Tokens

From WebTV Wiki
Jump to navigation Jump to search
WTVP
OverviewList of WTVP ServicesWTVP-specific Content-TypesStatus Codes
Concepts
TokensTicketsCapability Flags
Headers
Header ListData TypesCommon Request Headers
Processes
First-Time RegistrationHeadwaiter (Login)Messenger ServicesFavoritesChecking for new mailRetrieving settingsObtaining new wtv-ticketsSmart CardMiscellaneous
URLs for WTVP Services
wtv-1800wtv-aroundtownwtv-authorwtv-centerwtv-chatwtv-contentwtv-cookiewtv-customscriptwtv-diskwtv-epguidewtv-favoritewtv-flashromwtv-guidewtv-head-waiterwtv-homewtv-introwtv-logwtv-mailwtv-newswtv-noticeswtv-partnerwtv-passportwtv-registerwtv-setupwtv-smartcardwtv-spotwtv-starwtv-trickswtv-tutorial

Around November 2000, WebTV/MSN TV rolled out a server-side update that, from then on, would internally enforce the URLs of certain services to have a unique discriminator tacked at the end of them for any box to access them normally. These are known as tokens, and was Microsoft's attempt at addressing the insane amount of security flaws present in the WebTV/MSN TV network.

Format

WebTV/MSN TV tokens take on the form of a specifically formatted string placed at the end of a service URL. It will usually look like this: -wtv-token-XXXXXXXXXX-YYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYY - the X's represent a series of numerical digits that have been observed to be 9 - 10 digits long, while Y represents a 32-character long hexadecimal string. It is unknown how either part is exactly generated.

So for example, if a WebTV/MSN TV box wanted to log in and started the login process on the headwaiter, on the first login endpoint it'd be taken to "wtv-head-waiter:/login-stage-two", but the URL would specify a token of 1744562169-11DAE6866C29B7F0806DCE26B4409C0C in order for it to be accessible for that specific box's session, thus making the final URL wtv-head-waiter:/login-stage-two-wtv-token-1744562169-11DAE6866C29B7F0806DCE26B4409C0C.

Usage

Tokens are usually seen in service URLs that are used for critical parts of the WebTV/MSN TV service and could potentially be misused. This includes services used for logging in, generating new tickets, setting favorites, and even things as simple as the Credits page. It is assumed that for each time you visit one of these URLs that a unique token would be generated for the lifetime the user is on it. It is unknown how long each individual token lasts for or if they can be accessed without a token granted that they're accessed directly from WebTV/MSN TV service pages, but one thing that was certain is that it made WebTV/MSN TV hacking harder for those in the scene.

It's not exactly known what happens on a protocol level if a URL that requires the presence of a token doesn't detect one, but it can be assumed that a user would simply get a generic error if an attempt is made to access it.

Circumvention

Try as Microsoft might, their rudimentary token system did not stop hackers from finding ways to circumvent it. In this case, all it took to circumvent the tokens were by using certain WebTV/MSN TV service URLs that weren't affected and allowed browsing to other WebTV/MSN TV service URLs. (http://turdinc.kicks-ass.net/Msntv/ulTRAX/matttricks.htm; "Old token bypass methods")