fetion

1. 用户向服务器发送get请求，获取sip和ssic

• GET https://uid.fetion.com.cn/ssiportal/SSIAppSignIn.aspx?mobileno=手机号&pwd=密码

• 服务器返回如下信息： 

• HTTPMessage: Date: Mon, 17 May 2010 04:39:09 GMT

• Server: Microsoft-IIS/6.0

• X-Powered-By: ASP.NET

• X-AspNet-Version: 2.0.50727

• Set-Cookie: ssic=DhIOAADSatQxhddLQSDjDno5AHKr/4fQ7i9mqAzjXsH74h1UWRerWJqPpo5YLIs0CoMrWDmEIVb/FO9KBDzvb1SJ7qJuLfkrGMhVgxrJnMEtnG3VD1uoBEqOQ+eXE5/MqtCgIpMAAA==; path=/

• Cache-Control: private

• Content-Type: text/html; charset=utf-8

• Content-Length: 219 

   <?xml version="1.0" encoding="utf-8" ?>

   <results status-code="200">

• <user uri=sip:592252757@fetion.com.cn;p=1630 mobile-no="13572997414" user-status="101" user-id="420232113">

• <credentials></credentials>

• </user>

   </results> 

• 记录sip和ssic，后面要用到。 

1. 向221.176.31.45：8080发送数据，获取nonce

• R fetion.com.cn SIP-C/2.0

• F: 592252757       //这个是飞信号

• I: 1                 //这个应该是会话编号

• Q: 1 R

• L: 336              //数据内容的长度 

• <args><device type="PC" version="327249223" client-version="3.5.2560" /><caps value="simple-im;im-session;temp-group;personal-group;im-relay;xeno-im;direct-sms;sms2fetion" /><events value="contact;permission;system-message;personal-group;compact" /><user-info attributes="all" /><presence><basic value="400" desc="" /></presence></args> 

• 服务器返回如下信息：

   SIP-C/2.0 401 Unauthoried

   F: 592252757

   I: 1

   Q: 1 R

• W: Digest algorithm="MD5-sess;SHA1-sess",nonce="2A403D5F718C8CDB67D9D367447507E9" 

• 记录下nonce，下面会用到。 

1. 向221.176.31.45：8080发送response：

• R fetion.com.cn SIP-C/2.0

• F: 592252757

• I: 1

• Q: 2 R

• A: Digest algorithm="SHA1-sess",response="88EDC599066D6B775CCF4E91637D4A0F",cnonce="627D247341E2C76B51553F413EACB75C",salt="777A6D03",ssic="DhIOAAD+RGauOHll++PD+iSpJwSjgSio8mf1v0pWOKfF8a4YG+i8lP1JfYOYTzbIEVGXYMjqXwxH+nWN5G54oE0o1R4yAHbyoVS4lAFBAazv/tGqaA9QAWDIH00mitYdu7KiRh4AAA=="

• L: 336 

• <args><device type="PC" version="327249223" client-version="3.5.2560" /><caps value="simple-im;im-session;temp-group;personal-group;im-relay;xeno-im;direct-sms;sms2fetion" /><events value="contact;permission;system-message;personal-group;compact" /><user-info attributes="all" /><presence><basic value="400" desc="" /></presence></args>

• 如果服务器返回200 OK，即成功登陆。 

• 其中response计算方法如下：

1. 随机生成一个32位的cnonce (627D247341E2C76B51553F413EACB75C)
2. 指定salt为777A6D03，相应的字符串为wzm/x03 (这个貌似也是任意的)
3. Hash_pwd=(777A6D03+(Salt+密码的sha1值)的sha1值) (777A6D034D3493C9AC1FA46EB512C6CEF1B050E3802CD215)
4. 求sip:fetion.com.cn:hash_pwd字符串的sha1值，得出key
5. 求key:nonce:cnonce字符串的md5值，得出H1
6. 求REGISTER:sip字符串的md5值，得出H2
7. 求H1:nonce:H2字符串的md5值，得出response (88EDC599066D6B775CCF4E91637D4A0F)

curl "http://sms.api.bz/fetion.php?username=xx&password=xx&sendto=xx&message=xx"