This is for the FLAP-level sign on method. This is the oldest method of sign on, used prior to AIM 3.5. This refers to the FLAP__FRAME_SIGNON authentication method for a user to authenticate to the network. This works similar to, but is not the same as, FLAP__FRAME_SIGNON sequences used to connect to BOSS and other services.
Sequence
Below is a table laying out the sequence, which is further detailed in the sections below. Keep in mind that all of the packets are FLAP packets, and thus only the data is discussed.
| Origin
|
Name
|
Length
|
Value
|
Note
|
| Host
|
FLAP_VERSION
|
4
|
00 00 00 01
|
Always 0x01
|
| Client
|
FLAP_FRAME_SIGNON
|
blob
|
xx ..
|
TLV chain containing authentication information
|
| Host
|
FLAP_FRAME_SIGNOFF
|
blob
|
xx ..
|
TLV chain of either BOSS or error information
|
FLAP_FRAME_SIGNON
X
FLAP_FRAME_SIGNOFF
X
Clients are allowed to, but not required to, send their own empty FLAP_FRAME_SIGNOFF after receiving this one.
From Aleksandr Shutko: SRV_COOKIE: server authorization response
|
This is the server reply for for cli_ident packet.
It contain BOS address / authorization cookie. It always come from FLAP channel
0x04. See also channel 0x01 authorization sequence info.
|
| |
| 00 01 |
|
word |
|
TLV.Type(0x01) - screen name (uin) |
| xx xx |
|
word |
|
TLV.Length |
|
| xx .. |
|
string |
|
Screen name (uin) |
|
|
| |
| |
|
| |
| 00 05 |
|
word |
|
TLV.Type(0x05) - BOS server address |
| xx xx |
|
word |
|
TLV.Length |
|
| xx .. |
|
string |
|
BOS server address string |
|
|
| |
| |
|
| |
| 00 06 |
|
word |
|
TLV.Type(0x06) - authorization cookie |
| xx xx |
|
word |
|
TLV.Length |
|
| xx .. |
|
array |
|
authorization cookie |
|
|
| |
| |
|
|
|
Example SNAC dump with flap header:
2A 04 62 BF 01 21 00 01 00 06 37 37 37 37 37 37 *.b..!....777777
00 05 00 0F 31 30 2E 31 30 2E 31 30 2E 39 3A 35 ....10.10.10.9:5
31 39 30 00 06 01 00 37 37 37 37 37 37 39 63 64 190....7777779cd
42 63 66 39 61 32 36 38 35 63 44 32 66 4E 39 66 Bcf9a2685cD2fN9f
42 61 61 66 42 61 63 31 43 31 36 54 63 44 66 39 BaafBac1C16TcDf9
37 44 37 31 37 61 44 30 44 66 35 30 33 45 31 63 7D717aD0Df503E1c
37 31 31 65 44 41 41 41 41 41 41 41 41 41 41 41 711eDAAAAAAAAAAA
41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
41 41 41 41 41 41 41 AAAAAAA
|
|
Next steps
From Aleksandr Shutko: CLI_IDENT: client authorization request (channel 0x01)
|
Client use this packet in FLAP channel 0x01 based authorization
sequence. So client should send it
on FLAP channel 0x01. Server should reply via srv_cookie packet, containing BOS address/cookie or via
auth_failed packet, containing error code.
Passwords are roasted when sent to the host. This is done so they
aren't sent in "clear text" over the wire, although they are still
trivial to decode. Roasting is performed by first xoring each byte
in the password with the equivalent modulo byte in the roasting
array (
0xF3, 0x26, 0x81, 0xC4, 0x39, 0x86, 0xDB, 0x92,
0x71, 0xA3, 0xB9, 0xE6, 0x53, 0x7A, 0x95, 0x7C
)
|
00 00 00 01 |
dword |
protocol version number |
|
|
|
| |
| 00 01 |
|
word |
|
TLV.Type(0x01) - screen name (uin) |
| xx xx |
|
word |
|
TLV.Length |
|
| xx .. |
|
string |
|
Screen name (uin) |
|
|
| |
| |
|
| |
| 00 02 |
|
word |
|
TLV.Type(0x02) - roasted password |
| xx xx |
|
word |
|
TLV.Length |
|
| xx .. |
|
array |
|
roasted password array |
|
|
| |
| |
|
| |
| 00 03 |
|
word |
|
TLV.Type(0x03) - client id string |
| xx xx |
|
word |
|
TLV.Length |
|
| xx .. |
|
string |
|
Client id string (name, version) |
|
|
| |
| |
|
| |
| 00 16 |
|
word |
|
TLV.Type(0x16) - client id |
| 00 02 |
|
word |
|
TLV.Length |
|
| xx xx |
|
word |
|
Client id number |
|
|
| |
| |
|
| |
| 00 17 |
|
word |
|
TLV.Type(0x17) - client major version |
| 00 02 |
|
word |
|
TLV.Length |
|
| xx xx |
|
word |
|
Client major version |
|
|
| |
| |
|
| |
| 00 18 |
|
word |
|
TLV.Type(0x18) - client minor version |
| 00 02 |
|
word |
|
TLV.Length |
|
| xx xx |
|
word |
|
Client minor version |
|
|
| |
| |
|
| |
| 00 19 |
|
word |
|
TLV.Type(0x19) - client lesser version |
| 00 02 |
|
word |
|
TLV.Length |
|
| xx xx |
|
word |
|
Client lesser version |
|
|
| |
| |
|
| |
| 00 1A |
|
word |
|
TLV.Type(0x1A) - client build number |
| 00 02 |
|
word |
|
TLV.Length |
|
| xx xx |
|
word |
|
Client build number |
|
|
| |
| |
|
| |
| 00 14 |
|
word |
|
TLV.Type(0x14) - distribution number |
| 00 04 |
|
word |
|
TLV.Length |
|
| xx xx xx xx |
|
dword |
|
Distribution number |
|
|
| |
| |
|
| |
| 00 0F |
|
word |
|
TLV.Type(0x0F) - client language (2 symbols) |
| xx xx |
|
word |
|
TLV.Length |
|
| xx .. |
|
string |
|
Client language |
|
|
| |
| |
|
| |
| 00 0E |
|
word |
|
TLV.Type(0x0E) - client country (2 symbols) |
| xx xx |
|
word |
|
TLV.Length |
|
| xx .. |
|
string |
|
Client country |
|
|
| |
| |
|
|
|
Example SNAC dump with flap header (uin="777777", pass="password"):
2A 01 13 5A 00 83 00 00 00 01 00 01 00 06 37 37 *..Z..........77
37 37 37 37 00 02 00 08 83 47 F2 B7 4E E9 A9 F6 7777.....G..N...
00 03 00 33 49 43 51 20 49 6E 63 2E 20 2D 20 50 ...3ICQ Inc. - P
72 6F 64 75 63 74 20 6F 66 20 49 43 51 20 28 54 roduct of ICQ (T
4D 29 2E 32 30 30 30 62 2E 34 2E 36 35 2E 31 2E M).2000b.4.65.1.
33 32 38 31 2E 38 35 00 16 00 02 01 0A 00 17 00 3281.85.........
02 00 04 00 18 00 02 00 41 00 19 00 02 00 01 00 ........A.......
1A 00 02 0C D1 00 14 00 04 00 00 00 55 00 0F 00 ............U...
02 65 6E 00 0E 00 02 75 73 .en....us
|
|