Talk:Skype protocol: Difference between revisions
Content deleted Content added
implementations? |
|||
| Line 23: | Line 23: | ||
** target specific debuggers by checking for certain loaded drivers |
** target specific debuggers by checking for certain loaded drivers |
||
* General code obfuscation with fake error handlers that directly manipulate memory and registers. <small>—The preceding [[Wikipedia:Sign your posts on talk pages|unsigned]] comment was added by [[User:Pgr94|Pgr94]] ([[User talk:Pgr94|talk]] • [[Special:Contributions/Pgr94|contribs]]) 14:11, 7 December 2006 (UTC).</small><!-- HagermanBot Auto-Unsigned --> |
* General code obfuscation with fake error handlers that directly manipulate memory and registers. <small>—The preceding [[Wikipedia:Sign your posts on talk pages|unsigned]] comment was added by [[User:Pgr94|Pgr94]] ([[User talk:Pgr94|talk]] • [[Special:Contributions/Pgr94|contribs]]) 14:11, 7 December 2006 (UTC).</small><!-- HagermanBot Auto-Unsigned --> |
||
== Skype protocol implementations == |
|||
Can someone who knows please add a section listing implementations? I'm not talking about wrappers around the Skype binary client, but actual new code. The official client is obviously an implementation, it appears ++skype may also be one. Are there any others? |
|||
Revision as of 12:12, 27 May 2007
Tools used
Baset and Schulzrinne used:
Biondi and Desclaux used:
- PytStop to circumvent checksums
- Skype checks for SoftICE to prevent debugging. However RR0d debugger works.
- Scapy interactive packet manipulation program
- shellcode Oracle Revelator in Shellforge
- IPQUEUE
- SIRINGE
- Skypy : a scapy wrapper to reassemble and decode obfuscated TCP streams (not released?)
Techniques used to defend the Skype binary
Skype relies heavily on code obfuscation:
- Much of the skype binary is encrypted. It provides its own unpacker which erases the original import table as it is loaded.
- Code integrity checksums, executed randomly, and obfuscated with random lengths and random operators
- Anti-debuggers
- attempt to identify breakpoints and trap the debugger.
- target specific debuggers by checking for certain loaded drivers
- General code obfuscation with fake error handlers that directly manipulate memory and registers. —The preceding unsigned comment was added by Pgr94 (talk • contribs) 14:11, 7 December 2006 (UTC).
Skype protocol implementations
Can someone who knows please add a section listing implementations? I'm not talking about wrappers around the Skype binary client, but actual new code. The official client is obviously an implementation, it appears ++skype may also be one. Are there any others?