Paltalk messenger do not work anymore in the new versions

[badrelmers]

Describe the problem
The Paltalk messenger was working fine with the old Sandboxie-plus versions, it stopped working exactly from the version https://github.com/sandboxie-plus/Sandboxie/releases/tag/0.9.8
I tested this new versions too but still not working:
https://github.com/sandboxie-plus/Sandboxie/releases/tag/0.9.8d
https://github.com/sandboxie-plus/Sandboxie/releases/tag/1.0.3
the last working version is: https://github.com/sandboxie-plus/Sandboxie/releases/tag/0.9.7e

To Reproduce

1. Download the classic Paltalk version from here: https://origin-downloads.paltalk.com/download/0.x/classic/
   or directly from here: https://origin-downloads.paltalk.com/download/0.x/classic/pal_install.exe
2. install it inside a sandbox using any sandboxie version from 0.9.8+
3. start Paltalk from say: "D:\Sandbox\LLED2\Paltalk\drive\D\Program Files (x86)\Paltalk Messenger\paltalk.exe"
4. it will show a window and hang there, nothing happen after that:
   

Expected behavior
in version 0.9.7e and older ones paltalk works fine and show this:

System details and installed software

• I use win 7 sp1
• I have no antivirus installed

log
Sbie Messages

18:35:56.703   paltalk.exe (4060): SBIE2303 Could not hook NdrClientCall2 (33, 487)      
18:35:56.707   paltalk.exe (4060): SBIE2318 DLL initialization failed for 'rpcrt4.dll'   
18:35:57.034   paltalk.exe (1656): SBIE2303 Could not hook NdrClientCall2 (33, 487)      
18:35:57.040   paltalk.exe (1656): SBIE2318 DLL initialization failed for 'rpcrt4.dll' 

Trace Log
log.txt

Sandboxie configuration
I used the default configuration , nothing changed at all

Thank you.

[DavidXanatos]

This is strange i tryed the tool and it seams to work fine on 1.0.3
but the reported error is very plausible based on the changed between the 2 version.
Could you please try the latest pre release build.

Also do I need to login or is the gray window asking for login already success?

[badrelmers]

I already tested the last version 1.0.3 and did not work too

this window means success:

if it shows the window as the above picture then it works fine (you will not be able to create an account, it is normal , we create accounts using another method but this is another story).

did you get that window in your test!?

I tested with every possible combination of options, and I disabled all the isolations too but did not work.

[DavidXanatos]

Yes I got that window.
I have a windows 7 X64 SP1 with all updates installed

From that you wrote I can see that you also have a 64 bit windows and you say its SP1 so it should be mostly the same,
i don't believe a windows update would change that much, but in order to examine that in depth please send me the rpcrt4.dll files from the windows\system32 as well as from windows\SysWOW64 folders

Do you have any other security software than an antivirus, some HIPS/firewall perhaps?

[DavidXanatos]

I think i found the difference!
I needed to enable IpcTrace=* only then NdrClientCall2 is being hooked.
Then i also go the error messages, however the window still appeared (!)
Sooo... to solve your issue temporary please disable IPC tracing

I'll work on a proper fix for build 1.0.4 asap

[badrelmers]

here is rpcrt4.dll from both system folders: rpcrt4.zip

I have no HIPS but I do have the default windows firewall activated and managed by https://www.binisoft.org/wfc.php

I too have win7 64 with all updated except few ones
I have all the listening ports closed, I mean I disabled anything that listens on a port
I have deleted all the default windows firewall rules and I allow only the application I need

[badrelmers]

I have IPC tracing disabled, I enabled it only to get the log, but in all my tests it was already disabled (i mean i did not include IpcTrace=* in the ini in my tests)

[DavidXanatos]

So what is the behavior if you have no IPC tracing, you shouldn't get the NdrClientCall2 message anymore, os that so?
So without IPC tracing enabled the small window would show and than nothing the large one would not appear.
That's not what happens on my system, here it works teh samll windows apepars only for a short while followed by the big one.
IPC tracing only causes the error message but nothing more, it also works with it.

Really strange, WFC is harmless and windows FW config irrelevant here.

Not sure what then why it woks for me but not for you.

[badrelmers]

I just tested in a VM using virtualbox with a win7 64 with defaults settings (default services...etc) + all the updates. and it works fine!!

so maybe it is something related to how I configure my win7 , I will investigate it and inform you (Now I m thinking that maybe this happens because I separate/split the svchost services which already broken a lot of things in the past)

but it is strange that the old versions worked with this same setting of my actual win 7, I will investigate it

thank you very much for your help sir.

[badrelmers]

I found the problem.
if you disable and stop this service WinHttpAutoProxySvc (WinHTTP Web Proxy Auto-Discovery Service) then the problem happens.
so a default win 7 + all updates + disabled WinHttpAutoProxySvc = this bug

But enabling this service bring some known security concerns:
https://resources.infosecinstitute.com/topic/hacking-clients-wpad-web-proxy-auto-discovery-protocol/
https://www.netsurion.com/catches/man-in-the-middle-disrupted-at-multi-national

why paltalk worked with WinHttpAutoProxySvc disabled in the old sandboxie versions but did not work with the new versions?
can I do anything to keep WinHttpAutoProxySvc disabled and solve my paltalk problem in the new sandboxie-plus versions?

Thank you.

[DavidXanatos]

I will investigate that, it must be some change in some error handlign when the wervice is not found, i just need to find out the difference and fix it.

[badrelmers]

it works wonderfully thank you soooo much sir.

[PaltalkDDOS]

https://groups.google.com/g/developerpaltalk