Originally Posted by
anon
Just unpack the uTorrent executable, search the ANSI string "private" using your favorite hex-editor, and fill the first match with something else.
you tried this and worked?
From what I've searched, it didn't look that easy:
This patch is specific to the particular build of uTorrent it's applied to as the code - at least the locations of - changes in each build, and there are relative jumps in the patch.
But the approach I used to make the patch was to un-UPX utorrent, load it into IDA Pro and look for the strings "private" and "dht", then follow the cross-references back to the code that uses them. From there it was clear to see how the private flag worked; I used some spare space at the end of the code segment to add some extra code to move the bits, and the functions were patched to jump to that code and back again. If you disassemble the patched and unpatched exes side by side you can see how this works.
I'll try your way, if it doesn't work, i'll see how far i can go with the other guy's method
btw, this was what you had to change for the old uTorrent 1.8.2
Code:
uTorrent 1.8.2 build 15167 with DHT patch
This patched copy of uTorrent removes the restrictions on torrents marked as
private, allowing uTorrent to use DHT, Peer Exchange and Local Peer Discovery
to look for new peers when it is normally not allowed.
How it works
------------
In its internal data structures, uTorrent uses four bits in one byte of data
per torrent to record these settings.
bit # 7 6 5 4 3 2 1 0
\ | | / | | | |
not used | | | DHT enabled (default: 1)
(set to 0) | | |
| | private torrent
| |
| Peer Exchange enabled (default: 1)
|
Local Peer Discovery enabled (default: 1)
When a torrent file is added, uTorrent checks the "info" section for an
integer value named "private". If it's set to 1, it marks the private torrent
bit in the byte shown above, which forces the other information in this byte
to be ignored.
This byte is also saved in the resume.dat file (a bencoded file that uTorrent
uses to save its state) as an integer value named "dht".
The patch works by storing the private torrent flag in bit 7 instead of bit 1
so that all the code in uTorrent that checks bit 1 to determine if this is a
private torrent will always find that it isn't. However, it writes the "dht"
value out to the resume.dat normally, so if you start an unpatched copy of
uTorrent your private torrents will still be private.
The extra code to do this is placed at the end of the .text segment and its
virtual size increased accordingly.
Reproducing the patch
---------------------
Here are the steps required to apply the patch; you will need UPX version 3.03
and a hex editor:
1. Decompress the uTorrent.exe file using the following command:
upx -d uTorrent.exe
2. Open the uTorrent.exe file in a hex editor and change the following:
position old bytes new bytes
-------- ------------------------ ------------------------
200 BC E8
530B 50 68 0C CB 45 00 E9 AC 5F 05 00 90
8574 02 80
BCEC 8A 4E 41 80 E1 F7 E9 E0 F5 04 00 90
5B2BC 00 00 00 00 00 00 00 00 8B C8 80 E1 80 C1 E9 06
00 00 00 00 00 00 00 00 0B C1 50 68 0C BB 45 00
00 00 00 00 00 00 00 00 E9 3F A0 FA FF 8B C8 80
00 00 00 00 00 00 00 00 E1 02 C0 E9 06 24 FD 0B
00 00 00 00 00 00 00 00 C1 8A 4E 41 80 E1 0A E9
00 00 00 00 09 0A FB FF
3. The digital signature is now invalid. Remove it from the file by deleting
everything after position 8F000.
4. Recompress the file using this command:
upx --ultra-brute uTorrent.exe
5. This will produce a file of size 267264 bytes. The patch is now complete
and should be identical to the file in this torrent.
Bookmarks