Login | Register   
RSS Feed
Download our iPhone app
Browse DevX
Sign up for e-mail newsletters from DevX

By submitting your information, you agree that devx.com may send you DevX offers via email, phone and text message, as well as email offers about other products and services that DevX believes may be of interest to you. DevX will process your information in accordance with the Quinstreet Privacy Policy.


Create a Java TOC2 Class to Communicate with AIM : Page 2

Instant messaging is more than a great way to keep in touch: It's a full-fledged business tool and there are plenty of reasons that you might be interested in extending your favorite IM service into a custom chat application. But if you choose AIM, you'll need to be armed with some detailed information about its brand new protocol.




Application Security Testing: An Integral Part of DevOps

Logging onto TOC
The JavaTOC2 class provides a login method to connect you to the TOC network. The login method takes two parameters: your AIM Screen Name and your password. The login method is shown here:

public boolean login(String id,String password) throws IOException {

The first thing that the login method does is to open a socket connection to the TOC server.

this.id = id; connection = new Socket(tocHost,tocPort); is = connection.getInputStream(); os = connection.getOutputStream();

The first thing that you must communicate to the TOC server is the token "FLAPON." Next the signon packet is sent, which tells TOC the capabilities of your client.

sendRaw("FLAPON\r\n\r\n"); getFlap(); sendFlapSignon();

To login to the TOC server you must send the command "toc2_signon." This command is of the format:

toc2_signon [auth host] [auth port] [screen name] [password] [language] [version] [160] [code]

This command is constructed with the following lines of code.

String command = "toc2_signon " + authHost + " " + authPort + " " + id + " " + roastPassword(password) + " " + language + " \"" + this.version + "\" 160 " + calculateCode(id,password);

Notice that the password is encoded with a method named roastPassword. This method does very basic encoding on the password, which I will discuss shortly. Likewise, the id and password are both encoded into a number. This number is calculated by a method named calculateCode. This method will also be discussed shortly.

Next the signon command is sent.

sendFlap(DATA,command); String str = getFlap();

If an error is detected, then it is reported to the user, and the login method returns false, indicating an error.

if ( str.toUpperCase().startsWith("ERROR:") ) { handleError(str); return false; }

The login method completes by sending several lines of compatibility information. The following commands give a fairly generic set of capabilities, which should be sufficient for most programs.

this.sendFlap(DATA,"toc_add_buddy " + this.id); this.sendFlap(DATA,"toc_init_done"); this.sendFlap(DATA,"toc_set_caps 09461343-4C7F-11D1-8222-444553540000 09461348-4C7F-11D1-8222-444553540000"); this.sendFlap(DATA,"toc_add_permit "); this.sendFlap(DATA,"toc_add_deny "); return true; }

As previously mentioned, the password is encoded. This process is called "roasting the password." This "encryption" is basically an XOR shift across the password. While the password can be easily decrypted, it at least keeps the password from being transferred in plain text. The roastPassword method is shown here:

protected String roastPassword(String str) { byte xor[] = roastString.getBytes(); int xorIndex = 0; String rtn = "0x"; for ( int i=0;i<str.length();i++ ) { String hex = Integer.toHexString(xor[xorIndex]^(int)str.charAt(i)); if ( hex.length()==1 ) hex = "0"+hex; rtn+=hex; xorIndex++; if ( xorIndex==xor.length ) xorIndex=0; } return rtn; }

In addition to the password a code must be calculated using the calcuateCode method. The calculateCode method is shown here.

protected int calculateCode(String uid,String pwd) { int sn = uid.charAt(0)-96; int pw = pwd.charAt(0)-96; int a = sn * 7696 + 738816; int b = sn * 746512; int c = pw * a; return( c - a + b + 71665152 ); }

Once you complete the login process you are ready to send and receive instant messages.

Comment and Contribute






(Maximum characters: 1200). You have 1200 characters left.



Thanks for your registration, follow us on our social networks to keep up-to-date