apparently 923 and 924 are supported way earlier it's REALLY confusing apparently because yes those clients DO handle those codes, but HOW? makes me want to throw out the error code tables because it seems like different clients implement them in different ways with no established rule, especially those two because only 924 doesn't appear in plain text in the main binary until P7, but it absolutely exists before then? And for 923... I don't even know. It's not in the main binary (at all). Let alone in later versions.
6.5 KiB
Introduction
USR
is a command introduced with MSNP2.
The command exists in all services, without a request or response payload.
Specifies a user that wants to authenticate to the service. For the command that is used when sending this to a Dispatch Server, read XFR.
This command can only be sent once. Any further uses of this command in the same session is Undefined Behavour.
Client/Request
Dispatch Server or Notification Server
The Initial request
USR TrID security-package I user-handle
Depending on the version of the protocol you are using, security-package
can be:
CTP
: Clear Text Password. Only in MSNP2.MD5
: MD5-based authentication. Only in MSNP2 to MSNP7.TWN
: "Tweener", Passport 1.4 or compatible authentication service. Since MSNP8.SSO
: Single Sign On, usually a more advanced Passport 3.0 authentication method. Since MSNP15.
The Subsequent request
USR TrID security-package S {...response-args}
Where response-args
can be anything, but based on security-package
it can be:
CTP
: Your password in plain text.MD5
: The server's login challenge concatenated with your password.TWN
: Thefrom-PP
parameter in theAuthentication-Info
header sent in response to Passport 1.4, or if using Passport 3.0, the<wsse:BinarySecurityToken>
of the relevant<wst:RequestSecurityTokenResponse>
.SSO
: The same as Passport 3.0 inTWN
, but with the extra parameter being the custom challenge response encoded as base64.
Switchboard Server
USR TrID user-handle cookie
Where user-handle
is your current user handle.
Where cookie
is the relevant parameter given from XFR or RNG.
Server/Response
Dispatch Server or Notification Server
Requesting a Subsequent action
USR TrID OK security-package S {...challenge}
Where challenge
, based on the security-package
is:
CTP
: Nothing. This parameter is omitted.MD5
: The login challenge to concatenate with your password.TWN
: The Passport login parameters.SSO
: The Passport login policy and a base64-encoded key.
Successfully authenticated
USR TrID OK user-handle {friendly-name} {verified} {account-restricted}
Where OK
is always OK
.
Where user-handle
is your user handle.
Where friendly-name
is your current Friendly Name. Removed in MSNP10.
Where verified
is the account's verification status,
where 0 is unverified, and 1 is verified. Added since MSNP6.
Where account-restricted
is the account's restricted status,
where 0 is unrestricted, and 1 is restricted. Added since MSNP8.
If this is set, the Client may log out automatically and ask to use MSN Explorer.
Switchboard Server
USR TrID OK user-handle friendly-name
Where user-handle
is your current user handle.
Where friendly-name
is your current friendly name.
Examples
Notification Server
Using CTP
Only in MSNP2.
C: USR 1 CTP I example@hotmail.com
S: USR 1 CTP S
C: USR 2 CTP S password
S: USR 2 OK example@hotmail.com example%20user
Using MD5
C: USR 3 MD5 I example@hotmail.com
S: USR 3 MD5 S 1234567890.123456789
C: USR 4 MD5 S f59af8f2fa91d38aff7c870c17f99903
S: USR 4 OK example@hotmail.com example%20user 1
Using TWN
Since MSNP8.
C: USR 5 TWN I example@hotmail.com
S: USR 5 TWN S passport=parameters,neat=huh,lc=1033,id=507
The HTTPS interlude has been moved to the Passport 1.4 article.
C: USR 6 TWN S t=token&p=profile
S: USR 6 OK example@hotmail.com example%20user 1 0
Using SSO
Since MSNP15.
NOTE: This has been line-breaked.
Lines beginning with ..
followed by a space are continuations of the previous line.
C: USR 7 SSO I example@hotmail.com
S: USR 7 SSO S MBI_KEY_OLD AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
The HTTPS and key-encryption interlude has been removed from here and is to reinstated as two seperate pages.
C: USR 8 SSO S t=ticket HAAAAAEAAAADZgAABIAAAAgAAAAUAAAASAAAAAAAAA
.. AAAAAA7XgT5ohvaZdoXdrWUUcMF2G8OK2JohyYcK5l5M
.. JSitab33scxJeK/RQXcUr0L+R2ZA9CEAzn0izmUzSMp
.. 2LZdxSbHtnuxCmptgtoScHp9E26HjQVkA9YJxgK/HM=
S: USR 8 OK example@hotmail.com
Invalid username or password
C: USR 9 TWN I example@hotmail.com
S: USR 9 TWN S passport=parameters,neat=huh,lc=1033,id=507
C: USR 10 TWN S t=not*a*passport*ticket&p=not*a*profile*either
S: 911 10
Server disconnects client.
Child account not authorized
Since MSNP4.
C: USR 11 MD5 I example@hotmail.com
S: USR 11 MD5 S 1234567890.123456789
C: USR 12 MD5 S f59af8f2fa91d38aff7c870c17f99903
S: 923 12
Server disconnects client.
Account not verified
Hard block
Since MSNP5.
NOTE: This will show the Account Verification dialog.
C: USR 13 MD5 I example@hotmail.com
S: USR 13 MD5 S 1234567890.123456789
C: USR 14 MD5 S f59af8f2fa91d38aff7c870c17f99903
S: 924 14
Server disconnects client.
Soft warning
Since MSNP6.
C: USR 15 MD5 I example@hotmail.com
S: USR 15 MD5 S 1234567890.123456789
C: USR 16 MD5 S f59af8f2fa91d38aff7c870c17f99903
S: USR 16 OK example@hotmail.com example%20user 0
Account restricted
Since MSNP8.
NOTE: This will automatically log you out and force you to use MSN Explorer instead.
C: USR 17 TWN I example@hotmail.com
S: USR 17 TWN S passport=parameters,neat=huh,lc=1033,id=507
C: USR 18 TWN S t=token&p=profile
S: USR 18 OK example@hotmail.com example%20user 1 1
Client disconnects from server.
Wrong server for this account
C: USR 19 TWN I example@hotmail.com
S: 931 19
Server disconnects client.
Switchboard Server
C: USR 20 example@passport.com 1234567890.1234567890.1234567890
S: USR 20 OK example@passport.com example%20user