IPB

Welcome Guest ( Log In | Register )

3 Pages V   1 2 3 >  
Closed TopicStart new topic
> Everything You Need To Know About Winks / Ddp's, or why you can not create them (yet)
timothy
post Jul 7 2005, 03:22 PM
Post #1



Group Icon

Group: Timothy
Posts: 771
Joined: 1-September 04
From: Netherlands
Member No.: 3



I’m getting tired about the amount of mails / pm's / topics about people trying to create winks and dynamic display pictures (DDP's) and << suddenly >> discover they dont work. So here is what is known about how they work.

File structure
Winks and DDP's are build out of 2 CAB files. The first file holds a XML file identifying if it's a wink or if it's a DDP. This file also has a certificate stored in form of a BASE64 string (more about this later). The second file is the cab file with the wink's content inside.

The second file exists out of 3 items. The first is a XML file this one holds information like names and filenames. The second file is a 50x50 PNG thumbnail file, with colour coding R8G8B8A8. The last file is a SWF version 6 file with the animation.

The certificate
This is the part where it goes wrong. ALL msn messenger winks and DDP's must have a BASE64 coded certificate, without a valid one it just wont install. Details about this certificate

Type : PKCS #7 ( p7b )
Algorithm: sha1RSA
Public Key: RSA(1024) hex
Thumbprint : sha1

some other info:
Issuer : CN = MSN Content Authentication CA , O = Microsoft Corporation , L = Redmond , S = Washington , C = US
Subject: CN = 42927679-e3f9-4625-823c-6e2bef73cadc , OU = MSN , O = Microsoft

Certificate Revocation Lists
This part of the certificate is only available from a SSL secured server. This part is used to create the new certificates used in first XML file.

Now, if you know anything about encryption, you will notice you could never ever recreate your own (unless you make a deal with Microsoft).

Will it ever be possible to "hack" this ?
Probably yes, we've found a tiny hole in its system, it appears MSN Messenger does accept invalid and expired certificates, but still not big enough to create our own winks.

All progress (if any !) will be posted here, every topic asking about "my home-brew wink does not work?" will be closed and redirected to this topic.
Go to the top of the page
 
+Quote Post
pleasant
post Jul 14 2005, 02:47 AM
Post #2


Mess.bedbug
*

Group: Members
Posts: 31
Joined: 1-October 04
Member No.: 754



sry im a noob but i thought when msn 7 beta was out you made a wink and exploited it?
Go to the top of the page
 
+Quote Post
Volv
post Jul 14 2005, 03:07 AM
Post #3


Mess.bemused
*****

Group: Members
Posts: 506
Joined: 8-October 04
Member No.: 1,272



pleasant, this was possible prior to MSN's implementation of the certificate for authentication.

This post has been edited by Volv: Jul 14 2005, 03:07 AM
Go to the top of the page
 
+Quote Post
pre
post Jul 14 2005, 04:50 AM
Post #4


www.canpanel.tk
******

Group: Members
Posts: 696
Joined: 8-October 04
From: Australia
Member No.: 1,275



Wow thanks for clearing that up... but as I have said many times before what’s wrong with making a simple add-on similar to sounds with Messenger Plus so you are able to send swf files to other people and they open in the window. Thus you won’t have any technical problems with all this certificate jargon.
Go to the top of the page
 
+Quote Post
TheSteve
post Jul 14 2005, 07:09 AM
Post #5


The Man from Japan
******

Group: Members
Posts: 693
Joined: 9-June 05
From: Fukuoka Japan
Member No.: 9,636



QUOTE(pre @ Jul 14 2005, 01:50 PM)
So you are able to send swf files to other people and they open in the window. Thus you won’t have any technical problems with all this certificate jargon.[right][snapback]73557[/snapback][/right]

The purpose of all of this certificate jargon is for your security. If you want to allow some one to run arbitrary code on your computer, go ahead and reimplement the security flaw that microsoft "fixed".
Go to the top of the page
 
+Quote Post
pre
post Jul 14 2005, 12:52 PM
Post #6


www.canpanel.tk
******

Group: Members
Posts: 696
Joined: 8-October 04
From: Australia
Member No.: 1,275



QUOTE(TheSteve @ Jul 14 2005, 04:39 PM)
The purpose of all of this certificate jargon is for your security. If you want to allow some one to run arbitrary code on your computer, go ahead and reimplement the security flaw that microsoft "fixed".
[right][snapback]73578[/snapback][/right]

Fair enough even though I wouldn’t really call it a “fix”...
Go to the top of the page
 
+Quote Post
TheSteve
post Jul 15 2005, 12:44 AM
Post #7


The Man from Japan
******

Group: Members
Posts: 693
Joined: 9-June 05
From: Fukuoka Japan
Member No.: 9,636



That's why it was in quotes msn_wink.gif
Go to the top of the page
 
+Quote Post
nutbar88
post Jul 19 2005, 08:11 AM
Post #8


Mess.beef
****

Group: Members
Posts: 212
Joined: 9-April 05
From: Guildford, Surrey
Member No.: 7,367



But Saying this there is talk over at the plus forum, so you can allow auto file transfer accept from a group of contacts,

you could have a program with an "allow list" and anyone on this list will be able to play custom winks and if you only add trusted sorces to the list it will be ok, we could also give our own "secuity certificates" people like patchou and dwergs so that custom mess and plus can include custom winks.

*goes away and plans the program*

if any one who has a little bit more programing knowlage than me would like to help me add me neverplayedthisgame@hotmail.com

Alan
Go to the top of the page
 
+Quote Post
GIBBO
post Aug 13 2005, 10:30 PM
Post #9


Mess.bean
*

Group: Members
Posts: 1
Joined: 13-August 05
Member No.: 11,445



im new here, i read the forum and signed up to giv my input..

there is a way to make winks but i dont know it.. i know there is a way mind u cos i downloaded sum from a website.. they seem to b japanese, they dont hav the titles though, where as sum winks will say bounceyball or lightbulb, these winks just labelled 'wink' all of them..

this makes me think they arent officially made by microsoft, and i downloaded them from wat seemed to b a private website not a microsoft related one.. i cant remember where i got them right now msn_rolleyes.gif

but im gonna look around and see if i can find them again..

if i can find the website i got them from, i will post here.. anyone interested, maybe the ppl running this site, would like to get in touch with them and ask how they were able to make them?

id ask but i wouldnt understand the answer pp.gif

.. just tryin to help ^_^
Go to the top of the page
 
+Quote Post
Volv
post Aug 13 2005, 11:22 PM
Post #10


Mess.bemused
*****

Group: Members
Posts: 506
Joined: 8-October 04
Member No.: 1,272



Chances are that they are official Japanese winks just ripped from a legitimate source.

@nutbar88: It's going to be more trouble trying to teach almost every single user how to make a wink than making the app itself...

This post has been edited by Volv: Aug 13 2005, 11:24 PM
Go to the top of the page
 
+Quote Post
DaRk_NiGhT
post Aug 27 2005, 03:07 AM
Post #11


Mess.bean
*

Group: Members
Posts: 8
Joined: 27-August 05
Member No.: 11,957



back to the topic about the security certificate... i installed some program to install dynamic pictures and it came with 2 certificate files signed by the MSN Content Authentication CA. Im hoping someone can use this so that custom dynamic pics are possible because paying $3 is just stupid....
Attached File(s)
Attached File  MSNCA.zip ( 55.3K ) Number of downloads: 1058
 
Go to the top of the page
 
+Quote Post
dvwiz
post Aug 27 2005, 04:15 AM
Post #12


Mess.bean
*

Group: Members
Posts: 2
Joined: 25-August 05
Member No.: 11,908



So I think a valid question would be: where can one find the contact info for Microsoft if I wanted to create a tool similar to BlueMountain or Meegos? And about how much does one as a partner needs to invest to provide this technology?

--Just a thought msn_thinking.gif

This post has been edited by dvwiz: Aug 27 2005, 04:30 AM
Go to the top of the page
 
+Quote Post
=[MaFia]=
post Aug 29 2005, 10:31 PM
Post #13


Mess.bean
*

Group: Members
Posts: 4
Joined: 29-August 05
From: =[MaFia]= Domain
Member No.: 12,093



...sup im new here (as u can see its my first post lol)
anw im "working" on winks all day and heres wt i found out

- u WILL need a certificate to install them
but
- u DONT need 1 to replase them

i have found where all winks located in HHD , i even found a M$ Key ( needed to istalled the winks). but i still havent replaced a wink sucessfully... anw i think its a mater of time before 1 do it or some1 else does....
Go to the top of the page
 
+Quote Post
TheSteve
post Aug 31 2005, 08:08 AM
Post #14


The Man from Japan
******

Group: Members
Posts: 693
Joined: 9-June 05
From: Fukuoka Japan
Member No.: 9,636



Attempting to replace them is a waste of time. If you replace them in the EXE, your contact will still see just the original wink,
If you try and replace them from the Winks3 dir, The files will no longer match the key that is stored in the MapFile directory and therefore be impossible to send.

However it is possible to extract the stamp from the map file and make a backup of the wink.

This post has been edited by TheSteve: Aug 31 2005, 08:08 AM
Go to the top of the page
 
+Quote Post
DaRk_NiGhT
post Sep 1 2005, 04:55 PM
Post #15


Mess.bean
*

Group: Members
Posts: 8
Joined: 27-August 05
Member No.: 11,957



1. anyone find anything useful in the files i attached before? maybe u can extract something from them idk...

2. where did u find the winks on the HDD? i found some stuff under
C:\Documents and Settings\(name>\Application Data\Microsoft\MSN Messenger\(weird numbers)\

Under that folder there are folders such as Winks3, DeluxeDisplayPictures, and DynamicBackgrounds. There are A LOT of .dat files in there so i think those are the content files but idk if someone can decompile them or dis-assemble them.

If i open one of the dynamic display pic dat files i can see some flash code which seems logical...
CODE
<package xmlns="http://messenger.msn.com/messengercontent/1.0" version="1.0" type="dynamicpicture" xmlns:dynamicpicture="http://messenger.msn.com/dynamicpicture/1.0" dynamicpicture:version="1.0" dynamicpicture:displayname="Glass Marble" partnerid="AG">
<item type="downlevel" mimetype="image/png" file="3081356f.png" />
<item contentid="M3081361" type="mood" dynamicpicture:default="true" mimetype="application/x-shockwave-flash" file="mood.swf" dynamicpicture:name="Standard Glass Marble" dynamicpicture:parameter="m=3081361&amp;np=1" />
<item contentid="M3081362" type="mood" dynamicpicture:default="false" mimetype="application/x-shockwave-flash" file="mood.swf" dynamicpicture:name="Happy Glass Marble" dynamicpicture:parameter="m=3081362&amp;np=1&amp;b=3081361" dynamicpicture:keysequence=":)" />
<item contentid="M3081363" type="mood" dynamicpicture:default="false" mimetype="application/x-shockwave-flash" file="mood.swf" dynamicpicture:name="Winking Glass Marble" dynamicpicture:parameter="m=3081363&amp;np=1&amp;b=3081361" dynamicpicture:keysequence=";)" />
<item contentid="M3081364" type="mood" dynamicpicture:default="false" mimetype="application/x-shockwave-flash" file="mood.swf" dynamicpicture:name="Laughing Glass Marble" dynamicpicture:parameter="m=3081364&amp;np=1&amp;b=3081361" dynamicpicture:keysequence=":D" dynamicpicture:keysequence2=":d" />
<item contentid="M3081365" type="mood" dynamicpicture:default="false" mimetype="application/x-shockwave-flash" file="mood.swf" dynamicpicture:name="Sad Glass Marble" dynamicpicture:parameter="m=3081365&amp;np=1&amp;b=3081361" dynamicpicture:keysequence=":(" dynamicpicture:keysequence2=":&apos;(" />
<item contentid="M3081366" type="mood" dynamicpicture:default="false" mimetype="application/x-shockwave-flash" file="mood.swf" dynamicpicture:name="Angry Glass Marble" dynamicpicture:parameter="m=3081366&amp;np=1&amp;b=3081361" dynamicpicture:keysequence=":@" dynamicpicture:keysequence2="wtf" dynamicpicture:keysequence3="WTF" dynamicpicture:keysequence4="8o|" />
</package>


although that code makes sense it is followed by a lot of other jumbled stuff

This post has been edited by DaRk_NiGhT: Sep 1 2005, 05:25 PM
Go to the top of the page
 
+Quote Post
berserk_87
post Sep 1 2005, 06:08 PM
Post #16


Mess.beagle
***

Group: Members
Posts: 179
Joined: 20-June 05
Member No.: 9,926



cool, its pretty easy to see the moods and keyboard shortcuts, didnt know saying 'wtf' made them do something pp.gif
Go to the top of the page
 
+Quote Post
izlude
post Sep 2 2005, 03:53 PM
Post #17


Mess.beanie
*

Group: Members
Posts: 17
Joined: 5-May 05
Member No.: 8,590



I can understand the DDP being swf for selecting the moods, but if they were so concerned about action script in flsah being used in a harmful way with winks, shouldn't they have just made it possible to make your own winks as animated gif + sound? (with a size restriction so they're not too bloated) it sounds simple enough doesn't it?
Go to the top of the page
 
+Quote Post
DaRk_NiGhT
post Sep 3 2005, 02:06 AM
Post #18


Mess.bean
*

Group: Members
Posts: 8
Joined: 27-August 05
Member No.: 11,957



perhaps too simple?

i dont really care about DynamicPics or winks to be honest, the main reason i submitted the files i found was to help the community... dont get me wrong, if i could make custom DDPs i would but to me its not worth the time to do all the decoding and encoding and such.

what i would really like to see is being able to use a gif as your display pic, although it would be nice to be able to use an swf
Go to the top of the page
 
+Quote Post
Monkey
post Sep 3 2005, 01:55 PM
Post #19


Mess.beachtowel
******

Group: *Valued Members
Posts: 735
Joined: 11-September 04
From: The Netherlands
Member No.: 104



Problem with .gif as winks is that if you have this wink in swf it will be 54,1kB if you save it as a gif it will be 2,98MB. That's without sound and a big lose of colors (gif is limited to 256 colors)
Also gifs look uglier when resized and the sound/color limit will be a problem.
And @DaRk_NiGhT, the .dat files there are actually .cab files, in there there's a content.xml which contain xml code info about the moods and stuff, it's not flash code.
You can't change anything in those dat files and you can't reuse them if you can't decode map.dat files.
Go to the top of the page
 
+Quote Post
DaRk_NiGhT
post Sep 3 2005, 04:22 PM
Post #20


Mess.bean
*

Group: Members
Posts: 8
Joined: 27-August 05
Member No.: 11,957



yeah gifs wouldnt work then... i have used them in web design and i have found them generally worthless....

so basically the first step for anyone trying to make winks or DDP's is to decode the map.dat files...? i would think that someone would be able to decode them, especially because we know what they are encoded with
Go to the top of the page
 
+Quote Post

3 Pages V   1 2 3 >
Closed TopicStart new topic

 



RSS Lo-Fi Version Time is now: 22nd January 2018 - 04:08 AM
© 2004-2008 Seb Skuse, mess.be.
MessForum v6.1.4 - created for, and for use only by mess.be.