Interestingly... I have not seen any packets that are either received nor sent that resembles this packet:
Code:
075CEF4C 00 00 00 B3 06 0A 37 D5 0C A6 42 F5 C5 21 C2 C9 ...³.7Õ.¦BõÅ!ÂÉ
075CEF5C A4 F7 6B 8F DB F9 93 C1 35 40 73 BF A9 6B C2 59 ¤÷kÛù“Á5@s¿©kÂY
075CEF6C 49 D0 4B 01 07 20 B7 9B 3E 2A 87 82 3C AB 8F 5E I**K ·›>*‡‚<«^
075CEF7C BF BF 8E B1 01 08 53 50 06 29 8B 5B AD BD 5B 53 ¿¿Ž±SP)‹[*½[S
075CEF8C E1 89 5E 64 4B 89 73 1A BA 56 A1 8D 78 09 15 E9 á‰^dK‰sºV¡x.é
075CEF9C 7E 6F 07 62 04 CB E4 A7 D9 79 3E 14 43 E5 E1 5A ~obËä§Ùy>CåáZ
075CEFAC 6C 80 DD 95 A4 D5 F9 2C A0 BC A6 E2 82 95 E5 94 l€Ý•¤Õù,*¼¦â‚•å”
075CEFBC D5 8C 4D 25 36 CD 00 ÕŒM%6Í.
00 opcode _1byte
00 cmd _1byte
00 error-code _1byte
B3 06 0A 37 D5 0C A6 42 F5 C5 21 C2 C9 A4 F7 6B B _32bytes
8F DB F9 93 C1 35 40 73 BF A9 6B C2 59 49 D0 4B
01 len of g _1byte
07 g _1byte
20 len of N _1byte
B7 9B 3E 2A 87 82 3C AB 8F 5E BF BF 8E B1 01 08 N _32bytes
53 50 06 29 8B 5B AD BD 5B 53 E1 89 5E 64 4B 89
73 1A BA 56 A1 8D 78 09 15 E9 7E 6F 07 62 04 CB Salt _32bytes
E4 A7 D9 79 3E 14 43 E5 E1 5A 6C 80 DD 95 A4 D5
F9 2C A0 BC A6 E2 82 95 E5 94 D5 8C 4D 25 36 CD unknown3 (CRC?) _16bytes
00 on socket left _________________________
_118 bytes
//
Code:
2011-07-30 21:51:26 SERVER:
SOCKET: 28
LENGTH: 37
OPCODE: SMSG_AUTH_CHALLENGE (0x8C10)
DATA:
47 5A E3 2A 05 16 57 F8 87 94 50 88 C1 8F C4 81
01 A4 DB CF 33 EB D2 5B A0 F4 DA 3A 65 D2 FB 8B
E8 8C 95 EC A9
2011-07-30 21:51:26 CLIENT:
SOCKET: 28
LENGTH: 4
OPCODE: CMSG_LOG_DISCONNECT (0x0920)
DATA:
03 00 00 00
And this is the packet that I must receive when making any new connections besides the first connection to the server....
So the new question is... When I do connect to a new server I get:
Code:
...
WOW [2] Recv:
3d d6 f4 4d 15 ae 12 0e 66 54 8b 3b e3 54 21 56 5d 05 ad cf 12 54 =..M....fT.;.T!V]....T
af 99 1f 9d 66 91 82 ad f0 36 4d b6 a8 5d cf 3c 1a 83 7c a8 bf aa ....f....6M..].<..|...
f0 9e 13 eb 0a 25 23 16 72 27 a6 23 d6 b8 e1 5e 98 94 51 fe c1 43 .....%#.r'.#...^..Q..C
dc c1 ba 45 ae 0d 70 55 6c c9 ad 13 41 f4 a3 19 5f 81 d3 b1 19 58 ...E..pUl...A..._....X
e3 37 ca 40 1e f5 78 41 5a 66 bc 27 c7 f3 78 e5 ba 65 1f fb 61 be [email protected].'..x..e..a.
de e7 6c f8 8f 9b 4c d2 94 e4 cd e3 9e ff 1c 9b 9b 59 93 e7 ae 47 ..l...L..........Y...G
bd 63 43 bd 64 49 99 53 c5 cf 73 b4 64 7a e3 db 75 2f dd 12 e1 aa .cC.dI.S..s.dz..u/....
8f 0f 10 0e 53 ee 07 d9 0a e9 58 66 d7 fc b1 10 44 26 00 8b 13 d3 ....S.....Xf....D&....
4c 01 b3 fb 3b f8 f1 9c f8 6f f1 74 b4 03 b4 f9 fc a6 92 25 53 0a L...;....o.t.......%S.
64 7b 4d 4e 5c 4c dc 6d ce f9 e5 ab 32 33 42 a4 a8 0f a2 d6 90 b3 d{MN\L.m....23B.......
ef 77 35 9d c9 73 ce 39 da 13 c4 87 58 e7 2e 8c cc 9e 43 e3 14 39 .w5..s.9....X.....C..9
ff 0b 1d fd 72 10 4a f1 13 ac 42 4d 4a cd ea 00 0e 00 00 00 00 9d ....r.J...BMJ.........
e6 ae 89 44 37 80 19 ...D7..
*******************************************************************
*Connection [3] made on port: 3724. Socket = [10456]
*******************************************************************
WOW [2] Sent:
4c e6 76 04 2b b5 L.v.+.
WOW [2] Sent:
64 e5 ac a7 0d e7 d.....
WOW [2] Sent:
14 10 2d 5b d0 ef ff ff ff ff ..-[......
WOW RECEIVE CHECKING HEADER FOR PACKET: 0x00, 0x30
WOW [3] Recv:
00 30 .0
WOW RECEIVE CHECKING HEADER FOR PACKET: 0x57, 0x4f
WOW [3] Recv:
57 4f 52 4c 44 20 4f 46 20 57 41 52 43 52 41 46 54 20 43 4f 4e 4e WORLD OF WARCRAFT CONN
45 43 54 49 4f 4e 20 2d 20 53 45 52 56 45 52 20 54 4f 20 43 4c 49 ECTION - SERVER TO CLI
45 4e 54 00 ENT.
WOW SEND CHECKING HEADER FOR PACKET: 00 30 57 4f 52 4c
WOW [3] Sent:
00 30 57 4f 52 4c 44 20 4f 46 20 57 41 52 43 52 41 46 54 20 43 4f .0WORLD OF WARCRAFT CO
4e 4e 45 43 54 49 4f 4e 20 2d 20 43 4c 49 45 4e 54 20 54 4f 20 53 NNECTION - CLIENT TO S
45 52 56 45 52 00 ERVER.
WOW [2] Recv:
3b 26 ;&
WOW [2] Recv:
c2 a4 80 25 83 4e 01 15 00 00 00 04 2e 79 4e 00 00 00 00 00 00 00 ...%.N.......yN.......
00 .
WOW RECEIVE CHECKING HEADER FOR PACKET: 0x00, 0x27
WOW [3] Recv:
00 27 .'
WOW RECEIVE CHECKING HEADER FOR PACKET: 0x81, 0x11
WOW [3] Recv:
81 11 1c 59 d9 d5 aa 60 b9 3d cf 7d d9 51 22 2f 3a 7c 2b c5 59 bd ...Y...`.=.}.Q"/:|+.Y.
90 a6 d3 a5 58 ef a0 12 3f 5f 2b d3 01 cb c7 42 7a ....X...?_+....Bz
WOW [3] Sent:
f2 7a ff bc a0 e3 d5 3d 48 09 52 bc a4 50 a4 4b f3 3f 56 02 00 00 .z.....=H.R..P.K.?V...
00 00 00 00 00 55 6b 9d e6 ae 89 44 37 80 19 ac db 41 24 1d .....Uk....D7....A$.
WOW [2] Recv:
a8 8d ..
WOW [2] Recv:
c3 2b 80 01 00 00 00 00 00 00 00 00 da 00 50 XX XX XX XX XX XX XX .+............XXXXXXXXX
00 03 00 00 00 00 be 7e a1 9b c5 9f e9 5c 44 c9 1d 8a 43 34 01 00 .......~.....\D...C4..
00 00 01 00 00 00 05 00 01 02 09 17 00 00 00 00 00 a0 10 99 61 11 ....................a.
00 00 01 00 07 01 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ......................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ......................
00 00 00 00 14 65 31 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 .....e1...............
07 99 08 00 00 00 00 00 00 08 bd 0c 00 00 00 00 00 00 00 00 00 00 ......................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ......................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ......................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 11 d8 01 00 00 00 00 ......................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ......................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ......................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 80 00 10 .....................
... etc ... etc ...
Channel 3 is a new connection. Obviously channel 1 would be port 1119 with the login of WOW. channel 2 would be the first connection made to port 3724, and as you can see channel 3 is on port 3724. So, where in this log would I "steal" the new HMAC seeds to make the new ARC4 encryption/decryption charts?
*sits down facing the corner and sucks thumb*
EDIT:
I am guessing that the packet I have to steal the HMAC SEEDS from is this packet(from the log above):
Code:
WOW RECEIVE CHECKING HEADER FOR PACKET: 0x81, 0x11
WOW [3] Recv:
81 11 1c 59 d9 d5 aa 60 b9 3d cf 7d d9 51 22 2f 3a 7c 2b c5 59 bd ...Y...`.=.}.Q"/:|+.Y.
90 a6 d3 a5 58 ef a0 12 3f 5f 2b d3 01 cb c7 42 7a ....X...?_+....Bz
I know the header is 0x81 0x11, and these never change, but the data does, which makes me think this is the packet I need.
The thing is, I have no idea what todo with this data, and it doesn't look like it holds two more HMAC SEEDS for the encryption table. Unless I have to split it apart and do it like that.... Very confused. Anywho, any information would be highly appreciated. It doesnt seem like most people know truly how the protocol works, and I really wanna figure this out. :-)