Working of Sify BroadBand Client and hidden things

L

logon2future

Newbie
Messages
4
Location
NA
Hi,

I am Mahesh, New to this forum 🙂 , i am a web professional (just 19 years🙂 )
I am from hyderabad, using sify broadband for abt 10months.

The Sify Broad Band Client Actually works on XML.

When you open the broadband client, then first it checks for connectivity for the main sifybroadband url : http://202.144.105.93:81 or any of its mirror links.

When its able to connect to this server url(http://202.144.105.93:81) then it opens, else it gives the error "Error Trouble shooting".

when the username and p@$$word are given, then it checks for the database for verification.

PARAMETERS :

When logged in, the client checks for following parameters. (u can check in ur Programfiles/Sify BroadBand/BBand.ini)

http://202.144.105.93:81/bbandnew/chkremupgrade.php3 - checks updates for new client.

http://myaccount.way2talk.com/voip/remote.php3 - This Shows u the Public IP
(The Public IP of Sify is not static....its keeps changing when ever u login and logout)

ServerIP=202.144.105.93 - The server name is SAM. (The backbone of sify)

Port=6776 - Port which it connects

Frequency=5 - Frequency of connection.

...and another important parameter

FLAG - Flag has two options, Y and N

FLAG=Y is default and it denotes tht the user has logout option enabled.

FLAG=N denotes tht user has logout option disabled
(You can call SIFY CTO and disable this logout option)

debug.log - This is the important file which keeps tracks of all our sify login and logout and other informations...(Keep deleting this file when u do anything illegal works with sify, coz sifyCTO can get this file easily, This file also has ur MAC ADDRESS OF THE PC )...

The Last thing i could say is, SIFY USER ADMINISTRATION is very very easily to crack...thanks to the man who made it 😀

I am trying to do my own client for sifybroadband users....will post the info on it soon 🙂
 
The way everyone has hopped onto making a Sify client is good news.

I think we ought to acknowledge http://www.indiasec.com/papers/pratap/sify.html because I figure all that we know now is because of the excellent work done by the team there. It is only after that URL was brought to our attention that we have come around to know how the Sify client actually works.

Hi Mahesh 🙂. Welcome to the forum.

Here are some corrections to the things you have observed about the Sify client.

When you open the broadband client, then first it checks for connectivity for the main sifybroadband url : http://202.144.105.93:81 or any of its mirror links.
[/b]

When you open the client it first actually contacts the SAM Control Server on port 8090, which in my case is 202.144.65.70:8090, to get an XML document containing a SessionID and other important URLs like http://202.144.105.93:81/bbandnew/chkremupgrade.php3.


ServerIP=202.144.105.93 - The server name is SAM. (The backbone of sify)[/b]

There are 2 SAM servers. One is the SAM Control Server from which the client gets some critical data necessary to log in. Another is the SAM Authentication server where the client actually logs in. Both servers are the two main servers of Sify using different IPs and different connection ports viz 8090 for SAM CS and 81 for SAM Authentication Server


Port=6776 - Port which it connects

Frequency=5 - Frequency of connection.

...and another important parameter[/b]

The port 6776 is the port on the Heartbeat server to which the Heartbeat program connects to periodically, apparently after 5 units of time as shown by the somewhat erroneously named Frequency=5 parameter. This periodic connection is to determine whether we are online or not.
 
We already had a post explianing how to hack sify accounts. I had to remove it. If you want to discuss it, use PM please. 🙂 Reverse Engineered clients are ok. But please no hacking accounts here please.
 
nice info mates.But the clients sometimes logs me off automatically or stops responding. Seems that sify servers are too busy to serve it's users
 
debug.log - This is the important file which keeps tracks of all our sify login and logout and other informations...(Keep deleting this file when u do anything illegal works with sify, coz sifyCTO can get this file easily, This file also has ur MAC ADDRESS OF THE PC )...[/b]

My debug.log file lists my MAC address as 00-00-00-00-00 :lol:
 
Oh, don't worry, Sify gets our MAC address alright 😛 . Perhaps the 00-00-00-00-00 thing is some sort of encryption.

I think what logon2future was talking about was this 11] Conclusion
--------------
We have seen the complete @n@1ysis of a given client binary and its protocol. This paper shows some of the power of a proper reverse engineering team. Also programmers must take more measures if they need to keep their program and protocols closed source.[/b]
-- from http://www.indiasec.com/papers/pratap/sify.html

I don't know how much effort Mr. Pratap from the site put into cracking open the client. But I am willing to bet it was hard work in that the result is so amazing 🙂
 

Oh! i thought these things wasnt hidden....silly me :-D*wonders how many ppl dont really travel to their program files folder *
 
Regarding the MAC 00-00....-00. That seems to be a sify bug under windows...i found some very interesting log files in C:\Program Files\Sify Broadband - SifyBBand_HBS.txt mainly - but some more text files.
 
Originally posted by cweihrauch@Nov 26 2004, 04:54 AM
Regarding the MAC 00-00....-00. That seems to be a sify bug under windows...
i found some very interesting log files in C:\Program Files\Sify Broadband - SifyBBand_HBS.txt mainly - but some more text files.
[snapback]2416[/snapback]
Click to expand...
[/quote]

i dont think its a bug. i thing they don't want your mac address on windows system.
you only send your mac address on linux system.
in linux system the clines send the packed like this :

username=XXXX&p@$$word=yyyy&srcip=10.23.56.78&macaddress=00 A1 B0 09 69 45 &version=1.0&sessionid=110096618110.23.45.67

on windows system:
username=XXXXX&p@$$word=yyyy&srcip=10.23.45.67&macaddress=&version=2.51&sessionid=110096618110.23.45.67

see the difference
 
Originally posted by fullyaddicted@Nov 26 2004, 05:57 AM
username=XXXX&p@$$word=yyyy&srcip=10.23.56.78&macaddress=00 A1 B0 09 69 45 &version=1.0&sessionid=110096618110.23.45.67

on windows system:
username=XXXXX&p@$$word=yyyy&srcip=10.23.45.67&macaddress=&version=2.51&sessionid=110096618110.23.45.67


I'm not so sure :
- if they didn't want it, why would they add a variable called macaddress they actualy leave empty ?
- Take a look at the log file if you're running windows.
Here are a few lines of mine :

Time = 01-01-2000 07:35:01 202.144.74.180
Time = 01-01-2000 07:35:01 6776
Time = 01-01-2000 07:35:01 Unable to obtain Macaddress
Time = 01-01-2000 07:35:01 Inside update
Time = 01-01-2000 07:35:01 00-00-00-00-00-00, IP, USERNAME

[I removed my IP and USERNAME for privacy reasons - as for the wrong times, I have a faulty clock on this board.]

The funny thing is that the "testing" program actually detects my mac all right ...

coriolan
 
i dont know why they would want to get the mac address... the user id is powered to be run from anywhere in india...
 
i thing they don't want your mac address on windows system.
you only send your mac address on linux system.
in linux system the clines send the packed like this :

username=XXXX&p@$$word=yyyy&srcip=10.23.56.78&macaddress=00 A1 B0 09 69 45 &version=1.0&sessionid=110096618110.23.45.67

on windows system:
username=XXXXX&p@$$word=yyyy&srcip=10.23.45.67&macaddress=&version=2.51&sessionid=110096618110.23.45.67

see the difference[/b]
--fullyaddicted

I am sure they want our macaddress and it is sent also along with our internal ip address inorder for us to log in. I say this because I have tried authenticating myself to Sify directly (without using any client) using telnet. And it worked only when the information was included in the manner shown for linux, with the only correction being that the macaddress is written with a hyphen between the number pairs i.e. like for eg. 00-A1-B0-09-69-45. I think the author of the Reverse Engineering paper probably made a minor error in that but it's corrected by referring to the official client logs.

Now even though I telnetted under linux, there's no reason it wouldn't work under Windows because this is just a communication protocol we are implementing independent of the operating system. Ofcourse it could be that in Windows the macaddress is p@$$ed on before all the other information is p@$$ed, or maybe it's just not shown in the logs. Check out this portion of my log:-

November 26, 2004 14 24 37 Getting machine details
November 26, 2004 14 24 37 00-00-00-00-00
November 26, 2004 14 24 37 DUMMYIP

See the parameter DUMMYIP. Maybe the macaddress is dummy too lol, dunno.
 
My logfile in windows lists the MAC address correctly, see this -

November 26, 2004 08 01 14  Reading from registry InitXML
November 26, 2004 08 01 14  Getting machine details
November 26, 2004 08 01 18  00-60-6e-3e-0c-08
[/b]

Now the very first line refers to InitXML, which in the registry holds the value http://202.144.65.70:8090/ whereas my SAM server IP is 202.144.58.38

:/
 
Ujjwal looks like it showed your MAC address correctly lol. It seems to work for some and doesn't work for others.The registry entry InitXML refers to the IP address of the SAM Control Server from which the Sify client gets the various URLs like the login URL, logout url, and the most important detail, the session id. It's the very first IP address that the Sify client connects to when we start it, even before we enter our username and p@$$word and press the Submit button. After we press the Submit button the second server that is contacted is the SAM Authentication Server where we are authenticated and logged on 🙂
 

Top