Описание протокола icq

В основе работы icq лежит метод сохранения всех сообщений, посылаемых пользователями, на сервере до тех пор, пока адресат не подключится к интернет.

Пользователям ICQ при регистрации присваиваются номера, называемые UIN (Universal Internet Number). Для непосредственной передачи сообщений icq серверу приходится получать текущий IP-адрес пользователя, потому что без него прямая передача данных по протоколу TCP/IP невозможна. Для преобразования UIN в IP-адреса используются специальные серверы.

В момент получения UIN ICQ клиент соединяется с одним из серверов и регистрируется на нем, передавая логин и пароль. Сервер запоминает текущий IP-адрес этого пользователя. Пока пользователь онлайн, сервер может обрабатывать запросы других ICQ на преобразование номера пользователя в его текущий IP-адрес. Эти запросы и ответы передаются по протоколу UDP (подобно запросам и ответам DNS). Этот же сервер может служить и источником информации "доступен ли данный пользователь online".

Получив IP-адрес другой стороны, ICQ может соединиться с клиентом ICQ на другой стороне и передавать данные напрямую. Короткие сообщения ICQ может передавать по UDP. Это более быстрый и легковесный протокол чем TCP, так как не ориентирован на соединение, а посылает данные отдельными пакетами. Но UDP ненадежный, поэтому используются подтверждения доставки. ICQ делает до 6 попыток отправить сообщение по UDP. И если ни на одну из них подтверждение не пришло, ICQ выводит вам сообщение, что не пожет передать сообщение напрямую. Когда получатель сообщения очередной раз подключится для регистрации, это сообщение будет ему переправлено.

Если возможно, ICQ пытается установить между переговаривающимися сторонами прямое TCP-соединение. В результате следующие сообщения могут идти по уже установленному TCP-соединению, что более надежно, чем UDP, и достаточно быстро.

Пользователь может создать контакт лист – список других пользователей ICQ. Когда какой-либо пользователь из этого списка находясь в интернете запускает ICQ и регистрируется на сервере – то уведомление об этом получают все в чьем контакт листе находится данный UIN. Каждый пользователь может указать свой статус icq , свидетельствующий о желании или нежелании принимать сообщения. Пользователь может свободно менять свой статус, о чем информируется каждый зарегистрированный на сервере клиент, в чьем списке контактов находится сменивший статус пользователь.

Список ключей и параметров протокола icq ver.7:

Список категорий

Свернутый текст

200 = Alumni Org.
201 = Charity Org.
202 = Club/Social Org.
203 = Community Org.
204 = Cultural Org.
205 = Fan Clubs
206 = Fraternity/Sorority
207 = Hobbyists Org.
208 = International Org.
209 = Nature and Environment Org.
210 = Professional Org.
211 = Scientific/Technical Org.
212 = Self Improvement Group
213 = Spiritual/Religious Org.
214 = Sports Org.
215 = Support Org.
216 = Trade and Business Org.
217 = Union
218 = Volunteer Org.
299 = Other

Возраст. Ключи для поиска по White Pages.

Свернутый текст

12001600h = 18-22
17001D00h = 23-29
1E002700h = 30-39
28003100h = 40-49
32003B00h = 50-59
3C001027h = 60-above

Страны. Коды стран для User details

Свернутый текст

1    = USA
7    = Russia
20   = Egypt
27   = South Africa
30   = Greece
31   = Netherlands
32   = Belgium
33   = France
34   = Spain
36   = Hungary
39   = Italy
40   = Romania
41   = Switzerland
42   = Czech Republic
43   = Austria
44   = United Kingdom
45   = Denmark
46   = Sweden
47   = Norway
48   = Poland
49   = Germany
51   = Peru
52   = Mexico
53   = Cuba
54   = Argentina
55   = Brazil
56   = Chile
57   = Colombia
58   = Venezuela
60   = Malaysia
61   = Australia
62   = Indonesia
63   = Philippines
64   = New Zealand
65   = Singapore
66   = Thailand
81   = Japan
82   = Korea (Republic of)
84   = Vietnam
86   = China
90   = Turkey
91   = India
92   = Pakistan
93   = Afghanistan
94   = Sri Lanka
95   = Myanmar
98   = Iran
101  = Anguilla
102  = Antigua
103  = Bahamas
104  = Barbados
105  = Bermuda
106  = British Virgin Islands
107  = Canada
108  = Cayman Islands
109  = Dominica
110  = Dominican Republic
111  = Grenada
112  = Jamaica
113  = Montserrat
114  = Nevis
115  = St. Kitts
116  = St. Vincent and the Grenadines
117  = Trinidad and Tobago
118  = Turks and Caicos Islands
120  = Barbuda
121  = Puerto Rico
122  = Saint Lucia
123  = United States Virgin Islands
212  = Morocco
213  = Algeria
216  = Tunisia
218  = Libya
220  = Gambia
221  = Senegal Republic
222  = Mauritania
223  = Mali
224  = Guinea
225  = Ivory Coast
226  = Burkina Faso
227  = Niger
228  = Togo
229  = Benin
230  = Mauritius
231  = Liberia
232  = Sierra Leone
233  = Ghana
234  = Nigeria
235  = Chad
236  = Central African Republic
237  = Cameroon
238  = Cape Verde Islands
239  = Sao Tome and Principe
240  = Equatorial Guinea
241  = Gabon
242  = Congo
243  = Dem. Rep. of the Congo
244  = Angola
245  = Guinea-Bissau
246  = Diego Garcia
247  = Ascension Island
248  = Seychelle Islands
249  = Sudan
250  = Rwanda
251  = Ethiopia
252  = Somalia
253  = Djibouti
254  = Kenya
255  = Tanzania
256  = Uganda
257  = Burundi
258  = Mozambique
260  = Zambia
261  = Madagascar
262  = Reunion Island
263  = Zimbabwe
264  = Namibia
265  = Malawi
266  = Lesotho
267  = Botswana
268  = Swaziland
269  = Mayotte Island
290  = St. Helena
291  = Eritrea
297  = Aruba
298  = Faeroe Islands
299  = Greenland
350  = Gibraltar
351  = Portugal
352  = Luxembourg
353  = Ireland
354  = Iceland
355  = Albania
356  = Malta
357  = Cyprus
358  = Finland
359  = Bulgaria
370  = Lithuania
371  = Latvia
372  = Estonia
373  = Moldova
374  = Armenia
375  = Belarus
376  = Andorra
377  = Monaco
378  = San Marino
379  = Vatican City
380  = Ukraine
381  = Yugoslavia
385  = Croatia
386  = Slovenia
387  = Bosnia and Herzegovina
389  = F.Y.R.O.M. (Former Yugoslav Republic of Macedonia)
500  = Falkland Islands
501  = Belize
502  = Guatemala
503  = El Salvador
504  = Honduras
505  = Nicaragua
506  = Costa Rica
507  = Panama
508  = St. Pierre and Miquelon
509  = Haiti
590  = Guadeloupe
591  = Bolivia
592  = Guyana
593  = Ecuador
594  = French Guiana
595  = Paraguay
596  = Martinique
597  = Suriname
598  = Uruguay
599  = Netherlands Antilles
670  = Saipan Island
671  = Guam
672  = Christmas Island
673  = Brunei
674  = Nauru
675  = Papua New Guinea
676  = Tonga
677  = Solomon Islands
678  = Vanuatu
679  = Fiji Islands
680  = Palau
681  = Wallis and Futuna Islands
682  = Cook Islands
683  = Niue
684  = American Samoa
685  = Western Samoa
686  = Kiribati Republic
687  = New Caledonia
688  = Tuvalu
689  = French Polynesia
690  = Tokelau
691  = Micronesia, Federated States of
692  = Marshall Islands
705  = Kazakhstan
706  = Kyrgyz Republic
708  = Tajikistan
709  = Turkmenistan
711  = Uzbekistan
800  = International Freephone Service
850  = Korea (North)
852  = Hong Kong
853  = Macau
855  = Cambodia
856  = Laos
870  = INMARSAT
871  = INMARSAT (Atlantic-East)
872  = INMARSAT (Pacific)
873  = INMARSAT (Indian)
874  = INMARSAT (Atlantic-West)
880  = Bangladesh
886  = Taiwan, Republic of China
960  = Maldives
961  = Lebanon
962  = Jordan
963  = Syria
964  = Iraq
965  = Kuwait
966  = Saudi Arabia
967  = Yemen
968  = Oman
971  = United Arab Emirates
972  = Israel
973  = Bahrain
974  = Qatar
975  = Bhutan
976  = Mongolia
977  = Nepal
994  = Azerbaijan
995  = Georgia
2691 = Comoros
4101 = Liechtenstein
4201 = Slovak Republic
5399 = Guantanamo Bay
5901 = French Antilles
6101 = Cocos-Keeling Islands
6701 = Rota Island
6702 = Tinian Island
6721 = Australian Antarctic Territory
6722 = Norfolk Island

Время относительно GMT пользователя. Для User Details.

Свернутый текст

-100 =
24   = GMT -12:00
23   = GMT -11:30
22   = GMT -11:00
21   = GMT -10:30
20   = GMT -10:00
19   = GMT -9:30
18   = GMT -9:00
17   = GMT -8:30
16   = GMT -8:00
15   = GMT -7:30
14   = GMT -7:00
13   = GMT -6:30
12   = GMT -6:00
11   = GMT -5:30
10   = GMT -5:00
9    = GMT -4:30
8    = GMT -4:00
7    = GMT -3:30
6    = GMT -3:00
5    = GMT -2:30
4    = GMT -2:00
3    = GMT -1:30
2    = GMT -1:00
1    = GMT -0:30
0    = GMT +0:00
-1   = GMT +0:30
-2   = GMT +1:00
-3   = GMT +1:30
-4   = GMT +2:00
-5   = GMT +2:30
-6   = GMT +3:00
-7   = GMT +3:30
-8   = GMT +4:00
-9   = GMT +4:30
-10  = GMT +5:00
-11  = GMT +5:30
-12  = GMT +6:00
-13  = GMT +6:30
-14  = GMT +7:00
-15  = GMT +7:30
-16  = GMT +8:00
-17  = GMT +8:30
-18  = GMT +9:00
-19  = GMT +9:30
-20  = GMT +10:00
-21  = GMT +10:30
-22  = GMT +11:00
-23  = GMT +11:30
-24  = GMT +12:00

Интересы пользователя.

Свернутый текст

100 = Art
101 = Cars
102 = Celebrity Fans
103 = Collections
104 = Computers
105 = Culture & Literature
106 = Fitness
107 = Games
108 = Hobbies
109 = ICQ - Providing Help
110 = Internet
111 = Lifestyle
112 = Movies/TV
113 = Music
114 = Outdoor Activities
115 = Parenting
116 = Pets/Animals
117 = Religion
118 = Science/Technology
119 = Skills
120 = Sports
121 = Web Design
122 = Nature and Environment
123 = News & Media
124 = Government
125 = Business & Economy
126 = Mystics
127 = Travel
128 = Astronomy
129 = Space
130 = Clothing
131 = Parties
132 = Women
133 = Social science
134 = 60's
135 = 70's
136 = 80's
137 = 50's
138 = Finance and corporate
139 = Entertainment
140 = Consumer electronics
141 = Retail stores
142 = Health and beauty
143 = Media
144 = Household products
145 = Mail order catalog
146 = Business services
147 = Audio and visual
148 = Sporting and athletic
149 = Publishing
150 = Home automation

Ключи к языкам.

1  = Arabic
2  = Bhojpuri
3  = Bulgarian
4  = Burmese
5  = Cantonese
6  = Catalan
7  = Chinese
8  = Croatian
9  = Czech
10 = Danish
11 = Dutch
12 = English
13 = Esperanto
14 = Estonian
15 = Farci
16 = Finnish
17 = French
18 = Gaelic
19 = German
20 = Greek
21 = Hebrew
22 = Hindi
23 = Hungarian
24 = Icelandic
25 = Indonesian
26 = Italian
27 = Japanese
28 = Khmer
29 = Korean
30 = Lao
31 = Latvian
32 = Lithuanian
33 = Malay
34 = Norwegian
35 = Polish
36 = Portuguese
37 = Romanian
38 = Russian
39 = Serbo-Croatian
40 = Slovak
41 = Slovenian
42 = Somali
43 = Spanish
44 = Swahili
45 = Swedish
46 = Tagalog
47 = Tatar
48 = Thai
49 = Turkish
50 = Ukrainian
51 = Urdu
52 = Vietnamese
53 = Yiddish
54 = Yoruba
55 = Afrikaans
56 = Bosnian
57 = Persian
58 = Albanian

Ключи профессий пользователя. Occupations.

Свернутый текст

1  = Academic
2  = Administrative
3  = Art/Entertainment
4  = College Student
5  = Computers
6  = Community & Social
7  = Education
8  = Engineering
9  = Financial Services
10 = Government
11 = High School Student
12 = Home
13 = ICQ - Providing Help
14 = Law
15 = Managerial
16 = Manufacturing
17 = Medical/Health

User Pasts.

Свернутый текст

300 = Elementary School
301 = High School
302 = College
303 = University
304 = Military
305 = Past Work Place
306 = Past Organization
399 = Other

Пол пользователя.

Свернутый текст

1 = female
2 = male

Спецификация протокола OSCAR:
oscar
Сам протокол ICQ ver.7:

ICQv7 (personal) protocol notes
by Massimo Melina,rejetto@libero.it
rejetto.com/icq
last update Nov 02, 2001

THESE ARE ONLY _PERSONAL_ NOTES
USE IT AT YOUR OWN RISK
if you want to tell me about additional info or wrong info in this file, contact me
important note:
* this doc is very bad written for several reasons i won't list here.
* i don't earn money from this, i'm a student, i'm only having some fun.
* a list of people who contributed to this doc is at bottom
* you won't understand too much in here if you don't read AIM protocol docs at icqv7.cjb.net

some notes:
* unk = unknown
* communication is over FLAP protocol (find info about it in AIM protocol docs)
* where specified, communication is over SNAC protocol, over FLAP (AIM proto docs too)
* password is xored with these bytes: F3,26,81,C4,39,86,DB,92,71,A3,B9,E6,53,7A,95,7C
* LE stands for little-endian
* BE stands for big-endian
* BYTE is a 8 bit integer
* WORD is a 2-byte integer (BE)
* DWORD is a 4-byte integer (BE)
* TIME_T is a DWORD, unix time format
* IPADDR is a quadruple of bytes A,B,C,D where in dotted form is A.B.C.D
* COLOR is a quadruple of bytes: R,G,B,N where N is not used (you should set it zero)
* STRING is a succession of (ascii) characters without length-leading or null-char-ending
* UIN is a 4-byte integer (LE) that codifies the uin number
* B-UIN is a BYTE preceded STRING: the byte indicates the length of the string and the string report an uin number
* UINLIST is a raw succession of B-UINs
* NTS is a Null Termined String
* LNTS is a word (LE) preceeded NTS: the word indicates the length of the NTS string (null char included)
* DLS is a dword (LE) preceeded string
* msg-subtype is a BYTE:

CODE   FORMAT   MEANING

01        plain         *msg
02          ?            *chat
03          ?             *file
04      url-msg        *url
06     user-msg   *authorization request
07       plain        *authorization denied
08       empty      *authorization given
0C     user-msg    *user added you
0E     email-msg   *emailExpress
13    contacts-msg     *contacts
1A      empty           *contacts-req
E?      plain          *auto-msg-req (E8 away, E9 occupied, EA na, EB dnd, EC f4c


* msg-flags is a BYTE:
00 = normal
80 = multiple
03 = special (used for auto-msg-req)
* error-code is a WORD:
00 00 no error
00 01 bad uin
00 05 bad password
00 18 rate exceeded
00 1D (probably) you're trying to reconnect too fast, wait a second and retry
* user-msg is a LNTS: nick FE first FE last FE email FE unk-char FE msg
* url-msg is a LNTS: msg FE url
* contacts-msg is a LNTS: contacts# FE uin FE nick FE uin FE nick FE...
* email-msg is a LNTS: name FE FE FE email FE unk-char FE body
* gmt offset is a signed byte, specifies negative half hours from GMT 0 (e.g. -3 = GMT+1:30)

* status codes is a double word: WORD flags + WORD status
WORD flags
2000 direct connection only for contact list
1000 direct connection by request
0002 show ip? (licq uses it on invisible state)
0001 webaware
WORD status (sometime i saw bit 3 set, or bit 9 in invisible state)
0000 online
0020 free4chat
0001 away
0004 n/a
0005 n/a
0010 occupied
0011 occupied
0013 dnd
0100 invisible

* accept-status codes
0 normally accepted (use this replying to auto-msg-req)
9 not accepted, occupied
A not accepted, dnd
4 accepted but away
E accepted but NA
C accepted to contact list (no blink in tray)

* priority codes
00 00 = file-reply
01 00 = normal
02 00 = send urgent
04 00 = send to contact list (don't blink in tray)

* direct-connection-info
IPADDR my ip address, often second NIC ip, leave 0 for no direct-connection
DWORD port where listening for connections, leave 0 for no direct-connection
BYTE 04
WORD protocol version (licq 0006, icq2000 0007, icq2001 0008)
4 BYTE unk
8 BYTE 00 00 00 50 00 00 00 03
TIME_T unk, usually a recent time
TIME_T unk, usually a recent time
TIME_T unk, usually a recent time
WORD 0

* wp-short-request-info
LNTS first
LNTS last
LNTS nick

* wp-full-request-info
wp-short-request-info
LNTS email
WORD (LE) minimum age, 0 if disabled
WORD (LE) maximum age, 0 if disabled
BYTE sex (0=disabled, other=see table)
BYTE language (0=disabled, other=see table)
LNTS city
LNTS state
WORD country (0=disabled, other=see table)
LNTS company-name
LNTS department
LNTS position
BYTE occupation field (0=disabled)
WORD past information category (0=disabled, other=see table)
LNTS desc
WORD interests-category (0=disabled, other=see table)
LNTS interests-specific (comma separated)
WORD affiliation/organization (0=disabled, other=see table)
LNTS desc
WORD homepage category
LNTS desc
BYTE only-online-users, (0=off, 1=on)

* wp-result-info
WORD length of this record (you can't rely on fields if record is shorter)
UIN his uin
LNTS nick
LNTS first
LNTS last
LNTS email
BYTE auth (0=required, 1=always)
BYTE status (00 offline, 01 online, 02 not webaware)
BYTE unknown, usually 0
BYTE sex
BYTE age
9 BYTE unk, 0

* main-home-info
LNTS nick
LNTS first
LNTS last
LNTS email
LNTS city
LNTS state
LNTS phone
LNTS fax
LNTS street
LNTS cellular (if SMS-able string contains an ending ' SMS')
LNTS zip
WORD country (LE)
BYTE gmt
BYTE unknown, usually 0

* work-info
LNTS city
LNTS state
DWORD 0
LNTS street
LNTS zip
WORD country (LE)
LNTS company-name
LNTS company-dept
LNTS company-position
WORD 0 (LE?)
LNTS company-web

* homepage-more-info
BYTE age
BYTE 0
BYTE sex
LNTS homepage
WORD birth-year (LE)
BYTE birth-month
BYTE birth-day
BYTE lang1
BYTE lang2
BYTE lang3

* work-info
LNTS city
LNTS state
LNTS unk
LNTS unk
LNTS street address
LNTS zip code
WORD unk, 2700
LNTS company name
LNTS unk
LNTS position
WORD unk, 0500
LNTS unk

* more-email-info
BYTE number (of addresses)
for number times
BYTE unknown, usually 00
LNTS address

* personal-interests-in
BYTE # of categories to follow
for # times
WORD category (6800 => Computers, 7100 => Music)
LNTS specific

* past-background-info
012F01 university
LNTS specific
00616E

* capability is a 4 DWORD number
4 capabilities are known
1) 09461349 4C7F11D1 82224445 53540000
2) 09461344 4C7F11D1 82224445 53540000
3) 97B12751 243C4334 AD22D6AB F73F1492    // sent by icq2001
4) 2E7A6475 FADF4DC8 886FEA35 95FDB6DF    // sent by icq2001

* capability-info is a succession of capabilities
note: icq2000b sends 1) and 2), licq sends only 2)

*******************************
------LOGIN SESSION-----------
*******************************

connection to login server
server sends (1) <- in parenthesis lies the FLAP channel (SNACs use always channel 2) 4 BYTE 00 00 00 01

client sends (1)
4 BYTE 00 00 00 01
TLV(1) STRING my uin
TLV(2) STRING encrypted password
TLV(3) STRING client profile, example "ICQ Inc. - Product of ICQ (TM).2000b.4.63.1.3279.85"
TLV(16) WORD unk, usually 01 0A
TLV(17) WORD major version, 4 for icq2000, 5 for icq2001
TLV(18) WORD minor version
TLV(19) WORD lesser version
TLV(1A) WORD build version
TLV(14) DWORD dunno version
TLV(0F) STRING language, 2 chars, usually "en"
TLV(0E) STRING country, 2 chars, usually "us"

server sends (4)
TLV(1) STRING my uin
if all goes right
TLV(5) STRING BOS-address:port
TLV(6) STRING cookie
else TLV(8) error-code
TLV(4) STRING url    // not always present TLV(C) WORD unknown

close connection

-----SERVICE SESSION---------

connection to service server specified in TLV(5)
server sends (1)
4 BYTE 00 00 00 01

client sends (1)
4 BYTE 00 00 00 01
TLV(6) STRING cookie

------SNAC COMMANDS------------

server sends    // Server is ready
SNAC 1,03
24 BYTE 00 01 00 02 00 03 00 04 00 06 00 08 00 09 00 0A 00 0B 00 0C 00 13 00 15 <
> client sends    // hey, i'm an icq client, not aim
SNAC 1,17
32 BYTE 00 01 00 03 00 13 00 02 00 02 00 01 00 03 00 01 00 15 00 01
00 04 00 01 00 06 00 01 00 09 00 01 00 0A 00 01 00 0B 00 01

server sends    // got it, ack to 1,17
SNAC 1,18
48 BYTE 00 01 00 03 00 02 00 01 00 03 00 01 00 04 00 01 00 06 00 01 00 08 00 01
00 09 00 01 00 0A 00 01 00 0B 00 01 00 0C 00 01 00 13 00 02 00 15 00 01

client sends    // request rate
SNAC 1,06
empty

server sends    // response to 1,06
SNAC 1,07
181 BYTE unknown
WORD # of known messagges (N)
N DWORD known messages, a known message is a words pair: FAMILY/SUBTYPE
17 DWORD unknown, they seems messagge IDs too

client sends    // ack to 1,07
SNAC 1,08
10 BYTE 00 01 00 02 00 03 00 04 00 05

client sends    // Requests personal information.
SNAC 1,0E
empty

client sends    // Request rights information for location service
SNAC 2,02
empty

client sends    // Request rights information for buddy list
SNAC 3,02
empty

client sends    // Requests rights for ICBM (Instant Message) operations.
SNAC 4,04
empty

client sends    // Requests BOS rights
SNAC 9,02
empty

server sends    // response to 1,0E
SNAC 1,0F
if bit15 set in flag
8 BYTE 00 06 00 01 00 02 00 03
BUIN my uin
WORD warning level
WORD user class?
TLV(1) WORD class2, usually 00 00 or 00 50
TLV(C) direct-connection-info, usually 0s
TLV(A) IPADDR my ip address
TLV(4) WORD idle time, usually 00 00
TLV(6) DWORD status code
TLV(F) DWORD unknown, it seems to be an incrementing value
TLV(2) TIME_T member since
TLV(3) TIME_T online since

server sends    //response to 2,02
SNAC 2,03
TLV(1) 04 00
TLV(2) 00 10
TLV(3) 00 0A

server sends    //response to 3,02
SNAC 3,03
TLV(1) 02 58
TLV(2) 02 EE
TLV(3) 02 00

server sends    // response to 4,04
SNAC 4,05
16 BYTE unknown, 00 02 00 00 00 03 02 00 03 E7 03 E7 00 00 03 E8

server sends    // response to 9,02
SNAC 9,03
TLV(2) 00 A0
TLV(1) 00 A0

client sends    // Add ICBM parameter
SNAC 4,02
16 BYTE 00 00 00 00 00 03 1F 40 03 E7 03 E7 00 00 00 00

client sends    // set user info
SNAC 2,04
TLV(5) capability-info

client sends    // add to contact list
SNAC 3,04
UIN-LIST

client sends    // remove from contact list
SNAC 3,05
UIN-LIST

client sends    // add to visible list
SNAC 9,05
UIN-LIST

client sends    // remove from visible list
SNAC 9,06
UIN-LIST

client sends    // add to invisible list
SNAC 9,07
UIN-LIST

client sends    // remove from invisible list
SNAC 9,08
UIN-LIST

client sends    // add to a sort of visible list
SNAC 9,0A
UIN-LIST

client sends    // remove from a sort of visible list
SNAC 9,0B
UIN-LIST

client sends    // set status code
SNAC 1,1E
TLV(6) status-code
TLV(8) error-code
TLV(C) direct-connection-info
TLV(11) variable length, sent changing user info
here some cases (they seems to be groups of 5 bytes)
15 BYTE: 01 0A 19 0B 3B 01 2E 19 0B 3B 01 5E 19 0B 3B
5 BYTE: 01 18 E5 CC 3B
TLV(12) WORD unknown, sent changing user info, usually 0

client sends    // unknown (usually after set status code)
SNAC 1,11
DWORD 00 00 00 00

client sends    //client ready
SNAC 1,02
64 BYTE unknown, usually 00 01 00 03 01 10 02 8A 00 02 00 01 01 01 02 8A 00 03 00 01
01 10 02 8A 00 15 00 01 01 10 02 8A 00 04 00 01 01 10 02 8A
00 06 00 01 01 10 02 8A 00 09 00 01 01 10 02 8A 00 0A 00 01
01 10 02 8A

client sends    //many purposes
SNAC 15,02
TLV(1)
WORD (LE) bytes remaining, useless
UIN my uin
WORD type
WORD req-id
type=3C00    //ask for offlines messages
nothing
type=3E00    //ack to offline messages
nothing
type=D007
WORD subtype
subtype=9808 xml-stype in an LNTS
LNTS '<key>' name of required data '</key>'
subtype=1F05    //simple query info
UIN user to request info
subtype=6905    //simple query info extended (used by icq2001)
DWORD unk, 36 01 04 00
UIN user to request info
subtype=B204    //query info about user
UIN user to request info
subtype=D004    //query my info
UIN my uin
subtype=1505    //wp-short-request
wp-short-request-info
subtype=3305    //wp-full-request
wp-full-request-info
subtype=EA03    //modify user info (main/home)
main-home-info
subtype=FD03    //modify user info (homepage/more)
homepage-more-info
subtype=0604    // modify user info (about)
LNTS about
subtype=F303    //modify user info (work)
work-info
subtype=2E04    // change password
LNTS new password
subtype=C404    // remove user (warning!)
UIN uin to remove
LNTS password
subtype=2404    // set permissions?
BYTE authorization, 00 = required, 01 = not required
BYTE webaware, 00 = off, 01 = on
2 BYTE unknown, 01 00
subtype=D70A    // unknown (icq2001)

server sends    // Message of the day
SNAC 1,13
if bit15 set in flag
8 BYTE 00 06 00 01 00 02 00 03
WORD unknown, usually 0004
TLV(B) STRING message of the day, usually 'http://www.aol.com'

server sends    // many purposes
SNAC 15,03 flag:000x TLV(1) used for a lot of things
WORD (LE) bytes remaining, useless
UIN my uin
WORD message-type
WORD req-id
message-type = 4100    // offline message
UIN his uin
WORD year (LE)
BYTE month (1=jan)
BYTE day
BYTE hour (GMT time)
BYTE minutes
BYTE msg-subtype
BYTE msg-flags
LNTS msg
WORD 0000, present only in single messages
message-type = 4200    // end of offline messages
BYTE unknown, usually 0
message-type = D007
2 BYTE unknown, usually 98 08
WORD length of the following NTS
NTS "<key>"field-type"</key>"
field-type = DataFilesIP
6 BYTE unk, usually 2A 02 44 25 00 31
message-type = DA07
3 BYTE subtype
subtype=A2080A    // where to get ads stuff
LNTS ip address (a web server), usually '<value>205.188.250.25</value>' that is cb.icq.com
subtype=A40132 or AE0132    // empty whitepages result
empty
subtype=A4010A    // wp-full-request result
wp-result-info
subtype=AE010A    // wp-full-request result (the last)
wp-result-info
DWORD lasting results (LE)
subtype=90010A    // wp-short-request result
wp-result-info
subtype=9A010A    // wp-short-request result (the last)
wp-result-info
DWORD lasting results (LE)
subtype=C8000A    // query result
main-home-info
WORD unknown
subtype=D2000A     // query result
work-info
subtype=E6000A    // query result
LNTS about
subtype=F0000A    // query result
personal-interests-info
subtype=FA000A    // query result
past-background-info
subtype=FA0014    // query result: users does not exist
s empty
subtype=EB000A    // query result
more-email-info
subtype=DC000A    // query result
homepage-more-info
WORD unknown
subtype=0E010A    // query: additional info
WORD unknown, 0000
subtype=64000A    // ack to modify info (main/home)
empty
subtype=78000A     // ack to modify info (homepage/more)
empty
subtype=82000A    // ack to modify info (about)
empty
subtype=6E000A     // ack to modify info (work)
empty
subtype=B4000A    // ack to remove user
empty
subtype=AA000A    // ack to change password
empty
subtype=A0000A    // ack to 2404
empty
subtype=1D030A    // ack to D70A
empty

server sends    // ONcoming user
SNAC 3,0B
B-UIN
WORD 0
WORD # of following TLVs
TLV(1) 00 50
TLV(C) direct-connection-info
TLV(A) IPADDR
TLV(4) WORD 0
TLV(6) status
TLV(D) capability-info
TLV(F) DWORD it seems a time in seconds
TLV(2) TIME_T member since
TLV(3) TIME_T online since

server sends     // OFFgoing user
SNAC 3,0C
B-UIN
4 BYTE 00 00 00 01
TLV(1) 00 00
server sends    // incoming message
SNAC 4,07
8 BYTE ??B, a sort of ID (it seems to be based on timestamp)
WORD msg-format

B-UIN sender's uin
WORD warning level? garbage of OSCAR protocol
WORD 5 or 6, maybe it counts the following TLVs before the format-dipendent datas
TLV(1) WORD 00 50
TLV(4) WORD 0 (not present in file-req and auto-msg-req)
TLV(6) sender's status
TLV(F) DWORD it seems a time in seconds
TLV(2) TIME_T member since
TLV(3) TIME_T online since
if msg-format = 1    // message
TLV(2)
7 BYTE 05 01 00 01 01 01 01
WORD msg length + 4
4 BYTE 0
STRING message
if msg-format = 4    // url or contacts or auth-req or userAddedYou
TLV(5)
UIN sender's uin
BYTE msg-subtype
BYTE msg-flags
LNTS msg
if text-msg
COLOR foreground
COLOR background
if msg-format = 2    // advanced message
TLV(5)
WORD ??A, 00 02 for file-ack, else 00 00
8 BYTE same as ??B
16 BYTE capability1
if ??A=0000
TLV(A) 00 02 on file-reply, 00 01 else
TLV(5) WORD, listening port (BE) (present on FT)
TLV(3) IPADDR, internal ip (present on FT and file-reply)
TLV(F) empty
TLV(2711)
WORD 1B 00
BYTE ??E (08 in auto-msg-req, else 07)
19 BYTE unk, 0
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
3 BYTE unk, 03 00 00
if auto-msg-req
BYTE 00
BYTE unk, 00 or 04 (00 in auto-msg-req)
WORD ??D, seems to be a downcounter starting from FFFF
2 BYTE 0E 00
WORD same as ??D
12 BYTE 0
BYTE msg-subtype
BYTE msg-flags
WORD unk, 00 00 or 01 00 or 02 00 (0000 in file-reply, auto-msg-req)
WORD priority
LNTS msg
if file-req
4 BYTE 9F CD D3 11
LNTS filename
DWORD filesize (LE)
4 BYTE 00 FD 81 01
if file-reply
WORD ??C
2 BYTE 0
LNTS ''
DWORD unk
WORD same as ??C but inverted endian
2 BYTE 0
if auto-msg-req
empt
if text-msg
COLOR foreground
COLOR background
TLV(4) IPADDR, external ip (BE) (present on file-req, file-ok)

server sends    // server ack to type-2 messages
SNAC 4,0C
10 BYTE equals to first 10 BYTE of message
BUIN equals to message' uin

client sends    // send message
SNAC 4,06
8 BYTED ??B, a sort of ID (it seems to be based on timestamp, ACKs should use same ID)
WORD message-format
B-UIN recipient
msg-format=1    // simple message
TLV(2)
7 BYTE 05 01 00 01 01 01 01
WORD msg length + 4
4 BYTE 0
STRING msg
TLV(6)
empty
msg-format=2    // advanced message (only for ICQv7+ clients)
TLV(5)
WORD ??A (00 01 on abort request, else 00 00)
8 BYTE same as ??B
16 BYTE capability1
if ??A = 00 00
TLV(A) 00 01 (maybe 00 02 for file-ack)
TLV(B) 00 01 (present on abort requests)
TLV(5) WORD, listening port (BE) (present on file-req)
TLV(3) IPADDR, internal ip (present on file-req)
TLV(F) empty
TLV(2711)
26 BYTE ??E, 1B 00 07 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 00 00 00
BYTE unk, 00 or 04 (00 on auto-msg-req)
WORD ??D, seems to be a downcounter starting from FFFF
WORD 0E 00 (it could be a LE counter of following bytes: 0E = 2+12)
WORD same as ??D
12 BYTE 0
BYTE msg-subtype
BYTE msg-flags
WORD unk, 00 00 or 01 00 or 02 00 (0000 in file-reply, 0100 in auto-msg-req)
WORD priority
LNTS msg
if subtype=FT
WORD unk, can be 0
WORD ??C, can be 0
LNTS filename (empty on file-reply)
DWORD filesize (LE) (zero on file-reply)
WORD unk, can be 0
WORD same or similar to ??C
if subtype=chat
BYTE 01
10 BYTE 0
if subtype=msg
COLOR foreground
COLOR background
if subtype=auto-msg-req
empty
TLV(3) empty    // ack request?
msg-format=4    // url or contacts or auth-reply or multi-send
TLV(5)
UIN my uin
BYTE msg-subtype
BYTE msg-flags
LNTS msg
if contacts-req
2 BYTE 39 00, it seems to be the number of the following bytes
18 BYTE unk, 2A 0E 7D 46 76 76 D4 11 BC E6 00 04 AC 96 1E A6 02 00
DTS Request For Contacts
15 BYTE 00 00 00 00 00 01 00 00 00 00 00 00 00 00 00
2 BYTE 11 00, it seems to be the number of the following bytes
2 BYTE 0
DTS request message
TLV(6) empty    // ack request?

client or server sends    // ack to type-2 message (answer to auto-msg-req too)
SNAC 4,0B flags:0000
10 BYTE equals to first 10 BYTE of message
BUIN equals to message' uin
2 BYTE 00 03
47 BYTE from offset 40 (??E) to 86 of TLV(5)
BYTE accept-status
3 BYTE 0
LNTS message
if not auto-msg
4 BYTE 0
if msg
4 BYTE FF FF FF FF
if file-deny
11 BYTE unk, 01 00 00 xx xx 00 00 xx xx 00 00

server sends // warning: you're sending too fast
SNAC 1,0A flags:0000
WORD unk, usually 1, 2 or 3
24 BYTE 00 01 00 00 00 50 00 00 09 C4 00 00 07 D0 00 00 05 DC 00 00 03 20 00 00
WORD unk, maybe indicates the available buffer in the server and it's always under 2000dec under 5DC (1500dec), the first word is 3 over it's 2
9 BYTE 00 00 17 70 00 00 00 00 01

client sends // add to ignore list (it seems to have no effects)
SNAC 3,05
UIN-LIST

server sends (4)
TLV(9) WORD disconnect reason
00 01 = another client is loggin with this uin
TLV(B) STRING comment?
for reason 00 01, "http://www.aim.aol.com/errors/USER_LOGGED_OFF_NEW_LOGIN.html"

server sends
SNAC 4,01 flags:0000
WORD error-code
000E invalid packet?

server sends
SNAC 17,03 flags:0000
TLV(4) STRING message of the day, usually "http://www.aol.com"
TLV(8) error-code
TLV(C) 00 01

client sends // add to visible lsit
SNAC 13,08 flags:0000
BYTE 00
BUIN an uin
8 BYTE 00 00 2B 63 00 02 00 00 // maybe last dword is my status

client sends // remove from visible list
SNAC 13,0A flags:0000
BYTE 00
BUIN an uin
8 BYTE 00 00 22 64 00 02 00 00

server sends // ack to 13,0A
SNAC 13,0E flags:8000
10 BYTE unknown, 00 06 00 01 00 02 00 02 00 00

----A (hopely) CORRECT LOGIN SEQUENCE
login packet (uin/password)
get the cookie and reconnect
send cookie
SNAC 1/3
SNAC 1/17
SNAC 1/6
SNAC 1/E
SNAC 2/2
SNAC 3/2
SNAC 4/4
SNAC 9/2
the server reply 1/7 to the 1/6, and then it goes:
SNAC 1/8
SNAC 4/2
SNAC 2/4
SNAC 3/4 with the contact list
if status = invisible SNAC 9/5 with visible list
SNAC 1/1E with status
SNAC 1/11
if status invisible SNAC 9/7 with invisible list
SNAC 1/2
SNAC 15/2, to require offline messages

---RECEIVE A FILE TRANSFER REQUEST VIA SERVER
server:
SNAC 4,07 (file-req)
client:
SNAC 4,06 (file-ok)
or
SNAC 4,0B (file-denied)
server:
SNAC 4,07 (file-ack, with ??A=0002)

after file-req a SNAC 4,07 (file-abort) could happen

---NEW UIN REGISTRATION
server sends (1)
4 BYTE 00 00 00 01

client sends (1)
4 BYTE 00 00 00 01

client sends
SNAC 17,04
3 BYTE 00 01 00
BYTE unk, 3B or 38
4 BYTE 0
4 BYTE 28 00 03 00
4 BYTE 0
4 BYTE 0
4 BYTE ??A, unk, 03 46 00 00 or B4 25 00 00
4 BYTE same as ??A
4 BYTE 0
4 BYTE 0
4 BYTE 0
4 BYTE 0
LNTS chosen password
4 BYTE same as ??A
4 BYTE 00 00 CF 01

server sends
SNAC 17,05
17 BYTE 00 01 00 32 30 00 00 00 00 00 2D 00 03 00 00 00 06
BYTE unk, 0F or 72
2 BYTE 3E 62
2 BYTE unk, E3 53 or CD B5
2 BYTE 7E FF
4 BYTE unk, 14 18 03 46 or 17 08 B4 25
18 BYTE 0
UIN new uin number
2 BYTE unk, 03 46 or B4 25
2 BYTE 00 00

icqinfo.ru