Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

The America Online Protocol Revealed

timothy posted about 13 years ago | from the you've-got-something dept.

America Online 468

Gods Misfit writes "The America Online protocol(Connecting, Logging In, Joining Chats, etc..) has remained a mystery for most of its life. The only way one could log into their AOL account was via the AOL software. A few months ago, some people set out to break down the AOL protocol and open the door for alternative America Online software. This document is the result: The AOL Protocol. A sign on example for Visual Basic programmers has been written and is available here." I suspect a fair number of people never try Linux or one of the BSDs because they're moderately happy with AOL as an ISP, and switching OSes would mean switching ISPs at the same time. A shame that AOL doesn't make this kind of information more easily available.

cancel ×

468 comments

Sorry! There are no comments related to the filter you selected.

And again (-1)

Sunken Kursk (518450) | about 13 years ago | (#2407485)

Biznitches! ACs can suck my left nut!

Re:And again (-1)

cyborg_monkey (150790) | about 13 years ago | (#2407491)

Damn, you are more pathetic than me!

Carry on, soldier.

Re:And again (-1)

Sunken Kursk (518450) | about 13 years ago | (#2407509)

What can I say? I am fully dedicated to the Troll Tuesday cause!

Re:And again (-1)

Pr0n K1ng (160688) | about 13 years ago | (#2407499)

M4d pr0pz my tr011in6 brutha!

Way to go!

Get it in ya!

Get it Enya?

Nah...

Re:And again (-1)

Fecal Troll Matter (445929) | about 13 years ago | (#2407505)

Hot damn, that FP shoulda been mine. I like pr0n.

Re:And again (-1)

Sunken Kursk (518450) | about 13 years ago | (#2407559)

Sorry man. You're on point for the next one. Good luck!

Pr0p 5 to j00 th0u9h . K33p 1 7 up!

Re:And again (-1)

Dead Fart Warrior (525970) | about 13 years ago | (#2407537)

I've been beaten to the FP by you, but if I had to be beaten, I'm glad it was from a sunken, hard, hollow, cylander full of seamen.

Mad propzzzz!

Re:And again (-1)

Sunken Kursk (518450) | about 13 years ago | (#2407587)

I nearly spit water all over my keyboard! Thanks man!

Propzzzzzzzzzzzzz right back at 'ya!

ttt (-1)

Dead Fart Warrior (525970) | about 13 years ago | (#2407488)

Tuesday Troll Toast! [drtoast.com]

Erm...hrmm... (0, Flamebait)

Anonymous Coward | about 13 years ago | (#2407498)

Most people who use AOL aren't SMART enough to use any OS other than WIndows...

Re:Erm...hrmm... (-1, Flamebait)

Anonymous Coward | about 13 years ago | (#2407532)

Most people who use LINUX aren't STRAIGHT enough to use Windows.

Re:Erm...hrmm... (0)

Anonymous Coward | about 13 years ago | (#2407554)

Moderated by a true AOL user!

Re:Erm...hrmm... (-1)

Fecal Troll Matter (445929) | about 13 years ago | (#2407651)

Suck an anus.

Joey Joe Jo... Shabadu?

A Text File woudl be nice (2, Offtopic)

Anonymous Coward | about 13 years ago | (#2407504)

Not everyone can read .wri, a .txt and/or .pdf would be nice.

Re:A Text File woudl be nice (0, Redundant)

hether (101201) | about 13 years ago | (#2407534)

Can't you just open it with some sort of text reader? I know I did.

Re:A Text File woudl be nice (0)

Railroader (139848) | about 13 years ago | (#2407598)

Konqueror opened it for me. Didn't word wrap, and there were some strange bits, but it was readable.

Re:A Text File woudl be nice (1, Redundant)

Anonymous Coward | about 13 years ago | (#2407613)

The AOL Protocol

When you hear the phrase "The AOL Protocol", I bet most of you immediately think of FDO, right? Although FDO is a part of the AOL protocol, it in no way encompasses the big picture. When I use the term "The AOL protocol", I refer to how the AOL client and server interact with each other, how data is prepared, how it is sent, and how it can be manipulated.

There currently exists no formal documentation of the AOL protocol, or at least one that is publicly available. For this reason, I have taken it upon myself to strip the bits of information from my feeble mind and write a document with at least basic information about the AOL protocol. The information included in this document is what I have learned, from exploration, help from others, and just stumbling upon it. I in no way guarantee the accuracy of the information contained herein. That said, here is what I know.

Table of Contents

1) Establishing a connection
A. Servers
B. The handshake
C. Sending the screenname and password
D. Completing the login
2) The packet
A. The first byte
B. The second and third bytes(CRC)
C. The fourth byte
D. The fifth byte
E. The sixth and seventh bytes
F. The eighth byte
G. The ninth and tenth bytes
3) Logging AOL's Data Packets
4) Forming Data Packets
5) Pings
6) About FDO Decompression
7) Putting it all together
8) Using Common Sense

1) Establishing a connection

A. Servers - America Online Servers generally run on port 5190. The server that the clients connect to is randomly chosen via the DNS Round Robin 'AmericaOnline.aol.com'. There are literally hundreds of America Online servers linked together. It makes you wonder how they avoid the common IRC occurrence of "Net Splits". To connect to an AOL server, all one has to do is connect to 'AmericaOnline.aol.com' on port 5190. I'm sure all of you can do this, you can even test it in Telnet. AOL servers that people generally connect to are called "berps". An example AOL server is 'berp-cr01.dial.aol.com'.

B. The handshake - Upon connecting to America Online, the client first sends an identification packet that includes the version of the AOL client being used. On success, the server will send back go ahead packet(SD) and the client will then send Screenname/Password. On failure, the AOL server will send an XS and the client will disconnect. AOL uses this in order to disable older clients from connecting and force people to upgrade. If the server gives no response, the packet wasn't formed correctly.

Client: 5A413800347F7FA3036B0100F5000000050F00002152CBCA07 0A1000080400000000035F0000010004000300080000000000 000000000000020D
Client: ZA8Å4£kÅõÅÅÅÅÅ!RËÊÅÅÅÅÅ_ÅÅÅÅÅÅÅÅÅÅÅÅÅÅÅÅ

Server: 5AB71100037F7F240D5A88E9000B107F20534454D1F68B0000 0D
Server: Z-Å$ZéÅ SDTÑöÅÅ

C. Sending the screenname and password - After the server accepts the initial handshake, the screennname and password are sent. If the screenname and password match, the server then sends the Master Tool disabling information, and also sends the Welcome Window FDO. If the screenname and password do not match, the server will ask for the password once more, if it fails twice, the server sends the XS and the client is disconnected.

Client: 5A243F00431010A044640015000100010A0400000001010B04 0000000103010A686F6C797461626C6520011D00011D00010A 0400000002030108736174616E363636011D000002000D
Client: Z$?ÅCDdÅÅÅÅÅÅÅÅÅholytable ÅÅÅÅÅsatan666ÅÅÅ

D. After receiving the Welcome Window FDO, the client sends the 'ya' token. This causes AOL to tell you if you have mail, assign you an IP address, and, if you have configured it, show your buddy list. Once you are assigned an IP address you are completely logged in and can now send other commands to the AOL service.

Client: 5A4EBA00031018A40D5AC6910008111CA079610701010D5A5C 340022121CA0746C00170001000A0F04007BB5E80A10041DA6 DDF20A4504000000070002000D5A6F4A000D131CA053430150 001000002000D
Client: ZNÅZÆ'Å-yaZ\4Å" tlÅÅÅÅ{è¦ÝòEÅÅÅÅÅZoJÅSCÅÅÅÅÅ

Server: 5A419B00351D132079610304AC992E10020102010100040498 A3CE86070101050203C00A153135332D34362D31362E697074 2E616F6C2E636F6D0D5A7E91001E1E132076A007BB5E81DA6D DF20000000000696D66617274702E627574000D
Server: ZAÅ5 ya(TM).Å£ÎÀ153-46-16.ipt.aol.comZ~'Å-- tjÅ{è¦ÝòÅÅÅÅÅimfartp.butÅ

2) The packet - Ah, the illusive AOL packet. The structure of these packets have remained a mystery throughout America Online's life. I will now make an attempt at breaking down these packets.

Here's a basic idea of what a packet may look like:

Z (CRC) (CRC) [NULL] (LENGTH BYTE) (HB 6TH) (HB 7TH) [SPACE] (TOKEN) (TOKEN)

That's the first ten bytes in any AOL packet. The only bytes that don't change constantly are the first, Z(5A in Hex), and the fourth, A null(00 in hex). Anything after the first ten bytes is compressed FDO or data strings. Here is a breakdown of the ten bytes in greater detail.

A. The first byte for all AOL versions is Z or 5A in Hex. This is probably the least troublesome byte because it never changes and you can't forget to add it as easily as you can the fourth.

B. The second and third bytes are 'Hi' and 'Lo' bytes produced from the CRC16 Algorithm. CRC stands for "Cyclic Redundancy Check". The CRC is often used in compression to make sure no data was corrupted. If the CRC header does not match the data in a zip file, the file is assumed corrupted. The same goes for AOL packets. If the CRC does not match the packet, the AOL server ignores it. The CRC is taken from the packet with the first 5 bytes(the header) removed. The number produced by the algorithm is then used to produce a 'Hi' and a 'Lo' byte that is placed in the 2nd and 3rd spots in the header. The CRC only applies to versions of AOL clients 3.0 and below. The newer AOL clients simply send '**' as the 2nd and 3rd byte. you can get along with using newer AOL packets without a CRC, but you'll end up sending more data. If you can use the CRC it will actually be easier to just use it with the older, smaller packets.

Here is the CRC function and 'Hi' and 'Lo' byte subs for C++ and Visual Basic programmers. These are public functions, I did not write them:

C++:

Function AOLCrc (strng$, lenstr)

unsigned short
CRC16(byte * buffer, int length)
{
unsigned short crc = 0;
unsigned short ch;
int i, j;

for (i = 0; i > 1) ^ 0xa001;
Else
crc >>= 1;
ch >>= 1;
}
}

return (crc);
}

Visual Basic:

Function AOLCRC(strng$, lenstr)
Dim crc As Long
Dim ch As Long
Dim i As Long
Dim j As Long

For i = 0 To lenstr - 1
ch = Asc(Mid(strng$, i + 1, 1))
For j = 0 To 7
If ((crc Xor ch) And 1) Then
crc = (Int((crc / 2)) Xor 40961)
Else
crc = Int(crc / 2)
End If
ch = Int(ch / 2)
Next j
Next i
AOLCRC = crc
End Function

Function gethibyte(mybyte As Variant) As Variant
gethibyte = Int(mybyte / 256)
End Function

Function getlobyte(mybyte As Variant) As Variant
getlobyte = Int((mybyte - (gethibyte(mybyte) * 256)))
End Function

The use of these functions will be explained more later on.

C. The 4th byte for all AOL versions is a null(00 in Hex). This byte never changes, but it is required, just try to remember to include it.

D. The 5th byte is the length byte, The length byte is roughly the length of the packet with the first 5 bytes(The Header) removed. I say roughly because another thing can effect the length byte besides actual physical length. The byte directly before any string in the packet(screennames, chat, form data, etc..) is also a length byte. This byte represents the length of the string immediately following it, and is not counted in the 5th byte representation of the length. I have written a Visual Basic sub that will calculate the 5th byte in any given packet:

Function give5th(pack As String, inputz as integer)
'You need the EnHex function for this, you will find it later on in this document.
Dim give5th1 As Integer
inputz = inputz + 4
give5th1 = Len(DeHex(pack)) - inputz
give5th = EnHex(Chr(give5th1))
End Function

This function was written by me. Its use is simple. Just include the hexed entire packet(even header) and the # of inputs your form has to calculate the 5th byte to be places in your packet.

Example: give5th("5AD69400411010A044640015000100010A0400000 001010B04000000010301" & screenname$ & "20011D00011D00010A04000000020301" & password$ & "011D000002000D", 2)

E. The 6th and 7th bytes - These 2 bytes are almost as mind boggling as the 2nd and 3rd. If you watch AOL packets go by, you'll see what I mean. The 6th and 7th seem to change wildly, with no way to tell what the next will be. These packets are different for every new packet sent, but actually go in a loop. If you look at the login packets I use, you'll see the 6th byte(in hex) is 10(Int 16), and the seventh is 18(Int 24). Before every packet sent, I simply increase each by 1. Although the actual client seems to do something a little different, adding 1 works. You can't add 1 forever, of course. You'll notice after a while the AOL server will stop responding. The solution to this is resetting the 6th and 7th bytes to their original values, 10(Int 10) and 18(Int 24). I'm sure most of you don't want to explore this yourself, so the 6th and 7th reset at Int 127 and Int 135. I'm a little confused on what to call these bytes. I call them "counter bytes", but I've often heard them referred to as 'heartbeats'. It seems to me the 9 char "ping-like" packets should be called heartbeats(Who knows? maybe they are). Regardless of terminology, this works.
F. The 8th byte is simply a space.

G. Finally, the 9th and 10th bytes(in ASCII) represent the token. for those of you who know FDO, you know that token kind of tells the server what to expect. If you aren't sure what you're looking at, just look for these tokens and cross check them with the AOL-Files token list to see what kind of packet it is.

3) Logging AOL's Data Packets

Logging the packets AOL uses is a very important skill when dealing with the AOL protocol. Without it, you will get nowhere. When you form a packet to send to the AOL server, you don't build it from the ground up(At least I don't). To build it from scratch would require you to write it in FDO, compress the FDO, and add the header. Although it is possible to do it that way, it is much easier to use logged packets and just change them where needed. Getting AOL packets is actually pretty simple. First, you create a program that listens on port 5190 for incoming connections. You then choose a version of AOL to spy on. This document revolves around 2.5 packets, so I suggest using AOL 2.5(available at http://clients.aol-files.com). You have to set up the AOL client to connect to your computer locally, rather than to 'AmericaOnline.aol.com'. To do this open the 'tcp.ccl' file in the 'ccl' directory and change the 'AmericaOnline.aol.com' to 'localhost'. Save and close the file. you then connect your AOL client. If you did it correctly, you should see an incoming connection in your program. Now, your program make it so that when a client connects your program connects to 'AmericaOnline.aol.com' on port 5190. Set up your program so that when Data is received, depending on the ID of the socket, it will direct the data to the client or server socket. If data is sent from the client, send it to the server, if it is sent from the server, sent it to the client. The idea behind this is to become a type of "data link" between the server and client. We can now begin to intercept data.

Intercepting the data is nothing more than creating a textbox and displaying incoming data from the client or server. Its a good idea to mark it 'client' or 'server' to get a better idea of what you're looking at. The only trick to doing this is editing out the null characters. When a null character is put in any textbox or other viewing object, it represents to Windows the end of a line, so any text after it is unreadable. By editing out the null characters in a string, you allow yourself to see the entire packet. Here is a Visual Basic function I wrote to edit out null characters:

Function stripnulls(thedata as String)
Dim torem as Integer
torem = 1
Do Until crap = 0
torem = InStr(1, thedata, Chr$(0))
If torem > 0 Then Mid(thedata, torem, 1) = "Å"
Loop
End Function

When displaying a packet in ASCII, its is pretty much ruined for sending back to the server, even if you try putting the nulls back in. So most editing for packets is done in Hex. Here are some Visual Basic functions to Hex and DeHex strings and integers:

Public Function EnHex(Data As String) As String
Dim iCount As Double
Dim sTemp As String

For iCount = 1 To Len(Data)
sTemp = Hex$(Asc(Mid$(Data, iCount, 1)))
If Len(sTemp) 0 Then Mid(sData, crap, 1) = "Å"
Loop
status.Text = status.Text & "Server: " & sData & vbCrLf & vbCrLf

If InStr(1, sData, "Invalid password") Then
status.Text = status.Text & "Invalid Password" & vbCrLf
Call Winsock1.Close
End If
If InStr(1, sData, "Invalid account") Then
status.Text = status.Text & "Invalid account" & vbCrLf
Call Winsock1.Close
End If

If InStr(1, sData, "SD") Then
screenname1$ = Int2Hex(Len(screenname.Text) + 1) & EnHex(screenname.Text)
password1$ = Int2Hex(Len(password.Text)) & EnHex(password.Text)
fifth$ = give5th("5AD69400411010A044640015000100010A0400000 001010B04000000010301" & screenname1$ & "20011D00011D00010A04000000020301" & password1$ & "011D000002000D", 2)
packet$ = DeHex("00" & fifth$ & "1010A044640015000100010A0400000001010B04000000010 301" & screenname1$ & "20011D00011D00010A04000000020301" & password1$ & "011D000002000D")
crc1 = AOLCRC(packet$, Len(packet$) - 1)
thehi$ = Chr(gethibyte(crc1))
thelo$ = Chr(getlobyte(crc1))
packet$ = DeHex("5A" & EnHex(thehi$) & EnHex(thelo$) & "00" & fifth$ & "1010A044640015000100010A0400000001010B04000000010 301" & screenname1$ & "20011D00011D00010A04000000020301" & password1$ & "011D000002000D")
Winsock1.SendData packet$ 'Sends the screenname/password. If you don't understand this refer above to 'Forming Packets'
packet$ = DeHex("5A3A0A00031018A40D") 'This is a logged ping packet
Winsock1.SendData packet$
End If

If InStr(1, sData, "Master Tool") Then
packet$ = DeHex("5A3A0A00031018A40D5AC6910008111CA0796107010 10D5A5C340022121CA0746C00170001000A0F04007BB5E80A1 0041DA6DDF20A4504000000070002000D5A6F4A000D131CA05 34300150001000002000D")
Winsock1.SendData packet$ 'This sends the ya login packet, NO CHANGES HAVE BEEN MADE
sixth=Hex2Int("13")
seventh=Hex2Int("21") 'This is where you set your sixth and seventh at first.
End If

In your send IM command button put this:

screenname1$ = Int2Hex(Len(IMName.Text)) & EnHex(IMName.Text)
IM1$ = Int2Hex(Len(IMMsg.Text)) & EnHex(IMMsg.Text)
If sixth = "127" Then
sixth = "15" 'Backtrack 1 because we are going to add 1 soon
seventh = "23" 'THIS IS THE CODE TO RESET THE BYTES
End If
sixth = CInt(sixth) + 1
seventh = CInt(seventh) + 1
fifth$ = give5th("5A606700001522A06953002500010001070400000 003010A04000000010301" & screenname1$ & "011D00010A04000000020301" & IM1$ & "011D00011D00011D000002000D", 2)
packet$ = DeHex("00" & fifth$ & Int2Hex(sixth) & Int2Hex(seventh) & "A06953002500010001070400000003010A04000000010301" & screenname1$ & "011D00010A04000000020301" & IM1$ & "011D00011D00011D000002000D")
crc1 = AOLCRC(packet$, Len(packet$) - 1)
thehi$ = Chr(gethibyte(crc1))
thelo$ = Chr(getlobyte(crc1))
packet$ = DeHex("5A" & EnHex(thehi$) & EnHex(thelo$) & "00" & fifth$ & Int2Hex(sixth) & Int2Hex(seventh) & "A06953002500010001070400000003010A04000000010301" & screenname1$ & "011D00010A04000000020301" & IM1$ & "011D00011D00011D000002000D")
Winsock1.SendData packet$
IMMsg.Text=""

In the Winsock control's 'SendComplete' event, put this:

Dim crap as Integer
crap = 1
Do Until crap = 0
crap = InStr(1, packet$, Chr$(0))
If crap > 0 Then Mid(packet$, crap, 1) = "Å"
Loop
status.Text = status.Text & "Client: " & packet$ & vbCrLf & vbCrLf

In the status textbox's 'Change' event, put this:

status.SelStart = Len(status.Text) 'Auto Scrolls
If Len(status.Text) >= 32000 Then status.Text = Right$(status.Text, Len(status.Text) / 2) 'Keeps the length from getting too large

Make sure your status.Text is set MultiLine to True and has scrollbars. If you did it correctly, you should now have a working AOL client that has a status box and can send IMs. Welcome to Winsock AOL.

8) Common Sense

Ok, most of you have probably stopped reading by now. But I need to make a point.

The only reason that the information above is not already widely available is because of the fear of abuse. Putting this information in immature hands is dangerous. Some people believe that if it gets out, the walls of the America Online service will come crashing down as things like faster mail bombers, spammers, IM bombers, and cloners begin to immerge. It may very well be impossible to enter a chat room without being so lagged by scrolling, IMs, and emails that you cannot even stay connected. I don't personally believe that though. Due to the complexity of these packets, it is far harder to use even copied source of this than to use copied source of the infamous "AOL Progs" that eventually died out. If you are learning from this document, I implore you to use common sense in your use of this information.

This document would not be possible if it weren't from the help I received from my friends.
Thanks to phrea, nec, jay, ceramic, and anyone else who I forgot.

Thank you for listening,
Gods Misfit
binary0100@yahoo.com

text version... (-1, Redundant)

neuneu2K (247042) | about 13 years ago | (#2407615)

Karma whoring at its brightest...

The AOL Protocol

When you hear the phrase "The AOL Protocol", I bet most of you immediately think of FDO, right? Although FDO is a part of the AOL protocol, it in no way encompasses the big picture. When I use the term "The AOL protocol", I refer to how the AOL client and server interact with each other, how data is prepared, how it is sent, and how it can be manipulated.

There currently exists no formal documentation of the AOL protocol, or at least one that is publicly available. For this reason, I have taken it upon myself to strip the bits of information from my feeble mind and write a document with at least basic information about the AOL protocol. The information included in this document is what I have learned, from exploration, help from others, and just stumbling upon it. I in no way guarantee the accuracy of the information contained herein. That said, here is what I know.

Table of Contents

1) Establishing a connection
A. Servers
B. The handshake
C. Sending the screenname and password
D. Completing the login
2) The packet
A. The first byte
B. The second and third bytes(CRC)
C. The fourth byte
D. The fifth byte
E. The sixth and seventh bytes
F. The eighth byte
G. The ninth and tenth bytes
3) Logging AOL's Data Packets
4) Forming Data Packets
5) Pings
6) About FDO Decompression
7) Putting it all together
8) Using Common Sense

1) Establishing a connection

A. Servers - America Online Servers generally run on port 5190. The server that the clients connect to is randomly chosen via the DNS Round Robin 'AmericaOnline.aol.com'. There are literally hundreds of America Online servers linked together. It makes you wonder how they avoid the common IRC occurrence of "Net Splits". To connect to an AOL server, all one has to do is connect to 'AmericaOnline.aol.com' on port 5190. I'm sure all of you can do this, you can even test it in Telnet. AOL servers that people generally connect to are called "berps". An example AOL server is 'berp-cr01.dial.aol.com'.

B. The handshake - Upon connecting to America Online, the client first sends an identification packet that includes the version of the AOL client being used. On success, the server will send back go ahead packet(SD) and the client will then send Screenname/Password. On failure, the AOL server will send an XS and the client will disconnect. AOL uses this in order to disable older clients from connecting and force people to upgrade. If the server gives no response, the packet wasn't formed correctly.

Client: 5A413800347F7FA3036B0100F5000000050F00002152CBCA07 0A1000080400000000035F0000010004000300080000000000 000000000000020D
Client: ZA8Å4??£kÅõÅÅÅÅÅ!RËÊÅÅÅÅÅ_ÅÅÅÅÅÅÅÅÅÅÅÅÅÅÅÅ

Server: 5AB71100037F7F240D5A88E9000B107F20534454D1F68B0000 0D
Server: Z-Å??$Z?éÅ? SDTÑö?ÅÅ

C. Sending the screenname and password - After the server accepts the initial handshake, the screennname and password are sent. If the screenname and password match, the server then sends the Master Tool disabling information, and also sends the Welcome Window FDO. If the screenname and password do not match, the server will ask for the password once more, if it fails twice, the server sends the XS and the client is disconnected.

Client: 5A243F00431010A044640015000100010A0400000001010B04 0000000103010A686F6C797461626C6520011D00011D00010A 0400000002030108736174616E363636011D000002000D
Client: Z$?ÅCDdÅÅÅÅÅÅÅÅÅholytable ÅÅÅÅÅsatan666ÅÅÅ

D. After receiving the Welcome Window FDO, the client sends the 'ya' token. This causes AOL to tell you if you have mail, assign you an IP address, and, if you have configured it, show your buddy list. Once you are assigned an IP address you are completely logged in and can now send other commands to the AOL service.

Client: 5A4EBA00031018A40D5AC6910008111CA079610701010D5A5C 340022121CA0746C00170001000A0F04007BB5E80A10041DA6 DDF20A4504000000070002000D5A6F4A000D131CA053430150 001000002000D
Client: ZNÅZÆ?Å-yaZ\4Å" tlÅÅÅÅ{è¦ÝòEÅÅÅÅÅZoJÅSCÅÅÅÅÅ

Server: 5A419B00351D132079610304AC992E10020102010100040498 A3CE86070101050203C00A153135332D34362D31362E697074 2E616F6C2E636F6D0D5A7E91001E1E132076A007BB5E81DA6D DF20000000000696D66617274702E627574000D
Server: ZA?Å5 ya?.Å?£Î?À153-46-16.ipt.aol.comZ~?Å-- tjÅ{è¦ÝòÅÅÅÅÅimfartp.butÅ

2) The packet - Ah, the illusive AOL packet. The structure of these packets have remained a mystery throughout America Online's life. I will now make an attempt at breaking down these packets.

Here's a basic idea of what a packet may look like:

Z (CRC) (CRC) [NULL] (LENGTH BYTE) (HB 6TH) (HB 7TH) [SPACE] (TOKEN) (TOKEN)

That?s the first ten bytes in any AOL packet. The only bytes that don't change constantly are the first, Z(5A in Hex), and the fourth, A null(00 in hex). Anything after the first ten bytes is compressed FDO or data strings. Here is a breakdown of the ten bytes in greater detail.

A. The first byte for all AOL versions is Z or 5A in Hex. This is probably the least troublesome byte because it never changes and you can't forget to add it as easily as you can the fourth.

B. The second and third bytes are 'Hi' and 'Lo' bytes produced from the CRC16 Algorithm. CRC stands for "Cyclic Redundancy Check". The CRC is often used in compression to make sure no data was corrupted. If the CRC header does not match the data in a zip file, the file is assumed corrupted. The same goes for AOL packets. If the CRC does not match the packet, the AOL server ignores it. The CRC is taken from the packet with the first 5 bytes(the header) removed. The number produced by the algorithm is then used to produce a 'Hi' and a 'Lo' byte that is placed in the 2nd and 3rd spots in the header. The CRC only applies to versions of AOL clients 3.0 and below. The newer AOL clients simply send '**' as the 2nd and 3rd byte. you can get along with using newer AOL packets without a CRC, but you'll end up sending more data. If you can use the CRC it will actually be easier to just use it with the older, smaller packets.

Here is the CRC function and 'Hi' and 'Lo' byte subs for C++ and Visual Basic programmers. These are public functions, I did not write them:

C++:

Function AOLCrc (strng$, lenstr)

unsigned short
CRC16(byte * buffer, int length)
{
unsigned short crc = 0;
unsigned short ch;
int i, j;

for (i = 0; i > 1) ^ 0xa001;
Else
crc >>= 1;
ch >>= 1;
}
}

return (crc);
}

Visual Basic:

Function AOLCRC(strng$, lenstr)
Dim crc As Long
Dim ch As Long
Dim i As Long
Dim j As Long

For i = 0 To lenstr - 1
ch = Asc(Mid(strng$, i + 1, 1))
For j = 0 To 7
If ((crc Xor ch) And 1) Then
crc = (Int((crc / 2)) Xor 40961)
Else
crc = Int(crc / 2)
End If
ch = Int(ch / 2)
Next j
Next i
AOLCRC = crc
End Function

Function gethibyte(mybyte As Variant) As Variant
gethibyte = Int(mybyte / 256)
End Function

Function getlobyte(mybyte As Variant) As Variant
getlobyte = Int((mybyte - (gethibyte(mybyte) * 256)))
End Function

The use of these functions will be explained more later on.

C. The 4th byte for all AOL versions is a null(00 in Hex). This byte never changes, but it is required, just try to remember to include it.

D. The 5th byte is the length byte, The length byte is roughly the length of the packet with the first 5 bytes(The Header) removed. I say roughly because another thing can effect the length byte besides actual physical length. The byte directly before any string in the packet(screennames, chat, form data, etc..) is also a length byte. This byte represents the length of the string immediately following it, and is not counted in the 5th byte representation of the length. I have written a Visual Basic sub that will calculate the 5th byte in any given packet:

Function give5th(pack As String, inputz as integer)
'You need the EnHex function for this, you will find it later on in this document.
Dim give5th1 As Integer
inputz = inputz + 4
give5th1 = Len(DeHex(pack)) - inputz
give5th = EnHex(Chr(give5th1))
End Function

This function was written by me. Its use is simple. Just include the hexed entire packet(even header) and the # of inputs your form has to calculate the 5th byte to be places in your packet.

Example: give5th("5AD69400411010A044640015000100010A0400000 001010B04000000010301" & screenname$ & "20011D00011D00010A04000000020301" & password$ & "011D000002000D", 2)

E. The 6th and 7th bytes - These 2 bytes are almost as mind boggling as the 2nd and 3rd. If you watch AOL packets go by, you'll see what I mean. The 6th and 7th seem to change wildly, with no way to tell what the next will be. These packets are different for every new packet sent, but actually go in a loop. If you look at the login packets I use, you'll see the 6th byte(in hex) is 10(Int 16), and the seventh is 18(Int 24). Before every packet sent, I simply increase each by 1. Although the actual client seems to do something a little different, adding 1 works. You can't add 1 forever, of course. You'll notice after a while the AOL server will stop responding. The solution to this is resetting the 6th and 7th bytes to their original values, 10(Int 10) and 18(Int 24). I'm sure most of you don't want to explore this yourself, so the 6th and 7th reset at Int 127 and Int 135. I'm a little confused on what to call these bytes. I call them "counter bytes", but I've often heard them referred to as 'heartbeats'. It seems to me the 9 char "ping-like" packets should be called heartbeats(Who knows? maybe they are). Regardless of terminology, this works.
F. The 8th byte is simply a space.

G. Finally, the 9th and 10th bytes(in ASCII) represent the token. for those of you who know FDO, you know that token kind of tells the server what to expect. If you aren't sure what you're looking at, just look for these tokens and cross check them with the AOL-Files token list to see what kind of packet it is.

3) Logging AOL's Data Packets

Logging the packets AOL uses is a very important skill when dealing with the AOL protocol. Without it, you will get nowhere. When you form a packet to send to the AOL server, you don't build it from the ground up(At least I don't). To build it from scratch would require you to write it in FDO, compress the FDO, and add the header. Although it is possible to do it that way, it is much easier to use logged packets and just change them where needed. Getting AOL packets is actually pretty simple. First, you create a program that listens on port 5190 for incoming connections. You then choose a version of AOL to spy on. This document revolves around 2.5 packets, so I suggest using AOL 2.5(available at http://clients.aol-files.com). You have to set up the AOL client to connect to your computer locally, rather than to 'AmericaOnline.aol.com'. To do this open the 'tcp.ccl' file in the 'ccl' directory and change the 'AmericaOnline.aol.com' to 'localhost'. Save and close the file. you then connect your AOL client. If you did it correctly, you should see an incoming connection in your program. Now, your program make it so that when a client connects your program connects to 'AmericaOnline.aol.com' on port 5190. Set up your program so that when Data is received, depending on the ID of the socket, it will direct the data to the client or server socket. If data is sent from the client, send it to the server, if it is sent from the server, sent it to the client. The idea behind this is to become a type of "data link" between the server and client. We can now begin to intercept data.

Intercepting the data is nothing more than creating a textbox and displaying incoming data from the client or server. Its a good idea to mark it 'client' or 'server' to get a better idea of what you're looking at. The only trick to doing this is editing out the null characters. When a null character is put in any textbox or other viewing object, it represents to Windows the end of a line, so any text after it is unreadable. By editing out the null characters in a string, you allow yourself to see the entire packet. Here is a Visual Basic function I wrote to edit out null characters:

Function stripnulls(thedata as String)
Dim torem as Integer
torem = 1
Do Until crap = 0
torem = InStr(1, thedata, Chr$(0))
If torem > 0 Then Mid(thedata, torem, 1) = "Å"
Loop
End Function

When displaying a packet in ASCII, its is pretty much ruined for sending back to the server, even if you try putting the nulls back in. So most editing for packets is done in Hex. Here are some Visual Basic functions to Hex and DeHex strings and integers:

Public Function EnHex(Data As String) As String
Dim iCount As Double
Dim sTemp As String

For iCount = 1 To Len(Data)
sTemp = Hex$(Asc(Mid$(Data, iCount, 1)))
If Len(sTemp) 0 Then Mid(sData, crap, 1) = "Å"
Loop
status.Text = status.Text & "Server: " & sData & vbCrLf & vbCrLf

If InStr(1, sData, "Invalid password") Then
status.Text = status.Text & "Invalid Password" & vbCrLf
Call Winsock1.Close
End If
If InStr(1, sData, "Invalid account") Then
status.Text = status.Text & "Invalid account" & vbCrLf
Call Winsock1.Close
End If

If InStr(1, sData, "SD") Then
screenname1$ = Int2Hex(Len(screenname.Text) + 1) & EnHex(screenname.Text)
password1$ = Int2Hex(Len(password.Text)) & EnHex(password.Text)
fifth$ = give5th("5AD69400411010A044640015000100010A0400000 001010B04000000010301" & screenname1$ & "20011D00011D00010A04000000020301" & password1$ & "011D000002000D", 2)
packet$ = DeHex("00" & fifth$ & "1010A044640015000100010A0400000001010B04000000010 301" & screenname1$ & "20011D00011D00010A04000000020301" & password1$ & "011D000002000D")
crc1 = AOLCRC(packet$, Len(packet$) - 1)
thehi$ = Chr(gethibyte(crc1))
thelo$ = Chr(getlobyte(crc1))
packet$ = DeHex("5A" & EnHex(thehi$) & EnHex(thelo$) & "00" & fifth$ & "1010A044640015000100010A0400000001010B04000000010 301" & screenname1$ & "20011D00011D00010A04000000020301" & password1$ & "011D000002000D")
Winsock1.SendData packet$ 'Sends the screenname/password. If you don?t understand this refer above to 'Forming Packets'
packet$ = DeHex("5A3A0A00031018A40D") 'This is a logged ping packet
Winsock1.SendData packet$
End If

If InStr(1, sData, "Master Tool") Then
packet$ = DeHex("5A3A0A00031018A40D5AC6910008111CA0796107010 10D5A5C340022121CA0746C00170001000A0F04007BB5E80A1 0041DA6DDF20A4504000000070002000D5A6F4A000D131CA05 34300150001000002000D")
Winsock1.SendData packet$ 'This sends the ya login packet, NO CHANGES HAVE BEEN MADE
sixth=Hex2Int("13")
seventh=Hex2Int("21") 'This is where you set your sixth and seventh at first.
End If

In your send IM command button put this:

screenname1$ = Int2Hex(Len(IMName.Text)) & EnHex(IMName.Text)
IM1$ = Int2Hex(Len(IMMsg.Text)) & EnHex(IMMsg.Text)
If sixth = "127" Then
sixth = "15" 'Backtrack 1 because we are going to add 1 soon
seventh = "23" 'THIS IS THE CODE TO RESET THE BYTES
End If
sixth = CInt(sixth) + 1
seventh = CInt(seventh) + 1
fifth$ = give5th("5A606700001522A06953002500010001070400000 003010A04000000010301" & screenname1$ & "011D00010A04000000020301" & IM1$ & "011D00011D00011D000002000D", 2)
packet$ = DeHex("00" & fifth$ & Int2Hex(sixth) & Int2Hex(seventh) & "A06953002500010001070400000003010A04000000010301" & screenname1$ & "011D00010A04000000020301" & IM1$ & "011D00011D00011D000002000D")
crc1 = AOLCRC(packet$, Len(packet$) - 1)
thehi$ = Chr(gethibyte(crc1))
thelo$ = Chr(getlobyte(crc1))
packet$ = DeHex("5A" & EnHex(thehi$) & EnHex(thelo$) & "00" & fifth$ & Int2Hex(sixth) & Int2Hex(seventh) & "A06953002500010001070400000003010A04000000010301" & screenname1$ & "011D00010A04000000020301" & IM1$ & "011D00011D00011D000002000D")
Winsock1.SendData packet$
IMMsg.Text=""

In the Winsock control's 'SendComplete' event, put this:

Dim crap as Integer
crap = 1
Do Until crap = 0
crap = InStr(1, packet$, Chr$(0))
If crap > 0 Then Mid(packet$, crap, 1) = "Å"
Loop
status.Text = status.Text & "Client: " & packet$ & vbCrLf & vbCrLf

In the status textbox's 'Change' event, put this:

status.SelStart = Len(status.Text) 'Auto Scrolls
If Len(status.Text) >= 32000 Then status.Text = Right$(status.Text, Len(status.Text) / 2) 'Keeps the length from getting too large

Make sure your status.Text is set MultiLine to True and has scrollbars. If you did it correctly, you should now have a working AOL client that has a status box and can send IMs. Welcome to Winsock AOL.

8) Common Sense

Ok, most of you have probably stopped reading by now. But I need to make a point.

The only reason that the information above is not already widely available is because of the fear of abuse. Putting this information in immature hands is dangerous. Some people believe that if it gets out, the walls of the America Online service will come crashing down as things like faster mail bombers, spammers, IM bombers, and cloners begin to immerge. It may very well be impossible to enter a chat room without being so lagged by scrolling, IMs, and emails that you cannot even stay connected. I don't personally believe that though. Due to the complexity of these packets, it is far harder to use even copied source of this than to use copied source of the infamous "AOL Progs" that eventually died out. If you are learning from this document, I implore you to use common sense in your use of this information.

This document would not be possible if it weren?t from the help I received from my friends.
Thanks to phrea, nec, jay, ceramic, and anyone else who I forgot.

Thank you for listening,
Gods Misfit
binary0100@yahoo.com
http://aol.necrocosm.com

Re:A Text File woudl be nice (3, Informative)

gorillasoft (463718) | about 13 years ago | (#2407618)

Have an HTML version of it...
http://www.accs-net.com/hosts/theaolprotocol.htm

First Post (0)

Anonymous Coward | about 13 years ago | (#2407621)

First Post

Re:A Text File woudl be nice (0)

Anonymous Coward | about 13 years ago | (#2407650)

Yeah. And wasn't last Windows OS to actually produce any .wri - stuff (that had notepad)
Windows 95? (or was it even removed there after 3.11?). Newer windoze-apps are still able to read it, of course, format being some kind of a subset of later full-features word-formats.


... I have been unfortunate enough to have been assigned the task of rewriting write-input - filter few years ago... It's absolutely horrible, evil, stupid format, with its 256 byte "paging" and other weird stuff.

Congratulations! (2, Flamebait)

Methuseus (468642) | about 13 years ago | (#2407506)

As much as I dislike AOL, I understand many people like it. I'm glad that one more proprietary thing has been broken to help people. I just hope this doesn't make AOL accounts any easier to hack into, as I've heard. I don't know the exact nature of AOL's login process, so does anyone have any idea what the chances this can be used as a malicious hacking tool are?

If they're using aohell.... (0, Funny)

wo1verin3 (473094) | about 13 years ago | (#2407508)

do you really want them installing Linux?

Imagine if it crashes, the support staff is confused enough already with windows!

Illegal Activities? (4, Insightful)

jerw134 (409531) | about 13 years ago | (#2407510)

Wouldn't this be considered illegal under the DMCA, since they reverse engineered AOL's proprietary protocol? If AOL had meant for it to be public, then they would have put it out themselves.

Dear Mod: (-1, Troll)

Anonymous Coward | about 13 years ago | (#2407546)

You are obviously a moron. The question is
legitimate and I'll reword it for you in case
you and the rest of the Slashdot moderators
are as stupid as Jon Katz:

What are the legal implications of publishing
the AOL protocol.

Thank you for your consideration.

Re:Illegal Activities? (5, Funny)

jd (1658) | about 13 years ago | (#2407556)

I think that would only count if AOL claimed to be secure. That would be one interesting legal argument.

Re:Illegal Activities? (3, Interesting)

Milican (58140) | about 13 years ago | (#2407560)

I don't know the specifics of the DMCA, but I don't believe any form of encryption was broken into. I don't believe that reverse engineering a protocol through trial and error is illegal. However, circumventing a security / encryption mechanism is. Please feel free to correct any discrepancies.

JOhn

Re:Illegal Activities? (1)

Sir_Real (179104) | about 13 years ago | (#2407586)

I wonder if "intentionally obscured" is the same as "encrypted" in the eyes of the DCMA...

Re:Illegal Activities? (4, Funny)

DickBreath (207180) | about 13 years ago | (#2407637)

I wonder if "intentionally obscured" is the same as "encrypted" in the eyes of the DCMA

You mean using Double Rot13 for an extra layer of security?

Re:Illegal Activities? (2, Funny)

rot26 (240034) | about 13 years ago | (#2407647)


You mean using Double Rot13 for an extra layer of security?

You mean that doesn't work?

Re:Illegal Activities? (-1, Troll)

Anonymous Coward | about 13 years ago | (#2407565)

How is that a troll? It is a very valid question, and completely on topic. I put you back up to 1 jerw134, don't worry about those asshole mods!

Re:Illegal Activities? (1)

Sparr0 (451780) | about 13 years ago | (#2407582)

Considering previous applications of the DMCA to reverse engineering of protocols, I would have to say, tentatively, yes. Unless someone can provide a counterpoint?

IANAL

Re:Illegal Activities? (4, Informative)

Purificator (462832) | about 13 years ago | (#2407585)

it may be illegal, but not under the dmca because it doesn't involve bypassing encryption to get to data; it's just reverse engineering. if the software has a reverse engineering clause there might be problems.

i liked timothy's comment that people who use aol may shy away from bsd or linux because they wouldn't want to switch isps. having seen the aol interface and met aol users, i doubt any aol user would honestly USE linux. at best a couple might try the install, but go back to using windows.

Re:Illegal Activities? (0, Redundant)

klykken (310263) | about 13 years ago | (#2407590)

mod this up pls, legal issues with AOL is important.

People sticking with Windows because of AOL? (2, Redundant)

mmacdona86 (524915) | about 13 years ago | (#2407513)

I suppose there might be a handful. A small handful. Not "a fair number".

Re:People sticking with Windows because of AOL? (2)

Jace of Fuse! (72042) | about 13 years ago | (#2407569)

I suppose there might be a handful.

More than a handful.

I know people who actually use the words "I like AOL" all together in one sentence.

It's really a weird thing to witness.

Re:People sticking with Windows because of AOL? (4, Funny)

chinton (151403) | about 13 years ago | (#2407659)

I know people who actually use the words "I like AOL" all together in one sentence.

Hey now, wait a minute!!! You're stepping on my toes, now. I use those words together in one sentence all the time:

"I would like to see AOL ripped into tiny pieces and thrown into the Seven Seas."

It's about time.. (0, Redundant)

LordOfTheHunt (166353) | about 13 years ago | (#2407516)

this got hacked. Now let's see if AOL goes ahead and opens it up for developers or if they take the wimps way out with DMCA based lawsuits?

Scott

Cat and mouse games (5, Insightful)

boinger (4618) | about 13 years ago | (#2407517)

How long until they make an arbitrary change that breaks all the "new" clients? While I don't understand why they'd care (the customer is still, in theory, paying for the service), the fact that they've kept it secret for so long makes me wonder if they'll let this slide. Not to mention their annoying policies regarding the AIM client (how many times did they break everybuddy?)

Re:Cat and mouse games (5, Insightful)

Gaijin42 (317411) | about 13 years ago | (#2407575)

The reason they won't let this slide : not all of AOL's revenue comes from subscription. They have lots of ads. And alternate clients could nix the ads, hence no ad revenue.

Re:Cat and mouse games (5, Insightful)

rabtech (223758) | about 13 years ago | (#2407602)

Not if you figure out the AOL auto-updating mechanism as part of the protocol. Then, the only way they can lock alternatives out is to actually force everyone who is on AOL 2,3,4,5, and 6 to upgrade immediately. That isn't ever going to happen.

Re:Cat and mouse games (3, Insightful)

monkeydo (173558) | about 13 years ago | (#2407606)

While I don't understand why they'd care (the customer is still, in theory, paying for the service), the fact that they've kept it secret for so long makes me wonder if they'll let this slide.

If you've ever used AOL you'll realize while they probably won't "let it slide" AOL is much more than an ISP and the client is about 80% of that. Whether they take legal action depends on their lawyers, but it would be trivial for them to get around this technically. Since the AOL client automatically every time it connects they could simple change some small bit of the protocol every week (or day) that would break the non-AOL clients until someone patched them. AOL could probaly automate this fairly easily to the point that they could just do it forever or until the non-AOL folks just give up.

I imagine you'll see cease-and-desist letters followed by engineering changes, followed by lawsuits.

Re:Cat and mouse games (2)

DickBreath (207180) | about 13 years ago | (#2407667)

they could simple change some small bit of the protocol every week (or day) that would break the non-AOL clients until someone patched them. AOL could probaly automate this fairly easily

The difficulty is to change the protocol in a way that doesn't break their clients but does break all of the unauthorized clients.

They can't just force everyone to update overnight. Some people still use AOL 2.

One way that's been discussed here before is to alter the protocol to request a selected checksum of the executable. Now the only way you can answer this checksum query is to have an actual copy of the AOL client. This still does not make it impossible to implement an Open Source client.

Re:Cat and mouse games (1)

SUidRoot (86553) | about 13 years ago | (#2407664)

this could be used to evade advertising and similar things that are shown in the AOL client to give them more income.

I Thought The Main Benefit Of AOL... (3, Funny)

John_Booty (149925) | about 13 years ago | (#2407519)

...was keeping AOL users ON Windows? Now they can spread....

Re:I Thought The Main Benefit Of AOL... (2)

DickBreath (207180) | about 13 years ago | (#2407682)

Actually, given AOL's and MS's recent adversarial squabbles, there could be benefit to AOL to support (more) non MS platforms (than they presently do).

What would happen if a major OEM (Dell, Gateway, etc.) computer came bundled with Linux, StarOffice, and AOL on the desktop? This is in AOL's advantage. Although non-o-fish-al clients may not be.

This'll last... (2, Insightful)

DNAGuy (131264) | about 13 years ago | (#2407521)

Considering AOL wasn't exactly thrilled with "Unauthorized" versions of their messaging software (Jabber [jabber.org] ) I wonder how long it will take them to have a stroke over this.

AOL / Linux (2, Insightful)

mighty_mallards (259544) | about 13 years ago | (#2407524)

I wouldn't try AOL even with my own customizable "protocol". I'm quite happy with a local provider.

It's not AOL that's keeping me from trying Linux on the desktop - it's that my fiancee needs to use the PC as well, and she has enough trouble with Windows... (okay, that and the games)

This is stupid. (-1, Offtopic)

Wind_Walker (83965) | about 13 years ago | (#2407526)

AIM isn't just a "protocol", kids. It's a bunch of servers owned, run and paid for by AOL. AOL spends millions of dollars on Sybase licenses and support contracts alone to run AIM. Do you think it's peer-to-peer? That they track connection status in real time for millions of concurrent users without big, expensive databases running on big, expensive hardware?

Even if the Jabber team ever comes out with a stable, robust release, it's not going to be able to support even half as many users as Yahoo instant messaging without someone footing the bill for millions of dollars in servers and fiber-channel storage arrays, commercial database software, and tens of thousands of dollars a month in hosting and connectivity services.

Do you really think a multi-million concurrent-user instant messaging system can run on one rack of Postgres servers on a T1? Phooey.

You want free communication without ads or service charges? Buy a CB radio and talk to your neighbors. That's peer-to-peer.

I'd like to see a show of hands: how many of the people here calling for free access to AIM servers aren't (a) MSN and Yahoo employees or (b) people who have never had a job besides maybe cleaning trays in a dorm cafeteria?

Re:you is not paying attention. (0)

Anonymous Coward | about 13 years ago | (#2407564)

The article is about the logon to AOL Proper, not the AIM client. "We" broke through AIM's protocol long ago.

Re:This is stupid. (0, Offtopic)

AaronStJ (182845) | about 13 years ago | (#2407571)

AIM isn't just a "protocol", kids. It's a bunch of servers owned, run and paid for by AOL. AOL spends millions of dollars on Sybase licenses and support contracts alone to run AIM

Umm, the artile talking about AOL itself, not AIM. And anyone using an alternate AOL client would still have to pay for AOL, so I don't see why it's a problem at all.

Knee jerk much? (1)

Doktor Memory (237313) | about 13 years ago | (#2407584)

Would it have killed you to do more than skim the headline, see the words "AOL" and "protocol" in it, and instantly decide that this was obviously about Instant Messaging?

The protocol in question is not OSCAR or TOC. I'd tell you what is actually under discussion here, but I'd rather you just scrolled up and figure it out for yourself.

Re:This is stupid. (1)

dinivin (444905) | about 13 years ago | (#2407596)


You know, you wouldn't look like such a fool if you had read the article and realized that they're talking about the AOL protocol, not the AIM protocol.

Dinivin

OH NO! (0)

Anonymous Coward | about 13 years ago | (#2407528)

Does this mean I'm going to get a free AOL CD not only for every release... but for every OS?!?!

yay, now I can chat with idiots. (0)

Anonymous Coward | about 13 years ago | (#2407530)

'nuff said.



(okay, so this is kind of lame).

AOHell? (2, Funny)

British (51765) | about 13 years ago | (#2407533)

Does this mean a stronger, better, more annoying version of AoHell will be released?

Finally (1)

Sparr0 (451780) | about 13 years ago | (#2407535)

Its about time. For the longest time my roommate was on AOL and I couldnt set up a linux gateway for our home LAN because of it. Thank god the days of ICS over AOL are over!

Yes! (-1)

Anonymous Coward | about 13 years ago | (#2407540)

Finally, the wait is over!

Good one! (1)

dave-fu (86011) | about 13 years ago | (#2407543)

I suspect a fair number of people never try Linux or one of the BSDs because they're moderately happy with AOL as an ISP, and switching OSes would mean switching ISPs at the same time.

Damn. That's the funniest thing I've heard in a long time.
And they say geeks have no sense of humor.

AOL on linux (4, Funny)

dashmaul (108555) | about 13 years ago | (#2407544)

AOL on Linux.

Isn't that like having a red neck teach physic's at MIT?

Re:AOL on linux (2, Funny)

Anonymous Coward | about 13 years ago | (#2407601)

More like having a slashdotter teach English.

Re:AOL on linux (0)

Anonymous Coward | about 13 years ago | (#2407648)

well, i've never been to MIT, but a redneck taught me physics in high school. he knew what he was talking about too - rednecks aren't necessarily dumb, just usually.

Well, that seals it (5, Insightful)

MaximumBob (97339) | about 13 years ago | (#2407545)

Finally, I can get onto AOL using Linux! I'm installing it as soon as I get home!

Seriously, I don't know why whenever something gets posted on /., the sentiment "Finally! Now the average user will use Linux!" has to be used. The simple fact is that the average user isn't savvy enough to use it, and there is a large group of users who ARE savvy enough to use it, but find setting it up to be a big headache.

America Online isn't going to be Linux's killer app.

(ducks behind asbestos wall)

Re:Well, that seals it (0)

Anonymous Coward | about 13 years ago | (#2407580)

Maybe it was just timothy's poor attempt at humor, even though it didn't come across as sarcastic enough. He must be into subtle humor.

Finally AOL on Linux (1)

CtrlPhreak (226872) | about 13 years ago | (#2407672)

I'm forced to use AOL as my ISP because my family actually likes it. I used to have an ISP for me to use just for linux, but since we moved away, those days are over. And being a college student (commuter) I can't afford to get one of my own. I use the internet whenever my computer is on, so I can't really use linux with out it, or I go into a horrible withdrawl. For now I'm dammed to AOHell and windows. I love linux and use it almost every day in school, and before now I used it most of the time on this comp. So maybe this will finally get me back into linux for my primary OS. ::crosses fingers::

AOL Runs on Linux also. (4, Insightful)

jelwell (2152) | about 13 years ago | (#2407547)

Uh, AOL runs on linux also, think Gateway kitchen device, think Playstation 2. It's there, it works, they've shipped. You just can't download it yet.

But I would go as far to say that the type of people who like computers very simple, and very task oriented wouldn't want to install Linux on their desktop for more than one reason.

1) maybe AOL
2) their computer likely came with windows and installing a new OS is beyond their skills
3) linux desktops are still not dumbed down enough. Come on, TiVo is easy to use, my playstation 2 is easy to use, why is my computer so hard?

Joseph Elwell.

this should be interesting (1, Insightful)

Anonymous Coward | about 13 years ago | (#2407549)

I think as soon as this knoledge becomes available, we will see a lot of script kiddies popping up with tools to mess with aol
maybe a return of punters, which currently only work on aim
who knows, the abilities for scripts as well as exploits have suddenly become endless and easy based on the availability of the protocol

Silly Rabbit! (5, Interesting)

funky49 (182835) | about 13 years ago | (#2407552)

I suspect a fair number of people never try Linux or one of the BSDs because they're moderately happy with AOL as an ISP, and switching OSes would mean switching ISPs at the same time. A shame that AOL doesn't make this kind of information more easily available.

Probably very few people using AOL would consider playing with *nix. If you're playing with other operating systems, you've probably already outgrown AOL. You're not burning ISOs from Redhat that you downloaded via AOL/dialup. If you're on AOL, you're happy and content and most probably don't want to be switching ISPs or playing with a new OS. Besides, just because you're on a new OS, doesn't mean you have to get rid of your M$ partition and AOL as your dialup. People can explore the goodness of *nix on that old computer in the closet they feel bad about donating to the Salvation Army.

The AOL protocal was a nice reverse engineering hack. Nice work fellows. AOL didn't make it more freely available because it was a proprietary technology. They'd prefer to keep it to themselves or license it out.. otherwise they would have used a published standard.

=steve

it's all about advertising (3, Redundant)

vocaljess (464531) | about 13 years ago | (#2407558)

when you have to use aol's software to log in to aol, you have to look at the ads and crap that they want you to look at. aol is just one large, happy advertisement. with the possibility of being able to log into your aol account without having to use their software, they'll lose some of that advertising exposure, which means that yes, they will have kittens over this. whee.

oh cool (-1, Troll)

Anonymous Coward | about 13 years ago | (#2407561)

now i can use aol on both of my boxes without Natalie Portman using Red Hat Linux to cause a disturbance on the moon with my illegally copied software and music.

I also heard that you are cool.
I am glad to hear that the American Online Protocol has been revealed!!

Why dont you choke, on that, slapnuts?

More technical info (2)

briggsb (217215) | about 13 years ago | (#2407563)

More technical info about AOL can be found here. [bbspot.com]

Why a shame? (2, Insightful)

Red Aardvark House (523181) | about 13 years ago | (#2407567)

A shame that AOL doesn't make this kind of information more easily available.

This reminds me of the same sort of complaint found in a recent Slashdot article on Microsoft [slashdot.org] . Do you really think AOL/Time Warner wants this type of information spread around so they can lose subscribers?

It's not a shame, it's good business sense.

They'll never allow OSS clients! (2, Insightful)

pixel_bc (265009) | about 13 years ago | (#2407568)

Why?

WHen you use their client, they control eveything you see. What you can do. Think - they could force commercials or ads down yoru throat (and they will). If its opened up, you know people will just chose not to accept them.

The protocol will change very soon. :)

What is the attraction? (0)

Anonymous Coward | about 13 years ago | (#2407570)

After reading on /. about how AOL just up and turned over all of thier archived emails and IM traffic, why on earth would anyone be want to write, much less actually use an application to communicate with AOL anything?

Not a big user group overlap.. (5, Insightful)

sid_vicious (157798) | about 13 years ago | (#2407574)

I suspect a fair number of people never try Linux or one of the BSDs because they're moderately happy with AOL as an ISP ...

Let's face it, the reason that AOL and Linux don't mesh isn't because there's no AOL-Linux interface. It's because people who use AOL use it for a reason - it's got a happy, friendly, push big rainbow colored buttons, don't-cut-yourself safety-scissors interface. Love 'em or hate 'em, it's what they do well - an interface so simple that even grandma can use the demon box.

Linux is still, even in its most user-friendly form, a system that requires you to get some dirt under your fingernails while you use it. It's still a power-user OS.
There just simply isn't a big overlap between the types of people who use AOL and the types of people who traditionally run Linux.

Re:Not a big user group overlap.. (1)

nurightshu (517038) | about 13 years ago | (#2407686)

[P]eople who use AOL use it for a reason - it's got a happy, friendly, push big rainbow colored buttons, don't-cut-yourself safety-scissors interface.

And I thought people used AOL because it's easier for them to find vast quantities of low-quality pr0n...

Violation (0)

Anonymous Coward | about 13 years ago | (#2407576)

This is a direct violation of AOL software. I highly doubt AOL would do something like this....since I have programmers friends who work there they would not like this to have appeared...

Making it available means lost revenue (5, Interesting)

Traicovn (226034) | about 13 years ago | (#2407577)

Actually, it doesn't surprise me that they don't make it available. If they release that information, they lose an edge they have on joe average as an entry level computer user. How many times have you talked to someone who wanted to show you something that was on the 'internet' and in reality, it was something that was on a section of AOL? AOL has done a really good job of making a 'controlled' section of the internet we're they control the information. By having only one style of software they have more control also. Would YOU just want anything to connect to YOUR server and have authorization privleges? Of course AOL is very much based on server side scripting, and a butchered version of html. All aol sections are addressed with an aol://xxxx:xxxx:asdgfsadgas type link... a mix of alphanumeric strings, etc. Essentially it's THERE style of html distributed through a browser.

But in the end the bottom line is profit. You don't want to allow people to get onto the internet where you can't 100% control what the first thing they see is. AOL gives the illusion to first time joe averages that it IS the internet. My mom spent months on AOL without even using the actual internet and she thought she was on the internet. It's marketing genius. You control their access, you control the way content is shown, you give them places to spend their money and control the ways they communicate. Everyone does it the same way, so everyone is having a similar version of their own experience...
The AOL designers aren't dumb IMHO, sure it's not the service that I want as my ISP, but when it comes to marketing, they know what their doing...

For awhile they were going to make it so you could use them as a 'traditional' isp using Dial-up, but I don't think that anything really ever came of it.... I guess AOL users just like hearing 'WELCOME, YOU'VE GOT SPAM, (I MEAN MAIL)...'

Re:Making it available means lost revenue (0)

Methuseus (468642) | about 13 years ago | (#2407644)

Just a quick note for you:
it's AOL's version of HTTP, not HTML that they are using. I know in the past AOL just used IE as it's HTML reader, but I don't know how that's changed. Just wanted to let you know.

Re:Making it available means lost revenue (2, Informative)

Traicovn (226034) | about 13 years ago | (#2407675)

Well.... The AOLSERER is it's own version of http, however it can issue both the mal-adjusted AOL-HTML and standard HTML pages. Content within AOL is programmed primarily in a butchered version of AOL with a combination of standard html tags and proprietary HTML tags. It's got a little bit more XML in it now, but it's still got a strong backing in plain HTML. The AOL Client relies on MSIE being installed to help it display content, but is not 100% reliable on it. AOL cannot function 100% alone without IE if I remember properly, but it can do quite a bit.

So you are correct about it's own version of http, but they do display content in a 'modified' version of HTML too. If I remember properly they use a little bit of Java Script, and some of the code that distributes content is PERL....
:)

Re:Making it available means lost revenue (1)

eknuds (457661) | about 13 years ago | (#2407657)


Actually, it doesn't surprise me that they don't make it available. If they release that information, they lose an edge they have on joe average as an entry level computer user. How many times have you talked to someone who wanted to show you something that was on the 'internet' and in reality, it was something that was on a section of AOL?


Actually, NEVER!

Re:Making it available means lost revenue (1)

WinterSolstice (223271) | about 13 years ago | (#2407676)

What a 'Matrix' way of looking at it ...


-WS

This will not get AOLer to Switch OS's (5, Interesting)

Nf1nk (443791) | about 13 years ago | (#2407579)

This will not get AOLers to switch OS's. Most AOLer's are very paranoid about any change to their computer.


They fear that the change they make will kill their expensive toy and force them to go talk to a more computer literate friend who will once again berate them for using the most expensive ISP with the worst service.


What this will do. (maybe) is covered by point 8



8) Common Sense

Ok, most of you have probably stopped reading by now. But I need to make a point.


The only reason that the information above is not already widely available is because of the fear of abuse. Putting this information in immature hands is dangerous. Some people believe that if it gets out, the walls of the America Online service will come crashing down as things like faster mail bombers, spammers, IM bombers, and cloners begin to immerge. It may very well be impossible to enter a chat room without being so lagged by scrolling, IMs, and emails that you cannot even stay connected. I don't personally believe that though. Due to the complexity of these packets, it is far harder to use even copied source of this than to use copied source of the infamous "AOL Progs" that eventually died out. If you are learning from this document, I implore you to use common sense in your use of this information.

I suspect that this doocument will be the source from which nasty new AOL hacks will be based. And now that it is out it is in very immature hands.

Not that it matters to me because I don't use AOL


Gaim (2, Informative)

peter_gzowski (465076) | about 13 years ago | (#2407583)

I don't know about the ISP protocol, but people have cracked the AOL Instant Messenger protocol, so you can use AIM in Linux (along with various other protocols, it's fantastic). It's called Gaim, and it's available over at Sourceforge (link here [sourceforge.net] ). Happy chatting!

Re:Gaim (-1, Troll)

Anonymous Coward | about 13 years ago | (#2407666)

Gee, could you make your karma-whoring any more obvious.

AOL (0)

Anonymous Coward | about 13 years ago | (#2407591)

It's AOL -- who gives a shit?


Anyone looking to log into AOL through Linux needs professional counselling and a licence for Windows98.

Why should everybody reveal everything?? (1, Flamebait)

Anonymous Coward | about 13 years ago | (#2407593)

Whoop dee damn doo..so now the AOl protocol is revealed. First of all, timothy, why should AOL reveal anything about their own proprietary software??? It's within their rights to keep it confidential if they so desire. It'll keep out Linux and other OS's from connecting, but they're obviously well aware of that and know it's a market not worth pursuing.

Thats what galls me about these open-source zealots..that everything should and must be open for them to play with. The world isn't made only to benefit you, you hippies.

Re:Why should everybody reveal everything?? (0)

Anonymous Coward | about 13 years ago | (#2407654)

This should be modded up to insightful, however theres only 2 or 3 moderators that will actually perform the first mod on a comment, then the other 397 jump in just re-mod whatever the first few did.

Sweet! Oh wait... (2, Insightful)

ryepup (522994) | about 13 years ago | (#2407611)

So who is ever go to put time into this? Anyone who can write something like this is probably not interested in dialing up to AOL, and the 'ease-of-use' folks who can't write it probably appreciate the AOL interface.
Other than hacking into AOL for the fun of it, this is pretty useless. It's a good blow for the cause of open protocols and file formats.
I suppose there might be a market for a simple AOL client, for those who use it for portable internet access.

Closed source video chat (0, Offtopic)

wiremind (183772) | about 13 years ago | (#2407617)

Something I recall reading a while back was that AOL's Instant Messanger program did NOT have video chat abilitys because if aol added that they would have to open up there protocol. and they did NOT want that. now that the protocol maybe there is a chance that Aol Instant Messanger will add the video chat feature, which would in effect challenge MSN's messanger.
That or AOL will just go and change everything now...

Microsoft, AOL, Borg, whats the diff.....

Downloading new art (1)

dafoomie (521507) | about 13 years ago | (#2407623)

Now we get to find out what all that "Downloading new art" stuff really is.

But wouldn't ICQ be better to have a 3rd party client for? It didn't have ads until recently, theres probably a lot less attention paid to it, and AOL owns it too.

Finally! (5, Funny)

Leven Valera (127099) | about 13 years ago | (#2407626)

Public recognition of Visual Basic as a programming language by the /. crowd! Millions of Microsoft programmers, no longer afraid to talk about work at cocktail parties!

Re:Finally! (5, Funny)

Anonymous Coward | about 13 years ago | (#2407642)

The only reason you aren't publicly beaten right now is because of the political climate and the promotion of tolerance towards those that are different, regardless of how stupid they appear to be.

Personally, I think we should declare a war against VB programmers after the war on terrorism is over.

AOL DSL (2, Interesting)

xobyte (255771) | about 13 years ago | (#2407629)

I wonder if this could be used to make a login script for my sisters AOL DSL account. You have to login to AOL before you can use any tcpip...the modem says it is connected though.

Why does my sister use AOL DSL...? I dunno. But she's an air traffic controller in the US Navy so I will forgive her for now.

What about mail? (5, Interesting)

JoeShmoe (90109) | about 13 years ago | (#2407645)

In my opinion, logging on and enjoying AOL's so-called services was never 1/10 of the problem as their stupid crappy propritary mail system.

Back around 1996 or so, I was part of an AOL beta program that released a MAPI interface for AOL mail servers. IE, you could add the AOL mail server to your Outlook config and download your AOL mail right into Outlook.

Of course, the AOL exec freaked out when they considered how many eyeballs their advertisers would lose if everyone uninstalled the AOL client and kept their mail via Outlook. So the program was canned, and I was unfortunately too short-sighted to save a copy of that MAPI tool before the area was closed down.

Ever since, I've been trying to get my sister/parents/grandparents off AOL. Not to mention that AOL never supported Windows NT because they couldn't figure out how to install their stupid AOL Adapter TCP shunt thing. So for years my relatives were forced to run a crappy 16-bit (Win 3.11) version of the AOL client for the sole purpose of checking e-mail.

AOL's mail service is terrible but a lot of people don't want to change their e-mail addresses. If you really want to do a great services to help newbies move beyond their AOL shackles...please, I implore you:

A) Reverse engineer the AOL mail protocol so that external programs can at least READ AOL mail (sending, unsending, and AOL custom features are optional)

B) Reverse engineer the AOL mail database (local copy of stored mail) so that it can be imported into another program.

Even after I got a couple family members to switch over to Hotmail, they still have to use the AOL client to read their old mail. It's that or save it all as flat text and lose all the important header information.

Also, a bonus to reverse engineering the AOL mail database would be the ability to sync mail with your Palm. The AOL client for Palm is 400KB and can only dial-up, not sync.

Please post reply if you know of any project working on the AOL mail/database formats. Thank you!

- JoeShmoe

Why do you think that is? (4, Interesting)

StikyPad (445176) | about 13 years ago | (#2407652)

A shame that AOL doesn't make this kind of information more easily available.

A large amount of AOL's income is from advertisements. You're bombarded by them from the second you sign on, in every window you open, till you sign off. Salon might have adopted the mandatory ad viewing my friend, but they didn't invent it. AOL has been using these for years. Subscribers are forced to view several ads of "special offers" before they can even begin to navigate through the "service." It's like playing Where's Waldo trying to find the Close button on some of these windows. AOL doesn't want third parties designing software to be used on their networks because it would be detrimental to their advertising income. Fewer members using their software translates into fewer eyes viewing their ads, which reduces the value of their ad space. It's a safe bet that AOL will do everything in its power to ensure that people continue to use its software.

AOL has one good feature (4, Insightful)

Paul Carver (4555) | about 13 years ago | (#2407653)

As a single person without children I've never had any desire to use AOL, but I know lots of AOL users. There is at least one good reason to use AOL. Years ago internet access was $20/month and that gave you one email account. Meanwhile, AOL gave allowed you to create many accounts. Which is the better choice for a family with several children? One account shared between mom, dad, and all the kids, multiple accounts with some (possibly outrageous) surcharge per POP account, or one AOL account with lots of screen names?

Even now, most ISPs will give you a couple of POP mailboxes for $15-$20/month, but few if any provide the ease and convenience of creating new "screen names" that AOL provides. Try telling a 12-16 year old girl that she can't change her screen name to avoid some pre-pubescent geek who's harrasing her via email.

Excellent! (0)

Anonymous Coward | about 13 years ago | (#2407662)

I've been looking for this for the past year, so I can sell my cable modem bandwidth to my AOL-addicted neighbors, over 802.11b from my attic!

Given that I'm not exactly on the legal side of the fence, this will make it much easier to plug/play this scheme.

And give myself free cable modemness in the meantime ...

Bwaa Haaa Haaa Haaa

Only part of the equation (1)

DamienMcKenna (181101) | about 13 years ago | (#2407665)

One of the main reasons why so many people use AOL is because AOL is easier to use than many other interfaces. Having the protocol is the start on the road to an openAOL, but it will still need good, user-friendly client software.

Slashdot privacy (way offtopic, mod accordingly) (0)

Anonymous Coward | about 13 years ago | (#2407681)

Is posting anonymous private? Obviously they don't store your userid on the message record, but they stored the last posted message time and a timestamp on each comment posted. Couldn't this be used to find out the last anonymous comment posted by an individual?
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?