Interesting coincidences. Part two.

    After reading the topic about the suspicious implementation of the Jabber protocol in the Agent application, as well as the comments by Swappp and naum about the interesting lines present in the module , I decided to check what was inside.

    Having spent half an hour searching for utilities and downloading the Agent binaries, I got a listing with a list of some lines present inside the JABBER_0X2001FACA.DLL file. For the convenience of a reader unfamiliar with the code of the jabber module from Miranda IM, I will give comparisons of the found strings with our source codes:
    XML processing (logging)
    00032C7CTAG_MAX_LEN too small, ignore current tagjabber_xml.cpp (192)
    00032CA8ATTR_MAX_LEN too small, ignore current tagjabber_xml.cpp (214)
    00032CE0XML: skip tagjabber_xml.cpp (343)
    00032CF8XML: Closing without opening tagjabber_xml.cpp (419)
    Base stanza processing (logging)
    0002C464Invalid top-level tag (only and allowed)jabber_thread.cpp (889)
    0002C4ACInvalid top-level tag (only allowed)jabber_thread.cpp (895)
    Login process (logging)
    0002C6A8Requesting TLSjabber_thread.cpp (667)
    0002C7D8after successful sasljabber_thread.cpp (831)
    0002C8AC iqIdGetBookmarksjabber_iqid.cpp (1456)
    0002C968 iqIdGetVcardjabber_iqid.cpp (731)
    0002CA8C iqIdGetRosterjabber_iqid.cpp (351)
    0002E998Never publish the hash belowjabber_secur.cpp (191)
    Login process (data)
    0002E900username = \ "% s \", realm = \ "% s \", nonce = \ "% s \", cnonce = \ "% s \", nc =% 08d, qop = auth, digest-uri = \ "xmpp /% s \", charset = utf-8, response =% 08x% 08x% 08x% 08xjabber_secur.cpp (156)

    As we can see, almost all lines (except the last) are debugging information and enter either the functions for working with XML or the process of connecting to the XMPP network. I can notice that the rest of the jabber is strongly tied to the windows interface and / or the architecture of the Miranda itself.

    Also, it may be interesting to use single quotes ['] in the XML stream, which also occurred in the branch 0.7 of the jabber module from the Miranda (double quotes ["] are used in branch 0.8, and they are subjectively more popular).

    I am not an expert on internals binary modules for SymbianOS, but in the list of strings I also came across class names used in our codeto support different login methods. Judging by the presence of similar lines with "class-like" content and a number at the beginning, such lines are generated for most classes. I draw attention to the inconsistency of using the case of letters in the abbreviations MD5 and NTLM.
    Class names

    By the way, it’s interesting how NTLM authorization on a mobile phone is appropriate :) ( Update: they say it is appropriate and if desired, the hash can be calculated manually, but that’s not the point)

    In the context of what I saw, there is an interesting comment about “what can be taken from Miranda”
    I’m very interested in what exactly in the xmpp implementation would it be useful to “steal” from Miranda? Maybe the connection sequence? Yes, it seems to be described in open sources, moreover in detail. Maybe an xml parser? And why do we need it, we already had it and used it. Maybe the structure of the plugins? why do we need it - we have our own.

    It mentions exactly two questionable protocol components and the well-known modular architecture of Miranda IM. About the remaining parts of the protocol - not a word :)

    I don’t know if our code is inside the Mobile Agent or it isn’t there - only the authors of the Agent can clearly say. The facts cited were collected exclusively from open sources for general familiarization with the situation. My knowledge of analyzing SymbianOS binary modules is rather scarce, and it would be interesting to hear the comments of Swappp and naum , especially in the light of this remark .

    PS At the moment, binaries of the beta version of the Agent have been removed from the Mail.Ru site, and they are also deleted from other sites. Users who have installed version 1.15 on their phone will automatically “upgrade” to an older version 1.11.

    Also popular now: