/* outgoing IM */
2a 02 00 3a 00 77 00 04 00 06 00 00 00 00 00 06 *..:.w..........
31 33 36 45 31 31 34 00 00 01 0a 50 68 72 65 61 136E114....Phrea
6b 42 6c 75 65 00 02 00 54 05 01 00 03 01 01 02 kBlue...T.......
01 01 00 49 00 00 00 00 3c 48 54 4d 4c 3e 3c 42 ...I....<HTML><B
4f 44 59 20 42 47 43 4f 4c 4f 52 3d 22 23 66 66 ODY BGCOLOR="#ff
66 66 66 66 22 3e 3c 46 4f 4e 54 20 4c 41 4e 47 ffff"><FONT LANG
3d 22 30 22 3e 6d 6f 6f 3c 2f 46 4f 4e 54 3e 3c ="0">moo</FONT><
2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e /BODY></HTML>
/* tlv breakdown */
* 0x0000 * 0x0a bytes /*short tlv*/
|
* 0x0002 @ 0x0054 bytes
|
|\
| \
| |
| *0x0501 @ 0x0003 bytes
| |\-----(data)01 01 02 /*not sure, libfaim/gaim has a length of 4/*
| |
| *0x0101 @ 0x0049 bytes
| |\-----(data)highlighted in bold /* padded message data */
| |
(no more tlvs)
/* incoming IM*/
2a 02 90 2d 00 ad 00 04 00 07 00 00 85 25 65 5d *..-.........%e]
31 33 36 45 31 31 34 00 00 01 0a 50 68 72 65 61 136E114....Phrea
6b 42 6c 75 65 00 00 00 04 00 01 00 02 00 11 00 kBlue...........
0f 00 04 00 00 07 7c 00 1d 00 14 00 01 01 10 e3 ......|.........
0b 8a d9 9f 0a 80 fd 6e 5c 7d 19 2d 66 87 57 00 .......n\}.-f.W.
03 00 04 3d 8d 04 7a 00 02 00 54 05 01 00 03 01 ...=..z...T.....
01 02 01 01 00 49 00 00 00 00 3c 48 54 4d 4c 3e .....I....<HTML>
3c 42 4f 44 59 20 42 47 43 4f 4c 4f 52 3d 22 23 <BODY BGCOLOR="#
66 66 66 66 66 66 22 3e 3c 46 4f 4e 54 20 4c 41 ffffff"><FONT LA
4e 47 3d 22 30 22 3e 6d 6f 6f 3c 2f 46 4f 4e 54 NG="0">moo</FONT
3e 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 00 ></BODY></HTML>.
0b 00 00 ...
/* header */
0x2a (aim packet marker)
0x02 (channel number)
0x902d (sequence number)
0x00ad (payload length, number of bytes after this one)
0x0004 (family)
0x0007 (subtype)
0x00,0x00,0x85,0x25,0x65,0x5d (some sort of time stamp, however on packets containing tlv 0x0003 this contains info on how many messages were sent to this user during this session.. session being the length of time aim runs without being restarted)
0x31,0x33,0x36,0x45,0x31,0x31,0x34 (aim cookie)
/* tlv breakdown */
* 0x0000 * 0x0a bytes /*short tlv*/
|
* 0x0003 @ 0x0004 bytes
|
* 0x0002 @ 0x0054 bytes
|
|\
| \
| |
| *0x0501 @ 0x0003 bytes
| |\-----(data)01 01 02 /* have no idea what this is */
| |
| *0x0101 @ 0x0049 bytes
| |\-----(data)00 00 00 00 3c 48 54 4d 4c (cont'd)... /* padded message data */
| |
(no more tlvs)
/* oscar keepalive */
*/these packets are sent roughly once every 60 seconds and i assume tells the server we are still alive */
2a 05 00 5b 00 00 *..[..
note:
this is channel 0x05
this packet has no payload length
/* buddy state change? */
2a 02 e3 70 00 2f 00 03 00 0b 00 00 96 91 c5 3b *..p./.........;
0a 61 6b 75 62 69 20 73 75 72 75 00 00 00 03 00 .akubi suru.....
01 00 02 00 10 00 0f 00 04 00 00 66 f2 00 03 00 ...........f....
04 3d 9e 39 33 .=.93
/* buddy info reply incoming */
2a 02 e3 72 01 1f 00 02 00 06 00 00 00 05 00 15 *..r............
09 54 4c 65 30 32 30 31 38 30 00 00 00 05 00 01 .TLe020180......
00 02 00 30 00 04 00 02 00 1f 00 0f 00 04 00 00 ...0............
d3 77 00 1d 00 1d 00 00 00 05 02 01 d2 04 72 00 .w............r.
01 01 10 9b bf 9c cf 9c 15 80 b8 15 a5 00 f1 16 ................
97 90 30 00 03 00 04 3d 9d cd 25 00 03 00 1f 74 ..0....=..%....t
65 78 74 2f 61 6f 6c 72 74 66 3b 20 63 68 61 72 ext/aolrtf; char
73 65 74 3d 22 75 73 2d 61 73 63 69 69 22 00 04 set="us-ascii"..
00 a3 3c 48 54 4d 4c 3e 3c 42 4f 44 59 20 42 47 ..<HTML><BODY BG
43 4f 4c 4f 52 3d 22 23 66 66 66 66 66 66 22 3e COLOR="#ffffff">
3c 46 4f 4e 54 20 43 4f 4c 4f 52 3d 22 23 38 30 <FONT COLOR="#80
30 30 38 30 22 20 46 41 43 45 3d 22 41 72 69 61 0080" FACE="Aria
6c 22 20 4c 41 4e 47 3d 22 30 22 20 53 49 5a 45 l" LANG="0" SIZE
3d 32 3e 41 41 41 41 41 48 48 48 21 21 21 20 20 =2>AAAAAHHH!!!
64 6f 65 73 20 61 6e 79 6f 6e 65 20 6b 6e 6f 77 does anyone know
20 61 6e 79 74 68 69 6e 67 20 61 62 6f 75 74 20 anything about
63 6f 6e 74 72 61 63 74 20 6c 61 77 3f 21 3f 21 contract law?!?!
3c 2f 46 4f 4e 54 3e 3c 2f 42 4f 44 59 3e 3c 2f </FONT></BODY></
48 54 4d 4c 3e HTML>
/* "send mail" server request */
T 192.168.0.25:1038 -> 64.12.28.54:5190 [AP]
2a 02 00 ee 00 20 00 01 00 04 00 00 00 03 00 04 *.... ..........
00 01 00 28 00 10 50 02 00 02 2a 9a 11 d5 80 8a ...(..P...*.....
00 60 b0 ee 06 31 .`...1
* 0x0028 @ 0x0010 bytes
|\------ (data) 0x50, 0x02, 0x00, 0x02, 0x2a, 0x9a, 0x11, 0xd5,
| 0x80, 0x8a, 0x00, 0x60, 0xb0, 0xee, 0x06, 0x31
(no more tlvs)
/* server response with ip address and port..*/
T 64.12.28.54:5190 -> 192.168.0.25:1038 [AP]
2a 02 e3 77 00 48 00 01 00 05 80 00 00 03 00 04 *..w.H..........
00 06 00 01 00 02 00 03 00 0d 00 02 00 01 00 05 ................
00 14 32 30 35 2e 31 38 38 2e 32 32 30 2e 31 37 ..205.188.220.17
31 3a 35 30 30 36 00 06 00 14 57 5a 5a 54 4e 51 1:5006....WZZTNQ
52 52 4f 50 41 51 4b 53 57 59 4d 47 51 56 RROPAQKSWYMGQV
* 0x0001 @ 0x0002 bytes
|\------ (data) 0x0003 /* not sure if this is a tlv.. but it fits */
|
* 0x000d @ 0x000d bytes
|\------ (data) 0x0001
|
* 0x0005 @ 0x0014 bytes
|\------ (data) 205.188.220.17:5060
|
* 0x0006 @ 0x0014 bytes
|\------ (string) "WZZTNQRROPAQKSWYMGQV"
(no more tlvs)
/* client version packet */
2a 02 00 03 00 98 00 17 00 02 00 00 00 00 00 00 *...............
00 01 00 0a 50 68 72 65 61 6b 42 6c 75 65 00 25 ....PhreakBlue.%
00 10 13 7b 1d 08 1d 1f 86 ef d9 39 fe 25 cb 98 ...{.......9þ%..
94 6e 00 4c 00 00 00 03 00 2d 41 4f 4c 20 49 6e .n.L.....-AOL In
73 74 61 6e 74 20 4d 65 73 73 65 6e 67 65 72 2c stant Messenger,
20 76 65 72 73 69 6f 6e 20 35 2e 30 2e 32 39 33 version 5.0.293
38 2f 57 49 4e 33 32 00 16 00 02 01 09 00 17 00 8/WIN32.........
02 00 05 00 18 00 02 00 00 00 19 00 02 00 00 00 ................
1a 00 02 0b 7a 00 14 00 04 00 00 00 c7 00 0f 00 ....z...........
02 65 6e 00 0e 00 02 75 73 00 4a 00 01 01 .en....us.J...
* 0x0025 @ 0x0010 bytes
|\------ (data) highlighted blue
|
* 0x004c @ 0x0000 bytes
|\------ (no data)
|
* 0x0003 @ 0x002d bytes
|\------ (data) highlighted red
|
* 0x0016 @ 0x0002 bytes
|\------ (data) 0x0109
|
* 0x0109 @ 0x0017 bytes
|\------ (data) highlighted green
|
* 0x0014 @ 0x0004 bytes
|\------ (data) 0x000000c7
|
* 0x000f @ 0x0002 bytes
|\------ (data) 0x656e
|
* 0x000e @ 0x0002 bytes
|\------ (data) 0x7573
|
* 0x004a @ 0x0001 bytes
|\------ (data) 0x01
|
(no more tlvs)
random things to know about the aim protocol:
all values larger then one byte are stored in network byte order..
aim packets are inherently limited to 65k +6 bytes, which might be why the buddy list has a hard limit of 200 buddies. ::shrug::
/* something to do with aims netscape mail feature */
2a 02 7b 73 00 81 00 18 00 07 00 00 80 84 b6 8f *.{s............
b2 ae d2 e4 a7 ce 8f 51 5d 5e 17 08 55 aa 11 d3 .......Q]^..U...
b1 43 00 60 b0 fb 1e cb 00 05 00 84 00 02 00 00 .C.`.û..........
00 80 00 02 00 00 00 81 00 01 00 00 82 00 0c 6e ...............n
65 74 73 63 61 70 65 2e 6e 65 74 00 07 00 38 68 etscape.net...8h
74 74 70 3a 2f 2f 61 69 6d 2e 61 6f 6c 2e 63 6f ttp://aim.aol.co
6d 2f 72 65 64 69 72 65 63 74 73 2f 69 6e 63 6c m/redirects/incl
69 65 6e 74 2f 6e 65 74 63 65 6e 74 65 72 6d 61 ient/netcenterma
69 6c 2e 68 74 6d 6c il.html
note: url: http://aim.aol.com/redirects/inclient/netcentermail.html
* 0x0002 @ 0x0000 bytes
|\------ (no data)
|
* 0x0080 @ 0x0002 bytes
|\------ (data) 0x0000
|
* 0x0081 @ 0x0001 bytes
|\------ (data) 0x00
|
* 0x0082 @ 0x000c bytes
|\------ (data) highlighted red
|
* 0x0007 @ 0x0038 bytes
|\------ (data) highlighted blue
|
(no more tlvs)