Saturday, 24 March 2012

skype55 deobfuscated version released

Hello, everyone!

We got deobfuscated skype v5.5!!!

I can't belive in this. But its fucking true. Great thanks and congratulations going to Vilko.

Some words from Vilko about his skype5 research:

Skype version 5.5 is a hybrid of GUI on delphi and embedded dll with skype "kernel". This kernel is fully independent structure in binary code - code block, data block, imports. And it was built with use of VC compiler(exists VC lib signatures).

This kernel has not contain any reference to external code/data in delphi part. And only entry point block xrefs on kernel from delphi GUI. It can be saved as independent binary code with dll-header, and that kernel will work, i tested this.


You can download it here:
(DMCA takedown arrived, so check download link in comments)

Skype-open-source project still alive!

P.S. We open jabber conference for all who interested in skype reversing. Feel free to join on: skypeopensource@conference.jabber.ru

19 comments:

  1. SkypeKit_sdk+runtimes_370_412.zip
    http://thepiratebay.se/torrent/7190651/

    skype55_59_deobfuscated_binaries
    http://thepiratebay.se/torrent/7238404/

    ReplyDelete
  2. magnet:?xt=urn:btih:2a93d303ce538a1f5894f93086255837ccc3eeff&dn=skype55_59_deobfuscated_binaries&tr=udp%3A%2F%2Ftracker.openbittorrent.com%3A80&tr=udp%3A%2F%2Ftracker.publicbt.com%3A80&tr=udp%3A%2F%2Ftracker.ccc.de%3A80

    ReplyDelete
  3. skype55_patched.exe
    MD5 7381deed3e9937ef2206f6bec1023c47
    SHA-1 1831e6631b95e93173d899a256769c02cc31eb06
    ED2K e243c24c67faf733f39828ddfc4a50f8

    skype59_patched.exe
    MD5 1233d32e9cb54684cfa7ce093033e3a1
    SHA-1 69d50a22019842be494f5c857dd40fa5b7f2dcdb
    ED2K 16c9617a0e1c0236ecca39dd35f7f4a0

    For those who need to know.

    ReplyDelete
  4. utorrent hash:
    2A93D303 CE538A1F 5894F930 86255837 CCC3EEFF

    ReplyDelete
  5. Упростил скрипт для сбора логов. Спасибо за тул.
    http://pastebin.com/sci0RfQq

    ReplyDelete
  6. skype user ip-address disclosure
    http://pastebin.com/LrW4NE2p

    ReplyDelete
  7. Skype user IP-address disclosure (english version)
    http://pastebin.com/rBu4jDm8

    ReplyDelete
  8. two versions of skypekit deobfuscated:

    magnet:?xt=urn:btih:3da068082f6ec70be379d4046e4c77bc4578f751&dn=SkypeKit_sdk
    %2Bruntimes_370_412.zip&tr=udp%3A%2F%2Ftracker.openbittorrent.com%3A80&tr=udp%3A%2F
    %2Ftracker.publicbt.com%3A80&tr=udp%3A%2F%2Ftracker.ccc.de%3A80

    ReplyDelete
  9. фантастическая и плодотворная работа! я б тока посоветовал сразу вырезать проверку на новые версии в этом туле. а то сразу визжать начинает, мол старье используешь....
    и еще - в парсере логов не отлавливаются(не маскируются) айпишники самого скайпа - и получается что для заданного пользователя я получаю на выходе и айпи его - и айпи скайповского сервера, с которым пользователь соединен.
    к примеру:
    IP: 212.187.172.66

    ReplyDelete
  10. запустил патченный skype, добавил reg файл, захожу в AppData\Roaming\Skype\user, смотреть нада chatsync?

    ReplyDelete
  11. Have you tried to fuzz the skype protocol for 0day vulns already? Do you have a mac version as well, I would be very interested in that.

    ReplyDelete
  12. What should I add to registry? Link isn't alive anymore.

    ReplyDelete
    Replies
    1. [HKEY_CURRENT_USER\Software\Skype\Phone\UI\General]
      "LastLanguage"="en"
      "Logging"="SkypeDebug2003"
      "Logging2"="on"

      Delete
  13. This one worked great for me!

    magnet:?xt=urn:btih:2a93d303ce538a1f5894f93086255837ccc3eeff

    https://thepiratebay.se/torrent/7238404

    ReplyDelete
  14. How did you do it.. Do you want to write a tutorial...

    ReplyDelete
  15. Было бы круто и познавательно прочитать статью о деобфускации... Скайп давно вызывал удивления в этом плане, его успел выразить даже Крис Касперски...
    Есть ли планы по написанию хабрастатьи?

    Спасибо за работу.

    ReplyDelete
  16. thanks for the good work!

    ReplyDelete
  17. Could you release a newer deobfuscated Skype v6.11 ?

    ReplyDelete
  18. Please upload deobfuscated skype version 6.11 and above .

    ReplyDelete