Home › Forums › Archives › Instant Messaging › Yahoo! Messenger Support › Scanning other user’s buddy lists for your Yahoo! IDs
- This topic has 7 replies, 7 voices, and was last updated 16 years, 2 months ago by mikeolso.
-
AuthorPosts
-
February 26, 2006 at 10:02 pm #21867Torseq Tech.Member
Torseq Technologies (which consists of only myself and my associate) have recently discovered something “useful” that the Big Blue Ball community and legit 3rd party Yahoo! developers could benefit from. A way to scan any user’s buddy list for any of your Yahoo! IDs presence is now not only possible but easily achieved.
Last year I found a way to do this but not nearly as convenient as this method of doing it is. What is NOT used in the following example is a guide to scanning other user’s lists for other user’s IDs, that would be a privacy breach and that isn’t what this is about (from my testing this doesn’t even seem possible with this given method).
What this IS about is a way to identify whether or not any of your IDs are on other user’s buddy lists. The target user can be any user, just as long as the user ID does exist. The target user is also required to be on YMSG protocol at the time you choose to scan them. Nothing more is required. Even if the target user is “cloaking”, where their alias is inactive, or even if they’re invisible this scan will NOT fail.
How to scan other user’s buddy lists for the existence of your Yahoo! IDs:
The first requirement is sending out a P2P packet of type 0x00 0x4F. The P2P scan packet found in the Buddy Spy program will work to fully meet this requirement.
The next requirement is signing into YMSG with the ID that you will be using to check other user’s buddy lists with. You will need to be signed into the ID that you suspect will be on the target’s list. If you have mutliple aliases attached to your main account scanning with each of these will all have different outcomes depending on whether or not the target in question has those names on his/her list. You CAN, if you like, scan one of the user’s aliases and this will report back to you whether or not you’re on their list. You don’t need to know the target’s main ID, any of their aliases (if they’ve got any created) will do.
How it works:
If the target ID’s list has you or any of your names that you’re scanning from on their buddy list you will receive a unique response that will identify that you’re present on there.
The typical ‘chatter’ response (‘chatter’ meaning they don’t have you on their buddy list from the name you’re scanning from) when the user is NOT on YMSG will look like this:
Header portion we’re concerned with = 0x00 0x4F 0x00 0x00 0x00 0x02
Payload = 5 Your ID 4 Target ID 4 Your ID 1 Your ID 4 Your ID 12 Anything Random Here 610213749PEERTOPEER1009341401
The packet type 0x00 0x4F is echoed back to you where the 16th status field byte in the header from the reply is 0x02 indicating that the user is not on YMSG protocol.
This will be the same response you’ll get when a person that has you on their list is not on YMSG protocol at the time you scanned them.
What WILL be different is the online YMSG responses that you will get. Here is the response you will get when scanning a user that doesn’t have you on their list (from the name you’re scanning from at least):
Header portion we’re concerned with = 0x00 0x4F 0xFF 0xFF 0xFF 0xFF
Payload = 16À€ Target’s ID À€
Again the packet type 0x00 0x4F is sent back to us only this time with the status bytes equal to all 0xFF’s.
When a user that DOES have you on their list is scanned from the name that exists on there, you will see a YMSG online response equal to this:
Header portion we’re concerned with = 0x00 0x4F 0x00 0x00 0x00 0x0B
Payload = 5À€ Your ID À€4À€ Target’s ID À€11À€ Random Number À€À€
The return is of course the packet type, 0x00 0x4F, only this time with the last status byte equal to 0x0B indicating that the user has the name you’ve scanned them from on their list. The entire return packet’s payload is also completely different than the online response you’d normally get from scanning your average chatter.
Legitimate uses for such a discovery:
The ability to scan any user’s buddy list for your names provided that they’re signed into YMSG protocol. This will come in handy for knowing who has you on their lists and which names of yours they’ve got on there (if you use many). This is also a perfect companion to “Deny-A-Buddy” for the reason described above.
*Important Notes: If scanning people’s lists that have your ‘scanning name’ on there they’ll be able to actually detect your P2P buddy list scan packet. This is also true of Buddy Spy but ONLY if you were P2P scanning from a name that is on the target’s buddy list (nobody does this usually). Detecting when your own buddies are P2P scanning you is also possible but again only if they’re scanning you from the exact name(s) that you have on your list which is almost never done, P2P scanning is usually performed from a ‘bot’ name or a name that isn’t typically used much.
A program that we’ve been working on since last year will have buddy P2P scanning detection available, along with the ability to scan any user on any protocol (except for YMSG/HTTP). Scanning user’s lists for your names has also been incorporated with the ability to deny-a-buddy them if you don’t approve of them having you on their list. These last two features of our program, which is due out soon, are easily the most trivial features that it has to offer to our customers. A free version of this program will also be made available after the commercial version is released as a beta 1.
February 28, 2006 at 3:24 am #138911weedqMembergreat work i got this working already. its about time something like this was found and shared. keep up the good work bro!!!
July 5, 2008 at 4:58 pm #138912ericf1945MemberLooks great, but what program do u use to accomplish this?
July 6, 2008 at 7:42 pm #138909imported_Ven0mMemberDon’t believe it’s possible anymore. By now, Yahoo must of patched it.
July 10, 2008 at 4:41 am #138908birdmanMemberThis scanning method is still working as of now.
July 10, 2008 at 6:56 pm #138907Jeff HesterKeymaster@ericf1945 231249 wrote:
Looks great, but what program do u use to accomplish this?
Do any one / AUTHOR knows what program to use ? If yes, then can you please share it with us :-S
July 11, 2008 at 7:00 pm #138910imported_Ven0mMemberProbably not. Adam above (Torseq Tech, he’s one of the developers of YTK Pro and Lite, VC Sync, etc.) found it.
If it really does still work, it should be used.
July 18, 2008 at 9:21 am #138913mikeolsoMemberimpossible
-
AuthorPosts
- You must be logged in to reply to this topic.