As I was still testing the WIP Escargot YMSG frontend, I noticed that when authentication was successful, the client would send this packet pictured here:
The curious cat I was decided to extact the key-value pairs and examine the data within.
First, here’s the structure:
Key 1: <YahooId>
Key 25: Unknown (“C=0[0x01]F=1,P=0,C=0,H=0,W=0,B=0,O=0,G=0[0x01]M=0,P=0,C=0,S=0,L=3,D=1,N=0,G=0,F=0,T=0”)
Key 146: Base64 string #1
Key 145: Base64 string #2
Key 147: Base64 string #3
Not knowing how key 25 was created, I had instead decoded the Base64 strings to see what was up, and oh boy, was something up.
Key 146 is actually the operating system the client is running on (e.g.: “V2luZG93cyAyMDAwLCBTZXJ2aWNlIFBhY2sgNA==” decodes to “Windows 2000, Service Pack 4”).
Key 145 is actually the processor type (e.g.: “SW50ZWwgUGVudGl1bSBQcm8gb3IgUGVudGl1bQ==” decodes to “Intel Pentium Pro or Pentium”).
Finally, key 147 is actually the time zone of the user (e.g.: “RWFzdGVybiBTdGFuZGFyZCBUaW1l” decodes to “Eastern Standard Time,” my time zone).
I’d only see this kind of data used in collecting PC data. A similar kind of PC data collection is used in MSNP (CVR), and it’s interesting to see that Yahoo! had done the same thing.
In short, this packet service isn’t a passthrough. It’s data collection.