[3.3.5] SMSG_AUTH_CHALLENGE

Hi guys, I’ve been writing a packet client that will eventually be used for a custom client. I noticed that there are 2 16 byte BigInteger values being sent to the client with the SMSG_AUTH_CHALLENGE message. It appears that neither Trinitycore nor Mangos make use of the values they generate but I’d like to know what the client is doing with them. I believe there may be servers out there who have this implemented because authentication is being rejected on some 3.3.5 servers while other TC servers are accepting it just fine. I have a suspicion it may be related to the two 16 byte values sent with SMSG_AUTH_CHALLENGE and if anyone has any information I’d appreciate it.

  • Glader

They are not used by the client for the first connection to realm, only for connections initialized with SMSG_CONNECT_TO (i think its called SMSG_REDIRECT_CLIENT in 3.3.5)

These values are used as encryption seeds instead of the default hardcoded ones (yes, hardcoded in the client as well)

3.3.5 link https://github.com/TrinityCore/TrinityCore/blob/3.3.5/src/common/Cryptography/Authentication/AuthCrypt.cpp#L30

And we do make use of them correctly in master branch (two server connections for one client)

Initialization: https://github.com/TrinityCore/TrinityCore/blob/master/src/server/game/Server/WorldSocket.cpp#L243

Sending: https://github.com/TrinityCore/TrinityCore/blob/master/src/server/game/Server/WorldSocket.cpp#L248

Using for secondary connection: https://github.com/TrinityCore/TrinityCore/blob/master/src/server/game/Server/WorldSocket.cpp#L929

Keep in mind that authentication sequence is slightly different in legion (sha256 instead of sha1, more opcodes, delayed encryption init)

Thank you very much! Though I kind of dreaded that answer because I thought maybe these seeds were being used by some popular servers causing rejection to authenticating with my client. I didn’t implement the addon crc sent so it must be that. I appreciate the swift response and I’ll definitely refer back to this post when I get around to implementing [COLOR=rgb(39,42,52)]SMSG_REDIRECT_CLIENT if it’s ever needed by my client.