Packets/Login/Vanilla
Jump to navigation
Jump to search
(1.1.2.4125)
It's worth noting that, for this build, the client automatically disconnect after a successful login challenge and proof exchange and sends a reconnect packet right away instead of asking for the realm list.
Some enums first:
| Name | Value |
|---|---|
| LOGIN_CHALL | 0x00 |
| LOGIN_PROOF | 0x01 |
| RECON_CHALL | 0x02 |
| RECON_PROOF | 0x03 |
| REALMLIST | 0x10 |
| XFER_INITIATE | 0x30 |
| XFER_DATA | 0x31 |
| Name | Value |
|---|---|
| LOGIN_OK | 0x00 |
| LOGIN_FAILED | 0x01 |
| LOGIN_FAILED2 | 0x02 |
| LOGIN_BANNED | 0x03 |
| LOGIN_UNKNOWN_ACCOUNT | 0x04 |
| LOGIN_UNKNOWN_ACCOUNT3 | 0x05 |
| LOGIN_ALREADYONLINE | 0x06 |
| LOGIN_NOTIME | 0x07 |
| LOGIN_DBBUSY | 0x08 |
| LOGIN_BADVERSION | 0x09 |
| LOGIN_DOWNLOAD_FILE | 0x0A |
| LOGIN_FAILED3 | 0x0B |
| LOGIN_SUSPENDED | 0x0C |
| LOGIN_FAILED4 | 0x0D |
| LOGIN_CONNECTED | 0x0E |
| LOGIN_PARENTALCONTROL | 0x0F |
| LOGIN_LOCKED_ENFORCED | 0x10 |
Challenge packets
| Offset | Type | Name | Description |
|---|---|---|---|
| 0x0 | uint8 | command | LOGIN_CHALL (0x0) |
| 0x1 | uint8 | protocol_version | 3 for 1.12, unknown for 1.1. |
| 0x2 | uint16 | size | length of package minus the size of the command, protocol_version and size fields (4 bytes). |
| 0x4 | char[4] | gamename | 'WoW' |
| 0x8 | uint8[3] | version | 0x01 0x01 0x02 |
| 0xB | uint16 | build | 4125, aka Revision |
| 0xD | char[4] | platform | eg 'x86' |
| 0x11 | char[4] | os | eg 'Win' |
| 0x15 | char[4] | country | eg 'enUS' |
| 0x19 | uint32 | worldregion_bias | offset in minutes from UTC time , eg. 180 means 180 minutes |
| 0x1D | uint32 | ip | client_ip |
| 0x21 | uint8 | account_name_len | Length of the account_name field in bytes. The client can only send 16 characters, but this can still be more than 16 bytes if non-ASCII characters are used. |
| 0x22 | char[account_name_len] | account_name | UTF-8 encoded uppercase string of the username. Not all unicode characters are uppercased correctly. |
| Offset | Type | Name | Description |
|---|---|---|---|
| 0x1 | uint8 | command | LOGIN_CHALL (0x0) |
| 0x2 | uint8 | protocol_version | Must be 0. |
| 0x3 | uint8 | result | |
| 0x4 | char[32] | B | SRP public server ephemeral |
| 0x24 | uint8 | g_len | SRP generator length |
| 0x25 | uint8 | g | SRP generator |
| 0x26 | uint8 | n_len | SRP modulus length |
| 0x27 | char[32] | n | SRP modulus |
| 0x47 | char[32] | srp_salt | SRP user's salt |
| 0x47 | char[16] | crc_salt | A salt to be used in AuthLogonProof_Client.crc_hash |
Proof packets
| Offset | Type | Name | Description |
|---|---|---|---|
| 0x0 | uint8 | command | 0x1 |
| 0x1 | uint8[32] | a | |
| 0x21 | uint8[20] | m1 | |
| 0x35 | uint8[20] | crc_hash | |
| 0x49 | uint8 | num_keys |
| Offset | Type | Name | Description |
|---|---|---|---|
| 0x0 | uint8 | command | 0x1 |
| 0x1 | uint8 | error | |
| 0x2 | uint8[20] | m2 | |
| 0x16 | uint32 | unk |
Reconnection challenge packets
AuthReconnectionChallenge_Client has the same structure as AuthLogonChallenge_Client, except that the command is 0x2.
| Offset | Type | Name | Description |
|---|---|---|---|
| 0x0 | uint8 | command | 0x2 |
| 0x1 | uint8 | error | |
| 0x2 | char[16] | challenge_data | random data, used as a challenge |
| 0x12 | uint64 | unk1 | |
| 0x1A | uint64 | unk2 |
Reconnection proof packets
| Offset | Type | Name | Description |
|---|---|---|---|
| 0x0 | uint8 | command | 0x3 |
| 0x1 | char[16] | proof_data | |
| 0x11 | char[20] | client_proof | |
| 0x25 | char[20] | unk_hash | |
| 0x39 | uint8 | unk |
To check if the client proof is correct, the server must calculate SHA1(account_name | proof_data | challenge_data | session_key) and compare it to client_proof.
| Offset | Type | Name | Description |
|---|---|---|---|
| 0x0 | uint8 | command | 0x3 |
| 0x1 | uint8 | error |
Realm list packets
| Offset | Type | Name | Description |
|---|---|---|---|
| 0x0 | uint8 | cmd | REALMLIST |
| 0x1 | uint32 | unknown | null |
The server answers with a packet composed of a RealmHeader_Server, as many RealmInfo_Server as specified and a RealmFooter_Server.
| Offset | Type | Name | Description |
|---|---|---|---|
| 0x0 | uint8 | cmd | REALMLIST |
| 0x1 | uint16 | size | size of the rest of packet, without these 3 first bytes |
| 0x3 | uint32 | unknown | null |
| 0x7 | uint8 | num_realms | Number of RealmInfo_Server |
The size value can be computed with the part of the header taken into account plus the footer (5+2 bytes) and the size of every RealmInfo_Server which is variable.
| Offset | Type | Name | Description |
|---|---|---|---|
| 0x0 | uint32 | type | realm type? 0 is normal, 1 is PVP |
| 0x4 | uint8 | flags | see below |
| 0x5 | char[] | name | Zero terminated string; name of the Realm |
| char[] | addr_port | Zero terminated string; address of the Realm ("ip:port") | |
| float | population | Population value. 0 is low, 1 is medium, 2 is high. | |
| uint8 | num_chars | The number of chars you have on that server | |
| uint8 | time_zone | really? | |
| uint8 | unknown |
Flags Meaning 0x01 Color the realm name in red (can't create char?) 0x02 Realm is offline
| Offset | Type | Name | Description |
|---|---|---|---|
| 0x0 | uint16 | unk |
(1.12.1.5875)
Challenge Packets
The AuthLogonChallenge_Server packet has added the two_factor_authentication field and will hang waiting for it to be sent.
| Offset | Type | Name | Description |
|---|---|---|---|
| 0x1 | uint8 | command | LOGIN_CHALL (0x0) |
| 0x2 | uint8 | protocol_version | Must be 0. |
| 0x3 | uint8 | result | |
| 0x4 | char[32] | B | SRP public server ephemeral |
| 0x24 | uint8 | g_len | SRP generator length |
| 0x25 | uint8 | g | SRP generator |
| 0x26 | uint8 | n_len | SRP modulus length |
| 0x27 | char[32] | n | SRP modulus |
| 0x47 | char[32] | srp_salt | SRP user's salt |
| 0x47 | char[16] | crc_salt | A salt to be used in AuthLogonProof_Client.crc_hash |
| 0x57 | bool (size 1 byte) | two_factor_authentication | 0 for disabled. |
Proof packets changed during Vanilla:
| Offset | Type | Name | Description |
|---|---|---|---|
| 0x0 | uint8 | command | LOGIN_PROOF (0x1) |
| 0x1 | uint8[32] | a | Client public key. |
| 0x21 | uint8[20] | m1 | Client proof. |
| 0x35 | uint8[20] | crc_hash | |
| 0x49 | uint8 | num_keys | Used for unknown telemetry. Can be expected to always be 0. |
| 0x4A | bool (size 1 byte) | two_factor_enabled | If false the packet ends here, if true the two fields below are included. Added in 1.12.x client branch. |
| uint8[16] | pin_salt | Salt used for PIN. Only included if two_factor_enabled is true. | |
| uint8[20] | pin_hash | Hash used for PIN. Only included if two_factor_enabled is true. |
| Offset | Type | Name | Description |
|---|---|---|---|
| 0x0 | uint8 | command | LOGIN_PROOF (0x1) |
| 0x1 | uint8 | error | |
| 0x2 | uint8[20] | m2 | Server proof. |
| 0x16 | uint32 | hardware_survey_id | ID of a hardware survey that the client should perform. Set to 0 to not use. |