Holy petey guacamole

just found this on the Escargot GitLab.

Funny thing is, I was actually developing my own YMSG server a couple months ago (in which the codebase will be merged with Escargot):

Currently mine supports YMSG9-10. But after some finishing up and polishing, the Escargot team will try to fit the rest of the pieces in this puzzle.

Editor’s note: Yahoo! Messenger 9+ uses login.yahoo.com/config/pwtoken_get and login.yahoo.com/config/pwtoken_login to get tokens, crumbs (a Yahoo! specific thing, I guess), and auth cookies for accounts (actually the URLs still work from personal testing, and from further inspection, the base URL is stored in the main executable as a NUL-spaced string (a string spaced out with hex value 0x00), so good luck when you get to that. :wink: Also, the Yahoo! Messenger audibles were stored on Yahoo! (http://l.yimg.com/pu/dl/aud/), and are unfortunately gone. And from searching around, there were links to .zip files containing all of the Audibles but are now unfortunately gone aswell. But a last resort is to someone on YouTube who uploaded all of the default Audibles (Rocky44r, https://www.youtube.com/playlist?list=PL0E700035987701DD), so contacting them to see if they have the original Flash files shouldn’t be a big problem (Yeah, they’re active. From looking at their “Liked Videos” playlist update date, they’re pretty recent).

Editor’s note #2: Yeah I know Wildman_Fujiami is making a YMSG server too. Please.

UPDATE: YMSG will now be implemented on Escargot! Read this thread for more info: Escargot and YMSG (Yahoo! Messenger)

1 Like

Hey there!

If you’re interested, you can actually request developer access on GitLab: Escargot / Escargot Server · GitLab (there’s a button that says “Request Access”)

We already have a good base to start with, so it’d be great to have you on-board. The part that would make this super cool is that you can actually write different “front-ends”, in which different protocols can use the same data. For example, you can talk to someone using WLM on Escargot using Yahoo Messenger if this gets implemented.

If you want to contact the creator, you can always e-mail him at valtron2000@gmail.com. He’s dead here, so there’s no point in tagging him.

Ah yes, the “MSN and Yahoo! Messenger interoperability” link. Honestly, that was actually my main driving point for developing my YMSG server. In fact, I actually started development targeting YMSG16, supported by Yahoo! Messenger 9 (which was one of the clients supporting WLM interoperability). But I had issues actually getting the thing to reply after the server had sent the challenge string (later on I realized that the challenge strings supported by YMSG16 had character sets hehe).

I will consider getting “on-board” soon.

Oh well that explains a lot. :stuck_out_tongue:

1 Like

well in that case I don’t need to bother pulling my hair out trying to get YMSG to play nice…


I feel like that having two YMSG servers (one seperate, and one linked with an MSNP server) would be redundant, so I’ll scratch my project and merge the codebase with valtron’s Escargot server. But that will be when I have enough time to actually finish/polish the YMSG9/10 code that I have so that I don’t commit a bunch of incomplete code.

Also, here are some other links to some YMSG documentation:

Yahoo Messenger Protocol (There is another archive on 6/01/03, but it has a sliding broken JPEG, which was originally supposed to be an ad by “whatsfind.com” from looking at the source code of the page).
Yahoo Messenger Protocol
Venky's World (Last update of the page, original link is now dead)
YMSG16: http://web.archive.org/web/20090623064155/carbonize.co.uk/ymsg16.html (Original link was alive a couple months ago, but the site had recently died, now redirects you to Google with fishy looking parameters, one of them being “CJ+Personal+Plans”, but nothing too malicious).
YCHT (Yahoo Chat, it was integrated with Yahoo! Messenger, if I’m not mistaken): Carbonize.co.uk | Logging onto Yahoo using the YCHT protocol (Link was unaccessible even before carbonize.co.uk got purged).

There are several open source 3rd-party clients (mainly on Planet Source Code; written in VB6) that support YMSG12-15, so you could probably start off from there to guess what the server would reply with on those versions of YMSG.

For the YMSG9/10 challenge strings (they look like this: “AAB.BCCDDEEFFGGHHIIJJK–”), they are 24 characters long, and they are encoded with Yahoo64, which is just Base64 with “+”, “/”, and “=” replaced with “.”, “_”, and “-” respectively. All you have to do is Yahoo64-encode a random 16-byte string (like a UUID, which I had used for the challenge strings, or an MD5 hash of (random data + salt (for extra randomness)).

For the challenge strings in YMSG11+ (they look like this: “g|i/p^h&z-d+2%v%x&j|e+(m^k-i%h*(s+8%a/u/x*(b-4i%h^g^j|m^n-rf+p+j)))”), generate a random 64-byte string with the following letters in this charset(“qzec2tb3um1olpar8whx4dfgijknsvy5”), with it following either a mathematical or bit(?) operator in this set (“+|&%/*^-”), and so on. Then enclose random parts of the 64-byte string in opening and closing parentheses. They’re basically glorified math expressions.

Go download libyahoo2 (libyahoo2.sourceforge.net) and study the code to translate into Python if you can to get the YMSG11+ challenge strings working and things like formatting friend lists, cookies, etc. (Personally, I studied jYMSG’s code; that’s how I got the challenge/response auth to (semi-)work).


1 Like

I can’t believe this is a thing

1 Like

I know, right? After finding this out I was basically surprised that a company would go out of their way to make a derivation of Base64 with MINOR CHANGES, when in fact, they could simply use Base64 and it’s a one and done deal (or use another way of constructing challenge/response strings).

Also yeah just randomly generate 16-byte strings in one way or another because it will always be 24-characters when Base64/Yahoo64-encoded.

The more you know…

1 Like



You should totally add me on Escargot :eyes:

(post deleted by author)


1 Like

lol i’m still stuck up in trying to get the contact commands sorted. :weary: i have been able to get as far as the add request dialog on the target users client… but strangely the “allow” button doesn’t actually seem to send a response back to the server…

I think I can get contact management working… but dealing with the password hashing is still a problem… cryptography is something I really don’t deal with well…