Is there somewhere or some way I can find out how battle.net's modified SHA-1 is different from the original?

Look at how a bot's SHA-1 hashing function works, then look at the FIPS 180-1 (The real SHA-1 Standard), which is available here: http://www.itl.nist.gov/fipspubs/fip180-1.htm

Basically they mixed up the operands to the bit shifting/rotating functions. Instead of rotating X by Y, they rotate Y by X (for example, instead of rotating 0xbaaaad00 7 steps to the right, making 0175555A, they rotate 0x00000007 0xbaaaad00 steps to the right, making 0x00000007). You should notice that this most probably greatly reduces the security of the algorithm.

[quote author=Adron link=board=17;threadid=3088;start=0#msg24299 date=1066257738]
You should notice that this most probably greatly reduces the security of the algorithm.
[/quote]
Do you have any idea why this was done?

[quote author=c0ol link=board=17;threadid=3088;start=0#msg24929 date=1066784608]
[quote author=Adron link=board=17;threadid=3088;start=0#msg24299 date=1066257738]
You should notice that this most probably greatly reduces the security of the algorithm.
[/quote]
Do you have any idea why this was done?
[/quote]

To make it harder to guess, I would imagine, so people can't just use an out-of-the-box SHA-1 algorithm

Maybe they did it by mistake, which would be typical of Blizzard... (Although now that I think of it, not so typical of the "old" Blizzard programmers who wrote this code to begin with.) Nobody really knows why.

If they had a macro with two arguments to do the actual rotate, and the arguments weren't named properly, rotating the wrong thing would be an easy mistake to make. And you wouldn't notice it unless you either checked the output with a reference implementation or carefully traced the code and checked the intermediate values. Both generate a random-looking output.

well if they wanted to use the standard SHA-1, wouldn't they just use a premade function?

[quote author=c0ol link=board=17;threadid=3088;start=0#msg25065 date=1066860061]
well if they wanted to use the standard SHA-1, wouldn't they just use a premade function?
[/quote]
Blizzard's had a long history of insisting on doing things "the hard way" by reinventing the wheel. They've also had a long history of reinventing the wheel incorrectly, as in this case.

[quote author=Skywing link=board=17;threadid=3088;start=0#msg25073 date=1066861495]
[quote author=c0ol link=board=17;threadid=3088;start=0#msg25065 date=1066860061]
well if they wanted to use the standard SHA-1, wouldn't they just use a premade function?
[/quote]
Blizzard's had a long history of insisting on doing things "the hard way" by reinventing the wheel. They've also had a long history of reinventing the wheel incorrectly, as in this case.
[/quote]

Don't forget, they design their stuff to be platform-independant, so they'll often write their own to make sure it runs the same.

Not that that's an excuse for doing it the hard way, but eh? :)

[quote author=Yoni link=board=17;threadid=3088;start=0#msg24981 date=1066805330]
Maybe they did it by mistake, which would be typical of Blizzard... (Although now that I think of it, not so typical of the "old" Blizzard programmers who wrote this code to begin with.) Nobody really knows why.[/quote]Actually, silly typo related mistakes abound in the old Blizzard code. Diablo is a great example of this; to this day, the spell Flash does incorrect damage because someone typed '2' instead of '20' in one of the equations, and they refuse to fix it even though people have told them exactly where the flaw is. Similarly, many perfectly functional bosses fail to appear because of mistakes in entering the appropriate dungeon level.

[quote author=iago link=board=17;threadid=3088;start=0#msg25074 date=1066861869]
[quote author=Skywing link=board=17;threadid=3088;start=0#msg25073 date=1066861495]
[quote author=c0ol link=board=17;threadid=3088;start=0#msg25065 date=1066860061]
well if they wanted to use the standard SHA-1, wouldn't they just use a premade function?
[/quote]
Blizzard's had a long history of insisting on doing things "the hard way" by reinventing the wheel. They've also had a long history of reinventing the wheel incorrectly, as in this case.
[/quote]

Don't forget, they design their stuff to be platform-independant, so they'll often write their own to make sure it runs the same.

Not that that's an excuse for doing it the hard way, but eh? :)
[/quote]
Virtually all of these things had free implementations available that are much more portable than Blizzard's.

Oh, and don't forget their broken UTF-8 processing (violates standard and introduces security holes by processing redundant encodings).

How about the fact that I log on with Brood War using 0x07?

[quote author=St0rm.iD link=board=17;threadid=3088;start=0#msg25106 date=1066868764]
How about the fact that I log on with Brood War using 0x07?
[/quote]
That's being lazy, which is something completely different. Someone who is lazy would probably not want to spend so much time writing things already written.