BNETDocs: Redux is no longer updated, this subdomain exists for archival purposes only. Visit the main site.


Generate Code: All packets

Packet Information

Message ID:0x5E
Message Name:SID_WARDEN
Direction:Server -> Client (Received)
Used By:Starcraft Broodwar, Warcraft III: The Frozen Throne, Starcraft, Warcraft III
Format:(VOID) Encrypted Packet

Contents of encrypted data
(BYTE) Packet Code

0x00 - Warden Module Info
(DWORD)[4] MD5 Hash of the current Module
(DWORD)[4] Decryption key for Module
(DWORD) Length of Module

0x01 - Warden Module Data
(WORD) Length of data (without 3-byte header)
(VOID) Data

0x02 - Data Checker
(BYTE) String Length (Usually 0)
(VOID) String Data

(BYTE) Check ID

(BYTE) String Index (Usually 0)
(DWORD) Address
(BYTE) Length to Read

(DWORD) Unknown (Seed?)
(DWORD) Address
(BYTE) Length to Read

0x03 - Library Loader
(WORD) Length of data (without 7-byte header)
(DWORD) Checksum of data (without 7-byte header)
(BYTE) Unknown (0x01)

(BYTE) Unknown (Usually 0x00)
(BYTE) Unknown (Usually 0x01)
(STRING) Library Name
(DWORD) Funct1
(DWORD) Funct2
(DWORD) Funct3
(DWORD) Funct4

0x05 - Initialization
(DWORD)[5] Unknown
Remarks:This packet is received after successfully logging onto and usually after receiving the first initial chat events. If the client does not respond to this packet, the client gets dropped two minutes later (give or take about 10 seconds).

The packet is encrypted via standard RC4 hashing, using one key for outbound data and another for inbound. Its purpose is to download and execute Warden modules. Full information on how to handle this packet may be found at the Rudimentary Warden information topic.

Documentation provided by iago and Ringo.
Related:[0x5E] SID_WARDEN (C->S)

User Comments

For detailed questions and discussion, visit the Research Forum

Mar 09, 2008
05:02 AM

Warden Bypass finally made:

Mar 22, 2008
09:04 PM

0x00 - Warden Module
(QWORD) Name of current module (MD5 Hash)
a quadword??
Wow, i never knew md5 hashes could be 8 bytes.

should be:
(DWORD[4]) Name of current module
(DWORD[4]) Decryption seed

Mar 23, 2008
01:40 AM

Alendar, thanks for tip. Brew, thanks for pointing out error. Confirmed by RealityRipple. Fixed. Thanks for heads up.

We recommend you use Firefox to view this site. This site has been optimized for Firefox.

Get Firefox
BNLS Server Status

= Online       = Offline Server Status v1 v2




= Online       = Offline


Site scripts and design copyrights reserved to Don Cullen.
Contents copyrighted to Blizzard and their parent corporation, Vivendi.
Main credits for contents goes to Arta. View the rest of credits.
Demented Minds copyrights reserved to Don Cullen 2003-present.
Copyright infringements will be prosecuted to the fullest extent allowable by law.
Please view our legal disclaimer and terms of service.