飞信登录过程的协议分析 （TCP直连方式）

1. 用户向服务器发送get请求，获取sip和ssic

GET https://uid.fetion.com.cn/ssiportal/SSIAppSignIn.aspx?mobileno=手机号&pwd=密码

服务器返回如下信息： 

HTTPMessage: Date: Mon, 17 May 2010 04:39:09 GMT

Server: Microsoft-IIS/6.0

X-Powered-By: ASP.NET

X-AspNet-Version: 2.0.50727

Set-Cookie: ssic=DhIOAADSatQxhddLQSDjDno5AHKr/4fQ7i9mqAzjXsH74h1UWRerWJqPpo5YLIs0CoMrWDmEIVb/FO9KBDzvb1SJ7qJuLfkrGMhVgxrJnMEtnG3VD1uoBEqOQ+eXE5/MqtCgIpMAAA==; path=/

Cache-Control: private

Content-Type: text/html; charset=utf-8

Content-Length: 219 

   <?xml version="1.0" encoding="utf-8" ?>

   <results status-code="200">

<user uri=sip:592252757@fetion.com.cn;p=1630 mobile-no="13572997414" user-status="101" user-id="420232113">

<credentials></credentials>

</user>

   </results> 

记录sip和ssic，后面要用到。 

2. 向221.176.31.45：8080发送数据，获取nonce

R fetion.com.cn SIP-C/2.0

F: 592252757       //这个是飞信号

I: 1                 //这个应该是会话编号

Q: 1 R

L: 336              //数据内容的长度 

<args><device type="PC" version="327249223" client-version="3.5.2560" /><caps value="simple-im;im-session;temp-group;personal-group;im-relay;xeno-im;direct-sms;sms2fetion" /><events value="contact;permission;system-message;personal-group;compact" /><user-info attributes="all" /><presence><basic value="400" desc="" /></presence></args> 

服务器返回如下信息：

   SIP-C/2.0 401 Unauthoried

   F: 592252757

   I: 1

   Q: 1 R

W: Digest algorithm="MD5-sess;SHA1-sess",nonce="2A403D5F718C8CDB67D9D367447507E9" 

记录下nonce，下面会用到。 

3. 向221.176.31.45：8080发送response：

R fetion.com.cn SIP-C/2.0

F: 592252757

I: 1

Q: 2 R

A: Digest algorithm="SHA1-sess",response="88EDC599066D6B775CCF4E91637D4A0F",cnonce="627D247341E2C76B51553F413EACB75C",salt="777A6D03",ssic="DhIOAAD+RGauOHll++PD+iSpJwSjgSio8mf1v0pWOKfF8a4YG+i8lP1JfYOYTzbIEVGXYMjqXwxH+nWN5G54oE0o1R4yAHbyoVS4lAFBAazv/tGqaA9QAWDIH00mitYdu7KiRh4AAA=="

L: 336 

<args><device type="PC" version="327249223" client-version="3.5.2560" /><caps value="simple-im;im-session;temp-group;personal-group;im-relay;xeno-im;direct-sms;sms2fetion" /><events value="contact;permission;system-message;personal-group;compact" /><user-info attributes="all" /><presence><basic value="400" desc="" /></presence></args>

如果服务器返回200 OK，即成功登陆。 

其中response计算方法如下：

1. 随机生成一个32位的cnonce (627D247341E2C76B51553F413EACB75C)
2. 指定salt为777A6D03，相应的字符串为wzm\x03 (这个貌似也是任意的)
3. Hash_pwd=(777A6D03+(Salt+密码的sha1值)的sha1值) (777A6D034D3493C9AC1FA46EB512C6CEF1B050E3802CD215)
4. 求sip:fetion.com.cn:hash_pwd字符串的sha1值，得出key
5. 求key:nonce:cnonce字符串的md5值，得出H1
6. 求REGISTER:sip字符串的md5值，得出H2
7. 求H1:nonce:H2字符串的md5值，得出response (88EDC599066D6B775CCF4E91637D4A0F)