noxa.org - Project: DirtyTalk v1/v2

noxa.org

`Project: DirtyTalk v1/v2`

Overview
Name:	DirtyTalk v1/v2
Authors:	Ben Vanik (noxa)
Started:	2003-04-18 (v1) / 2003-05-08 (v2)	Finished:	2003-04-22 (v1) / 2003-05-20 (v2)
Status:	Completed / Cancelled
Technologies:	.NET / C# / Networking / Security / User Interface
Requirements:	.NET Framework 1.0, WinPcap
Release policy:	Private - Source not available
Additional help:	N/A
Category:	Security
Synopsis:	AIM packet-sniffer and decoder. This project has been superseded by DirtyTalk v3.

Contents
Screenshots	Downloads
Revision history	Details

Screenshots
	v1.0 - Initial test	2003-04-20
	This was the first version: basically I just ripped my capture engine from pktstudio, limited it to port 5190 (AIM), slapped on a crappy UI, and did some basic decoding. The coolest part is that it worked, and gave me something fun to watch at night!
	v1.2 - UI improvements	2003-04-22
	Here's an enhanced version - still crappy, but much easier to use and a lot more features. I added a hex view to help with message decoding/debugging, name resolution (you can see some on the left side getting resolved), and changed the display to only show messages.
	v1.2 - Watch tab	2003-04-22
	Basically the same as the other shot, but this time I remembered to add the line of code that adds the Watch tab. Watch basically lets you check a user in the listing and all their messages will be separated. Good for tracking those 'interesting' conversations :)
	v2.0 - Rewrite in progress	2003-05-19
	Here's a shot of v2 - I redid the UI, rewrote the capture engine, and was about to rewrite all the message decoders... then my network was switched and my visibility went from 700 nodes to about 48. This shot was taken before that, and you can see the packets/sec in the graph on the bottom.

Downloads
Date	Version	Binary	Source
N/A

Revision history
Date	Version	Type	Comments
2004-02-29	N/A	N/A	Project restarted as DirtyTalk v3.
2003-05-20	2.000.0000	Initial release	Rewrite of UI from scratch.
2003-04-22	1.002.0000	Feature change	UI improved drastically, although still horrid.
2003-04-21	1.001.0000	General	Feature additions and stability improvements. Able to decode almost all AIM traffic (relevant to communications).
2003-04-19	1.000.0000	Initial release	Experimental release; very poor UI, capture code, and database storage.

Details
Date:	2003-04-19	Author:	Ben Vanik (noxa)
This has to be my best project to date. Seriously. It's awesome. Basically it sniffs network traffic (using wpcap) and decodes all known AIM traffic. The first working version was completed in a little under 5 hours on the Sunday before finals week. No prior experience with packet sniffing in .NET (it wasn't too hard to wrap wpcap up into a class) or the AIM protocol. Talk about procrastination ;) It's not that hard to do - 99.9% of all AIM traffic is sent in plaintext with an annoying little bit of junk at the beginning. This makes formatting it for viewing easier than one could ever imagine. The hardest part was making it reliable, stable (I did get a ton of bluescreens thanks to the unstable packet capture driver), and able to decode all messages. Even with the last version I worked on 1/4th of all messages were hacked up or scrambled. I think most were file transfer initiations (which I was just ignoring the existence of for laziness purposes) or Unicode (which is a pain in the ass). The later versions I wrote were able to 'discover' local AIM users and resolve their names. This is the biggest problem with the whole deal - the only time the local AIM user name is ever sent over the network is during the initial login; that means that the app has to be running when they sign on or else you just know their IP. By leaving it running for a few nights I was able to resolve a majority of the network nodes with no problem. The biggest flaw with the app was the horrible storage mechanism. For ease of coding (read: more laziness) I just had an Access DB backend which was loaded when the app started and flushed when the app exited. This meant a crash would lose all the session data and starting/stopping took about 5 minutes. With only a week left before going home for the summer I didn't want to waste 3 days writing a nice caching algorithm and SQL backend ;) Please don't ask for this, as I won't give it to you. Not only because I don't believe in doing something devious with someone else's deviousness, but because this thing is horribly unstable. Bluescreens, random crashes, loss of network, and other such headaches are way too frequent.
Date:	2003-05-14	Author:	Ben Vanik (noxa)
v2 is meant to fix all the problems I encountered while creating it as well as solving some algorithm issues. Some of the biggest problems with v1 that will be fixed: Lack of foresight in the resolver - a single IP may have multiple AIM users (duh) Horrible UI - the most important part of the app Abysmal storage system - improved Access and new SQL backend (?) AIM only - planned extensions for MSN, ICQ (kinda AIM), Yahoo (?), Jabber, and maybe others Lack of flexibility - easy plug-in architecture is needed High rate of error - more testing and hacks will hopefully allow all messages to be decoded Missing neat thingies - things like a URL grabber, buddy icon decoder, and others would be fun As you can see, I have my work cut out for me. I would like, to start on the new version in hopes of having a base completed by the time fall semester starts. Think I can do it?... This project has been halted.
Date:	2004-02-29	Author:	Ben Vanik (noxa)
Project restarted as DirtyTalk v3.

©2008 Ben Vanik.