Analysis Skype App for Windows (Metro-App) - Version 14.xx
Why this post?
In my last posts I wrote about older Skype Versions and showed a more detailed analysis on Skype for Windows Version 12.7 and higher.As I already mentioned in that posts in the most recent Skype version the underlying structure has changed again.
In this post I will show the underlying structure of the most recent Skype version and some important things to know when analyzing it.
I cannot say with which version exactly this changes were made to the underlying structure. I can just say it has already been changed with Version 14.23, I didn't test all version between 12.7 and 14.23.
The structure
First the general structure
The Skype folder is located under:%USERPROFILE%\AppData\Local\Packages\[Skype_App]
There you will find a structure like this one:
The chat db (formerly skype.db) is located in the subfolder LocalState. There is a database named "s4l-[skypeuser].db".
If there is more than one Skype User used, you will find more than one s4l-[skypeuser].db.
Pictures (sent/recieved): Located in the subfolder LocalCache\FileCache
Things to mention / how things work
I did some testing at which moment a file is generated/deleted.1. The s4l-[skypeuser].db is generated when the skype user logs in the first time on the machine.
BUT: Not all data is then synced with the network. The chat lists are synced, so one can see with whom the Skype account had conversations (so that the user can see in the app his last chats).
The content of these conversations is not synced until the user clicks on the chat in the app. That is important to know because this is different to earlier versions.
2. A folder named [skypeuser] is also generated on the first successful login
In this folder is a file named "config.xml". This one holds information about the last login and Connection Caches and Tokens. Perhaps useful in some way.
The Timestamp of the last login can be found in the second line of this file:
Here 1563870266.4 which is Tue, 23 Jul 2019 08:24:26. UTC. That's correct for my case here.
3. Pictures in the subfolder LocalCache\FileCache:
a) The pictures are stored when they were clicked in the chat by the user. Not earlier. They will not be stored when only the preview was shown in the chat. So you will only find pictures in this folder that were really viewed by the user.
b) Freshly sent pictures are stored in the folder the moment the user sends it in the chat.
c) Only pictures are stored in this folder.
d) The pictures will remains in this folder when the user logs out
e) The pictures will be deleted the moment a different skype user logs in on the same machine with the same windows account.
Internal database structure
The internal database structure has changed a bit.There are a lot of tables in the database file s4l-[skypeuser].db. Similar to the old skype.db.
But e.g. the tables "conversations" and "messages" are now "conversationsv14" and "messagesv12".
The suffixes "v14" and "v12" perhaps mean something like "version". So one could recognize the internal structure in the table by the name. But at the moment that is just guessing from my side. I have not checked this in any way!
The internal structure of the tables themselves also changed.
One example for the table messagesv12:
In the field "nsp_data" is the content of the message and also the timestamps, picture filename (if sent/received), sender and receiver and so on. It is stored in a JSON structure.
My Proceeding
For the point above "Things to mention / How things work" I list here my steps what exactly I have done to test it. So anyone can double check it and can determine all limitations to my results if wanted.1. I logged in into Skype on a freshly installed PC. Than I checked the database, the table "messagesv12" was empty except the message from "convierge". What seems to be something like a Test entry.
Than I clicked on an existing chat in the App and reloaded the databases. Now I could find the messages in the table.
2. I logged in into Skype on a freshly installed PC. Than I checked the filesystem and fonund the folder. IT was not there before. I opened the config.xml and saw e.g. the timestamp IT was close to my login. I decided to logoff and login again and write down the time. Than I checked the timestamp in the *.xml again. It has changed to the new login time.
3. After logged in I opened the folder LocalCache\FileCache, it was empty
a) I clicked in a chat on a picture -> this picture than was stored in the folder
b) I sent a picture that was not already in the folder. After sending it it was in the folder.
c) I sent a pdf file, this one was not in the folder. BUT: this one was in the folder LocalCache\RNManualFileCache. Only for a few minutes than it was deleted automatically.
d) I logged out from skype. The pictures kept in the folder
e) I logged in with another account, all pictures in the folder were gone.
Conclusion
It is necessary to understand that with the most recent Skype version not all data (images/messages) is synced automatically with the device. In older versions this was the case.If more than one Skype User uses the same Skype App one cannot find the pictures of the non-active user in the folder LocalCache\FileCache. Just the pictures from the active user that he has actively clicked/viewed.
Thanks, this blir was very useful.
ReplyDeleteVery nice indeed. But I was looking at one account and I could not find any s4l-[skypeuser].db file in %User%\AppData\Local\MicrosoftPackages\Skype..\LocalState\.. Also, no skype.db.
ReplyDeleteThe account has been used for sure.. Any ideas ?
Hey there, are you sure that the Skype Windows Metro App was used, not the Skype for Desktop one?
DeleteFor the Skype for Desktop App the path is: %USERPROFILE\AppData\Roaming\Microsoft\Skype for Desktop\
But for the Desktop version there is no sqlite database used for chats anymore, they are stored in a log file and a leveldb for the most recent versions.
Just checked my system running most recent Windows and Skype Metro App. Database is still there.