•  20-09-2019
  •  | 
  •  

Question

Some friends with the help of various sites check and know when i'm invisible on yahoo messenger and keep bragging about this.

Being curious about this I've tested lots of sites that check if a user is invisible on yahoo messenger and all of them sent me a C1 packet type.
From what i've tested I'm(my ymsgr client) not sending anything back. So i only receive 1 packet from the bot that performs the check and that's it, they know if i'm invisible or not.

Next i thought that if i'm not sending anything back then maybe the yahoo server sends something back to i tested on a friend of mine and i sent him a c1 packet but i did not received anything back from nobody (neither the server neither my friend).
So how do they do that? I'm just looking for some hints, not expecting for code or someone else to solve it for me. I just like the thrill in learning and discovering by myself just that now i'm stuck with no idea :)

Thanks.

Was it helpful?

Solution

This is a new answer because it's too long to be a comment.

I looked around a bit and it would seem that the older versions of yahoo had a deal where if you were invisible and someone tried to start a voice chat with you, it would give you away. The ping packet could be trying that.

One thing I noticed on gtalk was that often a user appears online even after they have disconnected until someone sends them a ping packet. Also, if you are invisible and then you come back, the length of time that you've been online gives away the fact that you were invisible.

Could it be, then, that when you are pinged, your status, online time, etc all update on the yahoo server if you are online and what these services are doing then are checking to see if yahoo takes any action? I would presume that all yahoo is doing is not broadcasting your info if you're online, but you can still see that the server does something.

Instead of monitoring for an incoming/outgoing packet, why don't you check your registry on the yahoo server? I believe there's a url for that.

hope this helps,

Mechko

OTHER TIPS

When you are invisible, basically you are online, but simply their server do not broadcast your real status (online), but a fake one (offline).

Yahoo is not fully able to "hide" your real status, but it has some "holes" in how aggressively tries: see here for details.

Actually there are lot of websites and possible spyware that make it even easier for an end-user to check.

Is it possible that sending such a packet to someone who's not online results in an error? In that case, sending the packet and not getting an error means that that person is online.

From what you are saying, I'd suggest that the bot actually checks somewhere else (if it is true that there are no packets sent at all)

Could it be that there is an online registry of users who are online and the packet that you are sent is just an artifact?

I hadn't used Yahoo Messenger is a long time, but something you said made me wonder. You said these testing websites sent you a C1 packet. I'm wondering if it is as simple a firewall rules to block all but the Yahoo servers. I don't know if chat/voice/file transfers are done P2P, if so you would have to update your firewall rules.

Back in the day I used to use my firewall to block the ad banners on the IM clients because they were served on a different URL and failure to connect to the ad server didn't disconnect my IM channel.

Maybe you can have the firewall ask for each connection and see how few connections you need in order to have the messenger work. Then have the firewall drop unsolicited packets. If that doesn't work, you can use the firewall to block the checking sites.

Good luck.

Here are some of the methods you can use to detect if a user is invisible or really offline (some of these depend on earlier versions of the messenger application):

  1. Start a voice chat with the user you want to check. If you get an error, the user if really offline.

  2. Send a message to the user, then change the IMEnviorment. If you see a message saying “waiting for your friend to load the theme”, then the user if really offline.

  3. Download (and pay for, unfortunately) Buddy Check.

  4. Navigate to this URL in your browser: http://opi.yahoo.com/online?m=g&t=2&u=userid (change userid to the user you are testing). (This did not work for me).

There are websites that let you can check the status online, but there is no guarantee they'll work (they're only doing what I am showing you above). Basically, you can use these VIA screen scraping. Here are some of the sites:

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top