| Author | Message | Time |
|---|
| JoeTheOdd | Note: I've gotten permission from Arta to post this here. Please do not trash it.
First off, I'm only a human. I can't do this all on my own. I need some more hands on deck here, anyone up for it? Having WoW helps, but if you don't own it, I'm sure theres something you can do along the line.
-------------------------------------
Now, down to business. First thing we should discuss would be the packet header. Its simple, two bytes.
(BYTE) ID
(BYTE) SubID
For WOW_AUTH_INFO (my names are so origional!) this is 0x0002.
-------------------------------------
Logon Sequence:
[code]World of WarCraft Logon Sequence:
C: Connect to us.logon.worldofwarcraft.com:3769
C: Send 0x0002 (WOW_AUTH_INFO)
S: Send 0x0000 (WOW_0000)
Notes:
Packet names with numbers in them, such as WOW_0000, haven't been investigated enough to know their meaning, so I can't name them.
This isn't complete yet, and you won't be logged into the game following this.W[/code]
-------------------------------------
Well, I don't see much to discuss other that packet formats, really. We should start with WOW_AUTH_INFO, the first packet to be sent.
[code]Header:
(BYTE) ID (0x00)
(BYTE) SubID (0x02)
Body:
(BYTE) Unknown, Constant (0x28) [Note: Client always sends 28]
(DWORD) Game ID ("WoW" + 0x00)
(DWORD) Version Hash (0x00010601) [Historic: 0x00010600 in 1.6.0]
(BYTE) Version Byte? (0xC0) [Historic: 0x94 in 1.6.0]
(BYTE) Unknown (0x11)
(DWORD) Platform ID ("68x" + 0x00) [Research: PPC?]
(DWORD) Operating System ("niW" + 0x00) [Research: PMAC? XMAC?]
(DWORD) Language ("SUne")
(BYTE) Unknown (0x98) [Note: Safe to set to 98. Client doesn't always send 98]
(BYTE) Unknown (0xFE) [Note: Safe to set to FE. Client doesn't always send FE]
(BYTE) Unknown (0xFF) [Note: Safe to set to FF. Client doesn't always send FF]
(BYTE) Unknown (0xFF) [Note: Safe to set to FF. Client doesn't always send FF]
(BYTE) Unknown (0xAC) [Note: Safe to set to AC. Client doesn't always send AC]
(BYTE) Unknown, Constant (0x9D) [Note: Client always sends 9D]
(BYTE) Unknown, Constant (0x7C) [Note: Client always sends 7C]
(BYTE) Unknown, Constant (0xFE) [Note: Client always sends FE]
(BYTE) Unknown (0x0A) [Note: Safe to set to 0A. Client doesn't always send 0A]
(STR) Account Name ("INSANEJOEY") [Research: Why isn't this terminated?][/code]
As you can see, theres a whole ton I don't know about this packet. I do have enough to send it correctly, however.
[code] With WoWBuff
.InsertByte &H28
.InsertDWORD GetDWORD(modConstants.DWORDGameID)
.InsertDWORD GetDWORD(modConstants.DWORDVersion)
.InsertByte &HC0
.InsertByte &H11
.InsertDWORD GetDWORD(modConstants.DWORDPlatform)
.InsertDWORD GetDWORD(modConstants.DWORDOperSys)
.InsertDWORD GetDWORD(modConstants.DWORDLocale)
.InsertByte &H98
.InsertByte &HFE
.InsertByte &HFF
.InsertByte &HFF
.InsertByte &HAC
.InsertByte &H9D
.InsertByte &H7C
.InsertByte &HFE
.InsertByte &HA
.InsertNonNTString modConfig.AccountName
.Push &H0, &H2
.Flush frmMain.wsWoW
End With[/code]
-------------------------------------
More to come. | August 12, 2005, 8:47 AM |
| JoeTheOdd | TODO:
WOW_AUTH_INFO (C>S 0x0002)
Research PowerPC processor DWORD.
Research MacOS X OS DWORD.
Research MacOS 9 OS DWORD, asuming thats still supported.
WOW_CHAT (C>S Unknown)
Research destination DWORD value for yelling. Asumed to be 0x000004, but I haven't tested this.
Research destination DWORD value for guild officer chat. I lead a guild on Thunderlord where I can test this.
Research why the message ID and subID keep changing. That is really annoying. | August 12, 2005, 8:55 AM |
| UserLoser. | WoW is endian fucked, so it's "backwards" compared to what you'd see in Battle.net
[quote]
(DWORD) Version Hash (0x00010601) [Historic: 0x00010600 in 1.6.0]
(BYTE) Version Byte? (0xC0) [Historic: 0x94 in 1.6.0]
(BYTE) Unknown (0x11)
[/quote]
Not quite, from what I have in my client it's just the three bytes specifiying the version. I.E.:
(Byte) 1
(Byte) 6
(Byte) 1
The next four bytes after that is the executable build number. Notice that the 0xC011 happens to be 4544 which should match your build number shown at the logon screen.
[quote]
(BYTE) Unknown (0x0A) [Note: Safe to set to 0A. Client doesn't always send 0A]
(STR) Account Name ("INSANEJOEY") [Research: Why isn't this terminated?]
[/quote]
That byte is the length of your username, how else would the server know when to stop copying it?
[quote]
0000: 00 00 00 A4 D1 6A 32 A8 B8 35 0D 7E 2E DD 81 2A ...¤Ñj2¨¸5.~.Ý?*
0010: 07 95 CE 50 C6 6A 15 50 3E EF 91 77 5A 88 A8 03 �•ÎPÆj�P>ï‘wZˆ¨�
0020: C4 3F AE 01 07 20 89 4B 64 5E 89 E1 53 5B BD AD Ä?®�� ‰Kd^‰áS[½
0030: 5B 8B 29 06 50 53 08 01 B1 8E BF BF 5E 8F AB 3C [‹)�PS��±Ž¿¿^?«<
0040: 82 87 2A 3E 9B B7 C6 5A C3 A6 6A 0F DF A1 79 AB ‚‡*>›·ÆZæj�ß¡y«
0050: D8 86 DC AD F6 9E E0 20 2F 65 8D 8C 16 AD 25 C5 ؆Üöžà /e?Œ�%Å
0060: 41 EE E5 BE C7 1C A1 03 9D 3C 27 60 36 1A 5F 02 Aîå¾Ç�¡�?<'`6�_�
0070: 6F E4 1C 65 D6 4F oä�eÖO..........
[/quote]
Extract the following in order: packet id, error code, skip next byte, server key (B, 32bytes), generator length, generator (G), modulo length, modulo (N), salt for your account (s, 32 bytes), checksum key (16 bytes, used in version check, we'll discuss that later) | August 12, 2005, 12:59 PM |
| Quarantine | Why would they include a string withought nullterminating it then specify a length?
Anyhow, nice job guys. | August 12, 2005, 1:22 PM |
| kamakazie | [quote author=Warrior link=topic=12507.msg124078#msg124078 date=1123852924]
Why would they include a string withought nullterminating it then specify a length?
Anyhow, nice job guys.
[/quote]
It's usually easier to read the length of the string first, allocate memory for it, then actually read the string. | August 12, 2005, 5:35 PM |
| JoeTheOdd | [me=Vote Joe!]runs up to UserLoser and hug-tackles him.[/me]
EDIT -
[s]The bot picked the perfect time to blow up (VB completely dies when I try to run it), so can you tell me if I did this right?[/s]
Never mind, I disarmed the explosive. | August 13, 2005, 12:37 AM |
| JoeTheOdd | [quote][7:24:25 PM] World of WarCraft Research Chatbot by Joe[x86] loaded!
[7:24:25 PM] Registration passed.
[7:24:27 PM] [WWRL] Connecting to us.logon.worldofwarcraft.com:3724..
[7:24:27 PM] [WWRL] Connected!
[7:24:27 PM] [SEND] 0x0002 (WOW_AUTH_INFO)...
[7:24:27 PM] [RECV] 0x0000 (WOW_AUTH_CHALLENGE)
[7:24:27 PM] B: 0x00000000
[7:24:27 PM] G: 5736481527823200912463412246178819491513660317295005690107323775009437258391897391394106808308017742919194437160303542625583989095660615236121711634207346582432470141
[7:24:27 PM] N: 2273379765382990992853841427106363648285682357372731
[7:24:27 PM] S: 0x00370000
[7:24:27 PM] CK: 0x00000[/quote]
Which brings us to our next point. What do I do instead of scream when the server sends out packets in more than once piece? | August 13, 2005, 1:25 AM |
| Quarantine | Hmm:
Check if the packet sent is the length specified, if not store whatever was sent in a temporary buffer
and the next time you recieve data append however many bytes recieved until you reach the next
header to your temporary buffer then pass that to your handler. | August 13, 2005, 1:56 AM |
| HdxBmx27 | [quote]Packet S>C 0x10CA (WOW_REALMLIST)
Header {
(BYTE) ID (0x10)
(BYTE) Sub ID (0xCA)
}
(BYTE) Unknown (0x0D)
(DWORD) Unknown (0x00)
(DWORD) Unknown (0x55000000)
(WORD) Unknown (0x0000)
For Each server {
(NTSTR) Server Name ('Eldre'Thalas') ('Shadow Council') ('Draenor')
....[/quote]
I have a theroy that it's more like this:
[quote]Packet S>C 0x10CA (WOW_REALMLIST)
Header {
(BYTE) ID (0x10)
(BYTE) Sub ID (0xCA)
}
(BYTE) Unknown (0x0D)
(DWORD) Unknown (0x00)
(DWORD) Number_Of_Servers (0x00000001)
For Each server {
(WORD) Unknown (0x00)
(NTSTR) Server Name ('Eldre'Thalas') ('Shadow Council') ('Draenor')[/quote]
Also
55 00 00 00 = 0x00000055(85) not 0x55000000(1,426,063,360) dosent it ?
[code]0000: 10 2F 00 00 00 00 00 01 00 00 00 00 00 55 6C 74 ./...........Ult
0010: 72 61 20 57 6F 57 00 37 30 2E 38 36 2E 34 37 2E ra WoW.70.86.47.
0020: 31 34 36 3A 38 30 38 35 00 00 00 00 3F 00 01 00 146:8085....?...
0030: 02 00 ..[/code]
yes im using a emulated server, but dont yell at me, I cant afford the time cards.
~-~(HDX)~-~ | August 13, 2005, 3:03 AM |
| KkBlazekK | Could the Unknown be a telling if its pvp? | August 13, 2005, 5:01 AM |
| UserLoser. | [quote author=Vote Joe! link=topic=12507.msg124133#msg124133 date=1123896301]
Which brings us to our next point. What do I do instead of scream when the server sends out packets in more than once piece?
[/quote]
I do not recall that at all in the logon protocol, so maybe you're doing something wrong...and those variables the server sent you look horribly wrong. | August 13, 2005, 5:13 AM |
| JoeTheOdd | Blaze, yes. On the list, it tells if its PvE (Normal), RP, or PvP.
UserLoser, 200 million bucks says its on my side.
[code] Case &H0
Call AddChat(frmMain.rtbChat, True, vbGreen, "[RECV] 0x0000 (WOW_AUTH_CHALLENGE)")
With WoWDebuff
.Buffer = S
.RemoveVoid 2 'Remove PacketID and ErrorCode
.RemoveVoid 1 'Remove byte
Dim Temp As Variant
Dim B As Long, G() As String, N() As String, Salt As Long, CK As Integer
Let B = .RemoveDWORD
Call AddChat(frmMain.rtbChat, True, vbYellow, "B: 0x" & Right("00000000" & Hex(ServerKey), 8))
Let Temp = .RemoveVoid(Asc(.RemoveVoid(1)))
ReDim G(1 To Len(Temp))
For i = 1 To Len(Temp)
G(i) = Mid(Temp, i, 1)
Next i
Call AddChat(frmMain.rtbChat, True, vbYellow, "G: " & ToHex(Join(G, "")))
Let Temp = .RemoveVoid(Asc(.RemoveVoid(1)))
ReDim N(1 To Len(Temp))
For i = 1 To Len(Temp)
N(i) = Mid(Temp, i, 1)
Next i
Call AddChat(frmMain.rtbChat, True, vbYellow, "N: " & ToHex(Join(N, "")))
Salt = .RemoveDWORD
Call AddChat(frmMain.rtbChat, True, vbYellow, "S: 0x" & Right("00000000" & Hex(Salt), 8))
ChecksumKey = .RemoveWORD
Call AddChat(frmMain.rtbChat, True, vbYellow, "CK: 0x" & Right("0000" & Hex(ChecksumKey), 8))
'00 00 00 A4 D1 6A 32 A8 B8 35 0D 7E 2E DD 81 2A
'07 95 CE 50 C6 6A 15 50 3E EF 91 77 5A 88 A8 03
'C4 3F AE 01 07 20 89 4B 64 5E 89 E1 53 5B BD AD
'5B 8B 29 06 50 53 08 01 B1 8E BF BF 5E 8F AB 3C
'82 87 2A 3E 9B B7 C6 5A C3 A6 6A 0F DF A1 79 AB
'D8 86 DC AD F6 9E E0 20 2F 65 8D 8C 16 AD 25 C5
'41 EE E5 BE C7 1C A1 03 9D 3C 27 60 36 1A 5F 02
'6F E4 1C 65 D6 4F
End With[/code] | August 13, 2005, 5:33 AM |
| UserLoser. | Checksum key is also 16 bytes not bits | August 13, 2005, 6:57 AM |
| HdxBmx27 | Meh, Just thought I'd Finish this one up:
[quote]Message ID: 0x00
Message SubID: 0x02
Message Name: WOW_AUTH_INFO
Format:
(BYTE) ID
(BYTE) SubID
(WORD) Data Lengeth
(DWORD) Product ID
(Byte) EXE Major ver
(Byte) EXE Minor ver
(Byte) EXE Revision number
(WORD) EXE Build number
(DWORD) Platform ID
(DWORD) OS abbreaveation
(DWORD) LanguageID
(DWORD) TimeZone offset
(DWORD) Local IP
(BYTE) Username Lengeth
(VOID) Username
Remarks:
The Data lengeth field is of all the data following it, not including the ID, SubID, or It's own field.
And easy way to determin this is simply Lengeht of the username + 30[/quote]
This is an example of how I used it:/ why you want this iono :P
[code]
Public Sub Build_WOW_AUTH_INFO(sExePath As String, sUsername As String)
With pOut
.iBYTE 0 'ID
.iBYTE 2 'SubID
.iWORD Len(sUsername) + 30 'Data lengeth - header
.iDWORD &H576F57 'ProdID ("WoW")
Dim sVerParts() As String
sVerParts = Split(Replace(GetVersionInfo(sExePath), Space(1), vbNullString), ",", 4)
'^~~~Get the ver info, GetVersionInfo() returns a string such as this: 1, 6, 0, 4500
'Extracted form the EXE under the \StringFileInfo\000004B0\FileVersion property.
.iBYTE Val(sVerParts(0)) 'Major ver
.iBYTE Val(sVerParts(1)) 'Minor ver
.iBYTE Val(sVerParts(2)) 'Revis ver
.iWORD Val(sVerParts(3)) 'Build ver
.iDWORD &H783836 'PlatformID ("86x")
.iDWORD &H57696E 'OS ("niW")
.iDWORD &H656E5553 'Language ("SUne")
.iDWORD -480 'Time sone offset in minuets (-8 UTC)
.iDWORD &HA00A8C0 'Local IP address ("192.168.0.10")
.iBYTE Len(sUsername) 'Lengeth of Username
.iVoid sUsername 'Username
End With
End Sub[/code]
UL do me a favor, GET ON AIM!! i wana talk to you.
Currently know ID's and Lengeths asociated with them:
0x00 = 118
0x01 = 26
I have NEVER seen either of those packets with a diffrent lengeth.
~-~(HDX)~-~ | August 13, 2005, 10:32 AM |
| LivedKrad | Stickied. Eventually this thread may go into the depths of the void, I want it to be seen. | August 13, 2005, 5:25 PM |
| HdxBmx27 | [quote][2:24:49 PM] [RECV] 0x0000 (WOW_AUTH_CHALLENGE)
[2:24:49 PM] SK: 0x3ED8B5DFBC56BED82E7F412AFFFBA329FA57D491744910E6B1BADCBD79CB0E2C
[2:24:49 PM] GLen: 1
[2:24:49 PM] G: 0x07
[2:24:49 PM] NLen: 32
[2:24:49 PM] N: 0xB79B3E2A87823CAB8F5EBFBF8EB10108535006298B5BADBD5B53E1895E644B89
[2:24:49 PM] S: 0x0000000000000000000000000000000000000000000000000000000000000000
[2:24:49 PM] ck: 0xAAA1146648D060F57286875C1FB3AED9
[2:24:49 PM] Packet Len: 118 Data:
[2:24:49 PM] 0000: 00 00 00 2C 0E CB 79 BD DC BA B1 E6 10 49 74 91 ...,�Ëy½Üº±æ�It‘
[2:24:49 PM] 0010: D4 57 FA 29 A3 FB FF 2A 41 7F 2E D8 BE 56 BC DF ÔWú)£ûÿ*A.ؾV¼ß
[2:24:49 PM] 0020: B5 D8 3E 01 07 20 89 4B 64 5E 89 E1 53 5B BD AD µØ>�� ‰Kd^‰áS[½
[2:24:49 PM] 0030: 5B 8B 29 06 50 53 08 01 B1 8E BF BF 5E 8F AB 3C [‹)�PS��±Ž¿¿^?«<
[2:24:49 PM] 0040: 82 87 2A 3E 9B B7 00 00 00 00 00 00 00 00 00 00 ‚‡*>›·..........
[2:24:49 PM] 0050: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
[2:24:49 PM] 0060: 00 00 00 00 00 00 D9 AE B3 1F 5C 87 86 72 F5 60 ......Ù®³�\‡†rõ`
[2:24:49 PM] 0070: D0 48 66 14 A1 AA ÐHf�¡ª..........
[/quote]
Look about right?
Now, [quote]192.168.0.10:2982 -> 70.68.47.146:3724 SENT Data Len: 74
0000: 01 AE 37 B7 EC B4 DF 74 78 43 7D A9 C3 E2 53 AD .®7·ì´ßtxC}©ÃâS
0010: 5A 78 99 7C 34 02 76 15 0D 89 27 E9 55 46 EB C6 Zx™|4.v..‰'éUFëÆ
0020: A0 86 FB AB 2A E8 79 FA 10 7D 9D 99 6A 72 52 22 †û«*èyú.}?™jrR"
0030: F7 11 C2 DD A5 A4 BA E4 D5 A5 84 23 58 87 43 F7 ÷.ÂÝ¥¤ºäÕ¥„#X‡C÷
0040: C5 3F 99 5F BE B6 DA 51 52 00 Å?™_¾¶ÚQR.[/quote]
this is the packet used for sending the hashed password data. Now i've been looking at WoW.exe in IDa for hrs.. Cant find it anywhere. Any tips UL?
~-~(HDX)~-~ | August 13, 2005, 9:26 PM |
| JoeTheOdd | [quote][8:29:19 PM] [RECV] 0x0000 (WOW_AUTH_CHALLENGE)
[8:29:19 PM] B: 3052598809479962165910969052173007229413931598887534138377729764
[8:29:19 PM] G: 07
[8:29:19 PM] N: 3775009437258391897391394106808308017742919194437160303542625583
[8:29:19 PM] S: 9890956606152361217116342073465824324701414022733797653829909928
[8:29:19 PM] CK: 44540083548842031422722779152198[/quote]
Better, UserLoser?
Also, if anyone needs a job to do, I'm updating the TODO list in the second post (first page). | August 14, 2005, 2:20 AM |
| UserLoser. | Hdx: Looks good except your account doesn't exist (salt is 0)
[quote author=Vote Joe! link=topic=12507.msg124245#msg124245 date=1123986012]
[quote][8:29:19 PM] [RECV] 0x0000 (WOW_AUTH_CHALLENGE)
[8:29:19 PM] B: 3052598809479962165910969052173007229413931598887534138377729764
[8:29:19 PM] G: 07
[8:29:19 PM] N: 3775009437258391897391394106808308017742919194437160303542625583
[8:29:19 PM] S: 9890956606152361217116342073465824324701414022733797653829909928
[8:29:19 PM] CK: 44540083548842031422722779152198[/quote]
Better, UserLoser?
Also, if anyone needs a job to do, I'm updating the TODO list in the second post (first page).
[/quote]
Yes, better. | August 14, 2005, 4:30 AM |
| JoeTheOdd | I asume Hdx's problem is that he is using a fake server.
EDIT -
UL, I asume you know the format of WOW_AUTH_PROOF (the one Hdx posted), right? | August 14, 2005, 6:02 AM |
| HdxBmx27 | [quote author=Vote Joe! link=topic=12507.msg124260#msg124260 date=1123999362]
I asume Hdx's problem is that he is using a fake server.
[/quote]
Bingo was his name-o!
UL, that is my problem, But it's not going to change in the near future, so w/e.
So anything I post S->C wise should not be taken as definitive, BUT please note that it DOES work with the client, So it still helps int he research. Anything that I post I HOPE is double/tripple checked froma real server.
Just cuz i'm on a emu server dosent mean The packets arnt the same. All'be-it that some of the information is omitted(nulled) but I can still help.
~-~(HDX)~-~ | August 14, 2005, 7:34 AM |
| UserLoser. | [quote author=Vote Joe! link=topic=12507.msg124260#msg124260 date=1123999362]
I asume Hdx's problem is that he is using a fake server.
EDIT -
UL, I asume you know the format of WOW_AUTH_PROOF (the one Hdx posted), right?
[/quote]
Yes, I have them all somewhere here..I'll get back to you later....And where do you get this name WOW_AUTH_PROOF from? IIRC, that is *not* what is lingering around in WoW.exe... | August 14, 2005, 7:24 PM |
| Quarantine | He's too lazy to dissaseble so he makes up the names | August 14, 2005, 7:44 PM |
| HdxBmx27 | [quote]ClientLink:
0x01 CMD_AUTH_LOGON_PROOF
0x02 CMD_AUTH_RECONNECT_CHALLENGE
0x03 CMD_AUTH_RECONNECT_PROOF
0x10 CMD_REALM_LIST
0x30 CMD_XFER_INITIATE
0x31 CMD_XFER_DATA
ServerLink:
0x02 CMD_GRUNT_AUTH_VERIFY
0x10 CMD_GRUNT_CONN_PING
0x11 CMD_GRUNT_CONN_PONG
0x20 CMD_GRUNT_HELLO
0x21 CMD_GRUNT_PROVESESSION
0x24 CMD_GRUNT_KICK[/quote]
ClientLink I beleave is [s]C->S and ServerLink is S->C[/s] the logen server, and ServerLink is In-game 0.o??
~-~(HDX)~-~ | August 14, 2005, 11:22 PM |
| JoeTheOdd | Warrior is totally right. I figured that the packet names weren't in the disassembly, so I decided to make them up. | August 15, 2005, 3:24 AM |
| UserLoser. | [quote author=Vote Joe! link=topic=12507.msg124350#msg124350 date=1124076244]
Warrior is totally right. I figured that the packet names weren't in the disassembly, so I decided to make them up.
[/quote]
That will only cause confusion... | August 15, 2005, 3:52 AM |
| JoeTheOdd | Didn't know they were in the client. I suppose I'll use the real ones, now that I know. | August 15, 2005, 5:58 AM |
| Myndfyr | [quote author=Vote Joe! link=topic=12507.msg124363#msg124363 date=1124085490]
Didn't know they were in the client. I suppose I'll use the real ones, now that I know.
[/quote]
Just an FYI, while it might cause less confusion, it's something that you could potentially be hit with in terms of copyright violation.
I was talking to one of the leaders at WDDG, a group I've been working with (they're developing Ludmilla, a general MMO server app; the first server they're developing for it is WoW), and he said that they've been going over every precaution to be sure they can't lose if Blizzard was to file a lawsuit (if you look, even on their website and forums, WoW is written out "W@W," even in user posts). | August 15, 2005, 4:05 PM |
| UserLoser. | [quote author=MyndFyre link=topic=12507.msg124376#msg124376 date=1124121914]
[quote author=Vote Joe! link=topic=12507.msg124363#msg124363 date=1124085490]
Didn't know they were in the client. I suppose I'll use the real ones, now that I know.
[/quote]
Just an FYI, while it might cause less confusion, it's something that you could potentially be hit with in terms of copyright violation.
I was talking to one of the leaders at WDDG, a group I've been working with (they're developing Ludmilla, a general MMO server app; the first server they're developing for it is WoW), and he said that they've been going over every precaution to be sure they can't lose if Blizzard was to file a lawsuit (if you look, even on their website and forums, WoW is written out "W@W," even in user posts).
[/quote]
We've been using names of Battle.net & Blizzard things for years now... Do you really think that Blizzard will go after a single individual (or a few) for writing a client to their service (which costs money to use!)?! | August 15, 2005, 4:36 PM |
| JoeTheOdd | No, but if the situation gets out of hand, say, someone makes a flood bot, the researchers who lead to that floodbot being developed can be, in some twisted reality called the internet, be held responsible. | August 15, 2005, 5:38 PM |
| JoeTheOdd | For no aparent reason, I'm collecting backversions of the WoW.exe files. So far I have...
WoW 1.4.2.exe
WoW 1.5.0.exe
WoW 1.5.1.exe
WoW 1.6.0.exe
WoW 1.6.1.exe
Anyone have any others? I think thats all of them except WoW 1.4.1.exe on back. | August 15, 2005, 6:52 PM |
| UserLoser. | [quote author=Vote Joe! link=topic=12507.msg124380#msg124380 date=1124127535]
No, but if the situation gets out of hand, say, someone makes a flood bot, the researchers who lead to that floodbot being developed can be, in some twisted reality called the internet, be held responsible.
[/quote]
A floodbot? Only an idiot would do that, and it's a fact at this moment in time that no idiots have access to the code which would give them the ability to flood or spam anything. Where as for Battle.net, any idiot can do anything as long as they know how to copy and paste since people make things open source. Now if someone made an open source WoW bot under GPL or whatever the hell it's called, I can see maybe Blizzard caring | August 15, 2005, 6:55 PM |
| JoeTheOdd | Seeing as how this time I'm the one (well, we are) doing the disassembling, I'm not releasing my bot open source. I will, however, release my research, like in a BnetDocs type document.
Anyhow, I was screwing arround with IDA, and eventually wrote some VB stuff to sift through the strings output, and ended up with these two files.
http://www.javaop.com/~joe/wow/SourceCodeFiles.txt (Rather useless, but oh well.)
http://www.javaop.com/~joe/wow/MethodUsage.txt (Can you say JACKPOT?) | August 15, 2005, 8:45 PM |
| -MichaeL- | Does this mean you guys are making a wow bot to play the game for you? | August 30, 2005, 8:31 AM |
| KkBlazekK | No, and if your read all the posts, you would understand that. They are just trying to understand all of the packets for WoW as we have for Starcraft, Diablo and Warcraft. | August 30, 2005, 8:37 AM |
| JoeTheOdd | Bump. UserLoser, did you find those auth documents? | September 23, 2005, 3:48 AM |
| JoeTheOdd | I've recieved (mythix recieved, rather) a DMCA takedown notice regaurding my published work. Due to lack of interest, this project is officially suspended. However, if anyone is willing to help, I'm back in. | October 1, 2005, 3:40 AM |
| Myndfyr | How? | October 3, 2005, 8:07 AM |
| JoeTheOdd | How what? I asume you mean the DMCA takedown?
http://www.x86labs.org/forum/index.php/topic,3139.0.html
[quote]RE: http://www.javaop.com/~joe/wow/ - Please see the end of this email for a
list of files on this site. This site being targeted for distributing our source
code.
Dear Sir or Madam,
Recently, we have received an increasing amount of feedback from our customers
in regard to the probable copyright infringement of Diablo, Diablo II,
Starcraft, Warcraft II: Battle.net Edition, Warcraft III and World of Warcraft
products (each, a "Program") on the Internet. We here at Blizzard share the
concerns that many gamers are voicing. In this regard, we have contacted one of
your users in connection with the aforementioned site and the infringement of
Blizzard intellectual property.
Please note that all title, ownership, and intellectual property rights in and
to each Program and any and all copies thereof (including, but not limited to,
any titles, computer code, objects, characters, character names, stories,
dialog, catch phrases, locations, artwork, animations, sounds, musical
compositions, audio-visual effects, methods of operation, any related
documentation, and "applets" incorporated into a Program) are owned by Blizzard
Entertainment or its licensors. Each Program is protected by the trademark and
copyright laws of the United States, international copyright treaties and
conventions, and other laws. Blizzard reserves all rights in each Program,
except those rights granted by Blizzard in writing. Each Program contains
certain licensed materials, and Blizzard's licensors may protect their rights or
rely on Blizzard to protect those rights in the event of any violation of the
end user license agreement and copyright law.
As part of our effort to protect all proprietary rights related to Diablo,
Diablo II, Starcraft, Warcraft, Warcraft II: Battle.net Edition, Warcraft III
and World of Warcraft, we would like you to promptly remove all materials
infringing onand/or all materials which allow others to infringe on the
copyrights and/or trademarks of Blizzard Entertainment's products from the
aforementioned site which you host or disable access to such site. This includes
any unauthorized software, artwork, images, sounds or derivative works thereof
that may be on the aforementioned site. Additionally, we would appreciate it if
you would communicate this request to those individuals involved in the creation
and maintenance of your web site.
Please be advised that at this time you have forty eight (48) hours in which to
comply with our request otherwise we will be forced to pursue formal action. We
would like to thank you in advance for choosing to work with us in a unified
effort to promote the integrity of our games and the well being of our online
gaming community.
If you require formal notice pursuant to the Digital Millennium Copyright
(DMCA), please let us know and we will have our attorney provide such notice.
Files:
http://www.javaop.com/~joe/wow/MethodUsage.txt
http://www.javaop.com/~joe/wow/SourceCodeFiles.txt
http://www.javaop.com/~joe/wow/checkversion.txt
http://www.javaop.com/~joe/wow/packet_formats.txt
http://www.javaop.com/~joe/wow/talkpacket.txt
http://www.javaop.com/~joe/wow/wow_auth_info_fields.txt
http://www.javaop.com/~joe/wow/wow_header.txt
http://www.javaop.com/~joe/wow/wow_protocol.txt
Regards,
Anti-Piracy Team
Blizzard Entertainment
http://www.blizzard.com/support
If you respond to this email, please attach all previous messages and files
relating to this issue.[/quote]
However, iago made an interesting point.
[quote]I still stand by my initial assessment that there's nothing illegal there, but it's easier to just do what they say than pursue a legal battle.[/quote]
Last, but not least, I have the entire /wow folder saved on my computer, if anyone wants it. | October 4, 2005, 6:36 AM |
| Arta | I presume that a legal battle is beyond your means, which is fair enough, but it might be worth asking them exactly how those files infringe their copyrights. IIRC Stealth managed to work something out with them when they sent a takedown for Stealthbot. It can't hurt to ask for more details, especially if you cooperate temporarily. You might also want to contact the EFF and ask their advice. | October 4, 2005, 10:47 AM |
| Myndfyr | It strikes me as odd that they didn't just send you a DMCA notice. That's how I believe Blizzard has worked in the past. How did you receive this notice? E-mail would surprise me as well. I believe legal notices (I realize this isn't one, but meh) would only be sent by certified mail. Did you examine the e-mail headers? Further, when Blizzard contacts you, they generally include the name of the representative that sent you the email. That's been my experience at least. | October 4, 2005, 9:40 PM |
| JoeTheOdd | I'll contact mythix about that. But yeah, it was going nowhere anyhow.
Arta, the thing is, this is reverse engineering which is against their TOS and EULA, and EULAs are (IIRC) legally inforceable. | October 4, 2005, 10:24 PM |
| Myndfyr | [quote author=Joe link=topic=12507.msg129987#msg129987 date=1128464694]
Arta, the thing is, this is reverse engineering which is against their TOS and EULA, and EULAs are (IIRC) legally inforceable.
[/quote]
That's still under debate. | October 5, 2005, 2:01 AM |
| rabbit | Yeah. People not knowing if Federal laws superceding user-coperation agreements annoys me. Corperations need to STFU. | October 5, 2005, 9:40 PM |
| Myndfyr | [quote author=rabbit link=topic=12507.msg130065#msg130065 date=1128548417]
Yeah. People not knowing if Federal laws superceding user-coperation agreements annoys me. Corperations need to STFU.
[/quote]
What is a contract besides a waiver of rights or promise of delivery? | October 5, 2005, 9:54 PM |
| Arta | In the UK, at any rate, there are certain statutes that cannot be overridden by a contract. These exist either where the statute says the right cannot be signed away, or where a court has decided that a right is important enough not to be waivable. The right to reverse engineer, subject to certain conditions, is a right that cannot be waived here. In the UK, all those EULA clauses that prohibit reverse engineering are not valid, and would be ignored by a court.
Contract law is tricky: it's much more than a simply promise of delivery or waiver of rights. | October 5, 2005, 10:49 PM |
| JoeTheOdd | Now, if I got a web host in the UK and I hosted my stuff there, would Blizzard be able to do anything about it? | October 7, 2005, 11:17 PM |
| Arta | Yes. You're in the US and thus are subject to US law. If Blizzard were to send a takedown to your UK host, they could ignore it completely. You, however, could not. | October 8, 2005, 3:13 AM |
| JoeTheOdd | The one who recieved this was Mythix, the owner of www.javaop.com. The stuff itself was hosted in Canada on iago's server. Was I really required to take it down, as nothing resides in the United States except the domain name? | October 8, 2005, 4:03 AM |
| Arta | Yes. You reside in the US. That's the point :) | October 8, 2005, 12:32 PM |
| JoeTheOdd | So if I did all my disassembly on a box in Canada via VNC and went anonymous.. wow, mock trial is fun. =) | October 8, 2005, 7:05 PM |
| Explicit[nK] | [quote author=Joe link=topic=12507.msg130335#msg130335 date=1128798338]
So if I did all my disassembly on a box in Canada via VNC and went anonymous.. wow, mock trial is fun. =)
[/quote]
That'd just make you paranoid, :) | October 9, 2005, 2:10 AM |
| rabbit | No moreso than iago. | October 9, 2005, 7:50 PM |
| JoeTheOdd | No offence, but nobody can beat iago. Hes afraid someone might root him by exploiting my php. =p | October 10, 2005, 1:22 AM |
| Explicit[nK] | [quote author=Joe link=topic=12507.msg130477#msg130477 date=1128907332]
No offence, but nobody can beat iago. Hes afraid someone might root him by exploiting my php. =p
[/quote]
lol | October 10, 2005, 11:13 PM |
| KkBlazekK | Joe, you didn't find anything that wasn't already public or useful, and some of the stuff you "found" is even on the WoW website. :-[ | October 13, 2005, 4:07 AM |
| JoeTheOdd | [quote author=Blaze link=topic=12507.msg130860#msg130860 date=1129176472]
Joe, you didn't find anything that wasn't already public or useful, and some of the stuff you "found" is even on the WoW website. :-[
[/quote]
Such as? (And link?) | October 20, 2005, 2:46 AM |
| Myndfyr | If anyone is interested in collaborating on this, and actually getting something that can log on, chat, and possibly check in-game mail (at the very least), contact me via PM. I have terms for the project, but I also have access to something we can use for testing without getting our accounts banned. | October 24, 2005, 4:17 PM |
| JoeTheOdd | How about getting those documents UserLoser?
EDIT -
[code] .iBYTE Len(sUsername) 'Lengeth of Username
.iVoid sUsername 'Username[/code]
It'd be easier to refer to that as a pascal string instead of a byte+void. | November 1, 2005, 12:41 AM |
| JoeTheOdd | Does anyone have a copy of my documents? I managed to lose them. | November 26, 2005, 11:22 PM |
| Myndfyr | GG Joe. Yeah I have them. I'll send them back using the email you used to send them to me. | November 27, 2005, 12:31 AM |
| JoeTheOdd | Thanks. | November 27, 2005, 7:40 PM |
| Myndfyr | Some progress has been made with this, and so far I am able to log into the authentication server and request a realm list. I haven't had the time to look further into this since, but I'll repost: if anyone is interested in working on this, let me know by e-mail, AIM, or MSN (details in my profile). | December 22, 2005, 11:15 PM |