Protocols/OSCAR/SNAC/BUCP LOGIN REQUEST

From Toxi's Wiki
Revision as of 19:27, 21 July 2024 by Toxi (talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigationJump to search
OSCAR Protocol
IntroductionTermsClients
Basic
TODO
Tutorials
Sign On
Foodgroups
OSERVICE (0x0001)
BUCP (0x0017)

This is the final SNAC sent by the client when authorizing via BUCP, and contains a hashed password among other things. After this is sent, the server should respond with a BUCP__LOGIN_RESPONSE SNAC. Whether the client were authorized or not shows in the TLVs of the aforementioned SNAC.

 00 17   word   SNAC foodgroup
 00 02   word   SNAC subgroup
 00 00   word   SNAC flags
 00 00 00 00   dword   SNAC request ID
 00 01   word   TLV Type (0x0001) - screen name
 xx xx   word   TLV Length
 xx ..   string   Screen name
 00 25   word   TLV Type (0x0025) - password hashed in MD5
 00 10   word   TLV Length
 xx ..   array   MD5-hashed password (see below on how to do so)
 00 03   word   TLV Type (0x0003) - client ID string
 xx xx   word   TLV Length
 xx ..   string   Client ID string with the name and version (i.e., "AOL Instant Messenger (SM), version 4.8.2540/WIN32")
 00 16   word   TLV Type (0x0016) - client ID number
 00 02   word   TLV Length
 xx xx   word   Client ID number
 00 17   word   TLV Type (0x0017) - client major version
 00 02   word   TLV Length
 xx xx   word   Client major version (i.e., "4" in "4.8.2540")
 00 18   word   TLV Type (0x0018) - client minor version
 00 02   word   TLV Length
 xx xx   word   Client minor version (i.e., "8" in "4.8.2540")
 00 19   word   TLV Type (0x0019) - client lesser version
 00 02   word   TLV Length
 xx xx   word   Client lesser version
 00 1A   word   TLV Type (0x001A) - client build number
 00 02   word   TLV Length
 xx xx   word   Client build number (i.e., "2540" in "4.8.2540")
 00 14   word   TLV Type (0x0014) - client distribution number
 00 04   word   TLV Length
 xx xx xx xx   dword   Client distribution number
 00 0F   word   TLV Type (0x000F) - client language
 00 02   word   TLV Length
 xx xx   string   Client language (i.e., "en")
 00 0E   word   TLV Type (0x000E) - client country
 00 02   word   TLV Length
 xx xx   string   Client country (i.e., "us")
 00 0F   word   TLV Type (0x000F) - SSI flag
 00 02   word   TLV Length
 xx xx   word   SSI flag; 1 - use SSI only, 2 - foodgroup 0x03
 May contain other common TLVs

Hashing the password, in some older AIM versions implementing BUCP authentication, hashes via MD5 in the following format (old_hash):

  • Challenge
  • Password
  • "AOL Instant Messenger (SM)"

However, in some newer AIM versions, they hash via MD5 in the following format (new_hash):

  • Challenge
  • md5(password)
  • "AOL Instant Messenger (SM)"

For example:

old_hash = md5(challenge + password + "AOL Instant Messenger (SM)")
new_hash = md5(challenge + md5(password) + "AOL Instant Messenger (SM)")

Note to server developers: You will have to hash the password in both formats, and compare both the hashes with what the client hashed to verify the password in order to support the full range of BUCP clients.


Example dump (sent by a AIM 4.8.2540 client - dump contains a FLAP header):

0000   2a 02 17 8b 00 99 00 17 00 02 00 00 00 00 00 00   *...............
0010   00 01 00 0a 74 6f 78 69 64 61 74 69 6f 6e 00 25   ....toxidation.%
0020   00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0030   00 00 00 03 00 32 41 4f 4c 20 49 6e 73 74 61 6e   .....2AOL Instan
0040   74 20 4d 65 73 73 65 6e 67 65 72 20 28 53 4d 29   t Messenger (SM)
0050   2c 20 76 65 72 73 69 6f 6e 20 34 2e 38 2e 32 35   , version 4.8.25
0060   34 30 2f 57 49 4e 33 32 00 16 00 02 01 09 00 17   40/WIN32........
0070   00 02 00 04 00 18 00 02 00 08 00 19 00 02 00 00   ................
0080   00 1a 00 02 09 ec 00 14 00 04 00 00 00 af 00 0f   ................
0090   00 02 65 6e 00 0e 00 02 75 73 00 4a 00 01 01      ..en....us.J...