Tucked away in Syktyvkar, the capital of the Komi Republic some 1,400 km northeast of Moscow, Russian programming researcher Efim Bushmanov is getting a lot of attention. Having reverse engineered Skype protocols and then made his research available to the public via his blog just a few days ago on June 2, search queries bearing his name now generate over 10,000 responses on Google. In this interview with EWDN – his first ever exchange with the press – the 30 year old Bushmanov reveals some of what he’s been up to over the past three years while working to replicate Skype’s ‘blackbox.’ While praising Skype for its “unbelievable quality,” he responds to accusations of copyright violations and shares his vision of an open-source VoIP future.
Who is Bushmanov?
Computers are my life and my only hobby. I don’t get out too much, but when I do I prefer odd times when not many people are about. I’m an avid morning jogger in the summer – this is when I get my daily dose of fresh air. In the winter I ski cross country. I’m inspired by classical music and I’ve always got Spivakov Classic internet radio going in my apartment. I’m a loner, mostly, but I keep up correspondence with programmers and code enthusiasts from around the world online.
I graduated from the faculty of physical Sciences at Syktyvkar State University, where I specialized in theoretical and computational physics.
I was a systems administrator in two banks until the economic crisis came in 2008, and then I left because I was fed up with working there. Now I do research on my own projects. Officially I am unemployed, but I do freelance works. I do programming through such sites as rentacoder.com and scriptlance.com. This is why I have so much time to study all sorts of interesting and complex things. Like Skype, for instance.
What are your favorite things in computing?
I like learning and hacking Linux kernel. Understanding the Linux Kernel, published by O’Reilly Media, is the best book I ever read on this theme. I also like researching networks and protocols.I enjoy research and learn in Cisco production and network protocols. I am always interested in things such as the way BGP works.
In 2000, I was very interested in x.25 (SPRINTNET/TELENET) networks. They are very outdated now, but still interesting from the point of view of a protocol researcher. x.25 networks, which appeared in the US even before the Internet, were also popular in Russia in the late 1990s due to the high cost of Internet access. The main challenge was the lack of access to the network level (in OSI terminology). Access was possible only via PAD, a hardware device which enabled access, but only to the application layer.
I overcame this obstacle when I found the Cisco XoT (x.25 over TCP) specification. Later, my experience with the protocols for the x25 networks, which are very closed and proprietary, helped me a lot in my research on the Skype protocol.
So I like the challenge of research into proprietary objects precisely because they are complex, closed things. Many people see as useless and a complete waste of time, but they are in a very real sense, the mechanisms of our daily online lives.
But I also like to work on web technologies. I code in Python and Perl, sometimes with ajax/jquery.
Why did you decide to create this open source version of Skype? What was your motivation?
First of all, this was a very exciting reverse engineering challenge. Skype presents a lot of questions regarding security. I was simply curious to know what was inside.
I like Skype. It is a good product. Most importantly, it is well-tested and fine-tuned. Open source products cannot match that level of polish.
I don’t intend and I have no plans to compete with Skype in any way. Let this good product remain as it is. I just wanted to create a product compatible for all Linux users who are waiting impatiently for it. For example, we could make a jabber/XMPP/gmail gateway to Skype and a “real” pidgin plugin for it. An open source version, in addition, will be useful to everyone.
Good products don’t remain closeted for a very long time because the open source community likes them. Skype is just the kind of intruiging puzzle that has been screaming “crack me” to members of the reverse engineers community for a long time. And now, we have a proof of concept code for it.
ICQ – which was also reverse engineered – was finally surpassed by QIP client on the Russian market, for example. This won’t happen with Skype, though. It doesn’t have those annoying ads. At the end of the day, Skype will remain because of its complexity and unbelievable quality.
When did you start this work? How long did it take you? Did you do it alone?
I started to take an interest in Skype in February 2008, when I received de-obfuscated skype14.exe binary.
I didn’t work on this project continually, just from time to time. The most active phase was between 2008 and 2010, with some interruptions.
It looked like a pipe dream in the beginning, but then it became more exciting, and I took up a blackbox approach to the project. The security layers came off, one after the other. But the job remains unfinished!
The de-obfuscated skype 14 binary I had made it much easier to me than to other researchers, although a lot of research on this has been available since 2006. The most interesting studies have come from the Sean O’Neil’s VEST Corporation and the guys at EADS.net – particularly ‘Vanila Skype,’ and then ‘Silver Needle’ and other presentations.
The hardest part was to understand and reverse engineer the packing and unpacking of the internal objects or ‘arithmetic encoding,’ as it is called in Vanilla Skype. When you remove the RC4 encryption code, you can’t see the text data and you can’t figure out what is really in it. You see just this zip-like packaged object.
All this made my version look horrible. Later, however, I discovered Sean O’Neil’s remarkable reversing of the unpack_4142 function. His login/registration code to receive Skype’s certificate is also very strong.
Finding the portions of code responsible for RSA/AES, understanding how they worked and how to use them was not easy, either.
As you can see, I didn’t do the entire job myself. First, there were the guys from EADS.net, then Sean and the VEST Corporation. I did only the final stage at the application level. It consisted mainly in understanding the connection procedures in terms of packed objects (blobs). The object – usually a ‘key-value’ pair – can be associated to any structure, IP address, string text data, or some other value. I did all that with the help of other reverse-engineers, friends and family.
How did you get O’Neill’s code?
I have explained this on my blog. I will not comment on this any further. Let this remain behind the scenes.
But was it legitimate to use his code? It was supposed to be “all rights reserved” and “for academic research and educational purposes only…”
This is exactly what I did: for academic research and educational purposes.
On my blog, some commented that I did not do any research, that I just published someone else’s code (and archive) and take all the credit. They consider that all the archive and codes – those copyrighted and those not – are owned by VEST. The truth is that I wrote my own source code and research, except binaries, IDA databases, and the code copyrighted by Sean or OpenSSL. This can be proven easily through lexical or style comparisons. My code is so poorly written!
The question is not where they are from. The question is: Can anyone make open source Skype protocol specification and implementation based on these files – possibly from illegal sources – or not?
What about Skype’s de-obfuscated binaries? Don’t you fear claims of IPR violations from Skype or from Microsoft, its new owner?
Let’s say that some unknown ‘good guy’ sent these binaries to me by email. Or perhaps I found them on a forum on a Chinese server. Theoretically I could have hacked them, but such a task was too tricky and I didn’t have enough motivation for that.
‘Intellectual property’ is a legal term, and I am no legal expert. I did not copy anything. I have only done reverse engineering based on already de-obfuscated skype binaries. I modified them a bit, mainly for additional logging, to better understand how it worked. I started writing the protocol specifications so that open source clients could communicate with Skype and send messages to it.
Skype is accusing me of preparing “malicious activities like spamming/phishing.” They are sensitive about spam. It is the main problem of instant messaging platforms. But I haven’t done anything related to spamming or phishing via Skype.
The funny thing is that reverse engineering doesn’t violate any Russian laws. Regarding spam, there is a rarely invoked law against it. But Russian ISPs and webmail services are really tough on spammers. Their zero tolerance approach to spam is in some ways more strict than in the West.
Still, I am aware that there may be consequences for my actions. Nothing is without risk. But if something happens to me, now anyone can complete my work with the files and the tools I have made available. No more encryption and obfuscation!
Regarding Microsoft – which has very few friends in Russia – someone from Sophos wrote that they might find some kind of commercial or trade advantage in an open source version of Skype. I doubt there will be any cooperation on the part of Microsoft, but we’ll see. After all, they couldn’t prevent Samba from becoming compatible with Windows in spite of all their constraints! The same thing could happen with Skype, so Microsoft, I hope, will stay neutral.
What is your vision of a future? Do you envision an open source VoIP application similar to Skype?
There is still so much to do! Probably a 3d-party client for Skype will appear in a couple of years, supported by at least one VoIP codec, for example Silk, the source code of which Skype has already published.
But I think it will remain a game for geeks rather than any real threat to Skype’s business. However, we all known that Microsoft is at war with [open-source telephony software] Asterisk. They have cut connections between Skype and Asterisk. So, if this work which I have set loose should ever reach a really mature stage and achieve a degree of competitive quality, Asterisk and other open source initiatives will have a real alternative.
Tens of thousands of people have already downloaded Skype’s code. One day, professionals will complete the job with the programming for voice. Then someone will complete the video. We’ll have fun when the first video spam appears, hehe…
Many fear spam, but what we do is just technology. How people use technology, for good or bad, must remain a decision for each individual.
If Microsoft or Skype offered you a job, would you work for them?
It all depends on what kind of work they wanted me to do and the contract. I am open to offers. Anyway, my research has already been made available. The files have been set loose into the world and anyone with a mind for it can continue building this open source version of Skype.
This interview was conducted by Adrien Henni and Alexander Ivanov of East-West Digital News, the international resource on Russian IT.
The interview may be reprinted partly (up to 50%) royalty free without prior authorization from EWDN and under the conditions that EWDN (1) Be acknowledged as the source, indicated as follows: “Source: East-West Digital News, the international resource on Russian IT industries” with a link to the corresponding EWDN page <http://www.ewdn.com/?p=4002> and (2) Be informed in writing <firstname.lastname@example.org>.