[icq-devel] Re: ICQ 2003 password decryption



Remy Lebeau gambit47 at yahoo.com
Mon Jun 9 21:08:24 CEST 2003


--- "allicq.com administration" <admin at allicq.com>
wrote:

> you don't believe me? :)
> try to change here
>
HKEY_CURRENT_USER\Software\Mirabilis\ICQ\NewOwners\uin_number\
> the
> significance of MainLocaion paremeter into another
> one and after that try to
> connect it UIN (uin_number) through ICQ.
> what you'll see? the window "please enter your
> password".

That doesn't necessarily mean that the "MainLocation"
value holds the actual password itself.  It could just
hold some flags that tell the ICQ client that a
password is used in general and that it is stored
locally somewhere.

I have my ICQ set to always prompt for a password, so
changing that value has no effect on my setup, it
still works the same as it did before.

However, noting that, I did try changing the value and
then did a login.  The value was saved again, and this
time, only the last 8 bytes of the value where the
same as they were before.  My password happens to be 8
characters long, but that could be just a coincidence.
 I tried applying the password encryption algorithm
from the ICQ protocol to my password to see if the
value in the Registry matched, and it did not match,
not even close.


Gambit


__________________________________
Do you Yahoo!?
Yahoo! Calendar - Free online calendar with sync to Outlook(TM).
http://calendar.yahoo.com



More information about the icq-devel mailing list