doing some ICQ research and I found that LICQ's homepage is still online, with zero hint that it hasn't been updated in 11 years:
-
replied to Foone🏳️⚧️ last edited by
@foone Well if you are going down a rabbit hole, why not see how far down it goes.. ?
-
replied to Eric Gustafson ☑️ last edited by
@ericgus I'm already going down too many of those!
-
replied to Foone🏳️⚧️ last edited by
oh I can write lua (eww, for low level binary stuff?) dissectors. that'll make this slightly easier
-
replied to Foone🏳️⚧️ last edited by
I'm gonna write python code to decode a packet from these docs and then I'll convert that to lua. writing it in lua the first time will be too painful, when I don't fully understand how this nonsense works
-
replied to Foone🏳️⚧️ last edited by
@foone If it helps for reference, I once wrote a Wireshark lua dissector for 2ping, a low-level UDP binary protocol. Though as a warning, I haven't looked at it in about a decade, so it may not even work anymore.
https://github.com/rfinnie/2ping/tree/main/wireshark -
replied to Foone🏳️⚧️ last edited by
@[email protected] @[email protected] is it strictly a proprietary archival protocol or is there a daemon available for it?
-
replied to :flagSapphic: :PluralPrideButterfly: :dfire: last edited by
-
replied to Ryan Finnie last edited by
@foo thanks!
-
replied to Foone🏳️⚧️ last edited by
how is this decryption supposed to work if it starts at offset 10 and then does it in 4-byte chunks but the packet is 28 bytes long?
-
replied to Foone🏳️⚧️ last edited by
maybe I just need to pad all packets and they forgot to mention that
-
replied to Foone🏳️⚧️ last edited by
wait! Wireshark DOES support ICQ, it just didn't detect it in this case. Awesome
-
replied to Foone🏳️⚧️ last edited by
@foone "For Admin Use"
-
replied to Foone🏳️⚧️ last edited by
okay, my client is just sending the command CMD_NEW_USER_1 over and over, which is a "ask for permission to make a new user" command. I don't know what the reply is supposed to be
-
replied to Foone🏳️⚧️ last edited by
my code doesn't work yet, but I did find where it's implemented in wireshark, and there's some Suspicious offset checks:
https://github.com/giuliano108/wireshark-rtpmon/blob/master/epan/dissectors/packet-icq.c#L428
-
replied to Foone🏳️⚧️ last edited by
I started to open up ICQ in Ghidra to see if I could find any info there, but there are 38 DLLs/EXEs here. HOW MUCH CODE DO YOU NEED, MAN?
-
replied to Foone🏳️⚧️ last edited by
I missed the 11 that it dropped in C:\Windows\SysWOW64
-
replied to Foone🏳️⚧️ last edited by
that's 49 executables, not counting the OCX
-
replied to Foone🏳️⚧️ last edited by
not sure why it dropped a 16-bit DLL as well
-
replied to Foone🏳️⚧️ last edited by
@foone so it works with Trumpet Winsock (may or may not be a shitpost)
