[Question] RC4 + HMAC Scramble

[adapa]

I know how to implement RC4 in assembly with a K Value. But I am running into a problem with HMAC... I can't see where HMAC is used in the scramble. Are these keys included in the scramble with the Session Key of K? Or is the RC4 table scrambled first with K, and then the HMAC keys are used to re-scramble at a later time...

In the RC4 scramble(with K), I cant really see where HMAC would be used in the scramble(if it is even used here...) Im guessing HMAC is used after the RC4 Table is scrambled with K...

WOW RC4 Scramble With K:

Code:

012BC370  |> 8B45 08        /MOV EAX,DWORD PTR SS:[EBP+8]            ;  Move [EBP+8] Address to EAX.  EBP+8 = Session Key *K* Start
012BC373  |. 0FB6FA         |MOVZX EDI,DL 
012BC376  |. 0FB61407       |MOVZX EDX,BYTE PTR DS:[EDI+EAX] 
012BC37A  |. 021431         |ADD DL,BYTE PTR DS:[ECX+ESI]            ;  Add DL(0) and Byte @ Address[ECX(loop)(0) + ESI(Chart Start Location 00-FF))
012BC37D  |. 41             |INC ECX
012BC37E  |. 02DA           |ADD BL,DL                               
012BC380  |. 0FB65431 FF    |MOVZX EDX,BYTE PTR DS:[ECX+ESI-1]
012BC385  |. 0FB6C3         |MOVZX EAX,BL
012BC388  |. 03C6           |ADD EAX,ESI
012BC38A  |. 8855 13        |MOV BYTE PTR SS:[EBP+13],DL
012BC38D  |. 0FB610         |MOVZX EDX,BYTE PTR DS:[EAX]
012BC390  |. 885431 FF      |MOV BYTE PTR DS:[ECX+ESI-1],DL
012BC394  |. 0FB655 13      |MOVZX EDX,BYTE PTR SS:[EBP+13]
012BC398  |. 8810           |MOV BYTE PTR DS:[EAX],DL
012BC39A  |. 33D2           |XOR EDX,EDX
012BC39C  |. 8D47 01        |LEA EAX,DWORD PTR DS:[EDI+1]
012BC39F  |. F775 0C        |DIV DWORD PTR SS:[EBP+C]
012BC3A2  |. 81F9 00010000  |CMP ECX,100
012BC3A8  |.^72 C6          \JB SHORT Wow.012BC370

[TOM_RUS]

https://github.com/mangos/mangos/blo.../AuthCrypt.cpp

[adapa]

https://github.com/mangos/mangos/blo.../AuthCrypt.cpp

Thanks TOM_RUS, you have been of great help! How do I +REP? lol EDIT: NVM, found it.

And... I read that and viewed it(before you posted it), but I am a little lazy in downloading outside libraries and looking through 1k+ lines of code to achieve something that can be done in 20 lines of assembly -_-;;

The location of where HMAC is scrambled at would be really appreciated. Im guessing its not in the main RC4 K scramble... The search MUST GO ON!!

[TOM_RUS]

Have you even looked into functions I mentioned in other thread? Stop being lazy. This is exactly same code that I linked above:

Code:

void __thiscall WowConnection::SetEncryptionKey(WowConnection *this, BYTE *sessionKey, unsigned __int8 sessionKeySize, unsigned __int8 direction, BYTE *seedKeys, unsigned __int8 seedKeysSize)
{
  WowConnection *_this; // ebx@1
  BYTE *_seedKeys; // ecx@1
  unsigned __int8 _seedKeysSize; // al@2
  int __seedKeysSize; // eax@4
  int v10; // eax@4
  int v11; // ecx@4
  int v12; // edx@4
  int v13; // eax@4
  int v14; // ST08_4@4
  int v15; // eax@4
  int v16; // ecx@4
  int v17; // edi@4
  int v18; // edx@4
  int v19; // eax@4
  const void *v20; // ebx@4
  char hmacCtx[160]; // [sp+Ch] [bp-170h]@4
  char v22[64]; // [sp+ACh] [bp-D0h]@4
  char sha1ctx[96]; // [sp+ECh] [bp-90h]@4
  char v24[20]; // [sp+14Ch] [bp-30h]@4
  BYTE *__seedKeys; // [sp+160h] [bp-1Ch]@4
  BYTE *v26; // [sp+164h] [bp-18h]@4
  int hmacHash[5]; // [sp+168h] [bp-14h]@4
  const void *v33; // [sp+188h] [bp+Ch]@4
  int v34; // [sp+194h] [bp+18h]@4

  _this = this;
  _seedKeys = seedKeys;
  if ( seedKeys )
  {
    _seedKeysSize = seedKeysSize;
  }
  else
  {
    _seedKeys = (BYTE *)&hmac_seeds_keys;
    _seedKeysSize = 32;
  }
  __seedKeysSize = _seedKeysSize >> 1;          // _seedKeysSize / 2 = 16 bytes
  __seedKeys = _seedKeys;
  v26 = &_seedKeys[__seedKeysSize];
  v34 = __seedKeysSize;
  HMAC::Prepare((int)hmacCtx, (int)(&__seedKeys)[4 * direction], __seedKeysSize);
  SHA1::Process2(hmacCtx, (int)sessionKey, sessionKeySize);
  SHA1::Finish(hmacCtx, (int)v24);
  SHA1::Prepare((int)sha1ctx);
  SHA1::Process2(sha1ctx, (int)v22, 64);
  SHA1::Process2(sha1ctx, (int)v24, 20);
  SHA1::Finish(sha1ctx, (int)hmacHash);
  v10 = hmacHash[1];
  v11 = hmacHash[2];
  _this->key1[0] = hmacHash[0];
  v12 = hmacHash[3];
  _this->key1[1] = v10;
  v13 = hmacHash[4];
  _this->key1[2] = v11;
  _this->key1[3] = v12;
  v14 = (int)(&__seedKeys)[4 * (direction ^ 1)];
  _this->key1[4] = v13;
  HMAC::Prepare((int)hmacCtx, v14, v34);
  SHA1::Process2(hmacCtx, (int)sessionKey, sessionKeySize);
  SHA1::Finish(hmacCtx, (int)v24);
  SHA1::Prepare((int)sha1ctx);
  SHA1::Process2(sha1ctx, (int)v22, 64);
  SHA1::Process2(sha1ctx, (int)v24, 20);
  SHA1::Finish(sha1ctx, (int)hmacHash);
  v15 = hmacHash[1];
  v16 = hmacHash[2];
  v17 = (int)_this->key2;
  _this->key2[0] = hmacHash[0];
  v18 = hmacHash[3];
  _this->key2[1] = v15;
  v19 = hmacHash[4];
  _this->key2[2] = v16;
  _this->key2[3] = v18;
  _this->key2[4] = v19;
  v33 = _this->rc4state1;
  SARC4PrepareKey(_this->key1, 20, _this->rc4state1);
  v20 = _this->rc4state2;
  SARC4PrepareKey(v17, 20, v20);
  SARC4ProcessBuffer((int)byte_D93B80, 0x400u, v33, (void *)v33);
  SARC4ProcessBuffer((int)byte_D93B80, 0x400u, v20, (void *)v20);
}

[adapa]

Have you even looked into functions I mentioned in other thread? Stop being lazy.

Code:

void __thiscall WowConnection::SetEncryptionKey(WowConnection *this, BYTE *sessionKey, unsigned __int8 sessionKeySize, unsigned __int8 direction, BYTE *seedKeys, unsigned __int8 seedKeysSize)
{
  WowConnection *_this; // ebx@1
  BYTE *_seedKeys; // ecx@1
  unsigned __int8 _seedKeysSize; // al@2
  int __seedKeysSize; // eax@4
  int v10; // eax@4
  int v11; // ecx@4
  int v12; // edx@4
  int v13; // eax@4
  int v14; // ST08_4@4
  int v15; // eax@4
  int v16; // ecx@4
  int v17; // edi@4
  int v18; // edx@4
  int v19; // eax@4
  const void *v20; // ebx@4
  char hmacCtx[160]; // [sp+Ch] [bp-170h]@4
  char v22[64]; // [sp+ACh] [bp-D0h]@4
  char sha1ctx[96]; // [sp+ECh] [bp-90h]@4
  char v24[20]; // [sp+14Ch] [bp-30h]@4
  BYTE *__seedKeys; // [sp+160h] [bp-1Ch]@4
  BYTE *v26; // [sp+164h] [bp-18h]@4
  int hmacHash[5]; // [sp+168h] [bp-14h]@4
  const void *v33; // [sp+188h] [bp+Ch]@4
  int v34; // [sp+194h] [bp+18h]@4

  _this = this;
  _seedKeys = seedKeys;
  if ( seedKeys )
  {
    _seedKeysSize = seedKeysSize;
  }
  else
  {
    _seedKeys = (BYTE *)&hmac_seeds_keys;
    _seedKeysSize = 32;
  }
  __seedKeysSize = _seedKeysSize >> 1;          // _seedKeysSize / 2 = 16 bytes
  __seedKeys = _seedKeys;
  v26 = &_seedKeys[__seedKeysSize];
  v34 = __seedKeysSize;
  HMAC::Prepare((int)hmacCtx, (int)(&__seedKeys)[4 * direction], __seedKeysSize);
  SHA1::Process2(hmacCtx, (int)sessionKey, sessionKeySize);
  SHA1::Finish(hmacCtx, (int)v24);
  SHA1::Prepare((int)sha1ctx);
  SHA1::Process2(sha1ctx, (int)v22, 64);
  SHA1::Process2(sha1ctx, (int)v24, 20);
  SHA1::Finish(sha1ctx, (int)hmacHash);
  v10 = hmacHash[1];
  v11 = hmacHash[2];
  _this->key1[0] = hmacHash[0];
  v12 = hmacHash[3];
  _this->key1[1] = v10;
  v13 = hmacHash[4];
  _this->key1[2] = v11;
  _this->key1[3] = v12;
  v14 = (int)(&__seedKeys)[4 * (direction ^ 1)];
  _this->key1[4] = v13;
  HMAC::Prepare((int)hmacCtx, v14, v34);
  SHA1::Process2(hmacCtx, (int)sessionKey, sessionKeySize);
  SHA1::Finish(hmacCtx, (int)v24);
  SHA1::Prepare((int)sha1ctx);
  SHA1::Process2(sha1ctx, (int)v22, 64);
  SHA1::Process2(sha1ctx, (int)v24, 20);
  SHA1::Finish(sha1ctx, (int)hmacHash);
  v15 = hmacHash[1];
  v16 = hmacHash[2];
  v17 = (int)_this->key2;
  _this->key2[0] = hmacHash[0];
  v18 = hmacHash[3];
  _this->key2[1] = v15;
  v19 = hmacHash[4];
  _this->key2[2] = v16;
  _this->key2[3] = v18;
  _this->key2[4] = v19;
  v33 = _this->rc4state1;
  SARC4PrepareKey(_this->key1, 20, _this->rc4state1);
  v20 = _this->rc4state2;
  SARC4PrepareKey(v17, 20, v20);
  SARC4ProcessBuffer((int)byte_D93B80, 0x400u, v33, (void *)v33);
  SARC4ProcessBuffer((int)byte_D93B80, 0x400u, v20, (void *)v20);
}

Oh God, I feel like an idiot, I was thinking that it might prepare it like that before the scramble. Im going back over whats happening before the RC4 chart is called. Thanks for clearing it up. *smacks head*

I should be all good now.