Disable DHT blocking in popular torrent clients

On many so-called “private” trackers, torrents are distributed with a flag set that prevents the use of the DHT network . The purpose of this is to prevent the distribution of material to customers who are not registered on this tracker. However, for the user, this means a decrease in the number of siders, sometimes significant.

Below we will look at how to disable this restriction in popular torrent clients. A general approach will be considered, as well as practical application to the current version of uTorrent and qBitTorrent .

1. Entry

In the network, in the past, a lot of information was laid out regarding the so-called “DHT patches”, as well as the patches themselves were laid out. However, when analyzing these data, they often turn out to be contradictory and even in some cases completely inoperative. This is due to the constant updating of clients, changing the structure of programs, and in some cases - the wrong approach of the authors of the patches.

We will try not just to create a ready-made solution, but to analyze the main steps so that the reader can even in the event of a change in the future remove the restrictions of DHT in new versions of customers.
')

2. Preparation.

We will need:

1. The current distribution of the torrent client.
2. The archiver capable of unpacking installation files, for example, in the case of uTorrent and qBitTorrent is 7-zip .
3. Unpacker executable client files, in the case of uTorrent - UPX .
4. IDA or any other disassembler.

First, extract and extract the executable files. To do this, open the downloaded installers and open them in 7-zip. We will need:

• in the case of uTorrent, the Carrier.exe file;
• In the case of qBitTorrent, the files are qbittorrent.exe and qbittorrent.pdb (or their 64-bit counterparts, if the 64-bit client is changed).

For uTorrent, you also need to unpack the UPX packaging, this can be done with the command
upx.exe -d Carrier.exe

2. Search and change code.

In general, the implementation of DHT blocking in all clients at the Assembler level looks the same, it is a call to the flag check function, and if this function returns a zero value, go to the code area that allows using DHT:

 call TestPrivate test eax, eax jz NotPrivate 

for this reason, the patch itself will be expressed in a simple change of one byte of code 74 => EB, which makes the conditional transition jz to unconditional and thus ignore the check for “privacy”.

It remains to find this function.

In fact, it is absolutely not difficult, given the specifics of this code and the presence of the keyword "private". Open the unzipped uTorrent client file in IDA and search for this keyword:



It can be seen that with the specified key in uTorrent there are only three sections of the code. Here's what they look like:

1. 
2. 
3. 

It is obvious that the code we need is the third one in the list, since only it represents a function call and a check of return to zero followed by a conditional transition.

Our task is to simply replace the function, as we mentioned earlier:

In essence, this is the replacement of the characteristic sequence
68 00 FF 69 00 E8 19 F1 FA FF 85 C0 74 07
on
68 00 FF 69 00 E8 19 F1 FA FF 85 C0 EB 07

In the case of qBitTorrent, the task is simplified even more, since the developer has put the pdb file into the installer, so the function names will be more obvious, and the search by keyword is simplified:



This is how the verification code itself looks like:



As you can see, in fact, it is indistinguishable from uTorrent. The patch will be similar:



This is the replacement of the characteristic sequence.
E8 20 CB FA FF 84 C0 74 59
on
E8 20 CB FA FF 84 C0 EB 59

qBitTorrent is also offered as a 64-bit client. The actions regarding him will be completely analogous, except for the fact that we will need a 64-bit version of IDA. The search result for the keyword is expected to be similar:



The form of the corresponding function is somewhat different, but the essence remains the same:



Well, the corresponding patch, here it will be three bytes:



This is the replacement of the characteristic sequence.
E8 8F 0E F8 FF 4C 8D 3D 54 E5 46 01 83 CB FF 84 C0 0F 84 DB 00 00 00
on
E8 8F 0E F8 FF 4C 8D 3D 54 E5 46 01 83 CB FF 84 C0 E9 DC 00 00 00 00

3. Results

We have consistently studied the procedure for finding and disabling the function of restricting the use of DHT for private torrents in popular uTorrent and qBitTorrent clients.
I think that the proposed mechanism will be similar for any other clients - in any case, I checked it on ComboPlayer .

To automate the process, I created two patchers for the current versions of uTorrent and qBitTorrent. For uTorrent, the patcher also unpacks the original installer. Files can be downloaded here:

XBitTorrent version x32 patcher
XBitTorrent version x64 patcher
Unpacked File Patcher uTorrent
Silent uTorrent all-in-one patcher : unpacks, patches and back packs the installer, and also unpacks, patches and packs back the already installed uTorrent (provided that the installation folder is by default, that is, "% userprofile% \ AppData \ Roaming \ uTorrent \ "