Yahoo! Protocol: Part 15 - Yahoo! Trainer

[tansqrx 0]

Since the writing of this article the Yahoo! Trainer mentioned has gone through several revisions. The original code may not fully function but can be found at http://forums.xisto.com/no_longer_exists/ Login Sockets.rar.. The current iteration of the trainer is called YCC Trainer and can be found at http://forums.xisto.com/no_longer_exists/. The latest version currently does not have all of the functionality of the first version but the code has been rewritten to make it more understandable and a better learning tool. If reading from a different site, all of my code can be found at http://www.ycoderscookbook.com/.

 

Overview

 

The second objective of my research was to see if it is possible to create my own booter program. A program was successfully developed that is able to log into the Yahoo! network and run boot code from any username. The resulting program is named the Yahoo! Trainer and is written in Microsoft Visual Basic.Net 2003. While many programs are available that are considered booters, none of them are designed from a research point of view. More over, only a few programs come with source code and the ones that do are written in Microsoft Visual Basic 6 and are poorly coded. The full source code to the Yahoo! Trainer can be found at http://forums.xisto.com/no_longer_exists/ Login Sockets.rar. Below are the highlights and overview of the Yahoo! Trainer.

 

Operations

 

Figure 34 shows the main screen of the Yahoo! trainer. The same operation used to sign into the Yahoo! network via Yahoo! Messenger is used in the Yahoo! Trainer. The user enters the username and password and then clicks, "Login". An important feature to the trainer is the debug window located to the right of the main window. This dialog box shows what data is being sent and received by the program. The debug form also allows the individual data fields to be shown and a step by step login procedure performed. Once logged in the user's buddy list is shown in the main window. Unlike the standard Yahoo! Messenger client, the Yahoo! trainer has additional functionality which allows booter code to be run as shown in the "booting" group box. Although not critical to this paper, the Yahoo! trainer also incorporates instant messages to any user through a dialogue box or buddy list.

 

 

Figure 34 - Yahoo! Trainer Main Screen

Program Structure

 

The Yahoo! Trainer uses seven classes to perform its operation as shown in Figure 35.

 

 

Figure 35 - Yahoo! Trainer Class Structure

ClientSocket

 

The bottom most and most used component is the ClientSocket class. The ClientSocket class is a multi-threaded TCP socket library used for all network communication. The class is an adapted version of the code written by "The Silence" in an article posted on https://www.codeproject.com/ [http://forums.xisto.com/no_longer_exists/]. The major change to the original code has been to make the library use a TCP socket instead of a TCP client

 

modYahooPackets

 

The modYahooPackets class holds all the functions necessary to create a Yahoo! packet. All packets and related subsections are comprised of an array of bytes. Because some communication with the Yahoo! servers requires non-ASCII characters, all data must be kept in a raw byte format. The modYahooPackets class contains functions for concatenating byte arrays, extracting bytes, creating packet service types, status messages, and finding packet lengths to name a few.

The modYahooUser class has an instance created for each username that is logged in. Although not fully implemented, this class is designed to handle multiple users being logged in at the same time. Drawing from functions in the ClientSocket and modYahooPackets classes, the modYahooUser class is where a packet to be sent is constructed. Table 1 shows how combining operations from other classes are used to send an IM to another user.

 

modYahooPackets.byteCat(aBytePayload, modYahooPackets.pAddField("5", strRecipant))modYahooPackets.byteCat(aBytePayload, modYahooPackets.pAddField("49", "FILEXFER"))modYahooPackets.byteCat(aBytePayload, modYahooPackets.pAddField("1", strUsername))modYahooPackets.byteCat(aBytePayload, modYahooPackets.pAddField("13", "5"))modYahooPackets.byteCat(aBytePayload, modYahooPackets.pAddField("54", "MSG1.0"))modYahooPackets.byteCat(aByteRequest, "YMSG")modYahooPackets.byteCat(aByteRequest, Chr(0))modYahooPackets.byteCat(aByteRequest, modYahooPackets.pProtocol(11))modYahooPackets.byteCat(aByteRequest, modYahooPackets.pLength(aBytePayload))modYahooPackets.byteCat(aByteRequest, modYahooPackets.pType("P2PFileXfer"))modYahooPackets.byteCat(aByteRequest, modYahooPackets.pStatus("Available"))modYahooPackets.byteCat(aByteRequest, modYahooPackets.pSessionID("Null"))modYahooPackets.byteCat(aByteRequest, aBytePayload)

Table 1 - Combining functions to create the Shared Files Boot

frmMain

 

frmMain is where most of the user interaction is captured.  The user is able to select the Yahoo! server to log into, select username and password, see his buddy list, IM, or run boot code.

 

frmDebug

 

It was an early design decision to include a method to show incoming and outgoing packets from the client in real time.  The Debug window provides this functionality by showing packets in a datagrid.  Other specialized data and operations are also shown on this form.

 

modPMBox and modVisualEffects

 

The ability to send IM's from the Yahoo! Trainer was not a goal for this paper but was added along the way to help understand the Yahoo! protocol.  The modPMBox class supports the use of multiple IM boxes and conversations with other users. 

Likewise, the modVisualEffects class is not an integral part of the Yahoo! Trainer for this project.  modVisualEffects is used to support the features and functions found on the debug form.

Edited February 6, 2009 by tansqrx (see edit history)