KaZaA Out of the Underworld: Revealed at Last

[butterfly_kisses]

hello fellow adventurers in the realm of P2P networking and especially to all of you KaZaA/Grokster/Old Morpheus enthusiasts

many of you whom have now switched to other filesharing programs to meet your demands and some of you even to altogether different networks such as Imesh, WinMX, etcetera....etcetera

Here is what prompted me to start this little thread. Please have a look at this http://news.com.com/2008-1082-890072.html?tag=prntfr

Now that you've heard the Spin I shall begin to unveal to you here the Truth as I see it remember to challenge not only their truths but mine as well...

What is to come you ask?

Refer back here often and I shall provide you with things you never knew before (at least some of you didn't know) and I hope a few of you may even surprise me with what you've held back in secret saving for just the right opportunity and time to reveal it...well friend that time is NOW

Enjoy,

Harbynger

[snowman]

Well lay on the truth then..

What I would like to know is did Ms. Hemming of the Sharman KaZaA company know that Mr. Griffin CEO of Streamcast had not paid his bill and was about to get the network chop chop when she bought KaZaA from FastTrack.

Secondly, What is TankGirl going to do to your tongue. Bite it?

[butterfly_kisses]

Quote:

What I would like to know is did Ms. Hemming of the Sharman KaZaA company know that Mr. Griffin CEO of Streamcast had not paid his bill and was about to get the network chop chop when she bought KaZaA from FastTrack

I'm afraid I don't know the answer to that one.

Quote:

Secondly, What is TankGirl going to do to your tongue. Bite it?

I think I'll let TG answer that one herself

sorry i'm a little lazy at posting info...i have a lot of it but it takes some time to organize it all and make it meaningful...putting it into perspective and all. but i am working on it.

Some of what i may say probably should not be said at all...but there comes a time in every person's life when they must take a stand and for me that time is now.

Are there other more important issues going on in the world?Yes

why do this? just because I can.

: )

[goldie]

Quote:

Originally posted by Harbynger


I'm afraid I don't know the answer to that one.



I think I'll let TG answer that one herself

sorry i'm a little lazy at posting info...i have a lot of it but it takes some time to organize it all and make it meaningful...putting it into perspective and all. but i am working on it.

Some of what i may say probably should not be said at all...but there comes a time in every person's life when they must take a stand and for me that time is now.

Are there other more important issues going on in the world?Yes

why do this? just because I can.

: )

Well, my husband tried your tactic once.........(big tease he thought he'd be).

I had the last laugh though when he had to go without for 4 weeks straight.

Didn't harm me a bit but Mr. Wanky was feeling mighty green after such a long drought.

The moral of this story is: There is none 'cept teasing sux dude!

[butterfly_kisses]

Quote:

teasing sux dude!

Yes you are quite right...teasing does suck and I am sorry if I give the appearance to be doing that...i do not mean to.

Now let me offer you some comfort and a little reassurance in saying that I will not leave you forever wanting to know more on these things but I shall fully quench your desire and appetites to know when I am ready.

(i hear a voice say, "you said you were ready now)
I am but I move in my own time and when I move it will be powerful and swift without indecisiveness and the words spoken will be the truth as i see it.

Now then how to proceed? shall I keep this thread with only facts or should i mix it with some allegations which may prove false?

at any rate...a beginning needs to be made.

sorry i have strayed off my intended course.

Below is bullshit sorry that is the only way I know to describe it.

Here is your last warning and disclaimer before I begin "laying it on thick"

[Warning....if you do not like what you see here all you need to do is press the little back button located at the top left of your browser's screen....making a mental note to yourself that what you found here offends you so that in the future you will know not to make the same mistake of clicking on something you do not wish to read.]

end of disclaimer on with the bullshit

Okay i am proceeding with this day by day as the stream of thought hits me.

what I do is test security mechanisms on the internet. I am a security concious individual who looks for and examines possible threats before they are made public knowledge.

Now with that said I wanted to tell you all that I just as of today redownloaded the kmd.exe (which is the kazaa media desktop installer for version 1.60 of the KaZaA Media Desktop off of http://download.cnet.com (hope i gave the correct url)

what does this installer do? That is an excellent question my friends. To put simply it just downloads this file kmd16_en.exe from other people who are running the KaZaA Media Desktop 1.60 software.

Why is this interesting to me?
1)The kmd.exe makes no registry entries concerning KaZaA Net or "connection info" such as the <KaZaA Sigature> info that is needed by its installed executable which is paced with PECompact to about 1.67mb however when uncompressed reaches the staggering portion of over 3.2 megabytes.

Okay more on this

So what is the ramifications to made by studying just this simple installer file

A)If this could be broken down and decimated into defining terms as to how it does what it does then this is a great discovery what it means to me is that it would act exactly like a download would in KaZaA media desktop only it would not allow or offer you the ability to share files or set upload limits...

How doesit work?

I'm not 100percent sure but it seems to rely on the same method as the gentle known as Indy has discussed at length in his other posts...meaning it appears to use the uuhash or "signature" for this file to download from other peers....

Now then since the Connection info (meaning the list of ip addresses that it scans first) is not stored in the registry...and neither is the Signature File (signature file referred to here as the encrypted key that is passed between KaZaA clients to allow them to communicate with one another) where are they stored?

My guess would be in Memory....so what I did was do a memory dumpt the best way I knew how using an utility called Memory Dumper Pro however either I am not familiar with using this utility or maybe I just do not know how to interpret the results ...basically what happened was I got a lot of binary looking data meaning (to me) in the form of hexadecimal notation which to me unless it is in some kind of human readable form is meaningless.

However I would almost bet that if the kmd.exe (installer) were uncompressed and decompiled or a hex-editor was used on it that it would indeed show the KaZaA Signature (encryption key which the clients use to communitcate with one another much like PGP key)

For those interested I have a utility for breaking encryption schemes if you can identify at least a 5letter string in what is encrypted then the app i have will use that string value to decrypt the rest of the code.

(warning I may be talking out of my ass here about things i know nothing about....if you think I am full of something....i advise you to go back and follow the instructions in the disclaimer...to those of you still interested read on...please)



What does this mean? Basically to a few gifted coders this kmd.exe file could be reverse engineered to become the ulitmate Leech client for the fasttrack network by using hash files made with the sig2dat program by Indy

Next Point

Okay while using the new kazaa 1.60 i made sure to remove the bde projector all reg entries and clsid values and also replaced the cd_clint.dll with a dummy.

I got some irregular port calls which I blocked with my firewall. I only allow the kazaa executable access on port 1214 (at least to my knowledge anyway)

I use Atguard 3.22 as my person firewall and running Windows 98 with IE5.5 and SP2 installed I have a k6-2 500 mhz processor with 256 mb ram and a 13.2 gig harddrive (posted thisinfo in case its helpful to know what kind of system i am using. I also have a soya ema+7 motherboard)

I have a few of the irregular port calls documented on my other website located here http://kickme.to/kazam (shameless plug....please visit also http://kazaa.mirrorz.com/ ) [/end shameless plug]

I found a tip by a poster to the Napsterites forum known as I thinkit was Snarkridden (forgive me if i get the name wrong it is not intentional) whom said that if you do a search for resume.dat that you would be able to find all the info on a client that you wanted to and in essence see what the supernode sees...i don't know if i did this correctly but this does seem to work (more on this another time)

What I did however was search for *.cab adn what this showed me was a lot of results that I thought were for people whom may have been sharing their entire harddrives probably because of improper setup although I've heard there is an exploit for this that involves more than just the common netstat -an ipaddress:1214 browser "hack"

If anyone has more details on the realthreat please PM me with the information or email me at harbynger1901@hotmail.com

Thanks for the info....

anyway here is the interesting thing I found I saw something for bde secure install so naturally I searched for or right-clicked and selected find more from same user sure enough this person was sharing their entire harddrive.

Now get this...I think this caused or produced a buffer overflow in the kazaa app (my definition of buffer overflow is as follows: Memory is a temporary storage place for information each application you have open and running on your computer is allocated (allowed) a certain amount of space in "virtual memory" (i.e., your RAM 128mb whatever it is you have) and when this space is full ....there is no more room to add to it....so if somehow something happens that causes more information to be sent to this virtual holding or storage place and it is already full it would cause the program to crash and or hang your computer and you will have to reboot)

Well thisis what happened to me...I got so many results from doing the find more from same user that is caused a buffer overflow or overrun in the kazaa executable and I had to reboot...

Now get this...in the past all I would need to do would be to enter the person's ip address with port 1214 into the browser and I'd see all there was to see if they were sharing their whole harddrive like this fellow was....only this time for some reason I could not do that....

Makes me wonder if He/the guy/gal was blocking http requests on port 1214 with his browser of the new improved KaZaA 1.60 now acts as a better daemon (port guardian....more on this later as well)

So far this as far as I got tonight ....and these are only observations on the program...this is not the seedy-side underbelly of the people and personalities behind this "great" P2P app....although I assure you that people with their "personalities" and attitudes to exist and there are great stories there....would any of you care to tell yours?

Look forward to your input on my thoughts/observations/speculations and of course incessant
rumour mongering

btw Greetings to Goldenrod

[Mowzer]

Weird stuff harby! Sounds like all of us here need to get a KLUE!

lol

[Scyth]

Quote:

Originally posted by Harbynger
For those interested I have a utility for breaking encryption schemes if you can identify at least a 5letter string in what is encrypted then the app i have will use that string value to decrypt the rest of the code.

I don't believe you . But, if you want to prove it, here's some encoded text:

qANQR1DDDQQDAwIaJmJyzIttl2DJNpz8eIKdM/iN6FRm9UTTauzxKg28ALbtCe0u
zwCqZvRzZDy7dAshA7ByLG0RJi3keNEavzsqOA==
=QhJN

The first five letters are the unencoded test are: Decod.

[colinmacc]

When I do a search on resume.dat I just get a list of the users incomplete downloads from the days when they were using Napster.

[JackSpratts]

harby you can go back and look at the posts concerning the last major security threat involving classic morpheus (incl. K&G) but for now let me say the crash you experienced was nothing more than your pc getting stuck processing the results of another users hard drive. it's possible in certain cases to scan a drive using more efficient methods than netstating them. when done, it often happens you hit someone with 100,000 files or more, someone with a drive exceeding 30 gigs. regular fastrack users know from past experience that the more files they share the longer the program takes to render them, and sometimes they'll quit before the job is finished. with file counts exceeding 3-4000 some users find they can't operate the program properly and have to cut back. what happened to you may be similar. so without me getting into specifics, if you'd like to check, do your search and find someone who reports having a high bandwidth with a very small gig count, ideally 0. scan and walk away. return in 15 mins or so. you should find your page fully loaded with the users' entire c drive. for successfull scanning of harddrives with higher gig counts, go out for coffee and smokes, or even a movie, say lord of the rings. but whatever you do, don't touch anything on your pc until grokster finishes loading the files! if i remember, you said you're on dial-up. if so you may have to go on vacation. tierra del fuego would be perfect.

it works. it just takes a Very - Long - Time.

- js.

[butterfly_kisses]

re: ethen

yep...i could use one of those myself (a clue)

re Scyth

I tried and I failed

Here is what I was using to attempt to decrypt the text:

Quote:

DECRYPT
-------

DECRYPT is, as far as I know, a one-of-a-kind utility -- it will
crack almost all 8-bit and many 16-bit encryption schemes. There's only
one catch: you must know at least five consecutive characters in the
original (unencrypted) data. This string is passed as the first
parameter. The remaining arguments are the names of files to be
decrypted, wildcards allowed. DECRYPT will go through each file given,
attempting to decrypt it with a special proprietary algorithm which
will crack most standard 8- and 16-bit encryption schemes in under ten
seconds. If the file can be decrypted then DECRYPT will tell you which
encryption method and what key was used, and a file with the same base
name as the original and an extension of .DEC will be created
containing the decrypted contents of the file. Sometimes DECRYPT will
give a false positive, an invalid decryption; this is a normal
side-effect of the ultra-quick algorithm it uses (if you do get a false
positive, chances are the file couldn't be decrypted anyway).
DECRYPT has many uses. It's great for decrypting a virus attached
to a program, so long as you know a string in the virus ("*.COM" is a
good bet), or can be used to view those annoying encrypted data files
that too many programs seem to come with.
Please note that not every file can be decrypted; DECRYPT will
break the most common algorithms used in most low-security applications
(ie: adding/subtracting a constant, XORing by a constant, etc.). Also
make sure that the file you're dealing with is indeed encrypted. Not
every unreadable file is encoded, and unless you're pretty sure your
just wasting your time (albeit very little of it). Files must be under
32k for DECRYPT to work (DECRYPT loads the entire file into memory for
speed, so larger files will overflow the buffer). Outside of these
restrictions, DECRYPT is a valuable tool for any aspiring learner.

re: Colinmac

Quote:

Resume.Dat = Napster Hangover?
When I do a search on resume.dat I just get a list of the users incomplete downloads from the days when they were using Napster.

Thanks for the clarification Mr. Mac : ) I had no idea what I was looking at...this explains it to me perfectly thank-you

re: Jack Spratts

Thanks for the Info Jack. You are helpful as always. Much obliged

[Scyth]

Quote:

Originally posted by Harbynger
What does this mean? Basically to a few gifted coders this kmd.exe file could be reverse engineered to become the ulitmate Leech client for the fasttrack network by using hash files made with the sig2dat program by Indy

This seemed plausible so I tried it out. Using sig2dat and in-memory modification of the kmd.exe executable, I was able to convince it to download a crystal method mp3 rather than the kazaa installer. However, I discovered a couple of hitches. First, in addition to matching the signature and file size, an exact file name match was also required in order to download the file. Second, after the download completed, kmd.exe immediately decided that it was invalid and deleted it (I was able to recover the download with an undelete utility though).

I discovered a few other interesting things. Kmd.exe scans for incomplete downloads it the same directory as it if they match the signature/size/name of the file its supposed to be downloading will resume them but won't scan for more sources. Also, if you create a file called kazaadebug.log in the same directory as kmd.exe, status information will be placed in it. Finally, if kmd.exe fails to find any sources for a file within an alloted time, it will switch to downloading the file from the web.

[Mowzer]

Well tim/harby,

I am glad your using your knowledge for good, and giving further advanceds in the world of file sharing.

I am also glad your leaving me out of it. I think I had enough of messing with you on the kazaa forums / msn.

Enjoy napsterites. Dont do anything crazy with these forums (hidden counters) the people here are good.

Best of luck getting the kazaa loader to do what you want it to. If you do it would make for a good p2p app.

I trust you will figure it out. You could look towards the old gift research in regards to kazaa. Also they had a white paper up from when the network was reverse engineered. Might give you some further info.

When I made my KaZaA client for KaZaA orignally it worked pretty sweet, certainly looked better.

Now though since all of the network changes etc, its worthless. Stupid niklas and his UI contests any way!

Whatever you come up with, stick it to kazaa and stick it to them good.

It would serve them right for all the spyware they push out.

[butterfly_kisses]

Scyth, your findings make me very happy. It looks like you may indeed have what it takes (knowledge and skill) to solve some of these mysteries for me...

lol

how's this for the deal? I keep supplying the questions/theories/speculation and you do the research and provide the answers?

(yeah...works for me...hehe)

but seriously thank-you for taking some time to experiment with this..your findings are valuable..

[personal opinion]I feel that there are a lot of talented individuals out there that can contribute to this project if for no other reason than its fun for them to figure out how this works. I believe in my heart that there are many programmers/coders etcetera with varying degrees of talents and or skills or just plain ordinary maybe extraordinary talented and gifted people who may each possess some small piece that if we share our bits and pieces will eventually create a whole picture for this puzzle[/personal opinion]

re: ethen

Thanks for the support? ....I can only hope

yeah Ethen it is I your old friend/nemisis but I think I have grown up a little since we last met...

[desperate plea for help]Ethen i still would like to know about your research in skinning KaZaA (pronounced Kahz-Sah)

Tell me were you able to do any more with it then the current version by Yuri called KaZaAlite?

What I'm wondering is this: the traffic menu looked basically like a bunch of squares and rectangles....were you able to do anything special with it? more non-linear like introduce some curves and better look/design or feel to it.

I see no need to flame you. I hope you feel similiarly. Water under the bridge.[/desperate plea for help]

Moving on with one other question....did you just use the resource hacker program or do you have other means that I don't know about?

(let's leave personal stuff out of this please. thanks)

That's about all I can think of for now...Except I remember a program called Skins4all or something like that which no longer works now.

I still wanna skin "my KaZaA" anybody know how and willing to show/teach me...it would be appreciated...

Oh before I forget...Scyth you mentioned (in another post) that if the Bde projector were to be a requirement of the KaZaA executable to run that it would be "no problem" to edit it out as object oriented programming is (hope i quote you correctly) quite easy to do?

Well currently now only the cydoor or the call for the cydoor is made mandatory by the kazaa executable...do you think you could fix this for me?

Would you be willing to do away with the part of the program that calls for the cd_clint.dll file in the first place so that even a dummy executable or dll would not be necessary?

If you would take this project on or attempt it...I would be most happy and so would the potential millions and billions of KaZanites out there who are looking for alternatives...

The reason i ask you this is because in the KaZaA version 1.4 that i have in my possession (there have been dummies put out by Sharman over the fasttrack network to try and eliminate what is to them a threat)

Okay why is 1.4 a threat...well Niklas/Janus and Edwin wanted to ensure that the network would continue despite a shutdown byt he courst system so this was a last ditch effort to keep KaZaA alive...

why else would sharman release a client 1.34 with an older version number? They don't want to admit or draw attention to the fact that there is a client out out there...The KaZaA 1.4 that is capable of sustaining and independent Fasttrack network (that is if the programmers tried to lock it out of the current network somehow which currently they cannot)

The only thing I get is a message asking to upgrade but if you select "NO" to this message it will still connect to current network of 1.4 million + users : )

Now then if object oriented programming is your forte...why not help us out here and eliminate the mechanism that causes it to ask if you want to upgrade?

Do you think you could also determine what it is that decides that the client is too old to connect to the network? maybe use softice to setup some breakpoints on certain calls?

and or use filemon/regmon to determine these....

This is all so very interesting to me...and I know its a lot to ask its also probably and impossible task but I thought I'd ask anyway...

you never know around here.



Cheers and some of these all around,

Harby

[goldie]

Sorry, but I'm not blessed with technical skills but.......if I said it once, I'll say it again.

My war cry is: "Beta tester in the house!" (when you're ready.)

Keep up the brainstorming guys, those of us hiding out in the peanut gallery are cheering you on!!

GR

[theknife]

Quote:

Basically, Sharman Networks is the first software publisher to step forward and start to play a part in driving a solution to monetizing P2P.

Monetizing P2P....

Has kind of an ugly ring to it, doesn't it?

[butterfly_kisses]

I am so damn happy i could (oops i did) shitmyself

Scyth your info on the kazaadebug.log was extremely damn helpful to me.

Here is what I've got so far.

I have the normal KaZaA 1.6 installed to the default location of c:\Program files\KaZaA well I had the 1.4 version (executable only on my windows desktop)

I got to thinking about Scythes comments on the kazaadebug.log so i created a "kazaadebug.log" on my windows Desktop and fired up (double-clicked) on the Kazaa 1.4 executable...

Results:
1)I got the would you like to update message? which i promptly dismissed

Then

2)My firewall detected that the kazaa.exe (version 1.4) was trying to connect to port1214 to address supernode2.kazaa.com and also to supernode.kazaa.com most likely this is where the hosts lists are stored for the client (i'm assuming this i do not know for certain that this is the case)

well I blocked access to these two locations with my firewall..whoops i forgot to mention one thing

before i started the kazaa.exe program on my desktop (1.4) i opened a dos box (prompt within windows) and i ran this command:

debug c:\windows\desktop\kazaa.exe /R

honestly i don't know what the debug is or how its used (something to do with assembly and being able to pass machine language or code instructions to a program at very rudimentary levels....unfortunately for me I am not up on ASM or assembly language or windows assembly language..is anybody here familiar with it?

well after I got my prompt that it could not connect (actually i never got a prompt it just kept saying "connecting" at the bottom of the screen

3)However after I blocked access to these two ip address (the two supernodes) i immediately made a copy of the kazaadebug.log (that I had originally created as an empty ascii text file BASED ON the recommendations and or experiments of Scyth above

and low and behold here are the limited results as I made this copy very quickly after the connection attempt (to the fasttrack network failed)

here is an excerpt of my results:

Quote:

Logging started (YODAYADACOM) 26-04-2002 22:49:02
kazaa: initing adult filter phrases (102/36)
kazaa: set new network_config, ver 67, 2530 bytes
LocalContentManager: Scan completed
kazaa: listening on TCP port 1214
kazaa: node state 3-->1
KazaaServerConnector: Status 0->1 (-1 0 0)
Socket: Address/gethostbyname error 11001
KazaaServerConnector: Status 1->1 (1 0 0)
Socket: Address/gethostbyname error 11001
KazaaServerConnector: Status 1->5 (2 0 0)
kazaa: node state 1-->2
kazaa: node state 2-->3
client_connector_t: host list exhausted, trying kaasupernode 1
client_connector_t: connecting to 213.248.112.37:1214 (dist 79, 1 in progress)
client_connection_t: 213.248.112.37:1214 timeout, 10008 ms
client_connector_t: host list exhausted, trying kaasupernode 0
client_connector_t: connecting to 213.248.107.11:1214 (dist 79, 1 in progress)
client_connection_t: 213.248.107.11:1214 timeout, 10044 ms
client_connector_t: connecting failed
LocalContentManager: Sharing: deleted 0, added 5 files
LocalContentManager: Scan completed
LocalContentManager: Scan completed

Please everyone let's put our heads together and crack (i mean really crack this mofo wide open)

and let's make for ourselves a better P2P experience.

Thank-you all

call me now

the KaZaNite
(defender of true spirit behind P2P)

[butterfly_kisses]

here is that complete log...after I closed the client.

looks like it realises when it can't connect and eventually stops the trying to connect process on its own (not sure what the time limit is but I don't think its over 5 minutes)

Quote:

Logging started (YODAYADACOM) 26-04-2002 22:49:02
kazaa: initing adult filter phrases (102/36)
kazaa: set new network_config, ver 67, 2530 bytes
LocalContentManager: Scan completed
kazaa: listening on TCP port 1214
kazaa: node state 3-->1
KazaaServerConnector: Status 0->1 (-1 0 0)
Socket: Address/gethostbyname error 11001
KazaaServerConnector: Status 1->1 (1 0 0)
Socket: Address/gethostbyname error 11001
KazaaServerConnector: Status 1->5 (2 0 0)
kazaa: node state 1-->2
kazaa: node state 2-->3
client_connector_t: host list exhausted, trying kaasupernode 1
client_connector_t: connecting to 213.248.112.37:1214 (dist 79, 1 in progress)
client_connection_t: 213.248.112.37:1214 timeout, 10008 ms
client_connector_t: host list exhausted, trying kaasupernode 0
client_connector_t: connecting to 213.248.107.11:1214 (dist 79, 1 in progress)
client_connection_t: 213.248.107.11:1214 timeout, 10044 ms
client_connector_t: connecting failed
LocalContentManager: Sharing: deleted 0, added 5 files
LocalContentManager: Scan completed
LocalContentManager: Scan completed
LocalContentManager: Scan completed
LocalContentManager: Scan completed
LocalContentManager: Scan completed
client_connector_t: connecting failed
client_connector_t: connecting failed
LocalContentManager: Scan completed
LocalContentManager: Scan completed
LocalContentManager: Scan completed
LocalContentManager: Scan completed
LocalContentManager: Scan completed
LocalContentManager: Scan completed
LocalContentManager: Scan completed
LocalContentManager: Scan completed
LocalContentManager: Scan completed
LocalContentManager: Scan completed
client_connector_t: connecting failed
client_connector_t: connecting failed
LocalContentManager: Scan completed
LocalContentManager: Scan completed
LocalContentManager: Scan completed
library_thread: shutdown request detected

(btw Yodayadacom is my computer's netbios name [for now] )

I will post more info when I have something else to add or a comment to make.

Cheers,

KazaNite
(reviving the Spirit of Productivity in P2P)

:P

[butterfly_kisses]

Hello all. It was clear to me that my example above may not have too clear and quite possibly could have left some of you in the dark about what is being done.

I hope to remedy that now by posting this tutorial below (which will be in quotes) This way each of you (who run Windows 98 can follow along with me and or "us" and reproduce the results of our experiments for yourselves)

Quote:

Proper usage is to right-click on an empty area in the same folder as Kazaa.exe then select New>text document and name it kazaadebug.log (if using regular notepad [don't use wordpad or word] make sure you save it as "all files" with the log extension.)

then open and MsDos Prompt (while still running windows just goto start>run>msdos prompt

then type this in

c:\progra~1\kazaa\kazaa.exe R

make sure that you type it in exactly as shown and press enter.

This will start the loggin process for any error messages generated by the kazaa application.

Next step is to start KaZaA and just let it run....you may run this test for as long as you want...I usually only do it for a few minutes but it probably would not hurt to leave it running much longer.

When you are done. Close KaZaA by clicking File>Disconnect then
going down to the taskbar (area with the clock) and right-clicking on the KaZaA icon (picture representing a program) and select Close.

To stop the loggin with the debug command just type "quit" (without the quotes and press enter)

hope this helps

****PLEASE NOTE*****
[that for me I could only get this debug trick to work on my desktop...for some reason when I tried issuing the command Debug c:\Progra~1\KaZaA\kazaa.exe R nothing would show up in the kazaadebug.log located in the same directory (program files\kazaa)[/i] Why does this only work when you have the kazaa executable and the kazaadebug.log on your desktop and running them? I don't know]

-Harbynger

p.s. Scyth can you give me a rundown of your system? what are your specs?

Thanks,

Harby

[butterfly_kisses]

Well by replacing the executable only from a working version of kazaa 1.6 with the older version 1.4 executable in
C:\Program Files\KaZaA folder and running the debug command I was able to determine where the "upgrade notification" is being drawn from.

It is comming from the My Shared Folder in KaZaA in the form of of a downloadxxxxxxxxx.dat file where "xxxxxx" is a series of numbers.

If I do this right I will attach a zipped version of this file (uncompressed it is a 100kb....zipped its around 16k)

Here is the file.

I am asking Indy, AYB, and Scyth and any other programmer's or techies, crackers or talented and gifted people to please look over this file and tell me your thoughts.

Thank-you

Harby : )

[butterfly_kisses]

sorry all for turning this into a programming thread...but I am trying to understand how this software works...my reasoning is that they fukked with us first (Altnet) so now its time to fukk back (rework their code to do what we want it to do)

Okay I found the correct command to use to get the debugger working on the kazaa executable located in the program files\kazaa folder

I also found an easier way which Scyth was the FIRST to discover (i try to give credit where it is due ...thanks, Scyth )

Now then the easiest and most Laymen'ts way (meaning even I could do it) to run the debugger on the kazaa is to do eXactly as Scyth indicated above only instead of putting it in the same directory as the kmd.exe put the text file called kazaadebug.log inside of the directory you have KaZaA installed to.

Meaning if you installed KaZaA to c:\program files\KaZaA then put your plain ascii (text file) called kazaadebug.log in that directory... then whenever KaZaA (any version is run from that directory) you will get a debug report by opening up the kazaadebug.log at the end of your KaZaA session you will get all

kinds of great information concerning what is going on.


Right now I've found this out from the debug log and viewing changes made to the Network_Config key in HKLM software KaZaA

its is showing that the "upgrade notice" is NOW a part of the network_Config info and that the encryption has been increased from 9bits (in Kazaa 1.33) to now 41bits (which is a hell of a lot stronger)

BTW Scyth what encryption was that you used above in the test or "challenge" for me?

I've seen the EXACT same kind of encryption used on the www.kazaa.com website on port 1214

and also on the supernode.kazaa.com port 1214 server as well.

If you can tell me what it is I'm trying to unencode it would be a big help

thank-you all for contributing please continue your efforts...lets crack this thing once and for all and have a really truly independent network based on the fasttrack technology.