Hell Oh Entropy!

I finally finished writing a working implementation of the YMSG16 authentication as described in this article. The authentication seems to be working quite well, but nothing else does. The server still does not respond to the older binary type messages. So the next thing I tried was to wireshark the windows based yahoo messenger ( my employer provided the windows box for me :D ) and I found out two things:

• The Authentication probably is what is described in the carbonize site, but there looks to be a different way to get the initial challenge string
• All messages go to and from one server in the form of HTTP POST and responses

There some more cookies involved as well, which is what Adrian was probably talking about in the comment to my previous post. Thankfully, since ayttm is on YMSG12, we are still online unlike pidgin, so no need to rush in a fix for this just yet. That said, the popup says I have until August 15th till YMSG12 dies too. I need to see how pidgin has fixed this. Maybe the fix is much simpler than revamping everything to do what the windows YMSGR is doing.

Update: I was wrong. I sent the wrong message to the server after authentication — forgot to add the challenge digest, which is why it barfed on me. Work is on now for stuff after the auth :)