-----------------------------------------------------
Xfire authentication protocol
by xoclipse
xoclipse@cox.net
http://xoclipse.fraghosts.net
-----------------------------------------------------

-----------------------------------------------------
Introduction
-----------------------------------------------------
Xfire uses the SHA1 algorithm. SHA1 will produce a 40 character hex string. The server 
sends you a "salt" to use to hash with your SHA1'd password/user string. This makes it so 
the reuslt is always different, due to the random salt.

-----------------------------------------------------
Creating the correct response
-----------------------------------------------------
After you send the welcome message, and your verison information, you will receive the 
salt. This is a random 40 character hex string. You can just filter it out of that packet, I'm 
going to write a more complete document on the actual packet protocol which Xfire uses.

The first thing we are going to do is create a SHA1 digest of the following string. This is 
what I use in my example C application.

#define password_string "%s%sUltimateArena"

The first "%s" is the username, and the second is the placeholder for the password. For 
example, if you username was xoclipse, and your password was test, the string would be:

"xoclipsetestUltimateArena"

So once you SHA1 that string, you should get: 
e08f57b6d21ada3f14e1c23eed3388eb8742f351

Now we are going to SHA1 another string, the following is what I use in my C 
application.

#define salt_string "%s%s"

The first "%s" is the string we just SHA1'd(usernamepasswordUltimateArena), and the 
second %s is the placeholder for the salt that the server sent. So if the server sent us the 
salt "d566d28002493b5efa8a3d61de037f01ee210412", then our string we are going to 
SHA1 is:

"e08f57b6d21ada3f14e1c23eed3388eb8742f351d566d28002493b5efa8a3d61de037f01ee
210412"

That SHA1 will produce a 40 character hex string, which we will put into our login 
packet.

-----------------------------------------------------
Conclusion
-----------------------------------------------------

So basically, creating the correct response string, requires 3 paramaters - username, 
password, and the salt. I've written up a header file that you can use to create the right 
string. The prototype for the function is as follows:

char *xfire_encrypt(char *username, char *password, char *salt)

if your username was xoclipse, password was test, and salt was 
d566d28002493b5efa8a3d61de037f01ee210412, then you would do something like:

char *response = xfire_encrypt("xoclipse", "test", 
"d566d28002493b5efa8a3d61de037f01ee210412"); 

That would return the correct string to put in the login packet.

Header file and SHA1 link: http://www.fraghosts.net/stuff/research/Xfire/xfire.zip