Slashdot Mirror

← Back to Stories (view on slashdot.org)

Skype Protocol Has Been Reverse Engineered

Posted by timothy on from the limited-victory dept.

An anonymous reader writes "One researcher has decided he wants to make Skype open source by reverse engineering the protocol the service uses. In fact, he claims to have already achieved that feat on a new skype-open-source blog. The source code has been posted for versions 1.x/3.x/4.x of Skype as well as details of the rc4 layer arithmetic encoding the service uses. While his intention may be to recreate Skype as an open source platform, it is doubtful he will get very far without facing an army of Microsoft lawyers. Skype is not an open platform, and Microsoft will want to keep it that way."

15 of 231 comments (clear)

  1. Microsoft Office is not an open platform either by commodore6502 · · Score: 3, Interesting

    And yet we have several programs that can read/write to Office files. It seems the same could be done with MS Skype - call it OpenSkype or LibreSkype.

    The only problem is the potential to be sued for theft-of-service (making calls w/o paying).

    --
    Information wants to be expensive AND wants to be free. So you have Value vs. Cheap distribution fighting each other.
    1. Re:Microsoft Office is not an open platform either by fuzzyfuzzyfungus · · Score: 5, Insightful

      Unless there is a substantial amount of client-trusting going on(which would be incredibly stupid; but not entirely out of the question given that Skype makes heavy use of random machines running Skype to save the operator bandwidth and machine time), I suspect that having the protocol won't be of too much use for theft of service. Even using a 3rd party client, you'd still need credentials tied to an account with money in it, and Skype can always bounce you at the points where their network meets the POTS/Cell system.

      Again, unless analysis of the protocol reveals deep, exploitable, flaws I'm guessing that MS won't care too much. The world already has at least one born-open VOIP protocol(SIP), quite possibly several, and those haven't been a deep threat to Skype because they are comparatively hard for neophytes to set up, have firewall issues, etc. Heck, Microsoft bought Skype despite having a voice chat system in MSN. Voice chat over the internet, while not trivial, just isn't some super trade secret, nor is it what makes Skype a contender.

      Now, given the reports of how slimy and secretive the Skype binary can be, I'd be happy to see an open implementation; but I suspect that the possibility won't rock the boat from MS' perspective...

    2. Re:Microsoft Office is not an open platform either by Ash+Vince · · Score: 5, Interesting

      Now, given the reports of how slimy and secretive the Skype binary can be, I'd be happy to see an open implementation; but I suspect that the possibility won't rock the boat from MS' perspective...

      The strength of Skype is it's user base, that is why it was so expensive to MS. A messaging client is only as good as its user base. They bought skype for its users and market penetration and that it why it leaves everything else in it dust. If I could use a rival client to communicate with people on the skype network I would drop skype in a heartbeat, especially when I am using Linux as their Linux client it dire. Likewise the androids client. I will be very glad if this results in a rival client, ideally an open source one.

      I do think however that Microsoft will already be screaming at an army of lawyers to shut this guy up quickly. You are entirely wrong when you say this will not rock the boat from their perspective, and you will see this in hours or days rather than weeks.

      --
      I dont read /. to RTFA, I read /. to offend people in ignorance.
    3. Re:Microsoft Office is not an open platform either by davester666 · · Score: 3, Funny

      Exactly.

      Call it by it's proper, full name:

      GNU-LibreSkype

      --
      Sleep your way to a whiter smile...date a dentist!
    4. Re:Microsoft Office is not an open platform either by exomondo · · Score: 3, Funny

      it's GNU/LibreSkype you insensitive clod ;)

  2. How about a real open protocol? by mailman-zero · · Score: 4, Insightful

    Just because the protocol is reverse engineered doesn't make it open. I would rather see an open standard become supported or used by Skype/Microsoft.

    --
    Let's play video games with mailmanZERO
    1. Re:How about a real open protocol? by fuzzyfuzzyfungus · · Score: 4, Insightful

      SIP.

      Oh, wait, you needed to talk to somebody who is using Skype. Shit.

      Network effects are a nuisance; but you just can't dismiss them. It would, indeed, be rather perverse to use reverse-engineered secret protocols as the basis for new systems where open ones are available(SIP, XMPP, etc, etc.); but if you want to interact with the userbase of a proprietary protocol your options are either to reverse engineer it, or to accept whatever T and Cs the proprietary software decides to impose.

    2. Re:How about a real open protocol? by doti · · Score: 3, Insightful

      the question here is not the protocol/technology, but the userbase.

      you can't use jingle to talk to all your friends running skype.

      --
      factor 966971: 966971
    3. Re:How about a real open protocol? by Jozza+The+Wick · · Score: 3, Insightful

      You think my sister or my not-very-computer-saavy parents are going to do that so I can continue to video chat with my niece in the UK? No. Understandably so (although of course I'd love them too), they have lots of other demands on their time. Plus, no motivation from their end. Why should they go through all that hassle (for them), just to maintain the status quo? No, what we really need is a open source client that can talk to native Skype clients. So this isn't a waste at all, for those using Skype with non-techy friends & family... It's the critical mass effect.

  3. Reverse-Engineering for Interoperability by Anonymous Coward · · Score: 5, Informative

    It's protected. Lawyers may bark, and pound a table or two, but ultimately, they'll fail.

    Sec. 103(f) of the DMCA (17 U.S.C. 1201 (f)) says that if you legally obtain a program that is protected, you are allowed to reverse-engineer and circumvent the protection to achieve the ability the interoperability of computer programs

  4. FTFA by cultiv8 · · Score: 4, Insightful

    The remaining question to ask is what’s the point of doing this reverse engineering? Skype is a free-to-use service for the most part. You do pay for non Skype-to-Skype calls, and have to use the official software, but is that really enough to make users desire an alternative?

    Yes.

    --
    sysadmins and parents of newborns get the same amount of sleep.
    1. Re:FTFA by sourcerror · · Score: 3, Funny

      Not Christ, RMS. There's a difference.

  5. Torrent here by Anonymous Coward · · Score: 4, Informative

    Here's the torrent if it gets taken down. http://thepiratebay.org/torrent/6442887

  6. Re:Why I hate patents by node+3 · · Score: 5, Insightful

    Ease of use might have something to do with it, but ease of development is entirely unrelated.

    Thank you for so succinctly summing up the single greatest problem with Linux and most other open source software.

    Ease of use *IS* part of development. It's just as much a requirement as any other technical aspect.

    Also, like most nerds, you have vastly underestimated the difficulty in developing an application. It's easy to whiteboard a simple voice chat app, and *fairly* simple to create some sort of intercom-type chat program. But once you start adding things like central directories, low-latency variable bandwidth calling over the internet, and the like, you end up with difficulty even coming up with a reasonable whiteboard outline, and the actual implementation becomes quite difficult. By no means impossible, but it's not something you'll bang out over a weekend and be on par with something like Skype.

    As awful as Skype may be, just because you understand the idea behind how it works doesn't mean it's easy to duplicate. This is a classic nerd mistake.

  7. Re:Suspect by jonwil · · Score: 3, Interesting

    Based on the fact that the code contains addresses in the names of some functions (mysub_SessionManager_CMD_RECV_Process_00788E80 for example) and based on the mentions of "Hexrays" in the source, this was most likely reverse engineered using IDA pro and the HexRays decompiler. (HexRays is a great tool, I use it myself for some things)