Here is most complex arithmetic encode of skype.
unpack-4142.c :
<skipped>
P.S. I wonder, why this post was mentioned, but anyway:
--- skype & microsoft & DMCA was here ---
Check it on The Pirate Bay and GitHub.
unpack-4142.c :
<skipped>
P.S. I wonder, why this post was mentioned, but anyway:
--- skype & microsoft & DMCA was here ---
Check it on The Pirate Bay and GitHub.
P.S2. Link on pastebin with "unpack-4142.c" you can find in comments.
WOW!!! immpresive analysis..
ReplyDeleteEspecially when most of the work is by HexRays ;-)
ReplyDeleteHexRays;-p
ReplyDeleteHexrays, hopefully, was good for 4.x analysis.
ReplyDeleteTake a look on messy "arithmetic.c" and you will have idea about all related troubles.
So what happens in this code? Can you explain?
ReplyDeleteВ десятке нах!
ReplyDeleteData after rc4 deobfusc, marked with 0x41 or 0x42 byte(tag) decoded to key(index) - value. I.e. something readable and in ascii.
ReplyDeleteAs this is reversed by you, can you explain us what and why is happening in functions unpack_42_list_76B1B0 and unpack_41_0_715D70
ReplyDeleteAnd why all the code about year old? Is it REALLY your code or ....?
Beautiful Russian ladies
ReplyDeleteEuropean and American women are too arrogant for you? Are you looking for a sweet lady that will be caring and understanding?
Then you came to the right place- here you can find a Russian lady that will love you with all her heart.
.....
Фима, а кто все эти люди в логах: shamanyst, xot_iam, cyberozz?
ReplyDeleteИ куда Шон делся? Обещал эту же хрень в Берлине показать и пропал. Или теперь ты за него?
когда запилят плугин к пиджину/либ-пурплу?
ReplyDeleteГде можно скачать hexrays ? :)
ReplyDeleteреверс этих функций унылое гавно, не знаю вы это делали Ефим или это какой то другой школьнег
ReplyDeleteначнем хотя бы
с функции
unpack_4142
которая в оригинале называется Deserialize
и является членом класса AtributeConteiner
void AtributeConteiner::Deserialize
далее
unpack_42_ctx_init_76ACD0 - это конструктор класса atributeconteiner_decoder_t::atributeconteiner_decoder_t()
unpack_42_76AEC0 это член класса atributeconteiner_decoder_t::deserialize()
unpack_42_ctx_end_714D90 это деструктор класса atributeconteiner_decoder_t::~atributeconteiner_decoder_t()
еще могу подсказать что
u32 unpack_42_ctx_init_76ACD0(u32 max_depth, u32 ctx, u32 packed_blob, u32 packed_bytes)
{
memset ((void *)ctx, 0xCC, 333*4);
dword(ctx,0x1F2) = max_depth;
dword(ctx,0x1FA) = packed_bytes;
dword(ctx,0x1F6) = packed_blob;
dword(ctx,0x312) = ctx + 0x212;
dword(ctx,0x316) = 0;
dword(ctx,0x31A) = 32;
^^^^^^ это некое подобие std::vector
dword(ctx,0x51E) = ctx + 0x31E;
dword(ctx,0x522) = 0;
dword(ctx,0x526) = 0x200;
^^^^^^^ это некое подобие std::vector
типы вектором я вам раскрывать не хочу
return ctx;
}
да и еще кстати, это не арифметическое кодирование
ReplyDeleteа упаковка обычных примитивов, по типу ASN.1 стандарта
Efim be honest. Say to the society which part is yours and which part is Sean O'Neil's work.
ReplyDeleteJust reading your irresolute bleating in efforts to explain the code leaves big doubts
Sean copyrighted his code, as you can see.
ReplyDelete> Sean copyrighted his code, as you can see.
ReplyDeleteна паблике этих файлов не было
каким образом они вам достались?
Sean говорил о том что у него была украдена эта работа
I will not comment on this.
ReplyDeleteLet me remain it behind the scenes.
Yes, many of you may doubt about how legit it was to got Sean's (VEST corporation) code and skype de-obfuscated binaries.
Lets imagine, that some unknown 'good guy' send it me by email. Or you may think, that i found it on same forum on china server. Or you may think, that i hack him. In theory its possible, but its too tricky and has no enough motivation.
You may not trust me, and claim all archive and codes to own by VEST. Its you choice. But, as i know, Sean always copyright his code. So, be sure, what all other codes, is mine. This is easy to proof if you try to make lexical or styles compare of it.
Question is not from where they from. Question is will anyone can make open source skype protocol specification and implementation based on this files(possible from illegal sources) or not?
ReplyDeleteвы меня не поняли
ReplyDeleteя имел ввиду что если у вас есть эти пару файлов от Sean, может у вас есть и остальные?
то может вы выложите их тоже?
No, this is all.
ReplyDeleteПочему ты отвечаешь по-английски на русские посты
ReplyDeleteyep,
ReplyDeletepretty accurate, but can be improved..
Do you not feel it unethical to be using a pirated version of Hex-Rays' software?
ReplyDeletelolz..
ReplyDeleteAny mirrors of this article? Without the censored cut-outs, of course.. ;)
ReplyDeleteIt was not article. Just code paste of unpack-4142.c file. Check this. http://pastebin.com/AY3abgEJ
ReplyDeleteGrats for this work.
ReplyDeleteI just don't understand why only now people were able to reverse Skype. Is there something that makes this job harder?
@JohnPitacus
ReplyDeleteOh yes. Check vanila skype presentation.