The past MSN Messenger version (MSNP8 or less), simply authenticated user identity using the Hash algorithm of MD5. MSNP9 / MSNP10 uses a TWN (Twener) authentication method, connected to login.passport.com and loginnet.passport.com and Loginnet.passport.com and other servers, enters account and password by means of the HTTP protocol. A coupon.
The true identity authentication occurs between the client and the notification server (NS). When the client logs in NS, the version information is first exchanged. Both parties support MSNP8 or above to perform an authentication process. If the client version is low, TWN is not supported, then the landing failed.
In the example below, the account is "stodtleo@msn.com", the password is "password". Ver 4 MSNP10 MSNP9 CVR0 / R / N
VER 4 MSNP9 CVR0 / R / N
CVR 5 0x0804 Winnt 5.0 i386 MSNMSGR 6.1.0203 MSMSGS
stdotleo@msn.com / r / n
CVR 5 6.0.0602 6.0.0602 5.0.0527 http://download.com.microsoft.com/download/d/4/f/d4f560d5-6dc6-4901-b149-a568415561d7/setupnt.exe http: //messenger.msn. COM / CN / R / N
USR 6 TWN I
stdotleo@msn.com / r / n
USR 6 TWN SLC = 1033, ID = 507, TW = 40, FS = 1, Ru = HTTP% 3A% 2F% 2FMessenger% 2EMSN% 2 ECOM, CT = 1073355862, KPP = 1, KV = 5, VER = 2.1.0173.1 , TPF = ED1C2F217A21C191C61251EB8B73BB60 / R / N
(At this time, identity authentication is performed by SSL, get "admission ticket")
USR 7 TWN S t = 4m1wWfEupDgUNb53qys5gJdw8OTJEtT82fcuDbS3U672gTymOOs6cgKeafj7WjgZNcufAQggxqHRRXko02DoflZA $$ & p = 4QXNnX9rFDDgki9ZqvqPZGDGJa2Mrd5H13Zfl0NNjh4I78qPyfpzmkZPZEe0nxJTkzZSNDYtk! 57cVqiYVfO86KgCRYWhi2kudS0M! 7bdi82EDA1FYp3WboHD! SCQ17OZh7lPQI7fozrgsSMZwgSzRi2FNTPxf13oDNIfDCKCG! 2guDvZKEpk78A $$ / r / n
USR 7 OK
stdotleo@msn.com
stdotleo@msn.com 1 0 / r / n
(TRID = 4), the two parties negotiated the MSN version number. The client says "I can support MSNP9 and MSNP10", NS say "line, on MSNP9".
(Trid = 5), the client reports this unit: OS = Windows 2000 (NT 5.0), Language = Simplified Chinese, MSN Messenger version = 6.1.0203, account = stdotleo@msn.com. Ns gives the recommended version number, the oldest version number, the new version of the download, the official website address, etc.
(TRID = 6), the client requires identity authentication (i = initial), and NS gives a long string information required (S = Subsequent). The TPF is equivalent to Challenge, participating in the Hash operation, ensures that the strings returned each time the check is different. (Trid = 7), the client is displayed from the "Admission" and NS release (OK) from the authentication server.
(Trid = 6) and (Trid = 7), the authentication process through the SSL is as follows:
First send a GET request to login.passport.com to login.passport.com in HTTPS port 443, send the account, password, and a long string information given by Ns, Get / Login 2.SRF HTTP / 1.1 / R / N
Authorization: Passport1.4 OrgverB = GET, Orgurl = HTTP% 3A% 2F% 2FMessenger% 2EMSN% 2 ECOM, SIGN-IN = EXAMPLE% 40Passport.com, PWD = Password, LC = 1033, ID = 507, TW = 40, FS = 1, Ru = http% 3A% 2F% 2FMessenger% 2EMSN% 2ECOM, CT = 1073355862, KPP = 1, kV = 5, VER = 2.1.0173.1, TPF = ED1C2F217A21C191C61251EB8B73BB60 / R / N
Host: login.passport.com / r / n / r / n
Depending on the situation, it is redirected to different URLs. In this example, redirection is redirected to "https://loginnet.passport.com/login2.srf?lc=1033", server response http / 1.1 302 Found / R / N Server: Microsoft-IIS / 5.0 / R / N
Date: MON, 22 DEC 2003 21:10:05 GMT / R / N
PPServer: H: LAWPPLOG5C006 / R / N
Connection: Close / R / N
Content-Type: Text / HTML / R / N
EXPIRES: MON, 22 JUN 2003 21:09:05 GMT / R / N
Cache-Control: no-cache / r / n
CacheControl: No-store / r / n pragma: no-cache / r / n
P3P: CP = "DSP Cur OTPI IND OTRI ONL FIN" / R / N
Authentication-info: Passport1.4 da-status = redir / r / n
Location: https://loginnet.passport.com/login2.srf?lc=1033 / r / n
/ r / n ... ...
Then, re-issue a request to get the following response
HTTP / 1.1 200 OK / R / N Server: Microsoft-IIS / 5.0 / R / N Date: MON, 22 DEC 2003 21:10:07 GMT / R / N PPServer: H: Lawppiis6B061 / R / N Connection: Close / R / N Content-Type: TEXT / HTML / R / Nexpires: Mon, 22 Dec 2003 21:09:07 GMT / R / NCACHE-Control: No-Cache / R / N Cachecontrol: No-Store / R / N Pragma : NO-Cache / R / N P3P: CP = "DSP Cur OTPI IND OTRI ONL FIN" / R / Nset-cookie: ... / r / n Authentication-Info: Passport1.4 Da-Status = Success , tname = MSPAuth, tname = MSPProf, tname = MSPSec, from-PP = 't = 4m1wWfEupDgUNb53qys5gJdw8OTJEtT82fcuDbS3U672gTymOOs6cgKeafj7WjgZNcufAQggxqHRRXko02DoflZA $$ & p = 4QXNnX9rFDDgki9ZqvqPZGDGJa2Mrd5H13Zfl0NNjh4I78qPyfpzmkZPZEe0nxJTkzZSNDYtk 57cVqiYVfO86KgCRYWhi2kudS0M 7bdi82EDA1FYp3WboHD sCQ17OZh7lPQI7fozrgsSMZwgSzRi2FNTPxf13oDNIfDCKCG 2guDvZKEpk78A $$!!!!', ru = http: //messenger.msn.com / R / N Content-Length: 0 / R / N / R / N directly issues the correct request to loginnet.passport.com, is also possible. It is not difficult to see that in the returning information successful in server authentication, the ex-PP string value of the Authentication-INFO field is the so-called "admission ticket".
If the authentication fails, the server returns 401 error http / 1.1 401 unauthorized / r / n ...
In this way, it is impossible to get the "admission ticket", and naturally cannot enter a legal string in (TRID = 7).