From mds1281@ritvax.isc.rit.edu Mon May 4 14:16:17 1998 Date: Fri, 24 Apr 1998 17:21:11 +0000 From: Matt Smith Reply-To: icq-devel@tjsgroup.com To: icq-devel@tjsgroup.com Subject: Re: [ICQdev] the ICQ API.. > > What about sharing your findings about the v4 protocol? > No problem here goes. I haven't figured everything out yet but if you have access to some snooping log files this should help. This is only for the loging packet. All numbers are hex. The first to byte are the version of course 0x0004 Bytes 0c-0f are the encrypted UIN which must be XORed with the key to retrieve the actual value. How to get the key: The key is stored in 08-0b and 04-05. 05 should be equal to 09. now the key is like this (intel order so the first byte is low order ) Numbers represent position in the packet. 04 09 XX 0b XX is a bit tricky if 04 = 08 +1 then xx = 0a - 1 and if 04 = 08 - 1 then xx = 0a + 1 The password is still plaintext and starts at 1c with a 2 byte length including the null followed by the null terminated password. This is followed by 98 00 00 00 which is probably the version. Then the IP followed by 04 00 01 00 03 00 00 00 00 after this come the 4 byte status I think then 00 98 00 ends it up which looks like another version thing. There's still a bunch of fields that I don't know what they are. It's possible they're other keys or more encrypted data. I think the command ( bytes 02 03 ) is encrypted also since it's always different even on different login packets. Currently most of my effort is going to improving Micq so hopefully this is enough for some one else to start to work out the protocol. It's possible that the same key is used thoughout but that would be bad for security course so is transmitting a plaintext key :) -- Matt ===================================================== The "unoffical, not-sponsored-by-Mirabilis-one-bit" ICQ Clone Development List