MSN Messenger Protocol(Practical Implementation)
a.k.a
How to make your own MSN Messenger In VB
**The protocol documentation has been updated to be compatible with ver MSNP7
You have been using MSN for quite some time wondering how it works. Well You need not look any further. This article will not just tell you how MSN works but will also tell you how to make your own version of MSN messenger. You can download a sample application from here MSN Clone .Let's get ready to rumble!!!!
We can split up the working of MSN messenger into 2 phases
Authentication Phase
Instant Messaging Phase
The Authentication Phase involves logging into the MSN messenger server and also (friends) list retrieval in this case.
The Instant Messaging Phase involves sending/accepting requests for an Instant Messaging session and also sending/receiving messages.
The MSN messenger protocol is an ASCII based protocol. In other words the commands are in pure English !!!.The first phase involves connecting to an MSN messenger server .In this case we shall connect to the server "messenger.hotmail.com" on port 1863(MSN messenger works through port 1863).
Once the connection is done we need to start the log in process. The first stage in this phase is the versioning stage. In this stage the client (in this case your app) lists/sends the versions that it can support to the server and waits for the server to respond.
VER 0 MSNP7 MSNP6 MSNP5 MSNP4 CVRO
In the MSN messenger protocol a "trial id" is sent along with every command. The trial id starts from 0 and is incremented every time the server responds successfully to the client's commands.
The server responds like this
VER 0 MSNP7 MSNP6 MSNP5 MSNP4
The Client and the server have agreed on a version in which they will communicate.
Next the client sends a request to the server asking it for the name of the security package it supports for authentication.
INF 1
Unlike Yahoo, Rediff and a few other Messengers MSN does not actually send the password as it is.It encrypts the password while sending it ensuring that your password will not be leaked out easily if somebody monitors your port.
The server responds with this
INF 1 MD5
Here MD5 is the name of the security package which the server currently supports.
Next the client sends the userid to the server
USR 2 MD5 I venky_dude @hotmail.com
Here the server does a check whether it contains all the relevant details about the user for authentication .If it does not then it sends the following reply
XFR 2 NS 64.4.13.55:1863 0
What the server says is that the client should connect to the Notification Server(NS) on 64.4.13.55 on port 1863. We close the current connection and repeat the steps while being connected to the new server i.e 64.4.13.55
(client) VER 3 MSNP7 MSNP6 MSNP5 MSNP4 CVRO
(server) VER 3 MSNP7 MSNP6 MSNP5 MSNP4
(client) INF 4
(server) INF 4 MD5
(client) USR 5 MD5 I venky_dude @hotmail.com
Now the server to which we are connected to has the relevant information about the user trying to log in. The server replies this way
USR 5 MD5 S 989048851.1851137130
The string which is sent by the server is the " MD5 Hash". It is a hash generated by the server and is used in the authentication process. The client then has to send the password which is encrypted using the MD5 algorithm.In effect the client has to send the unique MD5 equivalent of the MD5 hash i.e 989048851.1851137130 in this case and the password combined .i.e. MD5 equivalent of (hash+pass). In this case it turns out to be 3b7926d277068ec49576a0c40598ff21.
USR 6 MD5 S 3b7926d277068ec49576a0c40598ff21
If the password is right then the server replies with this
USR 6 OK venky_dude @hotmail.com venkat
Here the last word is the nickname/name by which the user is known.
In the new version of the protocol (MSNP7) the server sends additional data like some general information about the user and a authentication code something similar to a cookie which can be used for various other functions.
MSG Hotmai Hotmail 362
MIME-Version: 1.0
Content-Type: text/x-msmsgspro file; charset=UT
LoginTime: 1011252477
EmailEnabled: 1
MemberIdHigh: 84736
MemberIdLow: - 1434729391
lang _preference: 103
preferredEmai l: venky_dude @hotmail.com
country: IN
PostalCode:
Gender: M
Kid:0
Age: 22
sid: 517
kv: 2
MSPAuth: 2AAAAAAAADU0p4uxxxJtDJozJSlUTS0i7YpwnC9PUHRv56YKxxxCTWmg$$
Now we are logged into the server but our status is still offline. We need to change our status to online in order to send and receive messages. The client does this in the following way
CHG 7 NLN
The server replies with friends who are online and in various states.
CHG 7 NLN
ILN 7 NLN btxxxe @hotmail.com nick
ILN 7 AWY wmpyxxx @msn.com mike
ILN 7 BSY tehpxxpxx @hotmail.com yeaxxx
MSG Hotmail Hotmail 223
MIME-Version: 1.0
Content-Type: text/x-msmsgsinitialemailnotification; charset=UTF-8
Inbox-Unread: 293
Folders-Unread: 0
Inbox-URL: /cgi-bin/HoTMaiL
Folders-URL: /cgi-bin/folders
Post-URL:
Necesitas ser usuario para ver los enlaces
Crear Usuario Hacer Sesion The next command to be sent to the server pertains to the version of the client currently being used.The client send to the server it's version number and also information about the machine like the OS and the build.
CVR 8 0x0409 win 4.10 i386 MSMSGS 4.5.0127 MSMSGS
Here 0x409 win 4.10 i386 specifies that the client is running win98 on a intel microprocessor, and MSMSGS 4.5.0127 MSMSGS here specifies the version and build no of msmsgs.exe (basically the version no of MSN messenger).
The server responds with the url to download the latest version and some other info
CVR 8 4.5.0127 4.5.0127 1.0.0863
Necesitas ser usuario para ver los enlaces
Crear Usuario Hacer Sesion Necesitas ser usuario para ver los enlaces
Crear Usuario Hacer Sesion It is not necesarry to send the CVR command, the messenger protocol will function properly regardless of this command being sent
To get a list of people who are in our friends list we may send this command
LST 9 RL
On sending this command the server will reply by sending the reverse list .The reverse list is basically a list of users who can see you when you are online and send you a message.You could alternatively also request for the forward list by sending LST 9 FL .The forward list contains a list of all users whom the user has added to his/her list.
The server responds this way
LST 9 RL 69 1 19 venky_dude @hotmail.com venkat
LST 9 RL 69 2 19 puxxxxx @hotmail.com PUJA
LST 9 RL 69 3 19 vancxxxxx @hotmail.com ramachandran
LST 9 RL 69 4 19 moxxxxx @hotmail.com chandramouli
LST 9 RL 69 5 19 v_n_xxxxx @hotmail.com Narayanaswamy
LST 9 RL 69 6 19 dexxxxx @hotmail.com Venkatesh
LST 9 RL 69 7 19 lousydxxxxx @hotmail.com deepika%20kalyani%20Vairam LST 9 RL 69 8 19 hexxxxxr @hotmail.com Hetchar%20Ramachandran
LST 9 RL 69 9 19 ambxxxxx @hotmail.com Aiyer
LST 9 RL 69 10 19 suxxx @hotmail.com Ganesh
LST 9 RL 69 11 19 deexxxxx @hotmail.com Deepak
LST 9 RL 69 12 19 anilxxxxx @hotmail.com anil
LST 9 RL 69 13 19 dixxxxx @hotmail.com <Diamond>
LST 9 RL 69 14 19 nvxxxx @hotmail.com giri
LST 9 RL 69 15 19 shxxx @hotmail.com Hari
LST 9 RL 69 16 19 radhikashuxxxxx @hotmail.com radhika
LST 9 RL 69 17 19 eskaxxxxx @hotmail.com kannan
LST 9 RL 69 18 19 shaxxxxx @hotmail.com Shankar
LST 9 RL 69 19 19 puneetagarxxxxx @hotmail.com puneet
*Every time a friend comes online the server(NS) sends us the following command
NLN 10 NLN deaxxxx @hotmail.com Venkatesh
and when the friend goes offline the server sends us this
FLN 10 FLN deaxxxx @hotmail.com
With the MSNP7 protocol msn has introduced a new challenege authentication mechanism. The MSN server sends t a challenge key which the user has to authenticate succesfully in order for the session to continue.
CHL 0 20881396011366812350
The client has to send the md5 equivalent of this string which is formed by appending this hash with the string "Q1P7W2E4J9R8U3S5".So the final string which will be sent to the server will be the md5 equivalent of 20881396011366812350Q1P7W2E4J9R8U3S5
i.e MD5string(20881396011366812350Q1P7W2E4J9R8U3S5 )
So the client response would be something like this
QRY 18 msmsgs @msnmsgr.com 32
0212eaad0876afb8505859ca75d21a78
Here 18 is the trial id .Replace it by the appropriate trial id in your program .
The server will respond in the following way if the authentication is right
QRY 18
We have successfully logged into the MSN Messenger server. The Instant Messaging phase is next.
Autor