Overview
The YMSG protocol provides a language and series of conventions for software communicating with Yahoo!'s Instant Messaging service. In essence, YMSG performs the same role for Yahoo!'s IM as HTTP does for the World Wide Web. Unlike HTTP, however, YMSG is a proprietary protocol, a closed standard aligned only with the Yahoo! messaging service. Rival messaging services have their own protocols, some based on open standards, others proprietary, each effectively fulfilling the same role with different mechanics.
One of the fundamental tenets of instant messaging is the notion that users can see when someone is connected to the network—known in the industry as 'presence'. The YMSG protocol uses the mechanics of a standard internet connection to achieve presence—the same connection it uses to send and receive data. In order for each user to remain 'visible' to other users on the service, and thereby signaling their availability, their Yahoo! IM client software must maintain a functional, open, network connection linking the client to Yahoo!'s IM servers.
As some organizations block communication on the port used by Yahoo! IM, either because they choose to whitelist certain types of internet usage (only web surfing and email, for example) or because they seek to blacklist instant messaging services, Yahoo! provides an alternative route for connecting to their service which mimics the HTTP protocol used by the World Wide Web. However, because HTTP has no inherent sense of a persistent connection, Yahoo! instead relies on the client frequently contacting the server in order to approximate the sense of a connection required to give each user presence on the IM network.
Originally the YMSG login procedure suffered from a security flaw known as a replay attack, in which a given password (or other authentication information) is always identically scrambled when sent across the network. This allowed any attacker who witnesses the transmission to merely reproduce the message verbatim in order to successfully log in, without actually needing to know the original password (or other details) which generated it. But some time around 2000 or 2001, Yahoo! upgraded its service to introduce a random element to each login attempt, defeating any further potential for replay attacks.
With the exception of the login authentication details, data sent over a YMSG connection is not encrypted. YMSG uses a binary format in which the text portions of the data are transmitted in plain view. Therefore, while it is difficult for an attacker to seize control of a Yahoo! IM account, it is quite easy for them to read all messages sent to and from the account holder, along with other details such as the list of friends, if the attacker has control of one of the computers through which the data is routed.
Technical overview
The YMSG protocol communicates between the client application, and a server, using a TCP/IP connection on port 5050 by default. Other ports may be used if this port is blocked. Alternatively, an HTTP route is available for clients behind a well-secured firewall, with HTTP requests being used to upload messages from the client, while downloading all messages which have accumulated on the server since the last request.
The client remains logged in for as long as the TCP/IP connection is kept open. Or, in the case of a client connected via HTTP, until the client fails to send a request for some time ('ping' messages are sent every thirty seconds or so).
YMSG packets consist of a twenty byte header, that consists of four bytes for "YMSG", two bytes for the version (current is version 19),two bytes for the vendor id (typically 0), two bytes for the packet length(content only, does not include the 20 byte header), two bytes for the Service(the type of ymsg packet), 4 bytes for the Status(not related to buddy status, though is used to log in as invisible), and four bytes for the Session id. The rest of the packet is a variable length table of key/value pairs, where the key is an ASCII representation of a numeric code representing the field type, and the value is its associated data. A two byte separator, the hexadecimal values C0 and 80, are used to delimit each entry in this table.
Some parts of YMSG rely on other protocols. For example, file transfer is initially negotiated using YMSG, but the actual transfer of the file is done via HTTP. Webcams also use YMSG to discover and request permission to view, but HTTP to actually feed JPEG 2000 images from one client to another. Chatroom categories, rooms and lobbies are retrieved using HTTP as XML documents. Regular webcam connections use H.323. Yahoo! with Voice uses SIP. For calls, VoIP is handled indirectly by Yahoo! servers so the chat client does not have direct access to it. Yahoo! Chat and Conference Voice however use an older form of audio compression called TrueSpeech, developed by the DSP group.
The chatroom categories can be retrieved from here.
Login
The login process is a multi-step process that spans two protocols. The client, after successfully establishing a TCP connection to a ymsg server, sends an authentication packet that contains the user name that the user wishes to log in with to the YMSG server. The YMSG server then responds with an authentication packet containing a challenge string in key/value field 96. The HTTPS process then starts, connecting to login.yahoo.com, and sending the token_get string that is constructed with the username and password of the account the client is trying to log in with. The HTTPS response to the token login if successful will contain a token string. Then another HTTPS request is sent to login.yahoo.com with the token_login that is constructed with the token. If successful, the response will contain three strings: a crumb, Tcookie, and YCookie. The client then combines the crumb and challenge strings and performs an MD5 hash on the combined string, then converts the resulting 16-byte value to a Base64 string, and performs a very negligible amount of manipulation on the resulting Base64 string by making three character replacements ( '+' with '.', '=' with '-', and '/' with '_' ). The resultant Base64 string is then used in building the AuthenticationResponse packet, whose key 307 contains the resultant Base64 string value. The client then sends the AuthenticationResponse packet. If the AuthenticationResponse packet is successful, the client then will receive the List, ListV15, StatusV15, NewMail, Ping, and any number of Y7 Buddy Authorization and Message packets (for offline messages, and buddy requests). The List packet contains all the aliases to the user accounts YahooID, the ListV15 contains the users friends, groups, and ignored user list. The StatusV15 packet contains the users from the listV15 that are online, busy, or idle, as well as any status messages those users may have, and potentially a string that represents the resource on another HTTP server that is that user's display image.
ICQ is a cross-platform messenger and VoIP client. The name ICQ derives from the English phrase "I Seek You". Originally developed by the Israeli company Mirabilis in 1996, the client was bought by AOL in 1998, and then by Mail.Ru Group in 2010.
Telnet is an application protocol used on the Internet or local area network to provide a bidirectional interactive text-oriented communication facility using a virtual terminal connection. User data is interspersed in-band with Telnet control information in an 8-bit byte oriented data connection over the Transmission Control Protocol (TCP).
Instant messaging (IM) technology is a type of online chat that offers real-time text transmission over the Internet. A LAN messenger operates in a similar way over a local area network. Short messages are typically transmitted between two parties, when each user chooses to complete a thought and select "send". Some IM applications can use push technology to provide real-time text, which transmits messages character by character, as they are composed. More advanced instant messaging can add file transfer, clickable hyperlinks, Voice over IP, or video chat.
Trillian is a proprietary multiprotocol instant messaging application created by Cerulean Studios. It is currently available for Microsoft Windows, Mac OS X, Linux, Android, iOS, BlackBerry OS, and the Web. It can connect to multiple IM services, such as AIM, Bonjour, Facebook Messenger, Google Talk (Hangouts), IRC, XMPP (Jabber), VZ, and Yahoo! Messenger networks; as well as social networking sites, such as Facebook, Foursquare, LinkedIn, and Twitter; and email services, such as POP3 and IMAP.
Extensible Messaging and Presence Protocol (XMPP) is a communication protocol for message-oriented middleware based on XML. It enables the near-real-time exchange of structured yet extensible data between any two or more network entities. Originally named Jabber, the protocol was developed by the eponymous open-source community in 1999 for near real-time instant messaging (IM), presence information, and contact list maintenance. Designed to be extensible, the protocol has been used also for publish-subscribe systems, signalling for VoIP, video, file transfer, gaming, the Internet of Things (IoT) applications such as the smart grid, and social networking services.
OSCAR is AOL's proprietary instant messaging and presence information protocol. It was used by AOL's AIM instant messaging system and ICQ.
Kopete is a multi-protocol, free software instant messaging client released as part of the KDE Software Compilation. Although it can run in numerous environments, it was designed for and integrates with the KDE Plasma Workspaces. Kopete was started because ICQ blocked Licq from their network in 2001. According to the original author, Duncan Mac-Vicar Prett, the name comes from the Chilean Spanish word copete, meaning "a drink with your friends". Kopete has been nominated for multiple awards. The designated successor is KDE Telepathy from the KDE RTCC Initiative.
SOCKS is an Internet protocol that exchanges network packets between a client and server through a proxy server. SOCKS5 optionally provides authentication so only authorized users may access a server. Practically, a SOCKS server proxies TCP connections to an arbitrary IP address, and provides a means for UDP packets to be forwarded.
Direct Client-to-Client (DCC) is an IRC-related sub-protocol enabling peers to interconnect using an IRC server for handshaking in order to exchange files or perform non-relayed chats. Once established, a typical DCC session runs independently from the IRC server. Originally designed to be used with ircII it is now supported by many IRC clients. Some peer-to-peer clients on napster-protocol servers also have DCC send/get capability, including TekNap, SunshineUN and Lopster. A variation of the DCC protocol called SDCC, also known as DCC SCHAT supports encrypted connections. An RFC specification on the use of DCC does not exist.
The TOC protocol, or Talk to OSCAR protocol, was a protocol used by some third-party AOL Instant Messenger clients and several clients that AOL produced itself. Sometime near August 19, 2005, AOL discontinued support for the protocol and no longer uses it in any of the instant messaging clients it actively maintains, such as its Windows and Mac clients for the AOL Instant Messenger and ICQ systems. However, it once did produce several of its own TOC clients, including TiK and TAC which are written in Tcl/Tk, TNT which is written in Emacs Lisp, all of which are open source, and a Java client originally called TIC which later became the Quick Buddy web applet. AOL also provided the TOC protocol specification openly to developers in the hopes that they will use it instead of the proprietary OSCAR protocol they use themselves. In July 2012, AOL turned off the TOC2 servers and it is no longer possible to connect to AIM using this protocol.
Internet security is a branch of computer security specifically related to not only Internet, often involving browser security and the World Wide Web, but also network security as it applies to other applications or operating systems as a whole. Its objective is to establish rules and measures to use against attacks over the Internet. The Internet represents an insecure channel for exchanging information, which leads to a high risk of intrusion or fraud, such as phishing, online viruses, trojans, worms and more.
In the X Window System, X display manager is a graphical login manager which starts a login session on an X server from the same or another computer.
BitlBee is a cross-platform IRC instant messaging gateway, licensed under the terms of the GNU General Public License.
Push notifications are small messages that can reach audiences anywhere and anytime. While pop-ups appear only when audiences are on the site they belong to, push messages are independent of sites. They are associated with web browsers and apps.
Microsoft Notification Protocol is an instant messaging protocol developed by Microsoft for use by the Microsoft Messenger service and the instant messaging clients that connect to it, such as Skype since 2014, and the earlier Windows Live Messenger, MSN Messenger, Windows Messenger, and Microsoft Messenger for Mac. Third-party clients such as Pidgin and Trillian can also communicate using the protocol. MSNP was first used in a publicly available product with the first release of MSN Messenger in 1999.
MSN Chat was the Microsoft Network version of IRCX, which replaced Microsoft Chat, a set of Exchange-based IRCX servers first available in the Microsoft Comic Chat client, although Comic Chat was not required to connect.
Virtual Places Chat is software that uses the paradigm that any web page on the Internet is a chat room – or Virtual Place – if one or more people are viewing the page with the VPchat program. A web browser is an integral part of VPchat. When VPChat it is used there is a chat pane below the browser window in which the conversation text is displayed, below which is a box for entering text for the conversation. To the right of the browser window is a list of people in the room.
WebSocket is a computer communications protocol, providing full-duplex communication channels over a single TCP connection. The WebSocket protocol was standardized by the IETF as RFC 6455 in 2011, and the WebSocket API in Web IDL is being standardized by the W3C.
Secure instant messaging is a form of instant messaging. Both terms refer to an informal means for computer users to exchange messages commonly referred to as "chats". Instant messaging can be compared to texting as opposed to making a mobile phone call. In the case of messaging, it is like the short form of emailing. Secure instant messaging is a specialized form of instant messaging that along with other differences, encrypts and decrypts the contents of the messages such that only the actual users can understand them.
