Can Skype be reverse engineered? That has been the $2.6 billion dollar question Skype watchers often ask themselves. Alec Saunders points to this blog post by Charlie Paglee that claims that a bunch of chinese engineers have done exactly that – cracked Skype.
The hacked clients cannot act as super nodes, the said blog notes, quoting the CEO of the unnamed Chinese company. In other words, the said clients could ride the Skype network without doing any heavy lifting of their own. Virus has mutated, and the parasite has a parasite.
It is hard to vouch for the authenticity of this claim; though if they can reverse engineer stuff like Blackberry, router software and what not, this is not that outrageous a claim. We have contacted Skype PR seeking comment. That said, if the crack is true, then it could have some detrimental impact on the Skype and eBay.
Update: Skype has sent this statement, “Skype is aware of the claim made by a small group of Chinese engineers that they have reverse engineered Skype software. We have no evidence to suggest that this is true. Even if it was possible to do this, the software code would lack the feature set and reliability of Skype which is enjoyed by over 100m users today. Moreover, no amount of reverse engineering would threaten Skype’s cryptographic security or integrity.”
Om,
This is surely less surprising than the MySpace User and Password cracker available freely.
Originally developed by Mustapha Inc (site suspended now), many people calim it works.
How do the Chinese communicate with Skype without licensing GIPS codecs?
Can Ebay’s infrastructure serve as Skype Supernodes in case Skype disables Supernodes from users’ clients?
This is what I call “Forcefully Open Source” 😛
there is a lot about this story which one needs to know. i have mailed skype people asking for an explaination. on the issue of FOS- that indeed might be the case. As Alec suggests that they might be smart to open source the skype protocol.
You forget to mention the potential for blocking Skype.
I guess the main issue is to crack the encryption. If you just want to do text chat the rest is simple. They could also have reverse-engineered the codecs, even though it’s way more complex.
Skype’s seeming dominance is based on a walled garden approach, similar to iTunes/iPod. Hence I don’t see what Skype would gain from disclosing the specification.
My dd-wrt router can block outgoing Skype (both Skype Out and Skype to Skype). I think Skype blocking is easier than most of us originally thought.
Actually back in March i saw a presentation from EADS Labs that also claimed to have reverse-engineered skype. (http://florida.blogs.com/florida/2006/03/skypereversee.html). The difference -from memory- is that they used existing skype clients to set up a private network, as opposed to going the whole hog as described above.
Sorry, b0rked link:
http://florida.blogs.com/florida/2006/03/
Direct link to the EADS ppt:
http://www.secdev.org/conf/skype_BHEU06.handout.pdf
Om, I can assure you, this is authentic. I would not steak my reputation on such a nefarious claim if it was not.
And this is not using any existing Skype code. They designed it from the ground up. I was going to invest in this company when they first started 8 months ago, but somebody beat me to it. A brilliant team.
I heard from a reporter this morning that Skype is denying it is possible. Boy are they in for a big surprise!
SKYPE’S RESPONSE of “no amount of reverse engineering could threaten…security or integrity” sounds like an all out challenge to all those hackers out there. Bad idea.
Regarding GIPS codec: Their iSAC codec is prorietary, but iLBS is (not theirs) is open. I suppose Skype allows for codec negotiation and the renegade client can pick iLBC or other standard codecs. Authentic Skype may use GIPS speech engine as well; but that is not required at both the ends.
As Florian says, this is not the first time that Skype has been reverse-engineered/cloned. A few months back researchers at EADS in Europe did the same, presenting their results at a conference in the Netherlands. I wrote up that presentation here:
http://giussani.typepad.com/loip/2006/04/theissueswith.html
and their slides are at
http://www.secdev.org/conf/skype_BHEU06.handout.pdf
The URL in the previous comment was automatically changed and leads nowhere. So use this:
http://giussani.typepad.com/loip/2006/04/
and go to April 3: “The issues with Skype – Continued”.
go right here to know more. to really know more.
i think the first attempt was the miniskype.exe (suddenly became very quite when that surface), then there was the silver needle, almost a scientific study on how to do it…, followed by what is happening now. and in between all that http://www.coobol.com managed to map out the p2p cloud and create a simple p2p blocking mechanism. and so on…
i believe that charlie should focus on why his company is such a dog … and cant make any headway. Focus on doing something innovative as opposed to just running around blog to blog trying to get your name mentioned…now having said that this is not the first time this claim has been made and remember kazaa was hacked as well with kazaa lite…how much tracation did that get even with spyware built in? not very much. and re the core product will just not be as good most importantly the sound quality because it cant use the best codecs…so if this is true it will be niche … now everyone back to work 🙂
Yes I agree with the post from hiro toro above.
This is an attempt by Charlie Paglee to get attention for his -seemingly- unsuccessful VoIP startup.
I hear that he is actually involved in a joint project with these Chinese so is pursuing his own business interests with this post.
If he would have disclosed that, I would have been a bit more concerened -maybe- for Skype but I think this news will cause some comments in blogs (mine is maybe the last one) and then disappear as quickly from the radar screen as it appeared.
What worries me is if this might break the implicit deal you do with Skype to provide them some of your processor power to help do the routing.
What if these people come out with a new Skype client that can talk over the network but doesn’t accept the responsibility of doing any of that stuff. Suddenly everyone’s going “hey! Use this. It’s much less heavy on your machine” and the whole network falls apart because no-one is doing that work.
hi. Phil jones brings out an interesting point and if it happens could be potentially a very bad news to skype…on the flip side i use an application called damaka (www.damaka.com) and it works without using any relay server or 3rd party machines to route calls…i beleive that they launched their network operator model before skype in turkey with a company called Mor-Tel (based on the news website of damaka)…
damaka application could be a potential solution to avoid the issue of hacks as they claim themselves to be truly p2p…
any comments on damaka?
here is the chinese company that has cracked skype protocol, http://www.coobol.com
http://webtown.typepad.com/webtown/2006/07/skypecrackeda.html
who funded this research ? who is working behind the screens ? why, how, where ? how long has it been going on ?
what is the relation (if any) between http://www.vozin.com / http://www.talqer.com / http://www.hanzen.cn and the alleded group of chinese skype engineers.
is there a relation to http://www.coobol.com (site offline but in the cache of google) or not ? And if so why has that not been disclosed.
what is the function of the http://www.voipwiki.com/blog. Smoke Screen or Marketing Tricking, creating hype before a launch of this Skype Clone ?
why and how long will this information be hidden from the public.
what else has been going on behind the smoke-screen ?
how lethal (if so) could that be for the original Skype.exe
what type of investigations are going and will be going on?
what are the consequence of being involved in such activities?
how will it affect the business-model and activities of Skype/Ebay?
how might this skype clone be marketed and under what domain-name ?
when will we see the final proof (under the form of an executable) surface ?
is there a relation to the earlier miniskype.exe ?
This story will certainly have another long tail. I am convinced that the current «no comment» position of Skype shows that this matter is investigated and probably it’s not only Skype that is investigating this matter too. Another thing comes to mind is wether Ebay would have Skype monitoring the Skype-contacts-list,chats, conversations and related. It should not be so difficult to do a content-search and map out of some «who’s talking to who, when and about what» diagram…
From Russia with love… Did Russian Hackers overtake in effect Chinese Hackers in the race to reverse engineer the Skype.exe ? This time it’s not a hoax or an unfulfilled promise. Here is the QtSkype4.exe. see http://www.skype-watch.com or http://webtown.typepad.com/webtown/2006/10/fromrussiawit.html