30 year-old Efim Bushmanov from Syktyvkar, the capital of the Komi Republic some 1,400 km north-east of Moscow, a self described “free lance researcher,” claims he is on the way to completely reverse-engineer Skype’s proprietary protocol and encryption systems.
“My aim is to make Skype open source and find friends who can spend many hours to completely reverse it,” writes Bushmanov on his blog, where he made the protocols available for download on June 2.
Bushmanov uses the same AES and RSA encryption methods and Skype public key infrastructure as are used in the official Skype application.
“Most hard things are already done,” says Bushmanov, at least for Skype’s previous 1.4 version protocol, which has been slightly changed in Skype’s newer 3.x and 4.x versions and a bit more in the most recent 5.x versions.
Reverse engineering, the process of observing and analyzing the principles of a program and trying to make a new program that does the same thing without using or simply duplicating the original, is a legal activity. The question now is focused on whether or not Bushmanov has indeed gone the legitimately competitive route in his efforts, which he has advertised as mostly complete. On his site, Bushmanov has made an appeal to programmers to assist him in finishing the job.
Skype did not take long to respond. Bushmanov is accused of preparing “malicious activities like spamming/phishing” and “attempting to subvert Skype’s experience” while “infringing on Skype’s intellectual property,” a company statement says.
If one knows how the protocol is built, it is possible to send messages to Skype users. “Skype is sensitive about spam. It is the main problem of instant messaging platforms. But I did not do anything related to spamming or phishing via Skype,” responds Bushmanov in an exclusive interview with East-West Digital News.
“The funny thing is that reverse engineering does not violate any Russian laws,” Bushmanov adds.
The news may come as an unpleasant surprise for Microsoft, which acquired the VoIP provider last month for a whopping $8.5 billion. Some have speculated, however, that open-source Skype protocols could be in Microsoft’s overall interest – open source communities would be able to “take up the software development reins,” commented Paul Ducklin, Head of Technology at Sophos Asia Pacific. ”And Microsoft could [then] build an attractive-enough back-end service for Skype. If that were to happen, an open-source Skype would probably distract from any open-source projects aimed at creating a genuine alternative. We’d just end up with multiple choices of client for the Skype service, rather than a complete competitive service.”