|
|
|
|
||||
|
Welcome to the GoFuckYourself.com - Adult Webmaster Forum forums. You are currently viewing our boards as a guest which gives you limited access to view most discussions and access our other features. By joining our free community you will have access to post topics, communicate privately with other members (PM), respond to polls, upload content and access many other special features. Registration is fast, simple and absolutely free so please, join our community today! If you have any problems with the registration process or your account login, please contact us. |
 |
|
|||||||
| Discuss what's fucking going on, and which programs are best and worst. One-time "program" announcements from "established" webmasters are allowed. |
|
|
Thread Tools |
10-16-2003, 10:17 AM
|
#1 |
|
So Fucking Banned
Join Date: Jan 2001
Location: http://www.thefly.net/ --- Quit your job and live off steady traffic.
Posts: 11,856
|
Found this on the Trillian forum... What do the Yahoo spammers think about this...?
I've read a great deal of the complaining, sniping, and trolling in the thread regarding the (hopefully) upcoming YM protocol patch, and it inspired me to get dirty with a sniffer and see what Yahoo's up to. If you're waiting eagerly for a patch, and you're mad that Cerulean is taking so long, please read carefully and gain some newfound respect for these guys and the really tough task they have in front of them. At the very least, reading this will keep you busy whilst they work.
When you log into YM, several packets of protocol YMSG get passed back and forth between your machine and the Yahoo server to do authorization, buddy list retrieval, etc. The one we're going to look at today is the fourth YMSG packet in the protocol. It comes from the server to you, has a Service attribute of YAHOO_SERVICE_AUTH, and a status of 1. It has three fields of content, the first being your username, the third being something-I-don't-know-what-probably-unimportant-because-for-me-it's-always-1, and the second being the one we're really interested in here. The second content field is a string of 70-100 characters. It seems to alternate between lowercase letters and symbols, and seems to be a large algebraic expression. This expression uses the usual +, -, *, /, as well as ^, %, and even the (bitwise? boolean?) & and | operators, and includes parenthesis. Here's the fun part: there's no equals sign, so who the heck knows what this expression is attempting to solve? I've included three chunks here from three different packets, all logins from the same computer, all within 5 minutes: ...c|x+b/u%t*4-(o-d)^v... ...w*q-b-f%g&o*y|c^4... ...c/8&8&f|o^v|t-m*3-5^w... The packet from your machine to the yahoo server in response to this message seems to be a solution to the problem posed in the previous message, but the solution does not make mathematical sense. The first two content fields have around 50 characters each and look like this (these responses go with the challenges above, although they are different parts of the content field and not in the same packet order): ...F=j6,Z=8k;Q=mB;... ...w=AA;B=CA,A=eo,... ...R=0h,w=f0,A=92;... And no, these solutions are not in hex (0-9a-f), they're not in base 10 (0-9), they're not in base 36 (0-9a-z). Base 62 (0-9a-zA-Z)? Possibly, but I haven't done the analysis to try to determine a pattern. Also, the items on the left of the equalities do NOT match the list of letters/variables in the problem packet. Finally, I did not mistype the commas and semicolons above - some of the "solutions" are separated by commas, some by semicolons. I see no pattern, but I'll bet a single comma replaced by a semicolon in the response would invalidate the response. After this response is accepted by the server, YM goes on to do other things related to your now authorized session. This is clearly an attempt by YM Engineers (YMEs, pronounced why-me) to keep clients other than the blessed Yahoo Client from being authorized to use their chat system. The most likely thing is that the YC has code to parse, transmogrify, and spit back these strings. It's like a keyless encryption system, which is not very secure but is nonetheless frustrating to people without the code for it (i.e. Cerulean). The double whammy, of course, is that if Cerulean takes the obvious step to fix this (disassembling the YC to get at the algorithm), they have probably violated the YMEs' copyright and license agreement and expose themselves to litigation. And how do the lawyers prove that Cerulean violated the YMEs' intellectual property rights, boys and girls? By the very fact that they were successful! Yuck. 'Tis a pickle, and I'm sure Cerulean has gotten much farther on it than I have, but 'tis a pickle in any case. So let's have a little respect for these guys (and gals) that are no doubt working their collective *sses off trying to get through the technical problems, instead of whining that it's taking too long. Hmm? |
|
|
|
10-16-2003, 10:27 AM
|
#2 |
|
So Fucking Banned
Join Date: Aug 2003
Posts: 474
|
I like pickles.
|
|
|
|
|
10-16-2003, 10:30 AM
|
#3 | |
|
♥♥♥ Likes Hugs ♥♥♥
Industry Role:
Join Date: Nov 2001
Location: /home
Posts: 15,841
|
Quote:
__________________
I like pie. |
|
|
|
|
|
10-16-2003, 10:32 AM
|
#4 | |
|
So Fucking Banned
Join Date: Aug 2003
Posts: 474
|
Quote:
|
|
|
|
|
|
10-16-2003, 10:35 AM
|
#5 |
|
stc is the greatest
Join Date: Dec 2002
Location: rip sean murray
Posts: 12,403
|
fly i can show you some fucking hilarious shit
icq me at 101704 |
|
|
|
|
10-16-2003, 11:20 AM
|
#6 |
|
Too lazy to set a custom title
Industry Role:
Join Date: Feb 2003
Location: NJ
Posts: 13,336
|
discrete math....
|
|
|
|
|
10-16-2003, 11:29 AM
|
#7 |
|
Push Porn Like Weight.
Industry Role:
Join Date: Mar 2002
Location: Inside .NET
Posts: 10,652
|
will older versions of the protocol still be accepted at login?
__________________
Cry havoc and let slip the dogs of war. |
|
|
|
|
10-16-2003, 12:21 PM
|
#8 |
|
Confirmed User
Join Date: Nov 2002
Location: Las Vegas & Los Angeles
Posts: 1,190
|
they already released a patch for yahoo, its been out for awhile i got it a few weeks ago and it was there.. unless this is somethin else
__________________
blah blah fucking blah |
|
|
|
|
10-16-2003, 12:25 PM
|
#9 | ||
|
Confirmed User
Industry Role:
Join Date: Jul 2003
Location: couch
Posts: 6,258
|
Quote:
Quote:
This is my poem for the day Thank you I'll be here all week  |
||
|
|
|
|
10-16-2003, 12:52 PM
|
#10 | |
|
So Fucking Banned
Join Date: Oct 2003
Location: In my house
Posts: 786
|
Quote:
If you are truly interested in this subject, the person in charge of yahoo chat , is on yahoo from 8 - 4 weekdays Her name is stephanie bergman and she can be found in the yahoo chat room called Yahoo! chat help:1 She will be using the name katchooo If your interested in the protocol i can always be hired for $$$ |
|
|
|
|
|
10-16-2003, 12:58 PM
|
#11 |
|
Confirmed User
Join Date: Jun 2002
Location: Da Swamps
Posts: 8,500
|
anyone having trouble with msn too? trillian hasnt been able to connect for me for like 3 days now, i gave up giving a shit about the yahoo patch, i installed one and i had to system restore to get trillian to actually work again
__________________
Oxeo - Serious Hosting For Serious Webmasters. iCQ:135.887013
|
|
|
|
|
|
|||||||
|
|||||||
| Bookmarks |
