Talk:Skype Protocol

From Wikipedia, the free encyclopedia

You have new messages (last change).

[edit] Tools used

Baset and Schulzrinne used:

Biondi and Desclaux used:

  • PytStop to circumvent checksums
  • Skype checks for SoftICE to prevent debugging. However RR0d debugger works.
  • Scapy interactive packet manipulation program
  • shellcode Oracle Revelator in Shellforge
  • IPQUEUE
  • SIRINGE
  • Skypy : a scapy wrapper to reassemble and decode obfuscated TCP streams (not released?)

[edit] Techniques used to defend the Skype binary

Skype relies heavily on code obfuscation:

  • Much of the skype binary is encrypted. It provides its own unpacker which erases the original import table as it is loaded.
  • Code integrity checksums, executed randomly, and obfuscated with random lengths and random operators
  • Anti-debuggers
    • attempt to identify breakpoints and trap the debugger.
    • target specific debuggers by checking for certain loaded drivers
  • General code obfuscation with fake error handlers that directly manipulate memory and registers. —The preceding unsigned comment was added by Pgr94 (talkcontribs) 14:11, 7 December 2006 (UTC).
Retrieved from "http://en.wikipedia.org../../../s/k/y/Talk%7ESkype_Protocol_1df3.html"