破解最新进展

smartadam

Basic information

The current battle.net wrapper code can be found at http://github.com/kow/Starcraft-2-Battle.Net-Wrapper

Communication with battle.net.dll occurs through the debugger created by battle.net.dll. When the main SC2 process cause an exception by reading from the memory location 0xFFFFFFFE a command is called in battle.net.dll. The minimum requirement for such a call to be made is that SC2 can establish a connection to a battle.net server, either bnetd on localhost or battle.net.

Full authorisation client, written in C# utilising a C++ AuthModule interface. http://filebeam.com/f81c1f89a3bbc2ae1d053c1b6baee5bb - Written by Ralek and kynox.
Connect

When Connect is pressed a 52 bytes + username in plain text message is sent to TCP port 1119. This leads to these calls to the battle.net wrapper:

    *
      BattlenetAPI::Unknown_08(564DF94, 5BECAC8) [B15458] = 0
    *
      BattlenetAPI::Unknown_03(C, 564F580, 6) [B14D2E] = 99DA418
    *
      BattlenetAPI::Unknown_04(13, 564EE30, 6) [B14DAE] = 1

It's not currently known how to pick up this communication from the battle.net wrapper.


接下来要做的就是让有key的人反复的登录，抓到足够多的验证封包，然后解包。。。