Services/Technical/Messenger: Difference between revisions
(→MSNP8) |
(Update MSNP links, add more info on messengerlogin and remove fluff from MSNP8 section) |
||
Line 1: | Line 1: | ||
Somewhere down the road, it was decided WebTV should have a Messenger feature. This feature was added in by the 2.5 client upgrade and lasted well into the | Somewhere down the road, it was decided WebTV should have a Messenger feature. This feature was added in by the 2.5 client upgrade and lasted well into the MSN TV 2's lifespan. | ||
== Basic == | == Basic == | ||
WebTV/MSN TV's Messenger feature relies on another Microsoft service, the [https://en.wikipedia.org/wiki/Microsoft_Messenger_service MSN Messenger service] (also known as '''.NET Messenger Service''' or the '''Windows Live Messenger service'''), to operate, and it's assumed a corresponding Microsoft Passport (now Microsoft account) would have to be linked to a WebTV/MSN TV account for the feature to work. For first | WebTV/MSN TV's Messenger feature relies on another Microsoft service, the [https://en.wikipedia.org/wiki/Microsoft_Messenger_service MSN Messenger service] (also known as '''.NET Messenger Service''' or the '''Windows Live Messenger service'''), to operate, and it's assumed a corresponding Microsoft Passport (now Microsoft account) would have to be linked to a WebTV/MSN TV account for the feature to work. For WebTV and first generation MSN TV, once a user successfully logs in through the headwaiter, the server will send to the box alongside all its account and configuration information: a hostname for the Messenger protocol server the box will connect to, flag values determining if the feature is authorized or enabled for the subscriber/user, the service URL to perform Messenger authentication on through [[WTVP]], and several timeout flags that supposedly control how long the Messenger client should wait in certain scenarios. | ||
The Messenger client on | The Messenger client on WebTV and MSN TV is mostly built into the firmware, and is very primitive. It allows a user to see whether their contacts are online or offline (FYI statuses such as Away, Busy, etc. that are supported by the underlying MSN Messenger service are translated by the client as an online status), send and receive plain text messages (WebTV and first-gen MSN TV's clients don't support graphical emoticons, although MSN TV 2's did), manage availability and block list options through the settings on the WebTV/MSN TV service, manage their contact list through their e-mail address book, and receive notifications when people add them. | ||
== Images == | == Images == | ||
Line 20: | Line 20: | ||
</div> | </div> | ||
=== | === MSN TV 2 === | ||
<div class="captioned-img"> | <div class="captioned-img"> | ||
[[File:msntv2_messenger_contactlist.jpg|200x150px|msntv2_messenger_contactlist.jpg]] | [[File:msntv2_messenger_contactlist.jpg|200x150px|msntv2_messenger_contactlist.jpg]] | ||
Line 47: | Line 47: | ||
== Protocols == | == Protocols == | ||
=== Client === | === Client === | ||
The Messenger client on WebTV | The Messenger client on WebTV and MSN TV uses the MSNP protocol to communicate with the Messenger protocol server, which operates over TCP port 1863. This protocol is out of this wiki's scope and unlike WebTV/MSN TV's protocols has a fair amount of documentation floating around on the internet, and we won't go into too much depth on it here. You can read more up on it [http://web.archive.org/web/20100819183636/http://msnpiki.msnfanatic.com/index.php/Main_Page here], [http://www.hypothetic.org/docs/msn/index.php here] (MSNP8 - 10), [https://tools.ietf.org/html/draft-movva-msn-messenger-protocol-00 here] (MSNP2), and [http://www.hypothetic.org/docs/msn/sitev2.0/ here] (MSNP7). | ||
==== Protocol support ==== | ==== Protocol support ==== | ||
What is currently known about protocol support is that version 2.5 of the WebTV Viewer supports version 3 of the MSNP protocol if you configure a SOCKS proxy on the Viewer to allow connections outside of the WebTV/MSN TV network, and firmware version 2.8 supports version 6 of the protocol. It's known the latest version of MSNP | What is currently known about protocol support is that version 2.5 of the WebTV Viewer supports version 3 of the MSNP protocol if you configure a SOCKS proxy on the Viewer to allow connections outside of the WebTV/MSN TV network, and firmware version 2.8 supports version 6 of the protocol. It's known the latest version of MSNP that WebTV (MSN TV) supported is MSNP8. | ||
==== Identification ==== | ==== Identification ==== | ||
So far, it's confirmed that | So far, it's confirmed that MSN TV version 2.8 sends a <code>CVR</code> command to the Messenger protocol server after logging in: | ||
CVR (TrID) 0x0409 webtv 2.8 MIPS msntvim 2.8 msntv | CVR (TrID) 0x0409 webtv 2.8 MIPS msntvim 2.8 msntv | ||
To quickly explain what this command does, it identifies the client logging into the Messenger service. In this case, the client is identified as "msntv" with a version of "2.8". The OS is identified as "webtv" with the same version. Other things sent for identification are the architecture, which in this case is "MIPS", and the client library, which is <code>msntvim</code>. We don't know yet if builds before 2.8 send this on real hardware, although it's known that | To quickly explain what this command does, it identifies the client logging into the Messenger service. In this case, the client is identified as "msntv" with a version of "2.8". The OS is identified as "webtv" with the same version. Other things sent for identification are the architecture, which in this case is "MIPS", and the client library, which is <code>msntvim</code>. We don't know yet if builds before 2.8 send this on real hardware, although it's known that version 2.5 of the WebTV Viewer doesn't send any <code>CVR</code>s to the Messenger server. | ||
==== WebTV/MSN TV-first commands ==== | ==== WebTV/MSN TV-first commands ==== | ||
Line 62: | Line 62: | ||
=== WTVP === | === WTVP === | ||
==== Login ==== | ==== Login ==== | ||
During the WebTV/MSN TV box's connection to the Messenger protocol server, it will receive a <code>USR S</code> command after sending the Passport email associated with the | During the WebTV/MSN TV box's connection to the Messenger protocol server, it will receive a <code>USR S</code> command after sending the Passport email associated with the service account to the server. This <code>USR S</code> response contains a challenge string. On version 8 of MSNP, this is a URL-encoded and comma delimited list of key-value parameters (e.g., <code>lc=1033,id=507,tw=40,fs=1,ru=http%3A%2F%2Fmessenger%2Emsn%2Ecom,ct=1062764229,kpp=1,kv=5,ver=2.1.0173.1,tpf=43f8a4c8ed940c04e3740be46c4d1619</code>), and on versions below that, it is a decimal value (e.g., "1013928519.693957190"), although it can technically be any value. Whatever the challenge value is, this is passed over to a <code>wtv-passport</code> service located at "wtv-passport:/messengerlogin". The way authentication is handled likely depends on a bit set in the capability flags sent with a request (the "Supports MSN Messenger MSNP8" flag). | ||
For both MSNP8 and <=MSNP7, clients will send a <code>SECURE</code>'d <code>GET</code> request to "wtv-passport:/messengerlogin?[CHALLENGE]", <code>[CHALLENGE]</code> being the aforementioned challenge string it receives from the protocol server. The <code>GET</code> request alone does not appear to send any other headers identifying the WebTV/MSN TV user logging in, so it's assumed that authorization headers sent by a <code>SECURE</code> request (such as <code>wtv-ticket</code>) gives the messengerlogin service the necessary information about the user to authorize the request. | |||
==== MSNP3-7 ==== | ==== MSNP3-7 ==== | ||
If the user's request is authorized and they have a Passport account linked to their WebTV/MSN TV account, an MD5 hash of the challenge string concatenated with their Passport password is sent in hexadecimal format in a 200 OK response: | |||
200 OK\n | 200 OK\n | ||
Line 78: | Line 80: | ||
The MD5 response, when decrypted and decompressed from the WTVP response, is then sent to the protocol server and further authentication is handled there. | The MD5 response, when decrypted and decompressed from the WTVP response, is then sent to the protocol server and further authentication is handled there. | ||
==== MSNP8 ==== | ==== MSNP8 ==== | ||
While no captures of the messengerlogin responses sent for MSNP8 from the official WebTV/MSN TV servers are available, it's very likely that the query string sent to messengerlogin along with the Messenger account information would be processed on Microsoft's Passport system. If authentication succeeds, then a Passport token is generated. This is equivalent to the "Nexus" login used in desktop MSN Messenger clients from 5.0 - 7.0. | |||
If authentication succeeds, | |||
If messengerlogin is able to get a token from Passport, then it will send it in the response as body data: | |||
200 OK\n | 200 OK\n | ||
Line 100: | Line 91: | ||
Expires: Wed, 09 Oct 1991 22:00:00 GMT\n | Expires: Wed, 09 Oct 1991 22:00:00 GMT\n | ||
Content-Type: text/plain\n | Content-Type: text/plain\n | ||
Content-length: [ | Content-length: [token length]\n | ||
wtv-lzpf: 0\n | wtv-lzpf: 0\n | ||
\n | \n | ||
[ | [token from Passport] | ||
<hr> | |||
Regardless of the mode of authentication messengerlogin uses, in the event that anything goes wrong (e.g., no Passport linked to WebTV/MSN TV account), it's been observed that a generic 500 error is sent: | |||
500 MSN TV ran into a technical problem. Please try again.\n | |||
Connection: Keep-Alive\n | |||
wtv-encrypted: true\n | |||
\n | |||
==== Post-Login ==== | |||
After the client gets a successful response from messengerlogin, it will continue authenticating with the MSN Messenger server by itself. |
Revision as of 12:19, 29 January 2023
Somewhere down the road, it was decided WebTV should have a Messenger feature. This feature was added in by the 2.5 client upgrade and lasted well into the MSN TV 2's lifespan.
Basic
WebTV/MSN TV's Messenger feature relies on another Microsoft service, the MSN Messenger service (also known as .NET Messenger Service or the Windows Live Messenger service), to operate, and it's assumed a corresponding Microsoft Passport (now Microsoft account) would have to be linked to a WebTV/MSN TV account for the feature to work. For WebTV and first generation MSN TV, once a user successfully logs in through the headwaiter, the server will send to the box alongside all its account and configuration information: a hostname for the Messenger protocol server the box will connect to, flag values determining if the feature is authorized or enabled for the subscriber/user, the service URL to perform Messenger authentication on through WTVP, and several timeout flags that supposedly control how long the Messenger client should wait in certain scenarios.
The Messenger client on WebTV and MSN TV is mostly built into the firmware, and is very primitive. It allows a user to see whether their contacts are online or offline (FYI statuses such as Away, Busy, etc. that are supported by the underlying MSN Messenger service are translated by the client as an online status), send and receive plain text messages (WebTV and first-gen MSN TV's clients don't support graphical emoticons, although MSN TV 2's did), manage availability and block list options through the settings on the WebTV/MSN TV service, manage their contact list through their e-mail address book, and receive notifications when people add them.
Images
Original WebTV/MSN TV
MSN TV 2
Protocols
Client
The Messenger client on WebTV and MSN TV uses the MSNP protocol to communicate with the Messenger protocol server, which operates over TCP port 1863. This protocol is out of this wiki's scope and unlike WebTV/MSN TV's protocols has a fair amount of documentation floating around on the internet, and we won't go into too much depth on it here. You can read more up on it here, here (MSNP8 - 10), here (MSNP2), and here (MSNP7).
Protocol support
What is currently known about protocol support is that version 2.5 of the WebTV Viewer supports version 3 of the MSNP protocol if you configure a SOCKS proxy on the Viewer to allow connections outside of the WebTV/MSN TV network, and firmware version 2.8 supports version 6 of the protocol. It's known the latest version of MSNP that WebTV (MSN TV) supported is MSNP8.
Identification
So far, it's confirmed that MSN TV version 2.8 sends a CVR
command to the Messenger protocol server after logging in:
CVR (TrID) 0x0409 webtv 2.8 MIPS msntvim 2.8 msntv
To quickly explain what this command does, it identifies the client logging into the Messenger service. In this case, the client is identified as "msntv" with a version of "2.8". The OS is identified as "webtv" with the same version. Other things sent for identification are the architecture, which in this case is "MIPS", and the client library, which is msntvim
. We don't know yet if builds before 2.8 send this on real hardware, although it's known that version 2.5 of the WebTV Viewer doesn't send any CVR
s to the Messenger server.
WebTV/MSN TV-first commands
So far, the only MSNP command recorded to only be used on WebTV/MSN TV clients is IMS
, and has been covered on to some degree years ago.
Supposedly this is triggered after a certain amount of idle time, but what the value of this time is or where it's obtained from is not known currently. The exact behavior of IMS
being set to "OFF" aside from it blocking new conversations initiated by others is also unknown.
WTVP
Login
During the WebTV/MSN TV box's connection to the Messenger protocol server, it will receive a USR S
command after sending the Passport email associated with the service account to the server. This USR S
response contains a challenge string. On version 8 of MSNP, this is a URL-encoded and comma delimited list of key-value parameters (e.g., lc=1033,id=507,tw=40,fs=1,ru=http%3A%2F%2Fmessenger%2Emsn%2Ecom,ct=1062764229,kpp=1,kv=5,ver=2.1.0173.1,tpf=43f8a4c8ed940c04e3740be46c4d1619
), and on versions below that, it is a decimal value (e.g., "1013928519.693957190"), although it can technically be any value. Whatever the challenge value is, this is passed over to a wtv-passport
service located at "wtv-passport:/messengerlogin". The way authentication is handled likely depends on a bit set in the capability flags sent with a request (the "Supports MSN Messenger MSNP8" flag).
For both MSNP8 and <=MSNP7, clients will send a SECURE
'd GET
request to "wtv-passport:/messengerlogin?[CHALLENGE]", [CHALLENGE]
being the aforementioned challenge string it receives from the protocol server. The GET
request alone does not appear to send any other headers identifying the WebTV/MSN TV user logging in, so it's assumed that authorization headers sent by a SECURE
request (such as wtv-ticket
) gives the messengerlogin service the necessary information about the user to authorize the request.
MSNP3-7
If the user's request is authorized and they have a Passport account linked to their WebTV/MSN TV account, an MD5 hash of the challenge string concatenated with their Passport password is sent in hexadecimal format in a 200 OK response:
200 OK\n Connection: Keep-Alive\n wtv-encrypted: true\n Expires: Wed, 09 Oct 1991 22:00:00 GMT\n Content-Type: text/plain\n Content-length: 32\n wtv-lzpf: 0\n \n [encrypted and compressed MD5 hex response]
The MD5 response, when decrypted and decompressed from the WTVP response, is then sent to the protocol server and further authentication is handled there.
MSNP8
While no captures of the messengerlogin responses sent for MSNP8 from the official WebTV/MSN TV servers are available, it's very likely that the query string sent to messengerlogin along with the Messenger account information would be processed on Microsoft's Passport system. If authentication succeeds, then a Passport token is generated. This is equivalent to the "Nexus" login used in desktop MSN Messenger clients from 5.0 - 7.0.
If messengerlogin is able to get a token from Passport, then it will send it in the response as body data:
200 OK\n Connection: Keep-Alive\n wtv-encrypted: true\n Expires: Wed, 09 Oct 1991 22:00:00 GMT\n Content-Type: text/plain\n Content-length: [token length]\n wtv-lzpf: 0\n \n [token from Passport]
Regardless of the mode of authentication messengerlogin uses, in the event that anything goes wrong (e.g., no Passport linked to WebTV/MSN TV account), it's been observed that a generic 500 error is sent:
500 MSN TV ran into a technical problem. Please try again.\n Connection: Keep-Alive\n wtv-encrypted: true\n \n
Post-Login
After the client gets a successful response from messengerlogin, it will continue authenticating with the MSN Messenger server by itself.