Monthly Archives: November 2017

bnet

Analysis of BNETD and Blizzard

This is a Lawmeme article posted by Ernest Miller in 2002 bringing a detailed look in the Blizzard v Bnetd case. Since the original website no longer exists on the web I decided to post it here for preservation. You can view the original on this archive.org link.

 

On February 17th, Vivendi sent a cease and desist letter to the ISP hosting the bnetd project (which had developed a Battle.net emulator) for alleged copyright infringement of Blizzard's games as well as violations of section 1201 of the DMCA. Slashdot has run two stories on the case the first announcing it (Blizzard Rains on Bnetd Project) and the second looking at the responses from Blizzard and bnetd (Blizzard, Bnetd Respond on Bnetd Shutdown). The Kuro5hin community also discussed the case (DMCA used to shut down bnetd project). Battle.net's response has been posted on the web (Emulation FAQ). Anti-DMCA activist Tim Neu has written a Rebuttal to the Battle.net FAQ. Chilling Effects, the cease and desist website, has the letter as well (Bnetd Project – Chilling Effects). Bnetd has posted its own Case FAQ.

UPDATE (28 Feb 2002): a few technical corrections

BACKGROUND

Blizzard and Battle.net

Blizzard is currently a division of Vivendi Universal Games, the gaming component of multinational multimedia conglomerate Vivendi Universal Publishing. Game company legend Sierra Entertainment is also part of Vivendi as are such valuable franchises as The Mummy Returns and Lord of the Rings.

Blizzard's first big success, WarCraft: Orcs and Humans, was released in late 1994 and was one of the pioneering games in a revolutionary new genre known as real time strategy. Real time strategy has since become one of the leading formats for games, especially in multiplayer gaming. In December 1995 the immensely popular sequel, WarCraft II, was released. WarCraft II allowed play by up to eight other people simultaneously via a local area network (LAN) using the IPX protocol. However, not many did because LANs were not readily available to most players. Internet play was not an option because the Internet uses TCP/IP protocols, not IPX. However, a shareware IPX emulator called Kali was available that allowed games with an IPX connection to be played via the Internet. Kali (which is now hosted by I-Lan Game) essentially fooled WarCraft II into thinking it was being played on a LAN when it was actually being played via the Internet.

Internet play via Kali was tremendously popular and Blizzard went so far as to release a patch called "War2kali.exe" to facilitate play via the Kali network, though no formal agreements were made between Kali and Blizzard. Indeed, Blizzard included a full copy of the freely distributable Kali shareware client in the WarCraft II: Battle Chest edition without asking permission from Kali (none was legally required). Since then, every subsequent Blizzard release has included LAN play and was supported by Kali, which has never received a cease and desist order. The success of multiplayer over the Internet obvious, Blizzard introduced Battle.net with their next product, Diablo, in late November 1996. Like Kali, Battle.net was a multiplayer meeting place that permitted players of Diablo to easily find opponents for Internet play. Use of Battle.net was free for the purchasers of Diablo (and every subsequent Blizzard release).

The Bnetd Project

In February 1998, Blizzard published what many consider the best real time strategy game ever released, StarCraft. It was certainly popular, selling more copies than any other game in 1998. For a variety of reasons, in the Spring of 1998 Mark Baysinger, then a student at the University of California San Diego, begin reverse engineering the protocol StarCraft clients used when connecting to Battle.net. In April, Mr. Baysinger posted the first version of a Battle.net emulator he called "Starhack." One could not actually play StarCraft with this first version it merely had chat capability. One day after posting Starhack on the Internet, Mr. Baysinger received a cease and desist letter (Cease & Desist Letter) from the Software Publishers Association (now known as the Software & Information Industry Association). Although the SPA initiated the cease and desist demand, Blizzard was copied on the letter and presumably authorized it. Unimpressed, Mr. Baysinger asked the SPA to clarify their copyright concerns, but never received any clarification (SPA Cease and Desist Correspondence). In the face of Mr. Baysinger's refusal to shut down his project on the SPA's mere assertion, the SPA apparently dropped the issue. Slashdot noted the controversy at the time (Blizzard, SPA and StarHack site).

The Starhack project quickly became popular in the StarCraft community but, due to time limitations, Mr. Baysinger abandoned the project in December 1998. Starhack had been released under the GPL and, in a classic example of open source development, continued to be developed as the bnetd project (What is the history of bnetd? in the BNETD FAQ). As Newsforge reported (Open Source game server shut down by DMCA), bnetd was an example of a successful open source project, as "the bnetd project had 10 listed developers and was above the 95th percentile of activity at Sourceforge.net with a stable product." The latest version of bnetd supported most Battle.net functionality, including clients for StarCraft, StarCraft: Brood War, Diablo 1.05+, WarCraft II Battle.net Edition and Diablo II. The only major functionality missing was the ability for Diablo II players to host "closed" realms where the server stored the characters created by players (How complete is bnetd right now?).

Warforge

Diablo II was released to great acclaim in June of 2000 and its expansion set, Diablo II: Lord of Destruction, was published one year later. The next eagerly anticipated release from Blizzard is the third installment in the WarCraft dynasty WarCraft III: Reign of Chaos, which is expected to be released in June 2002. On February 7, 2002, Blizzard shipped out 5,000 beta copies of WarCraft III to selected individuals for playtesting and balancing (WarCraft III – Beta Information Center). Such extensive playtesting is necessary because of the complexities of properly balancing a multiplayer game that includes 4 different races with widely varying abilities (Rock, Paper and Scissors). WarCraft III will, like previous Blizzard games, include single player and LAN play options. However, for purposes of the beta test, only Battle.net play was enabled in the shipped beta copies.

It wasn't long (February 13th) before beta testers began to provide the bnetd project with packet dumps from the communications between WarCraft III beta client and Battle.net (WarCraft III Dumps). This was, of course, so the developers could begin work on supporting WarCraft III on bnetd. However, some of the main developers were opposed to working on support while the client was in beta (Tim Jung – Re: WarCraft III Dumps). Consequently, as is occasionally the case in open source projects (Advantages of Open Source Software), a "forked" version of bnetd was developed. The developers of this new version of bnetd called themselves "Warforge."

The Cease and Desist Letter

On February 19, not long after the Warforge WarCraft III beta compatible version of bnetd was released, the ISP hosting the bnetd project, Internet Gateway, Inc., received the cease and desist email. Action was also taken against Net-Games, also known as fsgs.com, which provided another Battle.net emulator. Net-Games is based in Germany. Unable at this time to contest an expensive lawsuit against Vivendi, the bnetd development team removed the emulator files. Subsequently, and independently, Warforge removed their emulator files. Net-Games has also removed access to the objectionable files while they consider their legal options.

It should also be noted that sometime in 2001, in the late summer or early fall according to one source familiar with the issue, both GameSpy Arcade and Microsoft's MSN Gaming Zone, which had previously served as meeting places for Blizzard games similar to Kali or bnetd, ceased to do so with little publicity. Both had been asked, informally, to no longer support Battle.net enabled games. As both have close business relationships with Blizzard (such as Gamespy's websites devoted to Blizzard games such as PlanetDiablo and Orc Command "For ALL things WarCraft"), both complied with the request.

The Technology

Blizzard would not comment on the technologies used for Battle.net, so the following description is based on conversations with members of the bnetd and Warforge development teams.

The Battle.net protocol is a relatively simple one. Battle.net is essentially a meeting place for gamers and does not actually host games it merely provides a forum for players to meet to set up a game, which is then hosted on one of the players' own computers. This is known as peer-to-peer gaming and is very efficient as far as the meeting place is concerned since the bulk of the game traffic does not have to pass through or be processed by the meeting place's servers (Salon published a story on the economics of Battle.net in 1999 Online gaming's store-shelf chains though I doubt ad revenues are as high as they were then). The partial exception to this on Battle.net is the "closed" realms version of Diablo II, where characters and games are stored on Battle.net servers. In addition to opponent finding and game launching, meeting places often offer chat, buddy lists, ladders (rankings of players) and other functions. Such meeting places are not particularly difficult to develop or run. In the gaming community there have been numerous implementations of meeting places, including ones already mentioned as well as such defunct examples as Mplayer.com (now part of GameSpy), TEN, and HEAT.

The majority of the information sent from a Battle.net enabled client (such as StarCraft) to Battle.net is fairly standard for such games and, as such, was not terribly difficult to reverse engineer. The exception being, again, Diablo II closed realms, which is only partially a peer-to-peer game. Moreover, no significant change is required in the client program to enable the program to talk to an alternative bnetd server. All that is required is for the user to edit a configuration file in the Windows Registry. Users can edit the registry using a standard program included with Windows called regedit.exe. Regedit.exe can be difficult to use, and improper use can have serious consequences such as disabling a program or the entire computer. Thus, a small progam was developed that made it simple for users to edit the pertinent elements of the registry.

The non-encryption related elements of the WarCraft III beta are not terribly different from previous Blizzard games. There have been some minor changes to the protocol, but nothing significant. Thus, the developers of Warforge were able to make the appropriate modifications to their version of bnetd within a few days.

The Crypto

For most Battle.net games there are at least three places in the Battle.net protocol that are encrypted or hashed there may be more in some unknown fields, but they do not seem to affect functionality. These elements perform the following functions:

  1. CD-Key packets in newer clients,
  2. Client version authentication,
  3. Account creation, login, and changing passwords, and
  4. map authentication

Bnetd does not know how (1) and (4) works. Two (2) is a checksum challenge and (3) uses a pseudo-SHA-1 hash.

The CD-Key performs two functions for Battle.net games. The first function is to prevent installation of the game from CD without the key. That is, when you attempt to install Diablo II the program will require the user to manually enter a CD-Key before installation will continue. Without the CD-Key the game cannot be installed. The second function takes place when a player attempts to connect to Battle.net. During the initiation sequence, the client will send an encrypted version of the CD-Key to the Battle.net server which will determine whether the CD-Key is valid or not. If valid, the Battle.net server will also determine whether another player is currently logged on with the same CD-Key. If the CD-Key is not valid, or another player is currently logged on with the same key, Battle.net will reject the connection. Since each CD has a unique key, such a policy discourages piracy or the sharing of keys.

Note however, that pirated versions of Blizzard games can be installed with shared keys and that LAN play does not require CD-Key validation.

Bnetd's emulation of Battle.net does not validate keys. It simply ignores the encrypted packet containing the key. After all, users of bnetd would probably not be happy if bnetd did decrypt the packet, since that could be a means through which the unscrupulous "harvest" valid keys that could then be sold by pirates.

The WarCraft III beta works a little differently than previous Blizzard games. The CD-Key for WarCraft III seems to perform the same function as previous games, but with one addition. Having validated the CD-Key, the Battle.net server will return an encrypted response to the client (challenge-response). Without this response the client will not function. Warforge surmounted this by creating a program that changed a single byte in one of WarCraft III's Dynamic Linked Libraries (DLL) so that the client no longer expected a response.

LEGAL ANALYSIS

The Cease and Desist Letter

The letter sent to Internet Gateway, Inc., the ISP hosting the bnetd project appears to invoke and meet the requirements of a section 512 letter under the Digital Millennium Copyright Act ("This letter is to notify you, pursuant to the provisions of the Digital
Millennium Copyright Act….in order for you to claim a safe harbor under the DMCA."). At first glance, it seems to include all the information required for proper notification under section 512:

  • The name, address, and electronic signature of the complaining party [512(c)(3)(A)(i)]
  • The infringing materials and their Internet location [512(c)(3)(A)(ii-iii)]
  • Sufficient information to identify the copyrighted works [512(c)(3)(A)(iv)]
  • A statement by the owner that it has a good faith belief that there is no legal basis for the use of the materials complained of [512(c)(3)(A)(v)]
  • A statement of the accuracy of the notice and, under penalty of perjury, that the complaining party is authorized to act on the behalf of the owner. [512(c)(3)(A)(vi)]

On closer inspection, however, the letter is problematic on a number of fronts. First, section 512 is only applicable to infringements of copyright. It does not apply to violations of the DMCA. Vivendi claims that some of the offending material "bypasses anti-circumvention technology, thereby infringing upon Blizzard Entertainment copyrights." Bypassing anti-circumvention technology may be a violation of section 1201 of the DMCA. However, violating section 1201 is not an infringement of copyright it is a violation of the DMCA. According to section 501 of the Copyright Act, copyright infringement is a violation of the copyright holder's rights under sections 106-118 or 602, it does not include section 1201.

The letter also claims that software hosted by bnetd "modifies and/or alters Blizzard Entertainment copyrighted software … thereby infringing upon Blizzard Entertainment copyrights." Problematically for Vivendi, no software provided by bnetd altered or modified any Blizzard software. At worst, bnetd provided instructions and a program for individuals to modify Windows registry configuration information. Moreover, it is not readily apparent that software which modifies or alters other software necessarily infringes copyright. Again, copyright infringement exists where rights under sections 106-118 or 602 are violated. Nowhere does the copyright law say that copyright holders have the exclusive right to ensure that their works are free from modification or alteration. In essence then, Vivendi has asserted infringement but has not claimed that any of its exclusive rights as a copyright holder have been violated. How can an ISP identify infringing material when there are no allegations of infringement, only an unsupported assertion? After all, section 512(c)(3)(A)(vi) requires a statement "that the complaining party is authorized to act on behalf of the owner of an exclusive right that is allegedly infringed." But the letter does not identify any exclusive right being infringed.

Finally, the letter did not specifically identify any infringing files whatsoever. Although identifying every file is not always necessary, there is not even a listing of representative files that are to be removed. With the exception of the forum mailing lists, the bnetd website did not change excessively. There is no excuse for Vivendi not to have identified specific files or, at a minimum, representative files.

Does BNETD Violate Blizzard Copyrights?

Unlikely, although it must be stated that Vivendi/Blizzard has yet to claim which exclusive rights are infringed by which programs hosted by bnetd, so this analysis is based on speculation as to likely complaints.

In general, copyright infringement consists in copying or distributing another's work without authorization. In this case, the bnetd server is the original work of its various developers (BNETD Project Credits). The developers have never had access to Battle.net software, so it would be impossible for them to have copied it. As there is no copying there is no infringement. Indeed, Blizzard's FAQ on the case admits as much since it is called the Emulation FAQ. In computer science, emulators are software designed to imitate the same function as another piece of software. They are not copies. If it was a copy, it would not be "imitating" the function of another piece of software, it would be the same software.

In order to create a Battle.net emulator, the bnetd developers engaged in a combination of reverse and value engineering. Their method of reverse engineering did not require any decompiling or disassembly of the code of the client (again, they could not have deassembled or decompiled the Battle.net code since they did not have access to it). It is decompiling of code that frequently gets reverse engineers in copyright trouble that is not a problem for bnetd since it was not required. Bnetd was able to reverse engineer by simply looking at the traffic between server (Battle.net) and client (game player). For example, a player would start a game as one type of character on Battle.net in Diablo II (e.g., a Necromancer) capture the packets, then start a game as a different character (e.g., a Barbarian) and capture the packets. By comparing the two packet dumps, one of the bnetd developers would be able to determine which packets identified specific elements of the game. The developer would then make changes to the bnetd server and check his work by performing the same test with client on the bnetd server. Through trial and error, the bnetd server improved.

To my knowledge there is no law that holds that reverse engineering a protocol through packet dumping implicates copyright in any way.

Vivendi might claim that special programs to assist users of bnetd to edit their Windows registry violated copyright. As mentioned above, the Windows registry consists of configuration files that can be modified by the user using regedit.exe which is part of every version of Windows. It is not at all clear how provision of a program to make editing certain portions of the registry easier would violate an exclusive right of the copyright holder. Moreover, it is not clear whether a user who alters the registry is violating copyright. They may be violating the EULA (more below), but that is not a violation of copyright.

Does BNETD Violate Section 1201 of the DMCA?

Unlikely, but the statute in question is quite complicated and the law has not yet been clarified by the courts. It must also be made clear that simply because something may facilitate piracy does not mean it violates section 1201 of the DMCA.

The first issue is whether or not the CD-Key authorization mechanism is an access control device under section 1201(a). Section 1201(a) states that a device controls access to a work, "if the measure, in the ordinary course of its operation, requires the application of information, or a process or a treatment, with the authority of the copyright owner, to gain access to the work." One significant question is access to what work? Bnetd does not facilitate unauthorized access to Battle.net, it is a substitute. Bnetd does not facilitate access to the single player version of the game. Bnetd does not faciliate access to the LAN multiplayer aspects of the game. Bnetd does not facilitate access to Internet multiplayer, since that is accomplished through LAN emulators such as Kali. At worst, bnetd facilitates access to Internet multiplayer using the client's Battle.net interface. It is questionable whether access to a particular interface counts as "access to the work." It is questionable whether enabling certain functionality is "access to the work." Even granting that the interface or functionality is a work that can be improperly accessed, does accessing it require tha application of information, or a process or a treatment to gain such access? For every Blizzard game prior to the Warcraft III beta, clearly not. Bnetd servers don't send any "access" information to a client, they simply do not bar a client from accessing them.

This is made clear by the definition of circumvention in 1201(a)(3)(B), which "means to descramble a scrambled work, to decrypt an encrypted work, or otherwise to avoid, bypass, remove, deactivate, or impair a technological measure, without the authority of the copyright owner." Bnetd does not descramble, decrypt, remove or deactivate anything. It does not avoid, bypass or impair, it ignores. Ignoring is not circumventing. Indeed, section 1201(c)(3) states that, "nothing in this section shall require that the design of, or design and selection of parts and components for, a consumer electronics, telecommunications, or computing product provide for a response to any particular technological measure." The reason for this is to prevent copyright holders from forcing copy protection measures onto computer and consumer electronics manufacturers. An example would be a music publisher who releases a CD that has watermarking in the music. The watermark states, "do not rip into MP3 format." There is no obligation for CD manufacturers to build in a system that can detect and obey that watermark.

Moreover, even bnetd did circumvent an access anti-circumvention measure, it would still be legal to distribute it so long as:

  • It was not primarily designed or produced for the purpose of circumvention. A very good case can be made that the primary purpose of producing bnetd was to provide an alternative to the drawbacks and limitations of Battle.net (About the BNETD Project). One quote from a Review of Diablo II on MacGamer.com will provide some idea of the frustrations many feel with regard to Battle.net: "Provided that Battlenet doesn't make you want to pry your eyes out with a grapefruit spoon, you will find that you can go online and play your character in the Diablo Battlenet Realms." Even Blizzard's Senior Director, Bill Roper, admits that Battle.net's stability left something to be desired in an interview with Eurogamer, "There was certainly a period of time in the history of Battle.net where the team was constantly playing catch-up. They work on stability, they work on how many people could be online, they work on access and bandwidth issues, they get all those things fixed, and then we get another 25,000 people online concurrently and all [the] new stuff will break."
  • It has more than limited commercially significant purpose. Again, a very good case can be made that bnetd does have significant commercial purposes. Bnetd currently supports a number of features that Battle.net does not, such as the ability to connect with IRC, create custom ladder games and tournaments, and send broadcast messages.
  • Is not marketed for use in circumventing a technological measure that effectively controls access to a work protected under this title. Although, as an open source project, bnetd has little control over how some individuals may promote it the bnetd and Warforge developers have never promoted piracy of Blizzard's games. Indeed, the developers of bnetd are some of Blizzard's biggest supporters and fans.

The next issue is whether bnetd violates section 1201(b) which prohibits distribution of devices which "effectively protects a right of a copyright owner under" the Copyright Act. To qualify as technological protection measure under section 1201(b), a device must in the ordinary course of its operation, prevent, restrict, or otherwise limit the exercise of a right of a copyright owner." The only right at issue would seem to be the right to copy. But it is difficult to claim that bnetd undermines this as one must already have a copy of a Blizzard game (legitimate or illegitimate) in order to use bnetd. In other words, any copying occurs prior to use of bnetd. It may be that the availability of bnetd encourages some to make illicit copies who wouldn't have without bnetd, but that is not a violation of the DMCA.

It is also strange to claim that the CD-Key system prevents copying since a valid CD-Key is not necessary to connect to Battle.net and download the latest patches for a warez copy of the game. Using a warez copy one logs into Battle.net. Prior to CD-Key validation, Blizzard conveniently provides the latest patches for the warez copy. Patches are also available via public ftp (http://ftp.blizzard.com/pub/war3/patches/beta/). It is hard to claim that the CD-Key system effectively prevents copying when Blizzard itself updates warez copies of its games to the latest version. Most bnetd servers are set up by owners of legitimate copies and the server ensures that those joining have the same version of the game. If Blizzard were truly concerned about piracy they would at least try to make it more difficult to get the latest patches.

Furthermore, under section 1201(f)(2):

Notwithstanding the provisions of subsections (a)(2) and (b), a person may develop and employ technological means to circumvent a technological measure, or to circumvent protection afforded by a technological measure … for the purpose of enabling interoperability of an independently created computer program with other programs, if such means are necessary to achieve such interoperability, to the extent that doing so does not constitute infringement under this title.

It seems pretty clear that even if bnetd is a circumvention device, then it clearly falls under the exemption of 1201(f)(2), since any circumvention is only for the purpose of achieving interoperability between bnetd and the Blizzard game. Such interoperability does not constitute infringement, since it does not violate sections 106-118 or 602.

Cen
GitHub
Eurobattle.net
Lagabuse.com
Bnetdocs
Linux, Script magic

Bashmagic collection vol1

Keep only last X lines of a file (shrink).

echo "$(tail -n 10000 huge.log)" > huge.log

Deploy maven artefact to a specific repo without specifying it in pom.xml (format repoId:default:repoUrl). Repo should be specified in your .m2 settings.xml with any necessary credentials.

mvn deploy -DaltDeploymentRepository=repo.mydomain.com.my.releases::default::https://repo.mydomain.com/repository/maven-my-releases/

One liner to set password for default PostgreSQL user after initial install.

runuser -l postgres -c $'psql -c "ALTER USER postgres WITH PASSWORD \'postgres\';"'

Run command inside a screen and save all output to a file

screen -dm bash -c 'script -c "some chatty command" output.txt'

Scroll around inside a screen.

screen -r myscreen

ctrl+a

[

ctrl+u and ctrl+d for up and down. bufer is limited

Add 4GB swap on Centos 7 with a stroke of a copy-paste.

sudo dd if=/dev/zero of=/swapfile count=4096 bs=1MiB
sudo chmod 600 /swapfile
sudo mkswap /swapfile
sudo swapon /swapfile
echo '/swapfile none swap sw 0 0' | sudo tee -a /etc/fstab

Standard tcpdump.

tcpdump -i eth0 -s 65535 -w dump.pcap

Show listening ports with corresponding executables.

netstat -tulpn

Show systemd logs for a specific service.

journalctl -u nginx.service

Freshly installed nginx configured as reverse proxy on Centos 7 getting "Permission denied" when connecting to backend service

setsebool -P httpd_can_network_connect 1

Convert a certificate stored in a Java keystore to a PEM cert and key (for example, Tomcat to Nginx transition).

$JAVA_HOME/bin/keytool -importkeystore -srckeystore .keystore -destkeystore keystore.p12 -deststoretype PKCS12 -srcalias mycrtalias -deststorepass changeit -destkeypass changeit
openssl pkcs12 -in keystore.p12 -nokeys -out cert.pem
openssl pkcs12 -in keystore.p12 -nodes -nocerts -out key.pem

Disable git SSL verification per-repo.

git config http.sslVerify "false"

Disable git SSL verification at clone time.

git -c http.sslVerify=false clone something

Clear git username and password cache for a repo (in case of password change or similar).

git config --global --unset user.password

Give user sudo privileges.

sudo usermod -aG wheel <user>

Git submodule is added to an existing repo and is not resolving for you locally.

git submodule update --init --recursive

Print all TCP connections of a Docker container.

sudo docker inspect -f '{{.State.Pid}}' containerName
<result>
sudo nsenter -t <result> -n netstat

Nmap portscan.

sudo nmap -p 1-65535 -sV -sS -T4 <ip>

Force JVM to use /dev/urandom instead of /dev/random (sometimes needed in low entropy environments like Docker).

java -Djava.security.egd=file:/dev/./urandom ...

Debug print all network activities on JVM level.

java -Djavax.net.debug=all ...

Create .htpasswd file for Nginx

sudo sh -c "echo -n 'someuser:' >> /etc/nginx/.htpasswd"
sudo sh -c "openssl passwd -apr1 >> /etc/nginx/.htpasswd"

Do or do not do something if file was modified recently

RECENTLY_CHANGED=$(find /tmp/me -newermt '10 minutes ago' |wc -l |xargs)
if [ "$RECENTLY_CHANGED" -eq 1 ]; then
    echo "File was changed recently, terminating script"
    exit 0
fi

 

Cen
GitHub
Eurobattle.net
Lagabuse.com
Bnetdocs