Auth server and auth flow - Aib0t/Bluriest GitHub Wiki

Auth server

Main points

Auth server main purpose is to authorize (no way!) user and generate 2 tickets - game ticket and LSG ticket.

Game ticket serves as proof of purchase - user can play the sigleplayer part of the game. Not used in Blur, but still being send to client. Can be decrypted by client-generated keys.

LSG ticket - serves as a token to access online features. Can't be decrypted by client-generated keys (or could it?)

Flows

Authorization flow

Auth flow in Blur is using server auth flow from CoD MW2.

  1. Client is sending auth packet with first 8 bytes of tiger hash, generated from username.
  2. Server is checking, if such hash exists.
  3. If it does, server returns packet with game ticket and lsg ticket (both are 128 bytes)
  4. Client tries to decrypt game ticket using password as a base for a key.
  5. If client is successful in doing so, user is considered authenticated and LSG ticket is later being used to get access to LSG server.

Register flow

//TODO

Flow example

//TODO: fill with packets.

Packets examples

Client | init auth

14000000000a51098dbf24daa40000e8b88aa104b55a9701

Server responce | 2 tickets

0b010000000b78050000d2fc94cc4bdd4692ee7bd1e5c52653bbee5e305a78b51ce65bd18146738d7a6cd25d904d2f467e5b38e5cf436b36128b97f0c2c887aa0d5b48373e75e7e68e9e802edab76a655baf0c09ef4042907a3c15d2486320b739b570ee12e6a13e7becadbfce0bc2a1c847590693adbbeb3f659764033cdc28110d6ab0a3c57ce3ff2782005b15dacd74ff8d8d00aececff44f456e93981080ee2ef89ee3df6734d57164e8f6a6f65bbae4e227678f6feba912214b43dd288bd982756c0b4b9a53ca90f7c63ca76d5f86b90b778b6862203e1ca989b20e7f7cb09a31a41ef10e025d163b56c802cfff8f8a4027f8a04293952efc9f73f9776997fa2d88722c7772d0d514782d6901

Response codes

BD_AUTH_ACCOUNT_EXPIRED=713,
BD_AUTH_ACCOUNT_LOCKED=714,
BD_AUTH_BAD_ACCOUNT=704,
BD_AUTH_BAD_REQUEST=701,
BD_AUTH_BAD_TITLE_ID=703,
BD_AUTH_CREATE_MAX_ACC_EXCEEDED=710,
BD_AUTH_CREATE_USERNAME_EXISTS=707,
BD_AUTH_CREATE_USERNAME_ILLEGAL=708,
BD_AUTH_CREATE_USERNAME_VULGAR=709,
BD_AUTH_ILLEGAL_OPERATION=705,
BD_AUTH_INCORRECT_LICENSE_CODE=706,
BD_AUTH_INCORRECT_PASSWORD=716,
BD_AUTH_IP_KEY_LIMIT_REACHED=720,
BD_AUTH_IP_NOT_IN_ALLOWED_RANGE=717,
BD_AUTH_MIGRATE_NOT_SUPPORTED=711,
BD_AUTH_NO_ERROR=700,
BD_AUTH_SERVER_CONFIG_ERROR=702,
BD_AUTH_TITLE_DISABLED=712,
BD_AUTH_UNKNOWN_ERROR=715,
BD_AUTH_WII_AUTHENTICATION_FAILED=719,
BD_AUTH_WII_TOKEN_VERIFICATION_FAILED=718,