Code:
int __stdcall myGetBanStatus(bool SteamID_perm_banned, DWORD * hwid, DWORD steamID_hi, DWORD steamID_low, USHORT port, DWORD ip)
{ VU("myGetBanStatus");
info("ip = %08X, port = %d, SteamID = %08X %08X, hwid[0] = %08X, perm_banned = %d", ip, port, steamID_low, steamID_hi, hwid[0], SteamID_perm_banned);
if (SteamID_perm_banned) return true;
if (g_IsTempBanned(ip)) return true;
//decrypt and hash hwid
DWORD hwid_l[4] = {hwid[0], hwid[1], hwid[2], hwid[3]};
hwid_l[0] = hwid_l[0] ^ 0x23586134 ^ 0xC0DEB100;
hwid_l[1] = hwid_l[1] ^ ntohl(hwid_l[0]) ^ 0x7629d1b9;
hwid_l[2] = hwid_l[2] ^ hwid_l[0] ^ 0x1337D00D;
hwid_l[3] = hwid_l[3] ^ (hwid_l[0] >> 1) ^ 0xDEADCAFE;
DWORD hwid_crc = GetCRC32((void *)&hwid_l[1], 12);
info("gotcrc %08X, expected %08X", hwid_crc, hwid_l[0]);
if (hwid_crc == hwid_l[0] && !IsServerClientBanned(hwid_l)) // Here is what is check when you are ingame in server
{
AddServerVisitor(hwid_l, port, ip);
}
else
{
g_TempBan(ip);
return 1;
}
return 0;
VE();
}
Code:
unsigned char ConnBlob_skeleton[0x60] = // 'le ticket blob
{
0xFF, 0xF1, 0x01, 0x00, 0x60, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xFF, 0x00, 0xFF, 0x00, 0x00, 0x00, 0xFF, 0x00, 0xFF,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x44, 0x46, 0x8B, 0x1D,
0xFA, 0x17, 0xD3, 0x47, 0x83, 0xC6, 0x6A, 0x2B, 0xE4, 0x3A, 0xAC, 0x45, 0x70, 0xAB, 0xB2, 0x01,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x00, 0x12, 0x00, 0x70, 0xAB, 0xB2, 0x01,
} ;
Code:
void * ServerList::createConnectionBlob(ULONG ipAddr, USHORT port, bool ServerItemMustExist)
{ VU("ServerList::createConnectionBlob");
void * blob = ConnBlob_skeleton;
if (ServerItemMustExist)
{
ServerItem * item = getServerItemByAddress(ipAddr, port);
if (item != NULL)
{
info("ServerList::createConnectionBlob() generating blob\n");
*(DWORD*)((DWORD)blob+0x10) = htonl(item->getServerInternalIp());
*(DWORD*)((DWORD)blob+0x22) = htonl(item->getServerExternalIp());
*(WORD*)((DWORD)blob+0x14) = item->getServerInternalPort();
*(WORD*)((DWORD)blob+0x26) = item->getServerExternalPort();
*(BYTE*)((DWORD)blob+0x59) = 1;
//hwid challenge
DWORD * hwid = (DWORD*)((DWORD)blob+0x3C);
GetHWID(hwid);
//hwid[1] = 0x14141414 ^ GetTickCount();
//hwid[2] = 0x15151515 ^ GetTickCount();
//hwid[3] = 0x16161616 ^ GetTickCount();
hwid[0] = GetCRC32((void *)&hwid[1], 12);
hwid[1] = hwid[1] ^ ntohl(hwid[0]) ^ 0x7629d1b9;
hwid[2] = hwid[2] ^ hwid[0] ^ 0x1337D00D;
hwid[3] = hwid[3] ^ (hwid[0] >> 1) ^ 0xDEADCAFE;
hwid[0] = hwid[0] ^ 0x23586134 ^ 0xC0DEB100;
//some other unknown vals CC'ed
*(DWORD*)((DWORD)blob+0x30) = 0xCCCCCCCC;
*(DWORD*)((DWORD)blob+0x34) = 0xCCCCCCCC;
//copy serurity id+key (null by default)
memcpy((void *)((DWORD)blob+0x8), item->getServerSecId(), 8);
memcpy((void *)((DWORD)blob+0x29), item->getServerSecKey(), 16);
#ifdef DEBUGGING_ENABLED
info("Connection blob dump:");
PrintBuffer((BYTE*)blob, 0x60, 0x10);
#endif
return blob;
}
info("ServerList::createConnectionBlob() server information not found\n");
return NULL;
}
else
{
info("ServerList::createConnectionBlob() generating blob\n");
*(DWORD*)((DWORD)blob+0x10) = htonl(ipAddr);
*(DWORD*)((DWORD)blob+0x22) = htonl(ipAddr);
*(WORD*)((DWORD)blob+0x14) = port;
*(WORD*)((DWORD)blob+0x26) = port;
*(BYTE*)((DWORD)blob+0x59) = 1;
//hwid challenge
DWORD * hwid = (DWORD*)((DWORD)blob+0x3C);
//hwid[1] = 0x14141414;
//hwid[2] = 0x15151515;
//hwid[3] = 0x16161616;
GetHWID(hwid);
hwid[0] = GetCRC32((void *)&hwid[1], 12);
hwid[1] = hwid[1] ^ ntohl(hwid[0]) ^ 0x7629d1b9;
hwid[2] = hwid[2] ^ hwid[0] ^ 0x1337D00D;
hwid[3] = hwid[3] ^ (hwid[0] >> 1) ^ 0xDEADCAFE;
hwid[0] = hwid[0] ^ 0x23586134 ^ 0xC0DEB100;
//some other unknown vals CC'ed
*(DWORD*)((DWORD)blob+0x30) = 0xCCCCCCCC;
*(DWORD*)((DWORD)blob+0x34) = 0xCCCCCCCC;
//copy serurity id+key (null by default)
memset((void *)((DWORD)blob+0x8), STATIC_SECURITY_KEY, 8);
memset((void *)((DWORD)blob+0x29), STATIC_SECURITY_KEY, 16);
#ifdef DEBUGGING_ENABLED
info("Connection blob dump:");
PrintBuffer((BYTE*)blob, 0x60, 0x10);
#endif
return blob;
}
return NULL;
VE();
}