Prakash
Reputation: 482
How to decode the AOL Feedbag 1.1 file
In AOL AIM 7, under the path "C:\Users\Prakash\AppData\Roaming\acccore\caches\users\UserA", there is a file "feedbag".
The file is not in text format. Its format is as shown in the picture below when opened in Notepad++.
How can we decode this information?
Feedbag file can be downloaded from the link below: https://drive.google.com/file/d/0B6cirpFZgAoZXzNMR0llenFua00/view?usp=sharing
------------------ update1: on oct 18-----------------------------------------
It is found that the file feedbag is created ( or updated if that file already exists) only when AIM user is sing-in the AIM Instant Messenger. If any contact (buddy) goes offline or online, the file is not updated - this would be one of the great limitation in our code to find the exact online members of each Blast Group.
I sign-in in AIM IM using the account qaninjazz (display name is qaninjazz3). There is a blast group PTGrp and it has four members. Currently, only two members (qaninjazz and presenqa) are online.
(presenqa user was already signed-in in web browser iwantim.com before I sign-in in AIM IM)
I run the code against the neweset feedbag file created but it does not list any members of the PTGrp. I have attached the output of this test here: https://drive.google.com/file/d/0B6cirpFZgAoZdV9PekxwdTJjQkk/view?usp=sharing
The code should have listed the online members of the PTGrp but it did not. May be, the AIM itself does not put the up-to date data in the file itself.
However, in the output screenshot, we can see that a member of Group for "age" and "NewAIMUsers".
But mr_parker is not online now - this would be a big question because we need only the online members.
"age" is the group that was created in the AIM so it is not blast group.
Based on all these information, I think that we cannot rely on the file feedbag for getting the online members of blast groups.
My basic requirement is to know the participants (online members) of the AIM Blast Group when the user chat on that group.
I am wondering if there is any AOL API or third party API or oscar API to find out the members of blast group in real time.
Please let me know if you want any further information.
Link for the feedbag file that was created on Oct18:
https://drive.google.com/file/d/0B6cirpFZgAoZU254b0hCWTVwTkE/view?usp=sharing
Link for output file:
https://docs.google.com/document/d/1LsNO4-kisjMGP8LtXdSddQC-DbYbfYo_D0WYsqvtgG8/edit?usp=sharing
------------------update1:---------------------------------------------------
Upvotes: 4
Views: 473
Answers (4)
Todd
Reputation: 972
AOL Feedbag files usually contain information about an AIM buddy list.
The the following files give some insight on the wireformat file also references documents for the wire format for feedbag data -- and may help decode the data that follows the names (see comment about unknown data)
https://web.archive.org/web/20081224015759/http://dev.aol.com/aim/oscar/#FEEDBAG
I was able to figure out how to dump the names of the buddies and groups, buddies follow a group, with matching groupdId, groupId == 0 isn't really a group, it contains other meta data about buddies or the buddy list app.
Sorry the code is in C, I don't have a C# environment. Also keep in mind that the FEEDBAG file is in Network order, so you have to 'swap' the integer's byte order if you are on an Intel box
test.cpp
// BuddyList.cpp : Defines the entry point for the console application.
//
#include "stdafx.h"
#include "stdio.h"
#include "stdlib.h"
#include "stdint.h"
#include <stdarg.h>
#include <ctype.h>
#include <errno.h>
#define SWAP_UINT16(x) _byteswap_ushort(x)
char* asprintf(char* format, ...);
void dump_buffer(unsigned n, const char* buf);
char feedbag[] = "AOL Feedbag 1.1";
int main() {
FILE *fp;
// open the file
fp = fopen("./feedbag", "rb");
if (fp == NULL)
{
perror("Error while opening the file.\n");
return -1;
}
printf("sizeof feedbagstring %ld\n", sizeof(feedbag));
// seek past file header AOL Feedbag 1.1<null><null>
int offset = sizeof(feedbag) + 1;
fseek(fp, offset, SEEK_SET);
int16_t numberOfFeedbagItems = 0;
// number of buddies
fread(&numberOfFeedbagItems, 1, sizeof(numberOfFeedbagItems), fp);
numberOfFeedbagItems = SWAP_UINT16(numberOfFeedbagItems);
for (int ii = 0; ii < numberOfFeedbagItems; ii++) {
// u16 2 bytes Unsigned two byte short
// string16 u16 + data Two byte length followed by that many bytes of data
// tlvLBlock u16 + data Two byte length of elements, followed by that many bytes of elements
// https://web.archive.org/web/20081224015759/http://dev.aol.com/aim/oscar/#FEEDBAG__Item
//This is a single Feedbag item.
// Name Type Notes
// name string16 UTF8 string of the item's name; maximum length of 97 characters
// groupId u16 ID of the group of which the item is part
// itemId u16 ID inside the group; if 0 then this is the definition of the group
// classId u16 [Class: FEEDBAG__CLASS_IDS] ID of the class of which this item is a member
// attributes tlvLBlock [Class: FEEDBAG__ATTRIBUTES] All the attributes for the item; a group must contain the ORDER attribute
char* name = 0;
uint16_t nameLen = 0;
char* attributes = 0;
uint16_t attributesLen = 0;
uint16_t groupId, itemId, classId;
fread(&nameLen, 1, sizeof(nameLen), fp);
nameLen = SWAP_UINT16(nameLen);
if (nameLen) {
name = (char *)calloc(1, nameLen + 1);
fread(name, 1, nameLen, fp);
}
//ID of the group of which the item is part
fread(&groupId, 1, sizeof(groupId), fp);
groupId = SWAP_UINT16(groupId);
// ID inside the group; if 0 then this is the definition of the group
fread(&itemId, 1, sizeof(itemId), fp);
itemId = SWAP_UINT16(itemId);
//FEEDBAG__CLASS_IDS
//https://web.archive.org/web/20081224015759/http://dev.aol.com/aim/oscar/#FEEDBAG__CLASS_IDS
fread(&classId, 1, sizeof(classId), fp);
classId = SWAP_UINT16(classId);
// variable length buffer
fread(&attributesLen, 1, sizeof(attributesLen), fp);
attributesLen = SWAP_UINT16(attributesLen);
if (attributesLen) {
// attributes tlvLBlock [Class: FEEDBAG__ATTRIBUTES]
// All the attributes for the item; a group must contain the ORDER attribute
// https://web.archive.org/web/20081224015759/http://dev.aol.com/aim/oscar/#FEEDBAG__ATTRIBUTES
attributes = (char *)calloc(1, attributesLen);
fread(attributes, 1, attributesLen, fp);
}
if (groupId == 0 && itemId == 0) {
printf("root: groupdId:%d itemId:%d classId:%d\n", groupId, itemId, classId);
} else
if (itemId != 0) {
if (classId == 0) {
if (name) {
printf("\n\tbuddy: %s groudId:%d itemId:%d classId:%d\n", name, groupId, itemId, classId);
}
}
else if (name) {
printf("\n\tdata: %s groudId:%d itemId:%d classId:%d\n", name, groupId, itemId, classId);
//printf("\t\t hexdump:");
//for (int ii = 0; ii < attributesLen; ii++) {
// printf("%02x", attributes[ii]);
//}
//printf("\n");
dump_buffer(attributesLen, attributes);
}
else {
name = "<unknown>";
switch (classId) {
case 5:
name = "Buddy List Preferences";
break;
case 20:
name = "BART IDs; name is the BART Type";
break;
case 38:
name = "??? classId(38)";
break;
default:
name = asprintf("classId %d", classId);
break;
}
printf("\n\tdata: %s groupdId:%d itemId:%d classId:%d\n", name, groupId, itemId, classId);
}
}
else if (classId == 1) {
if (name == NULL) {
name = "<unknown>";
}
printf("group: %s groupdId:%d itemId:%d classId:%d\n", name, groupId, itemId, classId);
}
else {
printf("\nunknown: %s groupdId:%d itemId:%d classId:%d\n", name, groupId, itemId, classId);
}
if (nameLen) free(name);
if (attributesLen) free(attributes);
}
fclose(fp);
return 0;
}
void dump_buffer(unsigned n, const char* buf)
{
int on_this_line = 0;
fputs("\n\t", stdout);
while (n-- > 0) {
fprintf(stdout, "%02X ", (unsigned char)*buf++);
on_this_line += 1;
if (on_this_line == 16 || n == 0) {
int i;
fputs(" ", stdout);
for (i = on_this_line; i < 16; i++)
fputs(" ", stdout);
for (i = on_this_line; i > 0; i--)
fputc(isprint((unsigned char)buf[-i]) ? (unsigned char)buf[-i] : '.', stdout);
fputs("\n\t", stdout);
on_this_line = 0;
}
}
fputs("\n", stdout);
}
char* asprintf(char* format, ...) {
char *ret = 0;
if (!format) return 0;
va_list args;
va_start(args, format);
int size = _vscprintf(format, args);
if (size > 0) {
size++; //for null
ret = (char*)malloc(size + 2);
if (ret) _vsnprintf(ret, size, format, args);
}
va_end(args);
return ret;
}
Output
sizeof feedbagstring 16
root: groupdId:0 itemId:0 classId:1
data: Buddy List Preferences groupdId:0 itemId:1 classId:5
data: 0 groudId:0 itemId:2 classId:38
00 67 00 04 55 0B B9 58 00 7A 00 04 00 00 81 72 .g..U..X.z.....r
00 79 00 3C 67 85 6E A6 DC 6D 5E 51 01 32 B7 28 .y.<g.n..m^Q.2.(
61 57 51 02 55 0B B9 58 00 00 00 00 00 00 00 00 aWQ.U..X........
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
01 6D 00 1B 74 65 78 74 2F 61 6F 6C 72 74 66 3B .m..text/aolrtf;
63 68 61 72 73 65 74 3D 22 75 74 66 2D 38 22 charset="utf-8"
data: 1 groudId:0 itemId:3 classId:20
00 D5 00 07 00 05 02 01 D2 04 72 ..........r
data: [email protected] groudId:0 itemId:4 classId:28
00 65 00 08 70 72 65 73 65 6E 71 61 00 67 00 04 .e..presenqa.g..
55 FA 59 38 01 4B 00 06 02 01 00 05 00 00 00 9D U.Y8.K..........
00 07 70 72 64 70 62 67 74 00 B0 00 09 50 72 65 ..prdpbgt....Pre
73 65 6E 20 51 41 01 31 00 07 70 72 64 70 62 67 sen QA.1..prdpbg
74 t
data: 1024 groudId:0 itemId:5 classId:20
00 D5 00 07 00 05 2B 00 00 32 33 ......+..23
data: classId 4 groupdId:0 itemId:6 classId:4
data: classId 26 groupdId:0 itemId:7 classId:26
data: Travolta Windows groudId:0 itemId:8 classId:54
00 A0 00 04 53 85 C1 4C 00 A1 00 04 56 08 E5 49 ....S..L....V..I
01 50 00 04 00 00 00 6D 01 53 00 04 00 00 00 51 .P.....m.S.....Q
00 9F 00 04 00 00 00 E2 01 60 00 04 56 08 E5 CB .........`..V...
00 8C 00 04 53 85 C1 54 00 8F 00 04 53 85 C1 54 ....S..T....S..T
00 A4 00 04 53 85 C1 4C 01 67 00 04 00 00 00 00 ....S..L.g......
00 AF 00 02 40 02 ....@.
data: Travolta Web groudId:0 itemId:9 classId:54
00 A0 00 04 53 85 C1 55 00 A1 00 04 56 0C D5 48 ....S..U....V..H
01 50 00 04 00 00 00 02 01 53 00 04 00 00 00 02 .P.......S......
00 9F 00 04 00 00 00 0C 01 60 00 04 56 0C D5 EA .........`..V...
00 8C 00 04 53 85 C1 56 00 8F 00 04 53 85 C1 56 ....S..V....S..V
00 A4 00 04 53 85 C1 4C 01 67 00 04 00 00 00 00 ....S..L.g......
00 AF 00 02 00 02 ......
data: classId 56 groupdId:0 itemId:10 classId:56
data: presenqa groudId:0 itemId:11 classId:51
01 C7 00 04 00 00 00 00 01 C8 00 04 00 00 00 00 ................
01 C9 00 04 56 04 E6 0C 01 31 00 09 50 72 65 73 ....V....1..Pres
65 6E 20 51 41 en QA
data: combinedService groudId:0 itemId:12 classId:44
00 8B 00 04 55 64 38 A4 00 98 00 04 00 00 00 05 ....Ud8.........
data: classId 29 groupdId:0 itemId:13 classId:29
data: aolsystemmsg groudId:0 itemId:14 classId:51
01 C9 00 04 55 DD 4D 5C 01 C7 00 04 55 DD 4D 5C ....U.M\....U.M\
data: [email protected] groudId:0 itemId:15 classId:51
01 C7 00 04 00 00 00 00 01 C8 00 04 00 00 00 00 ................
01 C9 00 04 55 E4 2B 3D ....U.+=
data: [email protected] groudId:0 itemId:16 classId:28
00 9D 00 04 31 32 33 34 00 B0 00 09 50 72 65 73 ....1234....Pres
65 6E 20 51 41 00 67 00 04 56 09 0A 27 01 4B 00 en QA.g..V..'.K.
06 02 01 00 05 00 00 01 31 00 04 31 32 33 34 ........1..1234
data: aimNewTOS groudId:0 itemId:17 classId:57
01 CC 00 04 53 F5 7A F1 01 CB 00 04 53 F5 7A F1 ....S.z.....S.z.
00 B6 00 04 00 00 00 01 00 B9 00 0E 00 00 00 01 ................
00 00 28 A0 00 00 00 01 00 00 ..(.......
data: nirajb groudId:0 itemId:18 classId:51
01 C7 00 04 00 00 00 00 01 C8 00 04 00 00 00 00 ................
01 C9 00 04 55 E4 2E CF 01 31 00 0B 45 64 69 74 ....U....1..Edit
65 64 42 75 64 64 79 edBuddy
data: [email protected] groudId:0 itemId:19 classId:28
00 65 00 00 00 67 00 04 55 E7 E5 30 01 4B 00 06 .e...g..U..0.K..
02 01 00 05 00 00 00 9D 00 0A 74 65 63 68 76 6F ..........techvo
72 74 65 78 01 31 00 0A 54 65 63 68 56 6F 72 74 rtex.1..TechVort
65 78 ex
data: yashbajra groudId:0 itemId:20 classId:51
01 C7 00 04 00 00 00 00 01 C8 00 04 00 00 00 00 ................
01 C9 00 04 55 E5 36 00 01 31 00 10 59 61 73 68 ....U.6..1..Yash
20 42 61 6A 72 61 63 68 61 72 79 61 Bajracharya
data: designers groudId:0 itemId:21 classId:51
01 C7 00 04 00 00 00 00 01 C8 00 04 00 00 00 00 ................
01 C9 00 04 55 E5 2A FD 01 31 00 09 44 65 67 69 ....U.*..1..Degi
6E 65 72 73 32 ners2
data: [email protected] groudId:0 itemId:22 classId:51
01 C7 00 04 00 00 00 00 01 C8 00 04 00 00 00 00 ................
01 C9 00 04 56 04 D4 07 ....V...
data: [email protected] groudId:0 itemId:23 classId:51
data: [email protected] groudId:0 itemId:24 classId:28
00 65 00 00 00 67 00 04 55 E8 2B 3C 01 4B 00 06 .e...g..U.+<.K..
02 01 00 05 00 00 00 9D 00 09 64 65 76 62 6C 61 ..........devbla
73 74 32 01 31 00 05 28 44 45 56 29 st2.1..(DEV)
data: [email protected] groudId:0 itemId:25 classId:51
01 C7 00 04 56 04 E3 D5 01 C9 00 04 56 0E 10 ED ....V.......V...
01 31 00 15 43 68 6F 77 69 74 61 28 45 64 69 74 .1..Chowita(Edit
65 64 42 75 64 64 79 29 3A edBuddy):
data: [email protected] groudId:0 itemId:26 classId:28
00 65 00 00 00 67 00 04 55 08 0E 4E 01 4B 00 06 .e...g..U..N.K..
02 01 00 05 00 00 00 9D 00 04 62 67 30 32 01 31 ..........bg02.1
00 04 42 47 30 32 ..BG02
data: [email protected] groudId:0 itemId:27 classId:51
01 C7 00 04 00 00 00 00 01 C8 00 04 56 08 E5 88 ............V...
01 C9 00 04 00 00 00 00 ........
data: 1 groudId:0 itemId:28 classId:38
01 6B 00 29 3C 68 74 6D 6C 3E 3C 62 6F 64 79 3E .k.)<html><body>
41 62 6F 75 74 20 51 41 20 4E 69 6E 6A 61 20 3C About QA Ninja <
2F 62 6F 64 79 3E 3C 2F 68 74 6D 6C 3E /body></html>
data: [email protected] groudId:0 itemId:29 classId:51
01 C7 00 04 00 00 00 00 01 C8 00 04 00 00 00 00 ................
01 C9 00 04 56 08 E2 17 ....V...
data: [email protected] groudId:0 itemId:30 classId:51
01 C7 00 04 00 00 00 00 01 C8 00 04 00 00 00 00 ................
01 C9 00 04 56 08 E5 1B ....V...
data: shristivm groudId:0 itemId:31 classId:51
01 C9 00 04 56 0A 0F 20 01 31 00 0A 53 68 72 69 ....V.. .1..Shri
73 74 69 20 56 4D sti VM
data: shristi01 groudId:0 itemId:32 classId:51
01 C7 00 04 00 00 00 00 01 C8 00 04 00 00 00 00 ................
01 C9 00 04 00 00 00 00 01 31 00 09 53 68 72 69 .........1..Shri
73 74 69 20 42 sti B
data: [email protected] groudId:0 itemId:33 classId:28
00 65 00 08 70 72 65 73 65 6E 71 61 00 67 00 04 .e..presenqa.g..
56 0D 2C A1 01 4B 00 06 02 01 00 05 00 00 00 9D V.,..K..........
00 0E 32 66 72 6E 64 67 72 6F 75 70 63 68 61 74 ..2frndgroupchat
00 B0 00 09 50 72 65 73 65 6E 20 51 41 01 31 00 ....Presen QA.1.
11 32 20 66 72 6E 64 20 67 72 6F 75 70 20 63 68 .2 frnd group ch
61 74 at
data: classId 40 groupdId:0 itemId:34 classId:40
data: [email protected] groudId:0 itemId:35 classId:28
00 65 00 00 00 67 00 04 56 01 38 AF 01 4B 00 06 .e...g..V.8..K..
02 01 00 05 00 00 00 9D 00 05 70 74 67 72 70 01 ..........ptgrp.
31 00 05 50 54 47 72 70 1..PTGrp
data: prabhakarg groudId:0 itemId:36 classId:51
01 C9 00 04 55 C9 A2 6F 01 C7 00 04 55 C9 A2 6F ....U..o....U..o
data: classId 21 groupdId:0 itemId:37 classId:21
data: shristib groudId:0 itemId:38 classId:51
01 C7 00 04 00 00 00 00 01 C8 00 04 00 00 00 00 ................
01 C9 00 04 55 E5 2B 14 01 31 00 04 5B 73 62 5D ....U.+..1..[sb]
data: [email protected] groudId:0 itemId:39 classId:51
01 C7 00 04 00 00 00 00 01 C8 00 04 00 00 00 00 ................
01 C9 00 04 56 04 E1 E8 ....V...
data: qaninjazz groudId:0 itemId:40 classId:51
01 C9 00 04 56 02 8B CA 01 C7 00 04 56 02 8B CA ....V.......V...
data: [email protected] groudId:0 itemId:41 classId:28
00 65 00 00 00 67 00 04 56 02 91 FD 01 4B 00 06 .e...g..V....K..
02 01 00 05 00 00 00 9D 00 07 74 65 73 74 67 72 ..........testgr
70 01 31 00 07 54 65 73 74 47 72 70 p.1..TestGrp
data: [email protected] groudId:0 itemId:42 classId:51
01 C9 00 04 00 00 00 00 ........
data: [email protected] groudId:0 itemId:43 classId:28
00 9D 00 05 31 32 33 34 35 00 B0 00 09 50 72 65 ....12345....Pre
73 65 6E 20 51 41 00 67 00 04 56 09 11 DD 01 4B sen QA.g..V....K
00 06 02 01 00 05 00 00 01 31 00 05 31 32 33 34 .........1..1234
35 5
data: [email protected] groudId:0 itemId:44 classId:51
data: [email protected] groudId:0 itemId:45 classId:28
00 65 00 00 00 67 00 04 55 D2 D0 42 01 4B 00 06 .e...g..U..B.K..
02 01 00 05 00 00 00 9D 00 0D 64 65 76 5F 62 6C ..........dev_bl
61 73 74 5F 67 72 70 01 31 00 16 44 65 76 5F 42 ast_grp.1..Dev_B
6C 61 73 74 5B 61 62 63 5D 5F 47 72 70 28 3A 44 last[abc]_Grp(:D
29 )
data: [email protected] groudId:0 itemId:46 classId:51
01 C7 00 04 00 00 00 00 01 C8 00 04 00 00 00 00 ................
01 C9 00 04 56 04 E1 26 ....V..&
data: [email protected] groudId:0 itemId:47 classId:51
group: Buddies groupdId:1 itemId:0 classId:1
buddy: yashbajra groudId:1 itemId:1066 classId:0
buddy: ShristiB groudId:1 itemId:2165 classId:0
buddy: Designers groudId:1 itemId:5050 classId:0
buddy: QABuddies groudId:1 itemId:7165 classId:0
buddy: SameerK groudId:1 itemId:9163 classId:0
buddy: PrabhakarG groudId:1 itemId:10806 classId:0
buddy: qaninjazz groudId:1 itemId:14826 classId:0
buddy: PrabeshM groudId:1 itemId:18369 classId:0
buddy: PMs groudId:1 itemId:20865 classId:0
buddy: [email protected] groudId:1 itemId:21590 classId:0
buddy: Developers groudId:1 itemId:24328 classId:0
buddy: [email protected] groudId:1 itemId:26002 classId:0
buddy: shristi01 groudId:1 itemId:26093 classId:0
buddy: NirajB groudId:1 itemId:26636 classId:0
group: Family groupdId:2 itemId:0 classId:1
group: Co-Workers groupdId:3 itemId:0 classId:1
group: 1234 groupdId:4 itemId:0 classId:1
group: TechVortex groupdId:5 itemId:0 classId:1
group: Recent Buddies groupdId:6 itemId:0 classId:1
buddy: presenqa groudId:6 itemId:1 classId:0
buddy: [email protected] groudId:6 itemId:2 classId:0
buddy: shristivm groudId:6 itemId:3 classId:0
group: BG02 groupdId:7 itemId:0 classId:1
group: (DEV) groupdId:8 itemId:0 classId:1
group: prdpbgt groupdId:9 itemId:0 classId:1
group: 12345 groupdId:10 itemId:0 classId:1
group: PTGrp groupdId:11 itemId:0 classId:1
group: TestGrp groupdId:12 itemId:0 classId:1
group: 2 frnd group chat groupdId:13 itemId:0 classId:1
group: Dev_Blast[abc]_Grp(:D) groupdId:15 itemId:0 classId:1
Upvotes: 2
egrunin
Reputation: 25083
The document cited by @user2174714 shows a hex dump of such a file. One thing I can see is that the group names are preceded by two-byte int containing the length of the name.
00000040 FF 00 07 42 75 64 64 69 65 73 00 01 00 00 00 01 ÿ..Buddies......
00000050 00 00 00 06 46 61 6D 69 6C 79 00 02 00 00 00 01 ....Family......
00000060 00 00 00 0A 43 6F 2D 57 6F 72 6B 65 72 73 00 03 ....Co-Workers..
00000070 00 00 00 01 00 00 42 A1 43 87 ......B¡C‡
Upvotes: 0
grael
Reputation: 655
My guess is that it's a bytecode produced by Common Intermediate Language.
According to https://en.wikipedia.org/wiki/Common_Intermediate_Language#Generation you can reverse it using a tool called ILDASM - https://msdn.microsoft.com/en-us/library/aa309387(v=vs.71).aspx
Upvotes: 1
Related Questions
- How to solve encoding problem reading feed
- How to decode and unzip text back?
- How to decode Feedburner result containing \x3c and so on
- Converting ASCII file to UTF8
- C# Decrypting a AES256 encrypted file
- Encoding issue when reading .eml file from MailBee
- Decoding 8bit mail message: Content-Transfer-Encoding: 8bit
- Converting Mike Shaffer's RC4Encryption to C#
- c# file encoding and decoding, unreadable
- Encoding conversion from RSS feed chars