KaZaA Out of the Underworld: Revealed at Last

[butterfly_kisses]

well here I am with a Final thought

ladies and gentle the new encryption scheme KaZaA is using

and its autoupdater mechanisms have been able to effectively

shut off the KAZAA version 1.4 of the client...so it appears my

thoughts about it being a "superclient" were wrong...Indeed...

however I'm not through with trying to understand how this

particuliar client does its dirty deeds...One word of caution

the KaZaALite is not really a "hacked" or a "cracked" version of

KaZaA it is only a "repacking" of KaZaA

so if you use either KaZaALite or KaZaA/Grokster (maybe even Imesh too) then you are effectively giving up control of your personal information (i've seen it collected in the *dat file i discussed) and your computer to Sharman Networks/KaZaA

just a final thought...my word of warning...

okay what is the NEXT big thing?

first it was Napster then Morpheus/KaZaA

where do we go from here?

is opensource the way?

your thoughts please...

Thank-you,

harby
(over and outta heyah)

[colinmacc]

Harby, (scythe)

Fascinating reading, I liked the kazaadebug.log tip, that makes for interesting viewing, and it also works for grokster-based clients, including iMorpheus. Strangely similar results too...

Not sure what you're talking about regarding that zipped up dat file you posted, is that not just a KMD version 1.51 installer that got automatically downloaded, it doesn't appear to contain any personal information.

(TIP: Don't allow the client to automatically download updates without your say-so!)

One thing the log file showed me in detail was this "recommendations" nonsense that Kazaa is so proud of. I still can't work out how all these crappy song titles (which are nothing to do with what I've been searching for, are sharing, or are even interested in) appear on my C: drive in gr_colin.current and gr_colin.previous (db folder), or what I'm supposed to do with them, they don't crop up in the Recommendations lists of Kazaa Lite, it's all a bit odd..

Anyway, my preferred client at the moment is iMorpheus, because being based on Grokster, it doesn't contain them..

[butterfly_kisses]

Hi, Colinmacc : )

Here let me show you another piece of interesting information. Oh and regarding the download.dat file above. I did have the option checked in my KaZaA which said Not to Install Updates without Asking however that got downloaded anyway without my persmission. So i guess it still downloads things regardless of whether you want them or not but it does for a fact ignore my warning of not updating without asking me as least where changing registry entries is concerned. I've found that the MAXIMUM number of current hosts (ip addresses) that are stored by the KaZaA client in the Registry and any given time is 200.

I've also found that there is now a CENTRAL "login" or "registration server" which only checks to see if you are using the latest versions of the client. If you are not using the lastest version of the client then you get your client turned off (meaning registry settings are changed that won't allow you to connect to the KaZaA network.

Here is a list of those Authorization servers:

[EDITED] Darn it looks like I erased them but they can easily be found again by going into your registry.

HERE IS the SUPERTRICK I found that might give a clue as to the encryption (and Scyth why no answer still on what type of encryption that was you used above?)

Goto REGEDIT and navigate down to HKEY_LOCAL_MACHINE\Software\KaZaA

Select Network_config and Modify and just read what it says there. (If you have installed the latest version of KaZaA 1.61 then the information in the registry that entry should contain similiarities to the download.dat file I attached to the post above earlier in this thread...if you read this key FROM and THROUGH the windows REGISTRY it will show you what IP stack this version of KaZaA uses

the new vesion uses [v3] of the KaZaA protocol or Fasttrack P2P stack the installer I mentioned earlier only uses [v1] Its interesting the network has 3 layers I've yet to see anything that uses version 2 of the p2p stack or KaZaA protocol.

You can also see what the current encryption is (as of this writing it is at 41bits however for a non cryptologist kind of person I am any amount of encryption is over my head)

As for personal information I have not included any of the dats off my computer that contained any personal information about me for the sake of my own security I would not post these things but I might if its necessary to get furthur help. I wish I had some programmers who are familiar with C and some others who know encryption/decryption techniques that could help me out here...it would be greatly desired.

Please give me some tips if any of you are working on this problem yourself...Let's share our information and work together. I cannot stress the importance of sharing information even if its only a hypothesis.. You will see I've had my theories and hypothesis proven wrong. When they are I accept my fallibility and move on to forming the next one. : )

Don't let the dread of EGO get in the way of a computer-related and programming breakthrough or success (especially if you are talented in any of these areas and can and are willing to help me..its greatly appreciated....how 'bout you Stoepsel? (probably spelled your name wrong, sorry )

[KEY ITEM] for you gentlemen who work with binary and hexadecimal numbers and code....

Try This
Try exporting the registry key I mentioned above (yeah the whole key HKEY_LOCAL_MACHINE\Software\KaZaA to your desktop and look at it in a hex-editor like UltraEdit or just a plain text editor like EditPad Classic

Note how the values in Network Config are expressed as just plain old D-word values (hex) and even when using UltraEdit (the one I thought was the best hex-editor out there) YOu CANNOT see the same information I saw in the REgistry by selecting network_config in the registry and then choosing MODIFY (changing nothing.....only reading)

So why is it I'm able to see or gather more info (non-encrypted and in human readable form) from the windows registry then I can by simply exported this key to my desktop and opening it up in a hex-editor (I may never know unless some of you brilliant genius's out there get cracking and tell me/us the answer)

What about it? any takers? Can anyone explain this to me? There is so much more we can go into....but until I have your interest I will keep silent.

Quote:

One thing the log file showed me in detail was this "recommendations" nonsense that Kazaa is so proud of. I still can't work out how all these crappy song titles (which are nothing to do with what I've been searching for, are sharing, or are even interested in) appear on my C: drive in gr_colin.current and gr_colin.previous (db folder), or what I'm supposed to do with them, they don't crop up in the Recommendations lists of Kazaa Lite, it's all a bit odd..

Mr. Mac I've never understood the Purpose of that Recommendations feature in KaZaA and I am wary of it. I've also never been bothered by it either.

A word of warning for you though KaZaA/KaZaLite/Grokster access OTHER port numbers besides 1214. A Port is like a Door or Doorway to your computer...usually a program (any networked program that uses the internet for something) has the ability to open up and create these "doors" (ports) on your computer.

The good thing about it is that when the program is not running these "doors" or ports should close.


Take this for example:

Run your KaZaA/Grokster/KazaLite program and then click this link
http://127.0.0.1:1214

If you are sharing files with KaZaA/Grokster/KaZalite then this should show you a list of the files you are sharing.

the 127.0.0.1 is a way for the computer to "refer back to its self" it is the address of your computer which stands for or represents its self also called localhost

Now then close the browser window and close KaZaA (completely even the lil' system tray icon) now click the link above Again.

You shouldn't see anything at all except maybe an error message about not being able to connect to that address...
This means that the "port" or "doorway on your computer" is now closed.

Well in addition to this one door I've found KaZaA creates at least 20 others that are NOT MENTIONED in the Terms of Use or documentation at all.

In my unhumble opinion....KaZaA/Klite/Grokster SHOULD not be doing this...I consider this to be an INVASION of my territory and my personal webspace by opening up these "other ports or doors to my computer" It the (Fasttrack program) makes me/you/us vulnerable to a number of things (hacking for one thing) but it seems the only one taking advantage of these UNDOCUMENTED port accesses is UNIDENTIFIED "partners" working with Sharman Networks (the current "owners" of KaZaA)

BEst Advice is this:

DO NOT GIVE KAZAA COMPLETE ACCESS TO THE INTERNET OR THE ABILITY TO ACCESS "ANY SERVICE" AT "ANY ADDRESS"

Instead use a good firewall that allows you set rules for programs and applications Norton Personal Firewall is a good one to use

and then only allow KaZaA to do this
only allow for OUTBOUND traffic on port 1214 to anyservice at any address (TCP only)
and

only allow for INBOUND traffic on port 1214 from anyservice at any address (TCP only)

Do NOT allow UDP traffic on port 1214 (either outbound or inbound this is not documented and it does not affect your ability to search or recieve downloads)

Hope this helps you...

Now then...tell me about this thing you call IMorpheus

What is IMorpheus and how do you use it?

Much Obliged,

-Harbynger
(defender of the Public's rights NOT 2 Be Xploited]

[colinmacc]

http://membres.lycos.fr/bakamx/fichier.php?id=67

Try the above link for an iMorpheus installer, it's a spyware-free version of Grokster 1.5.1 with a "Morpheus" flavoured skin, connecting to the main FastTrack network and working a treat..

I'm afraid you've lost me on most of the rest of your post. I know about ports, and I know that KazaaLite does things I'm not aware of, but I try to limit the damage by using adaware regularly and keeping vigilant on any new files that appear. I got a bit familiar with the FastTrack registry entries after Morpheus got switched off in an attempt to reconnect it, but like you I couldn't make head nor tail of alot of the stuff in the network_config key. I had limited success with restoring the registry key from the time I first installed Morpheus, but eventually that stopped working too, persumably when all the old Morpheus supernodes got killed off.

The thing that worries me about the recommendations is that if the system is dumping these files full of lists of things people are sharing onto my c: drive behind the scenes, might it also be dumping lists of the things that I am sharing onto other peoples c: drives without my knowledge?

As I said, iMorpheus (above) doesn't do this, and it also has alot less registry entries (It uses the same registry keys as Grokster)

It's worth checking out anyway :¬)

Keep probing!

Colin.

[Scyth]

Quote:

Originally posted by Harbynger
BTW Scyth what encryption was that you used above in the test or "challenge" for me?

It was IDEA, the conventional (symmetric) encryption algorithm used by PGP. It's generally considered unbreakable (given a good passphrase, of course).

[butterfly_kisses]

thanks, Scyth now how plausible/viable do you think this link is:

http://216.239.51.100/search?q=cache...22PGP%22&hl=en

If this is possible then it looks like to me that

KaZaA is using some sort of network protocol stack encryption (end to end or link by link) in its correspondence between clients and servers based on some form of the PGP-key possibly even the one you used above.

P.S.

re: Snowman

how plausible do YOU think any of this is and would you be able to make your own p2p client work independently without knowing the key based on in of the info in the link contained within this post?

I need some brainstorming people. I want and independent fastrack network

Btw there is something called either KaZaA Media Libs or Media Libs in the tarball that I downloaded with Linux client of KaZaA (back when it was supported)

could this offer us some clues?

Thanks, Scyth

btw Stoepsol how is your progress coming and your idea for the P2P app?

and you too AYB...what about it where do you stand?

and also H@xor...i have not heard too much from you lately...how goes things.

Thanks,

harby

[Mowzer]

"yeah Ethen it is I your old friend/nemisis but I think I have grown up a little since we last met..."

I hope you have too. Must be diffrent meds? You seem a bit more stable. lol JK.

"Ethen i still would like to know about your research in skinning KaZaA.."

I trashed it all long ago when I realized what a shame kazaa was. The only thing I bothered keeping on CD was all the old p2p tech stuff.

I did have my original UI's, If I wasnt so lazy i would find the cd and grab the screen shots to post them.

"Tell me were you able to do any more with it then the current version by Yuri called KaZaAlite?"

I did not have to remove any heavy spyware, as back then the only spyware/adware were the advertising banners.

There was a hidden email section though, a in box and out box like feature. i think they were going to run a free email service to orignally. That was the only easter egg I ever found.

I just did allot of re structuring of the UI. Aswell as changing of the layouts.
There was so much crap going on at kazaa. it was seriously a waste of time. I dont know why I ever bothered posting to the forums in the first place.

Although when you came along, you did add some excitement. Your jae dog, password grabber was brilliant. I am surprised so many ended up being taken in by it. The hidden forum was also fun. As was the daily excercising of my creative flamming.

"What I'm wondering is this: the traffic menu looked basically like a bunch of squares and rectangles....were you able to do anything special with it? more non-linear like introduce some curves and better look/design or feel to it."

Yeah, i gave it an early whislter look. From when xp was under development. Wanted it to all tie in well with the new os. Turns out xp changed drastically aswell from the early beta builds, into that luna teletubbie crap.

"I see no need to flame you. I hope you feel similiarly. Water under the bridge"

Yeah, those were fun days, but since kazaa closed, so did my flame chapter on ya. I have found more nuts, such as micksie monsta here, and other places on the net. However I have gotten bored with culture jamming lately. I have closed my troll diegest/community slink. So no more need for material.

I like the misanthropics bitches style of hashing up news articles better, as a form of trolling. Aswell as making news jamming sites on CNN.

"Moving on with one other question....did you just use the resource hacker program or do you have other means that I don't know about?"

Nope, resource hacker is only good for making clones kinda like refrosearch was.

"(let's leave personal stuff out of this please. thanks)"
no worries. Like I said, a closed chapter.

"That's about all I can think of for now...Except I remember a program called Skins4all or something like that which no longer works now."

That was the web based out fit, from back awhile ago I think. I used a xml method, for the skinning, and rebuilding of the gui. Essentially kaZaA had to be stripped of its gui first, and re mapped using that forum. Similiar to the way the open source project free amp uses themeing.

I posted that to gift begging them to implement a similiar kind of themeing system, allowing the ui to be left up to the end user if they are tech savvy, or for theme developers, to produce for those who are not. I havent read up on what gift has been up too, for months now. I should go take a peak.

Your also right about the kazaa 1.4. Fast track was working on the crapy linux version, and didnt want gift to out shine it. This also is the hurdle why developing a p2p app from the kazaa program is a waste, as they can transverse the keys at any time. Rendering rouge netwrok clients useless.

One needs to develop an open source intitave for a fast rtack like network, that way it is community controlled. Simply reverse engineering the clients etc, is no good except for being able to learn and clone the exisitng fast track network.

There are a few projects around that are attempting this.

However with the installer you migh be on to something. Have you tried pooling your info with some of the other projects such as openFT?

Either way best of luck, and sorry I cannot help you out any further.

There are others here I am sure that can or would. Stopesol is one that I think understand the network pretty well. Prehaps he can also give you insight.

Eventually the good people here will all figure out some kinda napsterite spawned p2p app, and it will be a good sucess at putting p2p in the hands of the people, where it belongs.

If you timmy, get your own p2p app running my only advice is not to hire jason as your customer service rep. RE: "How dare you!" lol

Cheers, Ethen.

[snowman]

Harbynger:

The fastest way to your own FastTrack client is to buy one. Then you can configure it anyway you want. Forget that HEX editor stuff.

Janus Friis and Niklas Zennstrom of FastTrack I am sure would be delighted to hear from you.

Niklas e-mail is niklas@fasttrack.nu.

Make sure you have a sack of large gold coins with you. It won't be cheap. I would guess that you could get started for about 250K US$. Might have to promise your first born also.

Anyway, if you ever talk to Niklas and it turns out that you have to go see Ms. Hemmings of Sharman Networks let us know. It has never been clear who really owns the network software now. We would all like to know.

Cheers.

[butterfly_kisses]

 

[Stoepsel]

Quote:

Originally posted by Harbynger
btw Stoepsol how is your progress coming and your idea for the P2P app?

and you too AYB...what about it where do you stand?

Hi Harby,

when did I say that I was (thinking of) working on a p2p app?

AYB is working on one and we're all anxiously awaiting its arrival. But if you are waiting for my p2p app, you will probably grow old doing so.

Maybe you got me mixed up with someone else?

Stoepsel

[HaXor]

Hi Harby

Long time no see. First off I would like to say what an exellent thread...... So much talented people, and so much information, Im very impressed by the knowladge of the peeps that surf these boards.

Somehow I think that with all the knowladge here we might find a solution to all our problems.

H@Xor

[AYB]

Hihi,

My p2p app will include access to the fasttrak network in some way or another. I'm not really at the stage where I can start coding the support for it so I haven't been keeping too close an eye on this thread, I really need to sit down and have a read through

As far as becoming a FT client, I doubt they supply the P2P stack as source code, its probably distributed as a precompiled library. Ever wondered y all the FT clients seem pretty much identical? Lack of things u can actually do with FT's solution mebbe?

I'll stop being so rude and take the time to read this thread now

[butterfly_kisses]

hello, Stoepsel yes you are indeed correct I had gotten you mixed up with this gentleman Spikologia ...so I should say Spikologia what have you been up to lately as you were my inspiration along with Snowman for trying to understand this network and how it functions.

Hi AYB, l look forward to your P2P application. I got first dibs on being a beta-tester too! (ha [sticks out tongue at the others who were not so foreseeing as to call "first dibs"]

Hi H@xor...how is "our project" going? I'll see u in the batcave soon i hope

I'll do a full tutorial on how to obtain the key that allows you to communicate with other fasttrack clients.

Downside is

a)now that its known and understood its very easy to do

b)You can now get r00t access on anyone's computer running KaZaA/K-lite/Grokster/I-Morpheus

so I may leave out a few details to avoid hacking and or hack attempts by the curious among us out there

[HaXor]

Harby

Leave out as little as possible, cos anyone that knows how to hack the clients, already does it... those that dont, well they aint missing much....... no different from using the GUI i suppose.
Its not a security threat....... unless you keep ing somthing from me, LOL


More info = more results


H@Xor

[HaXor]

About "our project" - depends on how you look at it..... is the glass half empyty or is it half full......im an optamist.

I have found a few peeps that have there own own skills that maybe able to help in there owm little way.

One of them is very famous in the "underworld" but i will not disclose his name until he gives me permission to.

but all in all, i am stuck with the same problems as before.

but we will overcome this!

Anyway... when i am truly happy with the facts, I will post my findings on here......

...... the only way is to share.


H@Xor

[Mowzer]

Re: Your message...

Good screen shot timmy.

Gift has an IRC channel. Why not go and just introduce yourself?

[butterfly_kisses]

Quote:

originally posted by Scyth

This seemed plausible so I tried it out. Using sig2dat and in-memory modification of the kmd.exe executable, I was able to convince it to download a crystal method mp3 rather than the kazaa installer. However, I discovered a couple of hitches. First, in addition to matching the signature and file size, an exact file name match was also required in order to download the file. Second, after the download completed, kmd.exe immediately decided that it was invalid and deleted it (I was able to recover the download with an undelete utility though).

Scyth is that so...hrm....(scratchs chin.....rubs forehead and pats belley b4 finally coming up with an idea )

Try this:
File: surprise.mp3
Length:5845871Bytes
UUHash:=1LDYkHDl65OprVz37xN1VSo9b00=

for your inline memory modifications and see if you get better results if you need more info on how to get exact filenames (and in some cases "not-so-exact" filenames with these UUHashes you just let me or Indy know, okay?

Cheers, Timmo aka (Harbynger)

[butterfly_kisses]

 

[JackSpratts]

nut 'n' honey

since this would fall under the catagory "life changing peer to peer news" how about a link harby? nothing on gibsons' page. nothing on google for metamorphesis.exe, metamorphesis peer, p2p etc. nothing using some alternate spellings in combination with peer to peer and out to 10 pages. there's one german site but no text - just a parent directory with one download. so a few games for kids is about all i've found (butterflies)...

- js.

[colinmacc]

Like Jack, I am skeptical of this without any evidence, and I haven't been able to find any independent verification of this. (I've been looking all morning)

From what I know about Steve Gibson, I'd be surprised if he condoned this usage of nanoprobe technology, if indeed that is what it is...

Reveal your sources, Harby!