CantrSpy Client-Server Communication Protocol, version 1.1.0

1. CantrSpy Client-Server Communication Protocol, version 1.1.0.
2.  
3.  
4. === Notes ===
5.  
6. * "Informal" BNF-style notation is used in this document to describe the protocol. Sequences of characters
7. enclosed in double quotes should be taken as literal values. All other text is either descriptive or symbolic.
8.  
9. * \n means the newline/linefeed character with decimal character reference 10.
10.  
11. * Responses received from the server may include trailing whitespace. This should be ingored.
12.  
13.  
14. === Protocol ===
15.  
16. All communication is initiated by the client in the form of a request, followed by a response from the server.
17. Requests are made using the HTTP GET method to a script residing on the server. The basic request format is:
18.  
19. REQUEST_URL ::= "https://cantr.net/app.getevents2.php?id=" PLAYER_ID "&" FURTHER_PARAMETERS "&ver=1.1.0."
20.  
21. Where PLAYER_ID is ID associated with the account for which details are being requested, and FURTHER_PARAMETERS
22. depends on the type of request. The version number is fixed for any particular version of the protocol. There are
23. two types of request:
24.  
25.  
26. (1) A public-key request, which should be made initially by the client at the beginning of a session (a session
27. typically lasting for as long as the application is active), for which:
28.  
29. FURTHER_PARAMETERS ::= "requestkey=1"
30.  
31. One of the following responses will be received from the server:
32.  
33. (a) RESPONSE_BODY ::= "ERROR Hacking attempt"
34.  
35. If incorrect parameters are supplied, or the user credentials are incorrect.
36.  
37. (b) RESPONSE_BODY ::= "ERROR Wrong version"
38.  
39. If the wrong protocol version is specified.
40.  
41. (d) RESPONSE_BODY ::= EXPONENT \n MODULUS \n MAXDIGITS
42.  
43. This should match the regular expression /^([\dA-F]+)\n([\dA-F]+)\n(\d+)$/, and the three parameters
44. correspond to a jCryptionKeyPair, to be used for subsequent encryption.
45.  
46.  
47. (2) A character list request, which can only be made once the public key is obtained, as part of it is encrypted,
48. for which:
49.  
50. FURTHER_PARAMETERS ::= "pass=" CIPHERTEXT
51.  
52. CIPHERTEXT should be the password corresponding to PLAYER_ID, encrypted using RSA in the same format as the
53. jCryption library, with the public-key received in the previous stage.
54.  
55. One of the following responses will be received from the server:
56.  
57. (a) RESPONSE_BODY ::= "ERROR Hacking attempt"
58.  
59. If incorrect parameters are supplied, or the user credentials are incorrect (so if this is received it is
60. best to assume that the wrong username/password was specified).
61.  
62. (b) RESPONSE_BODY ::= "ERROR Wrong version"
63.  
64. If the wrong protocol version is specified.
65.  
66. (c) RESPONSE_BODY ::= "BAD LOGIN"
67.  
68. If the user credentials are incorrect.
69.  
70. (d) RESPONSE_BODY ::= "GAME LOCKED"
71.  
72. If the game is locked, preventing a normal response.
73.  
74. (e) RESPONSE_BODY ::= "OK LIST" CHARACTER_LIST
75.  
76. Where:
77.  
78. CHARACTER_LIST ::= "" | ( \n CHARACTER_NAME CHARACTER_LIST )
79.  
80. Where CHARACTER_NAME is the name, as identified by the player, of a character with new events.
81.  
82.  
83. === Example ===
84.  
85. A typical exchange might go as follows:
86.  
87. GET /app.getevents2.php?id=83913&ver=1%2E1%2E0%2E&requestkey=1 HTTP/1.0
88.  
89. 10001
90. 96029d9b2c3e150a582af0012b7f0a95
91. 19
92.  
93. GET /app.getevents2.php?id=83913&ver=1%2E1%2E0%2E&pass=02a62f5f3281f89c7117b10b220e9a22 HTTP/1.0
94.  
95. BAD LOGIN
96.  
97. GET /app.getevents2.php?id=83913&ver=1%2E1%2E0%2E&pass=88968a4dac97fee3eb4a2f623599095c HTTP/1.0
98.  
99. OK LIST
100. Augustus De Morgan
101. Emmy Noether
102. Srinivasa Ramanujan