Yahoo! Messenger Protocol Tutorial - Part 8 (Signing-in)

[tansqrx 0]

Before any program can utilize the Yahoo! network, the client must sign-in with a username and password. The order of events used to sign-in is shown in Figure 17. Not all events are necessary to become available on the Yahoo! network and the optional steps are denoted by an “*.”

 

Figure 17 - Sign-In Sequence

 

The first step to signing-in is to send a verify packet, Yahoo_Verify, to the Yahoo! servers to see if a network path is available. The packet structure is shown in Figures 18 and 19.

 

Figure 18 - Yahoo! Verify to Server

 

Figure 19 - Yahoo! Verify from Server

 

Once communication is verified, an authorization, Yahoo_Auth, packet is sent. The packet that is sent to the server contains the username that requests service. The server responds with a challenge string and session ID. The session ID received from the server and will stay with each packet until communications have ended with the server. The authorization phase is shown in Figure 20 and 21.

 

Figure 20 - Yahoo! Authorization to Server

 

Figure 21 - Yahoo! Authorization from Server

 

Once the client receives the challenge string, the client will then add the value of the challenge string to the password and compute a MD5 hash. The resulting hash is split into two data fields, 6 and 96, and is sent to the server. Along with the password hash, other system data such as the client version is sent via the Authorization Response packet, Yahoo_AuthResp. The AuthResp packet structure is shown in Figure 22.

 

Figure 22 - Yahoo! Authorization Response to Server

 

After a valid password hash has been received from the client, a particular username is considered to be logged in and no other information is need from the client. In most cases, just being logged in is not very useful; therefore, after the AuthResp packet is sent from the client, the server sends the buddy list for the particular user. The buddy list is contained in the Yahoo_List packet.

 The Yahoo_List packet is the first packet which may contain multiple YMSG headers and may possibly be sent in multiple packets. The structure of the buddy list packet depends upon the number of buddies in the list, and the number of ignored users. If multiple headers or packets are used then the status of the packet will be sent to NotInOffice until the last packet is received. The most important field includes 87 for the buddy list and 88 for the ignored users. Figure 23 shows one possible buddy list packet structure.

 

Figure 23 - Yahoo! Buddy List from Server

 

After the buddy list packet is received from the Yahoo! server, another packet immediately follows. This packet is a Yahoo_Ping and contains information as to who is online in the buddy list. Like the Yahoo_List information, the Yahoo_Ping information may span multiple packets, headers, or both. Information about each buddy is contained

within a structure consisting of their username, away message, and other system information. An additional header may also be sent indicating the presence of unread email through the Yahoo! mail servers.

 At the end of the sign in process the client and server will send several non-essential messages. A sample of these may include the cosmetic skin type of the client, updates to LaunchCast Radio, stock quotes, weather, and the Yahoo! insider. The Yahoo! update program also runs in parallel with the login to check for any program updates.

 

http://www.ycoderscookbook.com/

Edited February 6, 2009 by tansqrx (see edit history)