Building Subversive File Sharing With Client Side Applications
By Robert Hansen
Overview: There are two basic premises of file sharing programs, the first being the ability to share files with one or more users elsewhere on the Internet. The second premise of file sharing is to reduce the bandwidth requirements of the person who has the file as they distribute it to the individuals who want the file in question. Both of these requirements can be met with the concept of subversive client side code and websites hosted by the colluding parties involved.
Scenario: There are three parties in this scenario who all take place in the file sharing. Two of whom are willing parties, and one of which is an unsuspecting party. All parties could represent many actual people/computers:
- Alice: Willing party (owns a web site, and has the original file).
- Bob & Zack: Willing parties (own web sites, and are interested in original file). Bob & Zack also represent more than one individual, but rather a set of people who are all interested in downloading the file in question.
- Cathy: Unwilling participant (owns only a browser and knows nothing about the original file).
Alice runs a website that Bob & Zack know contains the file they are interested in. Bob & Zack decide to download the known file from Alice and subsequently initiate a connection to a known program on Alice's website that advertizes this information. Information is then shared between the parties including cryptographic hashes of the files to ensure file integrity, the information on where Alice is supposed to send the file to and other potentially pertinent information.
Note: This information may also include a password to the encryption algorithm used if the information needs to remain secret from outside parties in transit. It is unlikely that public key cryptography would be used because for efficiency's sake all parties who receive the file must receive the same thing. The only caveat to this is if the set of all users who wanted the file in question never increased, allowing for a one time encryption with all the public keys of all the recipients in question before transfer.
Bob & Zack also run a similar program to Alice's on their own websites that will be used to eventually post the file to. This program does not have to reside anywhere in particular, but it must be known to Alice and eventually given to Cathy.
Note: Technically Bob & Zack don't need to run a web-server, just a passively listening socket that can eventually make outbound connections as well, but for ease of explanation let's assume Bob & Zack's programs are web servers with programs residing on their sites which respond to commands.
Note: It should be noted that cross site scripting could also be a good alternative, in that a user visiting an otherwise good page could be subverted into this process.
Once the software is running and the first N bytes are delivered, Cathy's browser is instructed to send it to Bob's website. Remember Bob & Zack represent many users who want the file in question; otherwise a simple GET request would be far better for bandwidth conservation for both Alice and the single other party.
Note: HTTP is not a particularly efficient protocol for sending files, due to the fact that it has lots of error checking. There may be other interesting ways to force other protocols cross domain, as Alice and Bob & Zack are colluding together against Cathy, but that is slightly outside the scope of this paper.
Accounting for error conditions is the largest hurdle to overcome in this system, but it could easily be overcome by a system of tracking and heavy error correction/checking upon sending and receipt, to insure that both Cathy and the ultimate recipients receive the file they were intended to. Bob & Zack both must not rely upon Cathy for anything, but must double check every chunk of bytes they receive with Alice to insure that the data has not been tampered with by Cathy, in the case where Cathy becomes aware of the compromise of her system.
Conclusion: The major advantage of this form of file sharing is that it utilizes third party bandwidth heavily, and doesn't require a complete compromise of their system. With very little effort a browser can be turned into a robot for transmission. In a way these users, when used heavily in parallel can be used as a virtual HTTP based network file system.
Edit (06/05/2008): A first iteration of this concept has already appeared subsequently, called webtorrent.