[icq-devel] password encryption



Robin Fisher robin at phase3solutions.com
Thu Nov 22 09:49:49 CET 2001


Hey

I broke it firstly by logging the ICQ packets sent to the server, and 
seeing what was changed for different passwords, then I went though and 
figured out how it changed.. This gave me a more complex encoding (and 
decoding) system, but it worked fine..

Later when I joined this list people said to use a Xor system, so I went 
back and re worked my tables, and figured out the Xor encryption table.

So it's by no means almost impossible, or even very hard to do (I managed 
to crack the encryption first time through in about 2 hrs from start to 
finish) since it's a very simple encryption (eg nothing's encrypted 
differently from one session to the next..)

As to reverse engineering the Exe, I've only had very limited experiance 
with that, so I couldn't say how long it'd take (probly not that much for 
someone who knows what their doing, since I don't find debugging/altering 
straight machine code (converted to ASM) when I've needed to do it...) but 
again, that's only a guess...

Robin

At 12:25 PM 20/11/2001 +0530, you wrote:
>hi all !!
>i m tryig to figure out how the password encryption for icq was broken. it
>seems almost
>impossible to me that some1 can break the encryption without reverse
>engineering the .exe !!
>and even then it wud take a lot of time.
>ne directions on this account will b welcome !
>
>Dum Spiro, Spero
>Sunil Negi
>
>-------------------------------------------------
>icq-devel - The forum for ICQ protocol discussion
>For unsubscribe and other mailing list info, see:
>http://www.d.kth.se/~d95-mih/icq/icq-devel/

------------------------------------------------------------
Sometimes you get an almost irresistible urge to go on living.
------------------------------------------------------------




More information about the icq-devel mailing list