|
Mod note: It is likely that this is an internal testing version not intended to be public yet. Battle.net reportedly does not work after patching, which indicates that it's not yet "released". |
On July 28 2016 00:35 dcemuser wrote:
The disbelievers are cute, but their disbelief is understandable because this is information that isn't really -super- well known. I mean, it's nothing fancy, but it's just that scanning URLs via bruteforce isn't something that occurs to most people.
This is exactly how every fansite has scanned for new patches for years - this is how mmo-champion and wowhead detected new patches when Blizzard was on the old protocol. In fact, this is how Blizzard accidentally leaked the alpha for one of the WoW expansions, many years ago (and gave us a nice C&D for covering it, RIP).
You take a known real patch URL, say, the ftp.blizzard.com download link for 1.16, then you bruteforce various potential new numbers repeatedly (probably, [1-2].[1-2][0-9] with an optional a-z in this case) and spam eternally. Have the program send you an email when it gets something that isn't a 404/500.
Of course, this doesn't work anymore because of NGDP, Blizzard's new download protocol, which ensures that all URLs like this are hashed and basically unguessable. However, old games are not using that system (or even the system that existed before that, lol).
I'm actually mildly surprised that the SC community doesn't have a tool for doing this kind of scanning running on at least one PC.
This is a fantastic post. I did not know any of this.
What is Blizzard hashing now? Is it just taking the ending part of the download link (with the changing version numbers) and hashing that? Because if that's it, then it seems like it would still be easy to perform this type of scanning.
|
I've been editing the Liquipedia page for LatencyChanger the past few days. The change in 1.17.0 has been documented now. As you can see, the values for LAN games and server games are now the same, which is 2.
|
On July 28 2016 03:48 Shield wrote:Show nested quote +On July 28 2016 02:46 Valeranth wrote:On July 28 2016 02:29 Shield wrote:On July 27 2016 22:42 Dumbledore wrote:On July 27 2016 08:20 Shield wrote:On July 26 2016 18:09 bduddy wrote:On July 26 2016 16:05 Shield wrote:On July 26 2016 15:49 bduddy wrote:If you people somehow think http://ftp.blizzard.com is a scam, then please, learn about how the Internet actually works before you spew any more of your "wisdom" here. The patch is 100% legit, although possibly not intended to be released yet. Enjoy your new palettes. That's exactly why I'm skeptical because I know how the internet works. On the other hand, you don't. Go learn a little bit about spoof URLs, spoof e-mails, etc before you talk about internet security. Because messing with email headers or adding a bunch of garbage to a URL is the same this as somehow hijacking an entire domain on blizzard.com. Right. Please stop talking before you really hurt someone. Having a single domain deal in multiple protocols is incredibly common and normal. EDIT: typhoonius is completely correct, except I know that Firefox does support FTP, and Chrome probably does too although I never use it so I'm not sure. Are you stupid or what? How can you hurt anyone? Please stop exaggerating. Stop embarassing yourself and learn how domains work. I know how domains work. Thanks very much. You missed the point. Could you explain the point then? Right now it seems like you think it might be spoofed because of the ftp part despite it being a blizzard.com domain. No, I don't think it's spoofed but it was part of my initial suspicions (I read about spoofed URLs later). When I said I'm skeptical exactly because I know how the internet works that was a general statement. Just because of how the internet can screw you such as man-in-the-middle-attack, IP address spoof, e-mail spoof, etc. While I'm not a network security guy, I'm a software engineer so I'm cautious what I do. Better safe than sorry. No need for some people to be assholes, really (I don't mean you specifically when I reply to your post).
You work as a software engineer but had to read up about spoofed URLs? I take it all you do is HCI design or something front-end then and nothing back-end or you would have had the know-how to not embarass yourself.
|
On July 27 2016 17:39 xboi209 wrote:Report: Blizzard is looking to remove unused game protocols such as Local Area Network (IPX), Modem, and Direct Cable Connection. They're logging the total and monthly amount of games we play on each protocol. Additional research has been published at BNETDocs.org.
I can see why they might remove modem but the other two protocols still could be useful for people running old machines in network on win 95 or 98.What is the justification for removing functional options? To make it somehow 'less confusing' for new players when selecting? I'm against it.
|
On July 28 2016 18:52 iPlaY.NettleS wrote:Show nested quote +On July 27 2016 17:39 xboi209 wrote:Report: Blizzard is looking to remove unused game protocols such as Local Area Network (IPX), Modem, and Direct Cable Connection. They're logging the total and monthly amount of games we play on each protocol. Additional research has been published at BNETDocs.org. I can see why they might remove modem but the other two protocols still could be useful for people running old machines in network on win 95 or 98.What is the justification for removing functional options? To make it somehow 'less confusing' for new players when selecting? I'm against it.
The oldest Windows OS that BW supports right now is Windows 2000 anyways, and I'm going to assume that even Windows 2000 support will be dropped because D2 already dropped it this year (someone should check if 1.17.0 even works on Windows 2000). They're looking to remove unused game protocols, so if there is a significant number of games played on a protocol, it seems as though the protocol will stay.
|
On July 28 2016 19:02 xboi209 wrote:Show nested quote +On July 28 2016 18:52 iPlaY.NettleS wrote:On July 27 2016 17:39 xboi209 wrote:Report: Blizzard is looking to remove unused game protocols such as Local Area Network (IPX), Modem, and Direct Cable Connection. They're logging the total and monthly amount of games we play on each protocol. Additional research has been published at BNETDocs.org. I can see why they might remove modem but the other two protocols still could be useful for people running old machines in network on win 95 or 98.What is the justification for removing functional options? To make it somehow 'less confusing' for new players when selecting? I'm against it. The oldest Windows OS that BW supports right now is Windows 2000 anyways, and I'm going to assume that even Windows 2000 support will be dropped because D2 already dropped it this year
OK thanks for the info i wasn't aware.
Certainly anyone still using DCC is running a retro PC network setup for mid-late 90s PC games.It's been well over a decade since i had a parallel port on my PC.
|
On July 28 2016 19:02 xboi209 wrote:
The oldest Windows OS that BW supports right now is Windows 2000 anyways, and I'm going to assume that even Windows 2000 support will be dropped because D2 already dropped it this year (someone should check if 1.17.0 even works on Windows 2000). They're looking to remove unused game protocols, so if there is a significant number of games played on a protocol, it seems as though the protocol will stay.
Just tested it and I can confirm that it won't run on 2000.
![[image loading]](http://i.imgur.com/3cHpCmT.png)
|
Hey i made a blog about this thread and then it was was closed down cause its only memes; check it out if you wanna have a laugh; its in the closed threads section
|
On July 27 2016 02:34 outscar wrote:Time to test this on another "don't give a shit" Win10 laptop and find out difference. Still if changes are only those and not affecting game when playing on newer OS, I'm disappointed. Show nested quote +On July 26 2016 06:20 LaStScan wrote:On July 26 2016 06:09 mca64Launcher_ wrote:![[image loading]](http://i.imgur.com/cIILk7w.jpg) shit, mca64Launcher doesnt works anymore. Anyway thought that Blizzard will make more stuff in this patch. If someone is using win xp or win 7 and plays on iccup then this patch is useless How did you patch? I couldn't patch. Maybe it's because your BW IIRC using too many modifications, SC2 unit sounds, etc. Try on clean installation. EDIT: Apparently I checked log when error occured on mine too, it says I need to put BW (I deleted it) where I installed it before f.e. C:\Games. Also you can't install patch on iCCup (mini) version, need original full one. Show nested quote +On July 27 2016 02:35 IntoTheheart wrote:On July 27 2016 02:34 outscar wrote:
Time to test this on another "don't give a shit" Win10 laptop and find out difference. Still if changes are only those and not affecting game when playing on newer OS, I'm disappointed. If it does work and it's not too much work for you, mind uploading a video on the gameplay if the turn speeds feel different to you?  I'll try. EDIT: Wow, this fucking patch is real deal. Battle.net rank icons are showing (you can connect to Fish but can't join games), I didn't sense stuttering and lag. THIS IS THE SHIT GUYS! Stop blaming OP. EDIT2: Actually I couldn't record because laptop which I'm testing Win10 is little netbook which is intended for basic job thus got really bad VGA so graphic card doesn't allow to record - output is really laggy. But the difference is huge from 1.16.1. Everyone with Win10 should try out, only blind won't see comparison. EDIT3: Also wanna point out that map FS isn't loading for some reason. So patch is still raw.
If it's true this is really awesome. I'm on Win8.1 and I can totally see the difference with WinXP. EffOrt was right to complain.
|
On July 28 2016 06:00 TheLordofAwesome wrote:Show nested quote +On July 28 2016 00:35 dcemuser wrote:
The disbelievers are cute, but their disbelief is understandable because this is information that isn't really -super- well known. I mean, it's nothing fancy, but it's just that scanning URLs via bruteforce isn't something that occurs to most people.
This is exactly how every fansite has scanned for new patches for years - this is how mmo-champion and wowhead detected new patches when Blizzard was on the old protocol. In fact, this is how Blizzard accidentally leaked the alpha for one of the WoW expansions, many years ago (and gave us a nice C&D for covering it, RIP).
You take a known real patch URL, say, the ftp.blizzard.com download link for 1.16, then you bruteforce various potential new numbers repeatedly (probably, [1-2].[1-2][0-9] with an optional a-z in this case) and spam eternally. Have the program send you an email when it gets something that isn't a 404/500.
Of course, this doesn't work anymore because of NGDP, Blizzard's new download protocol, which ensures that all URLs like this are hashed and basically unguessable. However, old games are not using that system (or even the system that existed before that, lol).
I'm actually mildly surprised that the SC community doesn't have a tool for doing this kind of scanning running on at least one PC. This is a fantastic post. I did not know any of this. What is Blizzard hashing now? Is it just taking the ending part of the download link (with the changing version numbers) and hashing that? Because if that's it, then it seems like it would still be easy to perform this type of scanning.
They hash the file contents using MD5 and then post the file at its own MD5 as a URL, so, for example: http://blzddist1-a.akamaihd.net/tpr/wow/config/a5/f8/a5f8a23d3b71769d10071f0a092e3e3e is the CDN configuration (half of the configuration needed to install a game - the other half being the build configuration) for a recent WoW build.
The problem and why we can't bruteforce the MD5s by changing the strings in the text to the new expected values is that all of these configuration files themselves contain MD5s of other vital files. So, say for an instance, a new build is pushed, and that new build contains new archives. Now, in order to guess the MD5 of the CDN configuration, we're back to the same problem of having to guess an unknown MD5 (the one for the new or altered files, in order to add them to the old CDN configuration's text).
This method ensures that the files are basically unguessable before Blizzard posts their hashes publically.
|
There appears to be some undocumented changes. Protected maps will no longer work, saying it cannot read the scenario file. They've also added the modern Blizzard Error Reporter and a system survey program.
The increased turn rate also seems to have an impact on the economy, but I'm not too sure yet.
|
On August 07 2016 16:56 Templarfreak wrote:
There appears to be some undocumented changes. Protected maps will no longer work, saying it cannot read the scenario file. They've also added the modern Blizzard Error Reporter and a system survey program.
The increased turn rate also seems to have an impact on the economy, but I'm not too sure yet.
I've already documented a lot of undocumented stuff at BnetDocs: https://bnetdocs.org/news/118/starcraft-patch-1-17-0-pre-release
Also, it's not specifically unprotected maps that don't work, I've tested a protected map and it works. ICCup's FS is known to not work though.
|
On August 07 2016 17:13 xboi209 wrote:Show nested quote +On August 07 2016 16:56 Templarfreak wrote:
There appears to be some undocumented changes. Protected maps will no longer work, saying it cannot read the scenario file. They've also added the modern Blizzard Error Reporter and a system survey program.
The increased turn rate also seems to have an impact on the economy, but I'm not too sure yet. I've already documented a lot of undocumented stuff at BnetDocs: https://bnetdocs.org/news/118/starcraft-patch-1-17-0-pre-releaseAlso, it's not specifically unprotected maps that don't work, I've tested a protected map and it works. ICCup's FS is known to not work though.
What is CheckRevision's DLL?
|
On August 07 2016 18:12 Templarfreak wrote:Show nested quote +On August 07 2016 17:13 xboi209 wrote:On August 07 2016 16:56 Templarfreak wrote:
There appears to be some undocumented changes. Protected maps will no longer work, saying it cannot read the scenario file. They've also added the modern Blizzard Error Reporter and a system survey program.
The increased turn rate also seems to have an impact on the economy, but I'm not too sure yet. I've already documented a lot of undocumented stuff at BnetDocs: https://bnetdocs.org/news/118/starcraft-patch-1-17-0-pre-releaseAlso, it's not specifically unprotected maps that don't work, I've tested a protected map and it works. ICCup's FS is known to not work though. What is CheckRevision's DLL?
CheckRevision is a module for Battle.net(v1) clients that reports version information so that the server can know whether or not to send a newer patch or to decline the client from connecting, more advanced modules prevent clients that have hacks loaded from connecting as well. Basically though, the server sends BW a MPQ file which contains a DLL file that will be loaded by BW. The MPQ file itself has been traditionally signed, however, the private key used for signing MPQ files has been cracked and thus private servers have the ability to send clients any DLL they want, including viruses. Starting with the 1.17.0 patch, the DLL file itself is required to be signed with a stronger private key or else the client will refuse the load the file.
|
|
|
|
|
|
EPT
