Follow Slashdot blog updates by subscribing to our blog RSS feed


Forgot your password?
America Online

The America Online Protocol Revealed 468

Gods Misfit writes "The America Online protocol(Connecting, Logging In, Joining Chats, etc..) has remained a mystery for most of its life. The only way one could log into their AOL account was via the AOL software. A few months ago, some people set out to break down the AOL protocol and open the door for alternative America Online software. This document is the result: The AOL Protocol. A sign on example for Visual Basic programmers has been written and is available here." I suspect a fair number of people never try Linux or one of the BSDs because they're moderately happy with AOL as an ISP, and switching OSes would mean switching ISPs at the same time. A shame that AOL doesn't make this kind of information more easily available.
This discussion has been archived. No new comments can be posted.

The America Online Protocol Revealed

Comments Filter:
  • Silly Rabbit! (Score:5, Interesting)

    by funky49 ( 182835 ) on Tuesday October 09, 2001 @03:21PM (#2407552) Homepage
    I suspect a fair number of people never try Linux or one of the BSDs because they're moderately happy with AOL as an ISP, and switching OSes would mean switching ISPs at the same time. A shame that AOL doesn't make this kind of information more easily available.

    Probably very few people using AOL would consider playing with *nix. If you're playing with other operating systems, you've probably already outgrown AOL. You're not burning ISOs from Redhat that you downloaded via AOL/dialup. If you're on AOL, you're happy and content and most probably don't want to be switching ISPs or playing with a new OS. Besides, just because you're on a new OS, doesn't mean you have to get rid of your M$ partition and AOL as your dialup. People can explore the goodness of *nix on that old computer in the closet they feel bad about donating to the Salvation Army.

    The AOL protocal was a nice reverse engineering hack. Nice work fellows. AOL didn't make it more freely available because it was a proprietary technology. They'd prefer to keep it to themselves or license it out.. otherwise they would have used a published standard.

  • by Milican ( 58140 ) on Tuesday October 09, 2001 @03:21PM (#2407560) Journal
    I don't know the specifics of the DMCA, but I don't believe any form of encryption was broken into. I don't believe that reverse engineering a protocol through trial and error is illegal. However, circumventing a security / encryption mechanism is. Please feel free to correct any discrepancies.

  • by Traicovn ( 226034 ) on Tuesday October 09, 2001 @03:24PM (#2407577) Homepage
    Actually, it doesn't surprise me that they don't make it available. If they release that information, they lose an edge they have on joe average as an entry level computer user. How many times have you talked to someone who wanted to show you something that was on the 'internet' and in reality, it was something that was on a section of AOL? AOL has done a really good job of making a 'controlled' section of the internet we're they control the information. By having only one style of software they have more control also. Would YOU just want anything to connect to YOUR server and have authorization privleges? Of course AOL is very much based on server side scripting, and a butchered version of html. All aol sections are addressed with an aol://xxxx:xxxx:asdgfsadgas type link... a mix of alphanumeric strings, etc. Essentially it's THERE style of html distributed through a browser.

    But in the end the bottom line is profit. You don't want to allow people to get onto the internet where you can't 100% control what the first thing they see is. AOL gives the illusion to first time joe averages that it IS the internet. My mom spent months on AOL without even using the actual internet and she thought she was on the internet. It's marketing genius. You control their access, you control the way content is shown, you give them places to spend their money and control the ways they communicate. Everyone does it the same way, so everyone is having a similar version of their own experience...
    The AOL designers aren't dumb IMHO, sure it's not the service that I want as my ISP, but when it comes to marketing, they know what their doing...

    For awhile they were going to make it so you could use them as a 'traditional' isp using Dial-up, but I don't think that anything really ever came of it.... I guess AOL users just like hearing 'WELCOME, YOU'VE GOT SPAM, (I MEAN MAIL)...'
  • by Nf1nk ( 443791 ) <nf1nk@[ ] ['yah' in gap]> on Tuesday October 09, 2001 @03:24PM (#2407579) Homepage
    This will not get AOLers to switch OS's. Most AOLer's are very paranoid about any change to their computer.

    They fear that the change they make will kill their expensive toy and force them to go talk to a more computer literate friend who will once again berate them for using the most expensive ISP with the worst service.

    What this will do. (maybe) is covered by point 8

    8) Common Sense

    Ok, most of you have probably stopped reading by now. But I need to make a point.

    The only reason that the information above is not already widely available is because of the fear of abuse. Putting this information in immature hands is dangerous. Some people believe that if it gets out, the walls of the America Online service will come crashing down as things like faster mail bombers, spammers, IM bombers, and cloners begin to immerge. It may very well be impossible to enter a chat room without being so lagged by scrolling, IMs, and emails that you cannot even stay connected. I don't personally believe that though. Due to the complexity of these packets, it is far harder to use even copied source of this than to use copied source of the infamous "AOL Progs" that eventually died out. If you are learning from this document, I implore you to use common sense in your use of this information.

    I suspect that this doocument will be the source from which nasty new AOL hacks will be based. And now that it is out it is in very immature hands.

    Not that it matters to me because I don't use AOL

  • AOL DSL (Score:2, Interesting)

    by xobyte ( 255771 ) on Tuesday October 09, 2001 @03:31PM (#2407629) Journal
    I wonder if this could be used to make a login script for my sisters AOL DSL account. You have to login to AOL before you can use any tcpip...the modem says it is connected though.

    Why does my sister use AOL DSL...? I dunno. But she's an air traffic controller in the US Navy so I will forgive her for now.
  • What about mail? (Score:5, Interesting)

    by JoeShmoe ( 90109 ) <> on Tuesday October 09, 2001 @03:34PM (#2407645)
    In my opinion, logging on and enjoying AOL's so-called services was never 1/10 of the problem as their stupid crappy propritary mail system.

    Back around 1996 or so, I was part of an AOL beta program that released a MAPI interface for AOL mail servers. IE, you could add the AOL mail server to your Outlook config and download your AOL mail right into Outlook.

    Of course, the AOL exec freaked out when they considered how many eyeballs their advertisers would lose if everyone uninstalled the AOL client and kept their mail via Outlook. So the program was canned, and I was unfortunately too short-sighted to save a copy of that MAPI tool before the area was closed down.

    Ever since, I've been trying to get my sister/parents/grandparents off AOL. Not to mention that AOL never supported Windows NT because they couldn't figure out how to install their stupid AOL Adapter TCP shunt thing. So for years my relatives were forced to run a crappy 16-bit (Win 3.11) version of the AOL client for the sole purpose of checking e-mail.

    AOL's mail service is terrible but a lot of people don't want to change their e-mail addresses. If you really want to do a great services to help newbies move beyond their AOL shackles...please, I implore you:

    A) Reverse engineer the AOL mail protocol so that external programs can at least READ AOL mail (sending, unsending, and AOL custom features are optional)

    B) Reverse engineer the AOL mail database (local copy of stored mail) so that it can be imported into another program.

    Even after I got a couple family members to switch over to Hotmail, they still have to use the AOL client to read their old mail. It's that or save it all as flat text and lose all the important header information.

    Also, a bonus to reverse engineering the AOL mail database would be the ability to sync mail with your Palm. The AOL client for Palm is 400KB and can only dial-up, not sync.

    Please post reply if you know of any project working on the AOL mail/database formats. Thank you!

    - JoeShmoe
  • by StikyPad ( 445176 ) on Tuesday October 09, 2001 @03:36PM (#2407652) Homepage
    A shame that AOL doesn't make this kind of information more easily available.

    A large amount of AOL's income is from advertisements. You're bombarded by them from the second you sign on, in every window you open, till you sign off. Salon might have adopted the mandatory ad viewing my friend, but they didn't invent it. AOL has been using these for years. Subscribers are forced to view several ads of "special offers" before they can even begin to navigate through the "service." It's like playing Where's Waldo trying to find the Close button on some of these windows. AOL doesn't want third parties designing software to be used on their networks because it would be detrimental to their advertising income. Fewer members using their software translates into fewer eyes viewing their ads, which reduces the value of their ad space. It's a safe bet that AOL will do everything in its power to ensure that people continue to use its software.
  • by Sparr0 ( 451780 ) <> on Tuesday October 09, 2001 @03:48PM (#2407721) Homepage Journal
    Dear God, someone PLEASE mod down some of the MANY text copies. I browse at 1 Nested Oldest and the one at the end was perfectly fine for me.
  • by jellomizer ( 103300 ) on Tuesday October 09, 2001 @03:54PM (#2407762)
    Even though AOL is not targeted at the Unix/Linux user. There could be good reasons why a Unix/Linux guy could want or need to use AOL.

    1. There are many kids out there who want to learn Linux and are allowed to setup a duel boot systems. But their parents are paying for AOL as an ISP and will not switch. So not at least they can switch the os and pay for one ISP.
    2. Emergancy Internet connection. Every once in a while your Internet connection goes down at the ISP level and you need a quick short term internet connection. Hay AOL give 1000 hours free internet for a month. And if you like me there are hundreds of those CDs with trial passwords around. It is tempoary free internet. Hey it may suck but it is better then nothing.

    3. Simular to #2 many new computers come with a year of Free AOL. You got the computer at a good price why pay for an other ISP when you can get AOL for free for a year.

    4. AOL only services. AOL has some services that other ISPs dont have. Although they are ways around them but sometimes they may be covient.

    5. The E-mail address. Those are easy to remember for most people (becasue they use AOL). And with the e-mail they can find your IM name quicker.

    I dont directly use AOL (I use RoadRunner own by AOL/TimeWarner) nor do I ever want to use AOL. But I just wanted to state they there are reasons why a UNIX/Linux person would want access to AOL. and they are people who can use Linux who dont care much about the proper geek way, they just want a good OS, or just to try something new. To say that All AOL users are Unix Ilerate or will always be that way is a gross overstatement.
  • by Lumpy ( 12016 ) on Tuesday October 09, 2001 @04:04PM (#2407839) Homepage
    AOL users were using linux for the past year.

    Buy a AOL/Gateway connected pad, it runs linux :-)
    AOL has been running on linux for months now by AOL's own design.

    Yes, it was easier than a PC with windows and their client. Why did it die? who in their right mind would pay $399.99 for a webpad that only connected to AOL!
  • by yesthatguy ( 69509 ) on Tuesday October 09, 2001 @04:06PM (#2407856) Homepage
    Well, back at least with AOL 3, the software could automatically install updates. They could probably add a lockout feature with no more than a few hundred KB of updates to existing clients. If they release a binary patch, it could be rather hard to figure out what they did, and they could just keep changing it every time it's cracked.
  • Really... (Score:3, Interesting)

    by Rob.Mathers ( 527086 ) on Tuesday October 09, 2001 @04:08PM (#2407868) Homepage
    How many self-respecting Linux users would want to use AOL? Granted, there is a small appeal in saying "Hey i got AOL to work on Linux," but I imagine it would sorta wear thin after a minute or 2.
  • Re:Silly Rabbit! (Score:2, Interesting)

    by UberLame ( 249268 ) on Tuesday October 09, 2001 @04:31PM (#2407934) Homepage
    AOL users on Linux would definately be a minority. However, AOL does have a very impressive world wide network, which makes them very appealing for people who travel a lot. AOL users get scorned quite a bit, but I've met a few who would make the average /.er shiver with their computer knowledge.

    Plus, as mentioned elsewhere, lots of kids are stuck using the family ISP, and Mom just refuses to switch. These kids too could now use linux.
  • So fix it... (Score:3, Interesting)

    by Da VinMan ( 7669 ) on Tuesday October 09, 2001 @04:32PM (#2407942)
    You're absolutely correct. Not only do they have a captive audience, but they have an audience about whom they know a lot about.

    So, if the problem is "we can't use AOL from Linux, etc", then why don't they fix it? What's really stopping them from putting together a cross-platform Java (heck, or even C-based) GUI? That way, at least no one has an excuse to work around them.

    I do think they'll be forced to stomp on anyone producing other implementations of their client. Long-term though, it's not a battle they can win (especially if Linux does start getting used more by average/non-technical users).
  • by Myself ( 57572 ) on Tuesday October 09, 2001 @04:34PM (#2407962) Journal
    Why do I see a lukewarm future among kiddies of "number squatting", getting personal phone lines that're similar to national ISP dialins except for the area code?

    I also wonder about the legality of such a practice. The users are placing the call, right? I guess it depends on how different AOL's login procedure is from something standard. "No, Your Honor, that was my personal login so I could access my computer from my friend's house." Compare to the tone-detector that lets you use a redbox to turn appliances on and off.
  • by GrenDel Fuego ( 2558 ) on Tuesday October 09, 2001 @04:50PM (#2408033)
    You're right, it won't get AOL'ers to switch Operating systems. Why would it? It works perfectly fine under windows.

    What it will allow is for people who are using AOL to switch operating systems if they want to. There's a subtle distinction between allowing the change and causing it.
  • Alternate Clients (Score:3, Interesting)

    by LagDemon ( 521810 ) on Tuesday October 09, 2001 @05:07PM (#2408121) Homepage
    I keep hearing people say that the reason there are no alternate AOL clients is that AOL changes the protocol if it decides people are using alternate clients. However, as far as i can tell, the only way AOL can see what client you are using is through the identification packet that is sent during logon. If the client is designed to properly fudge the identification, AOL would never know, and in fact they'd think you were using a plain old AOL client.

    Can someone please tell me if i understand this properly?
  • by IGnatius T Foobar ( 4328 ) on Tuesday October 09, 2001 @05:15PM (#2408183) Homepage Journal
    This spec could be terribly useful for anyone who wants to write a program to migrate a user's e-mail (or even their settings, etc.) to a new service.

    Or better yet -- think about this: with this spec, an AOL module could be written for fetchmail. Suck down the mail from that old AOL account and deliver it via SMTP. Cool, eh?
  • by phillymjs ( 234426 ) <slashdot AT stango DOT org> on Tuesday October 09, 2001 @05:27PM (#2408250) Homepage Journal
    Back in 1995, Claris introduced Emailer [], a Mac e-mail client application that could retrieve AOL mail, along with many other kinds of mail accounts. Development was continued on it for about 3 years or so, but it became an orphan when Claris became Filemaker, Inc [] and divested itself of non-database products. It was neglected and finally end-of-lifed by Apple in November 1998 at version 2.0v3. Most of the team that created it went on to develop Outlook Express for the Mac, which does not do AOL mail because AOL decided to stop licensing out the protocol. I can only assume that AOL realized they could make more money by forcing everyone to use their shitty built-in mail client and bombarding them with paid advertisements the entire time, than by licensing out the protocol to other software companies creating clean, elegantly-designed mail clients.

    Six years later, Emailer still works great on Mac OS 9.x, and the original developers do not believe it should break under OS X. I still use it (as do a lot of people) and I still think it's the best mail client I've ever used, because it doesn't do HTML mail. Nothing but pure, speedy text.

  • by shepd ( 155729 ) <> on Tuesday October 09, 2001 @05:47PM (#2408341) Homepage Journal
    >Not if you figure out the AOL auto-updating mechanism as part of the protocol

    People already have that part figured out for the DirecTV H and HU cards. Still doesn't help when they send out dynamic code.

    AOL will just start sending out little patches that do nothing (and are useless when decompiled) and all of a sudden send out a patch to put all the little patches together. Of course, then you are at square one again. Fun.

    Or, heck, why not send out encrypted patches? I think its highly unlikely you'll see auto-linux-updates when it's illegal... :-)
  • by kiscica ( 89316 ) on Tuesday October 09, 2001 @05:49PM (#2408349) Homepage
    Also the default initial passwords for "marketing" accounts (i.e. the free disks) of "word-word" is another thing thought up over lunch at PlayNet that still hasn't changed.

    Fascinating info! By the way, the "word-word" password scheme is even older than that. I remember it being used on CompuServe (along with the 7xxxx,yyyy TENEX-style user ids) in the early 80s.

  • by smart2000 ( 28662 ) <> on Tuesday October 09, 2001 @06:13PM (#2408453) Homepage
    Grossly overlooked in all the posts I've seen so far is the fact that this also will allow you to write a new AOL server. So you could piggyback on AOLs carpet bombing of free CDs by having people just dial up a new number, and get GnuAOL.
  • by thumbtack ( 445103 ) <> on Tuesday October 09, 2001 @06:29PM (#2408512)
    I recently ran across a site [] that archived the the old SIDDs music from Quantum link and had a Window s player available to play them.....
  • Re:Congratulations! (Score:4, Interesting)

    by aozilla ( 133143 ) on Tuesday October 09, 2001 @06:53PM (#2408592) Homepage

    AOL cracks have been in existence for over 10 years now (way before AOL was even on the internet, or called AOL). As it turns out, AOL started with a lot of security through obscurity (they used to trust the client for a lot), and as a result, there were holes galore. One crack a couple years ago realized that you got internet access before you actually logged in, and for a while people were getting free internet access without signing up again every 30 (now 45) days (like those of us with a little more fear of jail time do).

    In any case, yes, releasing the protocol might uncover some additional security through obscurity holes, but in the end they can always be plugged up, just as they have in the past.

  • by Anonymous Coward on Wednesday October 10, 2001 @01:48AM (#2409609)
    Kinda scary. You could just forward their packets to the AOL server and forward back the servers response. You'd just get a nice view of everything they do online..
  • by wsapplegate ( 210233 ) <> on Wednesday October 10, 2001 @05:44AM (#2409984) Homepage
    Yes, AOL runs on Linux. But it isn't AOL's fault neither ;-)

    Check The PengAOL site [] to find about the Linux client software.

Karl's version of Parkinson's Law: Work expands to exceed the time alloted it.