119 lines
4.3 KiB
Markdown
119 lines
4.3 KiB
Markdown
|
The FreeRadioNetwork protocol
|
||
|
|
=============================
|
||
|
|
|
||
|
|
This document describes the results of reverse-engeneering the official
|
||
|
|
set of [FreeRadioNetwork](http//freeradionetwork.eu) programs through
|
||
|
|
network traffic sniffing and software decompilation.
|
||
|
|
|
||
|
|
|
||
|
|
System components
|
||
|
|
-----------------
|
||
|
|
|
||
|
|
The FreeRadioNetwork system is composed of three programs:
|
||
|
|
|
||
|
|
* client
|
||
|
|
* server
|
||
|
|
* system manager
|
||
|
|
|
||
|
|
Client and server executables are freely available, while the system
|
||
|
|
manager is not. The role of the system manager is account management,
|
||
|
|
including password generation and credentials checking, keeping track
|
||
|
|
of active servers and connected users.
|
||
|
|
|
||
|
|
The client talks to the system manager only to get the list of active
|
||
|
|
servers and to request the creation of a new account/password: any other
|
||
|
|
communication from the client goes to the server.
|
||
|
|
|
||
|
|
Server listens for clients connection on TCP port 10024 (by default, but
|
||
|
|
can be changed through the server GUI), while the system manager listen
|
||
|
|
for server connections and client queries on TCP port 10025. In both the
|
||
|
|
client and the server, the system manager address is hard coded as
|
||
|
|
`frn.no-ip.info`.
|
||
|
|
|
||
|
|
|
||
|
|
Client - server protocol
|
||
|
|
------------------------
|
||
|
|
|
||
|
|
The client sends requests to the server in the form of CR+LF terminated
|
||
|
|
ascii text lines. Response to commands and unsolicited events from the
|
||
|
|
server (i.e. incoming text messages), excluding authentication procedure
|
||
|
|
and voice packets, starts with a byte indicating the message type
|
||
|
|
followed by one CR+LF terminated ascii line containing the decimal count
|
||
|
|
of lines following and then the lines composing the message body.
|
||
|
|
|
||
|
|
|
||
|
|
### Authentication ###
|
||
|
|
|
||
|
|
As soon as the TCP connection is established, the client sends a line
|
||
|
|
containing user's info and authentication credential formatted enclosing
|
||
|
|
fields between html-like tags, for example:
|
||
|
|
|
||
|
|
CT:<VX>2010002</VX><EA>user@example.com</EA><PW>XYZJKWXY</PW><ON>CALLSIGN, Name</ON><BC>PC Only</BC><DS></DS><NN>Country</NN><CT>City - Locator</CT><NT>Network</NT>
|
||
|
|
|
||
|
|
The line is, as usual, followed by the CR and LF chars (ascii 13 an 10).
|
||
|
|
The meaning of the fields is the following:
|
||
|
|
|
||
|
|
* **VX**: Client version (four digits for the year and three digits for
|
||
|
|
the release number)
|
||
|
|
* **EA**: User's email address
|
||
|
|
* **PW**: The password assigned by the system manager to the user
|
||
|
|
* **ON**: Operator's name, usually in the form CALLSIGN, RealName
|
||
|
|
* **BC**: Indicates the client type:
|
||
|
|
* `PC Only`
|
||
|
|
* `Parrot`
|
||
|
|
* `Crosslink`
|
||
|
|
* *BBB* `Ch`*CCC* *MM* `CTC`*TT* where **BBB** is the band (3 digits:
|
||
|
|
433, 446, 027,...), **CCC** is the channel number (3 digits), **MM**
|
||
|
|
is the modulation (AM or FM), **TT** is the subtone number (2 digits)
|
||
|
|
* **DS**: Description, only used for gateways, empty for other client
|
||
|
|
types
|
||
|
|
* **NN**: Country
|
||
|
|
* **CT**: Client's location in the form of City - Locator
|
||
|
|
* **NT**: Network (channel, room) to join on login
|
||
|
|
|
||
|
|
In response to the authentication request, the server sends two lines of
|
||
|
|
text (CR+LF terminated):
|
||
|
|
|
||
|
|
2010002
|
||
|
|
<MT></MT><SV>2009005</SV><AL>OK</AL><BN>backup.server.org</BN><BP>10024</BP><KP>327119</KP>
|
||
|
|
|
||
|
|
The first line contains the latest client version available.
|
||
|
|
The second one contains authentication results and server info:
|
||
|
|
|
||
|
|
* **MT**: Unknown meaning, always empty
|
||
|
|
* **SV**: Server version
|
||
|
|
* **AL**: Authentication result:
|
||
|
|
* `OK`: Success, unprivileged user
|
||
|
|
* `ADMIN`: Success, user has administration privileges
|
||
|
|
* `OWNER`: Success, user is the server owner
|
||
|
|
* `NOK`: Failed, invalid client version
|
||
|
|
* `WRONG`: Failed, invalid credentials
|
||
|
|
* `BLOCK`: Failed, user already logged in
|
||
|
|
* **BN**: Backup server
|
||
|
|
* **BP**: Backup server port
|
||
|
|
* **KP**: Six digits code used for second phase
|
||
|
|
|
||
|
|
At this point, if authentication succeeds, server versions greater than
|
||
|
|
2009004 needs one more line from the client before considering the
|
||
|
|
connection fully established. The line is a five digits number computed
|
||
|
|
as follows:
|
||
|
|
|
||
|
|
1. Split the KP code in two-digits numbers: `AABBCC`
|
||
|
|
2. Let `X` be the result of: `(AA+2)*(BB+1)+(CC+4)*(CC+7)`
|
||
|
|
3. Extend `X` to be 5 digits long, padding to the left with zeroes as
|
||
|
|
needed and let's call the resulting digits `DEFGH` respectively
|
||
|
|
4. The authentication code is composed by rearranging the digits as
|
||
|
|
`GDFHE`
|
||
|
|
|
||
|
|
For example, let's KP be `327119`. AA would be 32, BB=71 and CC=19.
|
||
|
|
|
||
|
|
X = (32+2)*(71+1)+(19+4)*(19+7) = 3046
|
||
|
|
|
||
|
|
Padding to five digits we would get `03046`, so D=0, E=3, F=0, G=4, H=6
|
||
|
|
so the auth code wold be `40063`.
|
||
|
|
|
||
|
|
|
||
|
|
|
||
|
|
|
||
|
|
|