Monday, 1 September 2014

Skype6x deobfuscation binaries released

Hello!

We got some news (and files) from our friend Vilko!

This is unpacked skype v6.16, with skype library moved out from exe to skylib.dll, so it can be used from your own apps.
But you should be smart enough to find out how to initialize and use it. For example, you can do dll wrapper (or stub) to sniff .exe -> .dll calls communications.

skype6x_dll.zip
magnet:?xt=urn:btih:5GC4PSDMXSS4THHILVI6U7DDERX222SE

And usual deobfuscated skype v6.16 without dll extracted.

skype6x_deob.exe
magnet:?xt=urn:btih:TQCXDRFOGD4BQUHHXEBB5UGOGV6YH5TR

P.S. And just a usual warning and some *must be here* note. Use all this files at your own risk. Do not do anything bad with microsoft-skype, and don't infringe they copyrights and intellectual property. This files just for self-learning and education. Just to make our own instant messenger with option on skype-protocol networks interoperability.

Thanks for supporting us! And don't forget to donate!

Friday, 22 August 2014

Real gateway to skype network

Hello, everyone!

I have good news for all of us! Some anonymous internet user send to me this very cool version of skypekit 3.7. Which send *no* skypekit related binary identity to microsoft-skype servers at all. So, you could use it for skype web service creation and do all other good things (its very important to have something with skype-network compatibility in public domain).

skypekit37_noid.exe
magnet:?xt=urn:btih:HYBL4XMSV5WPXM5DZFKDEOX7W5ISLLDT

skypekit41_noid.exe
magnet:?xt=urn:btih:QBU5NRQMUYGQ5M7R5GIVDGA7OMJEWBAL

So, it is. Big thanks to our anonymous friends for hard work of patching it.
Noid - means depersonalized, no blocks for users anymore (in theory, so be careful). Its acting like usual 6.18.x.x skype.

P.S. For download, just copy *magnet link from post to your favorite torrent client.
P.S2. Added skypekit v4.1.2 also with noid.

Friday, 8 August 2014

Skype 5.5, 5.9 fix for login issue after 31.07.2014

Seems like it was really more simple then we think.

So,

to fix skype login in version 5.5 deobsfucated, change unicode string 0/5.5.0.124 to 0/6.9.0.106 at offset 0xDAFCB8 in binary.

To turn off detailed logging, change bytes "0F 84" to "90 E9" at offset 0x10CEA91.
-- Vilko

So, just download files from this piratebay release:
magnet:?xt=urn:btih:FKJ5GA6OKOFB6WEU7EYIMJKYG7GMH3X7
and patch them.

P.S. Version "6.9.0.106" may not work, so better patch into something with >= 6.14.x.x, for example: "6.18.0.105".

Its fix for this news.

Friday, 1 August 2014

Workaround about skype5.x your version outdated problem


Find and run skype v3.8. Login as usual. Check "auto sign when starting skype" (i.e. save password option). Restart 3.8 again. Now, in you config.xml profile will be "Credentials2" block with your skype signed public key. Now, run skype v5.5 version. It will login automatically, and will not bore about outdated version and will not signout you. If it expires in 30 days, repeat this steps.

P.S. If 3.8 not logging in, use latest skype 6.18 version for signing and getting good credentials.

Wednesday, 16 July 2014

How skype network works


When you run skype binary, following network actions is made:

Step 1. Login stage.

Skype binary checks if saved profile exists, and try to find private/public keys and skype issued certificate in it (also called credentials).

If its first run (i.e. no profile in %APPDATA%/skype/ found), skype do generation of private/public RSA keypair 1024 bits (128 bytes or 0x80 in hex) long.

Then, its make connection to skype 'login' servers. And send skypename, MD5(password) bytes, and you public key. If authorization OK, skype will issue personal certificate for you skypename and public key. This is 0x104 bytes array signed by skype network public key, also known as CA (certification of authority) in PKI (Public Key Infrastructure). Getting we skype signed certificate means that you now successfully "login" in skype network.

By the way, certificate will be issued on 30 days only. So, after that 30 days, you MUST login again (i.e. get new skype signed certificate).

Skype User Certificate Example:

Thursday, 5 June 2014

New toys for playing

Hello everyone!

Here is a new tool for playing with skype profile data. The project skydumpcred3 allows you to dump skype credentials (something like SSL certificates) from your skype 5.x clients and check it to see your RSA 1024-bit public and private keys in it.

Also I added the cert_decrypt project which can be useful to decrypt large 0x188 bytes of AES encoding blocks from skype debug.log file.

You can download both (and compile from sources, if you want) here:
https://github.com/skypeopensource/tools/

Thanks.

Monday, 17 June 2013

Wiki re-open

Hello,

Project public wiki on http://wiki.epycs.ru/ available again.
Pass: skype/skype

UPD. Ok, i decide to open my private wiki also.

So, check it out: http://wiki.epycslib.ru
Pass: skype/skype

Thanks.

Saturday, 8 December 2012

Status update

I am still looking for some financial support for this project. Now, i do some slow research on dev.epycs.ru. Everyone who skilled enough can join.

Friday, 4 May 2012

Microsoft changes skype supernodes architecture to support wiretapping

Two months ago, Skype replaces user-hosted P2P supernodes with Linux grsec boxes hosted by Microsoft, but for what?

I found some brilliant and valuable comment about this:
I think wiretapping is one of the big reasons for the rearchitecture. Skype officially claimed they could not comply with wiretapping requests because of the P2P network as late as 2008 (http://news.cnet.com/8301-13578_3-9963028-38.html), and Microsoft was already working on wiretapping VoIP in 2009 (http://blog.tmcnet.com/blog/tom-keating/microsoft-patents-voip-and-skype-wiretapping.asp).
via Hacker News

Answer is: WIRETAPPING

So, think twice.

P.S. M$ talking, that "supernodes don't transit voice traffic" - this is bullshit. They do. In case, where you both behind NAT or in case of authority curiosity.

P.S2. Especially, for Kostya Kortchinsky at post.
Relay nodes take care of those if you can't communicate directly with the other end. There is a mutual exclusivity in that a node can't be a relay and a supernode at the same time.
Can he prove it? No. But, I can. This code, which I wrote in past, will allow for your traffic to flow via supernode(and also relay node): skyrel.c skypush.c

How to deal with AES keys? Not big problem, if you have Skype RSA CA(certificate of authority) private key, which skype/microsoft obviously have.

So, forget about security and anonymity in microsoft-skype.

Thursday, 26 April 2012

Skype User IP-address Disclosure

Hello,

Some anonymous user made a comment with a link to an interesting text. I tested this stuff and it really works.


Skype user IP-address disclosure

1. Download this patched version of Skype 5.5:
http://skype-open-source.blogspot.com/2012/03/skype55-deobfuscated-version-released.html

2. Turn on debug-log file creation via adding a few registry keys.
https://github.com/skypeopensource/skypeopensource/wiki/skype-3.x-4.x-5.x-enable-logging

3. Make "add a Skype contact" action, but do not send add request, just click on the user to view his vcard.

4. Have a look at the log file to find the desired skypename.
The record will be like this for real user ip: -r195.100.213.25:31101
And like this for user internal network card ip: -l172.10.5.17

21:16:45.818 | T#3668 PresenceManager: | noticing skypetestuser1 0x3e54a539a91a19fc-s-s65.55.223.23:40013-r195.100.213.25:31101-l172 .10.5.17:22960 23d23109 82f328ff

5. Catch that skype user via whois service.
http://nic.ru/whois/?query=195.100.213.25

The mentioned steps will help you to get the following information about a skype user: City, Country, Internet provider and internal user ip-address.
Now, you can troll him about CIA and Mossad, he-he.


Orginal link:
Skype user IP-address disclosure
http://pastebin.com/rBu4jDm8