Security of Instant Messengers

Comments

Transcription

Security of Instant Messengers
Coventry University
Faculty of Engineering and Computing
Security of Instant Messengers
Author:
Juraj Sasko
Student ID:
1649329
Course Title:
BEng (Hons.) European Engineering Studies
Module:
393CS Computing Project (Double)
Supervisor:
Kuo-Ming Chao, PhD
Second Assessor: Nazaraf Shah
Date:
2007
Copyright Declaration
Declaration of Originality
This project is all my own work and has not been copied in part or in whole
from any other source except where duly acknowledged. As such, all use of
previously published work (from books, journals, magazines, internet, etc) has
been acknowledged within the main report to an item in the References or
Bibliography lists.
I also agree that an electronic copy of this project may be stored and used
for the purposes of plagiarism prevention and detection.
Copyright Acknowledgement
I acknowledge that the copyright of this project and report belongs to
Coventry University.
Signed:
Date:
Office Stamp
Security of Instant Messengers Page 2 Acknowledgements
First of all I would like to thank my parents and close family for everything. I
thank them for being here as well as working on this project.
I wish to thank my supervisor, Kuo-Ming Chao for his help and guidance
throughout this project.
Special thanks to my friend, Kamil Baczkowicz for his time and support.
Security of Instant Messengers Page 3 Abstract
The purpose of this project is to show instant messaging users all main
vulnerabilities of instant messaging and help them to protect their instant
communication against potential eavesdroppers.
This project gives just a short overview on the most used instant messaging
clients with brief description of their protocols. The pattern of the main part of this
project involves introduction to the certain instant messaging vulnerabilities and
security issues with demonstration how easy is to eavesdrop the conversation
between two clients as far as all necessary security actions are not ensured.
Consequently the following chapters determine all possibilities to ensure the
secure instant messaging communication. One way is to use a personal firewall
and hence certain part of this project implies the firewall usage with the aim to
secure instant messaging.
Ordinary IM user is not very familiar with VPN tunnels and similar hardware
firewalls therefore this solution is just outlined.
Certainly very useful and the most accessible way for the home users are
software applications, plugins and utilities for IM clients. Several IM clients are
based on plugins, whereby they offer to the user flexible and changeable
interface. The most famous multi messenger is Miranda IM with wide range of
plugins also for security and privacy. The aim of this part is to develop a new
plugin and to show, how security plugin works, what are his vulnerabilities, gain
some improvements and updates towards to better security such as password
encryption and its secure removing in comparison with other plugins. Finally I
would like to prove and demonstrate why this new plugin is good and secure.
Security of Instant Messengers Page 4 Table of Contents
Copyright Declaration …………………………………………………….
Acknowledgements ……………………………………………………….
Abstract …………………………………………………………………….
List of Figures ……………………………………………………………..
1 Introduction ………………………………………………………………
1.1 Project Choice …………………………………………………….
1.2 Project Background ……………………………………………....
1.3 Project Statement …………………………………………………
1.4 Objectives and Benefits………………………………………….
2
3
4
7
9
10
10
10
11
2
Literary Review …………………………………………………………
2.1 Purpose of the Literary Review ………………………………….
2.2 The Topical Focus of the Project ……………………………….
2.3 History of instant messaging ……………………………………
2.4 Most Used IM and Their Protocols ……………………………..
2.5 Multi-messengers …………………………………………………
12
13
14
15
16
19
3
Security of Instant Messaging ………………………………………. 20
3.1 Security Issues …………………………………………………… 20
3.2 Monitoring by Wireshark ………………………………………… 22
4
Security via Firewalls …………………………………………………. 26
4.1 ARP Poisoning …………………………………………………… 26
4.2 How to Secure IM against ARP Poisoning using Firewall …… 27
5
VPN Tunnel and its Principle ………………………………………… 31
5.1 How to Secure IM using VPN …………………………………… 31
6
How to Secure IM using Jabber …………………………………….. 34
7
Security via Software Applications and Plugins …………………… 36
7.1 How to Secure IM using Software Utilities ……………………. 36
8
Miranda IM Plugin …………………………………………………….. 42
8.1 Miranda IM Core …………………………………………………. 42
8.2 Internal Modules ………………………………………………….. 44
8.3 External Modules …………………………………………………. 45
8.4 MSN Authorization Plugin - Version 0.1 ……………………….. 47
8.5 Basic Plugin Structure …………………………………………… 48
8.6 Security Elements in the Plugin ………………………………… 49
8.6.1 Password Encryption Algorithm …………………………. 49
8.6.2 Password Storing Mechanism …………………………… 51
8.7 Plugin Functions ………………………………………………….. 53
8.8 Plugin testing ……………………………………………………… 55
Security of Instant Messengers Page 5 8.8.1 Password Storing …………………………………………. 55
8.8.2 Password Strength ………………………………………… 56
9
Conclusion …………………………………………………………….. 61
10 References ……………………………………………………………. 63
Appendices
A
Time Scales……………………………………………………….. 66
B
Constraints ………………………………………………………… 66
C
Source Code- MSN Authorization Plugin - version 0.1 ………. 67
Security of Instant Messengers Page 6 List of Figures
Figure 1: Internet Users ………………………………………………………… 9
Figure 2.1: Client- Server instant messaging ………………………………..
Figure 2.2: Peer-to-peer instant messaging …………………………………
Figure 2.3: The most used IM …………………………………………………
Figure 2.4: Supported Protocol and its security features …………………..
Figure 2.5: Instant messaging protocols ……………………………………..
Figure 2.6: General Information ……………………………………………….
Figure 2.7: Supported Protocol ……………………………………………….
12
13
17
18
18
19
19
Figure 3.1: ICQ number caught by Wireshark ……………………………….
Figure 3.2: Sniffed ICQ communication by Wireshark ……………………..
Figure 3.3: Log on packet caught by Wireshark …………………………….
Figure 3.4: Sniffed AOL communication by Wireshark ……………………..
23
24
25
25
Figure 4.1: List of all computers in Cain ……………………………………..
Figure 4.2: Sniffed packets without ARP protection ………………………..
Figure 4.3: Sniffed ICQ password without ARP protection ………………..
Figure 4.4: Sniffed packets with ARP protection ……………………………
Figure 4.5: Sniffed ICQ password with ARP protection …………………....
28
28
29
29
30
Figure 5.1: Hamachi VPN client ……………………………………………....
Figure 5.2: Hamachi chat window …………………………………………….
Figure 5.3: Hamachi connection ……………………………………………...
Figure 5.4: Sniffed packets …………………………………………………….
32
32
32
33
Figure 6.1: TIMP.NET console ……………………………………………….. 35
Figure 6.2: Miranda IM options ………………………………………………. 35
Figure 7.1: IMSecure Pro window …………………………………………….
Figure 7.2: Captured communication without IMSecure Pro …………….. .
Figure 7.3: Captured communication with IMSecure Pro ………………….
Figure 7.4: Captured communication with IMSecure Pro 2 ………………..
Figure 7.5: Unencrypted connection report ………………………………….
Figure 7.6: Capture communication without SimpLite ……………………..
Figure 7.7: Encrypted communication report …………………………….....
Figure 7.8: Encrypted communication report 2 ……………………………..
Figure 7.9: Capture communication with SimpLite …………………………
Figure 7.10: Parameters window ……………………………………………..
36
37
38
38
39
39
40
40
40
41
Figure 8.1: Hook chain …………………………………………………………
Figure 8.2: Miranda IM structure ……………………………………………..
Figure 8.3: Main window for MSN Authorization Plugin ……………………
Figure 8.4: Detected password without plugin ………………………………
43
45
47
55
Security of Instant Messengers Page 7 Figure 8.5: Detected password with plugin ……………………………….. ..
Figure 8.6: List of external procedures ………………………………………
Figure 8.7: List of constants …………………………………………………..
Figure 8.8: Assembly code ……………………………………………………
56
57
57
58
Security of Instant Messengers Page 8 1
Introduction
Nowadays we live in 21.century. It has been the age of information since mid
1900’s. And that is the main point of this age- information. We need them and
use them everywhere, produce them and send them forward. Our lives are totally
related with information and if we want or not, we became the part of an
information age.
Communication is the only way how to send or receive information. The
information age brought new human needs as like media of communication to
deal with information. Before internet age, which started in 1970’s (for
commercial use since August 6th, 1991), many other options for the
communication had been available e.g. telegraph, radio, television and
newspapers. Since the internet has become popular and reachable around the
world, our communication is
faster and sometimes more
Internet Users by World Region in
secure as well.
Millions
People can meet each other
Middle
East, 19,
on internet, have fun, study and
Africa,
2% Australia/
obtain new knowledge, do their
33, 3%
research or even run their
Oceania,
Latin
business. Internet brought new
19, 2%
America,
vacations and profession of
89, 8%
Asia,
many people is related with it.
389, 35%
North
New branches of business
America,
were found like E-commerce or
Europe,
232, 21%
M-commerce.
313, 29%
Bill Clinton (inaugurated Jan
20 1993) said: “When I took
Figure 1: Internet Users
office, only high energy
physicists had ever heard of
what is called the World Wide
Web… Now even my cat has its own page.” This citation just illustrates how fast
internet is being spread about and how it has affected our life.
The population of UK is about 60.44 million. More than 50% of them are
internet users and about 22.79 million people are active users (go online at least
once a month). The stats say that from 6.5 billion people population on the Earth
are 1.086 billion internet users, which is 16.7% of world’s population. This
number is still growing up rapidly and represents a huge potential for the future.
The easiest way how to contact someone on internet was write him email. It is
no more, because there is something which is called instant messaging.
Basically the function and aim of it is the same like email, but user can receive
Security of Instant Messengers Page 9 answer in a few second right on the screen when his contact is online. This
makes communication much easier and faster. Almost all of current instant
messengers are available on internet for free even Windows Life Messenger is
already installed in Windows, furthermore all you need to do is register and get
your account. If you did so then welcome in instant messaging world!
1.1
Project Choice
Security and privacy have to be ensured every time and everywhere. Thence
the topic of secure instant messaging is a challenge for me to prove the ability
being an active IM user.
The reasons for choosing this project are:
1.2
•
Millions of people use instant messengers without being aware of all
risks in a virtual world.
•
I wanted to learn more about security solutions focused on IM clients
as I use them every day for working as well as for private
communication
•
Internet provides too many various products, applications and utilities
developed for security purposes, hence people need to know
differences, usability and benefits of choosing one particular product.
Project Background
Online security has to be the priority number one either for website
developers or for internet users. In this area also involved in instant messaging
as the most popular way of online communication. Internet and books contain
various information about IM security and privacy that are focused on particular
issues. The Multimedia Technology module (327EE) and the Principles of
Computer Networks module (320CS) at Coventry University teach the basics
from internet security, but none of them has even scratched the surface of the
issues for the IM communication.
1.3 Project Statement
As I mentioned above, the internet and books contain various information
about security and privacy for IM, but one would spend a very long time to collect
and assemble all requisites. What is more, the average internet and IM user does
not know about all internet vulnerabilities and actions he can take to protect
himself.
Security of Instant Messengers Page 10 This final year project is instruction for everyone who does not feel safe in the
IM world and demands direct solutions always available on internet. Either
firewall, VPN client, software application or new security plugin are openly
available on internet and ready to be used and help to ameliorate the security
aspect.
1.4
Objectives and Benefits
•
The usage of firewall will be optimized to provide higher security
performance for IM communication.
•
VPN tunnel as a very secure connection can be finally used for IM as
well.
•
The time of running our own IM server has come and Jabber protocol
allows everybody to do so, of course, in order to ensure the highest IM
security.
•
People usually do not know about software applications that can help
them to secure their instant messaging. Some of them are very
powerful and check off the vulnerability of IM conversation.
•
The new security plugin for Miranda IM will solve the problem with
stored password on a computer and will turn the USB flash drive into
an authorization key for MSN account. This involves also the
potentially strong encoding algorithm.
Security of Instant Messengers Page 11 2 Literary Review
The aim of this chapter is to introduce all the background knowledge required
to obtain and all research required to undertake for this final year project. The
main source of all information was internet as the University library and books
shops do not offer books and magazines focused on this topic.
The principle of instant messaging transmit is based on IM Clients and IM
Server. There are two basic ways how the communication can be obtained.
The Client- Server instant messaging is centralized system with IM Server
providing all necessary functions and services for instant messaging. Client has
to log in and verifies its identification with IM Server and the all communication
between two or more IM Clients is ensured by IM Server as well. Therefore this
type of instant messaging is not so secure, because all data have to be sent
outside of the local network are fully visible for eavesdroppers.
IM Server
1.
2.
1
Internet
Messaging is first sent to IM server
IM server sends messaging to
intended recipient (IM Client 2)
2
IM Client 2
IM Client
Figure 2.1: Client- Server instant messaging
The second way is more secure and reliable. The communication between IM
Client and IM Server is established at the beginning while logging in and getting
the information about other IM Clients in the network. The peer-to-peer
communication carried out between two IM Clients. However, the security risk
grows up and is the same like in Client-Server model, if these IM Clients are not
on the same local area network. Consequently the data have to be transmitted
through the internet.
Security of Instant Messengers Page 12 IM Server
1.
2.
3.
2
1
Find IM Client 2
IM Client 2 is at 11.44.32.48
Communication with IM Client 2
Internet
3
IM Client
IM Client 2
Figure 2.2: Peer-to-peer instant messaging
Different types of security actions can be undertaken depending on a type of
a network and on which aim we want to use IM. The very common ones are
software applications which are easy to use and configure, suitable especially for
home users. Corporation users would appreciate either firewall or VPN client
solutions.
The Miranda IM plugin system is intended for all users offering many various
types of security and privacy improvements. The most common are message
encrypting algorithms, spam control system and history and database sharing
systems. The Miranda IM website currently offers 28 different security and
privacy plugins.
2.1
Purpose of the Literary Review
The level of understanding and interpretation of all obtained knowledge and
skills is the main factor which will affect the final success of the project. The
following topic areas were determined as the key components within the project
topic.
•
Introduction to instant messaging and clients- it was necessary to have
knowledge of instant messaging, the functions and features built in as
well as the principles of its working.
•
Introduction to security of instant messaging- it was essential to get
knowledge of security and its issues in general. Consequently I had to
understand and implement these security issues into instant
messaging scope and determine the basic vulnerabilities of the IM
system.
•
Possibilities to secure the IM communication- I have used various
software applications because I was able to demonstrate the
Security of Instant Messengers Page 13 defections in IM communication and the improvements in security after
each step.
•
2.2
IM security via software (Miranda IM plugin and its developing) - it is
basically an introduction of Miranda IM plugin. The programming part
is supposed to develop a new plug-in with two main security elements
and then shows, why the new plugin is good and how it obtains the
necessary security level. Initially I had to determine the structure of the
Miranda IM plugin and the functions required for each part. Obtaining
new skills in C programming language was essential.
The Topical Focus of the Project
The two main topics of this project are security issues of IM and the possible
solution of these problems. Therefore it is necessary to determine the main IM
vulnerabilities which are:
• Eavesdropping
• Account hijacking
• Data access and modification
• Worms and blended threats
The possible solutions for vulnerability mentioned above are:
• Firewalls
• VPN client
• Jabber server
• Software applications
• Plugins
Security of Instant Messengers Page 14 2.3
History of Instant Messaging
Internet for public use has been available for 15 years; however, the history of
instant messaging is much longer.
In the early 1970’s PLATO system was used in private computer networks.
This was the first messaging system ever with contact list and ability to send
message. Later the Unix/Linux talk messaging system was widely used by
engineers to communicate together on internet, it was quite a long period, 1980’s
and 1990’s.
Zephyr was the first graphical client for instant messaging developed in 1987
by Project Athena, which was a joint project of MIT, Digital Equipment
Corporation and IBM. In November 1996 was introduced ICQ instant messenger
developed by Mirabilis, the Israeli company founded by Israeli students Arik Vardi,
Yair Goldfinger, Sefi Vigiser and Amnon Amir in the same year. AOL LLC
(America Online, Inc) is an online service provider, bulletin board system, and
media company which is now operated by Time Warner, which had in the begin
of ICQ messenger already 6 million users of their messenger. However ICQ
became very popular in a short time and it was a big threat for AOL therefore
AOL within 2 years acquired ICQ, in June 1998 for 287 million dollars.
The age of instant messaging began. Many other instant messengers
appeared such like MSN, Yahoo (June 21, 1999) or QQ (February 1999). Each
of them has had own protocol. More secure solution for instant messaging was
introduced by IBM/ (Lotus Sametime). The big range of instant messengers
claimed for multiprotocol messenger clients to reduce the number of clients
running on one computer. The very first were Gaim (November 1998) or Licq
(June 22, 1998) and the most famous nowadays are Trillian (July 1, 2001) and
Miranda IM (February 6, 2000).
On December 19, 2002 ICQ was issued a United States Patent for instant
messaging and AOL Time Warner obtained a service mark for “instant
messenger” in United States.
Recently new features which modern instant messengers provide have
increased and they are not used only for writing messages any more, but you
can use features like audio/video conferencing, voice over IP (VoIP)
conferencing and web conferencing. Desktop sharing, IP radio, and IPTV to the
voice and video features have been integrated into the newest instant
messengers.
Security of Instant Messengers Page 15 2.4
Most Used IM and Their Protocols
ICQ
ICQ is the most famous and most used instant messenger ever. Nowadays
ICQ has 20 million active users worldwide and more than 400 million users from
245 countries.
The ICQ Protocol was developed by Mirabilis or if you like ICQ inc. in
November 1996. ICQ messenger is not open-source program that is why there is
not official information about ICQ Protocol.
Oscar stands for Open System for CommunicAtion in Realtime. ICQ and AIM
are currently two instant messengers using this protocol.
Nowadays is the best source code Libicq2000, obtained by sniffers and
reverse-engineering after ICQ and AIM network communication analysis.
AIM
AOL instant messenger (AIM) is very popular IM as well. It was released by
AOL in May of 1997 and it shares the Oscar protocol with ICQ and the TOC
protocol was developed for version AIM express. TOC protocol is an open source
and AOL has been just trying to keep the developers of third party messengers
out of the Oscar protocol. It is no more supported by AOL since August 2005 and
the TOC2 Protocol appeared.
The completely new version released by AOL is AIM Triton, which has many
popular features of third party plug-ins. This new version of AOL messengers
brings the challenge for developers, because AIM Triton is opened up for new
plug-ins and custom versions of clients for Windows, Macintosh and Linux.
AIM is not the messenger with a great security. Many security issues have
appeared during its existence, some of them are harmless and just annoying,
others collect the IP addresses and send viruses over a direct connection. Thus
a lot of security add-ons have been designed by third party developers.
TOC2 Protocol is an updated version of TOC Protocol. TOC2 is an ASCII
protocol without certain features of Oscar protocol and it operates as a wrapper
for Oscar.
Windows Live Messenger
Windows Live Messenger is better known as MSN, because previous
versions were called just Windows Messenger. It is a part of Windows Live
Security of Instant Messengers Page 16 services online. The very first version was released on July 22, 1999 by Microsoft,
which fell asleep the instant messaging start.
Windows Live Messenger is based on the Mobile Status Notification Protocol
(MSNP). The client connects to the .NET online service (offered on port 1863 of
messenger.hotmail.com) uses SSL at begin. No password check is done on this
phase because the client is redirected to the login server. Then the .NET
passport (login and password pair) verification is done in two following steps.
First an HTTPS GET request to nexus.passport.com reads the hostname and
port of the next server which does the authentication (another HTTPS GET
request). After authorization the client operates on the main TCP/IP connection
until there is the request to begin a conversation. Then the both clients open
another connection to their server.
Skype
Skype is the most common peer-to-peer Voice over IP client with more than 8
million online users in spite of the fact that Skype was founded just in 2003. The
creators are Niklas Zennström and Janus Friis who are founders also of the peerto-peer client Kazaa.
The Skype protocol has nothing to do with common open VoIP protocols
such as SIP, IAX, or H.323. A Skype global network has three main entities:
supernodes, ordinary nodes and the login server. The principle of the network is
host cache, which is the list of reachable nodes for each client. It contains IP
address and port number of supernodes. All communication is encrypted by RC4
(also known as ARC4 or ARCFOUR).
Supernodes relay communications to other clients behind a firewall. Any
Skype client can become a supernode if it has good bandwidth, no firewall, and
a good CPU. Supernodes are grouped into slots (9-10 supernodes). Slots are
grouped into blocks (8 slots).
The communication within Skype network appears to be secure, because
Skype uses modern encryption techniques and the actual encryption algorithms
are coded correctly within the software.
Instant Messenger
Active users
(peak users)
(million)
Total users
(million)
ICQ
AIM
20
63
400
195
Windows Live
Messenger
Skype
29
155
8
100
Security of Instant Messengers Date
9 June 2006*
May 2006/January
2003**
August 2005/ April
2005***
August 2006/ April
2006***
Page 17 20
QQ
62.5
14 July 2006/ 22
December 2006****
Figure 2.3: The most used IM
NOTES:
Wikipedia.org, icq.com
Aim.com, Wikipedia.org
Wikipedia.org
This is a recent report from CNNIC
Skype
QQ
8
9
8
8
8
8
8
8
8
8
8
8
9
MD5
8
8
8
9
8
8
8
8
8
8
9
8
8
XOR
8
8
8
8
Figure 2.4: Supported Protocol and its security features
8
9
8
8
MSNP
Microsoft
Oscar
AOL
TOC2
AOL
Skype
Skype
Identity
Creator
July
1999
1997
P*
E-mail address
(.NET Passport)
Username or
UIN
e.g. 12345678
Sep
2005
P
P
Username or
UIN
e.g. 12345678
Username
SPIM protection
9
8
8
8
One (many)-tomany routing
XOR
MD5
MD5
MD5
Bulletins to all
contacts
8
8
9
8
Windows
Live
Messenger
8
8
9
9
9
8
98
**
8
8
8
9
9
8
8
8
9
9
8
8
8
8
8
8
8
8
9
Figure 2.5: Instant messaging protocols
P
Unlimited amount
of contacts
AIM
Transport Layer
Security
ICQ
Asynchronous
message relaying
Password
Cryptography
License
ICQ Oscar
AOL Oscar
MSNP
Yahoo!
Messenger
Skype
QQ
TOC2
Others
SSL
First public
release date
*
**
***
****
NOTES:
*
Proprietary
**
Only for certified robots
Security of Instant Messengers Page 18 2.5
Multi-messengers
Miranda IM
Miranda IM is a multi protocol instant messenger client for Windows
distributed under GNL- General Public License. It is better to use Miranda IM
even if you don’t need to use more than one protocol at once, because it uses
very little memory and is extremely fast. It does not require the installation and
can be stored very easy e.g. on a USB flash drive. The version you may
download from the web provides just the basic functions. However, there are
more than 350 free plugins available to download, which make Miranda IM very
powerful and flexible instant messenger. The current version is Miranda IM 0.6,
which source code is available on its website.
Author /
Creator
First public Latest stable
release
version
date
Software
license
Trillian
Gaim
Cerulean Studios
Mark Spencer
3.1
1.5.0 (August 12, 2005)
Proprietary
GPL
Miranda IM
Miranda IM
project
July 1, 2000
November,
1998
February 6,
2000
0.5.1
GPL
Figure 2.6: General Information
Oscar
MSNP
Yahoo! Messenger
IRC
XMPP
Bonjour
Novell GroupWise
Lotus Sametime
Gadu-Gadu
Skype
QQ
Others
Trillian
9
9
9
9
8
8
8
8
8
8
8
8
Gaim
9
9
9
9
9
9*
9
9
9
8
9
SILC,
Zephyr,
XFire,
OTR
Miranda IM
9
9
9
9
9
9*
8
9
9
9***
9
Tlen, LAN ,
Chat**
Figure 2.7: Supported Protocol
NOTES:
*
**
Probably text-based messaging only
LAN and chat protocols supported for Miranda include NetSend, WinPopup,
Novell Netware NCP, BattleNet, Vypress Chat, Quick Chat, and Walla Chat
Security of Instant Messengers Page 19 ***
3
Requires Skype to be installed
Security of Instant Messaging
3.1
Security Issues
File transfer is very sensitive especially for instant messaging. One thing is
that file transfer is executed in peer-to-peer model and therefore it should be
more secure, but on the other hand the data are not encrypted in the major
instant messaging systems and flow over the internet available for
eavesdroppers.
Another security risk ensues from certain advanced features, which some IM
provides to their clients. For example ICQ contains a mini-web server, which
allows user to run his own website directly from the desktop of his computer. As
with any Web-enabled software feature, such functionality creates the security
risk that the site could be hacked to break into a system.
Instant messaging vulnerabilities and exploits
Internet provides so many various ways how to communicate or exchange
the data, but we must be aware of malicious attacks on vulnerable parts of our
communication. Common instant messaging systems have also a lot of
vulnerabilities and various types of attacks that can exploit them.
The easiest solution to protect network traffic including IM conversations is
using protocols using SSL. This may eliminate the danger of communication
sniffing. But SSL is not absolutely secure either, for it’s vulnerable to attacks of
the man-in-the-middle kind, especially if there is some lack of an appropriate PKI
(public key infrastructure).
Here are the most significant vulnerabilities:
Eavesdropping
Despite the fact that many instant messaging systems encrypt their network
traffic, sometimes it is not so difficult for eavesdroppers to monitor the
conversation between two or more IM Clients using some packet sniffers or
similar software. As was already mentioned, this risk holds true for both clientserver and peer-to-peer models.
Account hijacking
Security of Instant Messengers Page 20 Many instant messaging systems are very vulnerable and allow the hijackers
to attack client’s personal accounts and impersonate that user in conversation
with the others.
Some instant messaging systems store user’s passwords in data files on his
computer. These passwords are mostly encrypted, but there are some IMs,
which password data files are fully visible. For some hackers it does not mean
a problem to hack and break such as encryption system.
Data access and modification
As many internet-enable software applications also instant messengers
might have some bugs that can be the way for hackers how to attack user’s
computer. There are many advanced features in instant messengers and
possibility that some unsecure bug can appear is quite high. The attackers could
gain an access to the user’s computer and obtain all private data, grab
passwords or install viruses from there.
Worms and blended threats
Instant messaging systems as well as emails are an ideal technology for
spreading worms and blended threats.
At the same moment millions and millions users are online and each user
has the list of his contacts. Thus the instant messaging technology is vulnerable
and the worms and other viruses can spread over the internet and attack millions
of users in a very short time. Recently some of the instant messaging systems
are programmable and scriptable, which could help to malicious programs
develop the mechanism by which to spread easy and fast over the internet.
Blended threats and computer worms can spread through instant messaging
systems in two ways: Either by leveraging IM scripting or by exploiting a buffer
overflow or other vulnerability in an instant messaging system.
Scripting instant messaging threats
Instant messenger systems provides scripting capabilities that let other
programs such as Visual Basic or JavaScript control the IM software and change
the code. In some way it could be use to create the malicious IM client, which is
able to distribute itself using contact list or same database of users over the
internet into other clients computers. The principle is the same like for example
malicious worm in emails called LoveLetter expanded in the past.
The worst thing is that sometimes the client even does not know that he is
infected and the worm is being distributed along from his computer. The worm
Security of Instant Messengers Page 21 sends usually the copy of itself in the form of a script file to the other members of
a chat room.
Instant messaging threats that exploit vulnerabilities
The serious threat of exploiting vulnerabilities is that it can happen in a very
short time and the effects is very high. It is even worse than in the case of emails,
when the worms are able to infect several hundred thousand servers in a few
hours.
Instant messaging server vulnerabilities
The vulnerability is also very important to consider, because the IM systems
are based mostly on servers that store all vulnerable data, encrypting methods
and realize the communication between clients.
If some attackers obtained the access to IM server, they would very easy
with minimum effort eavesdrop all conversation in the network, spread the
malicious threats over the network or decrypt the passwords, which allows him to
gain the access to the contents of every transmission.
3.2
Monitoring by Wireshark
ICQ Oscar
Password: project
Name: project393CS
Number: 448224250
The ICQ Oscar protocol has many vulnerabilities and it is quite simple to sniff
it and get some important information e.g. IP address, ICQ number, password
and the communication by itself.
First of all we have to set up the filter to sniff only communication between
ICQ Client and its server, in our case is TCP port 5190 therefore the filter in the
Wireshark is set up with command tcp port 5190. Now we can easily catch the
ICQ number, which is 448 224 250, while the user is being logged in (shown on
Figure 3.1).
Security of Instant Messengers Page 22 Figure 3.1: ICQ number caught by Wireshark
ICQ passwords are transmitted as xored strings, thus it is very easy to find its
position in captured HEX string of login packet. My password for this example is
project1, which means 8 characters. The encoded password starts at the fourth
byte after the end of the ICQ number string. In my case it is 83 54 ee ae 5c e5 af
a3. As we know the original password and xor is a reversible operation (e. g. a
xor b=c means that c xor b=a), we can get the string used for encoding by simple
C script:
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
//--- hex to dec --char xtod(char c) {
if (c>='0' && c<='9') return c-'0';
if (c>='A' && c<='F') return c-'A'+10;
if (c>='a' && c<='f') return c-'a'+10;
return c=0;
// not Hex digit
}
int main(int argc, char *argv[])
{
char * pass_orig = "project1";
char * pass_xored = "8354eeae5ce5afa3";
//--- create array in the memory for new password --unsigned char * x = malloc(strlen(pass_xored));
int i, ix;
char hex;
for (i=ix=0; i<strlen(pass_xored); i+=2, ix++)
{
//--- every 2 characters are converted to decimal value
Security of Instant Messengers Page 23 hex = xtod(pass_xored[i]) * 16 + xtod(pass_xored[i+1]);
//--- and xored with original password --x[ix] = hex ^ pass_orig[ix];
}
//--- setting the end of the 'x' string
x[ix] = 0;
//--- printing to output --for (i=0; i<ix; i++)
{
printf("%x", x[i]);
}
printf("\n");
}
Sniffing of the communication is simple as well. On the Figure 3.2 is shown
the destination ICQ number “218 781 571” and the instant message “Hello!” in
ASCII string.
Figure 3.2: Sniffed ICQ communication by Wireshark
Sniffing peer-to-peer ICQ connections is complicated due to the fact that
a random port is used for each session. When establishing a connection to the
server, the client reports a port number it is going to use for peer-to-peer
communications. Then each client that has us on the contact list receives the
number of this port. They will use it to connect whenever they are going to use
peer-to-peer communication. Thus the port number has to be captured at the
beginning of the session.
The client’s IP addresses are hidden, but it does not mean that they are not
transmitted by the server. All together, the client IP address can be captured as
well as all the other information.
AOL Oscar
Screen name: project393CS
Password: project
Security of Instant Messengers Page 24 Oscar protocol is used by AOL messenger as well. Apart from some
differences it is the same. The Figure 3.3 shows log on packet with screen name
“project393cs” and IP address of server with port number “205.188.12193:5190”
in Hex string. The main difference is that the packets with messages are built in
different way, but they are still unencrypted – on Figure 3.4 can be seen captured
message “Hello!” from ICQ user with number 448 224 250 in ASCII string.
Figure 3.3: Log on packet caught by Wireshark
Figure 3.4: Sniffed AOL communication by Wireshark
Security of Instant Messengers Page 25 4
Security via Firewalls
Instant messaging has become an indispensable part of communication for
corporations as well as for individual customers. However, the security risk is
marginal and more critical for corporations, where even very small security gap
might cause big troubles and for instance very delicate data might be stolen.
Thus the corporation has to ensure the secure way, how to block instant
messaging and its unsecure communication outside of the local area network or
at least check off the risk on the minimum.
The most common way how to try to block the insecure instant messaging
system over the internet is using firewalls. However, this does not have to be
enough, because the current instant messengers dispose of plenty various ways
how to sneak past corporate firewalls to reach their servers.
All instant messaging systems are based on the central server(s), where the
clients must be connected to realize the conversation. Therefore they are
preconfigured with one or more TCP/IP network addresses. This seems to be
a problem as many perimeter firewalls in companies block everything expects for
instance SMTP email, HTTP Web surfing or DNS, but the instant messaging
clients are configured to be able to tunnel over these allowed internet services.
If the client is not able to connect its server, it attempts to connect the server
on port 80, which is used by internet browsers and therefore the perimeter
firewall considers this transmission like a normal web browser transmission and it
is not blocked.
The only way in this case is to configure manually the corporate firewall and
add to its block list the server address name of instant messaging service (e.g.
login.icq.com) or the server IP address (e.g. 22.11.33.46). Some IM systems e.g.
IRC can connect to many different servers that is why the manual configuration
of perimeter firewall is not that easy.
IM systems use peer-to-peer communication to send the file on particular port,
what makes life easier and it is enough just to block that port number on the
firewall. However, there is at least one IM systems, which is able to sneak past
the firewall within the transfer. The only solution is antivirus installed on each
computer to defend it against any virus attack through the IM system.
4.1
ARP Poisoning
Address Resolution Protocol ARP is used in Local Area Networks for
mapping devices in the network based on the principle that IP address is
Security of Instant Messengers Page 26 known and physical address (MAC address) has to be found.
For instance a router in LAN network receives packet for host with an
IP address the router does not know, a broadcast ARP request packet is
sent to all hosts connected to the network to determine a MAC address.
Only host with the same IP address responds to this request and sends
back to router the information about its MAC address. Consequently the
original packet for this host can be forwarded.
ARP table is located in the memory and it is used to store the track
about Ethernet address-to-IP address resolution, hence the ARP request
packet does not have to be issued each time a new packet comes.
Technique called ARP poisoning is very simple and efficacious. If the
ARP request packet is sent, the attacker merely answers on this request
and sends back his MAC address even if he does not have the requested
IP address. In this case all packets are forwarded to the attacker instead
of the host they were originally sent to.
ARP poisoning is also used in man-in-the-middle attack, where are all
packets from user A to user B sent through attacker C without their
knowledge. Attacker can this way sniff the communication or e.g. replace
the public key of whether user A or user B with attacker’s public key in
order to decrypt their following messages and other private data.
4.2
How to Secure IM against ARP Poisoning
Using Firewall
The market with internet security programs offers a few firewalls that
are able to block attempts at ARP poisoning from the network. The most
complex and sophisticated is Zone Alarm firewall by Check Point.
Advanced settings extend the option to enable ARP protection. This
blocks all incoming ARP requests except those, which were sent as
a broadcast request for the MAC address of target host. All incoming ARP
replies are blocked as well. The only exceptions are replies in response to
previous ARP request.
For this demonstration was used Cain & Abel 3.0 software. At first I
scanned the network and found all connected MAC addresses. As Cain &
Abel works on principle of ARP poisoning therefore the knowledge of all
MAC addresses is essential. I picked up the computer with Zone Alarm
firewall (shown in Figure 4.1). IP address is 172.19.10.56
Security of Instant Messengers Page 27 Figure 4.1: List of all computers in Cain
As long as the ARP protection in Zone Alarm was disabled, Cain &
Abel was able to catch all packets going out from IP 172.19.10.56 to the
default network gateway 172.19.10.252 and also all packets coming in
from internet through the gateway which shows Figure 4.2. Part of these
packets involves communication of ICQ and MSN messenger clients
running on this computer.
Figure 4.2: Sniffed packets without ARP protection
Cain & Abel was successful also while ICQ client was logging in and
grabbed its password as well as ICQ number and server IP address
(Figure 4.3). Unfortunately this software does not have an option to obtain
password for MSN messenger.
Security of Instant Messengers Page 28 Figure 4.3: Sniffed ICQ password without ARP protection
Since the ARP protection was enabled, Zone Alarm firewall blocked all
attempts to attack ARP protocol and Cain & Abel was able to catch only
packets coming from internet. As shown in the Figure 4.4 any packet from
IP 172.19.10.56 was seized.
Figure 4.4: Sniffed packets with ARP protection
ARP protection was effective against password sniffing as well. It can
be seen in the Figure 4.5, where is no ICQ password sniffed.
Zone Alarm’s ARP protection feature works properly and protects the
computer (IM conversation included) against ARP poisoning for
a certainty.
Security of Instant Messengers Page 29 Figure 4.5: Sniffed ICQ password with ARP protection
Security of Instant Messengers Page 30 5
VPN Tunnel and its Principle
A virtual private network provides a private communication tunnel through
a public network- internet. This is ensured by encryption, which secures the
communication and headers with routing information added to each traffic unit.
The encryption technology is decryptable, but strong enough to provide
reliable and confidential communication channel.
A VPN creates so called communication tunnel, which means that the traffic
between remote VPN client and VPN server is separated from other traffic in the
internet and both client and server can see only each other without any other
access points along the logical tunnel.
The major aims of using VPN tunnels are to have a secure communication
over the internet and to render the remote clients the same efficiencies that they
would have if they were clients located within a corporate network.
5.1
How to Secure IM using VPN
Hamachi VPN client
Apparently the best solution for IM security is Hamachi VPN client (Figure
5.1) that allows users wherever in internet to be connected directly and securely
by VPN tunnel without any other access points to their network. Hamachi
mediation server is used only at the beginning assign unique Hamachi IP
address and then to allocate the other users. After the traffic between them is
carried out like they would be connected by physical cable directly one to each
other.
Fully encrypted, authenticated and peer-to-peer communication provides e.g.
files sharing, remote desktop and instant messaging. The user can be assume
that his instant message is encrypted and goes directly from his computer to his
contact’s computer (Figure 5.2).
Foremost the identity of Hamachi server has to be proved, and hence all
clients have public key of one of the servers and when the clients connects to the
server it has to reply with the signature of the client’s data, which basically proves
servers identity.
The message encryption is achieved by symmetric cipher algorithm and
authentication with MAC address. To prevent the replay attacks to each message
is given unique number.
Security of Instant Messengers Page 31 The algorithms and their parameters for key exchange, key derivation and
message encryption are specified by crypto suite with following default
parameters:
•
•
•
DH group - 2048-bit MODP group from RFC 3526
Message encryption - AES-256-CBC using ESP-style padding
Message authentication - 96-bit version of HMAC-SHA1
Figure 5.1: Hamachi VPN client
Figure 5.2: Hamachi chat window
New Hamachi connection in the network connections shows up as illustrated
in a Figure 5.3.
Figure 5.3: Hamachi connection
In the Wireshark capture option is one of the interfaces also Hamachi Virtual
Network Interface Driver: \Device\NPF_{3322D5FD-1514-4E3B-8247D5CA38E956D3}. However, Wireshark was unable to sniff the communication
between two Hamachi VPN clients, only one worthless packet was captured
(Figure 5.4).
Security of Instant Messengers Page 32 Figure 5.4: Sniffed packets
Hamachi VPN client is without any doubts the most secure solution for IM
over the internet which is proved by disability of Wireshark to sniff the
conversation.
Security of Instant Messengers Page 33 6
How to Secure IM using Jabber
Jabber is an open source IM system using XMPP protocol. Jabber offers
users everything the same like the other IM, whereas in Jabber everybody can
run his own server. This phenomenal advantage means that Jabber messaging
system does not have to be centralized and therefore the security of instant
messaging rapidly mounts up.
This fact might convince especially companies and users in LAN networks,
because they are able to run their own server and their internal messages are
not exposed to all dangers of attacks outside the LAN.
Currently there are tens of Jabber clients on internet and also Miranda IM
supports in the basic version XMPP protocol.
TIMP.NET server
To run the Jabber server it is necessary to have the Jabber server software.
One out of 16 currently available on internet is TIMP.NET Enterprise 2005 IM
server.
The simplicity of this software reposes in the installation of the server and
then managing the server via online TIMP.NET console that is shown in a Figure
6.1. Then the only thing user has to do is set the login server and port, which is
5222 for open connections or 5223 for secure connections (Miranda IM settings
in Figure 6.2).
Security of Instant Messengers Page 34 Figure 6.1: TIMP.NET console
Figure 6.2: Miranda IM options
Security of Instant Messengers Page 35 7
Security via Software Applications and Plugins
This is the easiest and most common way how to secure an IM
communication. Internet offers a couple of software applications intended either
to encrypt the messages or to provide more complex set of services according to
security and privacy. The most common software application is IMSecure Pro by
ZoneAlarm and the second one is SimpLite by SecWay Global.
A special group in this chapter are plugins for IM clients. Miranda IM works
only on plugin principle and there is more than 400 plugins for Miranda IM
currently available online free to download.
7.1
How to Secure IM using Software Utilities
IMSecure Pro
IMSecure Pro (Figure 7.1) is without any doubts the best IM security solution
nowadays. It is designed to secure MSN Messenger, Yahoo! Messenger, AOL IM
and third-party clients such as Miranda IM.
Figure 7.1: IMSecure Pro window
The latest version offers to clients following features:
•
Inbound threat protection – filters invalid messages, buffer
overflow, dangerous scripts, and executable URLs.
•
ID Lock - Defends against unauthorized sending of sensitive
information from user’s PC.
•
Spam Blocker- Blocks spam messages
Security of Instant Messengers Page 36 •
Message Encryption – If both clients have IMSecure Pro, the
conversation between them is encrypted
•
Feature Control – Allows to manage the IM features on
a computer
•
IM Blocking – Allows to block particular IM services
•
Event Logging – Informs about all IM security events in
a computer
I am going to prove the functionality of message encryption using IMSecure
Pro.
Figure 7.2 shows the conversation between two MSN clients captured by
MSN Monitor & Sniffer 2.50 (build 0039) installed on the [email protected]
computer without using IMSecure Pro. The conversation as well as both clients’
accounts is fully visible.
Figure 7.2: Captured communication without IMSecure Pro
Figure 7.3 shows the same conversation in the case that both clients are
running IMSecure Pro. The conversation was started by the client where MSN
Monitor & Sniffer 2.50 is installed. The message encryption takes effect after the
connection between both clients is established therefore the very first message is
visible, but the rest of the conversation is hidden. Email addresses of both clients
are hidden as well, IMsecure appears instead.
The entire conversation remains hidden if it is started by client that does not
have MSN Monitor & Sniffer 2.50 as shown in the Figure 7.4.
Security of Instant Messengers Page 37 Figure 7.3: Captured communication with IMSecure Pro
Figure 7.4: Captured communication with IMSecure Pro 2
IMSecure Pro works properly and the messaging encryption is effective. The
only lowpoint of this application is unencrypted first message of the conversation,
but only in the specific case.
SimpLite
SimpLite offers encryption of conversation for MSN, ICQ/AIM, Yahoo! and
Jabber/Google messengers. It works on the same principle like IMSecure Pro
and hence the messages are securely encrypted by state-of-the-art cryptography
only if both clients have installed SimpLite application.
Each client has to choose a password at the beginning and then the program
generates his own RSA cipher based on this password and some random
numbers.
If one of the clients in the conversation does not have SimpLite, the SimpLite
reports the unencrypted connection as shown in picture 7.5.
.
Security of Instant Messengers Page 38 The captured conversation is shown in following Figure 7.6.
.
Figure 7.5: Unencrypted connection report
Figure 7.6: Capture communication without SimpLite
If both clients are running SimpLite, the application reports that the
conversation is encrypted (Figure 7.7) and we are able to sniff only encoded
messages, which is shown in Figure 7.8.
Before the actual connection is established, the dial window asks the client if
he wants to use encryption key, which belongs to client who is trying to start the
conversation (Figure 7.9).
Security of Instant Messengers Page 39 Figure 7.7: Encrypted communication report
Figure 7.8: Encrypted communication report 2
Figure 7.9: Capture communication with SimpLite
SimpLite application works properly and the whole conversation might
encrypted by RSA key with length up to 2048 bits, which is impossible to break.
All parameters of this coding key are shown in the Figure 7.10.
Security of Instant Messengers Page 40 Figure 7.10: Parameters window
Security of Instant Messengers Page 41 8
Miranda IM Plugin
Miranda IM is based on three fundamental parts: the core, internal modules
and external modules generally known as plugins.
8.1
Miranda IM Core
Miranda IM core is the heart of this messaging client. It provides just the basic
functions to make other things working. It creates compatible environment for
internal and external modules. The core involves only two main mechanismhooks and services.
Hooks
Hook is basically a function that is called to inform about some event entity,
which required previously to be informed about it. In the core exists so-called
hook table consists of a hook name represented by the string of characters and
of a list of subscribers. The purpose of the hook table is to provide the following
tasks:
• Apprise the subscriber of a peculiar event
• Hook the event registered in the hook table
• Create and destroy every event that may be hooked by somebody
The naming rule for hooks is as follows:
“Module/Component/Hook”
Every hook which has been registered to the hook chain has to be declared:
Int EvenHook (WPARAM, LPARAM)
Every hook has predefined parameters and the return value is dedicated to
decide whether the hook chain has to carry on the processing or not. If the return
value is false (0), the hook chain continues the processing, if it is true (1), the
processing must be ceased (Figure 8.1).
Every time when an event is detected, the hook chain is managed by calling
every registered event in the hook table.
If the hook chain for particular event is empty, the default hook is being
processed instead.
Security of Instant Messengers Page 42 Executed hooks
False (0)
Hook chain broken
False (0)
Unexecuted hooks
True (1)
Figure 8.1: Hook chain
Services
The functions providing various operations are hidden in the services. Each
module can dispose of a couple of functions, which are not called directly, but
through the service calls (each function has a different service call). As well as
for the hooks, also for services is created a table in the core, which consists of
a service name made up of characters in the string and of a pointer to the
function of each service. In order to manage the services, the core provides
following:
•
•
•
Create and destroy a service
Check if the service exists
Call a service through the service calls
The naming rule for services is as follows:
“Module/Component/Service”
Every service which has been registered has to be declared:
Int ServiceImplementation (WPARAM, LPARAM)
Each service function has predefined parameters and the return value by the
author. But the return value 0x80000000 is reserved for “service not found” error,
hence it cannot be used for service functions. The header files of Miranda IM
contain the list of available services as well as the documentation about each
service. Therefore every developed plug-in should include corresponding header
file with services description and usage.
Example of header file for awaymsg plugin:
{***************************************************************
* Project
: Miranda Plugin API for Delphi
* Description
: Converted Headerfile
*
* Author
: Christian Kästner
Security of Instant Messengers Page 43 * Date
: 22.12.2001
*
* Copyright © 2001 by Christian Kästner ([email protected])
****************************************************************}
unit m_awaymsg;
interface
//show the away/na/etc message for a contact v0.1.0.1+
//wParam=(WPARAM)(HANDLE)hContact
//lParam=0
//returns 0 on success or nonzero on failure
//returns immediately, without waiting for the message to retrieve
const
MS_AWAYMSG_SHOWAWAYMSG ='SRAway/GetMessage';
implementation
end;
There are a couple more functions provided by core apart from those
mentioned above:
•
Internal Memory management function (allocation, deallocation,
reallocation)
This function involves the error indicating within the memory. It marks the
block including the error by special symbols and thus any father reference to this
block will be aware of this error.
•
Threading related routines
Function used to properly close all services before Miranda IM is shut down.
•
Localization routines
It is dedicated to translate the text using different code pages.
•
8.2
UTF-8 text encoding/decoding
Internal Modules
The basic functionality of Miranda IM and the basic features are provided by
internal modules. These modules are direct support for external modules (plugins). The cooperation between these modules uses many services and hookable
events.
Security of Instant Messengers Page 44 8.3
External Modules
External modules are basically plugins, which extend the functionality of
Miranda IM. Each external module contains certain functions and it occurs as
a DLL file in the Miranda plugin directory. While Miranda is being loaded, the
core checks all DLL files in this directory and calls WinAPI LoadLibrary function
on each of them. The plugins send all their functions and consequently the
module is implemented into the core. The set of all implemented functions stands
for interface between a core and the module. As needed the cores calls each
necessary function.
There are several types of external modules: database plugins, contact list
plugins and general purpose plugins (Figure 8.2). The only difference between
them is in their purpose and thus the set of functions they offer to the core.
Interfaces
Database plugin
Functions: Load
Unload
MirandaPluginInfo
DatabasePluginInfo
Miranda IM
Core
Contact list plugin
Functions: Load
Unload
MirandaPluginInfo
CListInitialise
General purpose plugin
Functions: Load
Unload
MirandaPluginInfo
Figure 8.2: Miranda IM structure
When Miranda starts, it initially proceeds into the API checking- looks for
every general purpose plugin and calls MirandaPluginInfo function to get the
descriptions. After this step the core checks if the modules contain also functions
standing for contact list plugin or database plugin. The result must be positive
otherwise the core shuts down Miranda.
After initialization the core calls Load function to the particular module which
gives notice that this process was successful and the module is loaded by the
core. The Load function may be called only in the case the database module is
already loaded. By that time are not initialized any other external modules.
Security of Instant Messengers Page 45 The exact process is carried out in reverse during Miranda shutdown. The
core calls Unload function in the all plugins and they discontinue the module
function processes and remove themselves from the core. Only the database
module remains loaded also during this process.
Security of Instant Messengers Page 46 8.4
MSN Authorization Plugin - Version 0.1
MSN Authorization plugin (Figure 8.3) has been developed for this project to
improve the security aspect of Miranda IM for MSN and to bring fully new idea
into Miranda IM plugins development.
Figure 8.3: Main window for MSN Authorization Plugin
Here is the short description of the main purpose:
The user has to create on his USB flash drive (Pendrive) file with the name of
his email address, which he uses for MSN e.g. file [email protected] with affix com.
User has to also set up Miranda client for his MSN account. When Miranda IM
starts, the dialog window shown on picture
appears. User writes down his
password and click OK to log on MSN. This plugin will automatically encode
user’s password to the login file and if this user wants to log in again, he doesn’t
have to type the password again, just plug in his USB flash drive and plugin
authorize this users by finding his password in the file and user can simply log in.
To summarize MSN Authorization plugin turns the USB flash drive into an
authorization key and avoids storing password on the computer. The password is
safely encoded on the USB flash drive and ready to be used anytime a user
needs.
Security of Instant Messengers Page 47 8.5
Basic Plugin Structure
No matter which kind of plugin for Miranda IM I am going to design, there are
a few obligatory steps I have to include in the source code. It is something like
the basic structure of Miranda IM plugin.
The very first step is libraries registration:
#include
#include
#include
#include
<windows.h>
<newpluginapi.h>
<m_clist.h>
<m_skin.h>
The plugin instance variable holds the functions of the plugin in the core
memory:
HINSTANCE hInst;
This is followed by all plugin information, visible in Miranda plugin settings:
PLUGINLINK *pluginLink;
PLUGININFO pluginInfo={
sizeof(PLUGININFO),
"Plugin Name",
PLUGIN_MAKE_VERSION(0,0,0,2),
"Description of the plugin,appears in the plugin options dialog",
"Author name",
"email",
"© 200X author name",
"web",
0,
//not transient
0
//doesn't replace anything built-in
};
The function processing implemetation of the plugin into the core memory:
BOOL WINAPI DllMain(HINSTANCE hinstDLL,DWORD fdwReason,LPVOID
lpvReserved)
{
hInst=hinstDLL;
return TRUE;
}
The function returning the information about plugin:
__declspec(dllexport) PLUGININFO* MirandaPluginInfo(DWORD
mirandaVersion)
{
return &pluginInfo;
}
Security of Instant Messengers Page 48 Here starts the main functional body of the plugin (after the plugin is loaded
with all starting settings):
int __declspec(dllexport) Load(PLUGINLINK *link)
{
CLISTMENUITEM mi;
pluginLink=link;
ZeroMemory(&mi,sizeof(mi));
mi.cbSize=sizeof(mi);
mi.position=-0x7FFFFFFF;
mi.flags=0;
mi.hIcon=LoadSkinnedIcon(SKINICON_OTHER_MIRANDA);
mi.pszName="&Test Plugin...";
mi.pszService="TestPlug/MenuCommand";
CallService(MS_CLIST_ADDMAINMENUITEM,0,(LPARAM)&mi);
return 0;
}
Everything, what has to be done before Miranda is shuted down is in this part:
int __declspec(dllexport) Unload(void)
{
return 0;
}
8.6
Security Elements in the Plugin
MSN Authorization Plugin 0.1 involves two security elements. First one the
password encryption algorithm and second one is the storing mechanism on
USB flash drive, which avoids storing password on the computer and eliminates
the risk of account hijacking.
8.6.1
Password Encryption Algorithm
This password encryption algorithm was designed just for this MSN
Authorization plugin and to encode the password is used the email address.
Encoding process has 4 main stages. In the first one is each character of
a password broken down into 3 digits (ASCII code) and each of these digits is
represented by ASCII code as well. For instance character H is in ASCII code
072 (it has to be in 3 digits) and then 0=48, 7=55 and 2=50 in ASCII code.
for (i=0; i<strlen(pass); i++)
{
buf1[i*3+0] = 48+pass[i]/100;
buf1[i*3+1] = 48+(pass[i]%100)/10;
Security of Instant Messengers Page 49 buf1[i*3+2] = 48+(pass[i]%10);
}
buf1[i*3] = 0;
buf2[i*3] = 0;
In the second stage is taken every second number starting from the first
number and then every second number starting from the second number e.g.
123456 would be 135246.
for (i=0; i<strlen(buf1); i=i+2)
{
buf2[i/2] = buf1[i];
}
for (i=1; i<strlen(buf1); i=i+2)
{
buf2[strlen(buf1)/2 + strlen(buf1)%2 + i/2] = buf1[i];
}
The 3rd stage calculates an email dependency. The number j as a result of
this calculation is going to be used to encode the password. J is simply a length
of an email multiplied by length of a password minus length of a part of an email
before @ character e.g 17*5-5=80=080 (the result has to be in 3 digits).
j = strlen(email) * strlen(pass) - find_at(email);
if (j<0) j=j+255;
The last stage takes the result from the stage 3 and adds this value (still
consecutive) to the result from the stage 2. For instance 135246+080080.
for (i=0; i<strlen(buf2)/3; i++)
{
buf2[i*3+0] = (buf2[i*3+0] + j/100 - 48)%10 + 48;
buf2[i*3+1] = (buf2[i*3+1] + j%100/10 - 48)%10 + 48;
buf2[i*3+2] = (buf2[i*3+2] + j%10 - 48)%10 + 48;
}
For example if our email is [email protected] and password is 123456, the
encoded password is 192112132507609601.
Security of Instant Messengers Page 50 8.6.2
Password Storing Mechanism
Password storing mechanism has basically tree fundamental parts. First of all
it has to find the login file stored wherever on a computer or inserted flash
memory drives. The searching process is carried out by checking all drive letters
from A to Z. Even if there are two login files, the searching process is interrupted
after the first login file has been found.
char login_file_exists (char * email)
{
//--- file checking declarations --WIN32_FIND_DATA FindFileData;
HANDLE hFind;
char buf[256], fmsg[256];
char drive;
char found = 0;
HWND hwndOwner;
//--- end of file checking declarations --//--- checking if file exists on each drive --for (drive='A'; drive<='Z'; drive++)
{
sprintf(buf, "%c://%s", drive, email);
//--- find file --hFind = FindFirstFile(buf, &FindFileData);
if (hFind != INVALID_HANDLE_VALUE)
{
FindClose(hFind);
//--- drive has been found --found = drive;
}
}
//--- end of checking the file --return found;
If the login file has been found user’s encoded password can be written into it.
The login file is opened, the encoded password is inserted there and finally the
file is closed.
void write_pass (char drive, char * email, char * pass)
{
FILE * pass_file;
char file_dir[256], enc_pass[256];
encode_password(pass, email, enc_pass);
//--- make correct path to file --sprintf(file_dir, "%c://%s", drive, email);
//--- open file --pass_file = fopen(file_dir, "w");
Security of Instant Messengers Page 51 //--- write password --fwrite(enc_pass, 1, strlen(enc_pass), pass_file);
//--- close file --fclose(pass_file);
}
For reading encoded password from the login file has to be done the inverse
process such as for writing password into the file. File is allocated, opened, the
password is extracted, file is closed again and finally the password is decoded.
char read_pass (char drive, char * email, char * pass)
{
WIN32_FIND_DATA FindFileData;
HANDLE hFind;
FILE * pass_file;
char file_dir[256], is_pass = 0, len;
//--- make correct path to file --sprintf(file_dir, "%c://%s", drive, email);
//--- open, write, close --pass_file = fopen(file_dir, "r");
len = fread(pass, 1, 256, pass_file);
fclose(pass_file);
//--- decode --pass[len] = 0;
if (strlen(pass)>0)
{
is_pass = 1;
decode_password(pass, email);
}
return is_pass;
}
Security of Instant Messengers Page 52 8.7
Plugin functions
This section describes all MSN Authorization plugin functions and actions in
each possible case:
1st case:
Status:
No login file on a USB flash drive therefore blank password field.
User’s action:
Plugin action:
Click OK.
Dialog window: “MSN login failed”. (*
User’s action:
Plugin action:
Click Cancel.
Dialog window: “MSN login failed”. (*
User’s action:
Plugin action:
Click Authorize.
Message: “File does not exist”.
User’s action:
Plugin action:
Type the password. Click OK.
Log in a user. (*
2nd case:
Status:
Login file created on a USB flash drive. (**
User’s action:
Plugin action:
Type the password. Click OK.
Encrypt the password into the login file. Log in user. (*
3rd case:
Status:
Login file with encrypted password created on a USB flash drive.
(**
User’s action:
Plugin action:
Click OK.
Log in user. (*
User’s action:
Plugin action:
Change the password in a dialog window. Click OK.
Encrypt the password. Rewrite the old password in the login file.
Try to log in user. (***
4th case:
Status:
User’s action:
Plugin action:
Login file created on a USB flash drive. (**
Change the email and type the password. Click OK.
Encode the password into the login file if this file matches with
a new email address.
Dialog window: “MSN login failed”. (* (****
Security of Instant Messengers Page 53 Notes:
(* These actions are performed by Miranda IM itself after the information from
plugin is received.
(** The login file does not have to be stored on a USB flash drive. It might be
stored on computer, but as we are trying to ensure the maximal security,
password should not be stored directly on a computer. Plugin also shows the
notice with a location, where the login file is stored e.g. File accepted. Drive J:\.
(*** If a user has previously changed his password for MSN account and
hence he wants to rewrite the old one in the login file and log in with a new one,
plugin will do so. But if the password is incorrect and user has changed it in
a plugin dialog window by mistake, plugin will encode the new password into the
login file, but dialog window: “MSN login failed” will appear as the password is not
correct.
(**** User can log in only after the new email address is stored, though restart
of Miranda IM is required.
Security of Instant Messengers Page 54 8.8
Plugin Testing
This plugin can be tested in two ways. First one is to test, if plugin defends
user against storing his password on a computer and second one is to test, if and
how is possible to recover a password from a login file whereby we can test
a strength of a password.
8.8.1
Password Storing
MSN authorization plugin was tested for MSN account [email protected]
and password project.
Miranda IM stores encoded passwords in Lap.dat file. For password tests was
used Miranda IM password decoder 0.0.0.6. Miranda IM was during these tests
turned off. Tests were performed for the following two cases:
1st case:
MSN authorization plugin is not implemented. Password project is stored and
encoded in Miranda database in spite of this Miranda IM password decoder
detected the password and also its hexadecimal value (Figure 8.4).
Figure 8.4: Detected password without plugin
2nd case:
MSN authorization plugin is implemented and runs properly. Before Miranda
IM is being shut down it removes the password from Miranda database therefore
Miranda IM password decoder could not detect any password (illustrated in
Figure 8.5).
Security of Instant Messengers Page 55 Figure 8.5: Detected password with plugin
MSN authorization plugin always removes MSN password from Miranda IM
database, whereas the only place where user’s password can be stored after
Miranda has been shut down is the login file on a USB flash drive (if a user
creates this file and keeps it on a USB flash drive). Password is hence safely
protected against sniffing on computer using MSN authorization plugin.
8.8.2
Password Strength
The task in this chapter is to evaluate the safety of the encryption algorithm
used to protect a password stored on a USB flash drive. To do this I performed
several actions.
The main step was the attempt to obtain the details of the encryption
algorithm stored in the program. To do that several tools were necessary:
•
Neuron PE disassembly
•
PE explorer disassembly
The first one of the listed above did not give the disassembled code but
instead generated some very useful statistics and data that were necessary for
the next part of the evaluation.
Security of Instant Messengers Page 56 Figure 8.6: List of external procedures
Thanks to this program I have not only obtained the list of external
procedures used (Figure 8.6), entire resources along with the dialog box used
but also all the constants used in the program which proved to be quite useful
(Figure 8.7).
Figure 8.7: List of constants
The next step was the usage of the PE explorer disassembly to get the
assembly code of the library.
Security of Instant Messengers Page 57 Figure 8.8: Assembly code
Having the assembly code and this environment shown in Figure 8.8 I started
to look for the encryption procedure.
What I knew about the program was that it displays a dialog box, gets email
and password from the user and saves it in a file. What I also knew was that to
achieve those goals program has to refer to Win API thought Kernell32.dll or
User32.dll library. So I start looking for all references to the library and I found the
following:
L10033D2C:
mov
push
lea
push
push
mov
push
call
cmp
call
mov
push
lea
push
push
esi,esp
00000080h
eax,[ebp-000004A8h]
eax
0000041Ah
ecx,[ebp+08h]
ecx
[USER32.dll!GetDlgItemTextA]
esi,esp
SUB_L10030E74
esi,esp
00000100h
eax,[ebp-00000420h]
eax
00000419h
Security of Instant Messengers Page 58 mov ecx,[ebp+08h]
push ecx
call
[USER32.dll!GetDlgItemTextA]
cmp esi,esp
call SUB_L10030E74
lea
eax,[ebp-000004A8h]
push eax
call
SUB_L10030AAA
add esp,00000004h
mov [ebp-71h],al
movsx eax,[ebp-71h]
test eax,eax
jz
L10033DA8
lea
eax,[ebp-00000420h]
push eax
lea
ecx,[ebp-000004A8h]
push ecx
mov dl,[ebp-71h]
push edx
call SUB_L1003036B
add esp,0000000Ch
What we can see is the access to the two text boxes on the dialog window,
one responsible for email and the second one for password. To find the
password encryption algorithm was reasonable to follow the jump instructions.
So finally the encryption procedure looks like following:
L10033DA8:
mov
lea
push
push
push
mov
mov
call
add
cmp
call
lea
push
push
push
push
call
add
esi,esp
eax,[ebp-00000420h]
eax
00000100h
SSZ10091E3C_DB_Crypt_EncodeString
ecx,[L100A457C]
edx,[ecx+24h]
edx
esp,0000000Ch
esi,esp
SUB_L10030E74
eax,[ebp-000004A8h]
eax
SSZ10091E94_e_mail
L10091E90
00000000h
SUB_L10034630
esp,00000010h
Security of Instant Messengers Page 59 lea
push
push
push
push
call
add
mov
push
mov
push
call
cmp
call
test
jnz
push
push
push
push
call
add
jmp
eax,[ebp-00000420h]
eax
SSZ10091E30_Password
L10091E90
00000000h
SUB_L10034630
esp,00000010h
esi,esp
0000065Bh
eax,[ebp+08h]
eax
[USER32.dll!IsDlgButtonChecked]
esi,esp
SUB_L10030E74
eax,eax
L10033E3A
00000000h
SSZ10091EB0_rememberEmail
SSZ10091E9C_MSNAccountSetup
00000000h
SUB_L10034570
esp,00000010h
L10033E4E
Conclusion
This encrypting algorithm is not the strongest but it is strong enough. The
reason why I think this is that it would force the potential attacker to copy the
entire key from the protected media source e.g. USB flash drive. Thanks to this
reading it will not be enough. However, I think that this encryption mechanism
should still be based on some Crypto API procedures and generate the key in
binary form what would make memorization or rewriting impossible. The access
to the algorithm itself is also not straight forward. It takes some computer
knowledge and experience to obtain it furthermore for most of the users it will be
impossible to overcome.
Security of the program is based on the safety of the key stored on the USB
flash drive. The only way to improve the security not engaging operating system
or internet services is by using dedicated hardware like chip algorithm cards.
Security of Instant Messengers Page 60 9 Conclusion
In spite of all IM vulnerabilities the IM communication can be secure enough,
if we know how to ensure it.
The first thing is to decide how and what we are going to use the IM
communication for. If it is a part of an enterprise network and we do not need to
go outside from the LAN, the best solution is using Jabber server and its solution.
If it is necessary to communicate with clients outside the LAN a few solutions
are available to secure IM. Using software application, VPN client as well as
corporate firewall is effective and provides clients standard level of internet
security.
A very original idea is using a plugin developed for this final year project that
is ideal especially for clients using their IM messengers on public computers or in
the work where more people are sharing the same computer.
Let us have a look on each security solution:
Zone Alarm Firewall
Zone Alarm Firewall is in a league of its own above its competitors. The big
advantage is his ARP protection that can effectively protect a computer against
ARP poisoning.
The ARP protection feature works excellent, which has been proven in
chapter 4.2. When the ARP protection in Zone Alarm Firewall was on the
eavesdropper using Cain & Abel on a different computer was not able to monitor
the traffic transmitted from the computer to the network. The eavesdropper was
not successful neither for ICQ password sniffing. Therefore the Zone Alarm
Firewall has been effective with the percentage of 100.
Hamachi VPN client
Another great solution for IM communication is Hamachi VPN client. Between
two Hamachi VPN clients is being created secure VPN tunnel carrying all IM
messages without any chance for eavesdroppers to sniff it. I proved this fact
using Wireshark that has not caught any packet belonging to the IM
communication over Hamachi VPN client.
Jabber TIMP.NET server
Jabber server solution is suitable for enterprises when passing IM messages
to the internet is not wanted. Everything stays within the LAN and hence the
eavesdroppers cannot sniff the messages if they are outside of the LAN.
Security of Instant Messengers Page 61 Unfortunately the security is not ensured when the eavesdropper exists within
a corporation network.
IMSecure Pro
This software utility offers a wide range of options to ensure the best and
ideal IM security. Message encryption, spam blocker, ID lock and inbound threat
protection are the main ones. For my final year project was the most important
just message encryption options, which I used for testing. MSN Monitor & Sniffer
could not sniff the messages when IMSecure Pro was used, only in one case
IMSecure Pro did not work properly and the first message of the conversation
was captured by sniffer.
SimpLite
SimpLite software utility offers only message encryption, but contrary of the
IMSecure Pro the messages are always perfect encrypted and hence visible for
sniffer only in an encoded text string that has been proven in my project.
MSN Authorization Plugin
Plugin solution is the most comfortable way for IM users as there are different
plugins for Miranda IM available on internet and it is only up to user which one he
wants to use.
MSN Authorization Plugin provides two security elements at the same time. It
does not store the password on user’s computer and what is more, the password
is safely stored as an encrypted string on user’s USB flash drive. Therefore user
does not have to worry that somebody will grab his password from the computer
he has just been working on. Even if somebody stole the USB flash drive with the
password file he would not be able to decode it as long as he disassembles
the .dll file of the plugin. And the disassemble process is not easy at all, possible
maybe for professionals only. Hence I can claim that the encoded password in
the file stored on USB flash drive is secured enough.
Each of the security options I mentioned above are freely available on internet
and easy to install and use. IM is secure way of exchanging information when we
know what to do and how to use it. This final year project was meant to be
a guide for everyone who is not satisfied with his IM security and is trying to
improve it.
Security of Instant Messengers Page 62 10 References
Internet
Dominik Pinter (2006) Pruvodce programem Ethereal [online] available from
<http://www.root.cz/serialy/pruvodce-programem-ethereal/> [15 November 2006]
(January 2007) Windows Live Messenger [online] available from
<http://en.wikipedia.org/wiki/Live_Messenger> [27 December 2006]
(2006) ICQ [online] available from <http://en.wikipedia.org/wiki/ICQ> [28 December 2006]
(2006) Comparison of instant messaging clients [online] available from
<http://en.wikipedia.org/wiki/Comparison_of_instant_messaging_clients> [25 December
2006]
(2006) Comparison of instant messaging protocols [online] available from
<http://en.wikipedia.org/wiki/Comparison_of_instant_messaging_protocols> [29
December 2006]
(2006) Instant messaging [online] available from
<http://en.wikipedia.org/wiki/Instant_messaging> [18 November 2006]
(2006) Skype [online] available from <http://en.wikipedia.org/wiki/Skype> [22 December
2006]
(2006) OSCAR protocol [online] available from
<http://en.wikipedia.org/wiki/OSCAR_Protocol> [29 December 2006]
(2006) AOL instant messenger [online] available from
<http://en.wikipedia.org/wiki/AOL_Instant_Messenger> [2 January 2007]
(2006) TOC protocol [online] available from <http://en.wikipedia.org/wiki/TOC_protocol>
[3 January 2007]
(2006) TOC2 protocol [online] available from
<http://en.wikipedia.org/wiki/TOC2_protocol> [3 January 2007]
(2006) Miranda IM [online] available from <http://en.wikipedia.org/wiki/Miranda_IM> [5
January 2007]
(2006) Multiprotocol instant messaging application [online] available from
<http://en.wikipedia.org/wiki/Multiprotocol_instant_messaging_application> [20
December 2006]
(2006) Skype Protocol [online] available from
<http://en.wikipedia.org/wiki/Skype_Protocol> [4 January 2007]
(2006) Mobile Status Notification Protocol [online] available from
<http://en.wikipedia.org/wiki/MSNP> [28 December 2006]
Security of Instant Messengers Page 63 (2007) ICQ home [online] available from <http://www.icq.com/info/> [20 November 2006]
(2006) ICQ story [online] available from <http://www.icq.com/info/icqstory.html> [22
November 2006]
(2007) Miranda IM addons- Security and Privacy [online] available from
<http://addons.miranda-im.org/index.php?action=display&id=38> [2 February 2007]
(2002) Securing Instant Messaging [online] available from
<http://securityresponse.symantec.com/avcenter/reference/secure.instant.messaging.pdf
> [8 January 2007]
(1999) The ICQ Protocol [online] available from
<http://www.megasecurity.org/Info/ICQ.html> [20 November 2006]
(11 January 2007) Internet Usage Statistics [online] available from
<http://www.internetworldstats.com/stats.htm> [4 February 2007]
perf (11 December 2006) Miranda Documentation [online] available from
<http://addons.miranda-im.org/details.php?action=viewfile&id=3282> [5 March 2007]
Reactive Software (2007) Reactive Software- Password recovery [online] available from
<http://www.reactive-software.com/miranda-password-recovery.html> [5 March 2007]
Rixler Software (2007) Instant Messenger Password Recovery Master [online] available
from
<http://www.rixler.com/instant_messengers_password_recovery.htm?gclid=COeVubuh1
4oCFSYSQgodixBXgw> [4 March 2007]
ZoneAlarm (2007) IMSecure Pro [online] available from
<http://www.zonealarm.com/store/content/catalog/products/sku_list_imsp.jsp> [10 March
2007]
Check Point Software Technologies Ltd. (2007) User Guide for ZoneAlarm security
software [online] available from
<http://download.zonelabs.com/bin/media/pdf/zaclient70_user_manual.pdf> [11 March
2007]
LogMeIn (2007) Hamachi Security [online] available from
<http://www.hamachi.cc/security/> [18 March 2007]
Jabber.org (2007) Jabber servers [online] available from
<http://www.jabber.org/software/servers.shtml> [19 March 2007]
Security of Instant Messengers Page 64 Books and Journals
Konstantin Klyagin (2004) 'Instant Paranoia.' Hakin9 3, 20
Paul Campbell, Ben Calvert, Steven Boswell (2003) Security+ in Depth . NY: Thomson
Course Technology
Gregory B. White, Shon Harris, Eric Ouellet (2003) Security+ Certification All-in-One
Exam Guide . London: McGraw-Hill Professional
Preston Gralla (2005) PC Pest Control: protect your computers from malicious internet
invaders . Cambridge: O'Reilly
Roberta Bragg, Keith Strassberg, Mark Rhodes-Ousley (2005) Network security: the
complete reference. NY: The McGraw-Hill
Iain S. Shigeoka, Iain Shiegoka (2002) Instant Messaging in Java: The Jabber Protocols.
NY: Manning Publications Co.
Robert Flenner (2002) Java P2P Unleashed. Washington: Sams Publishing
Wireshark & Ethereal Network Protocol Analyzer Toolkit (2006) Wireshark & Ethereal
Network Protocol Analyzer Toolkit. Cambridge: Syngress Publishing
Mark Lucas, Abhishek Singh, Jennifer Davis, Anne Henmi, Dale Liu, Stephanie Miller,
Chris Cantrell (2006) Firewall Policies And VPN Configurations. Atlanta: Syngress
Publishing
Preston Gralla (2005) PC Pest Control: protect your computers from malicious internet
invaders. London: O'Reilly
Security of Instant Messengers Page 65 Appendices
A Time Scales
29 weeks were determined to complete this final year project. My period was
cut down on 25 weeks as a problem with supervisor allocation occurred at the
beginning. The real start for me was on 15th of November 2006 and the project
deadline on 23rd of April 2007. The initial time scale for this project is shown in
following table:
Task
Research
Network traffic monitoring
Testing the software and utilities
Plugin research
Plugin developing
Plugin testing
Completion of project report
Contingency time
Duration (weeks)
4
3
3
2
6
2
2
3
B Constraints
The main constraints I had to face to during my work on this project were:
•
The range of this particular topic is too big. It is worth of a couple final
year projects. And therefore some parts of this project are just outlined
and I focused especially on the Miranda IM plug-in, it’s developing and
testing.
•
Limited information in the books and tens hours spent on internet
looking for desirable information was for me constraint as well.
•
Time is always very big constraint. Find all necessary information, get
new skills and then combine everything together and evolve a good
final year project needs significant amount of time, which is always
missing in student’s life.
•
Student does not have a big budget therefore I had to use in my
project only freeware applications, although some of them do not offer
such functions as the licensed software.
•
For me was the biggest constraint programming. I am not good at it
and what is more I had not had any notion of plugin for Miranda IM and
Security of Instant Messengers Page 66 its structure. Though this I have tried my best and with aid of books
and internet I have done this part.
C Source Code- MSN Authorization Plugin - version 0.1
/*
Author: Juraj Sasko
*/
#define _WIN32_WINNT 0x0400
#include <windows.h>
#include <stdio.h>
#include "resrc1.h"
#include "miranda-headers/newpluginapi.h"
#include "miranda-headers/m_langpack.h"
#include "miranda-headers/m_database.h"
//--- plugin instance** --HINSTANCE hInst;
//--- plugin info** --PLUGINLINK *pluginLink;
PLUGININFO pluginInfo={
sizeof(PLUGININFO),
"MSN Authorization Plugin",
PLUGIN_MAKE_VERSION(0,0,1,0),
"Authorization with USB Flash Drive.",
"Juraj Sasko",
"[email protected]",
"© 2007 Juraj Sasko",
"http://www.coventry.ac.uk/",
0,
//not transient**
0
//doesn't replace anything built-in**
};
//--- instance of plugin** --BOOL WINAPI DllMain(HINSTANCE hinstDLL,DWORD fdwReason,LPVOID
lpvReserved)
{
hInst=hinstDLL;
return TRUE;
}
//--- returns information about plugin** --__declspec(dllexport) PLUGININFO* MirandaPluginInfo(DWORD
mirandaVersion)
{
return &pluginInfo;
}
//--- looks for first @ appearance in email string ---
Security of Instant Messengers Page 67 int find_at ( char * email )
{
int i;
for (i=0; i<strlen(email); i++) if (email[i]=='@') break;
return i;
}
//--- encodes the password --void encode_password ( char * pass, char * email, char * enc_pass )
{
char buf1[256], buf2[256];
int i, j;
//--- stage 1 --//--- each char to 3 digits --for (i=0; i<strlen(pass); i++)
{
buf1[i*3+0] = 48+pass[i]/100;
buf1[i*3+1] = 48+(pass[i]%100)/10;
buf1[i*3+2] = 48+(pass[i]%10);
}
buf1[i*3] = 0;
buf2[i*3] = 0;
//--- end of stage 1 --//--- stage 2 --//--- takes every second number, than every second starting from
second --for (i=0; i<strlen(buf1); i=i+2)
{
buf2[i/2] = buf1[i];
}
for (i=1; i<strlen(buf1); i=i+2)
{
buf2[strlen(buf1)/2 + strlen(buf1)%2 + i/2] = buf1[i];
}
//--- end of stage 2 --//--- stage 3 --//--- calculated email dependency --j = strlen(email) * strlen(pass) - find_at(email);
if (j<0) j=j+255;
//--- end of stage 3 --//--- stage 4 --//--- adds value to every digid --for (i=0; i<strlen(buf2)/3; i++)
{
buf2[i*3+0] = (buf2[i*3+0] + j/100 - 48)%10 + 48;
buf2[i*3+1] = (buf2[i*3+1] + j%100/10 - 48)%10 + 48;
buf2[i*3+2] = (buf2[i*3+2] + j%10 - 48)%10 + 48;
}
//--- end of stage 4 --//--- copy to output --for (i=0; i<strlen(buf2); i++)
{
Security of Instant Messengers Page 68 enc_pass[i] = buf2[i];
}
enc_pass[strlen(buf2)] = 0;
//-48;
}
//--- decodes the password --void decode_password ( char * pass, char * email )
{
int i, j;
char buf1[256], buf2[256];
//--- copying to other variable
for (i=0; i<strlen(pass); i++) buf2[i] = pass[i]-48;
//--- setting the end of string
buf1[strlen(pass)] = 0;
buf2[strlen(pass)] = 0;
//--- stage 3 --j = strlen(email) * (strlen(pass)/3) - find_at(email);
if (j<0) j=j+255;
//--- end of stage 3 --//--- stage 4 --for (i=0; i<(strlen(pass)/3); i++)
{
buf2[i*3+0] = ((10 + buf2[i*3+0] - (j/100)
)%10) + 48;
buf2[i*3+1] = ((10 + buf2[i*3+1] - ((j%100)/10) )%10) + 48;
buf2[i*3+2] = ((10 + buf2[i*3+2] - (j%10)
)%10) + 48;
}
//--- end of stage 4 --//--- stage 2 --for (i=0; i<strlen(buf2); i=i+2)
{
buf1[i] = buf2[i/2];
}
for (i=1; i<strlen(buf2); i=i+2)
{
buf1[i] = buf2[strlen(buf2)/2 + strlen(buf2)%2 + i/2];
}
//--- end of stage 2 --//--- stage 1 --for (i=0; i<strlen(buf1)/3; i++)
{
pass[i] = ((buf1[i*3+0]-48) * 100) + ((buf1[i*3+1]-48) * 10)
+ (buf1[i*3+2]-48);
}
pass[strlen(buf1)/3] = 0;
//--- end of stage 1 --}
//--- writes password to file
void write_pass (char drive, char * email, char * pass)
{
FILE * pass_file;
char file_dir[256], enc_pass[256];
Security of Instant Messengers Page 69 encode_password(pass, email, enc_pass);
//--- make correct path to file --sprintf(file_dir, "%c://%s", drive, email);
//--- open file --pass_file = fopen(file_dir, "w");
//--- write password --fwrite(enc_pass, 1, strlen(enc_pass), pass_file);
//--- close file --fclose(pass_file);
}
//--- read password from file --char read_pass (char drive, char * email, char * pass)
{
WIN32_FIND_DATA FindFileData;
HANDLE hFind;
FILE * pass_file;
char file_dir[256], is_pass = 0, len;
//--- make correct path to file --sprintf(file_dir, "%c://%s", drive, email);
//--- open, write, close --pass_file = fopen(file_dir, "r");
len = fread(pass, 1, 256, pass_file);
fclose(pass_file);
//--- decode --pass[len] = 0;
if (strlen(pass)>0)
{
is_pass = 1;
decode_password(pass, email);
}
return is_pass;
}
//--- looks for login file --char login_file_exists (char * email)
{
//--- file checking declarations --WIN32_FIND_DATA FindFileData;
HANDLE hFind;
char buf[256], fmsg[256];
char drive;
char found = 0;
HWND hwndOwner;
//--- end of file checking declarations --//--- checking if file exists on each drive --for (drive='A'; drive<='Z'; drive++)
{
sprintf(buf, "%c://%s", drive, email);
//--- find file --hFind = FindFirstFile(buf, &FindFileData);
if (hFind != INVALID_HANDLE_VALUE)
Security of Instant Messengers Page 70 {
FindClose(hFind);
//--- drive has been found --found = drive;
}
}
//--- end of checking the file --return found;
}
//--- analyse user interaction on dialog window* --BOOL CALLBACK msn_FirstRunDlgProc(HWND hwndDlg, UINT msg, WPARAM wParam,
LPARAM lParam)
{
HWND hwndOwner;
RECT rc, rcDlg, rcOwner;
DBVARIANT dbv;
char pendrive, pass[256], is, fmsg[256];
//--- choose action type* --switch (msg)
{
//--- during initialization of dialog form* --case WM_INITDIALOG:
{
TranslateDialogDefault(hwndDlg);
//--- get email value from miranda* --if(!DBGetContactSetting(NULL, "MSN", "e-mail", &dbv))
{
is = 1;
SetDlgItemText(hwndDlg,IDC_EMAIL,dbv.pszVal);
} else is = 0;
//--- testing file with password --if (is > 0)
{
is = 0;
//--- gets pendrive drive letter --pendrive = login_file_exists(dbv.pszVal);
if (pendrive!=0)
{
//--- read the password and display if
has been found --is = read_pass(pendrive, dbv.pszVal,
pass);
sprintf(fmsg, "File accepted.
Drive %c:\\", pendrive);
SetDlgItemText(hwndDlg, IDC_INFO, fmsg);
}
else SetDlgItemText(hwndDlg, IDC_INFO, "File
does not exist");
}
//--- release memory* --DBFreeVariant(&dbv);
//--- put password to editbox on dialog window ---
Security of Instant Messengers Page 71 if (is==1)
{ SetDlgItemText( hwndDlg, IDC_PASS,
else
{ SetDlgItemText( hwndDlg, IDC_PASS,
pass ); }
"" ); }
//--- setting 'hiding char' for password*--SendDlgItemMessage(hwndDlg,
IDC_PASS,
EM_SETPASSWORDCHAR,
(WPARAM) '*',
(LPARAM) 0);
//--- place the dialog box in the centre of the
screen* --if ((hwndOwner = GetParent(hwndDlg)) == NULL)
hwndOwner = GetDesktopWindow();
GetWindowRect(hwndOwner, &rcOwner);
GetWindowRect(hwndDlg, &rcDlg);
CopyRect(&rc, &rcOwner);
// Offset the owner and dialog box rectangles so
that*
// right and bottom values represent the width and*
// height, and then offset the owner again to
discard*
// space taken up by the dialog box.*
OffsetRect(&rcDlg, -rcDlg.left, -rcDlg.top);
OffsetRect(&rc, -rc.left, -rc.top);
OffsetRect(&rc, -rcDlg.right, -rcDlg.bottom);
// The new position is the sum of half the remaining*
// space and the owner's original position.*
SetWindowPos(hwndDlg,
HWND_TOP,
rcOwner.left + (rc.right / 2),
rcOwner.top + (rc.bottom / 2),
0, 0,
// ignores size arguments*
SWP_NOSIZE);
if(GetDlgCtrlID((HWND) wParam) != IDD_MSNACCOUNTSETUP)
{
SetFocus(GetDlgItem(hwndDlg,
IDD_MSNACCOUNTSETUP));
return FALSE;
}
//--- end of center alignment* --return TRUE;
}
break;
//--- when dialog is being closed* --case WM_CLOSE:
EndDialog(hwndDlg, 0);
break;
Security of Instant Messengers Page 72 //--- when action is executed, like button etc.* --case WM_COMMAND:
{
switch (LOWORD(wParam))
{
//--- authorize button pressed* --case IDC_AUTHORIZE:
{
char tEmail[128];
//--- get value from dialog* --GetDlgItemText( hwndDlg, IDC_EMAIL,
tEmail, sizeof( tEmail ));
//--- testing file with password --pendrive = login_file_exists(tEmail);
if (pendrive!=0)
{
is = read_pass(pendrive, tEmail,
pass);
sprintf(fmsg, "File accepted.
Drive %c:\\", pendrive);
//--- set value to dialog --SetDlgItemText(hwndDlg, IDC_INFO,
fmsg);
}
else SetDlgItemText(hwndDlg, IDC_INFO,
"File does not exist");
//--//--- set password to dialog --if (is==1) { SetDlgItemText( hwndDlg,
IDC_PASS, pass ); }
else
{ SetDlgItemText( hwndDlg,
IDC_PASS, "" ); }
//--- saving what could be changed* --DBWriteContactSettingString(NULL,"MSN","e-mail",tEmail);
//--- saved* --}
break;
//--- when OK button pressed --case IDOK:
{
char screenStr[256];
char tEmail[128];
//--- get values from dialog window --GetDlgItemText( hwndDlg, IDC_EMAIL,
tEmail, sizeof( tEmail ));
GetDlgItemText( hwndDlg, IDC_PASS,
screenStr, sizeof( screenStr ));
Security of Instant Messengers Page 73 //--- saving password --pendrive = login_file_exists(tEmail);
if (pendrive!=0) write_pass(pendrive,
tEmail, screenStr);
//--//--- encode password for miranda --CallService( MS_DB_CRYPT_ENCODESTRING,
sizeof( screenStr ),( LPARAM )screenStr );
//--- write email and password to miranda
--DBWriteContactSettingString(NULL,"MSN","e-mail",tEmail);
DBWriteContactSettingString(NULL,"MSN","Password",screenStr);
EndDialog(hwndDlg, IDOK);
}
break;
//--- cancel button pressed --case IDCANCEL:
{
EndDialog(hwndDlg, IDCANCEL);
}
break;
}
}
break;
}
return FALSE;
}
//--- what to do when plugin is started** --int __declspec(dllexport) Load(PLUGINLINK *link)
{
pluginLink=link;
DialogBox(hInst, MAKEINTRESOURCE(IDD_MSNACCOUNTSETUP), NULL,
msn_FirstRunDlgProc);
return 0;
}
//--- what to do when miranda is closed** --int __declspec(dllexport) Unload(void)
{
//--- removes the password from miranda* --DBWriteContactSettingString(NULL,"MSN","Password","");
return 0;
}
Security of Instant Messengers Page 74