compute the icq password

This form will compute your real password captured with any network logger as ethereal or tcpdump. For instance in ethereal would have to find the packet containing the "encrypted" password. Afterwards paste the hex-bytes you find it in the form below.

Of course this is meant for educational purpose only. In the first place I wrote this script to a) get used to java script and b) to have a fast way to compute passwords given in hex and "crypted" with the so called "roast array".
This roast array is used to compute the password. Take the first byte and XOR it with the first byte in the roast array and you get the first hex number of your password. Take the next password byte and XOR it to the next roast array number ... and so on
roast_array="F3 26 81 C4 39 86 DB 92 71 A3 B9 E6 53 7A 95 7C"
Asking yourself why they did "encryption" at all? Here a few reasons:

Doing encryption this way makes it harder to get the password without knowing "what is going on".
This encryption sheme removes repeating patterns. For instance this is the same what the enigma did in the second world war.
An example: try to guess the password without encyption given this pattern "47 47 47 47". Yeah it's "gggg". You see it's quite obvious compared to the encrypted version which would be: "B4 61 C6 83".

But why didn't they include a better security mechanism you ask youself?

It costs money
You can't sell it. Look "who is using icq"? Are the users interested in security? I would say most of them not or they would be using something else.
Of course backward compatibility is important - introducing a new password encryption sheme would change the whole protocol or at least some parts. And that's work you can't get anything form.

Are there solutions to this problem? Yes there are altough you won't like them. First would be not using icq while you're in a network you can't trust the gateway (as for example on a lan-party or at a _friend_). But you could use a vpn or a ssh tunnel with port forwarding and bridge the signal flow from your pc to a server in the internet you trust (in most cases this has to be your computer).
please paste your key in hex "83 47 F2 B7 4E E9 A9 F6" How can I get the hexdump output? I've tried also ngrep with this command:
ngrep -d eth1 "Product of" -x

...
  2a 01 1f 0e 00 84 00 00    00 01 00 01 00 09 33 33    *.............22
  33 33 33 33 33 33 33 00    02 00 06 9f 4f ef b1 41    2222222.....O..A
  fe 00 03 00 33 49 43 51    20 49 6e 63 2e 20 2d 20    ....3ICQ Inc. -
  50 72 6f 64 75 63 74 20    6f 66 20 49 43 51 20 28    Product of ICQ (
...

In Green: number of password bytes
In Red: password xored to roast array
ICQ Number: 222222222 with password: linuxx *hehe* ;-)

Thanks to: http://iserverd.khstu.ru/oscar/cli_ident.html