How the thing works(WIP!):
At the beginning, the WoW Client sends an Authentication Packet to the Server.
Then the Server checks if the Account is banned etc. and ,if not, sends an Packet containing information for the SRP-6 algorithm.
Logon
The authentication server (and the WoW client) utilizes the SRP-protocol for secure authentication.
Build 4125 (1.1.2)
AuthLogonChallenge_Client
|
Offset
|
Type
|
Name
|
Description
|
|
0x0 |
uint8 |
Command |
|
|
0x1 |
uint8 |
Error |
|
|
0x2 |
uint16 |
Size |
|
|
0x4 |
char[4] |
GameName |
'WoW'
|
|
0x8 |
uint8[3] |
Version |
0x00 0x08 0x00
|
|
0xB |
uint16 |
Build |
aka Revision
|
|
0xD |
char[4] |
Platform |
eg 'x86'
|
|
0x11 |
char[4] |
OS |
eg 'Win'
|
|
0x15 |
char[4] |
Country |
eg 'enUS'
|
|
0x19 |
uint32 |
WorldRegion_bias |
?
|
|
0x1D |
uint32 |
IP |
Client-IP
|
|
0x21 |
uint8 |
AccountName_Length |
The length of the account name
|
|
0x22 |
char[] |
AccountName |
|
AuthLogonChallenge_Server
|
Offset
|
Type
|
Name
|
Description
|
|
0x1 |
uint8 |
cmd |
|
|
0x2 |
uint8 |
error |
|
|
0x3 |
uint8 |
unk |
|
|
0x4 |
char[32] |
B |
SRP public server ephemeral
|
|
0x24 |
uint8 |
g_len |
0x1
|
|
0x25 |
uint8 |
g |
SRP generator
|
|
0x26 |
uint8 |
N_len |
0x20 |
|
|
0x27 |
char[32] |
N |
SRP modulus
|
|
0x47 |
char[32] |
s |
User's salt
|
|
0x47 |
char[16] |
s |
Some hash (not verified by client)
|
AuthLogonProof_Client
|
Offset
|
Type
|
Name
|
Description
|
|
0x0 |
uint8 |
Command |
|
|
0x01 |
uint8[32] |
A |
|
|
0x21 |
uint8[20] |
M1 |
|
|
0x35 |
uint8[20] |
CRC_Hash |
|
|
0x49 |
uint8 |
nKeys |
|
AuthLogonProof_Server
|
Offset
|
Type
|
Name
|
Description
|
|
0x0 |
uint8 |
Command |
|
|
0x1 |
uint8 |
Error |
|
|
0x2 |
uint8[20] |
M2 |
|
|
0x16 |
uint32 |
unk |
|
Builds 5875, 6005, 6141 (1.12.x)
Constants
AuthLogonChallenge
Client
Server
AuthLogonProof
Client
Server
RealmList
Client
Server
Builds 8606, 10505, 11159, 11403, 11723, 12340 (3.x)
Unknown build
AuthLogonChallenge_Client
|
Offset
|
Type
|
Name
|
Description
|
|
0x0 |
uint8 |
Command |
|
|
0x1 |
uint8 |
Error |
|
|
0x2 |
uint16 |
Size |
|
|
0x4 |
char[4] |
GameName |
'WoW'
|
|
0x8 |
uint8[3] |
Version |
0x00 0x08 0x00
|
|
0xB |
uint16 |
Build |
aka Revision
|
|
0xD |
char[4] |
Platform |
eg 'x86'
|
|
0x11 |
char[4] |
OS |
eg 'Win'
|
|
0x15 |
char[4] |
Country |
eg 'enUS'
|
|
0x19 |
uint32 |
WorldRegion_bias |
?
|
|
0x1D |
uint32 |
IP |
Client-IP
|
|
0x21 |
uint8 |
AccountName_Length |
The Lenght of the Account-Name
|
|
0x22 |
char[] |
AccountName |
|
AuthLogonChallenge_Server
|
Offset
|
Type
|
Name
|
Description
|
|
0x1 |
uint8 |
cmd |
|
|
0x2 |
uint8 |
error |
|
|
0x3 |
uint8 |
unk |
|
|
0x4 |
char[32] |
B |
Public ephemeral value(SRP)
|
|
0x24 |
uint8 |
g_len |
0x1
|
|
0x25 |
uint8 |
g |
A generator modulo N(SRP)
|
|
0x26 |
uint8 |
N_len |
0x20 |
|
|
0x27 |
char[32] |
N |
A large safe prime (N = 2q+1, where q is prime). All arithmetic is done modulo N.(SRP)
|
|
0x47 |
char[32] |
s |
User's salt
|
|
0x67 |
char[16] |
unk2 |
|
AuthLogonProof_Client
|
Offset
|
Type
|
Name
|
Description
|
|
0x0 |
uint8 |
Command |
|
|
0x01 |
uint8[32] |
A |
|
|
0x21 |
uint8[20] |
M1 |
|
|
0x35 |
uint8[20] |
CRC_Hash |
|
|
0x49 |
uint8 |
nKeys |
|
|
0x4A |
uint8 |
unk |
Added in 1.12.x client branch
|
AuthLogonProof_Server
|
Offset
|
Type
|
Name
|
Description
|
|
0x0 |
uint8 |
Command |
|
|
0x1 |
uint8 |
Error |
|
|
0x2 |
uint8[20] |
M2 |
|
|
0x16 |
uint32 |
unk1 |
|
|
0x1A |
uint32 |
unk2 |
|
|
0x1E |
uint16 |
unk3 |
|
Logon Errors
|
Name
|
Value
|
|
LOGIN_OK |
0x00
|
|
LOGIN_FAILED |
0x01
|
|
LOGIN_FAILED2 |
0x02
|
|
LOGIN_BANNED |
0x03
|
|
LOGIN_UNKNOWN_ACCOUNT |
0x04
|
|
LOGIN_UNKNOWN_ACCOUNT3 |
0x05
|
|
LOGIN_ALREADYONLINE |
0x06
|
|
LOGIN_NOTIME |
0x07
|
|
LOGIN_DBBUSY |
0x08
|
|
LOGIN_BADVERSION |
0x09
|
|
LOGIN_DOWNLOAD_FILE |
0x0A
|
|
LOGIN_FAILED3 |
0x0B
|
|
LOGIN_SUSPENDED |
0x0C
|
|
LOGIN_FAILED4 |
0x0D
|
|
LOGIN_CONNECTED |
0x0E
|
|
LOGIN_PARENTALCONTROL |
0x0F
|
|
LOGIN_LOCKED_ENFORCED |
0x10
|
Realm List
|
Offset
|
Type
|
Name
|
Description
|
|
0x0 |
uint8 |
cmd |
OP code = CMD_REALM_LIST
|
|
0x1 |
uint16 |
size |
size of the rest of packet, without this part
|
|
0x3 |
uint32 |
unknown |
0x00 00 00 00
|
|
0x7 |
uint8 |
nRealm |
Number of realms
|
SRealmInfo
|
Offset
|
Type
|
Name
|
Description
|
|
0x0 |
uint8 |
icon |
icon near realm
|
|
0x1 |
uint8 |
locked |
added in 2.0.x
|
|
0x2 |
uint8 |
color |
color of record
|
|
0x3 |
string |
name |
Zero terminated string; name of the Realm
|
|
0x3+name.length() |
string |
addr_port |
Zero terminated string;address of the Realm ("ip:port")
|
|
0x3+name.length()+addr_port.length() |
float |
population |
1.6 -> population value. lower == lower population and vice versa
|
|
0x7+name.length()+addr_port.length() |
uint8 |
nCharacters |
the Number of Chars you have on that server
|
|
0x8+name.length()+addr_port.length() |
uint8 |
TimeZone |
|
|
0x9+name.length()+addr_port.length() |
uint8 |
unknown
|
Char Creation
CMSG_CHAR_CREATE
Upon creating a character, the client sends CMSG_CHAR_CREATE to the server with all the details
that makeup the newly created character.