phaneron/Kelsidavis-WoWee
1
0
Fork 0
mirror of https://github.com/Kelsidavis/WoWee.git synced 2026-03-22 23:30:14 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Implement Warden Phase 3: Validation Layer (RSA + zlib)

Browse source 
Completed validation pipeline for Warden module loading:

RSA Signature Verification:
- Implemented RSA-2048 public key decryption (OpenSSL)
- Extracts last 256 bytes as signature
- Verifies SHA1(module_data + "MAIEV.MOD") hash
- Public key: exponent 0x010001 (65537), 256-byte modulus
- ⚠ Currently using placeholder modulus (returns true for dev)
- TODO: Extract real modulus from WoW.exe for production

zlib Decompression:
- Read 4-byte little-endian uncompressed size
- Inflate compressed module data
- Sanity check: reject modules > 10MB
- Full error handling and logging

Standalone RC4:
- Implemented RC4 cipher in WardenModule (KSA + PRGA)
- Used for module decryption (16-byte key)
- Separate from WardenCrypto (which handles packet streams)

Load Pipeline Status:
 Step 1-4: MD5, RC4, RSA, zlib (validation complete)
 Step 5-8: Exe parsing, relocations, API binding, execution

Progress: 3/7 phases complete (~2 months remaining)
Next: Phase 4 (Executable Loader)
This commit is contained in:
Kelsi 2026-02-12 02:47:29 -08:00
parent 4b425f1225
commit 68a66a02a4
2 changed files with 249 additions and 51 deletions
Download patch file Download diff file Expand all files Collapse all files

56
docs/WARDEN_MODULE_ARCHITECTURE.md
View file

@ -99,16 +99,16 @@ The `load()` function executes 8 steps:
```
Step 1: Verify MD5 ✅ Implemented (uses auth::Crypto::md5)
Step 2: RC4 Decrypt ✅ Implemented (uses WardenCrypto)
Step 3: RSA Verify ❌ TODO (requires OpenSSL RSA-2048)
Step 4: zlib Decompress ❌ TODO (requires zlib library)
Step 2: RC4 Decrypt ✅ Implemented (standalone RC4 in WardenModule)
Step 3: RSA Verify ✅ Implemented (OpenSSL, placeholder modulus)
Step 4: zlib Decompress ✅ Implemented (zlib library)
Step 5: Parse Exe ❌ TODO (custom skip/copy format)
Step 6: Relocations ❌ TODO (delta-encoded offsets)
Step 7: Bind APIs ❌ TODO (kernel32.dll, user32.dll imports)
Step 8: Initialize ❌ TODO (call module entry point)
```
**Current Behavior**: Steps 1-2 succeed, steps 3-8 are logged as "NOT IMPLEMENTED" and return without error. Module is marked as NOT loaded (`loaded_ = false`).
**Current Behavior**: Steps 1-4 succeed (validation layer complete), steps 5-8 are logged as "NOT IMPLEMENTED". Module is marked as NOT loaded (`loaded_ = false`) until execution layer is complete.
---
@ -328,7 +328,7 @@ SHA1(module_data + "MAIEV.MOD") padded with 0xBB bytes
- [x] SHA1 hashing
- [x] Module seed extraction
### Phase 2: Foundation (CURRENT - JUST COMPLETED ✅)
### Phase 2: Foundation (COMPLETED ✅)
- [x] WardenModule class skeleton
- [x] WardenModuleManager class
@ -337,17 +337,24 @@ SHA1(module_data + "MAIEV.MOD") padded with 0xBB bytes
- [x] Build system integration
- [x] Comprehensive documentation
### Phase 3: Validation Layer (TODO - 1-2 weeks)
### Phase 3: Validation Layer (COMPLETED ✅)
- [ ] Implement RSA-2048 signature verification
- [x] Implement RSA-2048 signature verification
- OpenSSL RSA_public_decrypt
- Hardcode public key modulus
- Hardcoded public key structure (placeholder modulus)
- Verify SHA1(data + "MAIEV.MOD") signature
- [ ] Implement zlib decompression
- ⚠ Currently using placeholder modulus (returns true for development)
- TODO: Extract real modulus from WoW.exe for production
- [x] Implement zlib decompression
- Link against zlib library
- Read 4-byte uncompressed size
- Inflate compressed stream
- [ ] Add detailed error reporting for failures
- Read 4-byte uncompressed size (little-endian)
- Inflate compressed stream with error handling
- Sanity check (reject modules > 10MB)
- [x] Add detailed error reporting for failures
- [x] Standalone RC4 implementation in WardenModule
- KSA (Key Scheduling Algorithm)
- PRGA (Pseudo-Random Generation Algorithm)
- Used for module decryption (separate from WardenCrypto)
### Phase 4: Executable Loader (TODO - 2-3 weeks)
@ -397,16 +404,16 @@ SHA1(module_data + "MAIEV.MOD") padded with 0xBB bytes
## Estimated Timeline
| Phase | Duration | Difficulty |
|-------|----------|------------|
| Phase 1: Crypto | ✅ DONE | ⭐⭐ |
| Phase 2: Foundation | ✅ DONE | ⭐ |
| Phase 3: Validation | 1-2 weeks | ⭐⭐⭐ |
| Phase 4: Executable Loader | 2-3 weeks | ⭐⭐⭐⭐⭐ |
| Phase 5: API Binding | 1 week | ⭐⭐⭐ |
| Phase 6: Execution Engine | 2-3 weeks | ⭐⭐⭐⭐⭐ |
| Phase 7: Testing | 1-2 weeks | ⭐⭐⭐⭐ |
| **TOTAL** | **2-3 months** | **Very High** |
| Phase | Duration | Difficulty | Status |
|-------|----------|------------|--------|
| Phase 1: Crypto | - | ⭐⭐ | ✅ DONE |
| Phase 2: Foundation | - | ⭐ | ✅ DONE |
| Phase 3: Validation | 1 week | ⭐⭐⭐ | ✅ DONE |
| Phase 4: Executable Loader | 2-3 weeks | ⭐⭐⭐⭐⭐ | 🔜 NEXT |
| Phase 5: API Binding | 1 week | ⭐⭐⭐ | ⏳ TODO |
| Phase 6: Execution Engine | 2-3 weeks | ⭐⭐⭐⭐⭐ | ⏳ TODO |
| Phase 7: Testing | 1-2 weeks | ⭐⭐⭐⭐ | ⏳ TODO |
| **TOTAL** | **~2 months remaining** | **Very High** | **3/7 done** |
---
@ -528,5 +535,6 @@ sendWardenResponse(encrypted);
---
**Last Updated**: 2026-02-12
**Status**: Phase 2 (Foundation) COMPLETE
**Next Step**: Phase 3 (Validation Layer) or Alternative (Packet Capture)
**Status**: Phase 3 (Validation Layer) COMPLETE ✅
**Next Step**: Phase 4 (Executable Loader) - Parse skip/copy format, allocate memory
**Remaining**: ~2 months (phases 4-7)