All geek questions in one place

How to convert Torrent info_hash bit (received from Wireshark) to SHA1 hash

I run Snort, which detects some P2P actions, in particular, a BitTorrent ad request. I see an HTTP GET / announce.php? Info_hash = XXX ... request, and I'm trying to convert this XXX to the correct SHA1 hash to try to get an idea of ​​what is loading.

I read various things that say it is a URL encoding, while others that say just remove the% character, however I cannot reproduce this.

Can anyone suggest how to do this?

+3
source share
3 answers

info_hash- SHA1 hash. This is a binary hash, URL encoded to be included in the URL.

- , URL-, URL- . , Python:

>>> '%00%01%02%20%25ABC+XYZabc%7F%80%81%FE%FF'
'%00%01%02%20%25ABC+XYZabc%7F%80%81%FE%FF'
>>> urllib.unquote_plus(_)
'\x00\x01\x02 %ABC XYZabc\x7f\x80\x81\xfe\xff'
>>> _.encode('hex')
'00010220254142432058595a6162637f8081feff'
+4

, , . info_hash - SHA1. : %5d%97%dbA%d7a%2b%92%f5%c2%ef%dcv%bf%e7%e6%03%24%85%0a. $_GET['info_hash'], - % s. $_SERVER['QUERY_STRING']. , SHA1 info_hash PHP:

$arye = $_SERVER['QUERY_STRING'];
$arye = explode('info_hash=', $arye)[1];
$arye = explode('&', $arye)[0];
$arye = explode('%', $arye);
$arp = '';
foreach($arye as $ara) {
    if (strlen($ara) == 2) {
        $arp .= $ara;
    }else{
        $e1 = substr($ara, 0, 2);
        $e2 = substr($ara, 2, 1);
        $e2 = unpack('H*', $e2)[1];
        $arp .= $e1;
        $arp .= $e2;
    }
}

echo $arp; // This will be your SHA1 hash

:% 5d% 97% dbA% d7a% 2b% 92% f5% c2% ef% dcv% bf% e7% e6% 03% 24% 85% 0a β†’ 5d97db41d7612b92f5c2efdc76bfe7e60324850a

0

No you can

infohash == sha1(torrentfile["info"])

But you can use info_hash as a key to search the DHT network

0
source

Source: https://habr.com/ru/post/1771787/

More articles:


All Articles