
From mds1281@ritvax.isc.rit.edu Mon May  4 14:23:30 1998
Date: Tue, 28 Apr 1998 07:25:13 +0000
From: Matt Smith <mds1281@ritvax.isc.rit.edu>
Reply-To: icq-devel@tjsgroup.com
To: icq-devel@tjsgroup.com
Subject: [ICQdev] V4 more info on the encryption

I've already posted some info on V4 encryption but just found out some
more stuff so here goes.

It looks like version 4 packets udp have the following structure.

ver  04 00       version
X1   xx xx       unknown random
key1 xx xx xx xx see below
key2 xx xx xx xx ditto
uin  xx xx xx xx encyrpted (sometimes) uin
X2   xx xx xx xx unknown random

key1 and key2 are xored together and the high word is the command and
the low word appears to be the SEQ number.  This only works sometimes
but it seems to usually be right unless key2 is obviously not an actual
key something like 00 02 00 02 or even 00 00 00 00.  Some of the
commands are the same as older versions login and send text code at
least.  It also seems that much of the same structure is used but is
prepended with random junk which may be keys signatures crc SEQ or
something else.  Probably not seq since it's in the 2 keys.
X1 xored with the high word of key1 seems not to be completely random
but I have yet to determine weather or not it's important or my
imagination.  The server and the client seem to pass large blocks of
encrypted data back and forth and I'm not sure what that's for since the
encryption seems fairly simple they're not public keys or anything like
that.
Obviously more investigation is needed.

-- Matt
          =====================================================
          The "unoffical, not-sponsored-by-Mirabilis-one-bit"
          ICQ Clone Development List
