|
|
| Line 72: |
Line 72: |
| |||0x27||char[32]||N||SRP modulus | | |||0x27||char[32]||N||SRP modulus |
| |- | | |- |
| |||0x47||char[32]||s||User's salt | | |||0x47||char[32]||srp_salt||SRP user's salt |
| |- | | |- |
| |||0x47||char[16]||s||Some hash (not verified by client) | | |||0x47||char[16]||crc_salt||A salt to be used in AuthLogonProof_Client.CRC_Hash |
| |} | | |} |
|
| |
|
Revision as of 13:31, 9 December 2015
How the thing works(WIP!):
At the beginning, the WoW Client sends an Authentication Packet to the Server.
Then the Server checks if the Account is banned etc. and ,if not, sends an Packet containing information for the SRP-6 algorithm.
Logon
The authentication server (and the WoW client) utilizes the SRP-protocol for secure authentication.
Build 4125 (1.1.2)
It's worth noting that, for this build, the client automatically disconnect after a successful login challenge and proof exchange and sends a reconnect packet right away instead of asking for the realm list.
AuthLogonChallenge_Client
|
|
Offset
|
Type
|
Name
|
Description
|
|
0x0 |
uint8 |
Command |
0x0
|
|
0x1 |
uint8 |
Error |
|
|
0x2 |
uint16 |
Size |
|
|
0x4 |
char[4] |
GameName |
'WoW'
|
|
0x8 |
uint8[3] |
Version |
0x00 0x08 0x00
|
|
0xB |
uint16 |
Build |
aka Revision
|
|
0xD |
char[4] |
Platform |
eg 'x86'
|
|
0x11 |
char[4] |
OS |
eg 'Win'
|
|
0x15 |
char[4] |
Country |
eg 'enUS'
|
|
0x19 |
uint32 |
WorldRegion_bias |
?
|
|
0x1D |
uint32 |
IP |
Client-IP
|
|
0x21 |
uint8 |
AccountName_Length |
The length of the account name
|
|
0x22 |
char[] |
AccountName |
|
AuthLogonChallenge_Server
|
|
Offset
|
Type
|
Name
|
Description
|
|
0x1 |
uint8 |
Command |
0x0
|
|
0x2 |
uint8 |
error |
|
|
0x3 |
uint8 |
unk |
|
|
0x4 |
char[32] |
B |
SRP public server ephemeral
|
|
0x24 |
uint8 |
g_len |
0x1
|
|
0x25 |
uint8 |
g |
SRP generator
|
|
0x26 |
uint8 |
N_len |
0x20 |
|
|
0x27 |
char[32] |
N |
SRP modulus
|
|
0x47 |
char[32] |
srp_salt |
SRP user's salt
|
|
0x47 |
char[16] |
crc_salt |
A salt to be used in AuthLogonProof_Client.CRC_Hash
|
AuthLogonProof_Client
|
|
Offset
|
Type
|
Name
|
Description
|
|
0x0 |
uint8 |
Command |
0x1
|
|
0x01 |
uint8[32] |
A |
|
|
0x21 |
uint8[20] |
M1 |
|
|
0x35 |
uint8[20] |
CRC_Hash |
|
|
0x49 |
uint8 |
nKeys |
|
AuthLogonProof_Server
|
|
Offset
|
Type
|
Name
|
Description
|
|
0x0 |
uint8 |
Command |
0x1
|
|
0x1 |
uint8 |
Error |
|
|
0x2 |
uint8[20] |
M2 |
|
|
0x16 |
uint32 |
unk |
|
AuthReconnectionChallenge_Client
It is the same structure as AuthLogonChallenge_Client, except that the command is 0x2.
AuthReconnectionChallenge_Server
|
|
Offset
|
Type
|
Name
|
Description
|
|
0x0 |
uint8 |
Command |
0x2
|
|
0x1 |
uint8 |
Error |
|
|
0x2 |
char[16] |
challenge_data |
random data, used as a challenge
|
|
0x12 |
uint64 |
unk1 |
|
|
0x1A |
uint64 |
unk2 |
|
AuthReconnectionProof_Client
|
|
Offset
|
Type
|
Name
|
Description
|
|
0x0 |
uint8 |
Command |
0x3
|
|
0x1 |
char[16] |
proof_data |
|
|
0x11 |
char[20] |
client_proof |
|
|
0x25 |
char[20] |
unk_hash |
|
|
0x39 |
uint8 |
unk |
|
To check if the client proof is correct, the server must calculate SHA1(account_name | proof_data | challenge_data | session_key) and compare it to client_proof.
AuthReconnectionProof_Server
|
|
Offset
|
Type
|
Name
|
Description
|
|
0x0 |
uint8 |
Command |
0x3
|
|
0x1 |
uint8 |
Error |
|
Builds 5875, 6005, 6141 (1.12.x)
Constants
AuthLogonChallenge
Client
Server
AuthLogonProof
Client
Server
RealmList
Client
Server
Builds 8606, 10505, 11159, 11403, 11723, 12340 (2.4.3 to 3.x)
Unknown build
AuthLogonChallenge_Client
|
|
Offset
|
Type
|
Name
|
Description
|
|
0x0 |
uint8 |
Command |
|
|
0x1 |
uint8 |
Error |
|
|
0x2 |
uint16 |
Size |
|
|
0x4 |
char[4] |
GameName |
'WoW'
|
|
0x8 |
uint8[3] |
Version |
0x00 0x08 0x00
|
|
0xB |
uint16 |
Build |
aka Revision
|
|
0xD |
char[4] |
Platform |
eg 'x86'
|
|
0x11 |
char[4] |
OS |
eg 'Win'
|
|
0x15 |
char[4] |
Country |
eg 'enUS'
|
|
0x19 |
uint32 |
WorldRegion_bias |
?
|
|
0x1D |
uint32 |
IP |
Client-IP
|
|
0x21 |
uint8 |
AccountName_Length |
The Lenght of the Account-Name
|
|
0x22 |
char[] |
AccountName |
|
AuthLogonChallenge_Server
|
|
Offset
|
Type
|
Name
|
Description
|
|
0x1 |
uint8 |
cmd |
|
|
0x2 |
uint8 |
error |
|
|
0x3 |
uint8 |
unk |
|
|
0x4 |
char[32] |
B |
Public ephemeral value(SRP)
|
|
0x24 |
uint8 |
g_len |
0x1
|
|
0x25 |
uint8 |
g |
A generator modulo N(SRP)
|
|
0x26 |
uint8 |
N_len |
0x20 |
|
|
0x27 |
char[32] |
N |
A large safe prime (N = 2q+1, where q is prime). All arithmetic is done modulo N.(SRP)
|
|
0x47 |
char[32] |
s |
User's salt
|
|
0x67 |
char[16] |
unk2 |
|
AuthLogonProof_Client
|
|
Offset
|
Type
|
Name
|
Description
|
|
0x0 |
uint8 |
Command |
|
|
0x01 |
uint8[32] |
A |
|
|
0x21 |
uint8[20] |
M1 |
|
|
0x35 |
uint8[20] |
CRC_Hash |
|
|
0x49 |
uint8 |
nKeys |
|
|
0x4A |
uint8 |
unk |
Added in 1.12.x client branch
|
AuthLogonProof_Server
|
|
Offset
|
Type
|
Name
|
Description
|
|
0x0 |
uint8 |
Command |
|
|
0x1 |
uint8 |
Error |
|
|
0x2 |
uint8[20] |
M2 |
|
|
0x16 |
uint32 |
unk1 |
|
|
0x1A |
uint32 |
unk2 |
|
|
0x1E |
uint16 |
unk3 |
|
Logon Errors
|
|
Name
|
Value
|
|
LOGIN_OK |
0x00
|
|
LOGIN_FAILED |
0x01
|
|
LOGIN_FAILED2 |
0x02
|
|
LOGIN_BANNED |
0x03
|
|
LOGIN_UNKNOWN_ACCOUNT |
0x04
|
|
LOGIN_UNKNOWN_ACCOUNT3 |
0x05
|
|
LOGIN_ALREADYONLINE |
0x06
|
|
LOGIN_NOTIME |
0x07
|
|
LOGIN_DBBUSY |
0x08
|
|
LOGIN_BADVERSION |
0x09
|
|
LOGIN_DOWNLOAD_FILE |
0x0A
|
|
LOGIN_FAILED3 |
0x0B
|
|
LOGIN_SUSPENDED |
0x0C
|
|
LOGIN_FAILED4 |
0x0D
|
|
LOGIN_CONNECTED |
0x0E
|
|
LOGIN_PARENTALCONTROL |
0x0F
|
|
LOGIN_LOCKED_ENFORCED |
0x10
|
Realm List
Vanilla (4125 to 5875)
RealmList_C
|
|
Offset
|
Type
|
Name
|
Description
|
|
0x0 |
uint8 |
cmd |
OP code = CMD_REALM_LIST
|
|
0x1 |
uint32 |
unknown |
0x00 00 00 00
|
The server answers with a packet composed of this header, as many RealmInfo_S,
and a RealmFooter_S.
|
|
Offset
|
Type
|
Name
|
Description
|
|
0x0 |
uint8 |
cmd |
OP code = CMD_REALM_LIST
|
|
0x1 |
uint16 |
size |
size of the rest of packet, without these 3 first bytes
|
|
0x3 |
uint32 |
unknown |
0x00 00 00 00
|
|
0x7 |
uint8 |
nRealm |
Number of realms
|
The size value can be computed with the part of the header taken into account
plus the footer (5+2 bytes) and the size of every RealmInfo_S which is variable.
RealmInfo_S
|
|
Offset
|
Type
|
Name
|
Description
|
|
0x0 |
uint32 |
icon |
icon near realm
|
|
0x4 |
uint8 |
flags |
|
|
0x5 |
string |
name |
Zero terminated string; name of the Realm
|
|
0x5+name.length() |
string |
addr_port |
Zero terminated string; address of the Realm ("ip:port")
|
|
0x5+name.length()+addr_port.length() |
float |
population |
1.6 -> population value. lower == lower population and vice versa
|
|
0x9+name.length()+addr_port.length() |
uint8 |
nCharacters |
the Number of Chars you have on that server
|
|
0xA+name.length()+addr_port.length() |
uint8 |
TimeZone |
|
|
0xB+name.length()+addr_port.length() |
uint8 |
unknown
|
|
|
Offset
|
Type
|
Name
|
Description
|
|
0x0 |
uint16 |
unk |
|
Unknown build
|
|
Offset
|
Type
|
Name
|
Description
|
|
0x0 |
uint8 |
cmd |
OP code = CMD_REALM_LIST
|
|
0x1 |
uint16 |
size |
size of the rest of packet, without this part
|
|
0x3 |
uint32 |
unknown |
0x00 00 00 00
|
|
0x7 |
uint8 |
nRealm |
Number of realms
|
SRealmInfo
|
|
Offset
|
Type
|
Name
|
Description
|
|
0x0 |
uint8 |
icon |
icon near realm
|
|
0x1 |
uint8 |
locked |
added in 2.0.x
|
|
0x2 |
uint8 |
color |
color of record
|
|
0x3 |
string |
name |
Zero terminated string; name of the Realm
|
|
0x3+name.length() |
string |
addr_port |
Zero terminated string;address of the Realm ("ip:port")
|
|
0x3+name.length()+addr_port.length() |
float |
population |
1.6 -> population value. lower == lower population and vice versa
|
|
0x7+name.length()+addr_port.length() |
uint8 |
nCharacters |
the Number of Chars you have on that server
|
|
0x8+name.length()+addr_port.length() |
uint8 |
TimeZone |
|
|
0x9+name.length()+addr_port.length() |
uint8 |
unknown
|
Char Creation
CMSG_CHAR_CREATE
Upon creating a character, the client sends CMSG_CHAR_CREATE to the server with all the details
that makeup the newly created character.