[icq-devel] Any idea?
datan at seas.upenn.edu
Fri Feb 1 04:48:26 CET 2002
there are two ways they've used before to detect non-official clients.
the first method was using a buffer overflow to detect Microsoft's client
which was connecting to the AOL servers. It was quite clever. MS'c
client didn't have the overflow, but AOL's did. Therefore, upon
receiving a certain packet from the AOL server, the AOL client
would overflow & execute some arbitrary code in the packet, the
net effect of which was to allow normal continuation.
the second method is more interesting. It can demand that the client
send an MD5 hash of the contents of a certain address in memory in
response to a certain SNAC. Since the address in memory should be
in aim.exe, the server could verify that you were running an
official AOL client.
They could conceivably detect ICQ clones in similar ways. There are lots
of unknown parameters all over. Any one of this could conceivably be
used for some kind of challenge/authentication.
Yonatan Indra Gunawan wrote:
> It says that AOL blocked Trillian client from accessing AIM and ICQ.
> Any idea how did they detect the ICQ/AIM clone?
> And will it affect our development effort?
> icq-devel - The forum for ICQ protocol discussion
> For unsubscribe and other mailing list info, see:
More information about the icq-devel