[mICQ] [patch] ICQ md5 login support

Robert Bartel r.bartel at gmx.net
Fri Apr 13 19:46:59 CEST 2007 

Hello,

I recently read in this list that md5 login is not supported in micq and the
password is sent (almost) cleartext over the net. So everybody intercepting
the login traffic can reveal the password!

On http://iserverd.khstu.ru/oscar/login.html I found a description of the md5
login method and wrote a patch for the current cvs version of micq. It
replaces the old login method and uses openssl for md5.

It's not complete (no further error checking, internationalization and gnutls
support, password must be set in rcfile). But for me it seems to work (logged
in some times, no extensive testing).

So maybe it could be integrated into the cvs code base after cleanups and
more tests (especially on other accounts).
-------------- next part --------------
diff -u -r -d micq/include/oscar_base.h micq-new/include/oscar_base.h
--- micq/include/oscar_base.h	2006-10-09 07:26:40.000000000 +0200
+++ micq-new/include/oscar_base.h	2007-04-11 13:21:24.000000000 +0200
@@ -16,6 +16,7 @@
 void FlapCliCookie (Connection *serv, const char *cookie, UWORD len);
 void FlapCliGoodbye (Connection *serv);
 void FlapCliKeepalive (Connection *serv);
+void FlapChannel4 (Connection *conn, Packet *pak);
 
 void SrvCallBackFlap (Event *event);
 
diff -u -r -d micq/include/oscar_register.h micq-new/include/oscar_register.h
--- micq/include/oscar_register.h	2003-10-11 04:44:03.000000000 +0200
+++ micq-new/include/oscar_register.h	2007-04-11 10:01:18.000000000 +0200
@@ -2,8 +2,11 @@
 #ifndef MICQ_OSCAR_REGISTER_H
 #define MICQ_OSCAR_REGISTER_H
 
-jump_snac_f SnacSrvReplylocation, SnacSrvRegrefused, SnacSrvNewuin;
+jump_snac_f SnacSrvReplylocation, SnacSrvRegrefused, SnacSrvNewuin,
+    SnacSrvReplylogin, SnacSrvLoginkey;
 
 void SnacCliRegisteruser (Connection *serv);
+void SnacCliMd5login (Connection *serv);
+void SnacCliReqlogin (Connection *serv);
 
 #endif
diff -u -r -d micq/src/file_util.c micq-new/src/file_util.c
--- micq/src/file_util.c	2007-04-10 21:59:18.000000000 +0200
+++ micq-new/src/file_util.c	2007-04-11 13:08:29.000000000 +0200
@@ -60,7 +60,7 @@
 
 Connection *PrefNewConnection (UDWORD servertype, const char *user, const char *passwd)
 {
-    Connection *conn;
+    Connection *conn = NULL;
     Contact *cont;
     
     if (servertype == TYPE_SERVER)
diff -u -r -d micq/src/oscar_base.c micq-new/src/oscar_base.c
--- micq/src/oscar_base.c	2006-12-14 11:47:06.000000000 +0100
+++ micq-new/src/oscar_base.c	2007-04-11 17:43:22.000000000 +0200
@@ -52,7 +52,7 @@
 #include "tcp.h"
 
 static void FlapChannel1 (Connection *conn, Packet *pak);
-static void FlapChannel4 (Connection *conn, Packet *pak);
+/*static void FlapChannel4 (Connection *conn, Packet *pak);*/
 
 void SrvCallBackFlap (Event *event)
 {
@@ -134,15 +134,18 @@
                 TLVD (tlv);
                 tlv = NULL;
             }
-            else
-                FlapCliIdent (conn);
+            else { /* TODO: old method as fallback/configurable? */
+                /*FlapCliIdent (conn);*/
+                FlapCliHello (conn);
+                SnacCliReqlogin (conn);
+            }
             break;
         default:
             rl_printf (i18n (1883, "FLAP channel 1 unknown command %d.\n"), i);
     }
 }
 
-static void FlapChannel4 (Connection *conn, Packet *pak)
+void FlapChannel4 (Connection *conn, Packet *pak)
 {
     TLV *tlv;
     
diff -u -r -d micq/src/oscar_register.c micq-new/src/oscar_register.c
--- micq/src/oscar_register.c	2006-11-29 22:16:04.000000000 +0100
+++ micq-new/src/oscar_register.c	2007-04-11 17:39:22.000000000 +0200
@@ -40,6 +40,7 @@
 #include "connection.h"
 #include "conv.h"
 #include "file_util.h"
+#include <openssl/md5.h>
 
 /*
  * SRV_REGREFUSED - SNAC(17,1)
@@ -63,6 +64,54 @@
 }
 
 /*
+ * CLI_MD5LOGIN - SNAC(17,2)
+ */
+void SnacCliMd5login (Connection *serv, str_t key)
+{   /* TODO: password query if not set; make md5 openssl independent; SSI flag? */
+    Packet *pak;
+    MD5_CTX ctx;
+    unsigned char hash[MD5_DIGEST_LENGTH];
+
+    /* compute md5 hash */
+#define AIM_MD5_STRING "AOL Instant Messenger (SM)"
+    MD5_Init (&ctx);
+    MD5_Update (&ctx, key->txt, key->len);
+    MD5_Update (&ctx, serv->passwd, strlen(serv->passwd));
+    MD5_Update (&ctx, AIM_MD5_STRING, strlen(AIM_MD5_STRING));
+    MD5_Final (hash, &ctx);
+
+    /* send packet */
+    pak = SnacC (serv, 23, 2, 0, 0);
+    PacketWriteTLVStr  (pak, 1, serv->screen);
+    PacketWriteTLVStr  (pak, 3, "ICQ Inc. - Product of ICQ (TM).2003b.5.37.1.3728.85");
+    PacketWriteTLVData (pak, 0x25, (const char *)hash, MD5_DIGEST_LENGTH);
+    PacketWriteTLV2    (pak, 22, 266);
+    PacketWriteTLV2    (pak, 23, FLAP_VER_MAJOR);
+    PacketWriteTLV2    (pak, 24, FLAP_VER_MINOR);
+    PacketWriteTLV2    (pak, 25, FLAP_VER_LESSER);
+    PacketWriteTLV2    (pak, 26, FLAP_VER_BUILD);
+    PacketWriteTLV4    (pak, 20, FLAP_VER_SUBBUILD);
+    PacketWriteTLVStr  (pak, 15, "de");  /* en */
+    PacketWriteTLVStr  (pak, 14, "DE");  /* en */
+    /* SSI use flag: 1 - only SSI, 0 - family 3 snacs? */
+    PacketWriteTLV (pak, 0x4A);
+    PacketWrite1 (pak, 0);
+    PacketWriteTLVDone (pak);
+    SnacSend(serv, pak);
+}
+
+/*
+ * SRV_REPLYLOGIN - SNAC(17,3)
+ */
+JUMP_SNAC_F(SnacSrvReplylogin)
+{
+    Connection *serv = event->conn;
+
+    /* delegate to old login method */
+    FlapChannel4 (serv, event->pak);
+}
+
+/*
  * CLI_REGISTERUSER - SNAC(17,4)
  */
 #define _REG_X1 0x28000300
@@ -137,3 +186,41 @@
     else
         rl_print (i18n (2518, "You need to 'save' to write your new UIN to disc.\n"));
 }
+
+/*
+ * CLI_REQLOGIN - SNAC(17,6)
+ */
+void SnacCliReqlogin (Connection *serv)
+{
+    Packet *pak;
+
+    pak = SnacC (serv, 23, 6, 0, 0);
+    PacketWriteTLVStr (pak, 1, serv->screen);
+    PacketWriteTLV (pak, 0x4B); /* unknown */
+    PacketWriteTLVDone (pak);
+    PacketWriteTLV (pak, 0x5A); /* unknown */
+    PacketWriteTLVDone (pak);
+    SnacSend (serv, pak);
+}
+
+/*
+ * SRV_SRV_LOGINKEY - SNAC(17,7)
+ */
+JUMP_SNAC_F(SnacSrvLoginkey)
+{
+    Connection *serv = event->conn;
+    UWORD len;
+    struct str_s key = {NULL, 0, 0};
+
+    len = PacketReadAtB2 (event->pak, 6 + 10);
+    PacketReadAtData (event->pak, 6 + 10 + 2, &key, len);
+    if (key.max < len) {
+        s_done (&key);
+        rl_print ("Auth key read failure - aborting login!\n");
+        return;
+    } else key.len = len;
+
+    SnacCliMd5login (serv, &key);
+
+    s_done(&key);
+}
diff -u -r -d micq/src/oscar_snac.c micq-new/src/oscar_snac.c
--- micq/src/oscar_snac.c	2006-10-09 07:26:42.000000000 +0200
+++ micq-new/src/oscar_snac.c	2007-04-11 13:11:15.000000000 +0200
@@ -88,7 +88,9 @@
     { 21,  1, "SRV_TOICQERR",        SnacSrvToicqerr},
     { 21,  3, "SRV_FROMICQSRV",      SnacSrvFromicqsrv},
     { 23,  1, "SRV_REGREFUSED",      SnacSrvRegrefused},
+    { 23,  3, "SRV_REPLYLOGIN",      SnacSrvReplylogin},
     { 23,  5, "SRV_NEWUIN",          SnacSrvNewuin},
+    { 23,  7, "SRV_LOGINKEY",        SnacSrvLoginkey},
     {  1,  2, "CLI_READY",           NULL},
     {  1,  6, "CLI_RATESREQUEST",    NULL},
     {  1,  8, "CLI_ACKRATES",        NULL},
@@ -123,7 +125,9 @@
     { 19, 24, "CLI_REQAUTH",         NULL},
     { 19, 26, "CLI_AUTHORIZE",       NULL},
     { 21,  2, "CLI_TOICQSRV",        NULL},
+    { 23,  2, "CLI_MD5LOGIN",        NULL},
     { 23,  4, "CLI_REGISTERUSER",    NULL},
+    { 23,  6, "CLI_REQLOGIN",        NULL},
     {  0,  0, "unknown",             NULL}
 };

More information about the mICQ-List mailing list