Saturday, November 28, 2015

SASL Authentication [BYPASS]



While working on a project i came across an error while trying to join an IRC server who had SASL Authentication with a custom-self-made client.
Note: With the official mIRC client it works just fine.
IMPORTANT NOTE: I DIDNT STUDY ANYTHING ABOUT SASL TLS AUTHENTICATION/ENCRYPTION AND THE DESCRIPTION I PROVIDE BELOW ARE WHAT I THOUGHT AT THE TIME IT WAS. aka PURE GUESSING WORK

And here it started...

The mIRC debug:


CLIENT: Command: CAP LS
Description:
The client SENDS BEFORE ANYTHING the CAP LS command (In my head the CAP LS command was more like a header where it  was indicatubg the SASL Authentication Request.)

SERVER: Command: CAP *TOKEN* LS :multi-prefix sasl tls
Description:
The server assigns to the client a random generated token *which is never used* and awaits for a response

CLIENT:
Command:  CAP REQ :multi-prefix
Description:
We respond back to the server with the CAP REQ :multi-prefix command

SERVER: Command: PRIVMSG *NICKNAME* :VERSION
Description:
The server send a Private Message and asks for the client version
CLIENT:
Command:  NOTICE *SERVER ADDRESS* :VERSION mIRC v7.43                            <--- Here im just using the original mIRC version signature
Description:
We respond back to the server via PM using the NOTICE command and giving a fake client version "signature"

SERVER: Command: CAP *NICKNAME* ACK :multi-prefix
Description:
Last Authentication step , server asks for the client to confirm the end of auth. by sending the CAP END command.

CLIENT:
Command: CAP END
Description:
We respond back to the server CAP END to end the authentication session

C# (Command Line Code):
  String token = buf.Split(' ')[2];
if (buf.Split(' ')[1] == "CAP")
                {
                   
                    Console.Write("Token=" + token + "\n");

                    //Stage 1 AUTHENTICATION
                    if (buf.Split(' ')[1] == "CAP" && buf.Split(' ')[2] == token && buf.Split(' ')[3] == "LS")
                    {
                        output.Write("CAP REQ :multi-prefix " + "\r\n");
                        Console.Write("Client: CAP REQ :multi-prefix SENT" + "\n");
                    }
                    else if (buf.Split(' ')[1] == "CAP" && buf.Split(' ')[2] == nick)
                    {
                        output.Write("CAP END " + "\r\n");
                        Console.Write("Client: CAP END SENT" + "\n");
                    } 
                    output.Flush();
                }

                if (buf.Split(' ')[1] == "PRIVMSG")
                {
                    output.Write("NOTICE x01.mirc.com.gr : VERSION mIRC v7.43 ");
                    Console.Write("Client: PRIVMSG VERSION SENT" + "\n");
                    output.Flush();
                }


3 comments:

  1. This comment has been removed by the author.

    ReplyDelete
  2. This comment has been removed by the author.

    ReplyDelete
  3. Ircserver Italia.
    Irc.ircserver.it 6666 ssl 6696
    irc.akt4rus.it 6666 ssl 6696
    webchat:
    http://kiwinew.akt4rus.it
    http://thelounge.akt4rus.it

    ReplyDelete