MySpaceIM
NOTE: The MySpace IM network has been shut down.
Introduction
This document is a reverse-engineered protocol specification for MySpaceIM. The first version of this document was created for build 673, but as of 2007-06-02 it refers to build 697 or newer.
This page is a known to be incomplete. It was originally started started by User:jeff, residing at http://developer.pidgin.im/wiki/MsimProtocolSpec . An older HTML version of this document is available.
Some text in italics refers to msimprpl, the MySpaceIM protocol plugin for libpurple.
Contributions to this document are welcome!
Servers
msim_login
Connect to im.myspace.akadns.net, which will point you to one of several MSIM servers (currently 204.16.33.139-195).
69 - 74 connection attempts are allowed (usually 69) until the server will block you out for a period of time.
All connections are made using TCP. The default port is 1863, but the client
will try to connect using ports 6660,6661,6662,6665,6668,6669,0080 and 0443 in
succession if 1863 fails. If successful, the port will be stored (the Win32
client uses HKCU\Software\MySpace\IM\LastConnectedPort in the registry) and
tried first for future connections.
User Identifications
Users are identified by several means:
- User ID (uid) - unique number; used extensively by protocol. User's web page at http://myspace.com/user_ID.
- Email address - used to sign in, and locate buddies.
- Username/IM Name - "Your unique name that can't be changed", shown on buddy lists, and for user's web page at http://myspace.com/username.
- Display Name - shown on your web page, can be changed and non-unique.
- First Name and Last Name - "private and used for search only".
Message Structure
MsimMessage
Tokens are separated by backslashes, which alternate as name, value, name, value, etc. For example, this message:
\k1\v1\k2\v2\xxx\yyy\final\
contains the following information:
| Key | Value |
|---|---|
| k1 | v1 |
| k2 | v2 |
| xxx | yyy |
The end of a message is marked with \final. Note that this marker is not a key/value pair.
Special characters are escaped with '/':
| Character | Escaped As |
|---|---|
| / | /1 |
| \ | /2 |
msim_escape, msim_unescape
The following data types can be defined:
| Type | Description |
|---|---|
| Integers | These are just stored as ASCII, decimal |
| Text | ASCII |
| Binary | Base64 encoded |
| Boolean | Presence of the key indicates 'true', absense 'false' |
| Dictionary | Multiple key=value's, separated by \x1c |
What I call here dictionaries (also known as associative arrays, hashes) are often present in a field named body. Keys inside a dictionary use CamelCase and boolean values are represented as a string, True or False, instead of the absence of presence of a key.
Escape codes in dictionaries:
| Character | Escaped As |
|---|---|
| ' or ` | ' |
| # | # |
| " | " |
Escape codes in '|' delimited lists:
| Character | Escaped As |
|---|---|
| / | /1 |
| \ | /2 |
Login Sequence
msim_login, msim_process, msim_login_challenge
Upon connection, server immediately sends a "login challenge" message to the client:
| Key | Type | Description |
|---|---|---|
| lc | integer | 1 |
| nc | binary | 0x40-byte nonce |
| id | integer | 1 |
Client sends login challenge response:
| Key | Type | Description |
|---|---|---|
| login2 | integer | 196610 |
| username | text | Email address to login using |
| response | binary | Challenge response, derived using algorithm described below |
| clientver | integer | 673, corresponds to 1.0.673.0 in "About" dialog (679, etc.) |
| reconn | integer | 0 |
| status | integer | 100 |
| id | integer | 1 |
Server replies with:
| Key | Type | Description |
|---|---|---|
| lc | integer | 2 |
| sesskey | integer | Session key |
| proof | Same as userid? Sometimes differs. | |
| userid | Numeric userid | |
| profileid | Same as userid? | |
| uniquenick | Username | |
| id | integer | 1 |
The session key is sent by the client in almost every future message.
Errors:
| Code | Message | Type |
|---|---|---|
| 259 | The supplied email address is invalid. | Fatal |
| 260 | The password provided is incorrect. | Fatal |
Code 260 is no longer used if trying to login with an invalid email address, circa client build 404. Instead, invalid email and invalid passwords both return code 260. See MySpaceIM Info Disclosure: Silently Fixed
Challenge/Response Login Algorithm
msim_login_challenge
response is computed from:
- First 0x20 bytes of nc field -- nc1
- Last 0x20 bytes of nc field -- nc2
- User's password, in UTF-16 little endian (only the first 10 characters, in lower case)
- User's ASCII email address
Compute SHA1(SHA1(password) + nc2). This will result in 0x14 bytes. Using the first 0x10 bytes (128 bits) as an RC4 key, encrypt the following concenated together:
- nc1
- User's ASCII email address
- Four zero bytes: 00 00 00 00
- 1 byte = number of network interfaces on this machine
- IPv4 address of interface used to connect to server in network order. Example: \x7f \x00 \x00 \x01 (for 127.0.0.1)
- IPv4 addresses of host's network interfaces in network order. Example: \x0a \x00 \x00 \x40 (for 10.0.0.64), \xc0 \xa8 \x58 \x01 (for 192.168.88.1), and so on.
The network interface addresses are obtained using the Win32 GetIpAddrTable API call. They should be the actual interface IPs on the system, even if they are RFC1918 private addresses. The server most likely uses these addresses to determine if a connection can be directly initiated to the host, or if it must pass through some kind of NAT device.
High-level summary:
response = RC4encrypt(key=hash(hash(pw) + nc2), data=nc1+username+IP_list)
Buddy Messages
msim_send_bm
Messages from client or server:
| Key | Type | Description |
|---|---|---|
| bm | integer | Message type. |
| sesskey | integer | Session key. |
| t | integer | Userid to send message to (outgoing messages only). |
| f | integer | Userid message came from (incoming messages only). |
| date | integer | For offline messages, timestamp of when message was sent, Unix time |
| cv | integer | Client version build number. |
| msg | text | Text of message. |
Known message types for bm:
| Value | Notes | msg |
|---|---|---|
| 1 | Instant message | See markup below. |
| 100 | Status message | List, see below. |
| 121 | Action Message | Zap or typing notification. |
| 122 | Media Message | Key/value pairs joined by ampersands, see below. |
| 124 | Profile Message | Contains age, song, gender, display name, headline, etc. |
| 126 | Status Mood Message | Contains Status mood information |
Servers appear to pass all buddy messages between clients, even if the type ('bm' field) is unrecognized. The Miranda IM plugin uses bm code 200 to "send miranda + plugin version information as is done with many other protocols".
Instant Messages
msim_incoming_im, msim_send_im
Message text is formatted using "tags", similar to HTML, and (aside from the escaped forward slashes) is valid XML. Tags and attribute names are single letters to save space. Attributes are either quoted with ' or backquote. For unknown reasons, the client uses ' but the server translates it to the backquote.
Tags end as in HTML: <tag>...</tag> (appears in protocol dumps as < /1tag>,
because / is encoded as /1).
Example:
<f f='Times' h='16'><c v='black'><b v='white'>hello</1b></1c></1f></1p>
Known tags:
<p>= paragraph<a>= anchor (link)- h = href
- This tag is self-closed, for example:
<a h='http://google.com' />displays http://google.com. It doesn't seem to be possible to change the text of the link.
<f>= font tag- f = font face (Arial, Arial Black, Comic Sans MS, Courier New, Tahoma, Times, Verdana, or another)
- h = font height, in pixels. For displays set to 96 DPI:
- 4pt = 5 (sizes must be between 4 and 72 points)
- 5pt = 7
- 6pt = 8
- 7pt = 9
- 8pt = 11
- 9pt = 12
- 10pt = 13
- 11pt = 15
- 12pt = 16
- 13pt = 17
- 14pt = 19
- 15pt = 20
- 16pt = 21
- 17pt = 23
- 18pt = 24
- 72pt = 96
- Note: 1 pt = 1/72 inch, and 1 inch = 96 pixels (at 96 dpi), so height = round((96/72.)*point_size).
- Note 2: At 120 DPI, 72pt is sent as h=120, and so on. Points are always 1/72 ", so the real formula is height = round((DPI/72.)*point_size). For more information on font sizes, see this Planet SoC blog post: Week 7 Updates: Notifications and Font Sizes
- s = bit field of text decoration; add/OR together:
- 1 = bold
- 2 = italic
- 4 = underline
<c>= text color tag- v = color (a name like "black", "white", or "rgb(253,0,0)", "rgba(253,0,0,100)" (alpha), or "transparent")
<b>= background color tag- v = color
<i>= image (emoticon/smiley)- n - name: bigsmile growl mad scared tongue devil happy messed sidefrown upset frazzled heart nerd sinister wink geek laugh oops smirk worried googles mohawk pirate straight kiss
Known character entities:
| Character | Entity |
|---|---|
| " | " |
| & | & |
| ' | ' |
| < | < |
| > | > |
Incoming Status Message
msim_status
Examples:
- |s|0|ss|Offline
- |s|1|ss|:-)|ls||ip|0|p|0
| Index | Type | Description |
|---|---|---|
| 0 | text | s |
| 1 | integer | 0 for offline (or hidden), 1 for online, 2 for idle, 5 for away |
| 2 | text | ss |
| 3 | text | Headline |
| 4 | text | ls |
| 5 | text | |
| 6 | integer | 0 |
| 7 | text | p |
| 8 | integer | 0 |
Action Message
msim_incoming_action, msim_send_typing
Zaps are, in order (0-9): zap whack torch smooch hug bslap goose hi-five punk'd raspberry. Zaps are sent with this msg:
- !!!ZAP_SEND!!!=RTE_BTN_ZAPS_n, where n is a 0-based index into zap array.
For typing notifications:
- %typing%
- %stoptyping%
Group Messages
Trac ticket: http://developer.pidgin.im/ticket/4691
Group messages seen coming from http://myspace.com/78744676 (or http://myspace.com/myspaceim), a chatroom added to the buddy list by default:
- GroupCount=25;
- Offline= (someone's user ID)
- MsimMarkup-formatted messages
- ContactType=2
These messages also had:
| Field | Type | Description |
|---|---|---|
| f | integer | Chatroom ID, for example 78744676 |
| cv | integer | Client version, build 1000 |
| gid | integer | Group ID? 23 |
| aid | integer | User ID of person talking in that chatroom, if applicable |
When a user talks in a chatroom, f is set to the user ID of a user representing the chatroom, and aid is set to the user ID of the user talking. Not sure how gid fits into this. You appear to get chatroom messages if the chatroom user is on your buddy list, even if you haven't joined the chatroom. (Note: need to figure out terminology here, I've been using chatroom but MySpaceIM uses the term 'group').
Media Messages
not implemented
bm of 121 is used to send media.
Seems to be sent when someone first messages you. Example transcript:
(05:31:51 PM) someone: cmdtype=1&reqid=856000425340460813&contenttype=1&
(05:32:01 PM) someone: Hello
(05:32:04 PM) me: hi there
(05:32:07 PM) someone: cmdtype=1&reqid=856000425340466400&contenttype=1&
(conversation continues)
Sending background picture:
cmdtype=3&reqid=15704865745410042&contenttype=1&
Picture (less than 600K) invitation request:
cmdtype=4&reqid=15704865745421128&contenttype=4&filename=Winter.jpg
If picture is not accepted, or offer canceled:
cmdtype=5&reqid=15704865745413631&contenttype=4&accept=no
cmdtype
| Code | Description |
|---|---|
| 1 | ??? Sent initially |
| 3 | Send background image |
| 4 | Picture invitation request |
| 5 | Accept/deny picture invitation request |
Profile Message
This message contains information on the buddy from their profile. Sometimes it is empty, sometimes it contains the following dictionary-encoded keys:
| Name | Type | Description |
|---|---|---|
| Age | integer | Age in years |
| AvatarURL | string | URL of avatar |
| BandName | string | |
| SongName | string | |
| ContactType | integer | 2 |
| DisplayName | string | |
| Gender | string | M or F |
| Headline | string | |
| ImageURL | string | URL of JPEG image on MySpace Content Distribution Network |
| IMName | string | Instant messaging name, blank if user doesn't have MySpaceIM |
| UserName | string | |
| RoomLastLogin | integer | |
| Location | string | city, state, country |
| ShowAvatar | boolean | True or False |
Example:
\bm\124\f\78744676\msg\Age=27AvatarUrl=BandName=cold war kidsContactType=2DisplayName=MySpaceIMGender=FHeadline=ImageURL=http:/1/1a895.ac- images.myspacecdn.com/101111/149/186/11111986894_m.jpgIMName=MySpaceIM Chat RoomLastLogin=128287884600000000Location=SANTA MONICA, California, USShowAvatar=FalseSongName=Hang Me Up To DryTotalFriends=119814UserName=myspaceim\final\
Set Status Messages
To change your own status:
| Key | Type | Description |
|---|---|---|
| status | integer | Status code. |
| sesskey | integer | Session key. |
| statstring | string | User-settable status message (for online or away). |
| locstring | string | Location string? Sometimes "userinfo;" |
Status codes:
| Code | Description |
|---|---|
| 0 | Hidden/offline |
| 1 | Online |
| 2 | Idle |
| 5 | Away |
Unknown codes (tested 3, 4, and 6) are recognized as offline by the official client.
Same code as in incoming status messages.
Keepalives
From server:
| Key | Type | Description |
|---|---|---|
| ka | boolean | Presence indicates this is a keepalive message. |
Sent every 3 minutes to keep connection alive.
Add Buddy
msim_add_buddy
| Key | Type | Description |
|---|---|---|
| addbuddy | boolean | Presence indicates to add buddy. |
| sesskey | integer | Session key. |
| newprofileid | integer | Userid to add. |
| reason | text | Empty |
The client also sends a persist message to update the buddy list. Example sequence (after looked up userid), adding uid 6221:
- \addbuddy\sesskey\420159774\newprofileid\6221\reason\final\ - add buddy
- \blocklist\sesskey\420159774\idlist\b-|6221|a+|6221\final - update blocklist
- \persist\1\sesskey\420159774\cmd\514\dsn\0\uid\180301984\lid\9\rid\31\body\ContactID=6221.GroupName=IM Friends.Position=1000.Visibility=1.NameSelect=0\final\ - update contact info
Errors:
| Code | Message | Type |
|---|---|---|
| 1539 | The profile requested is already a buddy. | Non-fatal |
Delete Buddy
msim_remove_buddy
| Key | Type | Description |
|---|---|---|
| delbuddy | boolean | Presence indicates to delete buddy. |
| sesskey | integer | Session key. |
| delprofileid | integer | Userid of buddy to delete. |
The client also sends a persist message and updates the block list when deleting a buddy. Example message sequence:
- \delbuddy\sesskey\97309878\delprofileid\175349942\final\ - delete buddy with numeric ID 175349942
- \persist\1\sesskey\97309878\cmd\515\dsn\0\uid\3656574\lid\8\rid\18\body\ContactID=175349942\final\ - delete from on-server buddy list?
- \blocklist\sesskey\97309878\idlist\a-|175349942|b-|175349942\final\ - update block list; remove user (-) from accept (a) and block (b) list?
Block List
msim_add_buddy updates the blocklist, not implemented: User-settable blocklists.
| Key | Type | Description |
|---|---|---|
| blocklist | boolean | Presence indicates to change block list. |
| sesskey | integer | Session key. |
| idlist | list | Encoded list of buddies to block/unblock, see below. |
idlist is constructed from one of the following format strings:
- a-|%lu|b-|%lu
- a-|%lu|b+|%lu - block userid %lu
- b-|%lu|a+|%lu - unblock userid %lu
where %lu is the userid. Current guess is that a is for accept list, b is for block list, - removes and + adds, but this has not been proven. Example idlist, when "Who can contact me: Anyone" and "Who can see when I'm online: Anyone" is set:
- w0|c0|a-||b-||b+|blockeduser1...
Removes all users from accept list and block list, then adds blockeduser1 (userid).
If "Who can contact me: Only people on my Contact List" and "Who can see when I'm online: Anyone", then idlist is:
- w0|c1|a-||a+|buddy1|buddy2|...|buddyN|b-|
where buddyN is the userid of each buddy on the contact list. |a-|| removes all users from the accept list, |a+|...| adds only buddies to accept list, |b-| removes all buddies from blocklist.
Opcodes:
- w# = Who can see when I'm online? 0=Anyone, 1=Only people on my contact list
- c# = Who can contact me? 0=Anyone, 1=Only people on my contact list
- a- = remove from accept list
- a+ = add to accept list
- b- = remove from block list
- b+ = add to block list
- * = all userids
Get Info
| Key | Type | Description |
|---|---|---|
| getinfo | boolean | Presence indicates that this is a get info request. |
| sesskey | integer | Session key. |
| uid | integer | Userid to look up. |
Examples:
\getinfo\\sesskey\53348262\uid\6221\final\
\getinfo\\sesskey\70517308\uid\180301984\final\
Specifics of this message's purpose are unknown.
See also the 1,0,2 persist message (they're often sent together).
Set Info
| Key | Type | Description |
|---|---|---|
| setinfo | boolean | Presence indicates that this is a get info request. |
| sesskey | integer | Session key. |
| info | dictionary | Packed dictionary of information to set. |
'info' dictionary has same fields as setinfo. Examples:
\setinfo\\sesskey\70517308\info\Age=20AvatarUrl=BandName=ContactType=1DisplayName=MySpaceIM Protocol Plugin for PidginGender=MImageURL=http:/1/1a513.ac-images.myspacecdn.com/1images01/118/1m_0ad6cfe1ae4b676622e98c6d4cb3cef0.pngLastLogin=128290072800000000Location=California, USShowAvatar=FalseSongName=TotalFriends=4UserName=msimprpl\final\
\setinfo\\sesskey\70517308\info\Age=20AvatarUrl=BandName=ContactType=1DisplayName=MySpaceIM Protocol Plugin for PidginGender=MImageURL=http:/1/1a513.ac-images.myspacecdn.com/1images01/118/1m_0ad6cfe1ae4b676622e98c6d4cb3cef0.pngLastLogin=128290072800000000Location=California, USShowAvatar=FalseSongName=TotalFriends=4UserName=msimprpl\final\
Web Challenge Request (webchlg)
| Key | Type | Description |
|---|---|---|
| webchlg | boolean | Presence indicates a web challenge request. |
| sesskey | integer | Session key. |
| n | integer | 0, unknown. |
See also 1,17,26 persistance request.
Persist Messages
msim_process_reply, msim_new_reply_callback
Persist messages allow the client to send or request information to or from the server. Thanks to Nathan Peterson for reversing the structure of these commands.
Client sends a persistance request:
| Key | Type | Description |
|---|---|---|
| persist | integer | 1 |
| sesskey | integer | Session key. |
| uid | integer | Your userid. |
| cmd | integer | Command type. |
| dsn | integer | Command family. |
| lid | integer | Command subcode. |
| rid | integer | Request/response ID. Client sends request with unique rid |
| body | dictionary | Dictionary of information. |
cmd, dsn and lid uniquely identify each command.
Known cmd/dsn/lid combinations:
| cmd | dsn | lid | Description |
|---|---|---|---|
| 1 | 0 | 1 | List all contacts |
| 1 | 0 | 2 | Get contact information by ID |
| 1 | 1 | 4 | Lookup IM information about yourself |
| 1 | 1 | 7 | Lookup IM information by userid |
| 1 | 2 | 6 | List all groups |
| 1 | 4 | 3 | Lookup MySpace information by userid |
| 1 | 4 | 5 | Lookup MySpace information about yourself |
| 1 | 5 | 7 | Lookup MySpace information by username/email |
| 1 | 7 | 18 | Get mail status |
| 1 | 9 | 14 | Your username has been changed (UserName, Code=0 for ok). Also need to call \setinfo. |
| 1 | 17 | 26 | Web challenge |
| 1 | 21 | 18 | Get user song |
| 1 | 101 | 20 | Server information |
| 2 | 2 | 16 | ??? Group flags |
| 2 | 9 | 14 | Check username availability |
| 2 | 14 | 21 | Add all my friends from MySpace.com |
| 2 | 15 | 22 | Add my top friends from MySpace.com |
| 3 | 2 | 16 | ??? Delete something? |
| 514 | 1 | 10 | Change user preferences |
| 514 | 0 | 9 | Update contact information |
| 514 | 16 | 25 | Invite to MySpaceIM |
| 515 | 0 | 8 | Delete buddy, ContactID in buddy (see also delbuddy) |
cmd appears to be a bitfield:
| Bit | Description |
|---|---|
| 0-7 (0-255) | Command bits, 1=get, 2=action, 3=delete |
| 8 (weight 256) | Set indicates reply, clear indicates request. |
| 9 (weight 512) | Set indicates to an action, clear indicates to get information. |
| 10 (weight 1024) | Set indicates an error, clear is normal. |
So for example, a reply to 1,5,7 (lookup MySpace information by username/email) would have cmd,dsn,lid of 257,5,7, and a reply to 1,9,14 would be 258,9,14. These aren't listed separately in the list above because they're the same command.
Server responds with a persistance reply (persistr):
| Key | Type | Description |
|---|---|---|
| persistr | boolean | Presence indicates persistr message. |
| uid | integer | Your userid. |
| cmd | integer | Command. This appears to the client request cmd bitwise ANDed or added with 256. |
| dsn | integer | Subcommand - matches dsn of request. |
| lid | integer | Subcommand - matches lid of request. |
| rid | integer | Request/response ID - matches rid of request. Server sends responses back with same rid as in the client's request, allowing client to match responses to requests. |
| body | dictionary | Response information. |
1,0,1: List all contacts
Request:
An empty body. Example:
\\persist\1\sesskey\46543777\cmd\1\dsn\0\uid\3656574\lid\1\rid\39\body\\final\
Reply has a key for each of the contacts. Keys:
| Key | Type | Description | Example |
|---|---|---|---|
| ContactID | integer | Userid of contact | 6221 |
| Headline | text | Headline | :-) |
| Position | integer | Offset on buddy list | 0 |
| GroupName | text | Group that buddy is located in | IM Friends |
| Visibility | integer | 1 | |
| AvatarUrl | text | URL of avatar | |
| ShowAvatar | boolean | Show avatar? True or False | |
| LastLogin | integer | Login timestamp | 128177889600000000 |
| IMName | text | Instant messaging name, blank if user doesn't have MySpaceIM | |
| NickName | text | ||
| NameSelect | integer | 0 | |
| OfflineMsg | text | Offline message | |
| SkyStatus | integer | ? | 0 |
Example:
ContactID=6221.Headline=:-).Position=1.GroupName=IM Friends.Visibility=1.AvatarUrl=.ShowAvatar=False.LastLogin=128182824000000000.IMName=.NickName=.NameSelect=0.OfflineMsg=.SkyStatus=0
(repeats for additional contacts)
1,0,2: Get contact information
Get information on a contact.
Request:
| Key | Values | Description |
|---|---|---|
| ContactID | integer | Userid of contact. |
Example, uid 180301984 looking up uid 6221:
\persist\1\sesskey\53348262\cmd\1\dsn\0\uid\180301984\lid\2\rid\7\body\ContactID=6221\final\
See also getinfo command.
Reply:
| Key | Values | Description |
|---|---|---|
| ContactID | integer | Userid of contact (actually present twice, identically). |
| Headline | text | |
| Position | integer | position in buddy list. |
| !GroupName | text | "Recent Contacts" |
| Visibility | integer | 2 |
| !AvatarUrl | text | |
| !ShowAvatar | True/False | |
| IMName | text | |
| !NickName | text | |
| !NameSelect | integer | 0 |
1,1,4: Lookup IM Information about Yourself
Sent with an empty body.
Similar response as to 1,1,17, except also includes OfflineMessage field.
1,1,7: Lookup IM Information by UserID
msim_lookup_user
Used for looking up MySpaceIM information on a user, as opposed to purely MySpace information.
Request body:
| Key | Values | Description |
|---|---|---|
| UserID | integer | The userid to lookup. |
Reply body:
| Key | Values | Description |
|---|---|---|
| UserID | integer | 0 |
| Sound | True/False | |
| !PrivacyMode | integer | "Who can contact me?" 0=Anyone, 1=Only people on my Contact List. |
| !ShowOnlyToList | True/False | "Who can see when I'm online?" False=Anyone, True=Only people on my Contact List. |
| !OfflineMessageMode | integer | "When I'm offline, receive and store messages from:" 0=Everyone, 1=Only people on my Contact List, 2=No one. |
| Headline | text | |
| Avatarurl | text | |
| Alert | integer | |
| !ShowAvatar | True/False | |
| IMName | text | |
| !ClientVersion | integer | Client build number. |
| !AllowBrowse | True/False | |
| IMLang | ??? | Language. |
| LangID | integer | Language ID. |
1,2,6: List all groups
Request: TODO
Reply:
| Key | Type | Description | Example |
|---|---|---|---|
| GroupID | integer | Numeric ID of group | 21672248 |
| GroupName | text | Textual name | IM Friends |
| Position | integer | Offset in buddy list | 1 |
| GroupFlag | integer | Unknown | 131073 |
1,4,3: Lookup MySpace User Info by UID
msim_lookup_user, when called with a string of numbers
Lookup user information by userid. This command is called MySpaceUserInfo by error messages.
Request:
| Key | Values | Description |
|---|---|---|
| UserID | integer | The userid to lookup. |
Examples:
\persist\1\sesskey\70517308\cmd\1\dsn\4\uid\180301984\lid\3\rid\16\body\UserID=6221\final\
Reply:
| Key | Values | Description |
|---|---|---|
| UserName | text | Unique username. Present only if in request. |
| text | Email address. Present only if in request. Fields below only present if user exists. | |
| UserID | integer | Numeric user ID. |
| ImageURL | text | URL to image |
| DisplayName | text | Display name, need not be unique. |
| BandName | text | |
| SongName | text | |
| Age | integer | Age in years. |
| Gender | M/F | Gender. |
| Location | text | City, State, Country |
| !TotalFriends | integer | Total number of friends on MySpace. |
(Same as 1,5,7 reply but also has TotalFriends).
Error messages are sent with cmd=1025 (error bit set), and following body:
| Key | Type | Description |
|---|---|---|
| UserID | integer | Userid of message request which had the error. |
| ErrorMessage | text | Textual description of error |
Observed error messages:
- Request time elapsed configured has passed for MessageType: Read, DataType: MySpaceUserInfo
- Persistence Queue Overflow
1,4,5: Lookup MySpace User Info About Yourself
Seems to be the same as 1,4,3 but looks up your information. You still need to pass UserID=xxx in the request body.
1,5,7: Lookup MySpace User Info by String
msim_lookup_user, when called with a username
Lookup user information by username or email. Known as MySpaceUserInfoByString in error messages.
In the body dictionary of the request, one of these keys is present:
| Key | Values | Description |
|---|---|---|
| UserName | text | The username to lookup. |
| text | The email address to lookup. |
Reply body:
| Key | Values | Description |
|---|---|---|
| UserName | text | Unique username. Present only if in request. |
| text | Email address. Present only if in request. Fields below only present if user exists. | |
| UserID | integer | Numeric user ID. |
| ImageURL | text | URL to image, mangled an unknown way. |
| DisplayName | text | Display name, need not be unique. |
| BandName | text | |
| SongName | text | |
| Age | integer | Age in years. |
| Gender | M/F | Gender. |
| Location | text | City, State, Country |
Error reply, here cmd=1025 (error bit set):
| Key | Type | Description |
|---|---|---|
| UserName | integer | Username of message request which had the error. |
| ErrorMessage | text | Textual description of error. Once observed: Request time elapsed configured has passed for MessageType: Read, DataType: MySpaceUserInfoByString |
1,7,18: Check Mail Status
msim_check_mail, msim_check_mail_cb
Checks for new mail, comments, or friend requests. You have to periodically poll to see if you have any.
Request: empty
Example:
\persist\1\sesskey\53348262\cmd\1\dsn\7\uid\180301984\lid\18\rid\4\body\\final\\
Reply:
| Key | Type | Description | Example |
|---|---|---|---|
| boolean | Whether you have new mail | On | |
| BlogComment | boolean | Whether you have new blog comments | On |
| ProfileComment | boolean | Whether you have new profile comments | On |
| FriendRequest | boolean | Whether you have new friend requests | On |
| PictureComment | boolean | Whether you have new picture comments | On |
Example:
\persistr\\cmd\257\dsn\7\uid\180301984\lid\18\rid\4\body\Mail=On\final\\
1,17,26: Web Challenge
not implemented
Webchallenge is used to authenticate with the myspace.com website, so that links to the website (such as for mail notification) do not require logging in again through the web interface. From Scott Ellis: "I have the popup windows for my notifications opening the same web pages as the official client, but without the 'token' it will usually redirect to the myspace login page and say 'you must be logged in to do that'. Getting the web authentication sorted would be a huge bonus."
Reply:
| Key | Values | Description |
|---|---|---|
| Challenge | integer | Challenge (present 3 times). |
| ChallengeData | binary | Base64 encoded 30 bytes (present 3 times). |
Unknown purpose. Causes client to send an HTTP request to home.myspace.com: GET /Modules/IM/Pages/UrlRedirector.aspx, with URL-encoded parameters:
| Key | Values | Description |
|---|---|---|
| challenge | X-Y-Z, 3 integers | X is as of yet unknown, Y is the uid, Z is the sesskey |
| response | binary | ??? base64-encoded data. Probably the result of an algorithm using the X-Y-Z above |
| target | text | Several options: searchfriends, profile, comment, message, probably more... |
| targetid | integer | The userid of the target profile for the target action |
UrlRedirector.aspx replies with a simple HTML page that states "Object moved" followed by a hyperlink and a cookie in the HTTP header. The cookie is obviously our MySpace login validation. The client then proceeds to send an HTTP request to the page the hyperlink points to.
These messages are currently ignored by msimprpl, and are not required for basic functionality. Used for web authentication?
See also 'webchlg'.
1,21,28: Get User Song
not implemented
If the music note icon on the buddy list in the official client is clicked, this message will be sent.
Request:
| Key | Type | Description |
|---|---|---|
| UserID | integer | Userid to get song information on. |
Reply:
| Key | Type | Description |
|---|---|---|
| UserID | integer | |
| ProfileSong | text | URL to page with an embedded Flash media player |
1,101,20: Server Information
not implemented
This message is sent without the client asking for it, so the response bit in cmd is always set (cmd = 257). Sent upon connecting to the server, before logging in. It contains various timers and limits:
| Key | Type | Description |
|---|---|---|
| AdUnitRefreshInterval | integer | 10 |
| AlertPollInterval | integer | 180 |
| ChatRoomUserIDs | list separated by ; | Userids for chatrooms |
| CurClientVersion | integer | 595, even though 673 is newer |
| EnableIMBrowse | True/False | False |
| MaxAddAllFriends | integer | 100 |
| MaxContacts | integer | 1000 |
| MinClientVersion | integer | 529 |
| MySpaceNowTimer | integer | 720 (seconds) |
| PersistanceDataTimeout | integer | 900 (seconds) |
| UseWebChallenge | integer | 1 |
| WebTicketGoHome | True/False | False |
ChatRoomUserIDs is, as of 2007-04-15, a list of the following userids:
| UserID | Username | Display Name |
|---|---|---|
| 78744676 | myspaceim | hi |
| 142663391 | myspaceimchat | jorge |
| 142910130 | myspaceimchat2 | jorge |
| 123521495 | testbot5 | test |
| 138528147 | myspacejorge4 | myspacejorge4 |
| 140271072 | TEST4MATTCHUNG2 | tester |
| 163733130 | myspacecdn | jorge |
None of these userids autoreply when IM'd.
2,9,14: Set username
| Key | Type | Description |
|---|---|---|
| UserName | text | Name to use |
Example request:
\persist\1\sesskey\469958979\cmd\2\dsn\9\uid\240626417\lid\14\rid\28\body\UserName=msimprpl2\final\
Example reply:
\persistr\\cmd\258\dsn\9\uid\240626417\lid\14\rid\28\body\UserName=msimprpl2.Code=0\final\
This sets the username. \setinfo with with a UserName in the body is also sent afterwards.
2,14,21: Add all my friends from MySpace.com
Sent when go to "Add all my friends" from File -> IM Set Up Wizard. Imports your friends from the website to IM.
Request:
| Key | Type | Description |
|---|---|---|
| GroupName | text | "IM Friends", group to add contacts to? |
Example:
\persist\1\sesskey\581636623\cmd\2\dsn\14\uid\3656574\lid\21\rid\39\body\GroupName=IM Friends\final\
Reply:
| Key | Type | Description |
|---|---|---|
| Completed | boolean | "True" if contacts were added |
Example:
\persistr\\cmd\258\dsn\14\uid\3656574\lid\21\rid\39\body\Completed=True\final
Client then sends a 1,0,1 persistance request ("List all contacts") to get the updated list. After getting all the buddies, it removes them from the blocklist (b-) and adds to the accept list (a+, see blocklist command). After that, it sends a 514,0,9 ("Set contact information") on each contact, in body passing ContactID, GroupName, Position, Visibility, NickName, and NameSelect.
2,15,22: Add my top friends from MySpace.com
Sent when go to "Add my top friends" from File -> IM Set Up Wizard. Imports your friends from the website to IM.
Request:
| Key | Type | Description |
|---|---|---|
| GroupName | text | "IM Friends", group to add contacts to? |
Example:
\persist\1\sesskey\24577352\cmd\2\dsn\15\lid\22\rid\96\body\GroupName=IM Friends\final\
Reply:
| Key | Type | Description |
|---|---|---|
| Completed | boolean | "True" if contacts were added |
Example:
\persistr\\cmd\258\dsn\15\uid\96902854\lid\22\rid\96\body\GroupName=IM Friends\034Completed=True\final\
514,0,9: Set contact information
Sets the location and group of a buddy.
Request:
| Key | Type | Description |
|---|---|---|
| ContactID | integer | Userid of contact. |
| GroupName | text | "Recent Contacts" |
| Position | integer | 0, 1000 |
| Visibility | integer | 1, 2 |
| NickName | text | |
| NameSelect | integer | 0 |
Example:
\persist\1\sesskey\70517308\cmd\514\dsn\0\uid\180301984\lid\9\rid\18\body\ContactID=6221\034GroupName=Recent Contacts\034Visibility=1NameSelect=0\final\
514,1,10: Change User Preferences
not implemented
body dictionary, of settings to change:
| Key | Values | Description |
|---|---|---|
| Sound | True/False | ??? |
| PrivacyMode | integer | "Who can contact me?" 0=Anyone, 1=Only people on my Contact List. |
| ShowOnlyToList | True/False | "Who can see when I'm online?" False=Anyone, True=Only people on my Contact List. |
| OfflineMessageMode | integer | "When I'm offline, receive and store messages from:" 0=Everyone, 1=Only people on my Contact List, 2=No one. |
| Headline | text | Your profile headline. |
| Alert | integer | 1 |
| ShowAvatar | True/False | |
| IMName | text | Your instant messenger name. Official client lets you change IM name capitalization and spacing. |
514,16,25: Invite to MySpaceIM
not implemented
Request:
| Key | Type | Description |
|---|---|---|
| Recipient | integer | Userid to invite. |
| Subject | text | "Invite to IM" |
| Body | text | Entered message text. |
This might be a generic command to send MySpace messages (not verified).
Client also sends this instant message:
| Key | Type | Description |
|---|---|---|
| bm | integer | 1 |
| sesskey | integer | Session key. |
| t | integer | Userid to send message to. |
| cv | integer | Client version build number. |
| msg | text | "Invited to MySpaceIM on hh::mm PM on mm/dd/yy" |
Error Messages
msim_error
An error notice is sent from the server in certain situations.
| Key | Type | Description |
|---|---|---|
| error | boolean | Presence indicates this is an error message. |
| errmsg | string | ASCII English description of error. |
| err | integer | Error code. |
| fatal | boolean | Presence indicates error is fatal to the connection. |
Known errors:
| Code | Message | Type |
|---|---|---|
| 1 | There was an error parsing an incoming request. | Fatal |
| 2 | This request cannot be processed because you are not logged in. | Fatal |
| 3 | This request cannot be processed because of an invalid session key. | Fatal |
| 6 | This profile has been disconnected by another login. | Fatal |
| 259 | The supplied email address is invalid. | Fatal |
| 260 | The password provided is incorrect. | Fatal |
| 267 | The network cannot accept authentications from the indicated version of the client. | Fatal |
| 270 | Error getting contact list from DB (seen in #7584) | Fatal |
| 4352 | Invalid user ID in persistence request. | Fatal |
| 4608 | PM Restart | Unknown |
Code 259 is no longer used if trying to login with an invalid email address, circa client build 404. Instead, invalid email and invalid passwords both return code 260. See MySpaceIM Info Disclosure: Silently Fixed
Logout
To logout:
| Key | Type | Description |
|---|---|---|
| logout | boolean | Presence indicates this is a logout message. |
| sesskey | integer | Session key. |
UDP Polling Protocol?
MySpaceIM appears to also use a UDP protocol, perhaps as a means of exchanging status. During the messenger startup, it will transmit a number of UDP messages from a single port, to a variety of addresses, presumably known servers. The destination port varies, though this might be an artifact introduced through NAT port mappings.
The initial packet sent to the remote servers has a reasonably constant format, though the content and length both vary. The first two bytes appear to be a sequence number and a flag bit, with the flag bit last. The third byte is always 0x02, at least in the initial dialog. Afterwards, the packet content varies more.
A sample packet capture can be found at capture file.
Client/Executable Analysis
MySpaceIM Setup
MySpaceIM_Setup.exe, which you can download at http://myspace.com/myspaceim, is not the actual client. Instead, it fetches http://im.myspace.com/nsis/currentversion.txt , parses the key=value pairs on each line, and downloads $(SETUPURL)$(SETUPFILE) using HTTP. German, French, Italian, and Spanish clients can also be downloaded. The version described in this document is build '673.
The MySpaceIM client also occasionally checks http://im.myspace.com/nsis/currentversion.txt to see if an upgrade is available.
Libraries/Code Used by MySpaceIM.exe build 673
Interesting strings found in executable:
| String' | Comments |
|---|---|
| @(#)$Id: TRIONAN.C,v 1.4 2005/12/08 22:03:59 rkrueger Exp $ | libxml2 |
| inflate 1.1.4 Copyright 1995-2002 Mark Adler | Inflate/deflate decompression/compression, RFC1950 from zlib |
| inflate 1.1.3 Copyright 1995-1998 Mark Adler | zlib, png |
| deflate 1.1.4 Copyright 1995-2002 Jean-loup Gailly | zlib |
| unzip 0.15 Copyright 1998 Gilles Vollant | zip archive files |
| Skinux Object Runtime Error | Skinux Engine for skinning |
| Copyright (C) 1998, Thomas G. Lane | JPEG library |
| Copyright (c) 1992-2004 by P.J. Plauger, licensed by Dinkumware, Ltd. ALL RIGHTS RESERVED. | Standard C++ library in VC++ |
| gpsp.gamespy.com | [1], for finding other gamers (not used yet?) |
| \m\%d\xfer\%d %u %u | Unknown message. Near \gamename. |
| 63.208.226.223 | Mysterious host, blocks pings, owned by Level3 |
myim: URLs
MySpaceIM registers the myim: URL scheme to invoke C:\Program Files\MySpace\IM\MySpaceIM.exe %1. The URL includes a command followed by URL-encoded parameters, for example: myim:addContact?uID=1&cID=2.
addContact
msim_uri_handler_addContact_cb
Adds user to contact list. Used on http://collect.myspace.com/index.cfm?fuseaction=im.friendslist
| Name | Value |
|---|---|
| uID | Your userid, or 0 for default |
| cID | Contact userid |
| auto | true if "Add all the people on this page to my IM List!" clicked, empty cID |
sendIM
msim_uri_handler_sendIM_cb
Used in JavaScript posted at http://developer.pidgin.im/attachment/ticket/194/section%20of%20code%20from%20myspaceJS032.js%20.txt
| Name | Value |
|---|---|
| uID | Your userid, or 0 for default |
| cID | Contact userid |
Credits
The majority of this specification was produced from original research by User:Jeff
Thanks also to Nathan Peterson for independently reverse-engineering parts of the protocol. Parts of this document were drawn from it.
Thanks also to Scott Ellis, developer of the MySpaceIM protocol plugin for Miranda IM, for contributing to this document.