SRP6 Calculation (in JS)

[paulc03]

Hi, I'm working on a login script using nodejs. I managed to connect to the auth server, do the AuthLogonChallenge and now I'm stuck at the AuthLogonProof.

I took inspiration from RFC 5054 - Using the Secure Remote Password (SRP) Protocol for TLS Authentication and http://srp.stanford.edu/srp6.ps but the definitions seem different.

Here's my implementation:

Code:

// data took copied from wireshark capture
const N = Buffer.from([0xb7, 0x9b, 0x3e, 0x2a, 0x87, 0x82, 0x3c, 0xab, 0x8f, 0x5e, 0xbf, 0xbf, 0x8e, 0xb1, 0x01, 0x08, 0x53, 0x50, 0x06, 0x29, 0x8b, 0x5b, 0xad, 0xbd, 0x5b, 0x53, 0xe1, 0x89, 0x5e, 0x64, 0x4b, 0x89])
const B = Buffer.from([0x56, 0xfe, 0x38, 0x00, 0xfb, 0xca, 0x84, 0x99, 0xeb, 0xec, 0x12, 0x1f, 0x85, 0xb8, 0x5b, 0x9a, 0xbc, 0x1b, 0x5a, 0xeb, 0x7f, 0xd1, 0xba, 0x8d, 0xdb, 0x9a, 0xbd, 0x97, 0x04, 0x1c, 0x67, 0x3f])
const g = Buffer.from([0x07])
const s = Buffer.from([0x7f, 0x1c, 0x34, 0x97, 0x9f, 0x25, 0x0a, 0xf1, 0x90, 0x88, 0x08, 0x1d, 0x5b, 0x1b, 0x2c, 0x18, 0x1f, 0xe7, 0x89, 0xa6, 0x03, 0x0b, 0xcd, 0xc3, 0x86, 0x87, 0x30, 0xf0, 0x7c, 0xfa, 0x4e, 0xcd])
const I = Buffer.from('ADMIN')
const P = Buffer.from('ADMIN')

const genSRPParams = (sLittle: Buffer, g: Buffer, IBig: Buffer, PBig: Buffer, BLittle: Buffer, NLittle: Buffer) => {
    const B = bigIntBuffer.toBigIntLE(BLittle);
    const N = bigIntBuffer.toBigIntLE(NLittle);

    const a = BigInt(Math.floor(Math.random() * 15) + 1);
    const A = modPow(bigIntBuffer.toBigIntBE(g), a, N); // (g ** a) % N;

    clog.assert('A % N != 0', A % N !== 0n, {
        expected: 'not 0',
        actual: '0',
    });

    const u = createHash('sha1').update(Buffer.concat([bigIntBuffer.toBufferBE(A, 32), BLittle.reverse()])).digest();
    const k = createHash('sha1').update(Buffer.concat([NLittle.reverse(), g])).digest();
    const x = createHash('sha1').update(Buffer.concat([sLittle.reverse(), IBig, Buffer.from(':'), PBig])).digest()
    const M1 = modPow(
        (B - (
            bigIntBuffer.toBigIntBE(k) * modPow(bigIntBuffer.toBigIntBE(g), bigIntBuffer.toBigIntBE(x), N)
        )),
        (a + (
            bigIntBuffer.toBigIntBE(u) * bigIntBuffer.toBigIntBE(x))),
        N
    );
    console.log({
        A: bigIntBuffer.toBufferLE(A, 32),
        M1: bigIntBuffer.toBufferLE(M1, 20),
    })
}

genSRPParams(s, g, I, P, B, N)

This code prints:

Code:

saenai@shitOS:~/Projects/wow-client$ npx ts-node auth/utils.ts 
client assert    A % N != 0 ... OK
{
  A: <Buffer a7 41 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00>,
  M1: <Buffer 56 ab 38 68 e1 66 fe 1d 4e e8 49 ae 73 48 88 e3 8b 8a 02 57>
}

Which doesn't look at all like the byte arrays that wireshark captured. Can you point me in a good direction on how to do this?

Many thanks