CMD AUTH LOGON CHALLENGE Server
Jump to navigation
Jump to search
Packet Layout
| Offset | Size / Endianness | Type | Name | Description |
|---|---|---|---|---|
| Header | ||||
| 0x1 | 1 / - | uint8 | command | LOGIN_CHALL (0x0) |
| 0x2 | 1 / - | uint8 | protocol_version | Must be 0. |
| 0x3 | 1 / - | uint8 | result | The fields below are only included if this is LOGIN_OK (0x0). |
| Body | ||||
| 0x4 | 32 / Little | uint8[32] | B | SRP public server ephemeral. All SRP operations are performed with little endian values. |
| 0x24 | 1 / - | uint8 | g_len | SRP generator length. Should always be 1 since the generator is never larger than 255. |
| 0x25 | g_len / - | uint8 | g | SRP generator. All SRP operations are performed with little endian values. |
| (0x26) | 1 / - | uint8 | n_len | SRP modulus length. Client will not read more than 32. All SRP operations are performed with little endian values. |
| (0x27) | n_len / Little | uint8[n_len] | n | SRP modulus. All SRP operations are performed with little endian values. |
| (0x47) | 32 / Little | uint8[32] | srp_salt | SRP user's salt. All SRP operations are performed with little endian values. |
| (0x47) | 16 / Little | uint8[16] | crc_salt | A salt to be used in AuthLogonProof_Client.crc_hash. Can be all zeros. |
(1.12) Additions
(1.12) added two factor authentication PIN fields which are appended to the packet.
| Offset | Size / Endianness | Type | Name | Description |
|---|---|---|---|---|
| 0x00 | 1 / - | bool (size 1 byte) | two_factor_authentication | 0 for disabled. The fields below are not included if this is 0. |
| 0x00 | 4 / Little | uint32 | pin_grid_seed | Seed value for the PIN grid on the client. Only here if the two_factor_authentication field is true. |
| 0x00 | 16 / Little | uint8[16] | pin_salt | Salt value for the client. Only here if the two_factor_authentication field is true. |
(2.4.3.8606) Changes
Sometime around 
(2) the following fields were added.
They are present on (2.4.3.8606) and possibly also as early as (2.0.0).
These replace the (1.12) fields from above.
| Offset | Size / Endianness | Type | Name | Description |
|---|---|---|---|---|
| Header | ||||
| (0x57) | 1 / - | uint8 | security_flags | Bit pattern for optional authentication features. More than one feature can be used, and the fields are just appended in the bit pattern order from lowest first. See security_flag. tables below for specifics. If 0 the packet ends here. |
| security_flags.PIN fields, if applicable. | ||||
| security_flags.unknown fields, if applicable. | ||||
| security_flags.Authenticator field, if applicable. | ||||
The following fields are only present if the appropriate bit is set.
| Offset | Size / Endianness | Type | Name | Description |
|---|---|---|---|---|
| 0x00 | 4 / Little | uint32 | pin_grid_seed | Seed value for the PIN grid on the client. Only here if the two_factor_authentication field is true. |
| 0x04 | 16 / Little | uint8[16] | pin_salt | Salt value for the client. Only here if the two_factor_authentication field is true. |
| Offset | Size / Endianness | Type | Name | Description |
|---|---|---|---|---|
| 0x00 | 1 / - | uint8 | unknown0 | Unknown. Statically set to 0 in Mangos. |
| 0x01 | 1 / - | uint8 | unknown1 | Unknown. Statically set to 0 in Mangos. |
| 0x02 | 1 / - | uint8 | unknown2 | Unknown. Statically set to 0 in Mangos. |
| 0x03 | 1 / - | uint8 | unknown3 | Unknown. Statically set to 0 in Mangos. |
| 0x04 | 8 / - | uint64 | unknown4 | Unknown. Statically set to 0 in Mangos. |
| Offset | Size / Endianness | Type | Name | Description |
|---|---|---|---|---|
| 0x00 | 1 / - | uint8 | unknown0 | Statically set to 1 in Mangos. |
| Name | Value | Description |
|---|---|---|
| NONE | 0x00 | No additional checks verification. |
| PIN | 0x01 | TOTP verification entered as a PIN. |
| UNKNOWN0 | 0x02 | Unknown. Referred to as "Matrix input" in Mangos source. |
| AUTHENTICATOR | 0x04 | Authenticator. |