20Aug/1012
Skype .dat reader is updated
Happy days! The new version of the Skype ChatSynch reader tool is already [here] (binaries and source files in Delphi). New functionality added:
- Date-time stamp of every message is extracted
- The IDs of conversation's parties are properly extracted and matched with the messages.
- Many different bugs fixed.
Big thanks to Rasmus Riis Kristensen from the Computer Crime Unit of Danish National Police for reverse engineering the location of the data in Skype .dat files. This is how the Skype reader looks now:
More information about the tool: read the [previous post]. I am happy to know that the program is used by people (also as a forensic tool!) and still is under development. If you may help with more information about the Skype files data structure - this would be veeeery much appreciated... :)
Recent Posts
- Knowledge sharing event: Risk-based approaches to protecting your data – London, Tuesday 19th April
- Training – Hacking and Securing Oracle Database (11g)
- Changed language does not persist when Skype is restarted: how to solve the annoying issue
- More 3D Fun with Kinect and Delphi. You can grab and save still 3D frames!
- Having Fun with Kinect and Delphi (examples of 2D and 3D visualization)
- Smuggling .NET code inside batch files. Impossible? Who said that?
- Cross-site scripting explained (video)
- Innocent comment regarding sensitive information disclosure…
- Pentesting privilege escalation in web applications
- TinyWeb: Pocket-size Portable Web Server With CGI And PHP Support (!)
Popular
Archives
- April 2011 (2)
- January 2011 (1)
- December 2010 (3)
- October 2010 (1)
- September 2010 (8)
- August 2010 (8)
- July 2010 (8)
- June 2010 (2)
Categories
- .NET (1)
- Binary application security (11)
- Cryptography (2)
- Delphi (12)
- Exploitation practice (16)
- Fun (5)
- Java (1)
- Kinect (2)
- Mobile devices security (1)
- Pentesting (15)
- PHP (2)
- Skype (3)
- SQL (5)
- SQL injection (6)
- Uncategorized (9)
- Windows security (6)
Recent Tweets
- No public Twitter messages.
Affiliated websites
September 6th, 2010 - 18:50
thx for good soft!!
but is this reader just can read messeges in ENG only?
could you consider UTF-8 encoding for japanese or more who asian?
September 6th, 2010 - 18:59
I have to rewrite couple of routines to support unicode, and honestly: unfortunately now I just have not too much free time for it. Currently it supports the ENG only, but in a future – who knows :) But you may always download the source code and try to modify it by yourself. Do you need the tool for some particular purpose?
November 19th, 2010 - 09:52
Hi! Very usefull software. But in my case (I used it as a fornsic tool and tried to open account that used russian language to chat) programm felt down with the message “Stream read error”. Then i tried to re-compiile it, but unfortunately “[DCC Fatal Error] untMain.pas(8): F1026 File not found: ‘untFileVersion.dcu’” …=(( … Alex, can you help me with this?
March 16th, 2011 - 18:32
is there any chance or way to see the conversations for which chat history is disabled in the skype settings?
March 17th, 2011 - 12:16
I don’t think so… I may expect the conversation still may be stored (at least potentially) at the server, but I don’t believe there is a shadow of chance to get it. And locally – once you switched it off – well… it’s just not stored…
Regarding the local Skype instance:
If it is disabled (now) and the history is not deleted – I think you should be able to find it in main.db file (it’s normal SQLite database).
March 24th, 2011 - 22:23
Thanks for the great tool. When I used it to process .dat files, it did not seem to differentiate which user sent which message. Entire chat logs are listed as one sided (the other user, not the profile from which I pulled the .dat), when clearly by the text they are not. Any idea why?
April 26th, 2011 - 22:17
Why this program only reads the date and archivo.dat and not reads the chat messages ?.
For example:
——————-
07/05/2010 12:52:44 (b2330da91cff8018.dat)
——————-
——————-
07/05/2010 12:52:44 (90573af8f800eba3.dat)
——————-
——————-
07/05/2010 12:52:44 (bdf351062ccc7be9.dat)
——————-
——————-
21/12/2010 19:14:14 (f3f40425cc073484.dat)
——————-
Where are the chat messages of those files?
April 28th, 2011 - 16:01
I have the same problem what BK has :( Is there any way to fix this?
May 9th, 2011 - 17:48
This tool is amazing, but I’m having the same issue as BK: when opening the chatsync\ folder to read .dat files, the conversation is (mostly) all labeled as the other user (the remote user, as opposed to the local user). The .dat files themselves show the users as encrypted information, whereas with older versions, I have seen them as plaintext. Is this why there is an issue?
June 16th, 2011 - 10:43
<3 your programm!
June 26th, 2011 - 14:05
Hallo? I have a problem like ahixa’s… A can see only something like this :
——————-
16.11.2010 20:56:58 (6821a2f3cb5fb08a.dat)
——————-
——————-
26.01.2011 20:20:58 (72951d06580977e9.dat)
——————-
——————-
29.01.2011 22:14:04 (b6d5ebdec6ec6a21.dat)
——————-
——————-
01.02.2011 12:08:16 (3d17398e0540be91.dat)
——————-
——————-
08.02.2011 20:48:28 (a878e9a0e1e8eceb.dat)
So, could you explain – what does it mean?? Is threre no history in those files or they are in a different codepage? What to do to read them? SO I don’t understand. Thank you.
July 7th, 2011 - 20:34
This might be a dumb question, but I still don’t understand what you are suppose to put in the box labeled as read chatsync.