The ICQ Protocol is, somewhat surprisingly, the protocol that ICQ uses to communicate with the ICQ Server and other ICQ users. There are five known versions of the protocol:

  • Version 1: Obsolete. No publicly released ICQ clients have used it.
  • Version 2: The oldest version still in use, used by the Java client. Later versions of the protocol are based on it, so it is useful to know about it in order to understand how ICQ works. Most functions are performed by firing UDP packets at the server and hoping they arrive.
  • Version 3: Never used in publicly released ICQ clients, however the server sends packets to version 4 clients in the version 3 format.
  • Version 4: The major difference between version 3 and 4 packets is that version 4 packets use a crude form of encryption; while this is better than having no security at all, it is more like obscurity than security.
  • Version 5: Used by the newer clients. In an attempt to remove some of the strain of nine million ICQ users from the server, many functions are now performed directly between clients via TCP/IP.
  • Version 7 (OSCAR): Said to be broadly based on the AIM protocol (now that AOL owns ICQ). Even through ICQ is better than AIM, the OSCAR protocol is apparently much nicer to work with. Not much is known about it at the moment; as of this edit it is still being reverse-engineered.

One of the more annoying aspects of the protocol is that the designers thought it necessary to do bizarre things with the byte order of most of the fields in the packets; for example, all packets start with two bytes denoting the packets version - however these are sent as 05 00 - backwards. This may seem a trivial thing, but it is confusing when trying to hack together a client in a language not designed for byte manipulation (cough, Visual Basic {don't laugh}).

The epicentre for information about the ICQ protocol can be found at <http://www.d.kth.se/~d95-mih/icq/>.