Poster
BT Rep: +7
Does anyone know what extended messaging is used for?Originally Posted by rvt
Are these extended messages passed between the peers themselves, and specifically, does utorrent accept extended messages from users not in the swarm?
If that is the case then the security issue is indeed quite severe.
546f74616c6c792072616e646f6d20746578742e20416d617a696e671f20696e6e69742e
Poster
BT Rep: +100
I am having problems with my seedbox, because it has utorrent 1.6.1
Poster
BT Rep: +1
It's an extension to the bittorrent protocol that allows them to send none standard messages about all kinds of extensions, from PEX to chat.
The messages are sent between peers.
The setup for extended messaging is done after the initial BT handshake, with bit 4 of the 5th byte in the reserved 8 bytes being set for extended messaging support. Once the BT handshake is done, you send the size of the packet as a 4 byte int, followed by char(20) and char(0) to represent an extended message handshake, then a dictionary. The dictionary contains an m entry which maps extensions to ID numbers, and possibly a p entry for port to send extended messages on and a v entry for version as a utf8 string.
An example:
d1:md11:LT_metadatai1e6:µT_PEXi2ee1:pi6881e1:v13:\xc2\xb5Torrent 1.2e
That maps LT_metadata plugin to ID 1, uT PEX to 2, the port to 6881 and the version to µTorrent 1.2
The messages can be sent by anyone who has completed the normal BT handshake. It would be someone that knows your port and IP as well as the hash, but that doesn't have to be someone in the swarm.
Poster
BT Rep: +7
Thank you for an excellent explanation, rvt!
The bug now seems less grave than it used to. The hash is 320bit long as far as I could tell and guessing it + matching against an IP/port pair seems somewhat difficult, which would probably make it unlikely for anyone from outside the swarm to use this to gain undesired access to it. If the problem is only feasible from peers already within the swarm, then at least the panic regarding MPAA/IRAA/choose-a-4-letter-initials getting into your computer or the swarm could be avoided.
546f74616c6c792072616e646f6d20746578742e20416d617a696e671f20696e6e69742e
Poster
BT Rep: +1
The extended messaging bug is not even related to the remote code exploit.
So the fear is definately overdone.
The POC code on milworm basically takes a torrent file as input and makes some changes to the announce URL. The big problem with that is that every single private tracker in existance and some public ones change the announce URL when you upload. The exploit is busted at the first step.
That's why nobody made much of a fuss about it 12 months ago.
So we have an old bug that affects 1.6.1 only if used to open a specially crafted torrent that was downloaded from a none private site, and a new bug that only affects versions after 1.6.x. If anything, it should be 1.7-1.7.5 that are banned, although I consider running a client that crashes every 10 minutes to be the users prerogative
Excuse Me?
BT Rep: +16
I feel your pain. Myspleen is the only tracker that has banned uTorrent 1.7.6.to say goodbye to utorrent 1.6.1
i just had to update to 1.7.6, sct doesnt allow 1.6.1 anymore i guess. i thought it would be a few weeks or more before any trackers would trust 1.7.6 that much but i guess not.
Excuse Me?
Didn't Think So!
BANNED
BT Rep: +8
Problem makers...
GoaHead
BT Rep: +6
Azureus 2.5.0.4 (Last version without the Zudeo client)Big loss for me
http://filehippo.com/download_azureus/?2321
Cannot get it of official page anymore. They are also trying to force people to upgrade it seems
+1
i haven't notice that much difference between it and the 1.6 vestion!!
Posting Permissions
Reply With Quote
Bookmarks