Hi, i'm looking from someone who knows more about this topic then myself as i've kind of reached my technical limit.
What the objective is...
Operation Hash Cookies
If you upload a file with megaupload manager or via their webUI and the file is on their systems already then it (after a md5 check) instantly upload it without having to transfer the whole file.
Some reading from http://poirotsramblings.blogspot.com/2008/07/megaupload-and-md5.html give a brief insight into this through collisions, the findings there are gone into in more detail in my findings after the break, However the comment was of interest to me as I don't understand how this works yet
So at the minute i've hit a wall after viewing everything I can in wireshark and now its time to move onto decompiling the uploading tools.
The 2 tools that are used for uploading are
MegaManager - http://static.megaupload.com/megamanager.exe and
webUI - http://wwwstatic.megaupload.com/gui2/ru.swf
ANY extra info that ca be added would be awesome, Wha ti'm invisioning is if we can't just inject the MD5 then maybe we can inject the 130 pieces that it splits it into (cite pirots ramblings comments) and have glorious bulletproof links
I will post other info below from Wireshark and the Decompilation of RU.swf
What the objective is...
Operation Hash Cookies
If you upload a file with megaupload manager or via their webUI and the file is on their systems already then it (after a md5 check) instantly upload it without having to transfer the whole file.
Some reading from http://poirotsramblings.blogspot.com/2008/07/megaupload-and-md5.html give a brief insight into this through collisions, the findings there are gone into in more detail in my findings after the break, However the comment was of interest to me as I don't understand how this works yet
I spent some time trying to reverse engineer the uploading protocol, when uploading larger files they don't just check the MD5 they split the file into 130 pieces and checks the MD5 of each(I assume - at least the MD5's are transferred) and I suspect without having figured out the specifics that after having checked these MD5's some challenges about specific bytes of data in the file are issued(at least the data transferred from user to megaupload seems to always be part of the file).
So at the minute i've hit a wall after viewing everything I can in wireshark and now its time to move onto decompiling the uploading tools.
The 2 tools that are used for uploading are
MegaManager - http://static.megaupload.com/megamanager.exe and
webUI - http://wwwstatic.megaupload.com/gui2/ru.swf
ANY extra info that ca be added would be awesome, Wha ti'm invisioning is if we can't just inject the MD5 then maybe we can inject the 130 pieces that it splits it into (cite pirots ramblings comments) and have glorious bulletproof links
I will post other info below from Wireshark and the Decompilation of RU.swf