A while ago I blogged about the first published information about reverse-engineering of Skype (Skypes Flux Capacitor has been released, Skypes Flux Capacitor: UDP). A missing piece in the puzzle was the arithmetic compression algorithm used by Skype, details about which were first published in Silver Needle in the Skype. Meanwhile I’ve seen source code of the compression algorithm from two different sources — one of them on a blog on Open Source Skype, although that version doesn’t seem to be available any longer on that page, try the usual sources to find “removed” internet-information. The code is both versions is different. I’ve not yet had the time to further look into this (and try out the code on actual Skype packets) but from what I’ve seen the code looks genuine. There are some questions, though, if the code works with later versions of Skype, it seems the protocol was slightly changed recently.
There is also some press coverage from the interview with Efim Bushmanov, the author of the menioned blog:
- Skype reverse-engineered by Russian geek
- Efim Bushmanov: “Good products can’t stay proprietary for long”
- Russian Reverse Engineer Praises Skype
So we now have alle the pieces of the puzzle to start writing a plugin for Wireshark to give us a tool to further analyze the network traffic produced by Skype. Maybe an open source client is on the horizon now (there’s still a long way to go since we don’t know the binary formats used by the voice and video codecs in Skype, but maybe keyboard-chat is within reach now). Shameless Plug: If you have resources (money or time) to help writing a Wireshark plugin for Skype, please contact me, I’m trying to coordinate efforts in this direction.
That said, there are rumors that (one of) the Skype Certificate-Authority-Key (the Root key in a certificate chain) was leaked. Lets see what comes from this… leaking the key could make communications available to third parties or forge identities. But be aware that the makers of Skype probably already do have the mechanisms in place to listen into the contents of Skype traffic as was first hinted at by the Silver Needle in the Skype presentation and which I’ve mentioned in my talks on Skype (presentation material linked from my home page).
Looks like Microsoft has aquired a piece of software here that perfectly fits its security record so far — this could be helped by letting independent researchers look at the Skype protocol design, but may well uncover further problems down the road. We again see here that secrecy won’t help security in the long run, we may view this as a generalisation of Kerckhoffs’ Principle. Opening the procotol like speculated in the article Skype reverse-engineered by Russian geek is still a very unlikely move by Microsoft, in my view… but I would certainly welcome this.