iru

Established Members
  • Content Count

    22
  • Joined

  • Last visited

Community Reputation

2 Neutral

About iru

  • Rank
    Member
  1. iru

    µTorrent 3.1.3 stable (27327)

    They used same UPX but they stripped UPX header at offset 3E0h' date=' that conatins compression method and checksums, so UPX can't unpack it anymore. You may compare "old" and "new" utorrent.exe at offset 3E0h-400h to see the difference. "New" utorrent.exe can be unpacked still with 3d-party external unpacker that traces stub till program entry point (something like procdump), or header info can be recovered manually from stub's code to unpack it with UPX natively.[/quote'] Thanks for the info. Much appreciated. I didn't have the tools available to do such a comparison. Formatted my machine not so long ago. I suspected they did it in purpose. Especially with the defensive response from Firon. Waiting for the possible news to drop about utorrent I.E. using illegal code, doing privacy violations, etc.. Yes I'm very suspicious and paranoid, rightfully so. I've seen many programs go bad and burn users over the years. Fame, greed and ego can do horrible things to software that was once honest and trustworthy. Firon: Pay notice i didn't accuse utorrent of any thing, i'm merely stating my experience of other software and the fear i have of utorrent going down the same path due to warning signs i've seen. EXE files can be resigned to hide tampering. It have even been successfully applied and used and talked about in the news. Here's a news article example from a quick google search: "The spy malware Flame used bogus Microsoft certificates to infect new computers, a prominent cybersecurity expert says" http://www.rt.com/news/flame-virus-windows-updates-346/ Off topic, certificates rant: Microsoft certificates program are just a scam. Gets microsoft to "earn" more money, control the windows environment, make customers feel a false sense of security and by doing so trust too quickly when a program is signed. Also making it very difficult for hobby developers and open source software alike. And microsoft are supposed to be for open source and hobbyists. Using pr stunts like 'going native'. It still baffles me how many are fooled by that bullshit.
  2. iru

    µTorrent 3.1.3 stable (27327)

    Since you insisted, I actually wasted some time on this... :| (Using UPX 3.08w.) Some poking around resulted in this: utorrent file, as is; upx returns this error: "upx: utorrent.exe: NotPackedException: not packed by UPX" After removing Section '.bunndle' from the exe file; upx returns this error: "upx: utorrent.exe: CantUnpackException: file is possibly modified/hacked/protected; take care!" What is section '.bunndle', you ask ? An upx compressed DLL file that 'offer' by default to install a toolbar, a browser plugin that slows down surfing, computer and most likely violates user privacy by monitoring user activity aka bloatware (possibly spyware). Many exe compressors are not design to handle file modifications after exe have been compressed. That utorrent works at all is pure luck. The standalone upx.exe file, used to unpack, verifies the file integrity before unpacking (using checksum) while the internal upx decompressor routine does not. (I haven't check upx's code, just a guess) In other words, security vulnerability, a possibility of inserting ie a virus without upx decompressor noticing. Upx really should fix that ie by adding an option to add file integrity check. No, a microsoft certificate isn't security enough. It's crap. A PR stunt by microsoft to get their greedy fingers on more money for nearly nothing and getting more evil control like apple. You knew this and still proceeded ?! Did you even check the upx code so it supported this ? If you really insist to continue with bloatware spreading, causing your users pain, than add that dll file to exe file before compressing the exe file. That is the correct way of doing it. Not to sound cranky or rude but i have done your work for you. I expect at least a small 'thank you' for my wasted time. Unfortunately, anything that changes the exe after it have been compiled can obscure the virus scan. Both exe compressors and protectors are infamous of creating bugs. I for one thinks; stability and data integrity wins over exe file size.
  3. iru

    µTorrent 3.1.3 stable (27327)

    BTW: What compression is used on the exe file ? A modified upx ? Where can i download it ? I can't unpack it anymore with standard upx. I have to use a manually written script now I'm wondering out loud here: Are you doing something illegal that you need to hide ? Should i analyze the exe file for evil ? What is your thinking behind this change ? (Honest answers only, no PR bullshit) Note: I unpack utorrent because of false positives, to let anti-virus scan it more clearly and exe compressors cause bugs, instability and is a plain waste of time (and money). All i care about is that it is portable. It doesn't need to be compressed for that.
  4. iru

    µTorrent 3.1.3 stable (27327)

    I can verify that the 'stable' release hangs always. Reproduce: 1. Downloads active and downloading at full speed to make the hard drive work / disk io thread. 2. Now add several magnet links at once. Around 5 should do it. It will hang after a few seconds to a few minutes. Boom all data that have been downloaded is lost including added magnet links (and probably torrents too) when you force exit the program. Losing a gig of data is just unacceptable. It should flush more often for data integrity reason. That is what common sense and accepted guide-lines say. Are you following the guide-lines in 3.2 ? Workaround: Use good ol' torrent files. Or use a magnet link to torrent file converter.