Emulate Battle.net

TaRou · February 27, 2010, 11:33:40 AM

Quote from: MADCATX on February 25, 2010, 01:09:58 PM
Quote from: aChnorr on February 25, 2010, 12:03:52 PM
MADCATX, are you reading the package header/information or just sending what you captured with wireshark without knowing what it means? Can you please post what you know about the protocol here.
I try to differentiate packets with answers to the same command, if they differ then there is simething to do with it.
I've found that packet coming from server to auth command always have different bytes, starting from byte 46, so this packet have some header information and the rest is the seesion key.
US auth header:
420861757468005553428f52906a2c85b416a595702251570f96d3522f39237603115f2f1ab24962043c500100
EU auth header:
421061757468004555428f52906a2c85b416a595702251570f96d3522f39237603115f2f1ab24962043c500100
Possible differences EU in place of US and so on (4555=EU)(5553=US)...
However EU session key is longer then US by 554 bytes. You also can't login to US server with EU client and vice versa. What is stored in this 554 bytes I do not imagine.

First, because this article through translator should apologize for shit.
(Sadly, I can read English too slowly, but that did not use it well..)
Packet Capture with various conditions that I was trying.
"42 08 .." begins with a header that does not exist if one appeared in EMAIL.
"42 10 .." begins with a header that appeared to exist when using EMAIL.
I was in South Korea. (lang.ko-kr) Therefore, I do not think this is to do with area code.
Of course I could be wrong even higher. (Because I'm not programmer or something like that.)
If I'm too old and Thread quotation or, if you already know I'll apologize in advance.

Not Exist EMAIL
42 08 61 75 74 68 00 4B 52 42 8F 52 90 6A 2C 85
B4 16 A5 95 70 22 51 57 0F 96 D3 52 2F 39 23 76
03 11 5F 2F 1A B2 49 62 04 3C 50 01 00

Exist EMAIL
42 10 61 75 74 68 00 4B 52 42 8F 52 90 6A 2C 85
B4 16 A5 95 70 22 51 57 0F 96 D3 52 2F 39 23 76
03 11 5F 2F 1A B2 49 62 04 3C 50 01 00

ps. in korean server, recv(after send id) packet is 919bytes(when i use not exist email, got 365bytes). (but.. i can't sure, because i'm not beta tester.)

MADCATX · February 27, 2010, 01:59:27 PM

The problem is that auth packet has encoded data(which differs every time), and I can't understand the pattern. When client authorize on server it sends the password hash(sha1) and key for another encryption algorithm. Server sends back account data + some data encrypted using client's key. If you try to send back data which you have got from dumps client says that the server is bad and closes it's connection, because he decrypts the data with the key generated, but data was encrypted using another key.
As far as I know WoW uses the same encryption, so we can look at the WoW emu's sourcecodes, but there is no documentation and it's quite hard to find what we need.
http://www.arcemu.info/wiki/index.php?title=Getting_the_source_code
http://getmangos.com/

Anonymious_BG · February 27, 2010, 05:58:41 PM

So i believe it goes like this:

Code Select

void WowCrypt::Init(uint8 *K)
{
    static const uint8 s[16] = { 0xF4, 0x66, 0x31, 0x59, 0xFC, 0x83, 0x6E, 0x31, 0x31, 0x02, 0x51, 0xD5, 0x44, 0x31, 0x67, 0x98 };
    static const uint8 r[16] = { 0x22, 0xBE, 0xE5, 0xCF, 0xBB, 0x07, 0x64, 0xD9, 0x00, 0x45, 0x1B, 0xD0, 0x24, 0xB8, 0xD5, 0x45 };
    uint8 encryptHash[SHA_DIGEST_LENGTH];
    uint8 decryptHash[SHA_DIGEST_LENGTH];
    uint8 pass[1024];
    uint32 md_len;

    // generate c->s key
    HMAC(EVP_sha1(), s, 16, K, 40, decryptHash, &md_len);
    assert(md_len == SHA_DIGEST_LENGTH);

    // generate s->c key
    HMAC(EVP_sha1(), r, 16, K, 40, encryptHash, &md_len);
    assert(md_len == SHA_DIGEST_LENGTH);

    // initialize rc4 structs
    RC4_set_key(&m_clientDecrypt, SHA_DIGEST_LENGTH, decryptHash);
    RC4_set_key(&m_serverEncrypt, SHA_DIGEST_LENGTH, encryptHash);

    // initial encryption pass -- this is just to get key position,
    // the data doesn't actually have to be initialized as discovered
    // by client debugging.
    RC4(&m_serverEncrypt, 1024, pass, pass);
    RC4(&m_clientDecrypt, 1024, pass, pass);
    m_initialized = true;
}

HMAC is function from the OpenSSL project and its definition is: HMAC is a MAC (message authentication code), i.e. a keyed hash functionused for message authentication, which is based on a hash function.

All of this is from AscentEMU source in folders:
extras\arcemu-windows-libraries\VC\include\openssl
src\arcemu-shared\Auth

MADCATX · February 28, 2010, 03:17:15 AM

Quote from: Anonymious_BG on February 27, 2010, 05:58:41 PM
So i believe it goes like this

I have read this file, but the question is where to get the Key, as you can see this function requires key to initialize(Init(uint8 *K)).

Anonymious_BG · February 28, 2010, 09:26:37 AM

It appears to be a session key:

Code Select

	// Pull the session key.
//	uint8 K[40];
	recvData.read(K, 40);

and then starts with initialization of encryption:

Code Select

	_crypt.Init(K);
	
	BigNumber BNK;
	BNK.SetBinary(K, 40);
	...
        Sha1Hash sha;

	uint8 digest[20];
	pAuthenticationPacket->read(digest, 20);
        ...
        sha.UpdateData((uint8 *)&t, 4);
	sha.UpdateData((uint8 *)&mClientSeed, 4);
	sha.UpdateData((uint8 *)&mSeed, 4);
	sha.UpdateBigNumbers(&BNK, NULL);
	sha.Finalize();
        if (memcmp(sha.GetDigest(), digest, 20))
	{
		// AUTH_UNKNOWN_ACCOUNT = 21
		OutPacket(SMSG_AUTH_RESPONSE, 1, "\x15");
		return;
	}

The whole communication is in: src\arcemu-world\WorldSocket.cpp

This appears to be the authentication packet in WoW:

Code Select

	*recvPacket >> mClientBuild;
		*recvPacket >> unk2;
		*recvPacket >> account;
		*recvPacket >> unk3;
		*recvPacket >> mClientSeed;
		*recvPacket >> unk4;

Roger911 · February 28, 2010, 10:51:17 AM

Hey guys, I'm not exactly knowledgable when it comes down to packet editing... But it seems to me that you are relating authorization packets from WOW, to the ones from SC2. Maybe you should listen to the latest podcast from blizzard, as they mentioned something about working on a future update for wow that will have something to do with sc2. Maybe they will provide you with the missing pieces in time?

Sorry if this is irrelevant and does not help.

StarALaMod · February 28, 2010, 04:32:12 PM

If a emulated battle net server goes up, how long do u guys think it will take blizzard to take it down?

NefiX · February 28, 2010, 04:37:51 PM

Quote from: StarALaMod on February 28, 2010, 04:32:12 PM
If a emulated battle net server goes up, how long do u guys think it will take blizzard to take it down?

Just like war3 or wow private servers - never.

Silentl3ob · February 28, 2010, 07:11:22 PM

sense there is so many starcraft fans out there as soon as u make a "private server" wouldnt it be completely overloaded with people?

MiCrOMaN1 · February 28, 2010, 09:41:17 PM

Quote from: Silentl3ob on February 28, 2010, 07:11:22 PM
sense there is so many starcraft fans out there as soon as u make a "private server" wouldnt it be completely overloaded with people?

Ya, but getting and moving it to a newer server won't make it crash.

matrixn · February 28, 2010, 09:55:39 PM

Or, you just made it to play with your clan and friends for training/fun

i allready have a server standingby for sc2 bnet emu server.. i hope they want to release a unix version when is time to release something

TokeGaming · February 28, 2010, 10:15:46 PM

any ETA?

or is it just obnoxious for me to ask lol

keep up the hard work

matrixn · February 28, 2010, 10:17:04 PM

i don`t know any eta.. i`m just waiting... and perfectioning my game strategy

dodongbadong · March 01, 2010, 03:26:29 AM

Quote from: matrixn on February 28, 2010, 10:17:04 PM
i don`t know any eta.. i`m just waiting... and perfectioning my game strategy

perfecting your strategy against AI?

stoffern · March 01, 2010, 10:02:29 AM

any updates?..
i sendt you a pm btw