# [icq-devel] Encryption of direct-connection message on ICQ2003

Chen Kidheart kidheartchen at msn.com
Wed Jan 12 08:01:32 CET 2005

Excuse me!

I have some questions about direct connections of ICQ PRO 2003b client.

( Product of ICQ (TM).2003 b.5.56.1.3916.85 )

There is a DC message packet below:

0000005D  02 a5 53 97 b7 a8 84 e0  0a aa 7c ee 0a 4d 83 ee ..S.....
..|..M..
0000006D  0a 58 83 ee 0a 5c 83 f4  0a 05 83 cf 0a 47 83 ee .X...\..
.....G..
0000007D  26 57 3d 85 79 56 8c 2c  1a 18 25 30 47 e0 60 b8 &W=.yV.,
..%0G..
0000008D  41 40 83 ee 0d 57 83 ee  47 2b f0 9d 6b 21 e6 ee A at ...W..
G+..k!..
0000009D  0a 52 83 ee 0b 49 83 ee  0a 48 83 ee 0a 05 b4 ef .R...I..
.H......
000000AD  0a 59 82 ef 0a 2e f8 b2  78 27 e5 df 56 35 ed 9d .Y......
x'..V5..
000000BD  63 59 e2 80 79 69 63 70  67 39 35 30 5c 64 65 66 cY..yicp
g950\def
000000CD  66 30 5c 64 65 66 6c 61  6e 67 31 30 33 33 5c 64 f0\defla
ng1033\d
000000DD  65 66 6c 61 6e 67 66 65  31 30 32 38 7b 5c 66 6f eflangfe
1028{\fo
000000ED  6e 74 74 62 6c 7b 5c 66  30 5c 66 73 77 69 73 73 nttbl{\f
0\fswiss
000000FD  5c 66 63 68 61 72 73 65  74 30 20 41 72 69 61 6c \fcharse t0
Arial
0000010D  3b 7d 7b 5c 66 31 5c 66  6e 69 6c 5c 66 63 68 61 ;}{\f1\f
nil\fcha
0000011D  72 73 65 74 31 33 36 20  5c 27 62 37 5c 27 37 33 rset136
\'b7\'73
0000012D  5c 27 62 32 5c 27 64 33  5c 27 61 39 5c 27 66 61 \'b2\'d3
\'a9\'fa
0000013D  5c 27 63 35 5c 27 65 39  3b 7d 7d 0d 0a 7b 5c 63 \'c5\'e9
;}}..{\c
0000014D  6f 6c 6f 72 74 62 6c 20  3b 5c 72 65 64 32 31 5c olortbl
;\red21\
0000015D  67 72 65 65 6e 34 33 5c  62 6c 75 65 37 37 3b 7d green43\
blue77;}
0000016D  0d 0a 5c 76 69 65 77 6b  69 6e 64 34 5c 75 63 31 ..\viewk
ind4\uc1
0000017D  5c 70 61 72 64 5c 63 66  31 5c 6c 61 6e 67 31 30 \pard\cf
1\lang10
0000018D  32 38 5c 66 30 5c 66 73  32 32 20 54 65 73 74 20 28\f0\fs 22 Test

0000019D  4d 65 73 73 61 67 65 20  23 32 5c 66 31 5c 70 61 Message
#2\f1\pa
000001AD  72 0d 0a 7d 0d 0a 00 00  00 00 00 ff ff ff 00 26 r..}....
.......&
000001BD  00 00 00 7b 39 37 42 31  32 37 35 31 2d 32 34 33 ...{97B1
2751-243
000001CD  43 2d 34 33 33 34 2d 41  44 32 32 2d 44 36 41 42 C-4334-A
D22-D6AB
000001DD  46 37 33 46 31 34 39 32  7d                      F73F1492 }

In this packet, the encrypted section from 0x02 to 0x79 before the RTF
message :

0000005D  02 a5 53 97 b7 a8 84 e0  0a aa 7c ee 0a 4d 83 ee ..S.....
..|..M..
0000006D  0a 58 83 ee 0a 5c 83 f4  0a 05 83 cf 0a 47 83 ee .X...\..
.....G..
0000007D  26 57 3d 85 79 56 8c 2c  1a 18 25 30 47 e0 60 b8 &W=.yV.,
..%0G..
0000008D  41 40 83 ee 0d 57 83 ee  47 2b f0 9d 6b 21 e6 ee A at ...W..
G+..k!..
0000009D  0a 52 83 ee 0b 49 83 ee  0a 48 83 ee 0a 05 b4 ef .R...I..
.H......
000000AD  0a 59 82 ef 0a 2e f8 b2  78 27 e5 df 56 35 ed 9d .Y......
x'..V5..
000000BD  63 59 e2 80 79                                   cY..y

How do I analyze/decrypt this section ?

I only know this kind of DC message packets always start with byte 0x02 on
ICQ PRO 2003 client.

Can i get the UIN/ICQ# from the encrypted section ? or get any concrete
information ?

Is this encrypted section just provided for the receiver to check that the
sender is legal or not ?

Thx in advance. Have a nice day!

-Chun Hang Chen

_________________________________________________________________
MSN Messenger 7.0 ·mÂAª©¼ö¯P¤U¸ü¤¤¡G§O¿ù¹L¶W»Åªº°Êµe§Ö»¼
http://messenger.msn.com.tw/beta