FakeSkype : Source code

July 8, 2012

So pals, here we are..

Here is the code (dirty, yes really), of the proof of concept client that interacts with the Skype network (hope you read Skype Reverse Engineering : The (long) journey or at least Skype Reverse Engineering : Genesis and gave a look to Skype Protocol Reverse Engineered (Video)).

  • FakeSkype.zip: The client

    Microsoft Visual Studio 2008 Solution Bundle. Don’t forget to set absolute paths of the .\FakeSkype\includes and .\FakeSkye\libs\openssl as additional directories in project settings before compiling.

  • SkypeKeyServer.zip : Skype RC4 Seed To Key Server (cf Skype Reverse Engineering : The (long) journey)

    99,9% of Skype transmissions are RC4 encrypted, with a 128 bits key generated from a seed, seed that is calculated from environmental parameters like Public Ip adress etc.. The mechanism that generate the key from the seed is smartly obfuscated, protected with intentionally provoked exception as code branchements. Then i decided to run trough this by writting a little soft, running in server mode, that read seeds in entry, inject seed in a skype process, and get back the 128 bit key from the skype process, and send it to the key requester.You can run this in a virtual machine or a windows server. All you have to do is to launch the Skype v2.5 client (install version from SkypeSetup.zip) and then launch the SkypeKeyServer.exe. Now that the server is running, you have to set it up in the code, by changing the line 5 of the Cipher.cpp file :

    #define     KEY_SERV_ADDR    “192.168…”

    Just replace the IP Address by the one of your server and you are ready.

Update : It seems like the protocol changed a little since the time :) ! Causing the FakeSkype client to fail on SuperNode Scan.. I’m currently trying to figure out what changed. Stay tuned :) !!

Comments

  1. aDobee says: 22/01/2013

    Just. Great! I wanna hear more about this soon, please! :)

  2. Eion says: 19/02/2013

    Any updates on fixing for the SuperNode scan? I’d love to turn your code into a libpurple plugin :)

  3. john walti says: 18/04/2013

    Oh when can we expect and update?

  4. herryxiang says: 05/08/2013

    There must be wrong with FakeSkype.zip.Because no function call to functions BuildHeader2Send,BuildBody2Send BuildUIC2Send in ChatManager.cpp. Could you update it? Thx

    • admin says: 08/08/2013

      Hey, i think every thing is alright with the zip. Did u managed to compile ?

      • herryxiang says: 09/08/2013

        yes,but in your video the words ‘oj.med.says:Message Recu : )’ and ‘Sending Body oj.med.says:Message Recu : )’ should print in function of BuildHeader2Send,BuildBody2Send in ChatManager.cpp and the fact is BuildHeader2Send and BuildBody2Send are not called by any function. I don’t know why. can you explain it?

      • herryxiang says: 09/08/2013

        and do you know the data structures for voice,video call or file transfer? Are they all stored in OBJECT like chat?

  5. herryxiang says: 08/08/2013

    hey, the exchange rc4 key mechanism between sc and sn seem to have been changed since skype 3.0. Do you know this change now? Look forword to your update!

  6. herryxiang says: 08/08/2013

    please give a replay. Thx!

  7. herryxiang says: 08/08/2013

    give me a reply!

    • admin says: 08/08/2013

      I don’t think it’s changed @version 3.0 because it was still working with Skype 4.0.

      Anyway i didn’t got back to the topic yet, but i’ll be glade if you keep me up to date if you find something.

      Did you gave a look with oSpy as described in the long journey post ?

      • herryxiang says: 21/08/2013

        When call RequestHashListDetails() on EventContacts the connection is always reset by Event Server though Event Server Authentification is Successful.Do you know why?I need your help. Thx!

        • admin says: 24/10/2013

          Humm.. You managed to go over the SuperNode scanning ?

Add a Comment