Luigi Auriemma

aluigi.org (ARCHIVE-ONLY FORUM!)
It is currently 19 Jul 2012 19:11

All times are UTC [ DST ]





Forum locked This topic is locked, you cannot edit posts or make further replies.  [ 24 posts ] 
Author Message
 Post subject: Attempting to add enctype management to translated GSSecKey
PostPosted: 20 Jul 2008 20:43 

Joined: 20 Jul 2008 20:02
Posts: 8
Hello there. I have an existing, working version of the method GSSecKey that is coded in Delphi 5. That is, it works before the idea of enctype encoding was around. I am attempting to add enctype encoding to it. The goal is to get the UT3 master server list. I get as far as asking for the master server list, but I do not get a response from GameSpy. I will post all that I am using, maybe you can spot something I need to tweak.

First, I ask for and successfully receive the basic secure key. An example response:
Code:
\basic\\secure\FKFGOD

Then I call the GSSecKey method something like this:
Code:
var ConvertedKey: string;
ConvertedKey := GSSecKey('FKFGOD', 'UebAWH', 2);


Note that the string 'UebAWH' I got from your http://aluigi.altervista.org/papers/gslist.cfg page.

Ok now I will post all the code I use for GSSecKey, then I will comment on it.
Code:
const
   AEncodeType1_data: array[0..255] of integer = (1,186,250,178,81,0,84,128,117,
22,142,142,2,8,54,165,45,5,13,22,82,7,180,34,140,233,9,214,185,38,0,4,6,5,
0,19,24,196,30,91,29,118,116,252,80,81,6,22,0,81,40,0,4,10,41,120,81,0,1,17,
82,22,6,74,32,132,1,162,30,22,71,22,50,81,154,196,3,42,115,225,45,79,24,75,
147,76,15,57,10,0,4,192,18,12,154,94,2,179,24,184,7,12,205,33,5,192,169,65,
67,4,60,82,117,236,152,128,29,8,2,29,88,132,1,78,59,106,83,122,85,86,87,30,
127,236,184,173,0,112,31,130,216,252,151,139,240,131,254,14,118,3,190,57,41,
119,48,224,43,255,183,158,1,4,248,1,14,232,83,255,148,12,178,69,158,10,199,6,
24,1,100,176,3,152,1,235,2,176,1,180,18,73,7,31,95,94,93,160,79,91,160,90,89,
88,207,82,84,208,184,52,2,252,14,66,41,184,218,0,186,177,240,18,253,35,174,182,
69,169,187,6,184,136,20,36,169,0,20,203,36,18,174,204,87,86,238,253,8,48,217,253,
139,62,10,132,70,250,119,184);

function GSSecKey(SecureKey, HandOff: String; AEncodeType: Integer): String;
var
  Table:  Array[0..255] Of Byte;
  Key:    Array of Byte;
  Len:    Array[0..1] Of Byte;
  Temp:   Array[0..3] Of Byte;
  i:      Integer;
  Validate: String;
begin
  FillChar(Temp,4,0);

  for i := 0 to 255 do
     Table[i] := I;

  Len[0] := Length(Handoff);
  Len[1] := Length(SecureKey);

  for i := 0 to 255 do begin
    Temp[0] := (Temp[0] + Table[i] + Ord(Handoff[i mod Len[0] + 1])) AND 255;
    Temp[1] := Table[Temp[0]];
    Table[Temp[0]] := Table[i];
    Table[i] := Temp[1];
  end;


   Temp[0] := 0;
   SetLength(Key, Len[1]);

   for i := 0 to High(Key) do begin
    Key[i] := Ord(SecureKey[i+1]);
    Temp[0] := (Temp[0] + Key[i] + 1) AND 255;
    Temp[1] := Table[Temp[0]];
    Temp[2] := (Temp[2] + Temp[1]) AND 255;
    Temp[3] := Table[Temp[2]];

    Table[Temp[2]] := Temp[1];
    Table[Temp[0]] := Temp[3];

    Key[i] := Key[i] XOR Table[(Temp[1] + Temp[3]) AND 255];
   end;

   // -- Adding enctype management -- //
  if AEncodeType = 1 then
  begin
    for i:=0 to High(Key) do
      Key[i] := AEncodeType1_data[Key[i]];
  end
  else if AEncodeType = 2 then
  begin
    for i:=0 to High(Key) do
      Key[i] := Key[i] xor Ord(Handoff[i mod Len[1] + 1]);
  end;
   // ------------------------------- //

   Len[1] := Len[1] Div 3;
   i := 0;
   while Len[1] >= 1 do begin
    Len[1]  := Len[1] - 1;

    Temp[1] := Key[i];
    Temp[3] := Key[i + 1];
    AddChar(Validate,(Temp[1] shr 2));
    AddChar(validate,((Temp[1] AND 3) shl 4 OR Temp[3] shr 4));

    Temp[1] := Key[i + 2];

    AddChar(validate,((Temp[3] AND 15) shl 2 OR Temp[1] shr 6));
    AddChar(validate,Temp[1] AND 63);

    i := i + 3;
   end;

   Result := validate;
end;

function AddChar(var Validate: string; number: byte): string;
var
   newchar: String;
begin
  if (Number < 26) then
     newchar := Chr(Number + 65)
  else if (Number < 52) then
     newchar := Chr(Number + 71)
  else if (Number < 62) then
     newchar := Chr(Number - 4)
  else if (Number = 62) then
     newchar := '+'
  else if (Number = 63) then
     newchar := '/';
  Validate := validate + newchar;
end;

Ok so I have recently added the section that starts with the comment
Code:
// -- Adding enctype management -- //

I think I have translated this correctly, but this could be the issue.

Anyways, once I get my result back from GSSecKey into the variable ConvertedKey, I then attempt to ask for the master server list. For this part I have seen so many combinations on the net for what string to use; I have tried many varieties but no luck. So for example I will put the string together like this:

Code:
var s: string;
s := 'basic\gamename\ut3pc\enctype\2\validate\' + ConvertedKey + '\final\\list\\gamename\ut3pc\final\';


So this string is where the error could be as well.

I hope you find the time to take a peek at this, and if you need any more info please let me know.

Thankyou.


Top
 Profile  
 
 
 Post subject:
PostPosted: 21 Jul 2008 23:41 

Joined: 13 Aug 2007 21:44
Posts: 4068
Location: http://aluigi.org
the following is an example which could help you a bit:

master.gamespy.com:
Code:
\basic\\secure\ABCDEF

you:
Code:
\gamename\gamespy2\gamever\20603020\enctype\1\validate\uLh3CXOl\final\\list\cmp\gamename\ut3pc


in short the first gamename is the way you want to use to log on the master server and making your request, so the validate field must be computed using the gamekey of the first gamename.

for some unknown reasons ut3pc is not allowed for making the query (probably the key is wrong or is filtered on the gamespy master server) so you can use gamespy2 or bfield1942 or any other gamename which work (they can be tested using the -Y option of gslist: gslist -n ut3pc -Y bfield1942 HpWx9z).

If you need a way to make sure that your validate value is correct try the following tool:

http://aluigi.org/papers/gssec.zip

example:
gssec ABCDEF d4kZca 1


Top
 Profile  
 
 Post subject:
PostPosted: 23 Jul 2008 03:38 

Joined: 20 Jul 2008 20:02
Posts: 8
Well I got my first response, progress, very sweet.

First, I was able to confirm my conversion code was correct using your tool, thankyou.

Then I tried using your first suggestion:
Code:
\gamename\gamespy2\gamever\20603020\enctype\1\validate\uLh3CXOl\final\\list\cmp\gamename\ut3pc

(except for the converted key, i was using newly generated values). I did not get any responses using this and other slight variations.

So you said I could use battlefield for example, so I do get a response (and a nice big one, usually over 16000 bytes) using this variation:

Code:
\basic\gamename\bfield1942\enctype\1\validate\ + ConvertedKey + \final\list\\gamename\ut3pc\final\

(and the handoff I used for this was 'HpWx9z').

Hopefully this is a ut3 list and not a battlefield list, heh.

Now I just have to interpret your enctype1_decoder. I have been trying a bit tonight, I am going to have to learn a bit of the C language :)

Thanks very much for your help.


Top
 Profile  
 
 Post subject:
PostPosted: 23 Jul 2008 23:29 

Joined: 13 Aug 2007 21:44
Posts: 4068
Location: http://aluigi.org
if you don't like C you have 2 other alternatives:

PHP:
http://pr0g.free.fr/gamespy/gslist.zip

Mirc script:
http://skorpsss.free.fr/SkUT3v1.0.zip


Top
 Profile  
 
 Post subject: Re: Attempting to add enctype management to translated GSSecKey
PostPosted: 08 Sep 2008 13:12 

Joined: 08 Sep 2008 13:07
Posts: 12
hello,

i am writing a server search page for my MOHAA clan using asp.net c#
i need to sort out the master server security
can someone post the actual specifications for creating a valid security response

cheers
m


Top
 Profile  
 
 Post subject: Re: Attempting to add enctype management to translated GSSecKey
PostPosted: 09 Sep 2008 02:14 

Joined: 13 Aug 2007 21:44
Posts: 4068
Location: http://aluigi.org
mohaa uses the gamespy master server and accepts the good old enctype 0 method, so only the gsmsalg algorithm for the "validate" field and all the data is in clear-text


Top
 Profile  
 
 Post subject: Re: Attempting to add enctype management to translated GSSecKey
PostPosted: 09 Sep 2008 09:58 

Joined: 08 Sep 2008 13:07
Posts: 12
I had a go at converting the php code to c# last night for the __MakeValidate function.
Ive looked at gsmsalg just now and it looks like the same code except in c...
I will try converting that tonight and let you know how I make out.


Top
 Profile  
 
 Post subject: Re: Attempting to add enctype management to translated GSSecKey
PostPosted: 09 Sep 2008 16:55 

Joined: 08 Sep 2008 13:07
Posts: 12
Heres what i am currently working on. I am having trouble when its trying to do AND or SHIFT opperations. Its giving me a implicit cast error.

Error 1 Cannot implicitly convert type 'int' to 'byte'. An explicit conversion exists (are you missing a cast?)

Code:
using System;
using System.Configuration;
using System.Data;
using System.Web;
using System.Web.Security;
using System.Web.UI;
using System.Web.UI.HtmlControls;
using System.Web.UI.WebControls;
using System.Web.UI.WebControls.WebParts;
using System.Net;
using System.Net.Sockets;
using System.Text;

public partial class _Default : System.Web.UI.Page
{

    protected void Page_Load(object sender, EventArgs e)
    {


        String  _Server     = "master.gamespy.com";
        int     _Port       = 28900;           
        String  _GameString = "mohaa";
        String  _HandOff    = "M5Fdwc";
        String  _Query      = "";

        TcpClient server = new TcpClient();

        try
        {
            byte[] data = new byte[32];
           
            server.Connect(_Server, _Port);
            NetworkStream ns = server.GetStream();
            int recv = ns.Read(data, 0, data.Length);

            Byte[] SecureKey = new byte[7];
            Byte[] gsSecureKey = new byte[9];
            Byte[] HandOff = Encoding.ASCII.GetBytes(_HandOff);

            getSecureKey(data).CopyTo(SecureKey, 0);
            getGSSecureKey(SecureKey, HandOff).CopyTo(gsSecureKey, 0);

            Response.Write(Encoding.ASCII.GetString(SecureKey));
            Response.Write(Encoding.ASCII.GetString(gsSecureKey));

            String QueryString = string.Format(
                        "\\gamename\\{0}\\gamever\\1.11\\enctype\\0\\validate\\{1}\\final\\list\\{2}", //Need to fix this.
                        _GameString,
                        Encoding.ASCII.GetString(gsSecureKey),
                        _Query);

            data = Encoding.ASCII.GetBytes(QueryString);
            //ns.Write(data, 0, data.Length);
            server.Close();
        }
        catch
        {
            server.Close();
        }

    }

    private byte[] getSecureKey(byte[] data)
    {
        Byte[] SecureKey = { data[15], data[16], data[17], data[18], data[19], data[20] };
        return SecureKey;
    }

    private byte[] getGSSecureKey(byte[] SecureKey, byte[] HandOff)
    {
        Byte[] ValidateKey = { }; //This is what gets returned.

        Byte[] Temp = new byte[4]; // Array for some temporary Variables
        Byte[] Table;

        for (int i = 0; i <= 255; i++)
        {
            Table[i] = (byte)i; // Fill the buffer
        }

        // Add the length of the Keys to the array:
        int[] Length = { HandOff.Length, SecureKey.Length };

        for (int i = 0; i <= 255; i++)
        {
            // Scramble the Table with the Handoff:
            Temp[0] = (Temp[0] + Table[i] + HandOff[i % Length[0]]) & (byte)255;
            Temp[1] = Table[Temp[0]];

            // Update the buffer:
            Table[Temp[0]] = Table[i];
            Table[i] = Temp[1];
        }

        Temp[0] = 0;
        Byte[] Key;

        // Scramble the SecureKey with the Table:
        for (int i = 0; i < Length[1]; i++)
        {
            // Add the next char to the Array
            Key[i] = (SecureKey[i]);

            Temp[0] = (Temp[0] + Key[i] + 1) & (byte)255;
            Temp[1] = Table[Temp[0]];
            Temp[2] = (Temp[2] + Temp[1]) & (byte)255;
            Temp[3] = Table[Temp[2]];

            Table[Temp[2]] = Temp[1];
            Table[Temp[0]] = Temp[3];

            // XOR the Key with the Buffer:
            Key[i] ^= Table[(Temp[1] + Temp[3]) & (byte)255];
        }

        Length[1] /= 3;
        int x = 0;
        int v = 0;

        // Create the ValidateKey:
        while (Length[1]-- != 0)
        {
            Temp[1] = Key[x++];
            Temp[3] = Key[x++];

            ValidateKey[v++] = gsvalfunc(Temp[1] >> 2);
            ValidateKey[v++] = gsvalfunc(((Temp[1] & (byte)3) << 4) | (Temp[3] >> 4));

            Temp[1] = Key[x++];

            ValidateKey[v++] = gsvalfunc(((Temp[3] & (byte)15) << 2) | (Temp[1] >> 6));
            ValidateKey[v++] = gsvalfunc(Temp[1] & (byte)63);
        }

        return ValidateKey;

    }

    private byte gsvalfunc(byte reg)
    {
        if (reg < 26) return (byte)(reg + (byte)('A'));
        if (reg < 52) return (byte)(reg + (byte)('G'));
        if (reg < 62) return (byte)(reg - (byte)4);
        if (reg == 62) return (byte)('+');
        if (reg == 63) return (byte)('/');
        return (0);
    }

}



Everything looks like it should be the right type. If anyone can spot whats wrong I would be very greatful.

m


Top
 Profile  
 
 Post subject: Re: Attempting to add enctype management to translated GSSecKey
PostPosted: 09 Sep 2008 18:01 

Joined: 08 Sep 2008 13:07
Posts: 12
Okay so i resolved my byte / int issues. I now get this...

SecureKey: PJZLJE
gsSecureKey: YFBHDMKm
QueryString: \gamename\mohaa\gamever\1.11\validate\YFBHDMKm

I send the querystring to the server but I dont get any response.... :/ I dont know what to try next.


Top
 Profile  
 
 Post subject: Re: Attempting to add enctype management to translated GSSecKey
PostPosted: 09 Sep 2008 18:28 

Joined: 08 Sep 2008 13:07
Posts: 12
I just used the SecureKey and Handoff from your console screen shot and got the same gsSecureKey (MUJZKK -> 6Zh0dYjX) so i know my validation function is working. I just dont know why i cant get a response from the server...

my problem is either in the string im passing to the server, or the way I am handling the tcp connection....

If I could get a confirmation on the QueryString that would help.

I will post the full working ASP.NET C# code once I have everything working 100%.

Cheers,
m


Top
 Profile  
 
 Post subject: Re: Attempting to add enctype management to translated GSSecKey
PostPosted: 09 Sep 2008 18:42 

Joined: 13 Aug 2007 21:44
Posts: 4068
Location: http://aluigi.org
try using a query string like the following:

\gamename\mohaa\enctype\0\validate\ABCDEFGH\final\\list\cmp\gamename\mohaa


Top
 Profile  
 
 Post subject: Re: Attempting to add enctype management to translated GSSecKey
PostPosted: 09 Sep 2008 18:58 

Joined: 08 Sep 2008 13:07
Posts: 12
i dont think the null byte is showing up in the q/s should it be?


Top
 Profile  
 
 Post subject: Re: Attempting to add enctype management to translated GSSecKey
PostPosted: 09 Sep 2008 19:00 

Joined: 08 Sep 2008 13:07
Posts: 12
nvm it is


Top
 Profile  
 
 Post subject: Re: Attempting to add enctype management to translated GSSecKey
PostPosted: 09 Sep 2008 19:28 

Joined: 08 Sep 2008 13:07
Posts: 12
I am still not getting anything back from the server....

Code:
            data = new byte[QueryString.Length];
            data = Encoding.ASCII.GetBytes(QueryString);
            ns.Write(data, 0, data.Length);
            data = new byte[2048];
            while (!ns.DataAvailable)
            { System.Threading.Thread.Sleep(100); }
            ns.Read(data, 0, data.Length);
            server.Close();


Top
 Profile  
 
 Post subject: Re: Attempting to add enctype management to translated GSSecKey
PostPosted: 09 Sep 2008 20:34 

Joined: 13 Aug 2007 21:44
Posts: 4068
Location: http://aluigi.org
uhmmm I don't have other hypothesis, run wireshark and sniff the entire session to see if there is something strange.
then check also that your \validate\ field is correct using gssec (linked in the above posts)


Top
 Profile  
 
 Post subject: Re: Attempting to add enctype management to translated GSSecKey
PostPosted: 09 Sep 2008 22:43 

Joined: 08 Sep 2008 13:07
Posts: 12
I rechecked the gssec ...okay.
I ran wireshark and compared the data from MOHAA-->GS.
the gssec it passes is 8bytes ...i was using 8bytes plus null (9bytes)
i changed my gssec to use 8 bytes and also used the same search query as MOHAA-->GS
Code:
\gamename\mohaa\gamever\1.6\location\0\validate\{1}\final\\queryid\1.1\list\cmp\gamename\mohaa\final\

I am now getting data back from GS....just need to parse the IPs now....
:)


Top
 Profile  
 
 Post subject: Re: Attempting to add enctype management to translated GSSecKey
PostPosted: 09 Sep 2008 23:36 

Joined: 13 Aug 2007 21:44
Posts: 4068
Location: http://aluigi.org
well done, luckily parsing the IP addresses is a joke: 4 for IP and 2 for port in big endian mode


Top
 Profile  
 
 Post subject: Re: Attempting to add enctype management to translated GSSecKey
PostPosted: 10 Sep 2008 00:09 

Joined: 08 Sep 2008 13:07
Posts: 12
Yup parsing the IPs was very simple. I now have a complete list of server IPs and gamespy query ports.

I already had written the code to query the individual gameservers. So now I just need to bring it all together, add some search features to the master query, and some functions for serching the individual game servers.

Ill keep you updated on my progress.


Top
 Profile  
 
 Post subject: Re: Attempting to add enctype management to translated GSSecKey
PostPosted: 11 Sep 2008 16:52 

Joined: 08 Sep 2008 13:07
Posts: 12
Luigi do you have a listing of gamespy country codes? I thought I saw one the other day now I cant seem to find it.

M


Top
 Profile  
 
 Post subject: Re: Attempting to add enctype management to translated GSSecKey
PostPosted: 11 Sep 2008 21:44 

Joined: 13 Aug 2007 21:44
Posts: 4068
Location: http://aluigi.org
sure, use gslist -c or watch in the countries.h file of its source code


Top
 Profile  
 
 Post subject: Re: Attempting to add enctype management to translated GSSecKey
PostPosted: 12 Sep 2008 09:32 

Joined: 08 Sep 2008 13:07
Posts: 12
:)


Top
 Profile  
 
 Post subject: Re: Attempting to add enctype management to translated GSSecKey
PostPosted: 08 Nov 2008 19:38 

Joined: 20 Jul 2008 20:02
Posts: 8
Hello. I finally got around to translating the enctype1_decoder to Delphi. Unfortunately it crashes. :(
In order to debug I figure I need to be stepping thru the gslist source using the same buffer and see where the values start to differ. Can you recommend a plain old "C" compiler?

I have MS Visual Studio 2005, it only lets me create "C++" projects. So I tried that, added your files, compile, and it is not happy.
I tried a free trial of Turbo Explorer C++ but again, only lets me start "C++" projects.

Would you know the name of the a "C" studio that would allow me to compile and step thru running code?


Top
 Profile  
 
 Post subject: Re: Attempting to add enctype management to translated GSSecKey
PostPosted: 08 Nov 2008 22:19 

Joined: 13 Aug 2007 21:44
Posts: 4068
Location: http://aluigi.org
a crash is a "good" thing, because with a debugger and a bit of luck you can find the problem enough soon (maybe it's only a NULL pointer).

anyway here I use mingw/gcc which is a great compiler:
http://www.mingw.org

and the following is an unoffical but more updated build:
http://www.tdragon.net/recentgcc/

if you want to recompile gslist you can use the compa.bat file in the src folder, remember only to use the correct mingw folder because in that file I have setted d:\mingw instead of c:\mingw


Top
 Profile  
 
 Post subject: Re: Attempting to add enctype management to translated GSSecKey
PostPosted: 09 Nov 2008 00:01 

Joined: 13 Aug 2007 21:44
Posts: 4068
Location: http://aluigi.org
oh I was forgetting one thing, enctype 1 and 2 are now obsolete because with enctypeX the job is usually simpler.
the following thread has some info:

gslist-trying-to-get-not-only-server-list-t561.html


Top
 Profile  
 
Display posts from previous:  Sort by  
Forum locked This topic is locked, you cannot edit posts or make further replies.  [ 24 posts ] 

All times are UTC [ DST ]


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for: