phpjavascripthashhotmailwindows-live

Windows live api get email contact vs email hash


I am trying to get email contact from hotmail with php or javascript. I have read that windows live api return only hash of the email contact, and it is proved by the code example: http://isdk.dev.live.com/ISDK.aspx

But some web site like facebook can retrieve the plaintext of email contact from hotmail. How it is possible?

Thanks a lot.


Solution

  • You can test this code (dont forget to [SECRET API KEY] with your api key) :

    <?php
    function isEmail($email) {
    return filter_var($email, FILTER_VALIDATE_EMAIL);
    }
    
    function unfucked_base_convert ($numstring, $frombase, $tobase) {
    $chars = "0123456789abcdefghijklmnopqrstuvwxyz";
    $tostring = substr($chars, 0, $tobase);
    
    $length = strlen($numstring);
    $result = '';
    for ($i = 0; $i < $length; $i++) {
        $number[$i] = strpos($chars, $numstring{$i});
    }
    do {
        $divide = 0;
        $newlen = 0;
        for ($i = 0; $i < $length; $i++) {
            $divide = $divide * $frombase + $number[$i];
            if ($divide >= $tobase) {
                $number[$newlen++] = (int)($divide / $tobase);
                $divide = $divide % $tobase;
            } elseif ($newlen > 0) {
                $number[$newlen++] = 0;
            }
        }
        $length = $newlen;
        $result = $tostring{$divide} . $result;
    }
    while ($newlen != 0);
    return $result;
    }
    
    function hexaTo64SignedDecimal($hexa) {
    $bin = unfucked_base_convert($hexa, 16, 2);
    if(64 === strlen($bin) and 1 == $bin[0]) {
        $inv_bin = strtr($bin, '01', '10');
        $i = 63;
        while (0 !== $i) {
            if(0 == $inv_bin[$i]) {
                $inv_bin[$i] = 1;
                $i = 0;
            }
            else {
                $inv_bin[$i] = 0;
                $i–;
            }
        }
        return '-'.unfucked_base_convert($inv_bin, 2, 10);
    }
    else {
        return unfucked_base_convert($hexa, 16, 10);
    }
    } 
    
    function email2nickname($email) {
    $output = str_replace(array('.', '-', '_', ',', ':'), ' ', substr($email, 0, strpos($email, '@')));
    $output = str_replace(array(0, 1, 2, 3, 4, 5, 6, 7, 8, 9), '', $output);
    $output = ucwords($output);
    return $output;
    }
    
    function grabLiveContacts($token) {
    if(!empty($token)) {
        $HOTMAIL_CLIENT_SECRET='[SECRET API KEY]';
                parse_str(urldecode($token), $parsedToken);
    
                $token = base64_decode($parsedToken['delt']);
                $cryptkey = substr( hash('sha256', 'ENCRYPTION' . $HOTMAIL_CLIENT_SECRET, true), 0, 16);
                parse_str(mcrypt_decrypt(MCRYPT_RIJNDAEL_128, $cryptkey, substr($token, 16), MCRYPT_MODE_CBC, substr($token, 0, 16)),$result);
    
                $intlid = hexaTo64SignedDecimal($parsedToken['lid']);
    
        $url = 'https://livecontacts.services.live.com/users/@C@'.$intlid.'/rest/livecontacts';
    
        $headers = array(
            'Authorization: DelegatedToken dt="'.$parsedToken['delt'].'"'
        );
    
        $ch = curl_init($url);
        curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
        curl_setopt($ch, CURLOPT_TIMEOUT, 60);
        curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE);
        curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
        $data = curl_exec($ch);
    
                $xml = new SimpleXMLElement($data);
    
        $grab = array();
    
        $grab['user'] = array(
            'name'=>trim(strval($xml->Owner->Profiles->Personal->DisplayName)),
            'email'=>trim(strval($xml->Owner->WindowsLiveID)), 'token'=>$token
        );
        $grab['contacts'] = array();
    
        foreach ($xml->Contacts->Contact as $entry) {
            $name = trim(strval($entry->Profiles->Personal->DisplayName));
                        if (isset($entry->Emails->Email->Address)){
            $email = trim(strval($entry->Emails->Email->Address));
            if(!empty($email)) {
                if(empty($name)) {
                    $name = trim(strval($entry->Profiles->Personal->FirstName));
                    $name .= ' '.trim(strval($entry->Profiles->Personal->LastName));
                    $name = trim($name);
                }
                if(empty($name)) {
                    $name = trim(strval($entry->Profiles->Personal->NickName));
                }
                if(empty($name) or isEmail($name)) {
                    $name = email2nickname($email);
                }
                $grab['contacts'][] = array('name'=>$name, 'email'=>$email);
            }
                        }
        }
    
        return $grab;
    }
    else return false;
    }
    
    if(isset($_POST['ConsentToken'])) {
    
    $grab = grabLiveContacts($_POST['ConsentToken']);
    
        foreach ($grab['contacts'] as $contact){
            if (isset($contact['email'])){
            echo($contact['email']."</br>");
            }
        }
    
    
    
    }
    
    ?>