Bypassing Blizzard’s Peer-to-Peer Client
I got a request earlier today from a friend from #simud, Allaryin, for a little hack on Blizzard. He's requested a few addons from me before, but I've never had time, this one was quick, however. Right quick I'll tell you that Blizzard distributes World of Warcraft patches via Peer-to-Peer transfers. They're actually using an early Bit Torrent protocol, I believe. Sounds great, right? Since Torrents are so fast? Well, somehow my Blizz downloads go slow as heck, seriously it sucks. So we'd like to be able to use real torrent software to track and download these patches, especially the huge ones.
Now, the patches are distributed when you try to login to a higher version server. Your client downloads a file of the file type: WoW-version-locality-downloader.exe. For instance: WoW-2.0.7.6383-to-2.0.8.6403-enUS-downloader.exe
Hmm... to paraphrase ObiWan Kenobi, That's no Torrent File. But if you pop it open in a hex editor, you'll find some two things. First off is a huge bunch of garbage, this is a bundled downloader (torrent tracker). Cute, but we're not using their software, we need to skip this. After that you'll see:
64 38 3A 61 6E 6E 6F 75 6E 63 65
In ASCII that translates to: "d8:announce" and is the start of a normal torrent file! Go ahead and start giggling now, yea, it is that easy.
Ok, there's one small twist that makes it not "THAAAAAT" easy. After the torrent file there's still two commands left for Blizz's downloader that we have to leave off. So here's the drill:
- Open the downloader.exe file in some hex editor, I like hexedit in Unix.
- Do an ASCII search for announce. It'll be in there a grand total of twice (at least once, all the files I've seen have it in twice).
- Go back two characters to start at the "d8" and cut to the end of the file.
- Now that you've trimmed the file, lets get rid of those last two commands.
- Find the 13:launch target almost at the end of the file, this is the first of the Blizz commands we want to leave off.
- Cut everything from 13:launch to the end of the file, its all garbage.
- Save what's left as sorryBlizzIlikeAzureus.torrent and you're good to go!
There's one other tiny thing. For the files I tried I had to add the letter 'e' to the end of the file. I'm not sure if this is true for all clients, but for Azureus it wanted two lowercase 'e's at the end of the file, not just one. Anyways, if you get an error saying this isn't a valid file, try adding an 'e' on to the end of the file.
That's it, now you can use whatever tracker you like to grab these patches. Also, there's already programs out there that'll rip this torrent out, but if a few people beg me and I've got the time I'd like to knock out a Java version so it'll be platform independant. (I'm writing one in c right now, but it'll be for Unix, not Windows if I care enough to finish it).
