ÿØÿà JFIF    ÿÛ „ !.%+&8&+/1555$;@;4?.451 4,$,44444444444414444444444444444444444444444444444444ÿÀ  á á" ÿÄ     ÿÄ ?    !1AQaq"2‘¡±ÁðBRbrÑá#‚’¢²3S CñÿÄ   ÿÄ !    !1QAa‘2ÿÚ   ? 5˜Z¯V¦cø)›t/? z¨±>Õ5€¶‹Á¤·¼z¼Ü¬+ñ®v¤¨_ˆR­BFn©—˜ý®ç̝P8gýt·ÉSTŦˆìät?þé¼íìN/Þa)ì–í6ô… Ï¿øÃj´¿KÇü]ÿ ªô¹-eKànëÕHTx}ýSÜ›ÿ ”7Ø×&µ<¦  ¥ÑO¶[Ù¯ä¨ÞÃÿ PZ-¬;#õ|•oaÿ ©CìÞz3˜öː/¤­ñTûIØ}š^ mÓ%ªxˆ¥ÉŸu=Z+ISe¿45™¼u;ú&WØ÷€æßQ™®{|íx*TC“#ZŠìZ§²‹ 6pv…³¿¡äª*áZÐ%ÒOáˆo"x«OHk w±æ+¬V(kMúŸ5Vö«$ ÁrÏbàb57/luR ¸ÑÛj Òµì`Ðœq­û žICÀÊ•©4€Âcà¨Ï€O´<èÐ:›ù(Ë^L8þ‘ÍÌ#¸Ð_Ì©ÙK(Öz 4¬û+¸;ü’V’84‘¬ÃŽ:[â‡ÔÌáõp¢~§ªlæ£ö{®G>J¼"°‡7¯ÆÉèßû ‹É‹§ÁòÃýâßî ^ƾÙõ‹×óH#«LP½ïX=xÑÍ$|W?•~• îëÔ©ª‹ {ÝT…Kÿ ”hûâá)J*ö˜–ÔU;iÇ€/ ÆþjóZ\ýwØ=Ìm ºèËL9 ýèÆð/¨’¥öo=nË.%Îì ŽÕ¯È|{Oj²ƒE6e/ßdÄõ²Ìâ1O®ò×TsəԸhOMýíMˆ¿¼H˜l²,7Â¥#MF/Úf°Ö½± ¸–dr‹NýÊ íjqx{œÉ ä-È ¦ øÄër¨q°ð †nцýÑÄÆ’mä…n<0È™;ÁÝá¯ÁZƒ7FÀmì­ É&9ˆîéi¶ùN§Y• ÃZãAâ?•‡©‰ , ó¾IŸŠc1 4â&y­&pŠ­6;M À 0¹qç»p.á …ŸÅáK@%6·y6ƒ‰3?”úºŽ‰éX5ªPT §µ!=Mž«Ú½‹ÅgÂSâÉaþÓoö–¯ÁÔìR>5éÿ üs¶ÆUcÌ kÇR ]ÿ ù¬¼«VŽ;Â|‡~¢¦”ÏÅ°æ {L™Õ°Óv¹ò¸írŽ¡×¢CÃ!íVÕ {¶»sŒNPg/ "uÕbkm²“$ďå¿é¹§°½æz¯6 †s¿!s–wÚÝ“™Œ °.ûj>·+™Òa…©Œ&rÝÎtÛë긪Ît’LAVp%c Úý[ÄzJ¾ÇàXXç@˜ó<êL]·T˜¾¥1Ó©V‡g´æ½¦Ý@¹óø!_@´ÞâSÁ —S3™•& ]@JHÚý©ZŽ €×æÔr»Áf!‡yÞ4Mv*èÓã_{‘åóUuљØ«Oïé*®EvÑ Œ÷‡U \"㪒ÍK+À 4“M¡ï:0¥5í!'<@î´”>Ç»&Z–ïCCV˜Ì5Šo&îhè.žû |ÓK©h$s6KìŒëã)¹hI¦GïOåóI;ììü#É$Š0…Ææ¥TØ.5­¾gn´ “ÂÖ\:hœ89G)J@„}œ:’Ò{/Š"¦_Æ×7Æ3VÇŠÊa]ÚŒÙ€Ä–=®uÁßâACZƒ§§£ Qnâ:«,×{tyø¬iÛcœÜÄ€H½ÄÍCk´÷šß .W'b¤Íåh]÷€=,Žv×cÚEÚHXJX¶îo¨FÒtèöŸ>ªª6[J®Fµ£sGÁeqõfe\íjÒÐïÄÐGˆe1Ø‹.Ø”‘Ëuø Y­ˆÜ ŽG|zùªüMpDnQWÄ”%JŠ™)â*p@Örš«ÕT2Ð%ˆG#ª„ ·¤!°ŸOTÂT¸aÚ%4&h™LµšØüÐ.F¿²ÐÞ_Ç‚¾ÅÃaÜ÷09Æ q€öy˜v‡85õN÷]¬äѼóS{°_MŽ¬úÔ#°Ç¸0åÞè2ëôPcvÆw9®ií1Ä8F™˜à‰´+‰Ik1òÝ7“Ñ×ÒsÝ\x‚h`ÞÑ`ó"|µEcý£n˜h`}GÞ !±ù²Ápü²ß6 0ïi󜵩SÈÇ7˜-ÕURO˜¦´f$ªž-Í6(œ}<„ éc øs]ŽŽ„*—¾ ìdŽ„)méª\¿êÎIg¾ØÞ~I#C/¼¼´EÁÈŽi8“©õådô·>euä ƒ'Ê×लR1ÉJE1ÐAát`t;ÇР%Ý<‡¥„ÍÆ`×Oyó)õiI€ñQaŸ4Ûù\áàaÃÔ¹HÃu¹*k€¦<„e S‡&õÏ B!ŽhüÞ`yj}mªf×\¿ Ç~æ­9‡û\՞Ǖg²1Žû5V7 !àöšm° c`ܬøÇìµÒ'P"?…´Ö,"§^•õŽ¨sÔ)6˜sæéÍR¼ ò|Sl”‹7 nPW Gòú÷½§O¯‡„l¡kSÞŒr½PÊ@æ¢pŽ-mÿ #Ÿ˜Àº¶Áä¦;ïÔæ$1££`“Õ>„—·ž)ßð³ñ#Ï Ô$¶œ‰ÊE‹À;÷º ¯«P:Ñ”8–IÊtpÞ3ª“>ê“þës4ò2OÏÕ­±zô†Õ§‰.÷ä¸;¿˜“'œ›žª}«Œ{ª±Ì 9ÔóÞÕ‡0 $íWV3Üì¬ —@kÝ4@¿r¼±½¬™›?øØæ´'Áé®CË3-g$˜ö‡×auÚi´Žp/êÛ æF›Ú2v‹ã¿¿,nB1̨ƃqÞa5͝@&Æû“él÷ \C²½UÍc ¯k×¢U ÖéQå™—-r wô ÞÏ<Ò=&=ÿ Ôê Òêˈt,i—;LîÜ á¸*ÚÃ1$êL•LÍ <É)ýÐà’ ;F™{ƒ™˜€&'}‚ãÄK`¡ÞT@I;®žZóè‚s’7®°›+§O­Åq©é»²9<Ô J ¼9O’HL»Ùïì¸rk¼Ž_ý‘TŸu[²ßÚŒ·ü÷B%¯E ŸÔX5êO´ Ç•€’I0 ÉJX` ñ¹õ%;µŸD‘«´€àwÒ™U ûئžÖö\×®×´8 ½‡ºÐÆÓ§?Àkmœ=;d5*@-ì0F Rªýš[Ü6âö̃ڸr*KA9· u*µæ£?U¸Âêí†8@¦X4 e-ò„0s{ HâUpU?¼mñRa°®a%Ð'tÉ×’\¾ÊÉ]t›h>·(Ë@R¼¡Ãt h}’O÷au<+nT…Ö…MӐ??Óe95 q>í/;&JSû °¯ÊéÞ øƒ*Ã2½Ài&:nôUl=¾¿5eˆ3”ñc|Ú2V”>„»&eE;«ÚäC p¢Û úy 9š[ŒÌx¼擼A&DåÒ¯ˆ¤ÀÌ;"˜ ÏQä¸åhÊ}Ûq«Û0WžÒ|»€ø®öCm5•\ÇÀ§Pe3£]0ÃàLDÉ‰1øªxjgwT‚÷¿LΨK‹›ùs—xˆÜ±µ kæ¸f‰‰ÜGk/LÛØ6d9ò¶ùA{ƒA3š/¬D¬khÓk‰`˜"㯒r¿±Óã jx‡°e}<Ñø\3y:'À•/h½Í€Ç4~g ?Û(¼]v‘ªlKÎâ~?O‚W%{Ì:“'©úNq¾›úo(X’¥¯ˆ nFê{Ç€ü?º'ë ø‹ì Þ09ŒÌç9Æ —ËC`j@ÓÄ(+a‹un¸#ÂꟋ{K`‘ÑÍÍ'à´»/Û,KW;Þ4²þð ï Nm|~fGÏ(…³Ã)«1ö­Õ ¥‡¨©ƒÃ™ü-s=à=U66Ï«Ýc蓦W¹íž®›nÔ%êÇìŒ<#Ü×84ån®Ð ÒåOC` ñânÑs‡¢ç 1õ%Îhì½Ã½® e:ݼUZo™`  ÅZŸŒÊ«ê1ÏÄo$q¹Þ€©ˆhÐÉä¯ñ[!…Ú˜àJ:x2$Íß&PåT£6ç— ‡Í*4Ýšçjÿ ‰É nófÐ ó(L5C•åÆ\rMÒ@ò }y-W}™üýVù—ú¢=Ù”c®‘< M ž ´Phr ¦©TD ‘ù.$´÷O‡‘V2Æò.=IUŒ=ž‡â¬i™aþÓåÙ?òUø'ØÖ•.~* šTŒ!•-×áºTâ®ä#õü'´ eýlYÅÓeÕKÂrT"CÚ@u!Óxƒ{š3€}1¿(r}%«nËamjÑ%ÑNEò v ˜à  σöK³,*º.àzù¨™Ó ÚçâU¦*¿ 9{%Ö¹ njûdaXöb) kÛƱûÓ\°M7ˆÂ=û›ç¿Ã‚­V»Cg–8ÙêE- j)k$º`Ã-ùEýeBÆÇ]c¡°ñty&Òd0nõ'¡W+ƒ*|–øµFa\GQªEAÔp5\Ǽ·¼Ç8·õ -â§Ú[ ‡ uZeÖ 3}×d'+¹:ð+K†Û®s!Ï$úe€<Û”x)1»a­¡LC]¸µík…ÚàA»AYº{†ªS[¦5HÒ7ù --,ísòDØ€èk ÞÀîÜ ò@â( ËNˆë›4ô½•/¦o‡€Û7 ê•ÆêòðÜy'Án½µ á˜ݦ ndeo…[ì¶Ê,¥R³Ä=À±—–ß;£™´ñSâ*g§”ïaið‘Jå~™ÓÞ ß³Õ¢»8x埒²52>AÊb&-÷\7´éÄù€T˜,w;3{ï˜k…à¹ÄqÀ«œ{€\ ˆ¾[´¨јr &Úé„Ívˆ±8†¿]|¬ņ4I×pÞS1ÈÖz‰#Ìv‡G!YNògñ:màTz¢Ý1ô©^O=~ë|5Bã™ç•¼µõ•bÆ@úÕS¬ÈŒ#¬zünrŸ û” Z²•ï›èðV"ÁHÚý©wÝ €7¼Ìu1hÑa3Éä û f$o¿É ™Ú›ÝçnpÒ3äÌ3†Í§,Äï]$‰/pê †«À¼¸e9­Æê_C]žƒ·ý·frÁN«, E=›Çq -‰öŒ:aÏ¿±í&£Í:-} 84‘ÿ eƒQÑeëSsuiA ³g㟥ú£?ÿ ʼn*”“÷aühe:ÊWa@ÒÞk±eØ] F Ô—r.åä˜ @ö¥ªZoÐýYL·¥S²G/‡ñ <~*ZÆ´è>JlòàÛƽÿ 窘ìGN¢:I®KšJp/`íIÁÀõ#Ä-€ö­šµŒoF4|ÆQØÆ@Ì|£Ô…¢À{9˜è½Üó›€ôYÒÎYsið;ís¤€à²ˆ‚4qÉVŒI$ ‰"° æµ8cXGjœˏ¡Aâý•ËÜ¢ûï e·çLx']á"oÅÎê3¯Ç—¹”ó0nå‚âg{Œñ> S´˜îè°g238‚ãköÝfÚd´6Ò€;ò÷±¢™¼›º ¢Æ'¥Ðx'e¬ç ]bÈÆV¢ó‹kýBO ðÊâ$Ÿ!×T 3Mýמ žìٍàÌü‘8÷€àæØ8æ©6‰©L´«…oãpð„~Çk‰!ñ;‹”ÛžÍ àž±z Ÿôû øŸÝužÏ;ÿ #|u6™Þ¬ÚˆÐõA4¶â|ôl|Ê2ŽÇ¤ÝÅÇY.<#Aí.k§hóF‚”Y; M½Ö4hŸ4&›­¿tès´%FìL¥£Ãk‰ÇT¤haÁ¤ÚxfÉ`ÑìË›>i 3t‚:,–+^÷´–{Û–Nxi"x‘Ûg î¨>¥Õ܁ùZH,2Û“:8xÊ¢Çí9.É-Ìâã-=çjwµS˜dütžçwýGòú®®ûº_ˆýx$–¡ãøO EÚÛÏ÷R„×w+3£Á£öUMyR²¹âŒ°š›¸Ñãò9§Ó_Dl+Ùßc›úšGÅÌc†Ž!Ko=¶.‘Îÿ c²(2®V mª.ÿ ¹B›¹å ù„öŸSV>™ü¯$y:G¢Z×àøúdî¹û­·ýÇ´:•c LÍõi_‹ö+ÎæGÊè>OŠ•äž´§Þ{X}¨1ÚTc›»Qþ•êô°t¿OP?eæ~É{5]•ÙR£r5†nZ\ã@ &îJõ ¾àC°þV>fé¥/ü5ñÊIº_é5 ;e­h<@ Ä&æÃëE%;X,ÒãÆÞ`Oò¦kŸm#˜!ÀyÄ¢| óLšò¥Ä` ¶R=|ÈCâh5ò3DˆïF†ðÒ#ÅìÛœ?¸yhBãœí ZxßÎÄhºRK„`Þödvײ™ÀÈÑÒgŒuY w³%†ƒÓzõ ÖÏp‚dH®¦A´ù§»ÓÇMæ~)ˆð‡û:ù&Ä •vGD´À n ݇¼Ö8Fö óáà£~Ë¥x`oK|Ä?fxiØü%pìR>éò+Û±éÎ>núlFŤ'tq8LZÏvÃ?„¡ß±È⽆¯³íü@x|PöUäèØã¡ð‚ŒAìÏ"vÍwóŸÍ{ ý0.z È•Ö{,N¡£¡ŸKÕÙž>Ýœþ ÍÀ°<×EA!Å‚D™IúOÍ¡>ôG}Â` ÍßkÜL™Ž Þð™ {IøF²¹òQ3&!ÃÂÞz.d&Ï-sH¸,Ôõ˜ŽP€ 77ˆÝ¼ÊëÜw =cÕ Ú,ØÐ5ÎYÐ)ì´öœgŒ[¤ßv㙑8心>h]§µháYš£²ºÑ.{Ï7Sð•?´~×SÃKýJÛ˜ ™Íäiúu<µX¶1õ^kâçIÑ£sZ4h>j*ÔšD:4­¿_ ÷¸ Õxæÿ ¸?Mù _•­ÊÐ ä ÷ý ÑwL œ­ïnTkÛUÍN©ë:¦fV ¶ÜÔÜMªÅâA½–¿R×TXš-%iTÊT•‡Ù‚JôϐZxWÑè‰f‰òG º ×Õû2aZ7OU3[“×AT–ÞŒ…-‘¤”Ì ì&(ˆ¿­•ƒkï’:ðY¦W‘ Å)“†‘˜³Åtcø˜ñTÂwÚÇ4|üLÇªí–v- qˆèU qPE.†â‘˜µ Æ,ÐÅs]8¾„oúÑ i>ÜxxÈó)ƒ ´æÁâØ$À‰vžŸf$Ž |ãw;ÀÁIJ»b` {¦Ó¤Ú$©YÀ‘n@Óïž«9J¼êG m¤ ܯ¹ÌW4€ÐÒÅÛ‡#褕Ÿn-?í|с¥÷Ú¹¬'´ÞÜ9ÓK `hê£SÄSà?7—Wí_´…óB›»:=Ãïq`<8ñÓŒÑlú2d¬ê³£hÖ[l|$vÝro~'R®‰§°ñmY ͧäP |PUª¹·:3Œ[Û{Xÿ ºâ@‚W–Äé u‚ ¯´*=íή.pûÒdt @G‰¬ s¸ ëÉücr ÞæѨÊ@>¤¢Ö±. Þ'¯°ÌME[YéïĵÂCå½ Ué©Áû'Ê9%eÔðNU”ë‘ÌsD3/®+UI˜9h.WC”빓$#:pz:YÓ ¿xž* ³$Í +$kñAŠ‹†¢ Uê>¸)_š¬÷©ßAÂÔb9ÇU ¯¾á•9¯ÏÏ÷O÷¼¼Fähal1‰3Ì[Ïr•´UCksNÐ] R‘¸¥H+§Šé†c©vÖÞ0iÓ76s†î!§=ß ¼~Ô'°Ãmäoäš³ªøi1úÉ)³yV8 CLÄØÁ‘WYïi€H6ÖÑiámø^ÈY´°Ñ7¥Û*—Ñ©L«Qƒï—Ùrÿ ›£Ð*š¸ˆL©ˆ$ˆ ÷¾D§9È®«qbqC)–ˆïv´çñsÑVT­Ø, <àïºÀO«Jý·õ àfPìð .wFšir´þ’2_Y *Æ€x\« ì€9š@ Ž|F⇥ˆkZ@hÖÄ0t¿-<“‹qµ¾*ZL¤Ú)&BJpÓF5=$„at*Zš$’ÑtdûÝRI1 2Ž‰$€$I$#‰SÞ’Hë¬ï;Á$¡t$’`<(ñÇt)$‡Ð.Êf¢X’Kt=Éé$‚ˆªè¢oÝëòI%Rgcª÷ŠyI%¡‰ÿ !ñ)´õ $¤ Ô’IIGÿÙ--- Bittorrent and DHT protocol library which enables users to read -- information from a torrent file, decode bencoded (bittorrent -- encoded) buffers, find peers associated with a certain torrent and -- retrieve nodes discovered during the search for peers. -- -- For more information on the Bittorrent and DHT protocol go to: -- http://www.bittorrent.org/beps/bep_0000.html -- -- The library contains the class Torrent and the function bdecode(buf) -- -- How this library is likely to be used: -- -- local filename = "/home/user/name.torrent" -- local torrent = bittorrent.Torrent:new() -- torrent:load_from_file(filename) -- torrent:trackers_peers() -- to load peers from the trackers -- torrent:dht_peers() -- to further load peers using the DHT protocol from existing peers -- -- After these operations the peers and nodes can be found in torrent.peers and -- torrent.nodes tables respectively -- -- @author Gorjan Petrovski -- @license "Same as Nmap--See https://nmap.org/book/man-legal.html" -- -- The usage of the library would be first to initialize a new Torrent -- object. This initialization includes setting values for several -- variables. -- Next, a the torrent information needs to be loaded from a torrent file -- or a magnet link. The information in question would be a list of -- trackers, and the info_hash variable which is a 20 bytes length SHA1 -- hash of the info field in the torrent file. The torrent file includes -- the field itself, but the magnet link only includes the info_hash -- value. -- After the basic info for the torrent is set, next the peers from the -- trackers need to be downloaded (torrent:trackers_peers()). There are -- http and udp trackers which use different protocols implemented in the -- Torrent:http_tracker_peers() and Torrent:udp_tracker_peers(). The -- communication is done serially and could be improved by using threads. -- After a few peers have been discovered we can continue in using the -- DHT protocol to discover more. We MUST have several peers in order to -- use the DHT protocol, and what's more at least one of the peers must -- have that protocol implemented. A peer which implements the DHT -- protocol is called a node. What that protocol allows is actually to -- find more peers for the torrent we are downloading/interested in, and -- it also allows us to find more nodes (hosts which implement the DHT -- protocol). Please notice that a DHT node does not necessarily have to -- be a peer sharing the torrent we need. So, in fact we have two -- networks, the network of peers (hosts sharing the torrent we need) and -- the DHT network (network of nodes which allow us to find more peers -- and nodes. -- There are three kinds of commands we need to do DHT discovery: -- - dht_ping, which is sent to a peer to test if the peer is a DHT node -- - find_node, which is sent to a DHT node to discover more DHT nodes -- - get_peers, which is sent to a DHT node to discover peers sharing a -- specific torrent; If the node that we send the get_peers command -- doesn't have a record of peers sharing that torrent, it returns more -- nodes. -- So in the bittorrent library I implemented every command in functions -- which are run as separate threads. They synchronize their work using -- the pnt condvar table. This is the map of pnt (peer node table): -- pnt = { peers_dht_ping, peers, nodes_find_node, nodes_get_peers, nodes } -- The dht_ping thread pings every peer in peers_dht_ping and then -- inserts it into peers. It does this for batches of a 100 peers. If the -- peer responds it adds it to the nodes_find_node list. -- The find_node thread sends find_node queries to the nodes in -- nodes_find_node, after which it puts them in nodes_get_peers. The -- nodes included in the response are added to the nodes_find_node list -- if they are not present in any of the nodes' lists. -- The nodes_get_peers sends a get_peers query to every node in the list -- after which they are added to the nodes list. If undiscovered peers -- are returned they are inserted into peers_dht_ping. If undiscovered -- nodes are found they are inserted into nodes_find_node. -- All of these threads run for a specified timeout whose default value -- is ~ 30 seconds. -- As you can see all newly discovered nodes are added to the -- nodes_find_node, and are processed first by the find_node thread, and -- then by the get_peers thread. All newly discovered peers are added to -- the peers_dht_ping to be processed by the dht_ping thread and so on. -- That enables the three threads to cooperate and pass on peers and -- nodes between each other. -- -- There is also a bdecode function which decodes Bittorrent encoded -- buffers and organizes them into a structure I deemed fit for use. -- There are two known bittorrent structures: the list and the -- dictionary. One problem I encountered was that the bittorrent -- dictionary can have multiple entries with same-name keys. This kind of -- structure is not supported by Lua, so I had to use lists to represent -- the dictionaries as well which made accessing the keys a bit quirky local ipOps = require "ipOps" local coroutine = require "coroutine" local http = require "http" local io = require "io" local nmap = require "nmap" local openssl = require "openssl" local os = require "os" local stdnse = require "stdnse" local string = require "string" local table = require "table" local url = require "url" local rand = require "rand" _ENV = stdnse.module("bittorrent", stdnse.seeall) --- Given a buffer and a starting position in the buffer, this function decodes -- a bencoded string there and returns it as a normal lua string, as well as -- the position after the string local bdec_string = function(buf, pos) local len = tonumber(string.match(buf, "^(%d+):", pos) or "nil", 10) if not len then return nil, pos end pos = string.find(buf, ":", pos, true) + 1 local str = buf:sub(pos,pos+len-1) pos = pos+len return str, pos end --- Given a buffer and a starting position in the buffer, this function decodes -- a bencoded number there and returns it as a normal lua number, as well as -- the position after the number local bdec_number = function(buf, pos) local s, n = string.match(buf, "^i(%-*)(%d+)e", pos) if not n then return nil end local num = tonumber(n) -- 1 for the "i", 1 for the "e", 1 if there is a "-" plus the length of n pos = pos + 2 + #n if s == "-" then num = -num pos = pos + 1 end return num, pos end --- Parses a bencoded buffer -- @param buf, string with the bencoded buffer -- @return bool indicating if parsing went ok -- @return table containing the decoded structure, or error string bdecode = function(buf) local len = #buf -- the main table local t = {} local stack = {} local pos = 1 local cur = {} cur.type = "list" cur.ref = t table.insert(stack, cur) cur.ref.type="list" cur.ref.start = pos while pos <= len do if cur.type == "list" then -- next element is a string if tonumber( string.char( buf:byte(pos) ) ) then local str str, pos = bdec_string(buf, pos) if not str then return nil, "Error parsing string", pos end table.insert(cur.ref, str) -- next element is a number elseif "i" == string.char(buf:byte(pos)) then local num num, pos = bdec_number(buf, pos) if not num then return nil, "Error parsing number", pos end table.insert(cur.ref, num) -- next element is a list elseif "l" == string.char(buf:byte(pos)) then local new_list = {} new_list.type="list" table.insert(cur.ref, new_list) cur = {} cur.type = "list" cur.ref = new_list cur.ref.start = pos table.insert(stack, cur) pos = pos+1 --next element is a dict elseif "d" == string.char(buf:byte(pos)) then local new_dict = {} new_dict.type = "dict" table.insert(cur.ref, new_dict) cur = {} cur.type = "dict" cur.ref = new_dict cur.ref.start = pos table.insert(stack, cur) pos = pos+1 --escape from the list elseif "e" == string.char(buf:byte(pos)) then stack[#stack].ref.endpos = pos table.remove(stack, #stack) cur = stack[#stack] if not cur then return nil, "Problem with list closure:", pos end pos = pos+1 -- trailing whitespace elseif string.match(buf, "^%s*$", pos) then pos = len+1 else return nil, "Unknown type found.", pos end elseif cur.type == "dict" then local item = {} -- {key = , value = <.*>} -- used to skip reading the value when escaping from a structure local escape_flag = false -- fill the key if tonumber( string.char( buf:byte(pos) ) ) then local str local tmp_pos = pos str, pos = bdec_string(buf, pos) if not str then return nil, "Error parsing string.", pos end item.key = str elseif "e" == string.char(buf:byte(pos)) then stack[#stack].ref.endpos = pos table.remove(stack, #stack) cur = stack[#stack] if not cur then return nil, "Problem with list closure:", pos end pos = pos+1 escape_flag = true else return nil, "A dict key has to be a string or escape.", pos end if not escape_flag then -- value -- next element is a string if tonumber( string.char( buf:byte(pos) ) ) then local str str, pos = bdec_string(buf, pos) if not str then return nil, "Error parsing string.", pos end item.value = str table.insert(cur.ref, item) --next element is a number elseif "i" == string.char(buf:byte(pos)) then local num num, pos = bdec_number(buf, pos) if not num then return nil, "Error parsing number.", pos end item.value = num table.insert(cur.ref, item) -- next element is a list elseif "l" == string.char(buf:byte(pos)) then item.value = {} item.value.type = "list" table.insert(cur.ref, item) cur = {} cur.type = "list" cur.ref = item.value cur.ref.start = pos table.insert(stack, cur) pos = pos+1 --next element is a dict elseif "d" == string.char(buf:byte(pos)) then item.value = {} item.value.type = "dict" table.insert(cur.ref, item) cur = {} cur.type = "dict" cur.ref = item.value cur.ref.start = pos table.insert(stack, cur) pos = pos+1 --escape from the dict elseif "e" == string.char(buf:byte(pos)) then stack[#stack].ref.endpos = pos table.remove(stack, #stack) cur = stack[#stack] if not cur then return false, "Problem with dict closure", pos end pos = pos+1 else return false, "Error parsing file, unknown type found", pos end end -- if not escape_flag else -- elseif type == "dict" return false, "Invalid type of structure. Fix the code." end end -- while(true) -- The code below is commented out because some responses from trackers are -- not according to standards -- next(stack) is never gonna be nil because we're always in the main list -- next(stack, next(stack)) should be nil if we're in the main list -- if next(stack, next(stack)) then -- return false, "Probably file incorrect format" -- end return true, t end --- This is the thread function which sends a DHT ping probe to every peer in -- pnt.peers_dht_ping after which the peer is moved to the pnt.peers and -- removed from pnt.peers_dht_ping. Every peer which responds to the DHT ping -- is actually a DHT node and is added to the pnt.nodes_find_node table in -- order to be processed byt the find_node_thread(). This operation is done -- during the specified timeout which has a default value of about 30 seconds. local dht_ping_thread = function(pnt, timeout) local condvar = nmap.condvar(pnt) local socket = nmap.new_socket("udp") socket:set_timeout(3000) local status, data local transaction_id = 0 local start = os.time() while os.time() - start < timeout do local num_peers = 0 --ping a 100 peers if there are as many while next(pnt.peers_dht_ping) ~= nil and num_peers <= 100 and os.time() - start < timeout do num_peers = num_peers +1 local peer_ip, peer_info = next(pnt.peers_dht_ping) --transaction ids are 2 bytes long peer_info.transaction_id = string.pack(">I2",transaction_id % 0xffff) -- mark it as received so we can distinguish from the others and -- successfully iterate while receiving peer_info.received = false pnt.peers[peer_ip] = peer_info pnt.peers_dht_ping[peer_ip] = nil -- bencoded ping query describing a dictionary with y = q (query), q = ping -- {"t":, "y":"q", "q":"ping", "a":{"id":}} local ping_query = "d1:ad2:id20:" .. pnt.node_id .. "e1:q4:ping1:t2:" .. peer_info.transaction_id .. "1:y1:qe" status, data = socket:sendto(peer_ip, peer_info.port, ping_query) transaction_id = transaction_id +1 if transaction_id % 0xffff == 0 then transaction_id = 0 end end -- receive responses up to a 100 for c = 1, 100 do if os.time() - start >= timeout then break end status, data = socket:receive() if not status then break end local s, r = bdecode(data) -- if the response is decoded process it if s then local error_flag = true local good_response = false local node_id = nil local trans_id = nil for _, i in ipairs(r[1]) do if i.key == "y" and i.value == "r" then error_flag = false elseif i.key == "r" and i.value and i.value[1] and i.value[1].value then node_id = i.value[1].value good_response = true elseif i.key == "t" then trans_id = i.value end end if (not error_flag) and good_response and node_id and trans_id then local peer_ip for ip, info in pairs(pnt.peers) do if info.transaction_id == trans_id then info.received = nil peer_ip = ip break end end if peer_ip then pnt.peers[peer_ip].node_id = node_id if not (pnt.nodes_find_node[peer_ip] or pnt.nodes_get_peers[peer_ip] or pnt.nodes[peer_ip]) then pnt.nodes_find_node[peer_ip] = pnt.peers[peer_ip] end end end end -- if s then end -- /for c = 1, 100 end -- /while true socket:close() condvar("signal") end --- This thread sends a DHT find_node query to every node in -- pnt.nodes_find_node, after which every node is moved to pnt.nodes_get_peers -- to be processed by the get_peers_thread() function. The responses to these -- queries contain addresses of other DHT nodes (usually 8) which are added to -- the pnt.nodes_find_node list. This action is done for a timeout with a -- default value of 30 seconds. local find_node_thread = function(pnt, timeout) local condvar = nmap.condvar(pnt) local socket = nmap.new_socket("udp") socket:set_timeout(3000) local status, data local start = os.time() while true do if os.time() - start >= timeout then break end local num_peers = 0 while next(pnt.nodes_find_node) ~= nil and num_peers <= 100 do num_peers = num_peers +1 local node_ip, node_info = next(pnt.nodes_find_node) -- standard bittorrent protocol specified find_node query with y = q (query), -- q = "find_node" (type of query), -- find_node Query = {"t":, "y":"q", "q":"find_node", "a": {"id":, "target":}} local find_node_query = "d1:ad2:id20:" .. pnt.node_id .. "6:target20:" .. pnt.info_hash .. "e1:q9:find_node1:t2:" .. rand.random_string(2) .. "1:y1:qe" -- add the traversed nodes to pnt.nodes_get_peers so they can be traversed by get_peers_thread pnt.nodes_get_peers[node_ip] = node_info pnt.nodes_find_node[node_ip] = nil status, data = socket:sendto(node_ip, node_info.port, find_node_query) end for c = 1, 100 do if os.time() - start >= timeout then break end status, data = socket:receive() if not status then break end local s, r = bdecode(data) if s then local nodes = nil if r[1] and r[1][1] and r[1][1].key == "r" and r[1][1].value then for _, el in ipairs(r[1][1].value) do if el.key == "nodes" then nodes = el.value end end end --parse the nodes an add them to pnt.nodes_find_node if nodes then local pos = 1 while pos < #nodes do local node_id, node_ip, node_port node_id, node_ip, node_port, pos = string.unpack(">c20 I4 I2", nodes, pos) node_ip = ipOps.fromdword(node_ip) local node_info = { port = node_port, node_id = node_id, } if not (pnt.nodes[node_ip] or pnt.nodes_get_peers[node_ip] or pnt.nodes_find_node[node_ip]) then pnt.nodes_find_node[node_ip] = node_info end end end -- if nodes end -- if s end -- for c = 1, 100 end -- while true socket:close() condvar("signal") end --- This thread sends get_peers DHT queries to all the nodes in -- pnt.nodes_get_peers, after which they are moved to pnt.nodes. There are two -- kinds of responses to these kinds of queries. One response contains peers, -- which would be added to the pnt.peers_dht_ping list, and the other kind of -- response is sent when the queried node has no peers, and contains more nodes -- which are added to the pnt.nodes_find_node list. local get_peers_thread = function(pnt, timeout) local condvar = nmap.condvar(pnt) local socket = nmap.new_socket("udp") socket:set_timeout(3000) local status, data local start = os.time() while true do if os.time() - start >= timeout then break end local num_peers = 0 while next(pnt.nodes_get_peers) ~= nil and num_peers <= 100 do num_peers = num_peers +1 local node_ip, node_info = next(pnt.nodes_get_peers) -- standard bittorrent protocol specified get_peers query with y ="q" (query) -- and q = "get_peers" (type of query) -- {"t":, "y":"q", "q":"get_peers", "a": {"id":, "info_hash":}} local get_peers_query = "d1:ad2:id20:" .. pnt.node_id .. "9:info_hash20:" .. pnt.info_hash .. "e1:q9:get_peers1:t2:" .. rand.random_string(2) .. "1:y1:qe" pnt.nodes[node_ip] = node_info pnt.nodes_get_peers[node_ip] = nil status, data = socket:sendto(node_ip, node_info.port, get_peers_query) end for c = 1, 100 do if os.time() - start >= timeout then break end status, data = socket:receive() if not status then break end local s, r = bdecode(data) if s then local good_response = false local nodes = nil local peers = nil for _,el in ipairs(r[1]) do if el.key == "y" and el.value == "r" then good_response = true elseif el.key == "r" then for _,i in ipairs(el.value) do -- the key will either be for nodes or peers if i.key == "nodes" then -- nodes nodes = i.value break elseif i.key == "values" then -- peers peers = i.value break end end end end if not good_response then break end if nodes then local pos = 1 while pos < #nodes do local node_id, node_ip, node_port node_id, node_ip, node_port, pos = string.unpack(">c20 I4 I2", nodes, pos) node_ip = ipOps.fromdword(node_ip) local node_info = { port = node_port, node_id = node_id, } if not (pnt.nodes[node_ip] or pnt.nodes_get_peers[node_ip] or pnt.nodes_find_node[node_ip]) then pnt.nodes_find_node[node_ip] = node_info end end elseif peers then for _, peer in ipairs(peers) do local ip, port = string.unpack(">I4 I2", peer) ip = ipOps.fromdword(ip) if not (pnt.peers[ip] or pnt.peers_dht_ping[ip]) then pnt.peers_dht_ping[ip] = {} pnt.peers_dht_ping[ip].port = port end end end -- if nodes / elseif peers end -- if s then end -- for c = 1,100 end -- while true socket:close() condvar("signal") end Torrent = { new = function(self) local o ={} setmetatable(o, self) self.__index = self self.buffer = nil -- buffer to keep the torrent self.tor_struct = nil -- the decoded structure from the bencoded buffer self.trackers = {} -- list of trackers {"tr1", "tr2", "tr3"...} self.port = 6881 -- port on which our peer "listens" / it doesn't actually listen self.size = nil -- size of the files in the torrent self.info_buf = nil --buffer for info_hash self.info_hash = nil --info_hash binary string self.info_hash_url = nil --info_hash escaped self.peers = {} -- peers = { [ip1] = {port1, id1}, [ip2] = {port2, id2}, ...} self.nodes = {} -- nodes = { [ip1] = {port1, id1}, [ip2] = {port2, id2}, ...} return o end, --- Loads trackers and similar information for a torrent from a magnet link. load_from_magnet = function(self, magnet) local info_hash_hex = magnet:match("^magnet:%?xt=urn:btih:(%w+)&") if not info_hash_hex then return false, "Erroneous magnet link" end self.info_hash = stdnse.fromhex(info_hash_hex) local pos = #info_hash_hex + 21 local name = magnet:sub(pos,#magnet):match("^&dn=(.-)&") if name then pos = pos + 4 + #name end magnet = magnet:sub(pos,#magnet) for tracker in magnet:gmatch("&tr=([^&]+)") do local trac = url.unescape(tracker) table.insert(self.trackers, trac) end self.size = 50 end, --- Reads a torrent file, loads self.buffer and parses it using -- self:parse_buffer(), then self:calc_info_hash() -- -- @param filename, string containing filename of the torrent file -- @return boolean indicating whether loading went alright -- @return err string with error message if loadin went wrong load_from_file = function(self, filename) if not filename then return false, "No filename specified." end local file = io.open(filename, "r") if not file then return false, "Cannot open file: "..filename end self.buffer = file:read("a") file:close() local status, err = self:parse_buffer() if not status then return false, "Could not parse file: ".. err end status, err = self:calc_info_hash() if not status then return false, "Could not calculate info_hash: " .. err end status, err = self:load_trackers() if not status then return false, "Could not load trackers: " .. err end status, err = self:calc_torrent_size() if not status then if not err then err = "" end return false, "Could not calculate torrent size: " .. err end return true end, --- Gets peers available from the loaded trackers trackers_peers = function(self) for _, tracker in ipairs(self.trackers) do local status, err if tracker:match("^http://") then -- http tracker status, err = self:http_tracker_peers(tracker) if not status then stdnse.debug1("Could not get peers from tracker %s, reason: %s",tracker, err) end elseif tracker:match("^udp://") then -- udp tracker status, err = self:udp_tracker_peers(tracker) if not status then stdnse.debug1("Could not get peers from tracker %s, reason: %s",tracker, err) end else -- unknown tracker stdnse.debug1("Unknown tracker protocol for: "..tracker) end --if not status then return false, err end end return true end, --- Runs the three threads which do a DHT discovery of nodes and peers. -- -- The default timeout for this discovery is 30 seconds but it can be -- set through the timeout argument. dht_peers = function(self, timeout) stdnse.debug1("bittorrent: Starting DHT peers discovery") if next(self.peers) == nil then stdnse.debug1("bittorrent: No peers detected") return end if not timeout or type(timeout)~="number" then timeout = 30 end -- peer node table a.k.a. the condvar! local pnt = {} pnt.peers = {} pnt.peers_dht_ping = self.peers pnt.nodes = {} pnt.nodes_get_peers = {} pnt.nodes_find_node = self.nodes pnt.node_id = rand.random_string(20) pnt.info_hash = self.info_hash local condvar = nmap.condvar(pnt) local dht_ping_co = stdnse.new_thread(dht_ping_thread, pnt, timeout) local find_node_co = stdnse.new_thread(find_node_thread, pnt, timeout) local get_peers_co = stdnse.new_thread(get_peers_thread, pnt, timeout) while true do stdnse.sleep(0.5) if coroutine.status(dht_ping_co) == "dead" and coroutine.status(find_node_co) == "dead" and coroutine.status(get_peers_co) == "dead" then break end end self.peers = pnt.peers self.nodes = pnt.nodes -- Add some residue nodes and peers for peer_ip, peer_info in pairs(pnt.peers_dht_ping) do if not self.peers[peer_ip] then self.peers[peer_ip] = peer_info end end for node_ip, node_info in pairs(pnt.nodes_find_node) do if not self.nodes[node_ip] then self.nodes[node_ip] = node_info end end for node_ip, node_info in pairs(pnt.nodes_get_peers) do if not self.nodes[node_ip] then self.nodes[node_ip] = node_info end end end, --- Parses self.buffer, fills self.tor_struct, self.info_buf -- -- This function is similar to the bdecode function but it has a few -- additions for calculating torrent file specific fields parse_buffer = function(self) local status, t = bdecode(self.buffer) if not status then return status, t end self.tor_struct = t for _, i in ipairs(t[1]) do if i.key == "info" then self.info_buf = self.buffer:sub(i.value.start, i.value.endpos) break end end return true end, --- Loads the list of trackers in self.trackers from self.tor_struct load_trackers = function(self) local tor = self.tor_struct local trackers = {} self.trackers = trackers -- load the announce tracker if tor and tor[1] and tor[1][1] and tor[1][1].key and tor[1][1].key == "announce" and tor[1][1].value then if tor[1][1].value.type and tor[1][1].value.type == "list" then for _, trac in ipairs(tor[1][1].value) do table.insert(trackers, trac) end else table.insert(trackers, tor[1][1].value) end else return nil, "Announce field not found" end -- load the announce-list trackers if tor[1][2] and tor[1][2].key and tor[1][2].key == "announce-list" and tor[1][2].value then for _, trac_list in ipairs(tor[1][2].value) do if trac_list.type and trac_list.type == "list" then for _, trac in ipairs(trac_list) do table.insert(trackers, trac) end else table.insert(trackers, trac_list) end end end return true end, --- Calculates the size of the torrent in bytes -- @param tor, decoded bencoded torrent file structure calc_torrent_size = function(self) local tor = self.tor_struct local size = nil if tor[1].type ~= "dict" then return nil, "first element not a dict" end for _, m in ipairs(tor[1]) do if m.key == "info" then if m.value.type ~= "dict" then return nil, "info is not a dict" end for _, n in ipairs(m.value) do if n.key == "files" then size = 0 for _, f in ipairs(n.value) do for _, k in ipairs(f) do if k.key == "length" then size = size + k.value break end end end break elseif n.key == "length" then size = n.value break end end end end self.size=size if size == 0 then return false, "size is zero" end return true end, --- Calculates the info hash using self.info_buf. -- -- The info_hash value is used in many communication transactions for -- identifying the file shared among the bittorrent peers calc_info_hash = function(self) local info_hash = openssl.sha1(self.info_buf) self.info_hash_url = url.escape(info_hash) self.info_hash = info_hash self.info_buf = nil return true end, --- Generates a peer_id similar to the ones generated by Ktorrent version 4.1.1 generate_peer_id = function(self) -- let's fool trackers that we use ktorrent just in case they control -- which client they give peers to local fingerprint = "-KT4110-" local chars = {} -- the full length of a peer_id is 20 bytes but we already have 8 from the fingerprint return fingerprint .. rand.random_string(12, "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789") end, --- Gets the peers from a http tracker when supplied the URL of the tracker http_tracker_peers = function(self, tracker) local url, trac_port, url_ext = tracker:match("^http://(.-):(%d-)(/.*)") if not url then --probably no port specification url, url_ext = tracker:match("^http://(.-)(/.*)") trac_port = "80" end trac_port = tonumber(trac_port) -- a http torrent tracker request specifying the info_hash of the torrent, our random -- generated peer_id (with some mods), notifying the tracker that we are just starting -- to download the torrent, with 0 downloaded and 0 uploaded bytes, an as many bytes -- left to download as the size of the torrent, requesting 200 peers in a compact format -- because some trackers refuse connection if they are not explicitly requested that way local request = "?info_hash=" .. self.info_hash_url .. "&peer_id=" .. self:generate_peer_id() .. "&port=" .. self.port .. "&uploaded=0&downloaded=0&left=" .. self.size .. "&event=started&numwant=200&compact=1" local response = http.get(url, trac_port, url_ext .. request, nil) if not response or not response.body then return false, "No response from tracker: " .. tracker end local status, t = bdecode(response.body) if not status then return false, "Could not parse response:"..t end if not t[1] then return nil, "No response from server." end for _, k in ipairs(t[1]) do if k.key == "peers" and type(k.value) == "string" then -- binary peers local pos=1 while pos < #k.value do local ip, port ip, port, pos = string.unpack(">I4 I2", k.value, pos) ip = ipOps.fromdword(ip) if not self.peers[ip] then self.peers[ip] = {} self.peers[ip].port = port end end break elseif k.key == "peers" and type(k.value) == "table" then -- table peers for _, peer_table in ipairs(k.value) do local peer = {} for _, f in ipairs(peer_table) do if f.key == "peer_id" then peer.id = f.value elseif f.key == "ip" then peer.ip = f.value elseif f.key == "port" then peer.port = f.value end end if not peer.id then peer.id = "" end if not self.peers[peer.ip] then self.peers[peer.ip] = {} self.peers[peer.ip].port = peer.port self.peers[peer.ip].id = peer.id else self.peers[peer.ip].port = peer.port end end break end end return true end, --- Gets the peers from udp trackers when supplied the URL of the tracker. -- -- First we establish a connection to the udp server and then we can request -- peers. For a good specification refer to: -- http://www.rasterbar.com/products/libtorrent/udp_tracker_protocol.html udp_tracker_peers = function(self, tracker) local host, port = tracker:match("^udp://(.-):(%d+)") port = tonumber(port) if (not host) or (not port) then return false, "Could not parse tracker url" end local socket = nmap.new_socket("udp") -- The initial connection parameters' variables have hello_ prefixed names local hello_transaction_id = rand.random_string(4) local hello_packet = "\0\0\x04\x17\x27\x10\x19\x80" -- identification of the protocol .. "\0\0\0\0" -- 0 for a connection request .. hello_transaction_id local status, msg = socket:sendto(host, port, hello_packet) if not status then return false, msg end status, msg = socket:receive() if not status then return false, "Could not connect to tracker:"..tracker.." reason:"..msg end local r_action, r_transaction_id, r_connection_id =string.unpack(">I4c4c8",msg) if not (r_transaction_id == hello_transaction_id) then return false, "Received transaction ID not equivalent to sent transaction ID" end -- the action in the response has to be 0 too if r_action ~= 0 then return false, "Wrong action field, usually caused by an erroneous request" end -- established a connection, and now for an announce message, to which a -- response holds the peers -- the announce connection parameters' variables are prefixed with a_ local a_action = 1 -- 1 for announce local a_transaction_id = rand.random_string(4) local a_info_hash = self.info_hash -- info_hash of the torrent local a_peer_id = self:generate_peer_id() local a_downloaded = 0 -- 0 bytes downloaded local a_left = self.size -- bytes left to download is the size of torrent local a_uploaded = 0 -- 0 bytes uploaded local a_event = 2 -- value of 2 for started torrent local a_ip = 0 -- not necessary to specify our ip since it's resolved -- by tracker automatically local a_key = rand.random_string(4) local a_num_want = 0xFFFFFFFF -- request for many many peers local a_port = 6881 -- the port "we are listening on" local a_extensions = 0 -- client recognizes no extensions of the bittorrent proto local announce_packet = string.pack(">c8 I4 c4 c40 c20 I8 I8 I8 I4 I4 c4 I4 I2 I2", r_connection_id, a_action, a_transaction_id, a_info_hash, a_peer_id, a_downloaded, a_left, a_uploaded, a_event, a_ip, a_key, a_num_want, a_port, a_extensions) status, msg = socket:sendto(host, port, announce_packet) if not status then return false, "Couldn't send announce message, reason: "..msg end status, msg = socket:receive() if not status then return false, "Didn't receive response to announce message, reason: "..msg end local p_action, p_transaction_id, p_interval, p_leechers, p_seeders, pos = string.unpack(">I4 c4 I4 I4 I4",msg) -- the action field in the response has to be 1 (like the sent response) if not (p_action == 1) then return false, "Action in response to announce erroneous" end if not (p_transaction_id == a_transaction_id) then return false, "Transaction ID in response to announce message not equal to original" end -- parse peers from msg:sub(pos, #msg) while pos < #msg do local ip, port ip, port, pos = string.unpack(">I4 I2", msg, pos) ip = ipOps.fromdword(ip) if not self.peers[ip] then self.peers[ip] = {} end self.peers[ip].port = port end return true end } return _ENV;