February 12, 2012 at 19:58Studying Skype - edit quotes
Compared to the previous article (which, judging by the changes in my karma, not everyone liked it), this is completely harmless.
Can I trust quotes from Skype? It would seem that they cannot be edited, and after the recent disabling of support for html tags (in windows versions), this should be impossible. The answer to the question in the screenshot below: The
answer is that you cannot trust the integrity and authorship of quotes from Skype. Surely many have heard about the security of the protocol and the program as a whole. But as usual, errors are in the details. Nowhere is it claimed that the quotes are digitally signed and can be firmly trusted (well, or I did not find such a statement), but in any case, in practice this is not so.
Suppose that when copying a quote, Skype also appends to the clipboard information about the author, date, etc., this is the easiest way that, as it turned out later, the developers went. For further study, we don’t need to disassemble Skype, just write our own program (in the best tradition of the Smart UI pattern - this is where all the code is in the buttons), which “picks” the clipboard. Out of habit, I will use c #, I will choose win forms as the UI for speed (yes, the haters of these technologies will forgive me).
So, here is an ascetic design mold:
On one button, all data from the clipboard will be written to richEdit, on the other, the reverse operation will occur. Let's start the study. Judging by everything, the "System.Windows.Forms.Clipboard" class is suitable for working with the clipboard. It has a suitable GetDataObject method that returns an object that implements the IDataObject interface (see msdn). The GetData method accepting as the Type parameter does not suit us, because the structure of the object saved to the clipboard cannot be recognized by legal methods, but there is an overload of the line with the “format”. This is very handy, given that there is also a GetFormats method. So, here it is, the first step to learning what Skype saved to the clipboard:
We write “test text” in skype, copy our quote, paste it into the Skype window to make sure that the quote was copied, and execute the code. Let's look right in the debug, what is saved in clipboardData.
I don’t know about you, but I was very interested in the value with the SkypeMessageFragment key, maybe because it is a MemoryStream, although there is simply nothing interesting in the rest. So let's see what lies in this stream:
Running this, in richedit, you can see this:
Honestly, I thought that on this my research ended in failure. Yes, there is an author, time for sending in unix format, the text of the quote itself, but in addition there is a guid value, where some kind of hash is stored. Having seen this hash, I realized that this is most likely something like hmac. In any case, the citation system should work something like this: Skype calculates the hash from all citation data according to its super secret algorithm (possibly using a super secret key) and writes the resulting hash to the clipboard, and when a person inserts a quote into the window and sends it to chat, skype verifies the signature. The theory is good, but let's check if this is the case and save the richEdit back to the clipboard:
When writing to stream, I intentionally did not use the using construct (calling the Dispose method on streamWriter spoils my MemoryStream) So, we run the program, copy the quote from Skype, edit it in our “editor”, click Save and paste the quote back into Skype.
Honestly, I was very surprised that this worked. No, of course, I sincerely hoped that this would work, but I was very surprised. At least because of my theory with hash, why then this guide is not clear.
The real purpose of this article is to warn the public that skype quotes cannot be trusted. After all, this is a very powerful tool with which you can slander / deceive another person. All in all, this is a new weapon in social engineering, so be vigilant and don't be lazy to test theory with practice.
PS in the last section “code” are all the sources, so I didn’t upload to git. PPS I apologize for the excessive number of indentation in the code when the option “Disable automatic line breaks and creating links.” Is the same nonsense. (the code was highlighted with this http://highlight.hohli.com/ everything looked fine there)
Can I trust quotes from Skype? It would seem that they cannot be edited, and after the recent disabling of support for html tags (in windows versions), this should be impossible. The answer to the question in the screenshot below: The
answer is that you cannot trust the integrity and authorship of quotes from Skype. Surely many have heard about the security of the protocol and the program as a whole. But as usual, errors are in the details. Nowhere is it claimed that the quotes are digitally signed and can be firmly trusted (well, or I did not find such a statement), but in any case, in practice this is not so.
Suppose that when copying a quote, Skype also appends to the clipboard information about the author, date, etc., this is the easiest way that, as it turned out later, the developers went. For further study, we don’t need to disassemble Skype, just write our own program (in the best tradition of the Smart UI pattern - this is where all the code is in the buttons), which “picks” the clipboard. Out of habit, I will use c #, I will choose win forms as the UI for speed (yes, the haters of these technologies will forgive me).
So, here is an ascetic design mold:
On one button, all data from the clipboard will be written to richEdit, on the other, the reverse operation will occur. Let's start the study. Judging by everything, the "System.Windows.Forms.Clipboard" class is suitable for working with the clipboard. It has a suitable GetDataObject method that returns an object that implements the IDataObject interface (see msdn). The GetData method accepting as the Type parameter does not suit us, because the structure of the object saved to the clipboard cannot be recognized by legal methods, but there is an overload of the line with the “format”. This is very handy, given that there is also a GetFormats method. So, here it is, the first step to learning what Skype saved to the clipboard:
private const string DataKey = "SkypeMessageFragment";
private Dictionary clipboadData = new Dictionary();
private string message;
private void buttonLoad_Click(object sender, EventArgs e)
{
IDataObject iData = Clipboard.GetDataObject();
foreach (var format in iData.GetFormats())
{
clipboadData[format] = iData.GetData(format);
}
using (StreamReader streamReader = new StreamReader(clipboadData[DataKey] as MemoryStream))
{
message = streamReader.ReadToEnd();
(clipboadData[DataKey] as MemoryStream).Seek(0, SeekOrigin.Begin);
}
richTextBoxQuote.Text = message;
}
We write “test text” in skype, copy our quote, paste it into the Skype window to make sure that the quote was copied, and execute the code. Let's look right in the debug, what is saved in clipboardData.
I don’t know about you, but I was very interested in the value with the SkypeMessageFragment key, maybe because it is a MemoryStream, although there is simply nothing interesting in the rest. So let's see what lies in this stream:
private Dictionary clipboadData = new Dictionary();
private void buttonLoad_Click(object sender, EventArgs e)
{
IDataObject iData = Clipboard.GetDataObject();
foreach (var format in iData.GetFormats())
{
clipboadData[format] = iData.GetData(format);
}
}
Running this, in richedit, you can see this:
Honestly, I thought that on this my research ended in failure. Yes, there is an author, time for sending in unix format, the text of the quote itself, but in addition there is a guid value, where some kind of hash is stored. Having seen this hash, I realized that this is most likely something like hmac. In any case, the citation system should work something like this: Skype calculates the hash from all citation data according to its super secret algorithm (possibly using a super secret key) and writes the resulting hash to the clipboard, and when a person inserts a quote into the window and sends it to chat, skype verifies the signature. The theory is good, but let's check if this is the case and save the richEdit back to the clipboard:
using System;
using System.Collections.Generic;
using System.ComponentModel;
using System.Data;
using System.Drawing;
using System.Linq;
using System.Text;
using System.Windows.Forms;
using System.IO;
namespace SkypeQuote
{
public partial class MainForm : Form
{
public MainForm()
{
InitializeComponent();
}
private const string DataKey = "SkypeMessageFragment";
private Dictionary clipboadData = new Dictionary();
private string message;
private void buttonLoad_Click(object sender, EventArgs e)
{
IDataObject iData = Clipboard.GetDataObject();
foreach (var format in iData.GetFormats())
{
clipboadData[format] = iData.GetData(format);
}
using (StreamReader streamReader = new StreamReader(clipboadData[DataKey] as MemoryStream))
{
message = streamReader.ReadToEnd();
(clipboadData[DataKey] as MemoryStream).Seek(0, SeekOrigin.Begin);
}
richTextBoxQuote.Text = message;
}
private void buttonSave_Click(object sender, EventArgs e)
{
message = richTextBoxQuote.Text;
MemoryStream memoryStream = new MemoryStream();
StreamWriter streamWriter = new StreamWriter(memoryStream);
streamWriter.Write(message);
streamWriter.Flush();
memoryStream.Seek(0, SeekOrigin.Begin);
clipboadData[DataKey] = memoryStream;
IDataObject iData = new DataObject();
foreach (var item in clipboadData)
{
iData.SetData(item.Key, item.Value);
}
Clipboard.SetDataObject(iData, true);
}
}
}
When writing to stream, I intentionally did not use the using construct (calling the Dispose method on streamWriter spoils my MemoryStream) So, we run the program, copy the quote from Skype, edit it in our “editor”, click Save and paste the quote back into Skype.
Honestly, I was very surprised that this worked. No, of course, I sincerely hoped that this would work, but I was very surprised. At least because of my theory with hash, why then this guide is not clear.
The real purpose of this article is to warn the public that skype quotes cannot be trusted. After all, this is a very powerful tool with which you can slander / deceive another person. All in all, this is a new weapon in social engineering, so be vigilant and don't be lazy to test theory with practice.
PS in the last section “code” are all the sources, so I didn’t upload to git. PPS I apologize for the excessive number of indentation in the code when the option “Disable automatic line breaks and creating links.” Is the same nonsense. (the code was highlighted with this http://highlight.hohli.com/ everything looked fine there)