
Skypeopensource2 – Skype client based on reversing Skype 5.5 - EvgeniyZh
https://github.com/skypeopensource/skypeopensource2
======
andwur
I haven't spent much time browsing through the source but the code quality and
security is pretty dismal so far. Not to mention the confusing project
structure.

Magic numbers, ... and strings, all over the place [0]. Memory leak galore
(debug code?) [1]. Probably buffer overflows all over the place, here's one I
noticed [2]. I suspect others given the proliferation of opaque pointers and
memcpy usage.

[0]
[https://github.com/skypeopensource/skypeopensource2/blob/mas...](https://github.com/skypeopensource/skypeopensource2/blob/master/skycontact4_dll/skycontact4_dll/skype_login.c)

[1]
[https://github.com/skypeopensource/skypeopensource2/blob/mas...](https://github.com/skypeopensource/skypeopensource2/blob/master/goodsendrelay3/goodsendrelay3/tcp_recv.c#L500)

[2]
[https://github.com/skypeopensource/skypeopensource2/blob/mas...](https://github.com/skypeopensource/skypeopensource2/blob/master/skyauth4_dll/skyauth4_dll/skype_login.c#L260)

~~~
sillysaurus3
"How dare you show your project when it has flaws!"

~~~
andwur
"How dare you comment on the flaws found in someone's project!"

If issues are never brought to light then it's very unlikely they will ever be
fixed. Would you rather everyone just stayed silent?

I have great respect for someone that can put in the time and effort to
reverse engineer Skype, and brave Microsoft's legal team in doing so, but in
its current state this code can't be used safely and is far from easy to
understand either.

~~~
EvgeniyZh
I believe that the best way to bring issues to light is pull request. Second
best is the issue. Comment on Hacker News is somewhere down the list

------
brownbat
As a reminder: [https://github.com/mumble-
voip/mumble](https://github.com/mumble-voip/mumble)

[https://en.wikipedia.org/wiki/Mumble_(software)](https://en.wikipedia.org/wiki/Mumble_\(software\))

I'm surprised the gaming chat programs don't get more crossover use. Well, I'm
not surprised that a commercial project has a larger userbase than something
that requires you to find a server.

But I am surprised when, say, podcast hosts make jokes about lag or call
quality on their Skype connections with guests. There are other applications
that solve some of these problems, and I'd think if your main creative product
relies on call quality for guests, you might look a few steps beneath the most
ubiquitous option. (ie, If you're at the level where you're buying an uncommon
specialist's mic, you could probably benefit from comparison shopping for voip
implementations.)

~~~
giancarlostoro
I try to push Mumble over Skype, the main issue with Mumble is that it's not
as easy to get into. You spend too much time configuring your client, finding
a server, etc. Things that should be fairly trivial. Then you may spend more
time figuring out why you're not being heard, or why nobody's hearing you.
Mumble is great but there's too much friction involved. I prefer Discord[0]
because it's so easy to use by comparison, to test it you don't even need an
account, you just run it from your browser. I just wish Discord had a Linux
Client.

[0]: [https://discordapp.com/](https://discordapp.com/)

~~~
eeZi
Discord is just another centralized, closed platform.

~~~
aseipp
Right. And furthermore, Discord is free and totally propped up by investor
money. Which means the day will come when the experience is totally ruined in
an attempt to make money, as fast as possible.

Of course, I still willingly use Discord despite this - because it generally
just works (even in browser) and has an extensive feature set, and is
relatively easy to use. (this is among friends who aren't technical, so ease-
of-use is a large factor). Previously I used Mumble, but indeed, it's a bit of
a fickle beast for things that should be fairly automated (like configuring
your voice inputs, etc).

------
PieterH
My guess at the origins of this project...

Firm somewhere far away where Microsoft's lawyers cannot reach (China?) wanted
Skype capability in their product and paid this smart Russian guy to reverse-
engineer the Skype client.

Smart guy gets permission to open source it and publishes it with commercial
license option with hopes of finding more such clients.

Personally I'd not touch this with a 3-meter bargepole, because I live in a
country where people use copyright and trademark law to take people to court,
yet it's an interesting project.

~~~
martinko
> Personally I'd not touch this with a 3-meter bargepole, because I live in a
> country where people use copyright and trademark law to take people to
> court, yet it's an interesting project.

You feel using it would open you up to a copyright claim?

~~~
PieterH
If I used this in a commercial product, it would be trivial (absolutely
trivial) for the owner of the original product to take me to court for illegal
distribution of their copyrighted works, based on the argument that the code I
was distributing (for profit!) was written by someone who (by own admission in
public) had reverse-engineered the original product.

IANAL but I'd be willing to bet money on this.

The only questions would be (a) is the original product one that matters
enough to protect in such a way and (b) does the owner of that original
product have the money and lawyers to start such legal actions.

This isn't some random app. This is one of Microsoft's crown jewels we're
talking about.

~~~
charlesdm
As long as you didn't use any of the original Skype code, you have nothing to
fear (if you're based in Europe)

~~~
wolfgke
> As long as you didn't use any of the original Skype code, you have nothing
> to fear (if you're based in Europe)

The original Skype code is clearly not available to anyone outside the
original Skype team or some team inside Microsoft. What is publicly available
is a binary that is produced from this code.

------
cjg
Big problem, the code includes stuff ripped straight out of the original Skype
client:

[https://github.com/skypeopensource/skypeopensource2/issues/2](https://github.com/skypeopensource/skypeopensource2/issues/2)

------
justinlardinois
>> whether or not it is a clean-room reverse-engineered code, like
Wine/ReactOS

> No. Not clean room, not chinese wall.

If it's not clean room, then there's probably copyright violations. For
reference:
[https://en.wikipedia.org/wiki/Clean_room_design](https://en.wikipedia.org/wiki/Clean_room_design)

Also, offering commercial licensing? That's a good way to get a lot worse than
just a DMCA takedown.

~~~
wolfgke
> If it's not clean room, then there's probably copyright violations.

This is the law in the United States. From the links given in the readme file
the authors are probably from Russia.

~~~
Iv
As a non-US citizen, I can't wait to see a world where a whole IT industry
will exist without caring much about merchandability in the US.

~~~
striking
Copyright extends beyond the US, due to certain treaties.

But yes, Antigua's IT industry could get very interesting if they get to keep
the whole copyright haven thing going.

------
mrwizrd
For more context and commentary:

[https://news.ycombinator.com/item?id=2611299](https://news.ycombinator.com/item?id=2611299)

------
cmarschner
I do hope that the Skype people see it as an opportunity to improve product
rather than threat / opportunity to sue the hell out of this project. WhatsApp
would not have been necessary if they had gotten their act together. But at
the time they were seemingly too busy sorting out technical and political
ramifications of the MS acquisition and overlap with Lync. A more open
approach to clients could save it, especially in the light that people are
looking for alternatives after facebook is now starting to monetize WhatsApp.

------
bdcravens
"Commercial license also avaiable (sic) on request."

Seriously?

~~~
Sephr
I see absolutely nothing wrong with wanting to profit from this. You're not
being forced to use a commercial license, and the LGPL is adequate for most
open source use cases.

~~~
michaelmior
Reversing in the first place is almost certainly illegal if you were to check
the Skype ToS. Making a profit off it is just asking for trouble. I could be
wrong though.

~~~
_0ffh
I suppose it depends on where you are. IIRC some countries explicitly allow
reverse engineering for interoperability. Which is arguably the case here.

(Side note: That any kind of reversing is illegal anywhere at all is by itself
a testament of the sad state most legislatures are in.)

~~~
janoc
Reverse engineering yes, straight reusing of the reversed code (as the code
author did in some cases, by his own admission) no.

You can't take a piece of someone's code, decompile it, use it in your own
project and then claim you own a copyright on it.

------
fungos
Developer is Efim Bushmanov, here an old interview about his first
skupeopensource release: [http://www.ewdn.com/2011/06/05/ewdn-exclusive-an-
interview-w...](http://www.ewdn.com/2011/06/05/ewdn-exclusive-an-interview-
with-efim-bushmanov/)

------
marcv81
IANAL but author should doublr check to stay clear of trademark infringements.

~~~
ars
They should rename it to Sky.peOple

------
besselheim
I remember seeing an earlier incarnation of this around five years ago; I'm
very impressed with the author's dedication to this project.

I don't know if it is still the case now, but I recall that earlier versions
of Skype were quite heavily obfuscated and contained anti-debugging
mechanisms. So it would have been quite an intricate reversing effort to get
past these, on top of figuring out the protocol.

Over time, Microsoft has changed the Skype protocol significantly since
version 5.5 so I do wonder how applicable this work is to the current crop of
clients.

~~~
0xmohit
> I remember seeing an earlier incarnation of this around five years ago

[https://github.com/skypeopensource/skypeopensource](https://github.com/skypeopensource/skypeopensource)

~~~
besselheim
The site I recall was Blogspot rather than Github:
[https://web.archive.org/web/20110602182718/http://skype-
open...](https://web.archive.org/web/20110602182718/http://skype-open-
source.blogspot.com/)

~~~
skypeopensource
[http://skype-open-source2.blogspot.ru/2016/09/first-in-
world...](http://skype-open-source2.blogspot.ru/2016/09/first-in-world-skype-
network-compatible.html)

------
lootsauce
Totally not negative on this but I'm not a Skype user so can someone please
explain to me why anyone would want to go to all the effort to reverse
engineer it? I get that its closed and should be open, I get that its security
is in question but if you want a more secure communications platform I can't
imagine Skype is the only way forward and must be reverse engineered. Why not
contribute to an existing open source project?

------
znpy
I Hope this is better than the web version of Skype: it doesn't do the only
thing it is supposed to do: phone calls.

------
mariuolo
Interesting.

Any code commonalities with the pidgin skypeweb plugin?

------
elitistphoenix
Downloading before M$ lawyers get to it

~~~
kxd
IRC is leaking again...

