AIM 6.0 protocol changes...
thruska at cubiclesoft.com
Mon Aug 20 19:23:33 EDT 2007
Has anyone looked into the protocol changes for AIM 6.0 (a quick glance
at the archives suggests no one has)? Apparently it uses SSL/TLS for
encryption (AOL has received a ton of flak over the years for doing
plain-text transmission) but the new service ALSO apparently does NOT
use the familiar FLAP/SNAC layers for communication*. Nor is there a
separate authentication/logon server. Their main server is sitting over
at kdc.uas.aol.com:443. That is all I've got via Ethereal in an initial
packet capture. There is some XML stuff in the results from another
server (looks ad-server related)...perhaps useful, perhaps not.
If AOL takes the 'login.oscar.aol.com' (OSCAR) and BOS servers down,
GAIM (along with all other third-party AIM clients) will lose access to
the AIM service. Figuring out how AIM talks to the new server is going
to be tough. AIM 6 probably verifies the SSL certificate that is sent
by the server (that verification probably isn't complete**). It'll
probably have to be a man-in-the-middle-messing-with-Crypto-API-hooking
attack to passively watch the decrypted traffic.
* Ran a quick test by writing a script and connecting in and attempting
to retrieve the first 6 bytes of the "Connection Acknowledge" command
FLAP. It just sat there attempting to read data until the connection
timed out (it definitely connected). I then verified that the script
was working by connecting into login.oscar.aol.com:5190, which, of
course, gave me the expected response. The protocol appears to have
been significantly changed - such that existing code won't work - and
perhaps the protocol has been replaced entirely with something new.
** It may be possible to create a DNS cache poisoning (to localhost)
with a certificate from the same issuer as the root cert. plus develop a
local server designed to break the protocol. I didn't check to see who
issued the cert. but as long as it isn't self-signed, it shouldn't be a
problem other than cost. Possibly a lot faster than trying to hook APIs.
*NEW* MyTaskFocus 1.1
Get on task. Stay on task.
More information about the Devel