from: https://broadband.forum/index.php?showtop...5533;entry38214
i was playing with ehereal and got some info on new login method ..
see this dump i got from putting random user/pass. Mac address is sent seperately in plain text . Ip isnt sent directly . So the encrypted string doesnt contain mac-address so most probably it contains user/pass,session id,ip .Now suppose user/pass is sent in this format then this cannot be a one way hash(md5/sha-1) bcoz if thats so server wont be able to know what the username is as it mostly isnt stored in hash unlike passwords . so i think they are using reversble encryption for this . and as the session id is also not sent seperately so i think sify server isnt checking the whole big string from its database ( like user/pass/ip all encrypted in some one way hash and whole string is verified from database based on mac and ip address received) bcoz session id is randomly sent everytime . Sify server probably decrypts above string and gets user/pass/session id and mac is sent as plain text .
Also on examining bbclient.exe i saw that it uses BBapp.dll from installation folder for decrypt and translation functions do most probably bbappdll.dll creates that string
Bbappdll.dll is compiled in visual c++ 6.0 and bbclient.dll in visual c++ 5.0 as per heuristics of various programs i used and no external packers are used (like upx or some other ) so it will be easy to disassemble ..
if you get any interesting information then post it here . this backroom is not indexed by google
i was playing with ehereal and got some info on new login method ..
Code:
POST /bbandclient_v30/validatelogin.php HTTP/1.0Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, */*Accept-Language: en-usContent-Type:application/x-www-form-urlencodedAccept-Encoding: gzip, deflateConnection: CloseContent-Length:306User-Agent: BBClientHost: 202.144.65.70cons=7a8c9dc5a50d9fa6446979bfdcd2cebe750a581c3dcd356608b3b2645646059da611382ffc0667cd8161ee052e04f40f0978fd49ffa57716d2a7247244bb1e65242f42f98bfcb4b56dd791d8db3b9ce2013b0ecbd3bb688a9cd4020a66e8431817711cd031ff5df206f3ff97b9d07fe329ec0b97f1ec796b494fd43ab4172b51bb89c4fd281eb171&macaddress=00-xx-xx-xx-xx-HTTP/1.1 200 OKDate: Tue, 03 Jan 2006 14:26:52 GMTServer: ApacheX-Powered-By: PHP/4.4.0Set-Cookie: PHPSESSID=42ab47b525485e478b695385ec085fae; path=/Expires: Thu, 19 Nov 1981 08:52:00 GMTCache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0Pragma: no-cacheConnection: closeContent-Type: text/htmlAlso on examining bbclient.exe i saw that it uses BBapp.dll from installation folder for decrypt and translation functions do most probably bbappdll.dll creates that string
Bbappdll.dll is compiled in visual c++ 6.0 and bbclient.dll in visual c++ 5.0 as per heuristics of various programs i used and no external packers are used (like upx or some other ) so it will be easy to disassemble ..
if you get any interesting information then post it here . this backroom is not indexed by google