Post Reply Home » Forums » MMO Forums » World of Warcraft » World of Warcraft General Discussions

WoW Packet structure : World of Warcraft General Discussions

Posted: August 5th, 2005
badhex
Greetings.. I was working on a bot that would read things like guild chat and other things by watching the packet stream. I noticed that most things from the server are sent in an unencrypted format (ie. guild chat or regular chat). Client data sent to the server is however in an encrypted state.

To obtain a guild list your client sends a small packet that I assume is something like "GUILD" or simular to the server. This data changes every time though. The first part of this is the request followed by a confirmation and then the server sends its information followed by a client confirmation.

Code: Register to unlock hidden link

Ether: mac -> mac
IP 192.168.0.2 -> wow.server.ip
TCP ack push 40851 -> 3724
        TCP Option: No Operation
        TCP Option: No Operation
        TCP Option: Timestamp

7c29 b580 ccdf                             |)....

Ether: mac -> mac
IP wow.server.ip -> 192.168.0.2
TCP ack 3724 -> 40851
        TCP Option: No Operation
        TCP Option: No Operation
        TCP Option: Timestamp

Ether: mac -> mac
IP wow.server.ip -> 192.168.0.2
TCP ack push 3724 -> 40851
        TCP Option: No Operation
        TCP Option: No Operation
        TCP Option: Timestamp

61f5 881f 1700 0000 5465 616d 2053 7065    a.......Team Spe
616b 2053 6572 7665 7220 4164 6472 6573    ak Server Addres
733a 2037 302e 3836 2e33 302e 3136 343a    s: 
That's what the transaction looks like. My main question is has anyone figured out the encryption process by watching memory. Is it key or timestamp based?

If possible could someone grab me the assembly used to process outgoing packets that need to be encrypted? Would it be easier to hook the chat window, and if so does anyone have some offsets?

I'd need the chat window offset and the guild roster listing offset.
Posted: August 5th, 2005
User avatar
Total Posts:520 Joined:2005
Only problem is if you found this out, you could do a lot more 'malicious' things than GUILD CHAT.

If you do figure this out, don't post too much info about it..
Ready to join the community? Click here and see all of the benefits!
blue large dotWho is online
Users browsing this forum: No registered users and 106 guests
Post Reply