Page 1 of 1

encypted eggdrop chat, looking for contributors

Posted: Tue Jul 03, 2007 6:35 pm
by sKy
This is not a request for a hole premade script. I write in tcl myself. I like to try out to develop in a team, to split tasks.

I could also need...
- Someone who wants to create a graphical gui for the encrypted eggdrop chat program. Preferred written in an portable language such as tk or C++ so we can supply the main desktop computer platforms such as windows/linux/bsd. The gui shall be able to be minimized to tray. Maybe tabs for multiple eggdrop chats.
- Coders who are interested in my project.
- Maybe testers later.
- And maybe people with web development skills later.

As soon we reach beta stage we might think about hosting this program on a website such as sf.net.

If you are serious about contribution please post here or pm me.

Posted: Wed Jul 04, 2007 6:36 am
by Sir_Fz
You might first want to do a study about the project. State the problem, activity statement, existing solutions (if any), why is it needed. Creating a client isn't really needed IMO since it can be supported by all IRC clients out there (which is more user-friendly).

Posted: Wed Jul 04, 2007 4:09 pm
by sKy
Thanks for your comment.
Sir_Fz wrote:state the problem
Normal dcc chats with eggdrop are not encrypted. On irc you just /dcc chat nickname or /ctcp botname chat, could be also a nickstealer. To use /whois works but it`s not the most comfortable solution. The initial request is send over irc server and the following dcc chat is a 'direct connection'. But direct doesn`t mean that there are no other computers between you and the target, that connection is in plaintext.
Sir_Fz wrote:activity statement
No strict rules as it is a hobby project. If you think you have time it`s ok.
Sir_Fz wrote:existing solutions
As far I know there is currently no client to eggdrop encrypted chat possible.
Sir_Fz wrote:why is it needed.
You gain more control about your data, more privacy. A third party could log the encrypted stream but don`t know what you are sending. You couldn`t dcc chat a bot`s nickstealer and give him your password because you type to fast.
Sir_Fz wrote:Creating a client isn't really needed IMO since it can be supported by all IRC clients out there (which is more user-friendly).
Dunno how helpful others would find a new tray icon with the eggdrops console. Sure this could be implemented into mainline clients such as mirc or xchat.

Xchat tcl sockets seam to be bugged and I don`t know mirc scripting (imho not much point to learn a script language just for an irc client). If someone would like to contribute an interface for that clients please let me know.

EDIT:
I attach an alpha version.
http://rapidshare.com/files/41041093/ee_chat.7z

Posted: Wed Jul 04, 2007 5:41 pm
by Sir_Fz
What I meant about the interface being through any irc client is that the chat window automatically opens in any client so why create a new separate interface for that? And what about the solution provided in the modules forum (DCC-SSL) I didn't really get why it's still insecure.

I can help with an interface using Java (it is a portable language) but I'm afraid that my time is very limited because I'll be working on my senior project.

Please attach your file on some other less trafficed website so I can actually download it without having to wait for hours :P

Posted: Wed Jul 04, 2007 6:41 pm
by sKy
What I meant about the interface being through any irc client is that the chat window automatically opens in any client so why create a new separate interface for that?
I like this idea as well but it`s not easy to do that for me. I don`t want to learn mirc scripting. To investigate into C++ Gui development or maybe a bit tk has more point.

Another point is also that there are many different irc clients. It`s harder to maintain all of them instant of a new interface.

So again, speaking to anyone. If your favorite client is $client and you want to implement the encrypted eggdrop chat function then tell me.
And what about the solution provided in the modules forum (DCC-SSL) I didn't really get why it's still insecure.
I think you mean this. I don`t say it`s insecure. It`s just eggdrop --> encrypted --> psybnc --> unencrypted --> client. Imho not much point, better is eggdrop --> client and end to end encryption.

I would also include an open source C++ module into my tcl source if it`s portable. But I use already aes for tcl and I think this is fine. You will see that inside the source.
Please attach your file on some other less trafficed website so I can actually download it without having to wait for hours :P
Seams you have a shared ip. Nvm. I added a mirror. http://uploaded.de/?id=6qtomk

Posted: Mon Jul 23, 2007 8:47 pm
by naaina
Hi,

psyBNC is capable of handling incoming SSL-encrypted connections from the client:

Code: Select all

PSYBNC.SYSTEM.HOST1=S=a.b.c.d
Like this in psybnc.conf. Now you can connect to it (from mIRC in this case) by doing:

Code: Select all

/server a.b.c.d:+port
And now the client->bouncer encryption is also SSL-encrypted :)

Still there is another problem: If eggdrops are linked, the communication channel could be encrypted too. But this can only be changed in the eggdrop source for sure.

Greetings!

Posted: Mon Jul 23, 2007 10:22 pm
by BoaR
what if one doesnt has a bouncer ?

can i connect directly to the bot with stunnel to the partyline ?

Posted: Tue Jul 24, 2007 4:03 am
by naaina
It depends on the client. If the client supports DCC-SSL-connections, then for sure (but afaik mIRC doesn't).

Posted: Tue Jul 24, 2007 7:22 am
by BoaR
i use Xchat, i'm not sure if it supports DCC-SSL-connections, it supports SSL connections to the irc server though.

Posted: Tue Jul 24, 2007 10:05 am
by Alchera
BoaR wrote:i use Xchat, i'm not sure if it supports DCC-SSL-connections, it supports SSL connections to the irc server though.
Searchin/Posting to the X-Chat forum should be of assistance.

Posted: Fri Jul 27, 2007 7:58 pm
by sKy
naaina wrote:psyBNC is capable of handling incoming SSL-encrypted connections from the client:
Dunno exactly who you mean. But psybnc <-> eggdrop would still chat unencryped in that case, because eggdrop has still no support for encryption.

Or you would run the bot on a psybnc? This is imho a very bad idea. That`s really bugged.
Still there is another problem: If eggdrops are linked, the communication channel could be encrypted too. But this can only be changed in the eggdrop source for sure.
You don`t need to change the source. You just need to encrypt the message you send over the unencrypted channel and you need to implement some kind of authentication.

Posted: Sun Jul 29, 2007 4:59 pm
by BoaR
you need root to run stunnel, unless you remove the chroot line. newbie like new took some time to figure this out.
bah.

Posted: Tue Jul 31, 2007 9:44 am
by sKy
Kinda off topic in this thread. ;) Please make your own for this problem.

Posted: Tue Jul 31, 2007 6:47 pm
by Alchera
sKy wrote:Kinda off topic in this thread. ;) Please make your own for this problem.
Actually not an eggdrop related problem and better posted @ bsdforums.org.