This is a summary of the first post at: [1] http://www.share-france.info/forum/viewtopic.php?id=1280 And the relevant link at: [2] http://itpro.nikkeibp.co.jp/article/Watcher/20070122/259207/ My French is not good enough to translate the former (although it's quite readable through Google Translate), and currently don't have time to fully translate the latter. The purpose for this page is mainly to give more attention to the above pages. Thanks to Ahytes for the links. -- [1] http://www.share-france.info/forum/viewtopic.php?id=1280 * Share is anonymous for the initial uploader. When a new file is being uploaded, the initial uploader divides the file into blocks and send them to its neighbors. Then, the neighbors send blocks to each other to complete the file. Because none of the neighbors got the complete file from a single source, the initial uploader is indistinguishable among them. On the other hand, when these nodes send file to the next set of nodes, a direct connection is used without dividing the file. This feature gives Share its speed, but makes the addresses of the uploaders visible. The only question left is whether these uploaders had the complete file or just the blocks. * Share's protocol has been completely analyzed. As demonstrated by NetAgent in December 2006, they are able to determine the status of which download node has what files. These are not simple speculations (see [2] below), and eEye has the software to prove it. The software Retina Sharebot acts as a Share node, and collects file hash, IP address and port number, and other related information into a database. This allows users to track illegal data or personal information leaks, and easily determine the extent they have been spread. Retina Sharebot Personal Edition is free for any user to use (differs from the professional edition in crawler thread count and database size). * It is risky to use Share now. Given the information above, let's hope that a new version comes soon. -- [2] http://itpro.nikkeibp.co.jp/article/Watcher/20070122/259207/ This summary does not include any figures, which are implementation details of each step. Please refer to the original document for those. * Page 1 Introductory page, describing how the algorithms and protocols of the Share network has been analyzed. * Page 2 Overview of the Share protocol: - Uses TCP. - 1024bit RSA public key + RC6 encryption. - CRC-32 and SHA-1 for hash. - Because the key pairs are randomly generated every time the system starts, it's more difficult to sniff Share's traffic, reducing risk for Share's users. - However, the packet encryption schemes are mainly intended to prevent third party from sniffing packets. It does not prevent someone acting as a Share node to analyze the network. * Page 3 Key generation scheme: - All packets are encrypted with RC6 before being sent. - Initial key K is generated using SHA-1 hash from the server's port number. - This K is then fed into a 132-round encryption network, using data from a 256 byte hardcoded table at offset 0x132c64 from Share's binary. Output is the final key. * Page 4 Key exchange: - Server encrypts a "hello" packet using the generated key, and sends it to the client. * Page 5 Server public key: - After client successfully decrypts the server's "hello" packet, server sends its public key (encrypted) to the client. - This is a 148 byte key (1024bits plus additional headers). * Page 6 Client encryption key: - After receiving server's public key, client sends its encryption key to the server (encrypted with server's public key). - This is a 20 byte key. * Page 7 Client information: - Now that both sides have the proper set of keys, client proceeds to send information about itself to the server, which includes Share version number, maximum transfer rates, start time and so forth. - This information also includes hash of Share's code (in-memory image). If this hash does not match expected values, the server disconnects to prevent cracked versions of Share from infiltrating the network. - Share also periodically checks itself, and terminates immediately if it finds that its own image has been overwritten. * Page 8 Cluster information: - After sending node information, clients sends cluster information. - Server replies with its own node/cluster information, and now it's ready to receive commands from the client. * Page 9 Command 0: - Share's most important command is the one that transfers keys. It's too big to be described on the page, but can be obtained by disassembling virtual address 0x4c6618. Collecting network information: - Using Share's packet data and commands, it's possible to obtain information about other nodes. - It's possible to crawl about 100000 nodes within a few hours. Finally: - Winny and Share networks have expanded to large scales in recent years, leading to many "exposure virus" problems and information leakage, and making data tracking and deletion difficult. - There are high risks involved with the convenience of the internet, and it's near impossible to deal with all problems at an individual level. - This system to gain visibility into Share's network a way of containing the information leakage problem, given enough cooperation from various related organizations.