away around the fakes

[{MXC}michael]

i was testing a few things out , and trying to find a solutiion to filtering out the fake files, when i discovered that if u put -c: in to the second filter bar, and then search it will filter out every fake file and just leave the real ones

i was gonna make a prog that would incorperate that idea, i even designed the gui and then it came to coding it, wich im useless at so i had to delete it hehe

hope it helps

[quicksilver]

Thanks Michael , it does seem to make a difference, and although I cant say that it does filter the fakes 100% it does at least allow you to get a better, non flooded listing of files.
Recently I was checking Nelly and It came back with 15,496 results.
This really is an attack, as the primaries start dropping like flies under the weight of fakes returns.
I believe this is the reason behind using Japanese servers to do the dirty work, as in the U.S. no doubt you would have a claim for denial of service.

[TheHawks]

This Helps Out In Getting A better Search In The End-Less Flood Of files.
Any help Is the Next step In Slowing "THEM" Down
Thanks For The Info michael....

[Josh (SNIP)]

All -c: does it remove all files with the path C:\ of the folder that its shared in. So this removes 3/4 of all files and all file types on winmx so this doesn't really help

[me here]

Okay... I have been doing extensive study on the fakes... and its true that putting -c: in the search will filter out almost all the fakes.. there are some of the flooders using other drives though and this will filter out alot of the legitimate users whose files are shared from a C: drive..however....
It does help to get a reasonable amount of files on a search so that the strain isnt being put on the network and it also helps to narrow what you have to look through to get a legitimate file.. so Good Job Michael

The best way around the fakes I have found so far is to search by hashes, the problem with this is finding a legitimate file to record the hash from. Using tools like MXHashish or MXLinx gets you a great list of hashes from your own files. Sounds like someone should be working on a tutorial and a DATABASE ...

[TheHawks]

So this removes 3/4 of all files and all file types on winmx so this doesn't really help

Removes 75% Of files Not 100%
So it Does Help Dose Not Hurt To Try...
Mx Needs All The Help It Can Get from "THEM"
I Hashed all My files with MXHashish
And Waiting For a HASH-DATABASE.....

[me here]

AWESOME HAWKS :> Okay ppl keep the hashes comin .... PLEASE!!

[Valor]

Whilst investigating fake files on WinMX I came across the following phenomenon and don't know enough to know what to do with it . I hope it helps in your program developement.
Search for LifeHouse - You and Me with "Groups of Duplicte results expanded by default" & "switch to Transfers window when starting downloads" in WinMX search and file Settings.
Collapse the duplicate result group you select as fake looking and press download, see 1 or 2 of several of the expanded groups turn blue/currently downloading. Why is this so? from what I can gather, a percentage of WinMx users are being enabled to download the fake files to spread the sickness.
This occurs on search results for Lifehouse - You and Me with BendMX-Bye-Bye-Bad-IPs installed with default BendMX.dat. I tested pretty near every search result of 1700 for that song, even the ones with short queues timed out quickly with file/user unavailable. I ran peerguardian over it and didn't pick anything up on it either, it did pick somthing up the other day -
"Rejected: 202.139.232.71 - BSAA.com.au/WebCentral Pty Ltd USIS-AUSTRALIA.GOV (03-08-2005 @ 20:08:35)
03-08-2005, 20:09:03, 203.29.91.81:80"
Am I to add that ip range to BendMX.dat?
After hours I left the song in a long single user queue and it was done this morning great song

MXHashish.zip

[me here]

Hey Valor.. welcome to the forum!!

To answer you question, the reason they all turn blue in that group is they are all fakes... browse any of them any group suspected as fake and you will see basically the same thing... loads of several artists tracks in every shape and form you can think of....

Any of the fake files will turn blue or even light blue from other groups of users if .... the Hash matches...

Have a look.. get one of the fakes.. get the hash from "search for alternatives" and watch the madness... then browse any of the users in the new search results.... hundreds of fakes depending on the artist you use....

Hope that clears it up as far as the files go.. and yea I would add anything suspicious to your BendMX ignore ip ranges... but I am no expert so maybe you should ask Bender on his site bout that too

[Valor]

Thankyou for your welcome, me here, this is a good site I've been reading for a few weeks and have learned good things from it.
I think I am not very good at explaining and there is still a a part of my previous post worrying me.

Collapse the duplicate result group you select as fake looking and press download, see 1 or 2 of several of the expanded groups turn blue/currently downloading.

1 or 2 of the files from the expanded groups turn blue/currently downloading, not all of the group....so 1 or 2 of that group has the same hash as the fakefile and the others from the same group don't.
I do not understand this and it will worry me until I do

[Valor]

I've been watching fakefiles again, I want to understand how they work.
Seems like there is at least one identical hashlink in nearly every file group mixed in with genuine files So even having one of these files in your transfer window set to find sources and auto enter queue is poison. When it starts again to find sources it causes a buffer overlflow? by trying to connect to too many sources at once, preventing connection to the genuine files and at the same time destroying any chance of my other genuine files waiting in transfer window to find sources and enter queues. Am I on the right track or barking up the wrong tree

When I browse a single fakefile user, several of the same name files show, mixed in with single files. When I press download on one of their multiple files, 3 or 4 of them show the same hashlink/change color in the same single user browse window. The single file entries immediately find sources/link to several other fakefile users. The fakefile user browse windows all load over 2000 files, a feat in itself on my skinny little 33k connection.
I always believed before this that *.mp3 cannot be infected/corrupted. Is it the files that are bad or the multiple user/file scam

[moongirl]

Search for LifeHouse - You and Me with "Groups of Duplicte results expanded by default" & "switch to Transfers window when starting downloads" in WinMX search and file Settings.

Welcome to CMX Valor.
I've just read these posts and with Lifehouse on my mind, I'm off to OT, my Song Of The Day, Hanging By A Moment

[quicksilver]

Hi Valor you touch upon a point that is relevant here, which is that even with the correct hash you may not be getting the correct file.
This is a big disappointment to me,especially after I was pushing for a hash database to help out with the fakes.
The problem lies with the way Frontcode have encoded the hashes.
They use a simplified hash sytem, that samples the file at intervals, rather than calculates the entire file, once you know this its easy to spoof the content
in between the points needed to make the hash come up the same.
There is only one thing left to do in this situation, we need to email Frontcode en masse and ask for a change to the hash calculation system used.

The alternative that a few other systems use is MD4 but that is getting old now, the current length of the WinMx hash is the same size as the MD5 hash
which is more secure than MD4, although not new itself it should serve our purpose.
For those wondering why this is a good selection over SHA, you must remember if the hash is too strong the use of WinMx would be prohibited.

The record companies can rip there own stuff to get hashes for various mp3 releases and I,m sure they do just this already , but this will serve to make sure
that even if you cant obtain it , the file being offered is the correct unadultrated one.

The point you make above is one I have witnessed myself and described as "honeypot" downloads .
The will start you off with a corrupt peice of file, making it impossible for you to obtain the genuine section when they drop out after a small time .
You need to be fast on your mouse with this type of trick, right click and browse of any of the ones that turn red as they try to start,
when its your turn in the que and browse them for the file , then delete the section you have already. So far this has found me the good file 100% of the time.

[battye]

So is a WinMX hash, just a simple md5 of the filename?
If so does it include the extension, and does bitrate, length etc play a part?

[quicksilver]

Unfortunately its not anywhere near an MD5 hash Battye, its a simple Xor/step system ,the file title or extension are not important , just the file itself.
The length is the numbers on the end of the WinMx hash in bytes.
The type of system E Donkey uses is MD4 and that has flaws in it also , but it is a hash system still .
Unless Frontcode revise the algorithm used in the program it,s going to be too much effort hooking the program without a hitch, and also
any new hash system would need to have a feature to deal with older clients.
If an external prog is used it will need to take over the library.dat file and re-encode the hashes, and be able to hook the incoming hashes
from the network (maybe room here for an identifying flag to show if its using MD5).
Also the original Idea was for a database lookup plugin for Mx so the hash could be captured and sent for comparison, using a known good reference.