CMD AUTH LOGON CHALLENGE Server: Difference between revisions
Jump to navigation
Jump to search
(Add links and rename fields) |
(Add info about sizes, links to other packets) |
||
| Line 1: | Line 1: | ||
[[CMD_AUTH_LOGON_CHALLENGE_Server]] is a [[Login Packet]] sent by the server after receiving [[CMD_AUTH_LOGON_CHALLENGE_Client]]. | [[CMD_AUTH_LOGON_CHALLENGE_Server]] is a [[Login Packet]] sent by the server after receiving [[CMD_AUTH_LOGON_CHALLENGE_Client]]. The client reply is the [[CMD_AUTH_LOGON_PROOF_Client]] packet. | ||
= Packet Layout = | = Packet Layout = | ||
| Line 144: | Line 142: | ||
|} | |} | ||
= Size = | |||
For all versions, if the result is not [[Login_Packet_Results|SUCCESS]] (0x00) the packet is 3 bytes. | |||
If the result is [[Login_Packet_Results|SUCCESS]] (0x00): | |||
{| class="wikitable" | |||
|+ security_flags.Authenticator Fields | |||
! Version | |||
! security_flags field | |||
! Size | |||
|- | |||
| {{Template:Sandbox/VersionRange|min_expansionlevel=1|min_build=1.1}} || - || 118 | |||
|- | |||
| {{Template:Sandbox/VersionRange|min_expansionlevel=1|min_build=1.12}} || 0x0 || 119 | |||
|- | |||
| {{Template:Sandbox/VersionRange|min_expansionlevel=1|min_build=1.12}} || 0x1 || 119 + 20 = 139 | |||
|- | |||
| {{Template:Sandbox/VersionRange|min_expansionlevel=2|min_build=2.4.3.8606}} || 0x1 / 0b001 || 119 + 20 = 139 | |||
|- | |||
| {{Template:Sandbox/VersionRange|min_expansionlevel=2|min_build=2.4.3.8606}} || 0x2 / 0b010 || 119 + 12 = 131 | |||
|- | |||
| {{Template:Sandbox/VersionRange|min_expansionlevel=2|min_build=2.4.3.8606}} || 0x4 / 0b100 || 119 + 1 = 120 | |||
|- | |||
| {{Template:Sandbox/VersionRange|min_expansionlevel=2|min_build=2.4.3.8606}} || 0x3 / 0b011 || 119 + 12 + 20 = 151 | |||
|- | |||
| {{Template:Sandbox/VersionRange|min_expansionlevel=2|min_build=2.4.3.8606}} || 0x5 / 0b101 || 119 + 1 + 20 = 140 | |||
|- | |||
| {{Template:Sandbox/VersionRange|min_expansionlevel=2|min_build=2.4.3.8606}} || 0x7 / 0b111 || 119 + 1 + 12 + 20 = 152 | |||
|} | |||
[[Category:Packet]] | [[Category:Packet]] | ||
[[Category:Packet/Login]] | [[Category:Packet/Login]] | ||
[[Category:Login]] | [[Category:Login]] | ||
Revision as of 19:03, 30 May 2021
CMD_AUTH_LOGON_CHALLENGE_Server is a Login Packet sent by the server after receiving CMD_AUTH_LOGON_CHALLENGE_Client. The client reply is the CMD_AUTH_LOGON_PROOF_Client packet.
Packet Layout
| Offset | Size / Endianness | Type | Name | Description |
|---|---|---|---|---|
| Header | ||||
| 0x1 | 1 / - | uint8 | opcode | 0x00 for CMD_AUTH_LOGON_CHALLENGE |
| 0x2 | 1 / - | uint8 | protocol_version | Exact purpose unknown. Must be 0 for all versions. |
| 0x3 | 1 / - | uint8 | result | The fields below are only included if this is SUCCESS (0x00). |
| Body | ||||
| 0x4 | 32 / Little | uint8[32] | server_public_key | SRP public server ephemeral. All SRP operations are performed with little endian values. |
| 0x24 | 1 / - | uint8 | generator_len | SRP generator length. Should always be 1 since the generator is never greater than 255. |
| 0x25 | generator_len / - | uint8 | generator | SRP generator. All SRP operations are performed with little endian values. |
| (0x26) | 1 / - | uint8 | large_safe_prime_len | SRP large safe prime length. All SRP operations are performed with little endian values. Client will not read more than 32 bytes. |
| (0x27) | large_safe_prime_len / Little | uint8[large_safe_prime_len] | large_safe_prime | SRP large safe prime. All SRP operations are performed with little endian values. |
| (0x47) | 32 / Little | uint8[32] | salt | SRP user's salt. All SRP operations are performed with little endian values. |
| (0x47) | 16 / Little | uint8[16] | crc_salt | A salt to be used in CMD_AUTH_LOGON_PROOF_Client.crc_hash. Can be all zeros. |
(1.12) Additions
(1.12) added two factor authentication PIN fields which are appended to the packet.
| Offset | Size / Endianness | Type | Name | Description |
|---|---|---|---|---|
| 0x00 | 1 / - | bool (size 1 byte) | two_factor_authentication | 0 for disabled. The fields below are not included if this is 0. |
| 0x00 | 4 / Little | uint32 | pin_grid_seed | Seed value for the PIN grid on the client. Only here if the two_factor_authentication field is true. |
| 0x00 | 16 / Little | uint8[16] | pin_salt | Salt value for the client. Only here if the two_factor_authentication field is true. |
(2.4.3.8606) Changes
Sometime around 
(2) the two factor fields were repurposed to the below.
They are present on (2.4.3.8606) and possibly also as early as (2.0.0).
These replace the (1.12) fields from above.
| Name | Value | Description |
|---|---|---|
| NONE | 0x00 | No additional checks verification. |
| PIN | 0x01 | TOTP verification entered as a PIN. |
| UNKNOWN0 | 0x02 | Unknown. Referred to as "Matrix input" in Mangos source. |
| AUTHENTICATOR | 0x04 | Authenticator. |
The fields added depend on which bits are set in the security_flags field.
| Offset | Size / Endianness | Type | Name | Description |
|---|---|---|---|---|
| Header | ||||
| (0x57) | 1 / - | uint8 | security_flags | Bit pattern for optional authentication features. More than one feature can be used, and the fields are just appended in the bit pattern order from lowest first. See security_flag. tables below for specifics. If 0 the packet ends here. |
| security_flags.PIN fields, if applicable. | ||||
| security_flags.unknown fields, if applicable. | ||||
| security_flags.Authenticator field, if applicable. | ||||
The following fields are only present if the appropriate bit is set.
| Offset | Size / Endianness | Type | Name | Description |
|---|---|---|---|---|
| 0x00 | 4 / Little | uint32 | pin_grid_seed | Seed value for the PIN grid on the client. Only here if the two_factor_authentication field is true. |
| 0x04 | 16 / Little | uint8[16] | pin_salt | Salt value for the client. Only here if the two_factor_authentication field is true. |
| Offset | Size / Endianness | Type | Name | Description |
|---|---|---|---|---|
| 0x00 | 1 / - | uint8 | unknown0 | Unknown. Statically set to 0 in Mangos. |
| 0x01 | 1 / - | uint8 | unknown1 | Unknown. Statically set to 0 in Mangos. |
| 0x02 | 1 / - | uint8 | unknown2 | Unknown. Statically set to 0 in Mangos. |
| 0x03 | 1 / - | uint8 | unknown3 | Unknown. Statically set to 0 in Mangos. |
| 0x04 | 8 / - | uint64 | unknown4 | Unknown. Statically set to 0 in Mangos. |
| Offset | Size / Endianness | Type | Name | Description |
|---|---|---|---|---|
| 0x00 | 1 / - | uint8 | unknown0 | Statically set to 1 in Mangos. |
Size
For all versions, if the result is not SUCCESS (0x00) the packet is 3 bytes.
If the result is SUCCESS (0x00):
| Version | security_flags field | Size |
|---|---|---|
| ≥ (1.1) |
- | 118 |
| ≥ (1.12) |
0x0 | 119 |
| ≥ (1.12) |
0x1 | 119 + 20 = 139 |
| ≥ (2.4.3.8606) |
0x1 / 0b001 | 119 + 20 = 139 |
| ≥ (2.4.3.8606) |
0x2 / 0b010 | 119 + 12 = 131 |
| ≥ (2.4.3.8606) |
0x4 / 0b100 | 119 + 1 = 120 |
| ≥ (2.4.3.8606) |
0x3 / 0b011 | 119 + 12 + 20 = 151 |
| ≥ (2.4.3.8606) |
0x5 / 0b101 | 119 + 1 + 20 = 140 |
| ≥ (2.4.3.8606) |
0x7 / 0b111 | 119 + 1 + 12 + 20 = 152 |