Miscellaneous useful 'nippits

From SkullSecurity
Revision as of 16:38, 27 February 2008 by Ron (talk | contribs) (New page: I'm not sure what's going to end up here, but I'll know it when I see it. Be prepared! ==Overview== This is a quick and dirty overview of the whole process: * User connects to Battle.net ...)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

I'm not sure what's going to end up here, but I'll know it when I see it. Be prepared!

Overview

This is a quick and dirty overview of the whole process:

  • User connects to Battle.net
  • Built-in Warden module ("Maiev") is loaded from memory
  • Module is initialized (keys are generated, etc.)
  • User logs in
  • Battle.net sends 0x00 ("Do you have this module?")
    • User responds with 0x00 0r 0x01
      • If 0x01 is sent, skip to receiving 0x02
    • Battle.net sends the new module, in a series of 0x01 packets
    • "Maiev" decrypts, verifies, and prepares the new module
    • Once module has been verified and prepared, client sends back 0x01
  • After each Warden packet, Battle.snp checks if a new module is prepared
    • Once complete, the module is swapped out
  • Battle.net sends 0x02
    • New module responds to 0x02 (somehow.. haven't done this yet)

WinDBG Packet Dumper

This little pair of WinDGB commands will set a breakpoint within the built-in module to decrypt and display Warden's initial packets: 

TODO
Retrieved from "https://wiki.skullsecurity.org/index.php?title=Miscellaneous_useful_%27nippits&oldid=571"