From daus01@gel.usherb.ca Mon Jul  6 13:06:11 1998
Date: Fri, 19 Jun 1998 13:58:21 -0400
From: Sebastien Dault <daus01@gel.usherb.ca>
Reply-To: icq-devel@tjsgroup.com
To: icq-devel@tjsgroup.com
Subject: [ICQdev] New version of Encryption doc

==========================================================
= ENCRYPTION and CHECKCODE of the ICQ Protocol V3 and V4 =
==========================================================

Last update:  June 19 1998
Created by :  Sebastien Dault (daus01@gel.usherb.ca)
Version    :  0.02

Copyright (C) 1998


About this document
-------------------

This document will explain how the ENCRYPTION work and how the CHECKCODE
is calculated in the version 3 and 4 of the ICQ Protocol.

This document will not explain each command of the protocol.

Note that I am in no way affiliate with Mirabilis. I have found all these
information by tracing UDP packets (this complies with Mirabilis License
agreement). These information are unofficial and may be incorrect.


LICENSE AGREEMENT
=================

This document and the information present herein is provided by
Sebastien Dault ("the Author") for your personal use only. You agree to
the full responsibility for the results of your use of this document or
the information present herein.

By using this document or the information present herein, you accept
the terms of this license agreement.

THIS INFORMATION IS PROVIDED ON AN "AS IS" BASIS. THE AUTHOR MAKES NO
WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THOSE OF
MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE, WITH RESPECT TO THIS
DOCUMENT AND THE INFORMATION PRESENT HEREIN. THE AUTHOR DOES NOT WARRANT,
GUARANTEE OR MAKE ANY REPRESENTATIONS REGARDING THE USE OR THE RESULTS OF
THE USE OF THIS DOCUMENT OR THE INFORMATION PRESENT HEREIN, IN TERMS OF THE
ACCURACY, RELIABILITY, QUALITY, VALIDITY, STABILITY, COMPLETENESS,
CURRENTNESS, OR OTHERWISE. THE ENTIRE RISK OF USING THE INFORMATION PRESENT
IN THIS DOCUMENT IS ASSUMED BY THE USER.

IN NO EVENT WILL THE AUTHOR BE LIABLE TO ANY PARTY (i) FOR ANY DIRECT,
INDIRECT, SPECIAL, PUNITIVE, INCIDENTAL OR CONSEQUENTIAL DAMAGES (INCLUDING,
BUT NOT LIMITED TO, DAMAGES FOR LOSS OF BUSINESS PROFITS, BUSINESS
INTERRUPTION, LOSS OF PROGRAMS OR INFORMATION, AND THE LIKE), OR ANY OTHER
DAMAGES ARISING IN ANY WAY OUT OF THE AVAILABILITY, USE, RELIANCE ON, OR
INABILITY TO USE THIS DOCUMENT OR THE INFORMATION PRESENT HEREIN, EVEN IF
THE AUTHOR HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES, AND
REGARDLESS OF THE FORM OF ACTION, WHETHER IN CONTRACT, TORT, OR OTHERWISE;
OR (ii) FOR ANY CLAIM ATTRIBUTABLE TO ERRORS, OMISSIONS, OR OTHER
INACCURACIES IN, OR DESTRUCTIVE PROPERTIES OF ANY INFORMATION.



Number convention
=================

0x12345678  : Real value in hexadecimal (use in calculations).

78 56 34 12 : Hex dump value.

NOTE: All the number in this document are in HEXA.



Packet Format
=============

The UDP packet sent from the client to the server has the following general
layout:

VERSION 4 (in decrypted format):
---------

 Length   Content (if fixed)    Name
 ------   ------------------    ----
 2 bytes  04 00                 VERSION
 4 bytes  xx xx 00 00           RANDOM NUMBER
 2 bytes  xx xx                 COMMAND
 2 bytes  xx xx                 SEQ_NUM1
 2 bytes  xx xx                 SEQ_NUM2
 4 bytes  xx xx xx xx           UIN
 4 bytes  xx xx xx xx           CHECKCODE
 variable                       PARAMETERS


Some field in the version 4 are encrypted (see ENCRYPTION below).


VERSION 3:
---------

 Length   Content (if fixed)    Name
 ------   ------------------    ----
 2 bytes  03 00                 VERSION
 2 bytes  xx xx                 COMMAND
 2 bytes  xx xx                 SEQ_NUM1
 2 bytes  xx xx                 SEQ_NUM2
 4 bytes  xx xx xx xx           UIN
 4 bytes  xx xx xx xx           CHECKCODE
 variable                       PARAMETERS



ENCRYPTION
==========

If you want to encrypt or decrypt a packet, use the following algorithm:
(the algorithm is the same for the ecryption AND decryption)

1. Calculate the following:

      Calculate the CHECKCODE  (see next section)
      (or take it from the packet if you are decrypting (position 10-13)
       and don't forget to reverse it in a DWORD format (reverse bytes
order))

      PL = Packet length

      CODE1 = (DWORD) (PL * 0x66756B65)       (flush the overflow)

      CODE2 = (DWORD) (CODE1 + CHECKCODE)   (flush the overflow)

      N = (PL + 3) DIV 4

      POS = 0

2. Do the following loop:

      while POS < N do
      begin

         T = POS MOD 0x0100

         CODE3 = CODE2 + TABLE[T]      (see TABLE section)

         DATA = DWORD at position POS in the packet
                (don't forget to reverse the byte order)

         DATA = DATA XOR CODE3

         DWORD at position POS in the packet = DATA
         (don't forget to reverse the byte order)

         POS = POS + 4

      end

3. Replace the 2 first byte with 04 00 and you have your encrypted or
   decrypted packet


EXEMPLE
=======

Suppose that you want to decrypt the following login packet:

  04 00 E6 9E EA D5 50 DF EB D5 B9 DC 35 62 CD DC
  54 D3 48 0C 15 54 74 35 39 09 00 00 07 00 36 64
  39 37 32 31 00 9D 00 00 00 ef 23 43 23 04 00 00
  01 00 04 00 00 00 00 00 00 00 00 00 9D 00

  (note: this is not my UIN and not my password)

  CHECKCODE = 54 D3 48 0C = 0x0C48D354

  PL = 0x3E  (packet length)

  CODE1 = PL * 0x66756B65 = 0x3E * 0x66756B65 = 0xD0700276
          (flush the overflow)

  CODE2 = CODE1 + CHECKCODE = 0x0C48D354 + 0xD0700276 = 0xDCB8D5CA
          (flush the overflow)

  N = (PL + 4) DIV 4 = (0x3E + 4) DIV 4 = 0x10

  POS = 0

  Loop 1:
    T = POS MOD 0x0100 = 0 MOD 0x0100 = 0
    CODE3 = CODE2 + TABLE[T] = 0xDCB8D5CA + TABLE[0]
          = 0xDCB8D5CA + 0x0A =0xDCB8D5D4
    DATA = 04 00 E6 9E = 0x9EE60004
    DATA = DATA XOR CODE3 = 0x9EE60004 XOR 0xDCB8D5D4 = 0x425ED5D0
    PACKET[0..3] = D0 D5 5E 42
    POS = POS + 4 = 0 + 4 = 4
    POS < 0x10 ? , yes, we continue

  Loop2:
    T = POS MOD 0x0100 = 4 MOD 0x0100 = 4
    CODE3 = CODE2 + TABLE[T] = 0xDCB8D5CA + TABLE[4]
          = 0xDCB8D5CA + 0x20 = 0xDCB8D5EA
    DATA = EA D5 50 DF = 0xDF50D5EA
    DATA = DATA XOR CODE3 = 0xDF50D5EA XOR 0xDCB8D5EA = 0x03E80000
    PACKET[4..7] = 00 00 E8 03
    POS = POS + 4 = 4 + 4 = 8
    POS < 0x10 ? , yes, we continue

  Loop3:
    T = POS MOD 0x0100 = 8 MOD 0x0100 = 8
    CODE3 = CODE2 + TABLE[T] = 0xDCB8D5CA + TABLE[8]
          = 0xDCB8D5CA + 0x20 = 0xDCB8D5EA
    DATA = EB D5 B9 DC = 0xDCB9D5EB
    DATA = DATA XOR CODE3 = 0xDCB9D5EB XOR 0xDCB8D5EA = 0x00010001
    PACKET[8..0x0B] = 01 00 01 00
    POS = POS + 4 = 8 + 4 = 0x0C
    POS < 0x10 ? , yes, we continue

  Loop4:
    T = POS MOD 0x0100 = 0x0C MOD 0x100 = 0x0C
    CODE3 = CODE2 + TABLE[T] = 0xDCB8D5CA + TABLE[0x0C]
          = 0xDCB8D5CA + 0x20 = 0xDCB8D5EA
    DATA = 35 62 CD DC = 0xDCCD6235
    DATA = DATA XOR CODE3 = 0xDCCD6235 XOR 0xDCB8D5EA = 0x0075B7DF
    PACKET[0x0C..0x0F] = DF B7 75 00
    POS = POS + 4 = 0x0C + 4 = 0x10
    POS < 0x10 ? , no, we stop

  After changing the 2 first byte with 04 00 we have the decrypted packed:

  04 00 5E 42 00 00 E8 03 01 00 01 00 DF B7 75 00
  54 D3 48 0C 15 54 74 35 39 09 00 00 07 00 36 64
  39 37 32 31 00 9D 00 00 00 ef 23 43 23 04 00 00
  01 00 04 00 00 00 00 00 00 00 00 00 9D 00

You can use the same algorithm to encrypt a packet. The only difference
is that you have to calculate the CHECKCODE before.



CHECKCODE
=========

The checkcode is calculated base on the DECRYPTED data of the packet.
The version 3 and version 4 of the protocol use the same algorithm
to create the checkcode but the position of the checkcode in the packet
will differ. (position 10-13 in V4 and position 0C-0E in V3)

If you want to calculate a checkcode do the following:

1. Found NUMBER1 formed by:
     B8 = Byte at position 8 of the packet. (starting at position 0)
     B4 = Byte at position 4 of the packet.
     B2 = Byte at position 2 of the packet.
     B6 = Byte at position 6 of the packet.

   NUMBER1 = 0x B8 B4 B2 B6       (B8 = UPPER BYTE, B6 = LOWER BYTE)

2. Calculate the following:
     PL = Packet length
     R1 = a random number beetween 0 and (PL - 04)  (offen 00 in V3)
     R2 = another random number beetween 0x00 and 0xFF


3. Found NUMBER2:

     X4 = R1

     If X4 equal the position of a byte of the CHECKCODE in the packet
     (0x10-0x13 in V4, 0x0C-0x0E in V3), choose another random number R1
     and restart step 3.

     X3 = NOT (BYTE at pos X4 in the packet)

     X2 = R2

     X1 = NOT (BYTE at pos X2 in the TABLE)  (see TABLE section)

     NUMBER2 = 0x X4 X3 X2 X1     (X4 = UPPER BYTE, X1 = LOWER BYTE)


4. You can now calculate the checkcode:
     CHECKCODE = NUMBER1 XOR NUMBER2

     The byte order of the checkcode must be reverse (because it is a DWORD)
     in the packet.


EXAMPLE
=======

We want to calculate the checkcode on the following packet :

  03 00 0A 00 01 00 01 00 12 34 56 78 00 00 00 00
        B2    B4    B6    B8

  1. NUMBER1 = 0x B8 B4 B2 B6 = 0x 12 01 0A 01 = 0x12010A01

  2. PL = 0x10
     R1 = 0x00 (random between 00 and 0C (10-04))
     R2 = 0x7F (random between 00 and FF)

  3. X4 = R1 = 00

     X3 = NOT (PACKET[X4]) = NOT (PACKET[00]) = NOT (03) = 0xFC

     X2 = R2 = 0x7F

     X1 = NOT (TABLE[X2]) = NOT (TABLE[0x7F]) = NOT (0x6F) = 0x90

     NUMBER2 = 0x X4 X3 X2 X1 = 0x 00 FC 7F 90 = 0x00FC7F90

  4. CHECKCODE = NUMBER1 XOR NUMBER2 = 0x12010A01 XOR 0x00FC7F90 =
0x12FD7591

So the final packet will be:

  03 00 0A 00 01 00 01 00 12 34 56 78 91 75 FD 12



TABLE
=====

The algorithmes use a table of constant to found some numbers.

TABLE[X] mean data at position X in the table (starting at position 0).

POS   DATA                                               ASCII
---   -----------------------------------------------    ----------------
 00 - 0A 5B 31 5D 20 59 6F 75 20 63 61 6E 20 6D 6F 64    .[1] You can mod
 10 - 69 66 79 20 74 68 65 20 73 6F 75 6E 64 73 20 49    ify the sounds I
 20 - 43 51 20 6D 61 6B 65 73 2E 20 4A 75 73 74 20 73    CQ makes. Just s
 30 - 65 6C 65 63 74 20 22 53 6F 75 6E 64 73 22 20 66    elect "Sounds" f
 40 - 72 6F 6D 20 74 68 65 20 22 70 72 65 66 65 72 65    rom the "prefere
 50 - 6E 63 65 73 2F 6D 69 73 63 22 20 69 6E 20 49 43    nces/misc" in IC
 60 - 51 20 6F 72 20 66 72 6F 6D 20 74 68 65 20 22 53    Q or from the "S
 70 - 6F 75 6E 64 73 22 20 69 6E 20 74 68 65 20 63 6F    ounds" in the co
 80 - 6E 74 72 6F 6C 20 70 61 6E 65 6C 2E 20 43 72 65    ntrol panel. Cre
 90 - 64 69 74 3A 20 45 72 61 6E 0A 5B 32 5D 20 43 61    dit: Eran.[2] Ca
 A0 - 6E 27 74 20 72 65 6D 65 6D 62 65 72 20 77 68 61    n't remember wha
 B0 - 74 20 77 61 73 20 73 61 69 64 3F 20 20 44 6F 75    t was said?  Dou
 C0 - 62 6C 65 2D 63 6C 69 63 6B 20 6F 6E 20 61 20 75    ble-click on a u
 D0 - 73 65 72 20 74 6F 20 67 65 74 20 61 20 64 69 61    ser to get a dia
 E0 - 6C 6F 67 20 6F 66 20 61 6C 6C 20 6D 65 73 73 61    log of all messa
 F0 - 67 65 73 20 73 65 6E 74 20 69 6E 63 6F 6D 69 6E    ges sent incomin
---   -----------------------------------------------    ----------------

Example : TABLE[0]    = 0x0A
          TABLE[0xF2] = 0x73

Note: A lot of UDP packet was check to recreate this table, but some
      data may be incorrect.


--------------------
Sebastien Dault
daus01@gel.usherb.ca


          =====================================================
          The "unoffical, not-sponsored-by-Mirabilis-one-bit"
          ICQ Clone Development List