03, 2005, 11:18:19 pm »

I don't think a currency can do 1024-bit numbers, though, which is what the server signature is.

Newby · « **Reply #22 on:** July 04, 2005, 03:49:41 pm »

Quote from: iago on July 03, 2005, 02:36:17 pm

Quote from: Joe[x86] on July 03, 2005, 04:47:43 am
byte []result = new BigIntegerEx(BigIntegerEx.LITTLE_ENDIAN, sig).modPow(key, mod).toByteArray();

That's the most important line, and the one line that I'm pretty sure you can't do in Visual Basic. First, it creates an arbitrary length integer from the signature, then does the calculation (signature^key % mod) (where % is modular division). This is the standard formula for encryption/decrypting/creating keys. a^b%c with arbitrary length integers is cryptographically the most important function.

I'm pretty sure you can do a^b%c.

You just have to use an API call for the a^b

Wait, never mind. If the numbers are 1024-bit, good luck I guess!

News:

Author Topic: Battle.net Server Signature (Read 21704 times)