Studying Skype - edit quotes
Compared with the previous article (which, judging by the changes in my karma, not everyone liked it), this is absolutely harmless.
Can you trust quotes from Skype? It would seem that they can not be edited, and after the recent disabling of support for html tags (in windows versions), this should be impossible. The answer to the question on the screenshot below:
')
The answer is that integrity and authorship of citations from Skype cannot be trusted. Surely many have heard about the security of the protocol and the whole program. But as usual, the mistakes are in the details. Nowhere is it claimed that the quotations are signed with a digital signature and they can be faithfully believed (well, or I have not found such an assertion), but in any case it is not so in practice.
Suppose that when copying a quote, Skype also appends to the clipboard and information about the author, date, etc., this is the simplest way, which, as it turned out later, the developers went. For further study, we do not need to disassemble Skype, just write our program (in the best traditions of the Smart UI pattern - this is where all the code is in the buttons) that “picks up” the clipboard. Out of habit, I will use c #, as the UI for speed, I will select win forms (forgive me, the haters of these technologies).
So, here is a mold with austere design:
According to one button, all data from the clipboard will be written to richEdit, on the other, the reverse operation will occur. Let's start the study. Judging by everything to work with the clipboard, the “System.Windows.Forms.Clipboard” class will do. It has a suitable method GetDataObject, which returns an object that implements the IDataObject interface (see msdn). The GetData method accepting as a Type parameter does not suit us, since the structure of the object saved to the clipboard by legal means cannot be known, but there is its overload with a string with “format”. This is very useful, considering that there is also a GetFormats method. So, here it is, the first step towards studying what Skype has saved to the clipboard:
We write “test text” in skype, copy our quote, paste it into the Skype window, to make sure that the quote has been copied, and execute the code. Let's look right in the debug, what is preserved in clipboardData.
I do not know about you, but I was very interested in the value with the SkypeMessageFragment key, maybe because it is a MemoryStream, although the rest simply have nothing interesting. So let's see what lies in this stream:
By running this, you can see this in richedit:
Honestly, I thought that my research ended in failure. Yes, there is an author, the time is sent in unix format, the text of the quotation itself, but in addition there is a guid value, where some hash is stored. Seeing this hash, I realized that this is most likely something like hmac. In any case, the quotation system should work something like this: Skype considers all the quotation data as a hash according to its super secret algorithm (possibly using a super secret key) and writes the resulting hash to the clipboard, and when a person inserts a quote into the window and sends it to chat, Skype checks the signature accuracy. The theory is good, but let's check if this is the case and make saving richEdit back to the clipboard:
When writing to stream, I intentionally did not use the using construct (calling Dispose on streamWriter spoils my MemoryStream) So, we launch the program, copy the quote from Skype, edit it in our “editor”, click Save and paste the quote back to Skype.
Honestly, I was very surprised that it worked. No, I, of course, sincerely hoped that it would work, but I was very surprised. If only because of my theory with hash, then why this guide is incomprehensible.
The real purpose of this article is to warn the public that skype quotes cannot be trusted. After all, it is a very powerful tool that can slander / deceive another person. In general, this is a new weapon in social engineering, so be vigilant and do not be lazy to test theory with practice.
PS The last section of the “code” contains all the sources, so I didn’t download to git. PPS I apologize for the excessive amount of indentation in the code when you turn on the option “Disable automatic line breaks and link creation.” Is the same nonsense. (highlighted the code with this http://highlight.hohli.com/ everything looked fine there)
Can you trust quotes from Skype? It would seem that they can not be edited, and after the recent disabling of support for html tags (in windows versions), this should be impossible. The answer to the question on the screenshot below:
')
The answer is that integrity and authorship of citations from Skype cannot be trusted. Surely many have heard about the security of the protocol and the whole program. But as usual, the mistakes are in the details. Nowhere is it claimed that the quotations are signed with a digital signature and they can be faithfully believed (well, or I have not found such an assertion), but in any case it is not so in practice.
Suppose that when copying a quote, Skype also appends to the clipboard and information about the author, date, etc., this is the simplest way, which, as it turned out later, the developers went. For further study, we do not need to disassemble Skype, just write our program (in the best traditions of the Smart UI pattern - this is where all the code is in the buttons) that “picks up” the clipboard. Out of habit, I will use c #, as the UI for speed, I will select win forms (forgive me, the haters of these technologies).
So, here is a mold with austere design:
According to one button, all data from the clipboard will be written to richEdit, on the other, the reverse operation will occur. Let's start the study. Judging by everything to work with the clipboard, the “System.Windows.Forms.Clipboard” class will do. It has a suitable method GetDataObject, which returns an object that implements the IDataObject interface (see msdn). The GetData method accepting as a Type parameter does not suit us, since the structure of the object saved to the clipboard by legal means cannot be known, but there is its overload with a string with “format”. This is very useful, considering that there is also a GetFormats method. So, here it is, the first step towards studying what Skype has saved to the clipboard:
private const string DataKey = "SkypeMessageFragment"; private Dictionary<string, object> clipboadData = new Dictionary<string, object>(); private string message; private void buttonLoad_Click(object sender, EventArgs e) { IDataObject iData = Clipboard.GetDataObject(); foreach (var format in iData.GetFormats()) { clipboadData[format] = iData.GetData(format); } using (StreamReader streamReader = new StreamReader(clipboadData[DataKey] as MemoryStream)) { message = streamReader.ReadToEnd(); (clipboadData[DataKey] as MemoryStream).Seek(0, SeekOrigin.Begin); } richTextBoxQuote.Text = message; } We write “test text” in skype, copy our quote, paste it into the Skype window, to make sure that the quote has been copied, and execute the code. Let's look right in the debug, what is preserved in clipboardData.
I do not know about you, but I was very interested in the value with the SkypeMessageFragment key, maybe because it is a MemoryStream, although the rest simply have nothing interesting. So let's see what lies in this stream:
private Dictionary<string, object> clipboadData = new Dictionary<string, object>(); private void buttonLoad_Click(object sender, EventArgs e) { IDataObject iData = Clipboard.GetDataObject(); foreach (var format in iData.GetFormats()) { clipboadData[format] = iData.GetData(format); } }
By running this, you can see this in richedit:
Honestly, I thought that my research ended in failure. Yes, there is an author, the time is sent in unix format, the text of the quotation itself, but in addition there is a guid value, where some hash is stored. Seeing this hash, I realized that this is most likely something like hmac. In any case, the quotation system should work something like this: Skype considers all the quotation data as a hash according to its super secret algorithm (possibly using a super secret key) and writes the resulting hash to the clipboard, and when a person inserts a quote into the window and sends it to chat, Skype checks the signature accuracy. The theory is good, but let's check if this is the case and make saving richEdit back to the clipboard:
using System; using System.Collections.Generic; using System.ComponentModel; using System.Data; using System.Drawing; using System.Linq; using System.Text; using System.Windows.Forms; using System.IO; namespace SkypeQuote { public partial class MainForm : Form { public MainForm() { InitializeComponent(); } private const string DataKey = "SkypeMessageFragment"; private Dictionary<string, object> clipboadData = new Dictionary<string, object>(); private string message; private void buttonLoad_Click(object sender, EventArgs e) { IDataObject iData = Clipboard.GetDataObject(); foreach (var format in iData.GetFormats()) { clipboadData[format] = iData.GetData(format); } using (StreamReader streamReader = new StreamReader(clipboadData[DataKey] as MemoryStream)) { message = streamReader.ReadToEnd(); (clipboadData[DataKey] as MemoryStream).Seek(0, SeekOrigin.Begin); } richTextBoxQuote.Text = message; } private void buttonSave_Click(object sender, EventArgs e) { message = richTextBoxQuote.Text; MemoryStream memoryStream = new MemoryStream(); StreamWriter streamWriter = new StreamWriter(memoryStream); streamWriter.Write(message); streamWriter.Flush(); memoryStream.Seek(0, SeekOrigin.Begin); clipboadData[DataKey] = memoryStream; IDataObject iData = new DataObject(); foreach (var item in clipboadData) { iData.SetData(item.Key, item.Value); } Clipboard.SetDataObject(iData, true); } } }
When writing to stream, I intentionally did not use the using construct (calling Dispose on streamWriter spoils my MemoryStream) So, we launch the program, copy the quote from Skype, edit it in our “editor”, click Save and paste the quote back to Skype.
Honestly, I was very surprised that it worked. No, I, of course, sincerely hoped that it would work, but I was very surprised. If only because of my theory with hash, then why this guide is incomprehensible.
The real purpose of this article is to warn the public that skype quotes cannot be trusted. After all, it is a very powerful tool that can slander / deceive another person. In general, this is a new weapon in social engineering, so be vigilant and do not be lazy to test theory with practice.
PS The last section of the “code” contains all the sources, so I didn’t download to git. PPS I apologize for the excessive amount of indentation in the code when you turn on the option “Disable automatic line breaks and link creation.” Is the same nonsense. (highlighted the code with this http://highlight.hohli.com/ everything looked fine there)
Source: https://habr.com/ru/post/138051/
All Articles