Mercurial > pidgin

comparison libpurple/protocols/qq/qq_base.c @ 23640:58bb7fc244e4

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
2008.08.03 - csyfek <csyfek(at)gmail.com> * Commit lost files to Pidgin
author SHiNE CsyFeK <csyfek@gmail.com>
date Sun, 03 Aug 2008 05:13:29 +0000
parents
children 5f454b975a99
comparison
equal deleted inserted replaced
23639:dd30b4323639 23640:58bb7fc244e4
1 /**
2 * @file qq_base.c
3 *
4 * purple
5 *
6 * Purple is the legal property of its developers, whose names are too numerous
7 * to list here. Please refer to the COPYRIGHT file distributed with this
8 * source distribution.
9 *
10 * This program is free software; you can redistribute it and/or modify
11 * it under the terms of the GNU General Public License as published by
12 * the Free Software Foundation; either version 2 of the License, or
13 * (at your option) any later version.
14 *
15 * This program is distributed in the hope that it will be useful,
16 * but WITHOUT ANY WARRANTY; without even the implied warranty of
17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 * GNU General Public License for more details.
19 *
20 * You should have received a copy of the GNU General Public License
21 * along with this program; if not, write to the Free Software
22 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02111-1301 USA
23 */
24
25 #include "debug.h"
26 #include "internal.h"
27 #include "server.h"
28 #include "cipher.h"
29
30 #include "buddy_info.h"
31 #include "buddy_list.h"
32 #include "char_conv.h"
33 #include "crypt.h"
34 #include "group.h"
35 #include "header_info.h"
36 #include "qq_base.h"
37 #include "packet_parse.h"
38 #include "qq.h"
39 #include "qq_network.h"
40 #include "utils.h"
41
42 #define QQ_LOGIN_DATA_LENGTH 416
43 #define QQ_LOGIN_REPLY_OK_PACKET_LEN 139
44 #define QQ_LOGIN_REPLY_REDIRECT_PACKET_LEN 11
45
46 /* for QQ 2003iii 0117, fixed value */
47 /* static const guint8 login_23_51[29] = {
48 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
49 0x00, 0x00, 0x00, 0x00, 0xbf, 0x14, 0x11, 0x20,
50 0x03, 0x9d, 0xb2, 0xe6, 0xb3, 0x11, 0xb7, 0x13,
51 0x95, 0x67, 0xda, 0x2c, 0x01
52 }; */
53
54 /* for QQ 2003iii 0304, fixed value */
55 /*
56 static const guint8 login_23_51[29] = {
57 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
58 0x00, 0x00, 0x00, 0x00, 0x9a, 0x93, 0xfe, 0x85,
59 0xd3, 0xd9, 0x2a, 0x41, 0xc8, 0x0d, 0xff, 0xb6,
60 0x40, 0xb8, 0xac, 0x32, 0x01
61 };
62 */
63
64 /* for QQ 2005? copy from lumaqq */
65 /* FIXME: change to guint8 */
66 static const guint8 login_23_51[29] = {
67 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
68 0x00, 0x00, 0x00, 0x00, 0x86, 0xcc, 0x4c, 0x35,
69 0x2c, 0xd3, 0x73, 0x6c, 0x14, 0xf6, 0xf6, 0xaf,
70 0xc3, 0xfa, 0x33, 0xa4, 0x01
71 };
72
73 static const guint8 login_53_68[16] = {
74 0x8D, 0x8B, 0xFA, 0xEC, 0xD5, 0x52, 0x17, 0x4A,
75 0x86, 0xF9, 0xA7, 0x75, 0xE6, 0x32, 0xD1, 0x6D
76 };
77
78 static const guint8 login_100_bytes[100] = {
79 0x40, 0x0B, 0x04, 0x02, 0x00, 0x01, 0x00, 0x00,
80 0x00, 0x00, 0x00, 0x03, 0x09, 0x00, 0x00, 0x00,
81 0x00, 0x00, 0x00, 0x00, 0x01, 0xE9, 0x03, 0x01,
82 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0xF3, 0x03,
83 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0xED,
84 0x03, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01,
85 0xEC, 0x03, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
86 0x03, 0x05, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
87 0x00, 0x03, 0x07, 0x00, 0x00, 0x00, 0x00, 0x00,
88 0x00, 0x00, 0x01, 0xEE, 0x03, 0x00, 0x00, 0x00,
89 0x00, 0x00, 0x00, 0x01, 0xEF, 0x03, 0x00, 0x00,
90 0x00, 0x00, 0x00, 0x00, 0x01, 0xEB, 0x03, 0x00,
91 0x00, 0x00, 0x00, 0x00
92 };
93
94
95 /* fixed value, not affected by version, or mac address */
96 /*
97 static const guint8 login_53_68[16] = {
98 0x82, 0x2a, 0x91, 0xfd, 0xa5, 0xca, 0x67, 0x4c,
99 0xac, 0x81, 0x1f, 0x6f, 0x52, 0x05, 0xa7, 0xbf
100 };
101 */
102
103
104 typedef struct _qq_login_reply_ok qq_login_reply_ok_packet;
105 typedef struct _qq_login_reply_redirect qq_login_reply_redirect_packet;
106
107 struct _qq_login_reply_ok {
108 guint8 result;
109 guint8 session_key[QQ_KEY_LENGTH];
110 guint32 uid;
111 struct in_addr client_ip; /* those detected by server */
112 guint16 client_port;
113 struct in_addr server_ip;
114 guint16 server_port;
115 time_t login_time;
116 guint8 unknown1[26];
117 struct in_addr unknown_server1_ip;
118 guint16 unknown_server1_port;
119 struct in_addr unknown_server2_ip;
120 guint16 unknown_server2_port;
121 guint16 unknown2; /* 0x0001 */
122 guint16 unknown3; /* 0x0000 */
123 guint8 unknown4[32];
124 guint8 unknown5[12];
125 struct in_addr last_client_ip;
126 time_t last_login_time;
127 guint8 unknown6[8];
128 };
129
130 struct _qq_login_reply_redirect {
131 guint8 result;
132 guint32 uid;
133 struct in_addr new_server_ip;
134 guint16 new_server_port;
135 };
136
137 /* generate a md5 key using uid and session_key */
138 static void get_session_md5(guint8 *session_md5, guint32 uid, guint8 *session_key)
139 {
140 guint8 src[QQ_KEY_LENGTH + QQ_KEY_LENGTH];
141 gint bytes = 0;
142
143 bytes += qq_put32(src + bytes, uid);
144 bytes += qq_putdata(src + bytes, session_key, QQ_KEY_LENGTH);
145
146 qq_get_md5(session_md5, QQ_KEY_LENGTH, src, bytes);
147 }
148
149 /* process login reply which says OK */
150 static gint8 process_login_ok(PurpleConnection *gc, guint8 *data, gint len)
151 {
152 gint bytes;
153 qq_data *qd;
154 qq_login_reply_ok_packet lrop;
155
156 qd = (qq_data *) gc->proto_data;
157 /* FIXME, check QQ_LOGIN_REPLY_OK_PACKET_LEN here */
158 bytes = 0;
159
160 /* 000-000: reply code */
161 bytes += qq_get8(&lrop.result, data + bytes);
162 /* 001-016: session key */
163 bytes += qq_getdata(lrop.session_key, sizeof(lrop.session_key), data + bytes);
164 purple_debug(PURPLE_DEBUG_INFO, "QQ", "Get session_key done\n");
165 /* 017-020: login uid */
166 bytes += qq_get32(&lrop.uid, data + bytes);
167 /* 021-024: server detected user public IP */
168 bytes += qq_getIP(&lrop.client_ip, data + bytes);
169 /* 025-026: server detected user port */
170 bytes += qq_get16(&lrop.client_port, data + bytes);
171 /* 027-030: server detected itself ip 127.0.0.1 ? */
172 bytes += qq_getIP(&lrop.server_ip, data + bytes);
173 /* 031-032: server listening port */
174 bytes += qq_get16(&lrop.server_port, data + bytes);
175 /* 033-036: login time for current session */
176 bytes += qq_getime(&lrop.login_time, data + bytes);
177 /* 037-062: 26 bytes, unknown */
178 bytes += qq_getdata((guint8 *) &lrop.unknown1, 26, data + bytes);
179 /* 063-066: unknown server1 ip address */
180 bytes += qq_getIP(&lrop.unknown_server1_ip, data + bytes);
181 /* 067-068: unknown server1 port */
182 bytes += qq_get16(&lrop.unknown_server1_port, data + bytes);
183 /* 069-072: unknown server2 ip address */
184 bytes += qq_getIP(&lrop.unknown_server2_ip, data + bytes);
185 /* 073-074: unknown server2 port */
186 bytes += qq_get16(&lrop.unknown_server2_port, data + bytes);
187 /* 075-076: 2 bytes unknown */
188 bytes += qq_get16(&lrop.unknown2, data + bytes);
189 /* 077-078: 2 bytes unknown */
190 bytes += qq_get16(&lrop.unknown3, data + bytes);
191 /* 079-110: 32 bytes unknown */
192 bytes += qq_getdata((guint8 *) &lrop.unknown4, 32, data + bytes);
193 /* 111-122: 12 bytes unknown */
194 bytes += qq_getdata((guint8 *) &lrop.unknown5, 12, data + bytes);
195 /* 123-126: login IP of last session */
196 bytes += qq_getIP(&lrop.last_client_ip, data + bytes);
197 /* 127-130: login time of last session */
198 bytes += qq_getime(&lrop.last_login_time, data + bytes);
199 /* 131-138: 8 bytes unknown */
200 bytes += qq_getdata((guint8 *) &lrop.unknown6, 8, data + bytes);
201
202 if (bytes != QQ_LOGIN_REPLY_OK_PACKET_LEN) { /* fail parsing login info */
203 purple_debug(PURPLE_DEBUG_WARNING, "QQ",
204 "Fail parsing login info, expect %d bytes, read %d bytes\n",
205 QQ_LOGIN_REPLY_OK_PACKET_LEN, bytes);
206 } /* but we still go on as login OK */
207
208 memcpy(qd->session_key, lrop.session_key, sizeof(qd->session_key));
209 get_session_md5(qd->session_md5, qd->uid, qd->session_key);
210
211 qd->my_ip.s_addr = lrop.client_ip.s_addr;
212
213 qd->my_port = lrop.client_port;
214 qd->login_time = lrop.login_time;
215 qd->last_login_time = lrop.last_login_time;
216 qd->last_login_ip = g_strdup( inet_ntoa(lrop.last_client_ip) );
217
218 return QQ_LOGIN_REPLY_OK;
219 }
220
221 /* process login reply packet which includes redirected new server address */
222 static gint8 process_login_redirect(PurpleConnection *gc, guint8 *data, gint len)
223 {
224 qq_data *qd;
225 gint bytes;
226 qq_login_reply_redirect_packet lrrp;
227
228 qd = (qq_data *) gc->proto_data;
229 bytes = 0;
230 /* 000-000: reply code */
231 bytes += qq_get8(&lrrp.result, data + bytes);
232 /* 001-004: login uid */
233 bytes += qq_get32(&lrrp.uid, data + bytes);
234 /* 005-008: redirected new server IP */
235 bytes += qq_getIP(&lrrp.new_server_ip, data + bytes);
236 /* 009-010: redirected new server port */
237 bytes += qq_get16(&lrrp.new_server_port, data + bytes);
238
239 if (bytes != QQ_LOGIN_REPLY_REDIRECT_PACKET_LEN) {
240 purple_debug(PURPLE_DEBUG_ERROR, "QQ",
241 "Fail parsing login redirect packet, expect %d bytes, read %d bytes\n",
242 QQ_LOGIN_REPLY_REDIRECT_PACKET_LEN, bytes);
243 return QQ_LOGIN_REPLY_ERR_MISC;
244 }
245
246 /* redirect to new server, do not disconnect or connect here
247 * those connect should be called at packet_process */
248 if (qd->real_hostname) {
249 purple_debug(PURPLE_DEBUG_INFO, "QQ", "free real_hostname\n");
250 g_free(qd->real_hostname);
251 qd->real_hostname = NULL;
252 }
253 qd->real_hostname = g_strdup( inet_ntoa(lrrp.new_server_ip) );
254 qd->real_port = lrrp.new_server_port;
255
256 return QQ_LOGIN_REPLY_REDIRECT;
257 }
258
259 /* process login reply which says wrong password */
260 static gint8 process_login_wrong_pwd(PurpleConnection *gc, guint8 *data, gint len)
261 {
262 gchar *server_reply, *server_reply_utf8;
263 server_reply = g_new0(gchar, len);
264 g_memmove(server_reply, data + 1, len - 1);
265 server_reply_utf8 = qq_to_utf8(server_reply, QQ_CHARSET_DEFAULT);
266 purple_debug(PURPLE_DEBUG_ERROR, "QQ", "Wrong password, server msg in UTF8: %s\n", server_reply_utf8);
267 g_free(server_reply);
268 g_free(server_reply_utf8);
269
270 return QQ_LOGIN_REPLY_ERR_PWD;
271 }
272
273 /* request before login */
274 void qq_send_packet_token(PurpleConnection *gc)
275 {
276 qq_data *qd;
277 guint8 buf[16] = {0};
278 gint bytes = 0;
279
280 g_return_if_fail(gc != NULL && gc->proto_data != NULL);
281 qd = (qq_data *) gc->proto_data;
282
283 bytes += qq_put8(buf + bytes, 0);
284
285 qd->send_seq++;
286 qq_send_data(qd, QQ_CMD_TOKEN, qd->send_seq, TRUE, buf, bytes);
287 }
288
289 /* send login packet to QQ server */
290 void qq_send_packet_login(PurpleConnection *gc)
291 {
292 qq_data *qd;
293 guint8 *buf, *raw_data;
294 gint bytes;
295 guint8 *encrypted_data;
296 gint encrypted_len;
297
298 g_return_if_fail(gc != NULL && gc->proto_data != NULL);
299 qd = (qq_data *) gc->proto_data;
300
301 g_return_if_fail(qd->token != NULL && qd->token_len > 0);
302
303 raw_data = g_newa(guint8, QQ_LOGIN_DATA_LENGTH);
304 memset(raw_data, 0, QQ_LOGIN_DATA_LENGTH);
305
306 encrypted_data = g_newa(guint8, QQ_LOGIN_DATA_LENGTH + 16); /* 16 bytes more */
307 #ifdef DEBUG
308 memset(qd->inikey, 0x01, sizeof(qd->inikey));
309 #else
310 for (bytes = 0; bytes < sizeof(qd->inikey); bytes++) {
311 qd->inikey[bytes] = (guint8) (g_random_int_range(0, 255) % 256);
312 }
313 #endif
314
315 bytes = 0;
316 /* now generate the encrypted data
317 * 000-015 use password_twice_md5 as key to encrypt empty string */
318 qq_encrypt((guint8 *) "", 0, qd->password_twice_md5, raw_data + bytes, &encrypted_len);
319 bytes += 16;
320 /* 016-016 */
321 bytes += qq_put8(raw_data + bytes, 0x00);
322 /* 017-020, used to be IP, now zero */
323 bytes += qq_put32(raw_data + bytes, 0x00000000);
324 /* 021-022, used to be port, now zero */
325 bytes += qq_put16(raw_data + bytes, 0x0000);
326 /* 023-051, fixed value, unknown */
327 bytes += qq_putdata(raw_data + bytes, login_23_51, 29);
328 /* 052-052, login mode */
329 bytes += qq_put8(raw_data + bytes, qd->login_mode);
330 /* 053-068, fixed value, maybe related to per machine */
331 bytes += qq_putdata(raw_data + bytes, login_53_68, 16);
332 /* 069, login token length */
333 bytes += qq_put8(raw_data + bytes, qd->token_len);
334 /* 070-093, login token, normally 24 bytes */
335 bytes += qq_putdata(raw_data + bytes, qd->token, qd->token_len);
336 /* 100 bytes unknown */
337 bytes += qq_putdata(raw_data + bytes, login_100_bytes, 100);
338 /* all zero left */
339
340 qq_encrypt(raw_data, QQ_LOGIN_DATA_LENGTH, qd->inikey, encrypted_data, &encrypted_len);
341
342 buf = g_newa(guint8, MAX_PACKET_SIZE);
343 memset(buf, 0, MAX_PACKET_SIZE);
344 bytes = 0;
345 bytes += qq_putdata(buf + bytes, qd->inikey, QQ_KEY_LENGTH);
346 bytes += qq_putdata(buf + bytes, encrypted_data, encrypted_len);
347
348 qd->send_seq++;
349 qq_send_data(qd, QQ_CMD_LOGIN, qd->send_seq, TRUE, buf, bytes);
350 }
351
352 guint8 qq_process_token_reply(PurpleConnection *gc, gchar *error_msg, guint8 *buf, gint buf_len)
353 {
354 qq_data *qd;
355 guint8 ret;
356 int token_len;
357
358 g_return_val_if_fail(buf != NULL && buf_len != 0, -1);
359
360 g_return_val_if_fail(gc != NULL && gc->proto_data != NULL, -1);
361 qd = (qq_data *) gc->proto_data;
362
363 ret = buf[0];
364
365 if (ret != QQ_TOKEN_REPLY_OK) {
366 purple_debug(PURPLE_DEBUG_ERROR, "QQ", "Unknown request login token reply code : %d\n", buf[0]);
367 qq_hex_dump(PURPLE_DEBUG_WARNING, "QQ",
368 buf, buf_len,
369 ">>> [default] decrypt and dump");
370 error_msg = try_dump_as_gbk(buf, buf_len);
371 return ret;
372 }
373
374 token_len = buf_len-2;
375 if (token_len <= 0) {
376 error_msg = g_strdup_printf( _("Invalid token len, %d"), token_len);
377 return -1;
378 }
379
380 if (buf[1] != token_len) {
381 purple_debug(PURPLE_DEBUG_INFO, "QQ",
382 "Invalid token len. Packet specifies length of %d, actual length is %d\n", buf[1], buf_len-2);
383 }
384 qq_hex_dump(PURPLE_DEBUG_INFO, "QQ",
385 buf+2, token_len,
386 "<<< got a token -> [default] decrypt and dump");
387
388 qd->token = g_new0(guint8, token_len);
389 qd->token_len = token_len;
390 g_memmove(qd->token, buf + 2, qd->token_len);
391 return ret;
392 }
393
394 /* send logout packets to QQ server */
395 void qq_send_packet_logout(PurpleConnection *gc)
396 {
397 gint i;
398 qq_data *qd;
399
400 qd = (qq_data *) gc->proto_data;
401 for (i = 0; i < 4; i++)
402 qq_send_cmd_detail(qd, QQ_CMD_LOGOUT, 0xffff, FALSE, qd->password_twice_md5, QQ_KEY_LENGTH);
403
404 qd->logged_in = FALSE; /* update login status AFTER sending logout packets */
405 }
406
407 /* process the login reply packet */
408 guint8 qq_process_login_reply(guint8 *buf, gint buf_len, PurpleConnection *gc)
409 {
410 qq_data *qd;
411 guint8 *data;
412 gint data_len;
413 gchar* error_msg;
414
415 g_return_val_if_fail(buf != NULL && buf_len != 0, QQ_LOGIN_REPLY_ERR_MISC);
416
417 qd = (qq_data *) gc->proto_data;
418
419 data_len = buf_len;
420 data = g_newa(guint8, data_len);
421
422 if (qq_decrypt(buf, buf_len, qd->inikey, data, &data_len)) {
423 purple_debug(PURPLE_DEBUG_WARNING, "QQ",
424 "Decrypt login reply packet with inikey, %d bytes\n", data_len);
425 } else {
426 /* reset data_len since it may changed */
427 data_len = buf_len;
428 if (qq_decrypt(buf, buf_len, qd->password_twice_md5, data, &data_len)) {
429 purple_debug(PURPLE_DEBUG_INFO, "QQ",
430 "Decrypt login reply packet with password_twice_md5, %d bytes\n", data_len);
431 } else {
432 purple_debug(PURPLE_DEBUG_ERROR, "QQ",
433 "No idea how to decrypt login reply\n");
434 return QQ_LOGIN_REPLY_ERR_MISC;
435 }
436 }
437
438 switch (data[0]) {
439 case QQ_LOGIN_REPLY_OK:
440 purple_debug(PURPLE_DEBUG_INFO, "QQ", "Login reply is OK\n");
441 return process_login_ok(gc, data, data_len);
442 case QQ_LOGIN_REPLY_REDIRECT:
443 purple_debug(PURPLE_DEBUG_INFO, "QQ", "Login reply is redirect\n");
444 return process_login_redirect(gc, data, data_len);
445 case QQ_LOGIN_REPLY_ERR_PWD:
446 purple_debug(PURPLE_DEBUG_INFO, "QQ", "Login reply is error password\n");
447 return process_login_wrong_pwd(gc, data, data_len);
448 case QQ_LOGIN_REPLY_NEED_REACTIVE:
449 case QQ_LOGIN_REPLY_REDIRECT_EX:
450 purple_debug(PURPLE_DEBUG_INFO, "QQ", "Login reply is not actived or redirect extend\n");
451 default:
452 break;
453 }
454
455 purple_debug(PURPLE_DEBUG_ERROR, "QQ", "Unknown reply code: %d\n", data[0]);
456 qq_hex_dump(PURPLE_DEBUG_WARNING, "QQ",
457 data, data_len,
458 ">>> [default] decrypt and dump");
459 error_msg = try_dump_as_gbk(data, data_len);
460 if (error_msg) {
461 purple_connection_error_reason(gc, PURPLE_CONNECTION_ERROR_NETWORK_ERROR, error_msg);
462 g_free(error_msg);
463 }
464 return QQ_LOGIN_REPLY_ERR_MISC;
465 }
466
467 /* send keep-alive packet to QQ server (it is a heart-beat) */
468 void qq_send_packet_keep_alive(PurpleConnection *gc)
469 {
470 qq_data *qd;
471 guint8 raw_data[16] = {0};
472 gint bytes= 0;
473
474 qd = (qq_data *) gc->proto_data;
475
476 /* In fact, we can send whatever we like to server
477 * with this command, server return the same result including
478 * the amount of online QQ users, my ip and port */
479 bytes += qq_put32(raw_data + bytes, qd->uid);
480
481 qq_send_cmd(qd, QQ_CMD_KEEP_ALIVE, raw_data, 4);
482 }
483
484 /* parse the return of keep-alive packet, it includes some system information */
485 gboolean qq_process_keep_alive(guint8 *buf, gint buf_len, PurpleConnection *gc)
486 {
487 qq_data *qd;
488 gint len;
489 gchar **segments;
490 guint8 *data;
491
492 g_return_val_if_fail(buf != NULL && buf_len != 0, FALSE);
493
494 qd = (qq_data *) gc->proto_data;
495 len = buf_len;
496 data = g_newa(guint8, len);
497
498 if ( !qq_decrypt(buf, buf_len, qd->session_key, data, &len) ) {
499 purple_debug(PURPLE_DEBUG_ERROR, "QQ", "Error decrypt keep alive reply\n");
500 return FALSE;
501 }
502
503 /* qq_show_packet("Keep alive reply packet", data, len); */
504
505 /* the last one is 60, don't know what it is */
506 if (NULL == (segments = split_data(data, len, "\x1f", 6)))
507 return TRUE;
508
509 /* segments[0] and segment[1] are all 0x30 ("0") */
510 qd->total_online = strtol(segments[2], NULL, 10);
511 if(0 == qd->total_online) {
512 purple_connection_error_reason(gc, PURPLE_CONNECTION_ERROR_NETWORK_ERROR,
513 _("Keep alive error"));
514 }
515 qd->my_ip.s_addr = inet_addr(segments[3]);
516 qd->my_port = strtol(segments[4], NULL, 10);
517
518 purple_debug(PURPLE_DEBUG_INFO, "QQ", "keep alive, %s:%d\n",
519 inet_ntoa(qd->my_ip), qd->my_port);
520
521 g_strfreev(segments);
522 return TRUE;
523 }