Tuesday, 7 June 2011

Crypto, skype and politics

Please, don't take this too serious.
Its just nice theory about future, cryptoalgorithms and politics.

[politics on]

Someone ask good question.

@anonymous at 7 June 2011 02:17
> why you release files now?

So, time to talk about politics and my try to effort a little support to "Navalny".

Please, start read carefully at first post.
And try draw you own conclusion.

Hint tags: dissident, security, politics, eavesdropping, belarus, egypt freedom.

I don't want to Russia FSB (Fima Sergeevich Bushmanov, haha) to stop process of Liberty. And to allow overtake it by Putin regime.

I don't want another one-political-party-for-all like 'KPSS' to be present here for ages. 'Edinaya Rossia' should take away from political scene for next years.

See http://navalny.livejournal.com/ blog for details. If there is no political competitions, there is no freedom. This is way to hell and Stalinism(Putinism).

I like two political parties at least, like in USA or EUROPE.

So, i want provide info about strong VOIP encryption way for all dissidents. Now, only skype software provide unbreakable strong level of voice encryption and widely used. Skype owned by MS, i bet, will not provide that, because of money and political engagement.

Only 'individual' vs 'big corporations' can do this.

My aim is to overtake political regime in Russia(Ha-ha!), if it will probably take in stagnation, because of Putin or Medvedev indirect corruption support.

Check http://russian-untouchables.com/ site. For get a alternative political view of Russia today.

In worst cases scenario, we can change skype RSA 'main' public and secret Certification Authority (learn PKI) key, and use our own secure network 'based on skype binary' for allow rebellion flashmobs. We just need change ip addresses of login server, and change CA public key certificate in binary.

Take a look on "Strategy 31" group in Russia.
Yes, they a morons, but they are try to make freedom for all of us.

Regional elections was already illegally(but they claims it was legal, of course) overtaken by current 'Edinaya Rossia' and Putin administration regim.

So, regional politics people will count, like "Pi == 10 in war times".
In 2011 December.

We should not admit or allow it.

Have the true securely private communication is one most important point to overtake regime. Egypt proof of it.

So, take very, *very* care about FSB trojans and viruses. But still use Skype for securely communication. Even, if someone claim that it insecure. It is secure. Until someone hack in your or your's peer computer. Or until someone break AES - American Encryption Standard(and until Skype CA trusted). And it will be even more secure, when we will have open-source Skype protocol specification.

Yes, i am talk like crazy-russian-bear.
But it was like i thinking.

[politics off]


  1. Efim, you'd better continue to work on the project. That would bring much more benefit to the society than spending energy on heating the air together with the people that do not know what to do next if 'bloody' Putin will go away.

    And please read some more about what happens in Egypt today, after Mubarak resignation - that will probably make you calm a little bit.

    BTW, I recommend you to take away any binaries from the net - you really can get into big trouble. Restrict your publications to explanations and technical details - reverse engineering is not prohibited if you do it in scientific and / or compatibility purposes.

  2. Andrey is right about this. Politics is politics and we can all get all excited about it but it's not always as it seems.
    Anyway whatever your motivations I think what you're doing will benefit many people. I see open source skype being used on devices where the close sourced binary wasn't available.
    In the long term I also see open source competition that will support Skype and a free open source network too.
    Once again thank you for your work.

  3. "I recommend you to take away any binaries from the net"

    This is will broke of my idea. This is usual skype binaries, just patched against obfuscation. And with anti-debug removed. They apparently need for ongoing skype research. So, this is not for "distribute" to world, but for academic research on them.

  4. Неожиданно. Поддерживаю.

  5. Efim, you are living in the real world, don't you ? There is a law and you have no other option but to follow it or you will get punished (and we have already seen some stories in Russia). BTW, this is not specifical 'Russian' thing, same is in US (DMCA) and in Europe as well.

    In short: you can't amend the executable (take off the protection) and distribute the result. What you can do is make any research and publish it on the net. And trust me, this is not breaking your idea anyhow.

  6. "There is a law and you have no other option but to follow it or you will get punished"

    Laws is about jurisdiction. And country. And Priority. Skype so called "EULA" about "please, not reverse it" has no sense about more priority "civil code" laws and Constitution.
    Any one have rights to known. To know how any things work. Corporation like Microsoft and Skype try to trick us, for that we will forget it.

    Knowledge is Freedom.

    Thinks recent about Sony. They tries, and so?
    Anonymous crowd piss on them.

    Laws created by people. IP laws created by very rich people who want to stay very rich.

    Do you will continue support you Boss when it hit you by kick ass, and say that you ass its his IP?

  7. Anyway, in Russia, for now, no DMCA or something like that crap of US shit.

  8. Efim, we have Civil Code part 4 (часть 4 Гражданского кодекса) in Russia - please read it carefully. There are also some articles in the Criminal Code (Уголовный кодекс) as well (see articles 272-274). Plus, Russia has joined some international agreements on IP protection. I am not an legal but I am following this more or less regularly so trust me you are under risk.

    Reverse engineering is allowed only in scientific and compatibility purposes (see article 1280 of the Civil Code). But you in any case are not allowed to distribute the code.

    Please visit www.duralex.org - that is the blog of Pavel Protasov, civil rights activist and journalist who is concentrating on IP cases. You will find a lot of samples from today's Russia where people were punished for some illegal actions with the software, music etc. Do not take it so easy (crap-shit).

  9. IP is shit, go on "skypeopensource"!

  10. Yes, let's fuck the KGB folks in PERDACHELLO!

  11. skypeopensource, you are ridiculous :(

    I spent 3 days to go through the code. Most of that shit is direct output of hex-rays decompiler. Some parts where you and your friends (Sean O’Neil) have tried to build spamming tools. I guess you were not able to get it running and now you and Sean wanted to have some fame.

    Some things where you look very good:
    a) Stealing from your friends.
    b) Stealing fom www.hex-rays.com
    c) Stealing from skype
    d) Stealing OUR TIME!

    Shame on you.

  12. "I spent 3 days to go through the code."

    o rly?
    did you understand them?

    "Shame on you."

    I have 30 kg of popcorn here.
    So, please, continue this conversation.

  13. No more “conversations”.

    I even deleted all the files.
    Yes, based on the “code” and the binary files - THIS STUFF IS ILLEGAL!!!

  14. Ололо, отличный пиар стант. Пиарасы уже писают кипятком. Мало того, что ничего в реверсе актуального протокола не добились, дак еще и политику приплели.

  15. AFAIK there is a concept like copyright in almost every country. This concept was/is needed so the author of a creation, can extract reasonable value from his work. The idea was to protect the author, so he can present his work to someone with the means of massproduction/-duplication and start negotiating his share of revenue genereated via massduplication. This system got perverted many decades ago, no doubt about that, but for the time being it is valid law in almost every country.
    Others pointed out, that this holds true for russia, so publishing modified binaries is a violation of copyright-law, which can be prosecuted.
    Open-sourced Skype would be a good thing, but with disregard to exising law you will only get sued, and be forced to abandon your project.

    This is completely unnecessary, be clever, don't publish binaries or source-code others hold copyright on. Just publish how-tos, documentation, patches. No copyright-infringement, no legal prosecution.

    a) Instead of a deobfuscated skype-binary, do a binary diff between the original binary and your deobfuscated version to produce a binary-patch. This patch only contains your changes, only you have the copyright for those changes, so it's perfectly legal to distribute them.
    Put the binary-patch online, together with instructions how to use it

    b) Instead of a tool which could be (mis-)used to spam the skype-network, document and publish your knowledge of the skype-protocol.
    This documentation can be used by everyone i.e. by open-source projects like pidgin/libpurple with no legal trouble, no trouble to you and even more important (you want this knowledge used to protect freedom, right?) no trouble for the users.

  16. @Anonymous

    Thanks, nice ideas.

    "you want this knowledge used to protect freedom, right?"
    Not really. If you about politics freedom and etc.
    Its will be cool, of cause.
    But, i too lazy to do it, and its not my business, so, in really, i don't care much of it.

  17. Why sites like oldapps.com hosted other's binaries without DCMA troubles?

  18. Because they might have permissions and, very important, they do not host AMENDED binaries.

  19. I rethinking all this.

    In other words, Skype got caught in Egypt to provide not SAME level of security for all skype users.

    Think something about not viruses or trojans.

    But about MITM attack with uncorrect signed by skype CA skypename certificate.
    For allow mitm attacks.

    Or better way.
    Signed by Skype 'minor update' which contain government spyware code for monitor dissident activity(and stealing they private keys and/or skype passwords).

    This is major security breach in encryption
    infrastructure. Which they allow. And now was down for it.

    C'est la vie.

    P.S. I bet what they 'playing to the end' with they 'high prices' eyesdrop solutions.
    Which they start providing since facebook and twitter revolutions or even more early.

  20. I am open new post for this thoughts.

  21. > "I even deleted all the files.
    Yes, based on the “code” and the binary files - THIS STUFF IS ILLEGAL!!!"

    Not for me, and not in my country. Sorry.

  22. @andrey

    Take into you mind. I not going to do money on it.
    Its some kind of academic research.

    So, the matters only:

    Criminal Code (Уголовный кодекс) as well (see articles 272-274).

    Which have no statements about:
    spam, international IPR, and so one.

    So, this is *safe* for me.
    And i just get LULZ about skype, microsoft, DCMA and IPR :)

    Nice then?

  23. I have a idea.

    Should i setup page with asking some academic 'grant' for support this research?

    Is 'Skolkovo' will donate to Skype protocol specification research?


  24. Efim, there are several things you should know, understand and consider:

    1. Reverse engineering. It is allowed in Russia for scientific and compatibility purposes. Here everything is OK for now, but I would highly recommend to summarize your findings in a more readable form than free flow of mind (look at any RFC as a sample).

    2. Distribution of original or somehow modified executable files produced not by you not accordance with the terms of the license issued by the author/owner (read: any Skype executables, no matter if somebody has already changed it or not). It is prohibited, no matter if you earn something or not.

    3. Distribution of original or somehow modified source codes produced not by you and not available under free/libre/open source licenses. It is prohibited, no matter if you earn something or not.

    There is Article 146 in the Criminal Code, you should read it too.

  25. @andrey

    Ok, i got with this. Big thanks for you take a look on my case.

    Can you check 'advocatish practishe'(real world russia examples) on this law 'article'?
    Especially about international affairs.

  26. Here please:

    I know the situation there is technically different from yours but here is a sample of how a company that is not directly represented in Russia, works in such cases. And companies that do have offices in Russia are even more aggressive - you can find easily lots of cases initiated by Adobe or Microsoft. Same with music/videos - we already have cases against end users like in US/Europe.

  27. I think you're a bit crazy using your real name for all of this. There is a reason all cracking groups go by alias ... good luck with the legal stuff but I think you are definitely at risk here comrade.

  28. @Anonymous

    This should be a legal code after. For include it as GPL or something in libraries and framework in messengers.

  29. "only skype software provide unbreakable strong level of voice encryption" - that's bullshit!

    google for zrtp to educate yourself a bit on current state of voip security.

  30. @anonymous

    "that's bullshit"
    i mean ".. and widely used".

    "google for zrtp to educate"
    Where can i download zip file with client,
    and how many clients available online at same time?

    i agree with you, when google webrt will be as widely used as skype.

  31. To hell with copyright, patents and all that "intellectual property" nonsense!

    However, if you intend to abuse it for inciting riots, then I will by all means support undertaking the same measures by the FSB against you, as your admired United States of Aggression have taken against Osama bin Laden, for it shall be well-deserved.


    Oh, no, wait, one more thing... The Russian Federation may be a corrupt country, it has worsened under the presidency of – sorry, if I mistranliterate it – Dmitry Anatolyevich Medvedev.

    But you are making a fool of yourself if you keep attacking Vladimir Vladimirovich Putin. It suggests that you are either a moron, or that you were in deep coma during the disastrous years of Boris Nikolayevich Yeltsin's presidency. You had better think of that period the next time that corruption comes to you mind!
    Or are one of those disgruntled criminals who yearn for the liberty to loot?!

    Basically, with a blog post like this, you are just shitting in your own mouth, and if you live in the Russian Federation, you ought to praise its politics, because it has kept the Russian Federation a free country, outside of the World Trade Organization, which would turn the Russian government into its lackey when it comes to the enforcement of that despicable craziness called "intellectual property laws".

    And be thankful for it! Basically, it appears to me that unless you start messing up with politics, the Russian government could not care less and you will be unharassed and quite free to do what you please, pursue your goal of reverse engineering.

    And think of ElcomSoft the next time you start basing the Russian federation and bowing before the United States of Arrogance.
    The chances are that you would be jailed for years for this, whereas you can rest assured that you will be free in the Russian Federation as long as you go about your business and do not meddle in politics.

    BTW, if you are worried about your hosting, I have an even better tip for you: move it to the Islamic Republic of Iran, because it does not recognize any of those crapitalist concepts of "intellectual property"; in fact, they openly and officially defy them. :-)

  32. Correction:
    And think of ElcomSoft the next time you start bashing the Russian Federation...

  33. @Anonymous

    IranSkype. Sounds cool.

    FSB and russia politics can not into english, so this is okey, dont worry for me.

  34. there is a phenomenon called Astroturfurfing - all those trolls whining about this beeing against copyrights: screw you. it is completely legal to provide download mirrors for skype.

    and even if it was illegal - who cares?
    everyone who cares about privacy and democracy benefts from your it, please keep up the good work ;)