Despite over a year for site administrators to deal with the exploit, tools for falsely increasing ratios at private BitTorrent sites are becoming increasingly easy to use.
Tools for exploiting the weak system used by private BitTorrent trackers to monitor user ratios are becoming increasingly user-friendly and available. Despite being a widely publicised problem for nearly a year, there are still no obvious solutions.
The exploit was first publicly highlighted in September last year, at Xyflar.
RatioMaster, who develops cheating software, explained to Zeropaid. “Private trackers keep statistics about how much you’re uploading and downloading. Those stats reported by each client. There are many ways to report wrong statistics.”
(CLICK ON IMAGE TO ENLARGE)
Private BitTorrent trackers rely on individual clients for information on how much the client has uploaded. Due to the decentralised nature of a BitTorrent swarm, trackers are unable to monitor the actual uploaded and downloaded data, so have to rely on the each client being honest.
By interrupting messages to the tracker, cheaters can change the reported upload and download statistics.
Xyflar explained how to exploit this weakness last year. By using freely available software, the site demonstrated how to increase the amount of uploaded data reported, hence giving a better ratio.
Despite being reported by major technology and file sharing websites, the exploit’s publication did not cause the predicted flood of leechers. Arguably this is because the exploit requires unfamiliar software and lots of time to execute. Each time a user wants to fake their upload, they must “catch” and then edit a packet sent to the tracker. Falsify the upload by too much, and anti-leeching scripts will catch the exploiter. Falsify by too little and the exploiter would need to catch and edit too many packets to make the exploit feasible.
This process has been automated by groups of cheaters, mostly in small communities who require a minimum number of forum posts to access the files. Steadily these cheats are becoming more readily available from a new wave of developers.
Theoretically, since the exploit does not require any abnormal code to be sent to trackers, the exploit is virtually impossible to detect.
Seba14 develops freely available hacked versions of uTorrent to help people with slow or restricted upload. Using his software is no different to using the standard version of uTorrent, making it shockingly easy to use. The software cheats by multiplying any upload by a factor of ten. He told Zeropaid, “If you use leecher mods carefully, the admin’s of tracker sites have no chance to detect you at this time, because the tracker scripts don’t know if the sending data of mods is real or fake, they see only a number.”
Another developer called RatioMaster creates ratio cheating software of the same name. Unlike the uTorrent hack by Seba14, his software is free standing and does not actually download or upload any data. Instead, a randomized speed within user defined parameters is reported to the tracker. RatioMaster automatically cuts off if the number of leechers on the torrent falls below a given figure.
RatioMaster is more cautious than Seba14 about the possibility of being caught.
“Some trackers have some anti-cheating scripts, which work on some cases of particularly suspicious reporting, like for example someone uploading too many too fast. If an anti-cheating script is good, I believe it can catch 90% of cheaters,” he told Zeropaid, before conceding, “Most of the time they ban people who don’t even cheat.”
Zeropaid tested both pieces of software at Torrentleech.org, Ilovetorrents.com, Filelist.org, Bitsoup.org and Oink. RatioMaster was set to spoof as Azureus. All testing was done at semi-realistic upload speeds.
Despite reaching a ratio of nearly 15 on some sites, the only ban came from Oink. This came after RatioMaster was left running for a long period of time, without the minimum leech safety catch enabled.
“It’s impossible for all users to have ratio above 1. In reality 99% of users can barely stay above 0.5 by seeding 24/7,” said RatioMaster.
“Good tracker scripts can calculate the average upload speed between the tracker updates and so find ‘heavy’ cheating. Scripts exist which show the admin which users have an upload speed more than specifically value,” Seba14 explained. “So the admin can ask the user, ‘what’s your connection?’, if the user lies, then the admin can do nothing.”
Feelings about the availability of this software run strong, as people feel that any leeching is anti-P2P. In an extreme case, one post on the RatioMaster forums compares the developers to child molesters.
However, Seba14 is defensive of releasing his software publicly. “Because the mods on my blog are free for all, the tracker administrators can test them and search for a way to detect them. Maybe they will find something,” he said.
RatioMaster agrees that increased availability of the software will lead to more solutions. “Some of the private trackers will employ anti-cheating measures that will catch most cheaters, it’s not that hard,” he justified.
However, no adequate solutions to stop people leeching have been implemented yet, despite the exploit being publicly known for nearly a year now.
Since the exploit relies on standard protocol code, the only solution may be to change the BitTorrent protocol to force clients to inform the tracker how much it has downloaded from each peer. Although the large private tracker sites could easily afford this, for many bandwidth is at a premium. Furthermore, that would leave users vulnerable to hacks developed to deliberately get other users banned.
“The only way to protect private trackers is by banning all clients which have modifications. Another way is the programming of an own client for each tracker,” Seba14 suggests. However, many sites already ban a long list of clients and are reluctant to ban popular clients like Azureus and uTorrent.
RatioMaster feels that stopping leeching is the wrong focus. Administrators should instead focus on encouraging seeding.
“Tools like mine and other cheating utilities and modifications will hopefully make torrent trackers consider applying things that encourage people to share,” he rationalized. “Lately torrent sites that really care about users more than about money have started to apply mods that encourage actual sharing. Like a mod that improves your ratio regardless of how much you upload, just by seeding (even if nobody leeching from you), so it encourage people to seed. Otherwise you can seed for days, but if nobody is downloading from you, your ratio will be the same.”
In the short term it does not look like there is going to be the doomsday scenario of leechers flooding and destroying private trackers. Like the rest of file sharing, the site owners will need to rely on good human nature for the sharing.
Zeropaid spoke to a contact close to the administrators of large private trackers, but the administrators refused comment.
***Special thanks to Michael Ingram
Related Posts
- Bram Cohen: Private Sites to Blame for Ratio Cheating.
- Is BitTorrent share-ratio enforcement really necessary?
- uTorrent exploit revealed
- Official Noob Guide for getting into Private BitTorrent Trackers
- BSA: $1 Billion in Software Illegally Shared on BitTorrent
Loading ...
SoulXTC did you do the “testing”? LMAO! This are great programs for those “private” sites. Its good to see MI involved with ZP again.
great stuff !!!!!
Let’s just say the part about OINK is dead on!
Yeah but wait til you see 10 seeders and and two leechers.. You jump on it and your speed is actually 5-15kbs on a dvd5.. That kind of shit will piss you off. If you dont want to share dont join the site. Simple as that. Leech on torrentspy and where your not required to seed anything. This kind of garbage will make any community a poor one.
Another thing is Mel smiley is against sharing or being apart of a private site. And why would he want to increase his upload ratio?? He is afraid already that he would get busted or they would go for the big uploaders. I may make my own torrent on the public sites use ratio master to seed or to send info to the tracker. .And piss off a large scale of morons when they dont download 1meg.
ich freue mich schon auf das programm
Well to me if you don’t want to seed then DON’T use torrents…get yourself a good Newsgroup provider and leech away. I sometimes use torrents but I always try to keep my ratio at 1 to 1 or as close as I can get.
But there is ALSO a part that is true about downloadinga file…and then trying to upload it back….but because it may not be a very popular one…you may have a hard time doing it EVEN if you leave your client on for days. This causes your upload to suffer and your ratio goes down…even thouygh you are trying to upload it back!
I think what needs to be done is what the article said….encourage people to share by noticing how long they have had a torrent uploading rather than jumping on them because they may have downloaded a file that they can’t easily be uploaded because nobody wants it.
It is because of this reason that I think the “BT ratio cheat” programs are taking off. I am NOT saying that it is right but I am saying that if you have a torrent that you have downloaded and then tried to upload it back and left your computer on for days at a time trying to upload that same torrent and it only shows a very small amount uploaded back….it can get fustrating! Because you are TRYING to upload a file back that you took but you are not able to force people to download your file…so your upload suffers and you are jumped on by the admins of some sites for not uploading!
There is more than just one side to this story. I do NOT condone using a cheat program of any kind with BT but I also see the fustration it can bring when you try to give back a torrent you downloaded but nobody wants it! It is one of the main reasons I stopped using BT as my main way of getting files. I now use Newgroups where I don’t have to worry about uploading a certian amount just to download a file!
I only use BT for rare or special content I cannot get on newsgroups…but I make SURE that there is enough people that want it if I decide to download a file off of BT because I know how much of a pain it is to try to upload something that you maight have wanted but is not a very popular file and it brings your ratio down.
Of course if I want REALLY rare files…and I don’t mind waiting a few weeks to get it then there is always the “mule”.
Amen Meyou123. BiteMeTV is the worst with this sort of thing in that many times people just dont want to download stuff as much as others. A friend of mine grabbed a 1.3GB season 1 show and even after seeding for like 3WEEKS couldnt get it past a 0.4 ratio. There ought to be a way to give credit for how long people seed stuff as well like 50% quantity of UL 50% length of UL.
i love seba14
“Good tracker scripts can calculate the average upload speed between the tracker updates and so find ‘heavy’ cheating.”
Well you know the logical answer to that right? Don’t use a static multiplier on the upload speed. Instead the more rational thing to do is make the multiplier dynamically based on the current download speed and the desired ratio. You can even add a certain threshold of random jitter to the ratio centered around a specified average to throw off the more sensitive heuristics. Oh yeah and lying about your connection capacity is trivially easy. Cat & mouse arms race etc. etc…
lol share it rather than cheat it. The thing you said is correct, i seed all the files i download fo almost 20 hours a day but my ratio is still .489
For me, I have dialup, so I get **2 kiloBits** per second as my normal download speed, not to mention upload speed.
I only get a high connection in public places, so (since I am not going to clog up my phone 24/7 with dialup just to torrent) I can only torrent a few hours per week. Slow download speeds are annoying enough, but what’s really frustrating is that most of the files I get either have enough seeds that I don’t get to upload anything enough to affect my ratio, or has no leechers at all.
I do not believe I am “leeching” when no one actually wants the file I download. I’ve left my dialup on and utorrent on overnight and the total amount uploaded usually does not exceed 100 kb.
So unlike the average person, I can’t get my ratio over 0.2 just because there are no friggin leechers!! Who’s the leech now?
You are, just keep seeding. What’s the problem with seeding a torrent long term (years not months)? Even if you have a crappy upload speed, you are still keeping that torrent alive by seeding it, eventually someone else will finish, and help you seed.