Russian Reverse Engineer Praises Skype

East West Digital News,

Good products can’t stay proprietary for long, says Efim Bushmanov, the Russian who published an open source version of Skype’s protocol

Continued from page 1

I overcame this obstacle when I found the Cisco XoT (x.25 over TCP) specification (Internet standard RFC1613). Later, my experience with the protocols for the x25 networks, which are very closed and proprietary, helped me a lot in my research on the Skype protocol.

So I like the challenge of research into proprietary objects precisely because they are complex, closed things. Many people see them as useless and a complete waste of time, but they are, in a very real sense, the mechanisms of our daily online lives.

But I also like to work on web technologies. I code in Python and Perl, sometimes with ajax/jquery.

Why did you decide to create this open source version of Skype? What was your motivation?
First of all, this was a very exciting reverse engineering challenge. Skype presents a lot of questions regarding security. I was simply curious to know what was inside.

I like Skype. It is a good product. Most importantly, it is well-tested and fine-tuned. Open source products cannot match that level of polish.

“I have no plans to compete with Skype”

I don’t intend and I have no plans to compete with Skype in any way. Let this good product remain as it is. I just wanted to create a product compatible for all Linux users who are waiting impatiently for it. For example, we could make a jabber/XMPP/gmail gateway to Skype and a “real” pidgin plugin for it. An open source version, in addition, will be useful to everyone.

Good products don’t remain closeted for a very long time because the open source community likes them. ICQ – which was also reverse engineered – was finally surpassed by the QIP client on the Russian market, for example. This won’t happen with Skype, though. It doesn’t have those annoying ads. At the end of the day, Skype will remain because of its complexity and unbelievable quality.

When did you start this work? How long did it take you? Did you do it alone?
I started to take an interest in Skype in February 2008, when I received the de-obfuscated skype14.exe binary.

I didn’t work on this project continually, just from time to time. The most active phase was between 2008 and 2010, with some interruptions.

It looked like a pipe dream in the beginning, but then it became more exciting, and I took up a blackbox approach to the project. The security layers came off, one after the other. But the job remains unfinished!

The de-obfuscated skype 14 binary I had made it much easier to me than to other researchers, although a lot of research on this has been available since 2006. The most interesting studies have come from the Sean O’Neil’s VEST Corporation and the guys at EADS.net – particularly ‘Vanilla Skype,’ and then ‘Silver Needle’ and other presentations.

Continued on page 3