Open-source multiplayer game server compatible with the RuneScape client
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
openrs2/share/doc/protocol/login.md

16 KiB

Login protocol

Upstream

Opcode Length Jagex name Description
14 1 INIT_GAME_CONNECTION Set username hash
15 4 INIT_JS5REMOTE_CONNECTION Switch to JS5 mode
16 Variable short GAMELOGIN Login (new session)
17 0 Unknown Switch to JAGGRAB mode
18 Variable short Unknown Reconnect (existing session)
20 6 Unknown Check date of birth and country
21 8 CREATE_CHECK_NAME Check username availability
22 Variable byte CREATE_ACCOUNT Create account
23 4 REQUEST_WORLDLIST Request world list
24 Variable byte CHECK_WORLD_SUITABILITY Request most suitable world number

A curious oddity is that Old School RuneScape server processes upstream login packets in a loop, rather than only permitting a single login packet to be sent during the handshake process, which is how most current private servers are currently implemented.

For example, it is possible to send an INIT_GAME_CONNECTION packet followed by an INIT_JS5REMOTE_CONNECTION packet. The connection will successfully switch to JS5 mode, even though this is not the normal sequence of packets sent by the client.

14 (INIT_GAME_CONNECTION)

Data type Description
UnsignedByte Username hash

The following algorithm computes the username hash:

usernameHash = (encodedUsername >> 16) & 0x1F

where encodedUsername is the player's Base37-encoded username.

The consensus in the community is that Jagex's implementation uses the username hash to load balance between login servers, but this has not been confirmed.

15 (INIT_JS5REMOTE_CONNECTION)

Data type Description
Int Client build number

16 (GAMELOGIN)

Data type Description
Int Client build number
Byte Unknown (hard-coded to 0 in client script)
Boolean Advert suppressed
Boolean Client signed
UnsignedByte Display mode
UnsignedShort Canvas width
UnsignedShort Canvas height
UnsignedByte Anti-aliasing mode
Byte[24] UID
String Site settings cookie
Int Affiliate ID
Int Detail options
Short Verify ID
Int[29] JS5 archive checksums
UnsignedByte RSA-encrypted payload length (n)
Byte[n] RSA-encrypted payload

The unknown byte hard-coded to 0 in a client script might represent the language. It is consistent with the ID for English. We can infer that there were language-specific versions of the cache, as the surviving copy does not contain translations.

The structure of the plaintext payload is described below:

Data type Description
UnsignedByte Must be 10
Int ISAAC cipher key (bits 0-31)
Int ISAAC cipher key (bits 32-63)
Int ISAAC cipher key (bits 64-95)
Int ISAAC cipher key (bits 96-127)
Long Base37-encoded username
String Password

17 (Switch to JAGGRAB mode)

18 (Reconnect)

The packet is identical to GAMELOGIN in all but one way: the opcode of this packet indicates the client is reconnecting due to connection loss, rather than logging in from the login screen.

20 (Check date of birth and country)

Data type Description
UnsignedByte Day
UnsignedByte Month
UnsignedShort Year
UnsignedShort Country ID

21 (CREATE_CHECK_NAME)

Data type Description
Long Base37-encoded username

22 (CREATE_ACCOUNT)

Data type Description
UnsignedShort Client build number
UnsignedByte RSA-encrypted payload length (n)
Byte[n] RSA-encrypted payload
Byte[len-n-3] XTEA-encrypted payload

The structure of the RSA-decrypted payload is described below:

Data type Description
UnsignedByte Must be 10
UnsignedShort Flags (see below)
Long Base37-encoded username
Int XTEA key (bits 0-31)
String Password
Int XTEA key (bits 32-63)
UnsignedShort Affiliate ID
UnsignedByte Day
UnsignedByte Month
Int XTEA key (bits 64-95)
UnsignedShort Year
UnsignedShort Country ID
Int XTEA key (bits 96-127)
Flag Description
0x1 Receive RuneScape newsletters
0x2 Receive Other newsletters
0x4 Share details with business partners

The structure of the XTEA-decrypted payload is described below:

Data type Description
String Email address
Byte[0-7] Padding

23 (REQUEST_WORLDLIST)

Data type Description
Int Previous world list checksum

The previous world list checksum is set to 0 if the client has not fetched the world list before. It is used to save bandwidth if the world list has not changed when the "Refresh" button is clicked: if checksum has not changed, the server only sends the player counts and not the full world list.

Given the use of CRC-32 elsewhere in the client, it is probably the CRC-32 checksum of the encoded world list (excluding player counts), but this has not been confirmed.

24 (CHECK_WORLD_SUITABILITY)

Data type Description
UnsignedShort Client build number
UnsignedByte RSA-encrypted payload length (n)
Byte[n] RSA-encrypted payload

The structure of the plaintext payload is described below:

Data type Description
UnsignedByte Must be 10
Int Random integer
Long Base37-encoded username
Int Random integer
String Password
Int Random integer

Downstream

Opcode Length Jagex name Description
0 8 Unknown Exchange session key
1 0 Unknown Display video advertisement
2 14 OK Login successful
3 0 INVALID_USERNAME_OR_PASSWORD Invalid username or password
4 0 BANNED Account banned
5 0 DUPLICATE Already logged in
6 0 CLIENT_OUT_OF_DATE Client out of date
7 0 SERVER_FULL Server full
8 0 LOGINSERVER_OFFLINE Login server offline
9 0 IP_LIMIT Too many connections from IP address
10 0 Unknown Bad session ID
11 0 FORCE_PASSWORD_CHANGE Password is weak
12 0 NEED_MEMBERS_ACCOUNT World is members-only
13 0 INVALID_SAVE Could not complete login
14 0 UPDATE_IN_PROGRESS Update in progress
15 0 RECONNECT_OK Reconnect successful
16 0 TOO_MANY_ATTEMPTS Too many login attemts from IP address
17 0 Unknown Account in members-only area
18 0 LOCKED Account locked
19 0 Unknown Fullscreen is members-only
20 0 Unknown Invalid login server requested
21 1 HOP_BLOCKED Wait for profile transfer
22 0 INVALID_LOGIN_PACKET Malformed login packet
23 0 Unknown No reply from login server
24 0 LOGINSERVER_LOAD_ERROR Error loading profile
25 0 UNKNOWN_REPLY_FROM_LOGINSERVER Unknown reply from login server
26 0 IP_BLOCKED IP address banned
27 0 Unknown Service unavailable
29 1 DISALLOWED_BY_SCRIPT Disallowed by script
30 0 Unknown Client is members-only
101 2 Unknown Switch world

0 (Exchange session key)

Data type Description
Long ISAAC cipher key (bits 64-127)

1 (Display video advertisement)

After the client has finished displaying the advertisement, it sends an empty packet with opcode 17. The opcode is encrypted with ISAAC.

2 (OK)

Data type Description
UnsignedByte Staff moderator level
UnsignedByte Player moderator level
Boolean Player is underage
Boolean Parental chat consent
Boolean Parental advertisement consent
Boolean Quick chat world
Boolean Record mouse movement
UnsignedShort Player index
Boolean Player is a member
Boolean Members-only world

3 (INVALID_USERNAME_OR_PASSWORD)

Message: Invalid username or password. If you have forgotten your password, click here.

4 (BANNED)

Message: Your account has been disabled. Please click here to check your Message Centre for details.

5 (DUPLICATE)

Message: Your account has not logged out from its last session. Try again in a few minutes.

6 (CLIENT_OUT_OF_DATE)

Message: RuneScape has been updated! Please reload this page.

7 (SERVER_FULL)

Message: This world is full. Please use a different world.

8 (LOGINSERVER_OFFLINE)

Message: Unable to connect: login server offline.

9 (IP_LIMIT)

Message: Login limit exceeded: too many connections from your address.

10 (Bad session ID)

Message: Unable to connect: bad session ID.

11 (FORCE_PASSWORD_CHANGE)

Message: Your password is an extremely common choice, and is very weak. You must change it before you can login. Click here

12 (NEED_MEMBERS_ACCOUNT)

Message: You need a members' account to log in to this world. Please subscribe or use a different world.

13 (INVALID_SAVE)

Message: Could not complete login. Please try using a different world.

14 (UPDATE_IN_PROGRESS)

Message: The server is being updated. Please wait a few minutes and try again.

15 (RECONNECT_OK)

16 (TOO_MANY_ATTEMPTS)

Message: Too many incorrect logins from your address. Please wait 5 minutes before trying again.

17 (Account in members-only area)

Message: You are standing in a members-only area. To play on this world, move to a free area first.

18 (LOCKED)

Message: Your account has been locked as we suspect it has been stolen. Click here to recover your account.

19 (Fullscreen is members-only)

Message: Fullscreen is currently a members-only feature. To log in, either return to the main menu and exit fullscreen or use a members' account.

20 (Invalid login server requested)

Message: Invalid loginserver requested. Please try using a different world.

21 (HOP_BLOCKED)

Data type Description
UnsignedByte Hop time

Message: You have only just left another world. Your profile will be transferred in seconds.

The number of remaining seconds is calculated using the following formula: (hopTime * 60 + 180) / 50

22 (INVALID_LOGIN_PACKET)

Message: Malformed login packet. Please try again.

23 (No reply from login server)

Message: No reply from login server. Please wait a minute and try again.

24 (LOGINSERVER_LOAD_ERROR)

Message: Error loading your profile. Please contact Customer Support.

25 (UNKNOWN_REPLY_FROM_LOGINSERVER)

Message: Unexpected loginserver response. Please try using a different world.

26 (IP_BLOCKED)

Message: This computer's address has been blocked as it was used to break our rules.

27 (Service unavailable)

Service unavailable.

29 (DISALLOWED_BY_SCRIPT)

Data type Description
UnsignedByte Reason
Reason Message
0 You must have a Combat Level of at least 20 (without Summoning) to enter a PvP world.
1 You are currently carrying lent items and cannot enter a PvP world.
2 You must be standing in the Wilderness or Edgeville to enter this Bounty world.
Other Unexpected server response. Please try using a different world.

30 (Client is members-only)

This is not a member's account; please choose the 'Free Users' option from the website to play on this account.

101 (Switch world)

Data type Description
UnsignedShort World number