[VB.NET] Encrypting password in MD5

[todd]

I'm working on an Oscar client.. basically, I send the server a request for an "auth key" and the server sends the "auth key" which should be used to encrypt the password in MD5.

(to server) auth key please!

(to client) heres your auth key (in decimal): 50 54 49 50 54 48 55 57 55

(to server) here's my encrypted password: xxxxxxxxxx (how do i get this?)

Because there are no official Oscar protocol specs, I don't understand how I'm supposed to use MD5 to encrypt the password with this "auth key".

The reference I'm looking at is here: http://iserverd1.khstu.ru/oscar/snac_17_02.html

  Quote

You'll need password (note: I have that), authkey from SNAC(17,07) (note: I have that) and RFC 1321 md5 routines:

  #define AIM_MD5_STRING "AOL Instant Messenger (SM)"

  /* first we need md5-hash of our password */

  md5_init(&state);

  md5_append(&state, (const md5_byte_t *)passwd, strlen(passwd));

  md5_finish(&state, (md5_byte_t *)pass_hash);

  /* calculate md5-hash to send to server */

  md5_init(&state);

  md5_append(&state, (const md5_byte_t *)authkey, strlen(authkey));

  md5_append(&state, (const md5_byte_t *)pass_hash, sizeof(pass_hash));

  md5_append(&state, (const md5_byte_t *)AIM_MD5_STRING, strlen(AIM_MD5_STRING));

  md5_finish(&state, (md5_byte_t *)auth_hash);

  /* Now we ready send to server auth_hash array (16 bytes long) */

Obviously, this is in C (or c++ .. i dont know).. but appearantly, that's how you create the end result, but I can't make heads or tails of it.. how would I do it in vb.net?

[FireRabbit]

An oscar client? You are a brave my friend.

Public Shared Function MD5(ByVal stringIn As String) As Byte()
     ' You will need to make sure this is the encoding the server is expecting
     Dim bytesIn() As Byte = System.Text.Encoding.ASCII.GetBytes(stringIn)
     Dim bytesOut() As Byte = New System.Security.Cryptography.MD5CryptoServiceProvider().ComputeHash(bytesIn)
     Return bytesOut
End Function

Remember MD5 isnt encryption, it's just a one-way hash algorithm.

[todd]

I was expecting a function that took two parameters (password, authkey).. for the most part, I couldve come up with that.. what I didnt understand in the original code was appending the authkey and password hash (as opposed to just concatenating the two strings), and how that changed the result.. so this doesnt help too much, but thanks anyway :) If you know how to do this though with appending, it will help a lot :yes:

do you have experience with the oscar protocol?

[FireRabbit]

Ah I see, you are going to need to do something like:

Dim passwordBytes() As Byte = MD5(myPassword)
Dim authBytes() As Byte = ' However you get this
Dim sendBytes(passwordBytes.Length + authBytes.Length - 1) As Byte
Array.Copy(passwordBytes, 0, sendBytes, 0, passwordBytes.Length)
Array.Copy(authBytes, 0, sendBytes, passwordBytes.Length, authBytes.Length)

[todd]

that would return a result such as <password hash><auth key> which is too long.. the hash being sent has to be 16 bytes total.. im trying different combinations of the password and the auth key but none of them work :/

[azcodemonkey]

I don't know if this is correct. I'm not familiar with md5_append. Does it hash what's being stored?

Please note that this is just an example, not a full solution. I don't do those, unless I'm getting paid. ;)

	 Dim authkey_hash As Byte() =  {50, 54, 49, 50, 54, 48, 55, 57, 55}
 	 Const AIM_MD5_STRING As String = "AOL Instant Messenger (SM)"
 	 Dim data As Byte() = ASCIIEncoding.ASCII.GetBytes(textBox1.Text)
 	 Dim md5 As MD5 = New MD5CryptoServiceProvider
 	 Dim pass_hash As Byte() = md5.ComputeHash(data)
 	 Dim AIM_MD5_HASH As Byte() = ASCIIEncoding.ASCII.GetBytes(AIM_MD5_STRING)
 	 Dim auth_hash(pass_hash.Length + authkey_hash.Length + AIM_MD5_HASH.Length) As Byte
 	 Array.Copy(authkey_hash, 0, auth_hash, 0, authkey_hash.Length)
 	 Array.Copy(pass_hash, 0, auth_hash, authkey_hash.Length - 1, pass_hash.Length)
 	 Array.Copy(AIM_MD5_HASH, 0, auth_hash, (authkey_hash.Length - 1) + (pass_hash.Length - 1), AIM_MD5_HASH.Length)
 	 md5 = New MD5CryptoServiceProvider
 	 Dim send_hash As Byte() = md5.ComputeHash(auth_hash)
 	 textBox2.Text = ASCIIEncoding.ASCII.GetString(send_hash)