Skype protocol

转载 2012年03月24日 13:14:32
From Wikipedia, the free encyclopedia

The Skype protocol is a proprietary Internet telephony network based on peer-to-peer architecture, used by Skype. The protocol's specifications have not been made publicly available by Skype and official applications using the protocol are closed-source.

The Skype network is not interoperable with most other VoIP networks without proper licensing from Skype. Digium, the main sponsor of Asterisk PBX released a driver licensed by Skype dubbed 'Skype for Asterisk' to interface as a client to the Skype network, however this still remains closed source.[1] Numerous attempts to study and/or reverse engineer the protocol have been undertaken to reveal the protocol, investigate security or to allow unofficial clients.



[edit] Peer-to-peer architecture

Skype was the first peer-to-peer IP telephony network,[2] requiring minimal centralized infrastructure.[citation needed] The Skype user directory is decentralized and distributed among the clients, or nodes, in the network.

The network contains three types of entities: supernodes, ordinary nodes, and the login server. Each client maintains a host cache with the IP address and port numbers of reachable supernodes.

Any client with good bandwidth, no restriction due to firewall or NAT, and adequate processing power can become a supernode. This puts an extra burden on those who connect to the Internet without NAT, as Skype may use their computers and Internet connections as third party for UDP hole punching (to directly connect two clients both behind NAT) or to completely relay other users' calls. Skype does not choose to supply server power with associated bandwidth required to provide the relay service for every client who needs it, instead it uses the resource of Skype clients. [3]

Supernodes relay communications on behalf of two other clients, both of which are behind firewalls or "one to many" Network address translation. The reason that relaying is required is that without relaying clients with firewall or NAT difficulties, the two clients would be unable to make or receive calls from other. Skype tries to get the two ends to negotiate the connection details directly, but what can happen is that the sum of problems at both ends can mean that two cannot establish direct conversation.

The problems with firewalls and NAT can be

  • The external port numbers or IP address are not derivable, because NAT rewrites them,
  • The firewall and NAT in use prevents the session being received
  • UDP is not usable due to NAT issues , such as timeout
  • firewalls block many ports
  • TCP through many to one NAT is always "outward only" by default - Adding Port Forwarding settings to the NAT router can allow receiving TCP sessions

Supernodes are grouped into slots (9-10 supernodes), and slots are grouped into blocks (8 slots).

[edit] Protocol

Signaling is encrypted using RC4; however, the method only obfuscates the traffic as the key can be recovered from the packet. Voice data is encrypted with AES.[4]

The Skype client's application programming interface (API) opens the network to software developers. The Skype API allows other programs to use the Skype network to get "white pages" information and manage calls.

The Skype code is closed source, and the protocol is not standardized.[5] Parts of the client use Internet Direct (Indy), an open source socket communication library.[citation needed]

[edit] Protocol detection

Many networking and security companies claim to detect and control Skype's protocol for enterprise and carrier applications. While the specific detection methods used by these companies are often proprietary, Pearson's chi-squared test and stochastic characterization with Naive Bayes classifiers are two approaches that were published in 2007.[6]

[edit] Preliminaries

Abbreviations that are used:

  • SN: Skype network
  • SC: Skype client
  • HC: host cache

[edit] Skype client

The main functions of a Skype client are:

  • login
  • user search
  • start and end calls
  • media transfer
  • presence messages
  • video conference

[edit] Login

A Skype client authenticates the user with the login server, advertises its presence to other peers, determines the type of NAT and firewall it is behind and discovers nodes that have public IP addresses.

To connect to the Skype network, the host cache must contain a valid entry. A TCP connection must be established (i.e. to a supernode) otherwise the login will fail.

 1.  start
 2.  send UDP packet(s) to HC
 3.  if no response within 5 seconds then
 4.    attempt TCP connection with HC
 5.    if not connected then
 6.      attempt TCP connection with HC on port 80 (HTTP)
 7.      if not connected then
 8.        attempt TCP connection with HC on port 443 (HTTPS)
 9.        if not connected then
10.          attempts++
11.          if attempts==5 then
12.            fail
13.          else
14.            wait 6 seconds
15.            goto step 2
16.  Success

After a Skype client is connected it must authenticate the username and password with the Skype login server. There are many different Skype login servers using different ports. An obfuscated list of servers is hardcoded in the Skype executable.

Skype servers are:


Skype-SW connects randomly to 1-8.

On each login session, Skype generates a session key from 192 random bits. The session key is encrypted with the hard-coded login server's 1536-bit RSA key to form an encrypted session key. Skype also generates a 1024-bit private/public RSA key pair. An MD5 hash of a concatenation of the user name, constant string ("\nSkyper\n") and password is used as a shared secret with the login server. The plain session key is hashed into a 256-bit AES key that is used to encrypt the session's public RSA key and the shared secret. The encrypted session key and the AES encrypted value are sent to the login server.

On the login server side, the plain session key is obtained by decrypting the encrypted session key using the login server's private RSA key. The plain session key is then used to decrypt the session's public RSA key and the shared secret. If the shared secret match, the login server will sign the user's public RSA key with its private key. The signed data is dispatched to the super nodes.

Upon searching for a buddy, a super node will return the buddy's public key signed by Skype. The SC will authenticate the buddy and agree on a session key by using the mentioned RSA key.

[edit] UDP

UDP packets:

Skype SoF
Skype Crypted Data01

The Start of Frame (SoF) consists of:

  1. frame ID number (2 bytes)
  2. payload type (1 byte)
    • obfuscated payload
    • Ack/NAck packet
    • payload forwarding packet
    • payload resending packet
    • other

[edit] Obfuscation Layer

The RC4 encryption algorithm is used to obfuscate the payload of datagrams.

  1. The CRC32 of public source and destination IP, Skype's packet ID are taken
  2. Skype obfuscation layer's initialization vector (IV).

The XOR of these two 32-bit values is transformed to a 80-byte RC4 key using an unknown key engine.

A notable misuse of RC4 in Skype can be found on TCP streams (UDP is unaffected). The first 14 bytes (10 of which are known) are xored with the RC4 stream. Then, the cipher is reinitialized to encrypt the rest of the TCP stream.[7]

[edit] TCP

TCP packets:

Skype Init TCP packet

The Skype Init TCP packet contains

  • the seed (4 bytes)
  • init_str string 00 01 00 00 01 00 00 00 01/03

[edit] Low-level datagrams

Almost all traffic is ciphered. Each command has its parameters appended in an object list. The object list can be compressed.

                                 / Object List     ... -|
        Enc      -> Cmd -> Encod
                     ^           \ Compressed List ... -|
        Frag         |                                  |
        Forward  -> Forwarded..Message

[edit] Object Lists

An object can be a number, string, an IP:port, or even another object list. Each object has an ID. This ID identifies which command parameter the object is.

         List of numbers
         RSA key
 Object List
         List Size (n)
         Object 1
         Object n

[edit] Packet compression

Packets can be compressed. The algorithm is a variation of arithmetic compression that uses reals instead of bits.

[edit] Legal issues

Reverse engineering of the Skype protocol by inspecting/disassembling binaries is prohibited by the terms and conditions of Skype's license agreement. However there are legal precedents when the reverse-engineering is aimed at interoperability of file formats and protocols.[8][9][10] In the United States, the Digital Millennium Copyright Act grants a safe harbor to reverse engineer software for the purposes of interoperability with other software.[11][12] In addition, many countries specifically permit a program to be copied for the purposes of reverse engineering.[13]

[edit] Notes

  1. ^ Skype for Asterisk – Production Released!, By pengler, August 31st, 2009, Digium - The Asterisk Company
  2. ^ Page 11 in Salman A. Baset; Henning Schulzrinne (2004). "An analysis of the Skype peer-to-peer Internet telephony protocol". arXiv:cs/0412017v1 [cs.NI]. 
  3. ^ Skype "3.3 Utilization of Your Computer", End User License Agreement, August 2010
  4. ^ Introduction Skype analysis Enforcing anti-Skype policies, Skype uncovered Security study of Skype, Desclaux Fabrice, 7/11/2005, EADS CCR/STI/C
  5. ^[dead link]
  6. ^ Dario Bonfiglio et al. “Revealing Skype Traffic: When Randomness Plays with You,” ACM SIGCOMM Computer Communication Review, Volume 37:4 (SIGCOMM 2007), p. 37-48
  7. ^ Fabrice Desclaux, Kostya Kortchinsky (2006-06-17). "Vanilla Skype part 2". RECON2006. 
  8. ^ Sega vs Accolade, 1992
  9. ^ Sony vs Connectix, 2000
  10. ^ Pamela Samuelson and Suzanne Scotchmer, "The Law and Economics of Reverse Engineering", 111 Yale Law Journal 1575-1663 (May 2002) [1]
  11. ^ 17 U.S.C. Sec. 1201(f).
  12. ^ WIPO Copyright and Performances and Phonograms Treaties Implementation Act
  13. ^ In the French "intellectual property" law set, there is an exception that allows any software user to reverse engineer it. See code de la propriété intellectuelle (French). This law is the national implementation of a piece of EU legislation: Council Directive 91/250/EEC, since then repealed by Directive 2009/24/EC of the European Parliament and of the Council of 23 April 2009 on the legal protection of computer programs which also has a very similar provision allowing reverse engineering/decompilation for the purposes of development and testing of independent but inter-operating programs).

[edit] References

[edit] External links

Skype加密技术过硬 德国警方都无法破译

11月24日消息,据国外媒体报道,德国警方近日表示,他们无法破译Skype网络电话的加密技术。 ...
  • lgyhack
  • lgyhack
  • 2007年11月25日 11:59
  • 1290


——产品介绍—— 。Skype短信通是什么? ...
  • zubin006
  • zubin006
  • 2008年02月18日 13:45
  • 4092

skype 无法更新安装

  • wqjsir
  • wqjsir
  • 2014年05月13日 22:27
  • 5402

网页中插入Skype链接标签 ,参数大全

这两天我们看了不少关于标签的知识。除了利用提供的网页来生成标签外,你也可以通过如下方法实现标签的高级功能。   使用链接   你可以把链接放入到HTML代码中,这样别人在打开页面后就能方便的联系你...
  • czs8585
  • czs8585
  • 2011年11月09日 22:21
  • 11770


QQ的代码(    --------------        QQ秀:        MSN的代码    --------------    msnim:c...
  • bobay
  • bobay
  • 2014年07月20日 01:34
  • 1105


;点 击这里QQ聊天;     ;点这里MSN聊天;     worthtech&;body=Hello:";>;Email:;   ...
  • zxf13598202302
  • zxf13598202302
  • 2016年03月03日 10:42
  • 2528


冯强/文晚上用SKYPE和在国外的弟弟联系,在使用时收到这样一个消息,我真“幸运 ”,中奖了!请各位看官注意,是“幸运”还是倒霉的开始呢?所谓的官方网页,如果你只是心中狂喜就点进去,那你就离倒霉不远了...
  • Jhzyz
  • Jhzyz
  • 2007年01月18日 23:42
  • 6465


转】Skype的P2P原理|Skype开发原理解析 Skype原理应用p2p技术,汗!   所谓P2P(Peer to Peer),其最本质的含义即“对等”,该技术最早是用于网络中对等节点之间...
  • ljh081231
  • ljh081231
  • 2014年01月19日 12:19
  • 2090

罪犯用 Skype 躲避警察

最近,意大利警方对Skype网络电话可以说是恨之入骨,很多人都会纳闷,Skype做的是网络电话, 怎么会惹着意大利的警察呢?有些东西就是很奇怪, 做的太好了反而会招惹一些是非。现在,一些贩毒、军火走私...
  • itlover99
  • itlover99
  • 2009年05月08日 11:32
  • 1393

skype 多开

今天发现一台电脑同时使用2个及以上数目的skype是不行的。   经过试验,可以有以下这个简单方法使用:   1,在skype快捷方式的属性中找到储存路径,去储存点再多创建一个快捷方式放桌面,...
  • beiquandeng
  • beiquandeng
  • 2014年06月13日 11:59
  • 1292
您举报文章:Skype protocol