[icq-devel] Any idea?

Daniel Tan datan at seas.upenn.edu
Fri Feb 1 04:48:26 CET 2002

there are two ways they've used before to detect non-official clients.
the first method was using a buffer overflow to detect Microsoft's client 
which was connecting to the AOL servers. It was quite clever. MS'c 
client didn't have the overflow, but AOL's did. Therefore, upon 
receiving a certain packet from the AOL server, the AOL client 
would overflow & execute some arbitrary code in the packet, the 
net effect of which was to allow normal continuation.
the second method is more interesting. It can demand that the client 
send an MD5 hash of the contents of a certain address in memory in 
response to a certain SNAC. Since the address in memory should be 
in aim.exe, the server could verify that you were running an 
official AOL client.

They could conceivably detect ICQ clones in similar ways. There are lots
of unknown parameters all over. Any one of this could conceivably be 
used for some kind of challenge/authentication.

Yonatan Indra Gunawan wrote:
> http://news.com.com/2100-1023-826625.html
> It says that AOL blocked Trillian client from accessing AIM and ICQ.
> Any idea how did they detect the ICQ/AIM clone?
> And will it affect our development effort?
> -------------------------------------------------
> icq-devel - The forum for ICQ protocol discussion
> For unsubscribe and other mailing list info, see:
> http://www.d.kth.se/~d95-mih/icq/icq-devel/

More information about the icq-devel mailing list