| « DDoS etc | We Are Back » |
Skype's Biggest Secret Revealed
07/07/10 | by Sean O’Neil | Categories: News
For eight years, Skype enjoyed selling the world security by obscurity. We must admit, really good obscurity. I mean, really really good obscurity. So good that almost no one has been able to reverse engineer it out of the numerous Skype binaries. Those who could, didn’t dare to publish their code, as it most certainly looked scarier than Frankenstein.
The time has come to reveal this secret. http://cryptolib.com/ciphers/skype contains the greatest secret of Skype communication protocol, the obfuscated Skype RC4 key expansion algorithm in plain portable C. Enjoy!
Why publish it now? - It so happened that some of our code got leaked a couple of months ago. We contacted Skype reporting the leak. Only weeks later, our code is already being used by hackers and spammers and we are abused by Skype administration. I do not want to go into any finger-pointing details here, but naturally, we do not wish to be held responsible for our code being abused. So we decided that the time has come for all the IT security experts to have it. Why let the hackers have the advantage? As professional cryptologists and reverse engineers, we are not on their side. Skype is a popular and important product. We believe that this publication will help the IT security community help secure Skype better.
However, for the time being, we are not giving away a licence to use our code for free in commercial products. Please contact us if you need a commercial licence.
It is not all security by obscurity of course. There is plenty of good cryptography in Skype. Most of it is implemented properly too. There are seven types of communication encryption in Skype: its servers use AES-256, the supernodes and clients use three types of RC4 encryption - the old TCP RC4, the old UDP RC4 and the new DH-384 based TCP RC4, while the clients also use AES-256 on top of RC4. It all is quite complicated, but we’ve mastered it all. If you want to know more, come to Berlin for 27C3 to hear all the juicy details on how to use this function to decrypt Skype traffic.
With best regards,
Skype Reverse Engineering Team
32 comments
Comment from: Ilya [Visitor] · http://www.literatecode.com
I guess the Bundespolizei will be particularly happy to attend. Finally they can decommission these crappy Skype trojans :)
08/07/10 @ 04:14
Comment from: Great work [Visitor]
Interested in commercial use of your code. Please contact me.
09/07/10 @ 22:52
Comment from: Fredrik Nordberg Almroth [Visitor] · http://ackack.net/
This is awesome.
Your work must have taken some serious time.
But don't you believe that even more hackers will (ab)use your code in even more widespread malicious manners? Now when it's out? Just a question.
Anyway,
Cheers!
Your work must have taken some serious time.
But don't you believe that even more hackers will (ab)use your code in even more widespread malicious manners? Now when it's out? Just a question.
Anyway,
Cheers!
09/07/10 @ 23:51
Comment from: luis [Visitor] · http://makepkg.net
"For over 10 years, Skype enjoyed selling the world security by obscurity. We must admit, really good obscurity"
|*| We can prove if you have used this code in your product.
|*| We will find you.
|*| We will prosecute for copyright infringement.
|*| This code is quite unique and is easily identifiable.
|*| Result may match Skype's 100%, but this code is ours.
And you talk about obscurity?
|*| We can prove if you have used this code in your product.
|*| We will find you.
|*| We will prosecute for copyright infringement.
|*| This code is quite unique and is easily identifiable.
|*| Result may match Skype's 100%, but this code is ours.
And you talk about obscurity?
10/07/10 @ 15:54
Comment from: Sean O’Neil [Member] · http://cryptolib.com/
Yes. Exactly! Take a look at this code inside a skype executable if you can. Then you'll understand. It is precisely the difference between before and now - we have removed all the obscurity.
10/07/10 @ 16:57
Comment from: Doubting Didymus [Visitor] · http://www.crypo.com/eng_rc4.php
I have some "little" doubts around the source code and its functionality in a mission.
Can someone prove to us that it is work or not?
On the webpage i've given you can find a simple RC4 Encryptor in JavaScript.
Can someone decrypt the following characterchains to us as the prove of the functionality of the Skype RC4 key expansion algorithm?
(Of course we need both the original message, and the random "session key" too!)
te2tj_8o0hJOwF8bJiEqnkP120cKG"mcZ4xOhJUWOTOinahp
:-))
Can someone prove to us that it is work or not?
On the webpage i've given you can find a simple RC4 Encryptor in JavaScript.
Can someone decrypt the following characterchains to us as the prove of the functionality of the Skype RC4 key expansion algorithm?
(Of course we need both the original message, and the random "session key" too!)
te2tj_8o0hJOwF8bJiEqnkP120cKG"mcZ4xOhJUWOTOinahp
:-))
12/07/10 @ 01:15
Comment from: OPT1MUS [Visitor]
Sean O'Neil, we students of safety and technology of Brazil. We thank you for sharing the code, and we support his decision.
If the code was leaked, it must be published and show developers that the company responsible for more secure once the system is flawed today, is explored and the same must be rewritten to be trusted again.
OPT1MUS - RTLS Brazil Team
If the code was leaked, it must be published and show developers that the company responsible for more secure once the system is flawed today, is explored and the same must be rewritten to be trusted again.
OPT1MUS - RTLS Brazil Team
12/07/10 @ 13:17
Comment from: Dedicated Windows [Visitor] · http://www.dedicatedwindows.com
Interesting but not complete. A lot of work miss to fully understand the protocol.
Thank you
Thank you
12/07/10 @ 19:24
Comment from: skypeuser [Visitor]
There are other things I have noticed also. It is not too difficult to detect if someone is hiding his identity or offline.
12/07/10 @ 20:10
That is an wonderful feat in beating technology RC4 that we always thought secure. "The most secure place is bottom of Pacific kept inside big metal box chained and locked around". Thanks for this success
13/07/10 @ 03:51
Comment from: MoodificaTOR [Visitor] · https://torproject.org
What's next, when I configure a proxy like TOR to the start of a Skype's audio/video or chat frame?
>-]
>-]
13/07/10 @ 04:52
Comment from: Coffee [Visitor]
What a lousy thing to do! Destroying security for millions of users and you think you have done something good?
Guys like you should be in jail for the rest of your crappy lifes.
Guys like you should be in jail for the rest of your crappy lifes.
13/07/10 @ 09:48
Comment from: Sean O’Neil [Member] · http://cryptolib.com/
Coffee: I totally agree with you! Those who develop and sell fake security to millions of people should be in jail. All the necessary security wasn't there in the first place - destroyed by the developers themselves when they had the tools available to them to put it in place.
It is our responsibility to expose such fake security in products before it is too late so it could be replaced with real security. If it was there in the first place, we couldn't destroy it even if we wanted to. That's how cryptography works. Security works. Obscurity doesn't.
It is our responsibility to expose such fake security in products before it is too late so it could be replaced with real security. If it was there in the first place, we couldn't destroy it even if we wanted to. That's how cryptography works. Security works. Obscurity doesn't.
13/07/10 @ 13:59
Comment from: Miss Conception [Visitor]
I have a question.
What can you do with this?
Can you break up existing communications , sniffed, dumped datastreams with is?
Or can you only make some troyanlike tools with it, that can steal chat and voice streams from the memoryresident Skype on-the-fly?
What can you do with this?
Can you break up existing communications , sniffed, dumped datastreams with is?
Or can you only make some troyanlike tools with it, that can steal chat and voice streams from the memoryresident Skype on-the-fly?
13/07/10 @ 22:16
Comment from: Sean O’Neil [Member] · http://cryptolib.com/
You can encrypt and decrypt Skype connections the way the normal client application does it. You can access (and modify) a lot of information in the supernode traffic, you can decrypt and scan all Skype connections now, some in real time, some sniffed, and you can develop interoperable applications that can talk to Skype servers, clients and supernodes. The rest of Skype is very easy to reverse engineer. This algorithm was the main obstacle for everyone.
13/07/10 @ 22:51
Comment from: Eugenio Ottonelli Crescente [Visitor] 
You are very fucked up, I became your fan!
14/07/10 @ 19:37
Comment from: Phil. French journalist [Visitor]
Hello
I'm a french journalist and I prepare an article about your news.
But, I would like to have your opinion about the french research in 2006 by EADS and Fabrice Desclaux. SSTIC 2006.
15/07/10 @ 09:52
Comment from: Doubting Didymus [Visitor]
I'm still awaiting for the PROOF !
If you can crack RC4 streams like this, then give us the original password and textfield for this RC4 encrypter short sentence :
te2tj_8o0hJOwF8bJiEqnkP120cKG"mcZ4xOhJUWOTOinahp
If you can crack RC4 streams like this, then give us the original password and textfield for this RC4 encrypter short sentence :
te2tj_8o0hJOwF8bJiEqnkP120cKG"mcZ4xOhJUWOTOinahp
15/07/10 @ 16:58
Comment from: dR3v3r$3r [Visitor] · http://mcafee.com
Hey Sean O’Neil ,
We are working with the leading AV and Network Security company McAfee,Inc .
I have developed the signatures for Skype which can detect the skype encrypted traffic and block it successfully . Quite a few security companies including McAfee use my solution ...
I would like to use your published code in our IPS and Firewall appliances to decrypt skype streams and provide with better visibility of the skype traffic .
This algorithm might be the core obfuscation part of Skype , but to me it seems to be incomplete to decrypt streams ..Is there any other additional code above this ? How do I use it to decrypt and visualize skype traffic ? Any way by which you can help ?
We are working with the leading AV and Network Security company McAfee,Inc .
I have developed the signatures for Skype which can detect the skype encrypted traffic and block it successfully . Quite a few security companies including McAfee use my solution ...
I would like to use your published code in our IPS and Firewall appliances to decrypt skype streams and provide with better visibility of the skype traffic .
This algorithm might be the core obfuscation part of Skype , but to me it seems to be incomplete to decrypt streams ..Is there any other additional code above this ? How do I use it to decrypt and visualize skype traffic ? Any way by which you can help ?
16/07/10 @ 12:16
Comment from: dR3v3r$3r [Visitor] · http://mcafee.com
Hey Sean O’Neil ,
We are working with the leading AV and Network Security company McAfee,Inc .
I have developed the signatures for Skype which can detect the skype encrypted traffic and block it successfully . Quite a few security companies including McAfee use my solution ...
I would like to use your published code in our IPS and Firewall appliances to decrypt skype streams and provide with better visibility of the skype traffic .
This algorithm might be the core obfuscation part of Skype , but to me it seems to be incomplete to decrypt streams ..Is there any other additional code above this ? How do I use it to decrypt and visualize skype traffic ? Any way by which you can help ?
We are working with the leading AV and Network Security company McAfee,Inc .
I have developed the signatures for Skype which can detect the skype encrypted traffic and block it successfully . Quite a few security companies including McAfee use my solution ...
I would like to use your published code in our IPS and Firewall appliances to decrypt skype streams and provide with better visibility of the skype traffic .
This algorithm might be the core obfuscation part of Skype , but to me it seems to be incomplete to decrypt streams ..Is there any other additional code above this ? How do I use it to decrypt and visualize skype traffic ? Any way by which you can help ?
16/07/10 @ 12:31
Comment from: Sasha van den Heetkamp [Visitor]
I won't vote it down nor up, but how is this news? I found it out on my own a long time ago. Anyone can; by simply inspecting the API calls it is making to the Win cryptolib which it heavily utilizes for AES/RC4. No secrets here, unless I am missing the whole point.
20/07/10 @ 05:48
Comment from: Skype 4.2.0.169 [Visitor] · http://skype.com
Hello there !
What about the newest Skype client?
Yesterday i got a message when i tried to start the older version of Skype:
"You must install the newest verion of the Skype due to a security reason"
Perhaps the "security reason" is what we can read here (?)
What about the newest Skype client?
Yesterday i got a message when i tried to start the older version of Skype:
"You must install the newest verion of the Skype due to a security reason"
Perhaps the "security reason" is what we can read here (?)
20/07/10 @ 14:47
Comment from: Sean O’Neil [Member] · http://cryptolib.com/
Not at all. What you've read here applies to every single version of Skype, from its first version to its latest release 4.2.0.169. It only does not apply to the Java versions of Skype that use different servers, a slightly different protocol and different encryption.
20/07/10 @ 21:33
Comment from: Mr.Ging [Visitor]
hi, can i buy a commercial license of this code. My company need a program can broadcast about 10000 skype user in few minute. so we need your code for improve our program.
i wait for your reply(contact me by email)!
thanks !
i wait for your reply(contact me by email)!
thanks !
22/07/10 @ 12:21
Comment from: Mr.Ging [Visitor]
[quote]
hi, can i buy a commercial license of this code. My company need a program can broadcast about 10000 skype user in few minute. so we need your code for improve our program.
i wait for your reply(contact me by email)!
thanks !
[quote]
Hi, i'm a developer , not a spammer ^^, all user who received message from us, are my company's customer. And i'm serious about this
hi, can i buy a commercial license of this code. My company need a program can broadcast about 10000 skype user in few minute. so we need your code for improve our program.
i wait for your reply(contact me by email)!
thanks !
[quote]
Hi, i'm a developer , not a spammer ^^, all user who received message from us, are my company's customer. And i'm serious about this
28/07/10 @ 10:06
Comment from: Doubting Didymus [Visitor] · http://www.crypo.com/eng_rc4.php
How can you decrypt LONG Skype RC4 streams with HEAVY keys, if you can NOT decrypt a VERY short sentence with a VERY short key ? I'm sure, this whole site is just a big HOAX , and snatch...
Voila':
This is a very short sample message.
+
and this is very short sample key
=
te2tj_8o0hJOwF8bJiEqnkP120cKG"mcZ4xOhJUWOTOinahp
Voila':
This is a very short sample message.
+
and this is very short sample key
=
te2tj_8o0hJOwF8bJiEqnkP120cKG"mcZ4xOhJUWOTOinahp
31/07/10 @ 18:27
Comment from: Gilbert Fernandes [Visitor]
Security through obscurity has always failed. This is what history teaches. Instead of using that stupid crap RC4 code, move to AES256. Security through obscurity is just yelling "hey look at us we're dumb and stupid enough not to learn from history of cryptography. woo woo!"
15/08/10 @ 15:46
Comment from: Pietor [Visitor]
This is news? So perhaps you didn't read Dr. Berson's report on the cryptography in Skype, published some years back. And there have been ample successful RE of various Skype clients. Maybe you just aren't tuned to the right channel. But you have a *fantastic* self-promotion headline there, buddy. Pff.
23/08/10 @ 21:30
Comment from: Sean O’Neil [Member] · http://cryptolib.com/
I'll comment just so that this misinformed reader doesn't confuse anyone else.
1. Dr. Berson was never given the Skype in use to analyse. He was given sources of Skype 1.3 that cannot even login to the Skype network because it uses a different protocol, not only different servers. 1.3 did not work for many years. The earliest version of Skype that can currently login to the network and communicate with other users and supernodes is 1.4 as long as it tells Skype servers that its version is at least 2.6.
Every security expert knows very well that even a slightest modification to the communication protocol can introduce security holes, not only exploitable vulnerabilities and/or intentional backdoors. Skype 1.4 and up have never been publicly analysed.
However, the current publication is not even related to Dr. Berson's analysis or any of the security holes/vulnerabilities/backdoors in Skype. Its publication will soon reveal to everyone just how insecure Skype really is despite all its cryptography. Even if it's not apparent yet. Besides encrypting people's conversations, they chose security by obscurity instead of the real security. They must have had their reasons...
2. A couple of reverse engineering teams barely getting past the top encryption/checksum layers and through the Skype's RC4 and proprietary compression layers and then quitting can hardly be called "ample" or "successful reverse engineering". If you want to claim that what we are publishing has been published before, please provide references. The fact is, this algorithm has never been published or even properly extracted out of Skype before, i.e. in a clean C form, without the heavy anti-reverse-engineering obfuscation of this traffic obfuscation function. Those who have ever tried to extract it out of Skype know what I'm talking about. This is new because until now, the public had no way to decrypt Skype traffic. In a week or two, we will publish sample code to show everyone how to decrypt intercepted Skype packets using the algorithm we have published here.
3. Of course, a few teams have indeed successfully reverse engineered Skype and are quietly using their secret capabilities. We cannot possibly "stay tuned" to their "channels" as they are keeping their work and all their results completely secret, just as we did.
4. We are not academics and this is not Hollywood. We are not publishing results of our work to get our five minutes of fame. If you have stumbled upon this article and the attached C code means nothing to you, this entire publication was not for you. Seek executive summaries somewhere else. If you are still reading this and still want to understand what on Earth we are talking about, it's the "unknown key engine" mentioned in the Wikipedia article describing whatever little has been published so far about the Skype protocol.
1. Dr. Berson was never given the Skype in use to analyse. He was given sources of Skype 1.3 that cannot even login to the Skype network because it uses a different protocol, not only different servers. 1.3 did not work for many years. The earliest version of Skype that can currently login to the network and communicate with other users and supernodes is 1.4 as long as it tells Skype servers that its version is at least 2.6.
Every security expert knows very well that even a slightest modification to the communication protocol can introduce security holes, not only exploitable vulnerabilities and/or intentional backdoors. Skype 1.4 and up have never been publicly analysed.
However, the current publication is not even related to Dr. Berson's analysis or any of the security holes/vulnerabilities/backdoors in Skype. Its publication will soon reveal to everyone just how insecure Skype really is despite all its cryptography. Even if it's not apparent yet. Besides encrypting people's conversations, they chose security by obscurity instead of the real security. They must have had their reasons...
2. A couple of reverse engineering teams barely getting past the top encryption/checksum layers and through the Skype's RC4 and proprietary compression layers and then quitting can hardly be called "ample" or "successful reverse engineering". If you want to claim that what we are publishing has been published before, please provide references. The fact is, this algorithm has never been published or even properly extracted out of Skype before, i.e. in a clean C form, without the heavy anti-reverse-engineering obfuscation of this traffic obfuscation function. Those who have ever tried to extract it out of Skype know what I'm talking about. This is new because until now, the public had no way to decrypt Skype traffic. In a week or two, we will publish sample code to show everyone how to decrypt intercepted Skype packets using the algorithm we have published here.
3. Of course, a few teams have indeed successfully reverse engineered Skype and are quietly using their secret capabilities. We cannot possibly "stay tuned" to their "channels" as they are keeping their work and all their results completely secret, just as we did.
4. We are not academics and this is not Hollywood. We are not publishing results of our work to get our five minutes of fame. If you have stumbled upon this article and the attached C code means nothing to you, this entire publication was not for you. Seek executive summaries somewhere else. If you are still reading this and still want to understand what on Earth we are talking about, it's the "unknown key engine" mentioned in the Wikipedia article describing whatever little has been published so far about the Skype protocol.
24/08/10 @ 04:13
Comment feed for this post
