Possible documentation issue with auth_session.cpp

[StabbyCutyou]

Hello,

I could be completely missing something obvious, and it isn't a "bug", so I figured a Discussion might be the best way to follow up on it:

I was reading through auth_session to understand the login flow of the game (alongside reading atom0s writeup on the protocol, as well as looking at headlessxi in LSB, as well as comparing those things to the implementation in xiloader itself) and either there is an error in how the packet is documented that has been proliferated in a few places, or there is a missing area of documentation for the packet itself.

This line in auth_session indicates there should be 17 bytes of space, starting at 0x50, for whatever custom loaders may want to use.

This is supported by the following line in xiloader, which states the same.

However, that leaves 22 bytes of data un-accounted for, when we examine the existing documented offsets / widths for known values:

Hex	Dec	Size	Description
0x00 - 0x00	0 - 0	1	Some kind of XiLoader specific check value
0x01 - 0x08	1 - 8	8	Reserved for flags, although seemingly unused atm
0x09 - 0x18	9 - 24	16	Reserved for the username
0x19 - 0x38	25 - 56	32	Reserved for the password
0x39 - 0x39	57 - 57	1	Reserved for the "command" (login, create char, etc
0x3A - 0x60	58 - 96	39	Open Space, potentially 0x50-0x60 reserved for custom loader behaviors
0x61-0x65	97 - 101	5	Reserved for the XiLoader version string (1.1.1)

The documentation indicates that the 17 bytes begining at 0x50 are reserved for future use, which would end right where version begins (0x61), so that math adds up. However that leaves another chunk of 22 bytes to document (0x3A - 0x4F)

Is the issue that the 17 bytes is actually supposed to be larger (39 bytes), or is there an undocumented range of bytes also held in reserve ranging from 0x3A - 0x4F that have not yet been detailed? The mention of 17 bytes is consistent between auth_session and xiloader, and neither declares a purpose for the preceding bytes just after the command byte, so I was somewhat confused.

I appreciate any clarity on the issue, thank you!

[WinterSolstice8]

It looks like those reserved bytes are no longer reserved. changed password buffer starts at 0x40 and is 32 bytes long, stopping at 0x60. At some point in development those bytes were reserved, but apparently no longer

server/src/login/auth_session.cpp

Line 457 in 3621c10

std::string updated_password(data_ + 0x40, 32);

https://github.com/LandSandBoat/xiloader/blob/593c8146b63f4c7f86f0062d92edde7e6ad968bb/src/network.cpp#L478

The comment should be PRed out on both ends

[StabbyCutyou]

Aaaaah that makes more sense. So it's largely just some outdated documentation. Thank you for the clarification!

…

On Sun, Jan 19, 2025, 23:48 WinterSolstice8 ***@***.***> wrote: It looks like those reserved bytes are no longer reserved. changed password buffer starts at 0x40 and is 32 bytes long, stopping at 0x60. At some point in development those bytes were reserved, but apparently no longer https://github.com/LandSandBoat/server/blob/3621c10b0ca798cf579ac93bace377f054a60679/src/login/auth_session.cpp#L457 https://github.com/LandSandBoat/xiloader/blob/593c8146b63f4c7f86f0062d92edde7e6ad968bb/src/network.cpp#L478 The comment should be PRed out on both ends — Reply to this email directly, view it on GitHub <#6754 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AALVGKVSN7EFLOWG32PCBBD2LR5YJAVCNFSM6AAAAABVN26EDOVHI2DSMVQWIX3LMV43URDJONRXK43TNFXW4Q3PNVWWK3TUHMYTCOBYGYZTCMA> . You are receiving this because you authored the thread.Message ID: ***@***.***>