Interesting coincidences. Part Three: Aunt Asya arrived :)
After the last discussion of interesting finds in the Jabber module of the Mobile Agent, I was told about a similar situation in ICQ. Well, take the already installed inventory, download additionally release 1.11 and new beta 1.16 and read.
So, using the same technique of comparing lines with debugging information to the icq_0x2001FAC8.dll file from version 1.11 of the Agent, you can find quite a lot of matches :) In order not to overload the reader, I’ll post just a few of the most interesting lines - containing either function / argument names or emotional comments by:
Interestingly, the automatic search found 165 lines in version 1.11 and already 175 in version 1.15. But in the recently higher version 1.16, in addition to cleaning the logs of the Jabber module, almost all the intersections found with debugging lines in ICQ were also deleted! Except one :)
For those who wish, I provide complete lists of strings:
PS In the meantime, we looked at the XML console traffic version 1.16. The Miranda node was removed from the caps, and radically, by removing the node attribute required by the HEP-115 — it seems that a person really does not understand why all this is necessary and how it works ...
One of the developers of the Miranda jabber plugin even suggested, if necessary, writing an article with a detailed description of the XEP-115 protocol: Entity Capabilities in Russian.
')
PPS One kind person took out the Mobile Agent 1.15 traffic and revealed an interesting pattern. When you start, there is an update request:
A large amount of data is transmitted in the request, starting with the screen resolution and the OS version and ending with unique identifiers that are closed with zeros in the dump. After receiving a response with a deuce, the application shakes the screen a few pixels left and right for about 2-4 seconds and exits.
If you need to crash the client, the server sends a deuce after unknow, if you do not need to crash the client, it sends a three. At the same time, if you block access to mobile.mail.ru in the firewall, then this terrible critical bug suddenly disappears and everything starts working normally without shaking
And, as usual: we do not blame anyone for anything, just publish interesting information from publicly available sources.
So, using the same technique of comparing lines with debugging information to the icq_0x2001FAC8.dll file from version 1.11 of the Agent, you can find quite a lot of matches :) In order not to overload the reader, I’ll post just a few of the most interesting lines - containing either function / argument names or emotional comments by:
| 000618E8 | Ignoring SNAC (x% 02X, x% 02X) - FAMILYx% 02X is not implemented | chan_02data.c (99) icq_avatar.c (1234) |
| 00061924 | *** Yeehah, avatar login sequence complete | icq_avatar.c (1303) |
| 00061A5C | Avatar reply broken, trying to do my best. | icq_avatar.c (1378) |
| 0006E5A8 | *** Yeehah, login sequence complete | fam_01service.c (1060) |
| 0006E738 | Cannot handle abort messages yet ... :( | fam_04message.c (534) fam_04message.c (595) fam_04message.c (1223) icq_directmsg.c (233) |
| 0006EE48 | ResizeCookieList: realloc failed. | cookies.c (63) |
| 0006FD54 | Error: Unknown wCommand = 0x% x in OFT request | oscar_filetransfer.c (790) |
| 0006F424 | Uploading of avatar hash failed. | fam_13servclist.c (762) |
Interestingly, the automatic search found 165 lines in version 1.11 and already 175 in version 1.15. But in the recently higher version 1.16, in addition to cleaning the logs of the Jabber module, almost all the intersections found with debugging lines in ICQ were also deleted! Except one :)
| 0006EFE4 | Uploading of avatar hash failed. | fam_13servclist.c (762) |
For those who wish, I provide complete lists of strings:
PS In the meantime, we looked at the XML console traffic version 1.16. The Miranda node was removed from the caps, and radically, by removing the node attribute required by the HEP-115 — it seems that a person really does not understand why all this is necessary and how it works ...
<presence>
<priority> 5 </ priority>
<c xmlns = 'http: //jabber.org/protocol/caps' ver = '1.0' />
<status> Custom status </ status>
</ presence> One of the developers of the Miranda jabber plugin even suggested, if necessary, writing an article with a detailed description of the XEP-115 protocol: Entity Capabilities in Russian.
')
PPS One kind person took out the Mobile Agent 1.15 traffic and revealed an interesting pattern. When you start, there is an update request:
GET / AGENT 240 & u = 0 HTTP / 1.1 User-Agent: mmrim / 1.0 Host: mobile.mail.ru HTTP / 1.1 200 OK Server: nginx / 0.7.10 Date: Sat, 07 Feb 2009 00:00:00 GMT Content-Type: text / html; charset = UTF-8 Transfer-Encoding: chunked Connection: keep-alive 6a MobileAgent v1.11 | default | 001 | unknow | 2 | http: //my.agent.mail.ru/mobile/tree30/SymbianOS9.1/MobileAgent.SIS | 0
A large amount of data is transmitted in the request, starting with the screen resolution and the OS version and ending with unique identifiers that are closed with zeros in the dump. After receiving a response with a deuce, the application shakes the screen a few pixels left and right for about 2-4 seconds and exits.
If you need to crash the client, the server sends a deuce after unknow, if you do not need to crash the client, it sends a three. At the same time, if you block access to mobile.mail.ru in the firewall, then this terrible critical bug suddenly disappears and everything starts working normally without shaking
And, as usual: we do not blame anyone for anything, just publish interesting information from publicly available sources.
Source: https://habr.com/ru/post/51375/
All Articles