/* TERMINAL ENVASION PRESSENT: SHOWARN OPENSOURCE CODE (GPL) FOR AOLHACKERS PRODJECTS SIMPLE EXAMPLE ON THE C ;) best regars from payhash payhash@xicq.org SHOW USER CLASS AND WARN LEVEL BEFORE AOL 07.09.2004 */ #include #include #include #include #include #include #include #define ICQHOST "login.icq.com" #define ICQPORT 5190 unsigned char DATA_SNAC01_17[]= "\x00\x01\x00\x04\x00\x13\x00\x04\x00\x02\x00\x01\x00\x03\x00\x01" "\x00\x15\x00\x01\x00\x04\x00\x01\x00\x06\x00\x01\x00\x09\x00\x01" "\x00\x0A\x00\x01\x00\x0B\x00\x01"; unsigned char DATA_SNAC01_02[]= "\x00\x01\x00\x03\x01\x10\x04\x7B\x00\x13\x00\x02\x01\x10\x04\x7B" "\x00\x02\x00\x01\x01\x01\x04\x7B\x00\x03\x00\x01\x01\x10\x04\x7B" "\x00\x15\x00\x01\x01\x10\x04\x7B\x00\x04\x00\x01\x01\x10\x04\x7B" "\x00\x06\x00\x01\x01\x10\x04\x7B\x00\x09\x00\x01\x01\x10\x04\x7B" "\x00\x0A\x00\x01\x01\x10\x04\x7B\x00\x0B\x00\x01\x01\x10\x04\x7B"; unsigned char DATA_SNAC01_1E[]= "\x00\x06\x00\x04\x20\x03"; #define f4chat 0x0020 #define online 0x0000 #define invisible 0x0100 #define writeb(buf, value)(*(buf) = value, (buf++)) static char *writew(char *buf, u_int16_t value) { *((u_int16_t *)buf)++ = htons(value); return buf; } static char *writel(char *buf, u_int32_t value) { *((u_int32_t *)buf)++ = htonl(value); return buf; } static char *writes(char *buf, const char *data, int len) { memcpy(buf, data, len); return buf+len; } static char *tlv_begin(char *buf, u_int16_t value) { buf=writew(buf, value); return buf+2; } static char *tlv_end(char *buf, char *start) { start -= 2; writew(start, buf-start-2); return buf; } static char *tlv_write(char *buf, int type, const char *data, int len) { buf=writew(buf, type); buf=writew(buf, len); return writes(buf, data, len); } static char *flap_begin(char *buf, char channel) { static int seq = 0; buf = writeb(buf, 0x2A); buf = writeb(buf, channel); buf = writew(buf, ++seq); return buf+2; } #define STR(s) (s), (sizeof(s)-1) static char *encode_passwd(char *dest, const char *pwd); static char *encode_login(char *buf, const char *uin, const char *passwd); static char *encode_reconnect(char *buf, char *cokie, int cookie_len); static char *encode_info_req(char *buf, const char *uin); static struct hostent *he; static unsigned short port; u_int32_t requestid=0; main(int argc, char *argv[]) { int loginsock, bossocket; struct sockaddr_in loginhost; struct sockaddr_in icqserver; static char *buf, buffer[1024], *flap, *snac; //UIN & PASS char uin[19], pass[16]; //COKIE char cokie[255]; //AOLSERVER char *bossport; char *boss; char *bport; u_int16_t i,j; char *p; fprintf(stdout, "SHOWARN ICQ AOL UIN\n"); fprintf(stdout, " code by payhash \n\n"); puts("\t _"); puts("\t _/ \\_"); puts("\t/ \\ / \\"); puts("\t>--o--<"); puts("\t\\_/ \\_/"); puts("\t \\T/E"); printf("\n"); puts("SHOWARN v0.01 rev.01"); puts("for ICDA projects te.mirabiliz.com"); printf("\n"); printf("create by payhash from [TERMINAL ENVASION]\n"); printf("big thanks for c4 team, \n Kuznecov Volodiya aka smith and ANDRIN their consultation\n"); fprintf(stdout, "PLS INPUT UIN: "); scanf("%s", uin); fprintf(stdout, "PLS INPUT PASSWORD: "); scanf("%s", pass); if((he = gethostbyname(ICQHOST)) == NULL) { herror("DNS problem :("); exit(1); } loginhost.sin_family=AF_INET; loginhost.sin_addr = *((struct in_addr *)he->h_addr); loginhost.sin_port = htons(ICQPORT); bzero(&(loginhost.sin_zero), 8); if((loginsock=socket(AF_INET, SOCK_STREAM, 0)) == -1) { perror("Socket"); exit(1); } if(( connect(loginsock, (struct sockaddr *)&loginhost, sizeof(struct sockaddr)) ) == -1){perror("Connect problem :("); exit(1);} memset(buffer, 0, 1024); //RECIVE FIRSTE FLAP FROM LOGIN SERVER memset(buffer, 0, 1024); printf("RECEVING DATA FROM REMOTE HOST\n"); if(recv(loginsock, buffer, 1024, 0) == -1) { perror("recv"); close(loginsock); exit(1); } else{ fprintf(stdout, "FIRSTE FLAP GETED :) \n"); } buf=(char *)malloc(131, sizeof(char )); //LOGIN PACK encode_login(buf, uin, pass); i=*((u_int16_t *)(buf+5)); //SEND LOGIN PACK if(send(loginsock, buf, i+6, 0) == -1){ perror("Send"); close(loginsock); exit(1); } else{printf("LOGIN TRANSMIT!\n");} free(buf); //RECIVE BOSS:PORT AND COKIE memset(buffer, 0, 1024); printf("RECEVING DATA FROM REMOTE HOST\n"); if(recv(loginsock, buffer, 1024, 0) == -1) { perror("recv"); close(loginsock); exit(1); } else{ fprintf(stdout, "LOGIN TRANSMIT COMPLITE :) \n"); close(loginsock); } //FIND BOSS:PORT AND COKIE //u uin len i = 0; i = ntohs(*((u_int16_t *)((buffer+10) + (ntohs(*((u_int16_t *)(buffer + 8))))))); if(i == 0x0005) { i = ntohs(*((u_int16_t *)((buffer+10) + (ntohs(*((u_int16_t *)(buffer + 8)))) + 2))); p = ((buffer+10) + (ntohs(*((u_int16_t *)(buffer + 8)))) + 2); bossport = (char *)malloc(i-1, sizeof(char )); memcpy(bossport,p+2, i); i = 0; j = 0; while(*((p+2)+i) != '\x3A'){i++;} boss = (char *)malloc(i-1, sizeof(char )); memset(boss, 0, i); memcpy(boss,p+2, i); //fprintf(stdout, "boss %s \n", boss); j = i; i = 0; while(ntohs(*((u_int16_t *)((p+2+j+1)+i))) != 0x0006)i++; bport = (char *)malloc(i-1, sizeof(char )); memset(bport, 0, i+1); memcpy(bport, p+2+j+1, i); //fprintf(stdout, "boss port %s \n", bport); memset(cokie, 0, 255); memcpy(cokie, ((p+2+j+1)+i+4), 256); /* for(i=0; i < 256; i++){printf("%02x ", 255&cokie[i]);} printf("\n\n"); */ } else{ fprintf(stderr, "AOL SERVER BLOCKED OR PROTOCOL NOT SUPPORT :(\n"); exit(1); } //RECONNECT fprintf(stdout,"RECONNECT ON THE BOSS\n"); if((bossocket=socket(AF_INET, SOCK_STREAM, 0)) == -1){perror("Socket"); exit(1);} icqserver.sin_family=AF_INET; icqserver.sin_port=htons(atoi(bport)); icqserver.sin_addr.s_addr= inet_addr(boss); if(connect(bossocket, (struct sockaddr *)&icqserver, sizeof(struct sockaddr_in)) == -1) { perror("Reconnect problems:"); exit(1); } fprintf(stdout, "CONNECTED ON THE BOSS\n"); buf=(char *)malloc(269, sizeof(char )); encode_reconnect(buf, cokie, 256); //for(i=0; i<=269; i++){printf("%02x ", 255&buf[i]);} //printf("\n"); i=0; i=ntohs(*((u_int16_t *)(buf+4))); fprintf(stdout, "COKIE TRANSMIT\n"); if(send(bossocket, buf, i+6,0) == -1){perror("Send:"); exit(1);} free(buf); fprintf(stdout, "COKIE TRANSMIT COMPLITE\n"); buf=(char *)malloc(56, sizeof(char )); while(1) { memset(buffer, 0, 1024); if(recv(bossocket, buffer, 1024, 0) == -1) {perror("recv");exit(1);} if( (*( (u_int16_t *)&buffer[7] ) == 1) && ( *( (u_int16_t *)&buffer[9] ) == 3 ) ) { //send SNAC01,17 memset(buf, 0, 56); buf=flap=flap_begin(buf, 2); buf=writew(buf, 0x0001); buf=writew(buf, 0x0017); buf=writew(buf, 0x0000); buf=writel(buf, 0x00000017); buf=writes(buf, DATA_SNAC01_17, 40); tlv_end(buf, flap); buf=buf-56; if(send(bossocket, buf, 56,0) == -1){perror("SNAC01,17 Send:"); exit(1);} free(buf); break; } } //while(1) memset(buffer, 0, 1024); if(recv(bossocket, buffer, 1024, 0) == -1) {perror("recv");exit(1);} //send SNAC 01,02 (CLIENT READY) buf=(char *)malloc(96, sizeof(char )); buf=flap=flap_begin(buf, 2); buf=writew(buf, 0x0001); buf=writew(buf, 0x0002); buf=writew(buf, 0x0000); buf=writel(buf, 0x00000002); buf=writes(buf, DATA_SNAC01_02,80); tlv_end(buf, flap); buf=buf-96; if(send(bossocket, buf, 96,0) == -1){perror("SNAC01,02 Send:"); exit(1);} free(buf); memset(buffer, 0, 1024); if(recv(bossocket, buffer, 1024, 0) == -1) {perror("recv");exit(1);} //send SNAC 01,1E (free4chat) buf=(char *)malloc(24, sizeof(char )); buf=flap=flap_begin(buf, 2); buf=writew(buf, 0x0001); buf=writew(buf, 0x001E); buf=writew(buf, 0x0000); buf=writel(buf, 0x0000001E); buf=writes(buf, DATA_SNAC01_1E, 6); buf=writew(buf, invisible); tlv_end(buf, flap); buf=buf-24; if(send(bossocket, buf, 24,0) == -1){perror("SNAC01,1E Send:"); exit(1);} free(buf); printf("RECEVING DATA FROM REMOTE HOST\n"); memset(buffer, 0, 1024); if(recv(bossocket, buffer, 1024, 0) == -1) {perror("recv");exit(1);} buf=(char *)malloc(64, sizeof(char )); while(1) { memset(uin, 0, 19); fprintf(stdout, "PLS INPUT TARGET UIN: "); scanf("%s", uin); memset(buf, 0, 64); encode_info_req(buf, uin); i=0; i=ntohs(*((u_int16_t *)(buf+4))); fprintf(stdout, "SEND REQUEST ON THE SERVER\n"); if(send(bossocket, buf, i+6,0) == -1){perror("Send:"); exit(1);} fprintf(stdout, "REQUEST COMPLITE\n"); memset(buffer, 0, 1024); if(recv(bossocket, buffer, 1024, 0) == -1) {perror("recv");exit(1);} else { i=0; i=*((u_int8_t *)(buffer + 16)); if(i == 0){fprintf(stdout,"sorry uin is offline \n");} else{ //printf("UIN LEN: %d \n", i); printf("UIN %s \n", uin); i=0; i=ntohs(*((u_int16_t *)(buffer + 16 + (*((u_int8_t *)(buffer + 16)) + 1)))); printf("UIN WARN LEVEL %d %% \n", i); //USER CLASS i=0; i=ntohs(*((u_int16_t *)(buffer + 16 + (*((u_int8_t *)(buffer + 16)) + 9)))); //printf("UIN CLASS %02x \n", i); switch(i) { case 0x0001: printf("uin class: AOL UNCONFIRMED \n"); break; case 0x0002: printf("uin class: AOL ADMINISTRATOR \n"); break; case 0x0004: printf("uin class: AOL \n"); break; case 0x0008: printf("uin class: AOL COMMERCIAL USER \n"); break; case 0x0010: printf("uin class: AOL FREE \n"); break; case 0x0020: printf("uin class: AOL AWAY \n"); break; case 0x0040: printf("uin class: AOL ICQ \n"); break; case 0x0050: printf("uin class: AOL ICQ USER \n"); break; case 0x0070: printf("uin class: AOL ICQ, FREE \n"); break; case 0x0080: printf("uin class: AOL WIRELESS \n"); break; default: printf("uin class: UNKNOWN \n"); break; } } } } free(buf); } //main //ENCODE PASSWORD //Encrypt password funcions static char *encode_passwd(char *dest, const char *pwd) { static const char xor_table[] = { 0xf3, 0x26, 0x81, 0xc4, 0x39, 0x86, 0xdb, 0x92, 0x71, 0xa3, 0xb9, 0xe6, 0x53, 0x7a, 0x95, 0x7c, }; int i, len = strlen(pwd); for (i=0; i