[prog] Update on that reengineering problem
Meredydd
meredydd at everybuddy.com
Tue May 27 21:57:49 EST 2003
On Tuesday 27 May 2003 19:38, Elizabeth Barham wrote:
> Have you tried using the SHA1 hash function instead of MD5?
Hah, no. Neat idea, but that string doesn't appear in the executable either. I
suppose that could be it, but I'm guessing not, because Microsoft have
previously shown something of a fetish for MD5 (they use it in the Passport
auth, in Messenger auth, and the known (IRC6) version of MSN chat).
> In your next message, you gave (my comments in brackets; please
> correct):
Yep, those bracketed comments were correct. Sorry for confusing you :^)
> I'm not clear on what #1 and #2 are, or are they two different
> servers?
Yes. #1 is the challenge/response pair which occurred when talking to the
dispatch server. #2 is the challenge/response pair which occurred when
connecting to the server on which the actual chat room was hosted.
> Are either of these the constant string you wrote about? I'd
> like to duplicate the md5 hash'd response of MSN_chat2 just to get a
> feel for it.
Uhm, the response code I know doesn't work if you send your version as IRC7 :(
I have another capture, of an attempt to connect using the old hash for both
challenges (http://archives.wincoll.ac.uk/~c/MSN_chat4.libpcap):
#1 (old algorithm, identifying version as IRC6):
3c d6 64 5b b8 c2 47 79
--> da 2c fc b8 3b 91 d1 d7 7d f6 63 57 4d 4d 49 a5
#2 fails.
As an illustration of the algorithm, I have a little C program which will
perform the hash we know at http://archives.wincoll.ac.uk/~c/hashit.tgz
(includes Aladdin's MD5 implementation). Do you read C?
By the way, I've found what appears to be a working implementation of MSN chat
- an mIRC script called "Vincula Neo". I'm having a little bit of trouble
figuring out how it works, and it may be that it offloads the verification
hash to innards of the OCX, but it's be worth a look. First hit on Google, so
I shaln't bother uploading a copy...
> Also, I had difficulty parsing the libpcap file with tcpdump:
>
> # tcpdump -F MSN_chat3.libpcap
> tcpdump: illegal char 'Ô'
>
> Should I use another method?
Eep! Um, that Shouldn't Happen(tm). Ethereal opens it fine - have you tried
that?
> Also, retrieving MSN_chat2.libpcap results in an ERROR 403: Forbidden
> from here.
Oops. Try now?
Meredydd
More information about the Programming
mailing list