A Yahoo! Restriction Defeated

by BreakDecks

We have all done it at some time or another.  No, it isn't illegal, sneaky, or even remotely 1337.

We have downloaded pictures others have posted on the Internet.  Now, once you finish commenting about how horrible that intro was, take a moment to read the contents of this article.

The scenario is simple.

Your friend sends you a link to their Yahoo! page so you can look at their vacation photos!  You visit their photo album and take a look.  You like their pictures and want to take a closer look at them.  So you right-click and save them to your computer.

Now, on the bottom of the page it states that the picture's original size was 1200x1600, but your copy is only 480x600!

You go back and realize that the best you're going to get with Yahoo!'s options is that crappy compressed image!  Now, where's the sense in that!?

Obviously, Yahoo! limits the downloadable size of the files to save bandwidth.  But how is that useful to you, the customer?

Well, it's useful if you're a hacker, because now you can experiment with how this works.

Let's say that the photo is located at:

http://us.f2.yahoofs.com/users/username/2f7f/__hr_/picture.jpg

This is the file, but you cannot access or download it directly.

When you look at the file, you will notice an encrypted key next to it.  This key tells the server what size to return the picture as.  Each picture has a unique key for each size, so you can't use the same key for all files.

I first assumed that the file was compressed to the smaller size on the server and the original was only available through the owner's computer.  But then I remembered that Yahoo! offers printouts of any user photo.  They would want to use the original quality image, otherwise people would not order prints online.  Now I knew that the original was out there on the server, but I did not yet know how to access it.

Yahoo! now offers online printing, so you no longer have to order.

You can print it onto photo paper using your PC!  Hoo Boy!

Now, to do this, you are either going to have crappy pictures or you will get access to the original files.  Yep, you guessed it, you have access to the original files, but of course it is still not that easy!

In order to get the original files, you will need to explore some of Yahoo!'s code.  But I have done this for you already (because I'm nice like that).

In order to get the full size image, go to the album and select the image you want.  Click on "Print at Home" and proceed to the pop-up window where it will set you up for printing.

View the source of this page and you will see something like this:

// Irrelevant Code
var arrImg = new Array;
var arrImgTn = new Array;
var arrImgPortraitTn = new Array(1);
var arrImgLandscapeTn = new Array(1);
var arrImgPortrait = new Array(1);
var arrImgLandscape = new Array(1);

arrImgPortraitTn[0] = "http://us.f2.yahoofs.com/users/username/.tmp/rotate/2f7f/__tn_/picture.jpg?phgAcECBA7JJ2_hJ";

arrImgLandscapeTn[0] = "http://us.f2.yahoofs.com/users/username/__sr_/picture.jpg?phgAcECBNs1ttaZV";

arrImgPortrait[0] = "http://us.f2.yahoofs.com/users/username/.tmp/rotate/2f7f/__hr_/picture.jpg?hioAcECBiF4124zO";

arrImgLandscape[0] = "http://us.f2.yahoofs.com/users/username/2f7f/__hr_/picture.jpg?higAcECB6r3ho_3k";

// Irrelevant Code

The URL you want is labeled: var arrImgLandscape[0] =

Now when you copy and paste this URL to your browser, the code (?higAcECB6r3ho_3k) is sent to the server and it returns the full-sized image instead of the crappy compressed image Yahoo! attempts to restrict you to.

This trick is not only great in Yahoo!.

This can be used for a lot of multimedia files on many other websites.

The trick is figuring out the syntax.