Yahoo! Messenger Protocol Tutorial - Part 6

[tansqrx 0]

Yahoo! Protocol: Part 6 - Money and Closed Protocols

 

Even with all the bells and whistles of Yahoo! Messenger, Messenger still follows the same basic communications architecture as most other instant messengers. Yahoo! is based on a central server structure. First a client, Yahoo! Messenger logs onto a Yahoo! server using a username and password. The server authenticates the request and either allows or denies access to services. From this point most messages sent to other users are buffered through the server. After a successful login the client registers as being active and the buddy list is updated. Along the way various updates to the userâÂÂs buddy list is received. This type of update is triggered by a friend going online or offline. After the user is done with messenger, another message is sent to the server and the connection is taken down [http://www.venkydude.com/articles/yahoo.htm].

 

One large difference between instant messengers and earlier IRC type technology is that all messages go through the central server before being received by another user. In IRC, when a message is sent, a direct peer to peer connection is made. At the very least, this gave away the other userâÂÂs IP address. If you can not get the other user to talk then a user can simply type âÂÂ/DNS âÂÂnicknameâÂÂâ to find the other users IP address. In the sometimes hostile environment of IRC, this soon became a security risk. If a malicious user deems it necessary, they can acquire another users IP address and then proceed to hack, crash, or otherwise harass the intended victim. Seeing this as a problem, instant messengers generally do not reveal the IP address of any users during chat because all messages are buffered by the server. From the very beginning, this was a trivial security increase. Through social engineering, a malicious user could lure the prospected victim to visit an evil website that logs all visitors. The malicious user would then check the logs of the web server and get the victims IP address. With the latest release of Yahoo! Messenger, Version 7, new features allow direct peer-to-peer communications even without the victimâÂÂs knowledge. Although a regular plain IM message box still provides reasonable security against IP harvesting, using file transfers, certain web cam features, and IMvironments will establish a peer-to-peer connection.

 

Since its creation, Yahoo! Messenger has gone through several major versions. The most recent version of Messenger as of November 2005 is Version 7. As with other companies such as MicrosoftâÂÂs .NET Messenger, Yahoo! sports a closed proprietary protocol as well as architecture. There is very little documentation on the web reguarding the Yahoo! Messenger protocol and absolutely nothing from Yahoo! itself. Despite this fact, several third party Yahoo! clients have emerged. Many of these clients have the selling point of being much more secure and resistant to booting than the standard Yahoo! Messenger. YahElite [http://www.yahelite.org/] and YTunnel! [ http://www.ytunnelpro.com/] are two of the most popular third party clients. Yahoo! has been known to change the protocol on a moments notice in order to keep third party clients from piggybacking on the Yahoo! network. In September 2003, Yahoo! changed protocols and policies in order to keep Trillian, a multiple network client, from connecting to Yahoo! services [http://forums.xisto.com/no_longer_exists/]. All together this demonstrates that Yahoo! is very serious about keeping its messenger protocols secret.

 

Yahoo! Messenger and the underlying protocols that Messenger uses are proprietary and closed source. As with any other closed source application, it is still possible to gain a great deal of information about the program by observing the program inputs and outputs known as black box testing. The most important analysis comes from the network communication with the Yahoo! servers. To analyze this information I employed the use of an open source network sniffer called Ethereal [http://www.aos5.com/
cloud]. Ethereal already has the functionality to decode Yahoo! packets and the nomenclature used by Ethereal will be used throughout this paper. Using Ethereal and the few online references available, a rough picture of the login can be inferred [http://www.venkydude.com/articles/yahoo.htm], [http://forums.xisto.com/no_longer_exists/], [http://forums.xisto.com/no_longer_exists/]. The following analysis of the Yahoo! protocol is based on my own research and is not guaranteed to be without defect.

 

At the time of the experiments in this document the current Yahoo! Messenger version was 6.0 with a protocol version of 12. All captures and illustrations are based on the YMSG12 protocol. Although the current version of the Yahoo! protocol (YMSG13) is very similar to version 12, it is not exactly the same. A minor altercation in the login process has been reported and several new headers for Internet based phone calls have been added. Although not completely current, this document is still a good starting point for understanding the Yahoo! protocol.

 

http://www.ycoderscookbook.com/

Edited May 11, 2006 by tansqrx (see edit history)