doing some ICQ research and I found that LICQ's homepage is still online, with zero hint that it hasn't been updated in 11 years:
-
replied to Foone🏳️⚧️ last edited by
I'm gonna write python code to decode a packet from these docs and then I'll convert that to lua. writing it in lua the first time will be too painful, when I don't fully understand how this nonsense works
-
replied to Foone🏳️⚧️ last edited by
@foone If it helps for reference, I once wrote a Wireshark lua dissector for 2ping, a low-level UDP binary protocol. Though as a warning, I haven't looked at it in about a decade, so it may not even work anymore.
https://github.com/rfinnie/2ping/tree/main/wireshark -
replied to Foone🏳️⚧️ last edited by
@[email protected] @[email protected] is it strictly a proprietary archival protocol or is there a daemon available for it?
-
replied to :flagSapphic: :PluralPrideButterfly: :dfire: last edited by
-
replied to Ryan Finnie last edited by
@foo thanks!
-
replied to Foone🏳️⚧️ last edited by
how is this decryption supposed to work if it starts at offset 10 and then does it in 4-byte chunks but the packet is 28 bytes long?
-
replied to Foone🏳️⚧️ last edited by
maybe I just need to pad all packets and they forgot to mention that
-
replied to Foone🏳️⚧️ last edited by
wait! Wireshark DOES support ICQ, it just didn't detect it in this case. Awesome
-
replied to Foone🏳️⚧️ last edited by
@foone "For Admin Use"
-
replied to Foone🏳️⚧️ last edited by
okay, my client is just sending the command CMD_NEW_USER_1 over and over, which is a "ask for permission to make a new user" command. I don't know what the reply is supposed to be
-
replied to Foone🏳️⚧️ last edited by
my code doesn't work yet, but I did find where it's implemented in wireshark, and there's some Suspicious offset checks:
wireshark-rtpmon/epan/dissectors/packet-icq.c at master · giuliano108/wireshark-rtpmon
Unofficial wireshark mirror. With couchbase protocol dissector - wireshark-rtpmon/epan/dissectors/packet-icq.c at master · giuliano108/wireshark-rtpmon
GitHub (github.com)
-
replied to Foone🏳️⚧️ last edited by
I started to open up ICQ in Ghidra to see if I could find any info there, but there are 38 DLLs/EXEs here. HOW MUCH CODE DO YOU NEED, MAN?
-
replied to Foone🏳️⚧️ last edited by
I missed the 11 that it dropped in C:\Windows\SysWOW64
-
replied to Foone🏳️⚧️ last edited by
that's 49 executables, not counting the OCX
-
replied to Foone🏳️⚧️ last edited by
not sure why it dropped a 16-bit DLL as well
-
replied to Foone🏳️⚧️ last edited by
@foone so it works with Trumpet Winsock (may or may not be a shitpost)
-
replied to Joel Michael last edited by
@jpm I don't think the rest of the software would work with win 3.1, though. Maybe an older version did, and they just forgot to remove the DLL?
-
replied to Foone🏳️⚧️ last edited by
icqsock.dll has a lot of interesting functions, so I'm looking at that one first
-
replied to Foone🏳️⚧️ last edited by
@foone "I was going to call it System64, but in the middle of naming it I just thought, 'WOW! Nature is beautiful!'"
