Re: Fwd: Kazaa file corruption

• Previous message: Russell S/nillion42: "Fwd: Kazaa file corruption"
• In reply to: Russell S/nillion42: "Fwd: Kazaa file corruption"
• Next in thread: Markus Kern: "Re: Fwd: Kazaa file corruption"
• Reply: Markus Kern: "Re: Fwd: Kazaa file corruption"
• Reply: Alex Lambert: "Re: Fwd: Kazaa file corruption"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Russell S/nillion42 wrote:
>>Problem:
>>Lack of file checksum in kazaa leads to the ability to
>>spread corrupted files and corrupt the dowload of any file.
>>
>>Method:
>>By deleting(replacing with hex 00) the data from a mp3
>>file and leaving the headers you can create a file
>>which has identical filesize (kazaa checks filesize).
>>When a kazaa user downloads a file, multiple download
>>streams can be used, if a stream is created to the
>>corrupted file, it will make the download useless once
>>finished not readily appraent until download is complete.

I haven't looked into why, but I can confirm that I've observed this.  I
had occasion to download some Red Hat ISOs from Kazaa recently, and the MD5
sums on 2 of the 5 didn't check out.  On one, the bad section was 0's.  On
the other, it had a bunch of single-bit errors in one section, the same bit
position each time.  (Comparison done by using the signed MD5 file from
RedHat, and downloading intact copies of the corrupted ISOs from a mirror
site, and then using fc /b .)

I had been under the impression that Kazaa DID use checksums, just that it
had some sort of bug, or was trusting the peers, or something.  I thought
that was what the temp filename was.  (I wouldn't mind someone pointing me
to any good info about the protocol.)

Of course, if someone intentionally or accidentally leaves a corrupted file
lying around, you might download that one on accident.  After all, you only
get to decide based on name.  For example, suppose I chose ISO 2 from the
list, and the one I chose was corrupt, I will continue to correctly
download the corrupt one.  If 5 of the people out of the 50 who have a file
with the same name and size have corrupt ones, and I've picked that one
(because I can't tell them apart), Then I would proceed to get the corrupt
one from up to 5 people, even if some sort of checksum is used.  How could
you tell the two situations apart?

This also came up on this list a while ago in regards to the Kazaa program
itself.  The "Kazaa" you get from downloads.com, etc... is just a stub that
downloads the real Kazaa from the Kazaa network itself.  Naturally, this
leads one to wonder if it's possible to slip in your own version.  If
there's a way to upload modified versions of Kazaa, then hilarity would ensue.

						BB

• Next message: Markus Kern: "Re: Fwd: Kazaa file corruption"
• Previous message: Russell S/nillion42: "Fwd: Kazaa file corruption"
• In reply to: Russell S/nillion42: "Fwd: Kazaa file corruption"
• Next in thread: Markus Kern: "Re: Fwd: Kazaa file corruption"
• Reply: Markus Kern: "Re: Fwd: Kazaa file corruption"
• Reply: Alex Lambert: "Re: Fwd: Kazaa file corruption"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Mar 06 2003 - 14:30:46 PST