dsniff  2.4b2
About: A collection of tools for network auditing
  Fossies Dox: dsniff-2.4b2.tar.gz  ("inofficial" and yet experimental doxygen-generated source code documentation)  

decode_icq.c
Go to the documentation of this file.
1 /*
2  * decode_icq.c
3  *
4  * ICQ (note - ICQ2000 is actually AIM).
5  *
6  * Copyright (c) 2000 Dug Song <dugsong@monkey.org>
7  *
8  * $Id: decode_icq.c,v 1.7 2001/03/15 08:33:00 dugsong Exp $
9  */
10 
11 #include "config.h"
12 
13 #include <sys/types.h>
14 
15 #include <stdio.h>
16 #include <string.h>
17 
18 #include "buf.h"
19 #include "decode.h"
20 
21 #define ICQ2_UIN_OFFSET 6
22 #define ICQ2_CMD_OFFSET 2
23 #define ICQ2_PASS_OFFSET 16
24 
25 #define ICQ5_UIN_OFFSET 6
26 #define ICQ5_CMD_OFFSET 14
27 #define ICQ5_CKSUM_OFFSET 20
28 #define ICQ5_PASS_OFFSET 34
29 
30 const u_char icq5_table [] = {
31  0x59, 0x60, 0x37, 0x6B, 0x65, 0x62, 0x46, 0x48, 0x53, 0x61, 0x4C,
32  0x59, 0x60, 0x57, 0x5B, 0x3D, 0x5E, 0x34, 0x6D, 0x36, 0x50, 0x3F,
33  0x6F, 0x67, 0x53, 0x61, 0x4C, 0x59, 0x40, 0x47, 0x63, 0x39, 0x50,
34  0x5F, 0x5F, 0x3F, 0x6F, 0x47, 0x43, 0x69, 0x48, 0x33, 0x31, 0x64,
35  0x35, 0x5A, 0x4A, 0x42, 0x56, 0x40, 0x67, 0x53, 0x41, 0x07, 0x6C,
36  0x49, 0x58, 0x3B, 0x4D, 0x46, 0x68, 0x43, 0x69, 0x48, 0x33, 0x31,
37  0x44, 0x65, 0x62, 0x46, 0x48, 0x53, 0x41, 0x07, 0x6C, 0x69, 0x48,
38  0x33, 0x51, 0x54, 0x5D, 0x4E, 0x6C, 0x49, 0x38, 0x4B, 0x55, 0x4A,
39  0x62, 0x46, 0x48, 0x33, 0x51, 0x34, 0x6D, 0x36, 0x50, 0x5F, 0x5F,
40  0x5F, 0x3F, 0x6F, 0x47, 0x63, 0x59, 0x40, 0x67, 0x33, 0x31, 0x64,
41  0x35, 0x5A, 0x6A, 0x52, 0x6E, 0x3C, 0x51, 0x34, 0x6D, 0x36, 0x50,
42  0x5F, 0x5F, 0x3F, 0x4F, 0x37, 0x4B, 0x35, 0x5A, 0x4A, 0x62, 0x66,
43  0x58, 0x3B, 0x4D, 0x66, 0x58, 0x5B, 0x5D, 0x4E, 0x6C, 0x49, 0x58,
44  0x3B, 0x4D, 0x66, 0x58, 0x3B, 0x4D, 0x46, 0x48, 0x53, 0x61, 0x4C,
45  0x59, 0x40, 0x67, 0x33, 0x31, 0x64, 0x55, 0x6A, 0x32, 0x3E, 0x44,
46  0x45, 0x52, 0x6E, 0x3C, 0x31, 0x64, 0x55, 0x6A, 0x52, 0x4E, 0x6C,
47  0x69, 0x48, 0x53, 0x61, 0x4C, 0x39, 0x30, 0x6F, 0x47, 0x63, 0x59,
48  0x60, 0x57, 0x5B, 0x3D, 0x3E, 0x64, 0x35, 0x3A, 0x3A, 0x5A, 0x6A,
49  0x52, 0x4E, 0x6C, 0x69, 0x48, 0x53, 0x61, 0x6C, 0x49, 0x58, 0x3B,
50  0x4D, 0x46, 0x68, 0x63, 0x39, 0x50, 0x5F, 0x5F, 0x3F, 0x6F, 0x67,
51  0x53, 0x41, 0x25, 0x41, 0x3C, 0x51, 0x54, 0x3D, 0x5E, 0x54, 0x5D,
52  0x4E, 0x4C, 0x39, 0x50, 0x5F, 0x5F, 0x5F, 0x3F, 0x6F, 0x47, 0x43,
53  0x69, 0x48, 0x33, 0x51, 0x54, 0x5D, 0x6E, 0x3C, 0x31, 0x64, 0x35,
54  0x5A, 0x00, 0x00
55 };
56 
57 int
58 decode_icq(u_char *buf, int len, u_char *obuf, int olen)
59 {
60  struct buf inbuf, outbuf;
61  u_short version, cmd;
62  u_int32_t uin;
63  u_char *p;
64 
65  buf_init(&inbuf, buf, len);
66  buf_init(&outbuf, obuf, olen);
67 
68  if (buf_get(&inbuf, &version, sizeof(version)) != sizeof(version))
69  return (0);
70 
71  version = pletohs(&version);
72 
73  switch (version) {
74  case 2:
75  if (buf_seek(&inbuf, ICQ2_CMD_OFFSET, SEEK_SET) < 0)
76  return (0);
77 
78  if (buf_get(&inbuf, &cmd, sizeof(cmd)) != sizeof(cmd))
79  return (0);
80 
81  if ((cmd = pletohs(&cmd)) != 1000)
82  return (0);
83 
84  if (buf_seek(&inbuf, ICQ2_UIN_OFFSET, SEEK_SET) < 0)
85  return (0);
86 
87  if (buf_get(&inbuf, &uin, sizeof(uin)) != sizeof(uin))
88  return (0);
89 
90  uin = pletohl(&uin);
91 
92  if (buf_seek(&inbuf, ICQ2_PASS_OFFSET, SEEK_SET) < 0)
93  return (0);
94  break;
95 
96  case 5:
97  {
98  u_int32_t a1, a2, a3, a4, a5, c, key, i, k;
99 
100  if (buf_seek(&inbuf, ICQ5_CKSUM_OFFSET, SEEK_SET) < 0)
101  return (0);
102 
103  if (buf_get(&inbuf, &c, sizeof(c)) != sizeof(c))
104  return (0);
105 
106  c = pletohl(&c);
107 
108  a1 = c & 0x0001f000; a1 = a1 >> 0x0c;
109  a2 = c & 0x07c007c0; a2 = a2 >> 0x01;
110  a3 = c & 0x003e0001; a3 = a3 << 0x0a;
111  a4 = c & 0xf8000000; a4 = a4 >> 0x10;
112  a5 = c & 0x0000083e; a5 = a5 << 0x0f;
113 
114  key = len * 0x68656C6C;
115  key += a1 + a2 + a3 + a4 + a5;
116 
117  p = inbuf.base;
118 
119  for (i = 0x0a; i < inbuf.end + 3; i += 4) {
120  k = key + icq5_table[i & 0xff];
121  if (i != 0x16) {
122  p[i] ^= (u_char)(k & 0xff);
123  p[i + 1] ^= (u_char)((k & 0xff00) >> 8);
124  }
125  if (i != 0x12) {
126  p[i + 2] ^= (u_char)((k & 0xff0000) >> 16);
127  p[i + 3] ^= (u_char)((k & 0xff000000) >> 24);
128  }
129  }
130  if (buf_seek(&inbuf, ICQ5_CMD_OFFSET, SEEK_SET) < 0)
131  return (0);
132 
133  if (buf_get(&inbuf, &cmd, sizeof(cmd)) != sizeof(cmd))
134  return (0);
135 
136  if ((cmd = pletohs(&cmd)) != 1000)
137  return (0);
138 
139  if (buf_seek(&inbuf, ICQ5_UIN_OFFSET, SEEK_SET) < 0)
140  return (0);
141 
142  if (buf_get(&inbuf, &uin, sizeof(uin)) != sizeof(uin))
143  return (0);
144 
145  uin = pletohl(&uin);
146 
147  if (buf_seek(&inbuf, ICQ5_PASS_OFFSET, SEEK_SET) < 0)
148  return (0);
149  }
150  break;
151 
152  default:
153  return (0);
154  }
155  buf_putf(&outbuf, "%d\n%.*s\n", uin, buf_len(&inbuf), buf_ptr(&inbuf));
156 
157  buf_end(&outbuf);
158 
159  return (buf_len(&outbuf));
160 }
161 
buf_putf
int buf_putf(buf_t buf, const char *fmt,...)
Definition: buf.c:106
buf_init
void buf_init(buf_t buf, u_char *data, int len)
Definition: buf.c:24
buf_end
void buf_end(buf_t buf)
Definition: buf.c:121
ICQ2_CMD_OFFSET
#define ICQ2_CMD_OFFSET
Definition: decode_icq.c:22
buf::base
u_char * base
Definition: buf.h:15
ICQ5_CMD_OFFSET
#define ICQ5_CMD_OFFSET
Definition: decode_icq.c:26
ICQ2_UIN_OFFSET
#define ICQ2_UIN_OFFSET
Definition: decode_icq.c:21
ICQ5_CKSUM_OFFSET
#define ICQ5_CKSUM_OFFSET
Definition: decode_icq.c:27
decode.h
pletohl
#define pletohl(p)
Definition: decode.h:28
ICQ5_PASS_OFFSET
#define ICQ5_PASS_OFFSET
Definition: decode_icq.c:28
buf.h
cmd
char cmd[2048]
Definition: webspy.c:38
buf
Definition: buf.h:14
buf_get
int buf_get(buf_t buf, void *dst, int len)
Definition: buf.c:74
buf_ptr
#define buf_ptr(b)
Definition: buf.h:31
ICQ2_PASS_OFFSET
#define ICQ2_PASS_OFFSET
Definition: decode_icq.c:23
icq5_table
const u_char icq5_table[]
Definition: decode_icq.c:30
ICQ5_UIN_OFFSET
#define ICQ5_UIN_OFFSET
Definition: decode_icq.c:25
buf::end
int end
Definition: buf.h:18
config.h
obuf
static char obuf[4096]
Definition: trigger.c:43
buf_seek
int buf_seek(buf_t buf, int off, int whence)
Definition: buf.c:60
buf_len
#define buf_len(b)
Definition: buf.h:34
decode_icq
int decode_icq(u_char *buf, int len, u_char *obuf, int olen)
Definition: decode_icq.c:58
pletohs
#define pletohs(p)
Definition: decode.h:24