From 6eee75a4f76b1965708ee52fa785d8d7555c0a16 Mon Sep 17 00:00:00 2001 From: Shauren Date: Tue, 3 Jun 2014 19:15:12 +0200 Subject: Core/Battle.net: Removed sending "b", it's supposed to stay secret --- src/server/authserver/Server/BattlenetSocket.cpp | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) (limited to 'src') diff --git a/src/server/authserver/Server/BattlenetSocket.cpp b/src/server/authserver/Server/BattlenetSocket.cpp index 1cce8f2f94d..56744784167 100644 --- a/src/server/authserver/Server/BattlenetSocket.cpp +++ b/src/server/authserver/Server/BattlenetSocket.cpp @@ -284,6 +284,8 @@ bool Battlenet::Socket::HandleAuthChallenge(PacketHeader& header, BitStream& pac b.SetRand(128 * 8); B = ((v * k) + g.ModExp(b, N)) % N; + BigNumber unk; + unk.SetRand(128 * 8); BitStream passwordData; uint8 state = 0; @@ -291,7 +293,7 @@ bool Battlenet::Socket::HandleAuthChallenge(PacketHeader& header, BitStream& pac passwordData.WriteBytes(I.AsByteArray(32).get(), 32); passwordData.WriteBytes(s.AsByteArray(32).get(), 32); passwordData.WriteBytes(B.AsByteArray(128).get(), 128); - passwordData.WriteBytes(b.AsByteArray(128).get(), 128); + passwordData.WriteBytes(unk.AsByteArray(128).get(), 128); password->DataSize = passwordData.GetSize(); password->Data = new uint8[password->DataSize]; @@ -740,13 +742,16 @@ bool Battlenet::Socket::HandlePasswordModule(BitStream* dataStream, ServerPacket sha.Finalize(); M.SetBinary(sha.GetDigest(), sha.GetLength()); + BigNumber serverProof; + serverProof.SetRand(128 * 8); // just send garbage, server signature check is patched out in client + BitStream stream; ModuleInfo* password = sBattlenetMgr->CreateModule(_os, "Password"); uint8 state = 3; stream.WriteBytes(&state, 1); stream.WriteBytes(M.AsByteArray(32).get(), 32); - stream.WriteBytes(b.AsByteArray(128).get(), 128); + stream.WriteBytes(serverProof.AsByteArray(128).get(), 128); password->DataSize = stream.GetSize(); password->Data = new uint8[password->DataSize]; -- cgit v1.2.3