Open HynoR opened 8 months ago
haruue
commented
8 months ago Thanks for your contributing.
What version of QQ can I use to test this analyzer? I've tried with iOS QQ v9.0.x (latest) and PC QQ 9.5.x (2022), but it seems that no connection is detected as OICQ by this analyzer.
HynoR
commented
8 months ago Thanks for your contributing.
What version of QQ can I use to test this analyzer? I've tried with iOS QQ v9.0.x (latest) and PC QQ 9.5.x (2022), but it seems that no connection is detected as OICQ by this analyzer.
I test it on TIM Lateset Version. Mabye some version is not concerned, I will look into it.
HynoR
commented
8 months ago Blocking QQ Traffic solely by blocking OICQ appears outdated. The latest version of QQ defaults to using port 443 and a new protocol. The OICQ analyzer might not be effective on it.
Some QQ IM software still use OICQ to connect to the Tencent Server, with an unfixed version parameter. I've modified the code to enable analysis of the OICQ protocol. The module's value is still under consideration.
HynoR
commented
8 months ago rule:
- name: oicq
action: block
expr: oicq != nil && oicq.number == 109xxxxxxxlog result:
HynoR
commented
8 months ago QQ selects the optimal communication method based on the network environment. On Windows devices, it works on the latest version of QQ when it using the OICQ Protocol. (I've implemented some tricks to prioritize OICQ.)
haruue
commented
8 months ago Still unable to confirm it works for PC QQ 9.7.22.29298 (Legacy latest) and PC QQ 9.9.7.21357 (QQNT latest).
How to "implement some tricks to prioritize OICQ"?
Add OICQ Analyzer (For QQ):
usage:
result: When applying the rules
oicq and QQ number is 114514, the user with the number 114514 cannot log in to QQ, or send messages successfully to the QQ server even if he is already logged in.