Introduction to Packets -

Jump to content

Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

Introduction to Packets

#1 User is offline   joe x86 Icon

  • Emergency Programmer Hologram
  • PipPipPip
  • Group: Moderators
  • Posts: 319
  • Joined: September-06 09

Posted December 23, 2009 - 08:06 AM

What is a packet:
"In information technology, a packet is a formatted unit of data carried by a packet mode computer network." -Wikipedia, Packet (information technology)

A packet is a piece of data transferred over a computer network. Think of it as a "packet" of information that you might get from a banker when opening a bank account. It can contain a lot of data, or be empty. In TCP (transmission control protocol), some of this data includes the source "port", receiving "port", "checksum" of the packet for error checking, as well as the data that the program specifies to be sent. All of this is really irrelevant to using packets for StealthBot scripting, and can be further researched on Wikipedia.

The BnGame protocol:
"In computing, a protocol is a set of rules which is used by computers to communicate with each other across a network." -Wikipedia, Protocol (computing)

When first connecting to a server, you send a single byte packet specifying the protocol you want to use. This includes the full TCP header, but that's done behind the scenes. For BnGame, the protocol StealthBot uses, the byte 0x01 is sent. There are two other protocols: BnFTP uses the byte 0x02, and BnChat (the Telnet protocol) uses 0x03, however BnChat is now deprecated. The BnGame protocol is well documented at BnetDocs, written by Arta and Skywing of Valhalla Legends, and now maintained and hosted by Kyro. Their research has been invaluable to bot developers. Feel free to browse that site a bit, but don't get discouraged if it's all over your head, yet.

The BnGame protocol has a header, which is 4 bytes long. It's structured as:
(BYTE) Packet ID
(INT16) Packet Length

Data types:
"A data type (or datatype) in programming languages is a set of values and the operations on those values." -Wikipedia, Data type

Okay, this section is boring, but if you don't know your data types, you're not going to get anywhere. It's a necessary evil.

In the community, data is measured in amounts called WORDs. A WORD is the size of data that a processor can take, for instance a 32-bit processor uses a 32-bit WORD, and a 64-bit processor takes a 64-bit WORD. The documentation is written using 16-bit WORDs. Keep in mind that this is completely wrong, since nobody but your grandpa uses a 16-bit computer, and this style should never be used outside of In fact, it's so wrong that I have to teach you both the name and proper name for each data type, but don't worry -- it's easy.

The most primitive data type is a bit. It can be 0 or 1, which indicates "on" and "off" in RAM. It's like a lightswitch, it's either on or off. These are below the scope of what we'll be dealing with.

Not far ahead in the world of technology is the byte. In the olden days, people tried bytes that were 7 bits long, then realized it didn't work. On any computer you own, it's more than likely 8 bits long, and will be that long in the context of

Moving up in the world is the 16-bit integer, known on as the WORD. In most languages, this data type corresponds to the type short, but in Visual Basic it is an Integer.

Next up is the 32-bit integer, known on as the DWORD, or double WORD. This is an int in most languages, but a Long in Visual Basic.

As if you didn't know where we were going next, it's the 64-bit integer, or's Q(uadruple)WORD. Here's where the naming scheme starts to really suck. A QWORD is the size of a single 64-bit WORD. Ambiguous? Yes. In most languages, it's a long, and Visual Basic does not support this data type natively, but it's generally stored as two Longs. uses 128-bit integers in NLS, or New Login System, used for authenticating WarCraft III users. They're not natively supported in Visual Basic 6, and are really just beyond the scope of this document, but they're out there.

That's it for the primitive data types. There are three other types you may encounter.

A CString, otherwise known as Null-Terminated (NT) String, or just a String, is another common data type. This holds strings of characters, such as a username, a statstring, etc. A CString will be stored in the Visual Basic data type String, and the data type varies in other languages. A CString is stored in RAM as a bunch of bytes, followed by a 0x00 byte to indicate the end.

A PString, or Pascal string, is currently used by in Warden and with some parts of Diablo II, but is used more often in World of WarCraft's protocol, which will likely have lots of crossover with 2.0. It's stored in memory as a byte indicating the length of the string, followed by bytes indicating the string.

Lastly, the void. That's it. It's a void. In fact, it's not even a data type, by definition. It's just a bunch of bytes. The only void I can think of off the bat is the server signature for WarCraft III, which is 128 bytes long. This can either be verified (which is beyond the scope of this document), or generally ignored by skipping 128 bytes of the buffer. Generally when a void is listed on BnetDocs, it's explained, or at least the length of it is listed so you can skip it.

Parsing your first packet:

Thanks to Hdx for posting this code in another thread. I've documented it to show what it does. Basically, every time a ChatEvent happens this will show you the specifics, in royal blue, my debugging color of choice.

''// This is the "packet constant" for SID_CHATEVENT, which is sent by
''// every time something happens in chat, for example a user joining
''// or leaving.

''// This event is called by StealthBot every time a packet is received.
''// Protocol can either be "BNCS" for Chat Server, "BNLS" for
''// Login Server, or "MCP" for Master Control Panel, used in Diablo
''// II realm games. ID is the packet ID. Length is how long the packet is, and
''// Data is the packet itself, including the header.
''// In this method, the DataBufferEx class is used to read the data. This
''// implements methods to view the data easily, instead of manually taking apart
''// the bytestream.
Sub Event_PacketReceived(Protocol, ID, Length, Data)
    Dim inBuff
    Set inBuff = DataBufferEx()

    inBuff.Data = Data

    If (Protocol = "BNCS") Then
        inBuff.Position = 4 ''// Skip the BNCS header
        Select Case (ID)
            Case SID_CHATEVENT: Call Recv_SID_CHATEVENT(inBuff)
        End Select
    End If
End Sub

''// This method is called from the event handler above, whenever
''// SID_CHATEVENT occurs
Sub Recv_SID_CHATEVENT(inBuff)
    Dim lEventID, lFlags, lPing
    Dim sUsername, sText

    With inBuff
        lEventID  = .GetDWORD()  ''// (INT32)  Event ID
        lFlags    = .GetDWORD()  ''// (INT32)  Users Flags
        lPing     = .GetDWORD()  ''// (INT32)  Ping
                    .GetDWORD()  ''// (INT32)  IP address (defunct)
                    .GetDWORD()  ''// (INT32)  Account number (defunct)
                    .GetDWORD()  ''// (INT32)  Registration authority (defunct)
        sUsername = .GetString() ''// (CSTRING) Username
        sText     = .GetString() ''// (CSTRING) Text
    End With
    ''// [BNCS] SID_CHATEVENT: EID 0x05, Flags: 0x0, Ping: 1337, Username: Joe[x86], Text: Hey guys.
    AddChat vbBlue, "[BNCS] SID_CHATEVENT: EID 0x" & Hex(lEventID) & ", Flags 0x" & Hex(lFlags) & ", Ping: " & lPing & ", Username: " & sUsername & ", Text: " & sText
End Sub


If you made it this far, pat yourself on the back. It's not exactly the easiest thing to wrap your head around in one sitting. If you're not nerded up enough for one day, pick a random "Techie Term" and look it up in Wikipedia. Just be careful how far you dig, cause it leads to insanity.

If you didn't make it through, or need some explaining, let me know. I wrote this in roughly an hour, and it's not comprehensive.

(Special thanks to Arta and Skywing for BnetDocs, Kyro for BnetDocs hosting, Hdx for the code sample, Andy for StealthBot, and iago for encouraging me to learn a real language.)

12/23/09 - Original post, corrected errors found by Hdx. Major thanks.
Swift, Ruby, Objective-C, JavaScript (the good parts)

iPhone Xs Max
MacBook Pro (2019, 15", 6-core i7, 16GB RAM, 256GB SSD)
Lenovo TS140 (Ubuntu, 6TB mirrored boot zpool, Xeon E3-1231, 32GB ECC RAM, RTX 2070)

Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users