Packets/Login/TheBurningCrusade
Jump to navigation
Jump to search
Opcodes and Errors
| Name | Value | Description |
|---|---|---|
| Authentication | ||
| LOGIN_CHALL | 0x00 | Intial information sent by client and then challenge by server. |
| LOGIN_PROOF | 0x01 | Proof sent by client and then server. |
| RECON_CHALL | 0x02 | Reconnect challenge sent by client and then server. |
| RECON_PROOF | 0x03 | Reconnect proof sent by client and then server. |
| SURVEY_RESULT | 0x04 | Used for hardware survey. |
| Realmlist | ||
| REALMLIST | 0x10 | Realmlist request sent by client and realmlist information sent by server. |
| Patching | ||
| XFER_INITIATE | 0x30 | Used for patching. |
| XFER_DATA | 0x31 | Used for patching. |
| XFER_ACCEPT | 0x32 | Used for patching. |
| XFER_RESUME | 0x33 | Used for patching. |
| XFER_CANCEL | 0x34 | Used for patching. |
| Name | Value | Client Message |
|---|---|---|
| SUCCESS | 0x00 | |
| FAIL_UNKNOWN0 | 0x01 | "Unable to Connect" |
| FAIL_UNKNOWN1 | 0x02 | "Unable to Connect" |
| FAIL_BANNED | 0x03 | "The World of Warcraft account has been closed and is no longer available for use. Please go to http://www.wow-europe.com/en/misc/banned.html for further information. |
| FAIL_UNKNOWN_ACCOUNT | 0x04 | "The information you have entered is not valid. Please check the spelling of the account name and password. If you need help in retrieving a lost or stolen password and account, see http://www.wow-europe.com for more information." |
| FAIL_INCORRECT_PASSWORD | 0x05 | "The information you have entered is not valid. Please check the spelling of the account name and password. If you need help in retrieving a lost or stolen password and account, see http://www.wow-europe.com for more information." |
| FAIL_ALREADY_ONLINE | 0x06 | "This account is already logged into World of Warcraft. Please check the spelling and try again." |
| FAIL_NO_TIME | 0x07 | "You have used up your prepaid time for this account. Please purchase more to continue playing." |
| FAIL_DB_BUSY | 0x08 | "Could not log in to World of Warcraft at this time. Please try again later." |
| FAIL_VERSION_INVALID | 0x09 | "Unable to validate game version. This may be caused by file corruption or the interference of another program. Please visit http://www.wow-europe.com/en/support/ for more information and possible solutions to this issue." |
| LOGIN_DOWNLOAD_FILE | 0x0A | "Downloading" |
| FAIL_INVALID_SERVER | 0x0B | "Unable to Connect" |
| FAIL_SUSPENDED | 0x0C | "The World of Warcraft account has been temporarily suspended. Please go to http://www.wow-europe.com/en/misc/banned.html for further information. |
| FAIL_NO_ACCESS | 0x0D | "Unable to Connect" |
| SUCCESS_SURVEY | 0x0E | "Success!" Pressing cancel either shows a cached realmlist or "Retrieving realm list". |
| FAIL_PARENTALCONTROL | 0x0F | "Access to this account has been blocked by parental controls. Your settings may be changed in your account preferences at http://www.worldofwarcraft.com." |
| FAIL_LOCKED_ENFORCED | 0x10 | Does not appear to be valid on 1.12.1. |
| Name | Value | Description |
|---|---|---|
| NONE | 0x00 | No additional checks verification. |
| PIN | 0x01 | TOTP verification entered as a PIN. |
| UNKNOWN0 | 0x02 | Unknown. Referred to as "Matrix input" in Mangos source. |
| AUTHENTICATOR | 0x04 | Authenticator. |
Challenge packets
Client
| Offset | Size / Endianness | Type | Name | Description |
|---|---|---|---|---|
| 0x0 | 1 / - | uint8 | command | LOGIN_CHALL (0x0), AuthReconnectionChallenge_Client has RECON_CHALL (0x2). |
| 0x1 | 1 / - | uint8 | protocol_version | 8 for 2.4.3 connection and reconnection attempts. |
| 0x2 | 2 / Little | uint16 | size | length of package minus the size of the command, protocol_version and size fields (4 bytes). The size can be calculated as 30 (0x1E) + account_name_len, see that field for a maximum. |
| 0x4 | 4 / Little | uint8[4] | gamename | Always null terminated 'WoW\0' string. |
| 0x8 | 3 / - | uint8[3] | version | [0x02, 0x04, 0x03] for 2.4.3. |
| 0xB | 2 / Little | uint16 | build | 4125, aka Revision |
| 0xD | 4 / Big | uint8[4] | platform | eg '\0x86'. Has a leading zero for 'x86'. |
| 0x11 | 4 / Big | uint8[4] | os | eg '\0Win'. Has a leading zero for 'Win'. |
| 0x15 | 4 / Big | uint8[4] | locale | eg 'enUS' |
| 0x19 | 4 / Little | uint32 | worldregion_bias | Offset in minutes from UTC time, eg. 180 means 180 minutes |
| 0x1D | 4 / Big | uint32 | ip | client_ip |
| 0x21 | 1 / - | uint8 | account_name_lenth | Length of the account_name field in bytes. The client can only send 16 characters, but this can still be more than 16 bytes if non-ASCII characters are used. |
| 0x22 | account_name_len / Big | uint8[account_name_len] | account_name | UTF-8 encoded uppercase string of the username. Not all unicode characters are uppercased correctly. |
Server
| Offset | Size / Endianness | Type | Name | Description |
|---|---|---|---|---|
| Header | ||||
| 0x1 | 1 / - | uint8 | command | LOGIN_CHALL (0x0) |
| 0x2 | 1 / - | uint8 | protocol_version | Must be 0. |
| 0x3 | 1 / - | uint8 | result | The fields below are only included if this is LOGIN_OK (0x0). |
| Body | ||||
| 0x4 | 32 / Little | uint8[32] | B | SRP public server ephemeral. All SRP operations are performed with little endian values. |
| 0x24 | 1 / - | uint8 | g_len | SRP generator length. Should always be 1 since the generator is never larger than 255. |
| 0x25 | g_len / - | uint8 | g | SRP generator. All SRP operations are performed with little endian values. |
| (0x26) | 1 / - | uint8 | n_len | SRP modulus length. Client will not read more than 32. All SRP operations are performed with little endian values. |
| (0x27) | n_len / Little | uint8[n_len] | n | SRP modulus. All SRP operations are performed with little endian values. |
| (0x47) | 32 / Little | uint8[32] | srp_salt | SRP user's salt. All SRP operations are performed with little endian values. |
| (0x47) | 16 / Little | uint8[16] | crc_salt | A salt to be used in AuthLogonProof_Client.crc_hash. Can be all zeros. |
| (0x57) | 1 / - | uint8 | security_flags | Bit pattern for optional authentication features. More than one feature can be used, and the fields are just appended in the bit pattern order from lowest first. See security_flag. tables below for specifics. If 0 the packet ends here. |
| security_flags.PIN fields, if applicable. | ||||
| security_flags.unknown fields, if applicable. | ||||
| security_flags.Authenticator field, if applicable. | ||||
The offsets in parentheses are not fixed since they depend on the lengths of previous fields, but these fields are most often the default values so the offsets are presented as semi-fixed.
| Offset | Size / Endianness | Type | Name | Description |
|---|---|---|---|---|
| 0x00 | 4 / Little | uint32 | pin_grid_seed | Seed value for the PIN grid on the client. Only here if the two_factor_authentication field is true. |
| 0x04 | 16 / Little | uint8[16] | pin_salt | Salt value for the client. Only here if the two_factor_authentication field is true. |
| Offset | Size / Endianness | Type | Name | Description |
|---|---|---|---|---|
| 0x00 | 1 / - | uint8 | unknown0 | Unknown. Statically set to 0 in Mangos. |
| 0x01 | 1 / - | uint8 | unknown1 | Unknown. Statically set to 0 in Mangos. |
| 0x02 | 1 / - | uint8 | unknown2 | Unknown. Statically set to 0 in Mangos. |
| 0x03 | 1 / - | uint8 | unknown3 | Unknown. Statically set to 0 in Mangos. |
| 0x04 | 8 / - | uint64 | unknown4 | Unknown. Statically set to 0 in Mangos. |
| Offset | Size / Endianness | Type | Name | Description |
|---|---|---|---|---|
| 0x00 | 1 / - | uint8 | unknown0 | Statically set to 1 in Mangos. |
Proof packets
Client
| Offset | Size / Endianness | Type | Name | Description |
|---|---|---|---|---|
| 0x0 | 1 / - | uint8 | command | LOGIN_PROOF (0x1) |
| 0x1 | 32 / Little | uint8[32] | a | SRP6 Client public key. Called A (capital A) in RFC2945. |
| 0x21 | 20 / Little | uint8[20] | m1 | SRP6 Client proof. |
| 0x35 | 20 / Little | uint8[20] | crc_hash | Hash of arbitrary files. Can be safely ignored. |
| 0x49 | 1 / - | uint8 | num_keys | Used for unknown telemetry. Can be expected to always be 0. See the table below for when it is not 0. |
| num_keys amounts of num_key fields, if applicable. | ||||
| 0x4A | 1 / - | bool (size 1 byte) | security_flags | Bit pattern for optional authentication features. More than one feature can be used, and the fields are just appended in the bit pattern order from lowest first. See security_flag. tables below for specifics. If 0 the packet ends here. |
| security_flags.PIN fields, if applicable. | ||||
| security_flags.unknown fields, if applicable. | ||||
| security_flags.Authenticator field, if applicable. | ||||
When num_keys is not 0, the field is followed by 4 key data fields that repeat num_key times.
| Offset | Size / Endianness | Type | Name | Description |
|---|---|---|---|---|
| 2 / - | uint16 | unk1 | Used for unknown telemetry. Can be expected to not be present. | |
| 4 / - | uint32 | unk2 | Used for unknown telemetry. Can be expected to not be present. | |
| 4 / - | uint8[4] | unk3 | Used for unknown telemetry. Can be expected to not be present. | |
| 20 / - | uint8[20] | unk4 | Used for unknown telemetry. Can be expected to not be present. |
When security_flags is not 0 the following fields can appear.
| Offset | Size / Endianness | Type | Name | Description |
|---|---|---|---|---|
| 0x00 | 4 / Little | uint32 | pin_grid_seed | Seed value for the PIN grid on the client. Only here if the two_factor_authentication field is true. |
| 0x04 | 16 / Little | uint8[16] | pin_salt | Salt value for the client. Only here if the two_factor_authentication field is true. |
| Offset | Size / Endianness | Type | Name | Description |
|---|---|---|---|---|
| 0x00 | 1 / - | uint8 | unknown0 | Unknown. Statically set to 0 in Mangos. |
| 0x01 | 1 / - | uint8 | unknown1 | Unknown. Statically set to 0 in Mangos. |
| 0x02 | 1 / - | uint8 | unknown2 | Unknown. Statically set to 0 in Mangos. |
| 0x03 | 1 / - | uint8 | unknown3 | Unknown. Statically set to 0 in Mangos. |
| 0x04 | 8 / - | uint64 | unknown4 | Unknown. Statically set to 0 in Mangos. |
| Offset | Size / Endianness | Type | Name | Description |
|---|---|---|---|---|
| 0x00 | 1 / - | uint8 | unknown0 | Statically set to 1 in Mangos. |
Server
| Offset | Size | Type | Name | Description |
|---|---|---|---|---|
| Header | ||||
| 0x0 | 1 / - | uint8 | command | LOGIN_PROOF (0x1) |
| 0x1 | 1 / - | uint8 | error | The fields below are only included if this is SUCCESS (0x0). If this is not SUCCESS (0x0) two padding bytes are added after this. |
| - | 2 / - | uint16 | error_padding | Only included if error is not SUCCESS (0x00). |
| Body | ||||
| 0x2 | 20 / Little | uint8[20] | m2 | SRP6 Server proof. |
| 0x16 | 4 / Little | uint32 | account_flag | ACCOUNT_FLAG_GM = 0x00000001, ACCOUNT_FLAG_TRIAL = 0x00000008, ACCOUNT_FLAG_PROPASS = 0x00800000 Mangos statically sets this to PROPASS. |
| 0x20 | 4 / Little | uint32 | hardware_survey_id | ID of a hardware survey that the client should perform. Set to 0 to not use. Can safely be set to 0. |
| 0x24 | 2 / Little | uint16 | unknown_flags | Mangos describes as "some flags (AccountMsgAvailable = 0x01)" and statically sets to 0. |
Reconnection challenge packets
AuthReconnectionChallenge_Client has the same structure as AuthLogonChallenge_Client, except that the command is RECON_CHALL (0x2).
| Offset | Size / Endianness | Type | Name | Description |
|---|---|---|---|---|
| Header | ||||
| 0x0 | 1 / - | uint8 | command | RECON_CHALL (0x2) |
| 0x1 | 1 / - | uint8 | error | The fields below are only included if this is LOGIN_OK (0x0). |
| Body | ||||
| 0x2 | 16 / Little | char[16] | challenge_data | Random data, used as challenge data. |
| 0x12 | 16 / - | char[16] | checksum_salt | No longer used by client in 1.12. Can be all zeros. |
Reconnection proof packets
| Offset | Size / Endianness | Type | Name | Description |
|---|---|---|---|---|
| 0x0 | 1 / - | uint8 | command | RECON_PROOF (0x3) |
| 0x1 | 16 / Little | uint8[16] | proof_data | Challenge data used for calculating proof. |
| 0x11 | 20 / Little | uint8[20] | client_proof | SRP6 Client proof. |
| 0x25 | 20 / ? | uint8[20] | client_checksum | Unknown. |
| 0x39 | 1 / - | uint8 | key_count | Unknown. Can be expected to always be 0. |
| Offset | Size / Endianness | Type | Name | Description |
|---|---|---|---|---|
| 0x0 | 1 / - | uint8 | command | RECON_PROOF (0x3) |
| 0x1 | 1 / - | uint8 | error | Return 0 if the client calculated proof matches the server calculated proof. |
| 0x2 | 4 / - | uint16 | unknown0 | Mangos adds this for all versions after 1.12.3. Statically set to 0. Possibly just padding. |
Realm list packets
Client
| Offset | Size / Endianness | Type | Name | Description |
|---|---|---|---|---|
| 0x0 | 1 / - | uint8 | cmd | REALMLIST (0x10) |
| 0x1 | 4 / - | uint32 | unknown | Hardcoded to 0 in the client. Can be expected to always be 0. |
Server
The server answers with a packet composed of a RealmHeader_Server, as many RealmInfo_Server as specified and a RealmFooter_Server.
Header
| Offset | Size / Endianness | Type | Name | Description |
|---|---|---|---|---|
| 0x0 | 1 / - | uint8 | command | REALMLIST (0x10) |
| 0x1 | 2 / Little | uint16 | size | Size of the rest of packet, without the command and size fields (3 bytes). |
| 0x3 | 4 / - | uint32 | unknown | Not used in public clients. Set to 0. |
| 0x7 | 2 / Little | uint16 | num_realms | Number of RealmInfo_Server. |
The size value can be computed with the part of the header taken into account plus the footer (6+2 bytes) and the size of every RealmInfo_Server which is variable.
Body
| Offset | Size / Endianness | Type | Name | Description |
|---|---|---|---|---|
| 0x0 | 1 / Little | uint8 | realm_type | Mangos just says "realm type (this is second column in Cfg_Configs.dbc)". |
| 0x1 | 1 / - | bool | locked | Show realm as locked in client. |
| 0x2 | 1 / - | uint8 | realm_flags | See RealmInfo_Server.flags table below. Setting SPECIFY_BUILD requires the additional fields at the bottom. |
| 0x3 | - / Big | char[] | realm_name | Zero terminated string; name of the Realm |
| - / Big | char[] | address_port | Zero terminated string; address of the Realm ("ip:port") | |
| 4 / Little | float | population | Population value. 200 is always green "Recommended", 400 is always red "Full", 600 is always blue "Recommended". Low/Medium/High are calculated based on the population values sent. | |
| 1 / - | uint8 | num_chars | The number of characters the client has on the server. | |
| 1 / - | uint8 | realm_category | The language or region of the server. How this is interpreted depends on the locale of the client. It is shown as tabs at the bottom of the realmlist screen. If there are only realms of one category no tabs are shown. See table RealmInfo_Server.realm_category Values. | |
| 1 / - | uint8 | realm_id | Used for the initial sorting of the realms. Identical values are not a problem. | |
| realm_flags SPECIFY_BUILD fields | ||||
| 1 / - | uint8 | major_version | Major version of the server. | |
| 1 / - | uint8 | minor_version | Minor version of the server. | |
| 1 / - | uint8 | patch_version | Patch version of the server. | |
| 1 / - | uint16 | revision | Revision of the server. | |
| Value | Name | Description |
|---|---|---|
| 0x00 | NONE | No changes. |
| 0x01 | INVALID | Color realm name in read. |
| 0x02 | OFFLINE | Gray out name and prevent selection. |
| 0x04 | SPECIFY_BUILD | Shows the build on the realm list. Requires additional fields in realmlist body. |
| 0x08 | UNK1 | Unused. |
| 0x10 | UNK2 | Unused. |
| 0x20 | FORCE_RECOMMENDED | Forces the client to show the server as "Recommended" in blue text, no matter what the population value is. |
| 0x40 | FORCE_NEW_PLAYERS | Forces the client to show the server as "Recommended" in green text, no matter what the population value is. |
| 0x80 | FORCE_FULL | Forces the client to show the population as "Full" in red text, no matter what the population value is. |
| Offset | Size / Endianness | Type | Name | Description |
|---|---|---|---|---|
| 0x0 | 2 / ? | uint16 | unknown | Ignored in public clients. Set to 0. |