Imagine you're not at TL, for example, but a friend is. He could download a .torrent, start it, copy the peerlist, conceal his passkey from the metadata, and send both to you. You could add the torrent, remove the announce URL, add the peers manually and start it - i.e. leech without even having to be a tracker member. (This would be more secure in bigger swarms, since otherwise everyone can see your IP)
What you will need
- A friend inside the tracker
- uTorrent
What your friend will need
- uTorrent (could be any client, but uT lets you copy the peerlist quickly)
- HxD (hex-editor)
What to do
Ask your friend to add the torrent in uTorrent. After he finishes making the first announce and has connected to as much peers as possible, go to the Peers tab, right-click an entry and choose "Copy Peer List":
Tell him to paste it in Notepad and save the file as a .txt:
After that, tell him to open the .torrent in HxD and fill the tracker URL and passkey with X's:
Then save the file and have him send it and the peerlist to you.
When you receive it, add the torrent, but first go to Advanced, delete the tracker's URL, and if using a mod that ignores the private flag, also disable DHT and PEX:
Also untick "Start torrent" before adding it. It'll have been added as stopped:
Open the peerlist your friend sent you. In uTorrent, click the torrent, go to the Peers tab, right-click an empty space, and click "Add Peer":
In the dialog that will open, write a peer's address in IP:port format:
Repeat this for every peer in the list. (Yes, this part can get a bit tedious) When you've added enough, uTorrent will show something like "Peers: 0 (43)".
You may now start it. Watch uT connect to peers, and the speed rise at the same time you download a torrent from a tracker you may not even be a member of:
FAQ
Q: Do I need a modded client to do this?
A: Not for now (except on special cases, see below); using the official uTorrent should be enough.
Q: How is this possible?
A: BitTorrent wasn't meant to be a secure protocol. Anyone with the correct IP+port+info_hash combination can connect and transfer from/to you.
Q: Is there any chance BitTorrent clients can do something to "patch" this?
A: Yes; for example, BitTorrent Inc. could make uTorrent disable the "add peer" function for private torrents. This could be easily bypassed with a DHT-Patch mod.
The Peer Injector plugin for Vuze doesn't inject peers in private torrents. I have attached v0.3, the last official version that was able to do this, as well as a port of it for BiglyBT, which is not backwards-compatible with Vuze plugins.
Q: What if I do have access to the tracker, but want to leech the torrent without it knowing?
A: Load the torrent in the DHT-Patch mod from the Expansion leecher pack. Before adding it, click Advanced, and clear the tracker URL while keeping DHT and PEX enabled:
Click OK, then add the torrent. If there are other DHT-patched clients in the swarm, you'll eventually find them and begin the transfer. This works wonders on TL's popular torrents, for example, but won't on smaller trackers or swarms.
Please post feedback! :top: