It's very cool to program a mechanism or software module to make it do your will. With similar thoughts at the end of 2018, I was thinking that I want to make my own WoW server, which will be completely controlled by me. Having studied the C ++ source codes for MANGOS , I came to the conclusion that I cannot take and implement all my ideas like this, without understanding how an MMO RPG server works from start to finish. And for this purpose, I decided to implement my own engine. From scratch.
To begin with, at the beginning I only had the source code from the documentation. I searched the forums bit by bit for answers to my many questions (in this regard - a huge respect to the MANGOS community , - a very responsive team). In total, it took several months before, by trial and error, I implemented my first working prototype of the Login server - and was able to get to the character selection screen.
In short, the Login Server (like authentication in the WoW client) is built on the use of the SRP algorithm . The description of the algorithm is beyond the scope of the article, but in short, it allows you to identify the user without sending the password to the server, so that the password (even in cached form) can not be stored on the server. Even desirable .
The encryption algorithm of the World server most likely differs from client to client (I made this conclusion when I briefly studied the source code of the WoW 3.3.5a server ). I was developing a server for WoW version 2.4.3. Something like the Caesar cipher is used there . Although more often (in the source) you can find the name HeaderCrypt or Wowcrypt.
In version 2.4.3, the first 6 bytes are encrypted: size (2) and opcode (4) of each packet on the World server ( except for the first packet ). Accordingly, if you intercept a packet (sniff), you will not be able to determine which opcode it will be sent to. And if the packet is large, then it can be split into several, and in order to get them out of the buffer correctly, these very first 2 bytes ( size ) are needed .
The process of logging into the server can be briefly described as follows:
Login SRP (session key), / (crypto key). "send auth request" (. ). auth response, - , . Auth response - , crypto key. - .
World - , , ( ), (size) (opcode) >= size, ( ) size . . Update Packet. .
. - , ( ) . .
-, Python 3 (asyncio + SQLAlchemy). , SQLAlchemy - , , - ( ). .
-, . ( ) (manager), , : Item, Player, Unit .. .. Player, PlayerManager, . . , MANGOS ( C++, ). - SQLAlchemy - , . , , .
-, - handler - . . () ( + - ), .
-, MANGOS , ( ?). (, ). , - , , ( blizzlike) WoW.
, , .
,
/
/
/ (/)
-
MMO RPG , (, Login + World , - , - ..), , (, web , ). ( ). .
, , , . , , . .