Continued from page 2
The hardest part was to understand and reverse engineer the packing and unpacking of the internal objects or ‘arithmetic encoding,’ as it is called in Vanilla Skype. When you remove the RC4 encryption code, you can’t see the text data and you can’t figure out what is really in it. You see just this zip-like packaged object.
All this made my version look horrible. Later, however, I discovered Sean O’Neil’s remarkable reversing of the unpack_4142 function. His login/registration code to receive Skype’s certificate is also very strong.
Finding the portions of code responsible for RSA/AES, understanding how they worked and how to use them was not easy, either.
How did you get O’Neill’s code?
I have explained this on my blog. I will not comment on this any further. Let this remain behind the scenes.
But was it legitimate to use his code? It was supposed to be “all rights reserved” and “for academic research and educational purposes only…”
This is exactly what I did: for academic research and educational purposes.
On my blog, some commented that I did not do any research, that I just published someone else’s code (and archive) and took all the credit. They consider that all the archive and codes – those copyrighted and those not – are owned by VEST. The truth is that I wrote my own source code and research, except binaries, IDA databases, and the code copyrighted by Sean or OpenSSL. This can be proven easily through lexical or style comparisons. My code is so poorly written!
The question is not where they are from. The question is: Can anyone make open source Skype protocol specification and implementation based on these files – possibly from illegal sources – or not?
What about Skype’s de-obfuscated binaries? Don’t you fear claims of IPR violations from Skype or from Microsoft, its new owner?
Let’s say that some unknown ‘good guy’ sent these binaries to me by email. Or perhaps I found them on a forum on a Chinese server. Theoretically I could have hacked them, but such a task was too tricky and I didn’t have enough motivation for that.
‘Intellectual property’ is a legal term, and I am no legal expert. I did not copy anything. I have only done reverse engineering based on already de-obfuscated skype binaries. I modified them a bit, mainly for additional logging, to better understand how it worked. I started writing the protocol specifications so that open source clients could communicate with Skype and send messages to it.
Continued on page 4
No skynet please. After the US, UK and France pledge human only control of nuclear…
Microsoft's AI investments continue in south east Asia, after investments in Japan, Malaysia, Indonesia, as…
New chapter for LastPass as it becomes an independent company to focus on cybersecurity, after…
US FCC seeks to ban Chinese telecom firms at centre of national security concerns from…
Two updates to Anthropic's AI chatbot Claude sees arrival of a new business-focused plan, as…
Most people in the United States view TikTok as a Chinese influence tool a poll…
View Comments
I think the proprietary nature of Skype is its biggest downfall. Dominant proprietary monoliths have little concern about the user experience and represent a huge risk to anyone who would tie their future to such a technology.
Just one example of how Microskype will benefit from its code being "outed" is in regaining adoption by those of us who have been alienated by the flashing advertising in the Skype client: there will be an alternative.
It's also a small step towards reassuring businesses who don't want to tie their investment to Microskype, which may change to become uneconomic in the future, that they may be able to make a quick switch to another service based on the same technology.
Nice article about russian via skype, I took few lessons with a native speaker through http://preply.com/en/russian-by-skype and I am pretty satisfied with the quality presented, but I would like to try another option