Jun 3, 2011 09:52 GMT  ·  By

A freelance researcher who claims to have reverse engineered Skype's communication protocol provided working code for sending messages on the network, which could be abused by spammers.

Skype's encryption scheme is based on a modified version of the RC4 cipher and cracking it has long been a challenge for reverse engineers. Progress towards this goal has even been made in the past.

The new claim, made by a researcher allegedly named Efim Bushmanov, is accompanied by decompiled source code.

"My aim is to make Skype open source. And find friends who can spend many hours for completely reverse it," the researcher writes on his blog.

"Now, most of hard things already done(for 1.x/3.x/4.x versions of skype). Including rc4 and arithmetic compression," he adds.

The most interesting part of his offer is working code that allows sending messages to Skype. Even though based on a slightly dated version of the protocol, if this code works as advertised, it could facilitate spam attacks against Skype users; and this has actually happened before.

In July 2010, a researcher going by the name of Sean O'Neil (possibly an alias), released a C library which he claimed is a replica of the obfuscated Skype RC4 key expansion algorithm.

The researcher decided to make the code public after parts of it were leaked months before and started being abused by spammers to launch attacks on the platform.

At the time Skype confirmed that the code can be used to spam users and considered legal action against the researcher, which they identified as one Yaroslav Charnovsky.

It's very likely that the company will take a similar stance in this case and will send cease and desist letters to everyone hosting the decompiled code, although once it's out the only way to prevent abuse is to make changes to the client and protocol.