AIM 6.0 protocol changes...

Thomas Hruska thruska at
Mon Aug 20 19:23:33 EDT 2007

Has anyone looked into the protocol changes for AIM 6.0 (a quick glance 
at the archives suggests no one has)?  Apparently it uses SSL/TLS for 
encryption (AOL has received a ton of flak over the years for doing 
plain-text transmission) but the new service ALSO apparently does NOT 
use the familiar FLAP/SNAC layers for communication*.  Nor is there a 
separate authentication/logon server.  Their main server is sitting over 
at  That is all I've got via Ethereal in an initial 
packet capture.  There is some XML stuff in the results from another 
server (looks ad-server related)...perhaps useful, perhaps not.

If AOL takes the '' (OSCAR) and BOS servers down, 
GAIM (along with all other third-party AIM clients) will lose access to 
the AIM service.  Figuring out how AIM talks to the new server is going 
to be tough.  AIM 6 probably verifies the SSL certificate that is sent 
by the server (that verification probably isn't complete**).  It'll 
probably have to be a man-in-the-middle-messing-with-Crypto-API-hooking 
attack to passively watch the decrypted traffic.

* Ran a quick test by writing a script and connecting in and attempting 
to retrieve the first 6 bytes of the "Connection Acknowledge" command 
FLAP.  It just sat there attempting to read data until the connection 
timed out (it definitely connected).  I then verified that the script 
was working by connecting into, which, of 
course, gave me the expected response.  The protocol appears to have 
been significantly changed - such that existing code won't work - and 
perhaps the protocol has been replaced entirely with something new.

** It may be possible to create a DNS cache poisoning (to localhost) 
with a certificate from the same issuer as the root cert. plus develop a 
local server designed to break the protocol.  I didn't check to see who 
issued the cert. but as long as it isn't self-signed, it shouldn't be a 
problem other than cost.  Possibly a lot faster than trying to hook APIs.

Thomas Hruska
CubicleSoft President
Ph: 517-803-4197

*NEW* MyTaskFocus 1.1
Get on task.  Stay on task.

More information about the Devel mailing list