[WoW][3.3.3] Info Dump Thread

[Nonal]

Was the session key offset changed? (Cannot test yet, eu servs still offline, but I thought someone said they are changed @ PTR)

edit: Actually I mean session keys AND the new client/server 'seeds'
edit 2 : the session key location has been changed, thats for sure :/

Yes. If someone got this new key offset and seeds, it would be great ! My OOP soft stopped working today... If nobody has it, I guess we will have to reinstall IDA, SinnerG :-)

BTW, I have almost all opcode decoders I need for my work. Maybe there is a way to share this decoding code through this forum. Looks like you (and others) are all working from the same sources, and to follow this moving protocol target. When I have more time, I will post it

[qjlex]

Code:

  BagsGUID = 0x00C542A8, //3.3.2 0x00C3CDB8,
  MerchantWindowGUID = 0x00C4EB40,

  public enum ActionBarOffSet : uint
    {
        Base = 0x00C53CB0, //3.3.2 0x00C37C30,
        ID = 0x0, // Spell ID, MacroID or ItemID
        Type = 0x3, // See Types
        NextAction = 0x4,
    }

 public enum ClickToMove
    {
        AdressCTM = 0x00B92510, //3.3.2 0x00CBA7D8,
        AdressCTMStart = 0x005CFCAA, //3.3.2 0x006BAA3A,
    }

 public enum LocationName : uint
    {
        MinimapZoneName = 0x00C4EB14,//3.3.2 0x00B69594,
        SubZoneName = 0x00C4EB1C, //3.3.20x00B6959C,
        RealZoneName = 0x00C4EB18, //3.3.2 0x00B69598,
        ZoneName = 0x00C4EB20, //3.3.2 0x00B695A0,
        MapName = 0x00B22398, //3.3.2 0x00D00C78,
    }

[garkeinplan]

Code:

0x00C4DF28      RedTextMessage
0x00AEDD48      ChatBoxOpen
0x00BB66F0      InboxMessagesCount
0x00AE3E48      LocalizationLanguage

// Rune Stuff
0x00C542A0      RuneState
0x00A89FE8      RuneType

// Auction Offsets
0x00C8CAE8      AuctionListPageArrayPointer
0x00A9B1E4      SelectedAuctionGUID
0x00C8CAA8      AuctionListAllPagesLength
0x00C8CAE4      AuctionListPageArrayLength

// Faction Offsets
0x00A8C23C      FactionIndex
0x00A8C24C      FactionPointer
0x00A8C238      TotalFactions

// Relogger Offsets
0x00C8F2E0      GameState
0x00A9C5C4      LoginState (1 = Battlenet Screen, 4 = Charselect, 5 = Logged out, 255 = First Login)
0x00C4EB2A      IsInGame (1 = true, 0 = false)
0x00C8F338      LoginStateEvent (1 = Battlenet, 2 = Game Server Login, 3 = Charlist retreiving, 10 = Entering World)

[SinnerG]

Yes. If someone got this new key offset and seeds, it would be great ! My OOP soft stopped working today... If nobody has it, I guess we will have to reinstall IDA, SinnerG :-)

BTW, I have almost all opcode decoders I need for my work. Maybe there is a way to share this decoding code through this forum. Looks like you (and others) are all working from the same sources, and to follow this moving protocol target. When I have more time, I will post it

Thx to TOM_RUS for finding these (tested : they work)

Seeds:

Code:

        private static readonly byte[] ClientSeed = { 0xC2, 0xB3, 0x72, 0x3C, 0xC6, 0xAE, 0xD9, 0xB5, 0x34, 0x3C, 0x53, 0xEE, 0x2F, 0x43, 0x67, 0xCE };
        private static readonly byte[] ServerSeed = { 0xCC, 0x98, 0xAE, 0x04, 0xE8, 0x97, 0xEA, 0xCA, 0x12, 0xDD, 0xC0, 0x93, 0x42, 0x91, 0x53, 0x57 };

Session key:

Code:

var blackAddress = blackProc.ReadUInt(0x00BB4404) + 0x508; // Read 40 bytes from the resulting address

edit: I could've been wrong about 'tested, works!' - Not sure if the session key is correct, but the seeds were supplied by TOM_RUS and work for him!

[Nonal]

I will test these addresses/seeds tonight and will report my findings.

Thanks,

Edit: Well yes, I can confirm these seeds + offset work, at least when I am not requested by the server to switch IP:PORT. However if am requested to switch to a new iport I receive an opcode 1293 (which contains a new IP:PORT), but when I start following the new connection (initially not crypted), I see SMSG_AUTH_CHALLENGE+opcode 1298 (from my side), then I cannot follow the connection whatever I am doing: keep it unencrypted, or start decrypting it. Any idea ? Any special seed to apply at this time ?

[SinnerG]

Be aware that the realm 'ips' can now be dynamicly changed (dont know what construction you use though )

[Jadd]

ty for
const float PI = 3.14159265358979f;

Click

[maclone]

Because using Math.PI is rocket-science.

[miceiken]

Click

I thought most people knew what PI was and how to get a hold of it, it's not like it's patch dependant, has only been there for 9221483283821831 years.

[abdula123]

I will test these addresses/seeds tonight and will report my findings.

Thanks,

Edit: Well yes, I can confirm these seeds + offset work, at least when I am not requested by the server to switch IP:PORT. However if am requested to switch to a new iport I receive an opcode 1293 (which contains a new IP:PORT), but when I start following the new connection (initially not crypted), I see SMSG_AUTH_CHALLENGE+opcode 1298 (from my side), then I cannot follow the connection whatever I am doing: keep it unencrypted, or start decrypting it. Any idea ? Any special seed to apply at this time ?

I guess - yes, for each new connection there is new seeds.

3.3.3 add two new args in in crypto initalization fn - char *arg_seeds and int args_seeds_sz

Code:

  v_seeds_data1 = arg_seeds;
  if ( arg_seeds )
  {
    v_seeds_sz = arg_seeds_sz;
  }
  else
  {
    v_seeds_data1 = &const_static_seeds;
    v_seeds_sz = 32;
  }
  v_one_seed_sz = v_seeds_sz >> 1;
  v_client_seed = v_seeds_data1;
  v_server_seed = &v_seeds_data1[v_one_seed_sz];

for first connection its a zero, and client uses static seeds.
but for second connection - it nonzero and client uses it INSTEAD of static seeds.

[Marikafka]

Drakefish,

I think playerpointer is not rigth.
((PP)+34)+24) also don't seems do be working for me.

[swollen]

Drakefish,

I think playerpointer is not rigth.
((PP)+34)+24) also don't seems do be working for me.

You're doing it wrong then.
Are you adding decimal or hex values?

[Marikafka]

You're doing it wrong then.
Are you adding decimal or hex values?

Yes my bad, now it works, sorry.
However I can't make hunter/resource working.
The adress should be (((PP)+34)+24)+27a, with a value of 255 to tack all, but nothing happens.
Also I'm exploring IDA for hours now and I can't find Collision and Language adresses. Any ideas?

[JuJuBoSc]

The only one changed for me in 3.3.3a :

Code:

CGGameUI__Target = 0x00725AA0,          // 3.3.3a

        public enum Movements : uint
        {

            MoveForwardStart = 0x006C27F0,          // 3.3.3a
            MoveForwardStop = 0x006C2840,           // 3.3.3a
            MoveBackwardStart = 0x006C2880,         // 3.3.3a
            MoveBackwardStop = 0x006C28D0,          // 3.3.3a
            TurnLeftStart = 0x006C2910,             // 3.3.3a
            TurnLeftStop = 0x006C2950,              // 3.3.3a
            TurnRightStart = 0x006C29A0,            // 3.3.3a
            TurnRightStop = 0x006C29E0,             // 3.3.3a
            JumpOrAscendStart = 0x006C2570,         // 3.3.3a
            AscendStop = 0x006C2690,                // 3.3.3a

        }

[cenron]

Update list for 3.3.3a

Some stuff changed some didnt.

Code:

// Address List.
enum eAddrList
{
    ADDR_CLICK_TO_MOVE 			= 0x005CFB70,  // 3.3.3a
    ADDR_SET_TARGET 			= 0x00725AA0,  // 3.3.3a
    ADDR_UNIT_RELATION			= 0x005CD930,  // 3.3.3a
	ADDR_REPOP_ME				= 0x0057A950,  // 3.3.3a
	ADDR_RETRIEVE_CORPSE		= 0x0071BB70,  // 3.3.3a // Lua function.
	ADDR_GET_PLAYER_GUID		= 0x0080D0E0,  // 3.3.3a
	ADDR_SET_FACING				= 0x007EB570,  // 3.3.3a
    ADDR_CAST_SPELL             = 0x004DF3D0,  // 3.3.3a
    ADDR_GET_SPELL_BY_NAME      = 0x007366B0,  // 3.3.3a
    ADDR_GET_CREATURE_TYPE      = 0x005C7B70,  // 3.3.3a  // Fifth call, in lua_UnitCreatureType (NON-LAYOUT)
    ADDR_COMBO_POINTS           = 0x00C4EBE5,  // 3.3.3
	ADDR_INTERSECT				= 0x004FC300,  // 3.3.3a
	ADDR_CLEAR_TARGET			= 0x00724780,  // 3.3.3a
	ADDR_GET_TIME_STAMP 		= 0x00473610,  // 3.3.3a
	ADDR_GET_UNIT_AURA			= 0x005872D0,  // 3.3.3a
	ADDR_CAN_ATTACK				= 0x005D1EF0,  // 3.3.3a
	ADDR_LAST_HW_ACTION			= 0x00AE39CC,  // 3.3.3a
	ADDR_PET_ACTION				= 0x0074DA40   // 3.3.3a
};