How to make Your Own Yahoo messenger in vb

Yahoo Messenger Protocol

a.k.a

How to make your own Yahoo Messenger In
VB

For all people who have been waiting to make their own yahoo messenger and
could not find any material on the YMSG protocol,well it's time to stop looking
and start making !!!!.The basic purpose of writing this document is that people
should know what's actually happening when they use the yahoo messenger.There is
hardly any if not any documentation available on the internet concerning the
YMSG ptotocol ,this made it more difficult and at the same time more exciting
and challenging for me to reverse engineer the yahoo messenger
protocol.

The first step involved in any messenger application is logging
into the messenger server and then retrieving the friends list.The yahoo
messenger is slightly different from other messengers.The yahoo messenger
connects to the yahoo HTTP server(port 80) to retrieve the friends list!!!!.All
conversation takes place through the messenger server(port 5050).Let us first
look at logging into the yahoo server to retrieve the friends list.

We
connect to the yahoo server msg.edit.yahoo.com on port 80.

In
order to get the friends list from the server we send the following data to
it

GET /config/ncclogin?.src=bl&login=ymusertest
&passwd=ympasstest&n= 1
HTTP/1.0        
                       
Accept: */*                                                                                                                                                           
Accept: text/htm 

where ymusertest is the username and ympasstest is the password. .If this
data is sent using  a Visual Basic application it would look some thing
like this

'Begin VB code

strlogin = "GET /config/ncclogin?.src=bl&login=ymusertest&passwd=ympasstest&n=1 HTTP/1.0" & vbCrLf
strlogin = strlogin & "Accept: */*" & vbCrLf
strlogin = strlogin & "Accept: text/html" & vbCrLf & vbCrLf
WnsckMn.SendData strlogin

'End VB code

On successfully sending the login data  we get the following response
from the server

HTTP/1.0 200 OK
Date: Thu, 05 Jul 2001 08:57:11 GMT
Content-Type:
text/html
Expires: Thu, 05 Jul 2001 08:57:11 GMT
Cache-Control:
private
Pragma:
no-cache
Set-Cookie:Y=v=1&n=25udo5k8tkvjb&l=l4dao_3k34/o&p=m2f17464130004&r=5s&lg=us&intl=us;
expires=Thu, 15 Apr 2010 20:00:00 GMT; path=/; domain=.yahoo.com
Via: 1.0
hydcache (NetCache NetApp/5.0.1R2)

OK
BEGIN BUDDYLIST
Chat
Friends:ambixxxx,ami_xxxx,d_cexxxx,deepxxxx,dixxxx,indian_guyxxxx,k_v_pxxxx,kaxxxxdaram,kavithaxxxx1,malaxxxx,pujaxxxx,sudxxxx,sunxxxxma,swaxxxxadhu,vkxxxx68
END
BUDDYLIST
BEGIN
IGNORELIST
agxxxx,loving_xxxx,shravaxxxxula,varmxxxx1
END
IGNORELIST
BEGIN IDENTITIES
venkxxxxde
END
IDENTITIES
Mail=1
Login= vexxxxe

LOGING ONTO THE SERVER

Now we shall start using the yahoo messenger protocol to log into the yahoo
messenger and then send and receive messages.

We will connect to the yahoo messenger server cs.yahoo.com on port
5050

The first and the most difficult part for me was to log on to this
server.Unlike other yahoo protocols like the YCHT protocol,the YMSG protocol
uses encryption to encrypt the user password while sending it out to the
messenger server.The encrypted string looks something like this

1$_2S43d5f$1LfmOGuxGxDpSWvd6nzGb0

For a mainly MS windows user like me it was a bit difficult to recognize the
type of encryption used.But after a lot of searching and breaking my head i
finally realised that this was a UNIX MD5 CRYPT .This kind of password
encryption is used in many unix mahines.Again i searched for some sort of code
in either c++ or VB for this unix_md5_crypt .After a lot of searching i found
out that it can be easily implemented using a perl script.So i made the perl
script and converted the script into an exe file using a utility called
perl2exe.You can download the exe i made by going to my website at http://www.venkydude.com 
.All this
exe does is takes your yahoo password as an argument ,encrypts it and stores it
in a file on your local drive as c: emppass.pas .

Now let us start logging into the yahoo messenger server .We send the
following data to the messenger server

YMSG C

ZUªUbS`ú0À€userÀ€6À€$1$_2S43d5f$1LfmOGuxGxYCSWvd6nzGb0À€1À€userÀ€

This is the data sent when viewed through a port monitor

 
0010: 00 7F B1 63 40 00 80 06 00 4C C0 A8 00 08 D8 88 ...c@....L...... 
0020: AF 90 04 E5 13 BA 21 09 4C 9F B5 59 53 05 50 18 ......!.L..YS.P. 
0030: 44 5C 3D D1 00 00 59 4D 53 47 08 00 00 00 00 43 D....YMSG.....C
0040: 00 01 5A 55 AA 55 6E 56 41 BB 30 C0 80 73 75 6E ..ZU.UnVA.0..sun
0050: 64 61 6D 61 6D 61 C0 80 36 C0 80 24 31 24 5F 32 xxxxxx..6..$1$_2
0060: 53 34 33 64 35 66 24 31 4C 55 68 40 47 75 78 47 S43d5f$1xxxOGuxG
0070: 78 59 43 53 57 76 64 36 6E 7A 47 62 30 C0 80 31 xYCSWvd6nzGb0..1
0080: C0 80 73 75 6E 60 61 63 61 78 63 C0 80     ..sunxxxxxx..

Let us look at what exactly is being sent

• YMSG- is the yahoo standard header for all messenger
  command/messages
  
• This is followed by 1 byte of data - 08.
  
• This is followed by 4 bytes of data -  00 00 00 00 
  
• Next is the length of the  message information-essentially H31 +
  2*length of the userid
                                                
  
• The next 2 bytes  of data are 00 and 01 respectively
  
• Next is a 4 byte are standard for all messages/commands being sent to the
  messenger server.The 4 bytes are  5A 55 AA 55
  
• The next 4 bytes is what i call the initial 4 bytes bluff identifier.
  These 4 bytes identify a particular user and it  changes every time you
  log in. Initially you  could send any four bytes including 00 00 00 00
  and you would still be able to log in .
  
• This is followed by one byte of data signifying that the data being sent
  is for logging into the server .This byte has an ASCII equivalent of
   "0"
  
• This is followed by 2 bytes of data which is the standard argument
  separator.- C0 80
  
• This is followed by the yahoo user id and the standard argument separator.
  
• Followed by one byte which is standard for the login procedure and which
  has an ASCII equivalent as  "6" and the standard argument separator.
  
• Next is the md5crypt encrypted password followed by the standard argument
  separator.
  
• Followed by one byte which is standard for the login procedure "1" and the
  standard argument separator.
  
• And finally this is followed by again the yahoo user id and the standard
  argument separator.

'Begin VB code

dat3 = "0" & Chr(&HC0) & Chr(&H80) & "ymusertest" & Chr(&HC0) & Chr(&H80) & "6" & Chr(&HC0) & Chr(&H80) & dat1 & Chr(&HC0) & Chr(&H80) & "1" & Chr(&HC0) & Chr(&H80) & "ymusertest" & Chr(&HC0) & Chr(&H80)
dat2 = "YMSG" & Chr(8) & Chr(0) & Chr(0) & Chr(0) & Chr(0) & Chr(Len(dat3)) & Chr(0) & Chr(1) & Chr(&H5A) & Chr(&H55) & Chr(&HAA) & Chr(&H55) & Chr(&H62) & Chr(&H53) & Chr(&H60) & Chr(&HFA) & dat3
Wnsckyhoo.SendData dat2

'End VB code

The response of the server looks like this

YMSG 
jLS˜0À€sundaxxxxÀ€1À€sundaxxxxÀ€

This is the data received  when viewed through a port monitor

0010: 00 59 A2 FA 40 00 2D 06 61 DB D8 88 AF 90 C0 A8 .Y..@.-.a.......
0020: 00 08 13 BA 04 E5 B5 59 53 05 21 09 4C F6 50 18 .......YS.!.L.P.
0030: 83 2C 62 F1 00 00 59 4D 53 47 00 00 00 00 00 1D .,b...YMSG......
0040: 00 01 00 00 00 00 79 52 7E 23 30 C0 80 73 75 6E ......jLS˜0..sun
0050: 64 61 6D 65 62 61 C0 80 31 C0 80 73 75 6E 64 61 daxxxx..1..sunda
0060: 62 65 6D 61 C0 80 00              xxxx...

The most important part of this response is the 4 byte identifier which the
server sends us the - " jLS˜ "  All further communication with the
server  will involve using this 4 byte identifier.This is also a user
identifier for the current messenger session.

SENDING A MESSAGE

Here is a typical example of a message being sent

YMSG ? ZUªUjLS˜1À€sundaxxxxÀ€5À€venkyxxxxxÀ€14À€hi
there

This is the data sent  when viewed through a port monitor

0010:00 67 42 01 40 00 80 06 62 33 C0 A8 00 08 CC 47 .gB.@...b3.....G 
0020:C9 64 0C D7 13 BA A4 2F 4A C7 2F 18 A2 3A 50 18 .d...../J./..:P. 
0030:43 EA 76 11 00 00 59 4D 53 47 08 00 00 00 00 2B C.v...YMSG.....+ 
0040:00 06 5A 55 AA 55 6A 4C 53 23 31 C0 80 73 75 6E ..ZU.UjLS˜1..sun 
0050:64 61 60 69 6D 61 C0 80 35 C0 80 76 65 6E 6B 79 daxxxx..5..venky 
0060:50 64 78 64 65 C0 80 31 34 C0 80 68 69 20 74 68 xxxxx..14..hi th 
0070:65 72 65 C0 80                 ere..

 Let us look at what is being sent

• YMSG- is the yahoo standard header for all messenger
  command/messages
  
• This is followed by 1 byte of data - 08.
  
• This is followed by 4 bytes of data -  00 00 00 00 
  
• The next byte is the length of the message information ,in this
  case-HEX(16 + length(senderid)+length(receiverid) + len(message) )
  
• The next 2 bytes  of data are 00 and 06 respectively
  
• Next is a 4 byte are standard for all messages/commands being sent to the
  messenger server.The 4 bytes are  5A 55 AA 55
  
• The next 4 bytes  are the user identifier for the current session.
  
• This is followed by one byte of data signifying that the data is a Private
  Message(PM) being sent to a user.This byte has an ASCII
  equivalent of  "1"  
  
• This is followed by 2 bytes of data which is the standard argument
  separator.- C0 80
  
• This is followed by the yahoo user id and the standard argument separator.
  
• Followed by one byte which is standard for while sending a message
  which has an ASCII equivalent of  "5" and the standard argument
  separator.
  
• This is followed by the id of the user to whom the message is being sent
  and the standard argument separator.
  
• Followed by again one byte which is standard for while sending a
  message which has an ASCII equivalent of  "14" and the standard argument
  separator.
  
• And finally followed by the message being sent followed by the standard
  argument separator.

The VB code to achieve this looks some what like this

 'Begin VB code

ren = "1" & Chr(&HC0) & Chr(&H80) & Text2.Text & Chr(&HC0) & Chr(&H80) & "5" & Chr(&HC0) & Chr(&H80) & Text1.Text & Chr(&HC0) & Chr(&H80) & "14" & Chr(&HC0) & Chr(&H80) & rtb2.Text & Chr(&HC0) & Chr(&H80)
mess ="YMSG" & Chr(8) & Chr(0) & Chr(0) & Chr(0) & Chr(0) & Chr(len(ren)) & Chr(0) & Chr(6) & Chr(&H5A) & Chr(&H55) & Chr(&HAA) & Chr(&H55) & Text3.Text & ren
Wnsckyhoo.Senddata mess

'End VB code

RECEIVING A
MESSAGE

 YMSG ? 

jLS˜5À€sundamamaÀ€4À€venky_dudeÀ€14À€hi thereÀ€ 

0010: 00 67 B6 8D 40 00 2E 06 3E D0 CC 47 CA 3B C0 A8 .g..@...>..G.;..
0020: 00 08 13 BA 08 DD C5 7E 1E 48 2E F3 76 6F 50 18 .........H..voP.
0030: FF FF E6 F8 00 00 59 4D 53 47 00 00 00 00 00 2B ......YMSG.....+
0040: 00 06 00 00 00 01 6A 4C 53 23 35 C0 80 76 65 6E ......jLS˜5..ven
0050: 6B 79 5F 64 75 64 65 C0 80 34 C0 80 73 75 6E 64 ky_dude..4..sund
0060: 61 6D 61 6D 61 C0 80 31 34 C0 80 68 69 20 74 68 amama..14..hi th
0070: 65 72 65 C0 80                 ere..

 Let us look at what has been received

• YMSG- is the yahoo standard header for all messenger
  command/messages
  
• This is followed by 5 bytes of data -  00 00 00 00
  00 
  
• The next byte is the length of the message information ,in this
  case-HEX(16 + length(senderid)+length(receiverid) + len(message) )
  
• The next 2 bytes  of data are 00 and 06 respectively
  
• Next is a 4 byte of data signify that the message/command is to be
  received .The 4 bytes are  00 00 00 01 
  
• The next 4 bytes  are the user identifier for the current session.
  
• This is followed by one byte of data signifying that the data is a Private
  Message(PM) which is to be received .This byte has
  an ASCII equivalent of  "5"  
  
• This is followed by 2 bytes of data which is the standard argument
  separator.- C0 80
  
• This is followed by the yahoo user id  of the user who has sent the
  message and the standard argument separator.
  
• Followed by one byte which is standard when receiving a PM  message
  which has an ASCII equivalent of  "4" and the standard argument
  separator.
  
• This is followed by the user id receiving the message and the
  standard argument separator.
  
• Followed by again one byte which is standard when receiving  a
  message which has an ASCII equivalent of  "14" and the standard argument
  separator.
  
• And finally followed by the message being sent followed by the standard
  argument separator.

USER COMES ONLINE

 YMSG A


jLS˜0À€venky_dudeÀ€7À€venkyxxxxÀ€10À€0À€11À€7D5798FDÀ€17À€0À€13À€1À€

0010: 00 7D 62 7A 40 00 2E 06 93 A4 CC 47 C9 64 C0 A8 .}bz@......G.d..
0020: 00 08 13 BA 0C D7 2F 18 A2 BF A4 2F 4B 06 50 18 ....../..../K.P.
0030: FF FF 8E 06 00 00 59 4D 53 47 00 00 00 00 00 41 ......YMSG.....A
0040: 00 01 00 00 00 01 6A 4C 53 98 30 C0 80 73 75 6E ......jLS˜0..sun
0050: 64 61 6D 61 6D 61 C0 80 37 C0 80 76 65 6E 6B 79 damama..7..venky
0060: 5F 64 75 64 65 C0 80 31 30 C0 80 30 C0 80 31 31 _dude..10..0..11
0070: C0 80 36 33 35 38 35 34 39 39 C0 80 31 37 C0 80 ..63585499..17..
0080: 30 C0 80 31 33 C0 80 31 C0 80 00        0..13..1...

 The important part of this data received are the 3 bytes of data 37 C0
80 .These 3 bytes signify that the user status has changed .Basically i split
this up into 2 states

• User is online (the status maybe set to busy or be right back etc)
  

• User is offline

The 3 bytes at the end of the message convey that data if the 3 bytes are 31
C0 80 , then the user is online.

USER GOES OFFLINE

 YMSG 1 

jLS˜7À€venkyxxxxxÀ€10À€0À€11À€7D5798FDÀ€17À€0À€13À€0À€

0010: 00 6E 2D 52 40 00 2E 06 C8 DB CC 47 C9 64 C0 A8 .n-R@......G.d..
0020: 00 08 13 BA 0C D7 2F 18 A2 79 A4 2F 4B 06 50 18 ....../..y./K.P.
0030: FF FF B4 B1 00 00 59 4D 53 47 00 00 00 00 00 32 ......YMSG.....2
0040: 00 02 00 00 00 01 6A 4C 53 98 37 C0 80 76 65 6E ......jLS˜7..ven
0050: 6B 79 5F 64 75 64 65 C0 80 31 30 C0 80 30 C0 80 ky_dude..10..0..
0060: 31 31 C0 80 36 33 35 38 35 34 39 39 C0 80 31 37 11..63585499..17
0070: C0 80 30 C0 80 31 33 C0 80 30 C0 80       ..0..13..0..

Again in this case the last 3 bytes being 30 C0 80 signify that the user has gone offline. 

Questions/Comments/Suggestions send them to href="mailto:venky@venkydude.com">venky@venkydude.com .Visit my href="http://www.venkydude.com/">homepage for some cool VB & C++
codes.Can also conatact me on Yahoo Messenger-id venky_dude & MSN Messenger
id- venky_dude@hotmail.com