Note: I've gotten permission from Arta to post this here. Please do not trash it.
First off, I'm only a human. I can't do this all on my own. I need some more hands on deck here, anyone up for it? Having WoW helps, but if you don't own it, I'm sure theres something you can do along the line.
-------------------------------------
Now, down to business. First thing we should discuss would be the packet header. Its simple, two bytes.
(BYTE) ID
(BYTE) SubID
For WOW_AUTH_INFO (my names are so origional!) this is 0x0002.
-------------------------------------
Logon Sequence:
World of WarCraft Logon Sequence:
C: Connect to us.logon.worldofwarcraft.com:3769
C: Send 0x0002 (WOW_AUTH_INFO)
S: Send 0x0000 (WOW_0000)
Notes:
Packet names with numbers in them, such as WOW_0000, haven't been investigated enough to know their meaning, so I can't name them.
This isn't complete yet, and you won't be logged into the game following this.W
-------------------------------------
Well, I don't see much to discuss other that packet formats, really. We should start with WOW_AUTH_INFO, the first packet to be sent.
Header:
(BYTE) ID (0x00)
(BYTE) SubID (0x02)
Body:
(BYTE) Unknown, Constant (0x28) [Note: Client always sends 28]
(DWORD) Game ID ("WoW" + 0x00)
(DWORD) Version Hash (0x00010601) [Historic: 0x00010600 in 1.6.0]
(BYTE) Version Byte? (0xC0) [Historic: 0x94 in 1.6.0]
(BYTE) Unknown (0x11)
(DWORD) Platform ID ("68x" + 0x00) [Research: PPC?]
(DWORD) Operating System ("niW" + 0x00) [Research: PMAC? XMAC?]
(DWORD) Language ("SUne")
(BYTE) Unknown (0x98) [Note: Safe to set to 98. Client doesn't always send 98]
(BYTE) Unknown (0xFE) [Note: Safe to set to FE. Client doesn't always send FE]
(BYTE) Unknown (0xFF) [Note: Safe to set to FF. Client doesn't always send FF]
(BYTE) Unknown (0xFF) [Note: Safe to set to FF. Client doesn't always send FF]
(BYTE) Unknown (0xAC) [Note: Safe to set to AC. Client doesn't always send AC]
(BYTE) Unknown, Constant (0x9D) [Note: Client always sends 9D]
(BYTE) Unknown, Constant (0x7C) [Note: Client always sends 7C]
(BYTE) Unknown, Constant (0xFE) [Note: Client always sends FE]
(BYTE) Unknown (0x0A) [Note: Safe to set to 0A. Client doesn't always send 0A]
(STR) Account Name ("INSANEJOEY") [Research: Why isn't this terminated?]
As you can see, theres a whole ton I don't know about this packet. I do have enough to send it correctly, however.
With WoWBuff
.InsertByte &H28
.InsertDWORD GetDWORD(modConstants.DWORDGameID)
.InsertDWORD GetDWORD(modConstants.DWORDVersion)
.InsertByte &HC0
.InsertByte &H11
.InsertDWORD GetDWORD(modConstants.DWORDPlatform)
.InsertDWORD GetDWORD(modConstants.DWORDOperSys)
.InsertDWORD GetDWORD(modConstants.DWORDLocale)
.InsertByte &H98
.InsertByte &HFE
.InsertByte &HFF
.InsertByte &HFF
.InsertByte &HAC
.InsertByte &H9D
.InsertByte &H7C
.InsertByte &HFE
.InsertByte &HA
.InsertNonNTString modConfig.AccountName
.Push &H0, &H2
.Flush frmMain.wsWoW
End With
-------------------------------------
More to come.
TODO:
WOW_AUTH_INFO (C>S 0x0002)
Research PowerPC processor DWORD.
Research MacOS X OS DWORD.
Research MacOS 9 OS DWORD, asuming thats still supported.
WOW_CHAT (C>S Unknown)
Research destination DWORD value for yelling. Asumed to be 0x000004, but I haven't tested this.
Research destination DWORD value for guild officer chat. I lead a guild on Thunderlord where I can test this.
Research why the message ID and subID keep changing. That is really annoying.
WoW is endian fucked, so it's "backwards" compared to what you'd see in Battle.net
Quote
(DWORD) Version Hash (0x00010601) [Historic: 0x00010600 in 1.6.0]
(BYTE) Version Byte? (0xC0) [Historic: 0x94 in 1.6.0]
(BYTE) Unknown (0x11)
Not quite, from what I have in my client it's just the three bytes specifiying the version. I.E.:
(Byte) 1
(Byte) 6
(Byte) 1
The next four bytes after that is the executable build number. Notice that the 0xC011 happens to be 4544 which should match your build number shown at the logon screen.
Quote
(BYTE) Unknown (0x0A) [Note: Safe to set to 0A. Client doesn't always send 0A]
(STR) Account Name ("INSANEJOEY") [Research: Why isn't this terminated?]
That byte is the length of your username, how else would the server know when to stop copying it?
Quote
0000: 00 00 00 A4 D1 6A 32 A8 B8 35 0D 7E 2E DD 81 2A ...¤Ñj2¨¸5.~.Ý?*
0010: 07 95 CE 50 C6 6A 15 50 3E EF 91 77 5A 88 A8 03 �•ÎPÆj�P>ï'wZˆ¨�
0020: C4 3F AE 01 07 20 89 4B 64 5E 89 E1 53 5B BD AD Ä?®�� ‰Kd^‰áS[½
0030: 5B 8B 29 06 50 53 08 01 B1 8E BF BF 5E 8F AB 3C [‹)�PS��±Ž¿¿^?«<
0040: 82 87 2A 3E 9B B7 C6 5A C3 A6 6A 0F DF A1 79 AB ,‡*>›·ÆZæj�ß¡y«
0050: D8 86 DC AD F6 9E E0 20 2F 65 8D 8C 16 AD 25 C5 ؆Üöžà /e?Œ�%Å
0060: 41 EE E5 BE C7 1C A1 03 9D 3C 27 60 36 1A 5F 02 Aîå¾Ç�¡�?<'`6�_�
0070: 6F E4 1C 65 D6 4F oä�eÖO..........
Extract the following in order: packet id, error code, skip next byte, server key (B, 32bytes), generator length, generator (G), modulo length, modulo (N), salt for your account (s, 32 bytes), checksum key (16 bytes, used in version check, we'll discuss that later)
Why would they include a string withought nullterminating it then specify a length?
Anyhow, nice job guys.
Quote from: Warrior on August 12, 2005, 08:22 AM
Why would they include a string withought nullterminating it then specify a length?
Anyhow, nice job guys.
It's usually easier to read the length of the string first, allocate memory for it, then actually read the string.
/me runs up to UserLoser and hug-tackles him.
EDIT -
The bot picked the perfect time to blow up (VB completely dies when I try to run it), so can you tell me if I did this right?
Never mind, I disarmed the explosive.
Quote[7:24:25 PM] World of WarCraft Research Chatbot by Joe[x86] loaded!
[7:24:25 PM] Registration passed.
[7:24:27 PM] [WWRL] Connecting to us.logon.worldofwarcraft.com:3724..
[7:24:27 PM] [WWRL] Connected!
[7:24:27 PM] [SEND] 0x0002 (WOW_AUTH_INFO)...
[7:24:27 PM] [RECV] 0x0000 (WOW_AUTH_CHALLENGE)
[7:24:27 PM] B: 0x00000000
[7:24:27 PM] G: 5736481527823200912463412246178819491513660317295005690107323775009437258391897391394106808308017742919194437160303542625583989095660615236121711634207346582432470141
[7:24:27 PM] N: 2273379765382990992853841427106363648285682357372731
[7:24:27 PM] S: 0x00370000
[7:24:27 PM] CK: 0x00000
Which brings us to our next point. What do I do instead of scream when the server sends out packets in more than once piece?
Hmm:
Check if the packet sent is the length specified, if not store whatever was sent in a temporary buffer
and the next time you recieve data append however many bytes recieved until you reach the next
header to your temporary buffer then pass that to your handler.
QuotePacket S>C 0x10CA (WOW_REALMLIST)
Header {
(BYTE) ID (0x10)
(BYTE) Sub ID (0xCA)
}
(BYTE) Unknown (0x0D)
(DWORD) Unknown (0x00)
(DWORD) Unknown (0x55000000)
(WORD) Unknown (0x0000)
For Each server {
(NTSTR) Server Name ('Eldre'Thalas') ('Shadow Council') ('Draenor')
....
I have a theroy that it's more like this:
QuotePacket S>C 0x10CA (WOW_REALMLIST)
Header {
(BYTE) ID (0x10)
(BYTE) Sub ID (0xCA)
}
(BYTE) Unknown (0x0D)
(DWORD) Unknown (0x00)
(DWORD) Number_Of_Servers (0x00000001)
For Each server {
(WORD) Unknown (0x00)
(NTSTR) Server Name ('Eldre'Thalas') ('Shadow Council') ('Draenor')
Also
55 00 00 00 = 0x00000055(85) not 0x55000000(1,426,063,360) dosent it ?
0000: 10 2F 00 00 00 00 00 01 00 00 00 00 00 55 6C 74 ./...........Ult
0010: 72 61 20 57 6F 57 00 37 30 2E 38 36 2E 34 37 2E ra WoW.70.86.47.
0020: 31 34 36 3A 38 30 38 35 00 00 00 00 3F 00 01 00 146:8085....?...
0030: 02 00 ..yes im using a emulated server, but dont yell at me, I cant afford the time cards.
~-~(HDX)~-~
Could the Unknown be a telling if its pvp?
Quote from: Vote Joe! on August 12, 2005, 08:25 PM
Which brings us to our next point. What do I do instead of scream when the server sends out packets in more than once piece?
I do not recall that at all in the logon protocol, so maybe you're doing something wrong...and those variables the server sent you look horribly wrong.
Blaze, yes. On the list, it tells if its PvE (Normal), RP, or PvP.
UserLoser, 200 million bucks says its on my side.
Case &H0
Call AddChat(frmMain.rtbChat, True, vbGreen, "[RECV] 0x0000 (WOW_AUTH_CHALLENGE)")
With WoWDebuff
.Buffer = S
.RemoveVoid 2 'Remove PacketID and ErrorCode
.RemoveVoid 1 'Remove byte
Dim Temp As Variant
Dim B As Long, G() As String, N() As String, Salt As Long, CK As Integer
Let B = .RemoveDWORD
Call AddChat(frmMain.rtbChat, True, vbYellow, "B: 0x" & Right("00000000" & Hex(ServerKey), 8))
Let Temp = .RemoveVoid(Asc(.RemoveVoid(1)))
ReDim G(1 To Len(Temp))
For i = 1 To Len(Temp)
G(i) = Mid(Temp, i, 1)
Next i
Call AddChat(frmMain.rtbChat, True, vbYellow, "G: " & ToHex(Join(G, "")))
Let Temp = .RemoveVoid(Asc(.RemoveVoid(1)))
ReDim N(1 To Len(Temp))
For i = 1 To Len(Temp)
N(i) = Mid(Temp, i, 1)
Next i
Call AddChat(frmMain.rtbChat, True, vbYellow, "N: " & ToHex(Join(N, "")))
Salt = .RemoveDWORD
Call AddChat(frmMain.rtbChat, True, vbYellow, "S: 0x" & Right("00000000" & Hex(Salt), 8))
ChecksumKey = .RemoveWORD
Call AddChat(frmMain.rtbChat, True, vbYellow, "CK: 0x" & Right("0000" & Hex(ChecksumKey), 8))
'00 00 00 A4 D1 6A 32 A8 B8 35 0D 7E 2E DD 81 2A
'07 95 CE 50 C6 6A 15 50 3E EF 91 77 5A 88 A8 03
'C4 3F AE 01 07 20 89 4B 64 5E 89 E1 53 5B BD AD
'5B 8B 29 06 50 53 08 01 B1 8E BF BF 5E 8F AB 3C
'82 87 2A 3E 9B B7 C6 5A C3 A6 6A 0F DF A1 79 AB
'D8 86 DC AD F6 9E E0 20 2F 65 8D 8C 16 AD 25 C5
'41 EE E5 BE C7 1C A1 03 9D 3C 27 60 36 1A 5F 02
'6F E4 1C 65 D6 4F
End With
Checksum key is also 16 bytes not bits
Meh, Just thought I'd Finish this one up:
QuoteMessage ID: 0x00
Message SubID: 0x02
Message Name: WOW_AUTH_INFO
Format:
(BYTE) ID
(BYTE) SubID
(WORD) Data Lengeth
(DWORD) Product ID
(Byte) EXE Major ver
(Byte) EXE Minor ver
(Byte) EXE Revision number
(WORD) EXE Build number
(DWORD) Platform ID
(DWORD) OS abbreaveation
(DWORD) LanguageID
(DWORD) TimeZone offset
(DWORD) Local IP
(BYTE) Username Lengeth
(VOID) Username
Remarks:
The Data lengeth field is of all the data following it, not including the ID, SubID, or It's own field.
And easy way to determin this is simply Lengeht of the username + 30
This is an example of how I used it:/ why you want this iono :P
Public Sub Build_WOW_AUTH_INFO(sExePath As String, sUsername As String)
With pOut
.iBYTE 0 'ID
.iBYTE 2 'SubID
.iWORD Len(sUsername) + 30 'Data lengeth - header
.iDWORD &H576F57 'ProdID ("WoW")
Dim sVerParts() As String
sVerParts = Split(Replace(GetVersionInfo(sExePath), Space(1), vbNullString), ",", 4)
'^~~~Get the ver info, GetVersionInfo() returns a string such as this: 1, 6, 0, 4500
'Extracted form the EXE under the \StringFileInfo\000004B0\FileVersion property.
.iBYTE Val(sVerParts(0)) 'Major ver
.iBYTE Val(sVerParts(1)) 'Minor ver
.iBYTE Val(sVerParts(2)) 'Revis ver
.iWORD Val(sVerParts(3)) 'Build ver
.iDWORD &H783836 'PlatformID ("86x")
.iDWORD &H57696E 'OS ("niW")
.iDWORD &H656E5553 'Language ("SUne")
.iDWORD -480 'Time sone offset in minuets (-8 UTC)
.iDWORD &HA00A8C0 'Local IP address ("192.168.0.10")
.iBYTE Len(sUsername) 'Lengeth of Username
.iVoid sUsername 'Username
End With
End SubUL do me a favor, GET ON AIM!! i wana talk to you.
Currently know ID's and Lengeths asociated with them:
0x00 = 118
0x01 = 26
I have NEVER seen either of those packets with a diffrent lengeth.
~-~(HDX)~-~
Stickied. Eventually this thread may go into the depths of the void, I want it to be seen.
Quote[2:24:49 PM] [RECV] 0x0000 (WOW_AUTH_CHALLENGE)
[2:24:49 PM] SK: 0x3ED8B5DFBC56BED82E7F412AFFFBA329FA57D491744910E6B1BADCBD79CB0E2C
[2:24:49 PM] GLen: 1
[2:24:49 PM] G: 0x07
[2:24:49 PM] NLen: 32
[2:24:49 PM] N: 0xB79B3E2A87823CAB8F5EBFBF8EB10108535006298B5BADBD5B53E1895E644B89
[2:24:49 PM] S: 0x0000000000000000000000000000000000000000000000000000000000000000
[2:24:49 PM] ck: 0xAAA1146648D060F57286875C1FB3AED9
[2:24:49 PM] Packet Len: 118 Data:
[2:24:49 PM] 0000: 00 00 00 2C 0E CB 79 BD DC BA B1 E6 10 49 74 91 ...,�Ëy½Üº±æ�It'
[2:24:49 PM] 0010: D4 57 FA 29 A3 FB FF 2A 41 7F 2E D8 BE 56 BC DF ÔWú)£ûÿ*A.ؾV¼ß
[2:24:49 PM] 0020: B5 D8 3E 01 07 20 89 4B 64 5E 89 E1 53 5B BD AD µØ>�� ‰Kd^‰áS[½
[2:24:49 PM] 0030: 5B 8B 29 06 50 53 08 01 B1 8E BF BF 5E 8F AB 3C [‹)�PS��±Ž¿¿^?«<
[2:24:49 PM] 0040: 82 87 2A 3E 9B B7 00 00 00 00 00 00 00 00 00 00 ,‡*>›·..........
[2:24:49 PM] 0050: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
[2:24:49 PM] 0060: 00 00 00 00 00 00 D9 AE B3 1F 5C 87 86 72 F5 60 ......Ù®³�\‡†rõ`
[2:24:49 PM] 0070: D0 48 66 14 A1 AA ÐHf�¡ª..........
Look about right?
Now,
Quote192.168.0.10:2982 -> 70.68.47.146:3724 SENT Data Len: 74
0000: 01 AE 37 B7 EC B4 DF 74 78 43 7D A9 C3 E2 53 AD .®7·ì´ßtxC}©ÃâS
0010: 5A 78 99 7C 34 02 76 15 0D 89 27 E9 55 46 EB C6 Zx™|4.v..‰'éUFëÆ
0020: A0 86 FB AB 2A E8 79 FA 10 7D 9D 99 6A 72 52 22 †û«*èyú.}?™jrR"
0030: F7 11 C2 DD A5 A4 BA E4 D5 A5 84 23 58 87 43 F7 ÷.ÂÝ¥¤ºäÕ¥,,#X‡C÷
0040: C5 3F 99 5F BE B6 DA 51 52 00 Å?™_¾¶ÚQR.
this is the packet used for sending the hashed password data. Now i've been looking at WoW.exe in IDa for hrs.. Cant find it anywhere. Any tips UL?
~-~(HDX)~-~
Quote[8:29:19 PM] [RECV] 0x0000 (WOW_AUTH_CHALLENGE)
[8:29:19 PM] B: 3052598809479962165910969052173007229413931598887534138377729764
[8:29:19 PM] G: 07
[8:29:19 PM] N: 3775009437258391897391394106808308017742919194437160303542625583
[8:29:19 PM] S: 9890956606152361217116342073465824324701414022733797653829909928
[8:29:19 PM] CK: 44540083548842031422722779152198
Better, UserLoser?
Also, if anyone needs a job to do, I'm updating the TODO list in the second post (first page).
Hdx: Looks good except your account doesn't exist (salt is 0)
Quote from: Vote Joe! on August 13, 2005, 09:20 PM
Quote[8:29:19 PM] [RECV] 0x0000 (WOW_AUTH_CHALLENGE)
[8:29:19 PM] B: 3052598809479962165910969052173007229413931598887534138377729764
[8:29:19 PM] G: 07
[8:29:19 PM] N: 3775009437258391897391394106808308017742919194437160303542625583
[8:29:19 PM] S: 9890956606152361217116342073465824324701414022733797653829909928
[8:29:19 PM] CK: 44540083548842031422722779152198
Better, UserLoser?
Also, if anyone needs a job to do, I'm updating the TODO list in the second post (first page).
Yes, better.
I asume Hdx's problem is that he is using a fake server.
EDIT -
UL, I asume you know the format of WOW_AUTH_PROOF (the one Hdx posted), right?
Quote from: Vote Joe! on August 14, 2005, 01:02 AM
I asume Hdx's problem is that he is using a fake server.
Bingo was his name-o!
UL, that is my problem, But it's not going to change in the near future, so w/e.
So anything I post S->C wise should not be taken as definitive, BUT please note that it DOES work with the client, So it still helps int he research. Anything that I post I HOPE is double/tripple checked froma real server.
Just cuz i'm on a emu server dosent mean The packets arnt the same. All'be-it that some of the information is omitted(nulled) but I can still help.
~-~(HDX)~-~
Quote from: Vote Joe! on August 14, 2005, 01:02 AM
I asume Hdx's problem is that he is using a fake server.
EDIT -
UL, I asume you know the format of WOW_AUTH_PROOF (the one Hdx posted), right?
Yes, I have them all somewhere here..I'll get back to you later....And where do you get this name WOW_AUTH_PROOF from? IIRC, that is *not* what is lingering around in WoW.exe...
He's too lazy to dissaseble so he makes up the names
QuoteClientLink:
0x01 CMD_AUTH_LOGON_PROOF
0x02 CMD_AUTH_RECONNECT_CHALLENGE
0x03 CMD_AUTH_RECONNECT_PROOF
0x10 CMD_REALM_LIST
0x30 CMD_XFER_INITIATE
0x31 CMD_XFER_DATA
ServerLink:
0x02 CMD_GRUNT_AUTH_VERIFY
0x10 CMD_GRUNT_CONN_PING
0x11 CMD_GRUNT_CONN_PONG
0x20 CMD_GRUNT_HELLO
0x21 CMD_GRUNT_PROVESESSION
0x24 CMD_GRUNT_KICK
ClientLink I beleave is
C->S and ServerLink is S->C the logen server, and ServerLink is In-game 0.o??
~-~(HDX)~-~
Warrior is totally right. I figured that the packet names weren't in the disassembly, so I decided to make them up.
Quote from: Vote Joe! on August 14, 2005, 10:24 PM
Warrior is totally right. I figured that the packet names weren't in the disassembly, so I decided to make them up.
That will only cause confusion...
Didn't know they were in the client. I suppose I'll use the real ones, now that I know.
Quote from: Vote Joe! on August 15, 2005, 12:58 AM
Didn't know they were in the client. I suppose I'll use the real ones, now that I know.
Just an FYI, while it might cause less confusion, it's something that you could potentially be hit with in terms of copyright violation.
I was talking to one of the leaders at WDDG, a group I've been working with (they're developing Ludmilla, a general MMO server app; the first server they're developing for it is WoW), and he said that they've been going over every precaution to be sure they can't lose if Blizzard was to file a lawsuit (if you look, even on their website and forums, WoW is written out "W@W," even in user posts).
Quote from: MyndFyre on August 15, 2005, 11:05 AM
Quote from: Vote Joe! on August 15, 2005, 12:58 AM
Didn't know they were in the client. I suppose I'll use the real ones, now that I know.
Just an FYI, while it might cause less confusion, it's something that you could potentially be hit with in terms of copyright violation.
I was talking to one of the leaders at WDDG, a group I've been working with (they're developing Ludmilla, a general MMO server app; the first server they're developing for it is WoW), and he said that they've been going over every precaution to be sure they can't lose if Blizzard was to file a lawsuit (if you look, even on their website and forums, WoW is written out "W@W," even in user posts).
We've been using names of Battle.net & Blizzard things for years now... Do you really think that Blizzard will go after a single individual (or a few) for writing a client to their service (which costs money to use!)?!
No, but if the situation gets out of hand, say, someone makes a flood bot, the researchers who lead to that floodbot being developed can be, in some twisted reality called the internet, be held responsible.
For no aparent reason, I'm collecting backversions of the WoW.exe files. So far I have...
WoW 1.4.2.exe
WoW 1.5.0.exe
WoW 1.5.1.exe
WoW 1.6.0.exe
WoW 1.6.1.exe
Anyone have any others? I think thats all of them except WoW 1.4.1.exe on back.
Quote from: Vote Joe! on August 15, 2005, 12:38 PM
No, but if the situation gets out of hand, say, someone makes a flood bot, the researchers who lead to that floodbot being developed can be, in some twisted reality called the internet, be held responsible.
A floodbot? Only an idiot would do that, and it's a fact at this moment in time that no idiots have access to the code which would give them the ability to flood or spam anything. Where as for Battle.net, any idiot can do anything as long as they know how to copy and paste since people make things open source. Now if someone made an open source WoW bot under GPL or whatever the hell it's called, I can see maybe Blizzard caring
Seeing as how this time I'm the one (well, we are) doing the disassembling, I'm not releasing my bot open source. I will, however, release my research, like in a BnetDocs type document.
Anyhow, I was screwing arround with IDA, and eventually wrote some VB stuff to sift through the strings output, and ended up with these two files.
http://www.javaop.com/~joe/wow/SourceCodeFiles.txt (Rather useless, but oh well.)
http://www.javaop.com/~joe/wow/MethodUsage.txt (Can you say JACKPOT?)
Does this mean you guys are making a wow bot to play the game for you?
No, and if your read all the posts, you would understand that. They are just trying to understand all of the packets for WoW as we have for Starcraft, Diablo and Warcraft.
Bump. UserLoser, did you find those auth documents?
I've recieved (mythix recieved, rather) a DMCA takedown notice regaurding my published work. Due to lack of interest, this project is officially suspended. However, if anyone is willing to help, I'm back in.
How?
How what? I asume you mean the DMCA takedown?
http://www.x86labs.org/forum/index.php/topic,3139.0.html
QuoteRE: http://www.javaop.com/~joe/wow/ - Please see the end of this email for a
list of files on this site. This site being targeted for distributing our source
code.
Dear Sir or Madam,
Recently, we have received an increasing amount of feedback from our customers
in regard to the probable copyright infringement of Diablo, Diablo II,
Starcraft, Warcraft II: Battle.net Edition, Warcraft III and World of Warcraft
products (each, a "Program") on the Internet. We here at Blizzard share the
concerns that many gamers are voicing. In this regard, we have contacted one of
your users in connection with the aforementioned site and the infringement of
Blizzard intellectual property.
Please note that all title, ownership, and intellectual property rights in and
to each Program and any and all copies thereof (including, but not limited to,
any titles, computer code, objects, characters, character names, stories,
dialog, catch phrases, locations, artwork, animations, sounds, musical
compositions, audio-visual effects, methods of operation, any related
documentation, and "applets" incorporated into a Program) are owned by Blizzard
Entertainment or its licensors. Each Program is protected by the trademark and
copyright laws of the United States, international copyright treaties and
conventions, and other laws. Blizzard reserves all rights in each Program,
except those rights granted by Blizzard in writing. Each Program contains
certain licensed materials, and Blizzard's licensors may protect their rights or
rely on Blizzard to protect those rights in the event of any violation of the
end user license agreement and copyright law.
As part of our effort to protect all proprietary rights related to Diablo,
Diablo II, Starcraft, Warcraft, Warcraft II: Battle.net Edition, Warcraft III
and World of Warcraft, we would like you to promptly remove all materials
infringing onand/or all materials which allow others to infringe on the
copyrights and/or trademarks of Blizzard Entertainment's products from the
aforementioned site which you host or disable access to such site. This includes
any unauthorized software, artwork, images, sounds or derivative works thereof
that may be on the aforementioned site. Additionally, we would appreciate it if
you would communicate this request to those individuals involved in the creation
and maintenance of your web site.
Please be advised that at this time you have forty eight (48) hours in which to
comply with our request otherwise we will be forced to pursue formal action. We
would like to thank you in advance for choosing to work with us in a unified
effort to promote the integrity of our games and the well being of our online
gaming community.
If you require formal notice pursuant to the Digital Millennium Copyright
(DMCA), please let us know and we will have our attorney provide such notice.
Files:
http://www.javaop.com/~joe/wow/MethodUsage.txt
http://www.javaop.com/~joe/wow/SourceCodeFiles.txt
http://www.javaop.com/~joe/wow/checkversion.txt
http://www.javaop.com/~joe/wow/packet_formats.txt
http://www.javaop.com/~joe/wow/talkpacket.txt
http://www.javaop.com/~joe/wow/wow_auth_info_fields.txt
http://www.javaop.com/~joe/wow/wow_header.txt
http://www.javaop.com/~joe/wow/wow_protocol.txt
Regards,
Anti-Piracy Team
Blizzard Entertainment
http://www.blizzard.com/support
If you respond to this email, please attach all previous messages and files
relating to this issue.
However, iago made an interesting point.
QuoteI still stand by my initial assessment that there's nothing illegal there, but it's easier to just do what they say than pursue a legal battle.
Last, but not least, I have the entire /wow folder saved on my computer, if anyone wants it.
I presume that a legal battle is beyond your means, which is fair enough, but it might be worth asking them exactly how those files infringe their copyrights. IIRC Stealth managed to work something out with them when they sent a takedown for Stealthbot. It can't hurt to ask for more details, especially if you cooperate temporarily. You might also want to contact the EFF and ask their advice.
It strikes me as odd that they didn't just send you a DMCA notice. That's how I believe Blizzard has worked in the past. How did you receive this notice? E-mail would surprise me as well. I believe legal notices (I realize this isn't one, but meh) would only be sent by certified mail. Did you examine the e-mail headers? Further, when Blizzard contacts you, they generally include the name of the representative that sent you the email. That's been my experience at least.
I'll contact mythix about that. But yeah, it was going nowhere anyhow.
Arta, the thing is, this is reverse engineering which is against their TOS and EULA, and EULAs are (IIRC) legally inforceable.
Quote from: Joe on October 04, 2005, 05:24 PM
Arta, the thing is, this is reverse engineering which is against their TOS and EULA, and EULAs are (IIRC) legally inforceable.
That's still under debate.
Yeah. People not knowing if Federal laws superceding user-coperation agreements annoys me. Corperations need to STFU.
Quote from: rabbit on October 05, 2005, 04:40 PM
Yeah. People not knowing if Federal laws superceding user-coperation agreements annoys me. Corperations need to STFU.
What is a contract besides a waiver of rights or promise of delivery?
In the UK, at any rate, there are certain statutes that cannot be overridden by a contract. These exist either where the statute says the right cannot be signed away, or where a court has decided that a right is important enough not to be waivable. The right to reverse engineer, subject to certain conditions, is a right that cannot be waived here. In the UK, all those EULA clauses that prohibit reverse engineering are not valid, and would be ignored by a court.
Contract law is tricky: it's much more than a simply promise of delivery or waiver of rights.
Now, if I got a web host in the UK and I hosted my stuff there, would Blizzard be able to do anything about it?
Yes. You're in the US and thus are subject to US law. If Blizzard were to send a takedown to your UK host, they could ignore it completely. You, however, could not.
The one who recieved this was Mythix, the owner of www.javaop.com. The stuff itself was hosted in Canada on iago's server. Was I really required to take it down, as nothing resides in the United States except the domain name?
Yes. You reside in the US. That's the point :)
So if I did all my disassembly on a box in Canada via VNC and went anonymous.. wow, mock trial is fun. =)
Quote from: Joe on October 08, 2005, 02:05 PM
So if I did all my disassembly on a box in Canada via VNC and went anonymous.. wow, mock trial is fun. =)
That'd just make you paranoid, :)
No moreso than iago.
No offence, but nobody can beat iago. Hes afraid someone might root him by exploiting my php. =p
Quote from: Joe on October 09, 2005, 08:22 PM
No offence, but nobody can beat iago. Hes afraid someone might root him by exploiting my php. =p
lol
Joe, you didn't find anything that wasn't already public or useful, and some of the stuff you "found" is even on the WoW website. :-[
Quote from: Blaze on October 12, 2005, 11:07 PM
Joe, you didn't find anything that wasn't already public or useful, and some of the stuff you "found" is even on the WoW website. :-[
Such as? (And link?)
If anyone is interested in collaborating on this, and actually getting something that can log on, chat, and possibly check in-game mail (at the very least), contact me via PM. I have terms for the project, but I also have access to something we can use for testing without getting our accounts banned.
How about getting those documents UserLoser?
EDIT -
.iBYTE Len(sUsername) 'Lengeth of Username
.iVoid sUsername 'Username
It'd be easier to refer to that as a pascal string instead of a byte+void.
Does anyone have a copy of my documents? I managed to lose them.
GG Joe. Yeah I have them. I'll send them back using the email you used to send them to me.
Thanks.
Some progress has been made with this, and so far I am able to log into the authentication server and request a realm list. I haven't had the time to look further into this since, but I'll repost: if anyone is interested in working on this, let me know by e-mail, AIM, or MSN (details in my profile).