Difference between revisions of "Yahoo"

From IMFreedom Wiki
Line 1: Line 1:
 
== Introduction ==
 
== Introduction ==
The Yahoo! Messenger Protocol is the protocol created by the Yahoo! corporation for use in it's instant messaging client.  The protocol is proprietary and centralised in nature with some functionality being P2P.
+
The Yahoo! Messenger Protocol is the protocol created by the Yahoo! corporation for use in its instant messaging clients.  The protocol is proprietary and centralized in nature with some functionality being peer-to-peer in the newest revisions of the protocol and clients.
  
 
== Features ==
 
== Features ==

Revision as of 20:41, 3 April 2010

Introduction

The Yahoo! Messenger Protocol is the protocol created by the Yahoo! corporation for use in its instant messaging clients. The protocol is proprietary and centralized in nature with some functionality being peer-to-peer in the newest revisions of the protocol and clients.

Features

The Yahoo protocol has the following features:

  • Avatars
  • Conferencing
  • File transfer
  • Instant messaging
  • Offline messaging
  • Voice chat
  • Webcam support

Network

The Yahoo protocol connects to its servers over the following ports:

  • Chat port: 5050 (TCP)
  • File transfer port: 80 (TCP)
  • Peer-2-peer chat: 5101 (TCP)
  • Rooms list: 80 (TCP)
  • Voice chat: 5000-5010 (UDP) or 5000-5001 (TCP)
  • Webcam: 5100 (TCP)
  • Yahoo Phone: 5055

Known servers are:

  • Login server: login.yahoo.com(https)
  • Pager server: scs.msg.yahoo.com
  • Pager server Japan: cs.yahoo.co.jp
  • File transfer server: filetransfer.msg.yahoo.com
  • File transfer server Japan: filetransfer.msg.yahoo.co.jp

Login Process

The new Yahoo messenger v9.0 uses ymsg 16 protocol. For login process client sends username and password to yahoo login server: https://login.yahoo.com, and in response server sends Token which is then used for client authentication process on scs.msg.yahoo.com:5050

This login process goes through multiple steps as follows

Step 1: Send username and password to login server

Https request url:
https://login.yahoo.com/config/pwtoken_get?src=ymsgr&login=<username>&passwd=<password>
Https response and meaning:

  • Invalid username : 1235
  • Wrong password : 1212
  • Information Valid : 0 ymsgr=<ymsgr> partnerid=<partnerid>

<ymsgr> data is used in step 2 for further processing.
Note: <ymsgr> and <partnerid> seem to appear in pair for given username and password

Step 2: Send <ymsgr> token to login server

Https request url:
https://login.yahoo.com/config/pwtoken_login?src=ymsgr&token=<ymsgr>
Https response and meaning:

  • Invalid ymsgr : 100
  • Information Valid : 0 crumb=<crumb> Y=<Y_Cookie> T=<T_Cookie> cookievalidfor=<validityInfo>

<crumb>, <Y_Cookie>, <T_Cookie> and <B_Cookie> are used in client authentication on receiving challenge string from Pager server.
Note: <B_Cookie> is received in header of the reponse.

Step 3: After receiving challenge string from pager server

When client receives challenge string from pager server, it sends encrypted response to server. This response is formed using <crumb> received in Step 2 and challenge received from pager server.
Process for forming response:

  • crypt = crumb + challenge
  • hash = MD5(crypt)
  • response = BASE64(hash)
  • replace '+' by '.' in response
  • replace '/' by '_' in response
  • replace '=' by '-' in response

Client sends this calculated response for received challenge along with <Y_Cookie>, <T_Cookie> and <B_Cookie>.

Useful Links