Xirk: MSNP server in Node.js

Oh. Then this means Mobile 2003 SE doesn’t Like the modern certificates and ciphers because escargot is on https… Gosh I wish Escargot supported HTTP too for any device that doesn’t work with Https at all.

msn doesn’t use http, but https for auth, and we can’t change that, that’s why it doesn’t work

Never thought i’d say this but… Microsoft fucked up big time.

not really cause HTTPS is way more secure than HTTP, they did it for security reasons

And they just throw compatibility off the window.

They scarificed compatibility for security. If there only a way to install anything that can make MSN work on Mobile 2003 SE…

it was compatible at the time BECAUSE ssl certificates were different, the ones we have nowadays don’t work on older machines correctly unless you can update your local certificates, etc…

they didn’t think about 2024 when they were making msn back in the 2000s lol

anyways… little update on xirk, i got messages working! :slight_smile:
image

Hmmm, How should I get my Local Certificates for Mobile 2003 SE Updated…?

i don’t know, i’ve never updated certificates on windows mobile, and i don’t even know if it’s possible or not

I found this website, https://petri.com/adding_root_certificates_to_windows_mobile_2003_ppc/

Maybe I just need Escargot’s Certificates…?

Windows Mobile 2002 and 2003 (unpatched by the october 2003 update) should connect. patched (oct03) and 2003 SE however… Unless you can somehow find a certificate provider that still does 128-bit certificates (especially SHA1RSA), then no.

Those clients require SSLv2 or SSLv3 to work. SSLv2 is the worst of these, considering it requires a cert type that hasn’t been issued for the best of 20 years. And even though SSLv3 is still supported by OpenSSL, most certificates don’t work with it (still might be bound by the same limitation).

I’m pretty sure you can’t downgrade to WM2003FE’s instmsgr.exe either, as the Windows Mobile ABI (application binary interface) was reset in 2003SE, and for the most part, has been backwards compatible since.

Maybe, even if you could get a SHA1RSA certificate in 2024 (that isn’t self-signed, those are easy enough, I have one.), you’re still bound to SSLv3, considering most servers are written for OpenSSL 1.1+, unless you are willing to limit yourself for the sake of compatibility.

In short: it’s MSNP8 and the TweenerNexus key (helpful for debugging a PP1.4 server without binary patching for the betas that had it, I believe PPC2003SE’s instmsgr.exe also reacts to this var? I remember it doing something there…) won’t save you here

(And before you ask about changing the passport URL to like HTTP, i’m 99% sure that won’t even attempt to work, feel free to correct me if i’m wrong, a messenger version that does TweenerNexus is known after all, 5.0.0327)

TL;DR: no

1 Like

So Microsoft did accidentally ruin compatibility By introducing one of (if not) a patch that literally removes 128-bit certificate support.

??? no… it was a standard back in the days

encryption, etc… has changed a lot since the early 2000s, MSNP before version 8 used MD5 to authenticate which has been cracked for a long time, security has evolved, so it’s more difficult to make things that work with old devices since they are old

okay well this is the moment where i need help desperately :smiling_face_with_tear:

so basically with the way i handle multiline commands now there is a problem, i use a regex to check if the first three characters of the command to see if it corresponds to how a command would look, but this has caused problem when i send a message that corresponds to the regex of the command (for example starts with HEY or with a real command example MSG) because it checks that message line by line (separates using \r\n) and if the message isn’t a command it will just add it to the previous command in the parsed array

i’ve been stuck on this issue for a while now but it hasn’t become an actual issue that needs to be fixed asap until now, and i just can’t figure it out for some reason

here’s a screenshot that explains it a little simpler
image

i’m so so sorry if this is badly explained i’m really bad at explanations lmfao, if anyone can help i’d reallyyyy appreciate it :slight_smile:

if you want to see my “parsing” code (which is kinda janky) so that you can see how it can be improved, don’t hesitate to dm me on here or friend request me on discord (ppvris) and ask me on there :slight_smile:

okay so first of all, i managed to fix the issue i had! switchboard doesn’t need a parser so i just removed it, and it works fine without it

and also pretty much all switchboard handlers have been made, which means pretty much all chat functions work now!

here’s a little demo :slight_smile:
image

2 Likes

i have made a discord server for xirk where i’ll give updates pretty much daily on the project :slight_smile: join if you’re interested! (link shouldn’t expire)

i will continue to post updates here ofc, but not as much

Usually for commands, I check if the first three bytes of the packet is a known payload commands, if it is, mark the last parameter before the CR-LF as a length and slice the next X bytes as the payload and send to the relevant parser, and any remaining bytes are sent back into the resolver. Same for multiple commands in one packet.

An example of such a table is below: (goes up to like MSNP13? i know P21+ has NFY/PUT which are payloads.)

/**
  This list should only care about client sent commands, not server!
  Yes, some of these commands have server responses, but they aren't payloads!
  For example: "GCF" to the server is non-payload, but the response is!
  Another: "SDC" from the client is a payload, but the response is not!

  Here is a list of currently known payload commands (only impl' Client and Shared!)
  Client-only: QRY PAG PGD SDC UUN
  Server-only: NOT IPG UBX GCF UBN
  Shared     : MSG UUX ADL RML

  Note: Server UUX is technically a payload command, but always has length of 0.
**/

An example of such a parser would be the one on hypothetic: MSN Messenger Protocol - Resources - FAQ

2 Likes

thank you! that’s actually very useful

tweener authentication has been added which means msn 5.0 (and probably some higher versions, still have to try it out lol) now works!

here’s some screenshots of it in action :slight_smile:

2 Likes

this is very interesting

it reminds me of when i tried to do something roughly like this 2 years back