Jump to content

Rassilon

Established Members
 View Profile  See their activity

  • Posts

    22

  • Joined

  • Last visited

 Content Type 

Posts posted by Rassilon

  2. 3.5.x Beta

    in Announcements

    Posted

    On 31/10/2017 at 5:04 PM, mike20021969 said:

    Anyway, there's newer versions available:

    3.5.0.44250: magnet:?xt=urn:btih:33D0452AE056B9B9AD9143A17044FCB7DECA0DEA

    No changelogs as of yet.

     

    After seeing some weird traffic on wireshark i checked the strings in the exe ... and had a *facepalm* moment.

    Currently pretty much all ads / offers / bundles / etc - practically all dynamic data is delivered to uTorrent via plain-text http and it also reports statistics the same way, making it very easy for someone to intercept and inject content.

    Please, change all urls inside the app to use https-only. 

    http://cdn.ap.bittorrent.com/control/tags/bt.json
http://cdn.ap.bittorrent.com/control/tags/ut.json
http://cdn.ap.bittorrent.com/control/tags/staging_bt.json
http://cdn.ap.bittorrent.com/control/tags/staging_ut.json

http://cdn.ap.bittorrent.com/control/feature/tags/ut.json
http://cdn.ap.bittorrent.com/control/feature/tags/bt.json
http://cdn.ap.bittorrent.com/control/feature/tags/staging_ut.json
http://cdn.ap.bittorrent.com/control/feature/tags/staging_bt.json

getJSON("http://update.utorrent.com/featuredcontent.php?w=" 

http://update.utorrent.com/installoffer.php

http://bundles.bittorrent.com/feed.rss
http://beta.bundles.bittorrent.com/feed.rss

update.utorrent.li
http://%s/updatestats.php
http://%s/installstats.php
http://%s/update_event.php

http://apps.bittorrent.com

    and so on... and so on....  even most ads and their statistics are sent and received via plain text http.

     

    *sigh*

  3. µTorrent 3.2.1 stable (build 28086)

    in Announcements

    Posted · Edited by Rassilon

    Changes from 3.2.0:

    -- 2012-06-26: Version 3.2.1 Beta 1 (build 27554)

    [...]

    - Fix: Magnets would be added in stopped state

    [...]

    if this fix refers to the fact that magnets would stop the download after just the torrent file was downloaded, can i have this feature back, please? It might have been a bug but it was an useful feature to me.

    i actually like having the torrent to stop itself after the magnet downloads just the .torrent file instead of going ahead and downloading everything at once. (maybe also add a secondary checkbox for this in the add torrent dialog, to download the torrent contents too)

    This way i can examine the files inside the torrent and choose which files i want to download and set their download priority order.

    I went back to 3.2 build 27547, this has this useful feature/bug still present.

    Edit:

    P.S. i just noticed that 27547 doesn't always behave like that, but i still think it's useful to stop the download just after the magnet downloads the .torrent file

  4. µTorrent 3.1.3 stable (27327)

    in Announcements

    Posted · Edited by Rassilon

    It doesn't work that way. You don't "trigger" a UAC prompt - the app has to actually explicitly request elevation. So the access denied stuff is a red herring.

    not always because in my experience windows7 decides by itself to show the UAC prompt/admin auth prompt when an application tries to do the same thing repeatedly and gets denied because it lacks the desired rights.

    When an application being run by a limited user tries repeatedly to do a restricted action (e.g. uT requesting write access to HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap) WinXP will show an access denied message immediately but 7 will give you a chance to enter the admin password before denying the action.

  5. µTorrent 3.1.3 stable (27327)

    in Announcements

    Posted · Edited by Rassilon

    So, you're still seeing the elevation dialog after each run, right?

    yes, even with build 27220 i was prompted for the admin password.

    2m30own.png

    .

    anyway... i decided to try another approach.. i deleted ALL FILES in "%userprofile%\AppData\Roaming\uTorrent" with the exception of the resume.dat and dht.dat files. (i had preserved the uT profile data folder from the previous install on windows when i was running win7x86).

    Since my download folder is on another partition that practically reset all settings for uT but by keeping the resume.dat file i didn't lose any torrent state data, i just had to reconfigure uT from scratch.

    After deleting everything but the resume.dat and dht.dat files, uT requested the admin password ONLY once more(i let it run, too) and now it starts normally without triggering the UAC elevation screen on each run.

    for that final UAC prompt on build 27220, sysinternals procmon showed that the same Access Denied messages were encountered

    this is the first run, triggering the UAC:

    20:59:19,6345246 uTorrent.exe 3228 RegOpenKey HKLM\System\CurrentControlSet\Services\WinSock2\Parameters ACCESS DENIED Desired Access: All Access

    20:59:19,7222330 uTorrent.exe 3228 RegOpenKey HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap ACCESS DENIED Desired Access: Read/Write

    20:59:19,7223203 uTorrent.exe 3228 RegOpenKey HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap ACCESS DENIED Desired Access: Read/Write

    20:59:19,7259429 uTorrent.exe 3228 RegOpenKey HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap ACCESS DENIED Desired Access: Read/Write

    20:59:19,7260258 uTorrent.exe 3228 RegOpenKey HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap ACCESS DENIED Desired Access: Read/Write

    20:59:20,6705687 uTorrent.exe 3228 RegOpenKey HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache ACCESS DENIED Desired Access: Query Value, Set Value, Create Sub Key, Enumerate Sub Keys

    20:59:26,5775988 uTorrent.exe 3228 RegOpenKey HKLM\System\CurrentControlSet\Services\WinSock2\Parameters ACCESS DENIED Desired Access: All Access

    this is the second program run, UAC elevation prompt is not triggered for this and the "access denied" messages are very few this time.

    21:00:02,7623647 uTorrent.exe 3380 RegOpenKey HKLM\System\CurrentControlSet\Services\WinSock2\Parameters ACCESS DENIED Desired Access: All Access

    21:00:03,8975464 uTorrent.exe 3380 RegOpenKey HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache ACCESS DENIED Desired Access: Query Value, Set Value, Create Sub Key, Enumerate Sub Keys

    21:00:03,9247582 uTorrent.exe 3380 RegOpenKey HKLM\System\CurrentControlSet\Services\WinSock2\Parameters ACCESS DENIED Desired Access: All Access

    from this i can deduce that the reason that the UAC prompt appears is that uT is trying to modify the ZoneMap Security settings:

    20:59:19,7259429 uTorrent.exe 3228 RegOpenKey HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap ACCESS DENIED Desired Access: Read/Write

  6. µTorrent 3.1.3 stable (27327)

    in Announcements

    Posted · Edited by Rassilon

    It might. Just try running it normally... It elevates itself.

    well, tuesday morning i decided to wipe the system clean and i installed win7 sp1 x64 instead of x86... but the problem still remains after i configured the limited account.

    -- 2012-05-11: Version 3.1.3 stable (build 27213)

    - Fix: UAC prompt would show up for limited users on every run

    I even installed 27213 but it still asks for UAC elevation so i fired up sysinternals Procmon and i think i might see why:

    utorrent is asking for full access rights in some places where it only needs read access, not full write access

    20:26:47,5232146 uTorrent.exe 3784 RegOpenKey HKLM\System\CurrentControlSet\Services\WinSock2\Parameters REPARSE Desired Access: All Access

    20:26:47,5232436 uTorrent.exe 3784 RegOpenKey HKLM\System\CurrentControlSet\Services\WinSock2\Parameters ACCESS DENIED Desired Access: All Access

    and a few places down:

    20:26:47,6977312 uTorrent.exe 3784 RegOpenKey HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap ACCESS DENIED Desired Access: Read/Write

    20:26:48,6153275 uTorrent.exe 3784 RegOpenKey HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache ACCESS DENIED Desired Access: Query Value, Set Value, Create Sub Key, Enumerate Sub Keys

    i think that if these accesses were created with desired access rights set to read only it would not trigger the UAC elevation

  7. µTorrent 3.1.3 stable (27327)

    in Announcements

    Posted

    Once the admin token is set on the file by Windows, it probably won't go away. Delete the executable in program files, DON'T COPY IT THERE BY HAND, and let the installer do its thing.

    27167 does not offer any user-visible changes, just minor installer tweaks.

    nope.. 27167 still asks for admin pw.

    i deleted the executable, moved settings.dat from the user profile just in case it was causing it to stumble (that file is 220kb in size) and then i let 27167 run its installer.

    That went fine but after i stopped it from its first run after finishing the install (was still running as admin following the install) and then i tried to start it as the restricted user account is asks again for admin pw.

    btw... when i need to install something i launch all the installs that require elevation from a command prompt running with admin rights, i don't use right click->run as admin because the admin pw is quite a lengthy one. However, i don't think that uT has issues with launches from an admin command console, does it?

  8. µTorrent 3.1.3 stable (27327)

    in Announcements

    Posted

    No changelog again... wow... this is becoming annoying.

    27167... should i bother with this when i get home? i wonder if asking for admin rights on Win7sp1 x86 has been fixed yet.

    i'm currently @work, on an XPSP3 x86 system but it's not showing that error when starting as limited user even with software restriction policies active.

    I reported this issue with win7 on page 5 of this thread (post #118), uT was then at build 27060.

    on page 10 of this thread, another user seems to have hit the same bug, post #245 by vovash

    and he does the same thing as me, replaces the executable manually in program files. The only difference i can see is that he uses win7 x64 while i use x86.

    since then, i last tried tried running 3.1.3.27120 on win7 as admin from a different directory and letting the built-in installer do its thing thinking that maybe it needed to update some registry settings and would not reach that point if it detected it was already being run from program files.

    After the installer completed successfully, the first time i tried to run it as a regular user, it asked AGAIN for admin rights. :(

    ... i deleted 27120 and went back to 26837, that one doesn't have this annoying (and potentially unsafe) behavior.

  9. µTorrent 3.1.3 stable (27327)

    in Announcements

    Posted · Edited by Rassilon

    File Properties -> Unblock

    it ALREADY is unblocked, that is not what i'm talking about.

    the program itself is asking for admin rights!

    EDIT: this is what i'm talking about:

    (please note that i'm double-clicking the exe file to launch it, all the extra launch parameters you see there are added by itself, not by me)

    n4vcko.jpg

  10. µTorrent 3.1.3 stable (27327)

    in Announcements

    Posted · Edited by Rassilon

    uT 3.1.3.27060 BUG:

    even if i already copied the updated exe file in \program files\uTorrent, the program still requires the admin password and admin rights elevation... WHY is this?

    i'm using uTorrent.exe v3.1.3.27060 on a regular user account (i keep an admin console open though)

    MD5: 8c681e33300bbc996fbed7ac1db2261a

    SHA-1: 6c688663bfd50a875cc059e25038c9431d09ae53

    if i give it the admin password or start uT from the admin console, it launches correctly, but refuses to run if i don't give it administrative rights.

    why does it need NOW admin rights to run when launched from a normal user account?

    3.1.3.26837 didn't need any admin rights and was running fine that way.

  13. µTorrent 2.2.1 released

    in Announcements

    Posted · Edited by Rassilon

    v2.2.1.25113 :when starting uTorrent from an administrative command prompt, the interface loads ok but when starting it directly from the normal user account, without ANY administrative rights, it doesn't start at all.

    it pegs one of the cpu cores at 100% and it freezes there without showing any interface elements and i have to kill it via the task manager.

    When i revert to v2.2.0.24683 uTorrent works normally under the user account.

    os: win7 sp1 ultimate x86,

    hw: intel E5200, 3gb ddr2 ram in dual channel, 2 x wd caviar black 640gb, raid 0.

    Software restriction policies are enabled for all files, including DLLs that are run by a non-admin user (admin is not restricted) and set to deny execution of anything that is not under c:\program files, c:\windows and c:\users (this last one is to cover for temporary files, files on desktop and so on)

    http://forum.utorrent.com/viewtopic.php?pid=572666

    PS.. oh, and wasn't the dll hijacking security bug supposed to be already resolved?

    why is utorrent looking in the current directory for standard system dll files before trying the system folders?:

    C:\Program Files\uTorrent\MSIMG32.dll

    C:\Program Files\uTorrent\SspiCli.dll

    C:\Program Files\uTorrent\USERENV.dll

    C:\Program Files\uTorrent\WINSPOOL.DRV

    and so on..a lot of these

    P.S. i decided to let it run a bit at 100% cpu, and it finally showed the user interface.

    AFTER 3 MINUTES !

×
×
  • Create New...