Battle.net Chat Server Protocol Overview

The Battle.Net Chat Server ("BNCS") is the unofficial name of the protocol that Blizzard's Battle.net-enabled games used to communicate. The games that historically used this protocol are Diablo, StarCraft, WarCraft II, Diablo II, WarCraft III, and their expansions. This is now referred to as "Classic" or "Classic Battle.net" these days. The protocol operates on TCP port 6112 (and UDP port 6112 for pre-Diablo II player-to-player communication).

It is a binary protocol with very little encryption (it's there for password and product key exchanges, but otherwise absent), stemming from the age where every byte mattered back in 1996.

BNCS Headers

Every BNCS message has the same header:

 (UINT8) Always 0xFF
 (UINT8) Message ID
(UINT16) Message length, including this header
  (VOID) Message data

The BNCS protocol is aggressively enforced by Battle.net - at least, for clients - and violations of the protocol generally result in an IP ban.

Protocol Byte

When connecting to a BNCS server, you must first tell the server which protocol you wish to use by sending a protocol ID byte before any messages. Some of the protocol IDs are:

Game: 0x01 (see below for the logon sequences)
BNFTP: 0x02 (see BNFTPv1 or BNFTPv2 for the protocols)
Telnet (Chat): 0x03, 0x63 (see Telnet Protocol for the protocol) DEFUNCT

Other Battle.net protocol IDs exist. We know of MCP to BNCS communication (0x04). There is also the 0x06 and 0x81 protocols, which we know almost nothing about. At a guess, 0x06 is used for interserver synchronization (see this thread).

Logon Sequences

This section documents the sequences of messages that must be sent, and should be received, in order to log on using a particular product. Products may be able to use methods other than the ones shown here: this page documents the sequences observed in the official clients. These sequences may vary from time to time, as product updates are released.

You will also need the Product Identification document to understand how to identify as each product.

Prior to initiating any of the game protocol logon sequences, you will need to send the game protocol byte (0x01).

Starcraft and Brood War (pre-1.18)

StarCraft 1.18 and later versions no longer use the BNCS protocol as detailed here. StarCraft Shareware and StarCraft Japanese products present a required update to the now-free StarCraft 1.18 client.

C > S [0x50] SID_AUTH_INFO
S > C [0x25] SID_PING
C > S [0x25] SID_PING (optional)
S > C [0x50] SID_AUTH_INFO
C > S [0x51] SID_AUTH_CHECK
S > C [0x51] SID_AUTH_CHECK
Client gets icons file, TOS file, and server list file:
1. C > S [0x2D] SID_GETICONDATA (optional)
2. S > C [0x2D] SID_GETICONDATA (optional response)
3. C > S [0x33] SID_GETFILETIME (returned icons file name) (optional)
4. C > S [0x33] SID_GETFILETIME ("tos_USA.txt") (optional)
5. C > S [0x33] SID_GETFILETIME ("bnserver.ini") (optional)
6. S > C [0x33] SID_GETFILETIME (one for each request)
7. Connection to BNFTPv1 to do file downloads
Client waits for user to enter account information (standard logon shown):
1. C > S [0x3A] SID_LOGONRESPONSE2
2. S > C [0x3A] SID_LOGONRESPONSE2
C > S [0x14] SID_UDPPINGRESPONSE (optional)
Client then enters chat.

Diablo II and Lord of Destruction

C > S [0x50] SID_AUTH_INFO
S > C [0x25] SID_PING
C > S [0x25] SID_PING (optional)
S > C [0x50] SID_AUTH_INFO
C > S [0x51] SID_AUTH_CHECK
S > C [0x51] SID_AUTH_CHECK
Client gets TOS file:
1. C > S [0x33] SID_GETFILETIME ("tos_USA.txt") (optional)
2. S > C [0x33] SID_GETFILETIME (one for each request)
3. Connection to BNFTPv1 to do file downloads
Client waits for user to enter account information (standard logon shown):
1. C > S [0x3A] SID_LOGONRESPONSE2
2. S > C [0x3A] SID_LOGONRESPONSE2
Client does realm logon here for closed Battle.net:
1. C > S [0x40] SID_QUERYREALMS2
2. S > C [0x40] SID_QUERYREALMS2
3. C > S [0x3E] SID_LOGONREALMEX
4. S > C [0x3E] SID_LOGONREALMEX
5. Connection to MCP Realm server follows
C > S [0x0B] SID_GETCHANNELLIST
C > S [0x0A] SID_ENTERCHAT
S > C [0x0B] SID_GETCHANNELLIST
S > C [0x0A] SID_ENTERCHAT
C > S [0x46] SID_NEWS_INFO (optional)
S > C [0x46] SID_NEWS_INFO (optional response)
Client waits until user wants to Enter Chat.
C > S [0x0C] SID_JOINCHANNEL (D2 First Join if no home channel set)
S > C [0x0F] SID_CHATEVENT
A sequence of chat events for entering chat follow.

Warcraft II BNE

C > S [0x1E] SID_CLIENTID2
C > S [0x12] SID_LOCALEINFO
C > S [0x06] SID_STARTVERSIONING
S > C [0x1D] SID_LOGONCHALLENGEEX
S > C [0x25] SID_PING
C > S [0x25] SID_PING (optional)
S > C [0x06] SID_STARTVERSIONING
C > S [0x07] SID_REPORTVERSION
S > C [0x07] SID_REPORTVERSION
C > S [0x14] SID_UDPPINGRESPONSE (optional)
C > S [0x36] SID_CDKEY2
S > C [0x36] SID_CDKEY2
Client gets icons file, TOS file, and server list file:
1. C > S [0x2D] SID_GETICONDATA (optional)
2. S > C [0x2D] SID_GETICONDATA (optional response)
3. C > S [0x33] SID_GETFILETIME (returned icons file name) (optional)
4. C > S [0x33] SID_GETFILETIME ("tos_USA.txt") (optional)
5. C > S [0x33] SID_GETFILETIME ("bnserver.ini") (optional)
6. S > C [0x33] SID_GETFILETIME (one for each request)
7. Connection to BNFTPv1 to do file downloads
Client waits for user to enter account information (standard logon shown):
1. C > S [0x29] SID_LOGONRESPONSE
2. S > C [0x29] SID_LOGONRESPONSE
Client then enters chat.

Warcraft III Reign of Chaos and The Frozen Throne

C > S [0x50] SID_AUTH_INFO
S > C [0x25] SID_PING
C > S [0x25] SID_PING (optional)
S > C [0x50] SID_AUTH_INFO
C > S [0x51] SID_AUTH_CHECK
S > C [0x51] SID_AUTH_CHECK
Client gets icons file, TOS file, and server list file:
1. C > S [0x2D] SID_GETICONDATA (optional)
2. S > C [0x2D] SID_GETICONDATA (optional response)
3. C > S [0x33] SID_GETFILETIME (returned icons file name) (optional)
4. C > S [0x33] SID_GETFILETIME ("tos_USA.txt") (optional)
5. C > S [0x33] SID_GETFILETIME ("bnserver.ini") (optional)
6. S > C [0x33] SID_GETFILETIME (one for each request)
7. Connection to BNFTPv2 to do file downloads
Client waits for user to enter account information (standard logon shown, uses NLS):
C > S [0x45] SID_NETGAMEPORT (optional)
C > S [0x0A] SID_ENTERCHAT
S > C [0x0A] SID_ENTERCHAT
C > S [0x44] SID_WARCRAFTGENERAL (WID_TOURNAMENT) (optional)
S > C [0x44] SID_WARCRAFTGENERAL (WID_TOURNAMENT) (optional response)
C > S [0x46] SID_NEWS_INFO (optional)
S > C [0x46] SID_NEWS_INFO (optional response)
Client waits until user wants to Enter Chat.
C > S [0x0C] SID_JOINCHANNEL (First Join, "W3")
S > C [0x0F] SID_CHATEVENT
A sequence of chat events for entering chat follow.

Warcraft III Demo (defunct)

C > S [0x50] SID_AUTH_INFO
S > C [0x25] SID_PING
C > S [0x25] SID_PING (optional)
S > C [0x50] SID_AUTH_INFO
C > S [0x51] SID_AUTH_CHECK
S > C [0x51] SID_AUTH_CHECK
C > S [0x53] SID_AUTH_ACCOUNTLOGON*
S > C [0x54] SID_AUTH_ACCOUNTLOGONPROOF
C > S [0x45] SID_NETGAMEPORT (optional)

Note: W3DM does not enter chat, nor does it validate account passwords.

Starcraft Shareware (defunct)

C > S [0x05] SID_CLIENTID
C > S [0x12] SID_LOCALEINFO (optional)
C > S [0x2B] SID_SYSTEMINFO (optional)
C > S [0x06] SID_STARTVERSIONING
S > C [0x05] SID_CLIENTID
S > C [0x28] SID_LOGONCHALLENGE
S > C [0x25] SID_PING
C > S [0x25] SID_PING (optional)
S > C [0x06] SID_STARTVERSIONING
C > S [0x07] SID_REPORTVERSION
S > C [0x07] SID_REPORTVERSION
Client waits for user to enter account information (standard logon shown):
1. C > S [0x29] SID_LOGONRESPONSE
2. S > C [0x29] SID_LOGONRESPONSE
C > S [0x14] SID_UDPPINGRESPONSE (optional)
Client then enters chat.

Starcraft Japanese (defunct)

C > S [0x05] SID_CLIENTID
C > S [0x12] SID_LOCALEINFO (optional)
C > S [0x2B] SID_SYSTEMINFO (optional)
C > S [0x06] SID_STARTVERSIONING
S > C [0x05] SID_CLIENTID
S > C [0x28] SID_LOGONCHALLENGE
S > C [0x25] SID_PING
C > S [0x25] SID_PING (optional)
S > C [0x06] SID_STARTVERSIONING
C > S [0x07] SID_REPORTVERSION
S > C [0x07] SID_REPORTVERSION
C > S [0x30] SID_CDKEY
S > C [0x30] SID_CDKEY
Client waits for user to enter account information (standard logon shown):
1. C > S [0x29] SID_LOGONRESPONSE
2. S > C [0x29] SID_LOGONRESPONSE
C > S [0x14] SID_UDPPINGRESPONSE (optional)
Client then enters chat.

Diablo Shareware and Diablo Retail

C > S [0x1E] SID_CLIENTID2
C > S [0x12] SID_LOCALEINFO
C > S [0x06] SID_STARTVERSIONING
S > C [0x05] SID_CLIENTID
S > C [0x1D] SID_LOGONCHALLENGEEX
S > C [0x25] SID_PING
C > S [0x25] SID_PING (optional)
S > C [0x06] SID_STARTVERSIONING
C > S [0x07] SID_REPORTVERSION
S > C [0x07] SID_REPORTVERSION
Client waits for user to enter account information (standard logon shown):
1. C > S [0x29] SID_LOGONRESPONSE
2. S > C [0x29] SID_LOGONRESPONSE
C > S [0x14] SID_UDPPINGRESPONSE (optional)
Client then enters chat.

Enter Chat Sequence (pre-Diablo II)

C > S [0x0A] SID_ENTERCHAT
C > S [0x0B] SID_GETCHANNELLIST
C > S [0x0C] SID_JOINCHANNEL (First Join)
S > C [0x0A] SID_ENTERCHAT
S > C [0x0B] SID_GETCHANNELLIST
S > C [0x0F] SID_CHATEVENT
A sequence of chat events for entering chat follow.

Comments

Unknown Thu Sep 13, 2007 5:33pm UTC	mmm should i say you need to send game protocol byte (0x01) before starting sending the logon sequence.
Kyro Fri Sep 14, 2007 4:11am UTC	Added. While that is more of a widely known necessity, I can see the need to point out the need, so developers will not have to deal with this issue as much from people new to Battle.net bot development.
Accused Sat Dec 1, 2007 12:06am UTC	Warcraft III `SEND -> SID_AUTH_INFO (0x50) RECV <- SID_PING (0x25) RECV <- SID_AUTH_INFO (0x50) SEND -> SID_PING (0x25) (Optional) SEND -> SID_AUTH_CHECK (0x51) RECV <- SID_AUTH_CHECK (0x51) SEND -> SID_AUTH_ACCOUNTLOGON (0x53) RECV <- SID_AUTH_ACCOUNTLOGON (0x53) SEND -> SID_AUTH_ACCOUNTLOGONPROOF (0x54) RECV <- SID_AUTH_ACCOUNTLOGONPROOF (0x54) SEND -> SID_NETGAMEPORT (0x45) SEND -> SID_ENTERCHAT (0x0A)` I noticed there are some gaps in the current sequences as well.
Leaky Sat Dec 1, 2007 2:19pm UTC	added the wc3 login sequence
Hdx Sun Mar 2, 2008 12:32am UTC	SC/BW C->S: 0x50 S->C: 0x25 C->S: 0x25 S->C: 0x50 C->S: 0x51 S->C: 0x51 C->S: 0x2d C->S: 0x33 - icons_star.bni C->S: 0x14 C->S: 0x33 - tos_USA.txt C->S: 0x33 - bnserver.ini C->S: 0x26 - profile\sex profile\age profile\description Record\GAME\0\wins Record\GAME\0\losses Record\GAME\0\dissconnects Record\GAME\0\last game Record\GAME\0\last game result Record\GAME\1\wins Record\GAME\1\losses Record\GAME\1\dissconnects Record\GAME\1\rating Record\GAME\1\high rating DynKey\GAME\1\rank Record\GAME\1\high rank Record\GAME\1\last game Record\GAME\1\last game result S->C: 0x2d S->C: 0x33 - icons_STAR.bni S->C: 0x33 - tos_USA.txt S->C: 0x33 - bnserver.ini S->C: 0x26 C->S: 0x3a S->C: 0x3a C->S: 0x0a C->S: 0x0b C->S: 0x0C - "StarCraft", "BroowWar" S->C: 0x0b S->C: 0x0a
Caaaaarrrrlll Fri May 30, 2008 1:29am UTC	Telnet/Chat: New lines are either `0x0A` or `0x0D` When you send a message with multiple lines, it sends it like a queue without a wait, so don't flood offline by doing this For a full list of packets, contact me `* Connect. C>S: 0x03 (Telnet) C>S: 0x04 (Login) C>S: New line S>C: "Enter your account name and password." S>C: New line S>C: "Username: " C>S: "Jailout2000" C>S: New line S>C: "Password: " C>S: "Password" C>S: New line S>C: "Connection from [127.0.0.1]" S>C: New line` From here on, each packet will be on a new line, and will be regular ascii strings, not surrounded by quotes and not ending with a null-terminator `S>C: 2010 NAME Jailout2000 S>C: 1007 CHANNEL "Public Chat 1" - Server will send 1001 USER to you for each user in the channel - S>C: 1001 USER Jailout2000 0010 [CHAT] - Server will send 1002 JOIN to everyone in the channel except you - C>S: /join Public Chat 100 S>C: 1007 CHANNEL "Public Chat 100" S>C: 1001 USER Jailout2000 0010 [CHAT] S>C: 1005 TALK Jailout2000 0010 "It's just me in this channel."` I know Telnet was deprecated and can no longer be used, but what the heck, why not add it? You never know when someone will want to implement it... :P
LordVader Fri Jul 4, 2008 1:00am UTC	D2DV, D2XP: `C>S 0x50 S>C 0x25 C>S 0x25 S>C 0x50 C>S 0x51 S>C 0x51 C>S 0x33 S>C 0x33 C>S 0x3A S>C 0x3A C>S 0x0B C>S 0x0A -- At this point you're in the lobby and you can send 0x0C to enter a channel S>C 0x0B S>C 0x0A` This is logging into an open character thru the client.
Caaaaarrrrlll Mon Feb 16, 2009 6:31pm UTC	This list is pretty and all, but its missing quite a bit of important packets in ALL of the sequences. Try <a href="http://www.bnetdocs.com/old/sequence.html"; target="_blank">http://www.bnetdocs.com/old/sequence.html</a>; if you want a good list of sequences.
Vector Fri May 8, 2009 8:47am UTC	I suggest adding links to these packets, so users will find it a lot easier to find the exact packet.
Caaaaarrrrlll Sat Sep 26, 2009 5:35pm UTC	@Myself: Fixed that, copied most of it from the older one. The STAR/SEXP/WAR3/W3XP are taken from actual logs I have on my local computer. @Vector: Added links to all of the packets, I agree - it helps.
Caaaaarrrrlll Tue Aug 17, 2010 9:34am UTC	Hmmm... Diablo I can have a SID_UDPPINGRESPONSE (0x14) too... or at least, I think? I get a UDP plug when using it, and when I send 0x14, I don't.
Sixen Sun Sep 26, 2010 5:53am UTC	Possibly add W3DM and shortened Telnet reference.
Caaaaarrrrlll Thu Oct 7, 2010 3:47am UTC	@Sixen: Added.