The attached patch adds the "Password Hash" label to AIM_TLV_PASSWORD
(0x0025) which was previously "Unknown".
The presence of 0x004c, which is also "Unknown", means that AIM is using
the newer method of MD5 authentication as opposed to the older one:
NEWER METHOD: hash(key + hash(password) + "AOL Instant Messenger (SM)")
OLDER METHOD: hash(key + password + "AOL Instant Messenger (SM)")
Unfortunately, I cannot test this older method and am not sure of a
fitting label for 0x004c.
Please CC replies to me as I'm not subscribed.
Regards,
Jon Oberheide
jon@xxxxxxxxxxxxx
--- ethereal-0.10.3.old/packet-aim.c 2004-03-25 17:21:16.000000000 -0500
+++ ethereal-0.10.3.new/packet-aim.c 2004-04-10 21:32:00.756357056 -0400
@@ -164,6 +164,7 @@
{ AIM_TLV_ERRORCODE, "Error Code", FT_UINT16 },
{ AIM_TLV_EMAILADDR, "Account Email address", FT_STRING },
{ AIM_TLV_REGSTATUS, "Registration Status", FT_UINT16 },
+ { AIM_TLV_PASSWORD, "Password Hash", FT_BYTES },
{ AIM_TLV_LATESTBETABUILD, "Latest Beta Build", FT_UINT32 },
{ AIM_TLV_LATESTBETAURL, "Latest Beta URL", FT_STRING },
{ AIM_TLV_LATESTBETAINFO, "Latest Beta Info", FT_STRING },