I recently wrote about the broken network obfuscation code (aka Flux Capacitor) of Skype published by Sean O’Neil. At the time I wasn’t able to decrypt UDP packets. Now I’ve looked a little more closely into the Vanilla Skype documentation — which also includes some code to decrypt Skype credentials on harddisk. This code contains a CRC implementation called CRC32. I had wrongly asumed that CRC32 of Skype would be the same as the crc32 implementation of pkzip, Ethernet, png, the POSIX cksum command etc. which is listed as “crc32″ in the CRC article on Wikipedia and which is standardized in e.g. IEEE 802.3.
The crc32 from the standards above inverts all the bits of the seed before using it (it uses an XOR mask of 0xFFFFFFFF) and does this again before returning the result of the CRC computation to the caller. But it uses the same polynomial as skype. So we can use an existing standard CRC implementation (e.g from the zlib library) as follows for computing the skype CRC:
def skype_crc (s, seed = 0xFFFFFFFF) : return (crc32 (s, seed ^ 0xFFFFFFFF)) ^ 0xFFFFFFFF
With this crc implementation I’m now able to also decrypt UDP (see updated code) packets. I’ve shown this some days ago at my talk @linuxwochenende, for slides see my events page.