CMD AUTH LOGON PROOF Client: Difference between revisions

From wowdev
Jump to navigation Jump to search
(Add example packets)
 
Line 19: Line 19:
| 0x35 || 20 / Little || uint8[20] || crc_hash || Hash of arbitrary files. Can be safely ignored.
| 0x35 || 20 / Little || uint8[20] || crc_hash || Hash of arbitrary files. Can be safely ignored.
|-
|-
| 0x49 || 1 / - || uint8 || num_keys || Used for unknown telemetry. Can be expected to always be 0.<br>See the table below for when it is not 0.
| 0x49 || 1 / - || uint8 || num_keys || Used for {{Template:Unverified|CD Key related}} telemetry. Used when <tt>base.MPQ</tt> contains a <tt>telemetry.dat</tt> file.<br>Can be expected to always be 0. See the table below for when it is not 0.
|-
|-
!colspan="5"| num_keys amounts of num_key fields, if applicable.
!colspan="5"| num_keys amounts of num_key fields, if applicable.
Line 40: Line 40:
| || 4 / - || uint8[4] || unk3 || Used for unknown telemetry. Can be expected to not be present.
| || 4 / - || uint8[4] || unk3 || Used for unknown telemetry. Can be expected to not be present.
|-
|-
| || 20 / - || uint8[20] || unk4 || Used for unknown telemetry. Can be expected to not be present.
| || 20 / - || uint8[20] || cd_key_proof || SHA1 hash of the session_key, server_public_key and an unknown 20 byte value.
|}
|}


Line 77: Line 77:
== {{Template:Sandbox/PrettyVersion|expansionlevel=2|build=2.4.3.8606}} Changes ==
== {{Template:Sandbox/PrettyVersion|expansionlevel=2|build=2.4.3.8606}} Changes ==


Sometime around {{Template:Sandbox/PrettyVersion|expansionlevel=2|build=2}} the two factor fields were repurposed to the below.
Sometime around {{Template:Sandbox/PrettyVersion|expansionlevel=2|build=2.0.0.5991}} the two factor fields were repurposed to the below.
They are present on {{Template:Sandbox/PrettyVersion|expansionlevel=2|build=2.4.3.8606}} and possibly also as early as {{Template:Sandbox/PrettyVersion|expansionlevel=2|build=2.0.0}}.
These replace the {{Template:Sandbox/PrettyVersion|expansionlevel=1|build=1.12}} fields from above.
These replace the {{Template:Sandbox/PrettyVersion|expansionlevel=1|build=1.12}} fields from above.


Line 93: Line 92:
!colspan="5"| security_flags.PIN fields, if applicable.
!colspan="5"| security_flags.PIN fields, if applicable.
|-
|-
!colspan="5"| security_flags.unknown fields, if applicable.
!colspan="5"| security_flags.MatrixCard fields, if applicable.
|-
|-
!colspan="5"| security_flags.Authenticator field, if applicable.
!colspan="5"| security_flags.Authenticator field, if applicable.
|}
When num_keys is not 0, the field is followed by 4 key data fields that repeat num_key times.
{| class="wikitable"
|+ num_keys Fields
! Offset
! Size / Endianness
! Type
! Name
! Description
|-
| || 2 / - || uint16 || unk1 || Used for unknown telemetry. Can be expected to not be present.
|-
| || 4 / - || uint32 || unk2 || Used for unknown telemetry. Can be expected to not be present.
|-
| || 4 / - || uint8[4] || unk3 || Used for unknown telemetry. Can be expected to not be present.
|-
| || 20 / - || uint8[20] || unk4 || Used for unknown telemetry. Can be expected to not be present.
|}
|}


Line 127: Line 107:
! Description
! Description
|-
|-
| 0x00 || 4 / Little || uint32 || pin_grid_seed || Seed value for the PIN grid on the client.<br> Only here if the two_factor_authentication field is true.
| 0x00 || 16 / Little || uint8[16] || pin_salt || Salt used for PIN.
|-
|-
| 0x04 || 16 / Little || uint8[16] || pin_salt || Salt value for the client.<br> Only here if the two_factor_authentication field is true.
| 0x10 || 20 / Little || uint8[20] || pin_proof || Client proof for PIN.
|}
|}


{| class="wikitable"
{| class="wikitable"
|+ security_flags.Unknown0 Fields
|+ security_flags.MatrixCard Fields
! Offset
! Offset
! Size / Endianness
! Size / Endianness
Line 140: Line 120:
! Description
! Description
|-
|-
| 0x00 || 1 / - || uint8 || unknown0 || Unknown. Statically set to 0 in Mangos.
| 0x00 || 20 / - || uint8[20] || matrix_card_proof || Client proof of matrix input.<br> Implementation details are available [https://gist.github.com/barncastle/979c12a9c5e64d810a28ad1728e7e0f9 here].
|-
| 0x01 || 1 / - || uint8 || unknown1 || Unknown. Statically set to 0 in Mangos.
|-
| 0x02 || 1 / - || uint8 || unknown2 || Unknown. Statically set to 0 in Mangos.
|-
| 0x03 || 1 / - || uint8 || unknown3 || Unknown. Statically set to 0 in Mangos.
|-
| 0x04 || 8 / - || uint64 || unknown4 || Unknown. Statically set to 0 in Mangos.
|}
|}


Line 159: Line 131:
! Description
! Description
|-
|-
| 0x00 || 1 / - || uint8 || unknown0 || Statically set to 1 in Mangos.
| 0x00 || 1 / - || uint8 || token_size || Maximum size of 16 characters.
|-
| 0x10 || token_size / - || char[token_size] || token_string ||
|}
|}



Latest revision as of 17:18, 27 July 2022

CMD_AUTH_LOGON_PROOF_Client is a Login Packet sent by the client after receiving a CMD_AUTH_LOGON_CHALLENGE_Server. The server reply is CMD_AUTH_LOGON_PROOF_Server.

Packet Layout

AuthLogonProof_Client
Offset Size / Endianness Type Name Description
0x0 1 / - uint8 command 0x01 for CMD_AUTH_LOGON_PROOF
0x1 32 / Little uint8[32] client_public_key SRP6 Client public key. Called A in RFC2945.
0x21 20 / Little uint8[20] client_proof SRP6 Client proof. Called M1 in RFC2945.
0x35 20 / Little uint8[20] crc_hash Hash of arbitrary files. Can be safely ignored.
0x49 1 / - uint8 num_keys Used for CD Key related telemetry. Used when base.MPQ contains a telemetry.dat file.
Can be expected to always be 0. See the table below for when it is not 0.
num_keys amounts of num_key fields, if applicable.

When num_keys is not 0, the field is followed by 4 key data fields that repeat num_key times.

num_keys Fields
Offset Size / Endianness Type Name Description
2 / - uint16 unk1 Used for unknown telemetry. Can be expected to not be present.
4 / - uint32 unk2 Used for unknown telemetry. Can be expected to not be present.
4 / - uint8[4] unk3 Used for unknown telemetry. Can be expected to not be present.
20 / - uint8[20] cd_key_proof SHA1 hash of the session_key, server_public_key and an unknown 20 byte value.

Vanilla (1.12.1.5875) Additions

Vanilla (1.12) added two factor authentication PIN fields which are appended to the packet.

AuthLogonProof_Client
Offset Size / Endianness Type Name Description
0x4A 1 / - bool (size 1 byte) two_factor_enabled If false the packet ends here, if true the fields in the table below are included.
Added in 1.12.x client branch.
security_flags.PIN fields, if applicable.

When two_factor_enabled is not 0, the field is followed by the data in the table below.

two_factor_enabled Fields
Offset Size / Endianness Type Name Description
16 / ? uint8[16] pin_salt Salt used for PIN. Only included if two_factor_enabled is true.
20 / ? uint8[20] pin_hash Client proof for PIN. Only included if two_factor_enabled is true.

BC (2.4.3.8606) Changes

Sometime around BC (2.0.0.5991) the two factor fields were repurposed to the below. These replace the Vanilla (1.12) fields from above.

Security Flags
Offset Size / Endianness Type Name Description
0x4A 1 / - bool (size 1 byte) security_flags Bit pattern for optional authentication features.
More than one feature can be used,
and the fields are just appended in the bit pattern order from lowest first.
See security_flag. tables below for specifics. If 0 the packet ends here.
security_flags.PIN fields, if applicable.
security_flags.MatrixCard fields, if applicable.
security_flags.Authenticator field, if applicable.

When security_flags is not 0 the following fields can appear.

security_flags.PIN Fields
Offset Size / Endianness Type Name Description
0x00 16 / Little uint8[16] pin_salt Salt used for PIN.
0x10 20 / Little uint8[20] pin_proof Client proof for PIN.
security_flags.MatrixCard Fields
Offset Size / Endianness Type Name Description
0x00 20 / - uint8[20] matrix_card_proof Client proof of matrix input.
Implementation details are available here.
security_flags.Authenticator Fields
Offset Size / Endianness Type Name Description
0x00 1 / - uint8 token_size Maximum size of 16 characters.
0x10 token_size / - char[token_size] token_string

Size

For all versions, if the result is not SUCCESS (0x00) the packet is 3 bytes.

If the result is SUCCESS (0x00):

security_flags.Authenticator Fields
Version security_flags field Size
≥ Vanilla (1.1) - 74
≥ Vanilla (1.12) 0x0 75
≥ Vanilla (1.12) 0x1 75 + 20 = 95
≥ BC (2.4.3.8606) 0x1 / 0b001 75 + 20 = 95
≥ BC (2.4.3.8606) 0x2 / 0b010 75 + 12 = 87
≥ BC (2.4.3.8606) 0x4 / 0b100 75 + 1 = 76
≥ BC (2.4.3.8606) 0x3 / 0b011 75 + 12 + 20 = 107
≥ BC (2.4.3.8606) 0x5 / 0b101 75 + 1 + 20 = 96
≥ BC (2.4.3.8606) 0x7 / 0b111 75 + 1 + 12 + 20 = 108

Packet Example

Below is complete packet sent from a Vanilla (1.12.1.5875) client. The values are explained as comments. This can be used for verifying packet parser implementations.

The first packet does not include the extra two factor fields.

char bytes[] = {
0x01, // Opcode: CMD_AUTH_LOGON_PROOF
0xf1, 0x3e, 0xe5, 0xd1, 0x83, 0xc4, 0xc8, 0xa9, 0x50, 0x0e, 0x3f, 0x5a, 0x5d, 0x8a,
0xee, 0x4e, 0x2e, 0x45, 0xe1, 0xf7, 0xcc, 0x8f, 0x1c, 0xf5, 0xee, 0x8e, 0x11, 0xce,
0xd3, 0x1d, 0xd7, 0x08, // Client Public Key
0x6b, 0x1e, 0x48, 0x1b, 0x4d, 0x04, 0xa1, 0x18, 0xd8, 0xf2,
0xde, 0x5c, 0x59, 0xd5, 0x5c, 0x81, 0x2e, 0x65, 0xec, 0x3e, // Client Proof
0x4e, 0xf5, 0x2d, 0xe1,
0x80, 0x5e, 0x1a, 0x67, 0x15, 0xec, 0xc8, 0x41, 0xee, 0xb8, 0x90, 0x8a, 0x58, 0xbb,
0x00, 0xd0, // CRC Hash
0x00, // Num keys: 0
0x00, // Two factor enabled: false
};

And a packet with two factor fields.

char bytes[] = {
0x01, // Opcode: CMD_AUTH_LOGON_PROOF
0xf1, 0x3e, 0xe5, 0xd1, 0x83, 0xc4, 0xc8, 0xa9, 0x50, 0x0e, 0x3f, 0x5a, 0x5d, 0x8a,
0xee, 0x4e, 0x2e, 0x45, 0xe1, 0xf7, 0xcc, 0x8f, 0x1c, 0xf5, 0xee, 0x8e, 0x11, 0xce,
0xd3, 0x1d, 0xd7, 0x08, // Client Public Key
0x6b, 0x1e, 0x48, 0x1b, 0x4d, 0x04, 0xa1, 0x18, 0xd8, 0xf2,
0xde, 0x5c, 0x59, 0xd5, 0x5c, 0x81, 0x2e, 0x65, 0xec, 0x3e, // Client Proof
0x4e, 0xf5, 0x2d, 0xe1,
0x80, 0x5e, 0x1a, 0x67, 0x15, 0xec, 0xc8, 0x41, 0xee, 0xb8, 0x90, 0x8a, 0x58, 0xbb,
0x00, 0xd0, // CRC Hash
0x00, // Num keys: 0
0x01, // Two factor enabled: true
0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09,
0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, // PIN Salt
0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
0x10, 0x11, 0x12, 0x13, // PIN hash
};