root / dotorg / v6 / html / beps / bep_0008.html

<?xml version="1.0" encoding="utf-8" ?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="generator" content="Docutils 0.5: http://docutils.sourceforge.net/" />
<title></title>
<link rel="stylesheet" href="../css/bep.css" type="text/css" />
</head>
<body>
<div class="document">

<div id="upper" class="clear">
<div id="wrap">
<div id="header">
<h1><a href="../index.html">BitTorrent<span>.org</span></a></h1>
</div>
<div id="nav">
<ul>
<li><a href="../index.html">Home</a></li>
<li><a href="../introduction.html">For Users</a></li>
<li><span>For Developers</span></li>
<!-- <li><a href="./blog">Blog</a></li> -->
<li><a href="../donate.html">Donate!</a></li>
</ul>
</div> <!-- nav -->
<!-- ### Begin Content ### -->
<div id="second">



<table class="rfc2822 docutils field-list" frame="void" rules="none">
<col class="field-name" />
<col class="field-body" />
<tbody valign="top">
<tr class="field"><th class="field-name">BEP:</th><td class="field-body">8</td>
</tr>
<tr class="field"><th class="field-name">Title:</th><td class="field-body">Tracker Peer Obfuscation</td>
</tr>
<tr class="field"><th class="field-name">Version:</th><td class="field-body">10811</td>
</tr>
<tr class="field"><th class="field-name">Last-Modified:</th><td class="field-body"><a class="reference external" href="https://svn.bittorrent.com/trac.cgi/browser/dotorg/trunk/html/beps/bep_0008.rst">2008-02-15 00:55:45 -0800 (Fri, 15 Feb 2008)</a></td>
</tr>
<tr class="field"><th class="field-name">Author:</th><td class="field-body">David Harrison &lt;dave&#32;&#97;t&#32;bittorrent.com&gt;, Anthony Ciani &lt;tony&#32;&#97;t&#32;ciani.phy.uic.edu&gt;, Arvid Norberg &lt;arvid&#32;&#97;t&#32;bittorrent.com&gt;, Greg Hazel &lt;greg&#32;&#97;t&#32;bittorrent.com&gt;</td>
</tr>
<tr class="field"><th class="field-name">Status:</th><td class="field-body">Draft</td>
</tr>
<tr class="field"><th class="field-name">Type:</th><td class="field-body">Standards Track</td>
</tr>
<tr class="field"><th class="field-name">Created:</th><td class="field-body">31-Jan-2008</td>
</tr>
<tr class="field"><th class="field-name">Post-History:</th><td class="field-body"></td>
</tr>
</tbody>
</table>
<hr />
<div class="contents topic" id="contents">
<p class="topic-title first">Contents</p>
<ul class="simple">
<li><a class="reference internal" href="#announce-parameter" id="id8">Announce Parameter</a></li>
<li><a class="reference internal" href="#announce-response" id="id9">Announce Response</a></li>
<li><a class="reference internal" href="#peer-list-obfuscation" id="id10">Peer List Obfuscation</a></li>
<li><a class="reference internal" href="#optimizations" id="id11">Optimizations</a></li>
<li><a class="reference internal" href="#backwards-compatibility" id="id12">Backwards Compatibility</a></li>
<li><a class="reference internal" href="#rationale" id="id13">Rationale</a></li>
<li><a class="reference internal" href="#references" id="id14">References</a></li>
<li><a class="reference internal" href="#example-python-code" id="id15">Example Python Code</a></li>
</ul>
</div>
<p>This extends the tracker protocol to support simple obfuscation of the
peers it returns, using the infohash as a shared secret between the
peer and the tracker. The obfuscation does not provide any security
against eavesdroppers that know the infohash of the torrent.  The goal
is to prevent internet service providers and other network
administrators from blocking or disrupting bittorrent traffic
connections that span between the receiver of a tracker response and
any peer IP-port appearing in that tracker response.</p>
<p>The key words &quot;MUST&quot;, &quot;MUST NOT&quot;, &quot;REQUIRED&quot;, &quot;SHALL&quot;, &quot;SHALL NOT&quot;, &quot;SHOULD&quot;,
&quot;SHOULD NOT&quot;, &quot;RECOMMENDED&quot;, &quot;MAY&quot;, and &quot;OPTIONAL&quot; in this document are
to be interpreted as described in IETF <a class="reference external" href="http://tools.ietf.org/html/rfc2119">RFC 2119</a> <a class="footnote-reference" href="#id6" id="id7">[5]</a>.</p>
<div class="section" id="announce-parameter">
<h1>Announce Parameter</h1>
<p>When using this extension, instead of passing the <tt class="docutils literal"><span class="pre">info_hash</span></tt> parameter
to the tracker, a <tt class="docutils literal"><span class="pre">sha_ih</span></tt> is passed.</p>
<p>The value of <tt class="docutils literal"><span class="pre">sha_ih</span></tt> MUST be the info-hash of the torrent, with a second
SHA-1 applied to it.</p>
<p>For example if a torrent has infohash with hex representation
<tt class="docutils literal"><span class="pre">aaf4c61ddcc5e8a2dabedef3b482cd9aea9434d</span></tt> then its <tt class="docutils literal"><span class="pre">sha_ih</span></tt> is
<tt class="docutils literal"><span class="pre">sha1(infohash)='6b4f89a54e2d27ecd7e8da5b4ab8fd9d1d8b119'</span></tt>.</p>
<p>The value MUST be url encoded, just like the <tt class="docutils literal"><span class="pre">info_hash</span></tt>.  Thus the
<tt class="docutils literal"><span class="pre">sha_ih</span></tt> above when url encoded becomes
<tt class="docutils literal"><span class="pre">kO%89%A5N-%27%EC%D7%E8%DA%05%B4%AB%8F%D9%D1%D8%B1%19</span></tt>.</p>
<p>This extension does not change the semantics of any parameter passed
in the peer's announce.</p>
</div>
<div class="section" id="announce-response">
<h1>Announce Response</h1>
<p>If the tracker supports this extension, the response should be exactly
the same as if the <tt class="docutils literal"><span class="pre">info_hash</span></tt> had been passed, except that any
field that contains peer information (such as <tt class="docutils literal"><span class="pre">peers</span></tt>, <tt class="docutils literal"><span class="pre">peers6</span></tt> or
any other field defined by another extension) MUST be obfuscated as
described in the next section.</p>
<p>There are additional parameters the tracker may OPTIONALLY return.
These are discussed in the <a class="reference internal" href="#optimizations">optimizations</a> section.</p>
</div>
<div class="section" id="peer-list-obfuscation">
<h1>Peer List Obfuscation</h1>
<p>We distinguish between the <em>tracker peer list</em> and the <em>returned peer
list</em>.  The <em>tracker peer list</em> contains the ip-port pairs of all
known peers in a given torrent, i.e., those peers that have reported
to the tracker that they are transferring the file with a given
infohash.  The tracker may store this peer list however it wishes.
The <em>returned peer list</em> contains a packed array of ip-port pairs
conforming to the BitTorrent protocol specification.  If the swarm is
sufficiently large then the returned ip-port pairs constitute a subset
of the ip-port pairs in the <em>tracker peer list</em>.</p>
<p>The returned peer list is encrypted using RC4-drop768 encryption using
the infohash as a shared secret and optionally employing an
initialization vector.</p>
<p>For the remainder of this document RC4 refers to RC4-drop768.  In the
process of encryption, RC4 generates a pseudorandom string that is
XOR'd with the plaintext to generate the ciphertext.  The receiver
recovers the plaintext by generating the same pseudorandom string and
XOR'ing it with the ciphertext.  In generating the pseudorandom
string, the tracker and client MUST discard the first 768 bytes.  The
next 8 bytes in the pseudorandom string are reserved for optimizations
discussed in the next section.</p>
<p>To communicate an initialization vector, the tracker includes in the
bencoded response the key <tt class="docutils literal"><span class="pre">iv</span></tt> with value set to a byte string
containing the initialization vector.  The initialization vector can
be of arbitrary length and is sent in plaintext.</p>
<p>If the tracker sends no initialization vector then the infohash is
used as the RC4 key (160 bit key).  If the tracker provides an
initialization vector then the RC4 key is generated by appending the
vector to the infohash and then hashing with SHA-1.  The resulting
hash is then used as the RC4 key.  The string from which the RC4 key
is derived whether it be the infohash or the SHA-1 of the
initialization vector appended to the infohash is called the
<em>intermediate string</em>.</p>
<p>For example, given infohash <tt class="docutils literal"><span class="pre">aaf4c61ddcc5e8a2dabedef3b482cd9aea9434d</span></tt>
and initialization vector <tt class="docutils literal"><span class="pre">abcd</span></tt> both represented in hex, the RC4 key
is derived as follows:</p>
<pre class="literal-block">
key = sha1( 'aaf4c61ddcc5e8a2dabedef3b482cd9aea9434dabcd' )
</pre>
<p>where [i:j] denotes the <em>ith</em> through <em>jth</em> bit including the <em>ith</em>
but excluding the <em>jth</em>.  The resulting key in hex is
<tt class="docutils literal"><span class="pre">f36e9cae87cf33e07645ef5ca745a8a83469f31e</span></tt>.</p>
<p>It is RECOMMENDED that the tracker use the initialization vector, and
that it change the <tt class="docutils literal"><span class="pre">iv</span></tt> on roughly the same period as the rerequest
interval.  The reasoning for this is contained in the rationale.</p>
</div>
<div class="section" id="optimizations">
<h1>Optimizations</h1>
<p>The described optimizations are OPTIONAL for the tracker, but the
corresponding client-side MUST be implemented by clients that support
this extension.  These optimizations hobble the strength of the RC4
encryption in order to improve tracker performance.  In the <a class="reference internal" href="#rationale">rationale</a>
section we discuss why hobbling RC4 is reasonable and in many cases
has negligible foreseen effect on security.</p>
<p>For the purpose of these optimizations we assume that the tracker
stores the tracker peer list for each infohash as a packed array that
can be copied directly into the response.  We further assume that the
packed array is reused many times and that with each request the
tracker either returns the entire packed array or copies a single
contiguous substring from the tracker peer list into the response.</p>
<p>If the peerlist is represented and used as assumed then to improve
randomness in the set of peers handed out by the tracker, it is
RECOMMENDED that the tracker periodically reshuffle the peerlist with
period similar to the rerequest interval.  After each reshuffle the
tracker reperforms the operations described in this section.</p>
<p>To reduce computation the tracker MAY cache the pseudorandom string
generated by RC4 and reuse it as peers arrive and depart.</p>
<p>The tracker MAY also cache the encrypted tracker peer list.  To
support this the tracker MUST pass two additional keys <em>i</em> and <em>n</em>
each with 32-bit integer values, except the tracker MAY omit <em>i</em> and
<em>n</em> when <em>i=0</em> and the <em>returned peer list</em> is the entire <em>tracker peer
list</em>.  Whether the tracker returns <em>i</em> and <em>n</em>, the first 8 bytes of
the RC4 psuedorandom string are reserved for obscuring <em>i</em> and <em>n</em>.
We come back to this momentarily.  Decryption starts by XORing from
<em>6i</em> bytes for ipv4 (or <em>18i</em> for ipv6) into the pseudorandom string
after the discarded and reserved bytes.  Assuming that the tracker
encrypted the tracker peer list starting from the first byte after the
discarded and reserved bytes in the pseudorandom string then <em>i</em> also
corresponds to the <em>ith</em> ip-port pair in the tracker peer list.</p>
<p>So that the client and the tracker do not have to generate an
arbitrarily long pseudorandom string to support large swarms, we
assume the tracker bounds the length of the pseudorandom string and
reports the length in ip-port pairs as the value to key <em>n</em>.  <em>n</em>
excludes reserved and discarded bytes.  We RECOMMEND that <em>n</em> be equal
to the length of the tracker peer list or random but within constant
factor of the longest peerlist returned by the tracker, whichever is
smaller.  Thus the tracker encrypts the <em>jth</em> byte of the <em>ith</em>
ip-port pair in an ipv4 tracker peer list by XORing with the byte
<em>(6i+j)</em> <cite>mod</cite> <em>n</em> bytes into the pseudorandom string.</p>
<p>Transmitting <em>i</em> and <em>n</em> as plaintext would significantly reduce the
cost for an attacker to recover the pseudorandom string.  The tracker
MUST XOR the value of <em>i</em> with the first 32 bits of the pseudorandom
string.  The tracker then XORs <em>n</em> with the next 32 bits from the
pseudorandom string (see Figure 1).</p>
<div class="figure">
<img alt="bep_0008_pseudo.png" src="bep_0008_pseudo.png" />
<p class="caption"><strong>Figure 1:</strong> The first 768 bytes of the RC4 pseudorandom
string are discarded.  The key <em>i</em> in the tracker response has
value <tt class="docutils literal"><span class="pre">x</span> <span class="pre">xor</span> <span class="pre">i</span></tt>.  The key <em>n</em> has value <tt class="docutils literal"><span class="pre">y</span> <span class="pre">xor</span> <span class="pre">n</span></tt>.</p>
</div>
<p>We describe encryption in the following example for an ipv4 tracker peer
list consisting of 3 ip-port pairs, and using an RC4 pseudorandom string
of length <em>n=2</em>. <em>n</em> is small for purposes of illustration.  Also, for the
purpose of illustration, the tracker returns only 2 peers at a time.</p>
<pre class="literal-block">
Given the following peer list
(208.72.193.86, 6881), (209.81.173.15,14321), (128.213.6.8, 6881)

As a packed array represented in hex it becomes

d048c1561ae1d151ad0f37f180d506081ae1

which we XOR with an RC4 pseudorandom string excluding discarded and
reserved bytes, e.g.,

a496e5f9b83e835013d42226

to generate

74de24afa2df5201bedb15d72443e3f1a2df
</pre>
<p>Because the RC4 pseudorandom string is shorter than the tracker
peer list, we wrap to the beginning of the pseudorandom string.</p>
<p>A tracker returning the first two peers would return the bencoded
equivalent of:</p>
<pre class="literal-block">
peers=74de24afa2df5201bedb15d7, i=0, n=2
</pre>
<p>A tracker returning the second and third peer would return the
bencoded equivalent of:</p>
<pre class="literal-block">
peers=5201bedb15d72443e3f1a2df, i=1, n=2
</pre>
<p>In each response the tracker includes additional parameters such as
the rerequest <tt class="docutils literal"><span class="pre">interval</span></tt> and the initialization vector <tt class="docutils literal"><span class="pre">iv</span></tt>.</p>
<p>The tracker response MUST remain a valid bencoded message.</p>
</div>
<div class="section" id="backwards-compatibility">
<h1>Backwards Compatibility</h1>
<p>Trackers that support obfuscation are identified in the .torrent file
by the inclusion of an <tt class="docutils literal"><span class="pre">obfuscate-announce-list</span></tt> which otherwise has the
same semantics as the <tt class="docutils literal"><span class="pre">announce-list</span></tt> key.  Peers that do not support
obfuscation simply ignore the <tt class="docutils literal"><span class="pre">obfuscate-announce-list</span></tt>.</p>
<p>A client that is configured to use this extension should always send
the <tt class="docutils literal"><span class="pre">sha_ih</span></tt> to any tracker supporting obfuscation.  The client
SHOULD only contact trackers in the <tt class="docutils literal"><span class="pre">announce-list</span></tt> once the client
has attempted all trackers in the <tt class="docutils literal"><span class="pre">obfuscate-announce-list</span></tt> and all failed.</p>
<p>If a tracker that supports obfuscation wishes to allow legacy peers to
connect to the tracker then the announce URL should appear in both the
<tt class="docutils literal"><span class="pre">obfuscate-announce-list</span></tt> and the <tt class="docutils literal"><span class="pre">announce-list</span></tt>.</p>
<p>If a tracker URL appears in both lists running on the same port, and
the tracker failed to respond when selected from the
<tt class="docutils literal"><span class="pre">obfuscate-announce-list</span></tt> then the client MAY treat the tracker in
the <tt class="docutils literal"><span class="pre">announce-list</span></tt> as if it were temporarily unreachable and defer
trying it until it has tried other trackers in the <tt class="docutils literal"><span class="pre">announce-list</span></tt>.</p>
<p>Peers MUST never send both the <tt class="docutils literal"><span class="pre">info_hash</span></tt> and <tt class="docutils literal"><span class="pre">sha_ih</span></tt> parameters
in the same request, since that would defeat the purpose of the shared
secret.</p>
<p>Any peer that requests with a <tt class="docutils literal"><span class="pre">sha_ih</span></tt> SHOULD implement Message
Stream Encryption (MSE) <a class="footnote-reference" href="#mse" id="id1">[1]</a>.  Any peer returned from the tracker
in response to a request with a <tt class="docutils literal"><span class="pre">sha_ih</span></tt> SHOULD be assumed to
support Message Stream Encryption.  We include these provisions
because if a peer communicates with another peer without using MSE
then the BitTorrent protocol is trivially identified from the first
twenty bytes of the BitTorrent header and the <tt class="docutils literal"><span class="pre">info_hash</span></tt> appears in
plaintext as the next twenty bytes, hence also defeating the purpose
of the shared secret.</p>
<p>If the tracker does not know enough peers assumed to support MSE to
return the desired number of peers then it MAY include peers that are
not assumed to support MSE.  If a peer closes a connection in response
to an encrypted header then the initiating peer SHOULD assume that the
peer does not support MSE.  The initiating peer however SHOULD ONLY
initiate unencrypted connections when all peers have been tried and
those that support MSE fail to provide &quot;adequate performance.&quot;  We
intentionally omit any definition of &quot;adequate performance.&quot;</p>
</div>
<div class="section" id="rationale">
<h1>Rationale</h1>
<p>This extension directly addresses a known attack on the BitTorrent
protocol performed by some deployed network hardware.  By obscuring
the ip-port pairs network hardware can no longer easily identify
ip-port pairs that are running BitTorrent by observing peer-to-tracker
communications.  This deployed hardware under some conditions disrupts
BitTorrent connections by injecting forged TCP reset packets.  Once a
BitTorrent connection has been identified, other attacks could also be
performed such as severely rate limiting or blocking these
connections.</p>
<p>This hardware was presumably deployed to get around BitTorrent
Message Stream Encryption <a class="footnote-reference" href="#mse" id="id2">[1]</a>.  Peers implementing BitTorrent Message Stream
Encryption obfuscate peer-to-peer connections by employing RC4
encryption on every byte from the first byte transferred. BitTorrent
Message Stream Encryption thus increases the difficulty for a device
observing passing packets to identify BitTorrent peer-to-peer
connections.</p>
<p>By using the SHA-1 of the infohash, the tracker is able to identify
torrents without sending the plaintext infohash and without requiring
an additional prior exchange of a shared secret.  Where trackers now
maintain mappings from infohash to the corresponding torrent's
peerlist and other torrent-specific state, obfuscated trackers would need
one additional mapping from <tt class="docutils literal"><span class="pre">sha_ih</span></tt> to the torrent's state.
Tracker may also store encrypted versions of each torrent's peer list,
to increase computation performance at the expense of increasing
memory footprint by a constant factor.</p>
<p>The obfuscation method meets the following criteria:</p>
<ul class="simple">
<li>The entire plaintext of the peer list is not easily obtained even if
an eavesdropper identifies ip-port pairs from subsequent connections
initiated by a peer that has received a tracker response.</li>
<li>Even when a subsequent connection from a peer that has received a
tracker response is observed by an eavesdropper, it is difficult to
map the ip-port pair to specific ciphertext to verify that the
connection is using BitTorrent.</li>
</ul>
<p>When the <a class="reference internal" href="#optimizations">optimizations</a> are used,</p>
<ul class="simple">
<li>Few computations are performed at request time.</li>
<li>Encryption may be performed at the time a peer is added.
The encrypted peer ip and port may be handed out hundreds of times.</li>
<li>Security is minimally impacted.</li>
</ul>
<p>The objective is NOT to create a cryptographically secure protocol
that can survive unlimited observation of passing packets and
substantial computational resources on network timescales.  The objective
is to raise the bar sufficiently to deter attacks based on observing
ip-port numbers in peer-to-tracker communications.</p>
<p>If a tracker observes a large number of tracker requests and responses
and subsequent connections, it is possible to attack the encryption.
RC4 is known to have a number of weaknesses especially in the way it
was used with WEP <a class="footnote-reference" href="#borisov" id="id3">[2]</a> <a class="footnote-reference" href="#scott" id="id4">[3]</a> <a class="footnote-reference" href="#stubblefeld" id="id5">[4]</a>.  However,
with tracker peer obfuscation, the number of bytes transferred between
the tracker and a client is likely significantly smaller than transferred
between a wireless computer and a basestation.  An attacker faces a
much larger task in obtaining sufficient probable plaintext to
directly break the encryption.</p>
<p>Hobbling the RC4 encryption by using a bounded-length RC4 pseudorandom
string for small swarms is likely to have negilgible impact on
security over any other encyption method since the pseudorandom string
is probably equal to or longer than the plaintext and thus no part of
it is repeated in the XOR except as peers arrive or leave the swarm.
Thus on the timescales of rerequest intervals, nearly the same
ciphertext is handed to every peer requesting the same infohash.
Intercepting the same ciphertext multiple times provides no additional
information to the attacker.  The attacker could correlate ip-port
pairs in connections following tracker responses, but an attacker
could do this regardless of the encryption method employed.
Furthermore more direct methods of traffic analysis applied to
peer-to-peer communication is available to network operators.</p>
<p>For larger swarms, hobbling RC4 may more significantly impact breaking
the encryption since the same pseudorandom string is used repeatedly
across the peer list.  Some study is in order on this point taking
into account that the tracker can periodically change intiailization
vectors.</p>
<p>We know from experience that periodically reshuffling peer lists on
the order of the rerequest interval negligibly impacts tracker
performance even with swarms containing millions of peers.  Generating
a new pseudorandom string using RC4 on this same time interval is
likely to incur negligible performance penalty because 1) RC4 is a
small constant factor more expensive than a shuffle on an input string
of equal length, 2) the generated pseudorandom string is only <em>n</em>
ip-port pairs long where recommended <em>n</em> is within a small constant
factor larger than the largest <em>returned peer list</em> and thus much
smaller than the <em>tracker peer list</em> for large swarms, and 3) the cost
of the XOR operation is lighter weight than performing a random
shuffle.</p>
</div>
<div class="section" id="references">
<h1>References</h1>
<table class="docutils footnote" frame="void" id="mse" rules="none">
<colgroup><col class="label" /><col /></colgroup>
<tbody valign="top">
<tr><td class="label">[1]</td><td><em>(<a class="fn-backref" href="#id1">1</a>, <a class="fn-backref" href="#id2">2</a>)</em> BitTorrent Message Stream Encryption
(<a class="reference external" href="http://www.azureuswiki.com/index.php/Message_Stream_Encryption">http://www.azureuswiki.com/index.php/Message_Stream_Encryption</a>)</td></tr>
</tbody>
</table>
<table class="docutils footnote" frame="void" id="borisov" rules="none">
<colgroup><col class="label" /><col /></colgroup>
<tbody valign="top">
<tr><td class="label"><a class="fn-backref" href="#id3">[2]</a></td><td>Nikita Borisov, Ian Goldberg, and David Wagner. Intercepting
mobile communications: the insecurity of 802.11. In ACM MobiCom 2001,
pages 180-189. ACM Press, 2001.</td></tr>
</tbody>
</table>
<table class="docutils footnote" frame="void" id="scott" rules="none">
<colgroup><col class="label" /><col /></colgroup>
<tbody valign="top">
<tr><td class="label"><a class="fn-backref" href="#id4">[3]</a></td><td>Scott R. Fluhrer, Itsik Mantin, and Adi
Shamir. Weaknesses in the key scheduling algorithm of RC4. In Serge
Vaudenay and Amr M. Youssef, editors, Selected Areas in
Cryptography 2001, volume 2259 of Lecture Notes in Computer
Science, pages 1-24. Springer, 2001.</td></tr>
</tbody>
</table>
<table class="docutils footnote" frame="void" id="stubblefeld" rules="none">
<colgroup><col class="label" /><col /></colgroup>
<tbody valign="top">
<tr><td class="label"><a class="fn-backref" href="#id5">[4]</a></td><td>Adam Stubblefeld, John Ioannidis, and Aviel
D. Rubin. A key recovery attack on the 802.11b wired equivalent
privacy protocol (WEP). ACM Transactions on Information and System
Security, 7(2):319-332, May 2004.</td></tr>
</tbody>
</table>
<table class="docutils footnote" frame="void" id="id6" rules="none">
<colgroup><col class="label" /><col /></colgroup>
<tbody valign="top">
<tr><td class="label"><a class="fn-backref" href="#id7">[5]</a></td><td><a class="reference external" href="http://tools.ietf.org/html/rfc2119">http://tools.ietf.org/html/rfc2119</a></td></tr>
</tbody>
</table>
</div>
<div class="section" id="example-python-code">
<h1>Example Python Code</h1>
<p>Request handling in a dummy tracker implementing tracker peer obfuscation:</p>
<pre class="literal-block">
from sha import sha
from random import randint
from struct import unpack
from rc4 import rc4  # rc4(k) generates k RC4 pseudorandom bytes.

rand = open(&quot;/dev/random&quot;,&quot;r&quot;).read
rc4 = rc4()

# tracker configuration
MAX_PEERS = 100

# per torrent state.
infohash = sha(&quot;dummy_info&quot;).digest()
pseudo = ''                        # pseudorandom RC4 string.
num_peers = 1000                   # current swarm size.
tracker_peer_list = rand(6) * num_peers
obfuscated_tracker_peer_list = ''

def xor(plaintext,pseudo):
  isint = False
  if type(plaintext) == int: # convert to byte string.
    plaintext = &quot;&quot;.join([chr(int(x,16)) for x in &quot;%.4x&quot; % plaintext])
    isint = True
  n = len(pseudo)
  ciphertext = &quot;&quot;.join(
    [chr(ord(pseudo[i%n])^ord(plaintext[i])) for i in xrange(len(plaintext))])
  if isint:
    ciphertext = unpack(&quot;!I&quot;, ciphertext)[0]   # convert back to unsigned int
  return ciphertext

def init():  # called once per rerequest interval.
  global iv, x, n, n_xor_y, obfuscated_tracker_peer_list
  iv = rand(20)
  rc4.key = sha(infohash + iv).digest()
  rc4(768)                         # discard first 768
  x = rc4(4)
  y = rc4(4)