Author Topic: World of WarCraft Protocol Reversal!  (Read 7259 times)

0 Members and 1 Guest are viewing this topic.

Offline Joe

  • B&
  • Moderator
  • Hero Member
  • *****
  • Posts: 10319
  • In Soviet Russia, text read you!
    • View Profile
    • Github
World of WarCraft Protocol Reversal!
« on: July 28, 2005, 06:35:33 pm »
Packet Format Notes

Packet Header Notes

Information for GameID, OperSys, Platform, etc, for use in WOW_AUTH_INFO

CheckVersion() by UserLoser (Thread)

C>S Talk Packet

My WoW Research Folder (Not a 403)

Discuss, add, or correct. Please, keep this topic clean, and only post if you know what you're talking about.

You're welcome to contact me on AIM (joetheodd) if you want me to make something in my notes more clear. As far as UserLoser, I will not give out his AIM to the public, but theres plenty of places to contact him.
« Last Edit: August 11, 2005, 02:52:50 am by Joe[x86] »
I'd personally do as Joe suggests

You might be right about that, Joe.


Offline Joe

  • B&
  • Moderator
  • Hero Member
  • *****
  • Posts: 10319
  • In Soviet Russia, text read you!
    • View Profile
    • Github
Re: World of WarCraft Protocol Reversal!
« Reply #1 on: July 30, 2005, 03:16:22 pm »
Somebody want to try to make something out of these unknown bytes?

EDIT -
This might come in handy. For each server in this list, we need to figure out the population (High, Med, Low, Full)(Perhaps from Current/Max), the current number of characters on that server, their realm name, and their IP (I have the latter two handled). May help to know that I have 2 on Magtheridan, 2 on Feathermoon, and 3 on Thunderlord, and that this packet was sent in pieces, so this is only the first part (so just ignore the last entry).

Code: [Select]
Packet S>C 0x10CA (WOW_REALMLIST)

Header {
  (BYTE)  ID      (0x10)
  (BYTE)  Sub ID  (0xCA)
}

(BYTE)    Unknown (0x0D)
(DWORD)   Unknown (0x00)
(DWORD)   Unknown (0x55000000)
(WORD)    Unknown (0x0000)

For Each server {
  (NTSTR) Server Name ('Eldre'Thalas')       ('Shadow Council')     ('Draenor')
  (NTSTR) Server IP   ('12.129.233.83:3724') ('12.129.233.88:3924') ('12.129.233.5:3724')
  (BYTE)  Unknown     (0x00)                 (0xEC)                 (0x64)
  (BYTE)  Unknown     (0x00)                 (0x51)                 (0x3B)
  (BYTE)  Unknown     (0xE0)                 (0xE0)                 (0x9F)
  (BYTE)  Unknown     (0x40)                 (0x40)                 (0x40)
  (BYTE)  Unknown     (0x00)                 (0x00)                 (0x00)
  (BYTE)  Unknown     (0x01)                 (0x01)                 (0x01)
  (BYTE)  Unknown     (0x01)                 (0x03)                 (0x25)
  (BYTE)  Unknown     (0x06)                 (0x00)                 (0x00)
  (BYTE)  Unknown     (0x00)                 (0x00)                 (0x00)
  (BYTE)  Unknown     (0x00)                 (0x00)                 (0x00)
  (BYTE)  Unknown     (0x00)                 (0x00)                 (0x00)
  (BYTE)  Unknown     (0x00)                 (0x00)                 (0x00)
}


0030                     10 ca 0d 00 00 00 00 55 00 00        .......U..
0040   00 00 00 45 6c 64 72 65 27 54 68 61 6c 61 73 00  ...Eldre'Thalas.
0050   31 32 2e 31 32 39 2e 32 33 33 2e 38 33 3a 33 37  12.129.233.83:37
0060   32 34 00 00 00 e0 40 00 01 01 06 00 00 00 00 53  24....@........S
0070   68 61 64 6f 77 20 43 6f 75 6e 63 69 6c 00 31 32  hadow Council.12
0080   2e 31 32 39 2e 32 33 33 2e 38 38 3a 33 37 32 34  .129.233.88:3724
0090   00 ec 51 e0 40 00 01 03 00 00 00 00 00 44 72 61  ..Q.@........Dra
00a0   65 6e 6f 72 00 31 32 2e 31 32 39 2e 32 33 33 2e  enor.12.129.233.
00b0   35 3a 33 37 32 34 00 64 3b 9f 40 00 01 25 00 00  5:3724.d;.@..%..
00c0   00 00 00 42 72 6f 6e 7a 65 62 65 61 72 64 00 31  ...Bronzebeard.1
00d0   32 2e 31 32 39 2e 32 33 33 2e 32 3a 33 37 32 34  2.129.233.2:3724
00e0   00 29 5c df 40 00 01 27 00 00 00 00 00 50 65 72  .)\.@..'.....Per
00f0   65 6e 6f 6c 64 65 00 31 32 2e 31 32 39 2e 32 33  enolde.12.129.23
0100   33 2e 31 32 30 3a 33 37 32 34 00 3d 0a df 40 00  3.120:3724.=..@.
0110   01 2d 01 00 00 00 00 53 6b 75 6c 6c 63 72 75 73  .-.....Skullcrus
0120   68 65 72 00 32 30 36 2e 31 36 2e 32 33 35 2e 31  her.206.16.235.1
0130   33 3a 33 37 32 34 00 00 00 20 41 00 01 18 00 00  3:3724... A.....
0140   00 00 00 5a 75 6c 27 6a 69 6e 00 32 30 36 2e 31  ...Zul'jin.206.1
0150   36 2e 32 33 35 2e 31 38 3a 33 37 32 34 00 00 00  6.235.18:3724...
0160   20 41 00 01 0b 01 00 00 00 00 4d 61 6c 27 47 61   A........Mal'Ga
0170   6e 69 73 00 32 30 36 2e 31 36 2e 32 33 35 2e 31  nis.206.16.235.1
0180   35 3a 33 37 32 34 00 00 00 c8 43 00 01 09 00 00  5:3724....C.....
0190   00 00 00 4b 61 72 67 61 74 68 00 32 30 36 2e 31  ...Kargath.206.1
01a0   36 2e 32 33 35 2e 36 36 3a 33 37 32 34 00 00 00  6.235.66:3724...
01b0   c8 43 00 01 24 06 00 00 00 00 45 61 72 74 68 65  .C..$.....Earthe
01c0   6e 20 52 69 6e 67 00 32 30 36 2e 31 36 2e 32 33  n Ring.206.16.23
01d0   35 2e 35 34 3a 33 37 32 34 00 00 00 c8 43 00 01  5.54:3724....C..
01e0   26 00 00 00 00 00 41 67 67 72 61 6d 61 72 00 32  &.....Aggramar.2
01f0   30 36 2e 31 36 2e 32 33 35 2e 31 32 33 3a 33 37  06.16.235.123:37
0200   32 34 00 00 00 c8 43 00 01 2c 01 00 00 00 00 57  24....C..,.....W
0210   61 72 73 6f 6e 67 00 32 30 36 2e 31 36 2e 32 33  arsong.206.16.23
0220   35 2e 31 30 33 3a 33 37 32 34 00 00 00 20 41 00  5.103:3724... A.
0230   01 15 01 00 00 00 00 53 6d 6f 6c 64 65 72 74 68  .......Smolderth
0240   6f 72 6e 00 31 32 2e 31 32 39 2e 32 33 33 2e 36  orn.12.129.233.6
0250   33 3a 33 37 32 34 00 d9 ce af 40 00 01 08 01 00  3:3724....@.....
0260   00 00 00 42 6c 65 65 64 69 6e 67 20 48 6f 6c 6c  ...Bleeding Holl
0270   6f 77 00 32 30 36 2e 31 36 2e 32 33 35 2e 31 31  ow.206.16.235.11
0280   35 3a 33 37 32 34 00 00 00 20 41 00 01 17 01 00  5:3724... A.....
0290   00 00 00 42 75 72 6e 69 6e 67 20 42 6c 61 64 65  ...Burning Blade
02a0   00 32 30 36 2e 31 36 2e 32 33 35 2e 35 37 3a 33  .206.16.235.57:3
02b0   37 32 34 00 00 00 c8 43 00 01 1d 01 00 00 00 00  724....C........
02c0   45 72 65 64 61 72 00 32 30 36 2e 31 36 2e 32 33  Eredar.206.16.23
02d0   35 2e 32 39 3a 33 37 32 34 00 00 00 c8 43 00 01  5.29:3724....C..
02e0   1f 00 00 00 00 00 4d 65 64 69 76 68 00 32 30 36  ......Medivh.206
02f0   2e 31 36 2e 32 33 35 2e 31 31 37 3a 33 37 32 34  .16.235.117:3724
0300   00 00 00 20 41 00 01 0c 01 00 00 00 00 44 75 6e  ... A........Dun
0310   65 6d 61 75 6c 00 31 32 2e 31 32 39 2e 32 33 33  emaul.12.129.233
0320   2e 31 31 3a 33 37 32 34 00 e9 26 b1 40 00 01 21  .11:3724..&.@..!
0330   00 00 00 00 00 53 75 72 61 6d 61 72 00 31 32 2e  .....Suramar.12.
0340   31 32 39 2e 32 33 33 2e 37 3a 33 37 32 34 00 a0  129.233.7:3724..
0350   1a df 40 00 01 23 00 00 00 00 00 42 6c 6f 6f 64  ..@..#.....Blood
0360   68 6f 6f 66 00 32 30 36 2e 31 36 2e 32 33 35 2e  hoof.206.16.235.
0370   32 34 3a 33 37 32 34 00 00 00 20 41 00 01 0e 01  24:3724... A....
0380   00 00 00 00 54 69 63 68 6f 6e 64 72 69 75 73 00  ....Tichondrius.
0390   31 32 2e 31 32 39 2e 32 32 35 2e 36 33 3a 33 37  12.129.225.63:37
03a0   32 34 00 00 00 c8 43 00 01 0b 01 00 00 00 00 4b  24....C........K
03b0   69 6c 27 4a 61 65 64 65 6e 20 00 31 32 2e 31 32  il'Jaeden .12.12
03c0   39 2e 32 32 35 2e 31 37 3a 33 37 32 34 00 00 00  9.225.17:3724...
03d0   c8 43 00 01 09 01 00 00 00 00 44 72 61 67 6f 6e  .C........Dragon
03e0   6d 61 77 00 31 32 2e 31 32 39 2e 32 33 33 2e 34  maw.12.129.233.4
03f0   39 3a 33 37 32 34 00 b6 f3 c5 40 00 01 16 01 00  9:3724....@.....
0400   00 00 00 54 68 75 6e 64 65 72 6c 6f 72 64 00 32  ...Thunderlord.2
0410   30 36 2e 31 36 2e 32 33 35 2e 34 32 3a 33 37 32  06.16.235.42:372
0420   34 00 00 00 c8 43 03 01 29 01 00 00 00 00 53 74  4....C..).....St
0430   6f 6e 65 6d 61 75 6c 00 31 32 2e 31 32 39 2e 32  onemaul.12.129.2
0440   33 33 2e 32 38 3a 33 37 32 34 00 75 93 b8 40 00  33.28:3724.u..@.
0450   01 1e 00 00 00 00 00 54 65 72 65 6e 61 73 00 31  .......Terenas.1
0460   32 2e 31 32 39 2e 32 33 33 2e 32 32 3a 33 37 32  2.129.233.22:372
0470   34 00 8b 6c df 40 00 01 1c 00 00 00 00 00 4b 69  4..l.@........Ki
0480   6c 72 6f 67 67 00 31 32 2e 31 32 39 2e 32 32 35  lrogg.12.129.225
0490   2e 37 3a 33 37 32 34 00 00 00 c8 43 00 01 04 00  .7:3724....C....
04a0   00 00 00 00 48 79 6a 61 6c 00 31 32 2e 31 32 39  ....Hyjal.12.129
04b0   2e 32 32 35 2e 31 30 38 3a 33 37 32 34 00 00 00  .225.108:3724...
04c0   c8 43 00 01 06 01 00 00 00 00 53 68 61 64 6f 77  .C........Shadow
04d0   20 4d 6f 6f 6e 00 32 30 36 2e 31 36 2e 32 33 35   Moon.206.16.235
04e0   2e 31 39 3a 33 37 32 34 00 00 00 c8 43 00 01 20  .19:3724....C..
04f0   00 00 00 00 00 45 6f 6e 61 72 00 32 30 36 2e 31  .....Eonar.206.1
0500   36 2e 32 33 35 2e 31 30 35 3a 33 37 32 34 00 00  6.235.105:3724..
0510   00 c8 43 00 01 22 00 00 00 00 00 45 6c 75 6e 65  ..C..".....Elune
0520   00 32 30 36 2e 31 36 2e 32 33 35 2e 32 33 3a 33  .206.16.235.23:3
0530   37 32 34 00 00 00 20 41 00 01 11 06 00 00 00 00  724... A........
0540   53 63 61 72 6c 65 74 20 43 72 75 73 61 64 65 00  Scarlet Crusade.
0550   31 32 2e 31 32 39 2e 32 33 33 2e 37 35 3a 33 37  12.129.233.75:37
0560   32 34 00 ec 51 e0 40 00 01 04 01 00 00 00 00 46  24..Q.@........F
0570   72 6f 73 74 6d 61 6e 65 00 31 32 2e 31 32 39 2e  rostmane.12.129.
0580   32 33 33 2e 31 31                                233.11
« Last Edit: July 30, 2005, 03:18:29 pm by Joe[x86] »
I'd personally do as Joe suggests

You might be right about that, Joe.


Offline Sidoh

  • x86
  • Hero Member
  • *****
  • Posts: 17634
  • MHNATY ~~~~~
    • View Profile
    • sidoh
Re: World of WarCraft Protocol Reversal!
« Reply #2 on: July 30, 2005, 04:47:21 pm »
Some of your "unknowns" probably include server type and population.

Offline Joe

  • B&
  • Moderator
  • Hero Member
  • *****
  • Posts: 10319
  • In Soviet Russia, text read you!
    • View Profile
    • Github
Re: World of WarCraft Protocol Reversal!
« Reply #3 on: July 30, 2005, 05:59:46 pm »
Aha, server type. Forgot about that. Anyhow, did you see the EDIT section? =)
I'd personally do as Joe suggests

You might be right about that, Joe.


Offline Warrior

  • supreme mac daddy of trolls
  • Hero Member
  • *****
  • Posts: 7503
  • One for a Dime two for a Quarter!
    • View Profile
Re: World of WarCraft Protocol Reversal!
« Reply #4 on: July 31, 2005, 10:26:20 pm »
You're not going to get very far by just packet logging.
One must ask oneself: "do I will trolling to become a universal law?" And then when one realizes "yes, I do will it to be such," one feels completely justified.
-- from Groundwork for the Metaphysics of Trolling

Offline Joe

  • B&
  • Moderator
  • Hero Member
  • *****
  • Posts: 10319
  • In Soviet Russia, text read you!
    • View Profile
    • Github
Re: World of WarCraft Protocol Reversal!
« Reply #5 on: August 01, 2005, 02:13:05 am »
I'm not going to get very far disasembling without a copy of IDA. *cough*Quik*cough*
I'd personally do as Joe suggests

You might be right about that, Joe.


Offline Joe

  • B&
  • Moderator
  • Hero Member
  • *****
  • Posts: 10319
  • In Soviet Russia, text read you!
    • View Profile
    • Github
Re: World of WarCraft Protocol Reversal!
« Reply #6 on: August 02, 2005, 07:25:51 am »
Patch 1.6.1 was released today, and the version DWORD is now 0x00010601.
I'd personally do as Joe suggests

You might be right about that, Joe.


Offline Joe

  • B&
  • Moderator
  • Hero Member
  • *****
  • Posts: 10319
  • In Soviet Russia, text read you!
    • View Profile
    • Github
Re: World of WarCraft Protocol Reversal!
« Reply #7 on: August 03, 2005, 08:10:49 am »
Packet 0x0002 has been sent correctly by my World of WarCraft Research Bot. Private Beta will begin in a few days.

Code: [Select]
[6:17:28 AM] World of WarCraft Research Chatbot by Joe[x86] loaded!
[6:17:28 AM] Registration passed.
[6:17:30 AM] [WWRL] Connecting to us.logon.worldofwarcraft.com:3724..
[6:17:30 AM] [WWRL] Connected!
[6:17:30 AM] [SEND] 0x0002 (WOW_AUTH_INFO)...
[6:17:30 AM] Data Arrival!
[6:17:30 AM] Recieved Packet:
0000:  00 00 00 90 E0 C7 2D A9 8E 7D EE 46 F7 F3 F5 53   ...?àÇ-©Ž}îF÷óõS
0010:  DD 5D B3 50 2F 9E 2E D0 40 AA 79 01 75 28 25 9D   Ý]³P/ž.Ð@ªyu(%?
0020:  BE 72 26 01 07 20 89 4B 64 5E 89 E1 53 5B BD AD   ¾r& ‰Kd^‰áS[½­
0030:  5B 8B 29 06 50 53 08 01 B1 8E BF BF 5E 8F AB 3C   [‹)PS±Ž¿¿^?«<
0040:  82 87 2A 3E 9B B7 C6 5A C3 A6 6A 0F DF A1 79 AB   ‚‡*>›·ÆZæjß¡y«
0050:  D8 86 DC AD F6 9E E0 20 2F 65 8D 8C 16 AD 25 C5   Ø†Ü­öžà /e?Œ­%Å
0060:  41 EE E5 BE C7 1C C6 0E B0 F2 C4 83 FF A3 7B 76   Aîå¾ÇÆ°òăÿ£{v
0070:  98 72 EA 51 48 37                                 ˜rêQH7..........
I'd personally do as Joe suggests

You might be right about that, Joe.


Offline Quik

  • Webmaster Guy
  • x86
  • Hero Member
  • *****
  • Posts: 3262
  • \x51 \x75 \x69 \x6B \x5B \x78 \x38 \x36 \x5D
    • View Profile
Re: World of WarCraft Protocol Reversal!
« Reply #8 on: August 03, 2005, 02:08:27 pm »
You don't have IDA because you have 56k.
Quote
[20:21:13] xar: i was just thinking about the time iago came over here and we made this huge bomb and light up the sky for 6 min
[20:21:15] xar: that was funny

Offline Joe

  • B&
  • Moderator
  • Hero Member
  • *****
  • Posts: 10319
  • In Soviet Russia, text read you!
    • View Profile
    • Github
Re: World of WarCraft Protocol Reversal!
« Reply #9 on: August 04, 2005, 05:02:47 am »
=.=

Private Beta has began. IM me.

EDIT -
MyndFyre says this is more of a pre-alpha. =)
« Last Edit: August 07, 2005, 01:51:33 pm by Joe[x86] »
I'd personally do as Joe suggests

You might be right about that, Joe.


Offline Joe

  • B&
  • Moderator
  • Hero Member
  • *****
  • Posts: 10319
  • In Soviet Russia, text read you!
    • View Profile
    • Github
Re: World of WarCraft Protocol Reversal!
« Reply #10 on: August 07, 2005, 01:53:20 pm »
Heres the next packet. Seeing as how theres not a single character of "plain text" here, its all garble (see above), I will asume its all DWORDs. I broke it down, 4 bytes by 4 bytes, and I'm going to go ahead and find the integral value of each DWORD, to see if I can make anything out of it. The first two bytes are, again, the PacketID (0x00) and error code (0x00).

00 00
00 93 B1 38
56 A1 F2 DD
6B 97 AD C7
66 34 15 81
72 31 D6 0F
61 91 2D F5
7E D1 CE 9E
F1 46 6D EB
4B 01 07 20
89 4B 64 5E
89 E1 53 5B
BD AD 5B 8B
29 06 50 53
08 01 B1 8E
BF BF 5E 8F
AB 3C 82 87
2A 3E 9B B7
C6 5A C3 A6
6A 0F DF A1
79 AB D8 86
DC AD F6 9E
E0 20 2F 65
8D 8C 16 AD
25 C5 41 EE
E5 BE C7 1C
87 99 F3 9B
1D 8D 8C 04
D1 E8 DF BB
C0 64 28 80
I'd personally do as Joe suggests

You might be right about that, Joe.


Offline Joe

  • B&
  • Moderator
  • Hero Member
  • *****
  • Posts: 10319
  • In Soviet Russia, text read you!
    • View Profile
    • Github
Re: World of WarCraft Protocol Reversal!
« Reply #11 on: August 11, 2005, 02:42:37 am »
Got the format of the talk packet down, pretty much. Some confusing stuff, still.

http://www.javaop.com/~joe/wow/talkpacket.txt

EDIT -
I think the "constant" unknown DWORD is the language.
« Last Edit: August 11, 2005, 04:47:35 am by Joe[x86] »
I'd personally do as Joe suggests

You might be right about that, Joe.