This information draws heavily on the PROTOCOL file included with TiK, but it is expanded and clarified based on attempts to write my own client and use of tcpdump while running TiK.

1. Client connects to TOC server, toc.oscar.aol.com for normal service. TOC servers listen at all ports.

2. Client sends the literal string "FLAPON\r\n\r\n". This is not a FLAP and does not have a FLAP header.

3. The TOC server sends the client a FLAP SIGNON message, this has frame type 0x01 consists only of a FLAP header and a four byte version number, currently 0x00000001.

4. Client sends TOC server a FLAP SIGNON message, this is different from the server's FLAP SIGNON, it is a type 0x01 frame and consists of a 4 byte version (0x00000001), a 2 byte TLV tag (0x0001), a two byte normalized user name length and the user name, NOT null terminated.

5. Client sends TOC server "toc_signon" message. This is a type 0x01 frame which consists of a FLAP header, and the null terminated text string:

toc_signon < authorizer host> < authorizer port> <User Name> <Roasted Password> < language> <version>

Authorizer host is login.oscar.aol.com for normal service.
Authorizer port: any port will work, but clients tend to use 5190.
User name is the normalized user name.
Roasted Password: To avoid sending passwords in plaintext, but also avoiding any kind of real encryption, passwords are exclusive ORed with the modulo byte in the "roasting" string "Tic/Toc" converted to ASCII hex and prepended with an "0x". Hence "password" becomes "0x2408105c23001130".
Language is always "english", but if something else is sent, the server will default to "english". This is used to generate web pages.
Version is the version of the client, and can presumably be any string. If it includes spaces, it must be inside quotation marks. If it includes dollar signs, square brackets, parentheses, quotes or backslashes, these characters must be proceeded by a backslash.

6. If login is successful, the TOC server sends SIGN_ON. This is a type 0x02 frame (which is infuriating, because 0x02 is "data" and 0x01 is "signon") and is in the form SIGN_ON:<Client version supported>. From toc.oscar.aol.com you will receive "SIGN_ON:TOC1.0".

7. TOC optionally sends client CONFIG information, client optionally sends server permit/deny and buddy list information.

8. Client sends server toc_init_done message. This is a type 0x02 frame and consists only of the header and the null terminated "toc_init_done".


Back to my main AIM page or my main page.