ICQ Password Stealing Tutorial (aka How to shag UIN’s)


A. Introduction:

----------------

Since the introduction of ICQ in 1997, its popularity grew very fast!
ATM (2001-11-01), more than 137130215 people are using/have used ICQ.
And since many users of ICQ are interested in how it works, they began
to study the program and it’s protocol. Lots of users asked where their
info, address book, etc. was stored, well the answer is simple:

ICQ uses 2 files to store its information, an uin.IDX and an uin.DAT
file, together they are called the DataBase.

The uin.DAT file is the actual database and contains everything
(messages, contacts etc.) and the uin.IDX serves as an index for the
database by having a chain of entry's pointing to the uin.DAT file.
The Database is saved in “Directory where you put ICQ\ICQ Version”
Example: ICQ is installed in “C:\Program Files\ICQ” and your version is
“2001b” --> The DB can be found in “C:\Program Files\ICQ\2001b”


NOTES: UIN = Your ICQ Number.
Example: Your UIN is 1001 à Your files are called
1001.idx and 1001.dat

ICQ Versions
Other versions are 98a, 99a, 99b, 2000a, 2000b

Very Old ICQ Versions & Databases
Very old versions ICQ store the DB into “Directory
where you put ICQ\DB” (ex. C:\Program Files\DB).

ICQ v 2001b
ICQ seems to store your DB in the folder 2001a and
NOT 2001b ... Strange, but I guess it has something
to do with the fact that version 2001a was never
released (it was the beta version)



B. Needed things to crack passwords
-----------------------------------

- The actual DataBase of someone (so the uin.DAT file on its own is
good)

- ICQr Information (http://www.headstrong.de)

“ICQr Information is able to read and reveal personal information, such
as nickname, address, birthday and much more. As it's THE ONLY KNOWN
program that can display passwords of ICQ 99a/b and 2000a/b, it can be
used to get back your own lost password!”

Now you see where I’m heading?

The only problem is to get uin.DAT files, which is explained in the
next topic.

Oh, by the way, did I mention that the maximum length of an ICQ
password is 8 chars?



C. Getting DAT Files
---------------------

There are 2 ways of getting DAT files

1. The easy way
---------------

If you know the victim, just ask him if you may work on his
computer, and while doing that grab the dat file, without him
noticing.

Of course, this can only be done with friends you personally know.

2. The hard way
---------------

Go to a search engine like google, hotbot, etc. and search for
“ICQ, DAT, IDX” (or something like that. Most of the links found
are non-interesting for us; they are only articles on DAT and IDX
files or something like that. Links that are interesting for us are
links like this:

Index of /~jkrishna/icq/2000b
03-Oct-2000 08:42 - 12941716.dat 31-Oct-2000 08:21 2.1M
12941716.idx 31-Oct ...

As you can see, this is a backup of ICQ made by that person
(jkrishna). Of course he/she was stupid enough to include the dat
and idx file.

The only thing you have to do is to download the DAT file and open
it with ICQr Information and you’re done; you have the password.


NOTE: You can search DAT files by using file-sharing programs
like kazaa, Morpheus, etc. because lots of users share their
whole Hard Disk.

Some of the passwords might not work. Why? Well, there are several
reasons:

- Someone was faster than you and already took that UIN
- The password has already been changed by the person who
originally registered the UIN.
- Etc.



D. I have the password, now what?
---------------------------------

Add the registered user to your ICQ (Click on “My ICQ” --> “Change User
on this computer” --> “Add another registered user”

You will now see the form to add another registered user. Click on
“Existing User” and then enter the UIN and the password and click on
next.

If you get the “Password Error” message, it means the password isn’t
correct --> You can’t go on, the password has been changed by the owner
or the UIN has already been taken.

If the registration succeeded, then work quickly! ICQ will
automatically log on with the UIN.
- Quickly switch to advanced mode
- Go to Invisible mode
- Click on “ICQ” --> “Security and privacy”
- Go to the password TAB and enter a new password
- Then click on “ICQ” --> “View/Change my details”
- First of all remove the E-mail addresses that are given!
- Now you can change the info as you like.

Tadaa, the UIN is yours! Of course don’t log on with the new UIN within
the first month, cos’ if you do, the old contacts of the previous
owner, or the previous owner with a new UIN will spoof your newly
obtained UIN.

TIP: Add the old contacts to the ignore list if you do use the UIN
immediately

BUT: When you steal a uin the victim can easily get his password back.
He just has to go to http://www.icq.com/password and enter his UIN
and e-mail address (it doesn’t matter if you deleted it out of the
database, any valid old e-mail address that has been entered is
OK) and he’ll get his password sent to his e-mail address.

Now this tutorial is rather meaningless one might say, but don’t
go yet, you might wanna read Appendix 1 (at the end of this
document) to know the solution for this problem ...



E. Are there any other methods for getting passwords?
-----------------------------------------------------

Of course!

1. The E-Mail trick
-------------------

This passage is taken from The ICQ Security Tutorial, which was
made by barakirs@netvision.net.il

<Passage>
Some people write fake Email addresses in their info, such as
fuck-off@hotmail.com, fake@not.real.com etc'. In the first case
(fuck-off@hotmail.com), you could try to see if fuck-
off@hotmail.com belongs to someone. If not, register it, and then
go to www.icq.com and look for the "forgot your password?" link.

Enter the victim's UIN, and the password will be sent to "his"
Email address (fuck-off@hotmail.com). Then, login to your hotmail
account and wait for the password to show up in your inbox...

Here's another example: the victim puts fake@pentagon.com as his
Email address. Too bad he didn't write pentagon.gov, because
pentagon.com are giving free Email addresses AFAIK (As Far As I
Know). Simply register fake@pentagon.com and get his password.

If your victim wrote something like this: fake@not.real.com, you
could always try to register real.com for 70$, register the sub
domain not.real.com, put a POP3 mail server there, register the
account "fake", and walla! You now own fake@not.real.com. Okay, I
know, most people won't go into so much trouble just to get
someone's ICQ password... but what the heck.
</Passage>

You could also try making your victim believe that something
special happens when he changes his e-mail address in the info to
yours. Some newbies believe this!


2. The Method that doesn’t work most of the time
------------------------------------------------

Just ask your victim!

YOU : Give me your pw.
HIM : OK


F. Conclusion
-------------

If you do get a password out of a DB and can use it, change it, but use
a hidden ASCII character in it or your victim will easily get his
password back

If the password is outdated, you could use the password for something
else. Maybe the password is the same that he uses for his e-mail. Try
it, maybe you can hack his e-mail.



Appendix 1: How do I make a UIN password proof?
-----------------------------------------------

There is only one way that I know of on how to make that people will
NEVER get their password back: Use a hidden ASCII character in your
password!

Example: If the password is “hello”, change it to “[ALT+0160]hello”
ALT+0160 is a hidden ASCII character and if people retrieve
their password (which has been changed by you) they will only
see “hello”, without the hidden character.

Wtf? Directly from my inbox:

"I do not reali understand Appendix 1, as I m not very
familiar with ASCII characters as u said in the tutorial
>Example: If the password is “hello”, change it to
“[ALT+160]hello” ALT+0160 is a hidden ASCII character<
how do u change it to >[ALT+0160]hello< in ICQ, coz theres
only 8 characters in pw"

The answer is quite simple: [ALT+0160] is a keycode.
So while pressing the ALT key type "0160" on your keypad. Then
let go of the ALT key and you'll notice that you have one
character.
For those who still don't get it, it's between the brackets:
[ ] <-- copy the character that is between the brackets.

Credits


Version 1.1
2001-12-08
By Felicity Shagwell
felicity@felicity.fateback.com
http://www.felicityshagwell.tk