From 280c6ffa1d2a33b76f014b74b44c7f44de4768cb Mon Sep 17 00:00:00 2001
From: Kelsi <kelsihates2fa@gmail.com>
Date: Fri, 13 Feb 2026 01:10:02 -0800
Subject: [PATCH] Use legacy LOGON_PROOF format for auth protocol < 8

---
 Data/expansions/classic/expansion.json |  2 +-
 Data/expansions/tbc/expansion.json     |  2 +-
 Data/expansions/turtle/expansion.json  |  2 +-
 include/auth/auth_packets.hpp          |  3 +++
 src/auth/auth_handler.cpp              | 21 +++++++++++++--------
 src/auth/auth_packets.cpp              | 17 +++++++++++++++++
 6 files changed, 36 insertions(+), 11 deletions(-)

diff --git a/Data/expansions/classic/expansion.json b/Data/expansions/classic/expansion.json
index b8d3181e..606a9aaf 100644
--- a/Data/expansions/classic/expansion.json
+++ b/Data/expansions/classic/expansion.json
@@ -4,7 +4,7 @@
   "shortName": "Classic",
   "version": { "major": 1, "minor": 12, "patch": 1 },
   "build": 5875,
-  "protocolVersion": 8,
+  "protocolVersion": 3,
   "maxLevel": 60,
   "races": [1, 2, 3, 4, 5, 6, 7, 8],
   "classes": [1, 2, 3, 4, 5, 7, 8, 9, 11]
diff --git a/Data/expansions/tbc/expansion.json b/Data/expansions/tbc/expansion.json
index c3af88cf..025f9a9b 100644
--- a/Data/expansions/tbc/expansion.json
+++ b/Data/expansions/tbc/expansion.json
@@ -4,7 +4,7 @@
   "shortName": "TBC",
   "version": { "major": 2, "minor": 4, "patch": 3 },
   "build": 8606,
-  "protocolVersion": 8,
+  "protocolVersion": 5,
   "maxLevel": 70,
   "races": [1, 2, 3, 4, 5, 6, 7, 8, 10, 11],
   "classes": [1, 2, 3, 4, 5, 6, 7, 8, 9, 11]
diff --git a/Data/expansions/turtle/expansion.json b/Data/expansions/turtle/expansion.json
index 989c21e1..6799dd66 100644
--- a/Data/expansions/turtle/expansion.json
+++ b/Data/expansions/turtle/expansion.json
@@ -4,7 +4,7 @@
   "shortName": "Turtle",
   "version": { "major": 1, "minor": 12, "patch": 1 },
   "build": 5875,
-  "protocolVersion": 8,
+  "protocolVersion": 3,
   "locale": "enGB",
   "maxLevel": 60,
   "races": [1, 2, 3, 4, 5, 6, 7, 8],
diff --git a/include/auth/auth_packets.hpp b/include/auth/auth_packets.hpp
index ffe603a5..fefabc6c 100644
--- a/include/auth/auth_packets.hpp
+++ b/include/auth/auth_packets.hpp
@@ -60,6 +60,9 @@ class LogonProofPacket {
 public:
     static network::Packet build(const std::vector<uint8_t>& A,
                                   const std::vector<uint8_t>& M1);
+    // Legacy (protocol < 8): A(32) + M1(20) + crc(20) + number_of_keys(1). No securityFlags byte.
+    static network::Packet buildLegacy(const std::vector<uint8_t>& A,
+                                       const std::vector<uint8_t>& M1);
     static network::Packet build(const std::vector<uint8_t>& A,
                                   const std::vector<uint8_t>& M1,
                                   uint8_t securityFlags,
diff --git a/src/auth/auth_handler.cpp b/src/auth/auth_handler.cpp
index 2926d866..bd7d428d 100644
--- a/src/auth/auth_handler.cpp
+++ b/src/auth/auth_handler.cpp
@@ -236,15 +236,20 @@ void AuthHandler::sendLogonProof() {
         }
     }
 
-    auto packet = LogonProofPacket::build(A, M1, securityFlags_, pinClientSaltPtr, pinHashPtr);
-    socket->send(packet);
+    // Protocol < 8 uses a shorter proof packet (no securityFlags byte).
+    if (clientInfo.protocolVersion < 8) {
+        auto packet = LogonProofPacket::buildLegacy(A, M1);
+        socket->send(packet);
+    } else {
+        auto packet = LogonProofPacket::build(A, M1, securityFlags_, pinClientSaltPtr, pinHashPtr);
+        socket->send(packet);
 
-    if (securityFlags_ & 0x04) {
-        // TrinityCore-style Google Authenticator token: send immediately after proof.
-        // Token is typically 6 digits.
-        const std::string token = pendingSecurityCode_;
-        auto tokPkt = AuthenticatorTokenPacket::build(token);
-        socket->send(tokPkt);
+        if (securityFlags_ & 0x04) {
+            // TrinityCore-style Google Authenticator token: send immediately after proof.
+            const std::string token = pendingSecurityCode_;
+            auto tokPkt = AuthenticatorTokenPacket::build(token);
+            socket->send(tokPkt);
+        }
     }
 
     setState(AuthState::PROOF_SENT);
diff --git a/src/auth/auth_packets.cpp b/src/auth/auth_packets.cpp
index 35babd8d..0082efa9 100644
--- a/src/auth/auth_packets.cpp
+++ b/src/auth/auth_packets.cpp
@@ -165,6 +165,23 @@ network::Packet LogonProofPacket::build(const std::vector<uint8_t>& A,
     return build(A, M1, 0, nullptr, nullptr);
 }
 
+network::Packet LogonProofPacket::buildLegacy(const std::vector<uint8_t>& A,
+                                              const std::vector<uint8_t>& M1) {
+    if (A.size() != 32) {
+        LOG_ERROR("Invalid A size: ", A.size(), " (expected 32)");
+    }
+    if (M1.size() != 20) {
+        LOG_ERROR("Invalid M1 size: ", M1.size(), " (expected 20)");
+    }
+
+    network::Packet packet(static_cast<uint16_t>(AuthOpcode::LOGON_PROOF));
+    packet.writeBytes(A.data(), A.size());
+    packet.writeBytes(M1.data(), M1.size());
+    for (int i = 0; i < 20; ++i) packet.writeUInt8(0); // CRC hash
+    packet.writeUInt8(0); // number of keys
+    return packet;
+}
+
 network::Packet LogonProofPacket::build(const std::vector<uint8_t>& A,
                                          const std::vector<uint8_t>& M1,
                                          uint8_t securityFlags,