diff --git a/data/web/corefork.telegram.org/mtproto/auth_key.html b/data/web/corefork.telegram.org/mtproto/auth_key.html index cc9bec5131..2033c4b7a9 100644 --- a/data/web/corefork.telegram.org/mtproto/auth_key.html +++ b/data/web/corefork.telegram.org/mtproto/auth_key.html @@ -52,7 +52,7 @@ 
resPQ#05162463 nonce:int128 server_nonce:int128 pq:string server_public_key_fingerprints:Vector long = ResPQ;

Here, string pq is a representation of a natural number (in binary big endian format). This number is the product of two different odd prime numbers. Normally, pq is less than or equal to 2^63-1. The value of server_nonce is selected randomly by the server; following this step, it is known to all.

server_public_key_fingerprints is a list of public RSA key fingerprints (64 lower-order bits of SHA1 (server_public_key); the public key is represented as a bare type rsa_public_key n:string e:string = RSAPublicKey, where, as usual, n and e are numbers in big endian format serialized as strings of bytes, following which SHA1 is computed) received by the server.

-

All subsequent messages contain the pair (nonce, server_nonce) both in the plain-text, and the encrypted portions which makes it possible to identify a “temporary session” — one run of the key generation protocol described on this page that uses the same (nonce, server_nonce) pair. An intruder could not create a parallel session with the server with the same parameters and reuse parts of server- or client-encrypted messages for its own purposes in such a parallel session, because a different server_nonce would be selected by the server for any new “temporary session”.

+

All subsequent messages contain the pair (nonce, server_nonce) both in the plain-text, and the encrypted portions which makes it possible to identify a “temporary session” — one run of the key generation protocol described on this page that uses the same (nonce, server_nonce) pair. An intruder could not create a parallel session with the server with the same parameters and reuse parts of server- or client-encrypted messages for its own purposes in such a parallel session, because a different server_nonce would be selected by the server for any new “temporary session”.

Proof of work

3) Client decomposes pq into prime factors such that p < q.

This starts a round of Diffie-Hellman key exchanges.

@@ -76,7 +76,7 @@

Someone might intercept the query and replace it with their own, independently decomposing pq into factors instead of the client. The only field that it makes sense to modify is new_nonce which would be the one an intruder would have to re-generate (because an intruder cannot decrypt the encrypted data sent by the client). Since all subsequent messages are encrypted using new_nonce or contain new_nonce_hash, they will not be processed by the client (an intruder would not be able to make it look as though they had been generated by the server because they would not contain new_nonce). Therefore, this intercept will only result in the intruder's completing the authorization key generation protocol in place of the client and creating a new key (that has nothing to do with the client); however, the same effect could be achieved simply by creating a new key in one's own name.

-

An alternative form of inner data (p_q_inner_data_temp_dc) is used to create temporary keys, that are only stored in the server RAM and are discarded after at most expires_in seconds. The server is free to discard its copy earlier. In all other respects the temporary key generation protocol is the same. After a temporary key is created, the client usually binds it to its principal authorisation key by means of the auth.bindTempAuthKey method, and uses it for all client-server communication until it expires; then a new temporary key is generated. Thus Perfect Forward Secrecy (PFS) in client-server communication is achieved. Read more about PFS »

+

An alternative form of inner data (p_q_inner_data_temp_dc) is used to create temporary keys, that are only stored in the server RAM and are discarded after at most expires_in seconds. The server is free to discard its copy earlier. In all other respects the temporary key generation protocol is the same. After a temporary key is created, the client usually binds it to its principal authorisation key by means of the auth.bindTempAuthKey method, and uses it for all client-server communication until it expires; then a new temporary key is generated. Thus Perfect Forward Secrecy (PFS) in client-server communication is achieved. Read more about PFS »

4.1) RSA_PAD(data, server_public_key) mentioned above is implemented as follows:
-

The retry_id field is equal to zero at the time of the first attempt; otherwise, it is equal to auth_key_aux_hash from the previous failed attempt (see Item 9).

+

The retry_id field is equal to zero at the time of the first attempt; otherwise, it is equal to auth_key_aux_hash from the previous failed attempt (see Item 9).

7) Thereafter, auth_key equals pow(g, {ab}) mod dh_prime; on the server, it is computed as pow(g_b, a) mod dh_prime, and on the client as (g_a)^b mod dh_prime.
8) auth_key_hash is computed := 64 lower-order bits of SHA1 (auth_key). The server checks whether there already is another key with the same auth_key_hash and responds in one of the following ways.

DH key exchange complete

@@ -132,7 +132,7 @@ dh_gen_fail#a69dae02 nonce:int128 server_nonce:int128 new_nonce_hash3:int128 = S
  • new_nonce_hash1, new_nonce_hash2, and new_nonce_hash3 are obtained as the 128 lower-order bits of SHA1 of the byte string derived from the new_nonce string by adding a single byte with the value of 1, 2, or 3, and followed by another 8 bytes with auth_key_aux_hash. Different values are required to prevent an intruder from changing server response dh_gen_ok into dh_gen_retry.
  • auth_key_aux_hash is the 64 higher-order bits of SHA1(auth_key). It must not be confused with auth_key_hash.
    • -

    In the other case, the client goes to Item 6) generating a new b. +

    In the other case, the client goes to Item 6) generating a new b. In the first case, the client and the server have negotiated auth_key, following which they forget all other temporary data, and the client creates another encrypted session using auth_key. At the same time, server_salt is initially set to substr(new_nonce, 0, 8) XOR substr(server_nonce, 0, 8). If required, the client stores the difference between server_time received in 5) and its local time, to be able always to have a good approximation of server time which is required to generate correct message identifiers.

    IMPORTANT: Apart from the conditions on the Diffie-Hellman prime dh_prime and generator g, both sides are to check that g, g_a and g_b are greater than 1 and less than dh_prime - 1. We recommend checking that g_a and g_b are between 2^{2048-64} and dh_prime - 2^{2048-64} as well.

    Error Handling (Lost Queries and Responses)

    diff --git a/data/web/corefork.telegram.org/mtproto/samples-auth_key.html b/data/web/corefork.telegram.org/mtproto/samples-auth_key.html index a238d81deb..1a35b03717 100644 --- a/data/web/corefork.telegram.org/mtproto/samples-auth_key.html +++ b/data/web/corefork.telegram.org/mtproto/samples-auth_key.html @@ -2,14 +2,12 @@ - samples-auth_key + Auth key generation example - - + + - + @@ -41,11 +39,10 @@ For example, for the abridged version of the transport », the…">
    -
    -

    samples-auth_key

    +
    +

    Auth key generation example

    -

    -

    In the examples below, the transport headers are omitted:

    +

    In the examples below, the transport headers are omitted:

    For example, for the abridged version of the transport », the client sends 0xef as the first byte (important: only prior to the very first data packet), then the packet length is encoded with a single byte (0x01-0x7e = data length divided by 4; or 0x7f followed by 3 bytes (little endian) divided by 4) followed by the data itself. In this case, server responses have the same structure (although the server does not send 0xefas the first byte).

    @@ -53,9 +50,9 @@ For example, for the abridged version of the transport », the…">

    1. request req_pq_multi

    Sent payload (excluding transport headers/trailers):

    -
    0000 | 00 00 00 00 00 00 00 00 00 00 00 00 58 9A 9C 64
-0010 | 14 00 00 00 F1 8E 7E BE 61 07 9B D3 CE 40 0A AA
-0020 | C0 6A 7E C0 F9 E7 0A F2
    +
    0000 | 00 00 00 00 00 00 00 00 00 00 00 00 DC 9D 9C 64
+0010 | 14 00 00 00 F1 8E 7E BE 36 5B 3A 12 7C 5B 59 09
+0020 | 49 0E 6C 3A EC EC 01 26

    Payload (de)serialization:

    req_pq_multi#be7e8ef1 nonce:int128 = ResPQ;
    @@ -77,7 +74,7 @@ For example, for the abridged version of the transport », the…"> - + @@ -95,7 +92,7 @@ For example, for the abridged version of the transport », the…"> - + @@ -104,11 +101,11 @@ For example, for the abridged version of the transport », the…">

    2. response respq

    Received payload (excluding transport headers/trailers):

    -
    0000 | 00 00 00 00 00 00 00 00 01 68 EB F7 58 9A 9C 64
-0010 | 7C 00 00 00 63 24 16 05 61 07 9B D3 CE 40 0A AA
-0020 | C0 6A 7E C0 F9 E7 0A F2 F3 3B CB F4 A8 C2 3D 6A
-0030 | EE 2D 08 5D 77 13 F5 B1 08 14 E0 52 91 6A AF 01
-0040 | 01 00 00 00 15 C4 B5 1C 03 00 00 00 A5 B7 F7 09
+
    0000 | 00 00 00 00 00 00 00 00 01 90 2F 78 DC 9D 9C 64
+0010 | 54 00 00 00 63 24 16 05 36 5B 3A 12 7C 5B 59 09
+0020 | 49 0E 6C 3A EC EC 01 26 C2 18 4E 38 BA C1 64 9C
+0030 | 35 FD 28 FC 20 E9 A7 EA 08 25 35 F6 04 92 13 80
+0040 | 5B 00 00 00 15 C4 B5 1C 03 00 00 00 A5 B7 F7 09
 0050 | 35 5F C3 0B 21 6B E8 6C 02 2B B4 C3 85 FD 64 DE
 0060 | 85 1D 9D D0
    
 
    Payload (de)serialization:
    
@@ -132,13 +129,13 @@ For example, for the abridged version of the transport », the…">
    - + - + @@ -150,19 +147,19 @@ For example, for the abridged version of the transport », the…"> - + - + - + @@ -207,26 +204,23 @@ For example, for the abridged version of the transport », the…">

    2.1. decompose p and q

    -
    pq = 1504293060055335169
    -

    Decompose into 2 prime cofactors: 1504293060055335169 = 1019397109 * 1475669341

    -
    p = 1019397109
-q = 1475669341
    +
    pq = 2681319652660052059
    +

    Decompose into 2 prime cofactors: 2681319652660052059 = 1608915439 * 1666538581

    +
    p = 1608915439
+q = 1666538581

    2.2. encrypted_data generation

    Generated payload (excluding transport headers/trailers):

    -
    0000 | 95 5F F5 A9 08 14 E0 52 91 6A AF 01 01 00 00 00
-0010 | 04 3C C2 C3 F5 00 00 00 04 57 F4 ED 5D 00 00 00
-0020 | 61 07 9B D3 CE 40 0A AA C0 6A 7E C0 F9 E7 0A F2
-0030 | F3 3B CB F4 A8 C2 3D 6A EE 2D 08 5D 77 13 F5 B1
-0040 | 77 C0 A6 8B C9 A6 9D B0 E0 49 94 75 DD 0E ED 08
-0050 | 0B F0 59 CA 67 9B A9 AB AC B5 BB CF 69 25 76 FA
+
    0000 | 95 5F F5 A9 08 25 35 F6 04 92 13 80 5B 00 00 00
+0010 | 04 5F E6 19 EF 00 00 00 04 63 55 5C 55 00 00 00
+0020 | 36 5B 3A 12 7C 5B 59 09 49 0E 6C 3A EC EC 01 26
+0030 | C2 18 4E 38 BA C1 64 9C 35 FD 28 FC 20 E9 A7 EA
+0040 | AA BB EA 0C 77 25 B4 A6 27 D8 E4 05 7B C3 BD A4
+0050 | DF B4 30 72 30 91 E0 E2 0F BD 94 FC D0 F2 6F 24
 0060 | 02 00 00 00
    
 
    Payload (de)serialization:
    
-
    p_q_inner_data_dc#a9f55f95 pq:string p:string q:string nonce:int128 server_nonce:int128 new_nonce:int256 dc:int = P_Q_inner_data;
-p_q_inner_data_temp_dc#56fddf88 pq:string p:string q:string nonce:int128 server_nonce:int128 new_nonce:int256 dc:int expires_in:int = P_Q_inner_data;
-p_q_inner_data#83c95aec pq:string p:string q:string nonce:int128 server_nonce:int128 new_nonce:int256 = P_Q_inner_data;
-p_q_inner_data_temp#3c6a84d4 pq:string p:string q:string nonce:int128 server_nonce:int128 new_nonce:int256 expires_in:int = P_Q_inner_data;
    
+
    p_q_inner_data_dc#a9f55f95 pq:string p:string q:string nonce:int128 server_nonce:int128 new_nonce:int256 dc:int = P_Q_inner_data;
    message_id 8, 800000000589A9C6400000000DC9D9C64 Exact unixtime*2^32, +(4*N) if N messages with the same message ID were already generated
    nonce 24, 1661079BD3CE400AAAC06A7EC0F9E70AF2365B3A127C5B5909490E6C3AECEC0126 Random number
    message_id 8, 80168EBF7589A9C6401902F78DC9D9C64 Exact unixtime*2^32, +(4*N) if N messages with the same message ID were already generated
    message_length 16, 47C000000 (124 in decimal)54000000 (84 in decimal) Message body length
    nonce 24, 1661079BD3CE400AAAC06A7EC0F9E70AF2365B3A127C5B5909490E6C3AECEC0126 Value generated by client in Step 1
    server_nonce 40, 16F33BCBF4A8C23D6AEE2D085D7713F5B1C2184E38BAC1649C35FD28FC20E9A7EA Server-generated random number
    pq 56, 120814E052916AAF0101000000
    TL byte deserialization
    => bigendian conversion to decimal
    => 1504293060055335169    		082535F6049213805B000000
    TL byte deserialization
    => bigendian conversion to decimal
    => 2681319652660052059    		 Single-byte prefix denoting length, an 8-byte string, and three bytes of padding
    @@ -246,37 +240,37 @@ p_q_inner_data_temp#3c6a84d4 pq:string p:string q:string nonce:int128 server_non - + - + - + - + - + - + @@ -291,39 +285,39 @@ p_q_inner_data_temp#3c6a84d4 pq:string p:string q:string nonce:int128 server_non

    The serialization of P_Q_inner_data produces data, which is used to generate encrypted_data as specified in step 4.1.
    These are the inputs to the algorithm specified in step 4.1:

    -
    data = 955FF5A90814E052916AAF0101000000043CC2C3F50000000457F4ED5D00000061079BD3CE400AAAC06A7EC0F9E70AF2F33BCBF4A8C23D6AEE2D085D7713F5B177C0A68BC9A69DB0E0499475DD0EED080BF059CA679BA9ABACB5BBCF692576FA02000000
-random_padding_bytes = E5019A0D9F552D15ACB43E2264CD899B8F87534B8D3C6BD8DEBA75BBFD953DBD9141C0C87E30E96A343AAF4EA390489899E3325E01CC03C40198DDEA8CB382D6BCCB30380AD5FFA5AD054B2DC9BEB280C0039AF3C7DC0D6C62ED3703
    +
    data = 955FF5A9082535F6049213805B000000045FE619EF0000000463555C55000000365B3A127C5B5909490E6C3AECEC0126C2184E38BAC1649C35FD28FC20E9A7EAAABBEA0C7725B4A627D8E4057BC3BDA4DFB430723091E0E20FBD94FCD0F26F2402000000
+random_padding_bytes = 216450FD2A974A81475A90261BAE56428354F18BEE55BFB415135941FFA2607DA534FB9099CB6B7A33FBF9E40ADCD43CB29C14B8E4C16DC2E0471A1E92D21966398AF8FF1EFEEF787DEB0D5AB1AA674D154799D1C9E9DBECA2682FD5

    And this is the output:

    -
    encrypted_data = CFCCD0A2FE4CE6DA364CAD61560586C2A0481427128257864AF9BA9B047612F7030BECC81F3A911A8A9178E2EA0205297B3A70B9C4001273E817C289613DC2F80033EEE5B41ED7B6C8EBB2CDAAFBB1115B800F736D0B5651FD279F13D7E23B13365FBE0F561137D7D33A32BCD2FAEB8091FF528BEFD48EF6EAAB42BE1201E879259EC477AD033CBD13C2C1607F9EB61663CE372DD5E7999FC5F0CE6B7903AE812BDDA619551BFBE69218BEC7E550B2E5E8428C2C8AF615ACD34F53D25737B87280E28BB2157B34987C00C1F45D734D79364166BB1FA275DA0563DBE09EFBC03450450947196C526A580A09B25F4CB23786ABFB00862AE177183A9FADA88E86D3
    +
    encrypted_data = 272390AE7D9BD642310E05D77A4C34AE44CA3790AA81FAA4D18DE327DF7DF575105FDD874416F2E907C97AA97A0697D460E3824C51397675E5314196EBF6E1E771436830844417671E295822E1FB892DC830CEFC756EBBF5926703930918FC0FA379B350D5C4F74C8221622C58BD0561E898DDC1F614AE73A6D6E727D1857361E7940A233DB206A23F7B02A109C0D694DF29CC9C63085A98F6C478A726C7D01889DB009A471C2C471530AD95FDD7989B13D6216345314BEF01E84C8D673786861343A9979C54DD937BFA1A1B12C02B303EAFC9F69F16DBBED0AD5689495B90DD2F4062562DCF7934B75F5F00C9059005CE581DC2EE704548703E74C975EED2E4

    The length of the final string is 256 bytes.

    3. request req_dh_params

    Sent payload (excluding transport headers/trailers):

    -
    0000 | 00 00 00 00 00 00 00 00 00 00 00 00 59 9A 9C 64
-0010 | 40 01 00 00 BE E4 12 D7 61 07 9B D3 CE 40 0A AA
-0020 | C0 6A 7E C0 F9 E7 0A F2 F3 3B CB F4 A8 C2 3D 6A
-0030 | EE 2D 08 5D 77 13 F5 B1 04 3C C2 C3 F5 00 00 00
-0040 | 04 57 F4 ED 5D 00 00 00 85 FD 64 DE 85 1D 9D D0
-0050 | FE 00 01 00 CF CC D0 A2 FE 4C E6 DA 36 4C AD 61
-0060 | 56 05 86 C2 A0 48 14 27 12 82 57 86 4A F9 BA 9B
-0070 | 04 76 12 F7 03 0B EC C8 1F 3A 91 1A 8A 91 78 E2
-0080 | EA 02 05 29 7B 3A 70 B9 C4 00 12 73 E8 17 C2 89
-0090 | 61 3D C2 F8 00 33 EE E5 B4 1E D7 B6 C8 EB B2 CD
-00A0 | AA FB B1 11 5B 80 0F 73 6D 0B 56 51 FD 27 9F 13
-00B0 | D7 E2 3B 13 36 5F BE 0F 56 11 37 D7 D3 3A 32 BC
-00C0 | D2 FA EB 80 91 FF 52 8B EF D4 8E F6 EA AB 42 BE
-00D0 | 12 01 E8 79 25 9E C4 77 AD 03 3C BD 13 C2 C1 60
-00E0 | 7F 9E B6 16 63 CE 37 2D D5 E7 99 9F C5 F0 CE 6B
-00F0 | 79 03 AE 81 2B DD A6 19 55 1B FB E6 92 18 BE C7
-0100 | E5 50 B2 E5 E8 42 8C 2C 8A F6 15 AC D3 4F 53 D2
-0110 | 57 37 B8 72 80 E2 8B B2 15 7B 34 98 7C 00 C1 F4
-0120 | 5D 73 4D 79 36 41 66 BB 1F A2 75 DA 05 63 DB E0
-0130 | 9E FB C0 34 50 45 09 47 19 6C 52 6A 58 0A 09 B2
-0140 | 5F 4C B2 37 86 AB FB 00 86 2A E1 77 18 3A 9F AD
-0150 | A8 8E 86 D3
    +
    0000 | 00 00 00 00 00 00 00 00 04 00 00 00 DC 9D 9C 64
+0010 | 40 01 00 00 BE E4 12 D7 36 5B 3A 12 7C 5B 59 09
+0020 | 49 0E 6C 3A EC EC 01 26 C2 18 4E 38 BA C1 64 9C
+0030 | 35 FD 28 FC 20 E9 A7 EA 04 5F E6 19 EF 00 00 00
+0040 | 04 63 55 5C 55 00 00 00 85 FD 64 DE 85 1D 9D D0
+0050 | FE 00 01 00 27 23 90 AE 7D 9B D6 42 31 0E 05 D7
+0060 | 7A 4C 34 AE 44 CA 37 90 AA 81 FA A4 D1 8D E3 27
+0070 | DF 7D F5 75 10 5F DD 87 44 16 F2 E9 07 C9 7A A9
+0080 | 7A 06 97 D4 60 E3 82 4C 51 39 76 75 E5 31 41 96
+0090 | EB F6 E1 E7 71 43 68 30 84 44 17 67 1E 29 58 22
+00A0 | E1 FB 89 2D C8 30 CE FC 75 6E BB F5 92 67 03 93
+00B0 | 09 18 FC 0F A3 79 B3 50 D5 C4 F7 4C 82 21 62 2C
+00C0 | 58 BD 05 61 E8 98 DD C1 F6 14 AE 73 A6 D6 E7 27
+00D0 | D1 85 73 61 E7 94 0A 23 3D B2 06 A2 3F 7B 02 A1
+00E0 | 09 C0 D6 94 DF 29 CC 9C 63 08 5A 98 F6 C4 78 A7
+00F0 | 26 C7 D0 18 89 DB 00 9A 47 1C 2C 47 15 30 AD 95
+0100 | FD D7 98 9B 13 D6 21 63 45 31 4B EF 01 E8 4C 8D
+0110 | 67 37 86 86 13 43 A9 97 9C 54 DD 93 7B FA 1A 1B
+0120 | 12 C0 2B 30 3E AF C9 F6 9F 16 DB BE D0 AD 56 89
+0130 | 49 5B 90 DD 2F 40 62 56 2D CF 79 34 B7 5F 5F 00
+0140 | C9 05 90 05 CE 58 1D C2 EE 70 45 48 70 3E 74 C9
+0150 | 75 EE D2 E4

    Payload (de)serialization:

    req_DH_params#d712e4be nonce:int128 server_nonce:int128 p:string q:string public_key_fingerprint:long encrypted_data:string = Server_DH_Params;
    pq 4, 120814E052916AAF0101000000
    TL byte deserialization
    => bigendian conversion to decimal
    => 1504293060055335169    		082535F6049213805B000000
    TL byte deserialization
    => bigendian conversion to decimal
    => 2681319652660052059    		 Single-byte prefix denoting length, 8-byte string, and three bytes of padding
    p 16, 8043CC2C3F5000000
    TL byte deserialization
    => bigendian conversion to decimal
    => 1019397109    		045FE619EF000000
    TL byte deserialization
    => bigendian conversion to decimal
    => 1608915439    		 First prime cofactor: single-byte prefix denoting length, 4-byte string, and three bytes of padding
    q 24, 80457F4ED5D000000
    TL byte deserialization
    => bigendian conversion to decimal
    => 1475669341    		0463555C55000000
    TL byte deserialization
    => bigendian conversion to decimal
    => 1666538581    		 Second prime cofactor: single-byte prefix denoting length, 4-byte string, and three bytes of padding
    nonce 32, 1661079BD3CE400AAAC06A7EC0F9E70AF2365B3A127C5B5909490E6C3AECEC0126 Value generated by client in Step 1
    server_nonce 48, 16F33BCBF4A8C23D6AEE2D085D7713F5B1C2184E38BAC1649C35FD28FC20E9A7EA Value received from server in Step 2
    new_nonce 64, 3277C0A68BC9A69DB0E0499475DD0EED08 0BF059CA679BA9ABACB5BBCF692576FAAABBEA0C7725B4A627D8E4057BC3BDA4 DFB430723091E0E20FBD94FCD0F26F24 Client-generated random number
    @@ -345,7 +339,7 @@ random_padding_bytes = E5019A0D9F552D15ACB43E2264CD899B8F87534B8D3C6BD8DEBA75BBF - + @@ -363,25 +357,25 @@ random_padding_bytes = E5019A0D9F552D15ACB43E2264CD899B8F87534B8D3C6BD8DEBA75BBF - + - + - + - + @@ -393,7 +387,7 @@ random_padding_bytes = E5019A0D9F552D15ACB43E2264CD899B8F87534B8D3C6BD8DEBA75BBF - + @@ -402,50 +396,49 @@ random_padding_bytes = E5019A0D9F552D15ACB43E2264CD899B8F87534B8D3C6BD8DEBA75BBF

    4. response server_dh_params_ok

    Received payload (excluding transport headers/trailers):

    -
    0000 | 00 00 00 00 00 00 00 00 01 64 79 85 59 9A 9C 64
-0010 | E8 02 00 00 5C 07 E8 D0 61 07 9B D3 CE 40 0A AA
-0020 | C0 6A 7E C0 F9 E7 0A F2 F3 3B CB F4 A8 C2 3D 6A
-0030 | EE 2D 08 5D 77 13 F5 B1 FE 50 02 00 F1 B0 F8 E0
-0040 | E2 34 D3 3F 9E 48 D8 71 E1 2F C9 0C E8 8E A5 36
-0050 | E0 A5 61 EE 54 63 15 8E 72 20 8C F7 90 CD AD 29
-0060 | A3 31 6D D8 F3 6F B9 4C DD 11 9B D7 7B 4C 7A 62
-0070 | EF BC 3E 6E DC 40 10 E8 9E 72 08 65 1C 72 62 15
-0080 | 5C 79 1F 23 52 EB F9 7F C6 88 3C 59 BB 94 03 3E
-0090 | DE 00 6E 25 2C 46 FA 2F 7B 0B CA C6 35 4A F4 23
-00A0 | 87 3F 70 5B DE 51 AC 92 4F 1B 59 25 8C DB 03 AB
-00B0 | CA 67 AD 5B 2F F1 84 7C F5 DB 3F 0F 0A 65 52 5D
-00C0 | EA B4 E0 FE A2 B3 BD F7 CB 47 52 15 CF CB BF 07
-00D0 | 82 14 4B 7A 09 15 3A F9 AC B6 37 AC 8C 37 38 97
-00E0 | 7A 48 0A 1C 36 7F 13 95 40 43 40 E9 34 F6 46 28
-00F0 | C1 7C D3 3F E5 FD CB 36 26 38 AD C4 18 34 CE B6
-0100 | B4 3C 25 F8 07 25 93 D2 17 2F B2 93 1A E1 D7 4D
-0110 | 5F 62 49 3A 29 EC 52 B3 1C 91 19 56 AD 8B 10 57
-0120 | CE AB 92 0B A1 02 A7 0D B6 78 A1 FE 5D 5A 7A 42
-0130 | 87 16 F5 CC 06 3E BB EC F6 77 6A F4 AE 2D D2 E2
-0140 | BA CB A2 82 40 B9 0E 26 76 B0 5C E2 7F 39 12 75
-0150 | 10 44 12 A6 5E 5B 56 FC 74 1B 62 FE A8 BA 1D 61
-0160 | 2C F1 FF 83 AE 51 32 26 42 B6 2B 60 58 25 84 D2
-0170 | 45 9C 94 6A 49 72 25 C7 55 C0 3C A5 21 9C FA 50
-0180 | F9 00 68 5C FD 26 D7 5E 11 26 7F F4 82 A3 CE A1
-0190 | DC 50 FA B8 7E 08 CB 91 4F A4 F6 58 3A 1A 69 10
-01A0 | 4E 03 4D BA 05 46 70 F2 2A D2 66 FE 80 0D 87 24
-01B0 | 28 B5 16 5D C5 4D 87 FF E9 92 D3 1B 25 A0 E0 4F
-01C0 | FC 70 08 D7 E5 BE 02 24 30 63 03 30 D3 65 D7 B2
-01D0 | 8D 33 EC 8F 54 D4 DF 5C 5E D0 D9 E8 A1 75 35 C8
-01E0 | A0 3B 25 F4 B2 97 D4 EC 03 6D 6A EE DF 84 65 3E
-01F0 | 63 DD DE E7 A2 B9 1A 0F 0C 24 64 FE 56 CD 63 D6
-0200 | 43 15 F7 7D DF 6B 44 29 E6 C1 EC 71 69 FC 1F 74
-0210 | 96 31 54 73 8E 34 DF 12 01 E6 8B D0 3B 5D 7C BC
-0220 | C6 D7 E2 82 0C 4C 05 B5 1A F1 67 43 7E 42 63 E2
-0230 | 43 E4 52 93 24 6A C6 3C 3B 7A EE 5D F2 95 63 85
-0240 | 38 21 61 C8 76 D7 81 22 84 5E 70 BF 4A 37 C1 48
-0250 | E3 CB EF 47 49 FE 92 E6 6B 9D BA 10 32 1B EA F7
-0260 | 72 81 89 CD CE 8A 0D 80 54 8F A1 6A 36 9A 8F 66
-0270 | 89 B6 E2 FC E5 65 20 C4 95 14 22 F2 B2 13 D9 17
-0280 | A5 6F F9 4F 4D 91 BB 96 86 7A 87 61
    +
    0000 | 00 00 00 00 00 00 00 00 01 F4 AA 18 DD 9D 9C 64
+0010 | 84 02 00 00 5C 07 E8 D0 36 5B 3A 12 7C 5B 59 09
+0020 | 49 0E 6C 3A EC EC 01 26 C2 18 4E 38 BA C1 64 9C
+0030 | 35 FD 28 FC 20 E9 A7 EA FE 50 02 00 70 2F F1 03
+0040 | 2B 5B A7 26 4B 04 CD 20 AA 98 0F B8 21 79 D0 16
+0050 | 27 46 00 12 8E C8 6B 8E 70 5D 09 B6 C9 23 9A A6
+0060 | 97 A9 9D 0D 6B 9F 39 7B 58 12 2C 49 20 5C 60 62
+0070 | 90 C6 4B 67 FD 47 AA 12 5E BC 78 20 89 1E 11 7C
+0080 | 99 10 98 4D 5F 82 4F 3B 51 3E 11 2E 73 3D 3A 79
+0090 | 5C 0C 82 F1 59 36 4B 35 9F ED 51 E0 65 AE 46 4E
+00A0 | 0A DF F0 5E 65 75 95 EF 0D DE 7D 28 D7 3A 86 42
+00B0 | 04 85 48 3C BD 77 AD EE 1B AF CB 00 02 07 4D 76
+00C0 | 6A C6 B7 C3 0D 4B 41 2F E2 DE 9B C7 0E FD 5D C2
+00D0 | E7 BA A4 D5 2E 96 AF E6 8A FB 4D E4 C1 8E 16 03
+00E0 | 4E 1F 0D 1E D8 93 07 B7 32 45 95 BF 8F DF 83 4C
+00F0 | 10 9E A1 E0 B9 D9 D0 B6 56 A3 B3 BB B1 C3 FC 36
+0100 | 27 FF F3 DE 47 0D 22 C8 37 5B 6C 76 99 AD 67 EF
+0110 | 0F 72 0B 16 F9 EA 69 5C 53 0D 13 E5 85 A7 E6 12
+0120 | 90 99 58 17 CB 21 ED 22 CD 74 BB 94 21 8C 39 CB
+0130 | A8 60 F6 65 3E 43 BB C7 2C 02 A0 47 B8 11 CD 4D
+0140 | 6A 48 46 EF A8 D3 F9 19 06 D9 05 6A AF 89 0E 0E
+0150 | F5 1E A3 A7 2D FC 7F B6 CE 81 74 6F 1E A0 45 CF
+0160 | B5 71 4D 2A E0 4E C0 12 CF 9A 44 24 CC B2 3C CC
+0170 | BB 4C 84 82 CE BF 06 4B EE 18 EE AF 2A 43 85 01
+0180 | 99 C7 44 31 ED BB 10 5C 63 CA 66 BA 31 37 84 40
+0190 | 5D B0 E7 4F DD 70 D0 D5 E2 2E FD 16 57 2B 79 0F
+01A0 | 9C E2 03 5E 51 E6 8B 82 7B 1B 7C 8E 36 48 E2 C3
+01B0 | 7F BE F2 4A D2 5D 7E 97 95 B9 18 3D B2 C8 6E 30
+01C0 | 8B 31 04 6E E2 92 3C C6 58 12 2F C9 02 40 95 C2
+01D0 | 93 F7 E7 F7 E9 59 6C C0 75 0F 55 86 F2 0F 85 6A
+01E0 | 56 1F A6 E2 FE 66 06 7C C7 5B A0 F1 A9 ED 76 C9
+01F0 | FE DC 8B 13 77 FB DB 9C CC D0 29 37 DD 8E EA 22
+0200 | 58 54 5A AA AB 6C BC 77 D9 1D 3F 22 87 41 DE 65
+0210 | AB 49 26 4B 36 1B 93 6D 7B E2 06 AA D1 90 4C A5
+0220 | 3D 29 14 48 DA D1 98 8B B2 77 9F 15 F6 F9 E8 26
+0230 | 2A 7E C2 69 0D 8A 19 4F 0A 66 E8 0C 2C 18 90 1C
+0240 | FD 81 1B 7C 2A 6A 07 DE 5A 62 AC 53 E6 BC F0 67
+0250 | 9B A3 00 C4 E3 50 1D DF C5 0B 2E 5E 64 69 5A 2F
+0260 | 38 C8 97 AD 6C DF 59 6B EB C7 5F 57 AB C5 F2 92
+0270 | 8D 7C AE E7 9C 23 66 BA 19 72 FE 1D 98 95 04 1D
+0280 | 4D 7F C8 48 3C 96 46 BB 1E BE FB 4D

    Payload (de)serialization:

    -
    server_DH_params_fail#79cb045d nonce:int128 server_nonce:int128 new_nonce_hash:int128 = Server_DH_Params;
-server_DH_params_ok#d0e8075c nonce:int128 server_nonce:int128 encrypted_answer:string = Server_DH_Params;
    +
    server_DH_params_ok#d0e8075c nonce:int128 server_nonce:int128 encrypted_answer:string = Server_DH_Params;
    message_id 8, 800000000599A9C6404000000DC9D9C64 Exact unixtime*2^32, +(4*N) if N messages with the same message ID were already generated
    nonce 24, 1661079BD3CE400AAAC06A7EC0F9E70AF2365B3A127C5B5909490E6C3AECEC0126 Value generated by client in Step 1
    server_nonce 40, 16F33BCBF4A8C23D6AEE2D085D7713F5B1C2184E38BAC1649C35FD28FC20E9A7EA Value received from server in Step 2
    p 56, 8043CC2C3F5000000
    TL byte deserialization
    => bigendian conversion to decimal
    => 1019397109    		045FE619EF000000
    TL byte deserialization
    => bigendian conversion to decimal
    => 1608915439    		 First prime cofactor: single-byte prefix denoting length, 4-byte string, and three bytes of padding
    q 64, 80457F4ED5D000000
    TL byte deserialization
    => bigendian conversion to decimal
    => 1475669341    		0463555C55000000
    TL byte deserialization
    => bigendian conversion to decimal
    => 1666538581    		 Second prime cofactor: single-byte prefix denoting length, 4-byte string, and three bytes of padding
    encrypted_data 80, 260FE000100CFCCD0A2FE4CE6DA364CAD61 560586C2A0481427128257864AF9BA9B 047612F7030BECC81F3A911A8A9178E2 EA0205297B3A70B9C4001273E817C289 613DC2F80033EEE5B41ED7B6C8EBB2CD AAFBB1115B800F736D0B5651FD279F13 D7E23B13365FBE0F561137D7D33A32BC D2FAEB8091FF528BEFD48EF6EAAB42BE 1201E879259EC477AD033CBD13C2C160 7F9EB61663CE372DD5E7999FC5F0CE6B 7903AE812BDDA619551BFBE69218BEC7 E550B2E5E8428C2C8AF615ACD34F53D2 5737B87280E28BB2157B34987C00C1F4 5D734D79364166BB1FA275DA0563DBE0 9EFBC03450450947196C526A580A09B2 5F4CB23786ABFB00862AE177183A9FAD
    A88E86D3    		FE000100272390AE7D9BD642310E05D7 7A4C34AE44CA3790AA81FAA4D18DE327 DF7DF575105FDD874416F2E907C97AA9 7A0697D460E3824C51397675E5314196 EBF6E1E771436830844417671E295822 E1FB892DC830CEFC756EBBF592670393 0918FC0FA379B350D5C4F74C8221622C 58BD0561E898DDC1F614AE73A6D6E727 D1857361E7940A233DB206A23F7B02A1 09C0D694DF29CC9C63085A98F6C478A7 26C7D01889DB009A471C2C471530AD95 FDD7989B13D6216345314BEF01E84C8D 673786861343A9979C54DD937BFA1A1B 12C02B303EAFC9F69F16DBBED0AD5689 495B90DD2F4062562DCF7934B75F5F00 C9059005CE581DC2EE704548703E74C9
    75EED2E4    		 See Generation of encrypted_data »
    @@ -465,13 +458,13 @@ server_DH_params_ok#d0e8075c nonce:int128 server_nonce:int128 encrypted_answer:s - + - + @@ -483,19 +476,19 @@ server_DH_params_ok#d0e8075c nonce:int128 server_nonce:int128 encrypted_answer:s - + - + - + @@ -504,20 +497,20 @@ server_DH_params_ok#d0e8075c nonce:int128 server_nonce:int128 encrypted_answer:s

    4.1 server_dh_inner_data decryption and deserialization

    Decrypt encrypted_answer using the reverse of the process specified in step 5:

    -
    encrypted_answer = F1B0F8E0E234D33F9E48D871E12FC90CE88EA536E0A561EE5463158E72208CF790CDAD29A3316DD8F36FB94CDD119BD77B4C7A62EFBC3E6EDC4010E89E7208651C7262155C791F2352EBF97FC6883C59BB94033EDE006E252C46FA2F7B0BCAC6354AF423873F705BDE51AC924F1B59258CDB03ABCA67AD5B2FF1847CF5DB3F0F0A65525DEAB4E0FEA2B3BDF7CB475215CFCBBF0782144B7A09153AF9ACB637AC8C3738977A480A1C367F1395404340E934F64628C17CD33FE5FDCB362638ADC41834CEB6B43C25F8072593D2172FB2931AE1D74D5F62493A29EC52B31C911956AD8B1057CEAB920BA102A70DB678A1FE5D5A7A428716F5CC063EBBECF6776AF4AE2DD2E2BACBA28240B90E2676B05CE27F391275104412A65E5B56FC741B62FEA8BA1D612CF1FF83AE51322642B62B60582584D2459C946A497225C755C03CA5219CFA50F900685CFD26D75E11267FF482A3CEA1DC50FAB87E08CB914FA4F6583A1A69104E034DBA054670F22AD266FE800D872428B5165DC54D87FFE992D31B25A0E04FFC7008D7E5BE022430630330D365D7B28D33EC8F54D4DF5C5ED0D9E8A17535C8A03B25F4B297D4EC036D6AEEDF84653E63DDDEE7A2B91A0F0C2464FE56CD63D64315F77DDF6B4429E6C1EC7169FC1F74963154738E34DF1201E68BD03B5D7CBCC6D7E2820C4C05B51AF167437E4263E243E45293246AC63C3B7AEE5DF2956385382161C876D78122845E70BF4A37C148E3CBEF4749FE92E66B9DBA10321BEAF7728189CDCE8A0D80548FA16A369A8F6689B6E2FCE56520C4951422F2B213D917A56FF94F4D91BB96867A8761
-tmp_aes_key = 83E6FC26B9543A3D5FE6357D7DF98DC7E5EDA4B1791A2973A414443CD6736E2B
-tmp_aes_iv = F61B20DAF8A413BCEBE132A7EE9410C958F7B1C3537E82A7C35E899F77C0A68B
    +
    encrypted_answer = 702FF1032B5BA7264B04CD20AA980FB82179D016274600128EC86B8E705D09B6C9239AA697A99D0D6B9F397B58122C49205C606290C64B67FD47AA125EBC7820891E117C9910984D5F824F3B513E112E733D3A795C0C82F159364B359FED51E065AE464E0ADFF05E657595EF0DDE7D28D73A86420485483CBD77ADEE1BAFCB0002074D766AC6B7C30D4B412FE2DE9BC70EFD5DC2E7BAA4D52E96AFE68AFB4DE4C18E16034E1F0D1ED89307B7324595BF8FDF834C109EA1E0B9D9D0B656A3B3BBB1C3FC3627FFF3DE470D22C8375B6C7699AD67EF0F720B16F9EA695C530D13E585A7E61290995817CB21ED22CD74BB94218C39CBA860F6653E43BBC72C02A047B811CD4D6A4846EFA8D3F91906D9056AAF890E0EF51EA3A72DFC7FB6CE81746F1EA045CFB5714D2AE04EC012CF9A4424CCB23CCCBB4C8482CEBF064BEE18EEAF2A43850199C74431EDBB105C63CA66BA313784405DB0E74FDD70D0D5E22EFD16572B790F9CE2035E51E68B827B1B7C8E3648E2C37FBEF24AD25D7E9795B9183DB2C86E308B31046EE2923CC658122FC9024095C293F7E7F7E9596CC0750F5586F20F856A561FA6E2FE66067CC75BA0F1A9ED76C9FEDC8B1377FBDB9CCCD02937DD8EEA2258545AAAAB6CBC77D91D3F228741DE65AB49264B361B936D7BE206AAD1904CA53D291448DAD1988BB2779F15F6F9E8262A7EC2690D8A194F0A66E80C2C18901CFD811B7C2A6A07DE5A62AC53E6BCF0679BA300C4E3501DDFC50B2E5E64695A2F38C897AD6CDF596BEBC75F57ABC5F2928D7CAEE79C2366BA1972FE1D9895041D4D7FC8483C9646BB1EBEFB4D
+tmp_aes_key = 81A769A19DC0ED0D3DABE397D479407674D72119F479C1425094F54AB0188100
+tmp_aes_iv = 3C22B0B11A532C2778AEB3002E5331A7B5D59D62E0E72FA734EB7B62AABBEA0C

    Yielding:

    -
    answer_with_hash = B0130D06F5DE68C63D9D8BAD16F534BEE3EE354BBA0D89B561079BD3CE400AAAC06A7EC0F9E70AF2F33BCBF4A8C23D6AEE2D085D7713F5B103000000FE000100C71CAEB9C6B1C9048E6C522F70F13F73980D40238E3E21C14934D037563D930F48198A0AA7C14058229493D22530F4DBFA336F6E0AC925139543AED44CCE7C3720FD51F69458705AC68CD4FE6B6B13ABDC9746512969328454F18FAF8C595F642477FE96BB2A941D5BCD1D4AC8CC49880708FA9B378E3C4F3A9060BEE67CF9A4A4A695811051907E162753B56B0F6B410DBA74D8A84B2A14B3144E0EF1284754FD17ED950D5965B4B9DD46582DB1178D169C6BC465B0D6FF9CA3928FEF5B9AE4E418FC15E83EBEA0F87FA9FF5EED70050DED2849F47BF959D956850CE929851F0D8115F635B105EE2E4E15D04B2454BF6F4FADF034B10403119CD8E3B92FCC5BFE0001002E356F542ED36C7C234A0C6DBA49CDF1B1D4510968CEF23450B0FC42F20B63757B95D5AFC1DCA0ED8E146219B411B0D254A7C740457F54E51C4EC8B6B9C97B84A23EA77E36D38A4230BE5D7B1E65BB3F0A4E6D486B22CB279703634AFE013962427A67D78C81FC74AD292FB970B3DFB4F00F93F0FB172B3C9069234E2154AC2D2CD52EA2015D693CF37308D81F1A27B92EE69B260B056A34ADBFC6496A419A24E2D8F54B048FCDD66AB99D0A3CD0DA36DE726019C11750F39FF63BAC6ADD9758286D44275535BB19B53AB57C7C890E0DE9DA13A50DC6F3E9F3C6EBD637489D6968960CC9991F69B0E2E1C306144395D303284C0C12D4376CB56BA051C060FCFF599A9C64A0D61A12CE49CCFA
-answer = BA0D89B561079BD3CE400AAAC06A7EC0F9E70AF2F33BCBF4A8C23D6AEE2D085D7713F5B103000000FE000100C71CAEB9C6B1C9048E6C522F70F13F73980D40238E3E21C14934D037563D930F48198A0AA7C14058229493D22530F4DBFA336F6E0AC925139543AED44CCE7C3720FD51F69458705AC68CD4FE6B6B13ABDC9746512969328454F18FAF8C595F642477FE96BB2A941D5BCD1D4AC8CC49880708FA9B378E3C4F3A9060BEE67CF9A4A4A695811051907E162753B56B0F6B410DBA74D8A84B2A14B3144E0EF1284754FD17ED950D5965B4B9DD46582DB1178D169C6BC465B0D6FF9CA3928FEF5B9AE4E418FC15E83EBEA0F87FA9FF5EED70050DED2849F47BF959D956850CE929851F0D8115F635B105EE2E4E15D04B2454BF6F4FADF034B10403119CD8E3B92FCC5BFE0001002E356F542ED36C7C234A0C6DBA49CDF1B1D4510968CEF23450B0FC42F20B63757B95D5AFC1DCA0ED8E146219B411B0D254A7C740457F54E51C4EC8B6B9C97B84A23EA77E36D38A4230BE5D7B1E65BB3F0A4E6D486B22CB279703634AFE013962427A67D78C81FC74AD292FB970B3DFB4F00F93F0FB172B3C9069234E2154AC2D2CD52EA2015D693CF37308D81F1A27B92EE69B260B056A34ADBFC6496A419A24E2D8F54B048FCDD66AB99D0A3CD0DA36DE726019C11750F39FF63BAC6ADD9758286D44275535BB19B53AB57C7C890E0DE9DA13A50DC6F3E9F3C6EBD637489D6968960CC9991F69B0E2E1C306144395D303284C0C12D4376CB56BA051C060FCFF599A9C64A0D61A12CE49CCFA
    +
    answer_with_hash = B5268655881048B58B35EEAD840D915DB708F81EBA0D89B5365B3A127C5B5909490E6C3AECEC0126C2184E38BAC1649C35FD28FC20E9A7EA03000000FE000100C71CAEB9C6B1C9048E6C522F70F13F73980D40238E3E21C14934D037563D930F48198A0AA7C14058229493D22530F4DBFA336F6E0AC925139543AED44CCE7C3720FD51F69458705AC68CD4FE6B6B13ABDC9746512969328454F18FAF8C595F642477FE96BB2A941D5BCD1D4AC8CC49880708FA9B378E3C4F3A9060BEE67CF9A4A4A695811051907E162753B56B0F6B410DBA74D8A84B2A14B3144E0EF1284754FD17ED950D5965B4B9DD46582DB1178D169C6BC465B0D6FF9CA3928FEF5B9AE4E418FC15E83EBEA0F87FA9FF5EED70050DED2849F47BF959D956850CE929851F0D8115F635B105EE2E4E15D04B2454BF6F4FADF034B10403119CD8E3B92FCC5BFE000100AA3BB529DC2EF3C74A49AB7F8C9A84BFE86F5CC3ACBBBB5EE047566E5AF06CE56F10627D75F886ECD2777D1679B87E81523BB585DC50F768C9A419C22C260B6924B17A8F153B9F260FC161ECE1D595380FC33CDBDF552F019FB829E0701C005A7B849A71F9EF8C5141E01F152466F41BB9F13B0FEF8E0EFC3091DAF7C4A9E4F65F77B4D3F15EC3977FFA6CB6BAB7F995E2CE25398E09DA9EAD7AAA4BF05A9133B954080F7B258F20C0FADE9E44A7B2AA73E51D91AC86720335CBB38A3DB90689D85233899F292228EFB6FD285923760A5E220ADC3F52B3E0265BFC5AB23E4DDC2D4E14E18B2811EE656B5A16586663289D02422C48F1B8D77017EFFCD276E5EDDD9D9C64A1FEA3302BD58173
+answer = BA0D89B5365B3A127C5B5909490E6C3AECEC0126C2184E38BAC1649C35FD28FC20E9A7EA03000000FE000100C71CAEB9C6B1C9048E6C522F70F13F73980D40238E3E21C14934D037563D930F48198A0AA7C14058229493D22530F4DBFA336F6E0AC925139543AED44CCE7C3720FD51F69458705AC68CD4FE6B6B13ABDC9746512969328454F18FAF8C595F642477FE96BB2A941D5BCD1D4AC8CC49880708FA9B378E3C4F3A9060BEE67CF9A4A4A695811051907E162753B56B0F6B410DBA74D8A84B2A14B3144E0EF1284754FD17ED950D5965B4B9DD46582DB1178D169C6BC465B0D6FF9CA3928FEF5B9AE4E418FC15E83EBEA0F87FA9FF5EED70050DED2849F47BF959D956850CE929851F0D8115F635B105EE2E4E15D04B2454BF6F4FADF034B10403119CD8E3B92FCC5BFE000100AA3BB529DC2EF3C74A49AB7F8C9A84BFE86F5CC3ACBBBB5EE047566E5AF06CE56F10627D75F886ECD2777D1679B87E81523BB585DC50F768C9A419C22C260B6924B17A8F153B9F260FC161ECE1D595380FC33CDBDF552F019FB829E0701C005A7B849A71F9EF8C5141E01F152466F41BB9F13B0FEF8E0EFC3091DAF7C4A9E4F65F77B4D3F15EC3977FFA6CB6BAB7F995E2CE25398E09DA9EAD7AAA4BF05A9133B954080F7B258F20C0FADE9E44A7B2AA73E51D91AC86720335CBB38A3DB90689D85233899F292228EFB6FD285923760A5E220ADC3F52B3E0265BFC5AB23E4DDC2D4E14E18B2811EE656B5A16586663289D02422C48F1B8D77017EFFCD276E5EDDD9D9C64A1FEA3302BD58173

    Generated payload (excluding transport headers/trailers):

    -
    0000 | BA 0D 89 B5 61 07 9B D3 CE 40 0A AA C0 6A 7E C0
-0010 | F9 E7 0A F2 F3 3B CB F4 A8 C2 3D 6A EE 2D 08 5D
-0020 | 77 13 F5 B1 03 00 00 00 FE 00 01 00 C7 1C AE B9
+
    0000 | BA 0D 89 B5 36 5B 3A 12 7C 5B 59 09 49 0E 6C 3A
+0010 | EC EC 01 26 C2 18 4E 38 BA C1 64 9C 35 FD 28 FC
+0020 | 20 E9 A7 EA 03 00 00 00 FE 00 01 00 C7 1C AE B9
 0030 | C6 B1 C9 04 8E 6C 52 2F 70 F1 3F 73 98 0D 40 23
 0040 | 8E 3E 21 C1 49 34 D0 37 56 3D 93 0F 48 19 8A 0A
 0050 | A7 C1 40 58 22 94 93 D2 25 30 F4 DB FA 33 6F 6E
@@ -534,23 +527,23 @@ answer = BA0D89B561079BD3CE400AAAC06A7EC0F9E70AF2F33BCBF4A8C23D6AEE2D085D7713F5B
 0100 | F4 7B F9 59 D9 56 85 0C E9 29 85 1F 0D 81 15 F6
 0110 | 35 B1 05 EE 2E 4E 15 D0 4B 24 54 BF 6F 4F AD F0
 0120 | 34 B1 04 03 11 9C D8 E3 B9 2F CC 5B FE 00 01 00
-0130 | 2E 35 6F 54 2E D3 6C 7C 23 4A 0C 6D BA 49 CD F1
-0140 | B1 D4 51 09 68 CE F2 34 50 B0 FC 42 F2 0B 63 75
-0150 | 7B 95 D5 AF C1 DC A0 ED 8E 14 62 19 B4 11 B0 D2
-0160 | 54 A7 C7 40 45 7F 54 E5 1C 4E C8 B6 B9 C9 7B 84
-0170 | A2 3E A7 7E 36 D3 8A 42 30 BE 5D 7B 1E 65 BB 3F
-0180 | 0A 4E 6D 48 6B 22 CB 27 97 03 63 4A FE 01 39 62
-0190 | 42 7A 67 D7 8C 81 FC 74 AD 29 2F B9 70 B3 DF B4
-01A0 | F0 0F 93 F0 FB 17 2B 3C 90 69 23 4E 21 54 AC 2D
-01B0 | 2C D5 2E A2 01 5D 69 3C F3 73 08 D8 1F 1A 27 B9
-01C0 | 2E E6 9B 26 0B 05 6A 34 AD BF C6 49 6A 41 9A 24
-01D0 | E2 D8 F5 4B 04 8F CD D6 6A B9 9D 0A 3C D0 DA 36
-01E0 | DE 72 60 19 C1 17 50 F3 9F F6 3B AC 6A DD 97 58
-01F0 | 28 6D 44 27 55 35 BB 19 B5 3A B5 7C 7C 89 0E 0D
-0200 | E9 DA 13 A5 0D C6 F3 E9 F3 C6 EB D6 37 48 9D 69
-0210 | 68 96 0C C9 99 1F 69 B0 E2 E1 C3 06 14 43 95 D3
-0220 | 03 28 4C 0C 12 D4 37 6C B5 6B A0 51 C0 60 FC FF
-0230 | 59 9A 9C 64
    
+0130 | AA 3B B5 29 DC 2E F3 C7 4A 49 AB 7F 8C 9A 84 BF
+0140 | E8 6F 5C C3 AC BB BB 5E E0 47 56 6E 5A F0 6C E5
+0150 | 6F 10 62 7D 75 F8 86 EC D2 77 7D 16 79 B8 7E 81
+0160 | 52 3B B5 85 DC 50 F7 68 C9 A4 19 C2 2C 26 0B 69
+0170 | 24 B1 7A 8F 15 3B 9F 26 0F C1 61 EC E1 D5 95 38
+0180 | 0F C3 3C DB DF 55 2F 01 9F B8 29 E0 70 1C 00 5A
+0190 | 7B 84 9A 71 F9 EF 8C 51 41 E0 1F 15 24 66 F4 1B
+01A0 | B9 F1 3B 0F EF 8E 0E FC 30 91 DA F7 C4 A9 E4 F6
+01B0 | 5F 77 B4 D3 F1 5E C3 97 7F FA 6C B6 BA B7 F9 95
+01C0 | E2 CE 25 39 8E 09 DA 9E AD 7A AA 4B F0 5A 91 33
+01D0 | B9 54 08 0F 7B 25 8F 20 C0 FA DE 9E 44 A7 B2 AA
+01E0 | 73 E5 1D 91 AC 86 72 03 35 CB B3 8A 3D B9 06 89
+01F0 | D8 52 33 89 9F 29 22 28 EF B6 FD 28 59 23 76 0A
+0200 | 5E 22 0A DC 3F 52 B3 E0 26 5B FC 5A B2 3E 4D DC
+0210 | 2D 4E 14 E1 8B 28 11 EE 65 6B 5A 16 58 66 63 28
+0220 | 9D 02 42 2C 48 F1 B8 D7 70 17 EF FC D2 76 E5 ED
+0230 | DD 9D 9C 64

    Payload (de)serialization:

    server_DH_inner_data#b5890dba nonce:int128 server_nonce:int128 g:int dh_prime:string g_a:string server_time:int = Server_DH_inner_data;
    message_id 8, 801647985599A9C6401F4AA18DD9D9C64 Exact unixtime*2^32, +(4*N) if N messages with the same message ID were already generated
    message_length 16, 4E8020000 (744 in decimal)84020000 (644 in decimal) Message body length
    nonce 24, 1661079BD3CE400AAAC06A7EC0F9E70AF2365B3A127C5B5909490E6C3AECEC0126 Value generated by client in Step 1
    server_nonce 40, 16F33BCBF4A8C23D6AEE2D085D7713F5B1C2184E38BAC1649C35FD28FC20E9A7EA Value received from server in Step 2
    encrypted_answer 56, 596FE500200F1B0F8E0E234D33F9E48D871 E12FC90CE88EA536E0A561EE5463158E 72208CF790CDAD29A3316DD8F36FB94C DD119BD77B4C7A62EFBC3E6EDC4010E8 9E7208651C7262155C791F2352EBF97F C6883C59BB94033EDE006E252C46FA2F 7B0BCAC6354AF423873F705BDE51AC92 4F1B59258CDB03ABCA67AD5B2FF1847C F5DB3F0F0A65525DEAB4E0FEA2B3BDF7 CB475215CFCBBF0782144B7A09153AF9 ACB637AC8C3738977A480A1C367F1395 404340E934F64628C17CD33FE5FDCB36 2638ADC41834CEB6B43C25F8072593D2 172FB2931AE1D74D5F62493A29EC52B3 1C911956AD8B1057CEAB920BA102A70D B678A1FE5D5A7A428716F5CC063EBBEC F6776AF4AE2DD2E2BACBA28240B90E26 76B05CE27F391275104412A65E5B56FC 741B62FEA8BA1D612CF1FF83AE513226 42B62B60582584D2459C946A497225C7 55C03CA5219CFA50F900685CFD26D75E 11267FF482A3CEA1DC50FAB87E08CB91 4FA4F6583A1A69104E034DBA054670F2 2AD266FE800D872428B5165DC54D87FF E992D31B25A0E04FFC7008D7E5BE0224 30630330D365D7B28D33EC8F54D4DF5C 5ED0D9E8A17535C8A03B25F4B297D4EC 036D6AEEDF84653E63DDDEE7A2B91A0F 0C2464FE56CD63D64315F77DDF6B4429 E6C1EC7169FC1F74963154738E34DF12 01E68BD03B5D7CBCC6D7E2820C4C05B5 1AF167437E4263E243E45293246AC63C 3B7AEE5DF2956385382161C876D78122 845E70BF4A37C148E3CBEF4749FE92E6 6B9DBA10321BEAF7728189CDCE8A0D80 548FA16A369A8F6689B6E2FCE56520C4 951422F2B213D917A56FF94F4D91BB96
    867A8761    		FE500200702FF1032B5BA7264B04CD20 AA980FB82179D016274600128EC86B8E 705D09B6C9239AA697A99D0D6B9F397B 58122C49205C606290C64B67FD47AA12 5EBC7820891E117C9910984D5F824F3B 513E112E733D3A795C0C82F159364B35 9FED51E065AE464E0ADFF05E657595EF 0DDE7D28D73A86420485483CBD77ADEE 1BAFCB0002074D766AC6B7C30D4B412F E2DE9BC70EFD5DC2E7BAA4D52E96AFE6 8AFB4DE4C18E16034E1F0D1ED89307B7 324595BF8FDF834C109EA1E0B9D9D0B6 56A3B3BBB1C3FC3627FFF3DE470D22C8 375B6C7699AD67EF0F720B16F9EA695C 530D13E585A7E61290995817CB21ED22 CD74BB94218C39CBA860F6653E43BBC7 2C02A047B811CD4D6A4846EFA8D3F919 06D9056AAF890E0EF51EA3A72DFC7FB6 CE81746F1EA045CFB5714D2AE04EC012 CF9A4424CCB23CCCBB4C8482CEBF064B EE18EEAF2A43850199C74431EDBB105C 63CA66BA313784405DB0E74FDD70D0D5 E22EFD16572B790F9CE2035E51E68B82 7B1B7C8E3648E2C37FBEF24AD25D7E97 95B9183DB2C86E308B31046EE2923CC6 58122FC9024095C293F7E7F7E9596CC0 750F5586F20F856A561FA6E2FE66067C C75BA0F1A9ED76C9FEDC8B1377FBDB9C CCD02937DD8EEA2258545AAAAB6CBC77 D91D3F228741DE65AB49264B361B936D 7BE206AAD1904CA53D291448DAD1988B B2779F15F6F9E8262A7EC2690D8A194F 0A66E80C2C18901CFD811B7C2A6A07DE 5A62AC53E6BCF0679BA300C4E3501DDF C50B2E5E64695A2F38C897AD6CDF596B EBC75F57ABC5F2928D7CAEE79C2366BA 1972FE1D9895041D4D7FC8483C9646BB
    1EBEFB4D    		 See Decomposition of encrypted_answer »
    @@ -572,13 +565,13 @@ answer = BA0D89B561079BD3CE400AAAC06A7EC0F9E70AF2F33BCBF4A8C23D6AEE2D085D7713F5B - + - + @@ -596,13 +589,13 @@ answer = BA0D89B561079BD3CE400AAAC06A7EC0F9E70AF2F33BCBF4A8C23D6AEE2D085D7713F5B - + - + @@ -611,34 +604,34 @@ answer = BA0D89B561079BD3CE400AAAC06A7EC0F9E70AF2F33BCBF4A8C23D6AEE2D085D7713F5B

    4.2. generate diffie-helman parameters

    First, generate a secure random 2048-bit number b:

    -
    b = BEB68C99A15F26F3590BB9E035CF2285590CDC8BCEC7DC112973D0D68FC78DD283FB7C38D39450FDA2B65BD7B4EBB25C042C4C1D7B52DAEEA7C40898984279DE8A5B4101D94A9621D2B4EF405864B0975FF21C6971B039161190346706C8A35473CA5B9E8CF0A1E3819D2DFA294270CEB6652DF940C26555425987513EAFD09CDD6F70C889DBBC1D1BBF287154760CC4BB3E80A8B313914F4017C22314A3DCDC634AE3BB7C33A45835E87A093706280FD7BEF2C1C3952BC19C55F2086E966EB374A635CC66D8B70899236C6E0944FF2353DE77610C9567ACC221FF036F29F463C0593DA02E90DE1AF4F65C1C709482610A76E71E20B1068B7DFC5D990E865D66
    +
    b = 3333AB3DDBC89A3297AFD5C1FD314F9F6F90D3FDFB47EEC50B6710C2378B98D18EDDB06FD1977780D8B10A5DE2B5CBAD8FADD3F6526F3ECB8AF27ADF629915701287D23BC30EC426C4DCF8663DA2D700A98617E74EEFDDA53F4F6DEC2086406FC9FD1EBF423380E57C796B599978B6A028A70CA23D9D53318A9CD17C4AF652CA9119AFB6031EBD15293D1BFEA24183FE033113FF79BCC7C9A472CFC4CEFC800793CBC2366777525895056107937C7C52C34CD318F91F8B59D5DAA100AE11A2C4381D2FC16086C8C46BA641CF25036F52575688956773C91C734D7BF63FBC699795669B832A879A93B06238720B35A46B4C8878627D96C18577C978BFE9499157

    Then compute g_b = pow(g, b) mod dh_prime

    -
    g_b = 2F96BE7689D134320851F8247F8B92A541EA353EFBE190F0B79A54451121A3A21B3AE5AD1F744A957804362EFFCB1199342FEB787873032801CC9B991349E86B9E6973A1337A67AE94A5E73BD312DD146B0659B25460A838612055B5A5823814F3AAA8DFBD54B8094C42994541407C11293DFC08FCEDB50665104207ECAAC3DEE4B5AEBC1742159B39F8B00D4CD49616F8C3AF5E50A69EBEE7B7913B91369BD9736F9A42B4697F0DB7B11B95A7C927DF7D72DD90A42B2B3B9D3F2281D27454F1CFE659B33832855DD95E65EB6CF34EAE308F7B2972016BBBDEB20C30782B587CA16C8CDEB87A5108975A6069BAAB97EDBBFB1E2C0B7C190142F66B4970C2D130
    +
    g_b = 3DE753B9F0985A68E14BD95E3B720FCB617EB5899AA28772C8B477BAD4FA9544C671AA9D4B3E2F90ABDC55B25A61AD4FE5132AD3CFEDC5EA196110F4E4F02656F57D61FCE05D660F129DD1B817A003F73783BA041103A199B0AAB76A13FFFC339C35DB8A368FCBB4B35387CB82A019886FEFB17227616BBE287818B5553E339247890288C2DC6077FE721F769F92751F637E1731D1101803E522F293D4BEB4B17FDF121FB5C23B8D0EF2B02A0706638FD6415B5A7E90B8A55AE6CA13E2F238BF4C7856D1406ED546D7A6A79CBCEDDBF2209C0F074502067B7A15B2AD28EE139D2250006ECE5A2449C87F2B0EAA0B2CB75CD97D775055495DB03C7E03F9F614DF

    4.3 generation of encrypted_data

    Generated payload (excluding transport headers/trailers):

    -
    0000 | 54 B6 43 66 61 07 9B D3 CE 40 0A AA C0 6A 7E C0
-0010 | F9 E7 0A F2 F3 3B CB F4 A8 C2 3D 6A EE 2D 08 5D
-0020 | 77 13 F5 B1 00 00 00 00 00 00 00 00 FE 00 01 00
-0030 | 2F 96 BE 76 89 D1 34 32 08 51 F8 24 7F 8B 92 A5
-0040 | 41 EA 35 3E FB E1 90 F0 B7 9A 54 45 11 21 A3 A2
-0050 | 1B 3A E5 AD 1F 74 4A 95 78 04 36 2E FF CB 11 99
-0060 | 34 2F EB 78 78 73 03 28 01 CC 9B 99 13 49 E8 6B
-0070 | 9E 69 73 A1 33 7A 67 AE 94 A5 E7 3B D3 12 DD 14
-0080 | 6B 06 59 B2 54 60 A8 38 61 20 55 B5 A5 82 38 14
-0090 | F3 AA A8 DF BD 54 B8 09 4C 42 99 45 41 40 7C 11
-00A0 | 29 3D FC 08 FC ED B5 06 65 10 42 07 EC AA C3 DE
-00B0 | E4 B5 AE BC 17 42 15 9B 39 F8 B0 0D 4C D4 96 16
-00C0 | F8 C3 AF 5E 50 A6 9E BE E7 B7 91 3B 91 36 9B D9
-00D0 | 73 6F 9A 42 B4 69 7F 0D B7 B1 1B 95 A7 C9 27 DF
-00E0 | 7D 72 DD 90 A4 2B 2B 3B 9D 3F 22 81 D2 74 54 F1
-00F0 | CF E6 59 B3 38 32 85 5D D9 5E 65 EB 6C F3 4E AE
-0100 | 30 8F 7B 29 72 01 6B BB DE B2 0C 30 78 2B 58 7C
-0110 | A1 6C 8C DE B8 7A 51 08 97 5A 60 69 BA AB 97 ED
-0120 | BB FB 1E 2C 0B 7C 19 01 42 F6 6B 49 70 C2 D1 30
    +
    0000 | 54 B6 43 66 36 5B 3A 12 7C 5B 59 09 49 0E 6C 3A
+0010 | EC EC 01 26 C2 18 4E 38 BA C1 64 9C 35 FD 28 FC
+0020 | 20 E9 A7 EA 00 00 00 00 00 00 00 00 FE 00 01 00
+0030 | 3D E7 53 B9 F0 98 5A 68 E1 4B D9 5E 3B 72 0F CB
+0040 | 61 7E B5 89 9A A2 87 72 C8 B4 77 BA D4 FA 95 44
+0050 | C6 71 AA 9D 4B 3E 2F 90 AB DC 55 B2 5A 61 AD 4F
+0060 | E5 13 2A D3 CF ED C5 EA 19 61 10 F4 E4 F0 26 56
+0070 | F5 7D 61 FC E0 5D 66 0F 12 9D D1 B8 17 A0 03 F7
+0080 | 37 83 BA 04 11 03 A1 99 B0 AA B7 6A 13 FF FC 33
+0090 | 9C 35 DB 8A 36 8F CB B4 B3 53 87 CB 82 A0 19 88
+00A0 | 6F EF B1 72 27 61 6B BE 28 78 18 B5 55 3E 33 92
+00B0 | 47 89 02 88 C2 DC 60 77 FE 72 1F 76 9F 92 75 1F
+00C0 | 63 7E 17 31 D1 10 18 03 E5 22 F2 93 D4 BE B4 B1
+00D0 | 7F DF 12 1F B5 C2 3B 8D 0E F2 B0 2A 07 06 63 8F
+00E0 | D6 41 5B 5A 7E 90 B8 A5 5A E6 CA 13 E2 F2 38 BF
+00F0 | 4C 78 56 D1 40 6E D5 46 D7 A6 A7 9C BC ED DB F2
+0100 | 20 9C 0F 07 45 02 06 7B 7A 15 B2 AD 28 EE 13 9D
+0110 | 22 50 00 6E CE 5A 24 49 C8 7F 2B 0E AA 0B 2C B7
+0120 | 5C D9 7D 77 50 55 49 5D B0 3C 7E 03 F9 F6 14 DF

    Payload (de)serialization:

    client_DH_inner_data#6643b654 nonce:int128 server_nonce:int128 retry_id:long g_b:string = Client_DH_Inner_Data;
    nonce 4, 1661079BD3CE400AAAC06A7EC0F9E70AF2365B3A127C5B5909490E6C3AECEC0126 Value generated by client in Step 1
    server_nonce 20, 16F33BCBF4A8C23D6AEE2D085D7713F5B1C2184E38BAC1649C35FD28FC20E9A7EA Value received from server in Step 2
    g_a 300, 260FE0001002E356F542ED36C7C234A0C6D BA49CDF1B1D4510968CEF23450B0FC42 F20B63757B95D5AFC1DCA0ED8E146219 B411B0D254A7C740457F54E51C4EC8B6 B9C97B84A23EA77E36D38A4230BE5D7B 1E65BB3F0A4E6D486B22CB279703634A FE013962427A67D78C81FC74AD292FB9 70B3DFB4F00F93F0FB172B3C9069234E 2154AC2D2CD52EA2015D693CF37308D8 1F1A27B92EE69B260B056A34ADBFC649 6A419A24E2D8F54B048FCDD66AB99D0A 3CD0DA36DE726019C11750F39FF63BAC 6ADD9758286D44275535BB19B53AB57C 7C890E0DE9DA13A50DC6F3E9F3C6EBD6 37489D6968960CC9991F69B0E2E1C306 144395D303284C0C12D4376CB56BA051
    C060FCFF    		FE000100AA3BB529DC2EF3C74A49AB7F 8C9A84BFE86F5CC3ACBBBB5EE047566E 5AF06CE56F10627D75F886ECD2777D16 79B87E81523BB585DC50F768C9A419C2 2C260B6924B17A8F153B9F260FC161EC E1D595380FC33CDBDF552F019FB829E0 701C005A7B849A71F9EF8C5141E01F15 2466F41BB9F13B0FEF8E0EFC3091DAF7 C4A9E4F65F77B4D3F15EC3977FFA6CB6 BAB7F995E2CE25398E09DA9EAD7AAA4B F05A9133B954080F7B258F20C0FADE9E 44A7B2AA73E51D91AC86720335CBB38A 3DB90689D85233899F292228EFB6FD28 5923760A5E220ADC3F52B3E0265BFC5A B23E4DDC2D4E14E18B2811EE656B5A16 586663289D02422C48F1B8D77017EFFC
    D276E5ED    		 g_a diffie-hellman parameter
    server_time 560, 4599A9C64 (1687984729 in decimal)DD9D9C64 (1687985629 in decimal) Server time
    @@ -660,73 +653,73 @@ answer = BA0D89B561079BD3CE400AAAC06A7EC0F9E70AF2F33BCBF4A8C23D6AEE2D085D7713F5B - + - + - + - +
    nonce 4, 1661079BD3CE400AAAC06A7EC0F9E70AF2365B3A127C5B5909490E6C3AECEC0126 Value generated by client in Step 1
    server_nonce 20, 16F33BCBF4A8C23D6AEE2D085D7713F5B1C2184E38BAC1649C35FD28FC20E9A7EA Value received from server in Step 2
    g_b 36, 260FE0001002F96BE7689D134320851F824 7F8B92A541EA353EFBE190F0B79A5445 1121A3A21B3AE5AD1F744A957804362E FFCB1199342FEB787873032801CC9B99 1349E86B9E6973A1337A67AE94A5E73B D312DD146B0659B25460A838612055B5 A5823814F3AAA8DFBD54B8094C429945 41407C11293DFC08FCEDB50665104207 ECAAC3DEE4B5AEBC1742159B39F8B00D 4CD49616F8C3AF5E50A69EBEE7B7913B 91369BD9736F9A42B4697F0DB7B11B95 A7C927DF7D72DD90A42B2B3B9D3F2281 D27454F1CFE659B33832855DD95E65EB 6CF34EAE308F7B2972016BBBDEB20C30 782B587CA16C8CDEB87A5108975A6069 BAAB97EDBBFB1E2C0B7C190142F66B49
    70C2D130    		FE0001003DE753B9F0985A68E14BD95E 3B720FCB617EB5899AA28772C8B477BA D4FA9544C671AA9D4B3E2F90ABDC55B2 5A61AD4FE5132AD3CFEDC5EA196110F4 E4F02656F57D61FCE05D660F129DD1B8 17A003F73783BA041103A199B0AAB76A 13FFFC339C35DB8A368FCBB4B35387CB 82A019886FEFB17227616BBE287818B5 553E339247890288C2DC6077FE721F76 9F92751F637E1731D1101803E522F293 D4BEB4B17FDF121FB5C23B8D0EF2B02A 0706638FD6415B5A7E90B8A55AE6CA13 E2F238BF4C7856D1406ED546D7A6A79C BCEDDBF2209C0F074502067B7A15B2AD 28EE139D2250006ECE5A2449C87F2B0E AA0B2CB75CD97D775055495DB03C7E03
    F9F614DF    		 Single-byte prefix denoting length, a 256-byte (2048-bit) string, and zero bytes of padding
    retry_id 296, 8 0000000000000000Equal to zero at the time of the first attempt; otherwise, it is equal to auth_key_aux_hash from the previous failed attempt (see Item 7).Equal to zero at the time of the first attempt; otherwise, it is equal to auth_key_aux_hash from the previous failed attempt (see Item 9).

    The serialization of Client_DH_Inner_Data produces a string data. This is used to generate encrypted_data as specified in step 6, using the following inputs:

    -
    data = 54B6436661079BD3CE400AAAC06A7EC0F9E70AF2F33BCBF4A8C23D6AEE2D085D7713F5B10000000000000000FE0001002F96BE7689D134320851F8247F8B92A541EA353EFBE190F0B79A54451121A3A21B3AE5AD1F744A957804362EFFCB1199342FEB787873032801CC9B991349E86B9E6973A1337A67AE94A5E73BD312DD146B0659B25460A838612055B5A5823814F3AAA8DFBD54B8094C42994541407C11293DFC08FCEDB50665104207ECAAC3DEE4B5AEBC1742159B39F8B00D4CD49616F8C3AF5E50A69EBEE7B7913B91369BD9736F9A42B4697F0DB7B11B95A7C927DF7D72DD90A42B2B3B9D3F2281D27454F1CFE659B33832855DD95E65EB6CF34EAE308F7B2972016BBBDEB20C30782B587CA16C8CDEB87A5108975A6069BAAB97EDBBFB1E2C0B7C190142F66B4970C2D130
-padding = 3F278A4C4010D41218A1D70F
-tmp_aes_key = 83E6FC26B9543A3D5FE6357D7DF98DC7E5EDA4B1791A2973A414443CD6736E2B
-tmp_aes_iv = F61B20DAF8A413BCEBE132A7EE9410C958F7B1C3537E82A7C35E899F77C0A68B
    +
    data = 54B64366365B3A127C5B5909490E6C3AECEC0126C2184E38BAC1649C35FD28FC20E9A7EA0000000000000000FE0001003DE753B9F0985A68E14BD95E3B720FCB617EB5899AA28772C8B477BAD4FA9544C671AA9D4B3E2F90ABDC55B25A61AD4FE5132AD3CFEDC5EA196110F4E4F02656F57D61FCE05D660F129DD1B817A003F73783BA041103A199B0AAB76A13FFFC339C35DB8A368FCBB4B35387CB82A019886FEFB17227616BBE287818B5553E339247890288C2DC6077FE721F769F92751F637E1731D1101803E522F293D4BEB4B17FDF121FB5C23B8D0EF2B02A0706638FD6415B5A7E90B8A55AE6CA13E2F238BF4C7856D1406ED546D7A6A79CBCEDDBF2209C0F074502067B7A15B2AD28EE139D2250006ECE5A2449C87F2B0EAA0B2CB75CD97D775055495DB03C7E03F9F614DF
+padding = 8FD908884FACC949D9DC73DE
+tmp_aes_key = 81A769A19DC0ED0D3DABE397D479407674D72119F479C1425094F54AB0188100
+tmp_aes_iv = 3C22B0B11A532C2778AEB3002E5331A7B5D59D62E0E72FA734EB7B62AABBEA0C

    Process:

    data_with_hash := SHA1(data) + data + padding (0-15 random bytes such that total length is divisible by 16)
 encrypted_data := AES256_ige_encrypt (data_with_hash, tmp_aes_key, tmp_aes_iv);

    Output:

    -
    encrypted_data = 430A36E55F18CB44BFFFAC0272BCBE6F1FCFC589D2FD35A96EF285F383800F6CBBCC0B0A576827B237A41894BFFEFA5D9C880340CBB1CD4E016BE6A089ED80C41456397EFE2791707BBBD629C5CBAE237856BCFF5D3B057A26C9FA8917B6B218B10D1B7ADB62F471AEFDA26D2678C492B569D636E38DC46B1BDE833A980C16E4A1D8E7CDE40AF26DD28E00CA34A8C01BE311550C81681B0E070CD627333E837E395980C93F69417BCA8864AECCF4211E949EA79FC3556F415E4F8C1B0454217759E8436132323A4251BBB051F17E4191C40BA003757918180EDF9537AC791C15093FED041F1FC0F0A88C39BAF6E463F1A90BAC6D7A3BE0C6195F3230DB264047341E2CB4067404FE078EB89E0745903DB1AA4BBDAB03E1DA91083D7F8D57AD0AC69948D00A380912E7F297CF86C316F7517798869B2185E9AEFADB2BDC07E2893D4B9FD06E723AC2FE0A96BD7532A424
    +
    encrypted_data = 93330604E44C6F993349C60F05C23EDC56B844B57C654AEDF19B44F5EF8DB9590F7D9A9F8E81C50C377E3481D8DF9DD585D45AE25D3B9E51CE4FF584130236697C14C6BBFD65599D53132AB5FB31FF4AAC92EC7F256B5F9CE8FFB747F77E9F81588D277E3DFFB9F14E3642ACD2A1F9BBE66054608627027692D2A08DCC6671A4E6A43EFF37053E7F57DA1E04D8D6395D27BD09D7D49F46713CF0232073B342A3E2F34D23D9D8CD70E154A713B0AFACC27910ABC49D99EBA882FEBC22F6A5E7FD5AE5ABF49352372FA64D9D11BF4380197C59AEDE23D11DD7E09FABDD85A6173CD0CB8F1DFD7D0301C6DD4E40FDDC9C3A80C1E5ABDC51ADFEF357753C7B7D4DE4E8A4CAF10DF7248BCDACE125A08A35CBF4A021CFA1D78F606EE604BA14F012B13F22252C952FD52B0560679C63168188B07805E45613C7EFEE8C5495E72931C2553A0FCA7BB11D3ED48F1A5043DC776D

    The length of the final string is 336 bytes.

    5. request set_client_dh_params

    Sent payload (excluding transport headers/trailers):

    -
    0000 | 00 00 00 00 00 00 00 00 04 00 00 00 59 9A 9C 64
-0010 | 78 01 00 00 1F 5F 04 F5 61 07 9B D3 CE 40 0A AA
-0020 | C0 6A 7E C0 F9 E7 0A F2 F3 3B CB F4 A8 C2 3D 6A
-0030 | EE 2D 08 5D 77 13 F5 B1 FE 50 01 00 43 0A 36 E5
-0040 | 5F 18 CB 44 BF FF AC 02 72 BC BE 6F 1F CF C5 89
-0050 | D2 FD 35 A9 6E F2 85 F3 83 80 0F 6C BB CC 0B 0A
-0060 | 57 68 27 B2 37 A4 18 94 BF FE FA 5D 9C 88 03 40
-0070 | CB B1 CD 4E 01 6B E6 A0 89 ED 80 C4 14 56 39 7E
-0080 | FE 27 91 70 7B BB D6 29 C5 CB AE 23 78 56 BC FF
-0090 | 5D 3B 05 7A 26 C9 FA 89 17 B6 B2 18 B1 0D 1B 7A
-00A0 | DB 62 F4 71 AE FD A2 6D 26 78 C4 92 B5 69 D6 36
-00B0 | E3 8D C4 6B 1B DE 83 3A 98 0C 16 E4 A1 D8 E7 CD
-00C0 | E4 0A F2 6D D2 8E 00 CA 34 A8 C0 1B E3 11 55 0C
-00D0 | 81 68 1B 0E 07 0C D6 27 33 3E 83 7E 39 59 80 C9
-00E0 | 3F 69 41 7B CA 88 64 AE CC F4 21 1E 94 9E A7 9F
-00F0 | C3 55 6F 41 5E 4F 8C 1B 04 54 21 77 59 E8 43 61
-0100 | 32 32 3A 42 51 BB B0 51 F1 7E 41 91 C4 0B A0 03
-0110 | 75 79 18 18 0E DF 95 37 AC 79 1C 15 09 3F ED 04
-0120 | 1F 1F C0 F0 A8 8C 39 BA F6 E4 63 F1 A9 0B AC 6D
-0130 | 7A 3B E0 C6 19 5F 32 30 DB 26 40 47 34 1E 2C B4
-0140 | 06 74 04 FE 07 8E B8 9E 07 45 90 3D B1 AA 4B BD
-0150 | AB 03 E1 DA 91 08 3D 7F 8D 57 AD 0A C6 99 48 D0
-0160 | 0A 38 09 12 E7 F2 97 CF 86 C3 16 F7 51 77 98 86
-0170 | 9B 21 85 E9 AE FA DB 2B DC 07 E2 89 3D 4B 9F D0
-0180 | 6E 72 3A C2 FE 0A 96 BD 75 32 A4 24
    +
    0000 | 00 00 00 00 00 00 00 00 00 00 00 00 DD 9D 9C 64
+0010 | 78 01 00 00 1F 5F 04 F5 36 5B 3A 12 7C 5B 59 09
+0020 | 49 0E 6C 3A EC EC 01 26 C2 18 4E 38 BA C1 64 9C
+0030 | 35 FD 28 FC 20 E9 A7 EA FE 50 01 00 93 33 06 04
+0040 | E4 4C 6F 99 33 49 C6 0F 05 C2 3E DC 56 B8 44 B5
+0050 | 7C 65 4A ED F1 9B 44 F5 EF 8D B9 59 0F 7D 9A 9F
+0060 | 8E 81 C5 0C 37 7E 34 81 D8 DF 9D D5 85 D4 5A E2
+0070 | 5D 3B 9E 51 CE 4F F5 84 13 02 36 69 7C 14 C6 BB
+0080 | FD 65 59 9D 53 13 2A B5 FB 31 FF 4A AC 92 EC 7F
+0090 | 25 6B 5F 9C E8 FF B7 47 F7 7E 9F 81 58 8D 27 7E
+00A0 | 3D FF B9 F1 4E 36 42 AC D2 A1 F9 BB E6 60 54 60
+00B0 | 86 27 02 76 92 D2 A0 8D CC 66 71 A4 E6 A4 3E FF
+00C0 | 37 05 3E 7F 57 DA 1E 04 D8 D6 39 5D 27 BD 09 D7
+00D0 | D4 9F 46 71 3C F0 23 20 73 B3 42 A3 E2 F3 4D 23
+00E0 | D9 D8 CD 70 E1 54 A7 13 B0 AF AC C2 79 10 AB C4
+00F0 | 9D 99 EB A8 82 FE BC 22 F6 A5 E7 FD 5A E5 AB F4
+0100 | 93 52 37 2F A6 4D 9D 11 BF 43 80 19 7C 59 AE DE
+0110 | 23 D1 1D D7 E0 9F AB DD 85 A6 17 3C D0 CB 8F 1D
+0120 | FD 7D 03 01 C6 DD 4E 40 FD DC 9C 3A 80 C1 E5 AB
+0130 | DC 51 AD FE F3 57 75 3C 7B 7D 4D E4 E8 A4 CA F1
+0140 | 0D F7 24 8B CD AC E1 25 A0 8A 35 CB F4 A0 21 CF
+0150 | A1 D7 8F 60 6E E6 04 BA 14 F0 12 B1 3F 22 25 2C
+0160 | 95 2F D5 2B 05 60 67 9C 63 16 81 88 B0 78 05 E4
+0170 | 56 13 C7 EF EE 8C 54 95 E7 29 31 C2 55 3A 0F CA
+0180 | 7B B1 1D 3E D4 8F 1A 50 43 DC 77 6D

    Payload (de)serialization:

    set_client_DH_params#f5045f1f nonce:int128 server_nonce:int128 encrypted_data:string = Set_client_DH_params_answer;
    @@ -748,7 +741,7 @@ encrypted_data := AES256_ige_encrypt (data_with_hash, tmp_aes_key, tmp_aes_iv);< - + @@ -766,20 +759,20 @@ encrypted_data := AES256_ige_encrypt (data_with_hash, tmp_aes_key, tmp_aes_iv);< - + - + - - + +
    message_id 8, 804000000599A9C6400000000DD9D9C64 Exact unixtime*2^32, +(4*N) if N messages with the same message ID were already generated
    nonce 24, 1661079BD3CE400AAAC06A7EC0F9E70AF2365B3A127C5B5909490E6C3AECEC0126 Value generated by client in Step 1
    server_nonce 40, 16F33BCBF4A8C23D6AEE2D085D7713F5B1C2184E38BAC1649C35FD28FC20E9A7EA Value received from server in Step 2
    encrypted_data 56, 340FE500100430A36E55F18CB44BFFFAC02 72BCBE6F1FCFC589D2FD35A96EF285F3 83800F6CBBCC0B0A576827B237A41894 BFFEFA5D9C880340CBB1CD4E016BE6A0 89ED80C41456397EFE2791707BBBD629 C5CBAE237856BCFF5D3B057A26C9FA89 17B6B218B10D1B7ADB62F471AEFDA26D 2678C492B569D636E38DC46B1BDE833A 980C16E4A1D8E7CDE40AF26DD28E00CA 34A8C01BE311550C81681B0E070CD627 333E837E395980C93F69417BCA8864AE CCF4211E949EA79FC3556F415E4F8C1B 0454217759E8436132323A4251BBB051 F17E4191C40BA003757918180EDF9537 AC791C15093FED041F1FC0F0A88C39BA F6E463F1A90BAC6D7A3BE0C6195F3230 DB264047341E2CB4067404FE078EB89E 0745903DB1AA4BBDAB03E1DA91083D7F 8D57AD0AC69948D00A380912E7F297CF 86C316F7517798869B2185E9AEFADB2B DC07E2893D4B9FD06E723AC2FE0A96BD
    7532A424    		Encrypted client_DH_inner_data generated previouslyFE50010093330604E44C6F993349C60F 05C23EDC56B844B57C654AEDF19B44F5 EF8DB9590F7D9A9F8E81C50C377E3481 D8DF9DD585D45AE25D3B9E51CE4FF584 130236697C14C6BBFD65599D53132AB5 FB31FF4AAC92EC7F256B5F9CE8FFB747 F77E9F81588D277E3DFFB9F14E3642AC D2A1F9BBE66054608627027692D2A08D CC6671A4E6A43EFF37053E7F57DA1E04 D8D6395D27BD09D7D49F46713CF02320 73B342A3E2F34D23D9D8CD70E154A713 B0AFACC27910ABC49D99EBA882FEBC22 F6A5E7FD5AE5ABF49352372FA64D9D11 BF4380197C59AEDE23D11DD7E09FABDD 85A6173CD0CB8F1DFD7D0301C6DD4E40 FDDC9C3A80C1E5ABDC51ADFEF357753C 7B7D4DE4E8A4CAF10DF7248BCDACE125 A08A35CBF4A021CFA1D78F606EE604BA 14F012B13F22252C952FD52B0560679C 63168188B07805E45613C7EFEE8C5495 E72931C2553A0FCA7BB11D3ED48F1A50
    43DC776D    		Encrypted client_DH_inner_data generated previously, serialized as a TL byte string
    @@ -787,21 +780,19 @@ encrypted_data := AES256_ige_encrypt (data_with_hash, tmp_aes_key, tmp_aes_iv);<

    6. auth key generation

    The client computes the auth_key using formula g_a^b mod dh_prime:

    -
    auth_key = 387F13DD24C48755BB0B3F4EF874E0AE86EAE3236676695D30BCC0005ECD0836F9968DAB19B362E4A2C0E0A1DDB1E0DCDA225A2571D5D911EFBE764CA97123799117B3AC18FA749F287B304156427DCECF1D4C16A2922C9727D0CF004EA075C22A37B0D901933DEFAF27A6D1D7FC57024E02E5D12ECF9D6C1ADF1E7A1B5A85284FA29B09DA5BD5ACB0DAE6580B88C026E97F2BFDCFF183C9661DFD639804B3DFB175EA755E9D9B02DA907B299C4A84B070C0A517E27F395B8ABA67C923583BF0493A27559C9716951B554669D0A33AD6E9A8D78C5EE1E89A03A177B06833B45DD60A5680E46F6B03B7C94ECAF5E7E31B3B03D28F59E237D764E80973C1F05C98
    +
    auth_key = 05ACE659A2FCCFDE0B093E1FAC47A3FA50D252047AE565F40311FC448366518D7419AA9E1ACE2AAB527BAF62405988E30B8A604BA8FADFEDCB0E36A0C9DD11CEF496105F252996DDC7925D5BB0DDA956448F460AC373FAF99575CC8D477C77B90261092265F272DF7B82753DEBDC86831D36FFF971F05CD9D9E5A09088FE293F2E9BCF08A75B66A9FE01D91CD75707B8F91BEAFD541EA235CB831CCF7694DFAB9C7E1BECF60CCBF2A38C1CD413DCB9D2E109153F66693A54E5DECAB905BBF1D7434D6FCF6A7C8D5A9787DA866ACC25B9F1317D7DD34C185ADD5A90861CF592DD0B8C09F825D26FDE8F3E17AE16478BB5D7F95AE11D4F674D8D21EAF6CC67CF29

    7. reply set_client_dh_params_answer

    The server verifies and confirms that auth_key_hash is unique: since it's unique, it replies with the following:

    Received payload (excluding transport headers/trailers):

    -
    0000 | 00 00 00 00 00 00 00 00 01 CC C6 CE 59 9A 9C 64
-0010 | 54 00 00 00 34 F7 CB 3B 61 07 9B D3 CE 40 0A AA
-0020 | C0 6A 7E C0 F9 E7 0A F2 F3 3B CB F4 A8 C2 3D 6A
-0030 | EE 2D 08 5D 77 13 F5 B1 C9 C0 EC 9D DD 5F 1A 18
-0040 | 52 51 15 70 51 A6 94 1E
    +
    0000 | 00 00 00 00 00 00 00 00 01 A8 E5 65 DD 9D 9C 64
+0010 | A0 00 00 00 34 F7 CB 3B 36 5B 3A 12 7C 5B 59 09
+0020 | 49 0E 6C 3A EC EC 01 26 C2 18 4E 38 BA C1 64 9C
+0030 | 35 FD 28 FC 20 E9 A7 EA 20 6C 98 37 3F A1 E0 49
+0040 | 14 C0 9B E1 57 2B 96 3C

    Payload (de)serialization:

    -
    dh_gen_ok#3bcbf734 nonce:int128 server_nonce:int128 new_nonce_hash1:int128 = Set_client_DH_params_answer;
-dh_gen_retry#46dc1fb9 nonce:int128 server_nonce:int128 new_nonce_hash2:int128 = Set_client_DH_params_answer;
-dh_gen_fail#a69dae02 nonce:int128 server_nonce:int128 new_nonce_hash3:int128 = Set_client_DH_params_answer;
    +
    dh_gen_ok#3bcbf734 nonce:int128 server_nonce:int128 new_nonce_hash1:int128 = Set_client_DH_params_answer;
    @@ -821,13 +812,13 @@ dh_gen_fail#a69dae02 nonce:int128 server_nonce:int128 new_nonce_hash3:int128 = S - + - + @@ -839,19 +830,19 @@ dh_gen_fail#a69dae02 nonce:int128 server_nonce:int128 new_nonce_hash3:int128 = S - + - + - +
    message_id 8, 801CCC6CE599A9C6401A8E565DD9D9C64 Exact unixtime*2^32, +(4*N) if N messages with the same message ID were already generated
    message_length 16, 454000000 (84 in decimal)A0000000 (160 in decimal) Message body length
    nonce 24, 1661079BD3CE400AAAC06A7EC0F9E70AF2365B3A127C5B5909490E6C3AECEC0126 Value generated by client in Step 1
    server_nonce 40, 16F33BCBF4A8C23D6AEE2D085D7713F5B1C2184E38BAC1649C35FD28FC20E9A7EA Value received from server in Step 2
    new_nonce_hash1 56, 16C9C0EC9DDD5F1A185251157051A6941E206C98373FA1E04914C09BE1572B963C The 128 lower-order bits of SHA1 of the byte string derived from the new_nonce string by adding a single byte with the value of 1, 2, or 3, and followed by another 8 bytes with auth_key_aux_hash. Different values are required to prevent an intruder from changing server response dh_gen_ok into dh_gen_retry.