Пример #1
0
int	SendAuthentificationBlobLS(Host CurLS, char *User, char *Pass)
{
	double				PlatForm;
	uchar				AuthBlob[0xFFFF] = {0};
	uchar				MD5Result[MD5_DIGEST_LENGTH] = {0};
	uchar				SHAResult[32] = {0};
	uchar				SessionKey[SK_SZ] = {0};
	uchar				Modulus[MODULUS_SZ * 2] = {0};
	uchar				ivec[AES_BLOCK_SIZE] = {0};
	uchar				ecount_buf[AES_BLOCK_SIZE] = {0};
	uint				MiscDatas[0x05] = {0};
	uchar				*Browser;
	uchar				*Mark;
	uchar				*MarkObjL;
	uint				Idx, Size, Crc;
	HttpsPacketHeader	*HSHeader;
	AES_KEY				AesKey;
	MD5_CTX				Context;
	RSA					*Keys;
	RSA					*SkypeRSA;
	ObjectDesc			Obj2000, ObjSessionKey, ObjZBool1, ObjRequestCode, ObjZBool2, ObjUserName, ObjSharedSecret, ObjModulus, ObjPlatForm, ObjLang, ObjMiscDatas, ObjVer, ObjPubAddr;

	printf("Generating RSA Keys Pair (Size = %d Bits)..\n", KEYSZ);
	Keys = RSA_generate_key(KEYSZ * 2, RSA_F4, NULL, NULL);
	if (Keys == NULL)
	{
		printf("Error generating Keys..\n\n");
		return (0);
	}

	//printf("Modulus N..\n");
	Idx = BN_bn2bin(Keys->n, Modulus);
	//showmem(Modulus, MODULUS_SZ);
	//printf("Modulus D\n");
	Idx = BN_bn2bin(Keys->d, Modulus + Idx);
	//showmem(Modulus + MODULUS_SZ, MODULUS_SZ);
	//printf("\n");

	Browser = AuthBlob;

	HSHeader = (HttpsPacketHeader *)Browser;
	memcpy_s(HSHeader->MAGIC, sizeof(HSHeader->MAGIC), HTTPS_HSR_MAGIC, strlen(HTTPS_HSR_MAGIC));
	HSHeader->ResponseLen = htons(0xCD);
	Browser += sizeof(HttpsPacketHeader);
	
	*Browser++ = RAW_PARAMS;
	*Browser++ = 0x03;

	Obj2000.Family = OBJ_FAMILY_NBR;
	Obj2000.Id = OBJ_ID_2000;
	Obj2000.Value.Nbr = 0x2000;
	WriteObject(&Browser, Obj2000);

	GetSessionKey(SessionKey);

	SpecialSHA(SessionKey, SK_SZ, SHAResult, 32);
	AES_set_encrypt_key(SHAResult, 256, &AesKey);

	SkypeRSA = RSA_new();
	BN_hex2bn(&(SkypeRSA->n), SkypeModulus1536[1]);
    BN_hex2bn(&(SkypeRSA->e), "10001");
	RSA_public_encrypt(SK_SZ, SessionKey, SessionKey, SkypeRSA, RSA_NO_PADDING);
	RSA_free(SkypeRSA);

	ObjSessionKey.Family = OBJ_FAMILY_BLOB;
	ObjSessionKey.Id = OBJ_ID_SK;
	ObjSessionKey.Value.Memory.Memory = (uchar *)&SessionKey;
	ObjSessionKey.Value.Memory.MsZ = SK_SZ;
	WriteObject(&Browser, ObjSessionKey);

	ObjZBool1.Family = OBJ_FAMILY_NBR;
	ObjZBool1.Id = OBJ_ID_ZBOOL1;
	ObjZBool1.Value.Nbr = 0x01;
	WriteObject(&Browser, ObjZBool1);

	Mark = Browser;
	HSHeader = (HttpsPacketHeader *)Browser;
	memcpy_s(HSHeader->MAGIC, sizeof(HSHeader->MAGIC), HTTPS_HSRR_MAGIC, strlen(HTTPS_HSRR_MAGIC));
	HSHeader->ResponseLen = htons(0x00);
	Browser += sizeof(HttpsPacketHeader);

	MarkObjL = Browser;
	*Browser++ = RAW_PARAMS;
	*Browser++ = 0x04;

	ObjRequestCode.Family = OBJ_FAMILY_NBR;
	ObjRequestCode.Id = OBJ_ID_REQCODE;
	ObjRequestCode.Value.Nbr = 0x1399;
	WriteObject(&Browser, ObjRequestCode);

	ObjZBool2.Family = OBJ_FAMILY_NBR;
	ObjZBool2.Id = OBJ_ID_ZBOOL2;
	ObjZBool2.Value.Nbr = 0x01;
	WriteObject(&Browser, ObjZBool2);

	ObjUserName.Family = OBJ_FAMILY_STRING;
	ObjUserName.Id = OBJ_ID_USERNAME;
	ObjUserName.Value.Memory.Memory = (uchar *)User;
	ObjUserName.Value.Memory.MsZ = (uchar)strlen(User);
	WriteObject(&Browser, ObjUserName);

	MD5_Init(&Context);
	MD5_Update(&Context, User, (ulong)strlen(User));
	MD5_Update(&Context, CONCAT_SALT, (ulong)strlen(CONCAT_SALT));
	MD5_Update(&Context, Pass, (ulong)strlen(Pass));
	MD5_Final(MD5Result, &Context);

	ObjSharedSecret.Family = OBJ_FAMILY_BLOB;
	ObjSharedSecret.Id = OBJ_ID_USERPASS;
	ObjSharedSecret.Value.Memory.Memory = (uchar *)MD5Result;
	ObjSharedSecret.Value.Memory.MsZ = MD5_DIGEST_LENGTH;
	WriteObject(&Browser, ObjSharedSecret);

	*Browser++ = RAW_PARAMS;
	*Browser++ = 0x06;

	ObjModulus.Family = OBJ_FAMILY_BLOB;
	ObjModulus.Id = OBJ_ID_MODULUS;
	ObjModulus.Value.Memory.Memory = (uchar *)Modulus;
	ObjModulus.Value.Memory.MsZ = MODULUS_SZ;
	WriteObject(&Browser, ObjModulus);

	PlatForm = PlatFormSpecific();

	ObjPlatForm.Family = OBJ_FAMILY_TABLE;
	ObjPlatForm.Id = OBJ_ID_PLATFORM;
	memcpy_s(ObjPlatForm.Value.Table, sizeof(ObjPlatForm.Value.Table), (uchar *)&PlatForm, sizeof(ObjPlatForm.Value.Table));
	WriteObject(&Browser, ObjPlatForm);

	ObjLang.Family = OBJ_FAMILY_STRING;
	ObjLang.Id = OBJ_ID_LANG;
	ObjLang.Value.Memory.Memory = (uchar *)LANG_STR;
	ObjLang.Value.Memory.MsZ = (uchar)strlen(LANG_STR);
	WriteObject(&Browser, ObjLang);

	FillMiscDatas(MiscDatas);
	ObjMiscDatas.Family = OBJ_FAMILY_INTLIST;
	ObjMiscDatas.Id = OBJ_ID_MISCD;
	ObjMiscDatas.Value.Memory.Memory = (uchar *)MiscDatas;
	ObjMiscDatas.Value.Memory.MsZ = 0x05;
	WriteObject(&Browser, ObjMiscDatas);

	ObjVer.Family = OBJ_FAMILY_STRING;
	ObjVer.Id = OBJ_ID_VERSION;
	ObjVer.Value.Memory.Memory = (uchar *)VER_STR;
	ObjVer.Value.Memory.MsZ = (uchar)strlen(VER_STR);
	WriteObject(&Browser, ObjVer);

	ObjPubAddr.Family = OBJ_FAMILY_NBR;
	ObjPubAddr.Id = OBJ_ID_PUBADDR;
	ObjPubAddr.Value.Nbr = htonl(my_public_ip);
	WriteObject(&Browser, ObjPubAddr);

	Size = (uint)(Browser - MarkObjL);
	HSHeader->ResponseLen = htons((ushort)Size + 0x02);

	Idx = 0;
	ZeroMemory(ivec, AES_BLOCK_SIZE);
	ZeroMemory(ecount_buf, AES_BLOCK_SIZE);
	AES_ctr128_encrypt(MarkObjL, MarkObjL, Size, &AesKey, ivec, ecount_buf, &Idx);

	Crc = crc32(MarkObjL, Size, -1);
	*Browser++ = *((uchar *)(&Crc) + 0);
	*Browser++ = *((uchar *)(&Crc) + 1);

	Size = (uint)(Browser - AuthBlob);

	SuperWait = 1;
	if (SendPacketTCP(LSSock, CurLS, AuthBlob, Size, HTTPS_PORT, &Connected))
		printf("Auth Response Got..\n\n");
	else
	{
		printf(":'(..\n");
		return (-1);
	}

	/*unsigned char data[222] = {
	0x17, 0x03, 0x01, 0x00, 0xD9, 0x73, 0xC4, 0x06, 0x08, 0xFF, 0x1F, 0xFE, 0xED, 0x64, 0xB8, 0x49, 
	0x4D, 0xD8, 0xBE, 0xCD, 0xC9, 0xEF, 0x63, 0x74, 0x6D, 0x7F, 0x1D, 0x9B, 0xE6, 0x91, 0xFC, 0x14, 
	0xC6, 0x01, 0xDD, 0x79, 0xD6, 0xEA, 0x3B, 0xB3, 0xB6, 0x20, 0x03, 0x5E, 0x05, 0xEB, 0xFC, 0xAA, 
	0x46, 0x35, 0x7B, 0xAF, 0x5A, 0x59, 0x01, 0xFA, 0xBB, 0xB6, 0x1F, 0x81, 0x6D, 0x34, 0x85, 0x39, 
	0x93, 0xBB, 0x9B, 0x5B, 0xCC, 0x21, 0xD4, 0xCC, 0x85, 0x39, 0x27, 0x62, 0x69, 0xBC, 0x05, 0x48, 
	0xF2, 0x19, 0x88, 0xD3, 0x86, 0xD3, 0x10, 0x0D, 0xE1, 0x36, 0x08, 0x14, 0xC9, 0xC3, 0x52, 0x8B, 
	0x86, 0x42, 0x8D, 0x1F, 0x25, 0x02, 0x2E, 0x82, 0x48, 0xDC, 0x0C, 0x5C, 0x66, 0x5E, 0x34, 0x1A, 
	0x00, 0x3B, 0x4F, 0x6D, 0x54, 0x2E, 0x02, 0x91, 0x3E, 0xE1, 0xD7, 0x47, 0xC9, 0x04, 0xA0, 0xB2, 
	0xBD, 0x60, 0x49, 0xE1, 0xB8, 0x79, 0xB3, 0x1A, 0xE5, 0x14, 0x12, 0xC8, 0x0C, 0x37, 0xB3, 0x23, 
	0x2E, 0xBD, 0xD7, 0x9F, 0x47, 0xA3, 0xE1, 0xAD, 0x21, 0xEF, 0xF0, 0x79, 0x7E, 0x72, 0x28, 0x29, 
	0xCA, 0xAF, 0x29, 0xDD, 0xE4, 0xDC, 0x2C, 0x9C, 0x52, 0x07, 0xC5, 0x33, 0x9D, 0x65, 0xE3, 0x06, 
	0x14, 0x12, 0xEA, 0xF7, 0x7F, 0x1B, 0x79, 0xA2, 0x65, 0xA2, 0x5C, 0x68, 0x74, 0x13, 0x97, 0x41, 
	0xFE, 0x83, 0x2B, 0x13, 0x56, 0x56, 0x57, 0x1F, 0xCC, 0x65, 0xA0, 0x46, 0xEA, 0x0C, 0x18, 0x8B, 
	0x59, 0x9C, 0xE1, 0x9E, 0x59, 0x68, 0x43, 0x94, 0x2D, 0x1E, 0xC3, 0x4F, 0x7F, 0x04
	};

	ZeroMemory(RecvBuffer, sizeof(RecvBuffer));
	memcpy_s(RecvBuffer, sizeof(RecvBuffer), data, sizeof(data));*/

	HSHeader = (HttpsPacketHeader *)RecvBuffer;
	if (strncmp((const char *)HSHeader->MAGIC, HTTPS_HSRR_MAGIC, strlen(HTTPS_HSRR_MAGIC)))
	{
		printf("Bad Response..\n");
		return (-1);
	}

	Idx = 0;
	ZeroMemory(ivec, AES_BLOCK_SIZE);
	ZeroMemory(ecount_buf, AES_BLOCK_SIZE);
	ivec[3] = 0x01;
	ivec[7] = 0x01;
	AES_ctr128_encrypt(RecvBuffer + sizeof(HttpsPacketHeader), RecvBuffer + sizeof(HttpsPacketHeader), htons(HSHeader->ResponseLen) - 0x02, &AesKey, ivec, ecount_buf, &Idx);
	
	printf("[UNCIPHERED]Auth Response..\n\n");
	//showmem(RecvBuffer, RecvBufferSz);
	//printf("\n\n");

	uchar		*Buffer;
	uint		BSize;
	SResponse	Response;

	Buffer = RecvBuffer;
	BSize = RecvBufferSz;
	Response.Objs = NULL;
	Response.NbObj = 0;
	while (BSize)
	{
		MainArchResponseManager(&Buffer, &BSize, &Response);
		Buffer += 2;
	}

	for (Idx = 0; Idx < Response.NbObj; Idx++)
	{
		switch (Response.Objs[Idx].Id)
		{
		case OBJ_ID_LOGINANSWER:
			switch (Response.Objs[Idx].Value.Nbr)
			{
			case LOGIN_OK:
				cprintf(FOREGROUND_BLUE, "Login Successful..\n");
				GLoginD.RSAKeys = Keys;
				break;
			default :
				cprintf(FOREGROUND_RED, "Login Failed.. Bad Credentials..\n");
				ExitProcess(0);
				break;
			}
			break;
		case OBJ_ID_CIPHERDLOGD:
			GLoginD.SignedCredentials.Memory = MemDup(Response.Objs[Idx].Value.Memory.Memory, Response.Objs[Idx].Value.Memory.MsZ);
			GLoginD.SignedCredentials.MsZ = Response.Objs[Idx].Value.Memory.MsZ;
			
			uchar	*PostProcessed;
			char	*Key;
			uint	KeyIdx, PPsZ;

			KeyIdx = htonl(*(uint *)Response.Objs[Idx].Value.Memory.Memory);
			Response.Objs[Idx].Value.Memory.Memory += 4;
			Response.Objs[Idx].Value.Memory.MsZ -= 4;
			
			SkypeRSA = RSA_new();
			Key = KeySelect(KeyIdx);
			BN_hex2bn(&(SkypeRSA->n), Key);
			BN_hex2bn(&(SkypeRSA->e), "10001");
			PPsZ = RSA_public_decrypt(Response.Objs[Idx].Value.Memory.MsZ, Response.Objs[Idx].Value.Memory.Memory, Response.Objs[Idx].Value.Memory.Memory, SkypeRSA, RSA_NO_PADDING);
			RSA_free(SkypeRSA);
			
			PostProcessed = FinalizeLoginDatas(Response.Objs[Idx].Value.Memory.Memory, &PPsZ, NULL, 0);
			Response.Objs[Idx].Value.Memory.Memory += PPsZ;

			if (PostProcessed == NULL)
			{
				printf("Bad Datas Finalization..\n");
				return (0);
			}
			//showmem(PostProcessed, PPsZ);
			//printf("\n");

			SResponse LoginDatas;

			LoginDatas.Objs = NULL;
			LoginDatas.NbObj = 0;
			ManageObjects(&PostProcessed, PPsZ, &LoginDatas);

			for (uint LdIdx = 0; LdIdx < LoginDatas.NbObj; LdIdx++)
			{
				switch (LoginDatas.Objs[LdIdx].Id)
				{
					case OBJ_ID_LDUSER:
						GLoginD.User = LoginDatas.Objs[LdIdx].Value.Memory.Memory;
						break;
					case OBJ_ID_LDEXPIRY:
						GLoginD.Expiry = LoginDatas.Objs[LdIdx].Value.Nbr;
						break;
					case OBJ_ID_LDMODULUS:
						GLoginD.Modulus = LoginDatas.Objs[LdIdx].Value.Memory;
						//showmem(LoginDatas.Objs[LdIdx].Value.Memory.Memory, LoginDatas.Objs[LdIdx].Value.Memory.MsZ);
						//printf("\n\n");
						break;
					default :
						printf("Non critical Object %d:%d..\n", LoginDatas.Objs[LdIdx].Family, LoginDatas.Objs[LdIdx].Id);
						break;
				}
			}
			cprintf(FOREGROUND_BLUE, "User <%s> Logged in.. Credentials Expiry : %d\n", GLoginD.User, GLoginD.Expiry);
			cprintf(FOREGROUND_BLUE, "Login Data Saved..\n");
			break;
		default :
			printf("Non critical Object %d:%d..\n", Response.Objs[Idx].Family, Response.Objs[Idx].Id);
			break;
		}
	}

	printf("\n\n");
	return (1);
}
Пример #2
0
/* If Pass is NULL, User is assumed to be OAuth string and OAuth logon is performed */
static int SendAuthentificationBlobLS(Skype_Inst *pInst, LSConnection *pConn, const char *User, const char *Pass)
{
	int64_t				PlatForm;
	uchar				AuthBlob[0xFFFF] = {0};
	uchar				SHAResult[32] = {0};
	uchar				Modulus[MODULUS_SZ * 2] = {0};
	uchar				ivec[AES_BLOCK_SIZE] = {0};
	uchar				ecount_buf[AES_BLOCK_SIZE] = {0};
	uint				MiscDatas[0x05] = {0};
	uchar				SessionKey[SK_SZ];
	uchar				*Browser;
	uchar				*Mark;
	uchar				*MarkObjL;
	uint				Idx, Size, Crc, BSize, ret = 0;
	HttpsPacketHeader	*HSHeader;
	uchar				HSHeaderBuf[sizeof(HttpsPacketHeader)], RecvBuf[0x1000];
	AES_KEY				AesKey;
	MD5_CTX				Context;
	RSA					*SkypeRSA;
	ObjectDesc			Obj2000, ObjSessionKey, ObjZBool1, ObjRequestCode, ObjZBool2, ObjModulus, ObjPlatForm, ObjLang, ObjMiscDatas, ObjVer, ObjPubAddr;
	SResponse			Response={0};
	

	if (!pInst->LoginD.RSAKeys)
	{
		BIGNUM				*KeyExp;

		pInst->pfLog(pInst->pLogStream, "Generating RSA Keys Pair (Size = %d Bits)..\n", KEYSZ);
		pInst->LoginD.RSAKeys = RSA_new();
		KeyExp = BN_new();
		BN_set_word(KeyExp, RSA_F4);
		Idx = RSA_generate_key_ex(pInst->LoginD.RSAKeys, KEYSZ * 2, KeyExp, NULL);
		BN_free(KeyExp);
		if (Idx == -1)
		{
			pInst->pfLog(pInst->pLogStream, "Error generating Keys..\n\n");
			RSA_free(pInst->LoginD.RSAKeys);
			pInst->LoginD.RSAKeys = NULL;
			return (0);
		}
	}

	Idx = BN_bn2bin(pInst->LoginD.RSAKeys->n, Modulus);
	Idx = BN_bn2bin(pInst->LoginD.RSAKeys->d, Modulus + Idx);

	Browser = AuthBlob;

	HSHeader = (HttpsPacketHeader *)Browser;
	memcpy(HSHeader->MAGIC, HTTPS_HSR_MAGIC, sizeof(HSHeader->MAGIC));
	HSHeader->ResponseLen = htons(0xCD);
	Browser += sizeof(HttpsPacketHeader);

	*Browser++ = RAW_PARAMS;
	*Browser++ = 0x03;

	Obj2000.Family = OBJ_FAMILY_NBR;
	Obj2000.Id = OBJ_ID_2000;
	Obj2000.Value.Nbr = 0x2000;
	WriteObject(&Browser, Obj2000);

	SpecialSHA(pInst->SessionKey, SK_SZ, SHAResult, 32);
	AES_set_encrypt_key(SHAResult, 256, &AesKey);

	SkypeRSA = RSA_new();
	BN_hex2bn(&(SkypeRSA->n), SkypeModulus1536[1]);
	BN_hex2bn(&(SkypeRSA->e), "010001");
	Idx = RSA_public_encrypt(SK_SZ, pInst->SessionKey, SessionKey, SkypeRSA, RSA_NO_PADDING);
	RSA_free(SkypeRSA);
	if (Idx < 0)
	{
		pInst->pfLog(pInst->pLogStream, "RSA_public_encrypt failed..\n\n");
		return (0);
	}

	ObjSessionKey.Family = OBJ_FAMILY_BLOB;
	ObjSessionKey.Id = OBJ_ID_SK;
	ObjSessionKey.Value.Memory.Memory = (uchar *)&SessionKey;
	ObjSessionKey.Value.Memory.MsZ = SK_SZ;
	WriteObject(&Browser, ObjSessionKey);

	ObjZBool1.Family = OBJ_FAMILY_NBR;
	ObjZBool1.Id = OBJ_ID_ZBOOL1;
	ObjZBool1.Value.Nbr = 0x01;
	WriteObject(&Browser, ObjZBool1);

	Mark = Browser;
	HSHeader = (HttpsPacketHeader *)Browser;
	memcpy(HSHeader->MAGIC, HTTPS_HSRR_MAGIC, sizeof(HSHeader->MAGIC));
	HSHeader->ResponseLen = 0x00;
	Browser += sizeof(HttpsPacketHeader);

	MarkObjL = Browser;
	if (Pass)
	{
		ObjectDesc ObjUserName, ObjSharedSecret;

		*Browser++ = RAW_PARAMS;
		*Browser++ = 0x04;

		ObjRequestCode.Family = OBJ_FAMILY_NBR;
		ObjRequestCode.Id = OBJ_ID_REQCODE;
		ObjRequestCode.Value.Nbr = 0x1399;
		WriteObject(&Browser, ObjRequestCode);

		ObjZBool2.Family = OBJ_FAMILY_NBR;
		ObjZBool2.Id = OBJ_ID_ZBOOL2;
		ObjZBool2.Value.Nbr = 0x01;
		WriteObject(&Browser, ObjZBool2);

		ObjUserName.Family = OBJ_FAMILY_STRING;
		ObjUserName.Id = OBJ_ID_USERNAME;
		ObjUserName.Value.Memory.Memory = (uchar *)User;
		ObjUserName.Value.Memory.MsZ = (uchar)strlen(User);
		WriteObject(&Browser, ObjUserName);

		MD5_Init(&Context);
		MD5_Update(&Context, User, (ulong)strlen(User));
		MD5_Update(&Context, CONCAT_SALT, (ulong)strlen(CONCAT_SALT));
		MD5_Update(&Context, Pass, (ulong)strlen(Pass));
		MD5_Final(pInst->LoginD.LoginHash, &Context);

		ObjSharedSecret.Family = OBJ_FAMILY_BLOB;
		ObjSharedSecret.Id = OBJ_ID_USERPASS;
		ObjSharedSecret.Value.Memory.Memory = (uchar *)pInst->LoginD.LoginHash;
		ObjSharedSecret.Value.Memory.MsZ = MD5_DIGEST_LENGTH;
		WriteObject(&Browser, ObjSharedSecret);

		*Browser++ = RAW_PARAMS;
		*Browser++ = 0x06;

		ObjModulus.Family = OBJ_FAMILY_BLOB;
		ObjModulus.Id = OBJ_ID_MODULUS;
		ObjModulus.Value.Memory.Memory = (uchar *)Modulus;
		ObjModulus.Value.Memory.MsZ = MODULUS_SZ;
		WriteObject(&Browser, ObjModulus);

		PlatForm = PlatFormSpecific();

		ObjPlatForm.Family = OBJ_FAMILY_TABLE;
		ObjPlatForm.Id = OBJ_ID_PLATFORM;
		memcpy(ObjPlatForm.Value.Table, (uchar *)&PlatForm, sizeof(ObjPlatForm.Value.Table));
		WriteObject(&Browser, ObjPlatForm);

		ObjLang.Family = OBJ_FAMILY_STRING;
		ObjLang.Id = OBJ_ID_LANG;
		ObjLang.Value.Memory.Memory = pInst->Language;
		ObjLang.Value.Memory.MsZ = sizeof(pInst->Language);
		WriteObject(&Browser, ObjLang);

		FillMiscDatas(pInst, MiscDatas);
		ObjMiscDatas.Family = OBJ_FAMILY_INTLIST;
		ObjMiscDatas.Id = OBJ_ID_MISCD;
		ObjMiscDatas.Value.Memory.Memory = (uchar *)MiscDatas;
		ObjMiscDatas.Value.Memory.MsZ = 0x05;
		WriteObject(&Browser, ObjMiscDatas);

		ObjVer.Family = OBJ_FAMILY_STRING;
		ObjVer.Id = OBJ_ID_VERSION;
		ObjVer.Value.Memory.Memory = (uchar *)VER_STR;
		ObjVer.Value.Memory.MsZ = (uchar)strlen(VER_STR);
		WriteObject(&Browser, ObjVer);

		ObjPubAddr.Family = OBJ_FAMILY_NBR;
		ObjPubAddr.Id = OBJ_ID_PUBADDR;
		ObjPubAddr.Value.Nbr = pInst->PublicIP;
		WriteObject(&Browser, ObjPubAddr);
	}
	else
	{
		int64_t			PartnerId = 999;
		ObjectDesc		ObjPartnerId, ObjOauth;

		// OAuth logon
		*Browser++ = RAW_PARAMS;
		*Browser++ = 0x02;

		ObjRequestCode.Family = OBJ_FAMILY_NBR;
		ObjRequestCode.Id = OBJ_ID_REQCODE;
		ObjRequestCode.Value.Nbr = 0x13a3;
		WriteObject(&Browser, ObjRequestCode);

		ObjZBool2.Family = OBJ_FAMILY_NBR;
		ObjZBool2.Id = OBJ_ID_ZBOOL2;
		ObjZBool2.Value.Nbr = 0x3d;
		WriteObject(&Browser, ObjZBool2);

		*Browser++ = RAW_PARAMS;
		*Browser++ = 0x08;

		ObjModulus.Family = OBJ_FAMILY_BLOB;
		ObjModulus.Id = OBJ_ID_MODULUS;
		ObjModulus.Value.Memory.Memory = (uchar *)Modulus;
		ObjModulus.Value.Memory.MsZ = MODULUS_SZ;
		WriteObject(&Browser, ObjModulus);

		PlatForm = PlatFormSpecific();

		ObjPlatForm.Family = OBJ_FAMILY_TABLE;
		ObjPlatForm.Id = OBJ_ID_PLATFORM;
		memcpy(ObjPlatForm.Value.Table, (uchar *)&PlatForm, sizeof(ObjPlatForm.Value.Table));
		WriteObject(&Browser, ObjPlatForm);

		FillMiscDatas(pInst, MiscDatas);
		ObjMiscDatas.Family = OBJ_FAMILY_INTLIST;
		ObjMiscDatas.Id = OBJ_ID_MISCD;
		ObjMiscDatas.Value.Memory.Memory = (uchar *)MiscDatas;
		ObjMiscDatas.Value.Memory.MsZ = 0x05;
		WriteObject(&Browser, ObjMiscDatas);

		ObjLang.Family = OBJ_FAMILY_STRING;
		ObjLang.Id = OBJ_ID_LANG;
		ObjLang.Value.Memory.Memory = pInst->Language;
		ObjLang.Value.Memory.MsZ = sizeof(pInst->Language);
		WriteObject(&Browser, ObjLang);

		ObjPartnerId.Family = OBJ_FAMILY_TABLE;
		ObjPlatForm.Id = OBJ_ID_PARTNERID;
		memcpy(ObjPlatForm.Value.Table, (uchar *)&PartnerId, sizeof(ObjPlatForm.Value.Table));
		WriteObject(&Browser, ObjPlatForm);

		ObjOauth.Family = OBJ_FAMILY_STRING;
		ObjOauth.Id = OBJ_ID_OAUTH;
		ObjOauth.Value.Memory.Memory = (uchar *)User;
		ObjOauth.Value.Memory.MsZ = strlen(User);
		WriteObject(&Browser, ObjOauth);

		ObjVer.Family = OBJ_FAMILY_STRING;
		ObjVer.Id = OBJ_ID_VERSION;
		ObjVer.Value.Memory.Memory = (uchar *)VER_STR;
		ObjVer.Value.Memory.MsZ = (uchar)strlen(VER_STR);
		WriteObject(&Browser, ObjVer);

		ObjPubAddr.Family = OBJ_FAMILY_NBR;
		ObjPubAddr.Id = OBJ_ID_PUBADDR;
		ObjPubAddr.Value.Nbr = pInst->PublicIP;
		WriteObject(&Browser, ObjPubAddr);
	}

	Size = (uint)(Browser - MarkObjL);
	HSHeader->ResponseLen = htons((u_short)(Size + 0x02));

	Idx = 0;
	memset(ivec, 0, AES_BLOCK_SIZE);
	memset(ecount_buf, 0, AES_BLOCK_SIZE);
	AES_ctr128_encrypt(MarkObjL, MarkObjL, Size, &AesKey, ivec, ecount_buf, &Idx);

	Crc = crc32(MarkObjL, Size, -1);
	*Browser++ = *((uchar *)(&Crc) + 0);
	*Browser++ = *((uchar *)(&Crc) + 1);

	Size = (uint)(Browser - AuthBlob);

	if (RC4Comm_Send(pConn, (const char *)AuthBlob, Size)<=0)
	{
		pInst->pfLog(pInst->pLogStream, "Sending to LS failed :'(..\n");
		return (-1);
	}

	while (!ret && RC4Comm_Recv(pConn, (char *)&HSHeaderBuf, sizeof(HSHeaderBuf))>0)
	{
		HSHeader = (HttpsPacketHeader *)HSHeaderBuf;
		if (strncmp((const char *)HSHeader->MAGIC, HTTPS_HSRR_MAGIC, strlen(HTTPS_HSRR_MAGIC)) ||
			RC4Comm_Recv(pConn, (char *)RecvBuf, (BSize=htons(HSHeader->ResponseLen)))<=0)
		{
			pInst->pfLog(pInst->pLogStream, "Bad Response..\n");
			return (-2);
		}
		pInst->pfLog(pInst->pLogStream, "Auth Response Got..\n\n");

		Idx = 0;
		memset(ivec, 0, AES_BLOCK_SIZE);
		memset(ecount_buf, 0, AES_BLOCK_SIZE);
		BSize-=2;
		ivec[3] = 0x01;
		ivec[7] = 0x01;
		AES_ctr128_encrypt(RecvBuf, RecvBuf, BSize, &AesKey, ivec, ecount_buf, &Idx);

		Browser = RecvBuf;
		while (Browser<RecvBuf+BSize)
			ManageObjects(&Browser, BSize, &Response);
		for (Idx = 0; Idx < Response.NbObj; Idx++)
		{
			uint LdIdx = 0;

			
			switch (Response.Objs[Idx].Id)
			{
			case OBJ_ID_LOGINANSWER:
				switch (Response.Objs[Idx].Value.Nbr)
				{
				case LOGIN_OK:
					pInst->pfLog(pInst->pLogStream, "Login Successful..\n");
					ret = 1;
					break;
				default :
					pInst->pfLog(pInst->pLogStream, "Login Failed.. Bad Credentials..\n");
					FreeResponse(&Response);
					return 0;
				}
				break;
			case OBJ_ID_CIPHERDLOGD:
				if (pInst->LoginD.SignedCredentials.Memory) free(pInst->LoginD.SignedCredentials.Memory);
				if (!(pInst->LoginD.SignedCredentials.Memory = malloc(Response.Objs[Idx].Value.Memory.MsZ)))
				{
					FreeResponse(&Response);
					return -2;
				}
				memcpy (pInst->LoginD.SignedCredentials.Memory, Response.Objs[Idx].Value.Memory.Memory, 
					(pInst->LoginD.SignedCredentials.MsZ = Response.Objs[Idx].Value.Memory.MsZ));				
				break;
			}
		}
		FreeResponse(&Response);
	}

	return ret;
}
Пример #3
0
int		ManageSessionCMD(Host Relay, SessProp *SessionProposal, uchar **ResponseBuffer, SResponse Response, uint *BRSize)
{
	uint		Idx, Cmd, SessID;
	uchar		ResponseCMDDatas[0xFFF] = {0};
	ObjectDesc	*SoughtObj;
	ObjectDesc	ObjSid, ObjSeq, ObjBlob, ObjV, ObjPrevSid;
	SResponse	SessCMDDatas;
	Memory_U	Tmp;
	static uint	SeqNbr = 0;
	static uint	InitialHeaderID = 0;
	static char	*ChatPeerName = NULL;

	Idx = 0;
	printf("Session Cmd received..\n");

	SoughtObj = GetObjByID(Response, 0x01, -1, -1);
	if (SoughtObj == NULL)
		return (-1);

	SessID = SoughtObj->Value.Nbr;
	
	if ((SessionProposal->CreatedSID == 0) && (SessionProposal->LocalCreatedSID == 0))
	{
		SessionProposal->CreatedSID = Response.Objs[Idx].Value.Nbr;
		SessionProposal->LocalCreatedSID = BytesRandom();
		printf("Created Session SID : 0x%x(%u) {Local SID : 0x%x(%u)}\n\n", Response.Objs[Idx].Value.Nbr, Response.Objs[Idx].Value.Nbr, SessionProposal->LocalCreatedSID, SessionProposal->LocalCreatedSID);
	}
	else
		printf("Command's SID : 0x%x(%u)..\n\n", Response.Objs[Idx].Value.Nbr, Response.Objs[Idx].Value.Nbr);

	SoughtObj = GetObjByID(Response, 0x04, -1, -1);
	if (SoughtObj == NULL)
	{
		cprintf(FOREGROUND_BLUE, "No SessionCMD..\n\n");
		return (0);
	}

	SessCMDDatas.Objs = NULL;
	SessCMDDatas.NbObj = 0;

	Tmp = SoughtObj->Value.Memory;
	ManageObjects(&(Tmp.Memory), Tmp.MsZ, &SessCMDDatas);

	SoughtObj = GetObjByID(SessCMDDatas, 0x01, -1, -1);
	if (SoughtObj == NULL)
		return (-1);

	Cmd = SoughtObj->Value.Nbr;

	ObjectDesc	RCDObjNbr;
	uchar		*RCDBrowser;
	uchar		*RCDMark;
	uint		ObjListIdx;

	switch(Cmd)
	{
	case 0x0D: //LetBeSyncBuddies (-> SendMeCredentialsAndStuff (0x23))
		cprintf(FOREGROUND_BLUE, "LetBeSyncBuddies Received.. Response : SendMeCredentialsAndStuff..\n");

		SoughtObj = GetObjByID(SessCMDDatas, 0x02, -1, -1);
		if (SoughtObj == NULL)
		{
			printf("No String ID for created session..\n");
			return (-1);
		}

		SessionProposal->CreatedSStrID = _strdup((char *)SoughtObj->Value.Memory.Memory);
		printf("Created Session String ID : %s\n", SessionProposal->CreatedSStrID);

		ObjSid.Family = OBJ_FAMILY_NBR;
		ObjSid.Id = 0x01;
		ObjSid.Value.Nbr = SessionProposal->LocalCreatedSID;

		ObjSeq.Family = OBJ_FAMILY_NBR;
		ObjSeq.Id = 0x03;
		ObjSeq.Value.Nbr = SeqNbr;
		SeqNbr += 1;

		RCDBrowser = ResponseCMDDatas;
		RCDMark = RCDBrowser;

		*RCDBrowser++ = RAW_PARAMS;
		WriteValue(&RCDBrowser, 0x01);

		RCDObjNbr.Family = OBJ_FAMILY_NBR;
		RCDObjNbr.Id = 0x01;
		RCDObjNbr.Value.Nbr = 0x23;				//SendMeCredentialsAndStuff
		WriteObject(&RCDBrowser, RCDObjNbr);

		ObjBlob.Family = OBJ_FAMILY_BLOB;
		ObjBlob.Id = 0x04;
		ObjBlob.Value.Memory.Memory = RCDMark;
		ObjBlob.Value.Memory.MsZ = (uint)(RCDBrowser - RCDMark);

		ObjV.Family = OBJ_FAMILY_NBR;
		ObjV.Id = 0x07;
		ObjV.Value.Nbr = 0x08;

		ObjPrevSid.Family = OBJ_FAMILY_NBR;
		ObjPrevSid.Id = 0x02;
		ObjPrevSid.Value.Nbr = SessionProposal->CreatedSID;

		*BRSize += BuildUserPacket(Relay, ResponseBuffer, 0xFFFF, 0x6D, SessionProposal->AesStreamOut, 5, ObjSid, ObjSeq, ObjBlob, ObjV, ObjPrevSid);
		SessionProposal->AesStreamOut->IvecIdx = 0;

		break;
	case 0x2A: //HereAreMyCredentials
		cprintf(FOREGROUND_BLUE, "HereAreMyCredentials (FROM CRED) Received.. Response : [SESSIONCMDACK]..\n");

		printf("Skipping (FROM) Credentials Saving..\n");

		//SEND SESSION CMD ACK NOT INDISPENSABLE

		break;
	case 0x13: //HereAreSomeHeaders (-> SendMeBodies (0x15))
		uint		NbHeaders;
		ObjectDesc	*SObj9, *SObjA, *SObj;

		cprintf(FOREGROUND_BLUE, "HereAreSomeHeaders Received.. Response : SendMeBodies..\n");

		NbHeaders = 0;

		for (Idx = 0; Idx < SessCMDDatas.NbObj; Idx++)
		{
			if ((SessCMDDatas.Objs[Idx].Id == 0x0A) && (SessCMDDatas.Objs[Idx].ObjListInfos.Id == 0x14))
				NbHeaders++;
		}

		SoughtObj = GetObjByID(SessCMDDatas, 0x0F, -1, -1);
		if (SoughtObj == NULL)
		{
			printf("No ID for Headers List..\n");
			return (-1);
		}

		InitialHeaderID = SoughtObj->Value.Nbr;

		printf("Headers List (0x%x) Size : #%d..\n", SoughtObj->Value.Nbr, NbHeaders);

		ObjSid.Family = OBJ_FAMILY_NBR;
		ObjSid.Id = 0x01;
		ObjSid.Value.Nbr = SessionProposal->LocalCreatedSID;

		ObjSeq.Family = OBJ_FAMILY_NBR;
		ObjSeq.Id = 0x03;
		ObjSeq.Value.Nbr =  SeqNbr;
		SeqNbr += 1;

		RCDBrowser = ResponseCMDDatas;
		RCDMark = RCDBrowser;

		*RCDBrowser++ = RAW_PARAMS;
		WriteValue(&RCDBrowser, 0x01 + NbHeaders);

		RCDObjNbr.Family = OBJ_FAMILY_NBR;
		RCDObjNbr.Id = 0x01;
		RCDObjNbr.Value.Nbr = 0x15;				//SendMeBodies
		WriteObject(&RCDBrowser, RCDObjNbr);

		ObjListIdx = 1;
		SObj9 = SObjA = SObj = NULL;

		while (NbHeaders--)
		{
			RCDObjNbr.Family = OBJ_FAMILY_NBR;
			RCDObjNbr.Id = 0x0A;

			SObj9 = GetObjByID(SessCMDDatas, 0x09, 0x14, ObjListIdx);
			SObjA = GetObjByID(SessCMDDatas, 0x0A, 0x14, ObjListIdx);
			if ((SObj9 == NULL) && (SObjA == NULL))
			{
				printf("Error Getting Header's Body To Request ID..\n");
				return (-1);
			}
			SObj = (SObjA == NULL) ? SObjA : SObj9;

			RCDObjNbr.Value.Nbr = SObj->Value.Nbr;
			WriteObject(&RCDBrowser, RCDObjNbr);

			ObjListIdx += 1;
		}

		ObjBlob.Family = OBJ_FAMILY_BLOB;
		ObjBlob.Id = 0x04;
		ObjBlob.Value.Memory.Memory = RCDMark;
		ObjBlob.Value.Memory.MsZ = (uint)(RCDBrowser - RCDMark);

		*BRSize += BuildUserPacket(Relay, ResponseBuffer, 0xFFFF, 0x6D, SessionProposal->AesStreamOut, 3, ObjSid, ObjSeq, ObjBlob);
		SessionProposal->AesStreamOut->IvecIdx = 0;

		break;
	case 0x2B: //HereAreBodies (-> IAmSyncingHere(0x10))
		uint		NbBodies;

		cprintf(FOREGROUND_BLUE, "HereAreBodies Received.. Response : [SESSIONCMDACK]..\n");

		NbBodies = 0;

		for (Idx = 0; Idx < SessCMDDatas.NbObj; Idx++)
		{
			if ((SessCMDDatas.Objs[Idx].Id == 0x0A) && (SessCMDDatas.Objs[Idx].ObjListInfos.Id == 0x20))
				NbBodies++;
		}

		ObjListIdx = 1;
		while (NbBodies--)
		{
			uint	MId;

			MId = 0x00;

			printf("Message #%d Properties :\n", ObjListIdx);
			
			SoughtObj = GetObjByID(SessCMDDatas, 0x00, 0x20, ObjListIdx);
			if (SoughtObj == NULL)
				printf("No STORE_AGE..\n");
			else
				printf("STORE_AGE : 0x%x\n", SoughtObj->Value.Nbr);

			SoughtObj = GetObjByID(SessCMDDatas, 0x02, 0x20, ObjListIdx);
			if (SoughtObj == NULL)
				printf("No UID_CRC..\n");
			else
				printf("UID_CRC : 0x%x\n", SoughtObj->Value.Nbr);

			SoughtObj = GetObjByID(SessCMDDatas, 0x0A, 0x20, ObjListIdx);
			if (SoughtObj == NULL)
				printf("No MID..\n");
			else
			{
				printf("MID : 0x%x\n", SoughtObj->Value.Nbr);
				MId = SoughtObj->Value.Nbr;
			}

			SoughtObj = GetObjByID(SessCMDDatas, 0x03, 0x20, ObjListIdx);
			if (SoughtObj == NULL)
				printf("No Message Body (?!?)..\n");
			else
			{
				RSA				*SkypeRSA;
				uchar			UnRSA[0xFFF];
				uchar			*PostProcessed;
				uint			PPsZ, Save;
				int				Suite;

				printf("RSA PUB KEY FROM [HEREAREBODIES]\n");
				showmem(SessionProposal->PeerContact->RsaPubKey.Memory, SessionProposal->PeerContact->RsaPubKey.MsZ);
				printf("\n");

				SkypeRSA = RSA_new();
				BN_hex2bn(&(SkypeRSA->n), Bin2HexStr(SessionProposal->PeerContact->RsaPubKey.Memory, MODULUS_SZ));
				BN_hex2bn(&(SkypeRSA->e), "10001");
				PPsZ = SoughtObj->Value.Memory.MsZ;
				SoughtObj->Value.Memory.MsZ -= PPsZ;
				Save = PPsZ;
				PPsZ = 0x80;
				ZeroMemory(UnRSA, 0xFFF);
				PPsZ = RSA_public_decrypt(PPsZ, SoughtObj->Value.Memory.Memory, UnRSA, SkypeRSA, RSA_NO_PADDING);
				RSA_free(SkypeRSA);

				printf("UnRSA :\n");
				showmem(UnRSA, PPsZ);
				printf("\n");

				if (PPsZ == 0xFFFFFFFF)
				{
					printf("Unable To UnRSA Message Body..\n");
					goto UnRSAFailed;
				}

				Suite = Save - PPsZ;
				SoughtObj->Value.Memory.Memory += PPsZ;

				printf("Suite :\n");
				showmem(SoughtObj->Value.Memory.Memory, Suite);
				printf("\n");

				PostProcessed = FinalizeLoginDatas(UnRSA, &PPsZ, (Suite > 0) ? SoughtObj->Value.Memory.Memory : NULL, Suite);

				if (PostProcessed == NULL)
				{
					printf("Bad Datas [METADATAS] Finalization..\n");

					PPsZ = 0x80;
					PostProcessed = FinalizeLoginDatas(UnRSA, &PPsZ, (Suite > 0) ? SoughtObj->Value.Memory.Memory : NULL, Suite);

					goto UnRSAFailed;
				}

				PostProcessed += SHA_DIGEST_LENGTH;
				PPsZ -= SHA_DIGEST_LENGTH;

				PostProcessed += (uint)strlen(SessionProposal->CreatedSStrID);
				PPsZ -= (uint)strlen(SessionProposal->CreatedSStrID);

				showmem(PostProcessed, PPsZ);
				printf("\n");

				SResponse ChatMsgDatas;

				ChatMsgDatas.Objs = NULL;
				ChatMsgDatas.NbObj = 0;

				ManageObjects(&PostProcessed, PPsZ, &ChatMsgDatas);

				if (MId == InitialHeaderID)
				{
					ChatPeerName = _strdup((char *)SessionProposal->PeerContact->DisplayName);

					/*SoughtObj = GetObjByID(ChatMsgDatas, 0x01, -1, -1);
					if (SoughtObj == NULL)
					{
						printf("No ChatPeer Name Specified.. Using Peer DisplayName\n\n");
						ChatPeerName = _strdup((char *)SessionProposal->PeerContact->DisplayName);
					}
					else
						ChatPeerName = _strdup((char *)SoughtObj->Value.Memory.Memory);*/
				}
				else
				{
					SoughtObj = GetObjByID(ChatMsgDatas, 0x02, -1, -1);
					if (SoughtObj == NULL)
						printf("Empty Message..\n\n");
					else
					{
						cprintf(YELLOW, "%s says :\n", ChatPeerName);
						cprintf(YELLOW, "%s\n\n", SoughtObj->Value.Memory.Memory);
					}
				}

				if (MId != 0)
				{
					ObjSid.Family = OBJ_FAMILY_NBR;
					ObjSid.Id = 0x01;
					ObjSid.Value.Nbr = SessionProposal->LocalCreatedSID;

					ObjSeq.Family = OBJ_FAMILY_NBR;
					ObjSeq.Id = 0x03;
					ObjSeq.Value.Nbr =  SeqNbr;
					SeqNbr += 1;

					RCDBrowser = ResponseCMDDatas;
					RCDMark = RCDBrowser;

					*RCDBrowser++ = RAW_PARAMS;
					WriteValue(&RCDBrowser, 0x06);

					RCDObjNbr.Family = OBJ_FAMILY_NBR;
					RCDObjNbr.Id = 0x01;
					RCDObjNbr.Value.Nbr = 0x10;				//IAmSyncingHere
					WriteObject(&RCDBrowser, RCDObjNbr);

					RCDObjNbr.Family = OBJ_FAMILY_NBR;
					RCDObjNbr.Id = 0x0A;
					RCDObjNbr.Value.Nbr = MId;
					WriteObject(&RCDBrowser, RCDObjNbr);

					RCDObjNbr.Family = OBJ_FAMILY_NBR;
					RCDObjNbr.Id = 0x13;
					RCDObjNbr.Value.Nbr = 0x10;
					WriteObject(&RCDBrowser, RCDObjNbr);

					RCDObjNbr.Family = OBJ_FAMILY_NBR;
					RCDObjNbr.Id = 0x22;
					RCDObjNbr.Value.Nbr = 0x01;
					WriteObject(&RCDBrowser, RCDObjNbr);

					RCDObjNbr.Family = OBJ_FAMILY_NBR;
					RCDObjNbr.Id = 0x23;
					RCDObjNbr.Value.Nbr = 0x01;
					WriteObject(&RCDBrowser, RCDObjNbr);

					RCDObjNbr.Family = OBJ_FAMILY_NBR;
					RCDObjNbr.Id = 0x25;
					RCDObjNbr.Value.Nbr = 0x01;
					WriteObject(&RCDBrowser, RCDObjNbr);

					ObjBlob.Family = OBJ_FAMILY_BLOB;
					ObjBlob.Id = 0x04;
					ObjBlob.Value.Memory.Memory = RCDMark;
					ObjBlob.Value.Memory.MsZ = (uint)(RCDBrowser - RCDMark);

					//*BRSize += BuildUserPacket(Relay, ResponseBuffer, 0xFFFF, 0x6D, SessionProposal->AesStreamOut, 3, ObjSid, ObjSeq, ObjBlob);
					//SessionProposal->AesStreamOut->IvecIdx = 0;
				}
			}
UnRSAFailed:
			ObjListIdx += 1;
		}

		break;
	case 0x24: //HereAreCredentialsAndStuff (-> WeAreSyncBuddies (0x0F), SendYourCredentials(0x29), IAmSyncingHere(0x10))
		cprintf(FOREGROUND_BLUE, "HereAreCredentialsAndStuff (TO CRED) Received.. Response : WeAreSyncBuddies + SendYourCredentials + IAmSyncingHere..\n");

		printf("Skipping (TO) Credentials Saving..\n");

		ObjSid.Family = OBJ_FAMILY_NBR;
		ObjSid.Id = 0x01;
		ObjSid.Value.Nbr = SessionProposal->LocalCreatedSID;

		ObjSeq.Family = OBJ_FAMILY_NBR;
		ObjSeq.Id = 0x03;
		ObjSeq.Value.Nbr =  SeqNbr;
		SeqNbr += 1;

		RCDBrowser = ResponseCMDDatas;
		RCDMark = RCDBrowser;

		*RCDBrowser++ = RAW_PARAMS;
		WriteValue(&RCDBrowser, 0x03);

		RCDObjNbr.Family = OBJ_FAMILY_NBR;
		RCDObjNbr.Id = 0x01;
		RCDObjNbr.Value.Nbr = 0x0F;				//WeAreSyncBuddies
		WriteObject(&RCDBrowser, RCDObjNbr);

		RCDObjNbr.Family = OBJ_FAMILY_NBR;
		RCDObjNbr.Id = 0x1C;
		RCDObjNbr.Value.Nbr = 0x01;
		WriteObject(&RCDBrowser, RCDObjNbr);

		RCDObjNbr.Family = OBJ_FAMILY_NBR;
		RCDObjNbr.Id = 0x1D;
		RCDObjNbr.Value.Nbr = 0x01;
		WriteObject(&RCDBrowser, RCDObjNbr);

		ObjBlob.Family = OBJ_FAMILY_BLOB;
		ObjBlob.Id = 0x04;
		ObjBlob.Value.Memory.Memory = RCDMark;
		ObjBlob.Value.Memory.MsZ = (uint)(RCDBrowser - RCDMark);

		*BRSize += BuildUserPacket(Relay, ResponseBuffer, 0xFFFF, 0x6D, SessionProposal->AesStreamOut, 3, ObjSid, ObjSeq, ObjBlob);
		SessionProposal->AesStreamOut->IvecIdx = 0;

		ZeroMemory(ResponseCMDDatas, sizeof(ResponseCMDDatas));

		ObjSid.Family = OBJ_FAMILY_NBR;
		ObjSid.Id = 0x01;
		ObjSid.Value.Nbr = SessionProposal->LocalCreatedSID;

		ObjSeq.Family = OBJ_FAMILY_NBR;
		ObjSeq.Id = 0x03;
		ObjSeq.Value.Nbr =  SeqNbr;
		SeqNbr += 1;

		RCDBrowser = ResponseCMDDatas;
		RCDMark = RCDBrowser;

		*RCDBrowser++ = RAW_PARAMS;
		WriteValue(&RCDBrowser, 0x01);

		RCDObjNbr.Family = OBJ_FAMILY_NBR;
		RCDObjNbr.Id = 0x01;
		RCDObjNbr.Value.Nbr = 0x29;				//SendYourCredentials
		WriteObject(&RCDBrowser, RCDObjNbr);

		ObjBlob.Family = OBJ_FAMILY_BLOB;
		ObjBlob.Id = 0x04;
		ObjBlob.Value.Memory.Memory = RCDMark;
		ObjBlob.Value.Memory.MsZ = (uint)(RCDBrowser - RCDMark);

		*BRSize += BuildUserPacket(Relay, ResponseBuffer, 0xFFFF, 0x6D, SessionProposal->AesStreamOut, 3, ObjSid, ObjSeq, ObjBlob);
		SessionProposal->AesStreamOut->IvecIdx = 0;

		ZeroMemory(ResponseCMDDatas, sizeof(ResponseCMDDatas));

		ObjSid.Family = OBJ_FAMILY_NBR;
		ObjSid.Id = 0x01;
		ObjSid.Value.Nbr = SessionProposal->LocalCreatedSID;

		ObjSeq.Family = OBJ_FAMILY_NBR;
		ObjSeq.Id = 0x03;
		ObjSeq.Value.Nbr =  SeqNbr;
		SeqNbr += 1;

		RCDBrowser = ResponseCMDDatas;
		RCDMark = RCDBrowser;

		*RCDBrowser++ = RAW_PARAMS;
		WriteValue(&RCDBrowser, 0x06);

		RCDObjNbr.Family = OBJ_FAMILY_NBR;
		RCDObjNbr.Id = 0x01;
		RCDObjNbr.Value.Nbr = 0x10;				//IAmSyncingHere
		WriteObject(&RCDBrowser, RCDObjNbr);

		RCDObjNbr.Family = OBJ_FAMILY_NBR;
		RCDObjNbr.Id = 0x0A;
		RCDObjNbr.Value.Nbr = 0xFFFFFFFF;
		WriteObject(&RCDBrowser, RCDObjNbr);

		RCDObjNbr.Family = OBJ_FAMILY_NBR;
		RCDObjNbr.Id = 0x13;
		RCDObjNbr.Value.Nbr = 0x10;
		WriteObject(&RCDBrowser, RCDObjNbr);

		RCDObjNbr.Family = OBJ_FAMILY_NBR;
		RCDObjNbr.Id = 0x22;
		RCDObjNbr.Value.Nbr = 0x01;
		WriteObject(&RCDBrowser, RCDObjNbr);

		RCDObjNbr.Family = OBJ_FAMILY_NBR;
		RCDObjNbr.Id = 0x23;
		RCDObjNbr.Value.Nbr = 0x01;
		WriteObject(&RCDBrowser, RCDObjNbr);

		RCDObjNbr.Family = OBJ_FAMILY_NBR;
		RCDObjNbr.Id = 0x25;
		RCDObjNbr.Value.Nbr = 0x01;
		WriteObject(&RCDBrowser, RCDObjNbr);

		ObjBlob.Family = OBJ_FAMILY_BLOB;
		ObjBlob.Id = 0x04;
		ObjBlob.Value.Memory.Memory = RCDMark;
		ObjBlob.Value.Memory.MsZ = (uint)(RCDBrowser - RCDMark);

		*BRSize += BuildUserPacket(Relay, ResponseBuffer, 0xFFFF, 0x6D, SessionProposal->AesStreamOut, 3, ObjSid, ObjSeq, ObjBlob);
		SessionProposal->AesStreamOut->IvecIdx = 0;

		//SEND SESSION CMD ACK NOT INDISPENSABLE

		break;
	default :
		printf("UnManaged SessionCMD 0x%x..\n", Cmd);
		break;
	}
	return (1);
}