Skype protocol cracked – what happens next?

A chap by the name of Efim Bushmanov has just published a claim that he has reverse-engineered the Skype protocol.

He hasn’t reversed it completely, and he hasn’t yet created any Skype-compatible alternative software, but that’s the stated goal of his work so far:

While "Wall Street Journal" makes politics and skype today's trend, i want to publish my research on this. My aim is to make skype open source. And find friends who can spend many hours for completely reverse it.

Skype was big news recently when it was acquired by Microsoft for US$8,500,000,000 – despite having a billion dollars of debt and having recorded a financial loss last year. An open source project to create a Skype-alike software product would therefore be an interesting beast.

In fact, open-source Skype implementations for Linux and OS X would probably be in Microsoft’s overall interest – Microsoft could simply give up on the existing Linux and OS X code bases without creating any bitterness amongst those communities. They’d be able to take up the software development reins – just as gung-ho open sourcers are supposed to if they don’t like what’s already on offer.

And if Microsoft can build an attractive-enough back-end service for Skype, it will be able to convert Skype from a loss-making peer-to-peer pseudo-telephone company into yet another handy reason to sign up for a Microsoft LiveID and to join the fun in the Cloud According to Redmond.

If that were to happen, an open-source Skype would probably distract from any open-source projects aimed at creating a genuine alternative. We’d just end up with multiple choices of client for the Skype service, rather than a complete competitive service.

And an open-source Skype clone would provide at least some sort of technical reference for the long-secret and carefully-hidden internals of Skype and its protocols. That, too, would probably be in Microsoft’s favour – by reducing the objections of those security practitioners who don’t like secret cryptographic implementations.

What we can’t guess, however, is how Redmond will respond.

Will Bushmanov get a cease-and-desist letter? Will anyone who looks at his reverse-engineering efforts be tainted when it later comes to implementing Skype-compatible code?

When Andrew Tridgell set about understanding Microsoft’s SMB protocol – eventually giving us SAMBA, an open-source interoperability suite letting Linux and UNIX computers talk to Windows networks – he didn’t decompile any of Microsoft’s code.

He simply watched the traffic generated by SMB implementations until he understood it well enough to produce an alternative implementation. (I once played pool against Tridge. He flogged me mercilessly.)

If Bushmanov hasn’t taken this “clean” approach – and the presence of IDB files (IDA Pro disassembly databases) amongst his published downloads suggests that he has not – then this could end up in an interesting legal battle.

Sony, for example – which recently wanted to take vigorous legal action against George Hotz, a US hacker who worked out how to jailbreak the PS3 – ended up with a civil court judgement against Hotz’s web hosting company, Bluehost. Bluehost was forced to give Sony a list of IP numbers and account details of anyone who had looked at any of Hotz’s webpages.

This time, Microsoft is in Sony’s place. Bushmanov takes over from Hotz. And Bluehost is replaced by Google – because Bushmanov is using a recently-created Blogspot account to publish his results.

For all we know, this could end up as Microsoft versus Google in court over access to logs and account details. That would certainly be a case to watch! (Of course, only the lawyers would actually benefit in the end. So let’s hope it doesn’t turn out that way.)