SHARE
TWEET

Battle.net v2 Research

Jailout2000 Sep 29th, 2011 738 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. Battle.net 2 Packet Research:
  2.  
  3.  Data stream is a bit-based protocol. Reading and writing functions as in the following example:
  4.  
  5.  For data: 0x40 0x01
  6.  As binary: 01000000 00000001
  7.  
  8.  If you were to read the first 11 bits, it would be done like so:
  9.  01000000 #####001 - resulting in 0x201.
  10.  
  11.  If you were to read 6 bits, 1 bit, and then 4 bits, it would be:
  12.  ##000000 ########
  13.  #1###### ########
  14.  0####### #####001
  15.  Resulting in 0, 1, and 1.
  16.  
  17.  As you can see, bits are read left to right across bytes, but the bits that are read begin counting from the right end of the byte.
  18.  
  19.  Some fields align to the byte border before being read or written, skipping the remaining bits in a byte (if any). These are mostly strings and byte arrays.
  20.  
  21. Types:
  22.  Packets contain multiple types, which alter the way the above system works in the following way: a single type spans an entire section of bits, ignoring byte organization until after the type is complete.
  23.   Example:
  24.   Read 32 bit DWORD from 0x40 0x00 0x00 0x0A 0x66 0x02, starting after the 11 bit header:
  25.   As binary: 01000000 00000000 00000000 00001010 01100110 00000010
  26.   Correctly: ######## RRRRR### RRRRRRRR RRRRRRRR RRRRRRRR #####RRR - all R bits are read and squished together to form 00000000 00000000 01010011 00110010, aka the string "..S2" [.=null byte].
  27.   Incorrect: ######## 11111### 22222111 33333222 44444333 #####444 - You might think to read an array of bytes byte by byte, but this is incorrect and gives you a completely wrong set: 00000000 00000010 00001110 01100010.
  28.   So remember, these types are extremely important to be read in full, and not as multiples of bytes.
  29.  
  30.  Type List:
  31.   (BOOLEAN): a single bit, 1 = true, 0 = false
  32.   (DWORD): 32 bit value containing 4 characters. Also called a FourCC value in some docs. Values less than 4 characters are preceeded by null characters as in the case of the Starcraft 2 product ID: 0x00005332 [..S2 (see above)]
  33.   (INT:#): a custom length integer. As BNet2 is a bit-based protocol, there are no longer only BYTEs, WORDs, DWORDs, and QWORDs. The lengths can literally be anything from a bit onward.
  34.   (STRING): These are preceeded by a length value of some sort in the packet structure, and are often aligned to the byte border.
  35.   (NTSTRING): Unconfirmed at the moment, but strings with a null terminator can be seen in packets, though more research is needed to see if reading will actually rely on the null terminator. These are also often aligned to the byte border.
  36.   (BYTE[#]): A byte array of varying length (described in packet structure). Sometimes aligned to the byte border.
  37.   |: Means that the item is aligned to the byte border.
  38.  
  39.   Note: Some values have a [minus] or [plus], which means that the actual value is the given value minus or plus the listed offset. Usually, you will subtract a value that says minus on outgoing packets, and add a value that says minus on incoming packets (think about it, it makes sense).
  40.  
  41. Packet Documentation:
  42.  
  43.  Packet headers are 7 or 11 bits:
  44.  6 bit Packet ID
  45.  1 bit Channel Boolean
  46.  > 4 bit Channel ID (Optional)
  47.  
  48.  Known packets:
  49.   C > S CLIENT_AUTH_INFOREQUEST [Packet 0, Channel 0]
  50.    (DWORD) Product
  51.    (DWORD) Platform
  52.    (DWORD) Locale
  53.    (INT:6) Components
  54.    For 1 to Components
  55.      (DWORD) Product
  56.      (DWORD) Platform
  57.      (INT:32) Build
  58.    Next
  59.    (BOOLEAN) HasAccountName
  60.    If HasAccountName
  61.      (INT:9) EMail Address Length [minus 3]
  62.      |(STRING) EMail Address (lowercase)
  63.    End If
  64.  
  65.   S > C CLIENT_AUTH_COMPLETE [Packet 0, Channel 0]
  66.    (BOOLEAN) Failure
  67.    If Failure
  68.      (BOOLEAN) HasOptModule
  69.      If HasOptModule
  70.        |(DWORD) Type
  71.        (DWORD) Locale
  72.        (INT:32) ModuleID
  73.      End If
  74.      (INT:2) Fail Type
  75.      If Fail Type = 1
  76.        (INT:16) ErrorCode
  77.        (INT:32) Unknown [minus 2147483648]
  78.      Else
  79.        UNKNOWN - More Research Needed
  80.      End IF
  81.    Else
  82.      (INT:3) Modules
  83.      For 1 to Modules
  84.        |(DWORD) Type
  85.        (DWORD) Locale
  86.        (INT:32) ModuleID
  87.        (INT:10) BlobSize
  88.        |(BYTE[BlobSize]): Blob
  89.      Next
  90.      (INT:32) PingTimeout [minus 2147483648]
  91.      (BOOLEAN) OptionalSegment
  92.      If OptionalSegment
  93.        (BOOLEAN) Parameters
  94.        If Parameters
  95.          (INT:32) Threshold
  96.          (INT:32) Rate
  97.        End If
  98.      End If
  99.      (INT:8) First Name Length
  100.      |(STRING) First Name
  101.      (INT:8) Last Name Length
  102.      |(STRING) Last Name
  103.      (INT:32) A number...
  104.      (BYTE[10]) Unknown, first byte and last byte are 1, all between are 0.
  105.      (INT:8) String Length
  106.      (STRING) The same number as a string with a # at the end.
  107.      (BYTE[12]) Unknown, again with the 0s...
  108.    End If
  109.  
  110.   C > S CLIENT_AUTH_PROOFRESPONSE [Packet 2, Channel 0]
  111.    (INT:3) Modules
  112.    For 1 to Modules
  113.      (INT:10) BlobSize
  114.      |(BYTE[BlobSize]): Blob
  115.    Next
  116.  
  117.   S > C CLIENT_AUTH_PROOFREQUEST [Packet 2, Channel 0]
  118.    (INT:3) Modules
  119.    For 1 to Modules
  120.      |(DWORD) Type
  121.      (DWORD) Locale
  122.      (INT:32) ModuleID
  123.      (INT:10) BlobSize
  124.      |(BYTE[BlobSize]): Blob
  125.    Next
  126.  
  127.   S > UNKNOWN [Packet 5, Channel 1]
  128.    [INT:5] Unknown (0)
  129.    After this comes the encrypted packets.
  130.  
  131. Module Research:
  132.  Modules are downloaded through HTTP using the ModuleID provided by Battle.net packets. The address is http://REALM.depot.battle.net:1119/hexdata.type where REALM is the realm you're on, like us or eu, hexdata is a lowercase hexadecimal display of the ModuleID, and type is the type value (thus far, always "auth").
  133.  These auth modules are standard C++ DLLs with a CreateModule function.
  134.  Before running CreateModule, the following buffer data must be set:
  135.   0x7A7D7B79: 128-byte SALT value (randomly generated).
  136.   0x59F8A2FC: E-mail address (lower case).
  137.  
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!
 
Top