diff options
author | Gtker <wireshark@gtker.com> | 2021-05-06 12:52:58 +0200 |
---|---|---|
committer | Wireshark GitLab Utility <gerald+gitlab-utility@wireshark.org> | 2021-05-11 20:08:32 +0000 |
commit | e34a72d39230da05046058b33c5f62706cac8b01 (patch) | |
tree | 1f4867683b4083d044030b51e3f470b1d80bc228 /epan/dissectors/packet-wow.c | |
parent | dacbfc4ae96fca71935e3f987dc3530f615a665f (diff) |
packet-wow: Add missing fields to Challenge Packets
Wiki for reference
https://wowdev.wiki/Packets/Login/Vanilla#Challenge_packets
Ember has an implementation
https://github.com/EmberEmu/Ember/blob/03c130d3d6276e7032fc9e13c9d287ea7c6ed536/src/login/grunt/server/LoginChallenge.h#L60
The two factor field is not present on versions before 1.12, although
getting a capture of it is difficult because clients before 1.12 are not
used for emulation.
Diffstat (limited to 'epan/dissectors/packet-wow.c')
-rw-r--r-- | epan/dissectors/packet-wow.c | 77 |
1 files changed, 75 insertions, 2 deletions
diff --git a/epan/dissectors/packet-wow.c b/epan/dissectors/packet-wow.c index 2d47799e48..0b01eca4c6 100644 --- a/epan/dissectors/packet-wow.c +++ b/epan/dissectors/packet-wow.c @@ -102,6 +102,8 @@ static int hf_wow_srp_g = -1; static int hf_wow_srp_n_len = -1; static int hf_wow_srp_n = -1; static int hf_wow_srp_s = -1; +static int hf_wow_crc_salt = -1; +static int hf_wow_two_factor_enabled = -1; static int hf_wow_srp_a = -1; static int hf_wow_srp_m1 = -1; @@ -125,6 +127,47 @@ static gboolean wow_preference_desegment = TRUE; static gint ett_wow = -1; static gint ett_wow_realms = -1; +struct game_version { + gint8 major_version; + gint8 minor_version; + gint8 patch_version; + gint16 revision; +}; +static struct game_version client_game_version = { -1, -1, -1, -1 }; + +// WoW uses a kind of SemVer. +// So 1.0.0 is always greater than any 0.x.y, and +// 1.2.0 is always greater than any 1.1.y +static gboolean +version_is_at_or_above(int major, int minor, int patch) +{ + if (client_game_version.major_version > major) { + return TRUE; + } + else if (client_game_version.major_version < major) { + return FALSE; + } + // Major versions must be equal + + if (client_game_version.minor_version > minor) { + return TRUE; + } + else if (client_game_version.minor_version < minor) { + return FALSE; + } + // Both major and minor versions are equal + + if (client_game_version.minor_version > patch) { + return TRUE; + } + else if (client_game_version.patch_version < patch) { + return FALSE; + } + // All versions are identical + + return TRUE; +} + static guint get_wow_pdu_len(packet_info *pinfo, tvbuff_t *tvb, int offset, void *data _U_) { @@ -193,18 +236,24 @@ dissect_wow_pdu(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data tvb, offset, 4, string); offset += 4; + + + client_game_version.major_version = tvb_get_guint8(tvb, offset); proto_tree_add_item(wow_tree, hf_wow_version1, tvb, offset, 1, ENC_LITTLE_ENDIAN); offset += 1; + client_game_version.minor_version = tvb_get_guint8(tvb, offset); proto_tree_add_item(wow_tree, hf_wow_version2, tvb, offset, 1, ENC_LITTLE_ENDIAN); offset += 1; + client_game_version.patch_version = tvb_get_guint8(tvb, offset); proto_tree_add_item(wow_tree, hf_wow_version3, tvb, offset, 1, ENC_LITTLE_ENDIAN); offset += 1; + client_game_version.revision = tvb_get_guint16(tvb, offset, ENC_LITTLE_ENDIAN); proto_tree_add_item(wow_tree, hf_wow_build, tvb, offset, 2, ENC_LITTLE_ENDIAN); offset += 2; @@ -279,9 +328,21 @@ dissect_wow_pdu(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data proto_tree_add_item(wow_tree, hf_wow_srp_s, tvb, offset, 32, ENC_NA); - /*offset += 32;*/ + offset += 32; + + proto_tree_add_item(wow_tree, hf_wow_crc_salt, tvb, + offset, 16, ENC_NA); + offset += 16; + + if (version_is_at_or_above(1, 12, 0)) { + proto_tree_add_item(wow_tree, hf_wow_two_factor_enabled, tvb, + offset, 1, ENC_LITTLE_ENDIAN); + offset += 1; - /*offset += 16;*/ /* Unknown field */ + /* There are additional two factor fields if + * two_factor_enabled is true, although it is + * almost never used and getting a capture is hard. */ + } } break; @@ -535,6 +596,18 @@ proto_register_wow(void) "Secure Remote Password protocol 's' (user's salt) value", HFILL } }, + { &hf_wow_crc_salt, + { "CRC salt", "wow.crc_salt", + FT_BYTES, BASE_NONE, 0, 0, + "Salt to be used for the hash in the reply packet", + HFILL } + }, + { &hf_wow_two_factor_enabled, + { "Two factor enabled", "wow.two_factor_enabled", + FT_BOOLEAN, BASE_NONE, 0, 0, + "Enables two factor authentication", + HFILL } + }, { &hf_wow_srp_a, { "SRP A", "wow.srp.a", FT_BYTES, BASE_NONE, 0, 0, |