YMArchive decoder
  
 

About

Yahoo! Messenger can store all the conversations on the local computer. This feature is called archive. The conversations are stored encrypted using an undocumented but weak method. The encryption is performed XOR-ing the plain messages using the current user name (Yahoo! ID) as key. If you know the key (user name) that was used for encryption, you can easily decrypt the archive. The file structure of the Yahoo! Messenger archive is presented in the following:

ym archive file structure

The archive directory in windows can be found in C:\Program Files\Yahoo!\Messenger\Profiles\<user>\Archive\ directory for Windows Yahoo Messenger version 7.0. Every directory below Messages contains the conversations with the user who's name is the same as the directory name. These directories contains the conversations grouped by date - all conversations in a day are saved in the same file. The archive filename respects the following naming convention: <date>-<user>.dat. The date is of the form yyyymmdd and the user is the Yahoo! ID (the key used for decryption).

Why is this application useful if you can read the archive using the Yahoo! Messenger? There is a missing feature in Yahoo Messenger archive that can be bypassed using this application! This feature is the search! You can decrypt all the conversations in which you want to search and then you can search in the resulting plain text file!

Using

You can use YMArchive for decrypting: a whole archive of conversations, an archive of conversations with a specified user, an archive of conversations for a day.

Example of decrypting a whole archive of messages:

$ymarchive --action=all --input="C:\Program Files\Yahoo!\Messenger\Profiles\bula\Archive\Messages" --output="C:\temp"

Example of decrypting an archive of messages exchanged with a specified user (all the conversations with that user):

$ymarchive --action=dir --input="C:\Program Files\Yahoo!\Messenger\Profiles\bula\Archive\Messages\gogu" --output="C:\temp"

Example of decrypting an archive of messages stored in a file:

$ymarchive --action=file --input="C:\Program Files\Yahoo!\Messenger\Profiles\bula\Archive\Messages\gogu\20050702-bula.dat" --output="C:\temp\20050702-bula.txt"

If the application crashes, it creates a dump file in the current directory named ymarchive.dmp. Please send me this dump file in order to help the debugging of the problem.

Download

YMArchive is distributed under the GNU General Public License.

You can download the windows binaries or the sources. Also exists a bundle containing sources and binaries for YMArchive.

Happy decrypting and searching!

Disclaimer

Remember that this software is distributed as is and there is no responsibility of the author about any material or moral damage that it may cause.

Those who are willing to sacrifice essential liberties for a little order, will lose both and deserve neither.Benjamin Franklin