BNETDocs: Redux is no longer updated, this subdomain exists for archival purposes only. Visit the main site.

Navigation

Generate Code: All packets
Packets

Packet Information


Message ID:0x5E
  
Message Name:SID_WARDEN
  
Direction:Server -> Client (Received)
  
Used By:Starcraft Broodwar, Warcraft III: The Frozen Throne, Starcraft, Warcraft III
  
Format:(VOID) Encrypted Packet

Contents of encrypted data
(BYTE) Packet Code


0x00 - Warden Module Info
(DWORD)[4] MD5 Hash of the current Module
(DWORD)[4] Decryption key for Module
(DWORD) Length of Module


0x01 - Warden Module Data
(WORD) Length of data (without 3-byte header)
(VOID) Data


0x02 - Data Checker
(BYTE) String Length (Usually 0)
(VOID) String Data


(BYTE) Check ID


MEM_CHECK:
(BYTE) String Index (Usually 0)
(DWORD) Address
(BYTE) Length to Read


PAGE_CHECK_A:
(DWORD) Unknown (Seed?)
(DWORD)[5] SHA1
(DWORD) Address
(BYTE) Length to Read
(BYTE) IDXor


0x03 - Library Loader
(WORD) Length of data (without 7-byte header)
(DWORD) Checksum of data (without 7-byte header)
(BYTE) Unknown (0x01)

(BYTE) Unknown (Usually 0x00)
(BYTE) Unknown (Usually 0x01)
(STRING) Library Name
(DWORD) Funct1
(DWORD) Funct2
(DWORD) Funct3
(DWORD) Funct4


0x05 - Initialization
(DWORD)[5] Unknown
  
Remarks:This packet is received after successfully logging onto Battle.net and usually after receiving the first initial chat events. If the client does not respond to this packet, the client gets dropped two minutes later (give or take about 10 seconds).

The packet is encrypted via standard RC4 hashing, using one key for outbound data and another for inbound. Its purpose is to download and execute Warden modules. Full information on how to handle this packet may be found at the Rudimentary Warden information topic.

Documentation provided by iago and Ringo.
  
Related:[0x5E] SID_WARDEN (C->S)

User Comments


For detailed questions and discussion, visit the Battle.net Research Forum

Alendar
Mar 09, 2008
05:02 AM

Warden Bypass finally made: http://forum.valhallalegends.com/index.php?topic=17356

brew
Mar 22, 2008
09:04 PM

0x00 - Warden Module
(QWORD) Name of current module (MD5 Hash)
a quadword??
Wow, i never knew md5 hashes could be 8 bytes.

should be:
(DWORD[4]) Name of current module
(DWORD[4]) Decryption seed

Kyro
Mar 23, 2008
01:40 AM

Alendar, thanks for tip. Brew, thanks for pointing out error. Confirmed by RealityRipple. Fixed. Thanks for heads up.
ALERT
We recommend you use Firefox to view this site. This site has been optimized for Firefox.

Get Firefox
BNLS Server Status
bnls.bnetdocs.org:
bnls.net:
bnls.mattkv.net:
phix.no-ip.org:
pyro.no-ip.biz:
bnls.war-lords.net:
bnls.anubisdev.net:
knight.mattkv.net:

= Online       = Offline

Battle.net Server Status

Battle.net v1

uswest.battle.net:
exodus.battle.net:
useast.battle.net:
asia.battle.net:
europe.battle.net:
ustest.battle.net:
beta.battle.net:
classicbeta.battle.net:
demo.war3.battle.net:

Battle.net v2

us.logon.battle.net:
eu.logon.battle.net:
kr.logon.battle.net:
cn.logon.battle.net:
us.patch.battle.net:
eu.patch.battle.net:
kr.patch.battle.net:
cn.patch.battle.net:
public-test.logon.battle.net:
public-test.patch.battle.net:

emNet

cali.emwar.com:
dallas.emwar.com:
kc.emwar.com:
ny.emwar.com:

PvPGN

server.eurobattle.net:
rubattle.net:
sc.theabyss.ru:
wc3.theabyss.ru:
bnetd.fishbattle.net:

RBNETD

server.bnetdocs.org:

= Online       = Offline


Copyrights

Site scripts and design copyrights reserved to Don Cullen.
Contents copyrighted to Blizzard and their parent corporation, Vivendi.
Main credits for contents goes to Arta. View the rest of credits.
Demented Minds copyrights reserved to Don Cullen 2003-present.
Copyright infringements will be prosecuted to the fullest extent allowable by law.
Please view our legal disclaimer and terms of service.