I see absolutely nothing wrong with wanting to profit from this. You're not being forced to use a commercial license, and the LGPL is adequate for most open source use cases.
Reversing in the first place is almost certainly illegal if you were to check the Skype ToS. Making a profit off it is just asking for trouble. I could be wrong though.
ToS only applies to terms of continuing use of a service, if you're prepared to not be an user anymore, then the conditons of ToS are not worth the paper they're (not) written on, you can simply not accept those terms. Click-through and shrink-wrap licencing terms are not binding almost everywhere (they likely could be in USA, though).
And while USA has DMCA, in most of the world copyright (as according to Berne convention) doesn't prohibit reverse engineering but only grants a limited monopoly on copying with some exceptions - often including interoperability, so you can do that even if the copyright holder disagrees.
For example, to distribute the system obtained by reverse engineering to your customers or include it in your product; none of this needs your engineers to be actual users of the (possibly competing) service. The interoperability exception in copyright laws is exactly for this purpose, to allow companies to distribute competing products that are interoperable with something that doesn't want others to interoperate. You're not required to make it easy for others to interoperate, but if they manage to do so, the government won't hold your copyright as a valid reason to forbid it.
Violating a law is "illegal" in the sense that it may result in penalties prescribed in that law.
Violating a contract is "illegal" in the sense that it may result in contractual penalties, generally limited to compensation of the damages, possibly with punitive tripling; but it may and should be done if the contract has gone so bad that it's better to face the consequences rather than fulfill the contract.
Violating ToS (which is not even a contract) is "illegal" if you really stretch that term; it may result in losing access to that service, and nothing else (excepting certain US-only legal perversions like CFAA which happily don't apply for most people in the world), so you may do that if the benefit outweighs continued access to that service.
I'll agree that illegal was a stretch especially since IANAL. I will say that is at least unethical by my personal standards. On a practical note, I'd much rather see people investing their time in making better alternatives than reverse engineering.
Reversing are explicitly allowed in EU government as other based human laws.
I mean, EU have a much more great priority then Skype TOS.
If someone will add to Skype TOS "and please dont breath or dont go to toilets during use of our application". It will have zero effects in legal meaning. Because it break upfront law and United Nations based rights and etc.
tldr;
They just try to fear you with "dont do this" thing.
I haven't spent much time browsing through the source but the code quality and security is pretty dismal so far. Not to mention the confusing project structure.
Magic numbers, ... and strings, all over the place [0].
Memory leak galore (debug code?) [1].
Probably buffer overflows all over the place, here's one I noticed [2]. I suspect others given the proliferation of opaque pointers and memcpy usage.
"How dare you comment on the flaws found in someone's project!"
If issues are never brought to light then it's very unlikely they will ever be fixed. Would you rather everyone just stayed silent?
I have great respect for someone that can put in the time and effort to reverse engineer Skype, and brave Microsoft's legal team in doing so, but in its current state this code can't be used safely and is far from easy to understand either.
If these flaws are minor or inconsequential, then you might be right about your remark but if these flaws are flagrant or critical, then the OP had the right attitude to make concerns public.
The magic values look ok to me. I mean, some values are known, some aren't - it's still early days. Hopefully more will be labeled / split up into components with time.
But I agree that it would be dangerous to use now. And the author isn't a skilled VCS user or open source dev either. (comments say all rights reserved)
"all rights reserved" doesn't conflict with openness, it's a (now obsolete) technicality meaning you opt in to getting your copyright license enforced under an international treaty.
I meant the whole block not just this phrase. "Copyright (c) 2009 by VEST Corporation. All rights reserved. Strictly Confidential!" - that conflicts with openness. Or at least with assigning rights to other people.
I think part of it is caused by the tab-width setting. The developer appears to have been using a tab-width of 4, and there are some instances where they used spaces for indentation without realising.
The only explains some of the wierdness though. That second link is completely inexplicable.
To me this project looks like really a just reversed and mostly functional one and this is the quality of said projects, I've been there. He has disassembled, transcribed to a C project almost as-is and made it compile.
The developer may not have enough development experience to organize it decently or just rushed it online because of anxiety.
Anyway, very good resource for others if there still any interest at all at Skype compatibility or else, only missing the .idb with renamed subs and comments. :)
My words are true. Our (russians) colloquial lexicon have tremendous amount of words from thieves jargon. Constitution in Russia have less meaning than thieves' laws. Our users, even programmers/hackers are trying to get free any software - it's kind of snobbery to use paid software in Russia. Maybe it's something wild for you, but it's reality in Russia.
The days of total piracy are quite long gone. To the degree of someone (not from Russia), living on mobile apps income, telling me, we are among his best-paying clients (apparently, preferring buying an app to watching ads :)).
I don't get your point. Why generalize over 140M people with your assumptions about illegal software usage and "thieve laws" in Russia in the topic about reverse engineering the Skype client? How does it even relate to Russia?
Generalizations are useful, because they allow us to efficiently reason about the world. Eschewing them because of the content-free statement that "everyone is unique" leads us to a worse, not better, situation. Of course, this does not mean we should allow blatant racism, but in the real world it is useful to say things that are true but not necessarily nice.
There's the old and not as often used "stereotype". But it doesn't have the emotional impact like racist does, so... Anything that doesn't hit squarely at the pathos is right out.
Yeah. I guess I was saying that we, the Anglophone world, need to pick an equally effective word for this meaning. I think probably “xenophobic” is more accurate than “racist” in this case, but still not quite right.
The word "xenoracism" has actually been applied, but it strikes me as a make-do lashed-together word. "Xenotyping" is no good because it already has a precise scientific definition. "Stereotyping" ends up the best description, though it's less than satisfactorily insulting.
> "Stereotyping" ends up the best description, though it's less than satisfactorily insulting.
Why does it have to be insulting? Rather, why do you have to import shame from an unrelated activity to make your point? It seems to me like that trivializes racism and doesn't do very much to bolster this argument.
> Anything that doesn't hit squarely at the pathos is right out.
Otherwise known as appeal to emotions. I think I'm going to start finding examples of avowed racists who criticize lynching so I can do the 'not all racists' thing.
Copyright applies in Russia too. There are bits and pieces straight "reused" from other software - by his own admission.
So his claim that he is a sole copyright owner is patently false - this code could be trivially attacked as a derivative work. No sane person would touch it by a 10 foot pole.
I don't know much about Russian copyright law, but at least the idea of the German copyright law (Urheberrechtsgesetz) is very different from the US one. Here the central concept is the "Urheberschaft" (authorship; this implies that you have to be acknowledged as author) which cannot be sold, donated, refused etc. (as opposed to in the copyright law). The only thing that can be sold are the Nutzungsrechte (rights of use), which allow to redistribute the work and make money from it. Thus in Germany there exists for example no analogue to public domain work: Since Urheberschaft cannot be donated, one simply cannot put works under public domain, see for example https://www.sqlite.org/copyright.html
I do hope that the Skype people see it as an opportunity to improve product rather than threat / opportunity to sue the hell out of this project. WhatsApp would not have been necessary if they had gotten their act together. But at the time they were seemingly too busy sorting out technical and political ramifications of the MS acquisition and overlap with Lync. A more open approach to clients could save it, especially in the light that people are looking for alternatives after facebook is now starting to monetize WhatsApp.
Firm somewhere far away where Microsoft's lawyers cannot reach (China?) wanted Skype capability in their product and paid this smart Russian guy to reverse-engineer the Skype client.
Smart guy gets permission to open source it and publishes it with commercial license option with hopes of finding more such clients.
Personally I'd not touch this with a 3-meter bargepole, because I live in a country where people use copyright and trademark law to take people to court, yet it's an interesting project.
Telecommunications products should be based around open protocols. That Skype keeps their protocols to themselves should not be reason enough to send lawyers after software implementing interoperability after reverse engineering.
Re-using the reverse engineered code is the problem, he should have simply used it to spec out the protocol and then use that spec to re-implement it.
One team documents the protocol as a spec. A second team takes the spec and writes implementations. The advantage of this for open source is that when the protocol changes, it's relatively simple for that first team to update the spec, and safe for the second team to update their code.
This is legal and safe. It is how the first clone PCs survived even IBM's lawyers.
Not a typical recommendation, but they actually created a not half-bad Television series out of the story. From everything I've read on the subject, the first season of the show actually does stay pretty close to how things actually went down (with some 'dramatic' elements slightly embellished since it is on TV after all). The story is worth reading about (sorry for no recommendations on this), and the show, at least the first season which concerns this issue in particular, is worth watching as well if the topic interests you. The show is called 'Halt and Catch Fire'
Basically, you need to find developers with no experience at all with the technology (e.g. never used Skype before), and then get another set of developers to reverse engineer the product, and send the spec to the "naive" developers, for lack of a better term.
Two teams in the same firm, as gruez says below. The key is that the second team does not look at the internals of the product, and that the two teams communicate only by specifications of interfaces (physical, software, electronic, etc.) and not of behavior.
This approach to cloning was established long ago (1960's) by IBM's competitors and has always been legal.
You can just google "clean room design", Wikipedia is quite informative on it.
BTW a few early PC firms did try to cut corners and clone the PC BIOS without the chinese wall; they were sued and died. This isn't theory; it's been practice for decades.
As I said, people use copyright law to take other people to court, and then get money from them. Your "fuck copyright" statement is bold, and one I'd generally agree with, unfortunately it has zero relevance to the legal risks a business would take, using this code in a commercial product, in such a country.
As the author said, the files violating copyright are easy to replace. Let Skype ask for it, it will be 2 more days of work.
The reason why people want to see a clean room implementation is because they are afraid of patent and anticipate US-like silliness like Oracle claiming copyright on an API. Now that this is a very US-specific issue. If you don't plan to market to US, you can just ignore the issue.
I used to work for a French AR company. We were successful and at one point we planned to open offices in the US, but even without having done that, we already had received two frivolous claims by people based in the US (one who claimed he patented the idea of replaying the video at a varying speed). This delayed a bit our opening to the US and the first US employee was... a lawyer.
Do you realize that patents and copyright hell is the reason why, for more than a decade, VLC, a project made by French students, was better at playing videos than Microsoft's player, even when this was seen as crucial? Because France did not have to care for patent litigation.
Patents are another issue. Doesn't specifically affect this project.
And clean-room implementations have no effect on patent violations or claims. None at all. It is entirely a copyright issue. And the issue here is that the same person who disassembled one codebase then wrote a new, equivalent codebase. Thus the new work is a derived work, or at least a lawyer can argue that easily, and thus distributing it for profit is a serious crime. Not even a civil offense, in any EU country. Criminal.
If this is newly written code not based on Skype code then there is clearly no copyright issue. Trademark is a potential problem but easily solved by removing the Skype name from the project.
Lawyers are paid to make cases. Here, it's quite simple. The author of this code saw the Skype code, indeed he admits it. Then he wrote new code. Same person. Your honor, it is unreasonable for him to claim that his new code was not heavily influenced by what he had seen. It is like me listening to a song and then writing a new one "heavily inspired by it", and then claiming I'm not committing copyright infringement.
Lawyers make such arguments all the time and it comes down to who has the time & money to take them to court, and defend against them, and then the judge is a human who decides, and is heavily influenceable.
I have exploited several products that align closely with protocols and/or brand names used by large companies. For every single product, I have received a request to take down my product. And in every single case, after my (kickass, I must add) IP lawyer wrote them a reply, they went away.
What are you saying here, that you are good at skirting the law without breaking it, that all takedown claims are bogus, or that your lawyer is so good one letter can chase away even determined legal action by deep pocketed firms?
Only the first one makes sense, and it has no relevance to the project we're discussing, so it's unclear why you say it.
No disrespect, just trying to understand your point here.
Indeed. Copyright law is more often than not abused (instead of used) by large companies. If you are careful + understand the law and what you're doing, 99% of claims turn out to be bullshit.
> Personally I'd not touch this with a 3-meter bargepole, because I live in a country where people use copyright and trademark law to take people to court, yet it's an interesting project.
You feel using it would open you up to a copyright claim?
If I used this in a commercial product, it would be trivial (absolutely trivial) for the owner of the original product to take me to court for illegal distribution of their copyrighted works, based on the argument that the code I was distributing (for profit!) was written by someone who (by own admission in public) had reverse-engineered the original product.
IANAL but I'd be willing to bet money on this.
The only questions would be (a) is the original product one that matters enough to protect in such a way and (b) does the owner of that original product have the money and lawyers to start such legal actions.
This isn't some random app. This is one of Microsoft's crown jewels we're talking about.
I made a quite clear explanation of the argument a lawyer would use. This open source client is in effect a pirate copy of the closed source client. I expect it will disappear from Github rather soon.
> As long as you didn't use any of the original Skype code, you have nothing to fear (if you're based in Europe)
The original Skype code is clearly not available to anyone outside the original Skype team or some team inside Microsoft. What is publicly available is a binary that is produced from this code.
It's not a derivative of the presentation of the artistic elements of a work. It's derived from the technical working of a piece of software.
The elements of the software doing novel technical stuff might be patented, but copying the technical working is allowed. Copyright doesn't protect technical aspects.
If the project copies the UK of Skype, then that's a tort. If it copies the written code or uses the human reading of that code to derive a new codebase, then that's a tort. If it copies the technical implementation, how memory is accessed, what codecs are used, what packets are sent and when ... that's not copyright infringement.
In Europe, reverse engineering a protocol + building a commercial product on it, is legal. You cannot copyright a protocol or an API, if you built something merely by studying how it works.
I'm not entirely sure of that. If you would have two teams though, it would. Team A creates a spec of the protocol, and Team B implements a connection lib based on the spec created by Team A.
Europe tends to be pretty good through, copyright wise.
Yes, clean-room reimplementations are legal everywhere. The problem with this code is it's not clean room. This leaves commercial users open to serious accusations of copyright infringement (as in, criminal prosecution.) See my comments in the thread. IANAL and my analysis is based on the README of the project.
Disassembly by a team that results in new code written by the same team is not legal in any country that enforces copyrights. That includes the EU. Possibly excludes Russia and probably excludes China unless the owner is a large Chinese company.
In fact I'd be surprised if this code isn't taken off GitHub by a DCMA from Microsoft, as soon as it hits their lawyers' radars.
> Disassembly by a team that results in new code written by the same team is not legal in any country that enforces copyrights.
It's not illegal in itself. But you are easily opening yourself up to claims that the code you have written has been "tainted" by the disassembled code you have read and has therefore become a derivative work, which is going to be very to defend hard against.
Also note that even if it is decided that you have made a derivative work you might still successfully launch a fair use defense on the grounds on interoperability, see e.g. Sega v. Accolade[1].
That said, doing a proper clean-room reverse engineering with two teams kept separate is a much safer approach.
I remember seeing an earlier incarnation of this around five years ago; I'm very impressed with the author's dedication to this project.
I don't know if it is still the case now, but I recall that earlier versions of Skype were quite heavily obfuscated and contained anti-debugging mechanisms. So it would have been quite an intricate reversing effort to get past these, on top of figuring out the protocol.
Over time, Microsoft has changed the Skype protocol significantly since version 5.5 so I do wonder how applicable this work is to the current crop of clients.
I'm surprised the gaming chat programs don't get more crossover use. Well, I'm not surprised that a commercial project has a larger userbase than something that requires you to find a server.
But I am surprised when, say, podcast hosts make jokes about lag or call quality on their Skype connections with guests. There are other applications that solve some of these problems, and I'd think if your main creative product relies on call quality for guests, you might look a few steps beneath the most ubiquitous option. (ie, If you're at the level where you're buying an uncommon specialist's mic, you could probably benefit from comparison shopping for voip implementations.)
skype still has the best echo cancellation (that i've tried). you don't even need to wear headphones. according to a Tox developer: there aren't any comparable open source libraries.
It's a modern, WebRTC-based replacement for Skype, Google Hangouts and other video/audio conferencing solutions.
And it's great. The company I work for is now using it exclusively for meetings and telepresence. The echo cancellation is outstanding and you can even connect it to a SIP server. No client is required besides Google Chrome or Firefox. There's nothing that comes close to it in terms of sophistication and quality.
I try to push Mumble over Skype, the main issue with Mumble is that it's not as easy to get into. You spend too much time configuring your client, finding a server, etc. Things that should be fairly trivial. Then you may spend more time figuring out why you're not being heard, or why nobody's hearing you. Mumble is great but there's too much friction involved. I prefer Discord[0] because it's so easy to use by comparison, to test it you don't even need an account, you just run it from your browser. I just wish Discord had a Linux Client.
Right. And furthermore, Discord is free and totally propped up by investor money. Which means the day will come when the experience is totally ruined in an attempt to make money, as fast as possible.
Of course, I still willingly use Discord despite this - because it generally just works (even in browser) and has an extensive feature set, and is relatively easy to use. (this is among friends who aren't technical, so ease-of-use is a large factor). Previously I used Mumble, but indeed, it's a bit of a fickle beast for things that should be fairly automated (like configuring your voice inputs, etc).
Totally not negative on this but I'm not a Skype user so can someone please explain to me why anyone would want to go to all the effort to reverse engineer it? I get that its closed and should be open, I get that its security is in question but if you want a more secure communications platform I can't imagine Skype is the only way forward and must be reverse engineered. Why not contribute to an existing open source project?
Any code commonalities with the pidgin skypeweb plugin?
reply