- Yahoo! Messenger Protocol
The Yahoo! Messenger Protocol is the underlying
network protocol used by theYahoo! Messenger instant messaging client, forYahoo! .Yahoo! Instant Messager supports many features beyond just messaging, including off-line messaging, file transfer, chat, conferencing, voice chat,webcam s and avatars.Overview
The purpose of the YMSG protocol is to provide a language and series of conventions for software communicating with Yahoo!'s Instant Messaging service. In essence YMSG performs the same role for IM as
HTTP does for theWorld Wide Web . Unlike HTTP, however, YMSG is a proprietary standard, aligned only with a single messaging service provider (namely, Yahoo!). Rival messaging services have their own protocols, some based on open standards, others proprietary, each effectively fulfilling the same role with different mechanics.One of the fundamental tenets of instant messaging is the notion that users can see when someone is connected to the network — known in the jargon as 'presence'. Yahoo!'s protocol uses the mechanics of a standard internet connection to achieve presence, the same connection it uses to send and receive data. In order for each user to remain 'visible' to other users on the service, signaling their availability, their Yahoo! IM client software must maintain a functional, open, network connection linking the client to Yahoo!'s IM servers.
As some organizations block communication on the port used by Yahoo! IM, either because they choose to
whitelist certain types of internet usage (only web surfing and email, for example) or because they seek toblacklist instant messaging services, Yahoo! provides an alternative route for connecting to their service which mimics theHTTP protocol used by the World Wide Web. Unfortunately, as HTTP has no inherent sense of a persistent connection, Yahoo! instead relies on the client frequently contacting the server in order to approximate the sense of a connection required to give each user presence on the IM network.Originally the YMSG login procedure suffered from a security flaw known as a
replay attack , in which a given password (or other authentication information) is always identically scrambled when sent across the network. This allows any attacker who witnesses the transmission to merely reproduce the message verbatim in order to successfully log in, without actually needing to know the original password (or other details) which generated it. But some time around2000 or2001 Yahoo! upgraded its service to introduce a random element to each login attempt, defeating any further potential for replay attacks.With the exception of the login authentication details, data sent over a YMSG connection is not encrypted. YMSG uses a binary format in which the text portions of the data are transmitted in plain view. Therefore, while it is difficult for an attacker to seize control of a Yahoo! IM account, it is quite easy for them to read all messages sent to and from the account holder, along with other details such as the list of friends, if the attacker has control of one of the computers through which the data is routed.
Technical Overview
The YMSG protocol communicates between the client application, and a server, using a
TCP/IP connection on port 5050 by default. Other ports may be used if this port is blocked. Alternatively, anHTTP route is also available for clients behind a well secured firewall, withHTTP requests being used to upload messages from the client, while downloading all messages which have accumulated on the server since the last request.The client remains logged in for as long as the
TCP/IP connection is kept open. Or, in the case of a client connected viaHTTP , until the client fails to send a request for some time ('ping ' messages are sent every thirty seconds or so).Messages consist of a twenty byte header, followed by a variable length table of key/value pairs, where the key is an
ASCII representation of a numeric code representing the field type, and the value is its associated data. A two byte separator, thehexadecimal values c0 80, are used to delimit each entry in this table.Some parts of YMSG rely on other protocols. For example, file transfer is initially negotiated using YMSG, but the actual transfer of the file is done via
HTTP .Webcam s too use YMSG to discover and request permission to view awebcam , butHTTP to actually feedJPEG 2000 images from one client to another. Chatroom categories, rooms and lobbies are retrieved usingHTTP asXML documents. Regularwebcam connections useH.323 . Yahoo! with voice uses SIP. For calls,VoIP is handled indirectly by Yahoo! servers so the chat client doesn't have direct access to it.The chatroom categories can be retrieved from [http://insider.msg.yahoo.com/ycontent/?chatcat here] .
Login
The login process for YMSG is quite complex. First the client introduces itself with a message containing its
username . The server responds with a rather long seed value, which looks like a mathematical equation. The client feeds this into a rather involvedalgorithm , along with the account'spassword , to produce two response values looking like variable assignments which are sent to the server. If these values match the server's expectations, the client is admitted and sent data associated with that account (such as buddy/friends lists).Although the seed value looks like an equation, it is in reality little more than a series of instructions in which the
operand s control lookups into a series of in-built tables, and theoperator s determine which logic operation to perform.SHA1 is also used to create twomessage digest data arrays, which are then encoded using a table to resemble software variable assignments.ee also
*
Comparison of instant messaging clients
*Comparison of instant messaging protocols External links
* [http://jymsg9.sourceforge.net YMSG Java API - Yahoo! Instant Messenger Support for Java]
* [http://hamsam.sourceforge.net Hamsam - Multi-protocol instant messaging API for Java]
* [http://libyahoo2.sourceforge.net libyahoo2 - A C library for Yahoo! Messenger]
* [http://cpan.uwinnipeg.ca/htdocs/Net-YMSG/Net/YMSG.html Net::YMSG - Perl Interface to the Yahoo! Messenger IM protocol]
* [http://www.venkydude.com/articles/yahoo.htm Yahoo Messenger Protocol]
* [http://www.ycoderscookbook.com/ Yahoo! Coders Cookbook]
Wikimedia Foundation. 2010.