October 23, 2013 at 14:46French court allows Skype protocol reverse engineering
An unexpected turn occurred in the case of Microsoft (Skype) against two owners of the French company Vest Corporation Christian Durandy (Christian Durandy) and Sean O'Neill (Sean O'Neill). They were accused of distributing Skype source code. In 2010, Sean O'Neill published the source code for the obfuscated RC4 key generation algorithm, which Skype uses to obfuscate traffic. Using this algorithm, you can decrypt traffic between Skype clients and supernode. Encryption keys are not used there, so the algorithm itself was maximally obfuscated. But, as you know, the principle of security through obscurity often fails, which is what happened in this case.
In general, the history of Vest Corporation is quite curious. In 2005, the French government banned the use of Skype for security reasons. In 2007, Durandi and O'Neill decided to found a company to develop VoIP software that duplicates the functionality of Skype. Skype needed deobfuscation and reverse engineering to understand this program.
In 2011, Russian hacker Efim Bushmanov ( efimich ) published the source code for the Skype protocol on his website skype-open-source.blogspot.com (they are now removed at the request of DMCA). These sources included a deobfuscated algorithm that O'Neill divulged.
Shortly afterwards, Microsoft decided that it was time to put an end to lawlessness - and, fortunately, it launched the persecution not of Bushmanov, but of French entrepreneurs. A criminal case was opened against them, which reached the court in September 2013. According to the French press, the prosecutor demanded one year of imprisonment for Durandi and O'Neill.
But the French court decided otherwise. Yesterday a verdict was announced: all charges were dropped from entrepreneurs, and Microsoft must pay them compensation for moral damages in the amount of 1000 euros.
Thus, the court actually legalized the further reverse engineering of the Skype protocol and the publication of the original algorithms that it uses. It remains to be happy for the French justice, which made a reasonable decision, because in the United States this is hardly possible.