Skypes Flux Capacitor has been released

August 25th, 2010 by Ralf Schlatterbeck

Skype uses an obfuscation layer for making it harder for others to analyze the Skype network traffic. This obfuscation layer has been called “Flux Capacitor” by the authors of the 2006 publications “Silver Needle in the Skype” and “Vanilla Skype”, Philippe Biondi, Fabrice Desclaux, and Kostya Kortchinsky, see the Wikipedia article on Skype for references about their publications. They discovered this flux capacitor code when reverse engineering the Skype binary program but didn’t dare to publish it for fear of others attacking the Skype network. They hinted at all sorts of bad things that were possible when knowing the Skype prototocol, the least of which is scanning networks behind firewalls (Skype is well known to be able to connect to the internet even in the presence of firewalls).
Now this Flux Capacitor code has been released by a group called “Skype Reverse Engineering Team” in a blog post Skype’s Biggest Secret Revealed by Sean O’Neil claiming that the code was already leaked and used by spammers. But they didn’t tell us how to use that code and defer further information to the next Chaos Communication Congress 27C3.
I certainly hope that the security holes in Skype are not that bad as feared by others. Some good can come out of it: maybe we’ll see a free Skype client in the not-too-far future. A good plan now would be to write a Wireshark dissector for Skype so that we can analyze the network traffic. Unfortunately the authors didn’t tell us yet how to call that code to de-obfuscate Skype traffic. But there is plenty of information in the aforementioned publications. So I’ve written a Makefile to create a shared library from the now released code and a Python wrapper that decrypts a single packet from a Skype network dump called SkypeIRC.cap published on the Wireshark page. This at least proves that the code works — the first several bytes of a Skype TCP stream decrypt to a known value.
Maybe others want to use this as a starting point before more is released by the authors at the Chaos Communication Congress 27C3.

3 Responses to “Skypes Flux Capacitor has been released”

  1. Runtux Blog » Blog Archive » Linuxwochenende 2010 Says:

    […] Runtux Blog Neues, Interessantes, Skurriles « Skypes Flux Capacitor has been released […]

  2. Runtux Blog » Blog Archive » Skypes Flux Capacitor: UDP Says:

    […] recently wrote about the broken network obfuscation code (aka Flux Capacitor) of Skype published by Sean O’Neil. At the time I wasn’t able […]

  3. Runtux Blog » Blog Archive » Skype Compression Now Published Says:

    […] while ago I blogged about the first published information about reverse-engineering of Skype (Skypes Flux Capacitor has been released, Skypes Flux Capacitor: UDP). A missing piece in the puzzle was the arithmetic compression […]