[icq-devel] Direct Connections



Daniel Strecker daniel-strecker at gmx.net
Wed Dec 5 11:34:45 CET 2001


the following are some notes i took when sniffing icq2000b
peer-to-peer connections. i canceled the work on this topic,
because i was not able to figure out the encryption of
this protocol. (e.g. the first quarter of message packets
is encrypted)
i don't know whether this is still up to date, because
the p2p protocols have subversions and the packet headers
differ, dependent on these subversion.

hope it helps,
Daniel Strecker

Initialization Packet (InitPacket)
--------------------------------------------------------------------------
length: 48 (30 00)

This is the first packet that is sent by the connection initiating machine 
when
a TCP connection was established. It is also sent by the accepting machine 
after
the InitResponsePacket.
The version field was 06 00 in icq99b and the ?revision? field had a 
content of
27 00 in icq99b. When i saw a 2000b communicating with a 99b, the packets 
sent
by the 2000b had version 07 00 and ?revision? 27 00.

pos  len       content   designation   description
  0    1            ff   ident         indentification
  1    2         07 00   version       version of used ptp protocol
  3    2         2b 00   ?revision?    ?revision of the TCP protocol 
version?
  5    4   xx xx xx xx   rcv_uin       receiver's uin
  9    2         00 00   x1
 11    2         xx xx   snd_port1     open TCP port on the sender's 
machine for peer to peer communication
 13    2         00 00   x2
 15    4   xx xx xx xx   snd_uin       sender's uin
 19    4   xx xx xx xx   snd_ip_inet   sender's inet IP (in network byte 
order; i.e. D4 52 E6 50  23    4   xx xx xx xx   snd_ip_lan    sender's lan IP (in network byte 
order)
 27    1            xx   tcp_flags     flags, specifying the sender's 
TCP-capabilities (usually 04)
 28    2         xx xx   snd_port2     open TCP port on the sender's 
machine for ptp communication (why so ever twice)
 30    2         00 00   x3
 32    4   xx xx xx xx   ?checksum?    ?some sort of checksum?
 36    4   50 00 00 00   x4
 40    4   03 00 00 00   x5
 44    4   00 00 00 00   x6


Initialization Response Packet (InitResponsePacket)
--------------------------------------------------------------------------
length: 4 (04 00)

This packet is sent by the machine, that accepted the TCP connection, as a
response to an InitPacket. Afterwards, the accepting machine should send
its own InitPacket, which should be answered from the first machine by 
another
InitResponsePacket:
initiating m.: InitPacket
accepting m. : InitResponsePacket
accepting m. : InitPacket
initiating m.: InitResponsePacket

pos  len       content   designation   description
  0    4   01 00 00 00   ?


Message Packet (MsgPacket)
--------------------------------------------------------------------------
length: XX XX

This packet is used to deliver a text message.

pos  len       content   designation   description
  0    1            02   x1            ?
  1    4   xx xx xx xx   x2            ?maybe checksum? (i don't know 
whether this is encrypted)
  5    4   xx xx xx xx   x3            (encryption either starts here, or 
at the preceeding DWORD)
  9    4   xx xx xx xx   x4            ?
 13    4   xx xx xx xx   cryptcode     the 4-byte base code which is used 
for encryption
 17    4   xx xx xx xx   x5            ?
 21    4   xx xx xx xx   x6            ?
 25    4   xx xx xx xx   x7            ?
 29    2         xx xx   msg_length    length (in bytes) of the message 
body, including termination
 31 xxxx           ...   msg_body      message body (zero terminated)
  X    4   00 00 00 00   x8            ?
  X    4   ff ff ff 00   x9            ?

The official ICQ2000b allows a maximum of 7000 chars + 1 byte 
zero-termination
per message.


More information about the icq-devel mailing list