Protocols/OSCAR/SNAC/BUCP LOGIN REQUEST

From Toxi's Wiki
Revision as of 06:41, 21 July 2024 by Toxi (talk | contribs)
Jump to navigationJump to search
OSCAR Protocol
IntroductionTermsClients
Basic
TODO
Tutorials
Sign On
Foodgroups
OSERVICE (0x0001)
BUCP (0x0017)

This is the final SNAC sent by the client when authorizing via BUCP. After this sent, the server replies with a BUCP__LOGIN_RESPONSE SNAC. Whether you were authorized or not shows in the TLVs of the aforementioned SNAC.

SNAC Header

 00 17   word   SNAC foodgroup
 00 02   word   SNAC subgroup
 00 00   word   SNAC flags
 00 00 00 00   dword   SNAC request ID

SNAC Data

The SNAC data is a list of TLVs - the possible TLVs being as follows:

Type Length Value
00 01 xx xx The screen name as given by the client.
00 25 00 10 The password, hashed in MD5 in a specific format. See below this table on how to do so.
00 03 xx xx The client ID string (with the name and version - i.e., "AOL Instant Messenger (SM), version 4.8.2540/WIN32")
00 16 00 02 The client's ID number.
00 17 00 02 The client's major version (i.e., "4")
00 18 00 02 The client's minor version (i.e., "8")
00 19 00 02 The client's lesser version.
00 1A 00 02 The client's build number (i.e., 2540)
00 14 00 04 The client's distribution number.
00 0F 00 02 The client's language (i.e., "en")
00 0E 00 02 The client's country (i.e., "us")
00 0F 00 02 Whether to use SSI or not (1 - SSI only, 0 - family 0x03)

Password Hashing

Hashing the password, in some older AIM versions implementing BUCP authentication, hashes via MD5 in the following format:

  • Challenge
  • Password
  • "AOL Instant Messenger (SM)"

However, in some newer AIM versions, they hash via MD5 in the following format:

  • Challenge
  • md5(password)
  • "AOL Instant Messenger (SM)"

For example:

old_hash = md5(challenge + password + "AOL Instant Messenger (SM)")
new_hash = md5(challenge + md5(password) + "AOL Instant Messenger (SM)")

Note for server developers: You will have to hash the password in both formats, and compare both the hashes with what the client hashed in order to verify the password to support the full range of BUCP clients.

SNAC Dump

Example dump (sent by a AIM 4.8.2540 client - dump contains a FLAP header):

0000   2a 02 17 8b 00 99 00 17 00 02 00 00 00 00 00 00   *...............
0010   00 01 00 0a 74 6f 78 69 64 61 74 69 6f 6e 00 25   ....toxidation.%
0020   00 10 xx xx xx xx xx xx xx xx xx xx xx xx xx xx   ................
0030   xx xx 00 03 00 32 41 4f 4c 20 49 6e 73 74 61 6e   .....2AOL Instan
0040   74 20 4d 65 73 73 65 6e 67 65 72 20 28 53 4d 29   t Messenger (SM)
0050   2c 20 76 65 72 73 69 6f 6e 20 34 2e 38 2e 32 35   , version 4.8.25
0060   34 30 2f 57 49 4e 33 32 00 16 00 02 01 09 00 17   40/WIN32........
0070   00 02 00 04 00 18 00 02 00 08 00 19 00 02 00 00   ................
0080   00 1a 00 02 09 ec 00 14 00 04 00 00 00 af 00 0f   ................
0090   00 02 65 6e 00 0e 00 02 75 73 00 4a 00 01 01      ..en....us.J...

The hashed password TLV's data as seen above in the hex dump is replaced by "xx xx .." because underneath the hash, more or less, is my actual NINA password.