Protocols/MSNP/Scenarios/WebTV: Difference between revisions

From NINA Wiki
Jump to navigation Jump to search
No edit summary
(Remove speculation (ugh))
 
(2 intermediate revisions by the same user not shown)
Line 2: Line 2:
= Authentication =
= Authentication =


For MSNP versions &lt; 8, on receiving a server-side subsequent <code>USR</code> (<code>USR MD5 S</code>), instead of hashing the password locally, WebTV/MSNTV clients delegate the hashing to a WTVP (WebTV Protocol) service on <code>wtv-passport:/messengerlogin</code> where it sends the MD5 challenge and email (split into the username and domain parts). The service then returns the challenge response on a successful lookup of the email being a valid Microsoft account (note that WebTV/MSNTV subscriber accounts and Microsoft accounts/Passports were separate from each other). The fact the service does not send the password at all in the request hints that passwords were assumed to be stored in cleartext and were retrieved from Microsoft’s databases as such.
On all verified MSNP versions supported by WebTV/MSNTV on receiving a server-side subsequent <code>USR</code> (<code>USR MD5 S</code> or <code>USR TWN S</code>), instead of calculating the response locally, WebTV/MSNTV clients delegate the hashing to a WTVP (WebTV Protocol) service on <code>wtv-passport:/messengerlogin</code> where it sends the challenge (<code>wtv-passport:/messengerlogin?challenge</code>). The service then returns the challenge response on a successful lookup of the email being a valid Microsoft account (note that WebTV/MSNTV subscriber accounts and Microsoft accounts/Passports were separate from each other).
 
The same <code>wtv-passport</code> service is used for MSNP8 connections as well, but is assumed to accept and return different data, and we have yet to get information on how that works.
 
''TODO: Logs of request and responses of official <code>wtv-passport</code> service.''


<span id="identification"></span>
<span id="identification"></span>

Latest revision as of 19:43, 26 March 2023

MSNP Protocol
IntroductionTermsClients
Reference
Error ListCommandsRelying Party SuiteSpotlife
Services
XMPPHTTP GatewayTabsActivities
Documentation
Development ToolsMSNP Grid
PolygamyURLs used by MSN
Documents
Protocol Versions
Version 21
Version 18
Version 16
Version 15
Version 14
Version 13
Version 12
Version 11
Version 9
Version 8
Version 2
MSNC
IntroductionP2PObject DescriptorDisplay PicturesFile Transfer
Scenarios
Microsoft Messenger for Mac
MSNP on WebTV (MSNTV)

Authentication

On all verified MSNP versions supported by WebTV/MSNTV on receiving a server-side subsequent USR (USR MD5 S or USR TWN S), instead of calculating the response locally, WebTV/MSNTV clients delegate the hashing to a WTVP (WebTV Protocol) service on wtv-passport:/messengerlogin where it sends the challenge (wtv-passport:/messengerlogin?challenge). The service then returns the challenge response on a successful lookup of the email being a valid Microsoft account (note that WebTV/MSNTV subscriber accounts and Microsoft accounts/Passports were separate from each other).

Identification

On real hardware, it’s been observed that WebTV build 2.8 (MSN TV) sends a CVR after logging in:

CVR (TrID) 0x0409 webtv 2.8 MIPS msntvim 2.8 msntv

It identifies the client as msntv version 2.8, and the OS as webtv with the same version. It also identifies the running architecture as MIPS, with the client library being identified as msntvim. We’ve yet to determine if older builds (2.5 - 2.7) send this on real hardware as well. It’s been known that the 2.5 version of the WebTV Viewer doesn’t send any CVRs but the reason for this is unknown.

WebTV/MSNTV-first commands

IMS

IMS is a WebTV/MSNTV-first MSNP command with little documentation on its resulting behavior. So far it’s been determined that it was introduced by MSNP3, and the only (surviving) mentions of it reside in archives of MSNPiki (along with an earlier archive of the individual page on it that erroneously refers to it as ILM in the title, initially written by “Leadpumper”; the correction was added in by “BiM”), with the first mention being written by a user named “MrData” around February 2006.

IMS toggles whether a user can send XFRs for switchboards and receive RNGs or not. Its inferred usage is when a WebTV user doesn’t want to be pestered by any users wanting to message them, although we’ve only seen this command being triggered by WebTV Viewer 2.5 after an undetermined amount of idle time. The desktop MSN Messenger clients on the other hand don’t even mention the command in the binary strings.

IMS only requires two parameters: the TrID, and a value of either ON or OFF, corresponding to the ability of whether the user can create switchboards and be invited to them (ON for yes, OFF for no). The response contains three parameters: the TrID, a number which has only been observed as 0 for the time being (this can possibly be another flag), and the value the user specified for turning on/off switchboard usage. An example of the request and corresponding response is shown below:

>>> IMS (TrID) ON
<<< IMS (TrID) 0 ON

The behavior that results from a user setting IMS to OFF has so far been undocumented completely, but we assume that XFRs are simply ignored and RNGs aren’t sent to the user at all (with normal errors being sent to inviters).