doing some ICQ research and I found that LICQ's homepage is still online, with zero hint that it hasn't been updated in 11 years:
Conversation
Notices
-
Embed this notice
Foone🏳️⚧️ (foone@digipres.club)'s status on Sunday, 26-Jan-2025 11:07:15 JST 
Foone🏳️⚧️
- Fã do Vegeta :Ryyca: repeated this.
-
Embed this notice
Foone🏳️⚧️ (foone@digipres.club)'s status on Sunday, 26-Jan-2025 11:07:09 JST
Foone🏳️⚧️
a senior project about v5, which has some info:
http://www.carfield.com.hk/document/networking/icq_protocol.html -
Embed this notice
Foone🏳️⚧️ (foone@digipres.club)'s status on Sunday, 26-Jan-2025 11:07:10 JST
Foone🏳️⚧️
apparently v3 never was really used, so the important versions are v2, v4, and v5.
I think that ICQ 99a/b used v4, ICQ 2000 used v5, and previous less common versions used v2/v1.
-
Embed this notice
Foone🏳️⚧️ (foone@digipres.club)'s status on Sunday, 26-Jan-2025 11:07:10 JST
Foone🏳️⚧️
and here's a compilation of icq-devel mailing posts about the v4 protocol:
https://web.archive.org/web/20010208232145/http://www.d.kth.se/~d95-mih/icq/spec/v4/v4-notes.txt
-
Embed this notice
Foone🏳️⚧️ (foone@digipres.club)'s status on Sunday, 26-Jan-2025 11:07:11 JST
Foone🏳️⚧️
and the v2 spec is here: https://web.archive.org/web/20010126060900/http://www.d.kth.se/~d95-mih/icq/spec/v2/icq091.txt
Fã do Vegeta :Ryyca: repeated this. -
Embed this notice
Foone🏳️⚧️ (foone@digipres.club)'s status on Sunday, 26-Jan-2025 11:07:12 JST
Foone🏳️⚧️
got as many pages from there as I could (one is missing, the chat one), and got this for v5 info:
https://web.archive.org/web/20010108011900/http://www.algonet.se/~henisak/icq/icqv5.html
-
Embed this notice
Foone🏳️⚧️ (foone@digipres.club)'s status on Sunday, 26-Jan-2025 11:07:13 JST
Foone🏳️⚧️
okay this page has documentation of the v4 protocol:
https://web.archive.org/web/19991005224713/http://www.globalserve.net/%7Ejphowe/icq/
-
Embed this notice
Foone🏳️⚧️ (foone@digipres.club)'s status on Sunday, 26-Jan-2025 11:07:13 JST
Foone🏳️⚧️
HOWEVER they used frames and an imagemap for navigation, and the internet archive didn't get the image. which makes navigating it a bit of a pain
-
Embed this notice
Foone🏳️⚧️ (foone@digipres.club)'s status on Sunday, 26-Jan-2025 11:07:14 JST
Foone🏳️⚧️
I found someone who said they wrote a server in perl and it's open source and if anyone wants it they can just ask
https://lists.wireshark.org/archives/ethereal-users/200008/msg00168.html
that post is 25 years old, do you think that offer is still good?
Fã do Vegeta :Ryyca: repeated this. -
Embed this notice
Pissed Hippo (sun@shitposter.world)'s status on Sunday, 26-Jan-2025 11:07:32 JST 
Pissed Hippo
@foone it used a centralized server for identity and finding clients and then established a direct p2p connection between clients (that could be trivially spoofed) -
Embed this notice
Foone🏳️⚧️ (foone@digipres.club)'s status on Sunday, 26-Jan-2025 11:07:33 JST
Foone🏳️⚧️
fun fact about this era of the ICQ protocol: It's apparently entirely UDP based, and I think it does UDP directly between users as well, rather than the server.
In other words, it's exactly the kind of internet program that only made sense in 1996-1999 before NAT was a widespread thing
-
Embed this notice
Foone🏳️⚧️ (foone@digipres.club)'s status on Sunday, 26-Jan-2025 11:07:34 JST
Foone🏳️⚧️
well ICQ99 seems to work on windows 10, so that's good. Sadly I can't register my ICQ number.
Fã do Vegeta :Ryyca: repeated this. -
Embed this notice
feld (feld@friedcheese.us)'s status on Sunday, 26-Jan-2025 11:09:47 JST 
feld
@sun @foone When did ICQ and AIM end up being the same protocol? (OSCAR) -
Embed this notice
Pissed Hippo (sun@shitposter.world)'s status on Sunday, 26-Jan-2025 11:12:10 JST
Pissed Hippo
@feld @foone I don't know but I bet it was when they wanted to add encryption -
Embed this notice
Foone🏳️⚧️ (foone@digipres.club)'s status on Sunday, 26-Jan-2025 22:53:35 JST
Foone🏳️⚧️
okay, my client is just sending the command CMD_NEW_USER_1 over and over, which is a "ask for permission to make a new user" command. I don't know what the reply is supposed to be
Fã do Vegeta :Ryyca: repeated this. -
Embed this notice
Foone🏳️⚧️ (foone@digipres.club)'s status on Sunday, 26-Jan-2025 22:53:35 JST
Foone🏳️⚧️
my code doesn't work yet, but I did find where it's implemented in wireshark, and there's some Suspicious offset checks:
https://github.com/giuliano108/wireshark-rtpmon/blob/master/epan/dissectors/packet-icq.c#L428
-
Embed this notice
Foone🏳️⚧️ (foone@digipres.club)'s status on Sunday, 26-Jan-2025 22:53:36 JST
Foone🏳️⚧️
wait! Wireshark DOES support ICQ, it just didn't detect it in this case. Awesome
-
Embed this notice
Foone🏳️⚧️ (foone@digipres.club)'s status on Sunday, 26-Jan-2025 22:53:37 JST
Foone🏳️⚧️
how is this decryption supposed to work if it starts at offset 10 and then does it in 4-byte chunks but the packet is 28 bytes long?
-
Embed this notice
Foone🏳️⚧️ (foone@digipres.club)'s status on Sunday, 26-Jan-2025 22:53:37 JST
Foone🏳️⚧️
maybe I just need to pad all packets and they forgot to mention that
-
Embed this notice
Foone🏳️⚧️ (foone@digipres.club)'s status on Sunday, 26-Jan-2025 22:53:38 JST
Foone🏳️⚧️
I'm gonna write python code to decode a packet from these docs and then I'll convert that to lua. writing it in lua the first time will be too painful, when I don't fully understand how this nonsense works
-
Embed this notice
Foone🏳️⚧️ (foone@digipres.club)'s status on Sunday, 26-Jan-2025 22:53:39 JST
Foone🏳️⚧️
oh I can write lua (eww, for low level binary stuff?) dissectors. that'll make this slightly easier
Fã do Vegeta :Ryyca: repeated this. -
Embed this notice
Foone🏳️⚧️ (foone@digipres.club)'s status on Sunday, 26-Jan-2025 22:53:40 JST
Foone🏳️⚧️
packets are encrypted which is a Pain.the encryption is trivially breakable but it means I can't use wireshark to see the packet contents.
unless I add support to wireshark, which sounds like A Project in itself
-
Embed this notice
Foone🏳️⚧️ (foone@digipres.club)'s status on Sunday, 26-Jan-2025 22:53:41 JST
Foone🏳️⚧️
hmm, I'm using ICQ 99b and it seems to be sending version 5 packets? interesting
-
Embed this notice
Foone🏳️⚧️ (foone@digipres.club)'s status on Sunday, 26-Jan-2025 22:53:42 JST
Foone🏳️⚧️
a computer needs a hex editor, packet capture, Good text editor, SSH client, ghidra or ida, decompilers for C# and java, C compiler, pythons (2 and 3), binxelview, Dependencies viewer, DOSBox, UNP, at least one unity unpacker, debugger, relative-searcher, yychr, and emulators for at least 12 consoles & home computers.
otherwise it's just a toy, like a Nintendo.
-
Embed this notice
Foone🏳️⚧️ (foone@digipres.club)'s status on Sunday, 26-Jan-2025 22:53:43 JST
Foone🏳️⚧️
their were proxies almost immediately, which used a local program that talked over HTTP to a remote server that then did UDP to the target (or their proxy) because any NAT, firewall, or proxy situation completely broke this
-
Embed this notice
Foone🏳️⚧️ (foone@digipres.club)'s status on Sunday, 26-Jan-2025 22:53:43 JST
Foone🏳️⚧️
why doesn't my "gaming laptop" have wireshark already installed. this system is barely usable
Fã do Vegeta :Ryyca: repeated this. -
Embed this notice
Ryan Finnie (foo@fosstodon.org)'s status on Sunday, 26-Jan-2025 22:55:28 JST 
Ryan Finnie
@foone If it helps for reference, I once wrote a Wireshark lua dissector for 2ping, a low-level UDP binary protocol. Though as a warning, I haven't looked at it in about a decade, so it may not even work anymore.
https://github.com/rfinnie/2ping/tree/main/wireshark -
Embed this notice
emily, blinkenlight witch (emily@sparkly.uni.horse)'s status on Sunday, 26-Jan-2025 22:55:59 JST 
emily, blinkenlight witch
@foone sudden desire to get a bunch of people who are neither gamers nor computer people, and have them guess if things like "wireshark" or "fortnite" are the names of video games or nerd tools
throw "rust" in there as a trick question too
All GNU social JP content and data are available under the