Wickr – A Top Secret Messenger App For Linux, Windows, Android, And iOS

Introduction

Wickr is free, peer-to-peer encrypted messaging application for Linux, Windows, iOS, and Android. It was founded by a group of security experts in San Francisco for private communication. They define Wicker as a top secret messenger which means that nobody can track down the wickr users activities. You can send text messages, documents, audio/video, and pictures to a single or group of users. Also, you can retain the ownership of your own messages or media you share with your group. It allows you to set the expiration time to your messages, so the messages will be completely wiped out after a particular period of time. Wickr team assures that no conversions can be tracked or monitored by anyone, even by the Wickr team themselves.

Wickr uses peer-to-peer encryption method to send and receive messages. The messages from the sender doesn’t rely on any central Wickr data centers or on any third party servers. The messages are fully encrypted with AES256 method, and automatically decrypted at the receiver side. The Wickr team doesn’t know what messages are being sent and received, so you don’t have to worry about your privacy. The messages can only be read by you and the recipients on the devices you authorize. Wickr app has a¬†privacy management feature that can be used to either block certain users that you do not want to communicate with or allow you to input which users you want to communicate with.

Wickr doesn’t need or force you to give your mobile number or mail id or any kind of personal information. However, your Internet service provider may find that you’re communicating to an anonymous person. But, they certainly could not find whom you’re talking to, or what you’re talking about.

The Wickr assures the following to the users:

  • We do not upload your contact book to our servers;
  • We do not know anything about you or what you do with Wickr;
  • We do not sell your personal information;
  • We do not store your IP address or UDID;
  • We do not own the messages and media you send via Wickr;
  • We do not have a back door.

Installation

Go to the Wickr downloads page, and get the latest version depending upon your device. Wickr is available for Linux, Windows, Android, and iOS.

As I use Ubuntu 64bit, I downloaded and installed the 64bit package.

Package Installer - wickr_017

Launch it either from Menu or Dash. If you don’t have an existing account, click on the Create New Account button.

Wickr - Top Secret Messenger_001

At present, Wickr doesn’t have an option to reset your forgotten password. So It is very important to note down or memorize your password.

Wickr_002

Enter your username, password, and select the type of your account (ex.Personal), and click Create Account button.

Wickr - Top Secret Messenger_006

Now, login to your Wickr account.

Wickr - Top Secret Messenger_007

You’ll be redirected to your Wickr dashboard. From here, you can add contacts, creating new messages and so on.

Wickr - Top Secret Messenger_008

Add Friends

Click on the Friends button on the left. Click Add friend to add your contacts.

Wickr - Top Secret Messenger_010

Enter your friends Email address, phone number or his/her Wickr ID.

Wickr - Top Secret Messenger_018

Please note that your friend should register his mobile or mail id in his Wickr account. Then only you can find him with his phne number or mail id.

Wickr Settings

Wickr Settings can be found in the bottom left corner of the dashboard. Click on the Settings button to start customize your account.

Here you can add your photo, phone number, mail id etc to make it easy for your friends to find you. Also, you can put the persons you want to block from annoying you in the Block list.

Wickr - Top Secret Messenger_009

Click ID Connections to enter your Email id and phone number. Please note that Wickr have promised that it doesn’t share your details to anyone, and a cryptographical representation of your Email and phone number will be stored on Wickr servers.

Wickr - Top Secret Messenger_019

A confirmation link will be sent your Email or Phone number for verification. Click on the confirmation link from Email or phone to verify your account.

That’s all. Now you can chat with your friends anonymously and securely.

Cheers!

  • ringzerocoder

    Can we revive this topic please? Much has changed.

  • ringzerocoder

    Wickr have released their source code to Git, SORT OF. I’ve successfully
    built it (on Debian 8) and it outputs some runtime libraries which
    support whatever GUI you yourself want to design for an app very much
    like Wickr, but that part is left up to you (NOTE: the build DOES
    produce an extensive command-line suite which tests the runtime
    libraries, and that ran 100% error-free for me).

    I’m thinking
    this model might actually be viable, at least to some extent. If someone
    with enough expertise and fully acquainted with, and fond of, the Wickr
    gui in all its splendor decided to design his OWN gui app using Wickr’s
    runtime libraries from his OWN build of those libraries, he could in
    theory compete with Wickr, which currently is a for-profit business
    which has a business model allowing release of the free “Wickr Me”
    application as well as having a commercial suite of offerings.

  • ringzerocoder

    Wickr have released their source code to Git, SORT OF. I’ve successfully
    built it (on Debian 8) and it outputs some runtime libraries which
    support whatever GUI you yourself want to design for an app very much
    like Wickr, but that part is left up to you (NOTE: the build DOES
    produce an extensive command-line suite which tests the runtime
    libraries, and that ran 100% error-free for me).

    I’m thinking this model might actually be viable, at least to some extent. If someone
    with enough expertise and fully acquainted with, and fond of, the Wickr
    gui in all its splendor decided to design his OWN gui app using Wickr’s
    runtime libraries from his OWN build of those libraries, he could in
    theory compete with Wickr, which currently is a for-profit business
    which has a business model allowing release of the free “Wickr Me”
    application as well as having a commercial suite of offerings.

  • ringzerocoder

    I tried to post the 254 lines showing the breadth and depth of the test suite’s output, but Disqus kinda choked on it. Oh well.

  • ringzerocoder

    Describe:buffer.c
    – it should be able to be created with an existing pointer
    – it should be able to be created with empty bytes
    – it should be able to be created and destroyed with zeroed bytes
    – it should be able to tell you if two buffers are equal
    – it should allow the concatenation of two buffers into one
    – it should allow the concatenation of multiple buffers into one
    – it should allow you to make a deep copy
    – it should allow you to copy out a subsection to a new buffer
    – it should allow you to modify a subsection
    Describe:node.c
    – it should fail generation unless all fields are provided
    – it should generate if all fields are provided
    – it should be able to validate it’s signing chain
    – it should fail validation if it’s current status is failed
    – it should fail validation if it’s identity->node signature is incorrect
    – it should fail validation if it’s ephemeral keypair signature is incorrect
    – it should allow you to rotate the key pair it holds
    – it can be put into a node array
    Describe:wickr_ctx: test generation
    – it can be generated with devInfo and an id
    – it should be able to make a copy of itself
    – it can be generated with devInfo and specified root keys
    – it can be generated with a specified signing key
    – it can export an recovery for you
    – it it can be generated with an recovery + recovery key
    – it can export your recovery key
    – it can be generated with a passphrase, recovery
    Describe:wickr_ctx: test sending packet
    – it should encode packets
    – it should fail to create a packet using a failed identity status
    – it should fail to create a packet using an invalid recipient ephemeral keypair
    – it should fail to create a packet using an invalid recipient signature
    – it should parse packets for non decoding purposes
    – it should parse packets for decoding
    Describe:wickr_ctx: general functions
    – it should be able to export storage keys with a passphrase
    – it should be able to encrypt local data with random IVs
    – it should be able to encrypt remote data with random IVs
    – it should encrypt remote data differently than local data
    – it should be able to generate ephemeral keypairs
    Describe:util.c: getBase64FromData
    – it returns NULL when input is NULL
    – it convert ‘0a0b0c’ to ‘MGEwYjBj’
    – it convert ‘alsijlasdncoaie9323ljrkjslijeflajsflk’ to ‘YWxzaWpsYXNkbmNvYWllOTMyM2xqcmtqc2xpamVmbGFqc2Zsaw==’
    Describe:util.c: getDataFromBase64
    – it returns NULL when input is NULL
    – it convert ‘MGEwYjBj’ to ‘0a0b0c’
    – it convert ‘YWxzaWpsYXNkbmNvYWllOTMyM2xqcmtqc2xpamVmbGFqc2Zsaw==’ to ‘alsijlasdncoaie9323ljrkjslijeflajsflk’
    Describe:util.c: getHexStringFromData
    – it returns NULL when input is NULL
    – it convert 0x0a0b0c0d to ‘0A0B0C0D’
    – it convert 0x0123456789abcdef to ‘0123456789ABCDEF’
    Describe:util.c: getDataFromHexString
    – it returns NULL when input is NULL
    – it convert ‘0A0B0C0D’ to 0x0a0b0c0d
    – it convert ‘0123456789ABCDEF’ to 0x0123456789abcdef
    Describe:cipher: cipher_result
    – it wickr_cipher_result_create with cipher_text returns valid cipher_result
    – it wickr_cipher_result_create with NO cipher_text returns valid cipher_result
    – it wickr_cipher_result_serialize with cipher_textv returns valid serialzed value
    – it wickr_cipher_result_serialize with cipher_text returns same value
    Describe:openssl_file_suite: encodePlainFile
    – it returns true when encode plain text file
    – it plain test file size is correct number of bytes
    – it encrypted file should be plain test file size plus serialized data
    – it pass null values to function
    Describe:openssl_file_suite: decodeCipherFile
    – it returns true when decode cipher file
    – it plain test file size is correct number of bytes
    – it should be binary compatable with memory based GCM encryption
    Describe:openssl_suite: openssl_crypto_random
    – it returns NULL when len > INT_MAX
    – it return non-NULL value when len == 100
    – it return non-NULL value when len == 1000
    – it return non-NULL value when len == 100000
    – it return non-NULL value when len == 1000000
    – it return non-NULL value when len == 10000000
    – it return non-NULL value when len == INT_MAX / 8
    – it return different value in subsequent calls
    Describe:openssl_suite: openssl_cipher_key_random
    – it should produce random keys for the GCM cipher
    – it should produce random keys for the CTR cipher
    Describe:openssl_suite: openssl_aes256_encrypt(ctr), openssl_aes256_decrypt(ctr)
    – it should fail if required inputs are missing
    – it should perform encryption with a random IV if none is provided
    – it should perform encryption with a provided IV
    Describe:openssl_suite: openssl_aes256_encrypt(gcm), openssl_aes256_decrypt(gcm)
    – it should fail if required inputs are missing
    – it should perform encryption with a random IV if none is provided
    – it should perform encryption with a provided IV
    – it should fail if the key is correct but the tag is wrong
    – it should fail if the decryption function is set to only accept authenticated modes and gets an unauthenticated mode
    Describe:openssl_suite: openssl_ec_sign openssl_ec_verify
    – it should create a signature given a key and data using SHA256 digest
    – it should create a signature given a key and data using SHA384 digest
    – it should create a signature given a key and data using SHA512 digest
    – it should serialize the signature to the appropriate length, and be able to deserialize it SHA256
    – it should serialize the signature to the appropriate length, and be able to deserialize it SHA384
    – it should serialize the signature to the appropriate length, and be able to deserialize it SHA512
    Describe:openssl_suite: openssl_ec_rand_key, openssl_ec_key_import
    – it should be able to generate random ec keys
    – it should be able to import private key buffers
    – it should be able to import public key buffers
    Describe:openssl_suite: openssl_sha2(SHA256)
    – it should calculate a proper hash value
    – it should produce salted hashes by appending the salt to the original input
    Describe:openssl_suite: openssl_sha2(SHA384)
    – it should calculate a proper hash value
    – it should produce salted hashes by appending the salt to the original input
    Describe:openssl_suite: openssl_sha2(SHA512)
    – it should calculate a proper hash value
    – it should produce salted hashes by appending the salt to the original input
    Describe:openssl_suite: openssl_ecdh_gen_key
    – it should make a proper 256bit shared secret (A is local)
    – it should make a proper 256bit shared secret (B is local)
    – it should make a proper 384bit shared secret (A is local)
    – it should make a proper 384bit shared secret (B is local)
    – it should make a proper 512bit shared secret (A is local)
    – it should make a proper 512bit shared secret (B is local)
    Describe:openssl_suite: openssl_hmac_create, openssl_hmac_verify
    – it should calculate hmac using sha-256 properly
    – it should calculate hmac using sha-384 properly
    – it should calculate hmac using sha-512 properly
    Describe:openssl_suite: openssl_hkdf
    – it should fail if no key material is provided
    – it should calculate hkdf with salt and info data

  • ringzerocoder

    On another note, for anyone interested, I’ve successfully built the “Signal” Android app from the Git source tree, and successfully tested it on my smartphone. If I can do it, many others surely can; I’m not all that experienced.