mirror of
https://github.com/MarshalX/telegram-crawler.git
synced 2025-01-20 16:15:08 +01:00
Update content of files
This commit is contained in:
parent
76145982d3
commit
ff3871c356
2 changed files with 94 additions and 65 deletions
|
@ -96,39 +96,19 @@ MTProto v.1.0 is deprecated and is currently being phased out.</p>
|
|||
<h4><a class="anchor" href="#message-identifier-msg-id" id="message-identifier-msg-id" name="message-identifier-msg-id"><i class="anchor-icon"></i></a>Message Identifier (msg_id)</h4>
|
||||
<p>A (time-dependent) 64-bit number used uniquely to identify a message within a session. Client message identifiers are divisible by 4, server message identifiers modulo 4 yield 1 if the message is a response to a client message, and 3 otherwise. Client message identifiers must increase monotonically (within a single session), the same as server message identifiers, and must approximately equal unixtime*2^32. This way, a message identifier points to the approximate moment in time the message was created. A message is rejected over 300 seconds after it is created or 30 seconds before it is created (this is needed to protect from replay attacks). In this situation, it must be re-sent with a different identifier (or placed in a container with a higher identifier). The identifier of a message container must be strictly greater than those of its nested messages.</p>
|
||||
<p><strong>Important</strong>: to counter replay-attacks the lower 32 bits of <strong>msg_id</strong> passed by the client must not be empty and must present a fractional part of the time point when the message was created.</p>
|
||||
<h4><a class="anchor" href="#content-related-message" id="content-related-message" name="content-related-message"><i class="anchor-icon"></i></a>Content-related Message</h4>
|
||||
<p>A message requiring an explicit acknowledgment. These include all the user and many service messages, virtually all with the exception of containers and acknowledgments. </p>
|
||||
<h4><a class="anchor" href="#message-sequence-number-msg-seqno" id="message-sequence-number-msg-seqno" name="message-sequence-number-msg-seqno"><i class="anchor-icon"></i></a>Message Sequence Number (msg_seqno)</h4>
|
||||
<p>A 32-bit number equal to twice the number of “content-related” messages (those requiring acknowledgment, and in particular those that are not containers) created by the sender prior to this message and subsequently incremented by one if the current message is a content-related message. A container is always generated after its entire contents; therefore, its sequence number is greater than or equal to the sequence numbers of the messages contained in it.</p>
|
||||
<p>Specifically, here's a full list of the MTProto-level constructors that are <strong>not</strong> content-related:</p>
|
||||
<ul>
|
||||
<li><code>rpc_drop_answer</code></li>
|
||||
<li><code>rpc_answer_unknown</code></li>
|
||||
<li><code>rpc_answer_dropped_running</code></li>
|
||||
<li><code>rpc_answer_dropped</code></li>
|
||||
<li><code>get_future_salts</code></li>
|
||||
<li><code>future_salt</code></li>
|
||||
<li><code>future_salts</code></li>
|
||||
<li><code>ping</code></li>
|
||||
<li><code>pong</code></li>
|
||||
<li><code>ping_delay_disconnect</code></li>
|
||||
<li><code>destroy_session</code></li>
|
||||
<li><code>destroy_session_ok</code></li>
|
||||
<li><code>destroy_session_none</code></li>
|
||||
<li><code>msg_container</code></li>
|
||||
<li><code>msg_copy</code></li>
|
||||
<li><code>gzip_packed</code></li>
|
||||
<li><code>http_wait</code></li>
|
||||
<li><code>msgs_ack</code></li>
|
||||
<li><code>bad_msg_notification</code></li>
|
||||
<li><code>bad_server_salt</code></li>
|
||||
<li><code>msgs_state_req</code></li>
|
||||
<li><code>msgs_state_info</code></li>
|
||||
<li><code>msgs_all_info</code></li>
|
||||
<li><code>msg_detailed_info</code></li>
|
||||
<li><code>msg_new_detailed_info</code></li>
|
||||
<li><code>msg_resend_req</code></li>
|
||||
</ul>
|
||||
<p>A 32-bit number equal to twice the number of <a href="#content-related-message">content-related »</a> messages created by the sender prior to this message and subsequently incremented by one if the current message is a content-related message. </p>
|
||||
<p>The seqno of a content-related message is thus <code>msg.seqNo = (current_seqno*2)+1</code> (and after generating it, the local <code>current_seqno</code> counter must be incremented by 1), the seqno of a non-content related message is <code>msg.seqNo = (current_seqno*2)</code> (<code>current_seqno</code> must <strong>not</strong> be incremented by 1 after generation). </p>
|
||||
<p>Thus, the content-relatedness of an incoming MTProto message can simply be determined by checking the value of the least-significant bit of the seqno of the message (<code>message.isContentRelated = (message.seqNo & 1) == 1</code>). </p>
|
||||
<p>A container is always generated after its entire contents; therefore, its sequence number is greater than or equal to the sequence numbers of the messages contained in it. </p>
|
||||
<h5><a class="anchor" href="#content-related-message" id="content-related-message" name="content-related-message"><i class="anchor-icon"></i></a>Content-related Message</h5>
|
||||
<p>When receiving an MTProto message that is marked as content-related by setting the least-significant bit of the <a href="#message-sequence-number-msg_seqno">seqno</a>, the receiving party <strong>must</strong> acknowledge it in some way. </p>
|
||||
<p>On the client side, must be done through <code>msgs_ack</code> constructors. </p>
|
||||
<p>On the server side, this is usually done through <code>msgs_ack</code> constructors, but may also be done using the reply of a method, or an error, or some other way, as specified by the documentation of each method or constructor. </p>
|
||||
<p>When a TCP transport is used, the content-relatedness of constructors affects the server's behavior: the server will resend not-yet acknowledged content-related messages to a new connection when the current connection is closed and then re-opened. </p>
|
||||
<p>A client <strong>must always</strong> mark all API-level RPC queries as content-related, or else a <a href="/mtproto/service_messages_about_messages#notice-of-ignored-error-message">bad_msg_notification</a> with <code>error_code=35</code> will be emitted. </p>
|
||||
<p>A client <strong>must never</strong> mark <code>msgs_ack</code>, <code>msg_container</code>, <code>msg_copy</code>, <code>gzip_packed</code> constructors (i.e. <a href="/mtproto/service_messages#containers">containers</a> and acknowledgments) as content-related, or else a <a href="/mtproto/service_messages_about_messages#notice-of-ignored-error-message">bad_msg_notification</a> with <code>error_code=34</code> will be emitted. </p>
|
||||
<p>A client <em>may</em> mark any other constructor except the four specified above as content-related. </p>
|
||||
<h4><a class="anchor" href="#message-key-msg-key" id="message-key-msg-key" name="message-key-msg-key"><i class="anchor-icon"></i></a>Message Key (msg_key)</h4>
|
||||
<p>In <strong>MTProto 2.0</strong>, the middle 128 bits of the SHA-256 hash of the message to be encrypted (including the internal header and the <em>padding bytes</em> for MTProto 2.0), prepended by a 32-byte fragment of the authorization key.</p>
|
||||
<p>In <strong>MTProto 1.0</strong>, message key was defined differently, as the lower 128 bits of the SHA-1 hash of the message to be encrypted, with padding bytes excluded from the computation of the hash. Authorization key was not involved in this computation.</p>
|
||||
|
|
|
@ -50,21 +50,22 @@ Padded…">
|
|||
|
||||
<div id="dev_page_content"><!-- scroll_nav -->
|
||||
|
||||
<p>Here's a list of MTProto transport protocols (<a href="/mtproto#recap">see the ISO/OSI recap for a full explanation</a>):</p>
|
||||
<p>Here's a list of MTProto transport protocols (<a href="/mtproto#recap">see the ISO/OSI recap for a full explanation</a>):</p>
|
||||
<ul>
|
||||
<li><a href="#abridged">Abridged</a></li>
|
||||
<li><a href="#intermediate">Intermediate</a></li>
|
||||
<li><a href="#padded-intermediate">Padded intermediate</a></li>
|
||||
<li><a href="#full">Full</a></li>
|
||||
</ul>
|
||||
<p>The server recognizes these different protocols (and distinguishes them from HTTP, too) by the header.<br>Additionally, the following transport features can be used: </p>
|
||||
<p>The server recognizes these different protocols (and distinguishes them from HTTP, too) by the header.
|
||||
Additionally, the following transport features can be used: </p>
|
||||
<ul>
|
||||
<li><a href="#quick-ack">Quick ack</a></li>
|
||||
<li><a href="#transport-errors">Transport errors</a></li>
|
||||
<li><a href="#transport-obfuscation">Transport obfuscation</a></li>
|
||||
</ul>
|
||||
<p>Example implementations for these protocols can be seen in <a href="https://github.com/tdlib/td/blob/master/td/mtproto/TcpTransport.cpp">tdlib</a> and <a href="https://github.com/danog/MadelineProto/tree/v8/src/Stream/MTProtoTransport">MadelineProto</a>.</p>
|
||||
<h3><a class="anchor" name="abridged" href="#abridged"><i class="anchor-icon"></i></a>Abridged</h3>
|
||||
<h3><a class="anchor" href="#abridged" id="abridged" name="abridged"><i class="anchor-icon"></i></a>Abridged</h3>
|
||||
<p>The lightest protocol available.</p>
|
||||
<ul>
|
||||
<li>Overhead: Very small </li>
|
||||
|
@ -80,18 +81,38 @@ OR
|
|||
+-+---+----...----+
|
||||
|h|len| payload +
|
||||
+-+---+----...----+</code></pre>
|
||||
<p>Before sending <em>anything</em> into the underlying socket (see <a href="transports">transports</a>), the client must first send <code>0xef</code> as the first byte (the server <strong>will not</strong> send <code>0xef</code> as the first byte in the first reply).<br>Then, payloads are wrapped in the following envelope:</p>
|
||||
<p>Before sending <em>anything</em> into the underlying socket (see <a href="transports">transports</a>), the client must first send <code>0xef</code> as the first byte (the server <strong>will not</strong> send <code>0xef</code> as the first byte in the first reply).<br>
|
||||
Then, payloads are wrapped in the following envelope:</p>
|
||||
<p>If the packet length divided by four is smaller than 127:</p>
|
||||
<ul>
|
||||
<li>Length: payload length, divided by four, and encoded as a single byte, only if the resulting packet length is a value between <code>0x01..0x7e</code>.</li>
|
||||
<li>Length: payload length, divided by four, and encoded as a single byte</li>
|
||||
<li>Payload: the MTProto payload</li>
|
||||
</ul>
|
||||
<p>If the packet length divided by four is bigger than or equal to 127 (>= <code>0x7f</code>), the following envelope must be used, instead:</p>
|
||||
<p>If the packet length divided by four is bigger than or equal to 127, the following envelope must be used, instead:</p>
|
||||
<ul>
|
||||
<li>Header: A single byte of value <code>0x7f</code></li>
|
||||
<li>Header: A single byte of value <code>0x7f</code> (127)</li>
|
||||
<li>Length: payload length, divided by four, and encoded as 3 length bytes (little endian)</li>
|
||||
<li>Payload: the MTProto payload</li>
|
||||
</ul>
|
||||
<h3><a class="anchor" name="intermediate" href="#intermediate"><i class="anchor-icon"></i></a>Intermediate</h3>
|
||||
<p><a href="#quick-ack">Quick ACK »</a> may be enabled for this transport. </p>
|
||||
<p>To request a quick ACK from the server for an encrypted MTProto payload, use the following envelope for <em>outgoing</em> messages, instead of the one specified above.</p>
|
||||
<p>If the packet length divided by four is smaller than 127:</p>
|
||||
<ul>
|
||||
<li>Length: payload length, divided by four, plus 128, and encoded as a single byte (<code>(length/2)+128</code> or <code>(length >> 2) | (1 << 7)</code>); i.e. the most significant bit must be set.</li>
|
||||
<li>Payload: the MTProto payload</li>
|
||||
</ul>
|
||||
<p>If the packet length divided by four is bigger than or equal to 127, the following envelope must be used, instead:</p>
|
||||
<ul>
|
||||
<li>Header: A single byte of value <code>0xff</code> (255)</li>
|
||||
<li>Length: payload length, divided by four, and encoded as 3 length bytes (little endian); same as for a normal abridged envelope.</li>
|
||||
<li>Payload: the MTProto payload</li>
|
||||
</ul>
|
||||
<p>The server will send quick ACK tokens by bswapping them (i.e. inverting the order of the 4 bytes of the ACK token) and sending them as a standlone 4-byte packet without a length header. </p>
|
||||
<pre><code>+----+
|
||||
|dcba|
|
||||
+----+</code></pre>
|
||||
<p>These quick ACK packets can be easily distinguished from normal abridged packets because the first byte will always have the most-significant bit set (because quick ACK tokens have the most-significant bit of the last byte set, and since they are bswapped the last byte will come first), as the length/header of normal payload packets coming from the server is always less than or equal to 127 (thus the most-significant bit is not set for normal payloads). </p>
|
||||
<h3><a class="anchor" href="#intermediate" id="intermediate" name="intermediate"><i class="anchor-icon"></i></a>Intermediate</h3>
|
||||
<p>In case 4-byte data alignment is needed, an <em>intermediate</em> version of the original protocol may be used.</p>
|
||||
<ul>
|
||||
<li>Overhead: small</li>
|
||||
|
@ -102,19 +123,28 @@ OR
|
|||
<pre><code>+----+----...----+
|
||||
+len.+ payload +
|
||||
+----+----...----+</code></pre>
|
||||
<p>Before sending <em>anything</em> into the underlying socket (see <a href="transports">transports</a>), the client must first send <code>0xeeeeeeee</code> as the first int (four bytes, the server <strong>will not</strong> send <code>0xeeeeeeee</code> as the first int in the first reply).<br>Then, payloads are wrapped in the following envelope:</p>
|
||||
<p>Before sending <em>anything</em> into the underlying socket (see <a href="transports">transports</a>), the client must first send <code>0xeeeeeeee</code> as the first int (four bytes, the server <strong>will not</strong> send <code>0xeeeeeeee</code> as the first int in the first reply).<br>
|
||||
Then, payloads are wrapped in the following envelope:</p>
|
||||
<ul>
|
||||
<li>Length: payload length encoded as 4 length bytes (little endian)</li>
|
||||
<li>Payload: the MTProto payload</li>
|
||||
</ul>
|
||||
<h3><a class="anchor" name="padded-intermediate" href="#padded-intermediate"><i class="anchor-icon"></i></a>Padded intermediate</h3>
|
||||
<p><a href="#quick-ack">Quick ACK »</a> may be enabled for this transport. </p>
|
||||
<p>To request a quick ACK from the server for an encrypted MTProto payload, add <code>0x80000000</code> to the <code>len</code> field before encoding it (equivalent to doing <code>len = len | (1 << 31)</code>, i.e. set the most-significant bit of the length). </p>
|
||||
<p>The server will send quick ACK tokens as a standlone 4-byte packet without a length header.</p>
|
||||
<pre><code>+----+
|
||||
|abcd|
|
||||
+----+</code></pre>
|
||||
<p>These quick ACK packets can be easily distinguished from normal intermediate packets because quick ACK tokens always have the most-significant bit of the last byte set, and trying to decode an ACK token as a little-endian 32-bit integer will always yield a value bigger than or equal to <code>0x80000000</code>, which can never be a valid packet length. </p>
|
||||
<h3><a class="anchor" href="#padded-intermediate" id="padded-intermediate" name="padded-intermediate"><i class="anchor-icon"></i></a>Padded intermediate</h3>
|
||||
<p>Padded version of the <a href="#intermediate">intermediate protocol</a>, to use with <a href="#transport-obfuscation">obfuscation enabled</a> to <strong>bypass ISP blocks</strong>.</p>
|
||||
<ul>
|
||||
<li>Overhead: small-medium</li>
|
||||
<li>Minimum envelope length: random</li>
|
||||
<li>Maximum envelope length: random</li>
|
||||
</ul>
|
||||
<p>Before sending <em>anything</em> into the underlying socket (see <a href="transports">transports</a>), the client must first send <code>0xdddddddd</code> as the first int (four bytes, the server <strong>will not</strong> send <code>0xdddddddd</code> as the first int in the first reply).<br>Then, payloads are wrapped in the following envelope:</p>
|
||||
<p>Before sending <em>anything</em> into the underlying socket (see <a href="transports">transports</a>), the client must first send <code>0xdddddddd</code> as the first int (four bytes, the server <strong>will not</strong> send <code>0xdddddddd</code> as the first int in the first reply).<br>
|
||||
Then, payloads are wrapped in the following envelope:</p>
|
||||
<pre><code>+----+----...----+----...----+
|
||||
|tlen| payload | padding |
|
||||
+----+----...----+----...----+</code></pre>
|
||||
|
@ -124,7 +154,7 @@ OR
|
|||
<li>Payload: the MTProto payload</li>
|
||||
<li>Padding: A random padding string of length <code>0-15</code></li>
|
||||
</ul>
|
||||
<h3><a class="anchor" name="full" href="#full"><i class="anchor-icon"></i></a>Full</h3>
|
||||
<h3><a class="anchor" href="#full" id="full" name="full"><i class="anchor-icon"></i></a>Full</h3>
|
||||
<p>The basic MTProto transport protocol</p>
|
||||
<ul>
|
||||
<li>Overhead: medium</li>
|
||||
|
@ -142,36 +172,56 @@ OR
|
|||
<li>payload: MTProto payload</li>
|
||||
<li>crc: 4 CRC32 bytes computed using length, sequence number, and payload together.</li>
|
||||
</ul>
|
||||
<h3><a class="anchor" name="transport-features" href="#transport-features"><i class="anchor-icon"></i></a>Transport features</h3>
|
||||
<h3><a class="anchor" href="#transport-features" id="transport-features" name="transport-features"><i class="anchor-icon"></i></a>Transport features</h3>
|
||||
<p>Additionally, the following transport features can be used: </p>
|
||||
<h4><a class="anchor" name="quick-ack" href="#quick-ack"><i class="anchor-icon"></i></a>Quick ack</h4>
|
||||
<p>These MTProto transport protocols have support for quick acknowledgment.<br>In this case, the client sets the highest-order length bit in the query packet, and the server responds with a special 4 bytes as a separate packet.<br>They are the 32 higher-order bits of SHA256 of the encrypted portion of the packet prepended by 32 bytes from the authorization key (the same hash as computed for verifying the message key), with the most significant bit set to make clear that this is not the length of a regular server response packet; if the abridged version is used, bswap is applied to these four bytes.</p>
|
||||
<h4><a class="anchor" name="transport-errors" href="#transport-errors"><i class="anchor-icon"></i></a>Transport errors</h4>
|
||||
<p>In the event of a transport error (missing auth key, transport flood, etc.), the server may send a packet with a signed little-endian number of 4 bytes, whose <strong>absolute value</strong> contains the error code (the error itself is actually negative). </p>
|
||||
<p>For example, error Code 403 corresponds to situations where the corresponding HTTP error would have been returned by the HTTP protocol.</p>
|
||||
<p>Error 404 (auth key not found) is returned when the specified auth key ID cannot be found by the DC.</p>
|
||||
<p>Error 429 (transport flood) is returned when too many transport connections are established to the same IP in a too short lapse of time, or if any of the <a href="/mtproto/service_messages#simple-container">container</a>/<a href="/mtproto/service_messages_about_messages#acknowledgment-of-receipt">service message limits</a> are reached.</p>
|
||||
<p>Error 444 (invalid DC) is returned while <a href="/mtproto/auth_key#presenting-proof-of-work-server-authentication">creating an auth key</a>, <a href="#transport-obfuscation">connecting to an MTProxy</a> or in other contexts if an invalid DC ID is specified.</p>
|
||||
<h4><a class="anchor" name="transport-obfuscation" href="#transport-obfuscation"><i class="anchor-icon"></i></a>Transport obfuscation</h4>
|
||||
<h4><a class="anchor" href="#quick-ack" id="quick-ack" name="quick-ack"><i class="anchor-icon"></i></a>Quick ack</h4>
|
||||
<p>Some of the TCP transports listed above support quick ACKs: quick ACKs are a way for clients to get quick receipt acknowledgements for packets. </p>
|
||||
<p>To request a quick ack for a specific outgoing payload, clients must set the MSB of the appropriate field in the transport envelope (as described in the documentation for each transport protocol above). </p>
|
||||
<p>Also, clients must generate and store a quick ACK token, associating it with the outgoing MTProto payload, by:</p>
|
||||
<ul>
|
||||
<li>Taking the first 32 bits of the SHA256 of the encrypted portion of the payload prepended by 32 bytes from the authorization key (the same hash generated when computing the <a href="/mtproto/description#message-key-msg-key">message key</a>, except that instead of taking the middle 128 bits, the first 32 bits are taken instead). </li>
|
||||
<li>Setting the MSB of the last byte to 1: in other words, treat the 32 bits generated above as a little-endian integer, then add <code>0x80000000</code> to it (i.e. <code>ack_token = msg_key_long[0:4] | (1 << 31)</code> on a little-endian system). </li>
|
||||
</ul>
|
||||
<p>Once the payload is successfully received, decrypted and accepted for processing by the server, the server will send back the same quick ACK token we generated above, using the encoding described in the documentation for each transport protocol. </p>
|
||||
<p>Note that reception of a quick ACK <strong>does not</strong> indicate that any of the RPC queries contained in the message have succeeded, failed or finished execution at all, it simply indicates that they have been received, decrypted and accepted for processing by the server. </p>
|
||||
<p>The server will still send <code>msgs_ack</code> constructors for content-related constructors and methods contained in payloads which were quick ACKed, as well as replies/errors for methods and constructors, as usual. </p>
|
||||
<h4><a class="anchor" href="#transport-errors" id="transport-errors" name="transport-errors"><i class="anchor-icon"></i></a>Transport errors</h4>
|
||||
<p>In the event of a transport error (missing auth key, transport flood, etc.), the server may send a packet (framed as an MTProto payload by the chosen MTProto transport) with a signed little-endian number of 4 bytes, whose <strong>absolute value</strong> contains the error code (the error itself is actually negative). </p>
|
||||
<p>For example, error Code 403 corresponds to situations where the corresponding HTTP error would have been returned by the HTTP protocol. </p>
|
||||
<p>Error 404 (auth key not found) is returned when the specified auth key ID cannot be found by the DC, during the initial MTProto handshake if any of the specified queries is incorrect, or during normal operation for example if some MTProto fields are incorrect (i.e. the MTProto packet length is bigger than the transport-specified packet length, and so on). </p>
|
||||
<p>Error 429 (transport flood) is returned when too many transport connections are established to the same IP in a too short lapse of time, or if any of the <a href="/mtproto/service_messages#simple-container">container</a>/<a href="/mtproto/service_messages_about_messages#acknowledgment-of-receipt">service message limits</a> are reached. </p>
|
||||
<p>Error 444 (invalid DC) is returned while <a href="/mtproto/auth_key#presenting-proof-of-work-server-authentication">creating an auth key</a>, <a href="#transport-obfuscation">connecting to an MTProxy</a> or in other contexts if an invalid DC ID is specified. </p>
|
||||
<p>When using the <a href="/mtproto/transports#http">HTTP</a>/<a href="/mtproto/transports#https">HTTPS</a> transports, transport errors are not transmitted as specified above, instead they are simply returned as normal HTTP status codes (and the HTTP payload must be ignored). </p>
|
||||
<h4><a class="anchor" href="#transport-obfuscation" id="transport-obfuscation" name="transport-obfuscation"><i class="anchor-icon"></i></a>Transport obfuscation</h4>
|
||||
<p>Transport obfuscation is required to use the <a href="transports#websocket">WebSocket transports</a>.</p>
|
||||
<p>Transport obfuscation to <strong>prevent ISP blocks</strong> is implemented using the following protocol, situated under the MTProto transport in the ISO/OSI stack, see the <a href="/mtproto#recap">recap</a>; this means that the payload is first wrapped in the <a href="/mtproto/mtproto-transports">MTProto transport envelope</a> (all transports are supported), and then obfuscated: </p>
|
||||
<p>Prior to establishing the connection (and eventually sending the protocol header of a specific <a href="/mtproto/mtproto-transports">MTProto transport</a>), a 64-byte (512-bit) <strong>random</strong> initialization payload is generated.<br>During the generation process, special care must be taken in order to avoid a situation where that the first int (first four bytes) of the random string are equal to one of the known protocol identifiers (see above).<br>In particular, the first four bytes must not be equal to <code>0xdddddddd</code> (padded intermediate), <code>0xeeeeeeee</code> (intermediate), <code>POST</code>, <code>GET</code>, <code>HEAD</code>, or any of the HTTP methods that are accepted by the MTProto servers.<br>The first byte must also not be equal to <code>0xef</code> (abridged).<br>Bytes <code>4-8</code> must also not be equal to <code>0x00000000</code>, since that would indicate use of the full transport with the initial TCP sequence number (0).</p>
|
||||
<p>Prior to establishing the connection (and eventually sending the protocol header of a specific <a href="/mtproto/mtproto-transports">MTProto transport</a>), a 64-byte (512-bit) <strong>random</strong> initialization payload is generated.
|
||||
During the generation process, special care must be taken in order to avoid a situation where that the first int (first four bytes) of the random string are equal to one of the known protocol identifiers (see above).<br>
|
||||
In particular, the first four bytes must not be equal to <code>0xdddddddd</code> (padded intermediate), <code>0xeeeeeeee</code> (intermediate), <code>POST</code>, <code>GET</code>, <code>HEAD</code>, or any of the HTTP methods that are accepted by the MTProto servers.<br>
|
||||
The first byte must also not be equal to <code>0xef</code> (abridged).
|
||||
Bytes <code>4-8</code> must also not be equal to <code>0x00000000</code>, since that would indicate use of the full transport with the initial TCP sequence number (0).</p>
|
||||
<p>The protocol identifier, if present, must be inserted in the initialization payload at byte offset <code>56</code>: if its length is less than 4, it must be padded using the protocol identifier itself, to make its length 4 (<code>0xef</code> => <code>0xefefefef</code>): the standalone protocol identifier must be not be sent aftwerwards.</p>
|
||||
<p>This protocol is also (but not exclusively) used when connecting to MTProxies: <strong>only in this case</strong>, the DC ID in a specially encoded form must also be inserted in the initialization payload at offset <code>60</code>.<br>The encoding simply consists of the DC ID in two-byte signed little-endian form; <code>10000</code> has to be added to the DC ID to connect to the test servers; it has to be made negative if the DC we're connecting to is a media (not CDN) DC. </p>
|
||||
<p>This protocol is also (but not exclusively) used when connecting to MTProxies: <strong>only in this case</strong>, the DC ID in a specially encoded form must also be inserted in the initialization payload at offset <code>60</code>.
|
||||
The encoding simply consists of the DC ID in two-byte signed little-endian form; <code>10000</code> has to be added to the DC ID to connect to the test servers; it has to be made negative if the DC we're connecting to is a media (not CDN) DC. </p>
|
||||
<p>Next, a secondary initialization payload is generated by reversing the primary initialization payload. </p>
|
||||
<p>Two keys are extracted from both initialization payloads, using bytes at offsets <code>8-40</code>: the key extracted from the primary payload is used as encryption key, the key extracted from the secondary payload is used as decryption key.</p>
|
||||
<p>Two IVs are extracted from both initialization payloads, using bytes at offsets <code>40-56</code>: the IV extracted from the primary payload is used as encryption IV, the IV extracted from the secondary payload is used as decryption IV.</p>
|
||||
<p><strong>Only if using MTProxy</strong>, the secret is used to provide connection with the MTProxy server.<br>The secret is a 16-byte string, usually distributed in its hexadecimal form along with the MTProxy host and port in <a href="/api/links#mtproxy-links">proxy deep links »</a>.</p>
|
||||
<p>Often, a 17-byte version of the secret can be found: this simply indicates that the client should use a specific MTProto transport (based on the first byte, usually it's <code>0xdd</code>, to indicate that the padded intermediate protocol should be used <code>0xdddddddd</code>; however, clients should default to the padded intermediate transport whenever an additional byte in the secret is encountered).</p>
|
||||
<p>The extracted encryption and decryption keys must be concatenated with the secret (the first byte of which should be ignored if it's the 17-byte version), and the SHA256 hash of such string should be used as encryption/decryption key.</p>
|
||||
<p>The obtained encryption and decryption key/IV pairs must then be used with <strong>AES-256-CTR</strong> to encrypt and decrypt all outgoing and incoming payloads.<br>The final value of the encryption/decryption counter after handling an MTProto payload must be used as IV for the next payload, until the TCP/WS connection is closed.<br>In other words, reuse the two encryption and decryption <strong>AES-256-CTR</strong> OpenSSL instances until the connection is closed. </p>
|
||||
<p>The first thing that must be encrypted using the encryption key is the initialization payload itself.<br>Then bytes <code>56-64</code> of the encrypted initialization payload are substituted in the original initialization payload: this is the part that contains the constant MTProto transport protocol identifier and the DC ID (<strong>only for MTProxies</strong>).</p>
|
||||
<p><strong>Only if using MTProxy</strong>, the secret is used to provide connection with the MTProxy server.
|
||||
The secret is a 16-byte string, usually distributed in its hexadecimal form along with the MTProxy host and port in <a href="/api/links#mtproxy-links">proxy deep links »</a>.</p>
|
||||
<p>Often, a 17-byte version of the secret can be found: this simply indicates that the client should use a specific MTProto transport (based on the first byte, usually it's <code>0xdd</code>, to indicate that the padded intermediate protocol should be used <code>0xdddddddd</code>; however, clients should default to the padded intermediate transport whenever an additional byte in the secret is encountered).</p>
|
||||
<p>The extracted encryption and decryption keys must be concatenated with the secret (the first byte of which should be ignored if it's the 17-byte version), and the SHA256 hash of such string should be used as encryption/decryption key.</p>
|
||||
<p>The obtained encryption and decryption key/IV pairs must then be used with <strong>AES-256-CTR</strong> to encrypt and decrypt all outgoing and incoming payloads.<br>
|
||||
The final value of the encryption/decryption counter after handling an MTProto payload must be used as IV for the next payload, until the TCP/WS connection is closed.<br>
|
||||
In other words, reuse the two encryption and decryption <strong>AES-256-CTR</strong> OpenSSL instances until the connection is closed. </p>
|
||||
<p>The first thing that must be encrypted using the encryption key is the initialization payload itself.
|
||||
Then bytes <code>56-64</code> of the encrypted initialization payload are substituted in the original initialization payload: this is the part that contains the constant MTProto transport protocol identifier and the DC ID (<strong>only for MTProxies</strong>).</p>
|
||||
<p>The final initialization payload must then be sent in the socket as <strong>first 64 bytes</strong> after the TCP handshake.</p>
|
||||
<p>Example pseudocode for the generation of an MTProxy connection payload (media DC 4) using the obfuscated <a href="#padded-intermediate">padded intermediate</a> transport.<br><strong>Warning</strong>: do not use the specified proxy secret in any MTProxy exposed on the internet.</p>
|
||||
<p>Example pseudocode for the generation of an MTProxy connection payload (media DC 4) using the obfuscated <a href="#padded-intermediate">padded intermediate</a> transport.<br>
|
||||
<strong>Warning</strong>: do not use the specified proxy secret in any MTProxy exposed on the internet.</p>
|
||||
<pre><code>protocol := 0xdddddddd
|
||||
dc := 0xfcff
|
||||
|
||||
while 1:
|
||||
while True:
|
||||
init := (56 random bytes) + protocol + dc + (2 random bytes)
|
||||
|
||||
if init[0] == 0xef:
|
||||
|
@ -204,8 +254,7 @@ encryptedInit := CTR(encryptKey, encryptIV, init)
|
|||
|
||||
finalInit := substr(init, 0, 56) + substr(encryptedInit, 56, 8)
|
||||
|
||||
write(finalInit)</code></pre>
|
||||
</div>
|
||||
write(finalInit)</code></pre></div>
|
||||
|
||||
</div>
|
||||
|
||||
|
|
Loading…
Reference in a new issue