As announced some weeks ago the Skype trojan sourcecode will be available for download. You find the source packages in the Tools & sources section if you are the impatient type.
The code is simple and straightforward. You have know malware development is no rocket science and if you expect big magic you are at the wrong place. The backdoor receives instructions from the dropzone and transferres audio files. The Skype-Tap intercepts the Skype function calls, extracts and dumps audio data to files, converts it to the mp3 format and encrypts it.
The code is not 100% complete. I removed the plugin system in the backdor and also the firewall bypassing system is not there anymore. I will publish both of them in separate tools later. If you don’t like this … well, I can’t help you. Thats how it is. Take it or leave it.
As always I am open for your opinions and criticism.
Regarding open source code, I agree with the oppinion that open source is the best solution for security software. I develop the Secvoice project ( secvoice.com.br ), a closed source code that is used for voice and message encryption, but the main problem with deploying the source code is, after publishing it, you can forget to make money! My product required a lot of work and testing and I do not want to deploy it and have equivalent products using my code in the market few days after that. The best I can do is do not have any link with any government and deploy in contract we don’t have backdoors.
For the moment I will deploy in next days my application free for limited time use.
Thanks..
Also did anyone found the source of Megapanzer?
Can someone please compile the source code and give me the excecutable ? maybe upload it at rapidshare or sumthin
@ED : i’ve never claimed that. get in touch with the media and correct them please ;)
@Chup Chap : the code will be released later. probably in november.
@cesar bremer :
> you can forget to make money!
making money was the idea BEFORE releasing it when we software was available for the govs. it’s there now for the people to inform. nothing more.
Happy for you, but this thing dont run on Linux ;) So isnt multi-platform.
MX Skype Recorder use same code to intercept Skype calls. Why you deleted my first comment?
sorry, but this “receives instructions from the dropzone and transferres audio files” can be used with ANY sip software, Skype is not cracked here! bulshit!
Thanks for sharing this software!
yeahhhh
“Could you please code a public skype spreader in C++?”
Do it yourself, LOL.
Lazy ass skiddie…
This is not a skype issue. As I understand it the trojan just hooks the audio in/out of the skype process (outside of the skype process itself). This could be used for any VOIP solution. It could also be exploited to do something like turing on the mic on your laptop and capturing all the sound it hears.
How interesting.
Could you please code a public skype spreader in C++?
I really prefer that language over the crap delphi/pascal/vb.
Currently the only skype spreader which is out there v1.02 crashesh all the time and it’s throughput sucks too.
Btw can u tell if skype throttle your user/ip after u flooded in couple of thousands of users? caus it looks that way.
I ask this because I don’t want to waste months from my life for reversing / figuring out skype api like noone does.
Regarding open source code, I agree with the oppinion that open source is the best solution for security software. I develop the Secvoice project ( secvoice.com.br ), a closed source code that is used for voice and message encryption, but the main problem with deploying the source code is, after publishing it, you can forget to make money! My product required a lot of work and testing and I do not want to deploy it and have equivalent products using my code in the market few days after that. The best I can do is do not have any link with any government and deploy in contract we don’t have backdoors.
For the moment I will deploy in next days my application free for limited time use.
Lively debate on this post at http://it.slashdot.org/story/09/08/26/144249/Coder-of-Swiss-Wiretapping-Trojan-Speaks-Out
look, phonecrypt can not be trusted in a serious environment because it is not open source – if you use it for important things, you must be crazy. still in 2009 people do not understand – security + closed source is not possible! never! you can *trust* your mom or your wife – but not your infrastructure provider, stupid. secure communication must be based on open source tools, otherwise it is not secure.
Can someone please compile the source code and give me the excecutable ? maybe upload it at rapidshare or sumthin
The Flags for translations doesn’t match the language ;-)
Vive la revolution :-P
Minipanzer is showing some error. It has some dll missing. Here is the Exact DLL, it would need in order to test.
========================================
nspr4.dll –> this is a firefox library the tool is missing but it’s required.
===========================================
Thanks..
Also did anyone found the source of Megapanzer?
Je gratule! :-) !
Thanks!
The word is spelled “Criticism”.
Despite what some people say, Skype has never been secure.
It is relatively easy to hack skype accounts, skype does not even check if the same user logs in simultaneusly on different machines and what is worst, the second user can get a copy of all the chats….
Skype is good for housewifes that want to chat a bit with their kids, but for confidential conversations the use of strong voice encryption is required. In our company we tested many of them, we now keep with PhoneCrypt from securstar as it proved to be very good, stable, and with an excellent voice quality.
Thanks for the hacks.
oo.. cant wait to see this baby :D