BNETDocs
C>S 0x31 SID_CHANGEPASSWORD
Message Id:0x31
Message Name:SID_CHANGEPASSWORD
Direction:Client to Server
Used By:Starcraft Original, Starcraft Broodwar
Starcraft Shareware, Starcraft Japanese
Diablo Retail, Diablo Shareware
Diablo II, Diablo II Lord of Destruction
Warcraft II BNE
Format:

(UINT32) Client Token
(UINT32) Server Token
(UINT32) [5] Old password hash
(UINT32) [5] New password hash
(STRING) Account name

Remarks

Changes Battle.net account password. This message must be sent before you logon.

The old password is hashed twice using XSHA-1. First, the password is hashed by itself, then the following data is hashed again and sent to Battle.net:

  1. (UINT32) Client Token
  2. (UINT32) Server Token
  3. (UINT8)[20] First password hash

The new password should be XSHA-1 hashed once, without the tokens.

Passwords should be converted to lowercase before hashing, for compatibility with Blizzard games.

| Edited:
Comments
xpeh

(DWORD) [5] Old password hash

This is completely wrong. It is not password hash, but DoubleHashPassword()

DWORD) [5] New password hash is real password hash.

This relies to old logon system (before WAR3).