November 23, 2010

qq protocol analysis

the popular QQ protocol is reimplemented by open source community at eva.sourceforge.net, it is also known as libeva.


libeva is used by gaim, miranda and others for adding support to QQ.


The QQ packet is encrypted using TEA algorithm. The session key is created when login. The KEK (key encryption key) is MD5(MD5(password)), and another layer of trivial hard-coded key TEA encryption. In order to sniff QQ, one has to know the login password and therefore to derive the session key.

No comments:

Post a Comment