# filename: fm.php
# purpose: get MSN contact list
# author: http://qartis.com/?qmsn modified by Druggo
$username = $_POST['username'];
$password = $_POST['password'];
$debug = 0;
$trid = 0;
$proto = "MSNP10";
# start here
echo "通讯协议 $proto
";
echo "开始登录
";
# login now
$sbcOnn= fsockopen("messenger.hotmail.com",1863) or die("Can't connect to MSN server");
flush();
data_out("VER $trid $proto CVR0");
data_in();
data_out("CVR $trid 0x0409 winnt 5.1 i386 MSNMSGR 8.0.0812 MSMSGS $username");
data_in();
data_out("USR $trid TWN I $username");
$temp = data_in();
if (!stristr($temp,":")){
if (substr($temp,0,3)==601){
#echo "Error: The MSN servers are currently unavailable.";
echo "很不幸,MSN的服务器又挂了 >.<
";
die();
} else {
echo "连接失败!
";
fclose($sbconn);
die();
}
}
@fclose($sbconn);
$temp_array = explode(" ",$temp);
$temp_array = explode(":",$temp_array[3]);
flush();
$sbcOnn= fsockopen($temp_array[0],$temp_array[1]) or die("error -_-#");
data_out("VER $trid $proto CVR0");
data_in();
flush();
data_out("CVR $trid 0x0409 winnt 5.1 i386 MSNMSGR 8.0.0812 MSMSGS $username");
data_in();
data_out("USR $trid TWN I $username");
$temp = data_in();
$temp_array = explode(" ",$temp);
flush();
$TOKENSTRING = trim(end($temp_array));
#echo "authenticating";
echo "身份验证中……
";
flush();
$nexus_socket = fsockopen("ssl://nexus.passport.com",443);
fputs($nexus_socket,"GET /rdr/pprdr.asp HTTP/1.0\r\n\r\n");
while ($temp != "\r\n"){
$temp = fgets($nexus_socket,1024);
if (substr($temp,0,12)=="PassportURLs"){
$urls = substr($temp,14);
}
}
$temp_array = explode(",",$urls);
$temp = $temp_array[1];
$temp = substr($temp,8);
$temp_array = explode("/",$temp);
@fclose($nexus_socket);
$ssl_cOnn= fsockopen("ssl://".$temp_array[0],443);
fputs($ssl_conn,"GET /{$temp_array[1]} HTTP/1.1\r\n");
fputs($ssl_conn,"Authorization: Passport1.4 OrgVerb=GET,OrgURL=http%3A%2F%2Fmessenger%2Emsn%2Ecom,sign-in=".urlencode($username).",pwd=$password,$TOKENSTRING\r\n");
fputs($ssl_conn,"User-Agent: MSMSGS\r\n");
fputs($ssl_conn,"Host: {$temp_array[0]}\r\n");
fputs($ssl_conn,"Connection: Keep-Alive\r\n");
fputs($ssl_conn,"Cache-Control: no-cache\r\n\r\n");
$temp = fgets($ssl_conn,512);
if (rtrim($temp) == "HTTP/1.1 302 Found"){
#echo "redirection";
echo "开始重定向
";
flush();
while ($temp != "\r\n"){
$temp = fgets($ssl_conn,256);
if (substr($temp,0,9)=="Location:"){
$temp_array = explode(":",$temp);
$temp_array = explode("/",trim(end($temp_array)));
break;
}
}
@fclose($ssl_conn);
$ssl_cOnn= fsockopen("ssl://".$temp_array[2],443);
fputs($ssl_conn,"GET /{$temp_array[3]} HTTP/1.1\r\n");
fputs($ssl_conn,"Authorization: Passport1.4 OrgVerb=GET,OrgURL=http%3A%2F%2Fmessenger%2Emsn%2Ecom,sign-in=".urlencode($username).",pwd=$password,$TOKENSTRING\r\n");
fputs($ssl_conn,"User-Agent: MSMSGS\r\n");
fputs($ssl_conn,"Host: {$temp_array[2]}\r\n");
fputs($ssl_conn,"Connection: Keep-Alive\r\n");
fputs($ssl_conn,"Cache-Control: no-cache\r\n\r\n");
} elseif (rtrim($temp)=="HTTP/1.1 401 Unauthorized"){
#echo "invalidcreds";
echo "验证失败!
";
@fclose($ssl_conn);
die();
} else {
if (rtrim($temp) != "HTTP/1.1 200 OK"){
#echo "Unknown HTTP status code: $temp
";
echo "未知状态码 $temp
";
flush();
die();
} else {
#echo "set_bar_len30?";
}
}
while ($temp != "\r\n"){
$temp = fgets($ssl_conn,1024);
if (substr($temp,0,19)=="Authentication-Info"){
$auth_info = $temp;
$temp = fgets($ssl_conn,1024);
if (substr($temp,0,14)!="Content-Length"){
$auth_info.= fgets($ssl_conn,1024);
}
break;
}
}
@fclose($ssl_conn);
$temp_array = explode("'",$auth_info);
flush();
data_out("USR $trid TWN S {$temp_array[1]}");
flush();
$temp=data_in();
flush();
$time_since_initmsg = time();
while(!strstr($temp,"ABCHMigrated") && is_string(trim($temp))){
if (substr($temp,0,3)=="sid"){
$sid = trim(substr($temp,5));
}
if (substr($temp,0,2)=="kv"){
$kv = trim(substr($temp,4));
}
if (substr($temp,0,7)=="MSPAuth"){
$mspauth = trim(substr($temp,9));
flush();
}
$temp = data_in();
}
$temp = data_in();
#echo "authenticated
";
echo "验证通过!
";
flush();
#data_out("LST 9 RL");
#data_in();
data_out("SYN $trid 0 0");
#echo "retreiving_contact_list
";
echo "正在获取好友列表……
";
flush();
stream_set_timeout($sbconn,0,125000);
/* a lazy man doing this :D */
for($i=0;$i<160;$i++) # some say max is 150
{
$temp = data_in();
switch (substr($temp, 0, 3))
{
case "LST":
$temp_array = explode(" ",$temp);
$un = substr($temp_array[1], 2);
$nn = substr($temp_array[2], 2);
$nn1 = substr($temp_array[2], 0, 1);
if($nn1 == "F")
{
echo "$nn
mailto:$un\">$nn
";
}
else
{
echo "曾经的好友: $un
";
}
#echo $temp."
";
break;
default:
# no nothing
break;
}
}
echo "列表结束";
@fclose($sbconn);
# end here
# functions
function data_out($data){
global $sbconn,$debug,$trid;
fputs($sbconn,$data."\r\n");
$trid++;
if ($debug && !empty($data)){ echo "> ".$data."
\r\n";}
}
function data_in(){
global $sbconn,$debug;
$temp = fgets($sbconn,256);
if ($debug && !empty($temp)){echo "<".$temp."
\r\n";}
return $temp;
}
?>
京公网安备 11010802041100号