Exploiting BitTorrent

From

Jump to: navigation, search

Contents

What is BitTorrent?

BitTorrent is a Peer2Peer filesharing protocol. It was designed in 2001 by Bram Cohen, to replace centralized server structures like FTP servers. Filesharing can be organized more efficient, no central server that has to provide all the upload. Also redundancy will be gained, due to distribution of the files to all the clients.


How does it work?

The files are divided into pieces, all the pieces that belong to one file are named in a so called torrent-file, which is a meata data file also containing the hash cheksums for each piece and additional information.

Each piece can be downloaded seperately from one or more clients (peers) participating in the sharing process. But how does a peer know which other clients it should contact?

To obtain the information one needs to start a sharing process, he needs to get the torrent file first. The torrent files are published on public web servers. To obtain the list of peers praticipating, one then he needs to contact the so called tracker which keeps track of all the peers sharing the same file. The trackers IP address is included in the torrent file. The tracker responds with a list of randomly chosen peers and a client can now contact the other participants.

The peers are divided into two groups, seeders and leechers. A seeder is a peer that already obtained the whole file, he doesn't need to download anymore, but he still keeps his client running to share the file with others. A leecher is a peer that is still in the process of downloading the file, but he can also share already obtained pieces with others.

BitTorrent implements a fairness model: everybody needs to share with everybody! That means that every client participating in the sharing needs to provide his already obtained pieces to others, so he can download from the other peers. This prevents the system from so called free riders that are not willing to upload.

The implementation of the fairness model is based on preferences. Somebody who doesn't contribute to the system will get low or no download rates, and somebody uploading lots will get high download rates.

The preferences are calculated by the clients for a given period, the so called choking period. A leecher can calculate the amount of data he received from the other peers and unchoke the fastest ones in the next period, let them download from him. A new client, who doesn't have anything to contribute yet, would not get anything from the other peers, therefor so called “optimistic unchoking” is implemented, where also slow peers will get a chance to get data they can then share later. A seeder, who already obtained the whole file, doesn't need to download anything, so he cannot calculate the preferences by the amount of data he receives. The seeders therefor unchoke the fastest downloaders, as they can assume that a fast downloader will also have a high upload rate. Plus the file gets replicated faster. Of course also the seeders implement the optimistic unchoking.

Also a rarest-first policy is implemented to replicate the files fast and minimize the probability of missing pieces.


Exploits

A BitTorrent client has been manipulated, to take advantage of three different weaknesses in the BitTorrent protocol. These weaknesses are explained in the following section.


Downloading only from seeds

The first exploit takes advantage from the fact that a seeder cannot calculate the contribution from another peer, because he's not downloading anything anymore. To obtain a list from the tracker with a lot of seeders, he repeats his request for the information more often then a usual peer. A seeder advertises that he already has the whole file, so the manipulated client can filter out the seeders and only contact them. He will not have to upload anything, but he will get high download rates (if he's fast enough). Of course he can also contact leechers, to benefit from their optimistic unchoking. So he can download the whole file without uploading anything.


Downloading only from the fastest peer

Advertising false pieces

Personal tools
MediaWiki Appliance - Powered by TurnKey Linux