|
| FAQ Article: Stopping the mIRC CTCP/version replies |
What are CTCP replies, and why would you want to stop them? Well, CTCP stands for Client-To-Client-Protocol which is a special type of communication between Internet Relay Chat clients.
By creating CTCP events, you can make your IRC client (in this case the IRC client we will be refering to is mIRC) react to commands or requests from other users. You can create CTCP events for yourself, and many scripts have special CTCP's for specific functions.
However, the main CTCP'S are:
- VERSION - If you do a "/ctcp VERSION" the other persons IRC client will send you back the name and version of their client.
- TIME - If you do a "/ctcp TIME" the other persons IRC client will send you their local date and time
- FINGER - If you do a "/ctcp FINGER" the other persons IRC client will send you back their finger information. This usually includes the persons full name, email address, and time they have been idle.
Please forgive me for not including USERINFO and CLIENTINFO - but they are not as frequently used, however, the techniques mentioned below will work for those two as well. The CTCP VERSION gives information out about what IRC client you are using, and even the version.
This is bad because then a person can go and search for possible exploits associated with that version. Also, people will laugh at you if you are using "GlobalChat" :) CTCP TIME, I feel, is also bad because it allows a person to find out where in the world you are. Although you can argue that is not really a worry - whats the point in it? If its useless...lets block it. CTCP FINGER is also one that gives out personal information...and although it can only give out what you tell it - its best to get rid of it totally.
Now, wouldn't it be fun if we could give out a fake FINGER reply? or make our TIME something strange like 26:00pm...and even give out a fake VERSION to make people think we are using globalchat - when we are really packing an awesome script? :)
Lets do it....First, the FINGER and TIME.
Open mIRC, and go to the 'Tools' Menu - then select 'Remote'. Then, enter the following code in:
ctcp 1:finger: {
.notice $me Received CTCP FINGER from $nick $+ / $+ $site
ctcpreply $nick FINGER Go Finger someone else... | halt
}
Then press the "Ok" button. Now connect to an IRC server and CTCP FINGER yourself. What you should find is that you now recieve a warning telling you who is fingering you (with their name and IP) - and the person will recieve the fake reply:
[Wang finger reply]: Go Finger someone else...
Cool huh? Now do the same for CTCP TIME, but use the following code:
ctcp 1:TIME:{
ctcpreply $nick TIME Mon Apr 51 26:91:22 2054 | halt
}
Actually, just quickly - you can also do the same with your /ping reply, using the following code:
ctcp 1:PING:{
ctcpreply $nick PING 7867485453secs | halt
}
There you go, now you can modify that code to do whatever you like - and alter the kinds of replies the CTCP's give. We still haven't mentioned the VERSION CTCP. Now, the problem with this is, its built into mIRC.
Now, there are scripts out there that claim to be able to stop this - but trust me, they don't. Usually what you end up with is mIRC replying with a fake version, and the correct version straight after...making it pointless. Although sometimes these scripts may do a fake reply perfectly - 85% of the time they fail, and the true version comes out. So whats the solution? Hex editing
** Note ** A Hex editor is an editor which allows editing and viewing of a file or disk in hexadecimal, along with it's ASCII or EBCDIC text equivalent. Basically - a hex editor allows you to view/edit code for a file at byte level.
Included with this volume is "FileView". FileView is a simple windows hex editor, and is fine for this task. There are better hex editors out there, but this has a simple interface, and will be easier to explain how to use.
Although I am not providing you with the information to remove the mIRC version reply - I would like to point out that I do not encourage you to do this...if you do hex edit the mIRC32.exe file - you do so of your own will. This information is provided as a working example of how hex editing can be used to alter a files information.
Here is how to remove the version reply using FileView:
- Make a backup copy of mIRC32.exe
- Load up FileView, go to the "file" menu and choose "open", then point it to the location of your mIRC32.exe file
- Go to the "find" menu and choose "Search (Text)"
- Type "version" and press the "find" button
- The cursor will now move to the correct location in the mIRC32.exe file. You should be able to see some interesting text on the right hand side of the hex output.
- Place the cursor on the capital "V" of the word "VERSION" - just before the text "Editing out the version reply, huh?"
- Keep pressing the backspace key on your keyboard until you have completely overwriten everything from the word "VERSION" to "huh? :)"
- Go to the "file" menu and choose "Save"
At this stage - your mIRC will now give no version reply at all. So - we now want to add our own one! Go into mIRC and go to the 'Tools' Menu - then select 'Remote'. Then, enter the following code in:
ctcp 1:VERSION:{
.notice $me Received CTCP VERSION from $nick $+ / $+ $site
ctcpreply $nick VERSION Sorry, I have gone on holiday | halt
}
Then press the "Ok" button. Now connect to an IRC server and CTCP VERSION yourself. What you should find is that you now recieve a warning telling you who is checking your version (with their name and IP) - and the person will recieve your fake version reply (which, using the above code would be "Sorry, I have gone on holiday").
There you go, now you can go on IRC and hold your head up high....well, almost!
|
Posted on: 02-02-2003
Article has been viewed 54408 times
|
| |
| Comments |
|
Comment by surod4du - 19-07-2005
great job...btw how to send ctcp to channel without seen inthe channel status
Comment by Confused - 22-07-2006
What/where is this mysterious Volume that contains FileView?
Comment by Wang - 26-07-2006
Hiya :) Im not sure what is so mysterious about it....you can find it in the volume 8 zip (articles page, scroll down).
Comment by Poltrik - 14-08-2006
I found backspace deleted bytes in hex editor, corrupting the file. I overwrote the bytes with other characters and found this worked.
Comment by Tyriel @ rawdev.net - 18-08-2006
could you try the same thing in irc 6.xx
i think it wont work :(
it doesnt work for me..
Comment by BoredNL - 28-06-2008
Drat, this doesnt work in mIRC 6.32. I can still find the right place in mIRC.exe, but any change to the file whatsoever prevents it from running..
Comment by iAlex - 26-08-2008
I used the CTCP version for my bot.. in 6.32.. for me the only thing I needed to do was to have an /halt
Comment by Lucifer - 27-04-2009
Gr. I tried changing the version reply with it, since removing it returned the error mirc.exe is not a valid Win32 application... Now I dont get an error, but mIRC doesnt run. Good thing Hex Workshop makes a .bak for me.
Comment by dorn.michael - 13-11-2011
Sadly, this, specifically the hex-editing part to get rid of the hard-coded CTCP VERSION reply, doesnt work anymore. Theres not even a VERSION in the code anymore, that looks like its related to the CTCP mechanism. There is an entry mentioning the current mIRC version that looks like its part of an xml structure, but any modification to the file renders it useless as it seems to have some kind of built-in CRC (or whatever) check to prevent anyone from doing things like that exactly.
Its one of the small things I dont like mIRC for - whatever self-fulfillment Khaled may receive by hard-coding the VERSION reply, its kind of annoying to people who dont like others snooping around in their yards.
Comment by CwildMan - 10-12-2012
dorm.michael: He took it out of the .exe and now lets you edit it under Remote in scripting. He actually gave us more control without having to Hex Edit. Here is a script that you can use which allows u to change all replys to whatever you want. All under Remote tab. w w w hawkee com/snippet/8618/ (Site is givign me problem posting.. This is NoT Spam. This is for others to get help if they need it without hex editing the mirc.exe)
Post a comment
Please use the form below to post your comments on this article. All comments will be reviewed by the admin before being published publically.
|
| |
|
