Tuesday, February 12th, 2008...1:52 am
Skype Protection Levels – Do you know about them?
Skype is not just a VoIP tool, it’s a black box with the multiple protection layers.
In addition Skype’s an interesting look at software architecture in general.
Look – you know, everyone is acquainted with classic client-server architecture, it’s easy to implement and maintain. But usually it’s accompanied with the expensive hosting infrastructure(do you know the numbers youtube spends on hosting?!).
But Skype developers (and original developers of Kazaa as well) implemented distributed self-organized peer-to-peer network, P2P. So, everyone might be a host.
Okey, let’s go on.
Skype’s executable is encrypted and it dynamically decrypts itself as it load into memory. The dump flush and analysis is difficult since startup code is cleanded after execution and we get executable that cannot be launched. Integrity checks are executed in random order, basically upon incoming call event. Basically there are no static calls and most important functions are called using dynamically calculated and obfuscated pointer.
Interesting, isn’t it? What do they hide from us?
You can find more information and detailed description by Kris Kasperski here
More links:
Leave a Reply