«
»

Skype Reads Your BIOS and Motherboard Serial Number

Users of Skype that run 64-bit versions of Windows like me probably have noticed that when starting Skype, the following dialog box appears:

The program or feature “\??\C:\Documents and Settings\Myria\Local Settings\Temp\12\1.com” cannot start or run due to incompatibility with 64-bit versions of Windows. Please contact the software vendor to ask if a 64-bit Windows compatible version is available.

Well, that’s weird. Skype’s trying to run a .com file, which won’t work on Win64 because there’s no NTVDM. Let’s try opening it in Hex Workshop. Access denied? OK, I’ll terminate Skype to read it. Still can’t?! This thing is really starting to annoy me. I’ll use WinDbg to terminate winlogon.exe to force a kernel panic. I reboot and NOW I can read the damn file.

An unreadable executable file coming from Skype sounds interesting, so I look at it. It’s 46 bytes long. For copyright reasons I can’t post the file or a complete disassembly. However, I can describe the program in terms of 16-bit DOS C:

int main(void)
{
fwrite((const void far*) 0xF0000000, 1, 0xFFFF, stdout);
fwrite((const void far*) 0xF000FFFF, 1, 1, stdout);
return 0;
}

It’s dumping your system BIOS, which usually includes your motherboard’s serial number, and pipes it to the Skype application. I have no idea what they’re using it for, or whether they send anything to their servers, but I bet whatever they’re doing is no good given their track record.

In 32-bit Windows NT, including Vista, the kernel permits NTVDM to make a read-only mapping of the BIOS at address 000F0000. This allows DOS programs running under NTVDM to make use of the BIOS. That’s how this 46-byte program is capable of sending the BIOS to the Skype application, and also explains why they use this mechanism to begin with.

If they hadn’t been ignorant of Win64′s lack of NTVDM, nobody would’ve noticed this happening.

pixelstats trackingpixel

This entry was posted on Tuesday, February 6th, 2007 at 1:32 and is filed under default. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

269 Responses to “Skype Reads Your BIOS and Motherboard Serial Number”

« Older Comments
  1. Visa tiesa apie Skype ir VoIP technologiją « Daigtas.lt says:
    22. February 2010 at 8:23

    [...] klientas? Susidomėjusiems – Firefox profilo skaitymas nėra vienetinis atvejis. Skype aktyviai nuskaito BIOS nustatymus, kurie apskritai neturėtų turėti naudingos informacijos tokiai programai, kaip Skype. Skype [...]

  2. Skype: скрытая угроза | Интересное в сети says:
    17. March 2010 at 0:26

    [...] Skype Reads Your BIOS and Motherboard Serial Number – заметка в йНОго, разоблачающая махинации, скрыто проделываемые Skype, читающим BIOS и серийный номер материнской платы: http://www.pagetable.com/?p=27. [...]

  3. El Novi says:
    22. March 2010 at 12:10

    Привет всем!
    А почему собственно осНи программа вычисляет адреса йиОса и другие параметры системы Она вредить собирается? Она может делать обратную суППу иС части йиОса (напр. 1024байта) – Он ведь но изменяется программно (ну иНи почти) – почему-бы но использовать эти данные для аутентификации уникального ключа который используется для шифрования.

  4. Life is Short says:
    4. May 2010 at 3:40

    [...] and apparently, Skype Reads Your BIOS and Motherboard Serial Number upon startup. Now thats a nasty backdoor and privacy threat. What better way to catalog the [...]

  5. Peps says:
    26. June 2010 at 21:55

    Они могут накапливать в своей базе серийник вашей мамки + твой логин. А значит следить какие логины использовались на одном компе.
    Сам факт какого-то постороннего кода уже подозрителен.. Что-то здесь не то!

  6. Неодимовые магниты says:
    3. July 2010 at 22:31

    Прикольный биос получается!

  7. Tempe Dentist says:
    11. July 2010 at 19:25

    Yea and itunes installed something similar. I bet everything does

  8. ?????? says:
    25. October 2010 at 7:17

    I bet everything does.Yea and itunes installed something similar. I bet everything does

  9. Frak Jovine says:
    25. January 2011 at 10:18

    Thankfully this was solved a while back, but it could be re-engineered elsewhere. Nice post!

  10. ??????? ?????? ? Skype | ?????-???? - ??? ? ?????? [IFYS] Team says:
    12. April 2011 at 15:39

    [...] Skype Reads Your BIOS and Motherboard Serial Number – ??????? ? ?????, ????????????? ?????????, ?????? ????????????? Skype, ???????? BIOS ? ???????? ????? ??????????? ?????: http://www.pagetable.com/?p=27. [...]

  11. Borislav Sabev says:
    21. June 2011 at 4:22

    I;d rather they didn’t do this, but here:
    http://blogs.skype.com/security/2007/02/skype_extras_plugin_manager.html
    they explain why. Still, the Privacy Agreement is met…

    “Of course, in line with our Privacy Agreement, Skype does not retrieve any of this data. It is only used by the EasyBits software to ensure that plug-in use complies with the appropriate license token or key.”

  12. mean games says:
    15. November 2011 at 7:48

    mean games…

    [...]Skype Reads Your BIOS and Motherboard Serial Number « pagetable.com[...]…

  13. hacker hack hackers security says:
    19. November 2011 at 15:24

    hacker hack hackers security…

    [...]Skype Reads Your BIOS and Motherboard Serial Number « pagetable.com[...]…

  14. Pools gold coast says:
    27. November 2011 at 23:26

    Really i am impressed from this post….the person who created this post is a genious and knows how to keep the readers connected..thanks for sharing this with us.i found it informative and interesting. Looking forward for more updates..

  15. dom says:
    3. January 2012 at 3:06

    In this day and age its always good to be on the alert. We all benefit in some way when knowledge is power. Power to people i say! It will always keep these huge companys on the alert, instead of big brother watching us, its our turn to keep watch on them. Good post!

  16. eddi4 says:
    19. January 2012 at 0:25

    Teper’ skajp sam sebia obnovliaet, neobxodim DotNet.4 i kak minimum Vista, dla poiska. inache voobshe fignia na ekrane.
    Podozrevaju 4to on eshe i proveriaet vxodiashie magnet linki – tipa torrenta itd.

  17. AHMAD says:
    11. April 2012 at 5:24

    Scabi very good site and I want to subscribe to

  18. AHMAD says:
    11. April 2012 at 5:28

    200
    62326?+65
    3+

    5++

    965

  19. Von Datenschutz, Lizenzen und Privatsphäre ? schwarz-weiss.cc says:
    21. October 2012 at 7:54

    [...] (Quelle: http://www.pagetable.com/?p=27) [...]

« Older Comments

Leave a Reply

*
To prove you're a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.
Click to hear an audio file of the anti-spam word