Decoding the Skype Host Cache

The host cache in Skype keeps a database of peers that Skype talked to upon last running. A host cache is one of several bootstrapping technologies that peer-to-peer networks use to connect a peer into the overlay network.

The host cache is kept in the shared.xml file located in the users home directory. If you look at how the host cache is stored, it looks like a jumble of hex.

...41C8010500410502004C6E771C823B0001040002B981EDCE043
B981EDCE04000400050041050200180818ADAFD40001040002BBA6
8CCE040003BBA68CCE040004000500410502004A38D3323D990001
040002B981EDCE040003B981EDCE04000400050041050200972FBC
6464420001040002B981EDCE040003B981EDCE0400040005004105
02005169EEF23F930001040002BD81EDCE040003BD81EDCE040004
000500410502005C0F17B769F90001020002C481EDCE040003FA81
EDCE040004000500410502005C4A838623360001020002BB81EDCE
040003FA81EDCE04000400050041050200440AAA7D5EF100010200
02BC81EDCE040003FA81EDCE040004000500410502003AAC048...

A pattern does start to emerge and I wrote a tool to extract the IP address and port of each peer listed in the host cache. It is written in perl and requires the XML::Simple module. You can download the tool here.

I’ve only tested this with 2 different shared.xml files so let me know if you have any problems with it.

May 01 2009 04:27 pm | Scribbles

3 Responses to “Decoding the Skype Host Cache”

  1. Behrad on 19 Feb 2010 at 11:07 pm #

    Hi,

    It works but there are twice more data in between and what is that string which is used as the splitter?

    Behrad

  2. ryan on 20 Feb 2010 at 11:37 am #

    Hi Behrad

    The delimeter is 50041050200 that seperates the IP addresses an ports. There is a lot of data in this file that I have still yet to reverse. I’m sure someone with better debugging skills could decode the other data associated with the IP. My guess is it could be a weighting, so that skype prefers certain peers. Also, it could
    be the status of that peer, perhaps if skype was able to connect last or how many times a peer has failed, allowing it to be flushed from the list of peers.

    A fair bit is guess work at the moment, but it would be good to see this work extended further

    Cheers
    Ryan

  3. Daxal Desai on 21 Apr 2010 at 2:19 pm #

    Hey,

    Good tool. I am going to use it to see my list. I think for the VISTA users the directory for the shared file is

    C:\Users\[username]\AppData\Roaming\Skype

    All the skype data is stored under that one folder. Its pretty much a goldmine :P

Trackback URI | Comments RSS

Leave a Reply