Yahoo! Messenger(tm) Encryption algorithm

PHP Example :

<?php /* * $Id: yahoo.crypt.php,v 6.00 2003/05/07 4:45:00 Daeken Exp $ * * Copyright (C) 2003 by Cody Brocious (daeken_9999 AT yahoo DOT com) * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public * License as published by the Free Software Foundation; either * version 2 of the License, or (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the * Free Software Foundation, Inc., * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA * */ function md5_raw($str) { $md5 = md5($str); $ctx = ''; for ($i = 0; $i < 32; $i += 2) { $ctx .= chr(hexdec($md5{$i} . $md5{$i + 1})); } return $ctx; } function yahoo_login($username, $password, $seed) { $sv = $seed[15]; $sv = ord($sv) % 8; $sv = chr($sv); $ctx = ''; $ctx .= $password; $result = md5_raw($ctx); $password_hash = to_y64($result, 16); $ctx = ''; $crypt_result = crypt($password, '$1$_2S43d5f$'); $ctx .= $crypt_result; $result = md5_raw($ctx); $crypt_hash = to_y64($result, 16); switch (ord($sv)) { case 1: case 6: $checksum = $seed[ord($seed[9]) % 16]; $hash_string_p = substr(sprintf("%s%s%s%s", $checksum, $username, $seed, $password_hash), 0, (strlen($username) + 50)); $hash_string_c = substr(sprintf("%s%s%s%s", $checksum, $username, $seed, $crypt_hash), 0, (strlen($username) + 50)); break; case 2: case 7: $checksum = $seed[ord($seed[15]) % 16]; $hash_string_p = substr(sprintf("%s%s%s%s", $checksum, $seed, $password_hash, $username), 0, (strlen($username) + 50)); $hash_string_c = substr(sprintf("%s%s%s%s", $checksum, $seed, $crypt_hash, $username), 0, (strlen($username) + 50)); break; case 3: $checksum = $seed[ord($seed[1]) % 16]; $hash_string_p = substr(sprintf("%s%s%s%s", $checksum, $username, $password_hash, $seed), 0, (strlen($username) + 50)); $hash_string_c = substr(sprintf("%s%s%s%s", $checksum, $username, $crypt_hash, $seed), 0, (strlen($username) + 50)); break; case 4: $checksum = $seed[ord($seed[3]) % 16]; $hash_string_p = substr(sprintf("%s%s%s%s", $checksum, $password_hash, $seed, $username), 0, (strlen($username) + 50)); $hash_string_c = substr(sprintf("%s%s%s%s", $checksum, $crypt_hash, $seed, $username), 0, (strlen($username) + 50)); break; case 0: case 5: $checksum = $seed[ord($seed[7]) % 16]; $hash_string_p = substr(sprintf("%s%s%s%s", $checksum, $password_hash, $username, $seed), 0, (strlen($username) + 50)); $hash_string_c = substr(sprintf("%s%s%s%s", $checksum, $crypt_hash, $username, $seed), 0, (strlen($username) + 50)); break; } $ctx = ''; $ctx .= $hash_string_p; $result = md5_raw($ctx); $result6 = to_y64($result, 16); $ctx = ''; $ctx .= $hash_string_c; $result = md5_raw($ctx); $result96 = to_y64($result, 16); return array($result6, $result96); } function to_y64($str, $length) { $string = base64_encode(substr($str, 0, $length)); $string = str_replace('+', '.', $string); $string = str_replace('/', '_', $string); $string = str_replace('=', '-', $string); return $string; } function from_y64($string) { $string = str_replace('-', '=', $string); $string = str_replace('_', '\', $string); $string = str_replace('.', '+', $string); $string = base64_decode($string); return $string; } ?>