Ниже приведено неофициальное описание 7-го протокола ICQ, к сожалению, пока только на английском.
Список ключей и параметров:
affil.txt
- Список Affiliations (Категории)
ages.txt - Возраст. Ключи для поиска по White
Pages.
coun.txt - Страны. Коды стран для User
details
gmt.txt - Время относительно GMT пользователя.
Для User Details.
inter.txt - Интересы пользователя.
lang.txt - Ключи к языкам.
occup.txt - Ключи профессий пользователя.
Occupations.
pasts.txt - User Pasts.
sex.txt - Пол пользователя. 2 ключа.
Сам
7-ой протокол ICQ:
ICQv7
(personal) protocol notes THESE
ARE ONLY _PERSONAL_ NOTES some notes: *
msg-flags is a BYTE: * status
codes is a double word: WORD flags + WORD status * accept-status
codes * priority
codes * direct-connection-info * wp-short-request-info * wp-full-request-info * wp-result-info * main-home-info * work-info * homepage-more-info * work-info * more-email-info * personal-interests-in * past-background-info * capability
is a 4 DWORD number * capability-info
is a succession of capabilities
server
sends (1) <- in parenthesis lies the FLAP channel (SNACs use always
channel 2) 4 BYTE 00 00 00 01
client
sends (1) server
sends (4) close
connection
server
sends (1) client
sends (1)
> client
sends // hey, i'm an icq client, not aim server
sends // got it, ack to 1,17 client
sends // request rate server
sends // response to 1,06 client
sends // ack to 1,07 client
sends // Requests personal information. client
sends // Request rights information for location service client
sends // Request rights information for buddy list client
sends // Requests rights for ICBM (Instant Message)
operations. client
sends // Requests BOS rights server
sends // response to 1,0E server
sends //response to 2,02 server
sends //response to 3,02 server
sends // response to 4,04 server
sends // response to 9,02 client
sends // Add ICBM parameter client
sends // set user info client
sends // add to contact list client
sends // remove from contact list client
sends // add to visible list client
sends // remove from visible list client
sends // add to invisible list client
sends // remove from invisible list client
sends // add to a sort of visible list client
sends // remove from a sort of visible list client
sends // set status code client
sends // unknown (usually after set status code) client
sends //client ready client
sends //many purposes server
sends // Message of the day server
sends // many purposes server
sends // ONcoming user server
sends // OFFgoing user server
sends // server ack to type-2 messages client
sends // send message client
or server sends // ack to type-2 message (answer to
auto-msg-req too) server
sends // warning: you're sending too fast client
sends // add to ignore list (it seems to have no effects) server
sends (4) server
sends server
sends client
sends // add to visible lsit client
sends // remove from visible list server
sends // ack to 13,0A ----A
(hopely) CORRECT LOGIN SEQUENCE ---RECEIVE
A FILE TRANSFER REQUEST VIA SERVER after
file-req a SNAC 4,07 (file-abort) could happen
---NEW
UIN REGISTRATION client
sends (1) client
sends server
sends ---PEOPLE
WHO CONTRIBUTED TO THIS DOC (i decide the order, that is, random) Протокол
в текстовом файле: ICQv7proto.txt
by Massimo Melina,rejetto@libero.it
www.rejetto.com/icq
last update Nov 02, 2001
USE IT AT YOUR OWN RISK
if you want to tell me about additional info or wrong info in this file,
contact me
important note:
* this doc is very bad written for several reasons i won't list here.
* i don't earn money from this, i'm a student, i'm only having some
fun.
* a list of people who contributed to this doc is at bottom
* you won't understand too much in here if you don't read AIM protocol
docs at www.icqv7.cjb.net
* unk = unknown
* communication is over FLAP protocol (find info about it in AIM protocol
docs)
* where specified, communication is over SNAC protocol, over FLAP (AIM
proto docs too)
* password is xored with these bytes: F3,26,81,C4,39,86,DB,92,71,A3,B9,E6,53,7A,95,7C
* LE stands for little-endian
* BE stands for big-endian
* BYTE is a 8 bit integer
* WORD is a 2-byte integer (BE)
* DWORD is a 4-byte integer (BE)
* TIME_T is a DWORD, unix time format
* IPADDR is a quadruple of bytes A,B,C,D where in dotted form is A.B.C.D
* COLOR is a quadruple of bytes: R,G,B,N where N is not used (you should
set it zero)
* STRING is a succession of (ascii) characters without length-leading
or null-char-ending
* UIN is a 4-byte integer (LE) that codifies the uin number
* B-UIN is a BYTE preceded STRING: the byte indicates the length of
the string and the string report an uin number
* UINLIST is a raw succession of B-UINs
* NTS is a Null Termined String
* LNTS is a word (LE) preceeded NTS: the word indicates the length of
the NTS string (null char included)
* DLS is a dword (LE) preceeded string
* msg-subtype is a BYTE:
CODE
FORMAT
MEANING
01
plain
msg
02
?
chat
03
?
file
04
url-msg
url
06
user-msg
authorization
request
07
plain
authorization
denied
08
empty
authorization
given
0C
user-msg
user
added you
0E
email-msg
emailExpress
13
contacts-msg
contacts
1A
empty
contacts-req
E?
plain
auto-msg-req
(E8 away, E9 occupied, EA na, EB dnd, EC f4c)
00 = normal
80 = multiple
03 = special (used for auto-msg-req)
* error-code is a WORD:
00 00 no error
00 01 bad uin
00 05 bad password
00 18 rate exceeded
00 1D (probably) you're trying to reconnect too fast, wait a second
and retry
* user-msg is a LNTS: nick FE first FE last FE email FE unk-char FE
msg
* url-msg is a LNTS: msg FE url
* contacts-msg is a LNTS: contacts# FE uin FE nick FE uin FE nick FE...
* email-msg is a LNTS: name FE FE FE email FE unk-char FE body
* gmt offset is a signed byte, specifies negative half hours from GMT
0 (e.g. -3 = GMT+1:30)
WORD flags
2000 direct connection only for contact list
1000 direct connection by request
0002 show ip? (licq uses it on invisible state)
0001 webaware
WORD status (sometime i saw bit 3 set, or bit 9 in invisible state)
0000 online
0020 free4chat
0001 away
0004 n/a
0005 n/a
0010 occupied
0011 occupied
0013 dnd
0100 invisible
0 normally accepted (use this replying to auto-msg-req)
9 not accepted, occupied
A not accepted, dnd
4 accepted but away
E accepted but NA
C accepted to contact list (no blink in tray)
00 00 = file-reply
01 00 = normal
02 00 = send urgent
04 00 = send to contact list (don't blink in tray)
IPADDR my ip address, often second NIC ip, leave 0 for no direct-connection
DWORD port where listening for connections, leave 0 for no direct-connection
BYTE 04
WORD protocol version (licq 0006, icq2000 0007, icq2001 0008)
4 BYTE unk
8 BYTE 00 00 00 50 00 00 00 03
TIME_T unk, usually a recent time
TIME_T unk, usually a recent time
TIME_T unk, usually a recent time
WORD 0
LNTS first
LNTS last
LNTS nick
wp-short-request-info
LNTS email
WORD (LE) minimum age, 0 if disabled
WORD (LE) maximum age, 0 if disabled
BYTE sex (0=disabled, other=see table)
BYTE language (0=disabled, other=see table)
LNTS city
LNTS state
WORD country (0=disabled, other=see table)
LNTS company-name
LNTS department
LNTS position
BYTE occupation field (0=disabled)
WORD past information category (0=disabled, other=see table)
LNTS desc
WORD interests-category (0=disabled, other=see table)
LNTS interests-specific (comma separated)
WORD affiliation/organization (0=disabled, other=see table)
LNTS desc
WORD homepage category
LNTS desc
BYTE only-online-users, (0=off, 1=on)
WORD length of this record (you can't rely on fields if record is shorter)
UIN his uin
LNTS nick
LNTS first
LNTS last
LNTS email
BYTE auth (0=required, 1=always)
BYTE status (00 offline, 01 online, 02 not webaware)
BYTE unknown, usually 0
BYTE sex
BYTE age
9 BYTE unk, 0
LNTS nick
LNTS first
LNTS last
LNTS email
LNTS city
LNTS state
LNTS phone
LNTS fax
LNTS street
LNTS cellular (if SMS-able string contains an ending ' SMS')
LNTS zip
WORD country (LE)
BYTE gmt
BYTE unknown, usually 0
LNTS city
LNTS state
DWORD 0
LNTS street
LNTS zip
WORD country (LE)
LNTS company-name
LNTS company-dept
LNTS company-position
WORD 0 (LE?)
LNTS company-web
BYTE age
BYTE 0
BYTE sex
LNTS homepage
WORD birth-year (LE)
BYTE birth-month
BYTE birth-day
BYTE lang1
BYTE lang2
BYTE lang3
LNTS city
LNTS state
LNTS unk
LNTS unk
LNTS street address
LNTS zip code
WORD unk, 2700
LNTS company name
LNTS unk
LNTS position
WORD unk, 0500
LNTS unk
BYTE number (of addresses)
for number times
BYTE unknown, usually 00
LNTS address
BYTE # of categories to follow
for # times
WORD category (6800 => Computers, 7100 => Music)
LNTS specific
012F01 university
LNTS specific
00616E
4 capabilities are known
1) 09461349 4C7F11D1 82224445 53540000
2) 09461344 4C7F11D1 82224445 53540000
3) 97B12751 243C4334 AD22D6AB F73F1492 // sent by
icq2001
4) 2E7A6475 FADF4DC8 886FEA35 95FDB6DF // sent by
icq2001
note: icq2000b sends 1) and 2), licq sends only 2)
*******************************
------LOGIN SESSION-----------
*******************************
connection
to login server
4 BYTE 00 00 00 01
TLV(1) STRING my uin
TLV(2) STRING encrypted password
TLV(3) STRING client profile, example "ICQ Inc. - Product of ICQ (TM).2000b.4.63.1.3279.85"
TLV(16) WORD unk, usually 01 0A
TLV(17) WORD major version, 4 for icq2000, 5 for icq2001
TLV(18) WORD minor version
TLV(19) WORD lesser version
TLV(1A) WORD build version
TLV(14) DWORD dunno version
TLV(0F) STRING language, 2 chars, usually "en"
TLV(0E) STRING country, 2 chars, usually "us"
TLV(1) STRING my uin
if all goes right
TLV(5) STRING BOS-address:port
TLV(6) STRING cookie
else TLV(8) error-code
TLV(4) STRING url // not always present TLV(C) WORD
unknown
-----SERVICE SESSION---------
connection
to service server specified in TLV(5)
4 BYTE 00 00 00 01
4 BYTE 00 00 00 01
TLV(6) STRING cookie
------SNAC COMMANDS------------
server
sends // Server is ready
SNAC 1,03
24 BYTE 00 01 00 02 00 03 00 04 00 06 00 08 00 09 00 0A 00 0B 00 0C 00
13 00 15 <
SNAC 1,17
32 BYTE 00 01 00 03 00 13 00 02 00 02 00 01 00 03 00 01 00 15 00 01
00 04 00 01 00 06 00 01 00 09 00 01 00 0A 00 01 00 0B 00 01
SNAC 1,18
48 BYTE 00 01 00 03 00 02 00 01 00 03 00 01 00 04 00 01 00 06 00 01
00 08 00 01
00 09 00 01 00 0A 00 01 00 0B 00 01 00 0C 00 01 00 13 00 02 00 15 00
01
SNAC 1,06
empty
SNAC 1,07
181 BYTE unknown
WORD # of known messagges (N)
N DWORD known messages, a known message is a words pair: FAMILY/SUBTYPE
17 DWORD unknown, they seems messagge IDs too
SNAC 1,08
10 BYTE 00 01 00 02 00 03 00 04 00 05
SNAC 1,0E
empty
SNAC 2,02
empty
SNAC 3,02
empty
SNAC 4,04
empty
SNAC 9,02
empty
SNAC 1,0F
if bit15 set in flag
8 BYTE 00 06 00 01 00 02 00 03
BUIN my uin
WORD warning level
WORD user class?
TLV(1) WORD class2, usually 00 00 or 00 50
TLV(C) direct-connection-info, usually 0s
TLV(A) IPADDR my ip address
TLV(4) WORD idle time, usually 00 00
TLV(6) DWORD status code
TLV(F) DWORD unknown, it seems to be an incrementing value
TLV(2) TIME_T member since
TLV(3) TIME_T online since
SNAC 2,03
TLV(1) 04 00
TLV(2) 00 10
TLV(3) 00 0A
SNAC 3,03
TLV(1) 02 58
TLV(2) 02 EE
TLV(3) 02 00
SNAC 4,05
16 BYTE unknown, 00 02 00 00 00 03 02 00 03 E7 03 E7 00 00 03 E8
SNAC 9,03
TLV(2) 00 A0
TLV(1) 00 A0
SNAC 4,02
16 BYTE 00 00 00 00 00 03 1F 40 03 E7 03 E7 00 00 00 00
SNAC 2,04
TLV(5) capability-info
SNAC 3,04
UIN-LIST
SNAC 3,05
UIN-LIST
SNAC 9,05
UIN-LIST
SNAC 9,06
UIN-LIST
SNAC 9,07
UIN-LIST
SNAC 9,08
UIN-LIST
SNAC 9,0A
UIN-LIST
SNAC 9,0B
UIN-LIST
SNAC 1,1E
TLV(6) status-code
TLV(8) error-code
TLV(C) direct-connection-info
TLV(11) variable length, sent changing user info
here some cases (they seems to be groups of 5 bytes)
15 BYTE: 01 0A 19 0B 3B 01 2E 19 0B 3B 01 5E 19 0B 3B
5 BYTE: 01 18 E5 CC 3B
TLV(12) WORD unknown, sent changing user info, usually 0
SNAC 1,11
DWORD 00 00 00 00
SNAC 1,02
64 BYTE unknown, usually 00 01 00 03 01 10 02 8A 00 02 00 01 01 01 02
8A 00 03 00 01
01 10 02 8A 00 15 00 01 01 10 02 8A 00 04 00 01 01 10 02 8A
00 06 00 01 01 10 02 8A 00 09 00 01 01 10 02 8A 00 0A 00 01
01 10 02 8A
SNAC 15,02
TLV(1)
WORD (LE) bytes remaining, useless
UIN my uin
WORD type
WORD req-id
type=3C00 //ask for offlines messages
nothing
type=3E00 //ack to offline messages
nothing
type=D007
WORD subtype
subtype=9808 xml-stype in an LNTS
LNTS '<key>' name of required data '</key>'
subtype=1F05 //simple query info
UIN user to request info
subtype=6905 //simple query info extended (used by
icq2001)
DWORD unk, 36 01 04 00
UIN user to request info
subtype=B204 //query info about user
UIN user to request info
subtype=D004 //query my info
UIN my uin
subtype=1505 //wp-short-request
wp-short-request-info
subtype=3305 //wp-full-request
wp-full-request-info
subtype=EA03 //modify user info (main/home)
main-home-info
subtype=FD03 //modify user info (homepage/more)
homepage-more-info
subtype=0604 // modify user info (about)
LNTS about
subtype=F303 //modify user info (work)
work-info
subtype=2E04 // change password
LNTS new password
subtype=C404 // remove user (warning!)
UIN uin to remove
LNTS password
subtype=2404 // set permissions?
BYTE authorization, 00 = required, 01 = not required
BYTE webaware, 00 = off, 01 = on
2 BYTE unknown, 01 00
subtype=D70A // unknown (icq2001)
SNAC 1,13
if bit15 set in flag
8 BYTE 00 06 00 01 00 02 00 03
WORD unknown, usually 0004
TLV(B) STRING message of the day, usually 'http://www.aol.com'
SNAC 15,03 flag:000x TLV(1) used for a lot of things
WORD (LE) bytes remaining, useless
UIN my uin
WORD message-type
WORD req-id
message-type = 4100 // offline message
UIN his uin
WORD year (LE)
BYTE month (1=jan)
BYTE day
BYTE hour (GMT time)
BYTE minutes
BYTE msg-subtype
BYTE msg-flags
LNTS msg
WORD 0000, present only in single messages
message-type = 4200 // end of offline messages
BYTE unknown, usually 0
message-type = D007
2 BYTE unknown, usually 98 08
WORD length of the following NTS
NTS "<key>"field-type"</key>"
field-type = DataFilesIP
6 BYTE unk, usually 2A 02 44 25 00 31
message-type = DA07
3 BYTE subtype
subtype=A2080A // where to get ads stuff
LNTS ip address (a web server), usually '<value>205.188.250.25</value>'
that is cb.icq.com
subtype=A40132 or AE0132 // empty whitepages result
empty
subtype=A4010A // wp-full-request result
wp-result-info
subtype=AE010A // wp-full-request result (the last)
wp-result-info
DWORD lasting results (LE)
subtype=90010A // wp-short-request result
wp-result-info
subtype=9A010A // wp-short-request result (the last)
wp-result-info
DWORD lasting results (LE)
subtype=C8000A // query result
main-home-info
WORD unknown
subtype=D2000A // query result
work-info
subtype=E6000A // query result
LNTS about
subtype=F0000A // query result
personal-interests-info
subtype=FA000A // query result
past-background-info
subtype=FA0014 // query result: users does not exist
s empty
subtype=EB000A // query result
more-email-info
subtype=DC000A // query result
homepage-more-info
WORD unknown
subtype=0E010A // query: additional info
WORD unknown, 0000
subtype=64000A // ack to modify info (main/home)
empty
subtype=78000A // ack to modify info (homepage/more)
empty
subtype=82000A // ack to modify info (about)
empty
subtype=6E000A // ack to modify info (work)
empty
subtype=B4000A // ack to remove user
empty
subtype=AA000A // ack to change password
empty
subtype=A0000A // ack to 2404
empty
subtype=1D030A // ack to D70A
empty
SNAC 3,0B
B-UIN
WORD 0
WORD # of following TLVs
TLV(1) 00 50
TLV(C) direct-connection-info
TLV(A) IPADDR
TLV(4) WORD 0
TLV(6) status
TLV(D) capability-info
TLV(F) DWORD it seems a time in seconds
TLV(2) TIME_T member since
TLV(3) TIME_T online since
SNAC 3,0C
B-UIN
4 BYTE 00 00 00 01
TLV(1) 00 00
server sends // incoming message
SNAC 4,07
8 BYTE ??B, a sort of ID (it seems to be based on timestamp)
WORD msg-format
B-UIN sender's uin
WORD warning level? garbage of OSCAR protocol
WORD 5 or 6, maybe it counts the following TLVs before the format-dipendent
datas
TLV(1) WORD 00 50
TLV(4) WORD 0 (not present in file-req and auto-msg-req)
TLV(6) sender's status
TLV(F) DWORD it seems a time in seconds
TLV(2) TIME_T member since
TLV(3) TIME_T online since
if msg-format = 1 // message
TLV(2)
7 BYTE 05 01 00 01 01 01 01
WORD msg length + 4
4 BYTE 0
STRING message
if msg-format = 4 // url or contacts or auth-req or
userAddedYou
TLV(5)
UIN sender's uin
BYTE msg-subtype
BYTE msg-flags
LNTS msg
if text-msg
COLOR foreground
COLOR background
if msg-format = 2 // advanced message
TLV(5)
WORD ??A, 00 02 for file-ack, else 00 00
8 BYTE same as ??B
16 BYTE capability1
if ??A=0000
TLV(A) 00 02 on file-reply, 00 01 else
TLV(5) WORD, listening port (BE) (present on FT)
TLV(3) IPADDR, internal ip (present on FT and file-reply)
TLV(F) empty
TLV(2711)
WORD 1B 00
BYTE ??E (08 in auto-msg-req, else 07)
19 BYTE unk, 0
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
3 BYTE unk, 03 00 00
if auto-msg-req
BYTE 00
BYTE unk, 00 or 04 (00 in auto-msg-req)
WORD ??D, seems to be a downcounter starting from FFFF
2 BYTE 0E 00
WORD same as ??D
12 BYTE 0
BYTE msg-subtype
BYTE msg-flags
WORD unk, 00 00 or 01 00 or 02 00 (0000 in file-reply, auto-msg-req)
WORD priority
LNTS msg
if file-req
4 BYTE 9F CD D3 11
LNTS filename
DWORD filesize (LE)
4 BYTE 00 FD 81 01
if file-reply
WORD ??C
2 BYTE 0
LNTS ''
DWORD unk
WORD same as ??C but inverted endian
2 BYTE 0
if auto-msg-req
empt
if text-msg
COLOR foreground
COLOR background
TLV(4) IPADDR, external ip (BE) (present on file-req, file-ok)
SNAC 4,0C
10 BYTE equals to first 10 BYTE of message
BUIN equals to message' uin
SNAC 4,06
8 BYTED ??B, a sort of ID (it seems to be based on timestamp, ACKs should
use same ID)
WORD message-format
B-UIN recipient
msg-format=1 // simple message
TLV(2)
7 BYTE 05 01 00 01 01 01 01
WORD msg length + 4
4 BYTE 0
STRING msg
TLV(6)
empty
msg-format=2 // advanced message (only for ICQv7+
clients)
TLV(5)
WORD ??A (00 01 on abort request, else 00 00)
8 BYTE same as ??B
16 BYTE capability1
if ??A = 00 00
TLV(A) 00 01 (maybe 00 02 for file-ack)
TLV(B) 00 01 (present on abort requests)
TLV(5) WORD, listening port (BE) (present on file-req)
TLV(3) IPADDR, internal ip (present on file-req)
TLV(F) empty
TLV(2711)
26 BYTE ??E, 1B 00 07 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 03 00 00 00
BYTE unk, 00 or 04 (00 on auto-msg-req)
WORD ??D, seems to be a downcounter starting from FFFF
WORD 0E 00 (it could be a LE counter of following bytes: 0E = 2+12)
WORD same as ??D
12 BYTE 0
BYTE msg-subtype
BYTE msg-flags
WORD unk, 00 00 or 01 00 or 02 00 (0000 in file-reply, 0100 in auto-msg-req)
WORD priority
LNTS msg
if subtype=FT
WORD unk, can be 0
WORD ??C, can be 0
LNTS filename (empty on file-reply)
DWORD filesize (LE) (zero on file-reply)
WORD unk, can be 0
WORD same or similar to ??C
if subtype=chat
BYTE 01
10 BYTE 0
if subtype=msg
COLOR foreground
COLOR background
if subtype=auto-msg-req
empty
TLV(3) empty // ack request?
msg-format=4 // url or contacts or auth-reply or multi-send
TLV(5)
UIN my uin
BYTE msg-subtype
BYTE msg-flags
LNTS msg
if contacts-req
2 BYTE 39 00, it seems to be the number of the following bytes
18 BYTE unk, 2A 0E 7D 46 76 76 D4 11 BC E6 00 04 AC 96 1E A6 02 00
DTS Request For Contacts
15 BYTE 00 00 00 00 00 01 00 00 00 00 00 00 00 00 00
2 BYTE 11 00, it seems to be the number of the following bytes
2 BYTE 0
DTS request message
TLV(6) empty // ack request?
SNAC 4,0B flags:0000
10 BYTE equals to first 10 BYTE of message
BUIN equals to message' uin
2 BYTE 00 03
47 BYTE from offset 40 (??E) to 86 of TLV(5)
BYTE accept-status
3 BYTE 0
LNTS message
if not auto-msg
4 BYTE 0
if msg
4 BYTE FF FF FF FF
if file-deny
11 BYTE unk, 01 00 00 xx xx 00 00 xx xx 00 00
SNAC 1,0A flags:0000
WORD unk, usually 1, 2 or 3
24 BYTE 00 01 00 00 00 50 00 00 09 C4 00 00 07 D0 00 00 05 DC 00 00
03 20 00 00
WORD unk, maybe indicates the available buffer in the server and it's
always under 2000dec under 5DC (1500dec), the first word is 3 over it's
2
9 BYTE 00 00 17 70 00 00 00 00 01
SNAC 3,05
UIN-LIST
TLV(9) WORD disconnect reason
00 01 = another client is loggin with this uin
TLV(B) STRING comment?
for reason 00 01, "http://www.aim.aol.com/errors/USER_LOGGED_OFF_NEW_LOGIN.html"
SNAC 4,01 flags:0000
WORD error-code
000E invalid packet?
SNAC 17,03 flags:0000
TLV(4) STRING message of the day, usually "http://www.aol.com"
TLV(8) error-code
TLV(C) 00 01
SNAC 13,08 flags:0000
BYTE 00
BUIN an uin
8 BYTE 00 00 2B 63 00 02 00 00 // maybe last dword is my status
SNAC 13,0A flags:0000
BYTE 00
BUIN an uin
8 BYTE 00 00 22 64 00 02 00 00
SNAC 13,0E flags:8000
10 BYTE unknown, 00 06 00 01 00 02 00 02 00 00
login packet (uin/password)
get the cookie and reconnect
send cookie
SNAC 1/3
SNAC 1/17
SNAC 1/6
SNAC 1/E
SNAC 2/2
SNAC 3/2
SNAC 4/4
SNAC 9/2
the server reply 1/7 to the 1/6, and then it goes:
SNAC 1/8
SNAC 4/2
SNAC 2/4
SNAC 3/4 with the contact list
if status = invisible SNAC 9/5 with visible list
SNAC 1/1E with status
SNAC 1/11
if status invisible SNAC 9/7 with invisible list
SNAC 1/2
SNAC 15/2, to require offline messages
server:
SNAC 4,07 (file-req)
client:
SNAC 4,06 (file-ok)
or
SNAC 4,0B (file-denied)
server:
SNAC 4,07 (file-ack, with ??A=0002)
server sends (1)
4 BYTE 00 00 00 01
4 BYTE 00 00 00 01
SNAC 17,04
3 BYTE 00 01 00
BYTE unk, 3B or 38
4 BYTE 0
4 BYTE 28 00 03 00
4 BYTE 0
4 BYTE 0
4 BYTE ??A, unk, 03 46 00 00 or B4 25 00 00
4 BYTE same as ??A
4 BYTE 0
4 BYTE 0
4 BYTE 0
4 BYTE 0
LNTS chosen password
4 BYTE same as ??A
4 BYTE 00 00 CF 01
SNAC 17,05
17 BYTE 00 01 00 32 30 00 00 00 00 00 2D 00 03 00 00 00 06
BYTE unk, 0F or 72
2 BYTE 3E 62
2 BYTE unk, E3 53 or CD B5
2 BYTE 7E FF
4 BYTE unk, 14 18 03 46 or 17 08 B4 25
18 BYTE 0
UIN new uin number
2 BYTE unk, 03 46 or B4 25
2 BYTE 00 00
Jeff Hughes valaxer@nwinet.com
Filippov Joe joe@idisys.iae.nsk.su
Robin Fisher robin@phase3solutions.com
Daniel Wirtz daniel@skywebs.net
Alex Efros powerman@sky.net.ua