24 July 2007

uTorrent 1.7.2 secure Mod

µTorrent 1.7.2 without Multicast IP and call homes

- Multicast disabled and IP removed
- BitTorrent Search Backlink anonymized
- update check server disabled and url removed
- related urls anonimized or removed

µTorrent 1.7.1 without Multicast IP and call homes
same changes as above

Hexdump as text file with change log before/after is in the downloads include and instruction how to do.

This are no Leecher mod changes!!!



Emulation Builds:

µTorrent 1.7.1 send id from µTorrent 1.6.1, you are shown you use Version 1.6.1
µTorrent 1.7.2 with emulation µTorrent 1.6.1, you are shown you use Version 1.6.1

it indicated version 1.6.1 is used


Downloads + Mirrors:

Step 1 (unpack uTorrent)
Original µtorrent 1.7.2 Build 3458 (213 KB) -> using UPX -d filename.exe (Decompress see upx -?) => utorrent-1.7.2-build-3458-unpacked.exe (464 KB)

Step2 (make the changes with any Hexeditor)
Open the unpacked uTorrent.exe with a hexeditor and search for:
239.192.152.143:6771

Looks like:
04B100  32 2E 31 00  00 00 00 00  42 54 2D 53  45 41 52 43  2.1.....BT-SEARC
04B110 48 20 2A 20 48 54 54 50 2F 31 2E 31 0D 0A 48 6F H * HTTP/1.1..Ho
04B120 73 74 3A 20 32 33 39 2E 31 39 32 2E 31 35 32 2E st: 239.192.152.
04B130 31 34 33 3A 36 37 37 31 0D 0A 50 6F 72 74 3A 20 143:6771..Port:
04B140 25 64 0D 0A 49 6E 66 6F 68 61 73 68 3A 20 25 73 %d..Infohash: %s
04B150 0D 0A 0D 0A 0D 0A 00 00 30 2E 30 2E 30 2E 30 00 ........0.0.0.0.
04B160 32 33 39 2E 31 39 32 2E 31 35 32 2E 31 34 33 00 239.192.152.143.
04B170 69 6E 66 6F 68 61 73 68 3A 00 00 00 70 6F 72 74 infohash:...port
a little bit below:

04B940 53 00 65 00 6E 00 64 00 20 00 55 00 6E 00 63 00 S.e.n.d. .U.n.c.
04B950 68 00 6F 00 6B 00 65 00 00 00 00 00 53 00 65 00 h.o.k.e.....S.e.
04B960 6E 00 64 00 20 00 43 00 68 00 6F 00 6B 00 65 00 n.d. .C.h.o.k.e.
04B970 00 00 00 00 31 32 37 2E 30 2E 30 2E 30 00 00 00 ....127.0.0.0...
04B980 31 37 32 2E 31 36 2E 30 2E 30 00 00 31 36 39 2E 172.16.0.0..169.
04B990 32 35 34 2E 30 2E 30 00 31 39 32 2E 31 36 38 2E 254.0.0.192.168.
04B9A0 30 2E 30 00 31 30 2E 30 2E 30 2E 30 00 00 00 00 0.0.10.0.0.0....
and
04D210  75 00 54 00  6F 00 72 00  72 00 65 00  6E 00 74 00  u.T.o.r.r.e.n.t.
04D220 00 00 00 00 00 00 00 00 4D 2D 53 45 41 52 43 48 ........M-SEARCH
04D230 20 2A 20 48 54 54 50 2F 31 2E 31 0D 0A 48 4F 53 * HTTP/1.1..HOS
04D240 54 3A 20 32 33 39 2E 32 35 35 2E 32 35 35 2E 32 T: 239.255.255.2
04D250 35 30 3A 31 39 30 30 0D 0A 53 54 3A 75 70 6E 70 50:1900..ST:upnp
04D260 3A 72 6F 6F 74 64 65 76 69 63 65 0D 0A 4D 41 4E :rootdevice..MAN
04D270 3A 22 73 73 64 70 3A 64 69 73 63 6F 76 65 72 22 :"ssdp:discover"
following later
04D500  6A 00 6F 00  69 00 6E 00  20 00 6D 00  75 00 6C 00  j.o.i.n. .m.u.l.
04D510 74 00 69 00 63 00 61 00 73 00 74 00 20 00 67 00 t.i.c.a.s.t. .g.
04D520 72 00 6F 00 75 00 70 00 3B 00 20 00 45 00 72 00 r.o.u.p.;. .E.r.
04D530 72 00 6F 00 72 00 20 00 63 00 6F 00 64 00 65 00 r.o.r. .c.o.d.e.
04D540 3A 00 30 00 78 00 25 00 58 00 00 00 32 33 39 2E :.0.x.%.X...239.
04D550 32 35 35 2E 32 35 35 2E 32 35 30 00 00 00 00 00 255.255.250.....
The connection to Auto Update Server

0532F0 68 74 74 70 3A 2F 2F 75 70 64 61 74 65 2E 75 74 http://update.ut
053300 6F 72 72 65 6E 74 2E 63 6F 6D 2F 63 68 65 63 6B orrent.com/check
053310 75 70 64 61 74 65 2E 70 68 70 3F 76 3D 25 64 26 update.php?v=%d&
053320 71 76 3D 25 64 26 6C 76 3D 25 64 5F 25 64 5F 25 qv=%d&lv=%d_%d_%
053330 55 26 69 3D 25 64 26 6C 3D 25 55 26 63 3D 25 55 U&i=%d&l=%U&c=%U
053340 26 77 3D 25 58 26 68 3D 25 73 26 6B 3D 25 55 00 &w=%X&h=%s&k=%U.
053350 00 00 11 00 22 00 33 00 44 00 55 00 66 00 77 00 ....".3.D.U.f.w.


uTorrent Toolbar Default redirect Server:
056530  32 00 00 00  54 00 6F 00  6F 00 6C 00  62 00 61 00  2...T.o.o.l.b.a.
056540 72 00 57 00 69 00 6E 00 64 00 6F 00 77 00 33 00 r.W.i.n.d.o.w.3.
056550 32 00 00 00 68 74 74 70 3A 2F 2F 73 65 61 72 63 2...http://searc
056560 68 2E 75 74 6F 72 72 65 6E 74 2E 63 6F 6D 2F 73 h.utorrent.com/s
056570 65 61 72 63 68 2E 70 68 70 3F 71 3D 25 55 26 65 earch.php?q=%U&e
056580 3D 25 55 26 75 3D 31 00 25 73 25 73 00 00 00 00 =%U&u=1.%s%s....
Manuel update Server:
056D40  20 00 00 00  68 74 74 70  3A 2F 2F 77  77 77 2E 75   ...http://www.u
056D50 74 6F 72 72 65 6E 74 2E 63 6F 6D 2F 64 6F 77 6E torrent.com/down
056D60 6C 6F 61 64 2E 70 68 70 00 00 00 00 6F 1D 44 00 load.php....o.D.

Speed Test Server URL's
056F90  38 6B 29 00  68 74 74 70  3A 2F 2F 77  77 77 2E 64  8k).http://www.d
056FA0 73 6C 72 65 70 6F 72 74 73 2E 63 6F 6D 2F 73 70 slreports.com/sp
056FB0 65 65 64 74 65 73 74 00 68 74 74 70 3A 2F 2F 77 eedtest.http://w
056FC0 77 77 2E 75 74 6F 72 72 65 6E 74 2E 63 6F 6D 2F ww.utorrent.com/
056FD0 74 65 73 74 70 6F 72 74 2E 70 68 70 3F 70 6F 72 testport.php?por
056FE0 74 3D 25 64 00 00 00 00 63 72 42 00 8B 92 42 00 t=%d....crB.ïÆB.

Finally "Seba's 14 Joke "About" Dialog place:
05AB60  00 00 00 00  00 00 F0 BF  A9 32 30 30  37 20 42 69  ......=+¬2007 Bi
05AB70 74 54 6F 72 72 65 6E 74 2C 20 49 6E 63 2E 0D 0A tTorrent, Inc...
05AB80 41 6C 6C 20 52 69 67 68 74 73 20 52 65 73 65 72 All Rights Reser
05AB90 76 65 64 2E 0D 0A 0D 0A 54 68 61 6E 6B 73 20 66 ved.....Thanks f
05ABA0 6F 72 20 75 73 69 6E 67 20 74 68 69 73 20 46 52 or using this FR
05ABB0 45 45 20 70 72 6F 67 72 61 6D 2E 20 57 65 20 68 EE program. We h
05ABC0 6F 70 65 20 79 6F 75 20 6C 69 6B 65 20 69 74 2E ope you like it.
05ABD0 20 49 66 20 79 6F 75 20 70 61 69 64 20 66 6F 72 If you paid for
05ABE0 20 69 74 2C 20 67 65 74 20 61 20 72 65 66 75 6E it, get a refun
05ABF0 64 21 0D 0A 0D 0A 54 68 61 6E 6B 73 20 74 6F 20 d!....Thanks to
05AC00 6C 75 64 64 65 2C 20 53 65 72 67 65 20 50 61 71 ludde, Serge Paq
05AC10 75 65 74 2C 20 7A 79 67 72 6F 6E 2C 20 61 6E 64 uet, zygron, and
05AC20 20 46 69 72 6F 6E 20 66 6F 72 20 61 6C 6C 20 74 Firon for all t
05AC30 68 65 20 68 65 6C 70 2E 00 41 6C 6C 20 66 69 6C he help..All fil

After here are only Language var paramaters

You can Website urls and IP numbers simple overwrite with points . or empty space and save the edited utorrent.exe as well you can replace these urls and ip numbers of your choice just the lengh must match or should be smaller. To customize website urls (sort url generators such as tiny url) may make it possible to change all urls for example using http://www.anonym.to/?http://www.whateversite.com/index.php -> is http://tinyurl.com/ypgwrl. There are redirrection services without any time delay in redirect to a url (anonymize) call homes.

please be patient, we will complete this guide with more detail informations and solutions.

Another quick solution is to add the websites url's and IP numbers in the Windows HOSTS file:
in Windows\system32\drivers\etc\
edit HOSTS
and add lines with:

127.0.0.1 239.192.152.143
127.0.0.1 239.255.255.250
127.0.0.1 172.16.0.0
127.0.0.1 169.254.0.0
127.0.0.1 192.168.0.0
# 127.0.0.1 10.0.0.0

On the other hand, if uTorrent will do kinds of suspected methodes in the client, uTorrent.exe will be done with a custom made exeprotector to make it difficult or impossible for the most to ever see the content but the small filesize will be gone or a good File Dump Tool for example Mgd (Multi Generic Dumper v.1.1 (C) 2006 by Snow Panther [Unpacking Gods]) can do in a second a dump.

* Usage : MGD
* Commands : A - Dump a part of process memory
- Parameters : [dumpfile]
- Additions : -K, -M, -P, -Z

C - CoolDump's EXE unpack
- Parameters : [ ]
- Additions : -D, -K, -M, -P, -W, -Z

G - Generic EXE unpack
- Parameters : none
- Additions : -D, -H, -I, -K, -M, -P, -Z

T - Trace EXE unpack (not implemented)
- Parameters : []
- Additions : -D, -I, -K, -M, -P, -Z

? - Help

______________________________________________________________


µTorrent 1.7.1
µTorrent 1.7.1 - emu µT 1.6.1

µTorrent 1.7.2
µTorrent 1.7.2 - emu µT 1.6.1

waiting please link comming in an hour or two. There come some more mods cause the feature to discover local LAN/WAN can possible be in another uTorrent mod enabled using real internal IP

The instrucion guide how you can do the changes by self will be inculed the ready mods. They are unpacked so you can look into it. Mods no matter if eMule or any Bittorrent client done with a eXe Protector is no advice to use it ever, there can be something else inside what we don't know. uTorrent need to unpack only UPX, its a exe compressor/packer not protector and a Hexeditor to do the changes if you are unsure.

Testers work on the builds
before links to public!!!
Instructions how to spoof uT 1.7.x Versions with uT 1.6 follow.

Ultimate Packer for eXecutables
Copyright (C) 1996,1997,1998,1999,2000,2001,2002,2003,2004,2005,2006,2007
UPX 3.00 Markus Oberhumer, Laszlo Molnar & John Reiser Apr 27th 2007

Usage: upx [-123456789dlthVL] [-qvfk] [-o file] file..

Commands:
-1 compress faster -9 compress better
--best compress best (can be slow for big files)
-d decompress -l list compressed file
-t test compressed file -V display version number
-h give this help -L display software license

Options:
-q be quiet -v be verbose
-oFILE write output to 'FILE'
-f force compression of suspicious files
--no-color, --mono, --color, --no-progress change look

Compression tuning options:
--brute try all available compression methods & filters [slow]
--ultra-brute try even more compression variants [very slow]

Backup options:
-k, --backup keep backup files
--no-backup no backup files [default]

Overlay options:
--overlay=copy copy any extra data attached to the file [default]
--overlay=strip strip any extra data attached to the file [DANGEROUS]
--overlay=skip don't compress a file with an overlay

Options for watcom/le:
--le produce LE output [default: EXE]

Options for win32/pe, rtm32/pe & arm/pe:
--compress-exports=0 do not compress the export section
--compress-exports=1 compress the export section [default]
--compress-icons=0 do not compress any icons
--compress-icons=1 compress all but the first icon
--compress-icons=2 compress all but the first icon directory [default]
--compress-icons=3 compress all icons
--compress-resources=0 do not compress any resources at all
--keep-resource=list do not compress resources specified by list
--strip-relocs=0 do not strip relocations
--strip-relocs=1 strip relocations [default]
--all-methods try all available compression methods
--all-filters try all available preprocessing filters

file.. executables to (de)compress

UPX comes with ABSOLUTELY NO WARRANTY; for details visit http://upx.sf.net

But...
http://whois.domaintools.com/192.168.0.0

27 other sites hosted on this server.
  1. Cdma1xcn.com
  2. Cuppyconsulting.com
  3. Erikreuter.com
  4. 25 more...

10 comments:

Post a Comment

We would appreciate if you as readers of our blog, show us some feedback by signing up to this site with Friend Connect.
This will encourage us to publish updates in the future.

Archive

Dentoo.info - Hosting - Offering seedboxes and seedbox solutions

Connect

MoDs - BRD Push 2 Check Projects News all on one Page
Subscribe to rss feed! Powered By Blogger Creative Commons —
 Attribution-Noncommercial-No Derivative Works 1.0 Generic
GFC Accessibly Test

Site Stats Public Google Analytics stats

We respect your privacy. Your email address will never be shared with others.

My IP Address