支持MSNP15的MSN登录程序PYTHON版代码

#需要安装pycrypto见 http://blog.csdn.net/itclock/archive/2008/12/12/3502973.aspx

from socket import socket, ssl, AF_INET, SOCK_STREAM
from sys import exit, stdin, stdout, argv
from os import popen3

import getpass,md5,thread,time,re
import xml.sax.saxutils as xmlmodule
import struct
from base64 import standard_b64encode, standard_b64decode
from Crypto.Hash import HMAC, SHA
from Crypto.Cipher import DES3
from Crypto.Util import randpool

import httplib, urllib

CRYPT_MODE_CBC = 1
CALC_3DES      = 0x6603
CALG_SHA1      = 0x8004

class sendMsg(object):
    def loginmsn(self,passport,password):
        self._passport = passport
        self._password = password

        sock = socket(AF_INET, SOCK_STREAM)
        sock.connect(("messenger.hotmail.com", 1863))
        sock.send('VER 0 MSNP15 CVR0/r/n')
        data = sock.recv(1024)
        print data
        sock.send('CVR 1 0x0407 win 6.0 i386 MSNMSGR 8.5 MSMSGS ' + passport + '/r/n')
        data = sock.recv(1024)
        print data
        sock.send('USR 2 SSO I ' + passport + '/r/n')
        data = sock.recv(1024)
        print data

        server = data.split(" ")[3]
        ip = server.split(":")[0]
        port = server.split(":")[1]

        sock.close()
        sock = socket(AF_INET, SOCK_STREAM)
        sock.connect((ip, int(port)))
        sock.send('VER 3 MSNP15 CVR0/r/n')
        data = sock.recv(1024)
        print data
        sock.send('CVR 4 0x0407 win 6.0 i386 MSNMSGR 8.5 MSMSGS ' + passport + '/r/n')
        data = sock.recv(1024)
        print data + 'ok'
        sock.send('USR 5 SSO I ' + passport + '/r/n')
        data = sock.recv(4096)
        data2 = sock.recv(4096)
        data3 = sock.recv(4096)
        print data + data2 + data3
        data = data + data2 + data3
        usrdata = data.split("USR ")[1]
        policy = usrdata.split(" ")[3]
        nonce = usrdata.split(" ")[4]
        print policy
        print nonce

        xml = "<?xml version=/"1.0/" encoding=/"UTF-8/"?>"
        xml += "<Envelope xmlns=/"http://schemas.xmlsoap.org/soap/envelope//" xmlns:wsse=/"http://schemas.xmlsoap.org/ws/2003/06/secext/" xmlns:saml=/"urn:oasis:names:tc:SAML:1.0:assertion/" xmlns:wsp=/"http://schemas.xmlsoap.org/ws/2002/12/policy/" xmlns:wsu=/"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd/" xmlns:wsa=/"http://schemas.xmlsoap.org/ws/2004/03/addressing/" xmlns:wssc=/"http://schemas.xmlsoap.org/ws/2004/04/sc/" xmlns:wst=/"http://schemas.xmlsoap.org/ws/2004/04/trust/"><Header>"
        xml += "<ps:AuthInfo xmlns:ps=/"http://schemas.microsoft.com/Passport/SoapServices/PPCRL/" Id=/"PPAuthInfo/">"
        xml += "<ps:HostingApp>{7108E71A-9926-4FCB-BCC9-9A9D3F32E423}</ps:HostingApp>"
        xml += "<ps:BinaryVersion>4</ps:BinaryVersion>"
        xml += "<ps:UIVersion>1</ps:UIVersion>"
        xml += "<ps:Cookies></ps:Cookies>"
        xml += "<ps:RequestParams>AQAAAAIAAABsYwQAAAAxMDMz</ps:RequestParams>"
        xml += "</ps:AuthInfo>"
        xml += "<wsse:Security><wsse:UsernameToken Id=/"user/">"
        xml += "<wsse:Username>" + passport + "</wsse:Username>"
        xml += "<wsse:Password>" + password + "</wsse:Password>"
        xml += "</wsse:UsernameToken></wsse:Security></Header><Body>"
        xml += "<ps:RequestMultipleSecurityTokens xmlns:ps=/"http://schemas.microsoft.com/Passport/SoapServices/PPCRL/" Id=/"RSTS/">"
        xml += "<wst:RequestSecurityToken Id=/"RST0/">"
        xml += "<wst:RequestType>http://schemas.xmlsoap.org/ws/2004/04/security/trust/Issue</wst:RequestType>"
        xml += "<wsp:AppliesTo><wsa:EndpointReference><wsa:Address>http://Passport.NET/tb"
        xml += "</wsa:Address></wsa:EndpointReference></wsp:AppliesTo></wst:RequestSecurityToken>"
        xml += "<wst:RequestSecurityToken Id=/"RST1/">"
        xml += "<wst:RequestType>http://schemas.xmlsoap.org/ws/2004/04/security/trust/Issue</wst:RequestType><wsp:AppliesTo><wsa:EndpointReference>"
        xml += "<wsa:Address>messengerclear.live.com</wsa:Address></wsa:EndpointReference></wsp:AppliesTo>"
        xml += "<wsse:PolicyReference URI=/"" + policy + "/"></wsse:PolicyReference></wst:RequestSecurityToken>"
        xml += "<wst:RequestSecurityToken Id=/"RST2/">"
        xml += "<wst:RequestType>http://schemas.xmlsoap.org/ws/2004/04/security/trust/Issue</wst:RequestType>"
        xml += "<wsp:AppliesTo>"
        xml += "<wsa:EndpointReference>"
        xml += "<wsa:Address>contacts.msn.com</wsa:Address>"
        xml += "</wsa:EndpointReference>"
        xml += "</wsp:AppliesTo>"
        xml += "<wsse:PolicyReference URI=/"MBI/">"
        xml += "</wsse:PolicyReference>"
        xml += "</wst:RequestSecurityToken>"
        xml += "</ps:RequestMultipleSecurityTokens></Body></Envelope>"

        headers = {"Content-type": "application/x-www-form-urlencoded",
                   "Accept": "text/plain","Content-Length":str(len(xml))}
        conn = httplib.HTTPSConnection("login.live.com:443")
        conn.request("POST", "/RST.srf", xml, headers)
        response = conn.getresponse()
        respdata = response.read()
        conn.close()
        print respdata
        #output = open('./out.xml','w')
        #output.write(respdata)
        secret = respdata.split("<wst:BinarySecret>")[2]
        secret = secret.split("</wst:BinarySecret>")[0]

        ticket = respdata.split("<wsse:BinarySecurityToken Id=/"Compact1/">")[1]
        ticket = ticket.split("</wsse:BinarySecurityToken>")[0]
        ticket = xmlmodule.unescape(ticket)

        print secret
        print ticket
        login_code = self.generateLoginBLOB(secret, nonce)

        senddata = "USR 6 SSO S " + ticket + " " + login_code + "/r/n"
        sock.send(senddata)
        data = sock.recv(1024)
        print data
       
    def derive_key(self,key, magic):
        hash1 = HMAC.new(key, magic, SHA).digest()
       
        hash2 = HMAC.new(key, hash1 + magic, SHA).digest()
        hash3 = HMAC.new(key, hash1, SHA).digest()
       
        hash4 = HMAC.new(key, hash3 + magic, SHA).digest()
       
        return hash2 + hash4[0:4]
    def generateLoginBLOB(self,key, nonce):
        #
        # Read key and generate two derived keys
        #
        nonce = nonce.replace("/r/n","")
        print key
        print '0'+(nonce)+'0'
        print len(nonce)
        key1 = standard_b64decode(key)
        key2 = self.derive_key(key1, "WS-SecureConversationSESSION KEY HASH")
        key3 = self.derive_key(key1, "WS-SecureConversationSESSION KEY ENCRYPTION")
       
        #
        # Create a HMAC-SHA-1 hash of nonce using key2
        #
       
        hash = HMAC.new(key2, nonce, SHA).digest()
       
        #
        # Encrypt nonce with DES3 using key3
        #
       
        # IV: 8 bytes of random data
        iv = randpool.KeyboardRandomPool().get_bytes(8)
        obj = DES3.new(key3, DES3.MODE_CBC, iv)
       
        # XXX: win32's Crypt API seems to pad the input with 0x08 bytes to align on 72/36/18/9 boundary
        ciph = obj.encrypt(nonce + "/x08/x08/x08/x08/x08/x08/x08/x08")

        #
        # Generate the blob
        #

        blob = struct.pack("<LLLLLLL", 28, CRYPT_MODE_CBC, CALC_3DES, CALG_SHA1,
                           len(iv), len(hash), len(ciph))
        blob += iv + hash + ciph
       
        return standard_b64encode(blob)
   
sendmsn = sendMsg()
sendmsn.loginmsn("123456@example.com","123456")