-
Notifications
You must be signed in to change notification settings - Fork 10
Home
ExtraWork is used to send DLL files to Battle.net clients for execution. There are two types of ExtraWork: SID_REQUIREDWORK and SID_OPTIONALWORK.
Blizzard has generally used this module to run hack detection/prevention code or collect system data for future use. It is not regularly used and Battle.net servers no longer uses this module.
The server sends packet 0x4C to the client containing the MPQ's filename, often named IX86ExtraWork.mpq, to download. In response, the client will send packet 0x33 to the server with Request ID 0x80000006 for the filetime of the filename previously received.
The client will check bncache.dat on the user's computer for the same file and download a new copy from the server via BNFTP if the file does not exist or the filetime does not match.
The client will extract a DLL file from the MPQ and call an exported function called ExtraWork.
When ExtraWork() finishes executing, sends packet 0x4B to the server.
SID_OPTIONALWORK behaves similarly to SID_REQUIREDWORK with the exception that downloading the MPQ file from the server is completely optional and the Request ID is 0x80000005.
To toggle whether or not the client should download the MPQ file, the registry key HKEY_CURRENT_USER\Software\Battle.net\Optimize\SysDesc(REG_DWORD) must be modified. A value of 0 will make the client not download the specified MPQ file and vice versa with any non-zero value.
The DLL file inside the MPQ contains the same filename except the file extension is .dll.
The client performs RSA signature verification on the MPQ to verify the integrity of the file. If a valid (signature) file does not exist inside the MPQ, the client will not execute the ExtraWork() function.
The signature is a RSASSA-PKCS1-v1_5 digital signature and is called Blizzard Weak Digital Signature because it uses the MD5 hashing algorithm and 512-bit RSA key.