
Skype protocol reverse engineered, source available - jbk
http://skype-open-source.blogspot.com/
======
Animus7
If the goal is to open up Skype, this isn't the way.

Even if some insane insomniac de-twiddles the pages upon pages of optimized
indirection in this code (which I seriously doubt), all Skype has to do is
tweak the protocol or encryption and the researcher is back to square one.
It's a losing battle. And that's not even getting into the legality of it it
all.

How about instead of trying to fruitlessly crack Skype, we spend the time
making something that's both open and better?

~~~
peterwwillis
> How about instead of trying to fruitlessly crack Skype, we spend the time
> making something that's both open and better?

There's value in making an open client that works with the existing network
(for example, Microsoft recently killed the Skype integration plug-in for
Asterix).

~~~
tene
"Asterisk"

~~~
peterwwillis
yes, that.

------
michael_dorfman
_My aim is to make skype open source._

Isn't that decision up to the folks who own the rights to the original code?

Personally, I'd be hesitant to get into a project that has more need for
lawyers than coders.

~~~
crocowhile
I think that claim would be better off if rephrased as "my aim is to make a
skype compatible open source software"

~~~
michael_dorfman
That still doesn't mitigate the need for lawyers. The protocol is still
intellectual property, and reverse engineering it may not be without
consequences.

~~~
_delirium
I don't believe it's possible to secure any sort of intellectual-property
protection for a mere protocol. The usual way of protecting them, though, is
to patent some essential feature needed to implement the protocol, which may
or may not be the case here.

~~~
michael_dorfman
Actually, as I've said elsewhere, one easy way of protecting a protocol is to
explicitly restrict the right to reverse engineer in in the Terms of Service
of the client that implements the protocol. Without that client, there's
nothing to reverse engineer.

~~~
barrkel
I'm not sure that's necessarily enforceable everywhere; it can be interpreted
as an illegal barrier to competition.

~~~
michael_dorfman
That might be true; but do you want to be responsible for hiring the team of
lawyers to go head-to-head against Microsoft's lawyers on that point?

~~~
lurker19
Thanks for reminder to contribute to the EFF this year.

We have strength in numbers.

------
tttp
Two major issues: [http://skype-open-source.blogspot.com/2011/06/skype-under-
rc...](http://skype-open-source.blogspot.com/2011/06/skype-under-rc4-layer-
arithmetic.html) | _| Copyright (c) 2004-2009 by VEST Corporation. |_ | All
rights reserved. Strictly Confidential! The project is using existing code,
and "All rights reserved" is not an approved OSI license I believe ;)

And things like compression algorithm are patented, and that's very likely
skype is using some of it. Reminds me of a project by Intel of providing an
implementation of g729 (a voice codec). The source was available, but it was
"non commercial usage only" because of the patents mostly.

An interesting project, but doubt we'll see any usable implementation anytime
soon IMO. And even if it does, skype will probably alter a bit the protocol to
make it fail if it reaches a critical mass.

~~~
drdaeman
Software patents are mostly US-only problem. As Efim's probably a Russian,
this is not an issue.

And Skype can't really easily alter the protocol because of all sort of skype-
compatible devices (IP phones and so on).

------
senko
Relatedly: there was a presentation about (reversing) Skype internals on
BlackHat Europe 2006 (warning, PDF):
[http://www.blackhat.com/presentations/bh-europe-06/bh-
eu-06-...](http://www.blackhat.com/presentations/bh-europe-06/bh-
eu-06-biondi/bh-eu-06-biondi-up.pdf)

Skype probably updated their client/protocol since, but still an interesting
read.

------
dkalmnekfaiksmf
Mirror available at <http://thepiratebay.org/torrent/6442887>

------
jcr
I wouldn't venture to say this doesn't belong on HN since it really is
interesting (if it was actually done correctly), but the files available for
download are most likely illegal, were most likely created with pirated tools
(IDA Pro/Hex-Rays, and yes, as a customer of theirs for over a dozen years
I've reported it), and of course, the usual vilification of reverse
engineering.

If you're reading this on a desktop or laptop system (rather than a phone),
then you are most likely using an "IBM PC _Compatible_ " even if you're using
an Intel based Apple, and hence, you're using the fruits of completely legal
reverse engineering.

The way to do reverse engineering legally is to have one team reverse engineer
the target and completely document how it works. Once it's documented, another
_disconnected_ team writes a new implementation from the documentation. This
process is how you're using an IBM PC _Compatible_ today, so yes, reverse
engineering for compatibility is perfectly legal.

If there is a patented algorithm required, it's not a sure thing. There are
most likely compatible ways around the patent, but there's also the fact that
the patent is only valid in the US. With open source hosted in some other
country, who are you going to sue? The users in the US? \--Nope, users are the
ones paying for skype.

You might say, "But we forbid reverse engineering in our license!!!"

Contract clauses forbidding reverse engineering are invalid in many countries
and jurisdictions, and of course, you also have to prove the other party
agreed to the contract/license. With this said, it's very easy to create a
international jurisdictional nightmare to render any such contract clause
tactically impossible to enforce.

The easiest way to think about this is security research. The folks finding
and reporting exploitable flaws in software are obviously reverse engineering
it. Occasionally companies have tried to legally go after people who have
published security research on their products, but usually this ends very
badly for the company. Additionally, doing security research is protected use
in some countries and jurisdictions.

In short, competition is good for markets, and competing by studying and
mimicking the competition is both normal and legal.

For the "rights" advocates out there, there are legal problems with the three
file downloads available:

1.) According to the first file name, the original binaries are being
redistributed which may be (and usually is) against the license terms and
default rights granted by copyrights.

2.) The IDA Pro database (most likely) contains the entire target binary, so
you do have (illegal) redistribution of a copyrighted work. You can load only
parts of a target binary into IDA, but that doesn't matter since it is still a
portion of the original work. As for whether or not said portion could fall
under fair use is debatable (i.e. lawsuit). In general usage, the entire
binary is loaded, since without it, you're limited to static analysis (i.e. no
debugging).

3.) Decompilation, and to a lesser degree disassembly, are equivalent to
"machine translation" in the sense of copyright. Creating a translation is
considered creating a "derivative work" and unless you have been given rights
to create derivative works, then you're in trouble. One of the comments here
on HN claims the "source code" file is the output of the Hex-Rays Decompiler.

I've never used skype and I've never read their license so I don't know if
they specifically allow redistribution.

I have no love for skype or microsoft, but if this had been done _CORRECTLY_
by releasing written documentation so an entirely new implementation could be
written, then I'd have no problem with it. There are right ways and wrong ways
to legally create compatible (open source) software through reverse
engineering, and this is a perfect example of the wrong way.

~~~
rmc
_The way to do reverse engineering legally is to have one team reverse
engineer the target and completely document how it works. Once it's
documented, another disconnected team writes a new implementation from the
documentation._

So you'd Skype's co-operation to do this? They are able to prevent reverse
engineering by not writing the documents?

~~~
pflats
Not at all.

Suppose you and I work for the same company. I bust open Skype through
decompilation, reading memory, the network, whatever trick I want. With that,
I write documentation for how Skype's protocols work.

You read my documentation, and implement it in a new program. Since we haven't
talked, and you've never seen a line of Skype's code, you haven't infringed on
any copyrights.

It is important to note, though, that this does not necessarily protect us
against a patent suit.

------
iwwr
Better start uploading this to torrents if its legit. Skype will issue
takedowns any moment.

~~~
vdm
Already done by OP.

------
dennis714
It is looking like result of Hex-Rays decompiler.

~~~
crocowhile
Can you say more?

~~~
michael_dorfman
A simple Google search turns up this: <http://www.hex-
rays.com/decompiler.shtml>

~~~
crocowhile
yes, I saw that. I just cannot believe that this is simply the digested work
of a (yet special) decompiler.

------
Joeboy
From what I understand, the big unsolved problem open VOIP options have isn't
the voice bit, it's negotiating a connection through NAT/firewalls/dodgy
routers etc. I doubt this helps with those problems.

~~~
__rkaup__
What makes VoIP different from any other protocols, like HTTP?

~~~
Joeboy
I won't pretend to have any actual expertise on the subject, but here is some
relevant discussion by someone that does:

[http://linux.slashdot.org/comments.pl?sid=2170464&cid=36...](http://linux.slashdot.org/comments.pl?sid=2170464&cid=36188120)

------
VMG
How easy is it for skype to change the protocol?

~~~
eleusive
Not very easy if they want to maintain compatibility with existing clients
(especially considering they haven't updated their linux client for years
now).

~~~
neworbit
Backwards compatibility with linux clients probably isn't the top priority of
Skype now that they're being rolled into MS, but I suspect embedded
deployments on handheld devices might still keep them from deprecating.

~~~
evanwolf
Actually Skype runs large clouds of linux clients (or a version of the Linux
client) as part of gateways hosted with some mobile operators. They care a
great deal about keeping linux compatibility.

------
tibbon
Pastebin of the unpack-4142.c : <http://pastebin.com/AY3abgEJ>

------
foxhill
aside from the awesome technical exersize in hacking, i don't see this as any
net benefit for VOIP.

the time would have been much better spent working on the GNU VOIP client, not
only would improvements have been usable without legal issues, they would be
there in an (ostensibly, perhaps) understandable format - working code.

~~~
pyre
They could reverse engineer and document the firewall/nat negotiation bit,
which could then be incorporated into the GNU client.

~~~
foxhill
annoying and tedious that sort of code is, i agree, but not impossible?

besides, i was under the impression that audio/video chats went through skype
servers? (i've never actually checked though)

~~~
evanwolf
Skype voice and video calls route media directly among participants with two
exceptions. First, some thin clients on mobile phones and a few embedded
devices don't connect directly to the Skype network, so media streams through
Skype gateways operated by Skype or by Skype mobile operator partners. The
other exception is for group video calling, a premium service, which redirects
video streams through Skype servers to push computational loads for media
transcoding from the desktop or mobile clients to Skype's cloud.

------
evanwolf
Has anyone actually read the revealed code? Aside from the commented copyright
text at the top, can you explain what the code does well enough to document
Skype protocols? Is this in any way useful if you want to talk to Skype
servers or clients?

------
nextparadigms
I haven't tried Skype since 4.0, and I just tried it again now. When did it
become such bloatware? I don't think I'll ever want to use it again if it
stays this way. The new interface looks pretty confusing, too.

------
braindead_in
It seems that the encryption algorithm has been reverse engineered. I guess
you'll still need the keys to decrypt the voice data using this algorithm,
assuming it works. It's a big deal if has been done, because a lot of people
have been trying to crack it. Some governments are going to love this. The
Skype client itself has a lot of obfuscation to prevent something like this.

~~~
46Bit
I think it's fair to surmise that those intelligence agencies that care have
probably had the algorithm for a long time and searched for weaknesses. Bear
in mind that at one time they were complaining about it's use by criminals to
avoid phonetaps.

~~~
braindead_in
There has been some speculation about a backdoor in Skype which it has shared
with intelligence agencies. Never confirmed by Skype of course. But this could
allow anyone to decrypt a Skype conversation stream. All you need is a Skype
supernode to get started. Or some kind of spyware on the subject's computer
which stores/transmits the data stream.

~~~
gst
If you've got spyware installed on one of the endpoints you don't need any
backdoor in Skype. Just dump the audio output and input directly from the
audio card.

~~~
braindead_in
Easier said then done. The most reliable way to dump audio output is by API
Hooking, which isn't easy in the first place and detectable by AV, Spybot etc.
It much simpler to intercept the network traffic.

~~~
pipaman
We at <http://internals.nektra.com> have done this for several customers. It's
not easy but it really works.

------
yread
with identifiers like _unpack_41_715680_ and _the_thing_ it is not exactly
easy to read

~~~
zerd
That's life for reverse engineered stuff. If you don't really know what a
function does, how do you name it?

~~~
daeken
You come up with a name based on the observed behavior. I'm honestly amazed
that they've made it as far as they have without decent naming conventions --
the use of good identifiers in your IDBs cuts reversing time way, way down.

------
nikcub
two things:

1\. I would love it if MSFT, as the new owner, gave up on the cat-and-mouse of
security through obscurity and obfuscation and settled on a published and
peer-reviewed protocol. I am sick of the memory footprint and cpu spikes in
having to run skype clients because 70% of its resources are dedicated to
hiding what is really going on. I would love a nice, clean, light version

2\. we can well assume that if this is happening in the public domain then it
was probably done a few years ago behind closed doors at the NSA et al

------
ezioamf
Skype superiority will finish when IPV6 be fully adopted. When this will
happen? Never?

------
skypeopensource
rofl! [http://skype-open-source.blogspot.com/2011/06/my-
interview-t...](http://skype-open-source.blogspot.com/2011/06/my-interview-to-
east-west-digital-news.html)

------
gcb
So microsoft really bought skype and is already playing the bait-and-switch
game?!

~~~
mihaelamj
Microsoft bought Skype to kill Asterisk (since Cisco is not a competition
really). Skype for Asterisk project killed, will stop working in 2 years

~~~
evanwolf
>Microsoft bought Skype to kill Asterisk (since Cisco is not a competition
really)

Um, how does this make any sense?

~~~
varjag
It doesn't. Asterisk hums happily in million entry-level PBXes around the
world and will likely continue to dominate the niche. I fail to see how it
really can even be seen as Skype competitor.

------
jduran
this is just shady

~~~
skypeopensource
Oh, yes.

