BNETDocs
CheckRevision

CheckRevision is a module sent by the server during the logon process. The purpose of CheckRevision is to ensure that only official, unmodified Battle.net clients are connecting to Battle.net servers.

In all versions of CheckRevision, the following procedure is used to obtain CheckRevision and run it to return some values to the server:

  1. The client sends the server its platform ID, product ID, and version byte via C>S 0x06 SID_STARTVERSIONING or C>S 0x50 SID_AUTH_INFO.

  2. The server will then determine which CheckRevision to serve the client and then send the appropriate filename and filetime of the CheckRevision MPQ and a formula for the CheckRevision function via S>C 0x06 SID_STARTVERSIONING or S>C 0x50 SID_AUTH_INFO.

  3. The client checks bncache for CheckRevision. If CheckRevision is not found in bncache, the client initiates a BNFTPv1 connection to download CheckRevision.

  4. The client verifies that the CheckRevision MPQ contains a valid Blizzard Weak Digital Signature. If one is not found, the client immediately closes the connection to the server.

  5. The client extracts the CheckRevision DLL, and depending on the client and client's version, verifies the CheckRevision DLL's signature. If one is not found, the client immediately closes the connection to the server.

  6. The client calls CheckRevision().

  7. Information returned from CheckRevision() is sent to the server via C>S 0x07 SID_REPORTVERSION or C>S 0x51 SID_AUTH_CHECK.

CheckRevision() Function Declaration in C++

extern "C" __declspec(dllexport) std::int32_t __stdcall CheckRevision(const char* filename1, const char* filename2, const char* filename3, const char* formula, std::uint32_t* version, std::uint32_t* checksum, char* exeinfo);

v1

Filenames For Various Clients

Product Files
WarCraft II: Battle.net Edition Warcraft II BNE.exe, storm.dll, battle.snp
StarCraft, StarCraft: Brood War Starcraft.exe, storm.dll, battle.snp
Diablo II, Diablo II: Lord of Destruction Game.exe, Bnclient.dll, D2Client.snp
WarCraft III: Reign of Chaos, WarCraft III: The Frozen Throne War3.exe, storm.dll, Game.dll

CheckRevision Filename Format

Initially, the filename format of CheckRevision v1 was $ver#.mpq, where $ is to be replaced with IX86, PMAC, or XMAC and # is to be replaced with a number between 0 and 7. In late 2006, Blizzard modified the format to ver-$-#.mpq. As of today, the only valid # for PMAC and XMAC is 0.

Implementation

The client passes in the formula given by the server and three filenames to CheckRevision(). Via the version, checksum, and exeinfo pointer variables CheckRevision() will return the client's file version, checksum, and a string via pointers in its function parameters, which are then passed to the server. The version is a combination of dwProductVersionMS and dwProductVersionLS from VS_FIXEDFILEINFO. The exeinfo is a space delimited string containing the client's filename, last modified date (mm/dd/yy), last modified time (hh:mm:ss), and client's filesize in bytes.

In May 2016, Blizzard signed the CheckRevision DLLs. Starting from StarCraft 1.17.0 and Diablo II 1.14d, the client will verify the signature of the CheckRevision DLL.

v2

CheckRevision Filename Format

CheckRevision v2's filename format is lockdown-IX86-##.mpq, where ## is to be replaced with a number between 00 and 19. Lockdown was never released for PMAC or XMAC platforms.

Implementation

Battle.net only serves CheckRevision v2 to Diablo I, WarCraft: Battle.net Edition, StarCraft, StarCraft: Brood War, and StarCraft Shareware clients. See An Objective Analysis of the Lockdown Protection System for Battle.net.

v3

CheckRevision Filename Format

CheckRevision v3's filename format is simply CheckRevision.mpq.

Implementation

Battle.net only serves CheckRevision v3 to Diablo II and Diablo II: Lord of Destruction.

The algorithm behind v3 is much simpler and does not actually require any of the game files, just the full file version of Game.exe (ex: 1.14.3.71). The value for EXE Version is now always 0, and the checksum and EXE info have changed.

The value string sent in S>C 0x50 SID_AUTH_INFO is encoded as Base64. The first 4 bytes of the decoded value are hashed along with the file version of Game.exe and the result is encoded as Base64 and returned to the server in the checksum and EXE info fields in C>S 0x51 SID_AUTH_CHECK.

result = base64(sha1(value, ":" + version + ":", 0x01))

Value is 4 bytes, version is a string, and 0x01 is a byte. The first 4 bytes of the resulting encoded string are sent as the checksum and the rest is sent as the EXE info (with a null terminator). This effectively removes the checksum field and sends the entire hash as the EXE info string.

If calling the CheckRevision() function from the v3 DLL, the calling app's version needs to match the version of Game.exe and have any valid signature.

History

  • January 4, 2019 Blizzard releases CheckRevision v3
  • January 3, 2019 Blizzard finishes creating CheckRevision v3
  • May 27, 2016 Blizzard signs CheckRevision v1 DLL files
  • March 5, 2007 CheckRevision is updated
  • Late 2006 Blizzard releases CheckRevision v2, known as Lockdown
  • Late 2006 Checkrevision files are renamed from IX86ver#.mpq to ver-IX86-#.mpq (Where # is replaced with numbers 0 - 7)
| Edited: xboi209
Comments
Davnit

Added information on the new algorithm for v3.