Skip to main content

How BitTorrent Private Trackers Work

I'd like to use BitTorrent for sharing files with Nessie. So, I started doing some research about private trackers. It took me quite a while to scrape together enough information about BitTorrent protocols to figure out how private trackers work. (It would have helped if I had found the official BitTorrent specifications sooner.) It turns out to be quite simple.

Basically torrent trackers and clients exchange dictionaries of meta-data. In the meta-data sent from the client to the tracker is a passkey (with the key name 'key'). The passkey is per-user and added to the announce URL in the .torrent file which is dynamically generated for each registered user that downloads it. The tracker then uses that key like a session key in a web app. The key can be used for connection limiting, ratio tracking, IP restriction, etc. Useful!

When trackers send data back to the clients, a private flag bit is set (with the key name 'private'). Well behaved clients will then refrain from leaking the passkey/announce URL to other users via DHT, peer exchange, etc. But, if a client misbehaves, and the tracker security catches it, it's trivial to invalidate a passkey and plug the leak.

Comments

  1. Neat
    THankx i've been looking for this.

    Could you tell me more detail on this?

    And also how to connection limiting,etc

    So basically tracker just see the key, and then put on session if there are other connection using the same torrent file , Reject it?

    oci_beken@Yahoo.co.id

    ReplyDelete
  2. Yes, the server controls connections however it likes by key. Since every user has their own key, you can associate it with any parameters you like (IP, number of connections, etc.).

    ReplyDelete

Post a Comment

Popular posts from this blog

Android Recipes and Snippets

I've put together a small collection of Android recipes. For each of these recipes, this is an instance of Context (more specifically, Activity or Service) unless otherwise noted. Enjoy :)

Intents
One of the coolest things about Android is Intents. The two most common uses of Intents are starting an Activity (open an email, contact, etc.) and starting an Activity for a result (scan a barcode, take a picture to attach to an email, etc.). Intents are specified primarily using action strings and URIs. Here are some things you can do with the android.intent.action.VIEW action and startActivity().Intent intent = new Intent(Intent.ACTION_VIEW);
// Choose a value for uri from the following.
// Search Google Maps: geo:0,0?q=query
// Show contacts: content://contacts/people
// Show a URL: http://www.google.com
intent.setData(Uri.parse(uri));
intent.setFlags(Intent.FLAG_ACTIVITY_NEW_TASK);
startActivity(intent);Other useful action/URI pairs include:Intent.ACTION_DIAL, tel://8675309Intent.ACTION_CALL…
Read more

Email Injection

Not so long ago, I ran a wiki called SecurePHP. On that wiki, there was one particular article about email injection that received a lot of attention. Naturally, with all the attention came lots of spam. As a result, I disabled editing of the wiki and content stagnated. Still, the email injection article remained popular. About a year later, the server that hosted SecurePHP died and I never had a chance to hook it all back up. I saved the article though and I'm reposting it now. It may be a bit old (I've been away from PHP for a long time), and I didn't write all of it, so feel free to leave comments about needed updates and corrections. Though this article focuses on PHP, it provides a lot of general information regarding email injection attacks.

The PHP mail() FunctionThere are a lot of ways to send anonymous emails, some use it to mass mail, some use it to spoof identity, and some (a few) use it to send email anonymously. Usually a web mailform using the mail() function …
Read more

XBee ZNet 2.5 Wireless Accelerometer

I managed to put together a wireless accelerometer the other night using my two new XBees, an Arduino XBee shield, an XBee Explorer USB, an ADXL330, and some Python. I struggled a bit with some of it, so here's what I learned:

First, a parts list.
XBee 2mW Series 2.5 Chip AntennaArduino XBee (with XBee Series 2.5 module)XBee Explorer USBADXL330I'm not sure exactly what the specs are on the XBee that comes with the Arduino shield. But, it is definitely a series 2.5.

The first thing to do is to configure and upgrade the firmware on your XBees. To do that, you'll need X-CTU (for the firmware upgrade at least, but it's also nice for configuration) which, unfortunately, is only available for Windows. But, it works fine from VMware. First up, the XBee we'll hook up to the computer to read incoming data from the accelerometer:
Plug one of the XBees into the Explorer (it's also possible to do this from the Arduino shield by shifting the two XBee/USB jumpers to USB and remo…
Read more