Sify login system for v 3.1

power

supersupersuper...
[OP]
Regulars
Dec 19, 2004
1,349
4
from: http://broadbandforum.in/index.php?showtop...5533;entry38214

i was playing with ehereal and got some info on new login method ..


Code:
POST /bbandclient_v30/validatelogin.php HTTP/1.0Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, */*Accept-Language: en-usContent-Type:application/x-www-form-urlencodedAccept-Encoding: gzip, deflateConnection: CloseContent-Length:306User-Agent: BBClientHost: 202.144.65.70cons=7a8c9dc5a50d9fa6446979bfdcd2cebe750a581c3dcd356608b3b2645646059da611382ffc0667cd8161ee052e04f40f0978fd49ffa57716d2a7247244bb1e65242f42f98bfcb4b56dd791d8db3b9ce2013b0ecbd3bb688a9cd4020a66e8431817711cd031ff5df206f3ff97b9d07fe329ec0b97f1ec796b494fd43ab4172b51bb89c4fd281eb171&macaddress=00-xx-xx-xx-xx-HTTP/1.1 200 OKDate: Tue, 03 Jan 2006 14:26:52 GMTServer: ApacheX-Powered-By: PHP/4.4.0Set-Cookie: PHPSESSID=42ab47b525485e478b695385ec085fae; path=/Expires: Thu, 19 Nov 1981 08:52:00 GMTCache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0Pragma: no-cacheConnection: closeContent-Type: text/html
see this dump i got from putting random user/pass. Mac address is sent seperately in plain text . Ip isnt sent directly . So the encrypted string doesnt contain mac-address so most probably it contains user/pass,session id,ip .Now suppose user/pass is sent in this format then this cannot be a one way hash(md5/sha-1) bcoz if thats so server wont be able to know what the username is as it mostly isnt stored in hash unlike passwords . so i think they are using reversble encryption for this . and as the session id is also not sent seperately so i think sify server isnt checking the whole big string from its database ( like user/pass/ip all encrypted in some one way hash and whole string is verified from database based on mac and ip address received) bcoz session id is randomly sent everytime . Sify server probably decrypts above string and gets user/pass/session id and mac is sent as plain text .


Also on examining bbclient.exe i saw that it uses BBapp.dll from installation folder for decrypt and translation functions do most probably bbappdll.dll creates that string

Bbappdll.dll is compiled in visual c++ 6.0 and bbclient.dll in visual c++ 5.0 as per heuristics of various programs i used and no external packers are used (like upx or some other ) so it will be easy to disassemble ..

if you get any interesting information then post it here . this backroom is not indexed by google
 

power

supersupersuper...
[OP]
Regulars
Dec 19, 2004
1,349
4
dunno why sify server sent back that date :blink: strange
 


Similar threads