Search code examples
telegrammtproto

Parsing decrypted encrypted_data in Telegram

I am trying to implement receiving/sending messages via Secret chat in Telegram (~something like own client), but encountered some problems while interpreting decrypted data. I've read the schema, but can't match it with my data.

To be more concrete: I received a message (sent from the official client) with word "Test12", the decoded result (in hex) was:

3C0000008917E31B0FF1C770B657C36AF705BDACA4BE2C0B2E0000000100000062000000DE91B0360000000038507C7CD5FA6F7C00 00000006 546573743132 00

We can find here the whole message starting from 57 byte (bold), and (if I'm not mistaken) the length (italic). But how can I match other bytes? It is said in schema that message should start from 8 (salt) + 8 (session_id) + 8 (message_id) + 4 (seq_no) + 4 (message_data_length) = 32 byte, not from 57 byte.

Moreover when I try to send longer message (more than ~256 bytes), the "message text" is starting from 60 byte and length is also encoded a little bit strange: FE000400 for 1024-byte message and FE000200 for 512-bytes (what does FE mean?).

So, can anyone please give me a schema or a clue of what I'm doing wrong?

Solution

  • Ok, it seems that I managed to decode most of the message. May be it would be useful for some one:

    3C000000 Number of "valuable" bytes (not including padding with random bytes at the end if they are needed)

    8917E31B (== 467867529), code of decryptedMessageLayer (layer 17)

    0FF1C770B657C36AF705BDACA4BE2C0B serialized random bytes array (should consist of minimum of 15 bytes), OF = 15 - current quantity

    2E000000 seems to be the number of a minimum layer

    01000000 in_seq_no, (1 - 1) / 2 = 0 messages received, see Sequence numbers

    62000000 out_seq_no, 62 / 2 = 49 messages sended, see Sequence numbers (message sender didn't start that chat)

    DE91B036 code of decryptedMessage#36b091de

    00000000 don't know

    38507C7CD5FA6F7C seems to be randomId (may be should be the same as the message is transferred with?)

    00000000 don't really know, may be it is ttl

    0654657374313200 serialized string: first two bytes (06) mean length. If there are more than 254, DE(=254) is placed instead and length can be found from next 3 bytes (starting from 60 position in my 'mentioned' case). String bytes follow than (mean Test12) and are padded with 0-3 null bytes (00).

    After that the result is padded with random bytes (0-15) to make full 16-byted block.