+ Reply to Thread
Results 1 to 12 of 12

Thread: Once upon a time, there was a war...

  1. #1
    Moderator anon's Avatar
    Join Date
    01.02.08
    Posts
    39,385
    Activity Longevity
    11/20 19/20
    Today Posts
    4/5 ssss39385

    Once upon a time, there was a war...

    ...more specifically, an all-out fire and brimstone war, in which this place was wrecked, and burned to the ground.







    You make your own decisions from here. (Me, I decided mildlyincoherent/Voltaire is a bit silly.)

    On a sidenote, I don't understand why Moofdev is brought up so much. As the home of the original RatioMaster, it undeniably had significance in the community. However, the forums were pretty inactive outside of new version announcements and client file requests. There were very few "how to cheat on -tracker-" or "how to use RM correctly" threads. I joined on early 2009 when the program started getting updates after a long hiatus, and until the day the forum became non-functional (with the entire site eventually disappearing), I'd only made a few hundred posts - most of them to share emulations, bug reports or feature suggestions. I do recall OiNK's sysop was registered and had been fairly active before getting raided.

    Anyway, if by any chance you're reading this, greetings fly out to RatioMaster (the person), Helld0t, BigHead and Zeebo And SealLion, another esteemed friend of mine who was registered there under a different name.
    "I just remembered something that happened a long time ago."
    Reply With QuoteReply With Quote
    Thanks

  2. Who Said Thanks:

    mmmmm (08.03.22) , moonlite (14.02.21) , JohnareyouOK (14.02.21) , sigduwksnsksis9283 (14.02.21)

  3. #2
    Moderator anon's Avatar
    Join Date
    01.02.08
    Posts
    39,385
    Activity Longevity
    11/20 19/20
    Today Posts
    4/5 ssss39385
    Bonus tracks.







    ScT couldn't detect anything if you didn't send malformed announces. I used 50 MB/s there, guilt-free, as the place was seedboxland. Worked until the day they shut down.
    "I just remembered something that happened a long time ago."
    Reply With QuoteReply With Quote
    Thanks

  4. Who Said Thanks:

    moonlite (14.02.21) , JohnareyouOK (14.02.21) , sigduwksnsksis9283 (14.02.21)

  5. #3
    JohnareyouOK's Avatar
    Join Date
    31.01.19
    Location
    Earth
    P2P Client
    BiglyBT
    Posts
    254
    Activity Longevity
    0/20 6/20
    Today Posts
    0/5 ssssss254
    almost all of them have some very specific "tells" that are possible to spot
    I don't believe cheating proxy modes (real client + proxy layer to give upload buffs by only touching the "uploaded" in packet and nothing else) have "tells" that can be spotted, esp if we only choose hot swarm to cheat on and randomize behavior (some torrents cheat, some don't, some times cheat, some don't, sometimes cheat more, sometimes less etc) while maintaining restraint, not letting the total traffic of the torrents (and every single announce ofc) drift too much to avoid exposure at statistical level, then I can't see any possibility to be spotted theoretically and technically.

    It's not about whether tracker's detection script is good or bad, but rather peer as black box, most (if not all) the features exposed to the outer are already same as real peers, all that remains is the statistical level of detection means (which is more cheater's concern and issue, not tool's).
    Reply With QuoteReply With Quote
    Thanks

  6. #4
    Member illusive's Avatar
    Join Date
    24.10.10
    P2P Client
    What ?! That's Private!
    Posts
    505
    Activity Longevity
    3/20 16/20
    Today Posts
    0/5 ssssss505
    Quote Originally Posted by anon View Post
    You make your own decisions from here. (Me, I decided mildlyincoherent/Voltaire is a bit silly.).
    He is not wrong you know. SB-I being this inactive, hell, even FST and many other forums that allow trading (torrentinvites.org being the exception at the moment) are on hold from activity is very obvious. Many cheaters caught and/or not cheating anymore based on the fact that these trackers doesn't disable users as much as before (getting steady solid users there) plus not many downloads and activity around here in SB-I.

    Personally I cheat all day downloading stuff I got no time to seed them back or no peers to gain some upload on and I wont keep the download forever to seed it and wast storage space which is not affordable to me in anyway. But that's just me.

    What's interesting is, how the hell he's so sure about having the source code of mR/RM/ShuMod...etc !!!!!!!!!!!!!!!!!!!
    Reply With QuoteReply With Quote
    Thanks

  7. #5
    Moderator anon's Avatar
    Join Date
    01.02.08
    Posts
    39,385
    Activity Longevity
    11/20 19/20
    Today Posts
    4/5 ssss39385
    Quote Originally Posted by JohnareyouOK View Post
    I don't believe cheating proxy modes (real client + proxy layer to give upload buffs by only touching the "uploaded" in packet and nothing else) have "tells" that can be spotted
    • Traffic reporting
      • The uploaded, downloaded and left values can be a multiple of 1, 16384 or the torrent's piece size in bytes.
      • Each value can be rounded in any of those three different ways. To handle this accurately, the proxy must detect the client and know its "rules" in advance.
      • It's impossible for a proxy tool to know the piece size (or torrent's total size for that matter).

    • Data sanitization
      • Your replacement values can only be standard representations of positive base 10 integers or zero. Negatives, decimal places, scientific notation and padding zeros are all invalid. Careful with large numbers and integer overflows!
      • How does your proxy deal with invalid, malformed or non-standard requests and responses? (This is huge; I strongly recommend reading https://noxxi.de/research/http-evader.html and researching what "HTTP request smuggling" is.)
      • User parameters must be sanitized so that people can't input negative multipliers, incorrect decimal/thousands separators, or simply stuff like "bebebe" and have it interpreted as a number.

    • HTTPS
      • Handling HTTPS trackers means you must perform a MITM attack with a local root certificate.
        • And deal with things like expired, mismatched or revoked certificates, lack of protocol/cipher overlap and protocol extensions. Not a lot of room to show warnings or offer choices about this on a torrent client either.
        • And the TLS fingerprint will differ from the original client's.
      • Not handling HTTPS means secure trackers won't work at all with your proxy. Announces can still be relayed via the CONNECT method, but not read or altered in any way.

    • Miscellany
      • How does your proxy deal with 100 connections? 1,000? 10,000? What are the limits? What happens when they are reached?
      • How does it deal with timeouts? Connection resets? Redirects? Cloudflare warnings?
      • Depending on how your program works, the TTL of TCP/IP packets reaching the tracker may be off by 1.
      • If you want to implement anything more complex than a stateless multiplier or "no report" feature, you have to do session tracking. Which would double this list's length.
      • Last but not least, 1. very little of this is obvious at first, 2. I'm probably forgetting even more things.

    The safest way to cheat is taking an existing client and adding cheating features to it. Writing a tool or addon is highly challenging because there are many variables to consider, and all of them must match the client(s) you emulate or interface with. It took many years of bug reports and fixes and many banned accounts for the original RatioMaster and mRatio to get to a point where their emulated behavior is consistent and safe. This also occurred with Extreme Mod's spoof feature; after we began pretending to be a different client, we couldn't rely on the underlying Vuze/BiglyBT to do everything right anymore, because the other programs do that everything in different ways. I'm not aware of any serious detection vectors in mRatio (RM 1.9.2 does have some), but as I said, this is a very complicated task. It's definitely possible tracker staff spent many hours reverse-engineering it and found something I'm not aware of. In other words, as I once wrote...

    Quote Originally Posted by anon View Post
    Modding a client is better because you only have to focus on adding cheating features. Everything else is already taken care of for you. Things are easier (although not necessarily easy) and there's less room for errors. Compare that against writing a ratio tool and having to add all base functionality yourself, then account for every possible error scenario and every quirk in every client that's emulated. I actually attempted to create my own tool back on 2010, and gave up halfway through because of this... although I did get it to correctly emulate uTorrent 1.8.5 and send announces to the tracker, making it theoretically usable, so yay me

    Anyway, the downside is that you're locked in to the client you chose and must accept its base functionality, OS support, tracker whitelist status and so on. (The question "can I use Extreme Mod in uTorrent?" and its answer "no, you can't" have been thrown around a few dozen times since I joined this forum.)
    The exact same problem of "tells" is also faced by Tor's pluggable transports. They attempt to imitate popular and harmless protocols to disguise usage, but do so superficially, and as a result it's easy for an active or even passive adversary to know what's going on. Interestingly enough, considering the context of this conversation, there was a proposal for a pluggable transport that connected with an actual BitTorrent client and encapsulated Tor traffic in data transfers and piece requests, with an "accomplice" peer on the other side. Not sure what became of it, but the idea was solid: the fact a real client was used made everything look and react legitimately (and as a bonus, P2P data is usually discarded by global surveillance programs due to its high volume and low intelligence value).
    "I just remembered something that happened a long time ago."
    Reply With QuoteReply With Quote
    Thanks

  8. Who Said Thanks:

    JohnareyouOK (16.02.21)

  9. #6
    Moderator anon's Avatar
    Join Date
    01.02.08
    Posts
    39,385
    Activity Longevity
    11/20 19/20
    Today Posts
    4/5 ssss39385
    Quote Originally Posted by illusive View Post
    He is not wrong you know. SB-I being this inactive, hell, even FST and many other forums that allow trading (torrentinvites.org being the exception at the moment) are on hold from activity is very obvious. Many cheaters caught and/or not cheating anymore based on the fact that these trackers doesn't disable users as much as before (getting steady solid users there) plus not many downloads and activity around here in SB-I.
    I'm not saying he's wrong about that. The decreased activity in this forum, compared to pre-2012 and especially 2009 levels, is an undeniable fact I have acknowledged many times, as recently as some days ago. (On a sidenote, one of the reasons for it is that to a significant extent, things are already "said and done". Our mods and tools are developed and solid, there are tutorials about most important matters, cheating threads for all major trackers, and the search engine lets you locate all of it with little effort. For an average user, there's not a lot to talk about, as you can quickly find your way to the programs and information you seek.)

    What I am criticizing is the consistently arrogant and self-aggrandizing tone and language in the comments I quoted. It's obvious this guy has the need to establish there was a huge conflict in which he absolutely crushed his opposition, when ultimately, he's someone on a small and inconsequential movie piracy site who may or may not have taken action against an even smaller and more inconsequential discussion forum. You would think that if there had been a "fire and brimstone" "war" in which this place was "burned to the ground", we would have... noticed at all. Or to put it differently: if I said I single-handedly devastated PTP and that's why they became recruitment-only, I'd be displaying the same amounts of credibility and evidence. Compare against the posts in https://www.sb-innovation.de/showthread.php?t=21832 where other staff members at PTP, as well as What.cd and BCG, address this same topic and express many of the same opinions but in a completely more mature, elaborate and level-headed manner.

    Nonetheless, I am genuinely curious to know what they exactly did to warrant such strong terminology, although I don't expect to ever get an answer. I actually engaged him on Reddit during the most recent mention of this "war" I can recall (mid-2019) and received no response.

    As for FST, there are several factors there. Firstly, 2011 onwards saw a move towards de-emphasizing tracker rarity levels, as well as banning users who were known to sell invites or accounts on other sites, the latter of which had a strong chilling effect as 90% or more of traders were doing exactly that. Various dramas inside TTC, a hidden section more respected members had to be voted in, caused many of them to move on from the forum as a whole. The freedom of speech and largely unmoderated approach were always an asset of the place, as you didn't have to worry about having the "wrong" opinions, but this also allowed trolling to flourish. 2013 started with a database crash wiping out everything posted in the previous six months, along with the silent killing of TTC and sudden move towards a donation scheme, as well as a few other minor controversies. To top it off, upper management was always detached from what was going on, taking unpopular decisions on their own and/or ignoring the advice of moderators and veteran members.

    Trading is alive and well on other forums that allow selling, because unfortunately both activities seem to go hand in hand.

    What's interesting is, how the hell he's so sure about having the source code of mR/RM/ShuMod...etc !!!!!!!!!!!!!!!!!!!
    The original RatioMaster was distributed as an unobfuscated .NET binary. It's easy to use a reflector on it to obtain valid source code, and that's exactly how NRPG, RatioBlaster and RatioMaster Plus 1.x came to be. Something similar happens with Extreme Mod: it's not obfuscated either (the very first releases on early 2009 being the only exception) and Java bytecode is trivial to decompile, leading to a tight reproduction of the original source minus comments. In fact, the tracker update interval divider fix was submitted by someone who wrote it based on decompiled code.

    Conversely, mRatio's executable is encrypted, and we haven't been able to break its protection yet. The248 never shared source code either, not even in private.
    "I just remembered something that happened a long time ago."
    Reply With QuoteReply With Quote
    Thanks

  10. Who Said Thanks:

    alpacino (14.09.21)

  11. #7
    JohnareyouOK's Avatar
    Join Date
    31.01.19
    Location
    Earth
    P2P Client
    BiglyBT
    Posts
    254
    Activity Longevity
    0/20 6/20
    Today Posts
    0/5 ssssss254
    Quote Originally Posted by anon View Post
    The safest way to cheat is taking an existing client and adding cheating features to it.
    Thank you for listing them. Is uT the only mainstream client in PT scene that has cheat mods? don't see qB, Tr, deluge, etc. having cheat mods.
    Reply With QuoteReply With Quote
    Thanks

  12. #8
    Moderator anon's Avatar
    Join Date
    01.02.08
    Posts
    39,385
    Activity Longevity
    11/20 19/20
    Today Posts
    4/5 ssss39385
    Look harder! All major clients besides qBittorrent and Deluge have had at least a few mods
    "I just remembered something that happened a long time ago."
    Reply With QuoteReply With Quote
    Thanks

  13. #9
    Moderator anon's Avatar
    Join Date
    01.02.08
    Posts
    39,385
    Activity Longevity
    11/20 19/20
    Today Posts
    4/5 ssss39385
    Quote Originally Posted by anon View Post
    Nonetheless, I am genuinely curious to know what they exactly did to warrant such strong terminology, although I don't expect to ever get an answer.
    I dug up a bit more and found something that resembles one. Apparently they'd been holding back the whole time before the war started.



    The PTP thread is dead, but has a lot of people talking about their bans(?).



    Some more laughs. Apparently a ratio proof of my 37.2 terapost buffer could land me an invite, I really regret deleting my Reddit account now









    "I just remembered something that happened a long time ago."
    Reply With QuoteReply With Quote
    Thanks

  14. #10

    Join Date
    03.07.20
    Location
    Micronesia
    Posts
    23
    Activity Longevity
    0/20 5/20
    Today Posts
    0/5 sssssss23
    It's silly to go after cheaters. It's not like they harm the site like the antipiracy goons do. Trading is also fine. It's the sellers that could create a problem but even that is debatable.

    No cheater/trader ever brought down these sites like SCT, oink,bitmetv, what.cd etc. These sites shut down because the cops came after them or the owners got bored and moved on.

    If the RIAA wants to come after you they will. Infact some irate banned user could go after these websites by reporting them to the RIAA etc. Which site admin ever withstood the cops? The only one I can think of are TPB but I think they had an army of lawyers or something similar. I think they did do some prison time iirc.
    Reply With QuoteReply With Quote
    Thanks

  15. Who Said Thanks:

    JohnareyouOK (05.09.21)

  16. #11
    Moderator anon's Avatar
    Join Date
    01.02.08
    Posts
    39,385
    Activity Longevity
    11/20 19/20
    Today Posts
    4/5 ssss39385
    I understand the act of looking for and banning cheating out of principle. But you need to ask yourself whether it's worth the efforts in this day and age, when 50 gigabit seedboxes are a thing, and the "damage" caused would be minimal in the first place. Also, over time connection speeds increased and trackers softened their ratio requirements considerably, which negates the need to cheat at all (and therefore the need to watch for such behavior). In fact, I think even RED doesn't really have a "hard" economy like most say, but that's because I remember when accounts started with zero upload, freeleech tokens didn't exist, ratio watch invariably kicked in at X GB downloaded, and if you didn't upload enough in time you got banned.

    I never saw the problem with trading in itself, and I suspect a lot of staff barely know why they ban it besides "it endangers site security" or "invites aren't meant to be used that way". Unfortunately, these days there's a lot of overlap between it and other activities which are decidedly much less harmless to trackers, like selling, account hacking and collecting. I define an honest trader as "someone who has invite to X, wants to swap it for Y, and will actually use and take care of the Y account", and haven't seen any of those in a long time.

    Quote Originally Posted by faltu View Post
    If the RIAA wants to come after you they will. Infact some irate banned user could go after these websites by reporting them to the RIAA etc. Which site admin ever withstood the cops? The only one I can think of are TPB but I think they had an army of lawyers or something similar. I think they did do some prison time iirc.
    Imagine the RIAA not knowing about RED and OPS In any case, combating Internet piracy can be a jurisdictional nightmare. Picture taking down a site hosted in Romania, operated by a South African, routed through a Ukrainian reverse proxy owned by a German company, with a domain from Spain and taking donations through an American payment processor. There's been a lot of willingness from law enforcement to work together in recent years, though.
    "I just remembered something that happened a long time ago."
    Reply With QuoteReply With Quote
    Thanks

  17. Who Said Thanks:

    JohnareyouOK (05.09.21)

  18. #12
    Moderator anon's Avatar
    Join Date
    01.02.08
    Posts
    39,385
    Activity Longevity
    11/20 19/20
    Today Posts
    4/5 ssss39385
    Quote Originally Posted by anon View Post
    I understand the act of looking for and banning cheating out of principle. But you need to ask yourself whether it's worth the efforts in this day and age, when 50 gigabit seedboxes are a thing, and the "damage" caused would be minimal in the first place. Also, over time connection speeds increased and trackers softened their ratio requirements considerably, which negates the need to cheat at all (and therefore the need to watch for such behavior).
    For example.

    Quote Originally Posted by freak_from_tT View Post
    well... to clarify this a bit up: we do have a cheater detection (i wont say which one for obvios reasons) we are just too lazy to hunt cheaters, its not worth the effort we have better things to do, like trying to improve the site and build a nice community. ofc i'm just speaking for me and pyc, but we also have a lot of mods and not all of them are cool with cheaters so it MIGHT be a bit risky.
    Quote Originally Posted by freak_from_tT View Post
    as i said - we dont care much of cheaters and we also dont try to scare them. who think he has to cheat should go on, but we cant avoid the one or another gets caught and then we have to ban / block him. its the standard procedure.
    "I just remembered something that happened a long time ago."
    Reply With QuoteReply With Quote
    Thanks

  19. Who Said Thanks:

    faltu (05.09.21)

+ Reply to Thread

Tags for this Thread

Posting Permissions

  • You may post new threads
  • You may post replies
  • You may not post attachments
  • You may not edit your posts
  •