Save SHA1(UPPER(user):UPPER(pass)) hash to login.cfg instead of the
plaintext password. On subsequent logins, use the stored hash directly
with a new authenticateWithHash() method that bypasses password hashing.
The password field shows a placeholder when using a stored hash.
Game name uses big-endian (not reversed), platform/os/locale use
little-endian with chars reversed and null at end (not beginning).
Protocol version is 8 for WoW 3.3.5a, not 3.
Account for PIN/matrix/authenticator extra data in packet size
calculation to prevent receive buffer corruption. Add hex dump
of raw auth packets and show actual server error codes.
TrinityCore/AzerothCore's UpdateBigNumbers uses BN_num_bytes (natural
size without padding) when hashing values for u and M1. Our code was
using fixed 32-byte padding which produces different hashes when any
value (salt, A, B, N) has leading zeros in big-endian representation.
Two bugs that caused the server to always reject our login proof:
- N was hashed as 256 bytes (2048 bits) instead of 32 bytes (256 bits),
producing completely wrong H(N)^H(g) and therefore wrong M1
- Session key computation B-k*g^x could go negative; OpenSSL's
BN_mod_exp doesn't handle negative bases. Add k*N before subtracting
(standard TrinityCore approach) to keep the value positive
Three critical bugs fixed:
- LOGON_CHALLENGE request: set protocol byte to 0x03 (was 0x00) and
reverse FourCC strings (game/platform/os/locale) to match real client
- Response parsers: remove double-read of opcode byte that shifted all
field reads by one, preventing successful auth with real servers
- LOGON_PROOF response sizes: success=32 bytes, failure=4 bytes to match
TrinityCore/AzerothCore format
Also adds missing auth result codes (0x13-0x20, 0xFF) including
IGR_WITHOUT_BNET (0x17) which Warmane was returning.
