i dump then login packets when paly wow game logon to battle.net server.
then set hosts file battle.net to 127.0.0.1 ,and run my emulator server.
start wow.exe with my battle.net account email and login.
my emulator server response the same packets with battle.net server.
but the wow client show LOGIN_BAD_SERVER_PROOF .
i suspect the packet has some verify.
when wow client login to battle.net server , it send
then the battle.net server or my emulator server response packet
when the wow client to any server , it always send the same packet except account name.
when the battle.net server response data always 919 bytes.
and use the same account to reconnect ,the battle.net server response data only 256 bytes not same.
it's ServerChallenge data.
in other words , the ServerChallenge data has some verify for client.
Continuous research for it .
..............................................here omitted thousands of secound for study................................................
the china battle server is : 122.198.64.130 cn.logon.battlenet.com.cn
i set my computer ip address to 122.198.64.130 , and set hosts file for cn.logon.battlenet.com.cn to 127.0.0.1
that means when wow client connect to cn.logon.battlenet.com.cn , it's realy connect to 127.0.0.1 (my localhost)
then my ip address is 122.198.64.130 , it's actually connect to 122.198.64.130 (my localhost)
for these setting, i run my emulator server . and start wow.exe to connect .
my emulator server response the same packets with battle.net server.
client show LOGIN_UNKNOWN_ACCOUNT
than, it's ok .
----------------------------------------------Gorgeous split line----------------------------------------------
it's means the ServerChallenge data has contained the server ip address .
when the client received the ServerChallenge data ,
it verify current connected server ip address is or isn't the ServerChallenge data ip address.
at the last, if anyone research the bnet 2 protocol , i hope Communicate this protocol
then set hosts file battle.net to 127.0.0.1 ,and run my emulator server.
start wow.exe with my battle.net account email and login.
my emulator server response the same packets with battle.net server.
but the wow client show LOGIN_BAD_SERVER_PROOF .
i suspect the packet has some verify.
when wow client login to battle.net server , it send
Code Select
Frist packet client to server for login
Offset 0 1 2 3 4 5 6 7 8 9 A B C D E F
00000000 40 00 0A ED EA 07 0A ED 2D 7E 4D 08 69 1E 00 2B @ 黻 ?~M i +
00000010 B7 AB 01 2B B4 B7 00 00 1B D5 00 2B B7 AB 63 30 帆 +捶 ?+帆c0
00000020 B9 B2 01 00 1B D5 00 2B B7 AB 7B 34 21 A7 00 00 共 ?+帆{4!?
00000030 1B D5 00 2B B7 AB 65 B7 21 A7 00 00 1B D5 54 37 ?+帆e?? 誘7
00000040 B7 B6 00 2B B4 B7 00 00 04 E8 43 37 32 BA 00 2B 范 +捶 鐲72?+
00000050 B4 B7 00 00 30 8C 06 00 31 32 33 40 31 32 33 2E 捶 0? 123@123.
00000060 63 6F 6D com
Quote
0x40=0 1 0 0 0 0 0 0
0x00=0 0 0 0 0 0 0 0
0x0A=0 0 0 0 1 0 1 0
0xED=1 1 1 0 1 1 0 1
0xEA=1 1 1 0 1 0 1 0
0x07=0 0 0 0 0 1 1 1
0x0A=0 0 0 0 1 0 1 0
0xED=1 1 1 0 1 1 0 1
0x2D=0 0 1 0 1 1 0 1
0x7E=0 1 1 1 1 1 1 0
0x4D=0 1 0 0 1 1 0 1
0x08=0 0 0 0 1 0 0 0
0x69=0 1 1 0 1 0 0 1
0x1E=0 0 0 1 1 1 1 0
0x00=0 0 0 0 0 0 0 0
0x2B=0 0 1 0 1 0 1 1
0xB7=1 0 1 1 0 1 1 1
0xAB=1 0 1 0 1 0 1 1
0x01=0 0 0 0 0 0 0 1
0x2B=0 0 1 0 1 0 1 1
0xB4=1 0 1 1 0 1 0 0
0xB7=1 0 1 1 0 1 1 1
0x00=0 0 0 0 0 0 0 0
0x00=0 0 0 0 0 0 0 0
0x1B=0 0 0 1 1 0 1 1
0xD5=1 1 0 1 0 1 0 1
0x00=0 0 0 0 0 0 0 0
......here omitted thousands of words......
0x06=0 0 0 0 0 1 1 0
0x00=0 0 0 0 0 0 0 0
-------------------------------------packet header------------------------------------------------
packetId = 0 0 0 0 0 0 = 0
bhaschannelid = 1 = 1 = TRUE
channelId = 0 0 0 0 = 0
-------------------------------------packet context------------------------------------------------
Program= 0 0 0 0 0 0 0 0 | 0 1 0 1 0 1 1 1 | 0 1 1 0 1 1 1 1 | 0 1 0 1 0 1 1 1 = 00 57 6F 57 = WoW
Platform= 0 0 0 0 0 0 0 0 | 0 1 0 1 0 1 1 1 | 0 1 1 0 1 0 0 1 | 0 1 1 0 1 1 1 0 = 00 57 69 6E = Win
Locale= 0 1 1 1 1 0 1 0 | 0 1 1 0 1 0 0 0 | 0 1 0 0 0 0 1 1 | 0 1 0 0 1 1 1 0 = 7A 68 43 4E = zhCN
Componentnum = 0 0 0 1 1 0 = 6
Component1.Program = 0 0 0 0 0 0 0 0 | 0 1 0 1 0 1 1 1 | 0 1 1 0 1 1 1 1 | 0 1 0 1 0 1 1 1 = 00 57 6F 57 = WoW
Component1.Platform = 0 0 0 0 0 0 0 0 | 0 1 0 1 0 1 1 1 | 0 1 1 0 1 0 0 1 | 0 1 1 0 1 1 1 0 = 00 57 69 6E = Win
Component1.Build = 0 0 0 0 0 0 0 0 | 0 0 0 0 0 0 0 0 | 0 0 1 1 0 1 1 1 | 1 0 1 0 1 0 1 0 = 00 00 37 AA = 14250
.................................here omitted thousands of words.........................................
bhasaccount = 1 = 1 = TRUE
accountlen = 0 0 0 0 0 1 0 0 0 = 8 //real accountlen need add 3 to this , it's 11
//align by byte for read account
account = 31 32 33 40 31 32 33 2E 63 6F 6D = 123@123.com
then the battle.net server or my emulator server response packet
Code Select
Frist packet server to client for login
Offset 0 1 2 3 4 5 6 7 8 9 A B C D E F
00000000 42 10 61 75 74 68 00 00 43 4E 8F 52 90 6A 2C 85 B auth CN R j,?
00000010 B4 16 A5 95 70 22 51 57 0F 96 D3 52 2F 39 23 76 ?p"QW 栍R/9#v
00000020 03 11 5F 2F 1A B2 49 62 04 3C 50 01 00 93 A4 B1 _/ 睮b <P 摛?
00000030 F4 DA 37 11 F8 AC 6A DB 0B 7D 44 E4 F6 8E C8 95 糈7 j?}D漩幦?
00000040 03 3E 4E F6 75 9E 25 07 21 96 6A F6 B4 50 9E 14 >N鰑? !杍龃P?
00000050 5D 12 74 65 A9 BA 72 2C 8A 60 A9 97 13 AF EC 77 ] te┖r,奰 w
00000060 1B 62 38 B4 E5 81 AB 4E A2 E2 03 76 92 17 4A F0 b8村 玁⑩ v?J?
00000070 E1 DA 40 FF 26 01 90 AB F7 D1 78 24 89 89 E8 76 嶷@& 褁$墘鑦
00000080 31 82 12 8D CA 28 6D FE 46 80 8C 3D 46 99 A0 7D 1? ?m﨔€?F櫊}
00000090 3A 3C D6 04 D7 3A 2C 03 8A 37 39 72 B0 FD ED 2C :<??, ?9r褒?
000000A0 DF 3C 0E 71 69 96 26 85 37 AA E7 9F 42 B4 B2 7C ? qi??烞床|
000000B0 AD D9 DC 60 60 56 32 E1 AE D2 CD DD 00 DA 4C 70 躟`V2岙彝?贚p
000000C0 33 49 91 CC F0 C8 75 06 88 A8 71 EB EF 12 18 C0 3I懱鹑u 埁q腼 ?
000000D0 14 E7 F1 AB F2 B9 48 53 38 4D 8A 7C C1 7D C1 AD 珩笻S8M妡羮镰
000000E0 5E 32 43 67 26 B9 6D C7 BF 89 3F 79 77 09 9C 2B ^2Cg&筸强?yw ?
000000F0 AA F0 13 0D DB 09 70 E8 DA 84 D0 64 7E 9B BF 27 ?p柃勑d~浛'
00000100 E0 BF 15 90 77 95 7B 77 79 3B 0F D3 A6 EB 9E 28 嗫 w晎wy; 应霝(
00000110 9C 8D 00 1D CA 59 C8 D6 A8 DD E6 76 D1 33 61 C3 ? 蔣戎ㄝ鎣?a?
00000120 92 9D 47 7C CF 28 A4 BE BC 7F 03 FD 82 CB D0 79 ?G|?ぞ? 齻诵y
00000130 C8 72 02 27 45 01 76 68 D2 2B 36 BF 6F 89 69 25 萺 'E vh?6縪塱%
00000140 B0 53 1B A5 5D 1C F2 1A 73 4A 58 54 78 37 9E E5 癝 ?sJXTx7炲
00000150 06 74 C5 8D 8B 8A F4 EB D3 9C B4 FF E5 0D B0 3E t?媻綦訙???
00000160 14 7D 3B 53 00 D4 05 55 2A 85 19 6F 89 61 75 74 };S ?U*?o塧ut
00000170 68 00 00 43 4E 36 B2 7C D9 11 B3 3C 61 73 0A 8B h CN6瞸??as ?
00000180 82 C8 B2 49 5F D1 6E 80 24 FC 3B 2D DE 08 86 1C 側睮_裯€$?-??
00000190 77 A8 52 94 1C 80 00 D4 56 AD F4 59 A4 11 D8 72 w≧?€ 訴Y?豶
000001A0 6B 69 95 E2 20 13 9E 7D 9A F4 58 C6 F6 66 A7 F9 ki曗 瀩汈X砌f
000001B0 DF 0D AF 9F B1 1C CA 4D 3A 7A 3D 45 D6 5E C2 1E ?療?蔒:z=E謂?
000001C0 65 B0 60 D7 4C 8A 02 F7 00 FF 2D 1F EA B3 F8 43 e癭譒??- 瓿鳦
000001D0 8B 54 E8 D8 D3 A5 32 FF CC 5F 3B 6F 32 06 89 A0 婽柝鹰2蘝;o2 墵
000001E0 73 21 3E D9 D9 D3 86 EE 4D CC 72 3C F7 FF DF 02 s!>儋訂頜蘲<??
000001F0 F4 E0 E8 34 EE 69 66 0B 82 91 85 C1 38 DE 39 F8 羿?頸f 倯吜8??
00000200 F8 46 8F A9 01 5B 09 7C E1 A4 22 DE D7 95 35 91 鳩 ?[ |幛"拮??
00000210 5E 56 1B 50 9F 9F 2D 04 D5 B6 3C C9 17 3B E3 87 ^V P煙- 斩<?;銍
00000220 C1 33 97 C8 DE 2D 37 49 76 C4 48 40 8A 61 97 5F ?椚?7Iv腍@奱梍
00000230 C1 FC 52 DD A5 99 A9 F6 10 64 69 BB B9 CB 35 DD 咙R荪櫓?di还??
00000240 94 00 2E 8F 3A E6 3B 42 24 40 A2 9C 5A D0 05 D1 ?. :?B$@Z??
00000250 4A 86 B8 15 09 3C EF 98 F7 5F 06 46 40 C0 6F 0D J喐 <飿鱛 F@纎
00000260 A7 78 FA 8A 33 00 C6 83 FF 6E 83 F2 29 0C 31 F0 鷬3 苾n凃) 1?
00000270 1D E4 93 20 06 65 C2 5A FE 16 E0 A2 A4 27 80 4A 鋼 e耑?啖?€J
00000280 4C D6 FA 5B 56 4E 80 12 99 4B 70 68 1B 1C A1 36 L助[VN€ 橩ph ?
00000290 7C A8 8D AE E4 E7 87 C4 23 FE 22 E7 11 03 13 EE |?鐕??? ?
000002A0 42 1D 6D FD 08 36 0D EB AD BE 5A D9 AC 31 94 12 B m?6 氕綵佻1?
000002B0 CB 63 2C 94 14 B3 D3 32 CD 84 10 7F A3 90 2F F1 薱,?秤2蛣 ?/?
000002C0 81 B1 94 9B 66 65 80 E2 7D 4D BF 6D 89 72 54 6F 睌沠e€鈣M縨塺To
000002D0 2A 6B 8C 4A 04 23 47 F1 A4 E3 3C 52 E8 DA 32 C2 *k孞 #G瘠?R柃2?
000002E0 C4 BE 56 3A 97 AD 1F 87 66 AE F2 93 5C ED 56 8B 木V:棴 噁揬鞻?
000002F0 DB 65 87 38 73 73 00 A4 8E 81 BA 4C EA 14 F2 1D 踖?ss 篖??
00000300 EF 73 2B A6 98 02 E5 0B 5C D7 2E 3A D0 9B 12 40 飐+ ?\?:袥 @
00000310 05 53 30 10 76 AF 4C 66 17 A8 B3 01 0C 6A 63 75 S0 v疞f ǔ jcu
00000320 99 9C C3 10 DC E0 7F FB 42 ED 9C A3 38 74 22 7D 櫆?茑 鸅頊?t"}
00000330 BA D0 91 69 44 E5 12 65 C0 BF AC 50 79 5A B5 9A 盒慽D?e揽琍yZ禋
00000340 2D 01 34 9A 32 1A 0D 7E 44 9A E6 CB 7A E2 A3 78 - 4? ~D氭藌猓x
00000350 03 6E EA FB A4 12 36 5B B6 B8 02 25 3F CE 0F 1D n犒?6[陡 %??
00000360 6D 9B 04 A5 94 08 58 19 87 0F A1 48 FB AF EE ED m? X ?铐
00000370 4B 03 83 46 C4 10 F1 14 B1 62 11 C0 11 25 C6 0E K 僃??眀 ?%?
00000380 E5 71 44 0F E8 7F 62 BC 38 E6 47 6B D3 3E 5E 5A 錻D ?b?鍳k?^Z
00000390 D6 E2 2B D9 65 2A 59 肘+賓*Y
Quote
0x42=0 1 0 0 0 0 1 0
0x10=0 0 0 1 0 0 0 0
-------------------------------------packet header------------------------------------------------
packetId = 0 0 0 0 1 0 = 2
bhaschannelid = 1 = 1 = TRUE
channelId = 0 0 0 0 = 0
mouldcount = 0 1 0 = 2
//align by byte
------------------------------------mould 1 context-----------------------------------------------
FileType= 61 75 74 68 = auth
Locale= 00 00 43 4E = CN
MouldID = 8F 52 90 6A 2C 85 B4 16 A5 95 70 22 51 57 0F 96 D3 52 2F 39 23 76 03 11 5F 2F 1A B2 49 62 04 3C
0x50=0 1 0 1 0 0 0 0
0x01=0 0 0 0 0 0 0 0
MouldDataLen= 0 1 0 1 0 0 0 0 0 0 = <int>0x140 = 320
//align by byte
0x00 unk
AccountSalt = 93 A4 B1 F4 DA 37 11 F8 AC 6A DB 0B 7D 44 E4 F6 8E C8 95 03 3E 4E F6 75 9E 25 07 21 96 6A F6 B4
PasswordSalt = 50 9E 14 5D 12 74 65 A9 BA 72 2C 8A 60 A9 97 13 AF EC 77 1B 62 38 B4 E5 81 AB 4E A2 E2 03 76 92
ServerChallenge=17 4A F0 E1 DA 40 FF 26 01 90 AB F7 D1 78 24 89 89 E8 76 31 82 12 8D CA 28 6D FE 46 80 8C 3D 46
99 A0 7D 3A 3C D6 04 D7 3A 2C 03 8A 37 39 72 B0 FD ED 2C DF 3C 0E 71 69 96 26 85 37 AA E7 9F 42
B4 B2 7C AD D9 DC 60 60 56 32 E1 AE D2 CD DD 00 DA 4C 70 33 49 91 CC F0 C8 75 06 88 A8 71 EB EF
12 18 C0 14 E7 F1 AB F2 B9 48 53 38 4D 8A 7C C1 7D C1 AD 5E 32 43 67 26 B9 6D C7 BF 89 3F 79 77
09 9C 2B AA F0 13 0D DB 09 70 E8 DA 84 D0 64 7E 9B BF 27 E0 BF 15 90 77 95 7B 77 79 3B 0F D3 A6
EB 9E 28 9C 8D 00 1D CA 59 C8 D6 A8 DD E6 76 D1 33 61 C3 92 9D 47 7C CF 28 A4 BE BC 7F 03 FD 82
CB D0 79 C8 72 02 27 45 01 76 68 D2 2B 36 BF 6F 89 69 25 B0 53 1B A5 5D 1C F2 1A 73 4A 58 54 78
37 9E E5 06 74 C5 8D 8B 8A F4 EB D3 9C B4 FF E5 0D B0 3E 14 7D 3B 53 00 D4 05 55 2A 85 19 6F 89
------------------------------------mould 2 context-----------------------------------------------
FileType= 61 75 74 68 = auth
Locale= 00 00 43 4E = CN
MouldID = 36 B2 7C D9 11 B3 3C 61 73 0A 8B 82 C8 B2 49 5F D1 6E 80 24 FC 3B 2D DE 08 86 1C 77 A8 52 94 1C
0x80=1 0 0 0 0 0 0 0
0x00=0 0 0 0 0 0 0 0
MouldDataLen= 1 0 0 0 0 0 0 0 0 0 = <int>0x200 = 512
//align by byte
MouldData = D4 56 AD F4 59 A4 11 D8 72 6B 69 95 E2 20 13 9E 7D 9A F4 58 C6 F6 66 A7 F9 DF 0D AF 9F B1 1C CA
4D 3A 7A 3D 45 D6 5E C2 1E 65 B0 60 D7 4C 8A 02 F7 00 FF 2D 1F EA B3 F8 43 8B 54 E8 D8 D3 A5 32
FF CC 5F 3B 6F 32 06 89 A0 73 21 3E D9 D9 D3 86 EE 4D CC 72 3C F7 FF DF 02 F4 E0 E8 34 EE 69 66
0B 82 91 85 C1 38 DE 39 F8 F8 46 8F A9 01 5B 09 7C E1 A4 22 DE D7 95 35 91 5E 56 1B 50 9F 9F 2D
04 D5 B6 3C C9 17 3B E3 87 C1 33 97 C8 DE 2D 37 49 76 C4 48 40 8A 61 97 5F C1 FC 52 DD A5 99 A9
F6 10 64 69 BB B9 CB 35 DD 94 00 2E 8F 3A E6 3B 42 24 40 A2 9C 5A D0 05 D1 4A 86 B8 15 09 3C EF
98 F7 5F 06 46 40 C0 6F 0D A7 78 FA 8A 33 00 C6 83 FF 6E 83 F2 29 0C 31 F0 1D E4 93 20 06 65 C2
5A FE 16 E0 A2 A4 27 80 4A 4C D6 FA 5B 56 4E 80 12 99 4B 70 68 1B 1C A1 36 7C A8 8D AE E4 E7 87
C4 23 FE 22 E7 11 03 13 EE 42 1D 6D FD 08 36 0D EB AD BE 5A D9 AC 31 94 12 CB 63 2C 94 14 B3 D3
32 CD 84 10 7F A3 90 2F F1 81 B1 94 9B 66 65 80 E2 7D 4D BF 6D 89 72 54 6F 2A 6B 8C 4A 04 23 47
F1 A4 E3 3C 52 E8 DA 32 C2 C4 BE 56 3A 97 AD 1F 87 66 AE F2 93 5C ED 56 8B DB 65 87 38 73 73 00
A4 8E 81 BA 4C EA 14 F2 1D EF 73 2B A6 98 02 E5 0B 5C D7 2E 3A D0 9B 12 40 05 53 30 10 76 AF 4C
66 17 A8 B3 01 0C 6A 63 75 99 9C C3 10 DC E0 7F FB 42 ED 9C A3 38 74 22 7D BA D0 91 69 44 E5 12
65 C0 BF AC 50 79 5A B5 9A 2D 01 34 9A 32 1A 0D 7E 44 9A E6 CB 7A E2 A3 78 03 6E EA FB A4 12 36
5B B6 B8 02 25 3F CE 0F 1D 6D 9B 04 A5 94 08 58 19 87 0F A1 48 FB AF EE ED 4B 03 83 46 C4 10 F1
14 B1 62 11 C0 11 25 C6 0E E5 71 44 0F E8 7F 62 BC 38 E6 47 6B D3 3E 5E 5A D6 E2 2B D9 65 2A 59
when the wow client to any server , it always send the same packet except account name.
when the battle.net server response data always 919 bytes.
and use the same account to reconnect ,the battle.net server response data only 256 bytes not same.
it's ServerChallenge data.
in other words , the ServerChallenge data has some verify for client.
Continuous research for it .
..............................................here omitted thousands of secound for study................................................
the china battle server is : 122.198.64.130 cn.logon.battlenet.com.cn
i set my computer ip address to 122.198.64.130 , and set hosts file for cn.logon.battlenet.com.cn to 127.0.0.1
that means when wow client connect to cn.logon.battlenet.com.cn , it's realy connect to 127.0.0.1 (my localhost)
then my ip address is 122.198.64.130 , it's actually connect to 122.198.64.130 (my localhost)
for these setting, i run my emulator server . and start wow.exe to connect .
my emulator server response the same packets with battle.net server.
client show LOGIN_UNKNOWN_ACCOUNT
than, it's ok .
----------------------------------------------Gorgeous split line----------------------------------------------
it's means the ServerChallenge data has contained the server ip address .
when the client received the ServerChallenge data ,
it verify current connected server ip address is or isn't the ServerChallenge data ip address.
at the last, if anyone research the bnet 2 protocol , i hope Communicate this protocol