| Author | Message | 
	
		| CommieCausey Newbie
 
  
 Age:42
 Gender:
  Joined: May 27 2006
 Posts: 10
 Location: California
 Offline
 
 | 
			
			  | 
				
					|  Posted: Tue May 30, 2006 12:34 am     Post subject: SubSpace login: key handshake? |  |   |  |  
				| 
 |  
				| I have read Catid's subspace protocol text but I have a problem getting the key exchange to work.  In Catid's paper it says that the Session key should be the Client key * -1 or else the key is not valid?  In merv bot it seems to check that, in TW Core I think I couldn't find any check at all for the session key. 
 Ok I've tried to get the -key to be received and maybe I am screwing up something with the signed/unsigned variable.  Here is a proxy I made to look at the packets but even Mervbot doesnt seem to receive a "valid" session key in response.  Is the text I read incorrect/out of date?
 
 
 
 simple subspace proxy in python
 
  ssproxy.py - 2.12 KB File downloaded or viewed 43 time(s)
 
 |  | 
	
		| Back to top |  | 
	
		|  | 
	
		| Dr Brain Flip-flopping like a wind surfer
 
  
 Age:39
 Gender:
  Joined: Dec 01 2002
 Posts: 3502
 Location: Hyperspace
 Offline
 
 | 
			
			  | 
				
					|  Posted: Tue May 30, 2006 1:21 am     Post subject: |  |   |  |  
				| 
 |  
				| I have always understood (maybe wrongly) that TWCore is pretty loose about that kind of thing because subgame doesn't care as much about what sysop clients do. _________________
 Hyperspace Owner
 
 Smong> so long as 99% deaths feel lame it will always be hyperspace to me
 |  | 
	
		| Back to top |  | 
	
		|  | 
	
		| Cerium Server Help Squatter
 
  
 Age:43
 Gender:
  Joined: Mar 05 2005
 Posts: 807
 Location: I will stab you.
 Offline
 
 | 
			
			  | 
				
					|  Posted: Tue May 30, 2006 5:08 am     Post subject: |  |   |  |  
				| 
 |  
				| The client isnt a sysop until well after the key exchange... _________________
 There are 7 user(s) ignoring me right now.
 |  | 
	
		| Back to top |  | 
	
		|  | 
	
		| CypherJF I gargle nitroglycerin
 
  
 Gender:
  Joined: Aug 14 2003
 Posts: 2582
 Location: USA
 Offline
 
 | 
			
			  | 
				
					|  Posted: Tue May 30, 2006 10:14 am     Post subject: |  |   |  |  
				| 
 |  
				| It's actually ... 
 newKey = ~givenKey + 1
 
 Just check it out, take the values form the integer/long, in both cases and make sure they match properly.
 _________________
 Performance is often the art of cheating carefully. - James Gosling
 |  | 
	
		| Back to top |  | 
	
		|  | 
	
		| Cyan~Fire I'll count you!
 
  
 
 Age:37
 Gender:
  Joined: Jul 14 2003
 Posts: 4608
 Location: A Dream
 Offline
 
 |  | 
	
		| Back to top |  | 
	
		|  | 
	
		| CypherJF I gargle nitroglycerin
 
  
 Gender:
  Joined: Aug 14 2003
 Posts: 2582
 Location: USA
 Offline
 
 | 
			
			  | 
				
					|  Posted: Tue May 30, 2006 11:40 am     Post subject: |  |   |  |  
				| 
 |  
				| Oh my bad, I misread the original post, haha.   |  | 
	
		| Back to top |  | 
	
		|  | 
	
		| CommieCausey Newbie
 
  
 Age:42
 Gender:
  Joined: May 27 2006
 Posts: 10
 Location: California
 Offline
 
 | 
			
			  | 
				
					|  Posted: Tue May 30, 2006 2:41 pm     Post subject: |  |   |  |  
				| 
 |  
				| I also tried logging in using a C program.  I usually get the same result as I mentioned.  It is just a little different from the two's complement.  Sometimes I receive the session key as the same exact client key I sent (this allows no encryption?).  The unreliability adds to my confusion... 
 
 
 subspace login attempt for netbsd/linux
 
  login.c - 3.6 KB File downloaded or viewed 29 time(s)
 
 |  | 
	
		| Back to top |  | 
	
		|  | 
	
		| Mr Ekted Movie Geek
 
  
 Gender:
  Joined: Feb 09 2004
 Posts: 1379
 Offline
 
 | 
			
			  | 
				
					|  Posted: Tue May 30, 2006 3:03 pm     Post subject: |  |   |  |  
				| 
 |  
				| The server doesn't respond to a connection attempt (0001) with a connection reply (0002) directly. It responds with a spoof check. The normal sequence would look like: 
 C: 00 01 k1 k1 k1 k1 01 00
 S: 00 05 rr rr rr rr
 C: 00 06 rr rr rr rr tt tt tt tt
 S: 00 02 k2 k2 k2 k2 ...
 _________________
 4,691 irradiated haggis!
 |  | 
	
		| Back to top |  | 
	
		|  | 
	
		| CommieCausey Newbie
 
  
 Age:42
 Gender:
  Joined: May 27 2006
 Posts: 10
 Location: California
 Offline
 
 | 
			
			  | 
				
					|  Posted: Tue May 30, 2006 6:17 pm     Post subject: |  |   |  |  
				| 
 |  
				| yes I know Mr Ekted thanks though for trying to help me. 
 I have found the cause of my problem!  I made a function to write out the bits of the keys and what I thought the session should have been, and that made it easy to see what was up.
 
 I just remembered Im using unix on a computer with a PowerPC processor that uses Big Endian so memcpy copies the variable in big endian!  The Intel server uses little Endian!  OMG I SUX.
 
 CC
 
 
 
 Same as before but prints out each bit in a key.
 
  login.c - 4.21 KB File downloaded or viewed 15 time(s)
 
 |  | 
	
		| Back to top |  | 
	
		|  | 
	
		| Mr Ekted Movie Geek
 
  
 Gender:
  Joined: Feb 09 2004
 Posts: 1379
 Offline
 
 | 
			
			  | 
				
					|  Posted: Tue May 30, 2006 6:49 pm     Post subject: |  |   |  |  
				| 
 |  
				| The problem is your knowledge of memory and data. The DWORD value 0x12345678 would appear in Intel memory as: 
 78 56 34 12
 
 The low bit would be the low bit of the first byte:
 
 78<- 56 34 12
 
 The code itself on the client or the server doesn't care about any of this. The packet is defined by a structure. Those 4 bytes are interpretted (read and written) as a single DWORD. The position of the bytes and bits is irrelevant.
 
 If you look at MERV code, you may be led to think that you have to care about byte ordering at this level. This is not true. All the MERV packet handling code is compete and utter crap.
 |  | 
	
		| Back to top |  | 
	
		|  | 
	
		| CommieCausey Newbie
 
  
 Age:42
 Gender:
  Joined: May 27 2006
 Posts: 10
 Location: California
 Offline
 
 | 
			
			  | 
				
					|  Posted: Tue May 30, 2006 8:01 pm     Post subject: |  |   |  |  
				| 
 |  
				| Sorry Mr. Ekted I had edited my post and removed my long ass moaning about the endianness, I didn't want to spam and had just remembered PowerPC is big endian.  I didn't know you were responding. 
 My problem was caused by me assuming that SubSpace protocol uses Network byte order (Big Endian) like most network protocols.  But because SubSpace was only made for Intel/Windows everything seems to use little endian.  That makes things harder for me since my PowerPC processor uses big endian and that was the source of the problem because I was sending a key in big endian.
 
 Now I know everything sent in the protocol is assumed to be little endian and that no conversion between endianness is performed by the server.
 
 CC
 |  | 
	
		| Back to top |  | 
	
		|  | 
	
		| Mr Ekted Movie Geek
 
  
 Gender:
  Joined: Feb 09 2004
 Posts: 1379
 Offline
 
 | 
			
			  | 
				
					|  Posted: Tue May 30, 2006 8:51 pm     Post subject: |  |   |  |  
				| 
 |  
				| So your code now works? |  | 
	
		| Back to top |  | 
	
		|  | 
	
		| CommieCausey Newbie
 
  
 Age:42
 Gender:
  Joined: May 27 2006
 Posts: 10
 Location: California
 Offline
 
 | 
			
			  | 
				
					|  Posted: Tue May 30, 2006 9:33 pm     Post subject: |  |   |  |  
				| 
 |  
				| Yup!  I changed the python proxy to unpack the bytes using little endian and the session key comes out negative of the client key no problem.  So I am thinking when I read in a raw packet or write a raw packet out I just need to make sure i pack or unpack specifying little endian.  I hope! 
 Sorry to be a bother guys.
 
 Now I'm trying to make my keystream match Mervbot's keystream
   
 CC
 
 
 
 Proxy to snoop keys for mervbot, uncomment print_packet if you want it to dump each packet that goes through (encrypted)
 
  ssproxy.py - 2.02 KB File downloaded or viewed 32 time(s)
 
 |  | 
	
		| Back to top |  | 
	
		|  | 
	
		|  |