#summary (KnowledgeBase) Some current research about MSN Handwriting.
#labels msnp,handwriting

<i>By Andy Phan (with help from Pang Wu)</i>
<br>
= What is handwriting? =

Handwriting is basically just the ability to scribble, or paint or draw as such which could be sent to contacts, with the ability to draw small drawings as such. It was implemented officially in Windows Messenger 7.0 (older versions required a plug-in). A mouse was all it needs to start drawing with the handwriting feature.
<p>


http://img100.imageshack.us/img100/112/pic1d.png<br>
<i>Handwriting feature in Windows Messenger Live 2009 which can be seen at the bottom</i>


<br>
= Details =

===Packet Research===

Research is underway for handwriting and currently is not complete, but otherwise here is some research for handwriting. I have decided to do a straight line for this example, for the reason that longer packets tend to have the base64 strings truncated.

Thanks to Alexander Pang Wu for attempts for handwriting tests with WireShark:

{{{
0000  00 1f 33 aa 88 ca 00 0e  35 f6 ed d5 08 00 45 00   ..3..... 5.....E.
0010  00 ff 03 2b 40 00 80 06  e9 9f c0 a8 00 0a cf 2e   ...+@... ........
0020  7d 4d 12 67 07 47 e4 f6  0a cb 63 33 2b 08 50 18   }M.g.G.. ..c3+.P.
0030  41 e9 16 44 00 00 4d 53  47 20 33 37 32 20 4e 20   A..D..MS G 372 N 
0040  32 30 30 0d 0a 4d 49 4d  45 2d 56 65 72 73 69 6f   200..MIM E-Versio
0050  6e 3a 20 31 2e 30 0d 0a  43 6f 6e 74 65 6e 74 2d   n: 1.0.. Content-
0060  54 79 70 65 3a 20 61 70  70 6c 69 63 61 74 69 6f   Type: ap plicatio
0070  6e 2f 78 2d 6d 73 2d 69  6e 6b 0d 0a 0d 0a 62 61   n/x-ms-i nk....ba
0080  73 65 36 34 3a 41 47 49  63 41 34 43 41 42 42 30   se64:AGI cA4CABB0
0090  44 30 41 51 4f 41 77 52  49 45 55 56 6b 47 52 51   D0AQOAwR IEUVkGRQ
00a0  79 43 41 43 41 48 67 49  41 41 48 42 43 4d 77 67   yCACAHgI AAHBCMwg
00b0  41 34 42 49 43 41 41 42  49 51 68 57 72 71 74 4e   A4BICAAB IQhWrqtN
00c0  42 71 36 72 54 51 51 41  41 41 44 34 41 67 4f 71   Bq6rTQQA AAD4AgOq
00d0  2b 48 67 4d 42 42 6e 77  4b 4a 42 71 47 79 4e 6b   +HgMBBnw KJBqGyNk
00e0  65 41 51 55 44 46 51 4e  64 51 77 46 52 4e 31 45   eAQUDFQN dQwFRN1E
00f0  68 67 75 44 68 49 2b 44  68 59 47 42 49 41 49 4c   hguDhI+D hYGBIAIL
0100  38 55 66 69 6b 44 4e 45  6f 41 41 3d 3d            8UfikDNE oAA==   

}}}


The package seems large overall, since the handwriting section is also being encoded to base64. This can be translated basically as:

{{{
MSG eagleearth@live.com Eagle%20Earth%200.21 688\r\n
MIME-Version: 1.0\r\n
Content-Type: application/x-ms-ink\r\n
\r\n
base64:AGIcA4CABB0D0AQOAwRIEUVkGRQyCACAHgIAAHBCMwgA4BICAABIQhWrqtNBq6rTQQAAAD4AgOq+HgMBBnwKJBqGyNkeAQUDFQNdQwFRN1EhguDhI+DhYGBIAIL8UfikDNEoAA==
}}}

This can be distinguished by the difference between handwriting and plain text messages with the section "Content-Type". Text messages are usually shown like this (plain) with its content type:


<i>Content Type: Plain Text</i>
{{{
Content-Type: text/plain; charset=UTF-8\r\n
}}}
<br>
<i>Content Type: Handwriting Message</i>
{{{
Content-Type: application/x-ms-ink\r\n
}}}



===Decoding the Message===

The main part of this packet is that bit with "base64:" followed by its code shown below ( this message has been encoded with base64):

{{{
base64:AGIcA4CABB0D0AQOAwRIEUVkGRQyCACAHgIAAHBCMwgA4BICAABIQhWrqtNBq6rTQQAAAD4AgOq+HgMBBnwKJBqGyNkeAQUDFQNdQwFRN1EhguDhI+DhYGBIAIL8UfikDNEoAA==
}}}


Currently this can be decoded basically with just a simple software of some website that can do so, or it can be done through coding in C# in a conversion like this (where "Text Goes Here" can be replaced with the base64 string, and that as long as some procedure can take that function, such as saving a binary as that converted text):

{{{
Convert.FromBase64String("Text Goes Here")
}}}


I have left a source to show a sample of this just in case, which can also be found at the bottom of the references section, which demonstrates a example of a base64 message being able to be saved as a decoded base64 String. However in this case, another application is used instead to decode this base64 encoded text.


Eventually it will turn out like this  with the current example (this may not view correctly due to its characters):

{{{
 b€€ÐHEd2 €  pB3 à  HB«ªÓA«ªÓA   > €ê¾
|
$†ÈÙ
]C
Q7Q!‚àá#àá``H ‚üQø¤Ñ( 
}}}


The file of this decoded message can be obtained at the bottom of the references, where it has a much better binary version of it.


===Loading the Message===

The way how MSN handwriting is interpreted is that the message is decoded to binary (which we have done in the last step), and then loading it as a ISF file (which stands for "Ink Serialized Format"). These files are basically just ink files which are used in Microsoft Tablets as such.


I have used the source "Mod_InktoBitmap_07" project (can be found one of the links below) and compiled it, and I was able to successfully get the ISF viewable. Here is the image converted to a PNG image file:


http://img691.imageshack.us/img691/691/imageline.png


This is the result with the steps done, it is also possible to go through this with another larger image (with WireShark, but be careful with larger handwriting data as it becomes truncated).

<br>

==Questions==


<b>Q:</b><br>How will these ISF Format Converter Classes be implemented into MSNP-Sharp?<br>
<br><b>A:</b><br>There are a couple of choices. Either that the classes could be added onto MSNP-Sharp, let the programmer configure and program the classes himself/herself for their client. I am not quite sure, however I am figuring out that I may be able to add these conversions internally.<p>

I will add more questions during my continued research.

<br>

==Current Research Progress==
With tests from Ubuntu, I have now discovered that there is much more to do before I can finally get handwriting images (ISF file format) viewed. The ability to load ISF files now leads to me only to create my own classes to load these files (I am hoping to be low file-size, with the assumption this will take quite a while, to get this both working on Windows and Linux also.


Basically, the first aim to this research is now leading me to create classes to load them (with the use of reverse engineering).

<br>

==References==
http://www.xs4all.nl/~wrb/Articles/Article_WPFInkToBitmap_01.htm<br>
http://yaisb.blogspot.com/2006/06/msn-handwriting-interception.html<br>
http://www.4mhz.de/b64dec.html<p>

The decoded base64 message can be obtained here: http://www.mediafire.com/download.php?wywonmrvhwq<br>
The source for an example of decoding a base64 message (made by Andy Phan): http://www.mediafire.com/download.php?zitndwjtkjq