Uninformed: Informative Information for the Uninformed

Vol 2» 2005.Sept

Client authentication

Aside from general sanity checks, Blizzard also has had some issues relating to authentication. Blizzard currently has two systems in use for user account password authentication. In order to create a third party client, these systems had to be understood and third party implementations reduced. This has revealed several flaws in their implementation.

The first system Blizzard utilizes is challenge-response system that uses a SHA-1 hash of the client's password. The game client implementation of this system lowercases the entire password string before hashing it, significantly reducing password security. (A third party client could opt not to do this, and as such create an account that is impossible to log on to through the official Blizzard game clients or the text-based protocol. The text-based protocol sends a user's password in cleartext, after which the server lowercases the password and internally compares a hash of it with the account in question's password in a database.) However, a more serious security problem remains: in SHA-1, there are a number of bit rotate left (``ROL'') operations. The Blizzard programmer responsible for implementing this apparently switched the two parameters in every call to ROL. That is, if there was a ``#define ROL(a, b) (...)'' macro, the programmer swapped the two arguments. This drastically reduces the security of Battle.net password hashes, as most of the data being hashed ends up being zero bits. Because of the problem of incompatibility with previously created accounts, this system is still in use today.

The second system Blizzard utilizes is one based off of SRP (Secure Remote Password, see http://srp.stanford.edu). Only Warcraft III and it's expansion use this system for password authentication. This product has it's own account namespace on Battle.net, so that there are no backwards compatibility issues with the older ``broken SHA-1'' method. It is worth noting that Warcraft III clients and older clients can still communicate via chat, however - the server imposes a namespace decoration to client account names for communication between namespaces, such that a client logged on as Warcraft III would see a user ``User'' logged on as Starcraft on the USEast Battle.net network as ``User@USEast''. However, this system is also flawed, albeit less severely. In particular, the endian-ness of calculations is reversed, but this is not properly accounted for in some parts of the implementation, such that some operations expecting to remove trailing zero bits instead remove leading zero bits after converting a large integer to a flat binary buffer. There is a second flaw, as well, although it does not negatively impact the security of the client: In some of the conversions from big numbers to flat buffers, the server does not properly zero out bytes if the big number does not occupy 32 non-zero bytes, and instead leaves uninitialized data in them. The result is that some authentication attempts will randomly fail. As far as the author knows, this bug is still present in Battle.net.