How the thing works(WIP!):
At the beginning, the WoW Client sends an Authentication Packet to the Server.
Then the Server checks if the Account is banned etc. and ,if not, sends an Packet containing information for the SRP-6 algorithm.
Logon
AuthLogonChallenge_Client
|
Offset
|
Type
|
Name
|
Description
|
|
0x0 |
uint8 |
Command |
|
|
0x1 |
uint8 |
Error |
|
|
0x2 |
uint16 |
Size |
|
|
0x4 |
char[4] |
GameName |
'WoW'
|
|
0x8 |
uint8[3] |
Version |
0x00 0x08 0x00
|
|
0xB |
uint16 |
Build |
aka Revision
|
|
0xD |
char[4] |
Platform |
eg 'x86'
|
|
0x11 |
char[4] |
OS |
eg 'Win'
|
|
0x15 |
char[4] |
Country |
eg 'enUS'
|
|
0x19 |
uint32 |
WorldRegion_bias |
?
|
|
0x1D |
uint32 |
IP |
Client-IP
|
|
0x21 |
uint8 |
AccountName_Length |
The Lenght of the Account-Name
|
|
0x22 |
char[] |
AccountName |
|
AuthLogonChallenge_Server
|
Offset
|
Type
|
Name
|
Description
|
|
0x1 |
uint8 |
cmd |
|
|
0x2 |
uint8 |
error |
|
|
0x3 |
uint8 |
unk |
|
|
0x4 |
char[32] |
B |
Public ephemeral value(SRP)
|
|
0x24 |
uint8 |
g_len |
0x1
|
|
0x25 |
uint8 |
g |
A generator modulo N(SRP)
|
|
0x26 |
uint8 |
N_len |
0x20 |
|
|
0x27 |
char[32] |
N |
A large safe prime (N = 2q+1, where q is prime). All arithmetic is done modulo N.(SRP)
|
|
0x47 |
char[32] |
s |
User's salt
|
|
0x67 |
char[16] |
unk2 |
|
AuthLogonProof_Client
|
Offset
|
Type
|
Name
|
Description
|
|
0x0 |
uint8 |
Command |
|
|
0x01 |
uint8[32] |
A |
|
|
0x21 |
uint8[20] |
M1 |
|
|
0x35 |
uint8[20] |
CRC_Hash |
|
|
0x49 |
uint8 |
nKeys |
|
|
0x4A |
uint8 |
unk |
Added in 1.12.x client branch
|
AuthLogonProof_Server
|
Offset
|
Type
|
Name
|
Description
|
|
0x0 |
uint8 |
Command |
|
|
0x1 |
uint8 |
Error |
|
|
0x2 |
uint8[20] |
M2 |
|
|
0x16 |
uint32 |
unk1 |
|
|
0x1A |
uint32 |
unk2 |
|
|
0x1E |
uint16 |
unk3 |
|
Logon Errors
|
Name
|
Value
|
|
LOGIN_OK |
0x00
|
|
LOGIN_FAILED |
0x01
|
|
LOGIN_FAILED2 |
0x02
|
|
LOGIN_BANNED |
0x03
|
|
LOGIN_UNKNOWN_ACCOUNT |
0x04
|
|
LOGIN_UNKNOWN_ACCOUNT3 |
0x05
|
|
LOGIN_ALREADYONLINE |
0x06
|
|
LOGIN_NOTIME |
0x07
|
|
LOGIN_DBBUSY |
0x08
|
|
LOGIN_BADVERSION |
0x09
|
|
LOGIN_DOWNLOAD_FILE |
0x0A
|
|
LOGIN_FAILED3 |
0x0B
|
|
LOGIN_SUSPENDED |
0x0C
|
|
LOGIN_FAILED4 |
0x0D
|
|
LOGIN_CONNECTED |
0x0E
|
|
LOGIN_PARENTALCONTROL |
0x0F
|
|
LOGIN_LOCKED_ENFORCED |
0x10
|
Realm List
|
Offset
|
Type
|
Name
|
Description
|
|
0x0 |
uint8 |
cmd |
OP code = CMD_REALM_LIST
|
|
0x1 |
uint16 |
size |
size of the rest of packet, without this part
|
|
0x3 |
uint32 |
unknown |
0x00 00 00 00
|
|
0x7 |
uint8 |
nRealm |
Number of realms
|
SRealmInfo
|
Offset
|
Type
|
Name
|
Description
|
|
0x0 |
uint8 |
icon |
icon near realm
|
|
0x1 |
uint8 |
locked |
dded in 2.0.x
|
|
0x2 |
uint8 |
color |
color of record
|
|
0x3 |
string |
name |
Zero terminated string; name of the Realm
|
|
0x3+name.length() |
string |
addr_port |
Zero terminated string;address of the Realm ("ip:port")
|
|
0x3+name.length()+addr_port.length() |
float |
population |
1.6 -> population value. lower == lower population and vice versa
|
|
0x7+name.length()+addr_port.length() |
uint8 |
nCharacters |
the Number of Chars you have on that server
|
|
0x8+name.length()+addr_port.length() |
uint8 |
TimeZone |
|
|
0x9+name.length()+addr_port.length() |
uint8 |
unknown
|
Char Creation
CMSG_CHAR_CREATE
Upon creating a character, the client sends CMSG_CHAR_CREATE to the server with all the details
that makeup the newly created character.