Hi guysgood news and bad newsgood news is sify customer care has responded after 24 hrs and they lifted the version check on my login ID....So now I can login on the sweet old GNU/Linux client on their website.bad news is I have stopped working on the reverse engg. workHere are the details from my R&D work and other pointers from my side to crack the encryption
😛re Requisites:VMWare for linux ( a trial version is fine )
Windows 98 guest for VMWare on linux host.Sify Client from sify downloaddialer pageethereal packet sniffer for linuxapache server for linuxProcedure:A. I have installed sify client in guest w98 machine and sniffed the traffic frm my linux host and concluded the following sequence:Message #1 is sent to the server, server returns Msg #2 with a sessionID in the reply XML (xml is truncated to make the posting small)Then the client calculates a hash or encrypts the username,password info using the sessionID and posts the msg#3 to the server.Then the server returns a msg#4 welcoming us to the internet.#1 15:59:23.120 202.144.65.70:8090 POST / HTTP/1.0Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, */*Accept-Language: en-usContent-Type:application/x-www-form-urlencodedAccept-Encoding: gzip, deflateConnection: CloseContent-Length:69User-Agent: BBClientHost: 202.144.65.70macaddress=&srcip=192.168.238.128&version=3.22&os=98#2 15:59:23.340 202.144.65.70:8090 HTTP/1.1 200 OKDate: Sun, 14 May 2006 16:22:13 GMTServer: ApacheX-Powered-By: PHP/4.4.0Set-Cookie: PHPSESSID=d50fc5fd8d84775bf51fe224f3349cd0; path=/Expires: Thu, 19 Nov 1981 08:52:00 GMTCache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0Pragma: no-cacheContent-Length: 3973Connection: closeContent-Type: text/html......1147623733.....14-05-2006 21:52:13#3 15:59:53.550 202.144.65.70:8090 POST /bbandclient_v30/validatelogin.php HTTP/1.0Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, */*Accept-Language: en-usContent-Type:application/x-www-form-urlencodedAccept-Encoding: gzip, deflateConnection: CloseContent-Length:290User-Agent: BBClientHost: 202.144.65.70cons=801c11f8976c6f38a78ad51486f9411d801c11f8976c6f38a78ad51486f9411d801c11f8976c6f38a78ad51486f9411d801c11f8976c6f38a78ad51486f9411d801c11f8976c6f38a78ad51486f9411d801c11f8976c6f38a78ad51486f9411d801c11f8976c6f38a78ad51486f9411d801c11f8976c6f38a78ad51486f9411d&macaddress=#4 15:59:54.100 202.144.65.70:8090 HTTP/1.1 200 OKDate: Sun, 14 May 2006 16:22:43 GMTServer: ApacheX-Powered-By: PHP/4.4.0Set-Cookie: PHPSESSID=f2cbf430fa8863498c3eecac843b86b3; path=/Expires: Thu, 19 Nov 1981 08:52:00 GMTCache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0Pragma: no-cacheConnection: closeContent-Type: text/html0Login successfulXXXXXXXxxxxxxxxxx.....B. Logout procedure.Once logged in we should save our session ID to send a logout request as in the following request#1 15:59:02.360 202.144.65.70:8090 POST /bbandclient_v30/logout.php HTTP/1.0Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, */*Accept-Language: en-usContent-Type:application/x-www-form-urlencodedAccept-Encoding: gzip, deflateConnection: CloseContent-Length:117User-Agent: BBClientHost: 202.144.65.70username=&srcip=&macaddress=&version=3.22&sessionid=1147623034#2 15:59:02.410 202.144.65.70:8090 HTTP/1.1 200 OKDate: Sun, 14 May 2006 16:21:52 GMTServer: ApacheX-Powered-By: PHP/4.4.0Set-Cookie: PHPSESSID=3283dfe48e7dacf6199fb9e30660c135; path=/Expires: Thu, 19 Nov 1981 08:52:00 GMTCache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0Pragma: no-cacheConnection: closeContent-Type: text/html130150Logout successfulC. Where to go from here:1. Make a php page that spews out the reply XML with a session ID = 1 and host it in your system2. Add an IP address to your system to match your server IP address and disconnect the LAN cable.3. Make the client in the vmware windows98 to login. record the traffic in ethereal.repeat the experiment with session ID =0 ,2 ,3 ,4 etc....and observe the "cons=a34534bae2342ec....: section and try to figure out what kind of an encryption it could be...My view is that it could be a simple symmetric encryption....Also from the fact that they r using PHP at the server side, most probably they should be using cryptographic / hash function provided in PHP, refer to PHP docs for any clues.It could also be a simple XOR of the sessionID and the credentials.But we should remeber that the crypto/hash function returns a 256 character string.Now It's time to say good bye to the forum as my woes have ended with Sify guys....Please feel free to contact me thru this forum for any extra inputs....