RuneWiki Old Engine/Login Protocol

Old Engine/Login Protocol

From RuneWiki
Example of a failed login


Data Types

Old Engine/File Archive


The client begins by sending a single byte, 14.

The server should then send 8 bytes as a response to initiate the response. These bytes are ignored, but should be all 0s anyways.

Following that the server needs to send a response code of 0, followed by a random 64-bit number that will be used as part of the ISAAC seed.

Connection Request

Packet 16.


  • Packet length: Byte
  • Magic number: 255 (Byte)
  • Client version: Word
  • Memory type: Byte (Highmem / Lowmem)
  • CRCs: 9 DWords, CRC of all .idx0 File Archives loaded by the client
  • RSA length: Byte
  • After this point the remaining bytes must be decrypted!
  • RSA magic number: 10 (Byte) - this is used to check if the block was correctly decrypted
  • Client ISAAC seed: QWord
  • Server ISAAC seed: QWord
  • Client UID: DWord - ID to track client/player installations (can be changed client-side by deleting uid.dat and relaunching)
  • Username: String
  • Password: String

Both client and server ISAAC seeds should be combined into a complete 16-byte seed for ISAAC to use.

The decryptor ISAAC (used while reading packets from the client) should be initialized as-is from the ISAAC seed.

The encryptor ISAAC (used while sending packets to the client) should have 50 added to every 4-bytes of the ISAAC seed and then initialized, e.g.

let clientIsaac = data.readQWord();
let serverIsaac = data.readQWord();
let sessionDecoder = [
let sessionEncoder = [
    (clientIsaac.shiftRight(32).toInt()) + 50,
    (clientIsaac.toInt()) + 50,
    (serverIsaac.shiftRight(32).toInt()) + 50,
    (serverIsaac.toInt()) + 50

Respond with Connection if successful.

Reconnection Request

Packet 18. Same as Connection Request, but respond with Reconnection instead if successful.

Jagex's RSA Key

Modulus: 7162900525229798032761816791230527296329313291232324290237849263501208207972894053929065636522363163621000728841182238772712427862772219676577293600221789

Private exponent: 4563042879983685819415859508309337987464904274730456483940553788384065737798175536144539635545496149193181089921240252410947054964044522362195913220892133

Public exponent: 58778699976184461502525193738213253649000149147835990136706041084440742975821

PEM format (thanks Graham!):



Exchange login information

Response code 0.

Continue to exchange login information (packet 16 or 18).

Wait and try again

Response code 1.

Waits for 2000ms and tries again.


Response code 2.

You will also need to send the privilege level (0 to 2), and a single byte (1 or 0) that tells the client to send additional input information during the game session. This was used to flag suspected bot behavior.

Privilege levels:

  • 0: Normal player
  • 1: PMod
  • 2: JMod

Invalid username or password

Response code 3.

"Invalid username or password"

Account disabled

Response code 4.

"Your account has been disabled. Please check your message-center for details."

Account already logged in

Response code 5.

"Your account is already logged in. Try again in 60 secs..."

Game updated

Response code 6.

"RuneScape has been updated! Please reload this page."

World is full

Response code 7.

"This world is full. Please use a different world."

Login server offline

Response code 8.

"Unable to connect. Login server offline."

Login limit exceeded

Response code 9.

"Login limit exceeded. Too many connections from your address."

Bad session ID

Response code 10.

"Unable to connect. Bad session id."

Login server rejected session

Response code 11.

"Login server rejected session. Please try again."

Members account required

Response code 12.

"You need a members account to login to this world. Please subscribe, or use a different world."

Could not complete login

Response code 13.

"Could not complete login. Please try using a different world."

Server is being updated

Response code 14.

"The server is being updated. Please wait 1 minute and try again."


Response code 15.

Login attempts exceeded

Response code 16.

"Login attempts exceeded. Please wait 1 minute and try again."

Standing in members-only area

Response code 17.

"You are standing in a members-only area. To play on this world move to a free area first."

Invalid login server

Response code 20.

"Invalid loginserver requested. Please try using a different world."

Just left another world

Response code 21.

"You have only just left another world. Your profile will be transferred in: (byte) seconds."

This response also has a single byte appended that tells the player how many seconds they must wait.

Wait and try again (counting failures)

Response code -1.

Waits for 2000 ms and tries again while counting failures.


Any other response code will be unrecognized by the client and display "Unexpected server response. Please try using a different world."

Where do I go from here?

Continue the player's session at Old_Engine/Game_Protocol.