AIM 6.0 protocol changes...

Thomas Hruska thruska at cubiclesoft.com
Mon Aug 20 19:23:33 EDT 2007 

Has anyone looked into the protocol changes for AIM 6.0 (a quick glance 
at the archives suggests no one has)?  Apparently it uses SSL/TLS for 
encryption (AOL has received a ton of flak over the years for doing 
plain-text transmission) but the new service ALSO apparently does NOT 
use the familiar FLAP/SNAC layers for communication*.  Nor is there a 
separate authentication/logon server.  Their main server is sitting over 
at kdc.uas.aol.com:443.  That is all I've got via Ethereal in an initial 
packet capture.  There is some XML stuff in the results from another 
server (looks ad-server related)...perhaps useful, perhaps not.

If AOL takes the 'login.oscar.aol.com' (OSCAR) and BOS servers down, 
GAIM (along with all other third-party AIM clients) will lose access to 
the AIM service.  Figuring out how AIM talks to the new server is going 
to be tough.  AIM 6 probably verifies the SSL certificate that is sent 
by the server (that verification probably isn't complete**).  It'll 
probably have to be a man-in-the-middle-messing-with-Crypto-API-hooking 
attack to passively watch the decrypted traffic.

* Ran a quick test by writing a script and connecting in and attempting 
to retrieve the first 6 bytes of the "Connection Acknowledge" command 
FLAP.  It just sat there attempting to read data until the connection 
timed out (it definitely connected).  I then verified that the script 
was working by connecting into login.oscar.aol.com:5190, which, of 
course, gave me the expected response.  The protocol appears to have 
been significantly changed - such that existing code won't work - and 
perhaps the protocol has been replaced entirely with something new.

** It may be possible to create a DNS cache poisoning (to localhost) 
with a certificate from the same issuer as the root cert. plus develop a 
local server designed to break the protocol.  I didn't check to see who 
issued the cert. but as long as it isn't self-signed, it shouldn't be a 
problem other than cost.  Possibly a lot faster than trying to hook APIs.

-- 
Thomas Hruska
CubicleSoft President
Ph: 517-803-4197

*NEW* MyTaskFocus 1.1
Get on task.  Stay on task.

http://www.CubicleSoft.com/MyTaskFocus/

More information about the Devel mailing list