Resurrecting a dead torrent tracker and finding 3M peers
Resurrecting a dead torrent tracker and finding 3 million peers
So I was uh, downloading some linux isos, like usual. It was going slowly, so I opened up the Trackers tab in qBittorrent and saw the following:
Most of the trackers were totally dead. Either the hosts were down or the domains weren’t being used.
That got me thinking. What if I picked up one of these dead domains? How many clients would try to connect?
What are trackers for, anyways?
A tracker is a core component of the BitTorrent protocol. Trackers are the services that point you to other peers for the torrent. Without trackers, there would be no one to share the file with.
Obviously this represents a major source of centralization in the torrent protocol. If your trackers aren’t maintained – or if they get forced offline by certain industry organizations – you’re out of luck.
We have an alternative, called Mainline DHT, which performs a more decentralized lookup of peers based on infohash alone. DHT isn’t perfect, though. It relies on bootstrap nodes and is vulnerable to Sybil attacks. And in the example of my poorly-served torrent, DHT wasn’t surfacing any peers, regardless.
Hosting a tracker
Looking through the list of trackers marked “host not found”, I noticed udp://open.demonii.si:1337/announce was available.
I bought the domain through Dynadot (one of the few .si domain registrars), then spun up a quick anonymous VPS. I mapped the domain to the VPS, then set up opentracker, the most widely used and robust torrent tracker software.
Instructions for Ubuntu 24.04:
sudo apt install gcc-14 g++-14 build-essential zlib1g-dev
sudo update-alternatives --install /usr/bin/gcc gcc /usr/bin/gcc-14 14
sudo update-alternatives --install /usr/bin/g++ g++ /usr/bin/g++-14 14
Follow the readme to compile, first the dependency libowfat (a GPL reimplementation of some of dan bernstein’s C libraries) and then opentracker itself.
cvs -d :pserver:[email protected]:/cvs -z9 co libowfat
cd libowfat
make
cd ..
git clone git://erdgeist.org/opentracker
cd opentracker
make
Finally, a quick systemd unit file to daemonize this service:
[Unit]
Description=opentracker
After=network-online.target
Wants=network-online.target
[Service]
Type=simple
User=opentracker
Group=opentracker
WorkingDirectory=/var/lib/opentracker
ExecStart=/home/opentracker/opentracker/opentracker -p 1337 -P 1337 \
-d /var/lib/opentracker -u opentracker
Restart=on-failure
LimitNOFILE=65536
[Install]
WantedBy=multi-user.target
What did I find?
Before even starting opentracker, I saw a flood of traffic against UDP port 1337:
I then started the tracker. After about an hour, it peaked at about 1.7 million distinct torrents across 3.1 million peers!
Response from http://open.demonii.si:1337/stats?mode=everything:
Is this legal?
Maybe.
When the recording industry and other litigious organizations go after torrent trackers, they’re mainly chasing down the public-facing parts of the system. The legal decisions against websites like The Pirate Bay hinge on how they highlight popular movies, sell ads, and offer .torrent files. This is all taken as evidence of inducement, meaning the intentional promotion of copyright infringement.
Does hosting tracker infrastructure, unadvertised, count as “inducement”? It’s a harder case to make. I’m aware that many torrents, both freely available and copyrighted, use this tracker. But it would be more difficult to prove intent here.
Regardless, I was spooked. I thought through my chain of events and realized I had already fucked up by paying for the domain with a credit card. I shut down the VPS and deleted the domain quickly after confirming it works.
So… the domain is available now. It’s quite easy to find unclaimed domains like this. If you want to do a public service, open.demonii.si and others are up for registration…
What's Your Reaction?
Like
0
Dislike
0
Love
0
Funny
0
Angry
0
Sad
0
Wow
0
