Previous | Home | Next
Phil Wolff
More by Author

Did A Developer Open SkypeNet Without Skype?

August 10, 2005 02:54 PM

Topics: Business | Developer Zone | Developers | Products | Security | Skype API | Skype Partner Watch | Technology | freedom | software

João Brogueira writes:

On 1 June 2004, Jean Mercier posted an article on SkypeJournal making an analysis of how many users are online at a certain our within a 24 hours period. This raises the question of how to register the values without being waked up during all night.

The same Jean Mercier as per request of Bill Campbell, of SkypeJournal, shows how to make a video to register the Skype window and the number of users online.

I was surfing the Web today and I found this very interesting post claiming to have miniSkype, a small program that can not only register these values but also export them directly to a database for later analysis.

In short:

  1. Jirong Zhou posted a test program on his blog, likely written by others.
  2. It logs in to the Skype network, without Skype.
  3. It gets data from the Skype network, like the number of people online.

Let me describe the screenshot for you...

It is a Windows XP desktop and three windows are open.

Two stacked on the left are titled "miniSkype v0.0.0.01". They each have a Log In/Out dialog panel on the left, showing "shantou001" logged in with a five character password and a "Log Out" button. To the right of the dialog panel is a text box showing a log of miniSkype's activity.

The first window's log shows:

    Login
    listen on random port
    connecting SkypeNet ...
    SkypeNet connected

The status bar shows a "1", "3", "login success", and "305271 Online".

The second window's log shows:

    Login
    listen on random port
    connecting SkypeNet ...
    SkypeNet connected
    Logout
    SkypeNet not connected
    Login
    listen on random port
    connecting SkypeNet ...

and then scrolls out of sight.

The second status bar is the same as the first except that the number of people online is 3047812.

The third window is an application, what appears to be a utility from Gunagzhou's http://www.sky.net.cn/, makers of personal firewall software. It shows open applications and their network connections. One of the instances of MiniSkype.exe (running on drive E:) is shown with both a TCP connection (open on port 1389?) and a UDP connection.

Accessing the Skype Cloud Without Skype?

So does this mean...

  • Skype's access to the cloud can be reverse engineered? If so, we can write applications that can write and read to the cloud from servers or clients. So if Skype doesn't write a version for your platform (let's say the PalmOS, for example) you might write your own.
  • Cloud data is posted in the clear? While conversations are encrypted, it isn't clear that profile data and presence status is. And, I'm assuming that MiniSkype didn't encrypt the login process beyond common https.
  • The MiniSkype client successfully logged in through Skype's own admin servers? If so, can Skype be selective about which clients have access? Should Skype publish a Terms Of Service about touching the cloud? In other words, how should Skype sanction access to the cloud?
  • Having accessed the cloud, what other data from the cloud is available? Everything described in the Skype APIs? More?
  • Can MiniSkype ask questions about other people, the way the Skype client can see buddy list presence and profile information?
  • Is this intensely cool? Widely important? Or dangerous?
Post | Email | Print | Comments (7) | TrackBack (0)



Trackback Pings

TrackBack URL for this entry:
http://www.skypejournal.com/cgi-bin/mt/mt-tb.cgi/1439

Comments

Posted by: Jan Geirnaert at August 12, 2005 6:22 PM

Competition is good for skype. Also show the potential security problems. Good that they come on the surface. Skype is instant messenging. It has potentially never been easer to tap in to somebody communications. I do not advize to implement skype into environments bigger than 5 computers... Even then. It can do much more than just "talk for free". Information can leak for free, to anybody anywhere. It is a great application that has taken the world by surprise. We will now see what else it can do. It's good to talk yes. But what if things go wrong.

Posted by: Richard at August 14, 2005 11:57 PM

I suspect Mini-Skype just make use of Skype API to enter the skype network and collect statistics. Right?

Posted by: Phil Wolff at August 16, 2005 2:03 AM

No, I don't think so, Richard. That's the point, actually, that MiniSkype didn't use a Skype client, that it went directly to the network.

Posted by: Uri L. at August 17, 2005 8:15 AM

As long as this data extraction isn't used with malicious intentions, or direct infringement of privacy - it could be cool to try some info remixing with the stats.

Like visualizing the SkypeCould with GEO/GIS tools.

Posted by: Jean Mercier at August 17, 2005 2:06 PM

I guess they used the RSS feeds!

Posted by: tropicaljantie at August 21, 2005 2:50 AM

what is the status on miniskype.exe? this little really made me think of www.kevinmitnick.com who hacked his way (with jailtime for result) into a telecomsystem in the USA. it seems to me that this is a just a big joke. something that showed potential problems in the skype-system and now the shit that floated to the surface is nowhere to be seen or heard of. i am sure there is more like these lurking in murky waters, and the pinpoint exactly the problem of appiclications like skype : THE WHOLE WORLD CAN TALK FOR FREE, AND THE WHOLE WORLD CAN LISTEN IN ? (ow, they will like this one...)

Posted by: Huseyin Bilen at February 19, 2006 6:40 AM

I found skype video voice 2.0 for windows but I could not finde for Linux.Do you thinking about Skype video voice for linux.Thanks.

Post a comment




Remember Me?

(you may use HTML tags for style)





Other Recent Posts

Skype 3.0 Folder Pollution in Life | Products | Skype杂志 | complaints | design | ebay | skype | skypejournal | voip | wishlist on 11/22/06

Skype 3.0 Beta for Windows; bugfix build 137 in General Notices | News | Products | Skype News | Skype杂志 | ebay | skype | skypejournal | voip on 11/22/06

Skype PR Wake Up Call III: The Commentary in Business | Every Post | Ideas & Views | Marketing | Skype News | Skype杂志 | Strategy | ebay | observations | skype | skypejournal | voip on 11/22/06

Wednesday morning scan in Business | Life | Marketing | News | Products | Skype Partner Watch | Skype杂志 | Strategy | Technology | Tips & Tricks | Yahoo | counterpoints | design | ebay | freedom | observations | regulation | skype | skypejournal | voip on 11/22/06

Yes, TalkPlus reverse engineered Skype. in Developers | North America | Skype Partner Watch | Skype杂志 | Strategy | Technology | ebay | skype | skypejournal | voip on 11/21/06

Email to a friend