Kian Bradley’s Blog

Resurrecting a dead torrent tracker and finding 3 million peers

2025-06-15T21:08:29-07:00

So I was uh, downloading some linux isos, like usual. It was going slowly, so I opened up the Trackers tab in qBittorrent and saw the following:

Most of the trackers were totally dead. Either the hosts were down or the domains weren’t being used.

That got me thinking. What if I picked up one of these dead domains? How many clients would try to connect?

What are trackers for, anyways?

A tracker is a core component of the BitTorrent protocol. Trackers are the services that point you to other peers for the torrent. Without trackers, there would be no one to share the file with.

Obviously this represents a major source of centralization in the torrent protocol. If your trackers aren’t maintained – or if they get forced offline by certain industry organizations – you’re out of luck.

We have an alternative, called Mainline DHT, which performs a more decentralized lookup of peers based on infohash alone. DHT isn’t perfect, though. It relies on bootstrapping nodes and is vulnerable to Sybil attacks. And in the example of my poorly-served torrent, DHT wasn’t surfacing any peers, regardless.

Hosting a tracker

Looking through the list of trackers marked “host not found”, I noticed udp://open.demonii.si:1337/announce was available.

I bought the domain through Dynadot (one of the few .si domain registrars), then spun up a quick anonymous VPS. I mapped the domain to the VPS, then set up opentracker, the most widely used and robust torrent tracker software.

Instructions for Ubuntu 24.04:

sudo apt install gcc-14 g++-14 build-essential zlib1g-dev
sudo update-alternatives --install /usr/bin/gcc gcc /usr/bin/gcc-14 14
sudo update-alternatives --install /usr/bin/g++ g++ /usr/bin/g++-14 14

Follow the readme to compile, first the dependency libowfat (a GPL reimplementation of some of dan bernstein’s C libraries) and then opentracker itself.

cvs -d :pserver:cvs@cvs.fefe.de:/cvs -z9 co libowfat
cd libowfat
make
cd ..
cvs -d:pserver:anoncvs@cvs.erdgeist.org:/home/cvsroot co opentracker
cd opentracker
make

Finally, a quick systemd unit file to daemonize this service:

[Unit]
Description=opentracker
After=network-online.target
Wants=network-online.target

[Service]
Type=simple
User=opentracker
Group=opentracker
WorkingDirectory=/var/lib/opentracker
ExecStart=/home/opentracker/opentracker/opentracker -p 1337 -P 1337 \
          -d /var/lib/opentracker -u opentracker
Restart=on-failure
LimitNOFILE=65536

[Install]
WantedBy=multi-user.target

What did I find?

Before even starting opentracker, I saw a flood of traffic against UDP port 1337:

I then started the tracker. After about an hour, it peaked at about 1.7 million distinct torrents across 3.1 million peers!

Response from http://open.demonii.si:1337/stats?mode=everything:

<?xml version="1.0" encoding="UTF-8"?>
<stats>
  <tracker_id>273419141</tracker_id>
  <version>
https://erdgeist.org/gitweb/opentracker/commit/?id=b20b0b89264e9d28ab873b8b1cc9ba73cdb58aeb
  </version>
  <uptime>10313</uptime>
  <torrents>
    <count_mutex>1735538</count_mutex>
    <count_iterator>1735523</count_iterator>
  </torrents>
  <peers>
    <count>3155701</count>
  </peers>
  <seeds>
    <count>1342504</count>
  </seeds>
  <completed>
    <count>244224</count>
  </completed>
  <connections>
    <tcp>
      <accept>21532</accept>
      <announce>20219</announce>
      <scrape>263</scrape>
    </tcp>
    <udp>
      <overall>58843612</overall>
      <connect>18321703</connect>
      <announce>33160261</announce>
      <scrape>3211543</scrape>
      <missmatch>4116689</missmatch>
    </udp>
    <livesync>
      <count>0</count>
    </livesync>
  </connections>
  <debug>
    <renew>
      <count interval="00">12216193</count>
      <count interval="01">1463740</count>
      <count interval="02">536527</count>
      <count interval="03">284756</count>
      <count interval="04">243276</count>
      <count interval="05">93237</count>
      <count interval="06">63618</count>
      <count interval="07">53934</count>
      <count interval="08">36851</count>
      <count interval="09">28990</count>
      <count interval="10">352150</count>
      <count interval="11">56610</count>
      <count interval="12">24557</count>
      <count interval="13">21628</count>
      <count interval="14">24932</count>
      <count interval="15">63250</count>
      <count interval="16">38174</count>
      <count interval="17">33730</count>
      <count interval="18">27827</count>
      <count interval="19">27166</count>
      <count interval="20">22463</count>
      <count interval="21">17820</count>
      <count interval="22">17248</count>
      <count interval="23">17276</count>
      <count interval="24">17825</count>
      <count interval="25">20144</count>
      <count interval="26">27987</count>
      <count interval="27">792338</count>
      <count interval="28">1579577</count>
      <count interval="29">1625355</count>
      <count interval="30">2229105</count>
      <count interval="31">1670317</count>
      <count interval="32">1581574</count>
      <count interval="33">846355</count>
      <count interval="34">96656</count>
      <count interval="35">68160</count>
      <count interval="36">47801</count>
      <count interval="37">36705</count>
      <count interval="38">32256</count>
      <count interval="39">27535</count>
      <count interval="40">27593</count>
      <count interval="41">27640</count>
      <count interval="42">24090</count>
      <count interval="43">20762</count>
      <count interval="44">17880</count>
    </renew>
    <http_error>
      <count code="302 Redirect">0</count>
      <count code="400 Parse Error">0</count>
      <count code="400 Invalid Parameter">55</count>
      <count code="400 Invalid Parameter (compact=0)">0</count>
      <count code="400 Not Modest">0</count>
      <count code="402 Payment Required">0</count>
      <count code="403 Access Denied">0</count>
      <count code="404 Not found">883</count>
      <count code="500 Internal Server Error">0</count>
    </http_error>
    <mutex_stall>
      <count>0</count>
    </mutex_stall>
  </debug>
</stats>

Is this legal?

Maybe.

When the recording industry and other litigious organizations go after torrent trackers, they’re mainly chasing down the public-facing parts of the system. The legal decisions against websites like The Pirate Bay hinge on how they highlight popular movies, sell ads, and offer .torrent files. This is all taken as evidence of inducement, meaning the intentional promotion of copyright infringement.

Does hosting tracker infrastructure, unadvertised, count as “inducement”? It’s a harder case to make. I’m aware that many torrents, both freely available and copyrighted, use this tracker. But it would be more difficult to prove intent here.

Regardless, I was spooked. I thought through my chain of events and realized I had already fucked up by paying for the domain with a credit card. I shut down the VPS and deleted the domain quickly after confirming it works.

So… the domain is available now. It’s quite easy to find unclaimed domains like this. If you want to do a public service, open.demonii.si and others are up for registration…

Supporting modern https on Windows XP

2024-01-14T11:53:18-08:00

I managed to get modern SSL/TLS connections working under Windows XP, by running a lightweight Linux VM which strips the TLS headers and re-applies a self-signed certificate:

Much of this guide is adapted from the dockerfile from bitbucket.org/ValdikSS/oldssl-proxy. Thanks ValdikSS!

I recommend using Firefox on Windows XP, it seems to have the best support for the modern web. I’m using Firefox 47.0.2. Download old versions of firefox at ftp.mozilla.org/pub/firefox/releases/.

Install the virtual machine

Install a virtual machine software, such as VMware Workstation v9.0.1 Incl. Keymaker - EMBRACE [deepstatus]. If you want to find a torrent program that works on XP, I recommend Deluge 0.9.09.

For our VM, we’ll use Alpine Linux, as it’s very lightweight and still supports 32-bit CPUs. Download alpine-standard-3.13.2-x86.iso.

In VMware, create a new virtual machine. You can allocate 256mb RAM and a 2GB disk, maybe less.

Configure the machine to use your iso file and boot. Install Alpine by running setup-alpine. Use the default options, but pick sys as the disk partitioning option.

Install and configure squid proxy

We will use Squid to proxy the web connection. Install it:

apk add alpine-sdk squid openssl darkhttpd
/usr/lib/squid/security_file_certgen -c -s /var/cache/squid/ssl_db -M 4MB
chown squid:squid -R /var/cache/squid/ssl_db
mkdir /etc/squid/ssl_cert

Edit the squid configuration. Run these sed commands, or use vi if you’re comfortable with it.

cd /etc/squid/

# Comment out some lines
sed -i 's/http_port 3128/#http_port 3128/' squid.conf
sed -i 's/http_access deny !Safe_ports/#http_access deny !Safe_ports/' squid.conf
sed -i 's/http_access deny CONNECT !SSL_ports/#http_access deny CONNECT !SSL_ports/' squid.conf

# Insert new configuration at the end
echo 'http_port 3128 ssl-bump \' >> squid.conf
echo '    cert=/etc/squid/ssl_cert/myCA.pem \' >> squid.conf
echo '    cipher=HIGH:MEDIUM:!LOW:!aNULL:!eNULL:!MD5:!EXP:!PSK:!SRP:!DSS \' >> squid.conf
echo '    options=NO_TICKET,ALL \' >> squid.conf
echo '    generate-host-certificates=on dynamic_cert_mem_cache_size=4MB' >> squid.conf
echo '' >> squid.conf
echo 'visible_hostname squid-oldssl-proxy' >> squid.conf
echo 'ssl_bump bump all' >> squid.conf
echo 'tcp_outgoing_address 0.0.0.0' >> squid.conf
echo 'sslproxy_cert_sign_hash sha1' >> squid.conf

We need to generate an old, outdated CAcert, which is no longer supported by OpenSSL. Let’s recompile it with deprecated security enabled. This may take 1-2 hours on older hardware.

adduser user -D -G abuild

su user bash -c 'cd && git clone https://github.com/alpinelinux/aports.git --depth 1'
su user bash -c 'abuild-keygen -a < /dev/null'
cd /home/user/aports/main/openssl/

sed -i 's/no-ssl3/enable-ssl3 enable-ssl3-method/' APKBUILD
sed -i 's/no-weak-ssl-ciphers/enable-weak-ssl-ciphers/' APKBUILD

su user bash -c 'cd /home/user/aports/main/openssl/ && abuild -r

Let’s generate the certificates. 1024 bit RSA keys and SHA-1 signatures are no longer considered secure, but they’re fine for communication between XP and the Linux VM.

cd /etc/squid/ssl_cert
mkdir public
openssl req -new -newkey rsa:1024 -sha1 -days 1825 -nodes -x509 -extensions v3_ca -subj '/C=AU/ST=Some-State/O=OldSSL Proxy' -keyout myCA.pem -out myCA.pem -batch
openssl x509 -in myCA.pem -outform DER -out public/OldSSL.der
openssl x509 -in myCA.pem -outform PEM -out public/OldSSL.crt

chown squid:squid -R /etc/squid/ssl_cert/

Download self-signed certificates

# Get your local IP address. Mine was 192.168.88.131
ip addr
# Run an HTTP server to serve the certificates
darkhttpd /etc/squid/ssl_cert/public/ --port 3180 --daemon

In any browser, navigate to your VM’s IP address at port 3180 and download the certificates. For me, this was http://192.168.88.131:3180. (Use the output of ip addr to figure out your VM’s address.)

Start the proxy service

Finally, run squid proxy. If you see any errors, check the log in /var/log/squid/cache.log

squid

Enable the service to make squid start automatically with the VM:

rc-update add squid default

Install the certificates

Double-click on the .crt file and say yes to the prompts. This adds it to the built-in Windows certificate store.

In Firefox, you need to go to Tools > Options > Advanced > Certificates > View Certificates > Authorities > Import and import your .crt file.

Set up the proxy

In Internet Explorer, go to Tools > Internet Options > Connections > LAN Settings. Enter the proxy in the lower box, with the IP address of your VM and the port 3128.

In Firefox, go to Tools > Options > Advanced > Network > Connection Settings. Check “Manual proxy configuration” and enter the IP address of your VM and port 3128.

Conclusion

Everything should now be working! You can check the status of the squid service with rc-service squid status. If you’re having issues, check the logs under /var/log/squid/.

Running rumprun for Xen in Ubuntu 16.04

2016-08-25T20:57:23-07:00

Running rumprun under Xen isn’t hard, but it’s less documented than running it under KVM. This page is similar to Rumprun’s guide to building rumprun unikernels with a few Xen-specific changes.

Build the rumprun platform

Install prerequisite xen headers and build tools:

sudo apt-get install build-essential libxen-dev

Clone their repo, cd, build:

git clone http://repo.rumpkernel.org/rumprun
cd rumprun
git submodule update --init
CC=cc ./build-rr.sh xen

Add binaries to PATH

You’ve now build rumprun and the binaries necessary for building, baking, running are located in rumprun/bin. You’ll want to these to your PATH variable for convenient access:

export PATH="${PATH}:$(pwd)/rumprun/bin"

You can also add this to your ~/.bashrc to make these changes permanent.

vim ~/.bashrc

Append the following, where [location of rumprun] represents the directory containing rumprun:

export PATH="$PATH:[location of rumprun]/rumprun/bin"

Building applications

Get some source code and use rumprun’s version of gcc to compile it. (Follow the rumprun tutorial for a more thorough explanation…)

Here, helloer.c is our source code and helloer-rumprun is the output binary.

x86_64-rumprun-netbsd-gcc -o helloer-rumprun helloer.c

Baking applications

I was going to make a joke here but I can’t think of anything clever right now. You need to bake it. That means running a command to add in all the kernel-y bits that makes rumprun ready for it.

Here, helloer-rumprun is the binary we just built and helloer-rumprun.bin is the the binary with the necessary rumprun pieces.

rumprun-bake xen_pv helloer-rumprun.bin helloer-rumprun

Running applications

Here’s the hard part. The rumprun command is a script that will create a Xen configuration file in /tmp and start up a Xen PV guest. For xen, it will look like this:

rumprun -S xen -id -g [Xen config options] -I [network interface] -W [more network options]

The -I and -W commands can be omitted if there is no need for networking. I have networking set up using a NAT, in which there exists a subnet local to the machine. Look at my article on Xen networking to see how I set up networking within rumprun.

Setting up NAT networking in Xen using virsh

2016-08-25T20:57:22-07:00

There are two main ways to set up networking in Xen. You can use a bridged network, or you can set up NAT. A bridged network means that the guest domains will talk to the router directly to get an IP address. NAT networking creates a subnet local to your machine, and the guest domains will talk to dom0 to get an IP address.

Neither one is better than the other, really. Bridged networking is slightly simpler if you want something that just works. NAT-ing will create an internal network that allows for simpler local (domain-to-domain) communication and greater control over external communication. The downside is that you’ll need to set up a static IP per guest and set iptables rules to allow for external communication.

Installing virsh

Install libvirt:

sudo apt-get install libvirt-bin libvirt0

Check that it’s been installed, and that the default network is in place:

virsh net-list --all

Set static IP, associate each IP with a mac address

Edit the default virsh config:

sudo virsh net-edit default

Under the <dhcp> tag, add a listing for each guest. The name can be whatever you want it to be.

For the MAC address, the first 3 bytes should not be changed, this is the OUI assigned to the Xen project. The last 3 can be whatever you like.

This is my DHCP configuration, with three guest domains configured:

<dhcp>
	<range start='192.168.122.128' end='192.168.122.254'/>
	<host mac='00:16:3e:00:00:02' name='osv' ip='192.168.122.2'/>
	<host mac='00:16:3e:00:00:03' name='ubuntu' ip='192.168.122.3'/>
	<host mac='00:16:3e:00:00:04' name='rumprun' ip='192.168.122.4'/>
</dhcp>

Setting up a guest domain with NAT

standard xen cfg

In your Xen guest configuration file, add the following virtual interface, where mac corrosponds with the virsh configuration:

vif = ['mac=00:16:3e:00:00:03,bridge=virbr0']

rumprun unikernel

The rumprun unikernel is launched with the rumprun script. Here “newnet” is used internally by the script and can be set to whatever you like. rumprun_image.bin represents the baked rumprun binary you are running:

rumprun -S xen -id -I newnet,xenif,'bridge=virbr0,mac=00:16:3e:00:00:04' -W newnet,inet,dhcp rumprun_image.bin0

Setting up Xen in Ubuntu 16.04

2016-08-25T20:57:21-07:00

Xen is the future, you guys. While KVM has very good support and widespread use, the fact that it exists as a Linux kernel module means it runs as basically another process under linux, with all of the scheduling issues and limitations that come along with being a process. Xen works by “pinning” the host and guest operating systems to specific cores, allowing for much greater separation of guests. In Xen, the guest is running alongside the host, instead of under it. The host, aka “dom0”, sits meekly alongside with the permissions to administer guests.

Install the Xen hypervisor

sudo apt-get install xen-hypervisor-amd64

Change Ubuntu’s grub bootloader to customize how Xen boots. The following gives Xen dom0 1 cpu, “pins” it (cpu assigned to dom0 won’t change), and gives 4gb memory.

sudo vim /etc/default/grub

add the following line:

GRUB_CMDLINE_XEN_DEFAULT="dom0_max_vcpus=1 dom0_cpus_pin dom0_mem=4G,max:4G"

update grub:

sudo update-grub

Create a disk for use with Xen

This can be done in several different ways. Here I use LVM to create a new logical volume.

Basically, you’ll figure out what the name of your existing volume group is, then add another logical volume into that.

List volume groups with

sudo vgs

Mine is called pcp-d-15-vg. I create a 16gb logical volume with the name xen_1:

lvcreate -L 16G pcp-d-15-vg -n xen_1

More information on using LVM: tldp.org/HOWTO/LVM-HOWTO

Making a config file

There are a lot of options that go into making a xen cfg file. Below is provided a basic config with some explanations, but google around as needed to get a better understanding.

PV or HVM?

There are two ways to run Xen: HVM or PV mode. HVM stands for Hardware Virtualization Mode, and PV stands for Paravirtualized. Traditionally, HVM provided more efficient emulation, as it gave the guest more direct access to hardware; paravirtualization provides a “paravirtualized” interface for the guest to run on, and requires the guest have paravirtualized driver support. Recently, better paravirtualized driver support in Linux and better interaction between Xen and hardware virtualization has led to paravirtualized mode actually being the better option over HVM. (Interestingly, one of the biggest places PV shines over HVM is in page table and TLB virtualization; see wiki.xen.org/wiki/X86_Paravirtualised_Memory_Management).

sample xen.cfg

I recommend you follow this guide on how to set up a new Ubuntu guest using their bootloader code. If you already have a prepared disk image, skip the kernel and ramdisk images and go ahead and uncomment bootloader.

tsc_mode is something complicated to do with the emulation of x86 timer instructions. read more here: xenbits.xen.org/docs/4.3-testing/misc/tscmode.txt

name = "example ubuntu guest"
# memory in megabytes
memory = 2048
# number of cpus, which cpus this guest is pinned to
vcpus = 4
cpus = "5-8"

tsc_mode = "native"

kernel = "/var/lib/xen/images/ubuntu-netboot/trusty14LTS/vmlinuz"
ramdisk = "/var/lib/xen/images/ubuntu-netboot/trusty14LTS/initrd.gz"
#bootloader = "/usr/lib/xen-4.4/bin/pygrub"

disk = ['/dev/pcp-d-15-vg/xen_1,raw,xvda,rw']

See my xen networking article for info on how to set up networking: Setting up NAT networking in Xen using virsh

Starting up Xen

The Xen control program is called xl. Given config file “xen.cfg”, start up a guest domain like

sudo xl create xen.cfg

If it works, it will have started in the background and you will need to attach to the guest’s console in order to control it.

First you’ll need the guest domains’ id (domid). List domain IDs by typing

sudo xl list

Attach to the console by typing

sudo xl console DOMID

You can then detach from this console with the hotkey ctrl-] (control and right bracket).

A domain can then be shut down by issuing a instructing the guest operating system to shutdown (e.g. the Linux shutdown command), or using xl.

Gracefully request an OS shutdown with the command

sudo xl shutdown DOMID

Force an immediate shutdown with

sudo xl destroy DOMID