Latest revision as of 18:15, 27 July 2022

CMD_AUTH_LOGON_CHALLENGE_Server is a Login Packet sent by the server after receiving CMD_AUTH_LOGON_CHALLENGE_Client. The client reply is the CMD_AUTH_LOGON_PROOF_Client packet.

Packet Layout

AuthLogonChallenge_Server
Offset	Size / Endianness	Type	Name	Description
Header
0x1	1 / -	uint8	opcode	0x00 for CMD_AUTH_LOGON_CHALLENGE
0x2	1 / -	uint8	protocol_version	Exact purpose unknown. Must be 0 for all versions.
0x3	1 / -	uint8	result	The fields below are only included if this is SUCCESS (0x00).
Body
0x4	32 / Little	uint8[32]	server_public_key	SRP public server ephemeral. All SRP operations are performed with little endian values.
0x24	1 / -	uint8	generator_len	SRP generator length. Should always be 1 since the generator is never greater than 255.
0x25	generator_len / -	uint8	generator	SRP generator. All SRP operations are performed with little endian values.
(0x26)	1 / -	uint8	large_safe_prime_len	SRP large safe prime length. All SRP operations are performed with little endian values. Client will not read more than 32 bytes.
(0x27)	large_safe_prime_len / Little	uint8[large_safe_prime_len]	large_safe_prime	SRP large safe prime. All SRP operations are performed with little endian values.
(0x47)	32 / Little	uint8[32]	salt	SRP user's salt. All SRP operations are performed with little endian values.
(0x47)	16 / Little	uint8[16]	crc_salt	A salt to be used in CMD_AUTH_LOGON_PROOF_Client.crc_hash. Can be all zeros.

(1.12) Additions

(1.12) added two factor authentication PIN fields which are appended to the packet.

(1.12) Additions
Offset	Size / Endianness	Type	Name	Description
0x00	1 / -	bool (size 1 byte)	two_factor_authentication	0 for disabled. The fields below are not included if this is 0.
0x00	4 / Little	uint32	pin_grid_seed	Seed value for the PIN grid on the client. Only here if the two_factor_authentication field is true.
0x00	16 / Little	uint8[16]	pin_salt	Salt value for the client. Only here if the two_factor_authentication field is true.

(2.4.3.8606) Changes

Sometime around (2.0.0.5991) the two factor fields were repurposed to the below. These replace the (1.12) fields from above.

Security Flags
Name	Value	Description
NONE	0x00	No additional checks verification.
PIN	0x01	TOTP verification entered as a PIN.
MATRIX_CARD	0x02	Matrix Card 2FA which requires a matrix card.
AUTHENTICATOR	0x04	Authenticator.

The fields added depend on which bits are set in the security_flags field.

(2) Changes
Offset	Size / Endianness	Type	Name	Description
Header
(0x57)	1 / -	uint8	security_flags	Bit pattern for optional authentication features. More than one feature can be used, and the fields are just appended in the bit pattern order from lowest first. See security_flag. tables below for specifics. If 0 the packet ends here.
security_flags.PIN fields, if applicable.
security_flags.MatrixCard fields, if applicable.
security_flags.Authenticator field, if applicable.

The following fields are only present if the appropriate bit is set.

security_flags.PIN Fields
Offset	Size / Endianness	Type	Name	Description
0x00	4 / Little	uint32	pin_grid_seed	Seed value for the PIN grid on the client. Only here if the two_factor_authentication field is true.
0x04	16 / Little	uint8[16]	pin_salt	Salt value for the client. Only here if the two_factor_authentication field is true.

security_flags.MatrixCard Fields
Offset	Size / Endianness	Type	Name	Description
0x00	1 / -	uint8	width	Number of columns to display [A..Z].
0x01	1 / -	uint8	height	Number of rows to display [0..n].
0x02	1 / -	uint8	digit_count	Number of digits to be entered for each cell.
0x03	1 / -	uint8	challenge_count	Number of cells to be completed.
0x04	8 / -	uint64	seed	Seed value used to randomise cell selection.

security_flags.Authenticator Fields
Offset	Size / Endianness	Type	Name	Description
0x00	1 / -	uint8	required	Dictates if the Authenticator is in use and not just assigned to the account.

Size

For all versions, if the result is not SUCCESS (0x00) the packet is 3 bytes.

If the result is SUCCESS (0x00):

security_flags.Authenticator Fields
Version	security_flags field	Size
≥ (1.1)	-	118
≥ (1.12)	0x0	119
≥ (1.12)	0x1	119 + 20 = 139
≥ (2.4.3.8606)	0x1 / 0b001	119 + 20 = 139
≥ (2.4.3.8606)	0x2 / 0b010	119 + 12 = 131
≥ (2.4.3.8606)	0x4 / 0b100	119 + 1 = 120
≥ (2.4.3.8606)	0x3 / 0b011	119 + 12 + 20 = 151
≥ (2.4.3.8606)	0x5 / 0b101	119 + 1 + 20 = 140
≥ (2.4.3.8606)	0x7 / 0b111	119 + 1 + 12 + 20 = 152

Example Packet

Below is complete packet sent from a (1.12.1.5875) client. The values are explained as comments. This can be used for verifying packet parser implementations.

The first packet does not include the extra two factor fields.

char bytes[] = {
   0x00, /* Opcode: CMD_AUTH_LOGON_CHALLENGE */
   0x00, /* Protocol Version: 0 */
   0x00, /* Result: SUCCESS (0) */
   0x49, 0xd8, 0xc2, 0xbc, 0x68, 0x5c, 0x2b, 0xce, 0x4a, 0xf4, 0xfa, 0x07,
   0x0a, 0x47, 0x93, 0x78, 0x58, 0x78, 0x46, 0xb5, 0x83, 0xd4, 0x41, 0x82, 0x9e, 0x24,
   0xd8, 0x87, 0xce, 0xda, 0x34, 0x46, /* Server Public Key */
   0x01, /* Generator Length: 1 */
   0x07, /* Generator: 7 */
   0x20, /* Large Safe Prime Length: 32 */
   0xb7, 0x9b, 0x3e, 0x2a, 0x87, 0x82, 0x3c, 0xab, 0x8f, 0x5e, 
   0xbf, 0xbf, 0x8e, 0xb1, 0x01, 0x08, 0x53, 0x50, 0x06, 0x29, 
   0x8b, 0x5b, 0xad, 0xbd, 0x5b, 0x53, 0xe1, 0x89, 0x5e, 0x64, 
   0x4b, 0x89, /* Large Safe Prime */
   0xc7, 0x09, 0x87, 0x7d, 0x8c, 0x65, 0x52, 0x66, 0xa5, 0x7d, 
   0xb8, 0x65, 0x3d, 0x6e, 0xa6, 0x2b, 0xb5, 0x54, 0xf2, 0x0b, 
   0xcf, 0x74, 0xd6, 0x4a, 0x77, 0xa7, 0xd3, 0x3d, 0xf3, 0x30, 
   0x90, 0x87, /* Salt */
   0xba, 0xa3, 0x1e, 0x99, 0xa0, 0x0b, 0x21, 0x57, 0xfc, 0x37, 
   0x3f, 0xb3, 0x69, 0xcd, 0xd2, 0xf1, /* CRC Salt */
}

The second one does.

char bytes[] = {
   0x00, /* Opcode: CMD_AUTH_LOGON_CHALLENGE */
   0x00, /* Protocol Version: 0 */
   0x00, /* Result: SUCCESS (0) */
   0x49, 0xd8, 0xc2, 0xbc, 0x68, 0x5c, 0x2b, 0xce, 0x4a, 0xf4, 0xfa, 0x07,
   0x0a, 0x47, 0x93, 0x78, 0x58, 0x78, 0x46, 0xb5, 0x83, 0xd4, 0x41, 0x82, 0x9e, 0x24,
   0xd8, 0x87, 0xce, 0xda, 0x34, 0x46, /* Server Public Key */
   0x01, /* Generator Length: 1 */
   0x07, /* Generator: 7 */
   0x20, /* Large Safe Prime Length: 32 */
   0xb7, 0x9b, 0x3e, 0x2a, 0x87, 0x82, 0x3c, 0xab, 0x8f, 0x5e, 
   0xbf, 0xbf, 0x8e, 0xb1, 0x01, 0x08, 0x53, 0x50, 0x06, 0x29, 
   0x8b, 0x5b, 0xad, 0xbd, 0x5b, 0x53, 0xe1, 0x89, 0x5e, 0x64, 
   0x4b, 0x89, /* Large Safe Prime */
   0xc7, 0x09, 0x87, 0x7d, 0x8c, 0x65, 0x52, 0x66, 0xa5, 0x7d, 
   0xb8, 0x65, 0x3d, 0x6e, 0xa6, 0x2b, 0xb5, 0x54, 0xf2, 0x0b, 
   0xcf, 0x74, 0xd6, 0x4a, 0x77, 0xa7, 0xd3, 0x3d, 0xf3, 0x30, 
   0x90, 0x87, /* Salt */
   0xba, 0xa3, 0x1e, 0x99, 0xa0, 0x0b, 0x21, 0x57, 0xfc, 0x37, 
   0x3f, 0xb3, 0x69, 0xcd, 0xd2, 0xf1, /* CRC Salt */
   0x01, // Two factor fields enabled: True
   0xEF, 0xBE, 0xAD, 0xDE, // PIN grid seed: 0xDEADBEEF
   0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09,
   0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, // PIN salt
}

@@ Line 57: / Line 57: @@
 == {{Template:Sandbox/PrettyVersion|expansionlevel=2|build=2.4.3.8606}} Changes ==
-Sometime around {{Template:Sandbox/PrettyVersion|expansionlevel=2|build=2}} the two factor fields were repurposed to the below.
+Sometime around {{Template:Sandbox/PrettyVersion|expansionlevel=2|build=2.0.0.5991}} the two factor fields were repurposed to the below.
-They are present on {{Template:Sandbox/PrettyVersion|expansionlevel=2|build=2.4.3.8606}} and possibly also as early as {{Template:Sandbox/PrettyVersion|expansionlevel=2|build=2.0.0}}.
 These replace the {{Template:Sandbox/PrettyVersion|expansionlevel=1|build=1.12}} fields from above.
@@ Line 71: / Line 70: @@
 | PIN || 0x01 || TOTP verification entered as a PIN.
 |-
-| UNKNOWN0 || 0x02 || Unknown. Referred to as "Matrix input" in Mangos source.
+| MATRIX_CARD || 0x02 || [https://imgur.com/0vnQMVJ Matrix Card 2FA] which requires a [https://ediwang.cdn.moonglade.blog/ediwang-images/img-dfa03229-e409-4147-91fa-7aba1f420e94.jpg matrix card].
 |-
 | AUTHENTICATOR || 0x04 || Authenticator.
@@ Line 92: / Line 91: @@
 !colspan="5"| security_flags.PIN fields, if applicable.
 |-
-!colspan="5"| security_flags.unknown fields, if applicable.
+!colspan="5"| security_flags.MatrixCard fields, if applicable.
 |-
 !colspan="5"| security_flags.Authenticator field, if applicable.
@@ Line 113: / Line 112: @@
 {| class="wikitable"
-|+ security_flags.Unknown0 Fields
+|+ security_flags.MatrixCard Fields
 ! Offset
 ! Size / Endianness
@@ Line 120: / Line 119: @@
 ! Description
 |-
-| 0x00 || 1 / - || uint8 || unknown0 || Unknown. Statically set to 0 in Mangos.
+| 0x00 || 1 / - || uint8 || width || Number of columns to display [A..Z].
 |-
-| 0x01 || 1 / - || uint8 || unknown1 || Unknown. Statically set to 0 in Mangos.
+| 0x01 || 1 / - || uint8 || height || Number of rows to display [0..n].
 |-
-| 0x02 || 1 / - || uint8 || unknown2 || Unknown. Statically set to 0 in Mangos.
+| 0x02 || 1 / - || uint8 || digit_count || Number of digits to be entered for each cell.
 |-
-| 0x03 || 1 / - || uint8 || unknown3 || Unknown. Statically set to 0 in Mangos.
+| 0x03 || 1 / - || uint8 || challenge_count || Number of cells to be completed.
 |-
-| 0x04 || 8 / - || uint64 || unknown4 || Unknown. Statically set to 0 in Mangos.
+| 0x04 || 8 / - || uint64 || seed || Seed value used to randomise cell selection.
 |}
@@ Line 139: / Line 138: @@
 ! Description
 |-
-| 0x00 || 1 / - || uint8 || unknown0 || Statically set to 1 in Mangos.
+| 0x00 || 1 / - || uint8 || required || Dictates if the Authenticator is in use and not just assigned to the account.
 |}

CMD AUTH LOGON CHALLENGE Server: Difference between revisions

Latest revision as of 18:15, 27 July 2022

Contents

Packet Layout

(1.12) Additions

(2.4.3.8606) Changes

Size

Example Packet

Navigation menu

CMD AUTH LOGON CHALLENGE Server: Difference between revisions

Latest revision as of 18:15, 27 July 2022

Packet Layout

(1.12) Additions

(2.4.3.8606) Changes

Size

Example Packet

Navigation menu

Search