End-to-End Encryption and purple-facebook #547
Comments
|
We need some kind of fix. I wonder if there is a Facebook API for this. |
|
I've been having issues connecting to FB via both Pidgin and Miranda-NG for several days. I'm wondering if it has something to do with end to end encryption (or if it is perhaps just FB deciding to be weird for my account). I certainly didn't go and turn e2e on myself! |
|
(there's also an issue for e2e open at Miranda: miranda-ng/miranda-ng#4169) |
|
Here's a whitepaper describing how E2E encryption works in Messenger: https://engineering.fb.com/wp-content/uploads/2023/12/MessengerEnd-to-EndEncryptionOverview_12-6-2023.pdf It might be a good starting point for implementing this. |
|
So, no solution so far, eh? |
|
Just yesterday, Facebook wanted to me to enable E2E encryption, and now I kept on getting "Failed to send message" from Pidgin. Beyond that, it seems to get the friends list tho. |
|
I just found out something by accident. Someone that does not have E2E encryption enable, it will still work just fine. While someone with E2E encryption enabled, this is just useless. |
|
Yes, I can confirm this. Conversations that don't have E2E activated work perfectly normally. that's the problem :) |
|
subscribing |
|
This plugin has no maintainer though. And there are no forks under active development. |
|
I'm actively developing a fork now. I have the code building in Meson and am trying to figure out how to integrate the token scripts. Anyone who can explain the field names and data structures would be greatly appreciated. |
|
ok, the e2e is using signal and there is a working signal plugin for libpurple... |
I got the token stuff automated in bitlbee-facebook. Food for thought: bitlbee/bitlbee-facebook#220 If you want to ask questions on IRC, I'm on Libera as usvi |
If you mean hoehermann/purple-signald then it's just an interface to a locally running signald instance, it doesn't seem to handle the protocol itself at all. |
|
I've been trying to get the Bitlbee code integrated into the plugin, I need some assistance with the structures in libpurple purpleconnection in particular. My git repo hasn't got the integrations committed, my local copy compiles but won't link atm due to some broken functions. I'm not sure if I should start again with guidance, or just clean up what I've done so far. I might commit my current changes to their own branch if someone is interested in looking at it. |
|
My repository can't login with 2FA, I hit the limits of my programming ability. I did modernise the repo and get it building with Meson. I also scrapped the patch files/mercurial repository and merged in most of the bitlbee code. If someone would like to fork and work on it I'd support those efforts. I've also got yaml automation setup so my repo can generate CI Builds. The repo is here: https://github.com/DMJC/purple-facebook |
@DMJC Afaik 2FA was never properly implemented: we always had to use workarounds, such as the one shown in #445 At least, that's what I have always done. |
|
As of May 5th, I am having exactly the same problem. Pidgin starts & shows Facebook Friends. However when I try to send a message I get "Disconnected, failed to send message". After a short time, it reconnects, but the same thing happens when I try to send again. Even when end-to-end encryption was not enabled, I had the problem that Pidgin would not send. |
|
We need to fix 2fa and implement end to end encryption.
…On Mon, 6 May 2024, 6:12 am debmanlinux, ***@***.***> wrote:
As of May 5th, I am having exactly the same problem. Pidgin starts & shows
Facebook Friends. However when I try to send a message I get "Disconnected,
failed to send message". After a short time, it reconnects, but the same
thing happens when I try to send again. Even when end-to-end encryption was
not enabled, I had the problem that Pidgin would not send.
—
Reply to this email directly, view it on GitHub
<#547 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAFS2YZLMWK52AJA5LNSIITZA2KVFAVCNFSM6AAAAABCX6BG6OVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDAOJUHE2DGNRXGY>
.
You are receiving this because you were mentioned.Message ID:
***@***.***>
|
|
If I contribute some cash will it grease the wheels on development? |
|
Sorry, I just don't have the skill for it. If someone else wants to pick
it up please do. I'm happy to assist with testing and providing info on
what I've done so far.
…On Mon, 20 May 2024, 11:55 pm Andrew T Bense, ***@***.***> wrote:
If I contribute some cash will it grease the wheels on development?
—
Reply to this email directly, view it on GitHub
<#547 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAFS2Y36V5T4J2R5EWRYUV3ZDIBXNAVCNFSM6AAAAABCX6BG6OVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDCMRQGU3TCNRYGE>
.
You are receiving this because you were mentioned.Message ID:
***@***.***>
|
|
Is it possible that Eion Robb could help? He seems to do a few Pidgin plugins. https://github.com/EionRobb/ |
Who's gonna start a GoFundMe for Eion? |
|
If it helps to find a solution for Miranda NG i would be willing to chip in |
|
Hey all, just thought I'd mention beeper and their "bridge" to meta as a potential solution path to some sort of implementation in Pidgin? #549 (comment) |
|
More info: I created a new username for Facebook, logged in & did NOT enable end to end encryption. This works OK. However on opening Chrome or Brave browsers, now getting "Disconnected. Unknown HTTP error". Then up pops a couple of notices asking me to accept certificates. As soon as they're accepted, I can connect again. |
|
A large amount of my contacts which I've previously messaged a while ago, there's no E2E encryption until after a handful of recent messages get exchanged. Also, I'm telling Zuck that you created an alt account😆 |
|
pls 😥 |
|
ps. i would chip $ in for this also. Pidgin is the only way for me to feel like a young scamp on MSN still. I even hacked the app resources to bring back the sounds and icons lol |
|
This is my repository: https://github.com/DMJC/purple-facebook it has
pidgin-facebook configured to build with Meson. I would start by forking
that and hacking on it. The dequis repository has an integration with
Mercurial and is a pain to update/patch with new changes.
…On Thu, 13 Jun 2024 at 15:21, tommac-git ***@***.***> wrote:
ps. i would chip in for this also. Pidgin is the only way for me to feel
like a young scamp on MSN still. I even hacked the app resources to bring
back the sounds and icons lol
image.png (view on web)
<https://github.com/dequis/purple-facebook/assets/147358941/48727c9f-2def-42bd-bcc9-976396077a28>
—
Reply to this email directly, view it on GitHub
<#547 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAFS2Y3B7ZFCSW4MYBAZN2DZHEXO3AVCNFSM6AAAAABCX6BG6OVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDCNRUGQ3TOMBSGQ>
.
You are receiving this because you were mentioned.Message ID:
***@***.***>
|
|
Sometimes getting other popups |
That's great to hear! Have you corrected the problem of being not able to send messages (because of end-to-end encryption)? Also, please fix the need for hex editing as described here: #311 . I also get that 'Accept certificate for graph.facebook.com' -error from time to time, maybe it could be patched by adding an auto-accept option for it if you can't think of something else? |
|
I must be honest... I love Gaim/Pidgin and have used it for literally 20 years. With AIM, ICQ and MSN being irrelevant and no longer operating the main reason for me to use it is Facebook. This worked well for a number of years until things have been changing more and more recently. As the internet turns more and more towards a focus on security older things are being locked out and delegated to the past. I am a developer myself and I don't blame dequis or the pidgin team for the lack of progress on this. Maybe they don't have the experience or skills necessary to implement this, or maybe they do and it's too much work and they just are not interested any more. This is OK. I'm reaching a point where I think it's safe to say that Pidgin is mostly used out of nostalgia and it's not going to work on anything relevant any more on a desktop even though I'd like it to be. It made sense 20 years ago to constantly reverse engineer what AIM, ICQ and MSN were doing because a lot of people wanted to use this stuff. Now everyone has a phone or table and normal people could care less about a good desktop experience especially when Chrome rules the web and you can just get FB Messenger alerts right in the browser! Hats off to all the developers of Gaim/Pidgin over the years. It's been a mainstay of every OS install for 20 years. I'll keep it up and running as long as I can, despite not being able to do any actual messaging on it. |
You started using gaim / pidgin when you were between the age of 5 and 8? |
What? No, I'm 36 years old so I was about 15-16 years old. Actually it was a bit earlier because I first found out about Gaim when I was trying out Mandrake and Red Hat Linux. I was about 13 then because I distinctly remember other life events at that time. Where did you get the 5-8? |
|
I haven't got E2E implemented, but I have fixed sign-in issues. https://github.com/DMJC/purple-facebook Meson Building is working. clone the repo cd into the folder, run: meson build; cd build; ninja; ninja install
|
I was able to get your code working/intetgrated into Pidgin. My MFA logins now work. I don't enter a code, I just tell Facebook that I was trying to login and it connects now. Do you have any information about the end to end encryption? I've found documents on LibSignal, I think the first thing to do is build a handler/identifier for chats that need encryption, then figure out howto implement/support the encryption. We should at least be able to make the client flag a user's chats as encrypted so we don't crash out when trying to start a chat. |
I figured that the only way that you could possibly have such a defeatist attitude was that you were part of this younger generation that knows nothing about having to buckle down and work due to becoming acclimated to Oprah participation trophies 🏆🌟 |
|
Wow, I wonder who you're going to vote for boomer? Anyways, it's a lot of work to develop anything that a lot of people use and clearly the original author of this plugin has lost interest, busy, unmotivated, etc. And until apparently yesterday nobody has stepped up to the plate. Lots of FOSS projects peter out at some point because nobody is maintaining them anymore. Less and less people are using desktops for personal use. I'm talking about the average person here, not gamers or "enthusiasts". |
|
doesn't matter how you are (or feel), a lot of people from all over appreciate faster software. electron-based fat clients are still slow even on the fastest machines. pidgin is fast and simple and easy to use and that's why i use it with WhatsApp, Teams, Skype, and hopefully soon again the Facebook plugin. |
Totally agree! |
|
With all due respect, most people value functionality over speed. I do not find Discord running in a Firefox tab to be noticeably slow on my aging Lenovo T460 laptop. If it takes me 5 seconds to type a message, I don't care that sending it takes 20ms longer. |
And this is the problem. As much as I'd love for it to just work it's pretty clear at this point the original developer has moved on. A shame as I'd love to use Pidgin on the desktop instead of browser tabs or phone apps but this is how it must be. |
|
Does anyone know what the specific reason, as to why this is difficult to implement? Does it specifically pertain to adding encryption to the facebook plugin? |
I believe so yes, and the way it works keeps changing and nobody wants to keep up with it. |
|
The issue with End to End encryption isn't that it keeps changing, the issue is that it's specialist knowledge around cryptography. I am a pretty basic C/C++ Programmer, I don't know all the patterns professional developers use or a lot of the designs. I didn't need to. To implement the MFA all I had to do was take existing Bitlbee code and integrate it into the Purple Facebook plugin code. It was pretty simple to do. To add end to end encryption I would need to learn signal protocol, reverse engineer the facebook protocol to understand how it encapsulates the encrypted data. Then I'd have to implement the encryption. From everything I can find online Facebook is not constantly changing the encryption, they've implemented Signal on top of the MQTT/JSON Facebook protocol and that's it. The problem is very few people understand encryption to program for it. Even fewer know howto reverse engineer a network protocol. If Bitlbee implements the end to end encryption I would take a solid crack at getting the code into the Facebook purple plugin. But without a reference I can't really do anything. There is very little documentation about the Facebook protocol outside of what Bitlbee and this plugin do. There's not much debug output in this plugin either, I would have to basically learn all about the Facebook protocol. It's not as straightforward as copy pasting 50 lines of code and modifying 2-4 function calls. (which is what the MFA required). If someone is up for the challenge I'd be happy to provide any assistance within my skillset to provide. |
|
Thank you DMJC. |
Sounds like we're around the same skillset in regards to crypto. I know enough to implement from libraries when needed for projects, but reverse engineering it and all that math, rounds, etc. around it I have no clue. The problem is something like that is specialized and a person who would be good enough to do has better things to do. |
The problem is something like that is specialized and [in MOST circumstances] a person [working professional career with this particular skill] who would be good enough to do (this) [usually] has better things to do. There's also the possibility that there's /someone/ out there that has the skill set to do it, because they do it for fun, not funds, they don't care about much else, and might pursue something like this for any kind of reason. The most advanced reverse engineering work I've done in my entire life, by a longshot was during a time period where I wouldn't have been able to maintain a part time job delivering pizza -- and the motivating factor behind my ambitious pursuits was ultimately because I was mad about some crazy girl that I was stupid enough to have ever pursued in the first place! |
Right, sorry for the extremes. But, yes. I have written some good code that I have released and done for free during periods of unemployment. |
|
What if we tried reverse-engineering it from the JavaScript script of the Facebook messenger in desktop web mode, and then translate it to C? I'm pretty sure that Facebook has an API - even if undocumented - for sending encrypted messages via the browser. Sure, the JS is most definitely obfuscated, but it's there. I mean, how else would we be able to send messages and receives messages in the browser, if not via JavaScript? Then again, I'm ignorant and don't know how it works. I'm being naive and assuming that Facebook is using simple API calls, when in reality, it's probably some complex WebSocket or EventStream magic going on. I did notice that there are 4 embedded scripts that are base64 encoded. I didn't attempt decoding them just yet. |
|
Matrix/meta now supports Messenger's E2EE, through whatsmeow's support. Whatsmeow is also what purple-gowhatsapp uses, and so I would imagine that purple can re-gain Messenger support with minimal efforts in purple-gowhatsapp. |
|
It also seems to me that existing non-E2EE Messenger conversations can simply be transformed into E2EEE ones by searching the user again in the contact list & starting to chat in there. So there's no need to even support the old model. I can at least create an issue in purple-gowhatsapp and see whether they'd be able (and willing) to bring compatibility directly there through their existing use of whatsmeow. There obviously might be some obvious compatibility issues doing it in there due purple-gowhatsapp's other features. |
for several weeks now, facebook has been rolling out end-to-end encryption on messenger for all conversations.
when this end-to-end encryption is activated on a conversation, you can no longer interact with it from your pidgin. you no longer receive messages concerning it, and when you try to send a message, you receive an error from facebook: "Failed to send message".
when using the messenger application, there doesn't seem to be a way to disable this end-to-end encryption, or else I haven't found it...
in any case, I'm noting it here, because in my opinion, this will make the plugin obsolete if end-to-end encryption becomes even more widespread...
The text was updated successfully, but these errors were encountered: