Skype protocol cracked - what happens next?

Filed Under: Featured, Google, Law & order, Linux, Microsoft, OS X, Privacy

A chap by the name of Efim Bushmanov has just published a claim that he has reverse-engineered the Skype protocol.

He hasn't reversed it completely, and he hasn't yet created any Skype-compatible alternative software, but that's the stated goal of his work so far:

While "Wall Street Journal" makes politics and skype today's trend, i want to publish my research on this. My aim is to make skype open source. And find friends who can spend many hours for completely reverse it.

Skype was big news recently when it was acquired by Microsoft for US$8,500,000,000 - despite having a billion dollars of debt and having recorded a financial loss last year. An open source project to create a Skype-alike software product would therefore be an interesting beast.

In fact, open-source Skype implementations for Linux and OS X would probably be in Microsoft's overall interest - Microsoft could simply give up on the existing Linux and OS X code bases without creating any bitterness amongst those communities. They'd be able to take up the software development reins - just as gung-ho open sourcers are supposed to if they don't like what's already on offer.

And if Microsoft can build an attractive-enough back-end service for Skype, it will be able to convert Skype from a loss-making peer-to-peer pseudo-telephone company into yet another handy reason to sign up for a Microsoft LiveID and to join the fun in the Cloud According to Redmond.

If that were to happen, an open-source Skype would probably distract from any open-source projects aimed at creating a genuine alternative. We'd just end up with multiple choices of client for the Skype service, rather than a complete competitive service.

And an open-source Skype clone would provide at least some sort of technical reference for the long-secret and carefully-hidden internals of Skype and its protocols. That, too, would probably be in Microsoft's favour - by reducing the objections of those security practitioners who don't like secret cryptographic implementations.

What we can't guess, however, is how Redmond will respond.

Will Bushmanov get a cease-and-desist letter? Will anyone who looks at his reverse-engineering efforts be tainted when it later comes to implementing Skype-compatible code?

When Andrew Tridgell set about understanding Microsoft's SMB protocol - eventually giving us SAMBA, an open-source interoperability suite letting Linux and UNIX computers talk to Windows networks - he didn't decompile any of Microsoft's code.

He simply watched the traffic generated by SMB implementations until he understood it well enough to produce an alternative implementation. (I once played pool against Tridge. He flogged me mercilessly.)

If Bushmanov hasn't taken this "clean" approach - and the presence of IDB files (IDA Pro disassembly databases) amongst his published downloads suggests that he has not - then this could end up in an interesting legal battle.

Sony, for example - which recently wanted to take vigorous legal action against George Hotz, a US hacker who worked out how to jailbreak the PS3 - ended up with a civil court judgement against Hotz's web hosting company, Bluehost. Bluehost was forced to give Sony a list of IP numbers and account details of anyone who had looked at any of Hotz's webpages.

This time, Microsoft is in Sony's place. Bushmanov takes over from Hotz. And Bluehost is replaced by Google - because Bushmanov is using a recently-created Blogspot account to publish his results.

For all we know, this could end up as Microsoft versus Google in court over access to logs and account details. That would certainly be a case to watch! (Of course, only the lawyers would actually benefit in the end. So let's hope it doesn't turn out that way.)

, , , , , , , , , ,

You might like

3 Responses to Skype protocol cracked - what happens next?

  1. batesie · 1593 days ago

    I like the way the skype logo looks like a dollar sign when "cracked" in half!

  2. MS are too short sighted to see the benefits in such and implementation and have been known to quote "Open source is another name for incompetent" so unless they change their attitude and values (Which is unlikely) this is going to just be another legal battle.

    Surely someone with the skill to decompile and recode Skype would have the common sense and ability to post the code to the net anonymously and avoid the ramifications of such actions.

  3. Ouani · 1180 days ago

    Interesting.. On my side, i've made some research on Skype Protocol too, years ago, and recently published some articles about the experience.. Released my own de-protected binaries with detailled explications and code of tools i've made to get there, OllyDbg debugging files, a lot of details about Skype protocol and the source code of my proof of concept client, that was able to connect, login, fetch contacts, manage presence and send a chat (see it in action here : :

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Paul Ducklin is a passionate security proselytiser. (That's like an evangelist, but more so!) He lives and breathes computer security, and would be happy for you to do so, too. Paul won the inaugural AusCERT Director's Award for Individual Excellence in Computer Security in 2009. Follow him on Twitter: @duckblog