Might be able use real Live accounts to log in


#1

Apparently validating Live credentials is as easy as POSTing to https://login.live.com/RST.srf. I can change the server so that people would get entered into the Escargot database the first time they log in with a real Windows Live account, and that would get rid of the sign up form and make using Escargot even easier. The contacts, though, would still be unrelated to whatever contacts you have on Skype.

What are everyone’s thoughts?


#2

But will you have access to the passwords?


#3

I am in favour of this, I think this is the best approach as it would make it far more seamless.
I do wonder how that approach would work with Microsoft Account 2FA or App Passwords, as that was a Reviver 2 problem with authentication.

Re: Contacts, I believe you could pull them off via OAuth auth separately and then pull them into the Escargot database as an option or tool later on (or Messenger’s ctt files).


#4

@Lucas The passwords come from the users (when they enter them to MSN) and Escargot will pass them to the Live service for authentication.

@TReKiE Good point about 2FA, I’ll test it and see what happens. Don’t know what App Passwords are. I thought to read/write contacts I’d need to interface with the Skype protocol which is undocumented, do you know of a different way?


#5

I wonder if the problem of having to do username|password@email.com deal for versions before 5.0 and 7.5 will be an issue if we use Windows Live ID accounts…


#6

@valtron

They’re the per-application passwords for applications that don’t support 2FA, for example a separate password just for a POP3 client.

Well I was thinking of Creating and reading Outlook.com contacts, the new Outlook Contacts REST API reference or even Graph. I’ll spend some time in Postman one of these days and see exactly what you can get, I’m not 100% sure when it comes to getting the original Messenger contacts.


#7

I cannot sign in MSN Messenger. I still receive the following: Signing in to MSN Messenger failed because the service is temporarily unavailable. Please try again later. 81000395.
Marek


#8

try 7.5
https://storage.googleapis.com/escargot-storage-1/public/msn-7.5.0324-patched.zip

to log in on 7.5 —>

username —> (youre-mail)|(password)@hotmail.com/msn.com or whatever you have

password–> put your password here


#9

If possible when errors occur on either server will you be able to have control over those fixes after connecting to the live service? I am just asking so that we can report errors that occur to you instead of Microsoft directly. :smile:


#10

Hi:
I have just installed msn 7.5.0324 patched.zip. I understand you suggest me to enter my password into e-mail addres. It will be visible for everyone,won’t be? Something is not so here.
Marek


#11

@Marek No it won’t be visible to everyone. :smiley: it will be visible as the name of the username in the chat history folder for your messenger chat log. it’s suggested to keep the chat log folder private. I’m glad you asked since i was also confused about it at first. disabling the chat log would help to keep it private too.


#12

IT WILL NOT BE VISIBLE to anywhere. thats the temporary way to login on 7,5

if you dont like just simple roll back on th 7.0 and log in the regural way


#13

Isnt it?

i think you are badly mistaking here.
No encryption, means that it can be seen by pretty much anyone on the internet.
This is only really safe to use with an server who has set its encryption right,
and with a client that does support login encryption which is WLM2012 only.

Dont get me wrong its an awesome project.
But just dont use your primary account for it.


#14

If you use it in a public network, then sure it is.


#15

To clarify: what Alexis means is that if you log in with pipeauth, your password will not be sent to your contacts. The server purges it from outgoing MSNP messages.

Sintezza and Raymonf are also correct, because pipeauth sends the entire contents of the email field as cleartext to the server.

@Sintezza, MSN >= 5 all use HTTPS for the login process (it happens outside of the unencrypted MSNP connection).

Edit: I’ll take this chance again to recommend everyone use 7.0 for now. I was too excited when the pipeauth workaround worked to think about the consequences, and what do you know, a few days later Microsoft shuts down the last remaining servers and there’s a huge influx of users that were following the unsafe instructions for using 7.5…


#16

Thank you all for the feedback, your raised very good points about security. It definitely will not be a good idea to do this, until encrypted login is properly implemented for all versions of MSN and we no longer need that terrible, terrible “pipeauth”. We’re making slow but steady progress for doing this on MSN >= 7.5 (MSN 5 though 7.0 already log in properly.)

MSN < 5 on the other hand… :unamused:


#17

I still cannot log in either 7.0 or 7.5. The both do not connect to Escargot MSN Server. They are redirected to Microsoft Net Password.
Marek


#18

Try download pré-patched from here:

https://escargot.log1p.xyz/#downloads

Pre-patched is now full installer.


#19

so EscarSoft (my codename for this project) has already started.Thanks Escargot engineers!