[DiscordArchive] Is there any writeups for TVFS already?
[DiscordArchive] Is there any writeups for TVFS already?
Original source
Did the launcher login still work on master in local mode?
Currently any curl on 127.0.0.1:8081 get stuck in the tls handshake.
The funny thing is, if i try it on my remote server with a real SSL cert it works fine.
local (default TC cert):
```
time curl -Ikv https://127.0.0.1:8081
* Trying 127.0.0.1:8081...
* Connected to 127.0.0.1 (127.0.0.1) port 8081 (#0)
* ALPN: offers h2,http/1.1
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
^C
curl -Ikv https://127.0.0.1:8081 0.01s user 0.00s system 0% cpu 7.858 total
```
remote:
```
time curl -Ikv https://eu.11.schattenhain.de:8081
* Trying 152.53.132.31:8081...
* Connected to eu.11.schattenhain.de (152.53.132.31) port 8081 (#0)
* ALPN: offers h2,http/1.1
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
* ALPN: server did not agree on a protocol. Uses default.
* Server certificate:
* subject: CN=eu.11.schattenhain.de
* start date: Oct 11 18:54:52 2025 GMT
* expire date: Jan 9 18:54:51 2026 GMT
* issuer: C=US; O=Let's Encrypt; CN=E7
* SSL certificate verify result: unable to get local issuer certificate (20), continuing anyway.
* using HTTP/1.x
> HEAD / HTTP/1.1
> Host: eu.11.schattenhain.de:8081
> User-Agent: curl/7.88.1
> Accept: */*
>
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* old SSL session ID is stale, removing
< HTTP/1.1 404 Not Found
HTTP/1.1 404 Not Found
< Set-Cookie: JSESSIONID=e3527665-7b3f-f03d-ed5f-9d6ed886d11b; Path=/bnetserver; Domain=eu.11.schattenhain.de; Secure; HttpOnly; SameSite=None
Set-Cookie: JSESSIONID=e3527665-7b3f-f03d-ed5f-9d6ed886d11b; Path=/bnetserver; Domain=eu.11.schattenhain.de; Secure; HttpOnly; SameSite=None
< Date: Sat, 25 Oct 2025 20:11:19.953655284 GMT
Date: Sat, 25 Oct 2025 20:11:19.953655284 GMT
< Server: Boost.Beast/300
Server: Boost.Beast/300
< Content-Length: 0
Content-Length: 0
<
* Connection #0 to host eu.11.schattenhain.de left intact
curl -Ikv https://eu.11.schattenhain.de:8081 0.00s user 0.01s system 5% cpu 0.172 total
```
rektbyfaith
10-25-2025, 08:11 PM #31Archived author: Luzifix • Posted: 2025-10-25T20:11:54.999000+00:00
Original source
Did the launcher login still work on master in local mode?
Currently any curl on 127.0.0.1:8081 get stuck in the tls handshake.
The funny thing is, if i try it on my remote server with a real SSL cert it works fine.
local (default TC cert):
```
time curl -Ikv https://127.0.0.1:8081
* Trying 127.0.0.1:8081...
* Connected to 127.0.0.1 (127.0.0.1) port 8081 (#0)
* ALPN: offers h2,http/1.1
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
^C
curl -Ikv https://127.0.0.1:8081 0.01s user 0.00s system 0% cpu 7.858 total
```
remote:
```
time curl -Ikv https://eu.11.schattenhain.de:8081
* Trying 152.53.132.31:8081...
* Connected to eu.11.schattenhain.de (152.53.132.31) port 8081 (#0)
* ALPN: offers h2,http/1.1
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
* ALPN: server did not agree on a protocol. Uses default.
* Server certificate:
* subject: CN=eu.11.schattenhain.de
* start date: Oct 11 18:54:52 2025 GMT
* expire date: Jan 9 18:54:51 2026 GMT
* issuer: C=US; O=Let's Encrypt; CN=E7
* SSL certificate verify result: unable to get local issuer certificate (20), continuing anyway.
* using HTTP/1.x
> HEAD / HTTP/1.1
> Host: eu.11.schattenhain.de:8081
> User-Agent: curl/7.88.1
> Accept: */*
>
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* old SSL session ID is stale, removing
< HTTP/1.1 404 Not Found
HTTP/1.1 404 Not Found
< Set-Cookie: JSESSIONID=e3527665-7b3f-f03d-ed5f-9d6ed886d11b; Path=/bnetserver; Domain=eu.11.schattenhain.de; Secure; HttpOnly; SameSite=None
Set-Cookie: JSESSIONID=e3527665-7b3f-f03d-ed5f-9d6ed886d11b; Path=/bnetserver; Domain=eu.11.schattenhain.de; Secure; HttpOnly; SameSite=None
< Date: Sat, 25 Oct 2025 20:11:19.953655284 GMT
Date: Sat, 25 Oct 2025 20:11:19.953655284 GMT
< Server: Boost.Beast/300
Server: Boost.Beast/300
< Content-Length: 0
Content-Length: 0
<
* Connection #0 to host eu.11.schattenhain.de left intact
curl -Ikv https://eu.11.schattenhain.de:8081 0.00s user 0.01s system 5% cpu 0.172 total
```
Original source
works fine with dev mode (auto enabled with local networks). Without it can't work on localhost with the default cert of obviously. Since it is not a trusted cert
rektbyfaith
10-25-2025, 08:13 PM #32Archived author: Fabian • Posted: 2025-10-25T20:13:13.646000+00:00
Original source
works fine with dev mode (auto enabled with local networks). Without it can't work on localhost with the default cert of obviously. Since it is not a trusted cert
Original source
Logging in to the game with Arctium works fine.
However, when I try to use curl, Postman or an HttpClient in C# to connect to the bnetserver to prepare the launcher login, I get stuck in the TLS handshake.
Normal https connections like with curl works fine on my old 9.2.7 server with the same default TC certs, so it must somehow be related to changes in TC's request handling.
If nothing is known about this yet, I will take a closer look and, if necessary, open a PR if I find anything.
rektbyfaith
10-25-2025, 08:19 PM #33Archived author: Luzifix • Posted: 2025-10-25T20:19:28.157000+00:00
Original source
Logging in to the game with Arctium works fine.
However, when I try to use curl, Postman or an HttpClient in C# to connect to the bnetserver to prepare the launcher login, I get stuck in the TLS handshake.
Normal https connections like with curl works fine on my old 9.2.7 server with the same default TC certs, so it must somehow be related to changes in TC's request handling.
If nothing is known about this yet, I will take a closer look and, if necessary, open a PR if I find anything.
Original source
It cant work even on old 927 u less you installed that cert in the tust store
rektbyfaith
10-25-2025, 08:21 PM #34Archived author: Fabian • Posted: 2025-10-25T20:21:51.786000+00:00
Original source
It cant work even on old 927 u less you installed that cert in the tust store
Original source
Like curl will fail unless you would skip ssl validation
rektbyfaith
10-25-2025, 08:22 PM #35Archived author: Fabian • Posted: 2025-10-25T20:22:23.378000+00:00
Original source
Like curl will fail unless you would skip ssl validation
Original source
curl might be rejecting self signed cert even if its in windows store
rektbyfaith
10-25-2025, 08:22 PM #36Archived author: Tea • Posted: 2025-10-25T20:22:35.467000+00:00
Original source
curl might be rejecting self signed cert even if its in windows store
Original source
True
rektbyfaith
10-25-2025, 08:22 PM #37Archived author: Fabian • Posted: 2025-10-25T20:22:44.433000+00:00
Original source
True
Original source
i do "k" is for skipping cert validation
rektbyfaith
10-25-2025, 08:22 PM #38Archived author: Luzifix • Posted: 2025-10-25T20:22:44.895000+00:00
Original source
i do "k" is for skipping cert validation
Original source
Arctium only works because it patches stuff in the client to skip validation
rektbyfaith
10-25-2025, 08:23 PM #39Archived author: Fabian • Posted: 2025-10-25T20:23:29.990000+00:00
Original source
Arctium only works because it patches stuff in the client to skip validation
Original source
thats the request to my local 9.2.7 bnetserver with the same default tc cert:
```
time curl -Ikv https://192.168.178.169:9081
* Trying 192.168.178.169:9081...
* Connected to 192.168.178.169 (192.168.178.169) port 9081 (#0)
* ALPN: offers h2,http/1.1
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
* ALPN: server did not agree on a protocol. Uses default.
* Server certificate:
* subject: C=US; O=TrinityCore; OU=Developers; CN=*.*
* start date: Feb 28 13:11:28 2016 GMT
* expire date: Feb 23 13:11:28 2036 GMT
* issuer: C=US; O=TrinityCore; OU=TrinityCore Certificate Authority; CN=TrinityCore Battle.net Aurora CA
* SSL certificate verify result: self-signed certificate in certificate chain (19), continuing anyway.
* using HTTP/1.x
> HEAD / HTTP/1.1
> Host: 192.168.178.169:9081
> User-Agent: curl/7.88.1
> Accept: */*
>
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* old SSL session ID is stale, removing
< HTTP/1.1 200 OK
HTTP/1.1 200 OK
< Server: gSOAP/2.8
Server: gSOAP/2.8
< X-Frame-Options: SAMEORIGIN
X-Frame-Options: SAMEORIGIN
< Content-Type: application/json;charset=utf-8
Content-Type: application/json;charset=utf-8
< Content-Length: 0
Content-Length: 0
< Connection: close
Connection: close
<
* Closing connection 0
* TLSv1.3 (IN), TLS alert, close notify (256):
* TLSv1.3 (OUT), TLS alert, close notify (256):
curl -Ikv https://192.168.178.169:9081 0.01s user 0.00s system 28% cpu 0.042 total
```
rektbyfaith
10-25-2025, 08:25 PM #40Archived author: Luzifix • Posted: 2025-10-25T20:25:27.505000+00:00
Original source
thats the request to my local 9.2.7 bnetserver with the same default tc cert:
```
time curl -Ikv https://192.168.178.169:9081
* Trying 192.168.178.169:9081...
* Connected to 192.168.178.169 (192.168.178.169) port 9081 (#0)
* ALPN: offers h2,http/1.1
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
* ALPN: server did not agree on a protocol. Uses default.
* Server certificate:
* subject: C=US; O=TrinityCore; OU=Developers; CN=*.*
* start date: Feb 28 13:11:28 2016 GMT
* expire date: Feb 23 13:11:28 2036 GMT
* issuer: C=US; O=TrinityCore; OU=TrinityCore Certificate Authority; CN=TrinityCore Battle.net Aurora CA
* SSL certificate verify result: self-signed certificate in certificate chain (19), continuing anyway.
* using HTTP/1.x
> HEAD / HTTP/1.1
> Host: 192.168.178.169:9081
> User-Agent: curl/7.88.1
> Accept: */*
>
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* old SSL session ID is stale, removing
< HTTP/1.1 200 OK
HTTP/1.1 200 OK
< Server: gSOAP/2.8
Server: gSOAP/2.8
< X-Frame-Options: SAMEORIGIN
X-Frame-Options: SAMEORIGIN
< Content-Type: application/json;charset=utf-8
Content-Type: application/json;charset=utf-8
< Content-Length: 0
Content-Length: 0
< Connection: close
Connection: close
<
* Closing connection 0
* TLSv1.3 (IN), TLS alert, close notify (256):
* TLSv1.3 (OUT), TLS alert, close notify (256):
curl -Ikv https://192.168.178.169:9081 0.01s user 0.00s system 28% cpu 0.042 total
```
1 Guest(s)
1 Guest(s)