F4HOF

User Tools

Site Tools

Trace: b2f
b2f:b2f

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
b2f:b2f [2025/02/15 10:22] – [Message Header] f4hofb2f:b2f [2025/03/09 17:46] (current) – [Secure Gateway Login] f4hof
Line 57: Line 57:
 The exchange happens after the SID has been transmitted. The exchange happens after the SID has been transmitted.
  
-The server sends a '';PQ'' proposal with an authentication challenge, which is formatted as follow:+The server sends a '';PQ:'' proposal with an authentication challenge, which is formatted as follow:
  
-<code>;PQ 99685857</code>+<code>;PQ99685857</code>
  
 The client computes the response using the following pseudocode: The client computes the response using the following pseudocode:
  
 <code c> <code c>
-// Trailing salt +S3CRYPT:BEGIN:AESCTR:14AD:wrgBw7/DuMKaw5HDjWdeQ8K1Xj3CjDtjOcKBYUtNDSoNDMKvwq 
-uint8_t sl_salt[] = { +rDi8K8JsOww7bCixErw4fCgcKBA8Oew6TDm8Kcw4YhNRdjAgwt 
-   77, 197, 101, 206, 190, 249,  93, 200,  +VcK2w6MdwpNhwppnw4QbX0HDkSbCgHM8w5I0w78NCsOOwrnCuG 
-   51, 243,  93, 237,  71,  94, 239, 138,  +zDq8O0w5oNw5lNw6DCscOHSAlwwowSwqvDlMKAKw7DrMKGAHsp 
-   68, 108,  70, 185, 225, 137, 217,  16, +BCwMd8KjXmjDrMO7RTUTXlRqSU3CvsK4T8K2XT/DsArClsKUwq 
-   51, 122, 193,  48, 194, 195, 198, 175,  +bCvD4/PRg+GkxZTWMQw755PxLCi1/Do8Oyw7TClMO3EjzCnMO2 
-  172, 169,  70,  84,  61,  62, 104, 186, +Yj1UwpRGwq5macOqwqFrfH0Dw5Fgw4bDoDzCp8KKR8Ouw7PDmD 
-  114,  52,  61, 168,  66, 129, 192, 208, +gFwpVbwovCqsOVeMOSGsKaUMOUwppHw63DhDdqCcKXNsKcTi1i 
-  187, 249, 232, 193,  41, 113,  41,  45,  +DS4aCMOnw4Uew44BWwQ0wroUJcO7w4VqdMO1XcO7wqZYGMOAP8 
-  240,  16,  29, 228, 208, 228,  61,  20 +KXwqdSwpprw4jClcKOFQPCkFQNwpt6bMKCw7TCisOTw7vDtcOc 
-};+LMOzMyXDih5KZMKBw64zw4LChGzCtjPDrMO/PBXCmVrDiA7Cp1 
 +Ncwq3Cm8KGw7bCj8Oaw53Do3nCs8O6bcKQwqDCvV7CgSXCusKX 
 +wrLCgMK0ewnDpBLDrMKcCsKXb8Khw4TCrcOBA2DCnx0xLsKEMs 
 +OZfMK9OMKRw7pDw4fDrn1BdWXDqkLChHRlwqrDrSbDi8O5K0HD 
 +qBFQw5kCw4NdSRvDnAopU05gaEAHSBfCm8KYw5vCnMKxZTLCuz 
 +48wp0Owo0Zw6vCrsOuw5XCtsK2c8KzdcKwwq03w7TDt8KIw7Qh 
 +w7nCusOUNMOaXlLCjAQ0aMOjw4nDpGpWwp5XAk5pwr/ChsK0wr 
 +7DjcOcw4jCplzCpsOkERPDskjCvnlFw7IJwqzCsBkGOg08wqzC 
 +gMKXw4M4w6/DvhIHYQ1eN3bCtwk9HMOJw4jCgsOgwpBISsOPw6 
 +7Dq29AMR7DusOjFsOpw7sFwqnDsUnCgMO0eMKTwpXDtjjCicO+ 
 +Q8KTLMOAwqrDjjEsw7vDmT1dKcOMCcKKw4wUwofDgcKkERBrw5 
 +ZNw4kUwqfDl8OdXWXDpsOGLMK6w57DgxPCqcKdw6jDnAfDqMOt 
 +wogDRwLCo8O7JyLDssOaPVHCscKVAHjDq8KMMcOUa8KFwp3DgX 
 +PCisKRw60QwpLCnMODYsKowqrCoDh4AsORLcKjcDBPJcOCKsOi 
 +Amx9UMK9woLClsOMEMKvwqJKCz0iN1JvGjfDuxLChWkcTH3DjM 
 +OowpkFw7fDkDjCiC/CgxhSRE1Xw7nDqsOLGTbDs8KXw5PCpRQP 
 +wq9/bRjDm8KQCsOHw7/DoB7Clgw4TX3Cpm/DvsKzwp7CrsK9w5 
 +llwo3DtkvDpVk/acKUfnMECMOpAsKKwqLCu8Kqw7TCtxsew7kH 
 +DMO4wrBswrTCoG0ZwrrDv8KqwovCri0AMsKFw5lJIsOraARJwp 
 +zDncKSS1DDhUpIwrULwp7CocOfMD3CmmPCjsOddsOTN2vDh8Ky 
 +FcK+wqPCpkhQw5N9Fkl0wq/CncOhwoNYOzwaw44TwrJxwoBXIc 
 +KEW00Tw7rCuMOzO8KsOkLCvsKiwp7CtcKhwqrCiMOiwpnDihIs 
 +wrDDocKPw7PDmy3CosKSEDECw53CuUM5woHDg8O8NhdPwrHCv8 
 +OGwq1cBiN4wqbCgjtDb8OYLsOQw5PCr8KNI0jDgTlDbAw6e3/
 +oMO6w751DcODwpI9wpINJzfCssOWw5TCmFUTBVnCoBcXclIawq 
 +LCoMOzwoERPAvDnThSwoTDvSl2PU8NwojCpF3DuRjDmcK1w7zC 
 +oXBjccKIwrHCiMKvD3HDlcOdY2Ygw67Co2nDo8KAwrzDkcKvwq 
 +gdcUNjw6TDpMO/w4LCpUVbVA7CvMOudsKjcMO0fcKHw7Zsw64j 
 +w4oywp7Dog8ZTcKcw5MMw6JYw4TDhMO5w6fDow9Bw6HCuVFYw6 
 +jDmUURJsK8PsKqUHLCo2rDsB/CrsK0w47DsMKxSg9+wqI=:END 
 +</code>
  
-// Concatenate the challenge, the password and the salt. +The result is then sent to the server using the following format:
-payload = concat( challenge, password, sl_salt)+
  
-// Compute the md5 of the last result +<code>;PR: 99685857</code>
-md5sum = md5(payload)+
  
-// Take the first 4 bytes of the hash, flip the byte-wise endianness, and cap the first byte to 0x3f +ABNF Grammar:
-response = ( (uint8_t)(md5sum[3]) & 0x3f ) << 24 | (uint8_t)(md5sum[2]) << 16 | (uint8_t)(md5sum[1]) << 8 | (uint8_t)(md5sum[0]) ) +
- +
-// Keep the 8 least significant digits in base 10 of response.  +
-// If response is shorter than 8 digits, 0-pad from the left. +
-resval = itoa( response % 100000000, base10) +
-sprintf( result, "%08d", resval)+
  
 +<code abnf>
 +B2F_AUTH_CHALLENGE = %x3B %x50 %x51 %x3A SP 8DIGIT CR
 +B2F_AUTH_RESPONSE  = %x3B %x50 %x52 %x3A SP 8DIGIT CR
 </code> </code>
  
-The result is then sent to the server using the following format:+Reference source code in [[https://github.com/nwdigitalradio/paclink-unix/blob/1df400712a985045f2fce0d582a70763c2b2ba7b/wl2k.c#L1249|paclink-unix, function compute_secure_login_response()]] and [[https://github.com/la5nta/wl2k-go/blob/master/fbb/secure.go|wl2k-go]]
  
-<code>;PR 99685857</code>+==== Secure Gateway Login ==== 
 + 
 +When a RMS connects to a CMS, the latter sends a login challenge with '';SQ:'' proposal. 
 + 
 +The auth scheme works the same way the Secure login does. 
 + 
 +The RMS answers with a triplet composed of the secure login response, the frequency the client is binding to (10 digit integer in Hertz), and the used mode.
  
 ABNF Grammar: ABNF Grammar:
  
 <code abnf> <code abnf>
-B2F_AUTH_CHALLENGE = %x3B %x50 %x51 SP 8DIGIT CR +B2F_GW_AUTH_CHALLENGE = %x3B %x53 %x51 %x3A SP 8DIGIT CR 
-B2F_AUTH_RESPONSE  = %x3B %x50 %x52 SP 8DIGIT CR+B2F_GW_AUTH_RESPONSE  = %x3B %x53 %x52 %x3A SP 8DIGIT SP 10DIGIT SP VCHAR CR
 </code> </code>
  
-Reference source code in [[https://github.com/nwdigitalradio/paclink-unix/blob/1df400712a985045f2fce0d582a70763c2b2ba7b/wl2k.c#L1249|paclink-unix, function compute_secure_login_response()]] and [[https://github.com/la5nta/wl2k-go/blob/master/fbb/secure.go|wl2k-go]] 
 ===== Data transfer ===== ===== Data transfer =====
  
b2f/b2f.1739614951.txt.gz · Last modified: 2025/02/15 10:22 by f4hof