Patent Application For Seeding Bad Music Files

**Ron** · 08-21-2003, 06:34 PM

Then again, I saw different sized mp3 files go in the same multi source thing.
Kazaa works in mysterious ways sometimes.

**RealitY** · 08-21-2003, 07:18 PM

Originally posted by Hdestm8r@21 August 2003 - 14:04
The hash has nothing to do with it. Kazaa onlys check file names and sizes when cueing up files for multisource downloading, so if someone make a "Bad" file of the same size and name Kazaa will put that into the mix of source downloads and you will get parts of that bad file.

You can read about it HERE Secunia.com

I was always under the impression that if the file was altered, then the Hash was as well.
Although I read the article you linked to and am wondering about the validity of the source...

Description:
A vulnerability in Kazaa could be exploited by malicious people to corrupt the files other users download.

The vulnerability is caused by Kazaa only checking file name and size, when categorizing files for simultaneous downloads from multiple locations. A malicious person could therefore download a file and corrupt it by deleting the content by replacing it with NULL bytes or other arbitrary values with a hex editor keeping the same filename and file size. If another user downloaded part of the file as part of a simultaneous download from multiple locations, the file would be corrupted.

People with an interest in terrorising the Kazaa network would be able to exploit this vulnerability by registering multiple accounts and make many fake files with popular names available.

The users most affected by this vulnerability are those, who are using modems, ISDN or has other solutions, where they pay for the time online or amount of data downloaded.

Solution:
Only download legal files from trusted sources.

Seems a very simplified article to conclue to a very simple Solution...
I seriously find this hard to believe as it contradicts earlier common statements.

**Hdestm8r** · 08-21-2003, 07:24 PM

Originally posted by Switeck+21 August 2003 - 19:19--></div><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td>QUOTE (Switeck @ 21 August 2003 - 19:19)</td></tr><tr><td id='QUOTE'> <!--QuoteBegin-Hdestm8r@21 August 2003 - 08:04
The hash has nothing to do with it. Kazaa onlys check file names and sizes when cueing up files for multisource downloading, so if someone make a "Bad" file of the same size and name Kazaa will put that into the mix of source downloads and you will get parts of that bad file.

You can read about it HERE Secunia.com

I think Kazaa hashes the first MB or so of the file for purposes of seeing which files are same/different.

I've seen identical-sized, identically named files show up in searches that DON'T go together as the same multi-sourced file. This is indirect proof that there is at least some partial hash scheme at work. [/b][/quote]
This may help you. This analysis was done by the same person who found the "Patent Application" when he looked at the bad MP3's himself.

****** "But back to the files: besides all the frame headers being suspiciously intact, as (name removed) mentioned, in five cases out of six, the corruption starts at the exact same point: 4b000 hex (i.e exactly 307,200 bytes into the file). I'd have to say it does indeed appear they are being methodically corrupted in a pre-meditated manner by someone." ******

So Kazaa could hash some of the first part and assume that the file is genuine and include it in the mix.

By the same token though I have seen differently named files lumped together as being the same file.

I think what is being concluded here is that Kazaa does not check the full hash of the file. It just loosely checks the file for size conformity. I guess that is why I posted this was to find the real truth behind these deliberately seeded bad files and why Kazaa allows good files to coexist with bad files and how that patent could work with Kazaa. I don't know enough about Kazaa to actually make a definitive statement either way. I know of others who have the same question as we had 3 pages of discussion in the other forum on this topic.

Edit: I made a mistake and said MD5 when I meant the full hash

VB · 08-21-2003, 07:50 PM

Kazaa hashes only the first piece of a files. I think it was only the first 300 KB.

**Hdestm8r** · 08-21-2003, 07:56 PM

Originally posted by Paul@21 August 2003 - 20:50
Kazaa hashes only the first piece of a files. I think it was only the first 300 KB.

Well then if the corruption starts as stated and verified above at 307,200 bytes then Kazaa would think it is a genuine file so that would be how this could really be done

**RealitY** · 08-21-2003, 08:01 PM

Originally posted by Hdestm8r@21 August 2003 - 20:24
****** "But back to the files: besides all the frame headers being suspiciously intact, as (name removed) mentioned, in five cases out of six, the corruption starts at the exact same point: 4b000 hex (i.e exactly 307,200 bytes into the file). I'd have to say it does indeed appear they are being methodically corrupted in a pre-meditated manner by someone." ******

Yuk...
Just beyond the 300K.
Meanwhile Sharman Networks...
Sits on their ASS like a beat RAT.
http://www.klboard.ath.cx/index.php?act=ST...t=0#entry455246
I've yet to hear a reply and don't really expect one.
I've come to think they just don't care anymore.

**random nut** · 08-23-2003, 02:07 AM

Sharman Networks don't care about anything as long as they get money from ads. I even reported the serious fasttrack vulnerability to them (and Joltid) but neither replied. They should be lucky I don't work for the enemy.

And that Secunia DoS exploit has been known for years. Shouldn't even have been posted there at all. It was some idiot working for the original Kazaa company that decided they should only hash the first 300K of the file. He's probably killed himself now, seeing as how much fake mp3s there are on the network with correct sigs thanks to him. Maybe he's working for the RIAA now?

**RealitY** · 08-23-2003, 07:21 AM

Originally posted by random nut@23 August 2003 - 03:07
Sharman Networks don't care about anything as long as they get money from ads. I even reported the serious fasttrack vulnerability to them (and Joltid) but neither replied. They should be lucky I don't work for the enemy.

As I stated in another post...

Seems to me those dimwits are kinda sittin' on their asses wathing the villagers go on a witch hunt while they merely stand by, not realising they are the witch about to baked and tossed into the river.

Perhaps they are content with their new point system they have f**ked into KMD 2.5, or maybe they intend to lay down like a beat rat awaiting defeat, perhaps they are ready to retire with all the the riches they have made as well.

How do you watch greatness shrivell to shit when it is your own?

I just find their stance almost as pathetic as those attacking them.

Will they care about being Belly Up.

**Muse** · 08-23-2003, 11:40 AM

This is heavy shit man! This can be done with any kind of file i guess, so were bound to see f**ked up divx also.

I know Shareaza uses the entire file to calculate the hash. Does anyone knows how WinMX or Piolet do this?

Looks like bye bye Kazaa for me.