February 6, 2009 at 13:18Interesting coincidences. Part two.
After reading the topic about the suspicious implementation of the Jabber protocol in the Mail.ru Agent application, as well as the comments by Swappp and naum about the interesting lines present in the module , I decided to check what was inside.
Having spent half an hour searching for utilities and downloading the Mail.ru Agent binaries, I got a listing with a list of some lines present inside the JABBER_0X2001FACA.DLL file. For the convenience of a reader unfamiliar with the code of the jabber module from Miranda IM, I will give comparisons of the found strings with our source codes:
As we can see, almost all lines (except the last) are debugging information and enter either the functions for working with XML or the process of connecting to the XMPP network. I can notice that the rest of the jabber is strongly tied to the windows interface and / or the architecture of the Miranda itself.
Also, it may be interesting to use single quotes ['] in the XML stream, which also occurred in the branch 0.7 of the jabber module from the Miranda (double quotes ["] are used in branch 0.8, and they are subjectively more popular).
I am not an expert on internals binary modules for SymbianOS, but in the list of strings I also came across class names used in our codeto support different login methods. Judging by the presence of similar lines with "class-like" content and a number at the beginning, such lines are generated for most classes. I draw attention to the inconsistency of using the case of letters in the abbreviations MD5 and NTLM.
By the way, it’s interesting how NTLM authorization on a mobile phone is appropriate :) ( Update: they say it is appropriate and if desired, the hash can be calculated manually, but that’s not the point)
In the context of what I saw, there is an interesting comment about “what can be taken from Miranda”
It mentions exactly two questionable protocol components and the well-known modular architecture of Miranda IM. About the remaining parts of the protocol - not a word :)
I don’t know if our code is inside the Mobile Agent or it isn’t there - only the authors of the Agent can clearly say. The facts cited were collected exclusively from open sources for general familiarization with the situation. My knowledge of analyzing SymbianOS binary modules is rather scarce, and it would be interesting to hear the comments of Swappp and naum , especially in the light of this remark .
PS At the moment, binaries of the beta version of the Agent have been removed from the Mail.Ru site, and they are also deleted from other sites. Users who have installed version 1.15 on their phone will automatically “upgrade” to an older version 1.11.
Having spent half an hour searching for utilities and downloading the Mail.ru Agent binaries, I got a listing with a list of some lines present inside the JABBER_0X2001FACA.DLL file. For the convenience of a reader unfamiliar with the code of the jabber module from Miranda IM, I will give comparisons of the found strings with our source codes:
| XML processing (logging) | ||
|---|---|---|
| 00032C7C | TAG_MAX_LEN too small, ignore current tag | jabber_xml.cpp (192) |
| 00032CA8 | ATTR_MAX_LEN too small, ignore current tag | jabber_xml.cpp (214) |
| 00032CE0 | XML: skip tag | jabber_xml.cpp (343) |
| 00032CF8 | XML: Closing without opening tag | jabber_xml.cpp (419) |
| Base stanza processing (logging) | ||
| 0002C464 | Invalid top-level tag (only | jabber_thread.cpp (889) |
| 0002C4AC | Invalid top-level tag (only | jabber_thread.cpp (895) |
| Login process (logging) | ||
| 0002C6A8 | Requesting TLS | jabber_thread.cpp (667) |
| 0002C7D8 | after successful sasl | jabber_thread.cpp (831) |
| 0002C8AC | jabber_iqid.cpp (1456) | |
| 0002C968 | jabber_iqid.cpp (731) | |
| 0002CA8C | jabber_iqid.cpp (351) | |
| 0002E998 | Never publish the hash below | jabber_secur.cpp (191) |
| Login process (data) | ||
| 0002E900 | username = \ "% s \", realm = \ "% s \", nonce = \ "% s \", cnonce = \ "% s \", nc =% 08d, qop = auth, digest-uri = \ "xmpp /% s \", charset = utf-8, response =% 08x% 08x% 08x% 08x | jabber_secur.cpp (156) |
As we can see, almost all lines (except the last) are debugging information and enter either the functions for working with XML or the process of connecting to the XMPP network. I can notice that the rest of the jabber is strongly tied to the windows interface and / or the architecture of the Miranda itself.
Also, it may be interesting to use single quotes ['] in the XML stream, which also occurred in the branch 0.7 of the jabber module from the Miranda (double quotes ["] are used in branch 0.8, and they are subjectively more popular).
I am not an expert on internals binary modules for SymbianOS, but in the list of strings I also came across class names used in our codeto support different login methods. Judging by the presence of similar lines with "class-like" content and a number at the beginning, such lines are generated for most classes. I draw attention to the inconsistency of using the case of letters in the abbreviations MD5 and NTLM.
| Class names | |
|---|---|
| 0002EA18 | 11TJabberAuth |
| 0002EA30 | 10TPlainAuth |
| 0002EA4C | 8TMD5Auth |
| 0002EA64 | 9TNtlmAuth |
By the way, it’s interesting how NTLM authorization on a mobile phone is appropriate :) ( Update: they say it is appropriate and if desired, the hash can be calculated manually, but that’s not the point)
In the context of what I saw, there is an interesting comment about “what can be taken from Miranda”
I’m very interested in what exactly in the xmpp implementation would it be useful to “steal” from Miranda? Maybe the connection sequence? Yes, it seems to be described in open sources, moreover in detail. Maybe an xml parser? And why do we need it, we already had it and used it. Maybe the structure of the plugins? why do we need it - we have our own.
It mentions exactly two questionable protocol components and the well-known modular architecture of Miranda IM. About the remaining parts of the protocol - not a word :)
I don’t know if our code is inside the Mobile Agent or it isn’t there - only the authors of the Agent can clearly say. The facts cited were collected exclusively from open sources for general familiarization with the situation. My knowledge of analyzing SymbianOS binary modules is rather scarce, and it would be interesting to hear the comments of Swappp and naum , especially in the light of this remark .
PS At the moment, binaries of the beta version of the Agent have been removed from the Mail.Ru site, and they are also deleted from other sites. Users who have installed version 1.15 on their phone will automatically “upgrade” to an older version 1.11.