Saturday, November 28, 2015

SASL Authentication [BYPASS]



While working on a project i came across an error while trying to join an IRC server who had SASL Authentication with a custom-self-made client.
Note: With the official mIRC client it works just fine.
IMPORTANT NOTE: I DIDNT STUDY ANYTHING ABOUT SASL TLS AUTHENTICATION/ENCRYPTION AND THE DESCRIPTION I PROVIDE BELOW ARE WHAT I THOUGHT AT THE TIME IT WAS. aka PURE GUESSING WORK

And here it started...

The mIRC debug:


CLIENT: Command: CAP LS
Description:
The client SENDS BEFORE ANYTHING the CAP LS command (In my head the CAP LS command was more like a header where it  was indicatubg the SASL Authentication Request.)

SERVER: Command: CAP *TOKEN* LS :multi-prefix sasl tls
Description:
The server assigns to the client a random generated token *which is never used* and awaits for a response

CLIENT:
Command:  CAP REQ :multi-prefix
Description:
We respond back to the server with the CAP REQ :multi-prefix command

SERVER: Command: PRIVMSG *NICKNAME* :VERSION
Description:
The server send a Private Message and asks for the client version
CLIENT:
Command:  NOTICE *SERVER ADDRESS* :VERSION mIRC v7.43                            <--- Here im just using the original mIRC version signature
Description:
We respond back to the server via PM using the NOTICE command and giving a fake client version "signature"

SERVER: Command: CAP *NICKNAME* ACK :multi-prefix
Description:
Last Authentication step , server asks for the client to confirm the end of auth. by sending the CAP END command.

CLIENT:
Command: CAP END
Description:
We respond back to the server CAP END to end the authentication session

C# (Command Line Code):
  String token = buf.Split(' ')[2];
if (buf.Split(' ')[1] == "CAP")
                {
                   
                    Console.Write("Token=" + token + "\n");

                    //Stage 1 AUTHENTICATION
                    if (buf.Split(' ')[1] == "CAP" && buf.Split(' ')[2] == token && buf.Split(' ')[3] == "LS")
                    {
                        output.Write("CAP REQ :multi-prefix " + "\r\n");
                        Console.Write("Client: CAP REQ :multi-prefix SENT" + "\n");
                    }
                    else if (buf.Split(' ')[1] == "CAP" && buf.Split(' ')[2] == nick)
                    {
                        output.Write("CAP END " + "\r\n");
                        Console.Write("Client: CAP END SENT" + "\n");
                    } 
                    output.Flush();
                }

                if (buf.Split(' ')[1] == "PRIVMSG")
                {
                    output.Write("NOTICE x01.mirc.com.gr : VERSION mIRC v7.43 ");
                    Console.Write("Client: PRIVMSG VERSION SENT" + "\n");
                    output.Flush();
                }


Posted by at

3 comments:

  1. AkTaRuSOctober 21, 2019 at 1:13 AM

    This comment has been removed by the author.

    ReplyDelete
  2. AkTaRuSOctober 21, 2019 at 1:14 AM

    This comment has been removed by the author.

    ReplyDelete
  3. AkTaRuSAugust 1, 2020 at 1:43 PM

    Ircserver Italia.
    Irc.ircserver.it 6666 ssl 6696
    irc.akt4rus.it 6666 ssl 6696
    webchat:
    http://kiwinew.akt4rus.it
    http://thelounge.akt4rus.it

    ReplyDelete

Subscribe to: Post Comments (Atom)