-
Private
Requesting some overwatch information for a small emulator
Hello everyone,
I'm coding a small emulator (lets see how far i can go) for overwatch to test if my computer can run the game or not before buying it.
Does anyone have the ip of overwatch's server (the one that client connects to after start/login. previously 24.105.10.145:3724)?
Also if it isn't much trouble, Can anyone with beta access use wireshark and dump the packets from/to the ip above (NOT *.actual.battle.net/*.battle.net) from client start till u successfully login? The username/password will be encrypted with ssl if you're afraid of that.
If anyone knows the encryption of overwatch, feel free to help
Code:
I just got it "working" like an hour ago or something so not much reversed yet :o
1. HELLO PRO CLIENT <-> HELLO PRO SERVER
2. Some packet <-> Some response (Encryption keys i suppose)
3. Some packet <-> Some response (JAM? O.o)
4. Here server sends a packet and i think client decrypts it because on the client i recv invalid bytes which are not what i sent
Thanks
Last edited by BadBoy17; 03-20-2016 at 04:00 AM.
-
Private
I'm stuck with the crypto exchange bullshit. any help implementing it?
Last edited by BadBoy17; 03-18-2016 at 11:35 PM.
-
-
Private
If anyone knows/heard/coded anything similar for other blizzard games, DO GIVE!
Originally Posted by WiseMan
pro = prometheus = overwatch's codename
Handshake#1: Client sends 'HELLO PRO CLIENT' (hey i'm pro client)
Handshake#2: Server sends 'HELLO PRO SERVER' (hey i'm pro server)
1. Client generates a sha256 hash of something. (still not sure about what it is)
2. Client sends that hash to server. 2x 16bytes
3. Server responds with 2 hashes and a byte (official set it to 7)
4. Client uses a static byte array and hash it with the 2nd hash from server and the first generated hash then rehash the result with v64 (unk for now, 64bytes. IDA doesn't see it being set anywhere. maybe was on purpose to have random bytes from stack?)
Code:
static byte array used:
*(_QWORD *)(a1 + 104) = 0x3636363636363636i64;
*(_QWORD *)(a1 + 112) = 0x3636363636363636i64;
*(_QWORD *)(a1 + 120) = 0x3636363636363636i64;
*(_QWORD *)(a1 + 128) = 0x3636363636363636i64;
*(_QWORD *)(a1 + 136) = 0x3636363636363636i64;
*(_QWORD *)(a1 + 144) = 0x3636363636363636i64;
*(_QWORD *)(a1 + 152) = 0x3636363636363636i64;
*(_QWORD *)(a1 + 160) = 0x3636363636363636i64;
*(_QWORD *)(a1 + 168) = 0x5C5C5C5C5C5C5C5Ci64;
*(_QWORD *)(a1 + 176) = 0x5C5C5C5C5C5C5C5Ci64;
*(_QWORD *)(a1 + 184) = 0x5C5C5C5C5C5C5C5Ci64;
*(_QWORD *)(a1 + 192) = 0x5C5C5C5C5C5C5C5Ci64;
*(_QWORD *)(a1 + 200) = 0x5C5C5C5C5C5C5C5Ci64;
*(_QWORD *)(a1 + 208) = 0x5C5C5C5C5C5C5C5Ci64;
*(_QWORD *)(a1 + 216) = 0x5C5C5C5C5C5C5C5Ci64;
*(_QWORD *)(a1 + 224) = 0x5C5C5C5C5C5C5C5Ci64;
5. Client sends that hash to server.
6. Server responds with 32 bytes hash
7. Client does something with that packet (didn't look at it yet. doesn't send any packets tho)
8. Server now sends the huge packet that never gets handled by client because it bugs somewhere. and the content changes O_O
packet: (don't trust the sizes. it's how the client reads it that's all)
Code:
decimal -> 16bytes
ulong -> 8bytes
uint -> 4bytes
---------------------------
for (var i = 0; i != 2; ++i)
{
w.Write(decimal.Zero);
w.Write(decimal.Zero);
w.Write(decimal.Zero);
w.Write(decimal.Zero);
w.Write(decimal.Zero);
w.Write(decimal.Zero);
w.Write(decimal.Zero);
w.Write(decimal.Zero);
}
w.Write(ulong.MinValue);
w.Write(ulong.MinValue);
w.Write(ulong.MinValue);
w.Write(ulong.MinValue);
w.Write(uint.MinValue);
Edit: it's probably md5 because the hash is 32bytes in length.
Last edited by BadBoy17; 03-23-2016 at 02:48 AM.
-
-
Member
i have no clue what you're talking about, but if you can make me play the game, keep doing what you do
-
Member
Did you make any progress ? sometimes i have access to a friend account, i have wireshark and i wish to help you.
-
Contributor
You find guy with access, but have you any progress with doin emulator?
-
Private
Originally Posted by
Manew
Did you make any progress ? sometimes i have access to a friend account, i have wireshark and i wish to help you.
Originally Posted by
vvvat
You find guy with access, but have you any progress with doin emulator?
I paused the emulator development until the open beta (easier to live-reverse the game than looking at a dump)
-
Contributor
Originally Posted by
BadBoy17
I paused the emulator development until the open beta
(easier to live-reverse the game than looking at a dump)
Good news, mate. Keep working I think that the emulator will be demanded.
-
Be careful. Blizzard does serve C&D letters for stuff like this. Best of luck though!
-
Contributor
Open Beta is live. Don't forget about it
Any progress?
-
Post Thanks / Like - 1 Thanks
Miksu (1 members gave Thanks to vvvat for this useful post)
-
Private
Originally Posted by
vvvat
Open Beta is live. Don't forget about it
Any progress?
They added a small anti debugger and it's causing my pc to bsod every 3mins of debugging so no :c
And they appear to be reading this forum because they patched my ssl bypass and now it compares ip as well (i think?) and obviously i can't bypass that because of no debugger
Aside from emulator, i found a way to log/force-send their game packets (and i have some exploits in my mind from whats been said on /r/Overwatch )
-
Post Thanks / Like - 1 Thanks
Miksu (1 members gave Thanks to BadBoy17 for this useful post)
-
Originally Posted by
BadBoy17
They added a small anti debugger and it's causing my pc to bsod every 3mins of debugging so no :c
And they appear to be reading this forum because they patched my ssl bypass and now it compares ip as well (i think?) and obviously i can't bypass that because of no debugger
Aside from emulator, i found a way to log/force-send their game packets
(and i have some exploits in my mind from whats been said on /r/Overwatch
)
Open up the binary and look for the anti-debugging code before launching it? I believe it isn't that difficult unless it is some custom code within Warden.
-
Post Thanks / Like - 1 Thanks
Miksu (1 members gave Thanks to Sychotix for this useful post)