What is Yahoo Message Archive Decoder?
Yahoo Message Archive Decoder is a software that reads Yahoo! Messenger archive files (.dat files) and presents them in a format that you can read. It is called decoding.
Unlike the utility provided by Yahoo! Messenger, using this program you can decode them without connecting to the Internet as long as you have the .dat files. Moreover, the message archive owner's password is not needed.
The software decodes normal conversation messages, private messages, conferences, and SMS/Mobile Messages to HTML or plain text, complete with time stamps, smileys and font formatting (typeface, bold, italic, underline, font size and colors). It supports Unicode text (Arabic, Chinese, Japanese, and all non-latin characters).
If you want to see Message Archive files stored in your system (in the Yahoo! Messenger installation folder):
- Select the Yahoo! username whose archive you want to view in the "Select Username" box.
- Select "Private Messages", "Conferences" or "SMS" in the "Select Type" box.
- Press "Next" button.
- Select a username with whom the message archive owner was talking, or select "<View All>"
- Press "-> View!" button, and the conversation will be displayed.
If you have .dat or .hst files taken from another computer, archives from your backup, or a computer in your network:
- Click the "Browse" button on the below portion of the program (below the ---OR--- line).
- You can "Select a file" to select a single .dat or .hst file, or "Select a folder" to decode all .dat or .hst files inside the folder.
- Fill in the "Username of the Owner of the Message Archive", it is very important.
- Optionally, fill in the "Username of the Responder".
- Click "Decode!" to view the message archive.
If you have a full "profile" folder structure (e.g. taken from a criminal's computer or one that resides on a shared folder):
- Select "(Other folder...)" in the "Select Username" box.
- You will be asked to select either "Messages", "Conferences" or "Mobile Messages" folder. Browse and select it. (Tip: Use the "My Network Places" -> "Entire Network" to browse shared folders)
- Fill in the username of the message archive owner in the dialog box. Remember to fill it in correctly, or the files will not be decoded correctly.
- Select a username with whom the message archive owner was talking, or select "<View All>"
- Press "-> View!" button, and the conversation will be displayed.
What are the main features of Yahoo Message Archive Decoder?
- Decodes the message archive without logging in (offline mode and no passwords required)
- Easy-to-use interface, no manuals needed for operations
- Supports normal conversations, private messages, conferences and SMSes
- Up to 20 times faster than the Yahoo! Messenger internal viewer
- Ability to decode a single file, all files in a folder, following Yahoo! Messenger folder structure, even command-line interface is available.
- Supports savable and customizable HTML formatted output, complete with time stamps, smileys and font formatting (typeface, bold, italic, underline, font size and colors) and plain text.
- Unicode output, allows display of non-latin characters (e.g. Arabic, Chinese, Japanese, etc.)
- Recovers saved passwords (for version 5, 6 and 7)
- Ability to change any user's message archiving options directly
- Date range selection (to select specific files' date to decode) and modifiable time zone
- Access password to prevent unauthorized use of the program
- Advanced auto-detection of usernames, folders, archiving options etc.
- Forensics-friendly features such as complete date/time stamping, decoding of .hst file (old archive format) and corrupted file detection
What is Message Archive (.dat) file?
Message Archive files are created by Yahoo! Messenger. The file has .dat extension. One example of a Message Archive file name is 20050924-mylife75.dat. It means that the file was created on 20050924 (that is September 24, 2005) and the Yahoo! username is mylife75.
If you open a Message Archive file, you will see encoded bytes, that are unreadable to humans. One such example is F4 0A 74 43 06 00 00 00 00 00 00 00 E8 00 00 00 70 37 5E 5A ...
Therefore a utility to present them in a readable form is needed. Yahoo Message Archive Decoder allows you to view those in HTML or plain text,
What are the differences between Yahoo Message Archive Decoder and the internal Yahoo! Messenger archive viewer?
- Using the internal viewer, you must first login to Yahoo! Messenger network to view the archive. And it requires password. Yahoo Message Archive Decoder doesn't need any passwords
- Yahoo Message Archive Decoder can decode the Message Archives of everyone using your computer, not just yours.
- Yahoo Message Archive Decoder can show all conversations as a single document, enabling you to search for required information easily
- Yahoo Message Archive Decoder is very fast, more than 20 times faster than the internal viewer
- If you have Message Archive (.dat) files from another machine, you can decode them easily using Yahoo Message Archive Decoder. It is impossible to decode them using Yahoo! Messenger.
- Command-line interfaces, batch decoding, customizable output, corrupted file detection, full date/time, plain text output, etc. makes Yahoo Message Archive Decoder a choice for private or police investigators.
- and many more... see them in the Features section.
How do I select a specific date range instead of decoding the entire archive?
At the second screen (the "Select Username" dialog, after you press "Next"), there are options that you can choose regarding the archive date you want to choose. The options are:
- All files
No date selection, all files decoded. - Files on and after the date...
If you select this option, a calendar will be displayed. You can select a date, and the files that were created on the date you selected and after will be decoded. - Files on and before the date...
If you select this option, a calendar will be displayed. You can select a date, and the files that were created on the date you selected and before will be decoded. - Files on selected date range...
You can create a date range on which the archive files were created. You can select up to 31 days. For example if you remember that you made a conversation about something important last month but you did not remember the exact date, you can select the whole month and decode them to find the information you want.
When the calendar is displayed and you have selected a username on "Conversation with:" drop-down, you can see some dates are displayed in bold. It means that there are message archive files that were created on those dates. In the example on the right side, the user conversed on December 14, 19, 20, 21, 23 and 25.
How do I prevent others from using Yahoo Message Archive Decoder?
Click "More Tools" button. Then select "Set Access Password". After that you can set a password that will be asked whenever the program is started.
Please don't lose it since if you lost it you will not be able to start the program.
What is .hst file and how do I read it?
Files which end in .hst, such as 001053309244.hst, are offline messages that are stored in earlier versions of Yahoo! Messenger. When a user logs in and receive offline messages (messages that are sent while the user is offline), Yahoo! Messenger stores it in StoredIM folder under the Yahoo! Messenger's installation folder.
To decode .hst files, you can follow the same method of decoding .dat files. Please click here for the information.
How do I use the command-line interface?
You can use Yahoo Message Archive Decoder without the graphical user interface. For example is for batch decoding or any other purposes. Use the same program file yahoodecode.exe together with command-line parameters. If there is no messages shown, the decoding process is completed successfully.
Command-line parameters:
| -i FILE | Input file(s). Supports wildcards (? and *) to specify more than one file. You can also specify a directory name instead of file name to decode all files inside it. |
| -o FILE | The output file. Must be a single file, since all input files (if more than one) will be decoded to the same file. No wildcards allowed. |
| --user NAME | The name of the owner of the Message Archive (.dat) file. |
| --resp NAME | (optional) The name of the responder. If not specified, it will be set to 'unknown'. |
| --timediff HOURS | Set time difference from GMT in hours. It can be a positive or negative number. |
| --textonly | Output plain text instead of HTML |
I'm a legal investigator and I need to indicate which .dat file were used to decode the message logs.
Click the "Visual Options" before you click the "View!" or "Decode!" button, then tick the checkbox that reads "Show where each dat file begins".
How do I recover lost passwords?
Click the "More Tools" button, and click "Password Recovery".
Note that lost passwords are taken from the registry, not from .dat files. You may need to use this feature in cases that,
- you can log in to Yahoo! Messenger because the password is saved, but you do not actually know what is the password since it is only shown as ●●●●●, or
- you are an investigator and the computer in forensics is in your hand.
Can I change the way decoded files look?
Yes, you can change the template of the HTML and TXT files, by editing the file template.htm and template.txt using a HTML or text editor. It is meant for advanced users and you should not try this if you do not understand what are you doing. But for example, if you send your decoded files to others but you want your file structure not to be known to others, you can edit the template file and discard the $(outputDir) text.
Some usernames have a suffix "@@imm". What does it mean?
Starting from Yahoo! Messenger 8, a user can add MSN contacts to their Yahoo! account. The MSN contacts will have the suffix "@@imm" attached to the end of the MSN login name. For example, user@hotmail.com will end up as user@hotmail.com@@imm. Nothing to worry about it.