fun with skype
aaron posted in interesting on May 13th, 2006
Whilst poking about in my inbox for things related to skype, I found this presentation on skype internals given by Philippe Biondi (who wrote the awesome tool Scapy) and Fabrice Desclaux at BlackHat Europe this year. Being a proprietary VOIP tool, I expected skype to have some levels of obfuscation built in so that you can’t easily build a replacement client, but after reading through this presentation I was pretty amazed at everything they found and were able to subvert under the hood. Here are some of the points I found interesting:
- o Most of the skype binary is encrypted, and it provides its own unpacker which erases the original import table as it’s loaded.
- o Polymorphic code integrity checksums, executed randomly, and obfuscated with random lengths and random operators. They came up with a scheme with debuggers on two independent copies of skype, and relays the correct checksums back to the original modified binary. Hacktacular. They also tried binary patching and removing the entire loop, which actually increased the speed of skype,
- o Anti-debuggers that attempt to identify breakpoints and trap the debugger. It also targets specific debuggers by checking for certain loaded drivers.
- o General code obfuscation with fake error handlers that directly tweak memory and registers. After identification they were able to bypass most of this by injecting shellcode directly.
- o Skype uses an obfuscated rc4 function for network obfuscation, not for privacy. They were able to get around this with more shellcode injection.
- o They wrote a scapy wrapper called skypy to reassemble and decode obfuscated TCP streams and “speak skype”.
- o They have an interesting analysis of the authentication procedure and general skype communication.
- o They also show how to cleanly firewall off skype, which isn’t as simple as you’d think.
- o They cover how to secede from the main skype network and put up your own.
- o A skype botnet with the heap overflow they mention would be pretty scary as most people won’t know how to block this type of opaque network traffic
Some Biondi’s incidental tools used in the presentation are also very cool:
- o Shellforge — This is a tool for creating #include’able shellcode from original C statements
- o PytStop — A new (alpha) debugging engine written in python
- o Siringe — ptrace based process injector
June 9th, 2006 at 7:18 am
why skype?
September 12th, 2012 at 9:31 pm
I’ll right away clutch your rss feed as I can not to find your email subscription link or newsletter service. Do you have any? Kindly allow me understand in order that I could subscribe. Thanks.
December 26th, 2012 at 6:13 pm
Hello! Someone in my Myspace group shared this site with us so I came to check it out. I’m definitely enjoying the information. I’m bookmarking and will be tweeting this to my followers! Great blog and great design.
January 18th, 2013 at 7:46 pm
We’re a group of volunteers and starting a brand new scheme in our community. Your website offered us with useful info to work on. You’ve done an impressive task and our whole community can be
grateful to you.
February 6th, 2013 at 4:32 am
Simply want to say your article is as amazing. The clarity in your post is just nice and
i could assume you’re an expert on this subject. Well with your permission allow me to grab your RSS feed to keep updated with forthcoming post. Thanks a million and please continue the gratifying work.
February 8th, 2013 at 9:49 pm
I with each other with my pals happened to become reading by the very best guidance from your net blog when all of a sudden developed a terrible feeling I had not expressed respect for the weblog owner for those approaches. These young males are already for that reason joyful to study all of them and have now sincerely been loving them. We appreciate you genuinely genuinely thoughtful after which for choosing these types of decent topic matter a lot of people are actually eager to discover. Our honest regret for not expressing appreciation to you sooner.
March 11th, 2013 at 12:46 pm
What i don’t understood is actually how you are not really much more well-liked than you might be right now. You’re so intelligent.
You realize therefore significantly relating to this subject, produced
me personally consider it from so many varied angles.
Its like women and men aren’t fascinated unless it’s one thing to do with Lady gaga! Your own stuffs outstanding. Always maintain it up!
March 22nd, 2013 at 6:28 pm
I know this if off topic but I’m looking into starting my own weblog and was wondering what all is required to get set up? I’m assuming having a blog like yours would
cost a pretty penny? I’m not very web savvy so I’m not 100% sure. Any suggestions or advice would be greatly appreciated. Thanks
April 9th, 2013 at 9:12 pm
wonderful post, very informative. I wonder why the other experts of this sector do not notice this. You must continue your writing. I am confident, you’ve a huge readers’ base already!
April 9th, 2013 at 9:13 pm
Good site! I truly love how it is easy on my eyes and the data are well written. I am wondering how I might be notified when a new post has been made. I’ve subscribed to your feed which must do the trick! Have a nice day!
April 9th, 2013 at 9:16 pm
Hi, i think that i saw you visited my website so i came to “return the favor”.I am trying to find things to enhance my web site!I suppose its ok to use some of your ideas!!
April 14th, 2013 at 7:36 am
This is a excellent site to learn about Charlie Harper artwork.
May 19th, 2013 at 11:03 pm
Quality work, glad to have stumbled on this place on blogs list.
This is the kind of resources that should be shared
online. You should really give consideration to writing more stuff
like this on web 2.0 list. It’s a pity that search engines aren’t giving midnightresearch.
com a higher ranking. If you’re interested, please come and pay a visit to my web site. Kudos