| 1 |
4ae45b10
|
Ermal Luçi
|
# Soribada - A Korean P2P filesharing program/protocol - http://www.soribada.com
|
| 2 |
|
|
# Pattern attributes: good slow notsofast
|
| 3 |
|
|
# Protocol groups: p2p
|
| 4 |
|
|
# Wiki: http://www.protocolinfo.org/wiki/Soribada
|
| 5 |
66f2dd0e
|
Ermal Lu?i
|
# Copyright (C) 2008 Matthew Strait, Ethan Sommer; See ../LICENSE
|
| 6 |
4ae45b10
|
Ermal Luçi
|
|
| 7 |
|
|
# I am told that there are three versions of this protocol, the first no
|
| 8 |
|
|
# longer being used. That would probably explain why incoming searches
|
| 9 |
|
|
# have two different formats...
|
| 10 |
|
|
|
| 11 |
|
|
# There are three parts to Soribada protocal:
|
| 12 |
|
|
# 1: Ping/Pong to establish a relationship on the net (UDP with 2 useful bytes)
|
| 13 |
|
|
# 2: Searching (in two formats) (UDP with two short easy to match starts)
|
| 14 |
|
|
# 3: Download requests/transfers (TCP with an obvious first packet)
|
| 15 |
|
|
|
| 16 |
|
|
# 1 -- Pings/Pongs:
|
| 17 |
|
|
# Requester send 2 bytes and a 6 byte response is sent back.
|
| 18 |
|
|
# \x10 for the first byte and \x14-\x16 for the second.
|
| 19 |
|
|
# The response is the first byte (\x10) and the second byte incremented
|
| 20 |
|
|
# by 1 (\x15-\x17).
|
| 21 |
|
|
# No further communication happens between the hosts except for searches.
|
| 22 |
|
|
# A regex match: ^\x10[\x14-\x16]\x10[\x15-\x17].?.?.?.?$
|
| 23 |
|
|
# First Packet ---^^^^^^^^^^^^^^^
|
| 24 |
|
|
# Second Packet -----------------^^^^^^^^^^^^^^^^^^^^^^^
|
| 25 |
|
|
|
| 26 |
|
|
# 2 -- Search requests:
|
| 27 |
|
|
# All searches are totally stateless and are only responded to if the user
|
| 28 |
|
|
# actually has the file.
|
| 29 |
|
|
# Both format start with a \x01 byte, have 3 "random bytes" and then 3 bytes
|
| 30 |
|
|
# corasponding to one of two formats.
|
| 31 |
|
|
# Format 1 is \x51\x3a\+ and format 2 is \x51\x32\x3a
|
| 32 |
|
|
# A regex match: ^\x01.?.?.?(\x51\x3a\+|\x51\x32\x3a)
|
| 33 |
|
|
|
| 34 |
|
|
# 3 -- Download requests:
|
| 35 |
|
|
# All downloads start with "GETMP3\x0d\x0aFilename"
|
| 36 |
|
|
# A regex match: ^GETMP3\x0d\x0aFilename
|
| 37 |
|
|
|
| 38 |
|
|
soribada
|
| 39 |
|
|
|
| 40 |
|
|
# This will match the second packet of two.
|
| 41 |
|
|
# ^\x10[\x14-\x16]\x10[\x15-\x17].?.?.?.?$
|
| 42 |
|
|
|
| 43 |
|
|
# Again, matching this is the end of the comunication.
|
| 44 |
|
|
# ^\x01.?.?.?(\x51\x3a\+|\x51\x32\x3a)
|
| 45 |
|
|
|
| 46 |
|
|
# This is the start of the transfer and an easy match
|
| 47 |
|
|
#^GETMP3\x0d\x0aFilename
|
| 48 |
|
|
|
| 49 |
|
|
# This will match everything including the udp packet portions
|
| 50 |
|
|
^GETMP3\x0d\x0aFilename|^\x01.?.?.?(\x51\x3a\+|\x51\x32\x3a)|^\x10[\x14-\x16]\x10[\x15-\x17].?.?.?.?$
|