An URL of the form http://user-ip:port/.hash=blahblahblahblahblah really allows to download a file using any HTTP download manager.
I tested it on one user. Try this (if the host is online):

http://172.177.134.128:1214/.hash=1451EE75...5D662DF100B1380 (http://172.177.134.128:1214/.hash=1451EE75B8131AE6BB38ED8A75D662DF100B1380)

I downloaded this URL using REGet very fast. Faster than with KAzaa. Although I am not sure this is always true.

But how can we find out the ip of a partcular user?

2). How can we find out the hash of a shared file?



(btw, should you be posting the IP address of someone on here like that??)

it can be used if a friend has a file, and knows his own IP.

Originally posted by Atul@Dec 4 2002, 03:50 AM
But how can we find out the ip of a partcular user?
If you have found a file by Kazaa, you can start downloading it and then look into dat file using dat_view program. It will tell you both user IP:port and file hash. remember to remove any spaces from hash string. and remember than *ANY* IP address starting from 10. or from 192.168. is local and useless for you.

BTW barbarossa you are right, I should not post any real IP addresses. I will modify this post.

Hey, why nobody wants to discuss this feature? Let me speculate more about hash URLs.

1) Everybody knows that Kazaa uses HTTP for p2p transfers and that the file list cannot be retrieved from a remote computer (except some cases when both machines are in same local network). But if you know the file hash, it is not a problem: you cna download it using your favorite dl manager, forgetting about Kazaa. Sometimes it is faster. Moreover, you can set your dl manager to knock into user's IP every 5 seconds, and as soon as he turns on or as soon as there is a free slot for you, you catch him! Kazaa also reconnects using his IP stored in dat file, but much less frequently.

2) Kazaa can be used as a web server! If you make these URL's using sig2dat, you can even submit or publish them anywhere, claiming that your computer is a web server (if you are not scared of publishing your IP and your IP is static). You can even enable Listen80Port reg key and then your URL will be shorter: instead of http://1.1.1.1:1214/.hash=11111111 it will be just http://1.1.1.1/.hash=11111 (no port specified). In the latter case nobody will know (except too smart guys) that you are NOT a server, but just a computer with Kazaa on it.

3) Finally, this is a way to transfer ANY file to your friend. Calculate hash for that file, make a correct URL of your IP and hash, and send to your friend via AIM or email. He can now download it from you, using any HTTP client, even Internet explorer! And you can take care of his upload, cancelling other uploads to give him a chance to connect. His upload will differ from usual upload: username field will be empty.

Honestly, I observed once in my life that somebody sucked a file from me NOT using Kazaa: that upload had no username.

Hi Hi
i thought kazaa cheat will not work whit any thing above kazaa 2
but on your site you say it work's on kazaa 2 and above,,,,as im new to this can you plz tell me if it will work or wont whit kazaa 2.2

regards

Oni :ph34r:

P.S
i really liked your site great place for new ppl like me lots of info :D

Originally posted by Oni@Dec 8 2002, 09:16 AM
Hi Hi
i thought kazaa cheat will not work whit any thing above kazaa 2
but on your site you say it work's on kazaa 2 and above,,,,as im new to this can you plz tell me if it will work or wont whit kazaa 2.2

regards

Oni :ph34r:

P.S
i really liked your site great place for new ppl like me lots of info :D
Kazaa Participation level cheat is blocked in Kazaa 2.0.2 and higher. Sha®man Networx are not sleeping! They watch KAzaa forums and web sites, that's why it is not recommended to publish some technical details of our cheating programs...

PS. When I wrote the site, I did not know they will block PL cheat. You say I claimed there that it works with KL 2.0 and higher, but it is not true. I said: It MAKES SENSE ONLY WITH Kazaa 2.0 and higher. I meant that for earlier versions there is no participation level at all.

there is a program that does this.

there is an ad on zeropaid where if oud it.

i didnt post becuase its a leech tool basically

KazaaSearch in case you wonder what X-Kazaa-XferId is then it's LastSearchHash in ASCII.

ascii buf:
037BA9A8 41 4D 41 55 6C 33 57 30 39 43 58 76 2F 47 52 49 AMAUl3W09CXv/GRI
037BA9B8 59 36 30 61 74 79 52 75 71 31 62 66 6E 49 4D 37 Y60atyRuq1bfnIM7
037BA9C8 4B 58 66 37 35 45 43 6C 4B 4F 34 3D 00 KXf75EClKO4=

this is result:
0352F490 00 C0 14 97 75 B4 F4 25 EF FC 64 48 63 AD 1A B7
0352F4A0 24 6E AB 56 DF 9C 83 3B 29 77 FB E4 40 A5 28 EE

decrypted
0352F490 00 C0 14 97 00 00 00 00 95 79 F1 02 FF FF FF C1
0352F4A0 17 8A 62 B3 39 B7 78 19 07 E4 2F A1 0A 88 E2 80
PL=33h=51

All fields except the first one are byte-swapped (big-endian format) and the bytes at 8-11 is the C: volume serial number, 12-15=secs since Jan 1, 1970, big endian format.

that last post was by me, random nut. Too lazy to log in.

bytes 12-15 doesn't appear to be secs since 1970 in the one I received, but it is that value when it's saved in the registry (encrypted of course). The first 4 bytes is the encryption key.

Originally posted by the flinger@Dec 8 2002, 10:52 PM
there is a program that does this.

there is an ad on zeropaid where if oud it.

i didnt post becuase its a leech tool basically
Please post the link or at least program name! It is not a leech tool! I am not a leech, and I still want it so badly...

Originally posted by Guest@Dec 8 2002, 11:02 PM
KazaaSearch in case you wonder what X-Kazaa-XferId is then it's LastSearchHash in ASCII.

ascii buf:
037BA9A8 41 4D 41 55 6C 33 57 30 39 43 58 76 2F 47 52 49 AMAUl3W09CXv/GRI
037BA9B8 59 36 30 61 74 79 52 75 71 31 62 66 6E 49 4D 37 Y60atyRuq1bfnIM7
037BA9C8 4B 58 66 37 35 45 43 6C 4B 4F 34 3D 00 KXf75EClKO4=

this is result:
0352F490 00 C0 14 97 75 B4 F4 25 EF FC 64 48 63 AD 1A B7
0352F4A0 24 6E AB 56 DF 9C 83 3B 29 77 FB E4 40 A5 28 EE

decrypted
0352F490 00 C0 14 97 00 00 00 00 95 79 F1 02 FF FF FF C1
0352F4A0 17 8A 62 B3 39 B7 78 19 07 E4 2F A1 0A 88 E2 80
PL=33h=51

All fields except the first one are byte-swapped (big-endian format) and the bytes at 8-11 is the C: volume serial number, 12-15=secs since Jan 1, 1970, big endian format.
Sorry, random nut, I don't follow. What is "ascii buf", "this is result", and decrypted? What is each line out of three in "ascii buf", each line in "result" and decrypted? Please clarify for slow guys like me.

I don't also understand: you say that bytes 8-11 are C serial number, but in line 1 of "decrypted" there is 97 00 00 00 . It doesn't look like a serial number.

And how do you decrypt all this?

And finally, how do you obtain PL from this signature? You claim that it was 51 decimal, but how do you know?

ascii buf = ASCII buffer. Temp storage before Kazaa converts the ASCII to binary. The result is saved in another buffer, the result buffer. And the decrypted is the result decrypted. Not hard to understand, right? :)

The data is [memory address] [16 bytes in hex] [ascii of each hex byte]

Bytes 8-11, C: volume serial number, is 95 79 F1 02, and big-endian dword it's 02F17995, so 02F1-7995 = C: volume serial number.

And I didn't decrypt it. I let Kazaa do it. I used a debugger. Showing Kazaa's encryption/decryption algorithm is not something I'm going to do. It's too much stuff.

I didn't calculate the PL (I do now how, though) I just watched the return value from the function that calulcates it and it returned 33h = 51 decimal.

ok i know i am not a leech and i think most of you know i am not a leeeech so why dont you send me the link in aim msn or through the boards

Work's whit Kazaa 2.00 or higher,,,or makes sense whit Kazaa 2.00 or higher,,,????? hmmm sounds the same to me .... :P

Oni :ph34r:

sorry, im still searching for it again.

it was along time ago. i didnt call anywon a leech- its just that the program was used to leech in that case. mostly.

not callling kseach a leech, oh no

i think it might have been that better kazaa thing

but i dont think so

DAMMIT!! where is it?

ok....this is getting me confused i understand everything except for how to make the file hashs correctly, i used sig2dat and did a sig. calc. for a file but the url i tried to send woudlnt work......this was the url
http://??.???.??.???:5555/.hash=dAV27/u1BE...6xEjUt3Y=| (http://??.???.??.???:5555/.hash=dAV27/u1BELF7UCxPIP6xEjUt3Y=|)

help would be appreciated
p.s yes i use port 5555 for kazza under suspicion that my isp capped port 1214....dont ask....
thanks

i think you should use 1214 anyway, because that's the remote port (the port this ip has opened)

In case it has been overlooked...

This would be an extreme way to bypass Kazaa's participation level, although you'd be seen as a 0-PL doing this, because it wouldn't hurt YOUR Kazaa record.

You can list files remotely but not with a browser, you need to do a custom program that retrive the files info and hashes.
The problem here is that when u enter this url to the browser http://ipaddress:port/.files.
Kazaa sends before the data requested the following:
Host: 68.6.167.188:3523
UserAgent: KazaaClient Nov 3 2002 20:29:03
X-Kazaa-Username: rocko
X-Kazaa-Network: KaZaA
X-Kazaa-IP: 192.168.1.2:1214
X-Kazaa-SupernodeIP: 65.96.121.36:2566
Connection: close

HTTP/1.0 403 Forbidden 38 415452424

then any browser will stop the communication because of the 403 answer, but if you continue retriving data you get the list of files like this:

HTTP/1.1 200 OK
Content-Length: 106357
Accept-Ranges: bytes
Date: Wed, 27 Nov 2002 15:55:27 GMT
Server: KazaaClient Nov 3 2002 20:29:03
Connection: close
Last-Modified: Wed, 27 Nov 2002 15:55:27 GMT
X-Kazaa-Username: jason2jason
X-Kazaa-Network: KaZaA
X-Kazaa-IP: XX.X.XX.XXX:3523
X-Kazaa-SupernodeIP: XX.X.XX.XXX:3501
Content-Type: application/octet-stream

(here comes the file list in a aplication defined way)

i'm still studing the how the data is organized in this list, but this command is the one that use kazaa when u do a "more files from the same user" search.

Rocko

so i take it no one actually knows how the hash thingy can be calculated so it actually works then???? :angry: :angry: :angry: :huh:
btw im gonn take off that link cause i just realized i posted my ip :unsure:

Originally posted by starstorm73@Dec 10 2002, 11:47 PM
so i take it no one actually knows how the hash thingy can be calculated so it actually works then???? :angry: :angry: :angry: :huh:
btw im gonn take off that link cause i just realized i posted my ip :unsure:
You can't edit your post, so I have done it for you :)

Originally posted by starstorm73@Dec 10 2002, 02:08 AM
ok....this is getting me confused i understand everything except for how to make the file hashs correctly, i used sig2dat and did a sig. calc. for a file but the url i tried to send woudlnt work......this was the url
http://??.???.??.???:5555/.hash=dAV27/u1BE...6xEjUt3Y=| (http://??.???.??.???:5555/.hash=dAV27/u1BELF7UCxPIP6xEjUt3Y=|)

help would be appreciated
p.s yes i use port 5555 for kazza under suspicion that my isp capped port 1214....dont ask....
thanks
The hash should be in the hex format, NOT UUENCODE! It is 40-byte ASCII representation of a hex string which you can see, e.g., in dat_view in correct format except for unrequired spaces between DWORDs. sig2dat gives you UUENCODED hash, but it also shows it in ASCII format, but unfortunately you cannot copy it to system clipboard, and moreover, it is in dashed format so you ought to remove all dashes. An example of a correct hash URL is in the beginning of this post.

Originally posted by starstorm73@Dec 10 2002, 10:47 PM
so i take it no one actually knows how the hash thingy can be calculated so it actually works then???? :angry: :angry: :angry: :huh:
btw im gonn take off that link cause i just realized i posted my ip :unsure:
Here is an example of correct hash URL. Look: it contains only numbers 0-9 and letters a-e (their case is UNIMPORTANT because of HTTP convention which Kazaa client/server admits)

http://80.x.x.62:1214/.hash=A836DE0B6DA61B...96F69E6E2017831 (http://80.x.x.62:1214/.hash=A836DE0B6DA61B46FE685C95B96F69E6E2017831)

NOTE: IP address is spoiled consciously

Note also that a user can block port 1214 (with personal or corporate firewall, in the latter case it is more likely blocked by his nasty admin)
and specify another port using ListenPort reg key. In that case you can't even figure out his port to connect to.

Originally posted by Rocko@Dec 10 2002, 02:46 PM
You can list files remotely but not with a browser, you need to do a custom program that retrive the files info and hashes.
The problem here is that when u enter this url to the browser http://ipaddress:port/.files.
Kazaa sends before the data requested the following:
Host: 68.6.167.188:3523
UserAgent: KazaaClient Nov  3 2002 20:29:03
X-Kazaa-Username: rocko
X-Kazaa-Network: KaZaA
X-Kazaa-IP: 192.168.1.2:1214
X-Kazaa-SupernodeIP: 65.96.121.36:2566
Connection: close

HTTP/1.0 403 Forbidden 38 415452424

then any browser will stop the communication because of the 403 answer, but if you continue retriving data you get the list of files like this:

HTTP/1.1 200 OK
Content-Length: 106357
Accept-Ranges: bytes
Date: Wed, 27 Nov 2002 15:55:27 GMT
Server: KazaaClient Nov  3 2002 20:29:03
Connection: close
Last-Modified: Wed, 27 Nov 2002 15:55:27 GMT
X-Kazaa-Username: jason2jason
X-Kazaa-Network: KaZaA
X-Kazaa-IP: XX.X.XX.XXX:3523
X-Kazaa-SupernodeIP: XX.X.XX.XXX:3501
Content-Type: application/octet-stream

(here comes the file list in a aplication defined way)

i'm still studing the how the data is organized in this list, but this command is the one that use kazaa when u do a "more files from the same user" search.

Rocko
If this is true, then you just made a fantastic discovery wich allows to update programs like kudos etc. which are able to scan all users in a given IP range and retrieve file lists. The Java and Visual Basic programs which I found on open-source sites are so wonderful in scanning - I can scan a block of 256 adddresses in just 3 seconds! But they can't retrieve file lists after KAzaa increased security. But hey, their security is cracked again, and one can now search files without Kazaa network at all! Just scan IP range for open port 1214 and retrieve all lists, store them locally and search thru them... Easy as pie!!!
Rocko, I haven't checked your discovery, but I feel so excited!

PS. Shaman bastards are probably reading this post and they will invent a new cure against this idea...
PPS. I captured packets after calling More Files from this User, but all I got in TCP range were empty packets (Len=0). I thought that Kazaa actually used supernode to obtain user's file list, and since that dialog was encrypted, no one could read it...

BTW, right now I am downloading 4 files using ReGet and hash URLs. I was just tired of waiting a place in remote queues. Moreover, I observed that sometimes Kazaa can't connect to a user, but ReGEt (after long efforts) can. However, if you get 404 response, check your URL, don't knock any further. It only makes sense to try connecting when you get 503 response (server is busy), you gotta reconnect again as fast and as long as your conscience allows you.

Remember that remote Kazaa accepts only ONE connection from your IP, so set the limit of simultaneous connections as 1. Otherwise you will just prevent yourself from downloading.

its ok if you cant find it i am fine with version 2.0 and clicking no to update every time i start kazaa

:lol:

Originally posted by starstorm73@Dec 10 2002, 02:08 AM
ok....this is getting me confused i understand everything except for how to make the file hashs correctly, i used sig2dat and did a sig. calc. for a file but the url i tried to send woudlnt work......this was the url
http://??.???.??.???:5555/.hash=dAV27/u1BE...6xEjUt3Y=| (http://??.???.??.???:5555/.hash=dAV27/u1BELF7UCxPIP6xEjUt3Y=|)

help would be appreciated
p.s yes i use port 5555 for kazza under suspicion that my isp capped port 1214....dont ask....
thanks
BTW if you think that setting ListenPort to 5555 protects you from admins and other network worms searching for Kazaa users, you are wrong. KAzaa continues listening to port 1214, no matter what. All you can do to hide yourself is of course set up a firewall. Get free, cracked AtGuard from my webpage. (Well, you can spend money on licenced programs, but if you love KAzaa so much then you probably not one of those "righteous guys" :) LOL