PHP-based MSN SSO Authentication not working due to differences in base64_encode

[adammw]

Hi,

I am trying to authenticate MSN by using PHP. So far, I have followed instructions from http://msnpiki.msnfanatic.com/index.php/MSNP15:SSO and http://www.codeproject.com/KB/IP/SSOwithMSNP15.aspx as best I can and came up with something that seems to work but doesn't. I think that i have narrowed it down to PHP simply having a different way of doing base64_encode than C# because the C# application works, however with the same exact string that was fed into the Convert.ToBase64String in php with base64_encode gives me a slightly differnent answer, which is screwing the whole script up.

 

Anyway, so far, I have got a test:

<?php
// Hard code IV, nonce, and secret
$nonce = 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=';
$secret = "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=";
$iv = "\0\0\0\0\0\0\0\0";

// do some hashes
$key1 = base64_decode($secret);
$key2 = deriveKey($key1, "WS-SecureConversationSESSION KEY HASH");
$key3 = deriveKey($key1, "WS-SecureConversationSESSION KEY ENCRYPTION");
$hash = mhash(MHASH_SHA1,$nonce,$key2);
$final_hash = mcrypt_encrypt(MCRYPT_TRIPLEDES,$key3,$nonce."\x08\x08\x08\x08\x08\x08\x08\x08",'cbc',$iv);
$structdata = "\0\0\0\0\0\0f\0\0€\0\0\b\0\0\0\0\0\0H\0\0\0";
$finally_final_hash = $structdata.$iv.$hash.$final_hash;

// print out the calculated hash
echo base64_encode($finally_final_hash);
echo "\n";

// print out what C# says should work
echo base64_encode("\0\0\0\0\0\0f\0\0€\0\0\b\0\0\0\0\0\0H\0\0\0\0\0\0\0\0\0\0\0íxæˆoi—h]ÚÖQG\fa¼8­‰¢˜p®eäÂRŠÖ›ß{Ä—ŠýqJô/ävdB\fçÒ,æS4Œ§bÙw›ÙîÄ)©¶\vhIÁéôMº4X'\nüs"); 
echo "\n";

// print out what the answer SHOULD be in both cases
echo "HAAAAAEAAAADZgAABIAAAAgAAAAUAAAASAAAAAAAAAAAAAAA7XgT5ohvaZdoXdrWUUcMF2G8OK2JohyYcK5l5MJSitab33scxJeK/RQXcUr0L+R2ZA9CEAzn0izmUzSMp2LZdxSbHtnuxCmptgtoScHp9E26HjQVkA9YJxgK/HM=";

// define the function that makes the keys
function deriveKey($key, $magic) {
$hash1 = mhash(MHASH_SHA1,$magic,$key);
$hash2 = mhash(MHASH_SHA1,$hash1 . $magic,$key);
$hash3 = mhash(MHASH_SHA1,$hash1,$key);
$hash4 = mhash(MHASH_SHA1,$hash3 . $magic,$key);
return $hash2 . substr($hash4,0,4);
}
?>

 

Any help would be greatly appreciated, because it is really driving me crazy how it should work and it doesn't. Thank you :-)