libsecondlife can login just fine without any changes to the login code,
so the one new field they added is actually optional. I'm having some
problems with the proxy, the request is dumped just fine but the server
reply is getting dumped to the file encrypted (I checked the entropy and
it's actually encrypted not a silly XOR routine or anything). It's
probably a bug in my libcurl routine dumping raw SSL data, not jumping
to conclusions and blaming it on the upgrade just yet. Anyways, here is
an example client login request from the latest version. Password hash
was scrubbed, and a few bytes in the ID and mac strings were adjusted
just in case someone gets any wise ideas:
<?xml version="1.0"?>
<methodCall>
<methodName>login_to_simulator</methodName>
<params>
<param>
<value>
<struct>
<member><name>first</name><value><string>Ron</string></value></member>
<member><name>last</name><value><string>Hubbard</string></value></member>
<member><name>passwd</name><value><string>$1$[md5hash]</string></value></member>
<member><name>start</name><value><string>last</string></value></member>
<member><name>major</name><value><string>1</string></value></member>
<member><name>minor</name><value><string>10</string></value></member>
<member><name>patch</name><value><string>5</string></value></member>
<member><name>build</name><value><string>1</string></value></member>
<member><name>platform</name><value><string>Win</string></value></member>
<member><name>mac</name><value><string>d36ee6e0bd7ae673992e6c90a3a14296</string></value></member>
<member><name>id0</name><value><string>1630f42712d42877996118452a91b66b</string></value></member>
<member><name>viewer_digest</name><value><string>18ebbf82-9757-5b90-0e82-1eab1b1ac917</string></value></member>
<member><name>options</name><value><array><data><value><string>inventory-root</string></value>
<value><string>inventory-skeleton</string></value><value><string>inventory-lib-root</string></value>
<value><string>inventory-lib-owner</string></value><value><string>inventory-skel-lib</string></value>
<value><string>initial-outfit</string></value><value><string>gestures</string></value>
<value><string>event_categories</string></value><value><string>event_notifications</string></value>
<value><string>classified_categories</string></value><value><string>buddy-list</string></value>
<value><string>ui-config</string></value><value><string>login-flags</string></value>
<value><string>global-textures</string></value></data></array></value>
</member></struct></value>
</param>
</params>
</methodCall>
The field id0 is most likely an MD5 hash since they are already using
MD5 hashes in other parts of the program. What's interesting to note is
a hash of the mac address is now sent, instead of the plaintext MAC, so
I'd say this release is actually a net gain in privacy for the end user.
And to reiterate, the id0 field is optional so libsecondlife doesn't
need any changes to continue logging in.
John Hurliman
_______________________________________________
libsecondlife-dev mailing list
libsecondlife-dev@gna.org
https://mail.gna.org/listinfo/libsecondlife-dev
