CMD AUTH LOGON CHALLENGE Server: Difference between revisions

From wowdev
Jump to navigation Jump to search
m (→‎Packet Layout: Add n_len maximum client size)
(Add links and rename fields)
Line 1: Line 1:
[[CMD_AUTH_LOGON_CHALLENGE_Server]] is a [[Login Packet]] sent by the server after receiving [[CMD_AUTH_LOGON_CHALLENGE_Client]].
= Packet Layout =
= Packet Layout =


Line 11: Line 15:
!colspan="5"| Header
!colspan="5"| Header
|-
|-
| 0x1 || 1 / - || uint8 || command || LOGIN_CHALL (0x0)
| 0x1 || 1 / - || uint8 || opcode || 0x00 for [[CMD_AUTH_LOGON_CHALLENGE]]
|-
|-
| 0x2 || 1 / -  || uint8 || protocol_version || Must be 0.
| 0x2 || 1 / -  || uint8 || protocol_version || Exact purpose unknown. Must be 0 for all versions.
|-
|-
| 0x3 || 1 / - || uint8 || result || The fields below are only included if this is SUCCESS (0x0).
| 0x3 || 1 / - || uint8 || result || The fields below are only included if this is [[Login_Packet_Results|SUCCESS]] (0x00).
|-
|-
!colspan="5"| Body
!colspan="5"| Body
|-
|-
| 0x4 || 32 / Little || uint8[32] || B || SRP public server ephemeral.<br>All SRP operations are performed with little endian values.
| 0x4 || 32 / Little || uint8[32] || server_public_key || SRP public server ephemeral.<br>All SRP operations are performed with little endian values.
|-
|-
| 0x24 || 1 / - || uint8 || g_len || SRP generator length.<br> Should always be 1 since the generator is never larger than 255.
| 0x24 || 1 / - || uint8 || generator_len || SRP generator length.<br> Should always be 1 since the generator is never greater than 255.
|-
|-
| 0x25 || g_len / - || uint8 || g || SRP generator. All SRP operations are performed with little endian values.
| 0x25 || generator_len / - || uint8 || generator || SRP generator. All SRP operations are performed with little endian values.
|-
|-
| (0x26) || 1 / - || uint8 || n_len || SRP modulus length. Client will not read more than 32.<br>All SRP operations are performed with little endian values.<br>Client will not read more than 32 bytes.
| (0x26) || 1 / - || uint8 || large_safe_prime_len || SRP large safe prime length.<br>All SRP operations are performed with little endian values.<br>Client will not read more than 32 bytes.
|-
|-
| (0x27) || n_len / Little || uint8[n_len] || n || SRP modulus. All SRP operations are performed with little endian values.
| (0x27) || large_safe_prime_len / Little || uint8[large_safe_prime_len] || large_safe_prime || SRP large safe prime. All SRP operations are performed with little endian values.
|-
|-
| (0x47) || 32 / Little || uint8[32] || srp_salt || SRP user's salt. All SRP operations are performed with little endian values.
| (0x47) || 32 / Little || uint8[32] || salt || SRP user's salt. All SRP operations are performed with little endian values.
|-
|-
| (0x47) || 16 / Little || uint8[16] || crc_salt || A salt to be used in AuthLogonProof_Client.crc_hash.<br>Can be all zeros.
| (0x47) || 16 / Little || uint8[16] || crc_salt || A salt to be used in [[CMD_AUTH_LOGON_PROOF_Client]].crc_hash.<br>Can be all zeros.
|}
|}


Line 55: Line 59:
== {{Template:Sandbox/PrettyVersion|expansionlevel=2|build=2.4.3.8606}} Changes ==
== {{Template:Sandbox/PrettyVersion|expansionlevel=2|build=2.4.3.8606}} Changes ==


Sometime around {{Template:Sandbox/PrettyVersion|expansionlevel=2|build=2}} the following fields were added.
Sometime around {{Template:Sandbox/PrettyVersion|expansionlevel=2|build=2}} the two factor fields were repurposed to the below.
They are present on {{Template:Sandbox/PrettyVersion|expansionlevel=2|build=2.4.3.8606}} and possibly also as early as {{Template:Sandbox/PrettyVersion|expansionlevel=2|build=2.0.0}}.
They are present on {{Template:Sandbox/PrettyVersion|expansionlevel=2|build=2.4.3.8606}} and possibly also as early as {{Template:Sandbox/PrettyVersion|expansionlevel=2|build=2.0.0}}.
These replace the {{Template:Sandbox/PrettyVersion|expansionlevel=1|build=1.12}} fields from above.
These replace the {{Template:Sandbox/PrettyVersion|expansionlevel=1|build=1.12}} fields from above.
{| class="wikitable"
|+ Security Flags
! Name
! Value
! Description
|-
| NONE || 0x00 || No additional checks verification.
|-
| PIN || 0x01 || TOTP verification entered as a PIN.
|-
| UNKNOWN0 || 0x02 || Unknown. Referred to as "Matrix input" in Mangos source.
|-
| AUTHENTICATOR || 0x04 || Authenticator.
|}
The fields added depend on which bits are set in the security_flags field.


{| class="wikitable"
{| class="wikitable"
Line 123: Line 144:
|}
|}


{| class="wikitable"
|+ Security Flags
! Name
! Value
! Description
|-
| NONE || 0x00 || No additional checks verification.
|-
| PIN || 0x01 || TOTP verification entered as a PIN.
|-
| UNKNOWN0 || 0x02 || Unknown. Referred to as "Matrix input" in Mangos source.
|-
| AUTHENTICATOR || 0x04 || Authenticator.
|}


[[Category:Packet]]
[[Category:Packet]]
[[Category:Packet/Login]]
[[Category:Packet/Login]]
[[Category:Login]]
[[Category:Login]]

Revision as of 18:39, 30 May 2021

CMD_AUTH_LOGON_CHALLENGE_Server is a Login Packet sent by the server after receiving CMD_AUTH_LOGON_CHALLENGE_Client.


Packet Layout

AuthLogonChallenge_Server
Offset Size / Endianness Type Name Description
Header
0x1 1 / - uint8 opcode 0x00 for CMD_AUTH_LOGON_CHALLENGE
0x2 1 / - uint8 protocol_version Exact purpose unknown. Must be 0 for all versions.
0x3 1 / - uint8 result The fields below are only included if this is SUCCESS (0x00).
Body
0x4 32 / Little uint8[32] server_public_key SRP public server ephemeral.
All SRP operations are performed with little endian values.
0x24 1 / - uint8 generator_len SRP generator length.
Should always be 1 since the generator is never greater than 255.
0x25 generator_len / - uint8 generator SRP generator. All SRP operations are performed with little endian values.
(0x26) 1 / - uint8 large_safe_prime_len SRP large safe prime length.
All SRP operations are performed with little endian values.
Client will not read more than 32 bytes.
(0x27) large_safe_prime_len / Little uint8[large_safe_prime_len] large_safe_prime SRP large safe prime. All SRP operations are performed with little endian values.
(0x47) 32 / Little uint8[32] salt SRP user's salt. All SRP operations are performed with little endian values.
(0x47) 16 / Little uint8[16] crc_salt A salt to be used in CMD_AUTH_LOGON_PROOF_Client.crc_hash.
Can be all zeros.

Vanilla (1.12) Additions

Vanilla (1.12) added two factor authentication PIN fields which are appended to the packet.

Vanilla (1.12) Additions
Offset Size / Endianness Type Name Description
0x00 1 / - bool (size 1 byte) two_factor_authentication 0 for disabled. The fields below are not included if this is 0.
0x00 4 / Little uint32 pin_grid_seed Seed value for the PIN grid on the client.
Only here if the two_factor_authentication field is true.
0x00 16 / Little uint8[16] pin_salt Salt value for the client.
Only here if the two_factor_authentication field is true.

BC (2.4.3.8606) Changes

Sometime around BC (2) the two factor fields were repurposed to the below. They are present on BC (2.4.3.8606) and possibly also as early as BC (2.0.0). These replace the Vanilla (1.12) fields from above.

Security Flags
Name Value Description
NONE 0x00 No additional checks verification.
PIN 0x01 TOTP verification entered as a PIN.
UNKNOWN0 0x02 Unknown. Referred to as "Matrix input" in Mangos source.
AUTHENTICATOR 0x04 Authenticator.

The fields added depend on which bits are set in the security_flags field.

BC (2) Changes
Offset Size / Endianness Type Name Description
Header
(0x57) 1 / - uint8 security_flags Bit pattern for optional authentication features.
More than one feature can be used,
and the fields are just appended in the bit pattern order from lowest first. See security_flag.
tables below for specifics. If 0 the packet ends here.
security_flags.PIN fields, if applicable.
security_flags.unknown fields, if applicable.
security_flags.Authenticator field, if applicable.

The following fields are only present if the appropriate bit is set.

security_flags.PIN Fields
Offset Size / Endianness Type Name Description
0x00 4 / Little uint32 pin_grid_seed Seed value for the PIN grid on the client.
Only here if the two_factor_authentication field is true.
0x04 16 / Little uint8[16] pin_salt Salt value for the client.
Only here if the two_factor_authentication field is true.
security_flags.Unknown0 Fields
Offset Size / Endianness Type Name Description
0x00 1 / - uint8 unknown0 Unknown. Statically set to 0 in Mangos.
0x01 1 / - uint8 unknown1 Unknown. Statically set to 0 in Mangos.
0x02 1 / - uint8 unknown2 Unknown. Statically set to 0 in Mangos.
0x03 1 / - uint8 unknown3 Unknown. Statically set to 0 in Mangos.
0x04 8 / - uint64 unknown4 Unknown. Statically set to 0 in Mangos.
security_flags.Authenticator Fields
Offset Size / Endianness Type Name Description
0x00 1 / - uint8 unknown0 Statically set to 1 in Mangos.
Retrieved from "https://wowdev.wiki/index.php?title=CMD_AUTH_LOGON_CHALLENGE_Server&oldid=33943"