Hello everyone!
As you maybe have noticed blizzard now uses that interesting opcode SMSG_REDIRECT_CLIENT which opens a second connection in the client to a specified IP and port. Most packets then will be sent using the new connection. If this connection is not opened packets will be queued and sent when the connection gets opened.
Now thats where the problems begin. Unfortunately some dev had the very bad idea to encrypt the content of SMSG_REDIRECT_CLIENT using the RSA-algorithm. We have a hardcoded modulus and private key but we do not know the servers "public" key and as a main feature of RSA this is at the moment safe. We would have to factorize modulus to calculate phi(modulus) and then we could calculate the public key from the private key.
There are basically two workarounds:
Nr. 1: Patch WoW.exe and change the hardcoded modulus to a large number we know its factors p and q. So we can easily calculate the public key from there.
Nr. 2:
Code:
static void Main(string[] args)
{
Memory mem = new Memory("WoW");
uint netClient = gNetClient + mem.Base;
uint basePtr = mem.Read<uint>(netClient);
uint ofs1 = basePtr + 0x464C; // bool QueuePacketsForConnection1;
uint ofs2 = basePtr + 0x464D; // bool QueuePacketsForConnection2;
uint ofs3 = basePtr + 0x461C; // ServerConnection* pConnection1;
uint ofs4 = basePtr + 0x4620; // ServerConnection* pConnection2;
byte val1 = mem.Read<byte>(ofs1);
uint ptr1 = mem.Read<uint>(ofs3);
mem.Write(ofs4, ptr1); // pConnection2 = pConnection1;
mem.Write(ofs2, val1); // QueuePacketsForConnection2 = QueuePacketsForConnection1;
Console.ReadKey();
}
The code is pretty self explaining id say. Its just saying the client, that the redirected connection is initialized and sets its pointer to the initial connection. By running this at the characterlist and then enter the world the server again receives every packet. There are of course also issues with that. When falling back to login-screen (disconnected from sever) you have to restart Wow or reverse the changes made, else delete is used on the same connection twice which results in an access violation. The same happens if you close WoW. Connections are freed twice which gives you an access violation, but that doesnt hurt.
Greetings
Cromon