
Reverse engineer extracts Skype crypto secret recipe - rpledge
http://www.theregister.co.uk/2010/07/09/skype_crypto/
======
eli
Either I'm missing something or this doesn't really seem like that big a deal.

Here <http://www.secdev.org/conf/skype_BHEU06.pdf> is a 2006 analysis of Skype
that found that "RC4 is used for obfuscation not for privacy." They simply
worked around it to continue their reverse engineering. And showed that you
don't need to understand it to e.g. build a parallel evil Skype network or
overflow a buffer and hack everyone running skype.

An impressive feat of reverse engineering given the lengths Skype went to, but
I don't quite see how practical it is.

~~~
wallflower
That link above, "Silver Needle in the Skype", is a fascinating research paper
about how the Skype binary is engineered with anti-reversing techniques.

------
ohashi
So what does this mean in practice?

~~~
wmf
Skype only wants you to interact with their network in ways that fit their
business model; this is why, for example, the Skype GUI is free but the
Asterisk connector costs money. If you can reverse-engineer the protocol, you
could build a client that upsets their business model.

------
jm3
Posted to HN three days ago, here:
<http://news.ycombinator.com/item?id=1496726>

------
tshtf
Source code here:

<http://cryptolib.com/ciphers/skype/>

------
MichaelGG
The original post is here:

[http://webcache.googleusercontent.com/search?q=cache:http://...](http://webcache.googleusercontent.com/search?q=cache:http://www.enrupt.com/index.php/2010/07/07/skype-
biggest-secret-revealed)

~~~
albertzeyer
Or here: [http://www.enrupt.com/index.php/2010/07/07/skype-biggest-
sec...](http://www.enrupt.com/index.php/2010/07/07/skype-biggest-secret-
revealed)

