On Thu, 11 Apr 2002, Amish Mehta wrote:

Ok. I will try. I have done some work in past on MD5 authentication algorithm used by Outlook Express for Hotmail. Where do I find your archives?, I mean can you give me start page for Linux India Help as I am not a member of that list.

thanks. I could use all the help i can get.

http://sf.net/projects/linux-india/ look at the mailing lists.

Here's something to start with anyway.

To connect:

1. Client sends packet to server with username Server responds with a MD5 hash

2. Client sends second packet to server with two MD5 hashes Server responds with three packets 1st with the cookies 2nd with identities and buddy list 3rd with a system message (advertisment)

3. Client makes http call to yab (to get contact details). This is optional.

4. Conversations proceed normally.

Step 2 is where I need help. It's obvious that one of the hashes is the encrypted password (or something derived from it). The other may be the username again. Basically, the password has to come in there somewhere, and the initial MD5 hash is used somehow.

Your mission, should you choose to accept it, is to crack the encryption. Should you or any member of your team be caught, the secretary will disavow any knowledge of your existence.

Someplace you can start:

yahoo messenger makes several calls (several hundred calls actually) to MD5_Update. If you can intercept these calls, and find out what goes in and what comes out, it might help.

Two ways to do that:

1. Write a wrapper for libcrypto that sits in its place, and forwards all calls to all functions, but logs calls to MD5_*

2. Get the sources for libcrypto, recompile with debugging information enabled, and use gdb to figure out what goes into and out of MD5_Update.

If you succeed, you could become very famous. :)

Best of luck,

Philip

PS: You may want to join the libyahoo mailing list, as there are some others also working on this problem.