Skype Protocol Has Been Cracked

nsrCZ writes "The Skype core protocol has been reverse-engineered by a Chinese company. The interesting thing is, that although the protocol is closed, it is not patented and thus it is not against the law to crack it. If it's true, then it could affect the whole eBay/Skype business in many ways, including that they might not get their piece of the emerging Chinese cake." From the article: "By cracking the Skype protocol, the company claims it can also block Skype voice traffic, Paglee said. 'They could literally turn the lights off on Skype in China very, very quickly,' said Paglee, who is also a lawyer and engineer, speaking from California on Friday. The company could transfer the technology to the Chinese government, which has continually sought ways to tighten its filtering and control over the Internet. So far, the company doesn't have any plans to market its blocking capabilities, Paglee said."

Innovation

[SleeknStealthy]

I love how the Chinese innovate. Corporate espionage, reverse engineering and overall IP infringement...Skype should have patented its technology, but it's not like the Chinese respect IP anyway.

Re:Innovation

[Anonymous Coward]

I love how the Chinese innovate. Corporate espionage, reverse engineering and overall IP infringement...

Yes, the US have been a good master.

Re:Innovation

[LittleBigLui]

Exactly. Reverse engineering is theft! And Skype should have patented not only their protocol but also talking itself!

Re:Innovation

[spyrochaete]

Thanks for sharing your generalizations about the most populous country in the world. Obviously every aspect of China meets your concise description.

Re:Innovation

[IAmTheDave]

Thank you - not to mention that every true innovation stands on the shoulders of giants who came before. Want to know why patents/copyrights are killing innovation? Because there are now police lines around those proverbial shoulders.

True, groundbreaking innovation is rarely anything more than a modification of an existing process or practice or idea or thought. An ingenious one, yes - but without the work that came before, there would be nothing. Stopping the work that can come after is nothing short of criminal.

Re:Innovation

[c_forq]

Come on now, he didn't comment on every aspect of China, just the corporate one. And to be fair in the corporate arena you pretty much have to do what the competition is doing to stay in business, wither it be espionage, bribes, maximizing efficiency, price cutting, or advertising.

Re:Innovation

[saleenS281]

So exactly where has China innovated?

Automobiles they have "chery" whose entire line-up are shoddy copies [paultan.org] of cars already produced by other manufacturers.

We have Huawei, who has literally stolen Cisco's router code [microscope.co.uk] to make a "competing product".

And then we have their military who happened to... yes steal [theepochtimes.com] their designs as well (at least the stuff they didn't just purchase from Russia and reverse engineer).

So exactly what are these innovations taking place in China you wanted to defend?

BTW, the

Re:Innovation

[DarkDragonVKQ]

Oh I don't know, perhaps the inventions from long long ago that made their way across the Silk Road into EUROPE. Yeah...

Re:Innovation

[spyrochaete]

That General Tso sure makes some delicious chicken! How's that for starters?

Re:Innovation

[Schraegstrichpunkt]

So exactly where has China innovated?

Apparently you never heard of the MD5 and SHA-1 breaks.

Re:Innovation

[JPribe]

And patenting their protocol here in the States would have what effect in China? Please share, as I seem to have forgetten and am in need of a reminder.

Re:Innovation

[arivanov]

That is if you can patent a protocol.

Protocol in itself is not an invention.

You can have a protocol as a part of an invention or rely on an invention to work, but in itself...

The chances of patenting it even in the US are pretty slim.

Re:Innovation

[sholden]

Because the US respected all the British IP in its early days.

Re:Innovation

[castoridae]

Even if our ancestors were also "wrong", it's still "wrong" for China (defined as the collective group of infringing companies, government agencies and individuals which happen to reside and work in China) to do it.

* Quotes intentionally added to "wrong" to allay any possible tangent subthreads about how IP/patents/copyrights are in principal wrong/imorral/broken. Gotta know your audience. :-)

Re:Innovation

[Aardpig]

Why exactly is it wrong? If the Chinese government gives the go ahead, can't Chinese entities do what the fuck they like with Skype? Or any other piece of software, for that matter?

Re:Innovation

[castoridae]

You missed my point (specifically, you missed my "footnote"). I'm saying that you have to apply your principals consistently. If it was wrong for the US in colonial days, it's wrong for China now. If it isn't wrong for China now, then it wasn't wrong for the US then.

Re:Innovation

[fotbr]

According to your, mine, and many other people's sense of ethics, perhaps. Ethics, like morality, are individual.

Re:Innovation

[1u3hr]

it's still "wrong" for China (defined as the collective group of infringing companies, government agencies and individuals which happen to reside and work in China) to do it.

What "infringement"? As TFA says, THERE IS NO PATENT. They reverse-engineered a protocol. A week ago, some Americans did the same to the Galileo GPS signal [slashdot.org]. And that will lead to a direct monetary loss to Galileo. Was that "wrong"?

copyrights are in principal wrong

The word is "principle".

Re:Innovation

[kfg]

Even if our ancestors were also "wrong". . .

IF our ancestors were also wrong. . .

It remains to show they were wrong, and in doing so you necessarily question the legitimacy of the USA's sovereignity. We were signatory to no treaties to "respect" British IP and our ip laws still differ. It took a special act of Congress to partially respect the British copyright of Peter Pan (which is, in effect, in perpetuity, forbidden by the US Constitution).

If and when China does not respect American ip they are wrong because we are both signatory to the Berne Convention treaty, even if we were both wrong to do so.

And bearing in mind that the current administration has declared that treaties it has willfully signed are not binding upon it, as that violates American legal sovereignity. Yes, the Supremes have recently bitch slapped them over that, but the current adminstration seems to be gearing itself up to treat that as a legal opinion not actually binding upon it.

And herein lies the real damage that has been done to America's international standing in the past few years. If we declare null and void international law to which we are signatory on war, torture and due process why the fuck should anyone respectfully decline to copy Pauly Shore movies, no matter how cruel that is?

KFG

Re:Innovation

[Anonymous Coward]

Because the US respected all the British IP in its early days.

Jeez, when will you guys get it?

Like information, MUTTON CHOPS WANT TO BE FREE

Re:Innovation

[Jeremy Erwin]

Perhaps I'm being unrealistically naive, but the original concept of the patent system was "full disclosure for protection". During the patent term, manufacturers would have to obtain a license to duplicate the patented object, but after those 17 years were up, no assistance (engineering or otherwise_ from the original inventor would have been necessary-- because the invention had been fully disclosed.

If skype had patented its system, it would have had to disclose elements of its protocols which would make it quite easy for any espionage shop to infiltrate, route around or otherwise frustrate.

Consider, for instance, a lock manufacturer. Their cylinders are described in exquisite detail in their patents. A person skilled in the art of lock-picking might find their patents to be of particular interest. But if the lock incorporates security mechanisms which defeat all potential attacks, it doesn't matter if they are disclosed.

However, if the companies key manufacturing division and distribution network are infiltrated, then a duplicate key can probably be manufactured with a modicum of difficulty. That's why such practices are not disclosed in the patent, and are usually subject to "trade secret" regulations.

P.S. I'm not so sure that the NSA and CIA let IP laws get in the way of espionage.

Re:Innovation

[tomstdenis]

Um hello, IBM PC clones anyone?

Oh that's right you were born in the 90s and don't remember the 80s.

Kids these days...

Re:Innovation

[tomstdenis]

And so is reverse engineering skype. I don't see why everyone is harping on China here. It's not like their the only country to do this.

It's just ignorant xenophobia that allows people to bad mouth an entire nation based on what are essentially standard operating practices anywhere else.

Tom

Re:Innovation

[tomstdenis]

Yeah, well you have to look at the audience... You got mostly white males in the ages of 16-24. They think they know everything about anything and therefore can easily feel comfortable shooting off about entire peoples they have never met. The fact that they're american doesn't help either :-)

On the flipside some of the stereotypes and comments are well deserved. I mean, read comp.lang.c for a week. You'll get a lot of "I have to write this program and I don't have the first damn clue" types of posts, amazingly enough mostly from India. Look at phishing stats, they're mostly organized by people in Eastern block countries. That's not conjecture or hyperbole that's the truth. China does have a track record for more than just reverse engineering. Classic IP violations are more common than in other nations [although I wouldn't say it's epidemic like some people suggest].

So like all nonsense there is some element of truth to it.

Tom

Re:Innovation

[babbling]

Why should Skype have patented this, and how does this negatively affect Skype?

Skype don't get their money from people installing their client, they get their money from people paying for the extra services like SkypeOut, SkypeIn, and so on. They should regard maintaining the Skype clients as an unwanted hassle. What they really want is as many people as possible connecting to their servers and using the extra services. This is separate from the protocol.

If I was an executive at Skype, I would view this as a good thing for the company. It's only going to result in more users. It's strange that Skype didn't voluntarily open up their protocol earlier!

Re:Innovation

[saleenS281]

I think you're missing the point... this company won't just make another Skype client, they'll make their own "skype" network. Skype won't get anything because this will be a completely different service. The reason this is of concern is because it is well known in the Chinese market, if there's a Chinese alternative, the people will use it (notice Google losing out to the Chinese duplicate).

Re:Innovation

[Em Ellel]

Skype should have patented its technology, but it's not like the Chinese respect IP anyway.

Erm, ok, if they patent it, don't they have to disclose details of it? Kinda defeats the purpose of having a secret closed protocol that Skype wanted. I think there might be a better way to protect IP, via "trade secret" or something like it, but I am no specialist in the area :-)

-Em

Did "DVD Jon" help them out?

[BroncoInCalifornia]

He seems to be the world's best reverse engineer!

Tapping

[slindseyusa]

Isn't the more important aspect of this the concern that anyone could use this to tap into a conversation over Skype?

Re:Tapping

[Barsema]

From TFA :

The company, however, has not been able to decrypt the phone calls passing through those computers and listen in because of the complicated encryption keys used during calls, Paglee said.

So I guess not.

Re:Tapping

[x-vere]

Burn!

Closed Protocol != Security

[Penguin Programmer]

Closed protocols are not a substitute for security. Any traffic that goes over the internet can be intercepted. Once you have the packets, it's just a matter of figuring out what they mean. This certainly does raise concerns that tapping into Skype conversations may become easy, but this was bound to happen eventually and should be no surprise to anyone.

Besides, who really cares? Phone conversations can be tapped into. Cell phones, too. Everyone knows not to transmit confidential information over the phone.

Re:Tapping

[Antique Geekmeister]

I agree with you. Skype, due to its central corporate authentication of the RSA keys for customers, is ripe for law-enforcement mandated man-in-the-middle attacks. Without publising their protocol and any safeguards they've embedded in it, such as a public RSA key repository similar to those used by many GPG users, it's technologically easy for them to authenticate a centralized key upon request for NSA, CIA, FBI, or my aunt-Matilda-if-she-asks-them-nicely tap in the center of any conversation connection.

For all such transactions, whether they are SSL, SSH, or some proprietary technology like Skype, you have to trust the site that holds the server keys or the people that write the software not to embed backdoors or fake keys to allow tapping. There are even technical reasons to permit such forgery: web-proxies for high-availability banking transactions, for example, may want to have their SSL keys multi-hosted. I've sat in on discussions about exactly that sort of approach and its security consequences.

Anyone who assumes that Skype conversations is immune from a legal wiretap order or even an unconstitutional Patriot Act order that Skype dare not publish due to the Patriot Act's nature is engaging in wishful thinking. If you want real end-to-end encryption, you have to have personal control of the key exchange. In fact, that's how PGPphone used to work, if you can still lay your hands on a copy of it. It just never got broadly enough deployed, or provided the convenience and computer->cheap telephone call services that Skype provides.

PGP Phone

[Civil_Disobedient]

In fact, that's how PGPphone used to work, if you can still lay your hands on a copy of it.

Oh, I'm sure you can find it floating around somewhere [slashdot.org].

In His Apartment Earlier

[neonprimetime]

Paglee details in his blog a call he received from the engineers using a rudimentary client. Part of the proof that the protocol had been cracked came when the engineers sent Paglee the IP address of his computer, information that normally would be encrypted during a Skype session.

Little did he know they were in his apartment earlier in the day.

Does it really matter?

[Rosco P. Coltrane]

Closed Skype protocol gets cracked in X months == Skype releases a new version with a new closed protocol that'll take X more months to crack. Big deal...

Anyway, Skype is a big no-no for me. I don't like software that connects to who-knows-what and uses bandwidth all the time without any way to know what the heck it's doing.

It could indeed.

[Rob T Firefly]

The company could transfer the technology to the Chinese government

In other news, my front door could be unlocked with my house key, I could inhale the next time I need oxygen, and water could cause things it touches to become wet.

Re:It could indeed.

[regen]

The interesting thing is since skype uses encryption and encryption use by private citizens is illegal in China, just using skype could get you arrested. But then again, if the Chinese government wants to arrest a citizen in China they just do it and can find (or make up) a reason for the arrest afterwards.

Re:It could indeed.

[orzetto]

But then again, if the Chinese government wants to arrest a citizen in China they just do it and can find (or make up) a reason for the arrest afterwards.

...See the straw in the Chinese's eye and not the beam in your ass... In America they don't even have to make up something later to deport you to Guantanamo, and in Europe you can be abducted [cnn.com], tortured at a military base, and dumped in some sort of Konzentrationlager in some country not too fussy about human rights.

Start worrying about civil rights in yo

Net Neutrality

[hansamurai]

They could sell it to US Telco companies and make a little profit too.

Wouldn't it depend on perspective?

[Timex]

The interesting thing is, that although the protocol is closed, it is not patented and thus it is not against the law to crack it.

I'm sure Skype's lawyers might see this differently.

If this happened in the US, lawyers would be crying "foul!" on the basis of the protocol being a Trade Secret, and they would have something to say about the agreement that one sees when installing the software. I believe I remember seeing a "no reverse-engineering" clause in there.

This being a Chinese source, though, means that US rules don't necessarily apply.

Re:Wouldn't it depend on perspective?

[rednuhter]

Who says they had to install the software ...
If the packets are coming across their routers then they are pretty fair game, although I doubt they did break it without the software, if asked they [could/should/would] say they only examined packets in transit.

Re:Wouldn't it depend on perspective?

[IamTheRealMike]

Trade secrets are just that - secrets - and have no protection under law. You find them out, good for you.

Reverse engineering isn't illegal either and that cannot be changed by a EULA. As far as I'm aware a protocol is not an "invention" per se, so it cannot be patented either. Though with the modern state of the US patent office, who knows ....

Re:Wouldn't it depend on perspective?

[vertinox]

I'm sure Skype's lawyers might see this differently.

I'm sure the Chinese authorities might not care what they see differently.

Re:Wouldn't it depend on perspective?

[geekoid]

Clean room reverse engineering pretty much solces any EULA issues.

Re:Wouldn't it depend on perspective?

[DerekLyons]

The interesting thing is, that although the protocol is closed, it is not patented and thus it is not against the law to crack it.

I'm sure Skype's lawyers might see this differently.

Skype's lawyers can see it however they want - but in this instance, they have no legal leg to stand on. It's not illegal to replicate something protected as a trade secret. (It *is* illegal to steal or 'borrow' it, or to hire employees from a rival to 'work on your own _x_'.)

Why would a protocol be closed anyway?

[otis wildflower]

I mean in this day and age, depending on the secrecy of a closed protocol running on top of an open network for a business model seems pretty... dumb... Though obviously they are also trying to do services (like SkypeOut) which make much more sense, what is the value in having a proprietary protocol, when something like SIP (maybe an updated version that supports P2P negotiation) is out there? I mean it's not like the OSS world is playing catch-up this time (like, say, Jabber is compared to AIM's install

Isn't that sweet?

[botzi]

"Even if it was possible to do this, the software code would lack the feature set and reliability of Skype,"

Don't you just love when people speak with certainties about yet unreleased things? Sure, it may well lack it for about 24 days. Then what happens? I'm not convinced that people would base stand alone software on that protocole anyway. More likely soe SIP clients would implement the protocole as an add on.

If it were patented

[mocm]

they couldn't make it closed. That is the purpose of patents.

Blocking

[slashkitty]

Do you really have to "crack" the protocol to block the traffic? Were their packets that well disguised?

Re:Blocking

[smbarbour]

Unless it looks like other well-known traffic, wouldn't it be a lot easier to block using a "I can't tell what this is, so just discard the packets"-type filter? The device filtering the traffic will see the session from start to finish, so it's not like it has to figure it out mid-session.

Re:Blocking

[Anonymous Coward]

Excerpt from http://lists.grok.org.uk/pipermail/full-disclosure /2005-November/038646.html [grok.org.uk] :

*********

1) Skype will initially attempt to contact supernodes, the IPs of which
are in a file stored along with the other files that Skype installs. The
first method of contact is direct. The source ports that Skype attempts
to connect from are non-default ports. From my observations I could see
that the UDP source port 1247 is the initial control channel. Once the
connection is established, the rest of the communications is done in TCP
over non-default source ports with ranges sweeping from 2940-3000.
In general, any company that is serious about its security policy would
have strict egress filtering rules, which makes identifying the
non-default source/destination ports that Skype uses irrelevant since
they would be blocked anyway.

2) If the above fails, Skype will use the proxy server specified in Internet
Explorer, and attempt to tunnel the traffic over port 443 using the SSL
protocol. The destination IPs are of course random as above, which makes
destination blocking out of the question. The only option left is to
block SSL,
which is not really a solution, unless you want to end up excluding all
legal SSL destinations.
Deleting the user's proxy settings would also disallow Skype from
connecting. That would however leave the user without internet access.
Even if the user had no proxy settings, and the proxying was done
transparently (which would definitely include proxying http and https
traffic), the Skype traffic (SSL) would again be transparently proxied,
which puts us back at square one.

********

The aforementioned link however speaks of a somewhat twisted method of blocking out skype by restricting outbound HTTPS to only the requests adressed by FQDN.

Perhaps Skype will eventually just use SSL over 443 for the whole of the communication in order to establish connections, which is quite an effective method of bypassing any kind of firewall or filter put in place by a corporation. And the same technique holds true for any other "undesirable" protocol. With VPNs now starting to use SSL over 443 to evade restrictive outbound ACLs, it's getting more difficult to restrict what leaves your network.

Re:Blocking

[jroysdon]

Using "SSL" over 443 has long worked for bypassing firewalls and even proxies [roysdon.net]. I wrote about this back in 2003 and have been using ever since. It works even through a proxy server, as the proxy server just has to blindly forward all "SSL" traffic over port 443. By the very nature of SSL traffic, there is nothing you can do about it. All I do is wrap my SSH (or whatever) traffic inside an "SSL" stream and you can't touch it without breaking every other https site.

The only way to block this would be to cr

Re:Blocking

[jroysdon]

However, this makes the assumption that all someone is doing is voice. If you looked at my ssh tunnels over tcp/443, it has everything I'm doing going through it (essentially like a VPN), and it is all to the same remote box that proxies what I do.

I don't think NARUS can tell when voice calls start and stop if I'm running remote Terminal Services (RDP and/or Citrix), other VPNs to other customers (within the SSH), web traffic, email, steaming music (last.fm [www.last.fm]. While I'm very unique, and what I do is unique,

Re:

[account_deleted]

Comment removed based on user account deletion

Re:Blocking

[Duncan3]

Yes. Skype is one of the most sneaky and well disgused protocols ever.

Mainly becasue they "borrow" (no such thing as stealing on /.) massive amounts of bandwitdth from the people unfortunate enough to meet the *.edu criteria to be a supernode.

Botnet designers have nothing on Skype, except alot to learn.

They renamed the protocol

[Anonymous Coward]

It's now call Scrype terraphone and it love you long time

Reverse Engineering

[ultrasound]

it is not patented and thus it is not against the law to crack it....

Patenting something does not prevent anyone from reverse engineering it, and in fact they wouldnt need to because the mechanism would be documented in the patent.

Reverse engineering is not 'against the law' in most parts of the world, only the US thanks to the DMCA (C is for copyright, not patent), so therefore they probably have not broken the law if they did this outside the US. At present it is legal in the EU to reverse engineer a competitors product for the purpose of producing a compatible interface, sadly however that may not be the case if the proposed "directive on criminal measures aimed at ensuring the enforcement of intellectual property rights" is ratified.

Re:Reverse Engineering

[YU Nicks NE Way]

The parent is only "informative" in the weakest sense. Yes, a patent application must contain detail sufficient for a third party to replicate your invention. However, that detail is utterly useless until either the patent expires or an infringement case comes before a court. In particular, if I hold a patent on process X, then I hold a grant patent to bar any comer from constructing any mechanism which implements the patented process. (Bear in mind that the current European controversy has nothing to d

Further Clarification.

[pavon]

Patenting something does not prevent anyone from reverse engineering it, and in fact they wouldnt need to because the mechanism would be documented in the patent.

Well no, because you can't patent a protocol. Instead they could patent a core method upon which the protocol is based, and that method would be made public - in non-specific legalese, that would in itself be practically useless for the purpose of implementing the protocol. The details of the protocol itself would still need to be reverse engineered.

You are absolutely right about reverse engineering not being illegal. In fact even with the DMCA reverse engineering is still entirely legal. The catch with both the DCMA and patents is what you can do with the protocol once it has been reverse-engineered. In the case of patents, the basic priciples have been disclosed, and you are allowed to distribute any additional information that you learn about the implementation, but you are not allowed to implement the protocol without a patent license.

In the case of the DCMA, you may be* prohibited from disiminating information that you have reverse-engineered, if can be used to circumvent a copyright protection device. I don't think that would apply in this case - what copyrighted work is being protected? The only possibility are the conversations themselves, but this does not allow you to listen in on anothers conversation, it simply allows you to initiate new coversations. Assuming that you are using secure cryptography, revealing the mechanism of the encryption does not weaken the security of the system, only revealing the keys, which in this case are generated per connection, like SSL.

So unless Skype's security is crap, which I don't believe to be true, the DMCA would not restrict you from publishing the details of the protocol, or third party implementations of it. On the other hand patents could. Therefore, the submitter was correct in bringing them up as a potential barrier, even if his wording was not.

* The law contradicts itself, and while there have been some precident setting cases, the interpretation is still very much up in the air.

Patents != legally uncrackable

[Aim Here]

The article submitter seems to be a lot confused regarding the law. There's nothing unlawful about cracking a patented algorithm. It might be unlawful to market a device using the same encryption, in those parts of the unfree (softwarewise) world where software patents are implemented, but that's a different thing.

Cracking encryption algorithms is generally only unlawful where the encryption is a method of encrypting copyrighted material, AND the country involved has implemented some variant of the DMCA or EUCD. That's the legal machinery that DVD Jon had problems with. The Skype Protocol won't be covered by DMCA-like provisions.

Re:Patents != legally uncrackable

[elgaard]

You should't even have to crack it. You should be able to just read the patent application.

In theory that is.

link to info on skype protocol

[throwaway18]

Lots of info on how skype works, including that the people who run skype could evesdrop on conversations, the possibility of using skype to relay non skype traffic and an overflow security hole (hopfully now fixed) were revealed four months ago.

Silver needle in the Skype at Blackhat Europe [secdev.org]

Re:link to info on skype protocol

[numatrix]

Mod parent up!

1) Almost all (if not every bit) of this is not new information, it was already broken in the above referenced article.

2) Blocking the traffic was already described in the article, all the Chinese government had to do was read the paper some time ago instead of waiting for these schmucks to "discover" it.

3) If you read the paper you'll see how much work Skype goes through to make it hard to dissassemble their code and protocols. I'm sure if blocking in China becomes an issue they'll have the

Re:link to info on skype protocol

[throwaway18]

Almost forgot, An analysis of the skype protocol from 2004 [arxiv.org]

No one should use Skype anyway

[Bromskloss]

Good point in the FAQ of standards based (H.323, SIP) communications program (text, audio, video) Ekiga:

Ekiga is not compatible with Skype and will never be as long as their protocol will stay proprietary. We do not think using closed protocols for communications is a good thing.

For more info on the repercussions of this...

[viper21]

Check out:

Skype Journal [skypejournal.com]

Looks like there are a lot of opportunity for deeper business integration. Wonder if this opens up any vulnerabilities for standard client users?

Paglee means . . .

[narsiman]

Paglee - a mad girl in Hindi. (mockingliy)

Welcome to global communications.

The Skype's the Limit

[Doc Ruby]

A real patent of Skype's protocol (if a protocol patent could be considered "real") would have published all the details, precisely to protect by law what Skype instead protects by secrecy.

Of course China's mafia government would have found ways to to protect their local "infringers" if it gave them control over Skype's important telecom traffic.

An open protocol using open software from more than a single (point of failure) source is a lot more reliable in the face of large scale attackers, like a government. SIP and IAX are safer.

AsterSkype

[Doc Ruby]

Now that it's (reportedly) proven crackable, it should be a matter only of time before someone gets a cracked Skype protocol into an open Asterisk module.

Reverse engineering

[wiredlogic]

Reverse engineering is always legal. The only question is whether you have the right to do anything with the results of such activity. You can only infringe a patent directly if you engage in the commercial sale of products using patented technology.

You can be found guilty of contributory infringement if you publish detailed information about how to go about infringing a patent. This is a shady area though, since the patent itself already describes the technology in question so it boils down to an evaluation of the individual's intent.

Re:Reverse engineering

[geekoid]

not any more - See DMCA.

NSA congratulates Paglee

[kanweg]

on being second.

Bert

Literally

[RPoet]

They could literally turn the lights off on Skype in China very, very quickly

No, they could metaphorically turn the lights off on Skype in China very, very quickly.

Incorrect view of the law.

[Anonymous Coward]

As most people here seem to be somewhat lacking in knowledge over the legal aspect, just because something does not have a patent does not mean it is legal to crack it. Reverse engineering may or may not be legal depending on the country the reversing was done in. US law is *NOT* global law, as so many large US companies and the US government itself is learning. Patents, ignoring their frequent misuse by US companies, are designed to protect innovative ideas long enough for a person or entity to make profit

A lot has been known for a few years now ...

[__aadkms7016]

This paper [columbia.edu] was published in 2004, by the VoIP group at Columbia. It reverse-engineers the Skype network with sufficient detail to let one make a serious attempt at firewalling Skype traffic.

Re:Open Source?

[Macthorpe]

So your solution to China cracking the protocol is to make it open-source.

You are a genius.

Re:Open Source?

[ikejam]

Gizmo project? http://www.gizmoproject.com/ [gizmoproject.com]

Re:Open Source?

[BioCS.Nerd]

What the hell is that supposed to mean? First of all, let's address this statement:

I can't do anything useful with it except when I use their crap.

Perhaps you wrote this incorrectly, but, by definition, nothing is useful unless you use it. Would you care to elaborate why you think their service is useless crap? Oh yes, this nugget of gold:

... I hate Skype just because their protocol is closed.

(emphasis mine)

What you're saying, implicitly, is that you have no real qualms against Skype aside from their lack of openess with respect to their protocol. That's absurd! I could understand if you disliked this about their service, but to actually hate their service because of this one fact is borderline stupid.

Re:Open Source?

[Millenniumman]

I think he is complaining because he has to use the Skype application. He can't do anything useful with the protocol except when he uses their application.

Re:Open Source?

[BioCS.Nerd]

I'd certainly hope so. But in his/her vague response, a failed opportunity to bring an intelligent and interesting discourse to our corner of the web was lost.

Re:Open Source?

[guruevi]

It's not as stupid as soon as you have to actually use the darn protocol. If you implement a VoIP phone server with all bells and whistles and all of a sudden some jerk-manager asks why you didn't implement the functionallity to Skype the company... well, because it's not open, I can't use it... but I want to call you with Skype from home, that's VoIP too isn't it... aargh.

Re:Open Source?

[spyrochaete]

If Skype was open source would they have had the leverage to enable free calls within North America until the end of this year? Even if so, is it wise or ethical to make such a powerful technology open source? There is potential for abuse when you open up any technology, but I think the subject gets even touchier when it's a free gateway to technology everyone in the continent uses (PSTN).

Re:Open Source?

[spyrochaete]

Jajah sounds extremely impressive, though it's unfortunate that it requires a landline on both ends. I imagine they use VOIP to bridge PSTN lines local to the recipeint. Smart! I suppose in a way this is even more complex than simple VOIP to PSTN - one fewer degree of separation.

My comment about open source was more of a financial issue, not so much a programming methodology issue. Skype is near the top of most telco's 10 most wanted lists, so I presume they are willing to go that extra mile to provi

Re:Open Source = Openser

[mpapet]

This isn't really an insightful comment. It's currently modded as such.

Asterisk does not currently provide the nuts and bolts of connecting SIP callers. It's SIP integration is not built out so great either. (ex. can't easily connect to a STUN or RTP proxy)

The normal procedure is to use an SIP server with asterisk as a voicemail backend.

The SER and OpenSER SIP server projects both connect to asterisk.

There is no reason to use skype's proprietary protocol. Good for the Chinese for putting a dent in their proprietary methods. Let SIP providers compete on a service basis, not protocol competition.

Re:DMCA?

[alienw]

Uh, no. See Lexmark vs. SCC.

Re:DMCA?

[flipper65]

More to the point, Skype did not copyright the technology.

Re:DMCA?

[riflemann]

Think about it - your conversation could arguably considered copyrighted information (as it's being recorded) - and the Skype protocol "effectively" protects it from being played back.

Not that the DMCA is relevant to me, yet (being outside the US), but I like this (currently) hypothetical topic...

Don't the anti-curcumvention provisions in the DMCA only protect the copyright holder? As the person doing the talking over Skype, presumably you are the copyright holder, and thus you are therefore allowed to de

Re:DMCA?

[drinkypoo]

I realize that the DMCA doesn't extend outside of the USA, but could Skype use it to block this software/information in the US?

This is why mod points should be more carefully controlled.

The DMCA explicitly protects your right to reverse-engineer for the purposes of interoperability.

Re:DMCA?

[DevanJedi]

If mod points were more carefully controlled, your post wouldn't have a score of 5 either.

Re:DMCA?

[Aardpig]

The DMCA explicitly protects your right to reverse-engineer for the purposes of interoperability.

Except when it might interfere with the profits of the MPAA*.

*See DVD Jon

Re:DMCA?

[schon]

The DMCA explicitly protects your right to reverse-engineer for the purposes of interoperability.

The reverse-engineering clause has many exceptions - not the least of which is "non-infringing uses"

And as a previous poster pointed out, it interoperability didn't stop the MPAA suits against DeCSS.

Re:DMCA?

[drinkypoo]

as a previous poster pointed out, it interoperability didn't stop the MPAA suits against DeCSS.

The DMCA also prohibits the construction, possession, and/or use of a device to defeat copyright infringement. In a case where the law contradicts itself, the people with the most money win.

Re:DMCA?

[Bogtha]

your conversation could arguably considered copyrighted information (as it's being recorded)

Is it being recorded though, or just transmitted? Something is only copyrighted once it gets fixed into a medium. So if you are recording to disk and then transmitting, that would be protected by copyright. But the user would hold the copyright, not Skype, so Skype couldn't use the DMCA against anybody.

I thought that maybe Skype could include a copyrighted logo or something at the beginning of each transm

Re:Implicitly, Skype has lost its best feature..

[throwaway18]

To be able to reverse-engineer the Skype protocol, these guys had at one point or another to decrypt the data, and encrypt it as well.

What this means is that they could configure their application as a SuperNode and intercept conversations, files, text in between.

This is not a valid conclusion. To send out and receive audio when participating in a call it is necessary for a client to have the crypto keys. When the client is running on a general purpose computer the keys are inevitably accessable by the end

Re:Grammar Nazi to the Rescue

[tprox]

Talking into a teapot or a teacup would probably block most of the sound provided you weren't talking very loud.

Re:Grammar Nazi to the Rescue

[Blue Trapezoid]

It's British English [wikipedia.org]. Get over it.

Re:Patent != secrets!

[Andy Dodd]

Yeah. In the case of Skype, legality of reverse engineering the protocol would depend on the EULA of the software being reverse engineered.

I'm sure Skype's EULA forbids reverse engineering the protocol, thus Skype has legal grounds to sue whoever reverse engineers the protocol for violating the license agreement.

Re:Interoperability

[Oliver Defacszio]

Skype, much like DVDs prior to CSS getting cracked, wasn't useful.

Hear that, everyone?

If you're one of the millions who found a ton of value in Skype before it was cracked, you were very, very wrong, because this anonymous Internet jackass has said so. No matter how valuable you think Skype was before, it really wasn't.

You know all the money you saved on long distance calling since Skype dropped the fees behind North American calls? That didn't happen either.

But, as you'll guess, now Skype will be

Re:Hmm

[flooey]

What's to stop them from changing the protocol now?

The several million people whose copies only support the current one.