P2P Anti-Piracy System Defeated With 2 Clicks
eDonkey and BitTorrent users caught up in the latest Logistep anti-piracy sweep haven’t got much to smile about, facing threats, legal action and for many, accusations that are simply untrue. For those who would prefer not to have their privacy invaded by Logistep in the future, this anti-piracy cloud has a silver lining. Indications are, this system can be defeated.
Ever since the initial assault on UK file-sharers, questions have been asked about the functioning of the Logistep ‘File-Sharing Monitor’ snooping software. Many people simply do not wish to allow their file-sharing software to connect to this system, preferring to maintain their privacy. But how can this be achieved?
The secret lies in Logistep’s own description of how their system operates;
The "File Sharing Monitor" program version 1.3 is a modified version of the client of the eDonkey and Gnutella networks of the program "Shareaza" version 2.1.0. All program functions responsible for communication with the servers and the clients are identical with those in the original version.
The Shareaza client Logistep are using doesn’t support a feature built into eMule (ver 0.47b onwards) known as ‘protocol obfuscation’ (PO) or Protocol encryption (PE) in BitTorrent clients like uTorrent and Azureus. From the eMule-Project introduction;
Protocol Obfuscation is a feature which causes eMule to obfuscate or "hide" its protocol when communicating with other clients or servers. Without obfuscation, each eMule communication has a given structure which can be easily recognized and identified as an eMule packet by any observer. If this feature is turned on, the whole eMule communication appears like random data on the first look and an automatic identification is no longer easily possible.
So, as Shareaza does not support PO, anyone who both enables protocol obfuscation and allows only obfuscated connections in eMule’s security options will ensure that they they simply cannot connect to any Shareaza clients, effectively neutralizing the Logistep system. The same effect can be achieved by enabling Protocol encryption in Azureus or uTorrent.
From the eMule-Project;
Clients which do not support obfuscations are ignored, incoming plaintext connections rejected and the automatic server connect will only allow obfuscated connections to a server
The downside to this configuration is that connections cannot be made to non-eMule clients, versions of eMule before 0.47b (which do not support PO) and other clients with PO switched off, which is very likely to reduce download speeds. However, eMule users are unlikely to leave their system configured this way for long and will likely revert to their normal settings once they feel they are no longer at risk of having their privacy breached by Logistep, on behalf of their partners.
It is worth noting that although Logistep appear to have done nothing illegal by modifying and using the Shareaza software, Logistep are not linked with Shareaza in any way and they did not seek permission from Shareaza’s team to use a modified version of the client. ‘deltagamma’, a mod on the Shareaza forums commented “We’re sad that Shareaza code is being misused in such a way.”
This cat and mouse game can and will continue – maybe Logistep changes to another client for collecting their data, maybe they simply start collecting data in another way. What is certain is that this article will not reduce the number of people receiving threatening letters from lawyers demanding money. IP addresses on a spreadsheet are worth big money these days and the law firms know it.
With thanks to qm2003
