MSN Chat was the Microsoft Network interpretation of IRCX ( Internet Relay Chat extensions by Microsoft ), which replaced Microsoft Chat, a fit of Exchange-based IRCX servers foremost available in the Microsoft Comic Chat client, although Comic Chat was not required to connect. [ citation needed ]

history [edit ]

Client Compatibility

According to the MSN Chat web site, the following were required to use the MSN Chat Service :
The Microsoft Network Chat Control was developed as an ActiveX Component Object Model ( COM ) Object. ActiveX, being a Microsoft technology provided limited compatibility for early products. The other major platforms beside Internet Explorer that MSN Chat was supported on, was Netscape Navigator and MSNTV ( once known as WebTV ). To ensure the MSN Chat network was only being connected to by empower clients, Microsoft created and implemented a SASL based Security Service Provider authentication software known as GateKeeper. This used a randomize session key to authorize users not using the Microsoft Passport ( nowadays Microsoft account ) organization. Microsoft used another SSP known as GateKeeperPassport, that worked from the lapp method but required certain attributes related to the user ‘s report .

Defeating the “Authentication Challenge”

There have been diverse methods through the consumption of mIRC to access the MSN Chat Network. Most of the methods were through the use of the MSN Chat Control itself, yet others were more complicate.

In the beginning, shortly after the move from Microsoft Chat, the MSN Chat Network could be directly connected to through any IRC Client to irc.msn.com on port 6667. possibly because of abuse or other factors, such as the hope to authenticate users based on their Microsoft Passport, Microsoft implemented GateKeeper and GateKeeperPassport, and integrated both into their chat master. The weakness of GateKeeper and the fact the early MSN Chat Controls ( 1.0−3.0 ) had public functions for doing GateKeeper authentication seemed to indicate Microsoft wanted third base parties to be able to access their network as earlier, but they wanted to be able to control automatize pervert. In any event, these public functions allowed normal IRC clients to authorize themselves. With the release of the MSN Chat Control 4.0, the public functions were removed. Users found a way to authorize by a “ Proxy Method ”, forcing the Chat Control to bridge connections between mIRC and the Chat Network. With the let go of of the MSN Chat Control 4.2 and former, they blocked this proxy method acting by having the old world chat control hash the IP address of the server to which it was instructed to connect into the response to the challenge in authentication. If the control was instructed to connect to any address other than the server, it would not match the server ‘s hash and therefore authentication would fail. A few late third base party clients could authenticate without the control and were adjusted to compensate for this deepen .

Versions [edit ]

The versions of MSN Chat were designed from IRC3 through to IRC8, even with the newer versions, MSN Chat still had the possibility to replicate older MSN Chat versions by issuing the IRCVERS command. It is believed that IRC referred to the original IRC Daemon, and IRC2 referred to IRCX .

  • IRC3
    • MSN Chat 1.0 was introduced as an ActiveX object for use within Internet Explorer.
    • GateKeeper (version 1) authentication was enabled. As the client did not specify a GUID, a random GateKeeper address was issued by the server.
    • Directory (better known as FINDS) servers were created to distribute the load between servers.
  • IRC4
    • – UNKNOWN. Further research is required.
  • IRC5
    • GateKeeper (version 2) authentication was enabled. The major difference between v1 and v2 was that the client specified a GUID that was stored in the Windows Registry, which allowed each client to have a unique, and semi-permanent GateKeeper address.
    • USER command is no longer required.
    • GateKeeperPassport was enabled, this allowed the client to relay cookies received from the passport.net service as a method of permanent authentication.
    • Non-passport nicknames must now be prefixed with a ‘>’, which is displayed as ‘Guest_’ by the official client.
    • Passport user nicknames are no longer able to be changed without first disconnecting. Guest nicknames may still be changed, but the official client offers no way to do so.
    • Basic icons are shown next to the user’s name, they identify MSN Staff (Sysops and Admins) with the MSN Butterfly, users who are away with a coffee cup, and spectators with a pair of glasses.
  • IRC6 –
  • IRC7:
    • MSN Chat introduces profile icons, Profile icons indicated if the member had a profile, gender (if known), and if the user had a picture
  • IRC8:
    • As MSN Chat had now become a Subscription Only (Premium) service, This introduced extra user and channel modes. The channel mode ‘S’ was added to indicated that only subscribers could talk. The user mode ‘B’ (to indicate the user was subscribed) and O (to indicate the user was not subscribed) were added. With the exception of Official MSN Staff. It was impossible for a user with the mode “O” to chat in a channel with the Channel Mode “S”.
    • Update to the GateKeeper Authentication method (known as the “4.5 Auth”, due to the MSN Chat Control 4.5 being the first to implement it). It was a slight change, that added the value taken from the Server Parameter (before the “:” (if one is present)) to a MD5 Checksum.

Third-party applications [edit ]

The use of third-party applications on the MSN Chat Network was not prohibited, although it was unsupported. Third-party applications were required to use the lapp Authentication Methods as the MSN Chat Control. The second change was the major part, allowing the Chat Control to bridge the connections between the Client and MSN Chat Service. The most popular third-party applications were mIRC, IRC Dominator and Viperbot. Scripts were often downloaded from sites such as TechGear007 .

luminary features [edit ]

  • Webchat using MSN’s Chat Control
  • Chat nicknames
  • Profiles
  • Chatroom creation
  • Emoticons
  • Chatroom listings
  • User created rooms
  • MSN created rooms
  • MSN WebTV chats
  • Celebrity chats
  • Adult chats, moderate content chats, all aged chats
  • Integration with MSN groups

authentication [edit ]

GateKeeper [edit ]

The GateKeeper ( and closely related GateKeeperPassport ) authentication mechanisms are SASL authentication mechanisms as defined in the IRCX Drafts. After the insertion of authentication on MSN Chat, Gatekeeper was the merely authentication method that the public could use. During the initial handshake, the client would send a packet only containing the 16 byte header to the server, and the server would reply with a header, coupled with a 128 piece cryptanalytic time being. last, the client would create a 128 spot cryptanalytic hashish of the time being received from the server using a privy identify, sending this as a subsequent authentication answer after the header, and immediately before a 16 byte GUID. The cryptanalytic hash function used was hmac – md5, and the confidential identify was “ SRFMKSJANDRESKKC ” ( case sensitive ) .

Defeating GateKeeper [edit ]

early implementations of the GateKeeper authentication mechanism did not create a barrier to entry, as the authentication API that Microsoft had created was available to other program developers. After some time, Microsoft removed the ability for developers to use/see the API that had been embedded in the MSN Chat Control, and it can be safely assumed from this time that Microsoft wanted access to be from the official chew the fat control merely. The GateKeeper authentication made an appearance in the WebTV/MSNTV client. It was cursorily realised that it was besides possible to connect by creating a proxy that would load the MSN Chat Control temporarily ampere required, relaying time being and hashes between the server and control, before closing the chew the fat control. The difficulty with this method is that it was frequently boring, did n’t work, or could crash applications due to requiring the ActiveX control to be used in Microsoft Internet Explorer, or MSIE based network controls. It is probable possibly that an alternate browser ( such as Netscape Navigator, Firefox, etc ) could have been used to host the MSN Chat Control, as there was a NPAPI translation available from Microsoft. In July 2002, a user named zmic reverse engineered the MSN Chat Control, and produced a python script that was able to login without the use of the MSN Chat Control. The python script was buggy, but was later re-written in multiple scheduling languages by versatile authors. The user eXonyte had written some code which could be used ( via WINE ) on Linux. It ‘s believed that this was the first time MSN Chat had been used outside of Windows. When GateKeeper version 3 was introduced, it was a very minor variety that had added the string of the server name ( as defined in the Chat Control argument “ Server ” ) to the hash. The extra string would not include a colon or port if they were present. This appeared to be an feat to defeat the proxy method of accessing the servicing, but was promptly overcome as users shared the information that the IP had been added to the hashish. This data was likely leaked from person in Microsoft, as there were rumours of the approaching change before the new GateKeeper adaptation was released. It was n’t until around 2018 that the user JD noticed that the diverse keys from zmic ‘s rearward engineering were likely derivatives of another key, and he was able to find the plain text key – before finding the algorithm used. Upon sharing this data with Sky, they quickly discovered the underlie cryptanalytic hash function was HMAC-MD5. There are placid just two bytes that are stranger in the GateKeeper authentication header, however it was tested against the MSN Chat Server many times, and the server did n’t appear to differentiate between the values of those two bytes. There ‘s a hypothesis that the two bytes are random bytes of memory .

NTLM [edit ]

Like GateKeeper, NTLM and NTLMPassport were implemented as SASL authentication mechanisms as defined in the IRCX protocol.

NTLM Authentication was not available to be used by the MSN Chat Control, and the only know node implementation is in the MSN Chat Admin Client, which is a very basic client that was created to be used by MSN Chat staff, based on the publicly available MS Chat translation 2.5. NTLM credentials were not available to normal users. It is believed that MSN Chat staff used NTLM to authenticate, and that they authenticated through Microsoft ‘s Active Directory. It is possible that MSN Chat staff were connected immediately to Microsoft ‘s network, or connected via a virtual secret net ( VPN ). MSN Chat staff besides had the ability to login via the less dependable USER/PASS method documented in RFC 1459. This was used heavily with the official old world chat bots, as it required no cognition of SASL authentication mechanisms .

recommendation [edit ]

GateKeeperPassport and NTLMPassport were extensions to the GateKeeper and NTLM authentication mechanism. The Passport extensions allowed the user to identify with a ‘.net Passport ‘ ( later known as a Windows Live Passport, now known as a Microsoft Passport ). When a customer attempted to register using a passport authentication reference, rather of receiving the common asterisks to indicate that authentication is successful ( as noted in IRCX drafts ), they would be presented with a far subsequent authentication command, with merely the string ‘OK ‘ as a parameter. The drug user would then send back an authentication command without the heading, using two variables known as PassportTicket and PassportProfile ( taken from the browser cookies MSPAuth and MSPProf ) to identify themselves. Both variables were preceded by a string representation of an 8 digit hex number indicating the distance of the variable, and must be presented in the correct order. When using GateKeeperPassport, the GUID specified after the GateKeeper hashish should be a nothing GUID – literally \0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0. exercise PassportTicket and PassportProfile being sent : AUTH GateKeeperPassport S :0000000EPassportTicket0000000FPassportProfile\r\n Whilst it is assumed the same format is used with NTLMPassport, it can not be confirmed as NTLMPassport custom has not been witnessed. active voice MSN Chat staff were using NTLM and were considered Guests, although the Guest prefix “ > ” was not enforced, alternatively a “ ‘ ” prefix was used, which is noted to be a Unicode nickname prefix in the IRCX Drafts .

drug user levels [edit ]

MSN Chat had the comply user levels : staff :

  • Admin
  • Sysop
  • Guide
  • Bot

Users :

  • Owner
  • Host
  • Participant
  • Spectator

similar services [edit ]

There are many chat networks attempting to simulate the service that was provided by the Microsoft Network, which use the “ MSN Chat Control ”. These model old world chat networks are often referred to as “ MSN Chat Clones ”. These are by and large small chat networks, which often rely on home-made IRC servers, or IRCX servers. Many of the “ MSN Chat Clones ” are non-compliant and do not follow the RFC 1459 ( IRC ) or the “ eXtensions to Internet Relay Chat ” ( IRCX ) standards and often contain many bugs/exploits that may cause a denial of military service with the MSN Chat Control. many of the MSN Chat Clones started up directly after MSN closed its services ( 2006 ), and extra networks have continued to spring up since then. There is meditation that these chat networks may have pulled potential subscribers away from MSN Chat, ultimately bringing on the demise of MSN Subscription Chat Services. While the majority of MSN Clone Chat sites are free, most of them rely on adverts to provide a small income. In addition, some of the clones have begun to charge, or allow for donations. The legality of sites offering the MSN Chat Control has been in question for some time due to many “ Clone Sites ” hosting the Chat Control. The Chat Control download is publicly available by Microsoft to download at [ 1 ] .

Problems with MSN Chat [edit ]

There were many documented problems from users about the MSN chew the fat serve. Most were directed to the “ chat host. ” This was a person who would enter the chat board under the diagnose “ master of ceremonies ”, and act accordingly regulating the board. This military service was utilitarian for controlling the room, making sure that everyone was behaving consequently, answering users ’ questions about the rooms, and other classify tasks. While the idea of a supervisory program would put a bunch of users at ease, there were reported disagreements between the two with what was considered appropriate. A claim was that there were a multitude of rules which the host didn ’ t make clean to the users, so many people were booted out of the room for breaking a principle they weren ’ t mindful of. Any contentedness that was viewed as offensive or sexually denotative was immediately removed and the person who wrote it was expelled from the room. Asking other chatters to press certain keys, displaying any kind of URL, or displaying what localization you were from were all offenses penal by impermanent banishment. The convenience of an automatize organization for MSN led to problems for its users, problems solvable by a person able to interpret positive and negative content. A meaning reason for MSN Chat shutting down was that it provided another opportunity for pedophiles and other sex-offenders to have entree to youth through the chat rooms. [ 1 ] The MSNBC program, “ To Catch a marauder ”, a display about catching child predators, showed children meeting up with on-line “ friends ” which they assumed were being truthful about their identity but, on the show, were revealed to be pedophiles .

closure [edit ]

In 2001, Microsoft closed access via IRC clients ( including Comic Chat ), asking users to entirely use their browser customer alternatively. In 2003, Microsoft announced that it would close “ unregulated ” MSN Chat rooms in 28 countries, including “ most of Asia ” due to problems with spam and concerns about child pornography, with plans to convert to a subscription exemplary for “ better accountability. ” [ 2 ] [ 3 ] Messenger chat services remained open. [ 4 ] MSN Chat became a subscription service for $ 20/year. [ 5 ] On August 31, 2006 Microsoft announced that MSN Chat would no long be provided. On October 16, 2006 MSN Chat shut down their servers [ 6 ] at approximately 11:30 ante meridiem EST. The overhaul closed as allegedly MSN no long deemed it profitable to run as a subscription service .

See besides [edit ]

  • Windows Live Messenger, another messaging service owned by Microsoft.
  • Skype, a messaging service bought by Microsoft.

References [edit ]