I am about to push out 1.04 here is the final changelog
1.04 changelog
1. added support for SSL on port 5222 (New style) (XMPP)
2. added support for digest md5 authentication mechanism (XMPP)
3. added support facebook chat (XMPP)
4. added basic support for AOL Instant Messenger (AIM)
5. uses the contact's full name from vCard if available instead of username (XMPP)
6. opening a conversation shows the last 20 messages not 30. speeds up loading
7. added network activity indicator on top bar
8. fixed bug where some offline messages were being ignored
9. fixed several crashing bugs
10. fixed random disconnect/reconnect issue
11. modified message theme to have less image loading and better space use
12. tested with jabberd2 servers
There is a new screen shot to go along with this of course
Tuesday, February 16, 2010
Monday, February 15, 2010
How weak is Facebook's XMPP security?
As I mentioned earlier, Facebook does not use SSL on their new XMPP server. All of their security is based on an algorithm called Digest-Md5. As the name says this is based on the popular MD5 hashing algorithm that is no longer considered secure. From Facebook:
Regarding MD5:
US-CERT, the US Department of Homeland Security's Computer Emergency Readiness Team, says:
No SSL:
What happens when you don't use SSL for your chat? People sniffing the network can see what you are saying. This is very simple to do.
Either use tcpdump from the command line (works on Mac,linux etc) or grab a packet sniffer like wireshark . I would recommend wireshark anyway because it makes the next part even easier. If you used tcp dump, this you would have something like this
Lets say you have a network dump somehow and you open up wire shark. set it to filter jabber and you will start to see something like this. I've highlighted a message packet so you can see that I was able to read this message someone sent.
Now everything sent on the network can be read and the password "security" is based on MD5 right? behold a captured password sequence:
cmVhbG09ImNoYXQuZmFjZWJvb2suY29tIixub25jZT0iNjdFRDdCQTg3NjgwN0MyOEIzQUI2RkE2MzRGQTE2MDUiLHFvcD0iYXV0aCIsY2hhcnNldD11dGYtOCxhbGdvcml0aG09bWQ1LXNlc3M=
this decodes from base64 to:
realm="chat.facebook.com",nonce="67ED7BA876807C28B3AB6FA634FA1605",qop="auth",charset=utf-8,algorithm=md5-sess
Excellent we have some information. The client replied with:
dXNlcm5hbWU9InNvbWVvbmUiLHJlYWxtPSJjaGF0LmZhY2Vib29rLmNvbSIsbm9uY2U9IjY3RUQ3QkE4NzY4MDdDMjhCM0FCNkZBNjM0RkExNjA1Iixjbm9uY2U9ImQzM2M4ODYyMTI2NjI2NTYzNzcxMDk3YjcwIixuYz0wMDAwMDAwMSxxb3A9YXV0aCxkaWdlc3QtdXJpPSJ4bXBwL2NoYXQuZmFjZWJvb2suY29tIixyZXNwb25zZT01MjBhMjdiOWRjOTE5NWRjMTJjNTVjZGY4MTUyOWI2MixjaGFyc2V0PXV0Zi04
this decodes from base64 to:
username="someone",realm="chat.facebook.com",nonce="67ED7BA876807C28B3AB6FA634FA1605",cnonce="d33c8862126626563771097b70",nc=00000001,qop=auth,digest-uri="xmpp/chat.facebook.com",response=520a27b9dc9195dc12c55cdf81529b62,charset=utf-8
Nonce and cnonce are used to calculate the encrypted "response". This is where the password is. nonce and cnonce are really there for one time use to prevent a replay attack.
What do we know now?
password hash: 520a27b9dc9195dc12c55cdf81529b62
nonce: 67ED7BA876807C28B3AB6FA634FA1605
cnonc: d33c8862126626563771097b70
qpop: auth
nc: 00000001
password hash is based on a series of md5 hashes:
first hash (X) is of username:realm:password
we know this to be = someone:chat.facebook.com: (password)
Next hash (Y) is X:nonce:cnonce
we know this to be: (password hash): 67ED7BA876807C28B3AB6FA634FA1605: d33c8862126626563771097b70
Next hash (Z) fully known to be of AUTHENTICATE:xmpp/chat.facebook.com
Final hash is the response value, which is also known and we know it is in the form:
Y:nonce:nc:cnonce:qop:Z
we fully know Z, nonce, cnonce, qpop, nc
The only thing missing here is Y, which is dependent on X, which is just an unsalted MD5 hash based on a password. How would you crack this? There are a few ways, but the simplest in most cases is just to use rainbow tables but compute the hash 2 times more using the other parts of the string from above and see if it matches the response. I'm going to stop the explanation here for obvious reasons. More info on rainbow tables here:
http://www.freerainbowtables.com/
http://en.wikipedia.org/wiki/Rainbow_table
There is also the possibility of finding another string that will create the same password hash. This is called a hash collision. In this case, the attacker doesn't even need to know the actual password. They can just use this other string in its place and access an account just the same.
If the person is using a short or insecure password a dedicated attacker (identity thieves, spammers etc) should have it cracked easily and since the packet was captured, the attacker can test against the password as much as he likes on his own machine.
No. At this time, Facebook Chat does not support SSL.
Does Facebook Chat use plaintext authentication?
No. Facebook Chat uses DIGEST-MD5 during authentication.
No. Facebook Chat uses DIGEST-MD5 during authentication.
Are my Chat messages encrypted?
No. However, authentication information is secured using DIGEST-MD5.
No. However, authentication information is secured using DIGEST-MD5.
US-CERT, the US Department of Homeland Security's Computer Emergency Readiness Team, says:
- "Do not use the MD5 algorithm"
"Software developers, Certification Authorities, website owners, and users should avoid using the MD5 algorithm in any capacity. As previous research has demonstrated, it should be considered cryptographically broken and unsuitable for further use." - "Scrutinize SSL certificates signed by certificates using the MD5 algorithm"
"Users may wish to manually analyze the properties of web site certificates (...) Certificates listed as md5RSA or similar are affected. Such certificates that include strange or suspicious fields or other anomalies may be fraudulent. Because there are no reliable signs of tampering it must be noted that this workaround is error-prone and impractical for most users."
No SSL:
What happens when you don't use SSL for your chat? People sniffing the network can see what you are saying. This is very simple to do.
Either use tcpdump from the command line (works on Mac,linux etc) or grab a packet sniffer like wireshark . I would recommend wireshark anyway because it makes the next part even easier. If you used tcp dump, this you would have something like this
sudo tcpdump -i en0 -s500 -w ~/Desktop/DumpFile01.pcap -vv
Lets say you have a network dump somehow and you open up wire shark. set it to filter jabber and you will start to see something like this. I've highlighted a message packet so you can see that I was able to read this message someone sent.
Now everything sent on the network can be read and the password "security" is based on MD5 right? behold a captured password sequence:
this decodes from base64 to:
realm="chat.facebook.com",nonce="67ED7BA876807C28B3AB6FA634FA1605",qop="auth",charset=utf-8,algorithm=md5-sess
Excellent we have some information. The client replied with:
dXNlcm5hbWU9InNvbWVvbmUiLHJlYWxtPSJjaGF0LmZhY2Vib29rLmNvbSIsbm9uY2U9IjY3RUQ3QkE4NzY4MDdDMjhCM0FCNkZBNjM0RkExNjA1Iixjbm9uY2U9ImQzM2M4ODYyMTI2NjI2NTYzNzcxMDk3YjcwIixuYz0wMDAwMDAwMSxxb3A9YXV0aCxkaWdlc3QtdXJpPSJ4bXBwL2NoYXQuZmFjZWJvb2suY29tIixyZXNwb25zZT01MjBhMjdiOWRjOTE5NWRjMTJjNTVjZGY4MTUyOWI2MixjaGFyc2V0PXV0Zi04
this decodes from base64 to:
username="someone",realm="chat.facebook.com",nonce="67ED7BA876807C28B3AB6FA634FA1605",cnonce="d33c8862126626563771097b70",nc=00000001,qop=auth,digest-uri="xmpp/chat.facebook.com",response=520a27b9dc9195dc12c55cdf81529b62,charset=utf-8
Nonce and cnonce are used to calculate the encrypted "response". This is where the password is. nonce and cnonce are really there for one time use to prevent a replay attack.
What do we know now?
password hash: 520a27b9dc9195dc12c55cdf81529b62
nonce: 67ED7BA876807C28B3AB6FA634FA1605
cnonc: d33c8862126626563771097b70
qpop: auth
nc: 00000001
password hash is based on a series of md5 hashes:
first hash (X) is of username:realm:password
we know this to be = someone:chat.facebook.com: (password)
Next hash (Y) is X:nonce:cnonce
we know this to be: (password hash)
Next hash (Z) fully known to be of AUTHENTICATE:xmpp/chat.facebook.com
Final hash is the response value, which is also known and we know it is in the form:
Y:nonce:nc:cnonce:qop:Z
we fully know Z, nonce, cnonce, qpop, nc
The only thing missing here is Y, which is dependent on X, which is just an unsalted MD5 hash based on a password. How would you crack this? There are a few ways, but the simplest in most cases is just to use rainbow tables but compute the hash 2 times more using the other parts of the string from above and see if it matches the response. I'm going to stop the explanation here for obvious reasons. More info on rainbow tables here:
http://www.freerainbowtables.com/
http://en.wikipedia.org/wiki/Rainbow_table
There is also the possibility of finding another string that will create the same password hash. This is called a hash collision. In this case, the attacker doesn't even need to know the actual password. They can just use this other string in its place and access an account just the same.
If the person is using a short or insecure password a dedicated attacker (identity thieves, spammers etc) should have it cracked easily and since the packet was captured, the attacker can test against the password as much as he likes on his own machine.
Sunday, February 14, 2010
New optimized space icon
I've implemented the full stockholm theme now, each message from a user does not load the icon and colored bar all over again. This leads to dramatically faster loading of chat windows and much better use of space. Compare below to what we had before.
The biggest improvement is in landscape mode with the keyboard on. You can now see up to 5 lines above the keyboard and the input box.
old landscape in 1.03
1.04 will support Digest-Md5 and Facebook
I have added Digest-Md5 support to Monal and it will be in 1.04 . I added this because it is what Facebook uses. I will have a Facebook preset in Monal with all of the server settings in 1.04. Hopefully facebook will fix the lack of SSL by then as well. It also looks like I need to support aliases. Facebook chat is unusable and confusing without it.
Saturday, February 13, 2010
Monal supports AIM
As I have said from the beginning, Monal will be a multi protocol instant messenger client. Something to look for in 1.04
Friday, February 12, 2010
Monal mentioned on Cnet podcast
There is a mention of Monal and the Facebook XMPP security hole on today's Buzz Out Loud podcast. You can hear it at 35:45 mark.
Listen to it here:
http://www.cnet.com/8301-19709_1-10452774-10.html
People have also voted up the SSL bug on the Facebook developers site.
Listen to it here:
http://www.cnet.com/8301-19709_1-10452774-10.html
People have also voted up the SSL bug on the Facebook developers site.
Warning on Facebook XMPP
I just finished looking at the new Facebook XMPP server. I strongly recommend against using it.
This is probably one of the worst implementations ever. The chat does not use SSL encryption unlike almost every other server. Better yet, they decided to use an authentication scheme called Digest-MD5, which aside from having varying implementations and compatibility problems was DEPRECATED by the IETF in January 2009 ( https://tools.ietf.org/html/draft-ietf-sasl-digest-to-historic ) because it can be cracked. Facebook has just opened up a gaping hole in their security. Someone at facebook needs to be fired.
The link above explains many of the problems with Digest-MD5 but this is the best one.
8. The cryptographic primitives in DIGEST-MD5 are not up to today's
standards, in particular:
A. The MD5 hash is sufficiently weak to make a brute force
attack on DIGEST-MD5 easy with common hardware.
B. Using the RC4 algorithm for the security layer without
discarding the initial key stream output is prone to attack.
This is probably one of the worst implementations ever. The chat does not use SSL encryption unlike almost every other server. Better yet, they decided to use an authentication scheme called Digest-MD5, which aside from having varying implementations and compatibility problems was DEPRECATED by the IETF in January 2009 ( https://tools.ietf.org/html/draft-ietf-sasl-digest-to-historic ) because it can be cracked. Facebook has just opened up a gaping hole in their security. Someone at facebook needs to be fired.
The link above explains many of the problems with Digest-MD5 but this is the best one.
8. The cryptographic primitives in DIGEST-MD5 are not up to today's
standards, in particular:
A. The MD5 hash is sufficiently weak to make a brute force
attack on DIGEST-MD5 easy with common hardware.
B. Using the RC4 algorithm for the security layer without
discarding the initial key stream output is prone to attack.
Thursday, February 11, 2010
Facebook and 1.03
Monal 1.03 has been released into the wild. Grab it from itunes. As mentioned earlier, this version has the improved landscape and support for self signed SSL certificates.
I just found out that Facebook added support for XMPP chat. Oddly, it uses the deprecated Digest-Md5 authentication and no SSL. Because digest-md5 was deprecated and sasl plain over SSL was the defacto standard, I never bothered implementing it. I guess I have to do it now.
I just found out that Facebook added support for XMPP chat. Oddly, it uses the deprecated Digest-Md5 authentication and no SSL. Because digest-md5 was deprecated and sasl plain over SSL was the defacto standard, I never bothered implementing it. I guess I have to do it now.
Wednesday, February 10, 2010
Improving SSL in 1.04 (works on 5222)
This is probably one of the most requested features. SSL now works on port 5222 using the "new style" SSL connection that uses the StartTLS command. It isn't 100% reliable yet, which is why it wasn't pushed out in yesterday's 1.03 but it will definitely be in 1.04. This combined with support the support for unsigned SSL certificates already in 1.03 should satisfy almost everyone.
Tuesday, February 9, 2010
1.03 submitted
Its only been a few days since 1.02 was released, but I think I've gotten enough feed back to push out a quick 1.03 update. The improved landscape and SSL support should make the application much more usable and I saw no reason to sit on it. Expect 1.03 by the end of the week.
The full changelog below. I am also going to update the FAQ to clarify that 1.03 supports self signed certificates.
1. Self signed SSL certificates now work
2. removed non public API used
3. improved xmpp support
4. message send failure is treated as a disconnection and handled automatically
5. navigation bar and status bar now disappear in landscape mode
6. scroll to the newest message when first going into a chat now
7. adjusted brightness of icon so it isnt so dark
The full changelog below. I am also going to update the FAQ to clarify that 1.03 supports self signed certificates.
1. Self signed SSL certificates now work
2. removed non public API used
3. improved xmpp support
4. message send failure is treated as a disconnection and handled automatically
5. navigation bar and status bar now disappear in landscape mode
6. scroll to the newest message when first going into a chat now
7. adjusted brightness of icon so it isnt so dark
Monday, February 8, 2010
Improving SSL in 1.03
There has been some criticism on the itunes store about the lack of support for self signed certificates when using SSL. 1.03 now supports self signed certificates.
Saturday, February 6, 2010
Improving landscape in 1.03
A user pointed out to me that the old landscape mode had lots of wasted space at the top. In 1.03, when the phone goes to landscape, the navigation bar and status bar disappear. This recovers that space and when using a keyboard, much more can be seen on top.
Friday, February 5, 2010
Monal 1.02 Approved
You can grab the newest version on the iTunes store now.
Don't forget to rate in itunes and Digg!
Don't forget to rate in itunes and Digg!
Tuesday, February 2, 2010
Monal 1.02/1.03 FAQ
Here is a quick list of things i think people should know when trouble shooting the next release. If there is anything else, post a comment and I will try to address it.
What servers have you tested this with?
Monal 1.02 has been tested mostly with google talk, openfire and ejabberd.
Openfire has been very heavily tested on multiple versions all the way up to 3.6.4.
ejabberd was tested on jabbim.com .
What SSL settings work?
At the moment only old style SSL works. This means if you are going to use SSL it probably should be on port 5223. If you connect on 5222 with SSL it will not work.
What server settings work?
The server must support SASL Plain authentication. This is the standard and should not be a problem for most people. Connections to port 5222 should not have SSL enabled. To use SSL you need to use port 5223. Not all servers support SSL on port 5223 if your server does not, you can either use 5222 without SSL if you are ok with that.
What if the certificate on the server does not match the server address?
Monal does not check to make sure that the certificate name and the server name are the same. SSL connections to these servers should work fine.
What if I have a self signed certificate?
Edit: the answer below applies for 1.02 only. 1.03 supports self signed certificates.
Monal does not support servers with self signed certificates right now. You cannot use SSL to connect to a a server with self signed certificates.
Why does the program slow down when I open it the first time/ connect to a server the first time.
Monal tries to download all the buddy icons after loading the list of people online. This takes up resources and might slow things down depending on how many buddies you have, how fast your connection is and how big your icons are.
Why does the chat screen flash when I load a new conversation.
Monal basically uses a web view (safari) to show the chat window in all its glory. The flash is safari loading the page. This only happens when you first start a chat
How do I delete chat history?
Go to the chat logs and swipe to delete all history with that user or click "Edit" on the upper right to select items and delete them. If you want to delete all logs, delete the log that is an entry for your own user. This will delete every message you have received or sent.
What servers have you tested this with?
Monal 1.02 has been tested mostly with google talk, openfire and ejabberd.
Openfire has been very heavily tested on multiple versions all the way up to 3.6.4.
ejabberd was tested on jabbim.com .
What SSL settings work?
At the moment only old style SSL works. This means if you are going to use SSL it probably should be on port 5223. If you connect on 5222 with SSL it will not work.
What server settings work?
The server must support SASL Plain authentication. This is the standard and should not be a problem for most people. Connections to port 5222 should not have SSL enabled. To use SSL you need to use port 5223. Not all servers support SSL on port 5223 if your server does not, you can either use 5222 without SSL if you are ok with that.
What if the certificate on the server does not match the server address?
Monal does not check to make sure that the certificate name and the server name are the same. SSL connections to these servers should work fine.
What if I have a self signed certificate?
Edit: the answer below applies for 1.02 only. 1.03 supports self signed certificates.
Monal does not support servers with self signed certificates right now. You cannot use SSL to connect to a a server with self signed certificates.
Why does the program slow down when I open it the first time/ connect to a server the first time.
Monal tries to download all the buddy icons after loading the list of people online. This takes up resources and might slow things down depending on how many buddies you have, how fast your connection is and how big your icons are.
Why does the chat screen flash when I load a new conversation.
Monal basically uses a web view (safari) to show the chat window in all its glory. The flash is safari loading the page. This only happens when you first start a chat
How do I delete chat history?
Go to the chat logs and swipe to delete all history with that user or click "Edit" on the upper right to select items and delete them. If you want to delete all logs, delete the log that is an entry for your own user. This will delete every message you have received or sent.
Subscribe to:
Posts (Atom)