Hi,
What do you think we're trying to do? The official yahoo client uses an MD5 Challenge/Response pair that is near impossible to crack.
I don't know anything about the Yahoo protocol etc. But speaking from a purely cryptographic stand point, this protocol necessarily has to be crackable. In the absence of an external key (i.e. one entered by the user) there is no way to prevent one program from imitating another.
However, it can be immune to a passive attack, i.e. simply listening to communications go back and forth. To break it one would need to reverse-engineer the Yahoo program.
If you can, please help.
If it is legal to do it, I can try to disassemble and reverse-engineer the Yahoo protocol.
Get a packet sniffer (I think you already have one),
tcpdump?
and start working on the authentication part. Look for tcp connects on port 5050 from your machine with the PUSH flag set to 1.
Regards, Vinay vinay@vinaypai.com