Found this on the Trillian forum... What do the Yahoo spammers think about this...?

[TheFLY]

I've read a great deal of the complaining, sniping, and trolling in the thread regarding the (hopefully) upcoming YM protocol patch, and it inspired me to get dirty with a sniffer and see what Yahoo's up to. If you're waiting eagerly for a patch, and you're mad that Cerulean is taking so long, please read carefully and gain some newfound respect for these guys and the really tough task they have in front of them. At the very least, reading this will keep you busy whilst they work.

When you log into YM, several packets of protocol YMSG get passed back and forth between your machine and the Yahoo server to do authorization, buddy list retrieval, etc. The one we're going to look at today is the fourth YMSG packet in the protocol. It comes from the server to you, has a Service attribute of YAHOO_SERVICE_AUTH, and a status of 1. It has three fields of content, the first being your username, the third being something-I-don't-know-what-probably-unimportant-because-for-me-it's-always-1, and the second being the one we're really interested in here.

The second content field is a string of 70-100 characters. It seems to alternate between lowercase letters and symbols, and seems to be a large algebraic expression. This expression uses the usual +, -, *, /, as well as ^, %, and even the (bitwise? boolean?) & and | operators, and includes parenthesis. Here's the fun part: there's no equals sign, so who the heck knows what this expression is attempting to solve? I've included three chunks here from three different packets, all logins from the same computer, all within 5 minutes:

...c|x+b/u%t*4-(o-d)^v...
...w*q-b-f%g&o*y|c^4...
...c/8&8&f|o^v|t-m*3-5^w...

The packet from your machine to the yahoo server in response to this message seems to be a solution to the problem posed in the previous message, but the solution does not make mathematical sense. The first two content fields have around 50 characters each and look like this (these responses go with the challenges above, although they are different parts of the content field and not in the same packet order):

...F=j6,Z=8k;Q=mB;...
...w=AA;B=CA,A=eo,...
...R=0h,w=f0,A=92;...

And no, these solutions are not in hex (0-9a-f), they're not in base 10 (0-9), they're not in base 36 (0-9a-z). Base 62 (0-9a-zA-Z)? Possibly, but I haven't done the analysis to try to determine a pattern. Also, the items on the left of the equalities do NOT match the list of letters/variables in the problem packet. Finally, I did not mistype the commas and semicolons above - some of the "solutions" are separated by commas, some by semicolons. I see no pattern, but I'll bet a single comma replaced by a semicolon in the response would invalidate the response.

After this response is accepted by the server, YM goes on to do other things related to your now authorized session.

This is clearly an attempt by YM Engineers (YMEs, pronounced why-me) to keep clients other than the blessed Yahoo Client from being authorized to use their chat system. The most likely thing is that the YC has code to parse, transmogrify, and spit back these strings. It's like a keyless encryption system, which is not very secure but is nonetheless frustrating to people without the code for it (i.e. Cerulean). The double whammy, of course, is that if Cerulean takes the obvious step to fix this (disassembling the YC to get at the algorithm), they have probably violated the YMEs' copyright and license agreement and expose themselves to litigation. And how do the lawyers prove that Cerulean violated the YMEs' intellectual property rights, boys and girls? By the very fact that they were successful! Yuck.

'Tis a pickle, and I'm sure Cerulean has gotten much farther on it than I have, but 'tis a pickle in any case.

So let's have a little respect for these guys (and gals) that are no doubt working their collective *sses off trying to get through the technical problems, instead of whining that it's taking too long. Hmm?

[apoklyptk]

I like pickles.

[Babaganoosh]

Quote:

Originally posted by apoklyptk
I like pickles.

I like pie.

[apoklyptk]

Quote:

I like pie.

You, sir, did'nt read the whole post. Pie is irrelevant.

[ytcracker]

fly i can show you some fucking hilarious shit

icq me at 101704

[TheSenator]

discrete math....

[smack]

will older versions of the protocol still be accepted at login?

[markell]

they already released a patch for yahoo, its been out for awhile i got it a few weeks ago and it was there.. unless this is somethin else

[EZRhino]

Quote:

Originally posted by apoklyptk
I like pickles.

Quote:

Originally posted by Armed & Hammered

I like pie.

Careful or I'll shoot cum in your eye.
This is my poem for the day
Thank you I'll be here all week

[Smokey The Bear]

Quote:

Originally posted by smack
will older versions of the protocol still be accepted at login?

They are right now , but i wouldnt count on it for much longer.

If you are truly interested in this subject, the person in charge of yahoo chat , is on yahoo from 8 - 4 weekdays

Her name is stephanie bergman and she can be found in the yahoo chat room called Yahoo! chat help:1

She will be using the name katchooo

If your interested in the protocol i can always be hired for $$$

[XxXotic]

anyone having trouble with msn too? trillian hasnt been able to connect for me for like 3 days now, i gave up giving a shit about the yahoo patch, i installed one and i had to system restore to get trillian to actually work again