[4.0.0 12025] Opcode ID changed ?

[XTZGZoReX]

Fabi is just copy-pasting from here, as far as I can see. Without credits, as usual, too.

[doityourself]

Of course I have the most opcodes from here, but not all.

Sorry that I have forgotten the credits.

[doityourself]

Speaking with any npcs don't work. I think there is a new opcode

// Unknown Opcode: 0xADEE (Speak with any NPC's)

[doityourself]

new patch 4.0.0.12122

[AbdulHahmed]

And again: opcode changed!

new patch 4.0.0.12122

[doityourself]

oh yes again opcode changes ^^

Disassemble the wow.exe at this moment

[Hurrr]

The good thing is that the previous randomized opcodes are easy to find in the disassembly because of their relatively unique values, and since both the old and new client are built with asserts matching corresponding locations in the code should be much easier.

It's still a lot of work, I'm just going to find whatever's necessary to just explore in mangos. After all that's all I really care about

[Hurrr]

Here's a few. I have a hard time with SMSG_AUTH_CHALLENGE :|

Code:

   SMSG_CHAR_CREATE                                = 0xc634,
    SMSG_CHAR_ENUM                                  = 0xd07e,
    SMSG_CHAR_DELETE                                = 0x8012,
    SMSG_NEW_WORLD                                  = 0x442c,
    SMSG_CHARACTER_LOGIN_FAILED                     = 0x161e,
    SMSG_LOGOUT_RESPONSE                            = 0x8002,
    SMSG_LOGOUT_COMPLETE                            = 0xd270,
    SMSG_LOGOUT_CANCEL_ACK                          = 0x1214,
    SMSG_QUEST_POI_QUERY_RESPONSE                   = 0xd266,
    SMSG_AUTH_RESPONSE                              = 0x0442,
    SMSG_ADDON_INFO                                 = 0xd074,
    SMSG_CLIENTCACHE_VERSION                        = 0x9650,

[AbdulHahmed]

Do they follow a logic or are completely randomized?

And also: why the SMSG_AUTH_CHALLENGE is more difficult to find that other ones? Have they changed something else?

Here's a few. I have a hard time with SMSG_AUTH_CHALLENGE :|

Code:

   SMSG_CHAR_CREATE                                = 0xc634,
    SMSG_CHAR_ENUM                                  = 0xd07e,
    SMSG_CHAR_DELETE                                = 0x8012,
    SMSG_NEW_WORLD                                  = 0x442c,
    SMSG_CHARACTER_LOGIN_FAILED                     = 0x161e,
    SMSG_LOGOUT_RESPONSE                            = 0x8002,
    SMSG_LOGOUT_COMPLETE                            = 0xd270,
    SMSG_LOGOUT_CANCEL_ACK                          = 0x1214,
    SMSG_QUEST_POI_QUERY_RESPONSE                   = 0xd266,
    SMSG_AUTH_RESPONSE                              = 0x0442,
    SMSG_ADDON_INFO                                 = 0xd074,
    SMSG_CLIENTCACHE_VERSION                        = 0x9650,

[XTZGZoReX]

Do they follow a logic or are completely randomized?

So far, everything indicates the latter.

[AbdulHahmed]

Was it the same with the previous build ?

So far, everything indicates the latter.

[doityourself]

They randomize all opcodes with every patch?! A new system against wow emulators?

[Hurrr]

SMSG_AUTH_CHALLENGE have been a pain in the ass to find because they used to register a handler function for it that was shared with some other opcodes and was using a switch to handle them.
However it did not seem to actually do anything for SMSG_AUTH_CHALLENGE so they removed that handler registration.
Instead, it's handled through a switch in a different function that takes care of a few other special opcodes such as SMSG_PING.

The problem is that due to optimisations, switches can result in rather obfuscated code for those randomized opcode values where the compiler transform some range of values through various logical ops and use the result in a jump table.

The actual opcode values don't always appear directly in the code in those cases.

And this code end up being very different depending on the opcode values so it's difficult to compare it directly with the old code.

Furthermore they seem to have changed the code around there because that function now hands off the handling of some of the opcodes to another function that does another switch. Lastly I think they changed the authentication system so even the code that handles SMSG_AUTH_CHALLENGE is different.

So I have found something which I reasonably think looks like SMSG_AUTH_CHALLENGE, which is 0x804. The corresponding code is rather similar, and after replacing the opcode value in mangos I did get an interesting reaction from the client: it said "connected" briefly before disconnecting.

It turns out that it replied a single packet:
2010-05-28 16:11:16
CLIENT:
SOCKET: 728
LENGTH: 4
OPCODE: UNKNOWN (0x2100)
DATA:
01 00 00 00

And bailed out. Now the interesting thing is that the code I've found that I think handles SMSG_AUTH_CHALLENGE looks similar enough except that it doesn't read the challenge data from the packet (at least not right away at the start of the function like the old code)

Basically I think they changed the auth system and that in the new system opcode 0x804 is what the client seems to expect to receive first (other opcode values seem to be ignored at that point), but other than that I don't know how it works.

[edit: the function that handles SMSG_AUTH_CHALLENGE is at 483d70 in the 12065 client and the function that I think does the same in 12122 is at 487d10]

[doityourself]

I Have begin with opcode research and have uplaoded a few changes to my git repo. Mire come later:
Commit 6cd91bb254bb4590d2c627ac78e0e52d51018fdf to Fabi's diamondcore - GitHub
Commit c9a96b13b4c10d5340fc88e4d2c6638f9b6fa0f0 to Fabi's diamondcore - GitHub

/Edit
More updates:
http://github.com/Fabi/diamondcore/c...0f03c668a1ae15
More come later

[AbdulHahmed]

RomanRom2 of Wowcore has just posted the opcodes he needs for his sandbox:

"Here are the opcode, I use a Sandbox.I subscribe to here, what would the next time not to seek out and write

SMSG_AUTH_CHALLENGE
CMSG_AUTH_SESSION
SMSG_AUTH_RESPONSE = $0442;
CMSG_CHAR_ENUM
SMSG_CHAR_ENUM = $D07E;
CMSG_CHAR_CREATE
SMSG_CHAR_CREATE = $C634;
CMSG_CHAR_DELETE
SMSG_CHAR_DELETE = $8012;
CMSG_PING
SMSG_PONG
CMSG_ITEM_QUERY_SINGLE = $8236;
SMSG_ITEM_QUERY_SINGLE_RESPONSE = $8450;
CMSG_CREATURE_QUERY = $427C;
SMSG_CREATURE_QUERY_RESPONSE = $040E;
CMSG_GAMEOBJECT_QUERY = $904A;
SMSG_GAMEOBJECT_QUERY_RESPONSE = $C072;
CMSG_NPC_TEXT_QUERY = $C242;
SMSG_NPC_TEXT_UPDATE = $D01E;
CMSG_JOIN_CHANNEL
SMSG_CHANNEL_NOTIFY = 402C;
CMSG_MESSAGECHAT
CMSG_LOGOUT_REQUEST
SMSG_LOGOUT_COMPLETE = $D270;
CMSG_DESTROYITEM

SMSG_GOSSIP_COMPLETE
SMSG_GOSSIP_MESSAGE
SMSG_UPDATE_OBJECT
SMSG_ITEM_PUSH_RESULT
SMSG_INVENTORY_CHANGE_FAILURE
SMSG_MOVE_UNSET_CAN_FLY
SMSG_MOVE_SET_CAN_FLY

SMSG_CHARACTER_LOGIN_FAILED = $161E;
SMSG_ACCOUNT_DATA_TIMES = $D632;
MSG_SET_DUNGEON_DIFFICULTY
SMSG_LOGIN_VERIFY_WORLD = $5612;
SMSG_FEATURE_SYSTEM_STATUS = $9244;
SMSG_BINDPOINTUPDATE
SMSG_TUTORIAL_FLAGS
SMSG_INITIAL_SPELLS
SMSG_ACTION_BUTTONS
SMSG_TIME_SYNC_REQ = $C65E;
CMSG_PLAYER_LOGIN
CMSG_REQUEST_ACCOUNT_DATA
CMSG_UPDATE_ACCOUNT_DATA
SMSG_UPDATE_ACCOUNT_DATA_COMPLETE = $C428;
MSG_MOVE_WORLDPORT_ACK
CMSG_NAME_QUERY = $4616;
SMSG_NAME_QUERY_RESPONSE = $D200;
CMSG_QUERY_TIME
SMSG_QUERY_TIME_RESPONSE
CMSG_SET_SELECTION
CMSG_AREATRIGGER
CMSG_SWAP_INV_ITEM
CMSG_AUTOEQUIP_ITEM
CMSG_ATTACKSWING
CMSG_ATTACKSTOP
CMSG_QUESTGIVER_STATUS_QUERY
SMSG_QUESTGIVER_STATUS
CMSG_QUESTGIVER_HELLO
SMSG_QUESTGIVER_QUEST_LIST
CMSG_STANDSTATECHANGE
SMSG_STANDSTATE_UPDATE
CMSG_SETSHEATHED
CMSG_GOSSIP_SELECT_OPTION
CMSG_CAST_SPELL

SMSG_TRANSFER_PENDING = $D468;
SMSG_NEW_WORLD = $0412;
MSG_MOVE_TELEPORT_ACK
SMSG_MESSAGECHAT
SMSG_MOTD
SMSG_DESTROY_OBJECT
SMSG_FORCE_RUN_SPEED_CHANGE
SMSG_FORCE_SWIM_SPEED_CHANGE
SMSG_FORCE_FLIGHT_SPEED_CHANGE
SMSG_ATTACKSTART
SMSG_ATTACKSTOP
SMSG_SPELL_START
SMSG_SPELL_GO

MSG_MOVE_SET_FACING = $902C;
MSG_MOVE_START_STRAFE_LEFT = $8254;
MSG_MOVE_START_STRAFE_RIGHT = $8272;
MSG_MOVE_STOP_STRAFE = $443E;
MSG_MOVE_START_FORWARD = $860E;
MSG_MOVE_START_BACKWARD = $8612;
MSG_MOVE_HEARTBEAT
MSG_MOVE_STOP = $927C;
MSG_MOVE_JUMP = $9F6A;
MSG_MOVE_START_TURN_RIGHT = $0650;
MSG_MOVE_START_TURN_LEFT = $420C;
MSG_MOVE_STOP_TURN = $8424;
MSG_MOVE_SET_PITCH = $0006;
MSG_MOVE_START_ASCEND = $905C;
MSG_MOVE_STOP_ASCEND = $1254;
MSG_MOVE_START_SWIM

nachtu fill right here. like finish - produces Sandbox

pass straight here for parties.
omissions indicate that the code is not found. can a little help with the search

hmm, that is all as it is sad ..."

Source: Google Traduci

(Translated by Google Translate...)

Posted it here in the hope someone can help him in this search.