Hi,
Well, by definition you can't. A hash is specifically designed to do
that,
creating an opaque identifier. Only with access to the torrent file
you'll
be able to figure out the corresponding file name.
Thanks,
Jaap
On Tue, 8 Nov 2011 12:51:07 -0800 (PST), firstname lastname wrote:
I have a pcap file which has traffic captured between the client and
the server. Here, the server is a tracker and it looks like an
announcement message from a Torrent client to the Tracker requesting
to download a file.
The request looks like below:
GET
http://tracker21.df6d4cf3-2787-4001-80ff-e8a23e7ff1ec.automated.snxd.com/?info_hash=%FEg%F6mth%90%5E%84%F6%F5z%E3%E8%DFu%E7%FA%14%0E&peer_id=&port=0&uploaded=0&downloaded=0&left=3760800
......
The info hash looks like this:
%FEg%F6mth%90%5E%84%F6%F5z%E3%E8%DFu%E7%FA%14%0E
I want to decode this info_hash. I believe wireshark has the
capability to dissect the Bittorrent Protocol, however I am unsure of
whether there is a way to make it decode the info_hash and peer_id
fields as well?
I have searched on Google for algorithm used to encode the info hash
but not much success.
http://nakkaya.com/2009/12/03/bittorrent-tracker-protocol/
This is one reference, but I am trying to understand the algorithm.
While doing that, I got this thought.
It would be great if we can get the info_hash, since this way we can
conclude which file was being downloaded from the tracker.
Regards,
NeonFlash
