Protocol Overview
KakaoTalk's LOCO binary protocol — reverse engineered.
LOCO is KakaoTalk's internal binary protocol for real-time messaging. It uses TCP connections with a 22-byte little-endian header and BSON-encoded body.
Architecture
flowchart TD
B[Booking Server<br/>booking-loco.kakao.com:443<br/>TLS] -->|GETCONF → host list| C[Checkin Server<br/>ticket-loco.kakao.com<br/>RSA+AES]
C -->|CHECKIN → LOCO server IP| L[LOCO Server<br/>211.x.x.x:port<br/>RSA+AES]
L -->|LOGINLIST| S[Session Established]
S -->|WRITE, MSG, SYNCMSG, ...| M[Messaging]
Connection Stages
| Stage | Server | Transport | Purpose |
|---|---|---|---|
| Booking | booking-loco.kakao.com:443 | TLS | Get server configuration and host list |
| Checkin | ticket-loco.kakao.com:995 | RSA+AES-GCM | Get assigned LOCO server IP:port |
| Login | LOCO server (dynamic) | RSA+AES-GCM | Authenticate and receive chat list |
Encryption
All non-TLS connections use a custom encryption layer:
- RSA-2048 OAEP SHA-1 handshake to exchange a random AES key
- AES-128-GCM for all subsequent data (packets and file uploads)
See Encryption for details.
Packet Format
Every LOCO packet has a fixed 22-byte header:
[packet_id: 4][status: 2][method: 11][body_type: 1][body_length: 4]Body is BSON-encoded. See Packets for the full format.