|
KaZaA Out of the Underworld: Revealed at Last
hello fellow adventurers in the realm of P2P networking and especially to all of you KaZaA/Grokster/Old Morpheus enthusiasts
many of you whom have now switched to other filesharing programs to meet your demands and some of you even to altogether different networks such as Imesh, WinMX, etcetera....etcetera Here is what prompted me to start this little thread. Please have a look at this http://news.com.com/2008-1082-890072.html?tag=prntfr Now that you've heard the Spin I shall begin to unveal to you here the Truth as I see it remember to challenge not only their truths but mine as well... What is to come you ask? Refer back here often and I shall provide you with things you never knew before (at least some of you didn't know) and I hope a few of you may even surprise me with what you've held back in secret saving for just the right opportunity and time to reveal it...well friend that time is NOW Enjoy, :b: Harbynger |
thruth
Well lay on the truth then..
What I would like to know is did Ms. Hemming of the Sharman KaZaA company know that Mr. Griffin CEO of Streamcast had not paid his bill and was about to get the network chop chop when she bought KaZaA from FastTrack. Secondly, What is TankGirl going to do to your tongue. Bite it? |
Quote:
Quote:
sorry i'm a little lazy at posting info...i have a lot of it but it takes some time to organize it all and make it meaningful...putting it into perspective and all. but i am working on it. Some of what i may say probably should not be said at all...but there comes a time in every person's life when they must take a stand and for me that time is now. Are there other more important issues going on in the world?Yes why do this? just because I can. : ) |
Quote:
I had the last laugh though when he had to go without for 4 weeks straight. Didn't harm me a bit but Mr. Wanky was feeling mighty green after such a long drought. The moral of this story is: There is none 'cept teasing sux dude! :att: :SP: |
Quote:
Now let me offer you some comfort and a little reassurance in saying that I will not leave you forever wanting to know more on these things but I shall fully quench your desire and appetites to know when I am ready. (i hear a voice say, "you said you were ready now) I am but I move in my own time and when I move it will be powerful and swift without indecisiveness and the words spoken will be the truth as i see it. :) Now then how to proceed? shall I keep this thread with only facts or should i mix it with some allegations which may prove false? at any rate...a beginning needs to be made. sorry i have strayed off my intended course. Below is bullshit sorry that is the only way I know to describe it. Here is your last warning and disclaimer before I begin "laying it on thick" [Warning....if you do not like what you see here all you need to do is press the little back button located at the top left of your browser's screen....making a mental note to yourself that what you found here offends you so that in the future you will know not to make the same mistake of clicking on something you do not wish to read.] end of disclaimer on with the bullshit Okay i am proceeding with this day by day as the stream of thought hits me. what I do is test security mechanisms on the internet. I am a security concious individual who looks for and examines possible threats before they are made public knowledge. Now with that said I wanted to tell you all that I just as of today redownloaded the kmd.exe (which is the kazaa media desktop installer for version 1.60 of the KaZaA Media Desktop off of http://download.cnet.com (hope i gave the correct url) what does this installer do? That is an excellent question my friends. To put simply it just downloads this file kmd16_en.exe from other people who are running the KaZaA Media Desktop 1.60 software. Why is this interesting to me? 1)The kmd.exe makes no registry entries concerning KaZaA Net or "connection info" such as the <KaZaA Sigature> info that is needed by its installed executable which is paced with PECompact to about 1.67mb however when uncompressed reaches the staggering portion of over 3.2 megabytes. Okay more on this So what is the ramifications to made by studying just this simple installer file A)If this could be broken down and decimated into defining terms as to how it does what it does then this is a great discovery what it means to me is that it would act exactly like a download would in KaZaA media desktop only it would not allow or offer you the ability to share files or set upload limits... How doesit work? I'm not 100percent sure but it seems to rely on the same method as the gentle known as Indy has discussed at length in his other posts...meaning it appears to use the uuhash or "signature" for this file to download from other peers.... Now then since the Connection info (meaning the list of ip addresses that it scans first) is not stored in the registry...and neither is the Signature File (signature file referred to here as the encrypted key that is passed between KaZaA clients to allow them to communicate with one another) where are they stored? My guess would be in Memory....so what I did was do a memory dumpt the best way I knew how using an utility called Memory Dumper Pro however either I am not familiar with using this utility or maybe I just do not know how to interpret the results ...basically what happened was I got a lot of binary looking data meaning (to me) in the form of hexadecimal notation which to me unless it is in some kind of human readable form is meaningless. However I would almost bet that if the kmd.exe (installer) were uncompressed and decompiled or a hex-editor was used on it that it would indeed show the KaZaA Signature (encryption key which the clients use to communitcate with one another much like PGP key) For those interested I have a utility for breaking encryption schemes if you can identify at least a 5letter string in what is encrypted then the app i have will use that string value to decrypt the rest of the code. (warning I may be talking out of my ass here about things i know nothing about....if you think I am full of something....i advise you to go back and follow the instructions in the disclaimer...to those of you still interested read on...please) :) What does this mean? Basically to a few gifted coders this kmd.exe file could be reverse engineered to become the ulitmate Leech client for the fasttrack network by using hash files made with the sig2dat program by Indy :) Next Point Okay while using the new kazaa 1.60 i made sure to remove the bde projector all reg entries and clsid values and also replaced the cd_clint.dll with a dummy. I got some irregular port calls which I blocked with my firewall. I only allow the kazaa executable access on port 1214 (at least to my knowledge anyway) I use Atguard 3.22 as my person firewall and running Windows 98 with IE5.5 and SP2 installed I have a k6-2 500 mhz processor with 256 mb ram and a 13.2 gig harddrive (posted thisinfo in case its helpful to know what kind of system i am using. I also have a soya ema+7 motherboard) I have a few of the irregular port calls documented on my other website located here http://kickme.to/kazam (shameless plug....please visit also http://kazaa.mirrorz.com/ ) [/end shameless plug] I found a tip by a poster to the Napsterites forum known as I thinkit was Snarkridden (forgive me if i get the name wrong it is not intentional) whom said that if you do a search for resume.dat that you would be able to find all the info on a client that you wanted to and in essence see what the supernode sees...i don't know if i did this correctly but this does seem to work (more on this another time) What I did however was search for *.cab adn what this showed me was a lot of results that I thought were for people whom may have been sharing their entire harddrives probably because of improper setup although I've heard there is an exploit for this that involves more than just the common netstat -an ipaddress:1214 browser "hack" If anyone has more details on the realthreat please PM me with the information or email me at harbynger1901@hotmail.com Thanks for the info.... anyway here is the interesting thing I found I saw something for bde secure install so naturally I searched for or right-clicked and selected find more from same user sure enough this person was sharing their entire harddrive. Now get this...I think this caused or produced a buffer overflow in the kazaa app (my definition of buffer overflow is as follows: Memory is a temporary storage place for information each application you have open and running on your computer is allocated (allowed) a certain amount of space in "virtual memory" (i.e., your RAM 128mb whatever it is you have) and when this space is full ....there is no more room to add to it....so if somehow something happens that causes more information to be sent to this virtual holding or storage place and it is already full it would cause the program to crash and or hang your computer and you will have to reboot) Well thisis what happened to me...I got so many results from doing the find more from same user that is caused a buffer overflow or overrun in the kazaa executable and I had to reboot... Now get this...in the past all I would need to do would be to enter the person's ip address with port 1214 into the browser and I'd see all there was to see if they were sharing their whole harddrive like this fellow was....only this time for some reason I could not do that.... Makes me wonder if He/the guy/gal was blocking http requests on port 1214 with his browser of the new improved KaZaA 1.60 now acts as a better daemon (port guardian....more on this later as well) So far this as far as I got tonight ....and these are only observations on the program...this is not the seedy-side underbelly of the people and personalities behind this "great" P2P app....although I assure you that people with their "personalities" and attitudes to exist and there are great stories there....would any of you care to tell yours? Look forward to your input on my thoughts/observations/speculations and of course incessant rumour mongering btw Greetings to Goldenrod :) |
welcome to napsterites mr.t
Weird stuff harby! Sounds like all of us here need to get a KLUE!
lol :J: |
Quote:
qANQR1DDDQQDAwIaJmJyzIttl2DJNpz8eIKdM/iN6FRm9UTTauzxKg28ALbtCe0u zwCqZvRzZDy7dAshA7ByLG0RJi3keNEavzsqOA== =QhJN The first five letters are the unencoded test are: Decod. |
Resume.Dat = Napster Hangover?
When I do a search on resume.dat I just get a list of the users incomplete downloads from the days when they were using Napster.
|
harby you can go back and look at the posts concerning the last major security threat involving classic morpheus (incl. K&G) but for now let me say the crash you experienced was nothing more than your pc getting stuck processing the results of another users hard drive. it's possible in certain cases to scan a drive using more efficient methods than netstating them. when done, it often happens you hit someone with 100,000 files or more, someone with a drive exceeding 30 gigs. regular fastrack users know from past experience that the more files they share the longer the program takes to render them, and sometimes they'll quit before the job is finished. with file counts exceeding 3-4000 some users find they can't operate the program properly and have to cut back. what happened to you may be similar. so without me getting into specifics, if you'd like to check, do your search and find someone who reports having a high bandwidth with a very small gig count, ideally 0. scan and walk away. return in 15 mins or so. you should find your page fully loaded with the users' entire c drive. for successfull scanning of harddrives with higher gig counts, go out for coffee and smokes, or even a movie, say lord of the rings. but whatever you do, don't touch anything on your pc until grokster finishes loading the files! if i remember, you said you're on dial-up. if so you may have to go on vacation. tierra del fuego would be perfect.:)
it works. it just takes a Very - Long - Time. - js. |
re: ethen
yep...i could use one of those myself (a clue) :) re Scyth I tried and I failed Here is what I was using to attempt to decrypt the text: Quote:
Quote:
re: Jack Spratts Thanks for the Info Jack. You are helpful as always. Much obliged :) |
Quote:
I discovered a few other interesting things. Kmd.exe scans for incomplete downloads it the same directory as it if they match the signature/size/name of the file its supposed to be downloading will resume them but won't scan for more sources. Also, if you create a file called kazaadebug.log in the same directory as kmd.exe, status information will be placed in it. Finally, if kmd.exe fails to find any sources for a file within an alloted time, it will switch to downloading the file from the web. |
Well tim/harby,
I am glad your using your knowledge for good, and giving further advanceds in the world of file sharing. I am also glad your leaving me out of it. I think I had enough of messing with you on the kazaa forums / msn. Enjoy napsterites. Dont do anything crazy with these forums (hidden counters) the people here are good. Best of luck getting the kazaa loader to do what you want it to. If you do it would make for a good p2p app. I trust you will figure it out. You could look towards the old gift research in regards to kazaa. Also they had a white paper up from when the network was reverse engineered. Might give you some further info. When I made my KaZaA client for KaZaA orignally it worked pretty sweet, certainly looked better. Now though since all of the network changes etc, its worthless. Stupid niklas and his UI contests any way! Whatever you come up with, stick it to kazaa and stick it to them good. It would serve them right for all the spyware they push out. :) |
Scyth, your findings make me very happy. It looks like you may indeed have what it takes (knowledge and skill) to solve some of these mysteries for me...
lol how's this for the deal? I keep supplying the questions/theories/speculation and you do the research and provide the answers? (yeah...works for me...hehe) but seriously thank-you for taking some time to experiment with this..your findings are valuable.. [personal opinion]I feel that there are a lot of talented individuals out there that can contribute to this project if for no other reason than its fun for them to figure out how this works. I believe in my heart that there are many programmers/coders etcetera with varying degrees of talents and or skills or just plain ordinary maybe extraordinary talented and gifted people who may each possess some small piece that if we share our bits and pieces will eventually create a whole picture for this puzzle[/personal opinion] re: ethen Thanks for the support? ....I can only hope yeah Ethen it is I your old friend/nemisis but I think I have grown up a little since we last met... [desperate plea for help]Ethen i still would like to know about your research in skinning KaZaA (pronounced Kahz-Sah) Tell me were you able to do any more with it then the current version by Yuri called KaZaAlite? What I'm wondering is this: the traffic menu looked basically like a bunch of squares and rectangles....were you able to do anything special with it? more non-linear like introduce some curves and better look/design or feel to it. I see no need to flame you. I hope you feel similiarly. Water under the bridge.[/desperate plea for help] Moving on with one other question....did you just use the resource hacker program or do you have other means that I don't know about? (let's leave personal stuff out of this please. thanks) That's about all I can think of for now...Except I remember a program called Skins4all or something like that which no longer works now. I still wanna skin "my KaZaA" anybody know how and willing to show/teach me...it would be appreciated... Oh before I forget...Scyth you mentioned (in another post) that if the Bde projector were to be a requirement of the KaZaA executable to run that it would be "no problem" to edit it out as object oriented programming is (hope i quote you correctly) quite easy to do? Well currently now only the cydoor or the call for the cydoor is made mandatory by the kazaa executable...do you think you could fix this for me? Would you be willing to do away with the part of the program that calls for the cd_clint.dll file in the first place so that even a dummy executable or dll would not be necessary? If you would take this project on or attempt it...I would be most happy and so would the potential millions and billions of KaZanites out there who are looking for alternatives... The reason i ask you this is because in the KaZaA version 1.4 that i have in my possession (there have been dummies put out by Sharman over the fasttrack network to try and eliminate what is to them a threat) Okay why is 1.4 a threat...well Niklas/Janus and Edwin wanted to ensure that the network would continue despite a shutdown byt he courst system so this was a last ditch effort to keep KaZaA alive... why else would sharman release a client 1.34 with an older version number? They don't want to admit or draw attention to the fact that there is a client out out there...The KaZaA 1.4 that is capable of sustaining and independent Fasttrack network (that is if the programmers tried to lock it out of the current network somehow which currently they cannot) The only thing I get is a message asking to upgrade but if you select "NO" to this message it will still connect to current network of 1.4 million + users : ) Now then if object oriented programming is your forte...why not help us out here and eliminate the mechanism that causes it to ask if you want to upgrade? Do you think you could also determine what it is that decides that the client is too old to connect to the network? maybe use softice to setup some breakpoints on certain calls? and or use filemon/regmon to determine these.... This is all so very interesting to me...and I know its a lot to ask its also probably and impossible task but I thought I'd ask anyway... you never know around here. :) Cheers and some of these :beer: all around, Harby :SH: |
Sorry, but I'm not blessed with technical skills but.......if I said it once, I'll say it again.
My war cry is: "Beta tester in the house!" (when you're ready.) Keep up the brainstorming guys, those of us hiding out in the peanut gallery are cheering you on!! GR :beer: |
Quote:
Monetizing P2P.... Has kind of an ugly ring to it, doesn't it? |
Scyth you are a Friggin' Genius!!!
I am so damn happy i could (oops i did) shitmyself
Scyth your info on the kazaadebug.log was extremely damn helpful to me. Here is what I've got so far. I have the normal KaZaA 1.6 installed to the default location of c:\Program files\KaZaA well I had the 1.4 version (executable only on my windows desktop) I got to thinking about Scythes comments on the kazaadebug.log so i created a "kazaadebug.log" on my windows Desktop and fired up (double-clicked) on the Kazaa 1.4 executable... Results: 1)I got the would you like to update message? which i promptly dismissed Then 2)My firewall detected that the kazaa.exe (version 1.4) was trying to connect to port1214 to address supernode2.kazaa.com and also to supernode.kazaa.com most likely this is where the hosts lists are stored for the client (i'm assuming this i do not know for certain that this is the case) well I blocked access to these two locations with my firewall..whoops i forgot to mention one thing before i started the kazaa.exe program on my desktop (1.4) i opened a dos box (prompt within windows) and i ran this command: debug c:\windows\desktop\kazaa.exe /R honestly i don't know what the debug is or how its used (something to do with assembly and being able to pass machine language or code instructions to a program at very rudimentary levels....unfortunately for me I am not up on ASM or assembly language or windows assembly language..is anybody here familiar with it? well after I got my prompt that it could not connect (actually i never got a prompt it just kept saying "connecting" at the bottom of the screen 3)However after I blocked access to these two ip address (the two supernodes) i immediately made a copy of the kazaadebug.log (that I had originally created as an empty ascii text file BASED ON the recommendations and or experiments of Scyth above and low and behold here are the limited results as I made this copy very quickly after the connection attempt (to the fasttrack network failed) here is an excerpt of my results: Quote:
and let's make for ourselves a better P2P experience. Thank-you all call me now the KaZaNite (defender of true spirit behind P2P) :D |
here is that complete log...after I closed the client.
looks like it realises when it can't connect and eventually stops the trying to connect process on its own (not sure what the time limit is but I don't think its over 5 minutes) Quote:
I will post more info when I have something else to add or a comment to make. Cheers, KazaNite (reviving the Spirit of Productivity in P2P) :P |
How 2 Debug KaZaA by Scyth and Harbynger
Hello all. It was clear to me that my example above may not have too clear and quite possibly could have left some of you in the dark about what is being done.
I hope to remedy that now by posting this tutorial below (which will be in quotes) This way each of you (who run Windows 98 can follow along with me and or "us" and reproduce the results of our experiments for yourselves) Quote:
Thanks, Harby :) |
Well by replacing the executable only from a working version of kazaa 1.6 with the older version 1.4 executable in
C:\Program Files\KaZaA folder and running the debug command I was able to determine where the "upgrade notification" is being drawn from. It is comming from the My Shared Folder in KaZaA in the form of of a downloadxxxxxxxxx.dat file where "xxxxxx" is a series of numbers. If I do this right I will attach a zipped version of this file (uncompressed it is a 100kb....zipped its around 16k) Here is the file. I am asking Indy, AYB, and Scyth and any other programmer's or techies, crackers or talented and gifted people to please look over this file and tell me your thoughts. Thank-you Harby : ) |
sorry all for turning this into a programming thread...but I am trying to understand how this software works...my reasoning is that they fukked with us first (Altnet) so now its time to fukk back (rework their code to do what we want it to do)
Okay I found the correct command to use to get the debugger working on the kazaa executable located in the program files\kazaa folder I also found an easier way which Scyth was the FIRST to discover (i try to give credit where it is due ...thanks, Scyth :) ) Now then the easiest and most Laymen'ts way (meaning even I could do it) to run the debugger on the kazaa is to do eXactly as Scyth indicated above only instead of putting it in the same directory as the kmd.exe put the text file called kazaadebug.log inside of the directory you have KaZaA installed to. Meaning if you installed KaZaA to c:\program files\KaZaA then put your plain ascii (text file) called kazaadebug.log in that directory... then whenever KaZaA (any version is run from that directory) you will get a debug report by opening up the kazaadebug.log at the end of your KaZaA session you will get all kinds of great information concerning what is going on. Right now I've found this out from the debug log and viewing changes made to the Network_Config key in HKLM software KaZaA its is showing that the "upgrade notice" is NOW a part of the network_Config info and that the encryption has been increased from 9bits (in Kazaa 1.33) to now 41bits (which is a hell of a lot stronger) BTW Scyth what encryption was that you used above in the test or "challenge" for me? I've seen the EXACT same kind of encryption used on the www.kazaa.com website on port 1214 and also on the supernode.kazaa.com port 1214 server as well. If you can tell me what it is I'm trying to unencode it would be a big help thank-you all for contributing please continue your efforts...lets crack this thing once and for all and have a really truly independent network based on the fasttrack technology. :) |
why do I feel like Jerry Springer here?
well here I am with a Final thought
ladies and gentle the new encryption scheme KaZaA is using and its autoupdater mechanisms have been able to effectively shut off the KAZAA version 1.4 of the client...so it appears my thoughts about it being a "superclient" were wrong...Indeed... however I'm not through with trying to understand how this particuliar client does its dirty deeds...One word of caution the KaZaALite is not really a "hacked" or a "cracked" version of KaZaA it is only a "repacking" of KaZaA so if you use either KaZaALite or KaZaA/Grokster (maybe even Imesh too) then you are effectively giving up control of your personal information (i've seen it collected in the *dat file i discussed) and your computer to Sharman Networks/KaZaA just a final thought...my word of warning... okay what is the NEXT big thing? first it was Napster then Morpheus/KaZaA where do we go from here? is opensource the way? your thoughts please... Thank-you, harby (over and outta heyah) |
Gosh..
Harby, (scythe)
Fascinating reading, I liked the kazaadebug.log tip, that makes for interesting viewing, and it also works for grokster-based clients, including iMorpheus. Strangely similar results too... Not sure what you're talking about regarding that zipped up dat file you posted, is that not just a KMD version 1.51 installer that got automatically downloaded, it doesn't appear to contain any personal information. (TIP: Don't allow the client to automatically download updates without your say-so!) One thing the log file showed me in detail was this "recommendations" nonsense that Kazaa is so proud of. I still can't work out how all these crappy song titles (which are nothing to do with what I've been searching for, are sharing, or are even interested in) appear on my C: drive in gr_colin.current and gr_colin.previous (db folder), or what I'm supposed to do with them, they don't crop up in the Recommendations lists of Kazaa Lite, it's all a bit odd.. Anyway, my preferred client at the moment is iMorpheus, because being based on Grokster, it doesn't contain them.. |
Hi, Colinmacc : )
Here let me show you another piece of interesting information. Oh and regarding the download.dat file above. I did have the option checked in my KaZaA which said Not to Install Updates without Asking however that got downloaded anyway without my persmission. So i guess it still downloads things regardless of whether you want them or not but it does for a fact ignore my warning of not updating without asking me as least where changing registry entries is concerned. I've found that the MAXIMUM number of current hosts (ip addresses) that are stored by the KaZaA client in the Registry and any given time is 200. I've also found that there is now a CENTRAL "login" or "registration server" which only checks to see if you are using the latest versions of the client. If you are not using the lastest version of the client then you get your client turned off (meaning registry settings are changed that won't allow you to connect to the KaZaA network. Here is a list of those Authorization servers: [EDITED] Darn it looks like I erased them but they can easily be found again by going into your registry. HERE IS the SUPERTRICK I found that might give a clue as to the encryption (and Scyth why no answer still on what type of encryption that was you used above?) Goto REGEDIT and navigate down to HKEY_LOCAL_MACHINE\Software\KaZaA Select Network_config and Modify and just read what it says there. (If you have installed the latest version of KaZaA 1.61 then the information in the registry that entry should contain similiarities to the download.dat file I attached to the post above earlier in this thread...if you read this key FROM and THROUGH the windows REGISTRY it will show you what IP stack this version of KaZaA uses the new vesion uses [v3] of the KaZaA protocol or Fasttrack P2P stack the installer I mentioned earlier only uses [v1] Its interesting the network has 3 layers I've yet to see anything that uses version 2 of the p2p stack or KaZaA protocol. You can also see what the current encryption is (as of this writing it is at 41bits however for a non cryptologist kind of person I am any amount of encryption is over my head) As for personal information I have not included any of the dats off my computer that contained any personal information about me for the sake of my own security I would not post these things but I might if its necessary to get furthur help. I wish I had some programmers who are familiar with C and some others who know encryption/decryption techniques that could help me out here...it would be greatly desired. Please give me some tips if any of you are working on this problem yourself...Let's share our information and work together. I cannot stress the importance of sharing information even if its only a hypothesis.. You will see I've had my theories and hypothesis proven wrong. When they are I accept my fallibility and move on to forming the next one. : ) Don't let the dread of EGO get in the way of a computer-related and programming breakthrough or success (especially if you are talented in any of these areas and can and are willing to help me..its greatly appreciated....how 'bout you Stoepsel? (probably spelled your name wrong, sorry :) ) [KEY ITEM] for you gentlemen who work with binary and hexadecimal numbers and code.... Try This Try exporting the registry key I mentioned above (yeah the whole key HKEY_LOCAL_MACHINE\Software\KaZaA to your desktop and look at it in a hex-editor like UltraEdit or just a plain text editor like EditPad Classic Note how the values in Network Config are expressed as just plain old D-word values (hex) and even when using UltraEdit (the one I thought was the best hex-editor out there) YOu CANNOT see the same information I saw in the REgistry by selecting network_config in the registry and then choosing MODIFY (changing nothing.....only reading) So why is it I'm able to see or gather more info (non-encrypted and in human readable form) from the windows registry then I can by simply exported this key to my desktop and opening it up in a hex-editor (I may never know unless some of you brilliant genius's out there get cracking and tell me/us the answer) What about it? any takers? Can anyone explain this to me? There is so much more we can go into....but until I have your interest I will keep silent. Quote:
A word of warning for you though KaZaA/KaZaLite/Grokster access OTHER port numbers besides 1214. A Port is like a Door or Doorway to your computer...usually a program (any networked program that uses the internet for something) has the ability to open up and create these "doors" (ports) on your computer. The good thing about it is that when the program is not running these "doors" or ports should close. :) Take this for example: Run your KaZaA/Grokster/KazaLite program and then click this link http://127.0.0.1:1214 If you are sharing files with KaZaA/Grokster/KaZalite then this should show you a list of the files you are sharing. the 127.0.0.1 is a way for the computer to "refer back to its self" it is the address of your computer which stands for or represents its self also called localhost Now then close the browser window and close KaZaA (completely even the lil' system tray icon) now click the link above Again. You shouldn't see anything at all except maybe an error message about not being able to connect to that address... This means that the "port" or "doorway on your computer" is now closed. Well in addition to this one door I've found KaZaA creates at least 20 others that are NOT MENTIONED in the Terms of Use or documentation at all. In my unhumble opinion....KaZaA/Klite/Grokster SHOULD not be doing this...I consider this to be an INVASION of my territory and my personal webspace by opening up these "other ports or doors to my computer" It the (Fasttrack program) makes me/you/us vulnerable to a number of things (hacking for one thing) but it seems the only one taking advantage of these UNDOCUMENTED port accesses is UNIDENTIFIED "partners" working with Sharman Networks (the current "owners" of KaZaA) BEst Advice is this: DO NOT GIVE KAZAA COMPLETE ACCESS TO THE INTERNET OR THE ABILITY TO ACCESS "ANY SERVICE" AT "ANY ADDRESS" Instead use a good firewall that allows you set rules for programs and applications Norton Personal Firewall is a good one to use and then only allow KaZaA to do this only allow for OUTBOUND traffic on port 1214 to anyservice at any address (TCP only) and only allow for INBOUND traffic on port 1214 from anyservice at any address (TCP only) Do NOT allow UDP traffic on port 1214 (either outbound or inbound this is not documented and it does not affect your ability to search or recieve downloads) Hope this helps you... Now then...tell me about this thing you call IMorpheus What is IMorpheus and how do you use it? Much Obliged, -Harbynger (defender of the Public's rights NOT 2 Be Xploited] |
imorpheus
http://membres.lycos.fr/bakamx/fichier.php?id=67
Try the above link for an iMorpheus installer, it's a spyware-free version of Grokster 1.5.1 with a "Morpheus" flavoured skin, connecting to the main FastTrack network and working a treat.. I'm afraid you've lost me on most of the rest of your post. I know about ports, and I know that KazaaLite does things I'm not aware of, but I try to limit the damage by using adaware regularly and keeping vigilant on any new files that appear. I got a bit familiar with the FastTrack registry entries after Morpheus got switched off in an attempt to reconnect it, but like you I couldn't make head nor tail of alot of the stuff in the network_config key. I had limited success with restoring the registry key from the time I first installed Morpheus, but eventually that stopped working too, persumably when all the old Morpheus supernodes got killed off. The thing that worries me about the recommendations is that if the system is dumping these files full of lists of things people are sharing onto my c: drive behind the scenes, might it also be dumping lists of the things that I am sharing onto other peoples c: drives without my knowledge? As I said, iMorpheus (above) doesn't do this, and it also has alot less registry entries (It uses the same registry keys as Grokster) It's worth checking out anyway :¬) Keep probing! Colin. |
Quote:
|
thanks, Scyth now how plausible/viable do you think this link is:
http://216.239.51.100/search?q=cache...22PGP%22&hl=en If this is possible then it looks like to me that KaZaA is using some sort of network protocol stack encryption (end to end or link by link) in its correspondence between clients and servers based on some form of the PGP-key possibly even the one you used above. P.S. re: Snowman how plausible do YOU think any of this is and would you be able to make your own p2p client work independently without knowing the key based on in of the info in the link contained within this post? I need some brainstorming people. I want and independent fastrack network Btw there is something called either KaZaA Media Libs or Media Libs in the tarball that I downloaded with Linux client of KaZaA (back when it was supported) could this offer us some clues? Thanks, Scyth btw Stoepsol how is your progress coming and your idea for the P2P app? and you too AYB...what about it where do you stand? and also H@xor...i have not heard too much from you lately...how goes things. Thanks, harby :) |
"yeah Ethen it is I your old friend/nemisis but I think I have grown up a little since we last met..."
I hope you have too. Must be diffrent meds? You seem a bit more stable. lol JK. "Ethen i still would like to know about your research in skinning KaZaA.." I trashed it all long ago when I realized what a shame kazaa was. The only thing I bothered keeping on CD was all the old p2p tech stuff. I did have my original UI's, If I wasnt so lazy i would find the cd and grab the screen shots to post them. "Tell me were you able to do any more with it then the current version by Yuri called KaZaAlite?" I did not have to remove any heavy spyware, as back then the only spyware/adware were the advertising banners. There was a hidden email section though, a in box and out box like feature. i think they were going to run a free email service to orignally. That was the only easter egg I ever found. I just did allot of re structuring of the UI. Aswell as changing of the layouts. There was so much crap going on at kazaa. it was seriously a waste of time. I dont know why I ever bothered posting to the forums in the first place. Although when you came along, you did add some excitement. Your jae dog, password grabber was brilliant. I am surprised so many ended up being taken in by it. The hidden forum was also fun. As was the daily excercising of my creative flamming. "What I'm wondering is this: the traffic menu looked basically like a bunch of squares and rectangles....were you able to do anything special with it? more non-linear like introduce some curves and better look/design or feel to it." Yeah, i gave it an early whislter look. From when xp was under development. Wanted it to all tie in well with the new os. Turns out xp changed drastically aswell from the early beta builds, into that luna teletubbie crap. "I see no need to flame you. I hope you feel similiarly. Water under the bridge" Yeah, those were fun days, but since kazaa closed, so did my flame chapter on ya. I have found more nuts, such as micksie monsta here, and other places on the net. However I have gotten bored with culture jamming lately. I have closed my troll diegest/community slink. So no more need for material. I like the misanthropics bitches style of hashing up news articles better, as a form of trolling. Aswell as making news jamming sites on CNN. "Moving on with one other question....did you just use the resource hacker program or do you have other means that I don't know about?" Nope, resource hacker is only good for making clones kinda like refrosearch was. "(let's leave personal stuff out of this please. thanks)" no worries. Like I said, a closed chapter. "That's about all I can think of for now...Except I remember a program called Skins4all or something like that which no longer works now." That was the web based out fit, from back awhile ago I think. I used a xml method, for the skinning, and rebuilding of the gui. Essentially kaZaA had to be stripped of its gui first, and re mapped using that forum. Similiar to the way the open source project free amp uses themeing. I posted that to gift begging them to implement a similiar kind of themeing system, allowing the ui to be left up to the end user if they are tech savvy, or for theme developers, to produce for those who are not. I havent read up on what gift has been up too, for months now. I should go take a peak. Your also right about the kazaa 1.4. Fast track was working on the crapy linux version, and didnt want gift to out shine it. This also is the hurdle why developing a p2p app from the kazaa program is a waste, as they can transverse the keys at any time. Rendering rouge netwrok clients useless. One needs to develop an open source intitave for a fast rtack like network, that way it is community controlled. Simply reverse engineering the clients etc, is no good except for being able to learn and clone the exisitng fast track network. There are a few projects around that are attempting this. However with the installer you migh be on to something. Have you tried pooling your info with some of the other projects such as openFT? Either way best of luck, and sorry I cannot help you out any further. There are others here I am sure that can or would. Stopesol is one that I think understand the network pretty well. Prehaps he can also give you insight. Eventually the good people here will all figure out some kinda napsterite spawned p2p app, and it will be a good sucess at putting p2p in the hands of the people, where it belongs. If you timmy, get your own p2p app running my only advice is not to hire jason as your customer service rep. RE: "How dare you!" lol Cheers, Ethen. |
how to roll your own
Harbynger:
The fastest way to your own FastTrack client is to buy one. Then you can configure it anyway you want. Forget that HEX editor stuff. Janus Friis and Niklas Zennstrom of FastTrack I am sure would be delighted to hear from you. Niklas e-mail is niklas@fasttrack.nu. Make sure you have a sack of large gold coins with you. It won't be cheap. I would guess that you could get started for about 250K US$. Might have to promise your first born also. :) Anyway, if you ever talk to Niklas and it turns out that you have to go see Ms. Hemmings of Sharman Networks let us know. It has never been clear who really owns the network software now. We would all like to know. Cheers. |
|
Quote:
when did I say that I was (thinking of) working on a p2p app? AYB is working on one and we're all anxiously awaiting its arrival. But if you are waiting for my p2p app, you will probably grow old doing so. :) Maybe you got me mixed up with someone else? Stoepsel |
Hi Harby
Long time no see. First off I would like to say what an exellent thread...... So much talented people, and so much information, Im very impressed by the knowladge of the peeps that surf these boards. Somehow I think that with all the knowladge here we might find a solution to all our problems. H@Xor :hax: |
Hihi,
My p2p app will include access to the fasttrak network in some way or another. I'm not really at the stage where I can start coding the support for it so I haven't been keeping too close an eye on this thread, I really need to sit down and have a read through :D As far as becoming a FT client, I doubt they supply the P2P stack as source code, its probably distributed as a precompiled library. Ever wondered y all the FT clients seem pretty much identical? :) Lack of things u can actually do with FT's solution mebbe? :PO: I'll stop being so rude and take the time to read this thread now :) |
hello, Stoepsel yes you are indeed correct I had gotten you mixed up with this gentleman Spikologia ...so I should say Spikologia what have you been up to lately as you were my inspiration along with Snowman for trying to understand this network and how it functions. :)
Hi AYB, l look forward to your P2P application. I got first dibs on being a beta-tester too! (ha [sticks out tongue at the others who were not so foreseeing as to call "first dibs"] :) Hi H@xor...how is "our project" going? I'll see u in the batcave soon i hope :) I'll do a full tutorial on how to obtain the key that allows you to communicate with other fasttrack clients. Downside is a)now that its known and understood its very easy to do b)You can now get r00t access on anyone's computer running KaZaA/K-lite/Grokster/I-Morpheus so I may leave out a few details to avoid hacking and or hack attempts by the curious among us out there ;) |
Harby
Leave out as little as possible, cos anyone that knows how to hack the clients, already does it... those that dont, well they aint missing much....... no different from using the GUI i suppose. Its not a security threat....... unless you keep ing somthing from me, LOL More info = more results H@Xor :hax: |
About "our project" - depends on how you look at it..... is the glass half empyty or is it half full......im an optamist.
I have found a few peeps that have there own own skills that maybe able to help in there owm little way. One of them is very famous in the "underworld" but i will not disclose his name until he gives me permission to. but all in all, i am stuck with the same problems as before. but we will overcome this! Anyway... when i am truly happy with the facts, I will post my findings on here...... ...... the only way is to share. H@Xor :hax: |
Re: Your message...
Good screen shot timmy. Gift has an IRC channel. Why not go and just introduce yourself? |
Quote:
Try this: File: surprise.mp3 Length:5845871Bytes UUHash:=1LDYkHDl65OprVz37xN1VSo9b00= for your inline memory modifications and see if you get better results if you need more info on how to get exact filenames (and in some cases "not-so-exact" filenames with these UUHashes you just let me or Indy know, okay? Cheers, Timmo aka (Harbynger) :) |
|
nut 'n' honey
since this would fall under the catagory "life changing peer to peer news" how about a link harby? nothing on gibsons' page. nothing on google for metamorphesis.exe, metamorphesis peer, p2p etc. nothing using some alternate spellings in combination with peer to peer and out to 10 pages. there's one german site but no text - just a parent directory with one download. so a few games for kids is about all i've found (butterflies)... - js. |
Like Jack, I am skeptical of this without any evidence, and I haven't been able to find any independent verification of this. (I've been looking all morning)
From what I know about Steve Gibson, I'd be surprised if he condoned this usage of nanoprobe technology, if indeed that is what it is... Reveal your sources, Harby! |
nanoprobe -> spinware
This is not possible for three reasons:
1) The algorithm in the FastTrack is hard coded in the .exe as machine code by virtue of a unknown c compiler and windoze linker. Not to mention the .exe is mangled by a post linker called PEX. 2) To change such algorithm you would have to patch the .exe machine code. 3) FastTrack supernodes work on the basis of known communication strategies with no way to force the inclusion of a outside strategy nor revert to a previously used strategy once it is expired. For instance to change the strategy they release a new version of the .exe like 1.3 -> 1.3.3 -> 1.5 not download a new set of one-time pads. This is done to prevent malicious access to the network as a whole. This is all documented on-line if you look around. Harby, do us a favor and either document your wild claims or stop making them as it is getting borrrrring. |
|
we just want a link. :)
- js. |
sorry about the rumour-mongering earlier. the program i downloaded came off of an irc channel bas something or another...and it basically did nothing unique and was pretty buggy.
it may just have been someone's attempt at a parody. here is the link http://news.com.com/TechNews/Kazaa.html oh snowman i have been looking for at least six months for some of that info you claim to know the whereabouts to....how about some links? please or at least tell me where to look. i can do my own research... thanks :) |
Quote:
I can't even say nice try, because it isn't the least bit clever, lame yes, but clever? No way... :tu: How could anyone beleive this? (What gave it away was the size of the font was too big when the page opened. That and the Geocities address...) :rofl: |
what about funny?
buzz you forgot funny and did you fail to read this part: it may just have been someone's attempt at a parody and i give the link...i thought it would be obvious that it is a forgery and a fake but looks like you missed that part. :\ |
Timmy, Timmy, Timmy.
Funny stuff. |
I don't know guy, you seemed pretty serious about it in the two edited posts of yours.
Then you call it someones attempt at parody, and then hide the geocities link... Are you saying that you believed it when you first saw it? or what? :PO: |
buzz i am saying that exactly...don't believe all the hype you hear
in warez channels...when i first came to that site...i did find it odd that it had a geocities ad window...but the rest of the stuff looked pretty real. the program i downloaded did a lot of general protection faults i might have a virus now. so yep, i got fooled and wanted to show others how easily it is. no conspiracy just overenthusiam is all... |
Quote:
|
a note:
editing for style or grammar without notification is usually acceptable. nobody likes to spot a typo in their post written on the fly anyless than i do - and i hate it. furthermore those automatic "edited by..." tags are distracting and normally unnecessary. but i'm going to have to put 'em back in if we start editing for primary content without saying so. if an entire post is removed without alluding to content, after replies are made, it can often disrupt what follows, and it can make others look bad or at least nonsensical. this forum has influence beyond its’ membership and as such leads by example. having said that, and since some fact checking was done and a post was apparently found to be premature and pulled, i consider the matter closed. :) - js. |
hi once again, jack spratts....i think i see your point...
for those of you a little lost ...here is the story I found a flaw in the KaZaA technology a vulnerability if you will and an "exploit" which up till now i've yet to share but will now do so. Here is the exploit: Tools you will Need GetRight (version 4p3 works great for me) Latest Version of KaZaA/Klite/Grokster How its done. Try this simple tutorial first and once you get the hang of it use it to amuse your friends...hell make a java or perl script to automate the process... okay here goes First thing you will need to know is an ip address for a supernode How to find a supernode? simple just use the getright webbrowser to connect to this address (while running KaZaA/Grokster or K-Lite) http://127.0.0.1:1214 See all the great information you get? Here is what I got when I connected to my port 1214 with the Getright webbrowser (with KaZaA up and running and connected to the fasttrack network) Connecting to: 127.0.0.1 GET / HTTP/1.1 Host: 127.0.0.1:1214 Range: bytes=0- User-Agent: X-Kazaa-Network: ??? Accept: *.*, */* HTTP/1.1 200 OK Content-Length: 5292 Accept-Ranges: bytes Date: Sat, 04 May 2002 06:17:52 GMT Server: KazaaClient Mar 30 2002 23:23:10 Connection: close Last-Modified: Sat, 04 May 2002 06:17:52 GMT X-Kazaa-Username: Shellybelly X-Kazaa-Network: KaZaA X-Kazaa-IP: 67.226.238.91:1214 X-Kazaa-SupernodeIP: 68.9.104.199:1214 Content-Type: text/html (Got 55 files in web page http://127.0.0.1/.) As you can see in the example (real example) above I am connected to the supernode ip address of 68.9.104.199:1214 So that is how you get your first supernode ip address...check out the picture I am attaching. |
But for this example I will show you how to connect to the
following address: supernode.kazaa.com on port 1214 well friends. Getright's webbrowser has a wonderful option which actually allows you to set the user-agent from the information I gathered above i gleaned that X-Kazaa-Network: KaZaA was a viable option to use as an user-agent for connecting to the KaZaA Network. Another favourite to use is X-Kazaa-Network: ??? and finally this user-agent also works wonders as well: X-Kazaa-Server: KaZaA see the screenshot for where to change your user-agent in Getright :) |
Got your user-agent field set up right now in Getright?
Good let's move on by A)closing and reopening the Getright Webbrowser....this will get rid of the 127.0.0.1:1214 address and any folders which showed up when you connected to this address earlier. now B)Type this in exactly as shown below in bold: http://supernode.kazaa.com:1214 and press enter.... what do you get? You should get something like the below screenshot: you didn't get very much information this time did you? you should only see something like the below: -----StartRequest---------------2002/05/04-02:32:01----- Connecting to: supernode.kazaa.com GET / HTTP/1.1 Host: supernode.kazaa.com:1214 Range: bytes=0- User-Agent: X-Kazaa-Network: ??? Accept: *.*, */* (Got 0 files in web page http://supernode.kazaa.com/.) see pic |
So what do we do now?
A1)we goto regedit and type and open up HKEY Current User Software>KaZaA>User details... look for password and username jot these down and keep them handy... see pic: |
Now take the username and password found in your registry for KaZaA and enter these values into the getright browser under the login and password fields:
see screen shot: below in my case my login name would be : Shellybelly and my password is e882b72bccfc2ad578c27b0d9b472a14 evil genius tip *note KaZaA forms the password by taking the value you enter in for "username" and running its encryption scheme on it to give you a valid password which i believe is done by adding the value of your username and the password together and then XOring them and finally doing the PGP-key dance to make them and it valid. |
Make sure that after you enter something into the login and password fields of the Getright browser that you goto ToOLs>
Clear Cache and clear the getright browser's cache before pressing enter. Now after entering the values for the username and password contained in your registry for kazaa into the login name and password fields of the getright browser (with user-agent set as X-Kazaa Network: ???) and pressing <ENTER> we not get a little more information In my case I got the following: -----StartRequest---------------2002/05/04-02:43:56----- Connecting to: supernode.kazaa.com GET / HTTP/1.1 Host: supernode.kazaa.com:1214 Range: bytes=0- User-Agent: X-Kazaa-Network: ??? Accept: *.*, */* Authorization: Basic U2hlbGx5YmVsbHk6ZTg4MmI3MmJjY2ZjMmFkNTc4YzI3YjBkOWI0NzJhMTQ= HTTP/1.0 404 Not Found X-Kazaa-Username: anon25084 X-Kazaa-Network: ??? X-Kazaa-IP: 213.248.107.11:1214 (Got 0 files in web page http://supernode.kazaa.com/.) What is important here is the value under X-Kazaa-Username which in this case is anon25084 and also where it says: Authorization: Basic we will use both these fields. Now what you do is go back into the get right browser and change your username to that of the supernode's which is in this case anon2508 and change the value of the password to the information returned by the KaZaA server (supernode) which is in this example: U2hlbGx5YmVsbHk6ZTg4MmI3MmJjY2ZjMmFkNTc4YzI3YjBkOWI0NzJhMTQ= Now to change or enter a value in the password field of the getright browser you will need to select all and press CTRL-V to paste and if you need to copy anything which you will from the information field in the getright browser you can use CTRL-C to copy any text that you need to. Okay got it? Let's make sure: After connecting to the supernode for the first time using your username and password the supernode will tell you its username and password (which is part of an extremely long PGP-key) and you will need to repeatedly connect to the supenode in this manner each time chaning the value of your password to match the value returned by the KaZaA server or "supernode" after you do this exercise enough you soon gain "trusted" status kind of like Spoofing i guess in that it thinks you are on the same network and have authorization to access its files... Here is another screenshot: |
Q) How often do i need to keep connecting to the supernode before i am giving access to the files?
A)you keep following the procedure of connecting to the supernode (make sure you clear getright's browser cache each time before pressing enter) until you no longer get the 404 or 403 error getting directory contents message... when this message stops showing you can now browser any directory you want. Supplement notes: The password that gets returned with each connection to the supernode can will get very large eventually. So remember to use CTRL-C to copy and CTRL-V to paste instead of clearing out the old password each time just single-click in the password box (it might be right-click and select the option Select-all then use CTRL-V to paste the new password (the username stays the same after you change it the first time to match that of the supernode you are connecting to) Tip2 make sure to clear the browser cache before pressing enter. Tip3 if you don't know the name of files contained on the server try guessing a few like C:\ or hda0 or .files etcetera... Have fun with this tip but remember hacking is cutting limbs off so be careful not to that to yourself with these tips. :) |
Finally the Moral of the Story for the people who still don't get "it"
This article or post is not about "hacking" it is about how the p2p network of KaZaA works. Basically it can be summarised this way. The client (your kazaa) connects to a supernode (it exchanges a key that was created by the value you entered in for your username...KaZaA created a password automatically "behind the scenes" and added the value of the username you put in with the random password it created. XORed those values and then encrypted them with PGP-key) Upon connecting to a supernode your client gives its PGP-key (the password i just mentioned above) to the KaZaA-sErver (superpeer) that it connects to...it then gives you its pgp-key back which your client returns the value back at which point the server gives you a little more of the pgp-code then your client just repeats back what the supernode tells it. Basically what we have done here is to go throught this process manually using the very excellent Getright Webbrowser as our go-between and "psuedo-fasttrack client" Okay geniuses get to work. and Snowman i want those links, please...thank-you :beer: |
interesting
Harby my friend, this is rather interesting side effect of the FastTrack stack using HTTP protocol. FastTrack clients have a small limited HTTP server in them.
But you have yet to really communicate with the supernode client. What I mean by that is: 1) discover other peers; 2) discover all the peers and supernodes an active supernode knows about; 3) submit a search to find a file to a supernode; 4) download a file discovered in step 3. You have discovered info about a node. I don’t disagree that it is interesting. However what you are going to need is info about the links that bind the nodes together in a network and how to traverse them. What makes FastTrack FastTrack is the linkages and their automatic development in real time not the nodes you are poking at. This is genius of the network stack. What you seem to have discovered is huge security hole in the client itself where you can fool a client in the supernode mode to give you any file on a hard drive. This is amazing in itself because of its implications. |
| All times are GMT -6. The time now is 03:27 PM. |
Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
© www.p2p-zone.com - Napsterites - 2000 - 2024 (Contact grm1@iinet.net.au for all admin enquiries)