I haven't spent much time browsing through the source but the code quality and security is pretty dismal so far. Not to mention the confusing project structure.
Magic numbers, ... and strings, all over the place [0].
Memory leak galore (debug code?) [1].
Probably buffer overflows all over the place, here's one I noticed [2]. I suspect others given the proliferation of opaque pointers and memcpy usage.
The magic values look ok to me. I mean, some values are known, some aren't - it's still early days. Hopefully more will be labeled / split up into components with time.
But I agree that it would be dangerous to use now. And the author isn't a skilled VCS user or open source dev either. (comments say all rights reserved)
To me this project looks like really a just reversed and mostly functional one and this is the quality of said projects, I've been there. He has disassembled, transcribed to a C project almost as-is and made it compile.
The developer may not have enough development experience to organize it decently or just rushed it online because of anxiety.
Anyway, very good resource for others if there still any interest at all at Skype compatibility or else, only missing the .idb with renamed subs and comments. :)
I'm surprised the gaming chat programs don't get more crossover use. Well, I'm not surprised that a commercial project has a larger userbase than something that requires you to find a server.
But I am surprised when, say, podcast hosts make jokes about lag or call quality on their Skype connections with guests. There are other applications that solve some of these problems, and I'd think if your main creative product relies on call quality for guests, you might look a few steps beneath the most ubiquitous option. (ie, If you're at the level where you're buying an uncommon specialist's mic, you could probably benefit from comparison shopping for voip implementations.)
It's a modern, WebRTC-based replacement for Skype, Google Hangouts and other video/audio conferencing solutions.
And it's great. The company I work for is now using it exclusively for meetings and telepresence. The echo cancellation is outstanding and you can even connect it to a SIP server. No client is required besides Google Chrome or Firefox. There's nothing that comes close to it in terms of sophistication and quality.
I try to push Mumble over Skype, the main issue with Mumble is that it's not as easy to get into. You spend too much time configuring your client, finding a server, etc. Things that should be fairly trivial. Then you may spend more time figuring out why you're not being heard, or why nobody's hearing you. Mumble is great but there's too much friction involved. I prefer Discord[0] because it's so easy to use by comparison, to test it you don't even need an account, you just run it from your browser. I just wish Discord had a Linux Client.
skype still has the best echo cancellation (that i've tried). you don't even need to wear headphones. according to a Tox developer: there aren't any comparable open source libraries.
Firm somewhere far away where Microsoft's lawyers cannot reach (China?) wanted Skype capability in their product and paid this smart Russian guy to reverse-engineer the Skype client.
Smart guy gets permission to open source it and publishes it with commercial license option with hopes of finding more such clients.
Personally I'd not touch this with a 3-meter bargepole, because I live in a country where people use copyright and trademark law to take people to court, yet it's an interesting project.
Telecommunications products should be based around open protocols. That Skype keeps their protocols to themselves should not be reason enough to send lawyers after software implementing interoperability after reverse engineering.
Re-using the reverse engineered code is the problem, he should have simply used it to spec out the protocol and then use that spec to re-implement it.
If this is newly written code not based on Skype code then there is clearly no copyright issue. Trademark is a potential problem but easily solved by removing the Skype name from the project.
In Europe, reverse engineering a protocol + building a commercial product on it, is legal. You cannot copyright a protocol or an API, if you built something merely by studying how it works.
> Personally I'd not touch this with a 3-meter bargepole, because I live in a country where people use copyright and trademark law to take people to court, yet it's an interesting project.
You feel using it would open you up to a copyright claim?
I do hope that the Skype people see it as an opportunity to improve product rather than threat / opportunity to sue the hell out of this project. WhatsApp would not have been necessary if they had gotten their act together. But at the time they were seemingly too busy sorting out technical and political ramifications of the MS acquisition and overlap with Lync. A more open approach to clients could save it, especially in the light that people are looking for alternatives after facebook is now starting to monetize WhatsApp.
I see absolutely nothing wrong with wanting to profit from this. You're not being forced to use a commercial license, and the LGPL is adequate for most open source use cases.
I remember seeing an earlier incarnation of this around five years ago; I'm very impressed with the author's dedication to this project.
I don't know if it is still the case now, but I recall that earlier versions of Skype were quite heavily obfuscated and contained anti-debugging mechanisms. So it would have been quite an intricate reversing effort to get past these, on top of figuring out the protocol.
Over time, Microsoft has changed the Skype protocol significantly since version 5.5 so I do wonder how applicable this work is to the current crop of clients.
Totally not negative on this but I'm not a Skype user so can someone please explain to me why anyone would want to go to all the effort to reverse engineer it? I get that its closed and should be open, I get that its security is in question but if you want a more secure communications platform I can't imagine Skype is the only way forward and must be reverse engineered. Why not contribute to an existing open source project?
[+] [-] andwur|9 years ago|reply
Magic numbers, ... and strings, all over the place [0]. Memory leak galore (debug code?) [1]. Probably buffer overflows all over the place, here's one I noticed [2]. I suspect others given the proliferation of opaque pointers and memcpy usage.
[0] https://github.com/skypeopensource/skypeopensource2/blob/mas...
[1] https://github.com/skypeopensource/skypeopensource2/blob/mas...
[2] https://github.com/skypeopensource/skypeopensource2/blob/mas...
[+] [-] viraptor|9 years ago|reply
But I agree that it would be dangerous to use now. And the author isn't a skilled VCS user or open source dev either. (comments say all rights reserved)
[+] [-] fungos|9 years ago|reply
The developer may not have enough development experience to organize it decently or just rushed it online because of anxiety.
Anyway, very good resource for others if there still any interest at all at Skype compatibility or else, only missing the .idb with renamed subs and comments. :)
[+] [-] sillysaurus3|9 years ago|reply
[+] [-] mSparks|9 years ago|reply
[+] [-] 0xmohit|9 years ago|reply
https://github.com/skypeopensource/skypeopensource2/blob/mas...
https://github.com/skypeopensource/skypeopensource2/blob/mas...
I cannot specify more examples.
[+] [-] skypeopensource|9 years ago|reply
[+] [-] brownbat|9 years ago|reply
https://en.wikipedia.org/wiki/Mumble_(software)
I'm surprised the gaming chat programs don't get more crossover use. Well, I'm not surprised that a commercial project has a larger userbase than something that requires you to find a server.
But I am surprised when, say, podcast hosts make jokes about lag or call quality on their Skype connections with guests. There are other applications that solve some of these problems, and I'd think if your main creative product relies on call quality for guests, you might look a few steps beneath the most ubiquitous option. (ie, If you're at the level where you're buying an uncommon specialist's mic, you could probably benefit from comparison shopping for voip implementations.)
[+] [-] eeZi|9 years ago|reply
https://github.com/jitsi/jitsi-meet
Try it here: https://meet.jit.si/
It's a modern, WebRTC-based replacement for Skype, Google Hangouts and other video/audio conferencing solutions.
And it's great. The company I work for is now using it exclusively for meetings and telepresence. The echo cancellation is outstanding and you can even connect it to a SIP server. No client is required besides Google Chrome or Firefox. There's nothing that comes close to it in terms of sophistication and quality.
It works well for one-on-one and audio calls.
[+] [-] giancarlostoro|9 years ago|reply
[0]: https://discordapp.com/
[+] [-] cinch|9 years ago|reply
[+] [-] PieterH|9 years ago|reply
Firm somewhere far away where Microsoft's lawyers cannot reach (China?) wanted Skype capability in their product and paid this smart Russian guy to reverse-engineer the Skype client.
Smart guy gets permission to open source it and publishes it with commercial license option with hopes of finding more such clients.
Personally I'd not touch this with a 3-meter bargepole, because I live in a country where people use copyright and trademark law to take people to court, yet it's an interesting project.
[+] [-] jacquesm|9 years ago|reply
Re-using the reverse engineered code is the problem, he should have simply used it to spec out the protocol and then use that spec to re-implement it.
[+] [-] Iv|9 years ago|reply
I live in a EU country where interoperability is a law yet is almost never respected, so I say, fuck copyright in that case.
However, this is not the first successful reverse engineering of skype. Each time they broke compatibility with their next version.
[+] [-] martingxx|9 years ago|reply
[+] [-] charlesdm|9 years ago|reply
[+] [-] martinko|9 years ago|reply
You feel using it would open you up to a copyright claim?
[+] [-] sargun|9 years ago|reply
Looks useful for command and control type applications though.
[+] [-] cjg|9 years ago|reply
https://github.com/skypeopensource/skypeopensource2/issues/2
[+] [-] justinlardinois|9 years ago|reply
> No. Not clean room, not chinese wall.
If it's not clean room, then there's probably copyright violations. For reference: https://en.wikipedia.org/wiki/Clean_room_design
Also, offering commercial licensing? That's a good way to get a lot worse than just a DMCA takedown.
[+] [-] wolfgke|9 years ago|reply
This is the law in the United States. From the links given in the readme file the authors are probably from Russia.
[+] [-] mrwizrd|9 years ago|reply
https://news.ycombinator.com/item?id=2611299
[+] [-] cmarschner|9 years ago|reply
[+] [-] unknown|9 years ago|reply
[deleted]
[+] [-] bdcravens|9 years ago|reply
Seriously?
[+] [-] Sephr|9 years ago|reply
[+] [-] goldenkey|9 years ago|reply
[+] [-] fungos|9 years ago|reply
[+] [-] marcv81|9 years ago|reply
[+] [-] ars|9 years ago|reply
[+] [-] besselheim|9 years ago|reply
I don't know if it is still the case now, but I recall that earlier versions of Skype were quite heavily obfuscated and contained anti-debugging mechanisms. So it would have been quite an intricate reversing effort to get past these, on top of figuring out the protocol.
Over time, Microsoft has changed the Skype protocol significantly since version 5.5 so I do wonder how applicable this work is to the current crop of clients.
[+] [-] 0xmohit|9 years ago|reply
https://github.com/skypeopensource/skypeopensource
[+] [-] skypeopensource|9 years ago|reply
Yes, its still up here: https://skype-open-source2.blogspot.com/
[+] [-] lootsauce|9 years ago|reply
[+] [-] znpy|9 years ago|reply
[+] [-] mariuolo|9 years ago|reply
Any code commonalities with the pidgin skypeweb plugin?
[+] [-] elitistphoenix|9 years ago|reply
[deleted]
[+] [-] cjg|9 years ago|reply
[deleted]
[+] [-] EugeneOZ|9 years ago|reply
[deleted]
[+] [-] sctb|9 years ago|reply
[+] [-] postgeographic|9 years ago|reply
[+] [-] elitistphoenix|9 years ago|reply
[+] [-] kxd|9 years ago|reply