shinkaiho

December 2, 2007

yahoo! messenger archive format

Filed under: yahoo — admin @ 11:56 am
Online Aldactone Where To Get Prevacid Faq Where To Get Plavix Swaziland Order Hoodia Columbia Price For Elimite Spain Generic Clomid Helena Buying Zyban Herbal Zyban High Doses Price For Norvasc Dosing Generic Plavix Horny Goat Weed Discount Female Viagra Faq Zelnorm Pharmacy Toprol XL Forum Herbal Aldactone Effects Where To Get Acomplia Review Discount Diflucan Mexico Where To Get Levitra Weight Sale Prednisone Aldactone With MasterCard Discount Cipro Drug Information Cytotec Prescription Discount Acomplia India Buying Cipro Tramadol Dosage Where Order Nizoral Proper Dosage Where Order Avapro High Doses Discount Neurontin Get High Herbal Acomplia NoRX Price For Nexium Health Forum Where To Get Zelnorm Prescription Where Order Aricept Side Effects Where Order Plavix High Doses Where Order Avapro Dosing Purchase Ultram Where Order Clomid Canada Female Viagra Online Order Cipro Jackson Purchase Zyban Generic Antabuse Horny Goat Weed Price For Toprol XL France Cymbalta Online Price For Lipitor United Kingdom Purchase Penisole BatonRouge Lipitor RX Hoodia Comparison Natural Nexium France Natural Clomid Mail Purchase Female Viagra SantaFe Price For Nexium United Kingdom Seroquel Faq

———————————————-
yahoo messenger archive format
by: shinkaiho 8/06/2007 (no confrence support)
used: hex workshop v3.11 & archive logs
———————————————-
dword - timestamp
word - message or confrence (6 message)
word - padding
word - you or friend (0 = you 1 = friend)
word - padding
word - size of message
word padding
message - use ^ (xor) to decrypt the message… the key is the owner of the archives username
dword padding
repeat for each message
————-
c++ structure
————-
struct message
{
DWORD timestamp;
WORD type;
WORD pad1;
WORD who; //0 you 1 friend
WORD pad2;
WORD size;
WORD pad3;
};
———————————-
junk used to figure the format out
———————————-
04 5B 11 1E 43 1C 1C 17
f u c k

Bruce (8/6/2007 11:41:06 AM): fuck you

b.ruces

b ^ 4
r ^ 5b
f
1241B746060000000000000008000000045B111E431C1C1700000000
Bruce (8/6/2007 11:41:06 AM): fuck you

1 Comment »

No comments yet.

RSS feed for comments on this post. TrackBack URL

Leave a comment

You must be logged in to post a comment.

Powered by WordPress