As early as 1.12.1, Blizzard was automatically sending your chatlog with some tickets

[namreeb]

Hi.

I was poking around the Windows binary for 1.12.1 of WoW, and I stumbled across the function which builds the packet to open a ticket. That code is below. I noticed that they build the packet differently if the ticket was of a type called harassment. Upon further inspection, I realized that the additional information added to the packet is a record of your last 60 chat messages (including whispers, guild and officer, raid, channels, etc.).

I was rather surprised by this, especially since the history is stored in a static location which would make silently reading it at will easy to do with Warden. Yes, I realize that they could just sniff traffic etc. to accomplish the same thing. Yes, I realize that the contents of this chat might legally belong to them. Nevertheless, I feel this may be a bit too far in terms of privacy invasion.

The function is located at 0x5EF740.

Code:

void __stdcall Send_CMSG_GMTICKET_CREATE(unsigned int type, char *text)
{
  CGPlayer_C *player; // eax@1
  unsigned int v3; // ebx@1
  __int64 playerGuid; // qax@1
  int mapId; // esi@4
  int v6; // eax@4
  int v7; // ecx@4
  int v8; // edx@4
  void *v9; // ebx@8
  void *v10; // esi@8
  signed int v11; // ecx@10
  char *v12; // edi@10
  char *v13; // eax@10
  char v14; // zf@12
  unsigned int v15; // edx@14
  signed int v16; // ecx@14
  signed int v17; // ecx@14
  void *v18; // edi@14
  const void *v19; // esi@14
  int v20; // edi@14
  char v21; // zf@16
  signed int v22; // ecx@18
  void *v23; // edi@18
  char v24; // zf@20
  void *v25; // esi@24
  int v26; // edi@26
  int v27; // eax@26
  signed int v28; // ecx@30
  void *v29; // edi@30
  char v30; // zf@32
  int v31; // esi@34
  void *v32; // esp@34
  char *v33; // [sp-8h] [bp-898h]@3
  char *v34; // [sp-4h] [bp-894h]@3
  char *v35; // [sp+0h] [bp-890h]@3
  char v36; // [sp+4h] [bp-88Ch]@34
  char v37; // [sp+10h] [bp-880h]@4
  char v38; // [sp+7E0h] [bp-B0h]@1
  char v39; // [sp+7F8h] [bp-98h]@1
  char v40; // [sp+860h] [bp-30h]@4
  float posX; // [sp+86Ch] [bp-24h]@4
  float posY; // [sp+870h] [bp-20h]@4
  float posZ; // [sp+874h] [bp-1Ch]@4
  CDataStore this; // [sp+878h] [bp-18h]@1

  v3 = 0;
  memcpy(&v38, "Reserved for future use", 0x18u);
  this.m_buffer = 0;
  this.m_base = 0;
  this.m_alloc = 0;
  this.m_size = 0;
  this.m_read = -1;
  this.VMT = CDataStore___vftable_;
  memset(&v39, 0, 0x68u);
  playerGuid = ClntObjMgrGetActivePlayer();
  player = ClntObjMgrObjectPtr(0x10u, "E:\\build\\buildWoW\\WoW\\Source\\Object\\ObjectClient\\Player_C.h", playerGuid);
  if ( !player )
  {
    this.VMT = CDataStore___vftable_;
    if ( this.m_alloc == -1 )
      return;
    v35 = &this.m_alloc;
    v34 = &this.m_base;
    v33 = &this.m_buffer;
    goto LABEL_38;
  }
  v6 = (*(player->Base.Base.VMT + 5))(player, &v40);
  v7 = *(v6 + 4);
  LODWORD(posX) = *v6;
  v8 = *(v6 + 8);
  LODWORD(posY) = v7;
  LODWORD(posZ) = v8;
  mapId = j_ClntObjMgrGetMapID();
  SStrCopy(&v37, text, 2000);
  if ( !v37 )
  {
    CGGameUI__DisplayError(343);
    this.VMT = CDataStore___vftable_;
    if ( this.m_alloc == -1 )
      return;
    v35 = &this.m_alloc;
    v34 = &this.m_base;
    v33 = &this.m_buffer;
    goto LABEL_38;
  }
  CDataStore__Put32(&this, 0x205u);
  CDataStore__Put8(&this, type);
  CDataStore__Put32(&this, mapId);
  CDataStore__PutFloat(&this, posX);
  CDataStore__PutFloat(&this, posY);
  CDataStore__PutFloat(&this, posZ);
  CDataStore__PutString(&this, &v37);
  CDataStore__PutString(&this, &v38);
  if ( type == TICKET_HARASSMENT )
  {
    type = 0;
    v9 = SMemAlloc(122880, "E:\\build\\buildWoW\\WoW\\Source\\Object\\ObjectClient\\Player_C.cpp", 0x2713u, 0);
    v10 = NULL;
    *v9 = 0;
    text = NULL;
    do
    {
      if ( sub_49A810(v10) )
      {
        v13 = sub_49A830(v10);
        v11 = -1;
        v12 = v13;
        do
        {
          if ( !v11 )
            break;
          v14 = *v12++ == 0;
          --v11;
        }
        while ( !v14 );
        v17 = ~v11;
        v20 = &v12[-v17];
        v15 = v17;
        v16 = -1;
        v19 = v20;
        v18 = v9;
        do
        {
          if ( !v16 )
            break;
          v21 = *v18 == 0;
          v18 = v18 + 1;
          --v16;
        }
        while ( !v21 );
        memcpy(v18 - 1, v19, v15);
        v10 = text;
        v22 = -1;
        v23 = v9;
        do
        {
          if ( !v22 )
            break;
          v24 = *v23 == 0;
          v23 = v23 + 1;
          --v22;
        }
        while ( !v24 );
        *(v23 - 1) = *word_835144;
        ++type;
      }
      v10 = v10 + 1;
      text = v10;
    }
    while ( v10 < 60 );
    CDataStore__Put32(&this, type);
    v25 = 0;
    do
    {
      if ( sub_49A810(v25) )
      {
        v26 = sub_49A850(v25);
        v27 = OsGetTime(0);
        CDataStore__Put32b(&this, v27 - v26);
      }
      v25 = v25 + 1;
    }
    while ( v25 < 60 );
    if ( strlen(v9) == 1 )
    {
      CDataStore__Put32(&this, 0);
    }
    else
    {
      v28 = -1;
      v29 = v9;
      do
      {
        if ( !v28 )
          break;
        v30 = *v29 == 0;
        v29 = v29 + 1;
        --v28;
      }
      while ( !v30 );
      v31 = ~v28;
      type = v31 / 0x3E8u + v31 + 13;
      v32 = alloca(type);
      zlib_compress(&v36, &type, v9, ~v28, -1);
      CDataStore__Put32c(&this, v31);
      CDataStore__Write(&this, &v36, type);
    }
    SMemFree(v9, "delete[]", 0xFFFFFFFFu, 0);
    v3 = 0;
  }
  this.m_read = v3;
  ClientServices_Send(&this);
  this.VMT = CDataStore___vftable_;
  if ( this.m_alloc != -1 )
  {
    v35 = &this.m_alloc;
    v34 = &this.m_base;
    v33 = &this.m_buffer;
LABEL_38:
    off_7FF9E8(&this, v33, v34, v35);
  }
}

[superxdude]

I know GMs can read PMs you send while you are chatting with them. I was warned years ago instantly by the GM i was talking with.

I reported a specific asshat in chat as possibly hacked and was going to log for the night when a GM window popped up. I started chatting and he wanted to know why I thought the toon in question was hacked.

While BS'ing with the GM, I sent a PM to a guildie saying I knew of a way to escalate tickets (blah blah blah "insert word hacked or compromised" etc).

Got a stern warning from the GM and he say my account was noted.

[Fisher]

Blizz could be a branch of NSA considering how they store everything you send them (yupp even IDs and stuff)