Shoutbox

ok when i go into the temp folder i can see the DP's. i copy em to the desktop. for somereason the name of the .bin files change how do i figure out who's dp it is. in the temp file it looks like the filename is like encrypted (with some funky algorithm) does anyone know the algorithm reverse so i can find out who the dp's belong to from within a program?

What sort of filenames are they?

ok so in the Temp Folder its called "ebty3yKWgtnJBg2W5B0m8yv7HoM=" and when i move it to desktop its called "CAMPKT85" if u can decrypt it you could probly get my friends email but ahwell.

Either those are hashes (from your contacts' email) and can't be decrypted or they are just random names and MSN Messenger keeps the "link" between those files and your contacts in its cachefile (map.dat).

related:
Where does MSN store it's avatars?
Where does MSN store your avatars, emoticons, backgrounds?
How do "DP/CE Stealers" work?
A list of non-spyware/adware containing "DP/CE Stealers".

it has tp be decryptable because i think StuffPlug shows you who's dp it is. unless TB found the algorithm and looped through all the contact names and compared?

Stuffplug NG  doesn't get the DPs from the *.bin files, it recognizes them directly when they are received and then can figure out from which email adress they come. Dunno how this exactly works...

No, it doesn't necessairly needs to be decryptable....
If you know what kind of hash it is and you know the list of your contacts, it is easy to encrypt all the emailaddresses of the contacts and compare that the the undecryptable hashes. It is also quite possible that he decrypted the map.dat (which is possible for sure).

EDIT: damn, I just saw you said the same => unless TB found the algorithm and looped through all the contact names and compared?

Anyways the "ebty3yKWgtnJBg2W5B0m8yv7HoM=" name seems like a "normal" hash used by microsoft for all its services related to emailadresses and .NET passports and stuff. This is also logical in the sense that the other files in your Temporary Internet Files are listed as their equivalent URL's and stuff... And the CABLAHBLAH.BIN name (the actual filename) is just a random name AFAIK (except for the "CA" part and the extension).

thanks cookie youve been a big help (like always ) im gonna look at decryting the map.dat file first.

quote:

---

Originally posted by Ash_
im gonna look at decryting the map.dat file first.

---

Go take a look at MSNFanatic for that...

Since the info is scattered a lot, here my list of the most interesting threads about the subject. Most links contains discussions on how to do it and sample code. Some thread(s) contain full source code.

Decrypting/Encrypting map.dat
http://www.msnfanatic.com/forums/index.php?showtopic=8676
http://www.msnfanatic.com/forums/index.php?showtopic=9361
http://www.msnfanatic.com/forums/index.php?showtopic=10112
http://www.msnfanatic.com/forums/index.php?showtopic=10414

Calculating MSN User ID - WTBW
http://www.msnfanatic.com/forums/index.php?showtopic=6910
http://shoutbox.menthix.net/showthread.php?tid=15519

Full source code to grab all DP's - Daniel
http://www.msnfanatic.com/forums/index.php?showtopic=9658


PS: As you can see in that first thread (and like I thought it was) the location is stored in the encrypted cache files of MSN Messenger. And the "ebty3yKWgtnJBg2W5B0m8yv7HoM=" name is a SHA1x hash, thus indeed undecryptable.
(good to know my memory still isn't letting me down, lol, was a long while since I've visited those threads )

quote:

---

Originally posted by CookieRevised

And the "ebty3yKWgtnJBg2W5B0m8yv7HoM=" name is a SHA1x hash, thus indeed undecryptable.

---

ok thank you so much. looks like ill do the loop, encrypt and compare method. thanks cookie

Big "s