BYPASSING AUDIOGALAXY'S SEARCH RESTRICTIONS Presented by The Anti Blocked Alliance * xyzzy- * Longer * ~RAY~ * Rich_9999 * • Nirav • * latinboy_19 * Introduction ------------ Audiogalaxy's central servers allow efficient and thorough indexing of it's 26 million userbase. However, the centralization causes AG to be responsible for what goes on and through their servers. Therefore, the RIAA can politely ask AG to block certain songs, and AG will happily comply. History ------- This section is a work-in-progress. If any members have relevant information, contributing it will be greatly appreciated. May 2001 AG|Groups are implemented, sending arbitrary songs is possible 23Mar 2002 us|AUTOMATED REQUESTS founded, AG-ar up and running full time 9Apr 2002 AG|Songs must be in shared folder & satellite on to send songs 15Apr 2002 us|xyzzy- updates AG-ar to create fake songs, up and running again 20Apr 2002 us|X Blocked Songs closes 24May 2002RIAA|Sues Audiogalaxy slashdot.org/article.pl?sid=02/05/25/0324248 |www.riaa.com/PR_story.cfm?id=520 27May 2002 AG|Stops sending of all blocks songs in any way |5186 songs sent in one week of AUTOMATED REQUESTS ANTI-X ------ Message from laika8arwa: xyzzy is your trick still running? ... anycase... the email of garada is dmsatellite@terra.es Internal intelligence reveals a group, that shall remain nameless (** BAG OF TRICKS**) is employing a Spanish-language software named "Anti-X". This software can be found as 288322518 "Program - antixzip", supposedly put out by Rockusser. Other (thanks chrisx05): "what kind of progrom do you uses. music200, free , antix, mmt, or what" 16:00 xyzzy- - sounds good. later 15:59 laika8arwa - ok... anycase I'll put in contact to garada with you.. for interchange opinions :)). Nice to talk with you :-) 15:50 xyzzy- - it won't be possible to choose the version until open audiogalaxy servers are written. you can get agar here: jeff.tk/AG.pm jeff.tk/AG-ar.pl activestate.com (activeperl is needed) 15:45 laika8arwa - oh yes :-), that's it.. only win :-(. and antix can't choose the version.. do you can? Any case... your program it's only accesible to you and operators no? or it's a free download version? 15:39 xyzzy- - antix only runs on windows. that wouldn't be a problem (I have 2 win machines) but my server runs unix, and it's on 24/7..and also, when i made agar I didn't know antix existed. anyways, thanks 15:37 laika8arwa - ok nice conversation xyzzy.. thx a lot.. why the antix don't run? proxy? 15:33 xyzzy- - ok, i can be contacted at agar@xyzzy.cjb.net 15:32 laika8arwa - ok nice :-) yes garada speak english (enough.. at least better than me :-) 15:30 laika8arwa - no bag of tricks (chiew) it's a member of our group, we are audiogalaxy spain (groups in ag expediente x or audiogalaxy spain). The creator is garada.. if you want I give you the email or you give me 15:29 xyzzy- - re:music200,free,mt I never used them either, chrisx05 told me about them - he might have more information (if you find who made them i'd like to know too :-) 15:28 xyzzy- - fyi, i believe agar w/unweb (my script) works on the same principle as all the others 15:27 xyzzy- - what's your group? i thought antix was made by bag of tricks, but i'd be honored to contact the antix programmer (he speaks english right?) if you have contact information 15:26 laika8arwa - and music200, free? and others? it's the first time I ear about them... do you know the user names of the author's for that programs? 15:24 laika8arwa - umm ok xyzzy- my group is the creator of the antix program and we have curiosity for other ways that the people find to download x.. its possible to put in contact you with the antix programer? 15:18 xyzzy- - no perl. yeah i'm aware of antix, music200, free, mmt etc. but afaik none can run on my server. 15:16 laika8arwa - umm.. really interesting... one script? java?.. do you know the antix program? 15:14 xyzzy- - i wrote a bot that basically tricks ag into believing i have the real song 14:54 laika8arwa - xyzzy just curiosity.. how do you do to give all users the x-songs quickly? do you have all the songs? or a data base to simulate you have it? thx :-) Audiogalaxy Architecture ------------------------ Each unique artist and title pair (either from filename or ID3v1/2 tags) gets it's own song id (sid). Within each sid, unique filesize, bitrate, and playtime trios get their own version id (vid). vids are either 15- or 16- digit hex numbers, most likely a hash of the file's contents. 1234567890123456 bdc24d0e03e3800 1a089af1b04a7000 3f38ab392031c800 fadd06a906b0441 91958b5e02d772f 865421e0013d08a 7a2575b8e03333ee Searching & Queueing -------------------- /list/searches.php Returns a list of linked sids, with either a satellite icon, direct download icon, or an X blocked icon. All are clickable to song.php. /list/song.php If prohibited, displays: song - title artist - title SEARCH PROHIBITED You cannot request this song due to copyright restrictions. Please try a different search. song.php links to several other functions, forming a maze where at any turn, AG can stop you at the request of the copyright holder. Links either to queue.php or chooseVersion.php. /satellite/queue.php If the song is prohibited, displays: SONG BLOCKED X Requests for artist - title have been blocked at the request of the copyright holder This page is used by "GET MOST POPULAR VERISON" and "accept only copies matching bitrate" on song.php. /list/chooseVersion.php Even if the song is blocked, chooseVersion.php displays existing versions file size, bitrate, play time, and locations as well as a graph of availability. However, upon selection of a version one gets this message: You may not add this song to your queue due to copyright restrictions chooseVersion.php is invoked when the user clicks "here" on song.php Circumventing Prohibition: Groups --------------------------------- /groups/sendSongToMembers.php Currently the only known and most popular method of sending blocked songs. A group is created and users within the group are able to send songs to each other. Audiogalaxy does not check if a song being sent is blocked by copyright restrictions. However, as of April 9th: - Your satellite must be on - The song in question must exist in your shared, in some version or another The loophole here is when a song is sent, the version you have is ignored. Whatever the most popular version (vid) is, that is sent. Therefore, you only need to match the sid and can send the most popular vid of the sid. AG will download the song from whoever has it, it doesn't need to be the sender. AG-ar.pl satisfies the April 9th requirements when sending songs, and restarts the satellite until the songs appear in your shared folder. It will retry several times until successful, although 'already sent' is a fatal error and will not be retried. TIP: If you're having trouble getting a file to share under a new name, try changing the file's modification time, size, or bitrate. Either one may cause the Message_OldShares message to be avoided. Future Solutions ---------------- The root of the problem is one company controls the central servers. AG needs to be decentralized, and it's users need to run the servers. My solution is what I call AGitator. Agitator is not yet developed, only planned. Here's how I plan it to work: - AG users can download the Windows software - Runs a server and registers it with a redirection server ("master server") - Uses HOSTS or directly edits the sat to point to 127.0.0.1 - Runs a local redirection server, to allow selection of servers - The local redir server can either: - - Redirect to another redir server (like squash or garlic), return result - - Directly return a server, either selected, preset, or random Swarming? --------- The peer-to-peer message FileRequest can supply a resume offset, where to start sending from. A possible improvement over the standard satellite would be swarming, that is, multiple download sources. The file would be broken into blocks, and once the block download is complete the client would cancel the download. In this way, swarming can be bolted on to the existing proto. If it is in fact possible to swarm from existing peers, that would be a major reason for people to use our satellite instead of Audiogalaxy's. Once we have our feet in the door, we can allow users to select which server they wish to connect to, be it either AG's servers or an OpenAG server. Cloning AG ========== The client is a piece of cake, as the many clones proves. Once the protocol is known, requesting songs is relatively trivial compared to the AG server. Servers have to understand many protocols, 520L for Linux and 606/608/609W for Windows. Clients can only speak one protocol, and there are several protocol verisons so the server has to accompany this. Login Database (Message_Login, LoginError, AccountExistence) -------------- Used by Message_Login. The server sends a random prefix and the client concatenates it with the password then hashes it using MD5. The MD5 is sent, and the server performs the same operation. The login/password pair inevitably has to be stored in plain text to allow proper hashing, unless there are mathematical operations one can do with MD5 hashes. However, with OpenNap the password is frequently ignored. It's too much of a security risk with peer-to-peer servers. I'd rather have the server completely ignore, not even store, the incoming password and always let all users login. We want an open server, after all. File Database (Message_FileDeleted, SendShares, NewSharedFile) ------------- Database of files and their metadata. Unique artist, title combinations form unique sids (song IDs). Unique sids, filesize, bitrate, playlength, and possibly hash form unique vids (version IDs). However, messages only contain a block "FILE_ID", perhaps it is the vid. SONG_ID is also used within the protocol, it may be the sid. The server must keep track of everyone sharing the file, and how many people are. In this way the 30-day graph can be generated if required or desired. The file database is essentially all the server has to worry about.