-
Member
Stuck on AuthLogonChallenge_Server
I have been tearing my hair out over this for a few weeks now and cannot find any documentation that makes it easier for me. I try not to post on forums of any kind so I ask you forgive my low rep score.
I am attempting to build a simple authentication server (target 1.12.x) using node js (net module, not socket.io). This is to help me better understand how the protocol works and expand my knowledge.
I have been able to receive and break down the initial packet the client sends that contains the client build, version, locale, username, so on.
I believe from reviewing many emu servers code (all c++) that the next step is what the wiki calls AuthLogonChallenge_Server. The server is to send a packet of data back to the client.
I can send error data back to the client easy, for example sending that the account is banned.
Building a valid packet for moving to the next step seems to be the part I cannot understand. I have searched and searched but as c++ is not my language I have not been able to understand how to translate this into js. I believe the npm module srp would help, but I am not sure how.
I am at your mercy if anyone can help.
-
Contributor
The protocol used to authenticate with and log in to the login (sometimes also called authentication or shorter auth) server is SRP-6. Furthermore, it uses an optimisation so that there is a minimal exchange of packets between the client and the server. [1]
You can sniff the packets via Wireshark, which has built-in filters for WoW login protocol called "wow". Some documentation is also available on the arcemu wiki page, though somewhat incomplete and at times inaccurate.
node-srp won't work out of the box since it implements a different version of the protocol (SRP-6a). It also assumes big-endian byte order whereas the WoW implementation uses little-endian byte order. The amount of modifications required would then defeat the purpose of a utility package.
All in all, it's a lot of tedious work. All you have to do is to carefully follow the protocol. There are a few things that you have to look out for:
- client will send and receive SRP integer variables in little-endian byte order
Code:
_________
| |
Little-endian --> | SHA-1 | --> Little-endian
|_________|
- most BigInteger/bignum/... objects work with big-endian representation so there will be a lot of reversing!
Here's a dump of SRP-6 variables on the server upon successful login, so that you can test your code against it:
Code:
# all integer variables are in little-endian byte order
# s, M1, M2 and K are not treated as numbers and as such have no assigned byte order
u - 698F9038 2D1313D5 FB888B34 F8694BA9 5E4309E3
S - 4B9AA92F C209E663 EF63E3D2 98661577 927A741E 7FCAD8E1 D6F70CD6 55FAA645
A - EC895E04 5BB7DD62 8CCFA715 116A39CB 00C55B63 61A229FA 8DAC5B73 D638773E
b - 86C4C539 C8BDA1F6 50CAB032 199959D4 9E53E953 9F4F9705 B2C710B2 2448D96D
B - 7B0E4A09 8401AFF1 050A15E9 EF345342 29E57C70 B0DEC81F 2CFBCBDC 6671DA73
s - 8598916D 316FF815 3C23AE77 CE67009C 683FD10D F8F66F6E 96050C87 0208DB16
M1 - C80C3013 11D04379 F0D00393 DF0D478A 6EEC2D00
M2 - 1EEA742C 32C30B49 EA63161E 91C38B55 25C71CA7
v - 8DD50E4A 81132CDA 8D675687 010C852C BBD23A17 15724A35 D7E5C384 55D73F37
g - 7
I - TEST
P - TEST
x - 0D0DAF13 037A3FD6 017457D3 40F5C321 339D929A
K - 3D41C92C 4D1F32BA DB7B2D41 3B6E67BC 1A8C483C DE6FFD0D 555F922B 28617941 D6B4E394 2842E629 # see SHA_Interleave in [2]
N - B79B3E2A 87823CAB 8F5EBFBF 8EB10108 53500629 8B5BADBD 5B53E189 5E644B89
k - 3
# Missing:
a - not necessary for server side computations
If anyone's using Java, give SRP-6 Variables a go!
References:
Last edited by Glusk; 01-11-2021 at 02:22 PM.
Reason: Typos; uniform byte order, SRP-6 Variables; cosmetics
-
Post Thanks / Like - 2 Thanks
-
Member
Originally Posted by
Glusk
node-srp won't work out of the box since it implements a different version (SRP-6a). It also assumes big-endian byte order whereas the WoW implementation uses little-endian byte order. The amount of modifications required would then defeat the purpose of a utility package.
All in all it's a lot of tedious work. All you have to do is to carefully follow the protocol. There are a few things that you have to look out for:
client will send and receive SRP variables in little-endian byte order
Thank you so much. I had read stanford document before but maybe I am blind I had not read anywhere that it was little-endian. Also I was working on idea that srp6a was okay.
I will continue my struggle with these new ideas and thank you for help
-
Contributor
Originally Posted by
welpcow
I had read stanford document before but maybe I am blind I had not read anywhere that it was little-endian.
Just to be clear: SRP-6 itself is neutral towards endiannes. It works either way and that's why there's no word about it in the Stanford docs. WoW's version is implemented using little-endian representation of numbers.
-
Member
I am now making packets correctly thanks to your help, but the progress does not continue. I think this is as you said because the module I am using, fast-srp does not produce in little endian.
I am hopeful that if I can correct this then my problem will be solved.