/* This SOURCE SPREAD ONLY GPL Easy example of warnbot on C WARNBOT - SHOWING YOUR WARNING LEVEL ICQ AND SN AIM BEFORE AOL =) MAIN IDEA BY TurisT from C4 TEAM (AIM USER WARNING LEVEL) THANKS XICQ.ORG SOUL REAVER AND ANDRIN[from TERMINAL ENVASION] code by payhash[from TERMINAL ENVASION] MAIL: payhash@xicq.org ICQ: 963632 05.06.2004 */ #include #include #include #include #include #include #include typedef u_int8_t BYTE; typedef u_int16_t WORD; typedef u_int32_t DWORD; typedef char *STRING; #define writeb(buf, value) (*(buf) = (value), (buf)+1) //статус #define f4chat 0x0020 #define online 0x0000 //флаги по челу #define CLASS_UNCONFIRMED 0x0001 #define CLASS_ADMINISTRATOR 0x0002 #define CLASS_AOL 0x0004 #define CLASS_COMMERCIAL 0x0008 #define CLASS_FREE 0x0010 #define CLASS_AWAY 0x0020 #define CLASS_ICQ 0x0040 #define CLASS_ICQUSER 0x0050 #define CLASS_WIRELESS 0x0080 #define CLASS_UNKNOWN100 0x0100 #define CLASS_UNKNOWN200 0x0200 #define CLASS_UNKNOWN400 0x0400 #define CLASS_UNKNOWN800 0x0800 #define UIN "00000000" //U BOT UIN #define PASS "0000000" //U BOT PASS static char *writew(char *buf, u_int16_t value) { *((u_int16_t*)buf)++ = htons(value); return buf; } static char *writel(char *buf, u_int32_t value) { *((u_int32_t*)buf)++ = htonl(value); return buf; } static char *writes(char *buf, const char *data, int len) { memcpy(buf,data,len); return buf+len; } static char *tlv_begin(char *buf, u_int16_t value) { buf = writew(buf, value); return buf+2; } //RESDATA BEGIN!!! static char *res_begin(char *buf, u_int8_t value) { buf = writeb(buf, value); return buf+2; } static char *tlv_end(char *buf, char *start) { start -= 2; writew(start, buf-start-2); return buf; } static char *write_tlv(char *buf, int type, const char *data, int len) { buf = writew(buf, type); buf = writew(buf, len); return writes(buf, data, len); } static char *flap_begin(char *buf, char channel) { static int seq = 0; buf = writeb(buf, 0x2A); buf = writeb(buf, channel); buf = writew(buf, ++seq); return buf+2; } #define STR(s) (s), (sizeof(s)-1) static char *encode_passwd(char *dest, const char *pwd); static char *encode_login(char *buf, const char *uin, const char *passwd); static char *encode_reconnect(char *buf, char *cookie, int cookie_len); struct user { STRING uin, password; }; struct ICQhead { BYTE CommandStart; BYTE ChanelID; WORD SequenceNumber; WORD DataFieldLength; }; struct ICQsnac { WORD FamilyID; WORD SubTypeID; WORD Flags; WORD RequestID_1; WORD RequestID_2; }; struct ICQpacket { struct ICQhead head; struct ICQsnac snac; char SNAC_DATA[256]; }; //flap decode char *flapdecode(char *varible, char *buffer, int returncode); //SERVER GLOBAL static char serverip[15]; static char serverport[3]; static char cooke[256]; unsigned char DATA_SNAC01_02[]= "\x00\x01\x00\x03\x01\x10\x04\x7B\x00\x13\x00\x02\x01\x10\x04\x7B" "\x00\x02\x00\x01\x01\x01\x04\x7B\x00\x03\x00\x01\x01\x10\x04\x7B" "\x00\x15\x00\x01\x01\x10\x04\x7B\x00\x04\x00\x01\x01\x10\x04\x7B" "\x00\x06\x00\x01\x01\x10\x04\x7B\x00\x09\x00\x01\x01\x10\x04\x7B" "\x00\x0A\x00\x01\x01\x10\x04\x7B\x00\x0B\x00\x01\x01\x10\x04\x7B"; unsigned char DATA_SNAC01_17[]= "\x00\x01\x00\x04\x00\x13\x00\x04\x00\x02\x00\x01\x00\x03\x00\x01" "\x00\x15\x00\x01\x00\x04\x00\x01\x00\x06\x00\x01\x00\x09\x00\x01" "\x00\x0A\x00\x01\x00\x0B\x00\x01"; unsigned char DATA_SNAC01_1E[]= "\x00\x06\x00\x04\x20\x03"; int main(int argc, char *argv[]) { //NET struct sockaddr_in remaddr; struct hostent *h; int sock; //DATA static char buffer[1024],*buff, *buf, *snacdata; int numbytes; struct ICQhead ICQh; struct user unit; struct ICQpacket *ICQPACKET; char *recvuin, *recvmsg; int uinlen=0, msglen=0, bytelen=0, packlen=0; u_int16_t recvwarnlevel=0x0000; u_int16_t userclass=0x0000; DWORD requestid=0; char warnmess[24]; //строка куда будем помещать сообещение в варном //DEBUG FILE *file; char *tlv, *flap, *resdata; int i, size,m,l,n=0, sn; //GEBUG //if(argc != 2){printf("Usage:./icda \n"); exit(1);} if((h=gethostbyname("login.icq.com")) == NULL){herror("Gethost by name"); exit(1);} if((sock=socket(AF_INET, SOCK_STREAM, 0)) == -1){perror("Socket:"); exit(1);} else{ remaddr.sin_family=AF_INET; remaddr.sin_port=htons(5190); remaddr.sin_addr=*((struct in_addr *)h->h_addr); } if(connect(sock, (struct sockaddr *)&remaddr, sizeof(struct sockaddr_in)) == -1) { perror("Connect problems:"); exit(1); } else { printf("Connected \n"); } /* //AIM FLAP ON if(send(sock, flapon, 10, 0) == -1){ perror("FLAP ON Send"); exit(1); } else{printf("FLAP ON Send !\n");} */ if((numbytes=recv(sock, buffer, 1024, 0)) == -1) { perror("recv"); exit(1); } else{ printf("RECEVING DATA FROM REMOTE HOST\n"); ICQh=*(struct ICQhead *)buffer; printf("CommandStart: %d\n",ICQh.CommandStart); printf("ChanelID: %d\n",ICQh.ChanelID); printf("SequenceNumber: %d\n",ICQh.SequenceNumber); printf("DataFieldLength: %d\n",ICQh.DataFieldLength); } //Авторизация на сервер if(ICQh.ChanelID == 1){ printf("Authorizing onze server\n"); unit.uin=UIN; unit.password=PASS; buf=(char *)malloc(131, sizeof(char )); encode_login(buf, unit.uin, unit.password); } /* //DUMP size=91; printf("zize: %d\n", size); file=fopen("icq_dump.log","at"); if(!file) return; //fprintf(file,direction?"\nClient\n":"Server\n"); while(nsize) l=size; for(m=n;msnac.FamilyID) == 4) && (ntohs(ICQPACKET->snac.SubTypeID) == 7)) { //memset(snacdata, 0, 256); printf("MSG RECV\n"); snacdata=ICQPACKET->SNAC_DATA; //for(i=0; i<=128; i++){printf("%02x ", 255&snacdata[i]);} //printf("\n\n"); //отделяем UIN пакета //ищим смещение в буфере snacdata это будет примерно 10 байт //в 10 байте мы увидем размер uinа и соответственно выделим //под это дело нужное нам количество байт recvuin uinlen=0; uinlen=*((u_int8_t *)(snacdata+10)); //printf("UINLEN=%d\n",uinlen); recvuin=(char *)malloc(uinlen, sizeof(char )); memcpy(recvuin, snacdata+11, uinlen); printf("uin: %s\n", recvuin); //отделяем WARNLEVEL от пакета recvwarnlevel=htonl(*((u_int16_t *)(snacdata+12+uinlen))); //дергаем userclass из пакета userclass=htons(*((u_int16_t *)(snacdata+10+uinlen+9))); printf("userclass=%d\n", userclass); //printf("recv msg from %s\n", recvuin); //так полученный uin содержится в переменной recvuin //и это есть гуд =) //отделяем сообщение от мусора в снаке и подсчитываем байты bytelen=0; while(htonl(*((u_int32_t *)(snacdata+bytelen))) != 0x00030004) { //printf("%02x ", 255&snacdata[bytelen]); bytelen=bytelen+1; } bytelen=bytelen+10; msglen=ntohs(*((u_int16_t *)(snacdata+bytelen))); //printf("msglen=%d\n",msglen); recvmsg=(char *)malloc(msglen, sizeof(char )); memcpy(recvmsg, (snacdata+(bytelen+2)), msglen); //полученное сообщение теперь содержится в переменной recvmsg //буду надеяться что SoulReaver напишет функцию поиска слова в строке //SoulReaver крутой чувак! ;) //printf("MSG:\n"); //for(i=0; i<=msglen; i++){printf("%02x ", 255&recvmsg[i]);} //printf("\n\n"); //формируем пакет для отправки SNAC(04, 06) buf=(char *)malloc(54+uinlen, sizeof(char )); buf=flap=flap_begin(buf, 2); buf=writew(buf, 0x0004); buf=writew(buf, 0x0006); buf=writew(buf, 0x0000); //buf=writel(buf, 0x00000002); buf = writel(buf, ++requestid); buf=writes(buf, "\x00\x00\x00\x00\x00\x00\x00\x00", 8); buf=writew(buf, 0x0001); buf=writeb(buf, uinlen); buf=writes(buf, recvuin, uinlen); buf=tlv=tlv_begin(buf, 0x02); buf=writes(buf,"\x05\x01\x00\x01\x01\x01",6); buf=resdata=res_begin(buf, 0x01); buf=writes(buf,"\x00\x03\x00\x00", 4); buf=writes(buf, "\n HELLO: ", 8); buf=writes(buf, recvuin, uinlen); //представляемся buf=writes(buf, "\n i'm warnbot, i show you warning level before AOL", 50); //пишем варнинг чела sprintf(warnmess, "\n your warning level: %d%%", recvwarnlevel); buf=writes(buf, warnmess, 24); //пишем класс пользака switch(userclass) { case 0x0001: buf=writes(buf, "\n your user class: AOL UNCONFIRMED", 34); break; case 0x0002: buf=writes(buf, "\n your user class: AOL ADMINISTRATOR", 36); break; case 0x0004: buf=writes(buf, "\n your user class: AOL", 22); break; case 0x0008: buf=writes(buf, "\n your user class: AOL COMMERCIAL USER", 40); break; case 0x0010: buf=writes(buf, "\n your user class: AOL FREE", 27); break; case 0x0020: buf=writes(buf, "\n your user class: AOL AWAY", 27); break; case 0x0040: buf=writes(buf, "\n your user class: AOL ICQ", 26); break; case 0x0050: buf=writes(buf, "\n your user class: AOL ICQ USER", 31); break; case 0x0080: buf=writes(buf, "\n your user class: AOL WIRELESS", 31); break; default: buf=writes(buf, "\n your user class: UNKNOWN", 26); break; } buf=writes(buf, "\n Group of support: TE.MIRABILIZ.COM and WWW.XICQ.ORG", 53); buf=writes(buf, "\n\a payhash 963632\n\a SoulReaver 5555590", 38); buf=writes(buf, "\n\a idea by c4 team (TurisT 10141)", 33); buf=writes(buf, "\n\a big thanks RenegadE 778778 and ANDRIN 112819",47); buf=writes(buf, "\n\a OpenSRC GPL", 14); buf=writes(buf, "\n\a http://te.mirabiliz.com/icda.c", 33); tlv_end(buf, resdata); tlv_end(buf, tlv); buf=writes(buf,"\x00\x03\x00\x00\x00\x06\x00\x00",8); tlv_end(buf, flap); packlen=ntohs(*((u_int16_t *)(flap-2)))+6; buf=buf-packlen; printf("packlen=%d\n",packlen); //for(i=0; i<=packlen; i++){printf("%02x ", 255&buf[i]);} //printf("\n\n"); if(send(sock, buf, packlen,0) == -1){perror("SNAC04,06 Send:"); exit(1);} memset(buffer, 0, 1024); if(recv(sock, buffer, 1024, 0) == -1) {perror("recv");exit(1);} } ICQPACKET->snac.FamilyID=0; ICQPACKET->snac.SubTypeID=0; } //free(snacdata); close(sock); return 0; } //Encrypt password funcions static char *encode_passwd(char *dest, const char *pwd) { static const char xor_table[] = { 0xf3, 0x26, 0x81, 0xc4, 0x39, 0x86, 0xdb, 0x92, 0x71, 0xa3, 0xb9, 0xe6, 0x53, 0x7a, 0x95, 0x7c, }; int i, len = strlen(pwd); for (i=0; i