CheckRevision is a module sent by the server during the logon process. The purpose of CheckRevision is to ensure that only official, unmodified Battle.net clients are connecting to Battle.net servers.
In all versions of CheckRevision, the following procedure is used to obtain CheckRevision and run it to return some values to the server:
The client sends the server its platform ID, product ID, and version byte via C>S 0x06 SID_STARTVERSIONING or C>S 0x50 SID_AUTH_INFO.
The server will then determine which CheckRevision to serve the client and then send the appropriate filename and filetime of the CheckRevision MPQ and a formula for the CheckRevision function via S>C 0x06 SID_STARTVERSIONING or S>C 0x50 SID_AUTH_INFO.
The client checks bncache for CheckRevision. If CheckRevision is not found in bncache, the client initiates a BNFTPv1 connection to download CheckRevision.
The client verifies that the CheckRevision MPQ contains a valid Blizzard Weak Digital Signature. If one is not found, the client immediately closes the connection to the server. It appears that this does not apply for XMAC/PMAC clients.
The client extracts the CheckRevision DLL, whose base filename is the same as the CheckRevision MPQ's base filename (e.g. CheckRevision.mpq contains CheckRevision.dll). Depending on the client and client's version, the client verifies the CheckRevision DLL's signature. If one is not found, the client immediately closes the connection to the server.
The client calls
CheckRevision(). If the function returns 0, the client immediately closes the connection to the server.
- Information returned from
CheckRevision()is sent to the server via C>S 0x07 SID_REPORTVERSION or C>S 0x51 SID_AUTH_CHECK.
CheckRevision() function declaration in C++
extern "C" __declspec(dllexport) std::int32_t __stdcall CheckRevision(const char* filename1, const char* filename2, const char* filename3, const char* formula, std::uint32_t* version, std::uint32_t* checksum, char* exeinfo);
|WarCraft II: Battle.net Edition||Warcraft II BNE.exe, storm.dll, battle.snp|
|StarCraft, StarCraft: Brood War||Starcraft.exe, storm.dll, battle.snp|
|Diablo II, Diablo II: Lord of Destruction||Game.exe, Bnclient.dll, D2Client.snp|
|WarCraft III: Reign of Chaos, WarCraft III: The Frozen Throne||War3.exe, storm.dll, Game.dll|
* - In the latest versions of these games, these files are packed into the game executables and the other two arguments should be passed as
CheckRevision Filename Format
Initially, the filename format of CheckRevision v1 was
$ is to be replaced with
# is to be replaced with a number between 0 and 7. In late 2006, Blizzard modified the format to
ver-$-#.mpq. As of today, the only valid
XMAC is 0.
The client passes in the formula given by the server and three filenames to
CheckRevision(). Via the
exeinfo pointer variables
CheckRevision() will return the client's file version, checksum, and a string via pointers in its function parameters, which are then passed to the server. The
version is a combination of
dwProductVersionLS from VS_FIXEDFILEINFO. The
exeinfo is a space delimited string containing the client's filename, last modified date (mm/dd/yy), last modified time (hh:mm:ss), and client's filesize in bytes.
In May 2016, Blizzard signed the CheckRevision DLLs. Starting from StarCraft 1.17.0 and Diablo II 1.14d, the client will verify the signature of the CheckRevision DLL.
CheckRevision Filename Format
CheckRevision v2's filename format is
psistorm-PMAC-##.mpq for PMAC, where
## is to be replaced with a number between 00 and 19.
Battle.net serves IX86 CheckRevision v2 to Diablo I, WarCraft: Battle.net Edition, StarCraft, StarCraft: Brood War, and StarCraft Shareware clients and XMAC and PMAC to Diablo II and Diablo II: Lord of Destruction.
See An Objective Analysis of the Lockdown Protection System for Battle.net.
CheckRevision Filename Format
CheckRevision v3's filename format is simply
Battle.net only serves CheckRevision v3 to Diablo II and Diablo II: Lord of Destruction.
The algorithm behind v3 is much simpler and does not actually require any of the game files, just the full file version of Game.exe (ex:
18.104.22.168). The value for EXE Version is now always 0, and the checksum and EXE info have changed.
The value string sent in S>C 0x50 SID_AUTH_INFO is encoded as Base64. The first 4 bytes of the decoded value are hashed along with the file version of Game.exe and the result is encoded as Base64 and returned to the server in the checksum and EXE info fields in C>S 0x51 SID_AUTH_CHECK.
result = base64(sha1(value, ":" + version + ":", 0x01))
Value is 4 bytes, version is a string, and 0x01 is a byte. The first 4 bytes of the resulting encoded string are sent as the checksum and the rest is sent as the EXE info (with a null terminator). This effectively removes the checksum field and sends the entire hash as the EXE info string.
There is a second MPQ for v3 called CheckRevisionD1 which is used on the GOG server. This is the same as normal v3 but includes the hash of the server certificate on the end of the result.
result = base64(sha1(value, ":" + version + ":", 0x01)) + ":" + base64(sha1(public_key, value))
In this instance, public_key is the public key value from the game EXE's certificate, as returned by the Windows Crypto API. See the implementation in Warden.dll for more details.
If calling the CheckRevision() function from the v3 DLL, the calling app's version needs to match the version of Game.exe and have any valid signature.
- March 7, 2019 GOG releases DRTL client, CheckRevision v3 for DRTL seen in use.
- February 2, 2019 CheckRevision v3 created for DRTL
- January 4, 2019 Battle.net server reset, CheckRevision v3 seen in use.
- January 3, 2019 CheckRevision v3 created for D2DV and D2XP
- May 27, 2016 CheckRevision v1 DLL files signed
- April 21, 2016 CheckRevision v2 updated for XMAC
- March 5, 2007 CheckRevision is updated
- Late 2006 CheckRevision v2 released
- Late 2006 Checkrevision v1 files are renamed from
ver-IX86-#.mpq(Where # is replaced with numbers 0 - 7)