|
|
Line 1: |
Line 1: |
| How the thing works(WIP!): | | How the thing works(WIP!): |
| At the beginning, the WoW Client sends an [[Packets#AuthLogonChallenge_Client|Authentication]] Packet to the Server. | | At the beginning, the WoW Client sends an [[Packets#AuthLogonChallenge_Client|authentication]] Packet to the Server. |
| Then the Server checks if the Account is banned etc. and ,if not, sends an [[Packets#AuthLogonChallenge_Server|Packet]] containing information for the [http://srp.stanford.edu/ SRP-6] algorithm. | | Then the Server checks if the Account is valid (banned ,etc) and sends a [[Packets#AuthLogonChallenge_Server|packet]] containing information for the [http://srp.stanford.edu/ SRP-6] algorithm. |
|
| |
|
| =Logon= | | =Logon= |
Revision as of 19:45, 6 February 2016
How the thing works(WIP!):
At the beginning, the WoW Client sends an authentication Packet to the Server.
Then the Server checks if the Account is valid (banned ,etc) and sends a packet containing information for the SRP-6 algorithm.
Logon
The authentication server (and the WoW client) utilizes the SRP-protocol for secure authentication.
Build 4125 (1.1.2)
It's worth noting that, for this build, the client automatically disconnect after a successful login challenge and proof exchange and sends a reconnect packet right away instead of asking for the realm list.
AuthLogonChallenge_Client
|
Offset
|
Type
|
Name
|
Description
|
|
0x0 |
uint8 |
Command |
0x0
|
|
0x1 |
uint8 |
Error |
|
|
0x2 |
uint16 |
Size |
|
|
0x4 |
char[4] |
GameName |
'WoW'
|
|
0x8 |
uint8[3] |
Version |
0x01 0x01 0x02
|
|
0xB |
uint16 |
Build |
4125, aka Revision
|
|
0xD |
char[4] |
Platform |
eg 'x86'
|
|
0x11 |
char[4] |
OS |
eg 'Win'
|
|
0x15 |
char[4] |
Country |
eg 'enUS'
|
|
0x19 |
uint32 |
WorldRegion_bias |
?
|
|
0x1D |
uint32 |
IP |
Client-IP
|
|
0x21 |
uint8 |
AccountName_Length |
The length of the account name
|
|
0x22 |
char[] |
AccountName |
|
AuthLogonChallenge_Server
|
Offset
|
Type
|
Name
|
Description
|
|
0x1 |
uint8 |
Command |
0x0
|
|
0x2 |
uint8 |
unk |
|
|
0x3 |
uint8 |
error |
|
|
0x4 |
char[32] |
B |
SRP public server ephemeral
|
|
0x24 |
uint8 |
g_len |
0x1
|
|
0x25 |
uint8 |
g |
SRP generator
|
|
0x26 |
uint8 |
N_len |
0x20 |
|
|
0x27 |
char[32] |
N |
SRP modulus
|
|
0x47 |
char[32] |
srp_salt |
SRP user's salt
|
|
0x47 |
char[16] |
crc_salt |
A salt to be used in AuthLogonProof_Client.CRC_Hash
|
AuthLogonProof_Client
|
Offset
|
Type
|
Name
|
Description
|
|
0x0 |
uint8 |
Command |
0x1
|
|
0x01 |
uint8[32] |
A |
|
|
0x21 |
uint8[20] |
M1 |
|
|
0x35 |
uint8[20] |
CRC_Hash |
|
|
0x49 |
uint8 |
nKeys |
|
AuthLogonProof_Server
|
Offset
|
Type
|
Name
|
Description
|
|
0x0 |
uint8 |
Command |
0x1
|
|
0x1 |
uint8 |
Error |
|
|
0x2 |
uint8[20] |
M2 |
|
|
0x16 |
uint32 |
unk |
|
AuthReconnectionChallenge_Client
It is the same structure as AuthLogonChallenge_Client, except that the command is 0x2.
AuthReconnectionChallenge_Server
|
Offset
|
Type
|
Name
|
Description
|
|
0x0 |
uint8 |
Command |
0x2
|
|
0x1 |
uint8 |
Error |
|
|
0x2 |
char[16] |
challenge_data |
random data, used as a challenge
|
|
0x12 |
uint64 |
unk1 |
|
|
0x1A |
uint64 |
unk2 |
|
AuthReconnectionProof_Client
|
Offset
|
Type
|
Name
|
Description
|
|
0x0 |
uint8 |
Command |
0x3
|
|
0x1 |
char[16] |
proof_data |
|
|
0x11 |
char[20] |
client_proof |
|
|
0x25 |
char[20] |
unk_hash |
|
|
0x39 |
uint8 |
unk |
|
To check if the client proof is correct, the server must calculate SHA1(account_name | proof_data | challenge_data | session_key) and compare it to client_proof.
AuthReconnectionProof_Server
|
Offset
|
Type
|
Name
|
Description
|
|
0x0 |
uint8 |
Command |
0x3
|
|
0x1 |
uint8 |
Error |
|
Builds 5875, 6005, 6141 (1.12.x)
Constants
AuthLogonChallenge
Client
Server
AuthLogonProof
Client
Server
RealmList
Client
Server
Builds 8606, 10505, 11159, 11403, 11723, 12340 (2.4.3 to 3.x)
Unknown build
AuthLogonChallenge_Client
|
Offset
|
Type
|
Name
|
Description
|
|
0x0 |
uint8 |
Command |
|
|
0x1 |
uint8 |
Error |
|
|
0x2 |
uint16 |
Size |
|
|
0x4 |
char[4] |
GameName |
'WoW'
|
|
0x8 |
uint8[3] |
Version |
0x00 0x08 0x00
|
|
0xB |
uint16 |
Build |
aka Revision
|
|
0xD |
char[4] |
Platform |
eg 'x86'
|
|
0x11 |
char[4] |
OS |
eg 'Win'
|
|
0x15 |
char[4] |
Country |
eg 'enUS'
|
|
0x19 |
uint32 |
WorldRegion_bias |
?
|
|
0x1D |
uint32 |
IP |
Client-IP
|
|
0x21 |
uint8 |
AccountName_Length |
The Lenght of the Account-Name
|
|
0x22 |
char[] |
AccountName |
|
AuthLogonChallenge_Server
|
Offset
|
Type
|
Name
|
Description
|
|
0x1 |
uint8 |
cmd |
|
|
0x2 |
uint8 |
unk |
|
|
0x3 |
uint8 |
error |
|
|
0x4 |
char[32] |
B |
Public ephemeral value(SRP)
|
|
0x24 |
uint8 |
g_len |
0x1
|
|
0x25 |
uint8 |
g |
A generator modulo N(SRP)
|
|
0x26 |
uint8 |
N_len |
0x20 |
|
|
0x27 |
char[32] |
N |
A large safe prime (N = 2q+1, where q is prime). All arithmetic is done modulo N.(SRP)
|
|
0x47 |
char[32] |
s |
User's salt
|
|
0x67 |
char[16] |
unk2 |
|
AuthLogonProof_Client
|
Offset
|
Type
|
Name
|
Description
|
|
0x0 |
uint8 |
Command |
|
|
0x01 |
uint8[32] |
A |
|
|
0x21 |
uint8[20] |
M1 |
|
|
0x35 |
uint8[20] |
CRC_Hash |
|
|
0x49 |
uint8 |
nKeys |
|
|
0x4A |
uint8 |
unk |
Added in 1.12.x client branch
|
AuthLogonProof_Server
|
Offset
|
Type
|
Name
|
Description
|
|
0x0 |
uint8 |
Command |
|
|
0x1 |
uint8 |
Error |
|
|
0x2 |
uint8[20] |
M2 |
|
|
0x16 |
uint32 |
unk1 |
|
|
0x1A |
uint32 |
unk2 |
|
|
0x1E |
uint16 |
unk3 |
|
Logon Errors
|
Name
|
Value
|
|
LOGIN_OK |
0x00
|
|
LOGIN_FAILED |
0x01
|
|
LOGIN_FAILED2 |
0x02
|
|
LOGIN_BANNED |
0x03
|
|
LOGIN_UNKNOWN_ACCOUNT |
0x04
|
|
LOGIN_UNKNOWN_ACCOUNT3 |
0x05
|
|
LOGIN_ALREADYONLINE |
0x06
|
|
LOGIN_NOTIME |
0x07
|
|
LOGIN_DBBUSY |
0x08
|
|
LOGIN_BADVERSION |
0x09
|
|
LOGIN_DOWNLOAD_FILE |
0x0A
|
|
LOGIN_FAILED3 |
0x0B
|
|
LOGIN_SUSPENDED |
0x0C
|
|
LOGIN_FAILED4 |
0x0D
|
|
LOGIN_CONNECTED |
0x0E
|
|
LOGIN_PARENTALCONTROL |
0x0F
|
|
LOGIN_LOCKED_ENFORCED |
0x10
|
Realm List
Vanilla (4125 to 5875)
RealmList_C
|
Offset
|
Type
|
Name
|
Description
|
|
0x0 |
uint8 |
cmd |
OP code = CMD_REALM_LIST
|
|
0x1 |
uint32 |
unknown |
0x00 00 00 00
|
The server answers with a packet composed of this header, as many RealmInfo_S,
and a RealmFooter_S.
|
Offset
|
Type
|
Name
|
Description
|
|
0x0 |
uint8 |
cmd |
OP code = CMD_REALM_LIST
|
|
0x1 |
uint16 |
size |
size of the rest of packet, without these 3 first bytes
|
|
0x3 |
uint32 |
unknown |
0x00 00 00 00
|
|
0x7 |
uint8 |
nRealm |
Number of realms
|
The size value can be computed with the part of the header taken into account
plus the footer (5+2 bytes) and the size of every RealmInfo_S which is variable.
RealmInfo_S
|
Offset
|
Type
|
Name
|
Description
|
|
0x0 |
uint32 |
type |
realm type? 0 is normal, 1 is PVP
|
|
0x4 |
uint8 |
flags |
see below
|
|
0x5 |
string |
name |
Zero terminated string; name of the Realm
|
|
0x5+name.length() |
string |
addr_port |
Zero terminated string; address of the Realm ("ip:port")
|
|
0x5+name.length()+addr_port.length() |
float |
population |
Population value. 0 is low, 1 is medium, 2 is high.
|
|
0x9+name.length()+addr_port.length() |
uint8 |
nCharacters |
the Number of Chars you have on that server
|
|
0xA+name.length()+addr_port.length() |
uint8 |
TimeZone |
|
|
0xB+name.length()+addr_port.length() |
uint8 |
unknown
|
Flags Meaning
0x01 Color the realm name in red (can't create char?)
0x02 Realm is offline
|
Offset
|
Type
|
Name
|
Description
|
|
0x0 |
uint16 |
unk |
|
Unknown build
|
Offset
|
Type
|
Name
|
Description
|
|
0x0 |
uint8 |
cmd |
OP code = CMD_REALM_LIST
|
|
0x1 |
uint16 |
size |
size of the rest of packet, without this part
|
|
0x3 |
uint32 |
unknown |
0x00 00 00 00
|
|
0x7 |
uint8 |
nRealm |
Number of realms
|
SRealmInfo
|
Offset
|
Type
|
Name
|
Description
|
|
0x0 |
uint8 |
icon |
icon near realm
|
|
0x1 |
uint8 |
locked |
added in 2.0.x
|
|
0x2 |
uint8 |
color |
color of record
|
|
0x3 |
string |
name |
Zero terminated string; name of the Realm
|
|
0x3+name.length() |
string |
addr_port |
Zero terminated string;address of the Realm ("ip:port")
|
|
0x3+name.length()+addr_port.length() |
float |
population |
1.6 -> population value. lower == lower population and vice versa
|
|
0x7+name.length()+addr_port.length() |
uint8 |
nCharacters |
the Number of Chars you have on that server
|
|
0x8+name.length()+addr_port.length() |
uint8 |
TimeZone |
|
|
0x9+name.length()+addr_port.length() |
uint8 |
unknown
|
Char Creation
CMSG_CHAR_CREATE
Upon creating a character, the client sends CMSG_CHAR_CREATE to the server with all the details
that makeup the newly created character.