Sunday, December 19, 2010

Skype's Biggest Secret Revealed

For eight years, Skype enjoyed selling the world security by obscurity. We must admit, really good obscurity. I mean, really really good obscurity. So good that almost no one has been able to reverse engineer it out of the numerous Skype binaries. Those who could, didn’t dare to publish their code, as it most certainly looked scarier than Frankenstein.

The time has come to reveal this secret. http://cryptolib.com/ciphers/skype contains the greatest secret of Skype communication protocol, the obfuscated Skype RC4 key expansion algorithm in plain portable C. Enjoy!

Why publish it now? - It so happened that some of our code got leaked a couple of months ago. We contacted Skype reporting the leak. Only weeks later, our code is already being used by hackers and spammers and we are abused by Skype administration. I do not want to go into any finger-pointing details here, but naturally, we do not wish to be held responsible for our code being abused. So we decided that the time has come for all the IT security experts to have it. Why let the hackers have the advantage? As professional cryptologists and reverse engineers, we are not on their side. Skype is a popular and important product. We believe that this publication will help the IT security community help secure Skype better.

Read more: EnRUPT – The Simpler The Better