::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
::::::[Bitmessage API]::::::::::::::::::::::::::::::::::::::::::::::::::
::::::::::::::::::::::::[P2P]::::::::::::[Secure]:::::::::::::[Perl]::::
::::::::::::::::::::::::::::::[Perforin]::::::::::::::::::::::::::::::::


Bitmessage by Bitmessage wiki:
"Bitmessage is a P2P communications protocol used to send encrypted
messages to another person or to many subscribers. It is decentralized
and trustless, meaning that you need-not inherently trust any entities
like root certificate authorities. It uses strong authentication which
means that the sender of a message cannot be spoofed, and it aims to
hide "non-content" data, like the sender and receiver of messages, from
passive eavesdroppers like those running warrantless wiretapping
programs"


Get it bitmessage [1] and install it with this HowTo [2].

Now as I started playing around with it, Bitmessage couldn't run in
daemon mode without a hack. That was bad for us as this excluded
bitmessage installations on most servers. For bitmessage versions 
below 0.3.0 you could pull of this "hack" to get it in a fake daemon
mode:

xvfb-run python bitmessagemain.py

Luckily for us with version 0.3.0 they implimented a real daemon mode!
This could be done by simply adding 1 line to the config file:

echo >> "daemon = true" $HOME/.PyBitmessage/keys.dat


Now that bitmessage can run in daemon mode it's ready for a new age
of CC server communicating through the bitmessage network :) (See
R3s1stanc3 Blog post! [3])



Of course Bitmessage ships with a fine API package. It's not a simple
REST API, or JSON stuff. No it works with good old XMLRPC! 
Now the challenge was how to interact with the API with build in tools?
You may want to use curl or even some telnet foo. But I stick with
Perl and it's out-of-the-box modules.


My script needs IO::Socket::INET for the Communication and MIME::Base64
for the bitmessage internal encoding. For testing purpose we want to
send a test message to another address.

This is the XML we have to hand over to the server via a POST request:

<?xml version='1.0'?>
<methodCall>
<methodName>sendMessage</methodName>
<params>
<param>
<value><string>BM-BITMESSAGEHASH-TO</string></value>
</param>
<param>
<value><string>BM-BITMESSAGEHASH-FROM</string></value>
</param>
<param>
<value><string>SUBJECT\n</string></value>
</param>
<param>
<value><string>MESSAGE\n</string></value>
</param>
</params>
</methodCall>


It is important to know that the SUBJECT and MESSAGE must be base64
encoded with an added newline! Otherwise you will get an internal
server error.

Standard API port is: 8442

Your request must look somewhat liḱe this one. Note that we must send
and Basic Authorization ( base64_encode("USER:PASS") ) for every request
we want:

POST / HTTP/1.1
Host: 127.0.0.1:8442
Accept-Encoding: gzip
Authorization: Basic BASE64AUTHCODE
User-Agent: XMLRPC.pl/1.0.1 (does anyone read this?)
Content-Type: text/xml
Content-Length: LENGTH OF THE FOLLOWING LINES


YOUR XML API REQUEST FOLLOWS HERE.
SEE THE ABOVE XML EXAMPLE!!!


The hole API test script follows:

#!/usr/bin/env perl

# fake daemon mode (v <0.3.0): xvfb-run python bitmessagemain.py
# real daemon mode (v =>0.3.0): echo >> "daemon = true" $HOME/.PyBitmessage/keys.dat

use IO::Socket::INET;
use MIME::Base64;

$debugmode = 0;

$ip      = '192.168.178.255';                                   # IP with activated bitmessage API
$port    = 8442;                                                # standard API port
chomp($creds   = encode_base64("test:test123"));                # login credentials
$subject       = encode_base64("testrun\n");                    # subject of bitmessage
$message       = encode_base64("Yes we scan?!\n");              # message
$from    = 'BM-onfQvcCbr2WvgbGvMcS65DQyLy6xE[..]';              # FROM address
$to      = 'BM-ooZrai5je3o6pjeAi8AN2bAsxuQUo[..]';              # TO address

$msgpost =<<"MSG";
<?xml version='1.0'?>
<methodCall>
<methodName>sendMessage</methodName>
<params>
<param>
<value><string>$to</string></value>
</param>
<param>
<value><string>$from</string></value>
</param>
<param>
<value><string>$subject</string></value>
</param>
<param>
<value><string>$message</string></value>
</param>
</params>
</methodCall>
MSG
$listaddresses =<<'ADDY';
<?xml version='1.0'?>
<methodCall>
<methodName>listAddresses</methodName>
<params>
<param>
</param>
</params>
</methodCall>
ADDY

$socket = new IO::Socket::INET(PeerAddr => $ip,     # OR join(':',$ip,$port) and leave PeerPort blank
                               PeerPort => $port,
                               Type => SOCK_STREAM,
                               Proto => 'tcp') || die $!;

print $socket "POST / HTTP/1.1\r\n";
print $socket "Host: " . join(':',$ip,$port) . "\r\n";
print $socket "Accept-Encoding: gzip\r\n";
print $socket "Authorization: Basic " . $creds . "\r\n";
print $socket "User-Agent: XMLRPC.pl/1.0.1 (does anyone read this?)\r\n";
print $socket "Content-Type: text/xml\r\n";
print $socket "Content-Length: " . length($msgpost)  . "\r\n\n";
print $socket $msgpost;

while (<$socket>) {
    print if $debugmode;
    print "Addy: $1\n" if /\"address\": \"(.*)\",/g;
}



For the hole API table have a look here [4]!


You see this software has the potential to become a nice alternative
CC communication channel. To be honest I wanted to show you a fully
functional BitMessage worm but time ran away and I lost motivation
to fully concentrate me on this very subject.

But I hope that this paper made you curious about Bitmessage and it's
potential. Just imagine a fully autonomous worm communicating through
BitMessage. Simply fascinating!



[1] https://github.com/Bitmessage/PyBitmessage.git
[2] https://bitmessage.org/wiki/Compiling_instructions
[3] http://r3s1stanc3.virii.lu/bitmessage/
[4] https://bitmessage.org/wiki/API_Reference



Perforin - virii@tormail.org - virii.lu