Thread: KaZaA Out of the Underworld: Revealed at Last
View Single Post
Old 29-04-02, 08:23 AM   #23
butterfly_kisses
Napsterite
 
butterfly_kisses's Avatar
 
Join Date: Apr 2002
Posts: 138
Exclamation
Hi, Colinmacc : )

Here let me show you another piece of interesting information. Oh and regarding the download.dat file above. I did have the option checked in my KaZaA which said Not to Install Updates without Asking however that got downloaded anyway without my persmission. So i guess it still downloads things regardless of whether you want them or not but it does for a fact ignore my warning of not updating without asking me as least where changing registry entries is concerned. I've found that the MAXIMUM number of current hosts (ip addresses) that are stored by the KaZaA client in the Registry and any given time is 200.

I've also found that there is now a CENTRAL "login" or "registration server" which only checks to see if you are using the latest versions of the client. If you are not using the lastest version of the client then you get your client turned off (meaning registry settings are changed that won't allow you to connect to the KaZaA network.

Here is a list of those Authorization servers:

[EDITED] Darn it looks like I erased them but they can easily be found again by going into your registry.

HERE IS the SUPERTRICK I found that might give a clue as to the encryption (and Scyth why no answer still on what type of encryption that was you used above?)

Goto REGEDIT and navigate down to HKEY_LOCAL_MACHINE\Software\KaZaA

Select Network_config and Modify and just read what it says there. (If you have installed the latest version of KaZaA 1.61 then the information in the registry that entry should contain similiarities to the download.dat file I attached to the post above earlier in this thread...if you read this key FROM and THROUGH the windows REGISTRY it will show you what IP stack this version of KaZaA uses

the new vesion uses [v3] of the KaZaA protocol or Fasttrack P2P stack the installer I mentioned earlier only uses [v1] Its interesting the network has 3 layers I've yet to see anything that uses version 2 of the p2p stack or KaZaA protocol.

You can also see what the current encryption is (as of this writing it is at 41bits however for a non cryptologist kind of person I am any amount of encryption is over my head)

As for personal information I have not included any of the dats off my computer that contained any personal information about me for the sake of my own security I would not post these things but I might if its necessary to get furthur help. I wish I had some programmers who are familiar with C and some others who know encryption/decryption techniques that could help me out here...it would be greatly desired.

Please give me some tips if any of you are working on this problem yourself...Let's share our information and work together. I cannot stress the importance of sharing information even if its only a hypothesis.. You will see I've had my theories and hypothesis proven wrong. When they are I accept my fallibility and move on to forming the next one. : )

Don't let the dread of EGO get in the way of a computer-related and programming breakthrough or success (especially if you are talented in any of these areas and can and are willing to help me..its greatly appreciated....how 'bout you Stoepsel? (probably spelled your name wrong, sorry )

[KEY ITEM] for you gentlemen who work with binary and hexadecimal numbers and code....

Try This
Try exporting the registry key I mentioned above (yeah the whole key HKEY_LOCAL_MACHINE\Software\KaZaA to your desktop and look at it in a hex-editor like UltraEdit or just a plain text editor like EditPad Classic

Note how the values in Network Config are expressed as just plain old D-word values (hex) and even when using UltraEdit (the one I thought was the best hex-editor out there) YOu CANNOT see the same information I saw in the REgistry by selecting network_config in the registry and then choosing MODIFY (changing nothing.....only reading)

So why is it I'm able to see or gather more info (non-encrypted and in human readable form) from the windows registry then I can by simply exported this key to my desktop and opening it up in a hex-editor (I may never know unless some of you brilliant genius's out there get cracking and tell me/us the answer)

What about it? any takers? Can anyone explain this to me? There is so much more we can go into....but until I have your interest I will keep silent.


Quote:
One thing the log file showed me in detail was this "recommendations" nonsense that Kazaa is so proud of. I still can't work out how all these crappy song titles (which are nothing to do with what I've been searching for, are sharing, or are even interested in) appear on my C: drive in gr_colin.current and gr_colin.previous (db folder), or what I'm supposed to do with them, they don't crop up in the Recommendations lists of Kazaa Lite, it's all a bit odd..
Mr. Mac I've never understood the Purpose of that Recommendations feature in KaZaA and I am wary of it. I've also never been bothered by it either.

A word of warning for you though KaZaA/KaZaLite/Grokster access OTHER port numbers besides 1214. A Port is like a Door or Doorway to your computer...usually a program (any networked program that uses the internet for something) has the ability to open up and create these "doors" (ports) on your computer.

The good thing about it is that when the program is not running these "doors" or ports should close.


Take this for example:

Run your KaZaA/Grokster/KazaLite program and then click this link
http://127.0.0.1:1214

If you are sharing files with KaZaA/Grokster/KaZalite then this should show you a list of the files you are sharing.

the 127.0.0.1 is a way for the computer to "refer back to its self" it is the address of your computer which stands for or represents its self also called localhost

Now then close the browser window and close KaZaA (completely even the lil' system tray icon) now click the link above Again.

You shouldn't see anything at all except maybe an error message about not being able to connect to that address...
This means that the "port" or "doorway on your computer" is now closed.

Well in addition to this one door I've found KaZaA creates at least 20 others that are NOT MENTIONED in the Terms of Use or documentation at all.

In my unhumble opinion....KaZaA/Klite/Grokster SHOULD not be doing this...I consider this to be an INVASION of my territory and my personal webspace by opening up these "other ports or doors to my computer" It the (Fasttrack program) makes me/you/us vulnerable to a number of things (hacking for one thing) but it seems the only one taking advantage of these UNDOCUMENTED port accesses is UNIDENTIFIED "partners" working with Sharman Networks (the current "owners" of KaZaA)

BEst Advice is this:

DO NOT GIVE KAZAA COMPLETE ACCESS TO THE INTERNET OR THE ABILITY TO ACCESS "ANY SERVICE" AT "ANY ADDRESS"

Instead use a good firewall that allows you set rules for programs and applications Norton Personal Firewall is a good one to use

and then only allow KaZaA to do this
only allow for OUTBOUND traffic on port 1214 to anyservice at any address (TCP only)
and

only allow for INBOUND traffic on port 1214 from anyservice at any address (TCP only)

Do NOT allow UDP traffic on port 1214 (either outbound or inbound this is not documented and it does not affect your ability to search or recieve downloads)

Hope this helps you...

Now then...tell me about this thing you call IMorpheus

What is IMorpheus and how do you use it?

Much Obliged,

-Harbynger
(defender of the Public's rights NOT 2 Be Xploited]
butterfly_kisses is offline   Reply With Quote