How Blockoo Works (Part 1) - How MSN Talks and Contact Lists
A couple of days ago, I wrote about Blockoo, discussing whether it actually works.
Despite rummaging through the entire website, I couldn’t find a definite answer as to how Blockoo actually works behind the scene. They did mention that they request access to your account to get the list of people who blocked or deleted you. It sounds quite fishy, why would MSN want to divulge such information to a third-party so easily? And if Blockoo can do it despite being a third-party, can’t anyone else do it too?
Curiosity got the better of me, and I went on to analyse how Blockoo (probably) works.
Note that the discussion may be a bit technical, and readers are strongly advised to read through to the end at least once in order to form a rough picture of the process, before reading in more details.
My first suspicion with Blockoo was that it must be using something that all of us have been using all along, knowingly or not: the MSN protocol.
First of all let’s talk about the MSN protocol. A protocol is a set of predetermined codes that allows two computers to communicate in a standardised way. When you use MSN Messenger, the application has to follow this standardised way in order to connect to the server, see who are in your contact list, talk to your friends, etc. To put it in another way, for the application to communicate with the server, they have to be “talking” in the same dialect.
The MSN protocol has never been published officially to the public. However, there are people out there who actually analyse the series of commands that MSN Messenger exchanges with the server by using network sniffers such as Wireshark. The messages sent by MSN and returned by the server can be captured using these sniffers.
These people then infer the protocol (i.e. the standard) from these series of captured commands. MSNPiki is a good source of information for the MSN protocol.
From here, anyone with a good programming background should be able to read the extracted protocol, and create a custom application which “talks” like MSN Messenger (think about it as the application claiming to be MSN Messenger by “talking” in its dialect). The custom-built application can do anything that the protocol allows (e.g. chatting, blocking people, adding/deleting people).
In the course of the conversation between MSN Messenger and the server, there is one point where the contact list is being downloaded into your computer. The contact list details contain the email address, friendly name (”nickname”), and the mode of every single person in your contact list.
The mode is a number, which when represented in binary consists of 4 digits RBAF, which in turn stands for the following:
- Reverse List (RL) - Whether this contact has you in his/her contact list.
- Block List (BL) - Whether you are blocking this contact, they won’t be able to see you when you’re online.
- Allow List (AL) - Whether you are allowing this contact to see you when you’re online.
- Forward List (FL) - Whether you have this contact in your contact list.
For example, in the screenshot above, the person [hidden]@hotmail.com with a mode of 13, or 1101 in binary, has the following status:
- RL: 1 - The person has you in his/her contact list.
- BL: 1 - You are blocking this contact.
- AL: 0 - You are not allowing this contact to see you when you’re online.
- FL: 1 - You have this person in your contact list
These fanciful lists actually do exist on MSN Messenger. They’re just quite hard to spot.
The Forward List (FL) and the Block List (BL) exist in the form of your contact list.
The Allow List (AL) and Block List (BL) can be accessed by going to the Tools menu > Options… > Privacy page
The Reverse List (RL) is accessed by clicking on the View… button next to “See who has added you to their contact list”, which is located in the Privacy page above.
So how do these lists come together and how does Blockoo make use of the protocol and the contact lists to find out who blocked or deleted you?
Stay tuned for the next part…
PS: Although in this blog entry I call the application as “MSN Messenger”, the entry also applies to “Windows Live Messenger”, which is the new name for the application.
Update: Read the second part here.
June 26th, 2007 at 4:54 pm
I think I know where you’re going with your argument.
It’s the same argument as I have when I tested blockoo.
My theory is that it’s collecting as many lists as possible from as many logins as they can get and then just do a simple merging of the list to know who blocks who.
It only works better with more people using it, IMO.
June 26th, 2007 at 4:58 pm
uzyn: Not quite… They don’t collect the block lists from everyone and merge the lists as you said.
If you remembered in my previous post I had Yahoo being detected as blocking Gorilla, but Yahoo has never logged into Blockoo at all.
June 26th, 2007 at 6:02 pm
[...] Read the following for a technical view of how Blockoo probably works http://hendri.squoar.com/blog/index.php/how-blockoo-works-part-1-how-msn-talks-and-contact-lists [...]
June 26th, 2007 at 7:37 pm
Ah… let’s hear it from the expert.
June 26th, 2007 at 9:25 pm
uzyn: LOL, I’m not an expert la… -.- Just that I had some spare time over the weekend to analyse it and satisfy my curiosity.
June 30th, 2007 at 5:07 pm
Great job and explaination.
You even went to packet sniff it. Heh.
July 1st, 2007 at 11:00 pm
Felix: Heh, thanks.
Geez, I still haven’t continued the analysis yet… Gonna write it now.
July 5th, 2007 at 12:46 am
Ahh, this is an interesting topic. I think this video will help you guys understand better - Windows Live Messenger - What. How. Why.
The Windows Live Messenger Team talks about the protocols.
Anyway, it’s not useful to see who is block you. All these things shouldn’t matter. If someone’s that concern about being blocked, seriously they should get a life. Get some fresh air.
July 5th, 2007 at 2:12 pm
[...] This part is a continuation from where I left off… [...]
July 5th, 2007 at 5:51 pm
Haha, that video looks good, gonna watch it once I reach home.
Yeah, agrees that it shouldn’t matter much who is blocking you. If they block you, chances are they’re not your close friends anyway.
July 18th, 2007 at 9:47 am
Hello…i give my username and pass to blockoo because somebody from my contacts suggest me to do…What ia that for? Would i have problem in the future! can i fix it? (sorry for my english) please help me via e-mail ( nofx_djunior@yahoo.com ) thanks George Greece
July 18th, 2007 at 1:35 pm
Hi George, Blockoo claims that it checks your contact list for any contact who blocks you. Unfortunately, as I have mentioned in this blog entry and the second part, it is not 100% accurate.
Blockoo claims that it is safe and that the password is not stored on their server, so you should not have any problems in the future. But just as precautions, do change your password to something else. It’s better to be safe than sorry. Oh, and don’t give your password to anyone else in the future.
December 27th, 2007 at 7:13 pm
[...] using my test MSN account two days ago. It’s the same account I used to test Blockoo a while ago. The test account has my main MSN account in the contact [...]