Russian Reverse Engineer Praises Skype

East West Digital News,

Good products can’t stay proprietary for long, says Efim Bushmanov, the Russian who published an open source version of Skype’s protocol

Continued from page 2

The hardest part was to understand and reverse engineer the packing and unpacking of the internal objects or ‘arithmetic encoding,’ as it is called in Vanilla Skype. When you remove the RC4 encryption code, you can’t see the text data and you can’t figure out what is really in it. You see just this zip-like packaged object.

All this made my version look horrible. Later, however, I discovered Sean O’Neil’s remarkable reversing of the unpack_4142 function. His login/registration code to receive Skype’s certificate is also very strong.

Finding the portions of code responsible for RSA/AES, understanding how they worked and how to use them was not easy, either.

Is there an IPR violation?

As you can see, I didn’t do the entire job myself. First, there were the guys from EADS.net, then Sean and the VEST Corporation. I did only the final stage at the application level. It consisted mainly in understanding the connection procedures in terms of packed objects (blobs). The object – usually a ‘key-value’ pair – can be associated to any structure, IP address, string text data, or some other value. I did all that with the help of other reverse-engineers, friends and family.

How did you get O’Neill’s code?
I have explained this on my blog. I will not comment on this any further. Let this remain behind the scenes.

But was it legitimate to use his code? It was supposed to be “all rights reserved” and “for academic research and educational purposes only…”
This is exactly what I did: for academic research and educational purposes.

On my blog, some commented that I did not do any research, that I just published someone else’s code (and archive) and took all the credit. They consider that all the archive and codes – those copyrighted and those not – are owned by VEST.  The truth is that I wrote my own source code and research, except binaries, IDA databases, and the code copyrighted by Sean or OpenSSL. This can be proven easily through lexical or style comparisons. My code is so poorly written!

The question is not where they are from. The question is: Can anyone make open source Skype protocol specification and implementation based on these files – possibly from illegal sources – or not?

What about Skype’s de-obfuscated binaries? Don’t you fear claims of IPR violations from Skype or from Microsoft, its new owner?
Let’s say that some unknown ‘good guy’ sent these binaries to me by email.  Or perhaps I found them on a forum on a Chinese server. Theoretically I could have hacked them, but such a task was too tricky and I didn’t have enough motivation for that.

‘Intellectual property’ is a legal term, and I am no legal expert. I did not copy anything. I have only done reverse engineering based on already de-obfuscated skype binaries. I modified them a bit, mainly for additional logging, to better understand how it worked. I started writing the protocol specifications so that open source clients could communicate with Skype and send messages to it.

Continued on page 4