[icq-devel] Clone recognition.

Rüdiger Kuhlmann icq-list-oWUpAQCWC2r4 at ruediger-kuhlmann.de
Fri Nov 1 17:32:53 CET 2002

>--[Fabrice Michellonet]--<fabrice.michellonet at wanadoo.fr>

> browsing the differents ICQ protocol databases & related docs, i discovered
> some clones use differents tricks to recognize themself and to get version
> info. I think some uses special flags in the snac (0x1, 0x1E)

"special flags" translates to "(ab)uses time stamps for version information".

> other have created new capabilities [i.e trillian]

Either a fixed capability (Trillian, licq (probably unintentional)) or a
capability with version embedded (sim, mICQ CVS (undocumented because
subject to change)).

> So my question is, is it safe to let AOL recognize our clone ? They could
> just block packet coming from our clones...

Sure they could. And a real lot of clients are recognizable. If they intend
to block clients, then clients would adapt and simply remove it.

> But even if i guess it isn't a totaly safe, i guess sometimes it's necessary
> if you want to provide a new service [ex : encrypted messages.]

For example, yes.

> Here come my second question, which is :  Does this community has already
> decided of a standardization to perform clone recognizion ?

_Most_ clients set the first timestamp to 0xffffffxx with xx being client specific,
and the next timestamp to 0xppqqrrss with p.q.r.s being the client's
version. There is no agreement on how to form a new capability.

If you want to get the best currently possibly client detection:
If you copy it verbatim like the sim "developer" did, I'll get pretty pissed.

Yours, Rüdiger (mICQ author).

         100 DM =  51  € 13 ¢.
         100  € = 195 DM 58 pf.
  mailto:ruediger at ruediger-kuhlmann.de

More information about the icq-devel mailing list