miércoles, 23 de julio de 2008

[EN] Protocol introduction

In this first post I will cover the first part you need to know to talk to the MSN server.

In a normal session you will make requests to different servers, but one connection is basic and must be active through all the session, that is a connection with the Notification Server (NS), this connection is a socket connection initially made with the host messenger.hotmail.com on the port 1863, this connection is managed through commands written in plain ascii.

This commands have the following format

Command transaction_id [param1 param2 ... paramN] [payload_size]\r\n
[payload_body]

* command is generally a 3 letter word like VER, MSG etc.
* transaction_id is a number that represent the order of this command, start with the number 1 and is increased every time you send a new command. When you send a response to a command sent by the server you must set the tid (transaction_id for short from now on) to the number that the server sent. Some commands put other content as second parameter, but they are just a few exceptions.
* a number of optional parameters separated by a space come next and the number depends on the command. They can contain anything that may be useful for the command
* payload_size is the number of bytes of the payload that comes after the \r\n (the payload exists only on commands that contain payload like GCF, MSG and others..
* payload is the content of the command and can be anything that the command wants to send us.

Lets stop talking and get some action, lets send our first command to the server.
To make this post an introduction, I will just use netcat, the next post will teach you about sockets on python (they are a wrapper over C sockets so it's easy to follow for programmers of other languages).

open a terminal and write

$ netcat messenger.hotmail.com 1863[enter]

you will see a new line and nothing more, that means that you are connected to the server, now write:

VER 1 MSNP13 CVR0[enter]

then you will get:

VER 1 MSNP13 CVR0

(the last key is a zero)

what does it mean? that is the first message to the server and its response, the command is an introduction and says to the server something like "Hi i want to start a session, I speak the version 13 of the protocol (MSNP13)", then the server response is the same, that means that he speak that version, so we can continue.

you can send more than one version and he will return the version he prefers, we will just use the version 13 of the protocol, but here is an example of multiple versions:

lets send him 3 versions

mariano@mousehouse:~$ netcat messenger.hotmail.com 1863
VER 1 MSNP13 MSNP14 MSNP15 CVR0
VER 1 MSNP15 MSNP14 MSNP13 CVR0

seems that he prefers MSNP15 :D

lets see where are the MSN guys going

mariano@mousehouse:~$ netcat messenger.hotmail.com 1863
VER 1 MSNP13 MSNP14 MSNP15 MSNP16 MSNP17 CVR0
VER 1 MSNP17 MSNP16 MSNP15 MSNP14 MSNP13 CVR0

MSNP17?!? :D

even further...

mariano@mousehouse:~$ netcat messenger.hotmail.com 1863
VER 1 MSNP13 MSNP14 MSNP15 MSNP16 MSNP17 MSNP18 CVR0
VER 1 MSNP17 MSNP16 MSNP15 MSNP14 MSNP13 CVR0

nope, just MSNP17

just for you to see some more commands I will send some extra commands that will be explained later when we start a session using a programming language.

connect again with the server and send some commands

mariano@mousehouse:~$ netcat messenger.hotmail.com 1863
VER 1 MSNP13 CVR0
VER 1 MSNP13 CVR0
CVR 2 0x0c0a winnt 5.1 i386 MSNMSGR 8.0.0792 msmsgs xmxsxn@hotmail.com
CVR 2 8.1.0178 8.1.0178 8.1.0178 http://msgruser.dlservice.microsoft.com/download/5/6/4/5646481F-33EF-4B08-AF00-4904F7677B89/ES/Install_WLMessenger.exe http://get.live.com/es
USR 3 TWN I xmxsxn@hotmail.com
XFR 3 NS 207.46.110.94:1863 U D

lets see this by command

>>> are messages being sent
<<< are messages being received

>>> VER 1 MSNP13 CVR0
<<< VER 1 MSNP13 CVR0

VER is the same as before

>>> CVR 2 0x0c0a winnt 5.1 i386 MSNMSGR 8.0.0792 msmsgs xmxsxn@hotmail.com
<<< CVR 2 8.1.0178 8.1.0178 8.1.0178 http://msgruser.dlservice.microsoft.com/download/5/6/4/5646481F-33EF-4B08-AF00-4904F7677B89/ES/Install_WLMessenger.exe http://get.live.com/es

with the CVR command we send our version information to the server:

* 0x0c0a is a set of flags that indicate our capabilities, I will explain that later, with that flags you can keep coding without problem.
* "winnt i386" is our operating system :D
* 8.0.0792 is our client version ;)
* and the last one is the account we are trying to log in (that account is my test account)

we receive a response that is not really usefull, then we present ourselves, and get a response and we get disconnected (we get the shell again)

>>> USR 3 TWN I xmxsxn@hotmail.com
<<< XFR 3 NS 207.46.110.94:1863 U D

XFR is the transfer command, and means that the server wants us to connect to the server located at 207.46.110.94:1863

so we start netcat again pointing at that server, and do it all over again

mariano@mousehouse:~$ netcat 207.46.110.94 1863
VER 1 MSNP13 CVR0
VER 1 MSNP13 CVR0
CVR 2 0x0c0a winnt 5.1 i386 MSNMSGR 8.0.0792 msmsgs xmxsxn@hotmail.com
CVR 2 8.1.0178 8.1.0178 8.1.0178 http://msgruser.dlservice.microsoft.com/download/5/6/4/5646481F-33EF-4B08-AF00-4904F7677B89/ES/Install_WLMessenger.exe http://get.live.com/es
USR 3 TWN I xmxsxn@hotmail.com

until here all is like before but now we don't get a transfer (we can get more than one, but today we are lucky)

then we get
<<< GCF 0 6660

we receive the GCF command, with the payload_size 6660 and next we get 6660 bytes of xml that basically say which words we should filter on our client (nice :P)

<<< GCF 0 6660
[a lot of xml goes here]
<<< USR 3 TWN S ct=1216861501,rver=5.5.4177.0,wp=FS_40SEC_0_COMPACT,lc=1033,id=507,ru=http:%2F%2Fmessenger.msn.com,tw=0,kpp=1,kv=4,ver=2.1.6000.1,rn=1lgjBfIL,tpf=b0735e3a873dfb5e75054465095398e0

the last command will later be used to do the passport authentication.

ok, that's all for today, the next time I will write about how to do it with python code (maybe another language will be used too) wait for the translations on the weekend maybe :P

2 comentarios:

Anónimo dijo...

*which
*language

rodrigolord dijo...

It's a very good tutorial, Mariano! :)

I'm an emesene user and I like it! (I helped to make some translations to pt_BR)

Your tutorial is a big way to guide a simple user and make it a collaborator of the emesene project! :)

I'm anxious waiting for a new post! :)

Thanks!

-- Rodrigo "LORD" B. Tolledo