Transport Layer:Transmission Control Protocol (TCP)
Application Layer:Diablo II Realm Messages (MCP)
Message Id:0x01
Message Name:MCP_STARTUP
Direction:Client to Server
Options: In Research
Used By:Diablo II, Diablo II Lord of Destruction
Message Format:
(does not include protocol header)
 (UINT32)     MCP Cookie
 (UINT32)     MCP Status
 (UINT32)[2]  MCP Chunk 1
 (UINT32)[12] MCP Chunk 2
(STRING)     Battle.net Unique Name


This packet authenticates the client with the MCP and allows character querying and logon to proceed.
All 16 UINT32s (Cookie, Status, Chunk 1, and Chunk 2) are received from the server via SID_LOGONREALMEX.

Not much information is known about the UINT32 values, other than that they're received from the server. The following information needs work:

  • MCP Cookie: Client Token
  • MCP Status: Unknown
  • MCP Chunk 1 [01]: Server IP (BNCS)
  • MCP Chunk 1 [02]: UDP Value*
  • MCP Chunk 2 [01]: Unknown
  • MCP Chunk 2 [02]: Unknown
  • MCP Chunk 2 [03]: Something to do with the gateway
  • MCP Chunk 2 [04]: Product (D2DV/D2XP)
  • MCP Chunk 2 [05]: Platform (IX86/PMAC/XMAC)
  • MCP Chunk 2 [06]: Unknown
  • MCP Chunk 2 [07]: Language ID (1033 [0x409] for enUS)
  • MCP Chunk 2 [08]: Unknown
  • MCP Chunk 2 [09]: Unknown
  • MCP Chunk 2 [10]: Unknown
  • MCP Chunk 2 [11]: Unknown
  • MCP Chunk 2 [12]: Unknown

This is purely speculation, but as there are 5 unknown UINT32s at the end of this chunk, it is possible that it is actually a hash of something.

* UDP Value: No one really knows what this is, however, it is used in 2nd UINT32 of the UDP packet PKT_CONNTEST2. The client receives it in SID_AUTH_INFO.

| Edited: RealityRipple



It seems that the contents of the MCP Chunks has changed. I only noticed because I was doing some pretty sloppy data storage/manip in my current project that ultimately broke things when Blizzard made this change (a few months back from what I can tell). I wasn't motivated enough at the time to figure out what Blizzard changed to break my stuff...but as soon as I started looking at the packet logs, I noticed that SID_LOGONREALMEX and MCP_STARTUP looked totally different. Still the same length but the chunks look like maybe plaintext hashes of some sort?