Re: bittorent-discovery update

[Antonio de Curtis <decuant () gmail com>]

Hello,

I would like to amend my previous release of bittorent.lua and update the
github with this new release.

But I'm no more able to create a pull request for this file... I closed the
previous pull request.

During these days I have found that the shipped (main branch) release of
this file contains a number of errors, and I tried to fix these all, but I
know little of the protocol and lua syntax and the github...

+ .torrent file has to be read binary otherwise it will load partially and
the <parse_buffer> function will fail.
  it may be that the previous release was ok on Linux, but it's not the
case on Windows (0x0a 0x0d)
+ function [bdec_string] had to be rewritten for accuracy handling binary
data and for speed.
+ function [calc_info_hash] was poorly correct, now it is.
  in my tests 2 out of 1000 files fail and both were created by TorrentAid
1.0.0.0
+ functions to query HTTP and UDP now are working as expected and there is
better error handling.
+ function [load_trackers] is now correct and purges itselfs of duplicates
+ function [calc_torrent_size] is now correct

+ 2 counters for statistics <num_seeders> and <num_leeches>
+ 1 table of blacklisted trackers
+ function [load_blacklist] to load a blacklist table (just the address
list in a file...)
+ function [assoc_blist] to associate a pre-loaded blacklist (Read Once Use
Many)
+ function [trackers_peers] will not interrogate a blacklisted tracker

+ I have found an issue when correcting the HTTP protocol because file size
value may not fit in 4 bytes and the function [nselib.tohex] uses the
[string.format] which is not capable of handling -1 correctly. File size is
thus casted to 0xefffffff. trackers do respond correctly when I use this
casted size.

+ I have found on the internet a very powerful function to help myself
debugging using the log and not a debugger, it's called [hex_dump], this is
in the source file.
+ I learnt to control logging and I made use of the <nmap.verbosity>.

- I use a nse script of mine to recurse a directory and test every .torrent
file, but my code changes shall not break the current
[bittorrent-discovery.nse] script.
- I have done no testing on DHT because my script will not launch the
discovery.

I hope to have made clear the reasons for a such high number of code
modifications.

I will attach my own nse script just for you to have all the material I
used.

Kind regards

   Antonio de Curtis



2016-01-29 15:36 GMT+01:00 Antonio de Curtis <decuant () gmail com>:

> Hello,
>
> I've attached to this email a newly reviewed version of the bittorent.lua
> file.
>
> There's a problem with the existing code (in SVN) that a binary file (the
> .torrent) is read as text, so a portion of it is not loaded and consequent
> hash key calculation proves wrong.
>
> On some .torrent files of mine the hash key is still wrong. I have left
> the keys (and optional title) in comments, so if anybody wants to double
> check why the code is failing just download the .torrent from the internet
> with the hash key I left.
>
> I'm not expert enough on controlling verbosity in my code. I put -v1 on
> the command line and still nselib.verbosity() gives me 3.
>
> Thanks for any reply
>
>
> --
> *Antonio de Curtis*


-- 
*Antonio de Curtis*

Attachment: bittorrent.lua
Description:

Attachment: bittorrent-report.nse
Description:

_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/