ايران ويج

سلام دوستان
من میخواستم بدونم که طریقه کار با پکتهای یاهو چجوریه همونطور که میدونید هر کاری در یاهو پکت مخصوصه خودشو داره مثلا ارسال پی امو غیره....... میخواستم در این مورد راهنمایی کنید به صورته مبتدیانه با مثال.. من تا اینجاشو میدونم که با پکت اسنیفر پکتها رو میگیرن و از اون پکتهای گرفته شده استفاده میکنن و حالا من میخوام بدونم که پکتهایی که با پکت اسنیفر گرفتیم چطور کار کنیم اگه میشه در حده امکان لطف کنید توضیحات مبتدیانه باشه و با مثال . ممنون

kar kardan ba pack ha kare pidhideyee hast
ama man 6 mah roshon kar kardam va dar nayhet narm afzrei nevshtam be name mrssoft y machine ke mitoni bri inja bebini
www.chatroomspam.blogfa.com

معمولا خود sniffer ها وقتی پکتی دریافت میکنن محتویاتشو نشون میدن

lord_viper نوشته است:معمولا خود sniffer ها وقتی پکتی دریافت میکنن محتویاتشو نشون میدن

میخواستم بدونم که چطور باید با محتویاته گرفته شده کار کنم؟

ویه سوال دیگه اینکه به فرض مثال من پکت ارسال تکست به روم رو میخوام و وقتی متن رو به روم ارسال میکنم پکت اسنیفر پکتشو نمیگیره باید چیکار کنم؟

meisambandari نوشته است:میخواستم بدونم که چطور باید با محتویاته گرفته شده کار کنم؟

معمولا خود sniffer ها خودشون یه بخش دارن که اصلاعات داخل پکتهای دریافتی رو نشون میده

نقل قول: ویه سوال دیگه اینکه به فرض مثال من پکت ارسال تکست به روم رو میخوام و وقتی متن رو به روم ارسال میکنم پکت اسنیفر پکتشو نمیگیره باید چیکار کنم؟

ببینین شما برای ارتباط با یاهو باید از پروتکل یاهو استفاده کنین که برای راحتی برنامه نویسها این پروتکل در قالب یک dll و یک ocx ایجاد شده که به همراه این dll مستنداتی از چگونگی ارتباط وجود داره که اسمش

نقل قول: Document Version 2.1 (13/03/2004)
The Yahoo Messenger Protocol
is an application layer protocol running most of the time over TCP, but in some cases over HTTP as well. Throughout this document, we will speak about the YMSG packets, after stripping out any other protocol data, but will mention this other data if it is of relevance.

The YMSG packet structure
The YMSG packet structure is as follows: (each byte is represented by 5 spaces in the following diagram, including the | at the end)
<------- 4B -------><------- 4B -------><---2B--->
+-------------------+-------------------+---------+
| Y M S G | version | pkt_len |
+---------+---------+---------+---------+---------+
| service | status | session_id |
+---------+-------------------+-------------------+
| |
: D A T A :
| 0 - 65535* |
+-------------------------------------------------+

* 65535 is the theoretical limit, since the length field is two bytes long. Practically though, the data section does not exceed about 1000 bytes. All numeric fields are stored in network byte order. i.e. Most significant byte first.
YMSG - The first four bytes of all packets are always YMSG - the protocol name.

version - The next four bytes are for the protocol version number. For version 10, these are 0x0A 0x00 0x00 0x00 NOTE: The last three bytes of this may just be padding bytes.

pkt_len - A two byte value, in network byte order, stating how many bytes are in the _data_ section of the packet. In practice, this value does not exceed about 1000.

service - This is an opcode that tells the client/server what kind of service is requested/being responded to. There are 45 known services. There are 45 known services at the moment, although more may exist. All known services are listed below along with the hex values that they correspond to.

Service (Hex) Description
01 User Online
02 User Offline
03 Friend Away
04 Friend Available
06 Instant Message
07 User Away
0A Friend Status
0B Mail
0F Friend List Changed
12 Secondary Ping *
15 IMVironment Setting
17 Invite Failed
18 Conference Invite
19 Conference Accept
1A Conference Text
1B Conference Message
1E YCHT User Online
1F YCHT User Offline
20 YCHT Private Message
46 File Transfer Upload
4A Voice Invite
4B Notification
4C Initiation
4D Extra Features
54 Challenge String Reply
55 Login Data
57 Challenge String Request
83 Add Friend
84 Remove Friend
85 Ignore
96 Request Room
97 Go To Room
98 Join Room
9B Leave Room
9D Invite
A0 Logout
A1 Primary Ping
A8 Chat Message


* Service 12 this is the secondary Ping but there is also an incoming packet of the same service which the user may recieve when they log in, i belive this is a packet from yahoo telling you how often to ping, probably field 144 contains the secondary ping time (minutes) and 143 the primary ping time (minutes)


status - In case of a response from the server, indicates the status of the request (success/failure/etc.). For a request, it is 0 in most cases, except for packets that set the user's status (set status, typing notify, etc.)

session id - The session id is used primarily when connecting through a HTTP prxoy. It is set in all cases, but has no effect in a direct connection. When the client sends the first packet, it is 0, the server responds with a session id that is used by the client and the server in all further packets. The server may change the session id, in which case the client must use the new session id henceforth.

DATA - The data section is pkt_len bytes long and consists of a series of key/value pairs. All keys are numeric strings. The packet contains their numeric values in the ASCII character set. e.g. 1 == 0x31, 21 == 0x32 0x31 The maximum number of digits in a key is unknown, although keys of up to three digits have been seen. Every key and value is terminated by a two byte sequence of 0xc0 0x80. Some keys may have empty values. The actual keys sent, and their meanings depend on the service in use. e.g. The packet data to send an instant message looks like this: 0x30 0xc080 yahoo_id 0xc080 0x31 0xc080 active_id 0xc080 0x35 0xc080 recipient_id 0xc080 0x3134 0xc080 message_text 0xc080 The 0xc080 byte sequence is a separator. The values 0x30, 0x31, 0x35 and 0x3134 are the keys. Convert them to their ASCII equivalents and you get 0, 1, 5, 14 (0x3134 == 0x31 0x34). Some common keys are



Key Description

0 User Account Field
1 Alias Field
2 Alias Name Field
3 Another Username Field
4 IM From Field
4 File Transfer From Field
5 IM To Field
6 Challenge1 Field
6 Clientid Field
7 Other Name Field
8 Buddy Count Field
9 Mail Count Field
10 Away State Field
11 File Transfer Count Field
13 Status Field
14 Text Field
14 File Transfer Description Field
15 Time Stamp Field
16 Error Field
17 Friend Info2 Field
18 Mail Subject Field
19 Away Text Field
20 File Transfer Url Field
26 IMVironment Field
27 File Transfer Filename Field
28 File Transfer Port Field
31 Instant Message4 Field
32 Instant Message5 Field
38 File Transfer Id Field
41 User Name2 Field
42 Mail Address Field
43 Mail From Field
47 Away Icon Field
49 Notify Description Field
50 Conference Starter Field
52 Conference Invite Field
54 File Transfer Server Version Field
56 Leave Conference Field
57 Conference Roomname Field
58 Conference Text Field
60 User Field
61 Webcam Authorization Field
62 Room Mode Field
63 IMvironment Field
64 Instant Message2 Field
65 Receiver Field
66 Permanent Ignore Result Field
87 Friend Group Listings Field
88 Ignore List Field
89 Alias List Field
94 Challenge String Field
96 Challenge2 Field
97 Instant Message3 Field
104 Room Name Field
105 Room Description Field
108 Guestlist Count Field
109 User Name3 Field
110 User Age Field
112 Guest Info2 Field
113 User *** Field
114 Denied Field
117 User Text Field
118 Invite To Field
119 Invite From Field
124 Text Mode Field
126 Room Flags Field
128 Room Category Field
129 Room Space Field
130 Voice Auth Field
135 Messenger Version Field
141 User Nickname Field
142 User Location Field
1002 Instant Message6 Field






Other useful information:

Genders:

As far as i can tell there as 6 possible values for the user *** field (113), this is also where the information regarding whether the user is on cam or not is found.

Gender Value Gender Description

1024 Gender Unknown --- User NOT on cam

1040 Gender Unknown --- User IS oncam

33792 Gender Male --- User NOT on cam
33808 Gender Male --- User IS on cam
66560 Gender Female --- User NOT on cam
66576 Gender Female --- User IS on cam



Room Chat Message Types

Unlike the YCHT protocol emotes and normal chat are actually sent using the same packet with a Text Mode field (124). there are 2 possible valuse for this field, 2 for emotes and 1 for normal chat.

Thougts are sent using an emote type but enclosed in an ascii bubble ". o O (thought)

Although i haven't seen any clients using it i have tested this field with valuse 0 through to 10 and all values EXCEPT 2 and 3 are normal text and just 2 and 3 come up as emotes (In yahelite) It is possible that some of these are used for client specific communication.





User Away Type Fields

When a user sets there status to away a friend away packet (Service 03) is sent, this contains an away type field (key 10)

Away Value Away Description

1 Be Right Back

2 "Busy"

3 Not At Home
4 Not At My Desk
5 Not In The Office
6 On The Phone
7 On Vacation
8 Out To Lunch
9 Stepped Out
99 Custom
999 Yahelite Away

If the away type is set to 99 then the packet will also contain an "Away Text Field" (key 19). This contains the user's custom away message.



User Online Status types

When a user on your buddy list comes online you will recieve a packet telling you (The packet type will be either 1 (if the user is on YMSG) or 1F (if they are on YCHT), This packet contains a field of type 13 (status) the value for this field will usualy be between 1 and 7 and is made up by adding different combinations of 1, 2 and 4, 1 means the user is on Yahoo Messenger, 2 means the user is in chat and 4 means the user is in games. The various combinations are shown in the table below.



Status Away Description

1 On Yahoo Messenger

2 In Chat

3 On Messenger, In Chat
4 In Games
5 On Yahoo Messenger, In games
7 On Yahoo messenger, In games, In chat



Client recognition

Any users using Yahelite or another 3rd party clien may have noticed that it knows what client some of the other users are on, this is not actually sent as a field in a packet but rather as a dummy font at the end of a room chat message.

Some of the known ones are:

Yahelite - <font YHLT ~></font>

Ymlite - <font YmLite > (note the space at then end before the ">")

Jam - <FONT JAM> (all in uppercase)

Yahxak - <font Yzak>



Multiple contents

With certain packets it is possible to have repeated fields, for example when you enter a room you will recieve a roomenter packet, essentially this is the same packet type as when any one enters the room but it contains all the room entry information of the people already in the room.

This also apllies to some of the private message packets, if 3 or 4 people (or more depending on how popular you are) send you a private message when you are offline all of the messages will arrive in one packet when you go online.



Servers

The YMSG protocol currently uses many servers (and as with many parts of the YMSG protocol yahoo is apt to change them without a moments notice) The ones currently in use are --- csX.msg.dcn.yahoo.com, where x is a number between one and approximatly 40 for example

cs32.msg.dcn.yahoo.com or cs2.msg.dcn.yahoo.com

There are also other servers used such as scs.msg.dcn.yahoo.com. and scsa.msg.dcn.yahoo.com



Text Formatting

Private Messages and chat messages use html for formatting however due to exploits in the past not all tags are excepted, the following tags are at this time still accepted.

<b> </b> (bold)

<u></u> (underline)

<s></s> (strikethrought)

<i></i> (italic)

<font .....></font> (font attributes)

<fade></fade> (fade attributes)

<color> some colors can be used like this, red, green, blue, black, cyan, gray and probably many others

There is also another type of formatting for colors:

the delimiters are chr(27) & "[" and the ending delimiter is m the content can be a number up to approx 38 (although i believe there are some others) eg: *[36m or *[1m (* stands for char 27 which is unprintable here)



Pings

There are 2 types of pings primary and secondary (service A1 and service 12), currently the ping times are 60 and 13 minutes have a look at the packet service 12 you recieve when you login. See common packets for ping packet information.



Login Procedure.

Connect to the yahoo server on port 5050

Once connected send a Challenge String Request (service 57) (see common packets)

The server will reply with a packet of the same service which will include a challenge string field (94) extricate the data from this field and fire it through whatever authurisation dll you are using along with your username and password (there is a vb6 module with an example of this available) once you've got back your string from the .dll send a login packet (service 54). If all this is done corectly you will recieve back a packet of service type 55. This is quite a large packet containg a lot of data including your buddy list and your aliases, parse it how you like.



Joining a room

Now you are logged in you are probably going to want to join a room. This is fairly simple but there are 2 steps.

First send a room request packet, this specifies the alias you will be using in chat.

When you get a packet back accepting this you can send a Join Room Packet. Voila your in chat, you can now send messages to the chat room.



Common Packets (outgoing)

Challenge string request service 57

header + "1" + delimiter + username + delimiter

you should know enough by now to realise what is happening here, there is a packet and a field 1 (containing username) all split up with the delimiter



Login Packet service 54

header + "6" + delimiter + crypt1 + delimiter + "96" + delimiter + crypt2 + delimiter + "0" + username + delimiter +"2" + delimiter + "1" + delimiter + delimiter + 1 + delimiter + username + delimiter + "135" + delimiter + messengerversion + delimiter + "148" + delimiter + "300" + delimiter

as you can see this packet includes fields 6 (challenge1 field), 96 (challenge2 field), 0 (user account field), 2 (alias name field), 1 (alias field), 135 (messenger version field), and 148 (currently unknown field).



Room Request service 96

header + "109" + delim + UserName + delim + "1"+ delim + alias + delim + "6" + delim + "abcde" + delim + "98" + delim + "us" + delim + "135" + delim + messengerversion + delim

This packet is generally for when you first join a room after logging in it tells yahoo what alias you are going to be using in chat.



Join Room service 98

header + "1" + delim + UserName + delim + "62" + delim + "2" + delim + "104" + delim + RoomName + delim



Set Status Away service 03

header + "10" + delim + AwayTypeNum + delim

Awaytypenum is a number between 1 and 9 (use 12 here to set to invisible) these away packets are away busy meaning if you send any of these a 'busy' icon will apear next to you name on someone elses buddy list.



Set Status Away (custom away message) service 3

header + "10" + delim + "99" + delim + "19" + delim + AwayMsg + delim + "47" + delim + AwayIconNum+ delim

Type 99 (field 10) means this is a custom away packet, field 19 contains the new status message and field 47 contains info as to whether or not to display the busy icon



Set Status Avail service 04

header + "10" + delim + "0" + delim



Ping (primary) service A1

header + "109" + delim +UserName + delim



Ping (secondary) service 12

this packet is in fact empty, just a header of type 12 and a size of 0



Chat Message service A8

header + "1" + delim +UserName + delim +"104" + delim +RoomName + delim +"117" + delim + TextForRoom + ClientTag + delim + "124" + delim + ChatType + delim

see the above notes on room chat messages for information on chat types



Common Packets (incoming)

Challenge String Reply service 57

this packet will vary but will look somthing like the following

headed + "1" + delim + username + delim + "94" + delim + Challenge String + delim + "13" + delim + status

the important part of this packet is the contents of field 94 (the challenge string) this needs to be extricated and sent through whatever autentication dll you are using.



Login Data service 55

once again this packet will vary and is generally very long but the importan parts are:

Field 87 : list of buddies (comma delimited)

Field 88 : list of ignored ids

Field 89 : list of aliases

Field 59 : there will be 3 occurences of this field each containg diffent cookie information

Fiel 151 : Unknown seems to contain a hash of something.



User Online service 1

This is one of the packet types that can contain multiple contents (ie can contain login information for more more than one online user) the packet looks something like.

header + delim + "0" + delim + username + delim + "1" + delim + alias + delim + "8" + delim + buddyonlinecount + delim + "7" + delim + UserWho'sOnline + delim + "10" + delim + awaystate + delim + "11" + Filetransfercount + delim + "17" + delim + friendInfo2 + delim + "137" + delim + "137" + delim + unknownfield + delim + "13" + delim + statusfield + delim

see above for more information on status fields and away state fields.



User Offline service 2

header + "7" + delim + UserWho'sOffline + delim + "10" + AwayState + delim + "11" + delim + FileTransferStuff + delim + "17" + delim + FriendInfo2 + delim + "138" + delim + UnknownField + delim + "13" + delim + StatusField



Friend Away service 3

There are 2 types of away message the standard away type (be right back, out to lunch, on vacation etc) and the custom message away status

Standard: header + "7" + delim + UserWho'sAway + delim + "10" + delim + AwayType + delim + "11" + delim + FileTransferStuff + delim + "17" + delim + FriendInfo2 + delim + "138" + delim + UnknownField + delim + "13" + delim + StatusField

The Custom away is similair to this but the awaytype field contains "99" and there is another field "19" containing the custom messsage and another field (47) saying whether or not to displaay the busy icon.



Friend Available service 4

"7" + delim + UserWho'sAway + delim + "10" + delim + AwayType + delim + "11" + delim + FileTransferStuff + delim + "17" + delim + FriendInfo2 + delim + "47" + delim + UnknownField + delim + "13" + delim + StatusField



Mail service B

Ther are 2 types of packet telling you you have mail, the first one is the one you may recieve when you go online telling you how many unread mail messages you have in your inbox, the second is what you recieve when you recieve an e-mail whilst online which includes more inforrmation.

header + "9" + delim + MailCount + delim

header + "9" + delim + MailCount + delim + "43" + delim + MailUser + delim + "42" + delim + MailAdress + delim + "18" + delim + MailSubject + delim



Room Chat service A8

header + "104" + delim + RoomName + delim + "109" + delim + WhoFrom + delim + "117" + delim + RoomChatMessage + delim + "124" MessageType

See above for more information on room chat type



Room Enter service 98

The room enter packet you encounter when you first join a room contains room enter information for all the people currently in the room.

header & "104" + delim + RoomName + delim + "105" + delim + RoomEnterMessage + delim + "108" + delim + GuestListCount + delim + "109" UserWhoEntered + delim + "112" + delim + GuestInfo + delim + "113" + delim + gender

May also contain fields 110 : Age field, 141 : user nickname field, 142 : User location field

See above for more ifnformation on the gender field



Room Leave service 9B

Pretty much the same as the room enter packet just with different service type.

header & "104" + delim + RoomName + delim + "105" + delim + RoomEnterMessage + delim + "108" + delim + GuestListCount + delim + "109" UserWhoLeft + delim + "112" + delim + GuestInfo + delim + "113" + delim + gender

May also contain fields 110 : Age field, 141 : user nickname field, 142 : User location field

See above for more ifnformation on the gender field