phaneron/Kelsidavis-WoWee
1
0
Fork 0
mirror of https://github.com/Kelsidavis/WoWee.git synced 2026-04-04 04:03:52 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

fix: replace placeholder Warden RSA modulus with real Blizzard key

Browse source 
Replace the incorrectly extracted RSA-2048 modulus (which contained
the exponent bytes embedded inside it) with the verified Blizzard
public key used across all pre-Cataclysm clients (1.12.1, 2.4.3,
3.3.5a).

Key confirmed against two independent sources:
- namreeb/WardenSigning ClientKey.hpp (72 verified sniffed modules)
- SkullSecurity wiki Warden_Modules documentation

The modulus starts with 0x6BCE F52D... and ends with ...03F4 AFC7.
Exponent remains 65537 (0x010001).

Verification algorithm: SHA1(module_data + "MAIEV.MOD"), 0xBB-padded
to 256 bytes, RSA verify-recover with raw (no-padding) mode.

Signature failures are non-fatal (log warning, continue loading) so
private-server modules signed with custom keys still work. This is
necessary because servers like ChromieCraft/AzerothCore may use their
own signing keys.

Also update warden_module.hpp status: all implementation items now .
This commit is contained in:
Kelsi 2026-03-30 22:50:47 -07:00
parent 88d047d2fb
commit 32bb0becc8
2 changed files with 30 additions and 33 deletions
Download patch file Download diff file Expand all files Collapse all files

10
include/game/warden_module.hpp
View file

@ -39,17 +39,17 @@ struct WardenFuncList {
* IMPLEMENTATION STATUS:
* Module metadata parsing and validation
* RC4 decryption (WardenCrypto)
* RSA-2048 signature verification (OpenSSL EVP placeholder modulus)
* RSA-2048 signature verification (OpenSSL EVP real Blizzard modulus)
* zlib decompression
* Custom executable format parsing (3 pair-format variants)
* Address relocation (delta-encoded fixups)
* x86 emulation via Unicorn Engine (cross-platform)
* Client callbacks (sendPacket, validateModule, generateRC4)
* API binding / IAT patching (stub module imports not yet resolved)
* RSA modulus needs verification against real WoW.exe build
* API binding / IAT patching (parses import table, auto-stubs unknown APIs)
* RSA modulus verified (Blizzard key, same across 1.12.1/2.4.3/3.3.5a)
*
* For strict servers, the API binding stub may cause module init to fail.
* For permissive servers, fake responses in WardenHandler work.
* Non-fatal verification: RSA mismatch logs warning but continues loading,
* so private-server modules signed with custom keys still work.
*/
class WardenModule {
public: