First of all I am sorry for bumping up an old thread, but since there is still no concrete answer to the original question, it just seemed wrong to open another.
I thought I would start with some of my findings on the topic and then perhaps someone else can fill in the missing pieces of the puzzle.
Here is what I have found so far via google:
- crc_hash = SHA-1(A, HMAC(some_game_files))
- the key (or seed) to HMAC is sent to the client by the server one packet earlier
- some_game_files is something that different sources refer to differently;
- for SpuriousEmu these are WoW.bin, DivxDecoder.bin and Unicows.bin **
- boogiebot packs various (and also nowhere specified and thus unknown) files into hash.bin
- Trinity-Encore says these are WoW.exe and Unicows.dll, although they do not implement this check at all
My problem with that is that it does not work for me. I am connecting to my own auth server with the 3.3.5(12340) enUS client and the value computed at the server is different from what my client is sending me. I have tried all the different combinations of the files used by my sources but nothing has wroked. It is either that I am reading the files in a wrong way (see the Spurious note at the bottom) or the whole procedure is erroneous - after all the code written for this check is not actually used anywhere by any of the projects above.
Normally I try to contact the code writers when in doubt, but I have been unsuccessful so far as the above 3 projects are mostly retired and the actual coders made sure to leave no e-mails behind (not in the code itself and not anywhere on the repositories). If anyone knows anyone who has worked on any of those projects, some contact info would be much appreciated.
Here is a code snippet of my implementation in Java - perhaps a beginner's mistake was made by me as the procedure is trivial:
Code:
//---------------------------------------------------------------------
// This will ofc. not compile and is just meant to better illustrate my
// procedure and perhaps expose any errors on my side.
try {
Mac hmac = Mac.getInstance("HmacSHA1");
// Use a fixed HMAC key (which is also sent to the cleint), for debugging:
SecretKeySpec key = new SecretKeySpec(
new byte[]{45, -9, 78, 33, 45, 78, -12, 102, 45, -34, 91, 105, 125, -34, -90, 46}, "HmacSHA1");
hmac.init(key);
String path = "<path_to_WorldOfWarcraft/>"
BufferedInputStream bis = new BufferedInputStream(new FileInputStream(path+"Wow.exe"));
byte[] temp = new byte[10000000];
int len = bis.read(temp, 0, temp.length);
hmac.update(temp, 0, len);
System.out.println(len);
bis = new BufferedInputStream(new FileInputStream(path+"DivxDecoder.dll"));
len = bis.read(temp, 0, temp.length);
hmac.update(temp, 0, len);
System.out.println(len);
bis = new BufferedInputStream(new FileInputStream(path+"unicows.dll"));
len = bis.read(temp, 0, temp.length);
hmac.update(temp, 0, len);
System.out.println(len);
byte[] fileHMAC = hmac.doFinal();
// H(A, fileHMAC)
MessageDigest md = MessageDigest.getInstance("SHA-1");
md.update(this.srpA); //srp A field of Auth Logon Proof sent by the client
md.update(fileHMAC);
byte[] rez = md.digest();
// Output results
System.out.println("My result:");
System.out.println(java.util.Arrays.toString(rez));
System.out.println("WoW.exe result:");
System.out.println(java.util.Arrays.toString(this.crcHash));
}
catch (Exception e) {
System.out.println("Error!");
e.printStackTrace();
}
//---------------------------------------------------------------------
I think that is enough material for not only avoiding a wall of text, but also proving that I have done my homework and am not asking for "spoon feed".
->If anyone is having trouble finding code snippets of crc_hash generation of the 3 (basically 2) projects I was referencing, these can also be added to this post, although I think my summary should suffice.
->Random link (archived on Wayback Machine) that I have found while googling - I just felt like linking it here to have all references at one place + it contains a packet structure of the auth proof (C -> S).
->**Note from Spurious implementation:
WoW.exe and DivxDecoder.dll are loaded from pieces of data, while Unicows.dll is normal full file loading.
This is supposed to be a hint as to how one goes by, producing the *.bin file counterparts. I have no idea what is meant by "loaded from pieces of data" - which pieces?!