XtremeX

No, it's for all, would you like a screenshot?

Hello,

I've looked the "Authsocket.cpp" and "Authsocket.h" scripts for to understand how it works, but i don't understand where is the password verification.

I think it's here :

[== c++ ==]
  BigNumber A;

   A.SetBinary(lp.A, 32);

   // SRP safeguard: abort if A==0
   if (A.isZero())
       return false;

   Sha1Hash sha;
   sha.UpdateBigNumbers(&A, &B, NULL);
   sha.Finalize();
   BigNumber u;
   u.SetBinary(sha.GetDigest(), 20);
   BigNumber S = (A * (v.ModExp(u, N))).ModExp(b, N);

   uint8 t[32];
   uint8 t1[16];
   uint8 vK[40];
   memcpy(t, S.AsByteArray(32), 32);
   for (int i = 0; i < 16; ++i)
   {
       t1[i] = t[i * 2];
   }
   sha.Initialize();
   sha.UpdateData(t1, 16);
   sha.Finalize();
   for (int i = 0; i < 20; ++i)
   {
       vK[i * 2] = sha.GetDigest()[i];
   }
   for (int i = 0; i < 16; ++i)
   {
       t1[i] = t[i * 2 + 1];
   }
   sha.Initialize();
   sha.UpdateData(t1, 16);
   sha.Finalize();
   for (int i = 0; i < 20; ++i)
   {
       vK[i * 2 + 1] = sha.GetDigest()[i];
   }
   K.SetBinary(vK, 40);

   uint8 hash[20];

   sha.Initialize();
   sha.UpdateBigNumbers(&N, NULL);
   sha.Finalize();
   memcpy(hash, sha.GetDigest(), 20);
   sha.Initialize();
   sha.UpdateBigNumbers(&g, NULL);
   sha.Finalize();
   for (int i = 0; i < 20; ++i)
   {
       hash[i] ^= sha.GetDigest()[i];
   }
   BigNumber t3;
   t3.SetBinary(hash, 20);

   sha.Initialize();
   sha.UpdateData(_login);
   sha.Finalize();
   uint8 t4[sHA_DIGEST_LENGTH];
   memcpy(t4, sha.GetDigest(), SHA_DIGEST_LENGTH);

   sha.Initialize();
   sha.UpdateBigNumbers(&t3, NULL);
   sha.UpdateData(t4, SHA_DIGEST_LENGTH);
   sha.UpdateBigNumbers(&s, &A, &B, &K, NULL);
   sha.Finalize();
   BigNumber M;
   M.SetBinary(sha.GetDigest(), 20);

   ///- Check if SRP6 results match (password is correct), else send an error
   if (!memcmp(M.AsByteArray(), lp.M1, 20))
   {
       BASIC_LOG("User '%s' successfully authenticated", _login.c_str());

       ///- Update the sessionkey, last_ip, last login time and reset number of failed logins in the account table for this account
       // No SQL injection (escaped user name) and IP address as received by socket
       const char* K_hex = K.AsHexStr();
       LoginDatabase.PExecute("UPDATE account SET sessionkey = '%s', last_ip = '%s', last_login = NOW(), locale = '%u', failed_logins = 0 WHERE username = '%s'", K_hex, get_remote_address().c_str(), GetLocaleByName(_localizationName), _safelogin.c_str() );
       OPENSSL_free((void*)K_hex);

       ///- Finish SRP6 and send the final result to the client
       sha.Initialize();
       sha.UpdateBigNumbers(&A, &M, &K, NULL);
       sha.Finalize();

       SendProof(sha);

       ///- Set _authed to true!
       _authed = true;
   }
   else
   {
       if (_build > 6005) // > 1.12.2
       {
           char data[4] = { CMD_AUTH_LOGON_PROOF, WOW_FAIL_UNKNOWN_ACCOUNT, 3, 0};
           send(data, sizeof(data));
       }
       else
       {
           // 1.x not react incorrectly at 4-byte message use 3 as real error
           char data[2] = { CMD_AUTH_LOGON_PROOF, WOW_FAIL_UNKNOWN_ACCOUNT};
           send(data, sizeof(data));
       }
       BASIC_LOG("[AuthChallenge] account %s tried to login with wrong password!",_login.c_str ());

       uint32 MaxWrongPassCount = sConfig.GetIntDefault("WrongPass.MaxCount", 0);
       if(MaxWrongPassCount > 0)
       {
           //Increment number of failed logins by one and if it reaches the limit temporarily ban that account or IP
           LoginDatabase.PExecute("UPDATE account SET failed_logins = failed_logins + 1 WHERE username = '%s'",_safelogin.c_str());

           if(QueryResult *loginfail = LoginDatabase.PQuery("SELECT id, failed_logins FROM account WHERE username = '%s'", _safelogin.c_str()))
           {
               Field* fields = loginfail->Fetch();
               uint32 failed_logins = fields[1].GetUInt32();

               if( failed_logins >= MaxWrongPassCount )
               {
                   uint32 WrongPassBanTime = sConfig.GetIntDefault("WrongPass.BanTime", 600);
                   bool WrongPassBanType = sConfig.GetBoolDefault("WrongPass.BanType", false);

                   if(WrongPassBanType)
                   {
                       uint32 acc_id = fields[0].GetUInt32();
                       LoginDatabase.PExecute("INSERT INTO account_banned VALUES
('%u',UNIX_TIMESTAMP(),UNIX_TIMESTAMP()+'%u','MaNGOS realmd','Failed login autoban',1)",
                           acc_id, WrongPassBanTime);
                       BASIC_LOG("[AuthChallenge] account %s got banned for '%u' seconds because it failed to authenticate '%u' times",
                           _login.c_str(), WrongPassBanTime, failed_logins);
                   }
                   else
                   {
                       std::string current_ip = get_remote_address();
                       LoginDatabase.escape_string(current_ip);
                       LoginDatabase.PExecute("INSERT INTO ip_banned VALUES
('%s',UNIX_TIMESTAMP(),UNIX_TIMESTAMP()+'%u','MaNGOS realmd','Failed login autoban')",
                           current_ip.c_str(), WrongPassBanTime);
                       BASIC_LOG("[AuthChallenge] IP %s got banned for '%u' seconds because account %s failed to authenticate '%u' times",
                           current_ip.c_str(), WrongPassBanTime, _login.c_str(), failed_logins);
                   }
               }
               delete loginfail;
           }
       }
   }

But I don't understand where is the comparison with the password in the database..

Can someone help me to understand it please ?

Hello,

I've a question about the send mail gm command.

How to do a newline ? (Telnet like game, same problem)

I've tested \\r\\n.. Not works..

Have you an idea ?

PS : Sorry for my bad english

I need to know what to do with this :'(

Simple question, why mangos doesn't give it possible tu access with 4.0.X client revision, if is it possible ? Mangos never works this client?

Because 4.0.X branch is under development, i don't try it but I doubt a lot that this expansion is playable now with mangos unsupported 4.0.X branch. If you want to use that client use google, learn C++, learn about packets and server-client connections and protocols and then develop the needed code to get the core && client working as you expect.

Ok thanks.. Mangos works in 4.0.X, it's good, because other emulator stop. Good luck

Okay but this post talk about 4.0.X, and say it possible to access character list and enter world.. I need to do it, but if i can't enter code, how can i do this ?

the 4.x branch on GIT is for people who know what they are doing with it. You will get NO help with it on the forum. It is completely unsupported, if you dont know how to use it, then you shouldnt be using it. And PLEASE, no more questions about 4.x and how to use it.

Sorry.. But if we need to learn it?

Simple question, why mangos doesn't give it possible tu access with 4.0.X client revision, if is it possible ? Mangos never works this client?

Okay but this post talk about 4.0.X, and say it possible to access character list and enter world.. I need to do it, but if i can't enter code, how can i do this ?

ok thanks, where i give the code you tell me for 4.0.1?

nowhere. this code shows developers the structure of the packets, so that they can implement it. there are also people who can read that and write code for it, not only copy it and ask where to paste it.

How can i do a 4.0.X's server than?

ok thanks, where i give the code you tell me for 4.0.1?

This is for SMSG_AUTH_CHALLENGE

    BigNumber key1, key2;
   key1.SetRand(64);
   key2.SetRand(64);
   uint32* k1 = (uint32*)key1.AsByteArray();
   uint32* k2 = (uint32*)key2.AsByteArray();
   uint8 ConnectionCount = 1;

   packet << k2[2] << k1[0];
   packet << ConnectionCount;
   packet << m_Seed;
   packet << k1[2] << k1[1];
   packet << k2[0] << k2[1];
   packet << k1[3] << k2[3];

This is for SMSG_AUTH_RESPONSE

void WorldSession::SendAuthResponse(uint8 code, bool shortForm, uint32 queuePos)
{


   WorldPacket packet(SMSG_AUTH_RESPONSE, 1 + 4 + 1 + 4 + 1 + (shortForm ? 0 : (4 + 1)));
   packet << uint8(code);
   packet << uint32(0);                                   // BillingTimeRemaining
   packet << uint8(0);                                    // BillingPlanFlags
   packet << uint32(0);                                   // BillingTimeRested
   packet << uint16(Expansion());                          // 0 - normal, 1 - TBC, 2 - WOTLK, 3 - Cataclysm must be set in database manually for each account

   if (!shortForm)
   {
       packet << uint32(queuePos);                             // Queue position
       packet << uint8(0);                                     // Unk 3.3.0
   }

   SendPacket(&packet);
}

After this was changed you come to packet SMSG_CHAR_ENUM

This is the structure of the character datas.... the function for this you can find in CharacterHandler with reference to player.cpp

        uint64 GUID;
         CString Name;
         byte Race;
         byte Class;
         byte Gender;
         byte Skin;
         byte Face;
         byte HairStyle;
         byte HairColor;
         byte FacialHair;
         byte level;
         uint32 ZoneId;
         uint32 MapId;
         float X;
         float Y;
         float Z;
         uint64 Unk;
         uint32 CharacterFlags;
         uint32 CustomizationFlags;
         byte FirstLogin;
         uint32 PetDisplayId;
         uint32 PetLevel;
         uint32 PetFamily;
         CharacterItem Items[23];

Where i've to enter it..?

PS : What about 4.0.3?

Hum.. How can i do it ? And after it's possible to connect in game with 4.0.X client ?

With this opcode, possible to access to character list and enter world ???

Ok i don't know i've see the branch 400 and i think it's possible ^^

Hello,

I think branch 400 is for client 4.0.1 ?

Then i've download and compile it but when i start it in 4.0.1, my serveur is offline... But when i started in 3.3.5a it works fine..

What's the problem ? 4.0.1 doesn't actually work ?