C>S 0x31 SID_CHANGEPASSWORD

Transport Layer:	Transmission Control Protocol (TCP)
Application Layer:	Battle.net v1 TCP Messages (SID)
Message Id:	`0x31`
Message Name:	`SID_CHANGEPASSWORD`
Direction:	Client to Server
Used By:	Starcraft Original, Starcraft Broodwar Starcraft Shareware, Starcraft Japanese Diablo Retail, Diablo Shareware Diablo II, Diablo II Lord of Destruction Warcraft II BNE
Message Format: ^{(does not include protocol header)}	`(UINT32) Client Token (UINT32) Server Token (UINT32) [5] Old password hash (UINT32) [5] New password hash (STRING) Account name`

Remarks

Changes Battle.net account password. This message must be sent before you logon.

The old password is hashed twice using XSHA-1. First, the password is hashed by itself, then the following data is hashed again and sent to Battle.net:

(UINT32) Client Token
(UINT32) Server Token
(UINT8)[20] First password hash

The new password should be XSHA-1 hashed once, without the tokens.

Passwords should be converted to lowercase before hashing, for compatibility with Blizzard games.

Monday, June 6, 2011 | Edited: Saturday, December 28, 2019 Anonymous

Comments

xpeh
Wed Jun 24, 2009 9:11pm UTC

(DWORD) [5] Old password hash

This is completely wrong. It is not password hash, but DoubleHashPassword()

DWORD) [5] New password hash
is real password hash.

This relies to old logon system (before WAR3).