[4.0.0 12025] Opcode ID changed ?

[TOM_RUS]

Code:

SMSG_AUTH_CHALLENGE = 0x8924,
CMSG_AUTH_SESSION = 0xA000,

structure changed, I'll let you find new one :P

[doityourself]

/Edit:

Hmm ok

Tom_Rus help us

I have found a lot of opcodes, but have problems on this -.-

[Hiperzone]

ye i realized that now tom, since my client was stuck at connected after challenge being sent, gonna try to check for the struct.

[Hurrr]

So I did find the right code to handle SMSG_AUTH_CHALLENGE, just not the right opcode value :|

Anyway, the new structure is:

8 longs
1 byte
1 long

Changing the mangos code like this:

Code:

    WorldPacket packet (SMSG_AUTH_CHALLENGE, 24);
   // packet << uint32(1);                                    // 1...31
    //packet << m_Seed;

    BigNumber seed1;
    seed1.SetRand(16 * 8);
    packet.append(seed1.AsByteArray(16), 16);               // new encryption seeds

    BigNumber seed2;
    seed2.SetRand(16 * 8);
    packet.append(seed2.AsByteArray(16), 16);               // new encryption seeds

	packet << uint8( 1 );
	packet << m_Seed;

Seems to work (I receive the A000 response from the client), although I'm not sure the actual value sent in this packet really matter since mangos doesn't verify the client response anyway.

TOM_RUS' sandbox sends all zeros with just some stuff in the last long and it works.

Gonna integrate all those other opcodes that have been found and see how it goes...

[Hiperzone]

ye :| my problem is the next opcode, and im too noob at ida to find the right structures, my client isnt documented enough, im only handling atm CMSG and SMSG opcode enumeration. but i think digest got changed to the first position followed by 3 uint32 zeros then uint32 value, possible 16 bit clientversion, 8 bit unk, string account, rest i dont know, prolly im wrong about digest also so ;P.
Btw whats the offset where u found the challenge handling?

---------- Post added at 11:45 AM ---------- Previous post was at 11:37 AM ----------

lol funny enough i can go to char enum etc if i just ignore the digest check etc -.-

[Hurrr]

ye :| my problem is the next opcode, and im too noob at ida to find the right structures, my client isnt documented enough, im only handling atm CMSG and SMSG opcode enumeration. but i think digest got changed to the first position followed by 3 uint32 zeros then uint32 value, possible 16 bit clientversion, 8 bit unk, string account, rest i dont know, prolly im wrong about digest also so ;P.
Btw whats the offset where u found the challenge handling?[COLOR="Silver"]

935fb0

Basically it used to be part of a bigger function that handled the auth challenge but it has been split out into a separate function. That's why I thought it was gone altogether at first.

I'm slacking right now, gotta integrate those other opcodes to continue working on this.

lol funny enough i can go to char enum etc if i just ignore the digest check etc -.-

Yeah, you can ignore a lot of things. The auth exchange apparently serves for the client to prove to the blizzard server that it's the actual client and not some third party program (ie server send random numbers, client do some secret stuff on it and send the result back, server check that the result is what's expected). In your own server you don't really care about that that's why mangos seem to pretty much ignore CMSG_AUTH_SESSION altogether.

[andy012345]

Edit: nvm I'm wrong :P

[Hurrr]

I have this lines:

Code:

sub_4868E0((void *)v3, 0x442u, (int)sub_618440, v3);
  sub_4868E0((void *)v3, 0xD074u, (int)sub_618440, v3);
  sub_4868E0((void *)v3, 0xD07Eu, (int)sub_618440, v3);
  sub_4868E0((void *)v3, 0xC634u, (int)sub_618440, v3);
  sub_4868E0((void *)v3, 0x161Eu, (int)sub_618440, v3);
  sub_4868E0((void *)v3, 0xD270u, (int)sub_618440, v3);
  sub_4868E0((void *)v3, 0x1214u, (int)sub_618440, v3);
  sub_4868E0((void *)v3, 0x8002u, (int)sub_618440, v3);
  sub_4868E0((void *)v3, 0x8012u, (int)sub_618440, v3);
  sub_4868E0((void *)v3, 0x9650u, (int)sub_618440, v3);

And SMSG_AUTH_CHALLENGE should be 0x442 or the location from this opcode has been changed, but here are the lines from 12065:

Code:

sub_482E40((void *)v3, 0x1DE3u, (int)sub_615EE0, v3);
  sub_482E40((void *)v3, 0xFEFu, (int)sub_615EE0, v3);
  sub_482E40((void *)v3, 0x3B63u, (int)sub_615EE0, v3);
  sub_482E40((void *)v3, 0xFD67u, (int)sub_615EE0, v3);
  sub_482E40((void *)v3, 0x9DEFu, (int)sub_615EE0, v3);
  sub_482E40((void *)v3, 0xDD6Bu, (int)sub_615EE0, v3);
  sub_482E40((void *)v3, 0x8F61u, (int)sub_615EE0, v3);
  sub_482E40((void *)v3, 0x79EFu, (int)sub_615EE0, v3);
  sub_482E40((void *)v3, 0x5B65u, (int)sub_615EE0, v3);
  sub_482E40((void *)v3, 0x7DEDu, (int)sub_615EE0, v3);
  sub_482E40((void *)v3, 0x1966u, (int)sub_615EE0, v3);

There's one more in the second list: sub_482E40((void *)v3, 0x1DE3u, (int)sub_615EE0, v3); which is SMSG_AUTH_CHALLENGE but it has been removed from that place in the new client. So basically you are off by one, you should remove the first line from the second list (ie 0x442 in the 12122 correspond to 0xfef in the old one and so on).

Fix those + the structure of SMSG_AUTH_CHALLENGE and you should get pretty far imo. I can't confirm that however because I've screwed up something in my mangos and it sends a one byte response for SMSG_AUTH_RESPONSE so it fails and I need to go somewhere now.

[RomanRom2]

guys, i released the sandbox, but with some limitations. anyway - basic functionality works fine (teleports, flights, speed up). thank you for the opcode researching, i cannot do it by myself i am coder only...
finally, i would say that clients behaviour is very strange - it do not send many opcode such as movement, spell_start... i guess we need to send some new opcode to initiate some ... trigger... or ... process, which switch on in the client functions to send our opcodes. or something like this.

[Hurrr]

So I was wrong about mangos not caring about CMSG_AUTH_SESSION. I'm such a noob :|

Here's how to fix it, replace the beginning of WorldSocket::HandleAuthSession with this:

Code:

int WorldSocket::HandleAuthSession (WorldPacket& recvPacket)
{
    // NOTE: ATM the socket is singlethread, have this in mind ...    uint8 digest[20];
    uint32 clientSeed;
    uint32 unk2;
	uint8 unk3;
    uint64 unk4;
    uint16 ClientBuild;
    uint32 id, security;
    uint8 expansion = 0;
    LocaleConstant locale;
    std::string account;
    Sha1Hash sha1;
    BigNumber v, s, g, N;
    WorldPacket packet, SendAddonPacked;

    BigNumber K;

    // Read the content of the packet
    recvPacket.read (digest, 20);
	recvPacket >> unk4;
    recvPacket >> unk2;
    recvPacket >> clientSeed;
	recvPacket >> ClientBuild;
	recvPacket >> unk3;
    recvPacket >> account;

Now I need to find what SMSG is wrong that prevents me from getting in world but even though I prefer using mangos to explore since there are two working sandboxes I guess I cba anymore until they mess up the opcodes again

[doityourself]

I get
WorldSocket::HandleAuthSession: Sent Auth Response (authentification failed).

[Hiperzone]

you missing a uint32 after account btw ;P

[Haith]

Anyone have luck yet with the opcode preventing world login? I seem to be hanging at the loading screen, and can't pick up which code is interfering.

[Edit]: I updated a couple of my missing opcodes from Hiperzone's post on pg 6, and got in world now. Thanks for the list

[doityourself]

you missing a uint32 after account btw ;P

which uint32?

[doityourself]

I still get this error message -.-
WorldSocket::HandleAuthSession: Sent Auth Response (authentification failed).