.:HSTuners::

01-25-2004, 10:33 PM

I've done a lot of work with the new AOL protocol (OSCAR).

Here's how login/authenication is handled with OSCAR:

Client sends connection request
--Server replies with a key (something like "19234820")
Client does an MD5 has on the following string:
Key + Password + "AOL Instant Messenger (SM)"
--Server replies with needed connection information

Anyways, long story short..... If you can use a packet sniffer to grab the data returned to the server, you can try a reverse-MD5 hash (good luck), and then just remove the key and "AOL Instant Messenger (SM)" string from it, and you'll have the password.

Thread Tools
Show Printable Version Email this Page
Display Modes
Switch to Linear Mode Switch to Hybrid Mode Threaded Mode

01-25-2004, 10:33 PM	#8
Porsche 951S Posts: n/a	I've done a lot of work with the new AOL protocol (OSCAR). Here's how login/authenication is handled with OSCAR: Client sends connection request --Server replies with a key (something like "19234820") Client does an MD5 has on the following string: Key + Password + "AOL Instant Messenger (SM)" --Server replies with needed connection information Anyways, long story short..... If you can use a packet sniffer to grab the data returned to the server, you can try a reverse-MD5 hash (good luck), and then just remove the key and "AOL Instant Messenger (SM)" string from it, and you'll have the password.