Forgot your password?
typodupeerror
Communications Microsoft Technology

Skype Protocol Has Been Reverse Engineered 231

Posted by timothy
from the limited-victory dept.
An anonymous reader writes "One researcher has decided he wants to make Skype open source by reverse engineering the protocol the service uses. In fact, he claims to have already achieved that feat on a new skype-open-source blog. The source code has been posted for versions 1.x/3.x/4.x of Skype as well as details of the rc4 layer arithmetic encoding the service uses. While his intention may be to recreate Skype as an open source platform, it is doubtful he will get very far without facing an army of Microsoft lawyers. Skype is not an open platform, and Microsoft will want to keep it that way."
This discussion has been archived. No new comments can be posted.

Skype Protocol Has Been Reverse Engineered

Comments Filter:
  • by commodore6502 (1981532) on Thursday June 02, 2011 @03:42PM (#36323974)

    And yet we have several programs that can read/write to Office files. It seems the same could be done with MS Skype - call it OpenSkype or LibreSkype.

    The only problem is the potential to be sued for theft-of-service (making calls w/o paying).

    • by fuzzyfuzzyfungus (1223518) on Thursday June 02, 2011 @03:54PM (#36324136) Journal
      Unless there is a substantial amount of client-trusting going on(which would be incredibly stupid; but not entirely out of the question given that Skype makes heavy use of random machines running Skype to save the operator bandwidth and machine time), I suspect that having the protocol won't be of too much use for theft of service. Even using a 3rd party client, you'd still need credentials tied to an account with money in it, and Skype can always bounce you at the points where their network meets the POTS/Cell system.

      Again, unless analysis of the protocol reveals deep, exploitable, flaws I'm guessing that MS won't care too much. The world already has at least one born-open VOIP protocol(SIP), quite possibly several, and those haven't been a deep threat to Skype because they are comparatively hard for neophytes to set up, have firewall issues, etc. Heck, Microsoft bought Skype despite having a voice chat system in MSN. Voice chat over the internet, while not trivial, just isn't some super trade secret, nor is it what makes Skype a contender.

      Now, given the reports of how slimy and secretive the Skype binary can be, I'd be happy to see an open implementation; but I suspect that the possibility won't rock the boat from MS' perspective...
      • by Ash Vince (602485) * on Thursday June 02, 2011 @05:13PM (#36325126) Journal

        Now, given the reports of how slimy and secretive the Skype binary can be, I'd be happy to see an open implementation; but I suspect that the possibility won't rock the boat from MS' perspective...

        The strength of Skype is it's user base, that is why it was so expensive to MS. A messaging client is only as good as its user base. They bought skype for its users and market penetration and that it why it leaves everything else in it dust. If I could use a rival client to communicate with people on the skype network I would drop skype in a heartbeat, especially when I am using Linux as their Linux client it dire. Likewise the androids client. I will be very glad if this results in a rival client, ideally an open source one.

        I do think however that Microsoft will already be screaming at an army of lawyers to shut this guy up quickly. You are entirely wrong when you say this will not rock the boat from their perspective, and you will see this in hours or days rather than weeks.

    • by exomondo (1725132)

      call it ... LibreSkype.

      please don't.

    • by formfeed (703859)

      And yet we have several programs that can read/write to Office files. It seems the same could be done with MS Skype - call it OpenSkype or LibreSkype.

      You can't call it anything-Skype.
      Replace Skype with something similar. Heavenpi, Skipole, Ski-pie, Kyte, Skate, Scalp?
      Great! OpenScalp!!

    • by GauteL (29207)

      "Call it OpenSkype or LibreSkype."

      An open Skype-compatible alternative would be brilliant. But if you want to avoid getting sued, I suggest calling it something entirely different.

  • by mailman-zero (730254) on Thursday June 02, 2011 @03:43PM (#36323986) Homepage
    Just because the protocol is reverse engineered doesn't make it open. I would rather see an open standard become supported or used by Skype/Microsoft.
    • by fuzzyfuzzyfungus (1223518) on Thursday June 02, 2011 @03:57PM (#36324168) Journal
      SIP.

      Oh, wait, you needed to talk to somebody who is using Skype. Shit.

      Network effects are a nuisance; but you just can't dismiss them. It would, indeed, be rather perverse to use reverse-engineered secret protocols as the basis for new systems where open ones are available(SIP, XMPP, etc, etc.); but if you want to interact with the userbase of a proprietary protocol your options are either to reverse engineer it, or to accept whatever T and Cs the proprietary software decides to impose.
      • Why not make a SIP / Skype Gateway and sell the service / product? Why not market it as "universal" VOIP client.

        It might make transitioning away from Skype to SIP much easier.

        Where people see a problem, I see opportunity.

        • by Ash Vince (602485) *

          Why not make a SIP / Skype Gateway and sell the service / product? Why not market it as "universal" VOIP client.

          It might make transitioning away from Skype to SIP much easier.

          Where people see a problem, I see opportunity.

          So did Fring, look what happened.

      • Entertainingly, Microsoft's Netmeeting worked quite well as a voice/video SIP client back in the day. Of course, nobody* used it. Skype on the other hand is completely useless for connecting to standards-based chat/voice/video clients, but it has a huge user base.

        Welcome to marketing.

        • Nobodies mentioned the excellent echo cancellation. Trust me, that matters. Plus it was clearer than anything I had tried when I first tried it several years ago. And they had cheap rates, and and and, it all for the most part just worked with all of the features.

        • Afaict skype got it's userbase because it "just worked", no worrying about firewalls or NAT types or port forwarding or other shit like that. IIRC they used some dirty tactics to acheive this like using people with fast open internet connections as router nodes (I think they later moved to routing the worst case traffic through their own servers)

    • by lalleglad (39849)

      "I would rather see an open standard become supported or used by Skype/Microsoft."

      Yes, I agree, and with the knowledge of the history of Microsoft I would have to add:

      "I would like to see the extinction of World hunger, end of all wars and a beautiful woman to all men, and vice versa, but ..."

      that is not going to happen until Hell freezes over!

      Or Microsoft runs out of money.

    • I'm guessing parts of the protocol were leaked by a malcontent employee who was pissed at the sellout
  • Facetime has much better video quality for low-bandwidth connections, and there is no Window's application for it. That would be a better target.
    • Facetime also isn't encrypted, just slightly obfuscated. It's just a regular SIP connection with an Apple-hosted HTTP-based lookup service that ties SIP URIs to emails or phone numbers.

      • by node 3 (115640)

        There's no reason it can't be. In terms of consumer impact, FaceTime for Windows would be much more noticeable than an open Skype protocol.

        It's really disappointing that Apple hasn't either ported FaceTime over to Windows, or done what they said last year and published the protocol so third parties could implement it. WWDC would be a good place to announce something like this, though. I guess we'll know in a few days.

  • Microsoft did not threaten any Kinect hackers when they reversed that protocol...
    • I think at first they were against it, but after they saw how it was taking off they decided to ride the PR wave.

      In the case of Skype, it benefits from network effects; as more people use it, more people want to use it. So if MS ultimately doesn't want to spend resources to support a small userbase like Linux, maybe it would be beneficial for them to let a minority of people access the service through an unauthorized third party.

      • I think at first they were against it, but after they saw how it was taking off they decided to ride the PR wave.

        In the case of Skype, it benefits from network effects; ...

        It can also be destroyed by network effects - imagine if the second most popular skype client offered both skype and an open protocol - the world can slowly change over to the open protocol without any of the users even realising it. This is a bad thing for something that depends on lock-in, like skype

    • Try hacking the Live service protocol and tell me how Microsoft reacts.

      PS I'm not actually recommending you break the law. Just trying to make people think.

  • This could be the Skype killer we have been wishing for. It doesn't have to work with Skype, it just has to be as good as Skype and to be open. Imagine people being able to set up their own private Skype-like servers for personal and business use... even for home-monitoring uses and more. Skype will undoubtedly kill support for Linux and probably restrict access in a variety of ways. While being able to access Skype servers and services would be desirable, I wouldn't expect that to be allowed to work and would end up as the arms race we saw previously in instant messaging. (One that I think was ultimately lost or abandoned by those trying to fight 3rd party clients.) But if a truly free and open Skype-like set of clients and servers were made available, a lot of useful things can occur.

    • by blair1q (305137)

      Like...Vonage.

      • Vonage? *facepalm*

        Or like SIP...

      • by Malc (1751)

        Vonage... great idea; poor implementation (or maybe that's an inherent problem with the underlying protocols like SIP).

        I was a Vonage customer when I lived in Canada. There was always terrible latency calling mobile phones, to the point where it would screw up conversations. And as somebody who travels a lot (like going to live elsewhere for four weeks or more at a time), I loved the idea of portability and location transparency offered by Vonage. Unfortunately it didn't work, which was a problem for tho

    • by hawguy (1600213)

      It doesn't have to work with Skype, it just has to be as good as Skype and to be open.

      I don't think that's true - there are a number of other video conferencing products out there, some are open, others are not, but as long as Skype continues to work on Windows/Mac and is free, there's not much reason for most people to switch.

      Imagine people being able to set up their own private Skype-like servers for personal and business use

      I'd be surprised if significant numbers of people set up their own servers - small businesses aren't likely to have the time (or desire) to set up their own servers, large businesses don't care if they have to pay (and many probably already use OCS/Lync)

    • by Greyfox (87712)
      It's a long way from "We have the protocol" to "It's as good as Skype." Most of what makes Skype "good" is infrastructure investments. Even if we can deliver a point-to-point application that's every bit as "good" as Skype, it's not any better than Linphone unless the rest of the infrastructure is in place to support all the features that Skype does.

      There are numerous open programs that can provide point to point voice or video chat. Some of them are even pretty good. But without a lot of supporting serve

    • "As good as" won't do. It would have to be much better.

      Here's why:
      Normally, Skype works, also, a lot of my friends use it. So, I'm quite happy with it. To get me to switch to another system (and to somehow persuade my friends to do it too, since if I'm the only one using the new system it's not very useful) the new system has to be much better than skype. Being "open" is not a high priority - Skype is available for Windows and Linux, I do not need to pay for it (legally), so I will not try to write my own c

    • It's the network stupid

      If I have 20 friends on Skype and 1 friend on OpenSkype, I am going to get Skype. It doesn't matter if something else is more secure, open or faster if you have no one else to talk to.

      The only way an open source version of Skype will be successful is if it is compatible with Skype's existing network of users.

      • by Malc (1751)

        If there's a choice of Skype's client or an alternative open source client, I'll probably be sticking with the Skype one, unless the open one has some other compelling reasons. Whilst Skype's UI is painful, it's generally better than the UI efforts of most open source software, and integrates better natively with whatever platform than most open source cross-platform apps. These are both areas where open source people seem to be clueless.

    • by Thelasko (1196535)

      It doesn't have to work with Skype, it just has to be as good as Skype and to be open.

      Yes, it has to work with Skype. What makes Skype good is its users. If you can't call any of the millions of people that have Skype, what good is it?

      <sarcasm>I mean, look how fast Diaspora [wikipedia.org] took off as an open source alternative to Facebook!</sarcasm>

  • by Anonymous Coward on Thursday June 02, 2011 @03:45PM (#36324004)

    It's protected. Lawyers may bark, and pound a table or two, but ultimately, they'll fail.

    Sec. 103(f) of the DMCA (17 U.S.C. 1201 (f)) says that if you legally obtain a program that is protected, you are allowed to reverse-engineer [wikipedia.org] and circumvent the protection to achieve the ability the interoperability of computer programs

    • by hedwards (940851)

      It is, however they can sometimes shake something out that prevents the exemption from applying. Projects which rely upon reverse engineering have to be very careful that they properly shield themselves from information which might make the immunity go bye bye

    • That refers to copyright law (or at least the US's convoluted idea of it). The reverse engineer is within the DMCA, but that doesn't matter if he's violating patents -- if, in fact, he's in a country that has software patents (i.e., the US). As some redditors pointed out, his lack of fluency in English seems to suggest otherwise.

      If he is in the US, he can still be sued for violating the patents Microsoft owns on the protocol, although I think Microsoft is less likely to be evil about it than the other forme

    • Don't you have to do this in a prescribed fashion involving two teams, one to write a formal spec (with access to the original) and then hand that spec off to a second group that must work entirely off the spec? If this procedure was not followed the results would be tainted.

      • AIUI you don't HAVE to but if you do it's much easier to avoid inadvertantly violating copyright and/or mount a defense against accusitions of doing so if you do it that way. In particular there may be some things that only have one or two reasonable ways to implement them but are nonetheless complex enough that a court may consider them eligible for copyright.

    • by Dunbal (464142) *
      Not to mention that the DMCA fails to apply at all in places like Russia.
    • The real question is does the "offender" has the financial resource to defend it. Large corporations have very deep pocket and army of lawyers. Does (s)he?

  • FTFA (Score:5, Insightful)

    by cultiv8 (1660093) on Thursday June 02, 2011 @03:45PM (#36324008) Homepage

    The remaining question to ask is what’s the point of doing this reverse engineering? Skype is a free-to-use service for the most part. You do pay for non Skype-to-Skype calls, and have to use the official software, but is that really enough to make users desire an alternative?

    Yes.

    • by godrik (1287354)

      There is much more to that. The skype protocol being unknown made people wonder what is actually going through the network. Some institute such as INRIA (A french research institute in computer science) forbid the use of skype partly for this reason. As far as we knew, skype might piggyback some request for computation and "steal" some CPU time to sell it. Knowing the protocol should clear that out.

    • by theNAM666 (179776)

      In the words of Sir Edmund Hillary, the reason is, "because it's there."

  • Torrent here (Score:4, Informative)

    by Anonymous Coward on Thursday June 02, 2011 @03:46PM (#36324020)
    Here's the torrent if it gets taken down. http://thepiratebay.org/torrent/6442887 [thepiratebay.org]
  • I thought we had already established that Interfaces to data formats (such as a protocol) consisted of only facts. These facts can not be copyrighted.

    To me it seems MS will simply follow their standard procedure of "Embrace (purchase and/or adopt a standard), Extend (introduce incompatibilities), and thereby Extinguish." to thwart any sort of open source implementations.

    Similar to their Zune device, which has embraced a standard USB interface and media protocol, but has been extended with a DRM challen

  • I would like to see a Pidgin plugin for Skype!

  • by klapaucjusz (1167407) on Thursday June 02, 2011 @07:33PM (#36326442) Homepage

    The third zipfile contains no less than 443,000 lines of code (not counting a number of duplicates under _old), including ports to Virtual C++, Borland C and Gcc under Unix, different versions of the protocol parser, and so on. The few bits I've looked at are written competently and with confidence, there's none of the "this byte is 42 in all messages, I don't know why" that you'd expect in reverse-engineered code.

    It's either a leak of Skype's code, or a decompilation; it's certainly not a reimplementation. --jch

    • Re:Suspect (Score:4, Interesting)

      by jonwil (467024) on Thursday June 02, 2011 @08:10PM (#36326712)

      Based on the fact that the code contains addresses in the names of some functions (mysub_SessionManager_CMD_RECV_Process_00788E80 for example) and based on the mentions of "Hexrays" in the source, this was most likely reverse engineered using IDA pro and the HexRays decompiler. (HexRays is a great tool, I use it myself for some things)

  • the entire point of them buying Skype was so that they could embed a Skype client into windows phone to use to make calls to windows desktop Skype users and vice-versa... to use the large user base to lock it in to windows only... the Mac and Linux Skype clients would be deliberately kept way behind in features in order to discourage use.

"All my life I wanted to be someone; I guess I should have been more specific." -- Jane Wagner

Working...