[WebAPI] implement /auth/getChallenge

[veselcraft]

ICQ 7.x requires it to work

endpoint is described here (in russian): https://alexey-m.ru/articles/icq-http-api-authorization

As of today, the official ICQ 7.7 client uses roughly the following scheme:

Upon the first connection, the client requests a realm and a challengeWord; these two parameters are used as salt during the md5 hashing of the password.
HTTP request:

https://api.login.icq.net/auth/getChallenge
POST DATA:
devId=DEVICE_ID // device (client) identifier
&f=xml // return data format (XML/JSON/QS)
&s=UIN // uin\e-mail
The response looks something like this:

<response xmlns="https ://api.login.aol.com">
  <statuscode>200</statuscode>
  <statustext>OK</statustext>
  <data>
    <tid>TyPDkAAAC9gB+tJ7</tid>
    <normalize>false</normalize>
    <truncate>true</truncate>
    <realm>AOL Instant Messenger (SM)</realm>
    <challengeword>1258886032</challengeword>
  </data>
</response>

After this, the client hashes the password using the md5 algorithm (the procedure exactly resembles the function from the binary protocol). Then it sends a new post request to /auth/clientLogin

[veselcraft]

this is what icq 7.6 shows rn

1. turn on webapi in OSS's env export ENABLE_WEBAPI=1
2. block update.icq.com in hosts or via dns
3. go to installed ICQ 7 in program files, then packages/ICQ/ConfigFiles/AppConfig.xml
4. change hosts under aimcc.connect.* as you like

webapi is aimcc.connect.host.address and aimcc.connect.host.port, oscar is aimcc.connect.bossRedirect.address and aimcc.connect.bossRedirect.port

https://www.oldversion.com.de/windows/icq/icq-7-6/

[ukozi]

The webapi needs a lot of work to even get AIM to work properly with it, so this isn’t entirely surprising. The info you’ve provided is good though! Thanks