Version 23 (modified by Bryan Drewery, 3 years ago) (diff)

Reverted to version 17.

Auth System

The AuthSystem is a system for securely logging into a botnet or for securely opping. The point is to prevent sending a cleartext password over the line which could be sniffed and re-used later. This protocol defines a way to login/op in such a way that the data sent is always different, and hence is not able to be re-used later by an attacker.


This is the concept of the auth system. The hash is always different.
Only chatbots will accept dcc/msg authing/cmds.

Authing for DCC:

[bot] password?
[you] yourpass
[bot] -Auth i/P"R2*Go1)Cij8$-1tvT&5-8d36/bA3(E.1tHl+s4#2FqNpxg botnick

Now, at this point, you need to know your SECPASS from the bot and the AUTHKEY.
These can be obtained by asking your admin.
Then you would MD5 the three elements together:
  1. i/P"R2*Go1)Cij8$-1tvT&5-8d36/bA3(E.1tHl+s4#2FqNpxg

MD5: i/P"R2*Go1)Cij8$-1tvT&5-8d36/bA3(E.1tHl+s4#2FqNpxgSECPASSAUTHKEY
The hash comes out to be: 8f783879950efd3e71b7de188ebfa1ad
You then paste this back to the bot like so:

[you] +Auth 8f783879950efd3e71b7de188ebfa1ad

If you used the correct SECPASS and AUTHKEY, then it will grant you access.

Authing over IRC is much similar:

/msg bot auth?
[bot] auth. botnick [if the bot responds with "auth!" then your host is not added, this will be used in the future.]
[you] auth yourpass
[bot] -Auth i/P"R2*Go1)Cij8$-1tvT&5-8d36/bA3(E.1tHl+s4#2FqNpxg botnick
From here, the hash is made as described earlier
[you] +Auth 8f783879950efd3e71b7de188ebfa1ad
[bot] -notice- You are now authorized for cmds, see +help

You remain authorized for the following commands until you haven't used a cmd for 60 minutes or when the bot reconnects.

MSG/CHAN cmds (as of version 1.0.10 9/25/03):
[you] +help
[bot] op invite getkey voice channels test
Usage for cmds:

+op/+voice can be used in both channels and msgs.

+voice is same syntax as +op.

In msg:

  • +op #chan: Will op you in #chan if you are not already opped.
  • +op: Will op you in all chans you are not already opped in.
  • +op -f: Will op you in all channels, even if you are already opped.
  • +op -f #chan: Will op you in #chan even if you are already opped.

In chan:

  • +op: Will op you in the chan if you are not already opped.
  • +op -f: Will op you in the channel even if you are already opped.

+invite is msg only.
  • +invite: Will invite you to all +i channels you are not already on.
  • +invite #chan: Will invite you to #chan if you are not in there and it is +i.
  • +invite -f: Will invite you to all channels.
  • +invite -f #chan: Will invite you to #chan even if you are already there.

+getkey is msg only.
  • +getkey #chan: Will notice you the key for #chan if there is a key set.

+channels works in both msg and channel

  • +channels: Lists all channels you have op access to.

Now that you have read all of that you deserve some scripts ;)

Type /helpauth in these for further instructions.
  • mIRC tar.gz 5.80 and up
  • BitchX/ircii tar.gz
  • irssi/perl tar.gz
  • X-chat/perl (I have an unfinished one if you want it, it doesn't work though)

Any script without a link is in progress, expect it shortly.
Seeing how the script SHOULD operate, maybe you could write one yourself for your client? ;) [make sure to send it to me so I can post here]

Until then, use this to generate the hashes (Compilable md5 executable for *nix)