public static void HandleAuthLogonChallenge(IClient client, IncomingAuthPacket packet)
{
Contract.Requires(client != null);
Contract.Requires(packet != null);
var unk = packet.ReadByte();
var size = packet.ReadInt16();
// we can't read it in directly as a string or char array as in C# chars are 16 bits
var gameName = packet.ReadFourCC();
var version1 = packet.ReadByte();
var version2 = packet.ReadByte();
var version3 = packet.ReadByte();
var build = packet.ReadInt16();
var platform = packet.ReadFourCC();
var os = packet.ReadFourCC();
var country = packet.ReadFourCC();
var timezoneBias = packet.ReadInt32();
var ip = packet.ReadInt32();
var usernameLength = packet.ReadByte();
var usernameBytes = packet.ReadBytes(usernameLength);
var username = Encoding.ASCII.GetString(usernameBytes);
SRPServer srpData = GetSRPDataForUsername(username);
if (srpData == null)
{
SendAuthenticationChallengeFailure(client, AuthResult.FailUnknownAccount);
}
else
{
client.UserData.SRP = srpData;
// make sure the result is at least 32 bytes long
var peData = srpData.PublicEphemeralValueB.GetBytes(32);
var publicEphemeral = new BigInteger(peData);
var rand = new BigInteger(new FastRandom(), 16 * 8);
SendAuthenticationChallengeSuccess(client,
publicEphemeral,
srpData.Parameters.Generator,
srpData.Parameters.Modulus,
srpData.Salt,
rand);
}
}
public static void HandleRealmlist(IClient client, IncomingAuthPacket packet)
{
Contract.Requires(client != null);
Contract.Requires(packet != null);
var unk = packet.ReadInt32(); // ignored
List<string> realmNames = RealmList.GetRealmNames();
var realmsSize = 0;
foreach (string realmName in realmNames)
{
Realm realm = RealmList.GetRealm(realmName);
realmsSize += 3;
// +1 for the null character at the end
realmsSize += realm.Name.Length + 1;
realmsSize += realm.Address.Length + 1;
realmsSize += 6;
if ((realm.Color & 4) != 0)
realmsSize += 5;
}
using (var outPacket = new OutgoingAuthPacket(GruntOpCodes.RealmList, 10 + realmsSize))
{
outPacket.Write((short)(6 + realmsSize + 2));
outPacket.Write(0);
outPacket.Write((short)realmNames.Count);
foreach (string realmName in realmNames)
{
Realm realm = RealmList.GetRealm(realmName);
var numChars = realm.GetNumChars(client.UserData.SRP.Username);
outPacket.Write(realm.Icon);
outPacket.Write(realm.Lock);
outPacket.Write(realm.Color);
outPacket.WriteCString(realm.Name);
outPacket.WriteCString(realm.Address);
outPacket.Write(realm.PopulationLevel);
outPacket.Write(numChars);
outPacket.Write(realm.TimeZone);
outPacket.Write((byte)0x2C);
if ((realm.Color & 0x04) != 0)
{
outPacket.Write((byte)0);
outPacket.Write((byte)0);
outPacket.Write((byte)0);
outPacket.Write((short)0);
}
}
outPacket.Write((byte)0x10);
outPacket.Write((byte)0x00);
client.Send(outPacket);
}
}
public static void HandleAuthLogonProof(IClient client, IncomingAuthPacket packet)
{
Contract.Requires(client != null);
Contract.Requires(packet != null);
var clientPublicEphemeralA = packet.ReadBigInteger(32);
// Client Proof.
// SHA1 of { SHA1(Modulus) ^ SHA1(Generator), SHA1(USERNAME), salt, PublicA, PublicB, SessionKey }
var clientResult = packet.ReadBigInteger(20);
// SHA1 hash of the PublicA and HMACSHA1 of the contents of WoW.exe and unicows.dll. HMAC seed is the 16 bytes at the end of the challenge sent by the server.
var clientFileHash = packet.ReadBytes(20); // these can safely be ignored
// the client tends to send 0, but just in case it's safer to implement this.
var numKeys = packet.ReadByte();
if (numKeys > 0)
{
// only initialize the array if we actually HAVE keys
AuthLogonKey[] keys = new AuthLogonKey[numKeys];
for (byte key = 0; key < numKeys; key++)
{
var unk1 = packet.ReadInt16();
var unk2 = packet.ReadInt32();
var unk3 = packet.ReadBytes(4);
// SHA of { PublicA, PublicB, byte[20] unknown data }
var shaHash = packet.ReadBytes(20);
Contract.Assume(unk3.Length == 4);
Contract.Assume(shaHash.Length == 20);
keys[key] = new AuthLogonKey(unk1, unk2, unk3, shaHash);
}
}
var securityFlags = (ExtraSecurityFlags)packet.ReadByte(); // can be safely ignored
if (securityFlags.HasFlag(ExtraSecurityFlags.PIN))
{
var pinRandom = packet.ReadBytes(16);
var pinSHA = packet.ReadBytes(20);
}
if (securityFlags.HasFlag(ExtraSecurityFlags.Matrix))
{
var matrixHMACResult = packet.ReadBytes(20);
}
if (securityFlags.HasFlag(ExtraSecurityFlags.SecurityToken))
{
var tokenLength = packet.ReadByte();
var token = packet.ReadBytes(tokenLength);
}
SRPServer srpData = client.UserData.SRP;
srpData.PublicEphemeralValueA = clientPublicEphemeralA;
var success = srpData.Validator.IsClientProofValid(clientResult);
if (success)
{
SendAuthenticationLogonProofSuccess(client, srpData.Validator.ServerSessionKeyProof);
client.AddPermission(new AuthenticatedPermission());
}
else
SendAuthenticationLogonProofFailure(client, AuthResult.FailUnknownAccount);
}
public static void HandleReconnectProof(IClient client, IncomingAuthPacket packet)
{
var r1Data = packet.ReadBytes(16);
BigInteger r1 = new BigInteger(r1Data);
var r2Data = packet.ReadBytes(20);
BigInteger r2 = new BigInteger(r2Data);
var r3Data = packet.ReadBytes(20);
var numKeys = packet.ReadByte();
if (numKeys > 0)
{
// only initialize the array if we actually HAVE keys
AuthLogonKey[] keys = new AuthLogonKey[numKeys];
for (byte key = 0; key < numKeys; key++)
{
var unk1 = packet.ReadInt16();
var unk2 = packet.ReadInt32();
var unk3 = packet.ReadBytes(4);
var shaHash = packet.ReadBytes(20);
keys[key] = new AuthLogonKey(unk1, unk2, unk3, shaHash);
}
}
SRPServer srpData = client.UserData.SRP;
string username = client.UserData.Username;
BigInteger rand = client.UserData.ReconnectRand;
// TODO fetch this from the database (or some other persistent storage)
BigInteger sessionKey = null ?? new BigInteger(0);
BigInteger hash = srpData.Hash(new HashDataBroker(Encoding.ASCII.GetBytes(username)), r1, rand);
if (hash == r2)
{
SendReconnectProofSuccess(client);
client.AddPermission(new AuthenticatedPermission());
}
else
client.Disconnect();
}
public static void HandleReconnectChallenge(IClient client, IncomingAuthPacket packet)
{
// structure is the same as AuthenticationLogonChallenge
Contract.Requires(client != null);
Contract.Requires(packet != null);
var unk = packet.ReadByte();
var size = packet.ReadInt16();
var gameName = packet.ReadFourCC();
var version1 = packet.ReadByte();
var version2 = packet.ReadByte();
var version3 = packet.ReadByte();
var build = packet.ReadInt16();
var platform = packet.ReadFourCC();
var os = packet.ReadFourCC();
var country = packet.ReadFourCC();
var timezoneBias = packet.ReadInt32();
var ip = packet.ReadInt32();
var usernameLength = packet.ReadByte();
var usernameBytes = packet.ReadBytes(usernameLength);
var username = Encoding.ASCII.GetString(usernameBytes);
// TODO fetch this from the database (or some other persistent storage)
BigInteger sessionKey = null;
if (sessionKey == null) {
client.Disconnect();
return;
}
BigInteger rand = new BigInteger(new FastRandom(), 16 * 8);
SendReconnectChallengeSuccess(client, rand);
client.UserData.ReconnectRand = rand;
client.UserData.Username = username;
}