Working of Sify BroadBand Client and hidden things

logon2future

Newbie
[OP]
Nov 21, 2004
4
0
Hi,

I am Mahesh, New to this forum :) , i am a web professional (just 19 years:) )
I am from hyderabad, using sify broadband for abt 10months.

The Sify Broad Band Client Actually works on XML.

When you open the broadband client, then first it checks for connectivity for the main sifybroadband url : http://202.144.105.93:81 or any of its mirror links.

When its able to connect to this server url(http://202.144.105.93:81) then it opens, else it gives the error "Error Trouble shooting".

when the username and p@$$word are given, then it checks for the database for verification.

PARAMETERS :

When logged in, the client checks for following parameters. (u can check in ur Programfiles/Sify BroadBand/BBand.ini)

http://202.144.105.93:81/bbandnew/chkremupgrade.php3 - checks updates for new client.

http://myaccount.way2talk.com/voip/remote.php3 - This Shows u the Public IP
(The Public IP of Sify is not static....its keeps changing when ever u login and logout)

ServerIP=202.144.105.93 - The server name is SAM. (The backbone of sify)

Port=6776 - Port which it connects

Frequency=5 - Frequency of connection.

...and another important parameter

FLAG - Flag has two options, Y and N

FLAG=Y is default and it denotes tht the user has logout option enabled.

FLAG=N denotes tht user has logout option disabled
(You can call SIFY CTO and disable this logout option)

debug.log - This is the important file which keeps tracks of all our sify login and logout and other informations...(Keep deleting this file when u do anything illegal works with sify, coz sifyCTO can get this file easily, This file also has ur MAC ADDRESS OF THE PC )...

The Last thing i could say is, SIFY USER ADMINISTRATION is very very easily to crack...thanks to the man who made it :D

I am trying to do my own client for sifybroadband users....will post the info on it soon :)
 

inetbum

Regulars
Regulars
Oct 30, 2004
1,039
1
The way everyone has hopped onto making a Sify client is good news.

I think we ought to acknowledge http://www.indiasec.com/papers/pratap/sify.html because I figure all that we know now is because of the excellent work done by the team there. It is only after that URL was brought to our attention that we have come around to know how the Sify client actually works.

Hi Mahesh :). Welcome to the forum.

Here are some corrections to the things you have observed about the Sify client.

When you open the broadband client, then first it checks for connectivity for the main sifybroadband url : http://202.144.105.93:81 or any of its mirror links.
[/b]

When you open the client it first actually contacts the SAM Control Server on port 8090, which in my case is 202.144.65.70:8090, to get an XML document containing a SessionID and other important URLs like http://202.144.105.93:81/bbandnew/chkremupgrade.php3.


ServerIP=202.144.105.93 - The server name is SAM. (The backbone of sify)[/b]

There are 2 SAM servers. One is the SAM Control Server from which the client gets some critical data necessary to log in. Another is the SAM Authentication server where the client actually logs in. Both servers are the two main servers of Sify using different IPs and different connection ports viz 8090 for SAM CS and 81 for SAM Authentication Server


Port=6776 - Port which it connects

Frequency=5 - Frequency of connection.

...and another important parameter[/b]

The port 6776 is the port on the Heartbeat server to which the Heartbeat program connects to periodically, apparently after 5 units of time as shown by the somewhat erroneously named Frequency=5 parameter. This periodic connection is to determine whether we are online or not.
 

Sushubh

Administrator
Oct 29, 2004
419,692
13,074
Gurugram
We already had a post explianing how to hack sify accounts. I had to remove it. If you want to discuss it, use PM please. :) Reverse Engineered clients are ok. But please no hacking accounts here please.
 


guru

Newbie
Regulars
Oct 23, 2004
84
0
nice info mates.But the clients sometimes logs me off automatically or stops responding. Seems that sify servers are too busy to serve it's users
 

inetbum

Regulars
Regulars
Oct 30, 2004
1,039
1
debug.log - This is the important file which keeps tracks of all our sify login and logout and other informations...(Keep deleting this file when u do anything illegal works with sify, coz sifyCTO can get this file easily, This file also has ur MAC ADDRESS OF THE PC )...[/b]

My debug.log file lists my MAC address as 00-00-00-00-00 :lol:
 

inetbum

Regulars
Regulars
Oct 30, 2004
1,039
1
Oh, don't worry, Sify gets our MAC address alright :p . Perhaps the 00-00-00-00-00 thing is some sort of encryption.

I think what logon2future was talking about was this 11] Conclusion
--------------
We have seen the complete @n@1ysis of a given client binary and its protocol. This paper shows some of the power of a proper reverse engineering team. Also programmers must take more measures if they need to keep their program and protocols closed source.[/b]
-- from http://www.indiasec.com/papers/pratap/sify.html

I don't know how much effort Mr. Pratap from the site put into cracking open the client. But I am willing to bet it was hard work in that the result is so amazing :)
 


surjeett

Regular
Regulars
Nov 2, 2004
259
0
Oh! i thought these things wasnt hidden....silly me :-D*wonders how many ppl dont really travel to their program files folder *
 

cweihrauch

Newbie
Oct 22, 2004
19
0
Regarding the MAC 00-00....-00. That seems to be a sify bug under windows...i found some very interesting log files in C:\Program Files\Sify Broadband - SifyBBand_HBS.txt mainly - but some more text files.
 

fullyaddicted

Regular
Regulars
Oct 18, 2004
104
0
Originally posted by cweihrauch@Nov 26 2004, 04:54 AM
Regarding the MAC 00-00....-00. That seems to be a sify bug under windows...
i found some very interesting log files in C:\Program Files\Sify Broadband - SifyBBand_HBS.txt mainly - but some more text files.
[snapback]2416[/snapback]
[/quote]

i dont think its a bug. i thing they don't want your mac address on windows system.
you only send your mac address on linux system.
in linux system the clines send the packed like this :

username=XXXX&p@$$word=yyyy&srcip=10.23.56.78&macaddress=00 A1 B0 09 69 45 &version=1.0&sessionid=110096618110.23.45.67

on windows system:
username=XXXXX&p@$$word=yyyy&srcip=10.23.45.67&macaddress=&version=2.51&sessionid=110096618110.23.45.67

see the difference
 

cweihrauch

Newbie
Oct 22, 2004
19
0
Originally posted by fullyaddicted@Nov 26 2004, 05:57 AM
username=XXXX&p@$$word=yyyy&srcip=10.23.56.78&macaddress=00 A1 B0 09 69 45 &version=1.0&sessionid=110096618110.23.45.67

on windows system:
username=XXXXX&p@$$word=yyyy&srcip=10.23.45.67&macaddress=&version=2.51&sessionid=110096618110.23.45.67


I'm not so sure :
- if they didn't want it, why would they add a variable called macaddress they actualy leave empty ?
- Take a look at the log file if you're running windows.
Here are a few lines of mine :

Time = 01-01-2000 07:35:01 202.144.74.180
Time = 01-01-2000 07:35:01 6776
Time = 01-01-2000 07:35:01 Unable to obtain Macaddress
Time = 01-01-2000 07:35:01 Inside update
Time = 01-01-2000 07:35:01 00-00-00-00-00-00, IP, USERNAME

[I removed my IP and USERNAME for privacy reasons - as for the wrong times, I have a faulty clock on this board.]

The funny thing is that the "testing" program actually detects my mac all right ...

coriolan