Hi. I need a little help. I tried to apply algorithms of Warden WotLK and failed.
1. Module name, WotLK (md5 - 16 bytes), MoP (SHA-256?? - 32 bytes). - warden cache analysis
2. Structure of 0x00 packet - sniffs
WotLK:
Code:
encrypted block
{
uint8 opcode
uint8[16] name
uint8[16] key
uint32 compressed_size
}
MoP (my analysis)
Code:
not encrypted block
{
uint32 length of encrypted block
}
encrypted block
{
uint8 opcode
uint8[32] name
uint8[16] key
uint32 compressed_size
}
3. First keys RC4 (used before 0x05 packet) are not worked. I tried generate it from session key (as well as WotLK), but failed again. Packets (opcode 0x00) from 4.3.4 and 5.1.0 sniffs are not decrypted.
Someone explored the algorithm after 4.3.0? I made a mistake somewhere, or have indeed been changes? Maybe it is possible read RC4 key module from memory? Please give a little tips. Thanks.