P2P Anti-Piracy System Defeated With 2 Clicks
Written by enigmax on April 19, 2007eDonkey and BitTorrent users caught up in the latest Logistep anti-piracy sweep haven’t got much to smile about, facing threats, legal action and for many, accusations that are simply untrue. For those who would prefer not to have their privacy invaded by Logistep in the future, this anti-piracy cloud has a silver lining. Indications are, this system can be defeated.
Ever since the initial assault on UK file-sharers, questions have been asked about the functioning of the Logistep ‘File-Sharing Monitor’ snooping software. Many people simply do not wish to allow their file-sharing software to connect to this system, preferring to maintain their privacy. But how can this be achieved?
The secret lies in Logistep’s own description of how their system operates;
The "File Sharing Monitor" program version 1.3 is a modified version of the client of the eDonkey and Gnutella networks of the program "Shareaza" version 2.1.0. All program functions responsible for communication with the servers and the clients are identical with those in the original version.
The Shareaza client Logistep are using doesn’t support a feature built into eMule (ver 0.47b onwards) known as ‘protocol obfuscation’ (PO) or Protocol encryption (PE) in BitTorrent clients like uTorrent and Azureus. From the eMule-Project introduction;
Protocol Obfuscation is a feature which causes eMule to obfuscate or "hide" its protocol when communicating with other clients or servers. Without obfuscation, each eMule communication has a given structure which can be easily recognized and identified as an eMule packet by any observer. If this feature is turned on, the whole eMule communication appears like random data on the first look and an automatic identification is no longer easily possible.
So, as Shareaza does not support PO, anyone who both enables protocol obfuscation and allows only obfuscated connections in eMule’s security options will ensure that they they simply cannot connect to any Shareaza clients, effectively neutralizing the Logistep system. The same effect can be achieved by enabling Protocol encryption in Azureus or uTorrent.
From the eMule-Project;
Clients which do not support obfuscations are ignored, incoming plaintext connections rejected and the automatic server connect will only allow obfuscated connections to a server
The downside to this configuration is that connections cannot be made to non-eMule clients, versions of eMule before 0.47b (which do not support PO) and other clients with PO switched off, which is very likely to reduce download speeds. However, eMule users are unlikely to leave their system configured this way for long and will likely revert to their normal settings once they feel they are no longer at risk of having their privacy breached by Logistep, on behalf of their partners.
It is worth noting that although Logistep appear to have done nothing illegal by modifying and using the Shareaza software, Logistep are not linked with Shareaza in any way and they did not seek permission from Shareaza’s team to use a modified version of the client. ‘deltagamma’, a mod on the Shareaza forums commented “We’re sad that Shareaza code is being misused in such a way.”
This cat and mouse game can and will continue – maybe Logistep changes to another client for collecting their data, maybe they simply start collecting data in another way. What is certain is that this article will not reduce the number of people receiving threatening letters from lawyers demanding money. IP addresses on a spreadsheet are worth big money these days and the law firms know it.
With thanks to qm2003
Previously: Church Official Arrested in Piracy Crackdown
Next: Firestorm Adds BitTorrent Support to Firefox
22 Responses
I just skimmed the article and so, how would I enable the PO feature in eMule?
In some countries accessing someone’s PC and snooping around without their consent is illegal, punishable by 5 years in jail even if you don’t modify anything. Add to that breaking licenses for software, and Movie companies regularly rip off writers (The author of Forest Gump didn’t get a cent in royalties after the movie company used deceptive accounting) and bribe congressmen to change the law to suit them.
All sounds pretty illegal to me!
would peer guardian protect against this?
Umm thats great until logistep copy and paste the code out of emule.
Unauthorised access to computer material.
1.—(1) A person is guilty of an offence if—
(a) he causes a computer to perform any function with intent to secure access to any program or data held in any computer;
(b) the access he intends to secure is unauthorised; and
(c) he knows at the time when he causes the computer to perform the function that that is the case.
(2) The intent a person has to have to commit an offence under this section need not be directed at—
(a) any particular program or data;
(b) a program or data of any particular kind; or
(c) a program or data held in any particular computer.
(3) A person guilty of an offence under this section shall be liable on summary conviction to imprisonment for a term not exceeding six months or to a fine not exceeding level 5 on the standard scale or to both.
Computer misuse act 1990 for any company or person to access your computer or your computers data trafic or files without your authorisation is a breach not only of this act but also of your human rights
I recommend anyone connecting to a p2p network run Peerguardian. It has updated lists of ip addresses to block (govt, edu, ads, p2p)
A little safety goes along way
Download PeerGuardian here:
http://phoenixlabs.org/pg2/
sorry i was wrong peer guardian is crap it ends up blocking a third of the internet addressess that mathmatically possible to exist.
PO is enabled in emule in the options->security window.
@Steve
There’s a difference between PG2 itself and the lists it uses, be more specific.
Well Steve Peer guardian is not crap. If a site is being blocked that you really want to get to its easy enough to ….right click on the ip thats being blocked and either temp allow or perm allow it….simple…if you don’t want to do that…right click on the pg icon in the system tray and click allow http….just remember to block http again after you leave the site…very simple indeed. And altho not 100% foolproof against being busted for illegal downloads it sure helps block the likes of netsafe and mediasentry.
theres only one way to stay safe.LEECH LEEH LEECH. use the latest and greatest leech clients where u dont hafe to share. im sorry but its the only way. 100 percent safe to.who cares if people dont like it its either that or pay money. which u think im gonna choose?
Peerguardian blocks 30% of “the internet” because there IS NOTHING THERE. you DO NOT get anything good
from the blocked IP’s in a p2p-program. Besides, you can allow
HTTP so you can still browse to RIAA’s
website . Why don’t people do some research before letting their mouths run?
Leech has got to be the dumbest solution. Thank God there are lists that block entire countries ..
Sorry, but honestly I don’t think that this method will work. If I understood the concept correctly, enabling obfuscation means to enable the option to communicate with other clients and servers encryptedly. If the remote client doesn’t support obfuscation or doesn’t have it switched on, we will communicate nonetheless.
So although I have obfuscation turned on, I have a couple of Shareaza clients that I am connected to at the moment.
@ 11: Leeching is no option. It’s disgusting, the worst possible antisocial behaviour in an environment that relies on social behaviour. Not uploading is even worse for the network than all those anti-p2p-lobbying and monitoring. Everybody should use eMule Mods that support DLP, for instance Xtreme or ScarAngel.
On winmx that I use we have seen this type of trawling and it can be defeated rather simply with a blocklist (automated or otherwise), peer guardian is a fine peice of software but running a poorly maintained blocklist.
It most certainly does not block all the ranges used by Netsentry, Macrovision, and their ilk, we know this by comparing the ones we have detected on winmx against the ones on the blutak blocklists that pg uses, upon trying to pass these numbers on to blutak they took days to check out the information and sadly the media companies move faster than they do, 8 out of the 11 ip ranges given to then where swapped within 4 hours to other unlisted ones.
Only the automated winmx blocklist was keeping folks safe whilst pg users where once again easy pickings for the media companies.
The solution is rather simple, ensure pg can be updated more than once a day ( as opposed to once in 24 hours ), and a system needs to be devised for an open port listening method to indicate to users that an urgent update is ready for deployment, only these two modifications and a specialist team of watchers from each network to generate and maintain the lists is likely to keep p2p out of reach of the forces ranged against it.
hmm
read through that and then checked out the Logistep site
[quote]
LOGISTEP AG is a specialized privately controlled Anti-Piracy Company Limited incorporated in and operating out of Switzerland on an international basis.
[/quote]
Not sure on Swiss law but as Switzerland is a ‘neutral’ country, I have a strong suspicion that what they are doing is illegal under international law…
Mind though, that doesn’t bother them that much. I’ve seen them do some very dubious practices over the last few years….
test bugaga
test of aposter
aposter speed test2
tester aposter
tterte
tester aposter
I Think,Ä°t is very nice information…
Hitchhiker Nation
7 references to this post
Responses are closed
All remaining responses will continue to be archived. Use the TorrentFreak forums if you want to discuss something.