CMD AUTH LOGON CHALLENGE Server: Difference between revisions
(Created page with "= Packet Layout = {| class="wikitable" |+ AuthLogonChallenge_Server ! Offset ! Size / Endianness ! Type ! Name ! Description |- !colspan="5"| Header |- | 0x1 || 1 / - || uint...") |
Barncastle (talk | contribs) |
||
(7 intermediate revisions by one other user not shown) | |||
Line 1: | Line 1: | ||
[[CMD_AUTH_LOGON_CHALLENGE_Server]] is a [[Login Packet]] sent by the server after receiving [[CMD_AUTH_LOGON_CHALLENGE_Client]]. The client reply is the [[CMD_AUTH_LOGON_PROOF_Client]] packet. | |||
= Packet Layout = | = Packet Layout = | ||
Line 11: | Line 13: | ||
!colspan="5"| Header | !colspan="5"| Header | ||
|- | |- | ||
| 0x1 || 1 / - || uint8 || | | 0x1 || 1 / - || uint8 || opcode || 0x00 for [[CMD_AUTH_LOGON_CHALLENGE]] | ||
|- | |- | ||
| 0x2 || 1 / - || uint8 || protocol_version || Must be 0. | | 0x2 || 1 / - || uint8 || protocol_version || Exact purpose unknown. Must be 0 for all versions. | ||
|- | |- | ||
| 0x3 || 1 / - || uint8 || result || The fields below are only included if this is | | 0x3 || 1 / - || uint8 || result || The fields below are only included if this is [[Login_Packet_Results|SUCCESS]] (0x00). | ||
|- | |- | ||
!colspan="5"| Body | !colspan="5"| Body | ||
|- | |- | ||
| 0x4 || 32 / Little || uint8[32] || | | 0x4 || 32 / Little || uint8[32] || server_public_key || SRP public server ephemeral.<br>All SRP operations are performed with little endian values. | ||
|- | |- | ||
| 0x24 || 1 / - || uint8 || | | 0x24 || 1 / - || uint8 || generator_len || SRP generator length.<br> Should always be 1 since the generator is never greater than 255. | ||
|- | |- | ||
| 0x25 || | | 0x25 || generator_len / - || uint8 || generator || SRP generator. All SRP operations are performed with little endian values. | ||
|- | |- | ||
| (0x26) || 1 / - || uint8 || | | (0x26) || 1 / - || uint8 || large_safe_prime_len || SRP large safe prime length.<br>All SRP operations are performed with little endian values.<br>Client will not read more than 32 bytes. | ||
|- | |- | ||
| (0x27) || | | (0x27) || large_safe_prime_len / Little || uint8[large_safe_prime_len] || large_safe_prime || SRP large safe prime. All SRP operations are performed with little endian values. | ||
|- | |- | ||
| (0x47) || 32 / Little || uint8[32] || | | (0x47) || 32 / Little || uint8[32] || salt || SRP user's salt. All SRP operations are performed with little endian values. | ||
|- | |- | ||
| (0x47) || 16 / Little || uint8[16] || crc_salt || A salt to be used in | | (0x47) || 16 / Little || uint8[16] || crc_salt || A salt to be used in [[CMD_AUTH_LOGON_PROOF_Client]].crc_hash.<br>Can be all zeros. | ||
|} | |} | ||
Line 55: | Line 57: | ||
== {{Template:Sandbox/PrettyVersion|expansionlevel=2|build=2.4.3.8606}} Changes == | == {{Template:Sandbox/PrettyVersion|expansionlevel=2|build=2.4.3.8606}} Changes == | ||
Sometime around {{Template:Sandbox/PrettyVersion|expansionlevel=2|build=2 | Sometime around {{Template:Sandbox/PrettyVersion|expansionlevel=2|build=2.0.0.5991}} the two factor fields were repurposed to the below. | ||
These replace the {{Template:Sandbox/PrettyVersion|expansionlevel=1|build=1.12}} fields from above. | These replace the {{Template:Sandbox/PrettyVersion|expansionlevel=1|build=1.12}} fields from above. | ||
{| class="wikitable" | |||
|+ Security Flags | |||
! Name | |||
! Value | |||
! Description | |||
|- | |||
| NONE || 0x00 || No additional checks verification. | |||
|- | |||
| PIN || 0x01 || TOTP verification entered as a PIN. | |||
|- | |||
| MATRIX_CARD || 0x02 || [https://imgur.com/0vnQMVJ Matrix Card 2FA] which requires a [https://ediwang.cdn.moonglade.blog/ediwang-images/img-dfa03229-e409-4147-91fa-7aba1f420e94.jpg matrix card]. | |||
|- | |||
| AUTHENTICATOR || 0x04 || Authenticator. | |||
|} | |||
The fields added depend on which bits are set in the security_flags field. | |||
{| class="wikitable" | {| class="wikitable" | ||
Line 73: | Line 91: | ||
!colspan="5"| security_flags.PIN fields, if applicable. | !colspan="5"| security_flags.PIN fields, if applicable. | ||
|- | |- | ||
!colspan="5"| security_flags. | !colspan="5"| security_flags.MatrixCard fields, if applicable. | ||
|- | |- | ||
!colspan="5"| security_flags.Authenticator field, if applicable. | !colspan="5"| security_flags.Authenticator field, if applicable. | ||
Line 94: | Line 112: | ||
{| class="wikitable" | {| class="wikitable" | ||
|+ security_flags. | |+ security_flags.MatrixCard Fields | ||
! Offset | ! Offset | ||
! Size / Endianness | ! Size / Endianness | ||
Line 101: | Line 119: | ||
! Description | ! Description | ||
|- | |- | ||
| 0x00 || 1 / - || uint8 || | | 0x00 || 1 / - || uint8 || width || Number of columns to display [A..Z]. | ||
|- | |- | ||
| 0x01 || 1 / - || uint8 || | | 0x01 || 1 / - || uint8 || height || Number of rows to display [0..n]. | ||
|- | |- | ||
| 0x02 || 1 / - || uint8 || | | 0x02 || 1 / - || uint8 || digit_count || Number of digits to be entered for each cell. | ||
|- | |- | ||
| 0x03 || 1 / - || uint8 || | | 0x03 || 1 / - || uint8 || challenge_count || Number of cells to be completed. | ||
|- | |- | ||
| 0x04 || 8 / - || uint64 || | | 0x04 || 8 / - || uint64 || seed || Seed value used to randomise cell selection. | ||
|} | |} | ||
Line 120: | Line 138: | ||
! Description | ! Description | ||
|- | |- | ||
| 0x00 || 1 / - || uint8 || | | 0x00 || 1 / - || uint8 || required || Dictates if the Authenticator is in use and not just assigned to the account. | ||
|} | |} | ||
= Size = | |||
For all versions, if the result is not [[Login_Packet_Results|SUCCESS]] (0x00) the packet is 3 bytes. | |||
If the result is [[Login_Packet_Results|SUCCESS]] (0x00): | |||
{| class="wikitable" | {| class="wikitable" | ||
|+ | |+ security_flags.Authenticator Fields | ||
! | ! Version | ||
! | ! security_flags field | ||
! | ! Size | ||
|- | |||
| {{Template:Sandbox/VersionRange|min_expansionlevel=1|min_build=1.1}} || - || 118 | |||
|- | |||
| {{Template:Sandbox/VersionRange|min_expansionlevel=1|min_build=1.12}} || 0x0 || 119 | |||
|- | |||
| {{Template:Sandbox/VersionRange|min_expansionlevel=1|min_build=1.12}} || 0x1 || 119 + 20 = 139 | |||
|- | |||
| {{Template:Sandbox/VersionRange|min_expansionlevel=2|min_build=2.4.3.8606}} || 0x1 / 0b001 || 119 + 20 = 139 | |||
|- | |||
| {{Template:Sandbox/VersionRange|min_expansionlevel=2|min_build=2.4.3.8606}} || 0x2 / 0b010 || 119 + 12 = 131 | |||
|- | |- | ||
| | | {{Template:Sandbox/VersionRange|min_expansionlevel=2|min_build=2.4.3.8606}} || 0x4 / 0b100 || 119 + 1 = 120 | ||
|- | |- | ||
| | | {{Template:Sandbox/VersionRange|min_expansionlevel=2|min_build=2.4.3.8606}} || 0x3 / 0b011 || 119 + 12 + 20 = 151 | ||
|- | |- | ||
| | | {{Template:Sandbox/VersionRange|min_expansionlevel=2|min_build=2.4.3.8606}} || 0x5 / 0b101 || 119 + 1 + 20 = 140 | ||
|- | |- | ||
| | | {{Template:Sandbox/VersionRange|min_expansionlevel=2|min_build=2.4.3.8606}} || 0x7 / 0b111 || 119 + 1 + 12 + 20 = 152 | ||
|} | |} | ||
[[ | = Example Packet = | ||
Below is complete packet sent from a {{Template:Sandbox/PrettyVersion|expansionlevel=1|build=1.12.1.5875}} client. The values are explained as comments. This can be used for verifying packet parser implementations. | |||
The first packet does not include the extra two factor fields. | |||
char bytes[] = { | |||
0x00, /* Opcode: CMD_AUTH_LOGON_CHALLENGE */ | |||
0x00, /* Protocol Version: 0 */ | |||
0x00, /* Result: SUCCESS (0) */ | |||
0x49, 0xd8, 0xc2, 0xbc, 0x68, 0x5c, 0x2b, 0xce, 0x4a, 0xf4, 0xfa, 0x07, | |||
0x0a, 0x47, 0x93, 0x78, 0x58, 0x78, 0x46, 0xb5, 0x83, 0xd4, 0x41, 0x82, 0x9e, 0x24, | |||
0xd8, 0x87, 0xce, 0xda, 0x34, 0x46, /* Server Public Key */ | |||
0x01, /* Generator Length: 1 */ | |||
0x07, /* Generator: 7 */ | |||
0x20, /* Large Safe Prime Length: 32 */ | |||
0xb7, 0x9b, 0x3e, 0x2a, 0x87, 0x82, 0x3c, 0xab, 0x8f, 0x5e, | |||
0xbf, 0xbf, 0x8e, 0xb1, 0x01, 0x08, 0x53, 0x50, 0x06, 0x29, | |||
0x8b, 0x5b, 0xad, 0xbd, 0x5b, 0x53, 0xe1, 0x89, 0x5e, 0x64, | |||
0x4b, 0x89, /* Large Safe Prime */ | |||
0xc7, 0x09, 0x87, 0x7d, 0x8c, 0x65, 0x52, 0x66, 0xa5, 0x7d, | |||
0xb8, 0x65, 0x3d, 0x6e, 0xa6, 0x2b, 0xb5, 0x54, 0xf2, 0x0b, | |||
0xcf, 0x74, 0xd6, 0x4a, 0x77, 0xa7, 0xd3, 0x3d, 0xf3, 0x30, | |||
0x90, 0x87, /* Salt */ | |||
0xba, 0xa3, 0x1e, 0x99, 0xa0, 0x0b, 0x21, 0x57, 0xfc, 0x37, | |||
0x3f, 0xb3, 0x69, 0xcd, 0xd2, 0xf1, /* CRC Salt */ | |||
} | |||
The second one does. | |||
char bytes[] = { | |||
0x00, /* Opcode: CMD_AUTH_LOGON_CHALLENGE */ | |||
0x00, /* Protocol Version: 0 */ | |||
0x00, /* Result: SUCCESS (0) */ | |||
0x49, 0xd8, 0xc2, 0xbc, 0x68, 0x5c, 0x2b, 0xce, 0x4a, 0xf4, 0xfa, 0x07, | |||
0x0a, 0x47, 0x93, 0x78, 0x58, 0x78, 0x46, 0xb5, 0x83, 0xd4, 0x41, 0x82, 0x9e, 0x24, | |||
0xd8, 0x87, 0xce, 0xda, 0x34, 0x46, /* Server Public Key */ | |||
0x01, /* Generator Length: 1 */ | |||
0x07, /* Generator: 7 */ | |||
0x20, /* Large Safe Prime Length: 32 */ | |||
0xb7, 0x9b, 0x3e, 0x2a, 0x87, 0x82, 0x3c, 0xab, 0x8f, 0x5e, | |||
0xbf, 0xbf, 0x8e, 0xb1, 0x01, 0x08, 0x53, 0x50, 0x06, 0x29, | |||
0x8b, 0x5b, 0xad, 0xbd, 0x5b, 0x53, 0xe1, 0x89, 0x5e, 0x64, | |||
0x4b, 0x89, /* Large Safe Prime */ | |||
0xc7, 0x09, 0x87, 0x7d, 0x8c, 0x65, 0x52, 0x66, 0xa5, 0x7d, | |||
0xb8, 0x65, 0x3d, 0x6e, 0xa6, 0x2b, 0xb5, 0x54, 0xf2, 0x0b, | |||
0xcf, 0x74, 0xd6, 0x4a, 0x77, 0xa7, 0xd3, 0x3d, 0xf3, 0x30, | |||
0x90, 0x87, /* Salt */ | |||
0xba, 0xa3, 0x1e, 0x99, 0xa0, 0x0b, 0x21, 0x57, 0xfc, 0x37, | |||
0x3f, 0xb3, 0x69, 0xcd, 0xd2, 0xf1, /* CRC Salt */ | |||
0x01, // Two factor fields enabled: True | |||
0xEF, 0xBE, 0xAD, 0xDE, // PIN grid seed: 0xDEADBEEF | |||
0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, | |||
0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, // PIN salt | |||
} | |||
{{Login_Packet_Categories}} |
Latest revision as of 18:15, 27 July 2022
CMD_AUTH_LOGON_CHALLENGE_Server is a Login Packet sent by the server after receiving CMD_AUTH_LOGON_CHALLENGE_Client. The client reply is the CMD_AUTH_LOGON_PROOF_Client packet.
Packet Layout
Offset | Size / Endianness | Type | Name | Description |
---|---|---|---|---|
Header | ||||
0x1 | 1 / - | uint8 | opcode | 0x00 for CMD_AUTH_LOGON_CHALLENGE |
0x2 | 1 / - | uint8 | protocol_version | Exact purpose unknown. Must be 0 for all versions. |
0x3 | 1 / - | uint8 | result | The fields below are only included if this is SUCCESS (0x00). |
Body | ||||
0x4 | 32 / Little | uint8[32] | server_public_key | SRP public server ephemeral. All SRP operations are performed with little endian values. |
0x24 | 1 / - | uint8 | generator_len | SRP generator length. Should always be 1 since the generator is never greater than 255. |
0x25 | generator_len / - | uint8 | generator | SRP generator. All SRP operations are performed with little endian values. |
(0x26) | 1 / - | uint8 | large_safe_prime_len | SRP large safe prime length. All SRP operations are performed with little endian values. Client will not read more than 32 bytes. |
(0x27) | large_safe_prime_len / Little | uint8[large_safe_prime_len] | large_safe_prime | SRP large safe prime. All SRP operations are performed with little endian values. |
(0x47) | 32 / Little | uint8[32] | salt | SRP user's salt. All SRP operations are performed with little endian values. |
(0x47) | 16 / Little | uint8[16] | crc_salt | A salt to be used in CMD_AUTH_LOGON_PROOF_Client.crc_hash. Can be all zeros. |
(1.12) Additions
(1.12) added two factor authentication PIN fields which are appended to the packet.
(2.4.3.8606) Changes
Sometime around (2.0.0.5991) the two factor fields were repurposed to the below. These replace the (1.12) fields from above.
Name | Value | Description |
---|---|---|
NONE | 0x00 | No additional checks verification. |
PIN | 0x01 | TOTP verification entered as a PIN. |
MATRIX_CARD | 0x02 | Matrix Card 2FA which requires a matrix card. |
AUTHENTICATOR | 0x04 | Authenticator. |
The fields added depend on which bits are set in the security_flags field.
The following fields are only present if the appropriate bit is set.
Offset | Size / Endianness | Type | Name | Description |
---|---|---|---|---|
0x00 | 4 / Little | uint32 | pin_grid_seed | Seed value for the PIN grid on the client. Only here if the two_factor_authentication field is true. |
0x04 | 16 / Little | uint8[16] | pin_salt | Salt value for the client. Only here if the two_factor_authentication field is true. |
Offset | Size / Endianness | Type | Name | Description |
---|---|---|---|---|
0x00 | 1 / - | uint8 | width | Number of columns to display [A..Z]. |
0x01 | 1 / - | uint8 | height | Number of rows to display [0..n]. |
0x02 | 1 / - | uint8 | digit_count | Number of digits to be entered for each cell. |
0x03 | 1 / - | uint8 | challenge_count | Number of cells to be completed. |
0x04 | 8 / - | uint64 | seed | Seed value used to randomise cell selection. |
Offset | Size / Endianness | Type | Name | Description |
---|---|---|---|---|
0x00 | 1 / - | uint8 | required | Dictates if the Authenticator is in use and not just assigned to the account. |
Size
For all versions, if the result is not SUCCESS (0x00) the packet is 3 bytes.
If the result is SUCCESS (0x00):
Example Packet
Below is complete packet sent from a (1.12.1.5875) client. The values are explained as comments. This can be used for verifying packet parser implementations.
The first packet does not include the extra two factor fields.
char bytes[] = { 0x00, /* Opcode: CMD_AUTH_LOGON_CHALLENGE */ 0x00, /* Protocol Version: 0 */ 0x00, /* Result: SUCCESS (0) */ 0x49, 0xd8, 0xc2, 0xbc, 0x68, 0x5c, 0x2b, 0xce, 0x4a, 0xf4, 0xfa, 0x07, 0x0a, 0x47, 0x93, 0x78, 0x58, 0x78, 0x46, 0xb5, 0x83, 0xd4, 0x41, 0x82, 0x9e, 0x24, 0xd8, 0x87, 0xce, 0xda, 0x34, 0x46, /* Server Public Key */ 0x01, /* Generator Length: 1 */ 0x07, /* Generator: 7 */ 0x20, /* Large Safe Prime Length: 32 */ 0xb7, 0x9b, 0x3e, 0x2a, 0x87, 0x82, 0x3c, 0xab, 0x8f, 0x5e, 0xbf, 0xbf, 0x8e, 0xb1, 0x01, 0x08, 0x53, 0x50, 0x06, 0x29, 0x8b, 0x5b, 0xad, 0xbd, 0x5b, 0x53, 0xe1, 0x89, 0x5e, 0x64, 0x4b, 0x89, /* Large Safe Prime */ 0xc7, 0x09, 0x87, 0x7d, 0x8c, 0x65, 0x52, 0x66, 0xa5, 0x7d, 0xb8, 0x65, 0x3d, 0x6e, 0xa6, 0x2b, 0xb5, 0x54, 0xf2, 0x0b, 0xcf, 0x74, 0xd6, 0x4a, 0x77, 0xa7, 0xd3, 0x3d, 0xf3, 0x30, 0x90, 0x87, /* Salt */ 0xba, 0xa3, 0x1e, 0x99, 0xa0, 0x0b, 0x21, 0x57, 0xfc, 0x37, 0x3f, 0xb3, 0x69, 0xcd, 0xd2, 0xf1, /* CRC Salt */ }
The second one does.
char bytes[] = { 0x00, /* Opcode: CMD_AUTH_LOGON_CHALLENGE */ 0x00, /* Protocol Version: 0 */ 0x00, /* Result: SUCCESS (0) */ 0x49, 0xd8, 0xc2, 0xbc, 0x68, 0x5c, 0x2b, 0xce, 0x4a, 0xf4, 0xfa, 0x07, 0x0a, 0x47, 0x93, 0x78, 0x58, 0x78, 0x46, 0xb5, 0x83, 0xd4, 0x41, 0x82, 0x9e, 0x24, 0xd8, 0x87, 0xce, 0xda, 0x34, 0x46, /* Server Public Key */ 0x01, /* Generator Length: 1 */ 0x07, /* Generator: 7 */ 0x20, /* Large Safe Prime Length: 32 */ 0xb7, 0x9b, 0x3e, 0x2a, 0x87, 0x82, 0x3c, 0xab, 0x8f, 0x5e, 0xbf, 0xbf, 0x8e, 0xb1, 0x01, 0x08, 0x53, 0x50, 0x06, 0x29, 0x8b, 0x5b, 0xad, 0xbd, 0x5b, 0x53, 0xe1, 0x89, 0x5e, 0x64, 0x4b, 0x89, /* Large Safe Prime */ 0xc7, 0x09, 0x87, 0x7d, 0x8c, 0x65, 0x52, 0x66, 0xa5, 0x7d, 0xb8, 0x65, 0x3d, 0x6e, 0xa6, 0x2b, 0xb5, 0x54, 0xf2, 0x0b, 0xcf, 0x74, 0xd6, 0x4a, 0x77, 0xa7, 0xd3, 0x3d, 0xf3, 0x30, 0x90, 0x87, /* Salt */ 0xba, 0xa3, 0x1e, 0x99, 0xa0, 0x0b, 0x21, 0x57, 0xfc, 0x37, 0x3f, 0xb3, 0x69, 0xcd, 0xd2, 0xf1, /* CRC Salt */ 0x01, // Two factor fields enabled: True 0xEF, 0xBE, 0xAD, 0xDE, // PIN grid seed: 0xDEADBEEF 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, // PIN salt }