Venky's World

Yahoo Messenger Protocol

(UNOFFICIAL DOCUMENTATION)

 DISCLAIMER

*************************************************************************************************

The following document is just my interpretation of the yahoo protocol.it is based on a lot of assumptions all of which might not be right. The new yahoo protocol is really right up there when it comes to security unlike the previous versions .Also i do not expect people to stop using the original yahoo messenger and use a simple clone which just about sends and receives messages.Yahoo has added a whole range of features to it's messenger like IM Environments,voice chat and webcam support which are pretty cool and pretty tough to replicate(maybe i'llgive it a shot when i got loads of free time!!!).And finally i expect people who might use this protocol info to not harm anybody by making booters and bombers,that's really an awful waste of technology besides serving no purpose. And last but not the least ,thank yahoo for providing a nice tool for instant communication

*************************************************************************************************

The basic purpose of writing this document is that people should know what's actually happening when they use the yahoo messenger and help them in making their own client.There is hardly any if not any documentation available on the internet concerning the YMSG ptotocol .

The first step involved in any messenger application is logging into the messenger server and then retrieving the friends list..The yahoo messenger connects to the yahoo server(cs.yahoo.com) on port 5050.Let us first look at logging into the yahoo server

We will connect to the yahoo messenger server scs.yahoo.com on port 5050

As always the most difficult part to figure out in any messenger protocol is the login encryption.

Now let us start logging into the yahoo messenger server .We send the following data to the messenger server to start the login process

This is the data sent when viewed through a port monitor

 
0x0000   00 20 18 8F C8 16 00 50-BA 89 95 6B 08 00 45 00   . .È..Pº‰•k..E.
0x0010   00 4A F7 6A 40 00 80 06-BA 99 C0 A8 01 C1 D8 88   .J÷j@.€.º™À¨.Á؈
0x0020   AD B7 07 0D 13 BA 7F DC-96 ED DA E7 49 68 50 18   ­·...ºÜ–íÚçIhP.
0x0030   44 5C F8 02 00 00 59 4D-53 47 00 0B 00 00 00 0E   D\ø...YMSG......
0x0040   00 57 00 00 00 00 6D 61-93 13 31 C0 80 73 75 6E   .W....ma“.1À€sun
0x0050   64 61 6D 61 6D 61 C0 80-                          damama

Let us look at what exactly is being sent

• YMSG- is the yahoo standard header for all messenger command/messages
• This is followed by 2 bytes of data - 00 0B. -this indicates the version number of the protocol
• This is followed by 2 bytes of data -  00 00 
• Next 2 bytes specify is the length of the  message information-i.e total lengthof the string -length of the header(20 bytes)                
• The next bytes  of data is 00
• This is followed by the charecter "W" this signifies that the command being sent is a challenge command
• Next is a 4 byte are  -00 00 00 00 
• The next 4 bytes is what i call the initial 4 bytes bluff identifier. These 4 bytes identify a particular user and it  changes every time you log in. Initially you  could send any four bytes including 00 00 00 00 and you would still be able to log in .
• This is followed by one byte of data signifying that the data being sent is for logging into the server .This byte has an ASCII equivalent of  "0"
• This is followed by 1 byte of data - 31 whose ascii equivalent is "1"
• This is followed by 2 bytes of data which is the standard argument separator.- C0 80
• Finally this is followed by the yahoo user id and the standard argument separator.
•  
• The server in response sends a challenge string to verify the password.The response of the server looks like this

This is the data received  when viewed through a port monitor

0x0000   00 50 BA 89 95 6B 00 20-18 8F C8 16 08 00 45 00   .Pº‰•k. .È...E.
0x0010   00 9C 13 BC 40 00 2F 06-EE F6 D8 88 AD B7 C0 A8   .œ.¼@./.îö؈­·À¨
0x0020   01 C1 13 BA 07 0D DA E7-49 68 7F DC 97 0F 50 18   .Á.º..ÚçIhÜ—.P.
0x0030   FF FF 3E 30 00 00 59 4D-53 47 00 00 00 00 00 60   ÿÿ>0..YMSG.....`
0x0040   00 57 00 00 00 01 6D 67-EE 27 31 C0 80 73 75 6E   .W....mgî'1À€sun
0x0050   64 61 6D 61 6D 61 C0 80-39 34 C0 80 67 7C 69 2F   damama94g|i/
0x0060   70 5E 68 26 7A 2D 64 2B-32 25 76 25 78 26 6A 7C   p^h&z-d+2%v%x&j|
0x0070   65 2B 28 6D 5E 6B 2D 69-25 68 2A 28 73 2B 38 25   e+(m^k-i%h*(s+8%
0x0080   61 2F 75 2F 78 2A 28 62-2D 34 2A 69 25 68 5E 67   a/u/x*(b-4*i%h^g
0x0090   5E 6A 7C 6D 5E 6E 2D 72-2A 66 2B 70 2B 6A 29 29   ^j|m^n-r*f+p+j))
0x00A0   29 C0 80 31 33 C0 80 31-C0 80                     )À€13À€1À€

• YMSG- is the yahoo standard header for all messenger command/messages
• This is followed by 1 byte of data - 00 00. -this indicates that the data has been sent by the server
• Next 2 bytes specify is the length of the  message information-i.e total lengthof the string -length of the header(20 bytes)
• The next bytes  of data is 00
• This is followed by the charecter "W" this signifies that the command being sent is a challenge command
• Next is a 4 byte are  -00 00 00 01 
• The next 4 bytes are the most important part of this response these 4 bytes also signify the session id .All future messages/command being sent to the server require this session id
• This is followed by 1 byte of data - 31 whose ascii equivalent is "1"
• This is followed by 2 bytes of data which is the standard argument separator.- C0 80
• This is followed by the yahoo user id and the standard argument separator.
• Next are two bytes having ascii equivalent "9" and "4", "94" signifies that what follows is a 24 charecter challenge string
• Finally the challenge string followed by the standard argument seperator
• This is followed by 2 bytes of data - 31 and 33 whose ascii equivalent is "1" & 3"
• This is followed by 2 bytes of data which is the standard argument separator.- C0 80

After this has been done it's time to actually log in as invisible and then become online and be able to send and receive messages. This is what is sent

This would log you in invisible mode.

This is the data being sent  when viewed through a port monitor

0x0000   00 20 18 8F C8 16 00 50-BA 89 95 6B 08 00 45 00   . .È..Pº‰•k..E.
0x0010   01 F2 F7 6B 40 00 80 06-B8 F0 C0 A8 01 C1 D8 88   .ò÷k@.€.¸ðÀ¨.Á؈
0x0020   AD B7 07 0D 13 BA 7F DC-97 0F DA E7 49 DC 50 18   ­·...ºÜ—.ÚçIÜP.
0x0030   43 E8 76 10 00 00 59 4D-53 47 00 0B 00 00 01 B6   Cèv...YMSG.....¶
0x0040   00 54 5A 55 AA 55 6D 61-93 13 36 C0 80 58 3D 37   .TZUªUma“.6À€X=7
0x0050   65 2C 48 3D 6A 65 2C 48-3D 6A 37 3B 6D 3D 43 6A   e,H=je,H=j7;m=Cj
0x0060   2C 48 3D 43 63 2C 45 3D-33 33 3B 51 3D 6D 6C 3B   ,H=Cc,E=33;Q=ml;
0x0070   48 3D 33 37 3B 46 3D 67-67 3B 77 3D 46 35 3B C0   H=37;F=gg;w=F5;À
0x0080   80 39 36 C0 80 4E 3D 61-68 2C 6D 3D 46 31 2C 6D   €96À€N=ah,m=F1,m
0x0090   3D 33 41 2C 51 3D 41 32-3B 54 3D 41 6C 2C 5A 3D   =3A,Q=A2;T=Al,Z=
0x00A0   45 70 2C 68 3D 68 65 2C-53 3D 30 6F 3B 72 3D 31   Ep,h=he,S=0o;r=1
0x00B0   42 2C 43 3D 68 32 3B C0-80 30 C0 80 73 75 6E 64   B,C=h2;À€0À€sund
0x00C0   61 6D 61 6D 61 C0 80 32-C0 80 31 C0 80 31 C0 80   amama211
0x00D0   73 75 6E 64 61 6D 61 6D-61 C0 80 39 38 C0 80 69   sundamama

• YMSG- is the yahoo standard header for all messenger command/messages
• This is followed by 2 bytes of data - 00 0B. -this indicates the version number of the protocol
• This is followed by 2 bytes of data -  00 00
• Next 2 bytes specify is the length of the  message information-i.e total lengthof the string -length of the header(20 bytes)
• The next bytes  of data is 00
• This is followed by the charecter "T" this signifies that the command being sent is a login command
• Next is a 4 byte are  -5A 55 AA 55  
• The next 4 bytes are the session identifier
• Next byte has an ascii equivalent of "6"
• This is followed by the standard argument separator.
• This is followed by first of the 2 ,50 charcter string authentication response
• This is followed by the standard argument separator.
• Next 2 bytes have an ascii equivalent of "9" & "6"
• Next is the 2nd 50 charecter authentication response
• This is followed by the standard argument separator.
• Next byte has an ascii equivalent of "0"
• This is followed by the standard argument separator.
• Finally followed by the yahoo user id(name) and the standard argument separator.
• Next byte has an ascii equivalent of "2"
• This is followed by the standard argument separator.
• Next byte has an ascii equivalent of "1"
• This is followed by the standard argument separator.
• Next byte has an ascii equivalent of "1"
• This is followed by the standard argument separator.
• Finally followed by the yahoo user id(name) and the standard argument separator. Much more data is passed alon with this, but since a lot of those data has to do with earlier sessions we shall not consider them.The yahoo servers would process our request regardless of this.
•  
•  
•  
• On succesfully sending this the yahoo server sends us the friend's list and other details like cookie and stuff
•  

0x0000   00 50 BA 89 95 6B 00 20-18 8F C8 16 08 00 45 00   .Pº‰•k. .È...E.
0x0010   03 1C 17 FA 40 00 2F 06-E8 38 D8 88 AD B7 C0 A8   ...ú@./.è8؈­·À¨
0x0020   01 C1 13 BA 07 0D DA E7-49 DC 7F DC 98 D9 50 18   .Á.º..ÚçIÜܘÙP.
0x0030   FF FF 6A 19 00 00 59 4D-53 47 00 00 00 00 02 E0   ÿÿj...YMSG.....à
0x0040   00 55 00 00 00 00 6D 67-EE 27 38 37 C0 80 46 72   .U....mgî'87À€Fr
0x0050   69 65 6E 64 73 3A 62 6D-61 6E 69 75 73 2C 6B 5F   iends:bmanius,k_
0x0060   76 5F 70 72 61 62 68 75-2C 70 75 6E 73 61 5F 32   v_prabhu,punsa_2
0x0070   30 30 30 2C 74 65 73 74-34 79 64 65 6D 6F 0A 6A   000,test4ydemo.j
0x0080   61 62 62 65 72 5F 79 74-3A 6B 5F 76 5F 70 72 61   abber_yt:k_v_pra
0x0090   62 68 75 2C 73 75 64 69-62 6F 79 2C 74 65 73 74   bhu,sudiboy,test
0x00A0   34 79 64 65 6D 6F 2C 76-65 6E 6B 79 5F 64 75 64   4ydemo,venky_dud
0x00B0   65 0A 74 65 73 74 31 3A-64 65 65 70 61 6B 37 38   e.test1:deepak78
0x00C0   2C 73 75 64 69 62 6F 79-0A 74 65 73 74 34 3A 6B   ,sudiboy.test4:k
0x00D0   5F 76 5F 70 72 61 62 68-75 0A 74 65 73 74 35 3A   _v_prabhu.test5:
0x00E0   6B 5F 76 5F 70 72 61 62-68 75 0A 76 65 6E 6B 79   k_v_prabhu.venky
0x00F0   5F 64 75 64 65 3A 76 65-6E 6B 79 5F 64 75 64 65   _dude:venky_dude
0x0100   0A C0 80 38 38 C0 80 C0-80 38 39 C0 80 73 75 6E   .8889sun
0x0110   64 61 6D 61 6D 61 C0 80-35 39 C0 80 59 09 76 3D   damama59Y.v=
0x0120   31 26 6E 3D 44 65 6F 75-43 65 71 73 62 71 67 31   1&n=fxxxxxqsbqg1
0x0130   32 26 6C 3D 44 6B 64 33-20 63 30 63 30 2F 6F 26   2&l=ixxxxx0c0/o&
0x0140   70 3D 6D 31 61 30 61 76-32 30 31 33 30 30 30 30   p=m1a0av20130000
0x0150   30 30 26 72 3D 37 6C 26-6C 67 3D 75 73 26 69 6E   00&r=7l&lg=us&in
0x0160   74 6C 3D 75 73 3B 20 65-78 70 69 72 65 73 3D 54   tl=us; expires=T
0x0170   68 75 2C 20 31 35 20 41-70 72 20 32 30 31 30 20   hu, 15 Apr 2010 
0x0180   32 30 3A 30 30 3A 30 30-20 47 4D 54 3B 20 70 61   20:00:00 GMT; pa
0x0190   74 68 3D 2F 3B 20 64 6F-6D 61 69 6E 3D 2E 79 61   th=/; domain=.ya
0x01A0   68 6F 6F 2E 63 6F 6D C0-80 35 39 C0 80 54 09 7A   hoo.com59T.z
0x01B0   3D 45 59 23 63 2F 47 52-65 52 64 97 41 46 41 47   =jY8c/xxxxx/AFAG
0x01C0   55 2F 73 4A 52 57 30 79-4E 6A 51 78 42 6B 34 79   U/sJRWxxxxxxBk4y
0x01D0   54 7A 56 4F 4E 54 59 78-4E 41 2D 2D 26 61 3D 51   TzVONTYxNA--&a=Q
0x01E0   41 45 26 73 6B 3D 44 41-41 6A 51 36 2F 58 67 6D   AE&sk=DAAjQ6/Xgm
0x01F0   31 75 4B 4A 26 64 3D 63-32 77 42 54 56 52 4E 4D   1uKJ&d=c2wBTVRNM
0x0200   6B 46 55 61 7A 46 50 52-45 6B 31 54 57 70 46 4D   kFUazFPREk1TWpFM
0x0210   6B 31 33 54 53 30 55 59-47 46 52 51 55 55 42 64   k13LxxxxxxRQUUBd
0x0220   47 6C 77 41 55 78 49 53-54 5A 56 51 67 46 36 65   GlwAUxISTZVQgF6e
0x0230   67 46 71 57 54 68 6A 4C-30 46 6E 56 30 45 2D 3B   gFqWThjL0FnV0E-;
0x0240   20 65 78 70 69 72 65 73-3D 54 68 75 2C 20 31 35    expires=Thu, 15
0x0250   20 41 70 72 20 32 30 31-30 20 32 30 3A 30 30 3A    Apr 2010 20:00:
0x0260   30 30 20 47 4D 54 3B 20-70 61 74 68 3D 2F 3B 20   00 GMT; path=/; 
0x0270   64 6F 6D 61 69 6E 3D 2E-79 61 68 6F 6F 2E 63 6F   domain=.yahoo.co
0x0280   6D C0 80 35 39 C0 80 43-09 6D 67 3D 31 C0 80 31   m59C.mg=11
0x0290   35 33 C0 80 31 C0 80 39-30 C0 80 31 C0 80 33 C0   53À€1À€90À€1À€3À
0x02A0   80 73 75 6E 64 61 6D 61-6D 61 C0 80 31 30 30 C0   €sundamamaÀ€

The cookie can be grabbed from this data which is received by us and can be used for
various yahoo http functions.



After this we change our status as being online and available
This is what we send

YMSG    .w U    ~*

When viewed through a port monitor this is what shows up

0000:  20 53 52 43 00 00 44 45 53 54 00 00 08 00 45 00  SRC..DEST....E.
0010:  00 3C CF 04 40 00 80 06 BA 25 CB 5E EA D9 D8 88 .<..@....%.^....
0020:  E2 D0 04 8B 00 50 00 71 FE 1B 82 BE 3D 8B 50 18 .....P.q....=.P.
0030:  21 80 A3 50 00 00 59 4D 53 47 00 0B 00 00 00 00 !..P..YMSG......
0040:  00 04 00 00 00 0C 00 00 00 00                   ..........

• YMSG- is the yahoo standard header for all messenger command/messages
• This is followed by 2 bytes of data - 00 0B. -this indicates the version number of the protocol
• This is followed by 2 bytes of data -  00 00  
• Next 2 bytes specify is the length of the  message information-i.e total lengthof the string -length of the header(20 bytes)
• The next bytes  of data is 00
• The next bytes  of data is 04 - this signifies the user is changing his status to being available
• Next is a 4 byte are  -00 00 00 0C
• Final 4 bytes are  -00 00 00 00  

On sending this the server responds by sending us the details of any fried who is online at that moment

• .
•  

Sending a Message


To send a message the following data is sent to the server


YMSG        D .ZUªV~*
—1À€sunxxxxxÀ€5À€venkxxxxeÀ€14À€hiÀ€97À€0À€63À€;0À€64À€0À€1002À€1À€





When viewed through a port monitor 

0000:  20 53 52 43 00 00 44 45 53 54 00 00 08 00 45 00  SRC..DEST....E.
0010:  00 80 F7 04 40 00 80 06 91 E1 CB 5E EA D9 D8 88 ....@......^....
0020:  E2 D0 04 8B 00 50 00 71 FE 2F 82 BE 3F EA 50 18 .....P.q./..?.P.
0030:  21 80 54 8F 00 00 59 4D 53 47 00 0B 00 00 00 44 !.T...YMSG.....D
0040:  00 06 5A 55 AA 56 7E 2A 0A 97 31 C0 80 73 75 6E ..ZU.V.*..1..sun
0050:  64 xx xx 61 xx xx C0 80 35 C0 80 76 65 6E 6B 79 dxxxx..5..venky
0060:  xx xx xx 64 65 C0 80 31 34 C0 80 68 69 C0 80 39 xxxxe..14..hi..9
0070:  37 C0 80 30 C0 80 36 33 C0 80 3B 30 C0 80 36 34 7..0..63..;0..64
0080:  C0 80 30 C0 80 31 30 30 32 C0 80 31 C0 80       ..0..1002..1..



 Let us look at what is being sent

• YMSG- is the yahoo standard header for all messenger command/messages
• This is followed by 2 byte of data - 00 0B. -this indicates the version number of the protocol
• This is followed by 2 bytes of data -  00 00  
• Next 2 bytes specify is the length of the  message information-i.e total lengthof the string -length of the header(20 bytes)
• The next bytes  of data is 00
• The next bytes  of data is 06 - this signifies that the command is a user message
• Next is a 4 byte are standard for all messages/commands being sent to the messenger server.The 4 bytes are  5A 55 AA 56
• The next 4 bytes  are the user identifier for the current session.
• This is followed by one byte of data signifying that the data is a Private Message(PM) being sent to a user.This byte has an ASCII equivalent of  "1"  
• This is followed by 2 bytes of data which is the standard argument separator.- C0 80
• This is followed by the yahoo user id and the standard argument separator.
• Followed by one byte which which has an ASCII equivalent of  "5" and whch signifies that the next data is the user id to whom the message is to be sent
• Followed by the standard argument separator.
• This is followed by the id of the user to whom the message is being sent and the standard argument separator.
• Followed by again one byte which has an ASCII equivalent of  "14" and signifies that the data following it is the actual user message and the standard argument separator.
• Next 2 bytes have an ascii equivalent of "6" & "3"
• This is followed by the standard argument separator.
• Next byte has an ascii equivalent of ";"
• Next byte has an ascii equivalent of "0"
• This is followed by the standard argument separator.
• Next 2 bytes have an ascii equivalent of "6" & "4"
• This is followed by the standard argument separator.
• Next byte has an ascii equivalent of "0"
• Next 2 bytes have an ascii equivalent of "1" & "0"
• Next 2 bytes have an ascii equivalent of "0" & "2"
• This is followed by the standard argument separator.
• Next byte has an ascii equivalent of "1"
• Finally followed by the standard argument separator.

RECEIVING A MESSAGE

 YMSG A . .~* —5À€sundaxxxxÀ€4À€venkyxxxxÀ€14À€hi thereÀ€63À€;0À€64À€0À€97À€0À€

0000:  44 45 53 54 00 00 20 53 52 43 00 00 08 00 45 00 DEST.. SRC....E.
0010:  00 7D 9C 0F 40 00 32 06 3A DA D8 88 E2 D0 CB 5E .}..@.2.:......^
0020:  EA D9 00 50 04 8B 82 BE 3F 95 00 71 FE 2F 50 18 ...P....?..q./P.
0030:  FF FF 73 60 00 00 59 4D 53 47 00 00 00 00 00 41 ..s`..YMSG.....A
0040:  00 06 00 00 00 01 7E 2A 0A 97 35 C0 80 73 75 6E .......*..5..sun
0050:  xx xx xx xx xx 61 C0 80 34 C0 80 76 65 6E 6B 79 dxxxxx..4..venky
0060:  xx xx xx xx xx xx xx 31 34 C0 80 68 69 20 74 68 xxxxe..14..hi th
0070:  65 72 65 C0 80 36 33 C0 80 3B 30 C0 80 36 34 C0 ere..63..;0..64.
0080:  80 30 C0 80 39 37 C0 80 30 C0 80                .0..97..0..

 Let us look at what has been received

• YMSG- is the yahoo standard header for all messenger command/messages
• This is followed by 1 byte of data - 00. -signifying that this is a server response
• This is followed by 3 bytes of data -  00 00 00 
• Next 2 bytes specify is the length of the  message information-i.e total lengthof the string -length of the header(20 bytes)
• The next bytes  of data is 00
• The next bytes  of data is 06 - this signifies that the command is a user message
• Next is a 4 byte are  00 00 00 01
• The next 4 bytes  is the session id
• This is followed by one byte of data signifying that the data is a Private Message(PM) being sent to a user.This byte has an ASCII equivalent of  "5"  
• This is followed by 2 bytes of data which is the standard argument separator.- C0 80
• This is followed by the yahoo user id and the standard argument separator.
• Followed by one byte which which has an ASCII equivalent of  "4" and whch signifies that the next data is the user id who has sent the message
• Followed by the standard argument separator.
• This is followed by the id of the user to whom the message is being sent and the standard argument separator.
• Followed by again one byte which has an ASCII equivalent of  "14" and signifies that the data following it is the actual user message and the standard argument separator.
• Next 2 bytes have an ascii equivalent of "6" & "3"
• This is followed by the standard argument separator.
• Next byte has an ascii equivalent of ";"
• Next byte has an ascii equivalent of "0"
• This is followed by the standard argument separator.
• Next 2 bytes have an ascii equivalent of "6" & "4"
• This is followed by the standard argument separator.
• Next byte has an ascii equivalent of "0"
• Next 2 bytes have an ascii equivalent of "9" & "7"
• This is followed by the standard argument separator.
• Next byte has an ascii equivalent of "0"
• Finally followed by the standard argument separator.

USER COMES ONLINE

0x0030   FF FF D2 AA 00 00 59 4D-53 47 00 00 00 00 00 31   ÿÿÒª..YMSG.....1
0x0040   00 04 00 00 00 01 B5 67-52 29 37 C0 80 73 75 6E   ......µgR)7À€sue
0x0050   64 61 6D 61 6D 61 C0 80-31 30 C0 80 30 C0 80 31   dddddd1001
0x0060   31 C0 80 37 35 36 42 36-36 41 39 C0 80 31 37 C0   1À€756B66A9À€17À
0x0070   80 30 C0 80 31 33 C0 80-31 C0 80                  €0À€13À€1À€



let us see what is being sent

• YMSG- is the yahoo standard header for all messenger command/messages
• This is followed by 1 byte of data - 00. -signifying that this is a server response
• This is followed by 3 bytes of data -  00 00 00 
• Next 2 bytes specify is the length of the  message information-i.e total lengthof the string -length of the header(20 bytes)
• The next bytes  of data is 00
• The next bytes  of data is 04 - specifying user status as being online
• Next is a 4 byte are  00 00 00 01
• The next 4 bytes  is the session id
• Also in this message is present the id of the user who has gone offline
•  

 USER GOES OFFLINE

0x0030   FF FF CD C6 00 00 59 4D-53 47 00 00 00 00 00 31   ÿÿÍÆ..YMSG.....1
0x0040   00 02 00 00 00 01 B5 67-52 29 37 C0 80 73 75 6E   ......µgR)7À€sun
0x0050   64 61 6D 61 6D 61 C0 80-31 30 C0 80 30 C0 80 31   damama1001
0x0060   31 C0 80 45 32 36 31 46-45 44 37 C0 80 31 37 C0   1À€E261FED7À€17À
0x0070   80 30 C0 80 31 33 C0 80-30 C0 80                  €0À€13À€0À€

• YMSG- is the yahoo standard header for all messenger command/messages
• This is followed by 1 byte of data - 00. -signifying that this is a server response
• This is followed by 3 bytes of data -  00 00 00 
• Next 2 bytes specify is the length of the  message information-i.e total lengthof the string -length of the header(20 bytes)
• The next bytes  of data is 00
• The next bytes  of data is 02 - specifying user status as being offline
• Next is a 4 byte are  00 00 00 01
• The next 4 bytes  is the session id
• Also in this message is present the id of the user who has gone offline
•