Jump to content

Manual Passkey change


sathish_utorrent

Recommended Posts

I have been using two accounts on a private tracker.My ques is

1)What is the difference between two .torrent files, if i download a same torrent but from two different account?

If it is only the passkey, then..

2)Is it possible to make one torrent identical to another, just by opening the .torrent file in Text editor( I used Windows Notepad) and manually changing the passkey (from one account to another).?

[My scenario: I used Windows Notepad to manually change the passkey. But the utorrent recognizes it has different torrents. I could infer this, because utorrent usually warns "Torrent already in list..Would you like to update the tracker" when i try to add the same torrent once again. But this time even though I opened the modified torrent (replacing 'B' account torrent file passkey with 'A' account passkey) and the original torrent file downloaded directly from the website after logging into to 'A' account. The client just treats it as a saperate file and adds it to the list]

Link to comment
Share on other sites

Notepad is not a proper .torrent file editor.

.torrent files are BEncoded, which can contain binary data, which Notepad (and most other text editors) can't handle. If there is data in the .torrent file that the text editor can't read, it ends up getting truncated on save, and the file becomes corrupt. Use BEncode Editor instead or something to edit .torrent files.

And the only way a .torrent file is recognized as being "different" is if anything in the .torrent file's info dictionary is different/changed. Tracker changes don't affect the info dictionary.

Link to comment
Share on other sites

Thanks for the reply.But, this makes possibility of using BEncode Editor in an unethical way.Lets say if User A downloads a .torrent file. If it is possible to change the passkey manually, he could do a brute-force attack using various combinations of passkey, finally ending up in one key that tends to be valid. I suppose this approach would be a computationally feasible, since large private trackers have thousands of users, eventually , finding one of the possible thousand keys is quite easy.

Link to comment
Share on other sites

1. I fail to see how BEncode Editor makes it any easier to edit passkeys than µTorrent's torrent properties dialog.

2. Unless the tracker administrators are braindead, they wouldn't assign keys that are easily guessable. And last I've seen, passkeys are generally tens of characters long -- good luck brute forcing that.

Link to comment
Share on other sites

@Ulitma

1.Opening and changing the tracker passkey using torrents properties dialog lands you into trouble.This is because your bittorrent client connects your tracker for update as soon as you open the client(Independent of your scheduler). As soon as you change your passkey, the client contacts the tracker. This alerts the tracker to see two different passkeys within a very short interval of time from the same PC.

2.You are right. Brute-forcing the passkey is quite a costly task. But i would like to clarify your answer some more.Private trackers(I personally checked four) usually use 32 character(but range from 0-9 and a-f, meaning they must be Hex). This means the key length is 32*4=128 bit, a lengthy one to discourage brute-forcing.

@Firon

Bittorrent specification:(http://www.bittorrent.org/beps/bep_0003.html)

info_hash

The 20 byte sha1 hash of the bencoded form of the info value from the metainfo file. Note that this is a substring of the metainfo file. This value will almost certainly have to be escaped.

I guess you should have confused with this.

Moreover "sha1" yields a 160 bit key, as opposed to 128 bit passkey(explained as above). I suppose the trackers must usually employ their own table to maintain the passkeys. This is because, hashing with a particular algorithm always yields a single result. But we do have a option for resetting the passkey.

Link to comment
Share on other sites

1. Uh, no. That's no different from adding the torrent stopped (or just stopping the torrent for a while), and then changing the passkey. And anyway, how does BEncode Editor let you announce more quickly to trackers than just editing the torrent properties? You'd still be subject to the exact same issues.

At any rate, "moral" issues are the last of my worries. I created BEncode Editor to allow users to edit BEncoded files, plain and simple. What the users do with it is not of my concern. BEncode Editor doesn't make it that much simpler to change trackers than TorrentEditor. Or some plain ol' hex editor. Or some proxy to rewrite the announce URL. Or again, µTorrent's torrent properties dialog. Anyone who cares to do it can and will do it, with or without BEncode Editor.

Lastly, Firon wasn't confusing the info hash with passkey. Just because you saw 32 character passkeys doesn't mean that's all that is used. You see 32 character keys often, Firon sees ~40 character passkeys often -- doesn't really matter. The point is, brute forcing isn't a real option, and you'd more likely be banned way before you ever know that you've hit a valid passkey. Why anyone would want to guess at passkeys in the first place is beyond me.

Link to comment
Share on other sites

I used the term "usually use 32 characters" not "always". Anyways, the point that I was trying to say is "passkey generation" is up to the trackers themselves. Private trackers need not have to follow any standard algorithms like sha1 but it depends upon their wish.

Again, this leaves me with a question. If trackers use hashing algorithms sha1 or similar, how is it possible for them to provide an option for resetting the passkey. Hashing algorithm definitely yield the same output for the same message. Now, without changing anything about the account details(which I presume would be used as the "message" for hashing), it is possible to reset the passkey. How come is that possible?

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...