HSTuners - View Single Post

01-25-2004, 10:33 PM

I've done a lot of work with the new AOL protocol (OSCAR).

Here's how login/authenication is handled with OSCAR:

Client sends connection request
--Server replies with a key (something like "19234820")
Client does an MD5 has on the following string:
Key + Password + "AOL Instant Messenger (SM)"
--Server replies with needed connection information

Anyways, long story short..... If you can use a packet sniffer to grab the data returned to the server, you can try a reverse-MD5 hash (good luck), and then just remove the key and "AOL Instant Messenger (SM)" string from it, and you'll have the password.

01-25-2004, 10:33 PM	#8
Porsche 951S Posts: n/a	I've done a lot of work with the new AOL protocol (OSCAR). Here's how login/authenication is handled with OSCAR: Client sends connection request --Server replies with a key (something like "19234820") Client does an MD5 has on the following string: Key + Password + "AOL Instant Messenger (SM)" --Server replies with needed connection information Anyways, long story short..... If you can use a packet sniffer to grab the data returned to the server, you can try a reverse-MD5 hash (good luck), and then just remove the key and "AOL Instant Messenger (SM)" string from it, and you'll have the password.