|
|
| Line 43: |
Line 43: |
|
| |
|
| ==== Password Hashing ==== | | ==== Password Hashing ==== |
| Hashing the password, in some older AIM versions implementing BUCP authentication, hashes via MD5 in the following format: | | Hashing the password, in some older AIM versions implementing BUCP authentication, hashes via MD5 in the following format (old_hash): |
| * Challenge | | * Challenge |
| * Password | | * Password |
| * "AOL Instant Messenger (SM)" | | * "AOL Instant Messenger (SM)" |
|
| |
|
| However, in some newer AIM versions, they hash via MD5 in the following format: | | However, in some newer AIM versions, they hash via MD5 in the following format (new_hash): |
| * Challenge | | * Challenge |
| * md5(password) | | * md5(password) |
Revision as of 06:42, 21 July 2024
This is the final SNAC sent by the client when authorizing via BUCP. After this sent, the server replies with a BUCP__LOGIN_RESPONSE SNAC. Whether you were authorized or not shows in the TLVs of the aforementioned SNAC.
| 00 17 |
|
word |
|
SNAC foodgroup |
| 00 02 |
|
word |
|
SNAC subgroup |
| 00 00 |
|
word |
|
SNAC flags |
| 00 00 00 00 |
|
dword |
|
SNAC request ID |
|
SNAC DataThe SNAC data is a list of TLVs - the possible TLVs being as follows:
| Type |
Length |
Value
|
| 00 01 |
xx xx |
The screen name as given by the client.
|
| 00 25 |
00 10 |
The password, hashed in MD5 in a specific format. See below this table on how to do so.
|
| 00 03 |
xx xx |
The client ID string (with the name and version - i.e., "AOL Instant Messenger (SM), version 4.8.2540/WIN32")
|
| 00 16 |
00 02 |
The client's ID number.
|
| 00 17 |
00 02 |
The client's major version (i.e., "4")
|
| 00 18 |
00 02 |
The client's minor version (i.e., "8")
|
| 00 19 |
00 02 |
The client's lesser version.
|
| 00 1A |
00 02 |
The client's build number (i.e., 2540)
|
| 00 14 |
00 04 |
The client's distribution number.
|
| 00 0F |
00 02 |
The client's language (i.e., "en")
|
| 00 0E |
00 02 |
The client's country (i.e., "us")
|
| 00 0F |
00 02 |
Whether to use SSI or not (1 - SSI only, 0 - family 0x03)
|
Password Hashing
Hashing the password, in some older AIM versions implementing BUCP authentication, hashes via MD5 in the following format (old_hash):
- Challenge
- Password
- "AOL Instant Messenger (SM)"
However, in some newer AIM versions, they hash via MD5 in the following format (new_hash):
- Challenge
- md5(password)
- "AOL Instant Messenger (SM)"
For example:
old_hash = md5(challenge + password + "AOL Instant Messenger (SM)")
new_hash = md5(challenge + md5(password) + "AOL Instant Messenger (SM)")
Note for server developers: You will have to hash the password in both formats, and compare both the hashes with what the client hashed in order to verify the password to support the full range of BUCP clients.
SNAC Dump
Example dump (sent by a AIM 4.8.2540 client - dump contains a FLAP header):
0000 2a 02 17 8b 00 99 00 17 00 02 00 00 00 00 00 00 *...............
0010 00 01 00 0a 74 6f 78 69 64 61 74 69 6f 6e 00 25 ....toxidation.%
0020 00 10 xx xx xx xx xx xx xx xx xx xx xx xx xx xx ................
0030 xx xx 00 03 00 32 41 4f 4c 20 49 6e 73 74 61 6e .....2AOL Instan
0040 74 20 4d 65 73 73 65 6e 67 65 72 20 28 53 4d 29 t Messenger (SM)
0050 2c 20 76 65 72 73 69 6f 6e 20 34 2e 38 2e 32 35 , version 4.8.25
0060 34 30 2f 57 49 4e 33 32 00 16 00 02 01 09 00 17 40/WIN32........
0070 00 02 00 04 00 18 00 02 00 08 00 19 00 02 00 00 ................
0080 00 1a 00 02 09 ec 00 14 00 04 00 00 00 af 00 0f ................
0090 00 02 65 6e 00 0e 00 02 75 73 00 4a 00 01 01 ..en....us.J...
The hashed password TLV's data as seen above in the hex dump is replaced by "xx xx .." because underneath the hash, more or less, is my actual NINA password.
| |
