mIRC Home    About    Download    Register    News    Help

Print Thread
Page 2 of 2 1 2
Joined: Oct 2005
Posts: 827
P
pouncer Offline OP
Hoopy frood
OP Offline
Hoopy frood
P
Joined: Oct 2005
Posts: 827
One thing I noticed on http://209.85.229.132/search?q=cache:mvF1xSZB0IcJ:www.csse.monash.edu.au/courseware/cse1370/2006/Chat/mosim.doc+msnp14+authentication&cd=8&hl=en&ct=clnk&gl=uk

Sent authentication SOAP


that's after the server sends back the full GCF load. but nowhere in that debug do i see the guy sending his email/password anywhere and that's exactly how im doing it too

Last edited by pouncer; 31/05/09 08:06 AM.
Joined: Sep 2005
Posts: 2,881
H
Hoopy frood
Offline
Hoopy frood
H
Joined: Sep 2005
Posts: 2,881
You may want to look at this >> http://msnpiki.msnfanatic.com/index.php/MSNP15:SSO

God, MSNP9 was so much simpler laugh

Joined: Mar 2006
Posts: 396
T
Pan-dimensional mouse
Offline
Pan-dimensional mouse
T
Joined: Mar 2006
Posts: 396
After the initial XML data, You might notice this:

USR 2 TWN S lc=1033,id=507,tw=40,ru=http%3A%2F%2Fmessenger%2Emsn%2Ecom,ct=1161813852,kpp=1,kv=9,ver=2.1.6000.1,rn=zZI5qkYo,tpf=b0550c1ce641da84fe791088ac5effd9

That's the line i'd be keeping an eye on, i'm pretty sure that contains some of the data you need to sent to the authentication server.

As I said above, they couldn't just send you the ticket and profile data based on an email, as those two keys are as good as an email and password to a hacker.
Also, you might notice that the the t=* and the p=* do not show <<< at the beginning, which indicates to me that they didn't come in through that socket.


[02:16] * Titanic has quit IRC (Excess Flood)
Joined: Mar 2006
Posts: 396
T
Pan-dimensional mouse
Offline
Pan-dimensional mouse
T
Joined: Mar 2006
Posts: 396
See: http://msnpiki.msnfanatic.com/index.php/MSNP13:SOAPTweener


[02:16] * Titanic has quit IRC (Excess Flood)
Joined: Oct 2005
Posts: 827
P
pouncer Offline OP
Hoopy frood
OP Offline
Hoopy frood
P
Joined: Oct 2005
Posts: 827
Originally Posted By: The_JD

Also, you might notice that the the t=* and the p=* do not show <<< at the beginning, which indicates to me that they didn't come in through that socket.


i thought it was just 1 whole chunk the server sends back, split into seperate parts by crlf's

i was looking at that SSO soap stuff, it talks about sending xml soap requests to the server. i dont think we can do this via mirc sockets right? (line too long stuff?)

Joined: Sep 2005
Posts: 2,881
H
Hoopy frood
Offline
Hoopy frood
H
Joined: Sep 2005
Posts: 2,881
Not true.

You could send an extra long var by doing this:

bset -t &t 1 $str(a,4000)
bset -t &t $calc($bvar(&a,0) + 1) $str(a,4000)
bset -t &t $calc($bvar(&a,0) + 1) $str(a,4000)
bset -t &t $calc($bvar(&a,0) + 1) $str(a,4000)
sockwrite sockname &t

Joined: Mar 2006
Posts: 396
T
Pan-dimensional mouse
Offline
Pan-dimensional mouse
T
Joined: Mar 2006
Posts: 396
Yeh, as above, mIRC can send an unlimited amount of data.
Also, these two will do the same things in alot of circumstances:

1.
sockwrite -n this.socket an example line

2.
sockwrite this.socket an exam
sockwrite -n this.socket ple line


[02:16] * Titanic has quit IRC (Excess Flood)
Joined: Oct 2005
Posts: 827
P
pouncer Offline OP
Hoopy frood
OP Offline
Hoopy frood
P
Joined: Oct 2005
Posts: 827
Hixxy and JD are you still around because im back and have started working on this again

Joined: Mar 2006
Posts: 396
T
Pan-dimensional mouse
Offline
Pan-dimensional mouse
T
Joined: Mar 2006
Posts: 396
I pop in quite often (2 times a week?)... but mostly check out the Developer/Bugs/Features sections... post up your issue and someone might help smile


[02:16] * Titanic has quit IRC (Excess Flood)
Page 2 of 2 1 2

Link Copied to Clipboard