oSpy 1.8.2 -- all your hashes are belong to us
Ole Andre Vadla Ravnaas (oleavr) <oleavrgmailcom> Saturday, September 23 2006 21:41.36 CDT


I've been working on reverse-engineering Windows Live Messenger's newer authentication scheme lately, which was introduced with MSNP15 and implemented by the WLM 8.1 betas. This lead me to hooking the Crypt API to make it easy to pin down the code responsible for the new funky stuff. So here's 1.8.2 with quite a few changes:

UI:
- Made the HTTP parser smarter.
- Temporarily don't clear the messagequeue when starting a capture.
- Implemented scrolling in ASCII view mode.
- Minor improvements to the MSN parser.

Agent:
- Hooked parts of the Crypt API:
    CryptImportKey
    CryptExportKey
    CryptGenKey
    CryptGetKeyParam
    CryptDestroyKey

    CryptGenRandom

    CryptCreateHash
    CryptDestroyHash
    CryptHashData
    CryptGetHashParam
    CryptSetHashParam

- Implemented hooking of WLM's Passport DLL to get the debug messages. Not all of the internal debugging functions are currently hooked. This is temporarily disabled because it's work in progress, but can be easily enabled for those interested (just check out the code and build).
- Logging bugfixes.
- Extended FunctionName field from 16 to 32 characters.

Comments
Posted: Wednesday, December 31 1969 18:00.00 CST