Resurrecting a dead torrent tracker and finding 3M peers

1. ck45 ◴[17 Jun 25 19:31 UTC] No.44302950[source]▶

My first thought is, how many BitTorrent clients have vulnerable parsing code? Could a malicious actor register the domain and infect clients?

replies(3): >>44303420 #>>44303976 #>>44309675 #

2. SSLy ◴[17 Jun 25 20:11 UTC] No.44303420[source]▶

>>44302950 (TP) #

utorrent v2.1 is still widely used by too many people, and it certainly is exploitable.

3. EvanAnderson ◴[17 Jun 25 21:08 UTC] No.44303976[source]▶

>>44302950 (TP) #

I'm thinking of the Jon Evans novel "Invisible Armies" and the "bug" / backdoor in the P2P software that it's author users to pwm machines.

4. CactusRocket ◴[18 Jun 25 13:22 UTC] No.44309675[source]▶

>>44302950 (TP) #

I don't really think so. The tracker is just a tiny part of the whole Bittorrent setup, and it's only really used by clients to get a list of peers. It's basically just an HTTP call to the tracker, returning a response. The only thing that I can quickly think of is returning some malformed bencode which could cause a memory exhaustion a client written by a novice.

The peer protocol (and variants, like uTP) are much more interesting to attack, and you don't need to host a tracker for that, you can just get peer IPs from trackers or DHT, connect, and do your magic.