Jump to content
Boris Polozov

[question] SMSG_AUTH_RESPONSE

Recommended Posts

Hello there, i'm trying to study Golang and for this i've chose as first project to write a very naive wow emulator, as i'm a wow fun. %)

I've got a problem with SMSG_AUTH_RESPONSE on 1.12.1 client. Clients digest and server generated comparsion is correct as here is

 - https://github.com/cmangos/mangos-classic/blob/master/src/game/Server/WorldSocket.cpp#L403

then i see ARC4 init with session key, i do the same, here is code of ARC4

package utils

const (
	CryptedRecvLen uint8 = 6
	CryptedSendLen uint8 = 4
)


type Cipher struct {
	S    []byte
	sendI uint8
	sendJ uint8
	recvI uint8
	recvJ uint8
	inited bool
}

func (c *Cipher) Init (key []byte) {
	c.S = key
	c.sendI, c.sendJ, c.recvI, c.recvJ = 0,0,0,0
	c.inited = true
}

func (c *Cipher) DecryptRecv (data []byte) {
	if !c.inited {
		return
	}
	var t uint8 = 0
	for t < CryptedRecvLen {
		c.recvI %= uint8(len(c.S))
		// Decrypting
		decrypted := (data[t] - uint8(c.recvJ)) ^ c.S[c.recvI]
		c.recvI++
		c.recvJ = data[t]
		data[t] = decrypted
		t++
	}
}


func (c *Cipher) EncryptSend (data []byte) {
	if !c.inited {
		return
	}
	var t uint8 = 0
	for t < CryptedSendLen {
		c.sendI %= uint8(len(c.S))
		encrypted := (data[t] ^ c.S[c.sendI]) + c.recvJ
		c.sendI++
		c.sendJ = encrypted
		data[t] = encrypted
		t++
	}

}

https://github.com/cmangos/mangos-classic/blob/master/src/game/Server/WorldSocket.cpp#L427

then i send package

func (s SMSGAuthResponsePacket) Encode() []byte {
	smsg := NewPacket(opcodes.SMSG_AUTH_RESPONSE)
	smsg.WriteUint8(s.Code)

	smsg.WriteUint32(0) // BillingTimeRemaining
	smsg.WriteUint8(0) // BillingPlanFlags
	smsg.WriteUint32(0) // hz
	return smsg.Finish()
}

Packet before encription

[0 12 238 1 12 0 0 0 0 0 0 0 0 0]

Packet after encription

[240 83 166 166 12 0 0 0 0 0 0 0 0 0]


After this - client do nothing, i've seen that while connecting to mangos - server sends a packet with 101 byte before SMSG_AUTH_RESPONSE, but while reading mangos' code i can't recognize where is it :D lol (but it seems it is addonpacket, but why it is before SMSG_AUTH_RESPONSE?).

Need any help to recognize what is going on, any help appreciated.

P.S. server decripts header of CSMG_PING, it seems DecriptionRecv function is correct %)

 

Edited by Boris Polozov

Share this post


Link to post
Share on other sites

Your client does nothing because you didn't handle the connection step right.
When the client is successfuly authenticated by the realm daemon, it is redirected to mangosd daemon and the first step, of course , is to establish a connection via TCP socket. When the connection is established, the server will send SMSG_AUTH_CHALLENGE packet. THIS IS THE FIRST PACKET YOU HAVE TO SEND AND IS MANDATORY!!!
The client will respond to this packet with a CMSG_AUTH_SESSION packet, and this is where the miracle happens.  The server has to handle this packet and has to create the so called session. If it succeeds, the server will send SMSG_AUTH_RESPONSE like yours.  Because the intialization of Warden module is part of making the session, the server can send (but is not enforced to) various SMSG_WARDEN* packets, and this is what you already noticed.
Hope this helps! 

  • Like 1

Share this post


Link to post
Share on other sites

Hi, thanks, but, i've alrady have srp generated key and rc4 inited with this key, SMSG_AUTH_CHALLENGE sent,  CMSG_AUTH_SESSION is parsed, digests are equal( session key is correct ).

i just send rc4(SMSG_AUTH_RESPONSE[:4]) + SMSG_AUTH_RESPONSE[4:] and then client do nothing, it seems before this - server must send addoninfopacket, about i've got some questions too, it seems all 'blizzard_*_ui\0' addons must have crc, but i see 9 bytes after name and  all they are ZERO, like this (it is part of unziped addons). is it correct?

[
 'B',
 'l',
 'i',
 'z',
 'z',
 'a',
 'r',
 'd',
 '_',
 'T',
 'r',
 'a',
 'd',
 'e',
 'S',
 'k',
 'i',
 'l',
 'l',
 'U',
 'I',
 '\x00',
 '\x00',
 '\x00',
 '\x00',
 '\x00',
 '\x00',
 '\x00',
 '\x00',
 '\x00',
 '\x00',
 'B',
 'l',
 'i',
 'z',
 'z',
 'a',
 'r',
 'd',
 '_',
 'T',
 'r',
 'a',
 'i',
 'n',
 'e',
 'r',
 'U',
 'I',
 '\x00',
 '\x00',
 '\x00',
 '\x00',
 '\x00',
 '\x00',
 '\x00',
 '\x00',
 '\x00',
 '\x00']

 

As i said, i saw this things in tcpdump, 14bytes packet is AUTH response, but what are before them? is it addoninfo requset? (8085 - server)


12:18:37.026734 IP xxxxxxxxxxxxxxxxxxx.8085 > nbook.39790: Flags [P.], seq 9:110, ack 200, win 231, options [nop,nop,TS val 1758737196 ecr 1522280813], length 101
        0x0000:  4518 0099 2514 0000 3806 42f1 5e17 adf8
        0x0010:  c0a8 4d8a 1f95 9b6e 2519 4546 516e 9eb8
        0x0020:  8018 00e7 611a 0000 0101 080a 68d4 332c
        0x0030:  5abc 296d 70d5 9d81 d89a 6949 8160 5fd3
        0x0040:  ddb6 ffc7 3cbc 2e04 48b9 79f2 ad62 1c92
        0x0050:  b0f3 b635 1de4 128b fdf2 330d 95f3 81e2
        0x0060:  7602 0000 0200 0002 5900 0000 0000 0002
        0x0070:  0000 0200 0002 0000 0221 0000 0000 0000
        0x0080:  0236 0000 0000 0000 0239 0000 0000 0000
        0x0090:  0200 0002 0000 0200 00
12:18:37.042131 IP nbook.39790 > xxxxxxxxxxxxxxxxxxx.8085: Flags [P.], seq 200:207, ack 110, win 502, options [nop,nop,TS val 1522280918 ecr 1758737196], length 7
        0x0000:  4500 003b 94b5 4000 4006 8bc5 c0a8 4d8a
        0x0010:  5e17 adf8 9b6e 1f95 516e 9eb8 2519 45ab
        0x0020:  8018 01f6 904c 0000 0101 080a 5abc 29d6
        0x0030:  68d4 332c 70b7 8064 d68a cc
12:18:37.070657 IP xxxxxxxxxxxxxxxxxxx.8085 > nbook.39790: Flags [P.], seq 110:124, ack 200, win 231, options [nop,nop,TS val 1758737239 ecr 1522280813], length 14
        0x0000:  4518 0042 2515 0000 3806 4347 5e17 adf8
        0x0010:  c0a8 4d8a 1f95 9b6e 2519 45ab 516e 9eb8
        0x0020:  8018 00e7 100b 0000 0101 080a 68d4 3357
        0x0030:  5abc 296d d76d 31c1 0c00 0000 0000 0000
        0x0040:  0000

 

Edited by Boris Polozov

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

Contact Us

To contact us click here
You can also email us at [email protected]

Privacy Policy | Terms & Conditions

Repositories

The Link to the master list
of MaNGOS repositories:
Copyright © getMaNGOS. All rights Reserved.

This website is in no way associated with or endorsed by Blizzard Entertainment®
×
×
  • Create New...