YMSG protocol support

[ThuongTin]

Sory! That is my language. I'm Vietnames

expandcollapse popup

<?php
define('mr.lonely2089@yahoo.com',true);
@set_time_limit(0);
include('w.theme.class.php');
include('w.yahoo.class.php');
$theme=new w_theme();
$yahoo=new w_yahoo();
function microtime_float()
{
   list($usec, $sec) = explode(" ", microtime());
   return ((float)$usec + (float)$sec);
}
$time_start = microtime_float();
if($_POST){
    $victim=$_POST['yids'];
    if(!$victim || $victim=='Type yahoo id here!' || $victim==''){
    echo "<center><b>You need enter nick check.</b></center>";
    exit;
    }
    else if(strlen($victim)<5){
    echo "<center><b>Yahoo! ID <font color=red>$victim</font> invaild</b>. Yahoo! ID must have at least 4 characters in length.</center>";
    exit;
    }
    $checkid=$yahoo->curl('GET','',      'https://edit.yahoo.com/reg_json?PartnerName=yahoo_default&RequestVersion=1&AccountID='.$victim.'@yahoo.com&GivenName=&FamilyName=&ApiName=ValidateFields&intl=us',0,0,0);
if(!strpos($checkid,'PERMANENT_FAILURE')){
echo "<center>Yahoo ! ID <b><font color=red>$victim</font></b> not exist </center>";
exit;
}
    $bot=array( array('btlvn_check1','123456'),
array('btlvn_check2','123456'),
                            array('btlvn_check3','123456'),
                            array('btlvn_check4','123456'),
                            array('btlvn_check5','123456'),
                            array('btlvn_check6','123456'),
                            array('btlvn_check7','123456'),
                            array('btlvn_check8','123456'),
                            array('btlvn_check9','123456'),
                            array('btlvn_check10','123456'),
                            );
    $rand=rand(0,8);
    $username=$bot[$rand][0];
    $pwd=$bot[$rand][1];
    $cookie=md5($username.$pwd).'_cookie.txt';
    $login=$yahoo->curl("GET","","http://login.yahoo.com/config/login?.src=my&logout=1&.direct=1&.done=",0,1,0);
    $login=$yahoo->curl("GET","","http://login.yahoo.com/config/login?login=".$username."&passwd=".$pwd,0,1,0);
    sleep(1);
    if(strpos($login,"Invalid ID or password")){
    $login=$yahoo->curl("GET","","http://login.yahoo.com/config/login?.src=my&logout=1&.direct=1&.done=",0,1,0);
    $login=$yahoo->curl("GET","","http://login.yahoo.com/config/login?login=".$username."&passwd=".$pwd,0,1,0);
    }
    $Y="Y=v=".$yahoo->find($login,"Y=v=",";");$T="T=z=".$yahoo->find($login,"T=z=",";");$Encrypt=$Y." ".$T;
    $fp=fsockopen('tcp://scs.msg.yahoo.com', 5050, $errno, $errstr, 20);
    fwrite($fp,$yahoo->w_login($username,$Encrypt));
    stream_set_timeout($fp,1);
    $buffer=trim(stream_get_contents($fp));
    if(strpos($buffer,"U")!==false)
    {
        $victim=split(",",$victim);
        $main=$theme->w_buff_theme('result');
        $row=$theme->w_get_block($main,'list_row',1);
        $html = '';
        for($i=0;$i<=count($victim)-1;$i++){
            if($i>0){break;}
            $key=substr($buffer,16,4);
            $check=file_get_contents('http://opi.yahoo.com/online?u='.$victim[$i].'&m=t&t=1');
            $avatar = $yahoo->w_avatars($victim[$i]);
            if($check == '01'){$status='online';}
            else
            {   
                            
            stream_set_timeout($fp,1);
                $buffer=trim(stream_get_contents($fp));
                if(strpos($buffer,''));
                fwrite($fp,$yahoo->w_scan($username,$victim[$i],$key));
                stream_set_timeout($fp,1);
                $buffer=trim(stream_get_contents($fp));
                if(strpos($buffer,"yahoofs.com"))
                    {
                    $status="invisible";
                }else{
                    $status="offline";
                }
            }
            // Packet check cam here
            // Remover ^^
            // End packet
        $html .= $theme->assign_vars($row,
        array('w_yids'=>$victim[$i],
               'w_result'=>$status,
               'w_avatars'=>$avatar,
               'w_istatus'=>$status,
               'w_webcam'=>$webcam,)
            );
        }
    }
    // Time check
    $time_end = microtime_float();
    $time = $time_end - $time_start;            
    $w_time = "Times:" . number_format($time) . "</font> seconds <br>";
    // End time
    $main = $theme->assign_vars($main,array(
            'w_time'    =>  $w_time,
        )
    );
    $main = $theme->assign_blocks_content($main,array(
            'list'  =>  $html,
        )
    );
    $theme->w_show($main);
    exit;
}
$html=$theme->w_buff_theme('theme');
$array = array('w_web_title'=>'Yahoo ! Detector | BTL.VN | lMr.lonely2089@yahoo.com',
                'w_copyright'=>'Copyright 2008 &copy; by <a href="ymsgr:sendim:im?mr.lonely2089&m=hello">mr.lonely2089</a> .<br>Developed by BTL Group<br>Email: <a href="java script: void(0)" 
   onclick="popup(\'mail/index.php\')">Mr.lonely2089@yahoo.com</a> - Mobile: 911',
               );
$theme->w_show($theme->assign_vars($html,$array));
?>

[Merovingian]

NB: Captcha does not work on Vista.

Just to let you know.

Perhaps others with Vista can help with the solution to this problem.

Typing in the Captcha literal character per character correctly responds with an ERROR.

This does not happen on Win2K or WinXP. Vista must read something differently-?

Edited May 15, 2009 by Gargy

[crashdemons]

Sory! That is my language. I'm Vietnames

I got pretty far into working on it, but I have a little problem with your code...

When you login with http://login.yahoo.com/config/login?login=[uSER]&passwd=[PASS]

the response headers do not contain Y or T cookies, as required by your code.

If you don't believe me, here's the response header from the Config Login:

Date: Fri, 15 May 2009 08:44:36 GMT
Set-Cookie: U=mt=J0ur.Z2****CENSORED***391TkUNQ--&ux=0tSDKB&un=ait02nd4hj0db; expires=Mon, 14-May-2012 08:44:36 GMT; path=/; domain=yahoo.com
Expires: Thu, 01 Jan 1995 22:00:00 GMT
Last-Modified: Fri, 15 May 2009 08:44:36 GMT
Cache-Control: no-store, no-cache, must-revalidate, private
Cache-Control: post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: U=deleted; expires=Thu, 15-May-2008 08:44:35 GMT; path=/; domain=yahoo.com
Set-Cookie: myc=d=pTVIMV****CENSORED***t&v=2; expires=Sat, 15-May-2010 08:44:36 GMT; path=/; domain=my.yahoo.com
Set-Cookie: myc_s=d=IGi341kM****CENSORED***Q2P7T8aanUkc.NCg--&v=2; path=/; domain=my.yahoo.com
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html; charset=utf-8

And yes, the username did login successfully.

A workaround gone wrong:

I knew that I could use the PwToken login to get Y and T cookies, but they were denied as invalid. (0x07D1 66«»1003«»)

I am guessing that there are differences between these because the service you logged into will be saved in the cookies themselves.

I will review the code again and search further, but please respond.

PS: How old is that script? (didn't bother looking for dates)

Edited May 15, 2009 by crashdemons

[crashdemons]

Another note about the above:

I think that this scan will work on YMSG16, but only if the user is using Yahoo Messenger.

(ServicePicture (BE) which is being sent to the user is responded to automatically by Yahoo Messenger)

0x00BE seems work over YMSG16, but I haven't tested it with an invisible user yet.

At least you can check if they're using Messenger.

Edit: tested on an invisible user, worked fine.

Note: I'm not sure what versions of Yahoo Messenger this requires to work.

Edited May 15, 2009 by crashdemons

[crashdemons]

Invisible Scanner With YMSG (PHP)

Can you convert it 2 autoit?

Check the examples ZIP for YInvisibleScanner.au3, I think you'll be pleasantly surprised

(No avatars shown/etc. goofy stuff, but it does show invisible Messenger users)

Yet again, I'm not sure what messenger versions automatically reply to 00BE requests and almost no third-party clients will reply to it, so it can only supply so much.

... which brings me to:

UPDATE: YMSGLib v2.1c

- added the Error-Reason code "202_login_ex" to allow valid "illegal" usernames where 202_login requires the ID to start with a letter (implying a "legal" ID; or rather, a registration ID...)

- added function _YMSG_ValidateID which locally checks for legitimate login IDs (by default allows "illegal IDs" previously allowed, can be disabled via second parameter)

Please note: "Illegal" does not mean Invalid, "Illegal" refers to whether an ID of a type can be registered anymore.

- added function _YMSG_ValidateFields (returns the ID's registration validity and availability server output)

- added function _YMSG_CheckOnline (returns the Opi.Yahoo.com server Online-Check textual value)

- modified _YMSG_LibRequire to check WinHTTP.au3 version also (if not 0)

Sidenotes:

WinHTTP.au3 now allows a setting ($_WinHTTP_StayEnabled=True) to override _Shutdown calls from other functions.

Invisible Scanner example added

Edited May 15, 2009 by crashdemons

[Dampe]

This is awesome.

Although, It introduces a new level of virus's and malware to autoit.

[crashdemons]

Exactly how does being able to check the online status of a user or getting into chat introduce malware?

Correct me if I'm wrong but:

If someone abuses this library intentionally, it is not my responsibility.

- just as they could abuse anything ranging from the Shutdown function to the FileDelete function

- AutoIt's creators aren't responsible for people abusing those either.

Now, being able to check the status of an invisible user is a little questionable, but besides a minor privacy issue on Yahoo (which is absolutely nothing new), it doesn't really come to anything consequential.

Which is why there are legitimate programs on the internet that already DO check if a user is invisible.

And last but not least:

Why is Yahoo Messenger responding at all if it wants to be invisible?

What if I had another Yahoo Messenger and was validly receiving users' images while watching a packet sniffer?

I would see the same results from the user...

Anyhow - if there's any official problem with having an invisible scanner or any other piece of code, I'll gladly remove it.

[Dampe]

I'm not blaming you for this, just suggesting what may become of it.

I was more or less refering to the fact that people could use the yahoo messenger protocol to help spread their virus's.

E.g.

Load .exe -> steal account info from yahoo messenger -> log on to account -> send link of malicious file to all contacts.

[Andreik]

The Buddylist and IgnoreList occurs in packet 00F1, where fields 302 and 303 mark the beginning and ending of a list (which one chosen by the number in these field's data) and fields 300 and 301 mark the beginning and end of list items.

These are arranged so that if the field order is 302,300,7,301,303 then the field 7 is in this particular item which is also in a list.

The hierarchy of the real buddylist/etc. is somewhat more complex:

List:BuddyGroups( Item:BuddyGroup( Field:GroupName & List:Buddies( Item:Buddy(Field:BuddyName), ... ) ), ... )
List:Ignores(Item:Ignore(Field:BuddyName), ... )
List:BuddyStats(Item:BuddyStat(Field:BuddyName & Field:AwayState &? Field:AwayText), ... )

So pretty much the idea is that Lists contain Items, Items contain Fields and/or Lists.

Here is an example that outputs the buddy/ignore information to the SciTE console in correct hierarchy.

(Note: " Case '00F1', '00F0' " is where the fun starts )

(Note: you'll have to close it via the tray icon)

Example output:

StartList(BuddyGroups) {
    StartItem(BuddyGroup) {
        GroupName(SomeGroupNameHere)
        StartList(Buddies) {
            StartItem(Buddy) {
                BuddyName(UserXXX3823)
            } EndItem(Buddy)
            StartItem(Buddy) {
                BuddyName(UserXXX0725)
            } EndItem(Buddy)
        } EndList(Buddies)
    } EndItem(BuddyGroup)
    StartItem(BuddyGroup) {
        GroupName(SomeOtherGroup)
        StartList(Buddies) {
            StartItem(Buddy) {
                BuddyName(Bob349fc_76fsd)
            } EndItem(Buddy)
        } EndList(Buddies)
    } EndItem(BuddyGroup)
} EndList(BuddyGroups)
StartList(Ignores) {
    StartItem(Ignore) {
        BuddyName(spammer301d3asd)
    } EndItem(Ignore)
    StartItem(Ignore) {
        BuddyName(flooderds8d8111s)
    } EndItem(Ignore)
} EndList(Ignores)
StartList(BuddyStats) {
    StartItem(BuddyStat) {
        BuddyName(UserXXX3823)
        AwayState(99)
        AwayText(Away)
    } EndItem(BuddyStat)
} EndList(BuddyStats)

Which actually looks like this if you had seen it as fields (without indention; where «» is a field delimeter)

302«»318«»
    300«»318«»
        65«»SomeGroupNameHere«»
        302«»319«»
            300«»319«»
                7«»UserXXX3823«»
            301«»319«»
            300«»319«»
                7«»UserXXX0725«»
            301«»319«»
        303«»319«»
    301«»318«»
    300«»318«»
        65«»SomeOtherGroup«»
        302«»319«»
            300«»319«»
                7«»Bob349fc_76fsd«»
            301«»319«»
        303«»319«»
    301«»318«»
303«»318«»

...

A real headache to do by hand, with all this encapsulation.

For YMSGLib:

_YMSG_FieldsToArray($aFields,$sData) outputs an array of fields to $aFields in the following format (it IS just a stringsplit )

[0]=number of elements

[1]=field number

[2]=data of above field

[3]=field number(2)

[3]=data of above field

...

you can use _YMSG_FieldArrayGetValue($aFields,$iFieldNum,$iOccurrence) to get the data of a specific field, but I would suggest against it for a list, since this function searches the fields array.

Thank you. Now I can write a little Y!Client. Edited May 19, 2009 by Andreik

[JackyChan]

I cant run script. It has many problem or errors. Can you tell me why? Or fix it?

[Andreik]

I cant run script. It has many problem or errors. Can you tell me why? Or fix it?

What error you get?

[crashdemons]

Probably errors with Call('...') since Au3Check checks for function existence here and returns errors if the called function doesn't exist - even though AutoIt merely sets @error if the function doesn't exist (not a critical issue!)

In the next update I'll replace Call with Execute (not checked by Au3Check) to supress Error's and Warnings'

This is, unless someone has a better idea on how to detect if a function exists in the current script even when compiled.

PS: The Call() example in the Help File seems to only bypass this Error on a technicality - function names passed by a variable are not checked.

Edited May 23, 2009 by crashdemons

[crashdemons]

Update: YMSGLib 2.3

- Moved many display strings/names to YMSGLib.ini including the Error codes, countries, industry etc to reduce overall size.

- Added functions: PacketGetName, StatusGetName, FieldGetName, ListGetName (List referring to the Begin/EndList and Begin/EndItem field values)

- Because of this, the display text and names can now be updated separately or edited by the user.

- Changed Call()'s to Execute() - this was to bypass Au3Check "ERRORS."

Note: Do NOT make your programs conditional on the field/packet names, they are subject to later change!

Note: The YMSGLib.ini is NOT required, but it does contain the textual display information (Error Reasons/Packet Names/Job Titles/Language abbreviations/etc.)

YMSGLib.ini updated

As above, the INI now contains most if not all of the bulk display text.

WinHTTP.au3 updated (v1.2)

Added some globals to suppress Au3Check warnings.

Other:

YMSGLib.zip now contains YMSGLib.au3/YMSGLib.ini/WinHTTP.au3

YMSGLib_Examples.zip still contains all of the current examples.

Edit:I may move the INI to it's own ZIP if this isn't against any rules (INI's can't be uploaded) so that I don't have to delete YMSGLib to upload a new INI.

Edit: Why are INI's a disallowed filetype for direct upload? They're text!

@JackyChan - see if this update fixes your problems.

If it doesn't fix a problem, post what the problem is, or what warnings/errors are seen in the SciTE console.

Edited May 23, 2009 by crashdemons

[JackyChan]

When i logged in. My nick current is invisible.

How to set my nick Available, Invisible, Busy, On the phone or set status ...

[crashdemons]

That capability has not yet been added to the example client, it was not a high priority.

- I do, however, know what needs to be sent and I can add it.

The client was not originally meant to be a full chat client anyway, just proof that yahoo chat can be used in AutoIt.

I wanted originally to create these examples as a starting place - something to show that this could be built off of...

Edited May 24, 2009 by crashdemons

[crashdemons]

Update: YMSGLib 2.4c

Added Packet Functions:

_YMSG_Client_Visible
_YMSG_Client_Away

Added standard-format in-code documentation of all functions and parameters (that was alot of typing )

- return values are not yet documented (not enough time was available)

The chat client has not yet been updated to support the capability of the two new functions added, either.

On a different note, I moved around the downloads so that the different main parts could be updated separately.

EDIT: Documentation has been added for all function return values in YMSGLib.au3 (via comments)

Edited May 25, 2009 by crashdemons

[crashdemons]

Updated the chat client example.

It should (hopefully) change to all of the different Away-States (including Invisible) via changing the ComboBox on the Pager/Buddylist window.

And yes, I know the buddylist sucks - In the future I plan to swap it out with something decent that supports the buddylist hierarchy better - like a treeview. (if that fits for this purpose)

Edit: Yes, I forgot to extend the buddylist window by 20px, minor issue since nothing really noticable is cut off.

Will fix it with the next update.

Edited May 27, 2009 by crashdemons

[crashdemons]

Fixed some things in the examples:

fixed invisible scanner - 'Check' button was sometimes enabled before you logged in

fixed chat client - Buddylist height corrected

fixed chat client - AwayStates from buddies not always originally displayed

fixed chat client - Cleaned up duplicate AwayStates (same sender, 0x00C6 only)

[huyd]

hi,

can you make packet upload avatar to filetransfer.msg.yahoo.com:80 ?

thanks, i like YMSGlib

[crashdemons]

If I recall, the avatar upload requires an HTTP Post request - at least if there is no new upload alternative inside YMSG16..

So, I will likely have to write a new function to upload it - but I need to research it further.

Any information you have about the avatar upload process would be welcome.

I'll see if it can feasibly supported - but it is, of course, not necessarily a top priority if something else comes up.

Edited May 29, 2009 by crashdemons