1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
|
This document attempts to descibe the Yahoo! Instant Messenging protocol currently supported by Yahoo!'s servers and used by gtkyhoo
There are two stages to using the Yahoo! Instant Messenging (YIM) servers to chat with other users:
1) Get some cookies from a cookie server
2) Send and receive packets from the chat server
1) Get some cookies from a cookie server
=============================================
Making an HTTP 1.1 request to: *1*
http://msg.edit.yahoo.com/config/ncclogin?&n=1&login=<login>&passwd=<password>
( with <login> substitued with your Yahoo! ID and <password> likewise substituted with your password )
Yes, I know, that's your password being sent in clear text in a URL.
This is version 2 of the protocol. Work in underway to support version 3 (that I beleive send the password encrypted by an equivalent to BSD's crypt.
So, you've now received by HTTP a cookie of the form:
Y=v=1&n=5liucman434ue&l=kh0d42s/o&p=n23vvuk4020004&r=83&lg=us&intl=us
As you can see, this cookie has a structure that is kind of sub-cookies.
Y=
v=1
n=5liucman434ue
l=kh0d42s/o
p=n23vvuk4020004
r=83
lg=us
intl=us
and the important "sub"-cookie is the one with name 'n'. We shall be sending that to the chat server with every packet we send.
From this URL we also receive information about your identity.
We'll get told who your friends are, what your aliases are (and which one your using to logon with) and whether or not you have a Yahoo! email account.
e.g. The user 'tranec2' (one of my test accounts) gets the following back.
OK
BEGIN BUDDYLIST
Friends:tranec
END BUDDYLIST
BEGIN IGNORELIST
END IGNORELIST
BEGIN IDENTITIES
tranec2
END IDENTITIES
Mail=0
Login=tranec2
From this we can see that tranec2 has logged on as tranec2, has a friend called tranec in the group 'Friends', has no aliases and doesn't have an email account at Yahoo! Parsing this wouldn't seem to be a problem.
I'm not sure about the next bit but it seems that this cookie needs to be seen by another Yahoo server and so we get via HTTP 1.1: *2*
http://msg.edit.yahoo.com/config/get_buddylist?.src=bl
but we supply the cookie retreived from *1* and we'll get another cookie back:
B=91nihh0tje3td&b=3
B=91nihh0tje3td
b=3
The HTTP 1.1 request to *2* also returns the same data as the HTTP 1.1 request to *1*
Okay, now we have some cookies we can open a socket to the **real** chat server and "log on" to it.
There are two ways in which we can do **real** chatting.
1) Open a socket to cs.yhoo.com on port 5050
2) Use an HTTP 1.1 "tunnel" at http://http.pager.yahoo.com:80
We'll deal with the socket way first.
There is basically a packet structure that has to be transmitted to the chat server (cs) and it is as follows:
struct yahoo_rawpacket
{
char version[8]; /* 7 chars and trailing null */
unsigned char len[4]; /* length - little endian */
unsigned char service[4]; /* service - little endian */
unsigned char connection_id[4]; /* connection number - little endian */
unsigned char magic_id[4]; /* magic number used for http session */
unsigned char unknown1[4];
unsigned char msgtype[4];
char nick1[36];
char nick2[36];
char content[1];
};
|
