Yahoo Messenger VoIP Service with SIP Phone

I was looking at Linksys’s CIT310 phone with yahoo messenger support and wondering if it was possible to use normal SIP phone or ATA with Yahoo Messenger.  Since it is well known that Yahoo Messenger VoIP service is based on SIP; my guess was that it should not be very difficult and at the same time I did not expected it to be straight.

To get more insight, I sniffed into Yahoo’s VoIP protocol. As I assumed, it is not straightforward to use normal SIP phone to connect to Yahoo’s SIP service. However, IMO it might not be very difficult if someone can spend time on it.  Here is some insight I gained from it.

  1. Yahoo uses standard SIP call procedure with authentication (both for REGISTER and INVITE).
  2. Yahoo uses SIP over TCP/SSL. Hence, one needs SIP client that supports TCP/SSL in order to connect to Yahoo’s VoIP service. Most SIP client use UDP.
  3. Yahoo uses SIP digest authentication.  Yahoo might be using secret key in creating response hash that might make it difficult to use with other SIP clients.
  4. Yahoo sends Y-cookie header in second REGISTER request (post challenge).  While it is not difficult to get this information, it requires that the SIP client integrates with YMSG protocol (say by using libyahoo2).  This information can be obtained by registering with yahoo messenger service (not the VoIP service) using Yahoo’s YMSG protocol. Yahoo sends this information in Cookie (and YMSGRCookie) header after successful authentication (see headers below).
  5. Yahoo uses few more proprietary but simple to implement headers.
  6. Yahoo uses standard codecs  -  ISAC, Speex, G.711 and iLBC

Below is sniffer dump of REGISTER and one of the YMSG messages, both are self-explanatory (compare fields in bold).

Overall, it does not appear to be difficult. I will be very interested if someone tried to integrate SIP phone with Yahoo messenger.  One known implementation (?) appears to be GTalk2VOIP though it is my guess only.

REGISTER sip:68.142.233.149:443;transport=tcp SIP/2.0
From: <sip:ymotiwala@68.142.233.149:443>;tag=6ffbaf8-0-13b4-839-15f223f-839
To: <sip:ymotiwala@68.142.233.149:443>
Call-ID: 1462cd0-0-13b4-839-13f9d91-839
CSeq: 2 REGISTER
Y-User-Agent: intl=us; os-version=w-2-5-1; internet-connection=lan; cpu-speed=2309; pstn-call-enable=true;
ip-call-enable=true
Y-Cookie: Y=v=1&n=8j74ajq3il4cc&l=ocecom0b0/o&p=m27ccinb130d0476&jb=21|36|3&ig=0oidr&
iz=560038&r=2b&
lg=en-IN&intl=in&np=1;
path=/; domain=.yahoo.com;
T=z=NMyzGBNSHwGBjy4Ce8uwFBPMjU7DjZOTjVPNxQyAg–
&a=QAE&sk=DAANt4m2hzHdV4&d=y2wDTlRJeUFURTVPVEk1TURNMU1RLS0BYQFRQUUB
aWcBVnBXQUFBAX
p6AU5NeXhHQmdXQQF0aXABN3dsb1BC;
path=/; domain=.yahoo.com;  AT=2; CRUMB=ybvFM63H0D2e4mFTqAKf7Q
User-Agent: Yahoo Voice,1.7
Max-Forwards: 70
Supported: timer
Via: SIP/2.0/TCP 192.168.0.111:5051;branch=z9hG4bK-82b-1fe668-7091e09b
Contact: <sip:ymotiwala@127.0.0.1:5051;transport=tcp>;q=0.5
Expires: 3600
Authorization: Digest username=”ymotiwala”,realm=”sip.yahoo.com”,nonce=”noIJGOid957iYjfL7YuLXY5tVSxb”,
uri=”sip:68.142.233.149:443;transport=tcp”,response=”73ad73bf23b3c8e9bb198e2x20230e37″,
algorithm=MD5

Content-Length: 0


GET /external/client_ad.php?p=409640 HTTP/1.1

Accept: */*
Accept-Language: en-us
YMSGRCookie: T=z=NMyzGBNSHwGBjy4Ce8uwFBPMjU7DjZOTjVPNxQyAg–&a=QAE&sk=DAANt4m2hzHdV4&d=y2wDTlRJeUFURTVPVEk1TURNMU1RLS0BYQFRQUUB
aWcBVnBXQUFBAX
p6AU5NeXhHQmdXQQF0aXABN3dsb1BC;
path=/; domain=.yahoo.com;
Y=v=1&n=8j74ajq3il4cc&l=ocej8m0b0/o&p=m27vvinb13020200&jb=21|36|3&ig=0oidr&iz=560038&r=2b
&lg=en-IN

&intl=in&np=1; path=/; domain=.yahoo.com
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; InfoPath.2)
Host: messenger.yahoo.com
Connection: Keep-Alive
Cookie: B=1si4vj53bpic3&b=3&s=ge; Q=q1=AACAAAAAAAAAAA–&q2=RsJ3Tg–;
YLS=v=1&p=0&n=0;F=a=MCGEA6IMvT6BeQWrG25smhBMqu_8IqqZtpGTV4l7R7.qRrOCFtetYlckFUI29hpec0St94
ZfolQCUnKjrZ0KJVtfOw–&b=bbOw; PH=fn=Qvp.9ON3a2SCqBM-&l=en-US; C=mg=1;
I=ir=i5&in=53fab5cc&i1=AAATAEA2EIERETFxF5F8GAGLJ8MiQBmToypEtQ3T5BCqAJ5u516S6o6q6x7G7z8D;
Y=v=1&n=8j74ajq3il4cc&l=ocecom0b0/o&p=m27ccinb130d0476&jb=21|36|3&ig=0oidr
&iz=560038&r=2b&
lg=en-IN&intl=in&np=1;

msgrY=v=1&n=8j74ajq3il4cc&l=ocej8m0b0/o&p=m27vvinb13020200&jb=21|36|3&ig=0oidr&iz=560038&r=2b&
lg=en-IN&intl=in&np=1;
T=z=NMyzGBNSHwGBjy4Ce8uwFBPMjU7DjZOTjVPNxQyAg–
&a=QAE&sk=DAANt4m2hzHdV4&d=y2wDTlRJeUFURTVPVEk1TURNMU1RLS0BYQFRQUUB
aWcBVnBXQUFBAXp6AU5NeXhHQmdXQQF0aXABN3dsb1BC;

Write to me if you are interested in obtaining sniffer dump of entire call flow though you can dump it yourself using a sniffer.

23 Comments

gtalk2voipAugust 19th, 2007 at 3:11 am

Yahoo’s SIP uses a modified digest algorithm which depends on some more stuff you could not catch by sniffing IP traffic. So, don’t expect it to be a cake ;)

Regards,
Ruslan.

Erik ScheelkeAugust 21st, 2007 at 4:09 pm

Thanks for posting this info. I am trying to connect some SIP software I have to Yahoo voice and this is helpful. I would like to get the dumps for analysis. I would be happy to share any info I find with you. Thanks
-Erik

GilOctober 11th, 2007 at 4:44 am

any luck getting this process to work ?

mundiNovember 6th, 2007 at 11:39 am

its just so frustrating, that there is no opensource implementation for Y! SIP, can the hash be decrypted? even as ruslan said its a modified algo? i would have stick gtalk2voip to talk to yahoo, but then most of my family thinks its a spam bot so they are not keen on using the service. i hope the open community realizes that somehow there is a need to unravel Y! sip.

Yusuf MotiwalaNovember 6th, 2007 at 11:45 am

Its not hard but tricky – if you know how to do it even without getting into algorithm :). Hopefully some solution soon!

GilNovember 7th, 2007 at 8:43 am

do you mean that the algorithm is the same as standard digest, only the parameters are changed ?

KevinNovember 7th, 2007 at 2:14 pm

What do you mean by “even without getting into algorithm” ?

mundiNovember 8th, 2007 at 1:10 am

so i guess, it will just be using jtr to decrypt the secret key? heheh, if i may bash a little, why did ruslan the gtalk2voip owner , even bothered to post here, if he’s not gonna reveal how did he and his team did it.

i hope you can find time, to digg a little more into this, as i understand you’ve been an open source developer in the past. :)

Yusuf MotiwalaNovember 8th, 2007 at 1:26 am

Certainly :)

jaredDecember 22nd, 2007 at 12:31 am

any new hints on this? hope you’re still looking for a solution or work around for yahoo sip to work.

DaVinC CoderFebruary 7th, 2008 at 1:32 pm

does that auth system depends on new ymsg15 authentication algorithm??? … if so ..”its a cake”

DaVinC CoderFebruary 7th, 2008 at 1:35 pm

1 more thing …. that text in bold…it ant the authentication for sip…its yahoo client cookie…the real auth for sip is here

” Authorization: Digest username=”ymotiwala”,realm=”sip.yahoo.com”,nonce=”noIJGOid957iYjfL7YuLXY5tVSxb”,
uri=”sip:68.142.233.149:443;transport=tcp”,response=”73ad73bf23b3c8e9bb198e2×20230e37″,
algorithm=MD5″

to get “response” yahoo uses modified version of sip authentication…

pycMarch 22nd, 2008 at 5:38 pm

anybody notice that the “nonce” had an unusual structure?

sathiyamoorthy.nJune 14th, 2008 at 10:45 am

Hi
Can Sip phones register with this?

mxOctober 7th, 2008 at 3:26 am

I studied on ymsg voice chat. UDP packets doesn’t seem like RTP packet structure. I think yahoo uses different structure. Does anyone know about this?

loellOctober 20th, 2008 at 2:50 am

yahoo uses two types of voice communications, the voice chat (room voice chat)which isn’t rtp , and the SIP pc to pc call, which could be the one using the RTP.

janiNovember 16th, 2008 at 4:07 pm

You mention standard audio codecs only, but yahoo on windows also uses the TrueSpeech voice codec. Do you know which is used in which cases?

loellNovember 21st, 2008 at 8:14 am

yahoo uses TrueSpeech codecs only in room voice chat, AFAIK

annuJanuary 22nd, 2009 at 1:29 am

Hi,

Is there any other gateway other than gtalk2voip which connects between SIP phone and yahoo?? please reply . I have some probel in connection using gtalk2voip.

ZOWAJuly 6th, 2009 at 5:41 am

Hi,
annu u got any gateway other than Gtalk2voip ? ??
caz i m looking too, Gtalk2voip mostly serviecs Paid:( even sip frwd

Meftah TayebSeptember 25th, 2009 at 5:31 pm

gtalk2voip is a bot
gtalk2voip need monay
we need to implement a SIP2Yahoo Gateway;)
freeswitch can do that i think, mod_yahoo is in developmant and mod_msn awel

SannyaApril 13th, 2010 at 3:35 am

Thank your for the helpful post :)

I was wondering if I can contact you to ask more about how Yahoo handle VoIP? I’m on a project that aim to implement Yahoo protocol into another SIP-using program, so that the program can make a call to Yahoo Voice.

thomasSeptember 12th, 2011 at 4:29 am

was this ever solved so some yahoo mesenger for linux can do pm voice and also was it ever solved so the new yahoo audio video chat will work on linux

Leave a comment

Your comment