Crate wow_srp[][src]

Expand description

An implementation of the World of Warcraft flavor of SRP6 used for authentication with the Login Server. It is only tested and verified on 1.12.1, but should work for other versions.

The implementation is intended to abstract away as much of the protocol as possible, and limits itself to the specific requirements of the World of Warcraft implementation. For example, all key sizes are limited to exactly 32 bytes since the network packet fields describing public keys are of a fixed size in the protocol and key sizes of any other sizes are not possible.

This crate does not deal with parsing the network packets necessary to obtain the required parameters. The WoWDev wiki (archive) contains a reference list of packets and the examples implement the required functionality.

THIS SHOULD NOT BE USED FOR ANYTHING OTHER THAN WORLD OF WARCRAFT EMULATION. THE CODE IS NOT CRYPTOGRAPHICALLY VERIFIED, HAS VERY LOW KEY SIZES BECAUSE OF PACKET REQUIREMENTS AND MOST LIKELY CONTAINS EXPLOITS.

Usage

The crate is split into:

  • A server module containing structs for use on the server.
  • A client module containing structs for use on the client.
  • A header_crypto module containing structs and traits for decrypting world packets.
  • An error module for errors that are shared by all modules.
  • A normalized_string module used for all modules to correctly handle strings.

A server example can be found in examples/server.rs and a client example can be found in examples/client.rs. These examples will perform the full SRP6 connection and reconnection. The server will work with a 1.12.1 client, using the username and password a and a. The client will work not with any other server since it ignores everything that is not absolutely necessary for showcasing the crate.

Running the examples

  1. Clone the repo with git clone https://github.com/gtker/wow_srp.
  2. Run the server with cargo run --example server inside the directory. This runs a simple authentication server that accepts the username “a” and the password “a”. Anything else panics.
  3. Run a real client with the realmlist set to localhost or run the client example with cargo run --example client.

Usage

Add the following to your Cargo.toml:

[dependencies]
wow_srp = { version = "0.3" }

Then go to either the client module or server module for specific instructions.

Features

Two different arbitrary precision integer libraries can be used, either:

  • num_bigint. A slow pure Rust implementation without external dependencies. This is enabled by default, and requires no opt in.

  • rug. A fast wrapper around the GMP library with external dependencies, as described in the gmp_mpfr_sys documentation. This is enabled with the rug feature and disabling default features. So instead of the above do this:

[dependencies]
wow_srp = { version = "0.3", default-features = false, features = ["rug"] }

The rug feature leads to a 50% decrease in total time. It is highly recommended to enable this feature for production usage since it also theoretically has better security.

To see the performance difference on your setup you can run cargo bench for the default version, and cargo bench --features rug --no-default-features for the rug version.

Other implementations

  • Ember is a C++ implementation for 1.12 with a clean, tested implementation of the protocol.
  • ArcEmu is a C++ implementation for 3.3.5.
  • vMangos is a C++ implementation.
  • WoWCore is a Pascal implementation that has 1.12, 2.4.3 and 3.3.5 versions.
  • Shadowburn is an Elixir implementation.

Modules

client

Contains all functionality related to the client part.

error

The various errors that can happen during the SRP6 process.

header_crypto

Functionality for encrypting/decrypting World Packet headers.

normalized_string

Functionality for keeping strings in a format the client expects.

server

Contains all functionality related to the server part, including the generation of values for the database.

Structs

PublicKey

Represents a public key for both the client and server.

Constants

GENERATOR

Called g in RFC2945. Statically set to 7. Used for generating the public keys for both server and client, and the session key. The length in bytes is always 1 since there are no generators greater than 255.

GENERATOR_LENGTH

The length in bytes for GENERATOR. Will always be 1 since there are no generators greater than 255. Constant is provided here since the CMD_AUTH_LOGON_CHALLENGE packet requires it.

LARGE_SAFE_PRIME_BIG_ENDIAN

Static large safe prime (N) value. The big endian version of LARGE_SAFE_PRIME_LITTLE_ENDIAN. This version should not be sent over the network and should generally not be used.

LARGE_SAFE_PRIME_LENGTH

The size in bytes of the large safe prime.

LARGE_SAFE_PRIME_LITTLE_ENDIAN

Static large safe prime (N) value. The little endian version of LARGE_SAFE_PRIME_BIG_ENDIAN. This is the version that should be sent over the network in the CMD_AUTH_LOGON_CHALLENGE_Server packet.

PASSWORD_VERIFIER_LENGTH

Password verifier size in bytes.

PROOF_LENGTH

Length of a proof in bytes.

PUBLIC_KEY_LENGTH

Length in bytes for both client and server public key.

RECONNECT_CHALLENGE_DATA_LENGTH

The size of the reconnect challenge data in bytes.

SALT_LENGTH

The salt is always 32 bytes since the client expects a 32 byte salt field in the CMD_AUTH_LOGON_CHALLENGE_Server packet and will use leading zeros in the calculation.

SESSION_KEY_LENGTH

Size of the session key in bytes.