OpenGFW
OpenGFW copied to clipboard
apernet
Add OICQAnalyzer
Add OICQ Analyzer (For QQ):
usage:
- name: all oicq traffic
action: block
expr: oicq != nil
- name: oicq and QQ number is 114514
action: block
expr: oicq != nil && oicq.number == 114514
result:
When applying the rules oicq and QQ number is 114514, the user with the number 114514 cannot log in to QQ, or send messages successfully to the QQ server even if he is already logged in.
Thanks for your contributing.
What version of QQ can I use to test this analyzer? I've tried with iOS QQ v9.0.x (latest) and PC QQ 9.5.x (2022), but it seems that no connection is detected as OICQ by this analyzer.
Thanks for your contributing.
What version of QQ can I use to test this analyzer? I've tried with iOS QQ v9.0.x (latest) and PC QQ 9.5.x (2022), but it seems that no connection is detected as OICQ by this analyzer.
I test it on TIM Lateset Version. Mabye some version is not concerned, I will look into it.
Blocking QQ Traffic solely by blocking OICQ appears outdated. The latest version of QQ defaults to using port 443 and a new protocol. The OICQ analyzer might not be effective on it.
Some QQ IM software still use OICQ to connect to the Tencent Server, with an unfixed version parameter. I've modified the code to enable analysis of the OICQ protocol. The module's value is still under consideration.
rule:
- name: oicq
action: block
expr: oicq != nil && oicq.number == 109xxxxxxx
log result:
QQ selects the optimal communication method based on the network environment. On Windows devices, it works on the latest version of QQ when it using the OICQ Protocol. (I've implemented some tricks to prioritize OICQ.)
Still unable to confirm it works for PC QQ 9.7.22.29298 (Legacy latest) and PC QQ 9.9.7.21357 (QQNT latest).
How to "implement some tricks to prioritize OICQ"?