login_sequence
The login sequence uses a challenge response mechanism using a combination of SHA1 and RC4.
server |
lc1 - server gives 64 byte challenge value (in base64 ASCII)
|
client |
login2 - client responds with response value (in base64 ASCII)
|
server |
lc2 - if login2 is succesful, server gives sessionkey
|
psuedo code for generating response value (+ means concatenate):
1) Decode challenge value from base64 ASCII into 64 bytes of data
2) UNENCRYPTED_DATA = First 32 bytes of challenge data + USERNAME (in unicode UTF-16LE) + 0000000002C0A8016600000000 (hex constant)
3) HASHED_PASSWORD = SHA1 hash of ASCII password
4) HASHED_PASSWORD2 = SHA1 of (HASHED_PASSWORD + Last 32 bytes of challenge data)
5) RC4_KEY = First 16 bytes of HASHED_PASSWORD2
6) ENCRYPTED_DATA = RC4 of UNENCRYPTED_DATA using RC4_KEY as the encryption key
7) Encode ENCRYPTED_DATA into base64 ASCII to obtain response value
example
server:
\lc\1\nc\Jfy+N46kTKNPCEPRaJP4QA3/3z4bayiCaJsFqGyOF97RQ1cQI5+xs1laahcrABCqlYp7pQgild0Qk+P8jGX9Mg==\id\1\final\
client:
\login2\196610\usernamemyspaceimtestuser1@glit.us\response\g/MFAWd84rcpcGcL8jQXaptT4hvXz/34cP+1sN/LAM3m6BDVrBr3KLKUjPt147dyGaQgJCYSFxVsBL1WVQZv2ihCs1RGaWE=\clientver\595\status\100\id\1\final\
server:
\lc\2\sesskey\480534511\proof\myspaceimtestuserurl1\userid\166189759\profileid\166189759\uniquenick\myspaceimtestuserurl1\id\1\final\
Comments (0)
You don't have permission to comment on this page.