 Unofficial ICQ Protocol v7
|
Ниже вашему вниманию предоставляется
неофициальная версия 7-ого протокола ICQ. Именно его используют клиенты
ICQ2000a и ICQ2000b. Так что можете изучать и программировать свой
собственный СОФТ. Надеюсь, скоро список софта пополнит и Ваша собственная
программа.
Список ключей и параметров:
affiliations.txt
- Список Affiliations (Категории)
ages.txt - Возраст.
Ключи для поиска по White Pages.
countries.txt -
Страны. Коды стран для User details
gmt.txt - Время
относительно GMT пользователя. Для User Details.
interests.txt -
Интересы пользователя.
languages.txt -
Ключи к языкам.
occupations.txt
- Ключи профессий пользователя. Occupations.
pasts.txt - User
Pasts.
sex.txt
- Пол пользователя. 2 ключа.
Сам 7-ой протокол ICQ:
ICQv7 (personal) protocol notes
by Massimo Melina,rejetto@libero.it
www.rejetto.com/icq
last
update Nov 02, 2001
THESE ARE ONLY _PERSONAL_ NOTES
USE IT AT YOUR OWN RISK
if you
want to tell me about additional info or wrong info in this file, contact
me
important note:
* this doc is very bad written for several
reasons i won't list here.
* i don't earn money from this, i'm a
student, i'm only having some fun.
* a list of people who contributed
to this doc is at bottom
* you won't understand too much in here if you
don't read AIM protocol docs at www.icqv7.cjb.net
some notes:
* unk = unknown
* communication is over FLAP protocol
(find info about it in AIM protocol docs)
* where specified,
communication is over SNAC protocol, over FLAP (AIM proto docs too)
*
password is xored with these bytes:
F3,26,81,C4,39,86,DB,92,71,A3,B9,E6,53,7A,95,7C
* LE stands for
little-endian
* BE stands for big-endian
* BYTE is a 8 bit
integer
* WORD is a 2-byte integer (BE)
* DWORD is a 4-byte integer
(BE)
* TIME_T is a DWORD, unix time format
* IPADDR is a quadruple
of bytes A,B,C,D where in dotted form is A.B.C.D
* COLOR is a quadruple
of bytes: R,G,B,N where N is not used (you should set it zero)
* STRING
is a succession of (ascii) characters without length-leading or
null-char-ending
* UIN is a 4-byte integer (LE) that codifies the uin
number
* B-UIN is a BYTE preceded STRING: the byte indicates the length
of the string and the string report an uin number
* UINLIST is a raw
succession of B-UINs
* NTS is a Null Termined String
* LNTS is a
word (LE) preceeded NTS: the word indicates the length of the NTS string
(null char included)
* DLS is a dword (LE) preceeded string
*
msg-subtype is a BYTE:
| CODE |
FORMAT |
MEANING |
| 01 |
plain |
msg |
| 02 |
? |
chat |
| 03 |
? |
file |
| 04 |
url-msg |
url |
| 06 |
user-msg |
authorization request |
| 07 |
plain |
authorization denied |
| 08 |
empty |
authorization given |
| 0C |
user-msg |
user added you |
| 0E |
email-msg |
emailExpress |
| 13 |
contacts-msg |
contacts |
| 1A |
empty |
contacts-req |
| E? |
plain |
auto-msg-req (E8 away, E9 occupied, EA na, EB dnd, EC
f4c) |
* msg-flags is a BYTE:
00 = normal
80
= multiple
03 = special (used for auto-msg-req)
* error-code is a
WORD:
00 00 no error
00 01 bad uin
00 05 bad password
00 18
rate exceeded
00 1D (probably) you're trying to reconnect too fast,
wait a second and retry
* user-msg is a LNTS: nick FE first FE last FE
email FE unk-char FE msg
* url-msg is a LNTS: msg FE url
*
contacts-msg is a LNTS: contacts# FE uin FE nick FE uin FE nick FE...
*
email-msg is a LNTS: name FE FE FE email FE unk-char FE body
* gmt
offset is a signed byte, specifies negative half hours from GMT 0 (e.g. -3
= GMT+1:30)
* status codes is a double word: WORD flags + WORD status
WORD
flags
2000 direct connection only for contact list
1000 direct
connection by request
0002 show ip? (licq uses it on invisible
state)
0001 webaware
WORD status (sometime i saw bit 3 set, or bit 9
in invisible state)
0000 online
0020 free4chat
0001 away
0004
n/a
0005 n/a
0010 occupied
0011 occupied
0013 dnd
0100
invisible
* accept-status codes
0 normally accepted (use this replying to
auto-msg-req)
9 not accepted, occupied
A not accepted, dnd
4
accepted but away
E accepted but NA
C accepted to contact list (no
blink in tray)
* priority codes
00 00 = file-reply
01 00 = normal
02 00 =
send urgent
04 00 = send to contact list (don't blink in tray)
* direct-connection-info
IPADDR my ip address, often second NIC ip,
leave 0 for no direct-connection
DWORD port where listening for
connections, leave 0 for no direct-connection
BYTE 04
WORD protocol
version (licq 0006, icq2000 0007, icq2001 0008)
4 BYTE unk
8 BYTE 00
00 00 50 00 00 00 03
TIME_T unk, usually a recent time
TIME_T unk,
usually a recent time
TIME_T unk, usually a recent time
WORD 0
* wp-short-request-info
LNTS first
LNTS last
LNTS nick
* wp-full-request-info
wp-short-request-info
LNTS email
WORD
(LE) minimum age, 0 if disabled
WORD (LE) maximum age, 0 if
disabled
BYTE sex (0=disabled, other=see table)
BYTE language
(0=disabled, other=see table)
LNTS city
LNTS state
WORD country
(0=disabled, other=see table)
LNTS company-name
LNTS
department
LNTS position
BYTE occupation field (0=disabled)
WORD
past information category (0=disabled, other=see table)
LNTS
desc
WORD interests-category (0=disabled, other=see table)
LNTS
interests-specific (comma separated)
WORD affiliation/organization
(0=disabled, other=see table)
LNTS desc
WORD homepage
category
LNTS desc
BYTE only-online-users, (0=off, 1=on)
* wp-result-info
WORD length of this record (you can't rely on
fields if record is shorter)
UIN his uin
LNTS nick
LNTS
first
LNTS last
LNTS email
BYTE auth (0=required,
1=always)
BYTE status (00 offline, 01 online, 02 not webaware)
BYTE
unknown, usually 0
BYTE sex
BYTE age
9 BYTE unk, 0
* main-home-info
LNTS nick
LNTS first
LNTS last
LNTS
email
LNTS city
LNTS state
LNTS phone
LNTS fax
LNTS
street
LNTS cellular (if SMS-able string contains an ending '
SMS')
LNTS zip
WORD country (LE)
BYTE gmt
BYTE unknown,
usually 0
* work-info
LNTS city
LNTS state
DWORD 0
LNTS
street
LNTS zip
WORD country (LE)
LNTS company-name
LNTS
company-dept
LNTS company-position
WORD 0 (LE?)
LNTS company-web
* homepage-more-info
BYTE age
BYTE 0
BYTE sex
LNTS
homepage
WORD birth-year (LE)
BYTE birth-month
BYTE
birth-day
BYTE lang1
BYTE lang2
BYTE lang3
* work-info
LNTS city
LNTS state
LNTS unk
LNTS unk
LNTS
street address
LNTS zip code
WORD unk, 2700
LNTS company
name
LNTS unk
LNTS position
WORD unk, 0500
LNTS unk
* more-email-info
BYTE number (of addresses)
for number
times
BYTE unknown, usually 00
LNTS address
* personal-interests-in
BYTE # of categories to follow
for #
times
WORD category (6800 => Computers, 7100 => Music)
LNTS
specific
* past-background-info
012F01 university
LNTS specific
00616E
* capability is a 4 DWORD number
4 capabilities are known
1)
09461349 4C7F11D1 82224445 53540000
2) 09461344 4C7F11D1 82224445
53540000
3) 97B12751 243C4334 AD22D6AB F73F1492 //
sent by icq2001
4) 2E7A6475 FADF4DC8 886FEA35 95FDB6DF
// sent by icq2001
* capability-info is a succession of capabilities
note: icq2000b
sends 1) and 2), licq sends only 2)
*******************************
------LOGIN SESSION-----------
*******************************
connection to login server
server sends (1) <- in parenthesis lies the FLAP channel (SNACs use
always channel 2) 4 BYTE 00 00 00 01
client sends (1)
4 BYTE 00 00 00 01
TLV(1) STRING my
uin
TLV(2) STRING encrypted password
TLV(3) STRING client profile,
example "ICQ Inc. - Product of ICQ (TM).2000b.4.63.1.3279.85"
TLV(16)
WORD unk, usually 01 0A
TLV(17) WORD major version, 4 for icq2000, 5
for icq2001
TLV(18) WORD minor version
TLV(19) WORD lesser
version
TLV(1A) WORD build version
TLV(14) DWORD dunno
version
TLV(0F) STRING language, 2 chars, usually "en"
TLV(0E)
STRING country, 2 chars, usually "us"
server sends (4)
TLV(1) STRING my uin
if all goes right
TLV(5)
STRING BOS-address:port
TLV(6) STRING cookie
else TLV(8)
error-code
TLV(4) STRING url // not always present
TLV(C) WORD unknown
close connection
-----SERVICE SESSION---------
connection to service server specified in TLV(5)
server sends (1)
4 BYTE 00 00 00 01
client sends (1)
4 BYTE 00 00 00 01
TLV(6) STRING cookie
------SNAC COMMANDS------------
server sends // Server is ready
SNAC
1,03
24 BYTE 00 01 00 02 00 03 00 04 00 06 00 08 00 09 00 0A 00 0B 00
0C 00 13 00 15 <
> client sends // hey, i'm an icq client, not
aim
SNAC 1,17
32 BYTE 00 01 00 03 00 13 00 02 00 02 00 01 00 03 00
01 00 15 00 01
00 04 00 01 00 06 00 01 00 09 00 01 00 0A 00 01 00 0B
00 01
server sends // got it, ack to 1,17
SNAC
1,18
48 BYTE 00 01 00 03 00 02 00 01 00 03 00 01 00 04 00 01 00 06 00
01 00 08 00 01
00 09 00 01 00 0A 00 01 00 0B 00 01 00 0C 00 01 00 13 00
02 00 15 00 01
client sends // request rate
SNAC 1,06
empty
server sends // response to 1,06
SNAC 1,07
181
BYTE unknown
WORD # of known messagges (N)
N DWORD known messages, a
known message is a words pair: FAMILY/SUBTYPE
17 DWORD unknown, they
seems messagge IDs too
client sends // ack to 1,07
SNAC 1,08
10 BYTE
00 01 00 02 00 03 00 04 00 05
client sends // Requests personal
information.
SNAC 1,0E
empty
client sends // Request rights information for
location service
SNAC 2,02
empty
client sends // Request rights information for buddy
list
SNAC 3,02
empty
client sends // Requests rights for ICBM (Instant
Message) operations.
SNAC 4,04
empty
client sends // Requests BOS rights
SNAC
9,02
empty
server sends // response to 1,0E
SNAC 1,0F
if
bit15 set in flag
8 BYTE 00 06 00 01 00 02 00 03
BUIN my uin
WORD
warning level
WORD user class?
TLV(1) WORD class2, usually 00 00 or
00 50
TLV(C) direct-connection-info, usually 0s
TLV(A) IPADDR my ip
address
TLV(4) WORD idle time, usually 00 00
TLV(6) DWORD status
code
TLV(F) DWORD unknown, it seems to be an incrementing
value
TLV(2) TIME_T member since
TLV(3) TIME_T online since
server sends //response to 2,02
SNAC
2,03
TLV(1) 04 00
TLV(2) 00 10
TLV(3) 00 0A
server sends //response to 3,02
SNAC
3,03
TLV(1) 02 58
TLV(2) 02 EE
TLV(3) 02 00
server sends // response to 4,04
SNAC 4,05
16
BYTE unknown, 00 02 00 00 00 03 02 00 03 E7 03 E7 00 00 03 E8
server sends // response to 9,02
SNAC
9,03
TLV(2) 00 A0
TLV(1) 00 A0
client sends // Add ICBM parameter
SNAC 4,02
16
BYTE 00 00 00 00 00 03 1F 40 03 E7 03 E7 00 00 00 00
client sends // set user info
SNAC 2,04
TLV(5)
capability-info
client sends // add to contact list
SNAC
3,04
UIN-LIST
client sends // remove from contact list
SNAC
3,05
UIN-LIST
client sends // add to visible list
SNAC
9,05
UIN-LIST
client sends // remove from visible list
SNAC
9,06
UIN-LIST
client sends // add to invisible list
SNAC
9,07
UIN-LIST
client sends // remove from invisible list
SNAC
9,08
UIN-LIST
client sends // add to a sort of visible list
SNAC
9,0A
UIN-LIST
client sends // remove from a sort of visible
list
SNAC 9,0B
UIN-LIST
client sends // set status code
SNAC
1,1E
TLV(6) status-code
TLV(8) error-code
TLV(C)
direct-connection-info
TLV(11) variable length, sent changing user
info
here some cases (they seems to be groups of 5 bytes)
15 BYTE:
01 0A 19 0B 3B 01 2E 19 0B 3B 01 5E 19 0B 3B
5 BYTE: 01 18 E5 CC
3B
TLV(12) WORD unknown, sent changing user info, usually 0
client sends // unknown (usually after set status
code)
SNAC 1,11
DWORD 00 00 00 00
client sends //client ready
SNAC 1,02
64 BYTE
unknown, usually 00 01 00 03 01 10 02 8A 00 02 00 01 01 01 02 8A 00 03 00
01
01 10 02 8A 00 15 00 01 01 10 02 8A 00 04 00 01 01 10 02 8A
00 06
00 01 01 10 02 8A 00 09 00 01 01 10 02 8A 00 0A 00 01
01 10 02 8A
client sends //many purposes
SNAC
15,02
TLV(1)
WORD (LE) bytes remaining, useless
UIN my
uin
WORD type
WORD req-id
type=3C00 //ask for
offlines messages
nothing
type=3E00 //ack to
offline messages
nothing
type=D007
WORD subtype
subtype=9808
xml-stype in an LNTS
LNTS '<key>' name of required data
'</key>'
subtype=1F05 //simple query
info
UIN user to request info
subtype=6905
//simple query info extended (used by icq2001)
DWORD
unk, 36 01 04 00
UIN user to request info
subtype=B204
//query info about user
UIN user to request
info
subtype=D004 //query my info
UIN my
uin
subtype=1505
//wp-short-request
wp-short-request-info
subtype=3305
//wp-full-request
wp-full-request-info
subtype=EA03
//modify user info
(main/home)
main-home-info
subtype=FD03 //modify
user info (homepage/more)
homepage-more-info
subtype=0604
// modify user info (about)
LNTS
about
subtype=F303 //modify user info
(work)
work-info
subtype=2E04 // change
password
LNTS new password
subtype=C404 // remove
user (warning!)
UIN uin to remove
LNTS password
subtype=2404
// set permissions?
BYTE authorization, 00 =
required, 01 = not required
BYTE webaware, 00 = off, 01 = on
2 BYTE
unknown, 01 00
subtype=D70A // unknown (icq2001)
server sends // Message of the day
SNAC 1,13
if
bit15 set in flag
8 BYTE 00 06 00 01 00 02 00 03
WORD unknown,
usually 0004
TLV(B) STRING message of the day, usually
'http://www.aol.com'
server sends // many purposes
SNAC 15,03 flag:000x
TLV(1) used for a lot of things
WORD (LE) bytes remaining,
useless
UIN my uin
WORD message-type
WORD req-id
message-type
= 4100 // offline message
UIN his uin
WORD year
(LE)
BYTE month (1=jan)
BYTE day
BYTE hour (GMT time)
BYTE
minutes
BYTE msg-subtype
BYTE msg-flags
LNTS msg
WORD 0000,
present only in single messages
message-type = 4200
// end of offline messages
BYTE unknown, usually
0
message-type = D007
2 BYTE unknown, usually 98 08
WORD length
of the following NTS
NTS
"<key>"field-type"</key>"
field-type = DataFilesIP
6
BYTE unk, usually 2A 02 44 25 00 31
message-type = DA07
3 BYTE
subtype
subtype=A2080A // where to get ads
stuff
LNTS ip address (a web server), usually
'<value>205.188.250.25</value>' that is
cb.icq.com
subtype=A40132 or AE0132 // empty
whitepages result
empty
subtype=A4010A //
wp-full-request result
wp-result-info
subtype=AE010A
// wp-full-request result (the
last)
wp-result-info
DWORD lasting results (LE)
subtype=90010A
// wp-short-request
result
wp-result-info
subtype=9A010A //
wp-short-request result (the last)
wp-result-info
DWORD lasting
results (LE)
subtype=C8000A // query
result
main-home-info
WORD unknown
subtype=D2000A
// query result
work-info
subtype=E6000A
// query result
LNTS about
subtype=F0000A
// query
result
personal-interests-info
subtype=FA000A //
query result
past-background-info
subtype=FA0014
// query result: users does not exist
s
empty
subtype=EB000A // query
result
more-email-info
subtype=DC000A // query
result
homepage-more-info
WORD unknown
subtype=0E010A
// query: additional info
WORD unknown,
0000
subtype=64000A // ack to modify info
(main/home)
empty
subtype=78000A // ack to modify
info (homepage/more)
empty
subtype=82000A // ack
to modify info (about)
empty
subtype=6E000A //
ack to modify info (work)
empty
subtype=B4000A //
ack to remove user
empty
subtype=AA000A // ack to
change password
empty
subtype=A0000A // ack to
2404
empty
subtype=1D030A // ack to D70A
empty
server sends // ONcoming user
SNAC
3,0B
B-UIN
WORD 0
WORD # of following TLVs
TLV(1) 00
50
TLV(C) direct-connection-info
TLV(A) IPADDR
TLV(4) WORD
0
TLV(6) status
TLV(D) capability-info
TLV(F) DWORD it seems a
time in seconds
TLV(2) TIME_T member since
TLV(3) TIME_T online
since
server sends // OFFgoing user
SNAC
3,0C
B-UIN
4 BYTE 00 00 00 01
TLV(1) 00 00
server sends
// incoming message
SNAC 4,07
8 BYTE ??B, a sort
of ID (it seems to be based on timestamp)
WORD msg-format
B-UIN
sender's uin
WORD warning level? garbage of OSCAR protocol
WORD 5 or
6, maybe it counts the following TLVs before the format-dipendent
datas
TLV(1) WORD 00 50
TLV(4) WORD 0 (not present in file-req and
auto-msg-req)
TLV(6) sender's status
TLV(F) DWORD it seems a time in
seconds
TLV(2) TIME_T member since
TLV(3) TIME_T online since
if
msg-format = 1 // message
TLV(2)
7 BYTE 05 01 00
01 01 01 01
WORD msg length + 4
4 BYTE 0
STRING message
if
msg-format = 4 // url or contacts or auth-req or
userAddedYou
TLV(5)
UIN sender's uin
BYTE msg-subtype
BYTE
msg-flags
LNTS msg
if text-msg
COLOR foreground
COLOR
background
if msg-format = 2 // advanced
message
TLV(5)
WORD ??A, 00 02 for file-ack, else 00 00
8 BYTE
same as ??B
16 BYTE capability1
if ??A=0000
TLV(A) 00 02 on
file-reply, 00 01 else
TLV(5) WORD, listening port (BE) (present on
FT)
TLV(3) IPADDR, internal ip (present on FT and file-reply)
TLV(F)
empty
TLV(2711)
WORD 1B 00
BYTE ??E (08 in auto-msg-req, else
07)
19 BYTE unk, 0
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00
3 BYTE unk, 03 00 00
if auto-msg-req
BYTE 00
BYTE
unk, 00 or 04 (00 in auto-msg-req)
WORD ??D, seems to be a downcounter
starting from FFFF
2 BYTE 0E 00
WORD same as ??D
12 BYTE
0
BYTE msg-subtype
BYTE msg-flags
WORD unk, 00 00 or 01 00 or 02
00 (0000 in file-reply, auto-msg-req)
WORD priority
LNTS msg
if
file-req
4 BYTE 9F CD D3 11
LNTS filename
DWORD filesize
(LE)
4 BYTE 00 FD 81 01
if file-reply
WORD ??C
2 BYTE
0
LNTS ''
DWORD unk
WORD same as ??C but inverted endian
2
BYTE 0
if auto-msg-req
empt
if text-msg
COLOR
foreground
COLOR background
TLV(4) IPADDR, external ip (BE) (present
on file-req, file-ok)
server sends // server ack to type-2 messages
SNAC
4,0C
10 BYTE equals to first 10 BYTE of message
BUIN equals to
message' uin
client sends // send message
SNAC 4,06
8 BYTED
??B, a sort of ID (it seems to be based on timestamp, ACKs should use same
ID)
WORD message-format
B-UIN recipient
msg-format=1
// simple message
TLV(2)
7 BYTE 05 01 00 01 01 01
01
WORD msg length + 4
4 BYTE 0
STRING
msg
TLV(6)
empty
msg-format=2 // advanced
message (only for ICQv7+ clients)
TLV(5)
WORD ??A (00 01 on abort
request, else 00 00)
8 BYTE same as ??B
16 BYTE capability1
if
??A = 00 00
TLV(A) 00 01 (maybe 00 02 for file-ack)
TLV(B) 00 01
(present on abort requests)
TLV(5) WORD, listening port (BE) (present
on file-req)
TLV(3) IPADDR, internal ip (present on file-req)
TLV(F)
empty
TLV(2711)
26 BYTE ??E, 1B 00 07 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 03 00 00 00
BYTE unk, 00 or 04 (00 on
auto-msg-req)
WORD ??D, seems to be a downcounter starting from
FFFF
WORD 0E 00 (it could be a LE counter of following bytes: 0E =
2+12)
WORD same as ??D
12 BYTE 0
BYTE msg-subtype
BYTE
msg-flags
WORD unk, 00 00 or 01 00 or 02 00 (0000 in file-reply, 0100
in auto-msg-req)
WORD priority
LNTS msg
if subtype=FT
WORD
unk, can be 0
WORD ??C, can be 0
LNTS filename (empty on
file-reply)
DWORD filesize (LE) (zero on file-reply)
WORD unk, can
be 0
WORD same or similar to ??C
if subtype=chat
BYTE 01
10
BYTE 0
if subtype=msg
COLOR foreground
COLOR background
if
subtype=auto-msg-req
empty
TLV(3) empty // ack
request?
msg-format=4 // url or contacts or
auth-reply or multi-send
TLV(5)
UIN my uin
BYTE
msg-subtype
BYTE msg-flags
LNTS msg
if contacts-req
2 BYTE 39
00, it seems to be the number of the following bytes
18 BYTE unk, 2A 0E
7D 46 76 76 D4 11 BC E6 00 04 AC 96 1E A6 02 00
DTS Request For
Contacts
15 BYTE 00 00 00 00 00 01 00 00 00 00 00 00 00 00 00
2 BYTE
11 00, it seems to be the number of the following bytes
2 BYTE 0
DTS
request message
TLV(6) empty // ack request?
client or server sends // ack to type-2 message
(answer to auto-msg-req too)
SNAC 4,0B flags:0000
10 BYTE equals to
first 10 BYTE of message
BUIN equals to message' uin
2 BYTE 00
03
47 BYTE from offset 40 (??E) to 86 of TLV(5)
BYTE accept-status
3 BYTE 0
LNTS message
if not auto-msg
4 BYTE 0
if msg
4
BYTE FF FF FF FF
if file-deny
11 BYTE unk, 01 00 00 xx xx 00 00 xx
xx 00 00
server sends // warning: you're sending too fast
SNAC 1,0A
flags:0000
WORD unk, usually 1, 2 or 3
24 BYTE 00 01 00 00 00 50 00
00 09 C4 00 00 07 D0 00 00 05 DC 00 00 03 20 00 00
WORD unk, maybe
indicates the available buffer in the server and it's always under 2000dec
under 5DC (1500dec), the first word is 3 over it's 2
9 BYTE 00 00 17 70
00 00 00 00 01
client sends // add to ignore list (it seems to have no
effects)
SNAC 3,05
UIN-LIST
server sends (4)
TLV(9) WORD disconnect reason
00 01 = another
client is loggin with this uin
TLV(B) STRING comment?
for reason 00
01, "http://www.aim.aol.com/errors/USER_LOGGED_OFF_NEW_LOGIN.html"
server sends
SNAC 4,01 flags:0000
WORD error-code
000E invalid
packet?
server sends
SNAC 17,03 flags:0000
TLV(4) STRING message of the
day, usually "http://www.aol.com"
TLV(8) error-code
TLV(C) 00 01
client sends // add to visible lsit
SNAC 13,08 flags:0000
BYTE
00
BUIN an uin
8 BYTE 00 00 2B 63 00 02 00 00 // maybe last dword is
my status
client sends // remove from visible list
SNAC 13,0A
flags:0000
BYTE 00
BUIN an uin
8 BYTE 00 00 22 64 00 02 00 00
server sends // ack to 13,0A
SNAC 13,0E flags:8000
10 BYTE
unknown, 00 06 00 01 00 02 00 02 00 00
----A (hopely) CORRECT LOGIN SEQUENCE
login packet
(uin/password)
get the cookie and reconnect
send cookie
SNAC
1/3
SNAC 1/17
SNAC 1/6
SNAC 1/E
SNAC 2/2
SNAC 3/2
SNAC
4/4
SNAC 9/2
the server reply 1/7 to the 1/6, and then it
goes:
SNAC 1/8
SNAC 4/2
SNAC 2/4
SNAC 3/4 with the contact
list
if status = invisible SNAC 9/5 with visible list
SNAC 1/1E with
status
SNAC 1/11
if status invisible SNAC 9/7 with invisible
list
SNAC 1/2
SNAC 15/2, to require offline messages
---RECEIVE A FILE TRANSFER REQUEST VIA SERVER
server:
SNAC 4,07
(file-req)
client:
SNAC 4,06 (file-ok)
or
SNAC 4,0B
(file-denied)
server:
SNAC 4,07 (file-ack, with ??A=0002)
after file-req a SNAC 4,07 (file-abort) could happen
---NEW UIN REGISTRATION
server sends (1)
4 BYTE 00 00 00 01
client sends (1)
4 BYTE 00 00 00 01
client sends
SNAC 17,04
3 BYTE 00 01 00
BYTE unk, 3B or
38
4 BYTE 0
4 BYTE 28 00 03 00
4 BYTE 0
4 BYTE 0
4 BYTE
??A, unk, 03 46 00 00 or B4 25 00 00
4 BYTE same as ??A
4 BYTE
0
4 BYTE 0
4 BYTE 0
4 BYTE 0
LNTS chosen password
4 BYTE
same as ??A
4 BYTE 00 00 CF 01
server sends
SNAC 17,05
17 BYTE 00 01 00 32 30 00 00 00 00 00 2D
00 03 00 00 00 06
BYTE unk, 0F or 72
2 BYTE 3E 62
2 BYTE unk, E3
53 or CD B5
2 BYTE 7E FF
4 BYTE unk, 14 18 03 46 or 17 08 B4
25
18 BYTE 0
UIN new uin number
2 BYTE unk, 03 46 or B4 25
2
BYTE 00 00
---PEOPLE WHO CONTRIBUTED TO THIS DOC (i decide the order, that is,
random)
Jeff Hughes valaxer@nwinet.com
Filippov Joe
joe@idisys.iae.nsk.su
Robin Fisher robin@phase3solutions.com
Daniel
Wirtz daniel@skywebs.net
Alex Efros powerman@sky.net.ua
Протокол в текстовом файле: ICQv7proto.txt
ICQ
SHOP
ICQ
LiveJournal
