Talk:Skype protocol

Latest comment: 4 years ago by Artem S. Tashkinov in topic Article validity and name

Privacy questions

edit
  • how private are my private conversations in Skype?
    • much better than other easy-to-use Messengers.
  • Can the NSA listen-in or monitor chat sessions for keywords and identify the users involved?
    • probably not very well due to the distributed network.
      • AES256 is considered pretty safe, the security of the encryption depends on the security of the key exchange mechanism. Skype could send the keys directly to an eavesdropper. But the probably easiest way to listen to skype communication is to compromise the computer running skype.

124.197.18.179 22:29, 28 June 2007 (UTC)Reply

I am left asking myself the same questions! The article plainly states that Communication is encrypted using RC4; the method used does not provide any privacy.
But, hello! If the traffic is encrypted it DOES provide SOME privacy. If it would provide NO PRIVACY then the author knows something that we don't. IMHO this is unacceptable behaviour in the wikipedia world. Please clarify this aspect or tell us why you cannot. (The NSA is controlling wikipedia content?)
85.197.23.252 (talk) 11:06, 2 July 2008 (UTC)Reply
These issues belong in the "Skype security" article, not in this technical article about how the inside mechanics work. Just like asking "is this clock accurate" does not belong in an article about the wheels and springs inside the clock.
77.215.46.17 (talk) 23:10, 3 April 2010 (UTC)Reply
Right and Wrong. The above paragraph is right in mentioning the Skype security article, which states (sic): Skype uses 256 bit AES encryption to encrypt communication between users, complicating the decryption of these communications. Skype's encryption is inherent in the Skype Protocol and is transparent to callers. Because of this integration the communication between users is considered to be private, although several security concerns exist. I'm just about to remove the stupid remarks about using "...256 bit AES encryption to encrypt" and "complicating the decryption of these communications" in that article, the latter being exactly what encryption algorithms are supposed to do. But it's wrong in stating that such issues "do not belong" into this technical article. If the 'article about the wheels and springs' speak about a clock that has no accuracy, then the article is worthless. -AVM (talk) 22:33, 24 April 2011 (UTC)Reply
Microsoft, NSA and various government organization around the globe have full access to your conversations, voice/video calls and files your send over Skype. If you need privacy, use another application. Skype is considered intentionally compromised and unsafe. Artem-S-Tashkinov (talk) 22:42, 25 June 2014 (UTC)Reply

Tools used

edit

Baset and Schulzrinne used:

Biondi and Desclaux used:

  • PytStop to circumvent checksums
  • Skype checks for SoftICE to prevent debugging. However RR0d debugger works.
  • Scapy interactive packet manipulation program
  • shellcode Oracle Revelator in Shellforge
  • IPQUEUE
  • SIRINGE
  • Skypy : a scapy wrapper to reassemble and decode obfuscated TCP streams (not released?)

Techniques used to defend the Skype binary

edit

Skype relies heavily on code obfuscation:

  • Much of the skype binary is encrypted. It provides its own unpacker which erases the original import table as it is loaded.
  • Code integrity checksums, executed randomly, and obfuscated with random lengths and random operators
  • Anti-debuggers
    • attempt to identify breakpoints and trap the debugger.
    • target specific debuggers by checking for certain loaded drivers
  • General code obfuscation with fake error handlers that directly manipulate memory and registers. —The preceding unsigned comment was added by Pgr94 (talkcontribs) 14:11, 7 December 2006 (UTC).Reply

Skype protocol implementations

edit

Can someone who knows please add a section listing implementations? I'm not talking about wrappers around the Skype binary client, but actual new code. The official client is obviously an implementation, it appears ++skype may also be one. Are there any others?

I'm not really sure what ++skype is. Is it just a wrapper? I'm not aware of any other implementations, but would also be interested to know if anyone has started a GPL project. Pgr94 17:14, 27 May 2007 (UTC)Reply
According to User:217.162.207.65 "++Skype library is a library for the API of the software and not for the network." Pgr94 09:51, 18 June 2007 (UTC)Reply
Fring does in fact do skype voice, but I don't know if it's encrypted. fring! --TIB (talk) 16:47, 2 June 2008 (UTC)Reply

Fair use rationale for Image:Skype logo.png

edit
 

Image:Skype logo.png is being used on this article. I notice the image page specifies that the image is being used under fair use but there is no explanation or rationale as to why its use in this Wikipedia article constitutes fair use. In addition to the boilerplate fair use template, you must also write out on the image description page a specific explanation or rationale for why using this image in each article is consistent with fair use.

Please go to the image description page and edit it to include a fair use rationale. Using one of the templates at Wikipedia:Fair use rationale guideline is an easy way to insure that your image is in compliance with Wikipedia policy, but remember that you must complete the template. Do not simply insert a blank template on an image page.

If there is other other fair use media, consider checking that you have specified the fair use rationale on the other images used on this page. Note that any fair use images uploaded after 4 May, 2006, and lacking such an explanation will be deleted one week after they have been uploaded, as described on criteria for speedy deletion. If you have any questions please ask them at the Media copyright questions page. Thank you.BetacommandBot 05:53, 6 June 2007 (UTC)Reply

This is now moot, as the logo is no longer in this article (and I am not the one who removed it).
77.215.46.17 (talk) 23:15, 3 April 2010 (UTC)Reply

Incorrect code

edit
start
 2.  send UDP packet(s) to HC
 3.  if no response within 5 seconds then
 4.    attempt TCP connection with HC
 5.    if not connected then
 6.      attempt TCP connection with HC on port 80 (HTTP)
 7.      if not connected then
 8.        attempt TCP connection with HC on port 443 (HTTPS)
 9.        if not connected then
10.          attempts++
11.          if attempts==5 then
12.            fail
13.          else
14.            wait 6 seconds
15.            goto step 2


seems incorrect

attempts not initialized. --Sylvestersteele (talk) 08:52, 2 June 2009 (UTC)Reply

  • That kind of omission is OK for pseudo code as it helps readability. It is not OK in real code of cause.

77.215.46.17 (talk) 23:06, 3 April 2010 (UTC)Reply

Skype protocol leak

edit

The obfuscated Skype RC4 key expansion algorithm has been leaked and is available in portable C code.[1] Code is available here: http://cryptolib.com/ciphers/skype/ pgr94 (talk) 19:00, 12 May 2011 (UTC)Reply

Microsoft buyout

edit

in 2003 MS made an AntiTrust Settlement, in which they told to publish a lot of interoperability data, including "proprietary communications protocols". I bet Skype protocol fals into the definition ? i wonder if someone would push Microsoft into making the protocol public. 79.111.223.5 (talk) 20:00, 14 May 2011 (UTC)Reply

Skype protocol reverse engineered by Efim Bushmanov

edit

There is news [2], that guy called Efim Bushmanov reverse engineered Skype protocol. — Preceding unsigned comment added by 83.26.113.233 (talk) 13:10, 3 June 2011 (UTC)Reply

Here is a direct link to the website: http://skype-open-source.blogspot.com/ The site appears to have received a DMCA takedown notice. Is this legal if the protocol is being reverse-engineered for interoperability? 83.33.251.146 (talk) 19:46, 8 June 2011 (UTC)Reply

It would certainly be quite legal to reverse engineer in any european country, provided it was to create a new interoperating program (for example a 3rd party 'skype format compatible' application), and that did not make direct use of any de-compiled source-code. Reading such dis-assembled source code for inspiration, and then coming up with near identical code could probably be found illegal as would distributing it for others to do so. However reading it and coming up with some fully original work that was quite different but incidentally functionally interoperable or equivalent would not be a problem, neither would distributing it to others to read and do the same. Publishing decompiled source code for others to do with as they may is (!) a case for the well paid lawyer and his expert witness, and then publishing accross national boundries is another game again. Mike (in the UK!). — Preceding unsigned comment added by 109.207.29.2 (talk) 15:53, 26 September 2011 (UTC)Reply

edit

Hello fellow Wikipedians,

I have just added archive links to one external link on Skype protocol. Please take a moment to review my edit. If necessary, add {{cbignore}} after the link to keep me from modifying it. Alternatively, you can add {{nobots|deny=InternetArchiveBot}} to keep me off the page altogether. I made the following changes:

When you have finished reviewing my changes, please set the checked parameter below to true to let others know.

This message was posted before February 2018. After February 2018, "External links modified" talk page sections are no longer generated or monitored by InternetArchiveBot. No special action is required regarding these talk page notices, other than regular verification using the archive tool instructions below. Editors have permission to delete these "External links modified" talk page sections if they want to de-clutter talk pages, but see the RfC before doing mass systematic removals. This message is updated dynamically through the template {{source check}} (last update: 5 June 2024).

  • If you have discovered URLs which were erroneously considered dead by the bot, you can report them with this tool.
  • If you found an error with any archives or the URLs themselves, you can fix them with this tool.

Cheers.—cyberbot IITalk to my owner:Online 00:58, 18 January 2016 (UTC)Reply

P2P or not?

edit

According to the article at its present state, "In 2012, Microsoft altered the design of the network, and brought all supernodes under their control", and "Supernodes relay communications on behalf of two other clients". This would appear to suggest that if all packets produced by Skype after this change would go to Microsoft. However, Microsoft told this tech magazine (in Danish, sorry) that indeed packets still travel from peer to peer directly, a claim which is backed up by the magazine's own Wireshark testing. Perhaps something else is meant in the Wikipedia article, but in that case, I think that the current wording is misleading. --pred (talk) 10:08, 13 February 2016 (UTC)Reply

It is my understanding that clients contact Skype relays in order to obtain IP addresses and port numbers for other clients. Clients then establish connections and sent packets directly to one another under a P2P architecture. The current intro says Skype is a client-server protocol, so this seems even more misleading. See this textbook around page 352, though it is possible it contains outdated information. Kreidy (talk) 22:48, 6 March 2019 (UTC)Reply

Login

edit

None of the domain names in the list under the section Login is actually current. Either the new ones should be found and posted or they should be removed. --Ispanesach (talk) 16:14, 13 March 2018 (UTC)Reply

@Ispanesach: Thanks, I'll go ahead and remove all the detailed description of the protocol; it looks like original research, at least no sources are cited. And as a proprietary protocol it's subject to change without any notice or documentation of changes, thus likely to get out of date, as has already happened now. -- intgr [talk] 17:25, 13 March 2018 (UTC)Reply
If it is any help I found that the information in the following Symantec document is still valid. Whitelisting the IP ranges as well as all the URLs provided there allowed me to make Skype work on our network whereas previously it was blocked by the firewall. Symantec Skype IP and URL info --Ispanesach (talk) 12:03, 14 March 2018 (UTC)Reply

Article validity and name

edit

The entire article is talking about the original classic Skype protocol which has long been deprecated and is no longer used however it's only reflected in the header: "The new Skype protocol—Microsoft Notification Protocol 24". I guess the article must be renamed and updated to reflect the status quo. Artem S. Tashkinov (talk) 15:01, 8 June 2020 (UTC)Reply