Open 0blu opened 1 week ago
This is just a thought, that I might test myself when I have time.
In realmd the VersionChallenge is used to check if any client modifications are made. Since generating a hash for the gameclient data is compute expensive and requires the server to have the client data, a custom project is used to precompute this HMAC. (vmangos/LoginHashCalculator) The key of this HMAC is hardcoded in this project. https://github.com/vmangos/LoginHashCalculator/blob/3f9c1e97c0faebfd4dee8583df1ef6c479e6f16b/LoginHashCalculator/main.cpp#L20
realmd
VersionChallenge
The key is currently also hardcoded in AuthSocket of realmd. https://github.com/vmangos/core/blob/a1cd3abd4a9200c6f0549a5152c1513af78da9fc/src/realmd/AuthSocket.cpp#L184
AuthSocket
It might be possible to generate a HMAC with a NULL key and store this result in the DB. When a new user connects to realmd a new key is generated and applied to hash in the DB.
NULL
This is just a thought, that I might test myself when I have time.
In
realmdtheVersionChallengeis used to check if any client modifications are made. Since generating a hash for the gameclient data is compute expensive and requires the server to have the client data, a custom project is used to precompute this HMAC. (vmangos/LoginHashCalculator) The key of this HMAC is hardcoded in this project. https://github.com/vmangos/LoginHashCalculator/blob/3f9c1e97c0faebfd4dee8583df1ef6c479e6f16b/LoginHashCalculator/main.cpp#L20The key is currently also hardcoded in
AuthSocketofrealmd. https://github.com/vmangos/core/blob/a1cd3abd4a9200c6f0549a5152c1513af78da9fc/src/realmd/AuthSocket.cpp#L184It might be possible to generate a HMAC with a
NULLkey and store this result in the DB. When a new user connects torealmda new key is generated and applied to hash in the DB.