SecureIM

AIM Encryption
by Jason von Nieda

[News] [Download] [Docs] [FAQ] [Donate]

SecureIM is an encrypting proxy server for AOL Instant Messenger which provides strong encryption for AIM. It sits on the network between your computer and AOLs servers and allows you to have completely secure conversations over what is normally a unsecure protocol. Without SecureIM your conversations over AIM are in easy to read HTML and anyone with a network sniffer can read them. SecureIM uses 2048 bit RSA key enchange and 256 bit BlowFish encryption to make sure that the only people that can read what you are saying are the people you are saying it to.SecureIM is currently in the beta stage. I am using it on a daily basis on all my computers and some of my friends are using it for testing purposes. New releases are not guaranteed to be compatible with previous releases until I release version 1.0. Until then, if you would like to try it out you can download the current release below.SecureIM will be undergoing a name change before version 1.0 since there are about 10,000 other projects with the same name. When I started writing this I had to give it a name (so I could save the files 🙂 and that was the first thing that popped into my head. If you have some wonderful ideas for names let me know 🙂

SecureIM is free software. You can download, use and redistribute the executable to your hearts content. The source code for SecureIM will eventually be released under the FreeBSD license but not until I am happy with the base functionality. As with all free software, you use this software entirely at your own risk.

News

  • Secway has an encryping proxy server similar to SecureIM that works with all the popular IM protocols and does many of the things I never got around to doing with SecureIM. I don’t know if it’s secure or not, being that they don’t release their source code but if you are willing to trust encryption without seeing the source it seems like a really good product. They have free versions for each individual protocol and a retail version that handles them all. Check em out!
  • A concerned netizen has put up a great guide to getting a free certificate that you can use with the newer versions of AIM. Read his guide here and use encryption. There’s no good reason not to!
  • The latest beta of AIM is now offering built in encryption. While some might expect me to see this as bad news, I think it’s great news. It should have been there in the first place, and then I would not have had to write SecureIM. The AIM encryption is well integrated for use but setting it up is a little difficult. I think that they expect you to use AIM Enterprise Services but I was able to make it work with a free personal email certificate from Thawte. Just go through the process to get your “FREE personal email certificate”, and save it into Internet Explorer. Then go into IE, Tools->Internet Options->Content->Certificates->Personal Certificates, double click the “Thawte Freemail Member” certificate, select Details and hit Copy to File… Choose Yes to export the private key, and select “Include all certificates in the certification path if possible” and save the file somewhere handy.Now, back in AIM go to Edit Preferences, Security, Advanced and Import Certificate. Find the file you created a moment ago and you should be in business. Once your certificate is imported a little lock will appear next to your name in your buddy list (if you have yourself as a buddy) and conversations with other people with locks should be encrypted automatically.If you happen to get all set up, drop me a line. I’d like to see it work with some other folks :)Interestingly, using this feature seems to crash SecureIM. I did a little tracing and it looks like AIM is sending the messages over the normal channels, encrypted but not encoded. AIM doesn’t expect to see multiple NULL characters in the messages so I think that’s the problem. I’ll come up with a fix for that soon.
  • 0.9.4 is out. It fixes some long standing bugs and includes lots of new code for the final feature release, none of which is finished. I definitly recommend you upgrade to 0.9.4 because of the things it fixes and 0.9.5 will be soon to come.
  • 0.9.3 is out. It’s mostly a maintenance release but fixes a few small bugs. SecureIM should play nicer with Wine now. You folks come up with some interesting configurations for me to deal with 🙂
    0.9.4 will be a little longer in the making. It will include a mechanism for seeing if a person’s key has changed (to stop MITM attacks) and will try to automatically secure sessions with people you have been secure with before. Hopefully 0.9.4 will be the last beta before 1.0!
  • I think I have decided on a new name for SecureIM. With the help of dozens of friends and family (okay, just Jonathan) the name is IMpervious. Tell me what you think!

    Download

    Download Version Major Changes
    SecureIM-0.9.4.exe 0.9.4 Tray icon now magically reappears after a explorer.exe crash.

    Init message is now sent to the person initializing a session as well as the person receiving so you can tell it’s working.

    Fixed a fairly massive bug with the proxy in general. Non FLAP connections were not being proxied correctly which would result in some weird things breaking. Most importantly, if you have been trying to upgrade AIM and it wasn’t working, it will now 🙂

    SecureIM-0.9.3.exe 0.9.3 Made RNG not rely on a OS supplied RNG if one is not provided. This makes SecureIM work properly in Wine. (Thanks Joshua Wise)

    Installer now forces you to close SecureIM or won’t continue.

    Installer offers to start SecureIM after it’s done.

    All secure sessions are now invalidated if you log out.

    SecureIM-0.9.2.exe 0.9.2 Fixed a crashing bug that appeared in the AIM Beta 5.1.3009 related to the new smileys. (Thanks Jonathan Von Nieda)

    Minor tweaks and adjustments.

    New installer.

    SecureIM-0.9.1.exe 0.9.1 New installer.

    Changes to initial setup dialogs.

    Program warns you if you try to exit with active connections.

    SecureIM-0.9.0.exe 0.9.0 First public release.

    Documentation

    Click here to read the current Readme.txt for SecureIM.

    If you would like to try talking securely to someone you know uses SecureIM, my AIM screen name is BlinkenLts and I am on AIM almost all the time.

    Please feel free to contact me with any questions, problems, bugs, feedback or anything else. I want to know what you think!

    FAQ

    1. I can’t log in to AIM any more!
      Once SecureIM is installed you must run it to log in to AIM. If you want to disable it you just need to turn off
      the proxy in the AIM configuration. Look under Preferences, Sign On/Off, Connection and uncheck “Connect using proxy”.
    2. How do I use SecureIM with Gaim, Trillian, any other AIM client?If your AIM client supports SOCKS4 proxy then you can use SecureIM. Just turn on the SOCKS4 proxy, set the proxy hostname or IP to 127.0.0.1 and the proxy port to 26935.
    3. Does SecureIM work under Wine?
    4. Joshua Wise says: For the HOWTO on SecureIM in WINE – Tested with a native Win2k partition, point WINE at it start SecureIM. It takes ~30 seconds to come up, answer ‘yes’ to its questions.

    Donations

    If you would like to donate a little something to me, click the button below but don’t feel obligated, please. I write this stuff cause I love doing it, and you should use it cause you love using it 🙂