| Despite over a year for site administrators to deal with the exploit, tools for falsely increasing ratios at private BitTorrent sites are becoming increasingly easy to use. Tools for exploiting the weak system used by private BitTorrent trackers to monitor user ratios are becoming increasingly user-friendly and available. Despite being a widely publicised problem for nearly a year, there are still no obvious solutions. The exploit was first publicly highlighted in September last year, at Xyflar. RatioMaster, who develops cheating software, explained to Zeropaid. “Private trackers keep statistics about how much you’re uploading and downloading. Those stats reported by each client. There are many ways to report wrong statistics.” (CLICK ON IMAGE TO ENLARGE)  Private BitTorrent trackers rely on individual clients for information on how much the client has uploaded. Due to the decentralised nature of a BitTorrent swarm, trackers are unable to monitor the actual uploaded and downloaded data, so have to rely on the each client being honest. By interrupting messages to the tracker, cheaters can change the reported upload and download statistics. Xyflar explained how to exploit this weakness last year. By using freely available software, the site demonstrated how to increase the amount of uploaded data reported, hence giving a better ratio. Despite being reported by major technology and file sharing websites, the exploit’s publication did not cause the predicted flood of leechers. Arguably this is because the exploit requires unfamiliar software and lots of time to execute. Each time a user wants to fake their upload, they must “catch” and then edit a packet sent to the tracker. Falsify the upload by too much, and anti-leeching scripts will catch the exploiter. Falsify by too little and the exploiter would need to catch and edit too many packets to make the exploit feasible. This process has been automated by groups of cheaters, mostly in small communities who require a minimum number of forum posts to access the files. Steadily these cheats are becoming more readily available from a new wave of developers. Theoretically, since the exploit does not require any abnormal code to be sent to trackers, the exploit is virtually impossible to detect. Seba14 develops freely available hacked versions of uTorrent to help people with slow or restricted upload. Using his software is no different to using the standard version of uTorrent, making it shockingly easy to use. The software cheats by multiplying any upload by a factor of ten. He told Zeropaid, “If you use leecher mods carefully, the admin's of tracker sites have no chance to detect you at this time, because the tracker scripts don't know if the sending data of mods is real or fake, they see only a number.” Another developer called RatioMaster creates ratio cheating software of the same name. Unlike the uTorrent hack by Seba14, his software is free standing and does not actually download or upload any data. Instead, a randomized speed within user defined parameters is reported to the tracker. RatioMaster automatically cuts off if the number of leechers on the torrent falls below a given figure. RatioMaster is more cautious than Seba14 about the possibility of being caught. “Some trackers have some anti-cheating scripts, which work on some cases of particularly suspicious reporting, like for example someone uploading too many too fast. If an anti-cheating script is good, I believe it can catch 90% of cheaters,” he told Zeropaid, before conceding, “Most of the time they ban people who don’t even cheat.” Zeropaid tested both pieces of software at Torrentleech.org, Ilovetorrents.com, Filelist.org, Bitsoup.org and Oink. RatioMaster was set to spoof as Azureus. All testing was done at semi-realistic upload speeds. Despite reaching a ratio of nearly 15 on some sites, the only ban came from Oink. This came after RatioMaster was left running for a long period of time, without the minimum leech safety catch enabled. “It's impossible for all users to have ratio above 1. In reality 99% of users can barely stay above 0.5 by seeding 24/7,” said RatioMaster. “Good tracker scripts can calculate the average upload speed between the tracker updates and so find ‘heavy’ cheating. Scripts exist which show the admin which users have an upload speed more than specifically value,” Seba14 explained. “So the admin can ask the user, ‘what's your connection?’, if the user lies, then the admin can do nothing.” Feelings about the availability of this software run strong, as people feel that any leeching is anti-P2P. In an extreme case, one post on the RatioMaster forums compares the developers to child molesters. However, Seba14 is defensive of releasing his software publicly. “Because the mods on my blog are free for all, the tracker administrators can test them and search for a way to detect them. Maybe they will find something,” he said. RatioMaster agrees that increased availability of the software will lead to more solutions. “Some of the private trackers will employ anti-cheating measures that will catch most cheaters, it’s not that hard,” he justified. However, no adequate solutions to stop people leeching have been implemented yet, despite the exploit being publicly known for nearly a year now. Since the exploit relies on standard protocol code, the only solution may be to change the BitTorrent protocol to force clients to inform the tracker how much it has downloaded from each peer. Although the large private tracker sites could easily afford this, for many bandwidth is at a premium. Furthermore, that would leave users vulnerable to hacks developed to deliberately get other users banned. “The only way to protect private trackers is by banning all clients which have modifications. Another way is the programming of an own client for each tracker,” Seba14 suggests. However, many sites already ban a long list of clients and are reluctant to ban popular clients like Azureus and uTorrent. RatioMaster feels that stopping leeching is the wrong focus. Administrators should instead focus on encouraging seeding. “Tools like mine and other cheating utilities and modifications will hopefully make torrent trackers consider applying things that encourage people to share,” he rationalized. “Lately torrent sites that really care about users more than about money have started to apply mods that encourage actual sharing. Like a mod that improves your ratio regardless of how much you upload, just by seeding (even if nobody leeching from you), so it encourage people to seed. Otherwise you can seed for days, but if nobody is downloading from you, your ratio will be the same.” In the short term it does not look like there is going to be the doomsday scenario of leechers flooding and destroying private trackers. Like the rest of file sharing, the site owners will need to rely on good human nature for the sharing. Zeropaid spoke to a contact close to the administrators of large private trackers, but the administrators refused comment. ***Special thanks to Michael IngramDigg It!! |
|
members that voted for this story
|
But there is ALSO a part that is true about downloadinga file...and then trying to upload it back....but because it may not be a very popular one...you may have a hard time doing it EVEN if you leave your client on for days. This causes your upload to suffer and your ratio goes down...even thouygh you are trying to upload it back!
I think what needs to be done, is what the article said....encourage people to share by noticing how long they have had a torrent uploading rather than jumping on them because they may have downloaded a file that they can't easily be uploaded because nobody wants it.
It is because of this reason that I think the "BT ratio cheat" programs are taking off. I am NOT saying that it is right, but I am saying that if you have a torrent that you have downloaded and then tried to upload it back and left your computer on for days at a time trying to upload that same torrent and it only shows a very small amount uploaded back....it can get fustrating! Because you are TRYING to upload a file back that you took, but you are not able to force people to download your file...so your upload suffers and you are jumped on by the admins of some sites for not uploading!
There is more than just one side to this story. I do NOT condone using a cheat program of any kind with BT, but I also see the fustration it can bring when you try to give back a torrent you downloaded, but nobody wants it! It is one of the main reasons I stopped using BT as my main way of getting files. I now use Newgroups where I don't have to worry about uploading a certian amount just to download a file!
I only use BT for rare or special content I cannot get on newsgroups...but I make SURE that there is enough people that want it if I decide to download a file off of BT, because I know how much of a pain it is to try to upload something that you maight have wanted but is not a very popular file and it brings your ratio down.
Of course if I want REALLY rare files...and I don't mind waiting a few weeks to get it, then there is always the "mule".
Well, you know the logical answer to that, right? Don't use a static multiplier on the upload speed. Instead, the more rational thing to do is make the multiplier dynamically based on the current download speed and the desired ratio. You can even add a certain threshold of random jitter to the ratio, centered around a specified average to throw off the more sensitive heuristics. Oh yeah, and lying about your connection capacity is trivially easy. Cat & mouse, arms race, etc., etc...