Packet 0x44 Information

[MyndFyre]

Hey all...

I'm just working on decoding the BNCS packet 0x44.  Here's one of the packets I received:

Code Select Expand


0000 ff 44 2f 01 04 01 00 00 00 6f 65 70 6f 02 4f 4c .D/......oepo.OL
0010 4f 53 01 00 01 00 02 39 91 00 00 00 00 00 4d 41 OS.....9......MA
0020 45 54 30 00 41 00 09 e7 80 07 00 00 00 00 06 18 ET0.A...........
0030 00 20 00 11 00 14 00 01 00 02 00 02 00 02 00 15 . ..............
0040 00 27 00 00 00 00 00 06 32 53 56 32 01 00 00 00 .'......2SV2....
0050 02 00 64 00 00 00 00 00 88 61 40 9f 50 17 c3 01 [email protected]...
0060 01 4d 61 73 61 4d 75 6e 65 2d 41 6f 41 00 32 53 .MasaMune-AoA.2S
0070 56 32 02 00 04 00 03 18 ee 00 00 00 00 00 bd 97 V2..............
0080 bf d7 29 2f c3 01 01 4c 75 72 6b 65 72 2d 41 6f ..)/...Lurker-Ao
0090 41 00 32 53 56 32 01 00 01 00 02 fb 60 00 00 00 A.2SV2......`...
0110 01 00 01 00 00 00 00 00 00 00 0e ec 22 13 87 1a ............"...
0120 c3 01 01 4b 6e 69 67 68 74 51 75 69 6c 6c 00    ...KnightQuill.


Here's what I've come up with so far (for this packet only...):

byte[4]   Header
byte[10]  Unknown
dword   'SOLO'
word   solo wins
word   solo losses
byte    solo level
byte    unknown
word   solo experience (maybe a dword?  it doesn't matter, blizz ladder scores don't increase past 50,000dec. yet).
byte[4]  unknown

dword   'TEAM'
word    team wins
word    team losses
byte    team level
byte     unknown
word    team experiece (same question as above)
byte[30]  unknown

-- The first two Arranged Team matchups are 25 bytes long plus the string of the teammate; the third is 33 bytes long plus the string length.  This is based on the first two, since I don't see a relation in the third.

dword   '2VS2'
word    team wins
word   team losses
word   team level (why is this a word and the other a byte?)
word   team experience
byte[13]  unknown
string   name

I'm assuming for a '3VS3' team, that there would be at least an array of strings, and possibly an additional null terminator.

Any ideas?

[MyndFyre]

I'm sorry; I get it when I request the profile of someone on WC3 or TFT.  The client sends 0x26 with 3 strings, and the server responds with the three profile strings in 0x26 and also sends 0x44.

[Soul Taker]

I thought you had to send 0x44 (guessing, whatever the packet to request those stats is), and it wasn't really linked to profiles at all except that the real clients send that packet along with profile request packets.

[Skywing]

I thought you had to send 0x44 (guessing, whatever the packet to request those stats is), and it wasn't really linked to profiles at all except that the real clients send that packet along with profile request packets.

That message is required to read Warcraft III statistics, since for whatever reason Blizzard decided that Warcraft III statistics should be unavailable through the SID_READUSERDATA interface.

[MyndFyre]

It seems that the first word or dword is a request type.  0x401 is a profile request.

[UserLoser.]

Bleh @ bringing back this old post, but:

Since 1.13 the 0x44 S->C seems to be encrypted in some sort of way for the URLs & Maps & Tournament listings, request type 0x7

(Blizzard read this thread!)

[Soar]

in 1.12 or earlier version, the 0x44 info request replys such a packet:
BYTE 2 - type
DWORD 1
BYTE 1 - Unknown
DWORD 'LRU' or 'PAM' or 'RDAL' or 'CSED'
DWORD Unknown
STRINGLIST Data
BYTE 1 - End?

the last byte End is 0x01 when this packet is not the last info reply packet, is 0x00 when it is the last one

in 1.13 the STRINGLIST Data(I think it is just some binary data) is not encrypted but compressed, it comes to:

BYTE 2 - type
DWORD 1
BYTE 1 - Unknown
DWORD 'LRU' or 'PAM' or 'RDAL' or 'CSED'
DWORD Unknown
SHORT uncompressed length
SHORT compressed length
CHAR[compressed length]  zlib compressed data
BYTE 1 - End signal