Saturday, 24 March 2012

skype55 deobfuscated version released

Hello, everyone!

We got deobfuscated skype v5.5!!!

I can't belive in this. But its fucking true. Great thanks and congratulations going to Vilko.

Some words from Vilko about his skype5 research:

Skype version 5.5 is a hybrid of GUI on delphi and embedded dll with skype "kernel". This kernel is fully independent structure in binary code - code block, data block, imports. And it was built with use of VC compiler(exists VC lib signatures).

This kernel has not contain any reference to external code/data in delphi part. And only entry point block xrefs on kernel from delphi GUI. It can be saved as independent binary code with dll-header, and that kernel will work, i tested this.


You can download it here:
(DMCA takedown arrived, so check download link in comments)

Skype-open-source project still alive!

P.S. We open jabber conference for all who interested in skype reversing. Feel free to join on: skypeopensource@conference.jabber.ru

23 comments:

  1. SkypeKit_sdk+runtimes_370_412.zip
    http://thepiratebay.se/torrent/7190651/

    skype55_59_deobfuscated_binaries
    http://thepiratebay.se/torrent/7238404/

    ReplyDelete
  2. magnet:?xt=urn:btih:2a93d303ce538a1f5894f93086255837ccc3eeff&dn=skype55_59_deobfuscated_binaries&tr=udp%3A%2F%2Ftracker.openbittorrent.com%3A80&tr=udp%3A%2F%2Ftracker.publicbt.com%3A80&tr=udp%3A%2F%2Ftracker.ccc.de%3A80

    ReplyDelete
  3. skype55_patched.exe
    MD5 7381deed3e9937ef2206f6bec1023c47
    SHA-1 1831e6631b95e93173d899a256769c02cc31eb06
    ED2K e243c24c67faf733f39828ddfc4a50f8

    skype59_patched.exe
    MD5 1233d32e9cb54684cfa7ce093033e3a1
    SHA-1 69d50a22019842be494f5c857dd40fa5b7f2dcdb
    ED2K 16c9617a0e1c0236ecca39dd35f7f4a0

    For those who need to know.

    ReplyDelete
  4. utorrent hash:
    2A93D303 CE538A1F 5894F930 86255837 CCC3EEFF

    ReplyDelete
  5. Упростил скрипт для сбора логов. Спасибо за тул.
    http://pastebin.com/sci0RfQq

    ReplyDelete
  6. skype user ip-address disclosure
    http://pastebin.com/LrW4NE2p

    ReplyDelete
  7. Skype user IP-address disclosure (english version)
    http://pastebin.com/rBu4jDm8

    ReplyDelete
  8. two versions of skypekit deobfuscated:

    magnet:?xt=urn:btih:3da068082f6ec70be379d4046e4c77bc4578f751&dn=SkypeKit_sdk
    %2Bruntimes_370_412.zip&tr=udp%3A%2F%2Ftracker.openbittorrent.com%3A80&tr=udp%3A%2F
    %2Ftracker.publicbt.com%3A80&tr=udp%3A%2F%2Ftracker.ccc.de%3A80

    ReplyDelete
  9. фантастическая и плодотворная работа! я б тока посоветовал сразу вырезать проверку на новые версии в этом туле. а то сразу визжать начинает, мол старье используешь....
    и еще - в парсере логов не отлавливаются(не маскируются) айпишники самого скайпа - и получается что для заданного пользователя я получаю на выходе и айпи его - и айпи скайповского сервера, с которым пользователь соединен.
    к примеру:
    IP: 212.187.172.66

    ReplyDelete
  10. запустил патченный skype, добавил reg файл, захожу в AppData\Roaming\Skype\user, смотреть нада chatsync?

    ReplyDelete
  11. Have you tried to fuzz the skype protocol for 0day vulns already? Do you have a mac version as well, I would be very interested in that.

    ReplyDelete
  12. What should I add to registry? Link isn't alive anymore.

    ReplyDelete
    Replies
    1. [HKEY_CURRENT_USER\Software\Skype\Phone\UI\General]
      "LastLanguage"="en"
      "Logging"="SkypeDebug2003"
      "Logging2"="on"

      Delete
  13. This one worked great for me!

    magnet:?xt=urn:btih:2a93d303ce538a1f5894f93086255837ccc3eeff

    https://thepiratebay.se/torrent/7238404

    ReplyDelete
  14. How did you do it.. Do you want to write a tutorial...

    ReplyDelete
  15. Было бы круто и познавательно прочитать статью о деобфускации... Скайп давно вызывал удивления в этом плане, его успел выразить даже Крис Касперски...
    Есть ли планы по написанию хабрастатьи?

    Спасибо за работу.

    ReplyDelete
    Replies
    1. Есть, но не для хабра. Меня там забанили. :D

      Delete
  16. thanks for the good work!

    ReplyDelete
  17. Could you release a newer deobfuscated Skype v6.11 ?

    ReplyDelete
  18. Please upload deobfuscated skype version 6.11 and above .

    ReplyDelete
  19. I just wanted to say it's not full source, i can't find any really good functions like the PresenceManager log function for IPs. So fuck you asshole, do something and update this shit.Release deobfuscated, so we can use debuggers.

    ReplyDelete
  20. Any Linux builds?

    ReplyDelete