4 comments on “Hello, Hello – What’s your real story? A decode by Philipp Hancke

  1. Most of the advanced features of Google Hangouts are intended to improve multiparty experience, and that’s something that current version of Hello doesn’t support yet. In addition most of those features are Chrome specific and Hello is multiplatform but mostly a Firefox application.

    Regarding the signaling protocol it is not really JSON, it is binary with a JSON payload. But that’s a detail, the analysis is very good.

    I’m not so sure the WS connection to Hello services is not there yet. I can double check it with Mozilla people but I was not aware of that change.

    As you said opening the camera for audio only sessions is to avoid renegotiations, but latest version of Firefox actually do support renegotiations so it is likely that OpenTok and Hello will make use of it very soon.

    The use of DtlsSrtpKeyAgreement is because TokBox has partners still using very old versions of Chrome that we don’t officially support but we try not to break them on purpose either. Anyway we should review that, thank you.

  2. Gustavo: it seems to be fetching a JSON thing with connection information for the room server now. Which makes sense, you don’t want to have a websocket connection open for the non-firefox users.

  3. I’m amused at this analysis, mostly because a quick Yahoo (or Google, I guess) search would have found you all of these answers in a fraction of the time. Being a Mozilla product, all of this is being developed out in the open.

    Note: it seems that in Firefox 34 the protocol for this was changed. Now it no longer seems to use a Websocket connection for anonymous users but goes directly to the TokBox servers.

    The change you’re seeing isn’t version-to-version — it has to do with whether you’re using the rooms (“conversation”) model or the call model. For unaccounted calls, all you can do is send room-oriented links. But if you log in with a Firefox account, you can perform direct calls to other logged-in users in an experience that closely mimics traditional phone calls. This direct-call experience still uses the websocket connection to Mozilla’s servers; if you look at the messages closely, they only serve the purpose of keeping the clients in sync regarding the call setup state.

    By the way, the interfaces Mozilla uses for its servers are probably easier to read about than they are to reverse-engineer. For example: https://docs.services.mozilla.com/loop/apis.html#websockets-apis

    You’ll also see mention that the websockets won’t be used for rooms (“conversations”) in the introductory section of the Rooms architecture document: https://wiki.mozilla.org/Loop/Architecture/Rooms

    TokBox’s stuff is TokBox’s stuff. They don’t document the client interface, and I can’t speak to whether their future plans include doing so. The client library used by Hello, however, is open-source and part of the Firefox repository. Depending on your skillset, you may find reading the source easier than sniffing messages: https://dxr.mozilla.org/mozilla-central/source/browser/components/loop/content/shared/libs/sdk.js

    • hey Adam, the main point here is to demonstrate how to look at the signaling channel. Which makes it a nice companion to “how to look at the api usage” (hangouts) and “how to look at the wire” (mayday).

      If one was just looking for a technical description of Hello I would actually recommend going to a source like hacks.mozilla.org. An article doing that would probably be good given concerns like https://lists.torproject.org/pipermail/tor-talk/2015-January/036615.html

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.