SBIE and Pimp My uTorrent

Status
Not open for further replies.
shmu26

shmu26

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Forum Veteran
Jul 3, 2015
8,148
1
31,237
8,388
Middle Earth
There is an ethical java trick called Pimp My uTorrent, it is offered on github
Pimp my uTorrent : An angular.js application that removes the ads in uTorrent with a single click
its purpose is to clean up the uTorrent GUI.
I personally don't use uTorrent, but I wanted to test out Sandboxie's ability to protect the file system from exploits coming in through the browser.
I opened chrome in sandbox, but opened uTorrent regular.
Then I went to the Pimp My uTorrent site, and I was surprised and confused to see that it changed the settings in my uTorrent.
What's up with this?
 
  • Like
Reactions: harlan4096
Changed settings in the browser?
Did you install /
Run the script? In so, where?
If it's SBIE related, it's best to post this sort of stuff in the SBIE forum so Devs can question it.
 
Sandboxie Help said:
Changed settings in the browser?
Did you install /
Run the script? In so, where?
If it's SBIE related, it's best to post this sort of stuff in the SBIE forum so Devs can question it.
Click to expand...
I changed no settings in browser, and I don't know what it means to install /
All I did is click on the button on the web page I mentioned, and then I clicked OK on the windows message box that popped up.
I think my question is more about what a sandbox can and cannot do, rather than a specific SBIE issue.
 
shmu26 said:
There is an ethical java trick called Pimp My uTorrent, it is offered on github
Pimp my uTorrent : An angular.js application that removes the ads in uTorrent with a single click
its purpose is to clean up the uTorrent GUI.
I personally don't use uTorrent, but I wanted to test out Sandboxie's ability to protect the file system from exploits coming in through the browser.
I opened chrome in sandbox, but opened uTorrent regular.
Then I went to the Pimp My uTorrent site, and I was surprised and confused to see that it changed the settings in my uTorrent.
What's up with this?
Click to expand...

When you click on "Pimp My uTorrent" , there is a connection established with your uTorrent (after asking for redirection to a http connection if you used https) and communications.
If you opened uTorrent "regular", setting can be changed this way by uTorrent itself but initiated (see explanation below ) by the click on "Pimp My uTorrent" , even if chrome is open in a sandbox, because it's the uTorrent Client that makes the modifications.
Notice : uTorrent Client has to be running when you click on "Pimp My uTorrent", or else no communications => no modifications :p

Explanation :
=> To connect to your uTorrent Client "Pimp my uTorrent" uses duckietorrent.torrent.js
This is a small part of its description:
*........
* The Utorrent/Bittorrent clients listen on one of 20 ports on localhost to allow other apps to connect to them.
* Discovery is done by performing a /version request to these ports until the first hit
* After that, an authentication token is requested on the client (you need to save this somewhere, the demo does so in localStorage)
* With the token you can get a session ID, and with the session ID you can start polling for data. Don't poll and the session will expire and you will need to fetch a new session ID with the token.*
* Polling for data results in a tree structure of RPC functions and object data
* The RPC structures are matched against regexes and the parameters are type-checked.
* Passing the wrong data into a callback will crash uTorrent/BitTorrent violently (Which could be an attack angle for security researchers)
*......
"RPC is a kind of request–response protocol. An RPC is initiated by the client, which sends a request message to a known remote / local server to execute a specified procedure with supplied parameters."
In your case, the client is "Pimp my uTorrent", the server is your "uTorrent" (to simplify).

=> duckietorrent.torrent.js can do it with your uTorrent, and modifications are made by your uTorrent Client itself, because it's one of its procedure that is called.

Parameters used , found in controllers.js, which correspond to the values that your uTorrent will change :

var pimpValues = {
'gui.pro_installed': true,
'offers.left_rail_offer_enabled': false,
'offers.sponsored_torrent_offer_enabled': false,
'show_bundles_tab': false,
'offers.featured_content_badge_enabled': false,
'gui.show_plus_upsell_nodes': false,
'gui.show_gate_notify': false,
'gui.show_plus_upsell': false,
'gui.show_plus_av_upsell': false,
'offers.content_offer_autoexec': false,
'offers.featured_content_notifications_enabled': false,
'offers.featured_content_rss_enabled': false
};

I have not investigated more, it's enough to answer you question, I think :)
(02h54 am in my Country, time to go to sleep)

EDITED to be more understandable
 
Last edited:
  • Like
Reactions: Andytay70 and harlan4096
thanks for detailed answer.
please pardon my uneducated question: if this java script can change my file system, even if browser is sandboxed, what is to stop other exploits from changing my file system?
And if exploits can change file system, why run browser in sandbox?

EDIT: it could be argued that sandboxing the browser protects against downloads. But that can be accomplished by an anti-exe.
 
Last edited:
  • Like
Reactions: DardiM
By default, Sandboxie doesn't stop exploits or malwares ; it just isolate them. To allow process/network blocking, you have to customized it. It is why Sandboxie should never be let in default setting.
 
  • Like
Reactions: DardiM
Umbra said:
By default, Sandboxie doesn't stop exploits or malwares ; it just isolate them. To allow process/network blocking, you have to customized it. It is why Sandboxie should never be let in default setting.
Click to expand...
I have it set so that only chrome processes have permission to run.
 
  • Like
Reactions: DardiM and Deleted member 178
shmu26 said:
thanks for detailed answer.
please pardon my uneducated question: if this java script can change my file system, even if browser is sandboxed, what is to stop other exploits from changing my file system?
Click to expand...
(1) No, it's the uTorrent client which is made/programmed to accept localhost/remote connection from another process.
So, only what the programmer of uTorrent has allowed can be change in uTorrent, and no system files (or only if you gave all access to you uTorrent :eek:).

(2) And if exploits can change file system, why run browser in sandbox?
Umbra said:
By default, Sandboxie doesn't stop exploits or malware ; it just isolate them. To allow process/network blocking, you have to customized it. It is why Sandboxie should never be let in default setting.
Click to expand...
(3)
shmu26 said:
I have it set so that only chrome processes have permission to run.
Click to expand...
This way, chrome has permission to establish a connection (localhost/port) with your uTorrent Client (which must be running, otherwise nothing happen), using duckietorrent.torrent.js
DardiM said:
* The Utorrent/Bittorrent clients listen on one of 20 ports on localhost to allow other apps to connect to them.
* Discovery is done by performing a /version request to these ports until the first hit
* After that, an authentication token is requested on the client (you need to save this somewhere, the demo does so in localStorage)
* With the token you can get a session ID, and with the session ID you can start polling for data. Don't poll and the session will expire and you will need to fetch a new session ID with the token.*
* Polling for data results in a tree structure of RPC functions and object data
* The RPC structures are matched against regexes and the parameters are type-checked.
* Passing the wrong data into a callback will crash uTorrent/BitTorrent violently (Which could be an attack angle for security researchers)
Click to expand...
(4) It isn't the JavaScript used by "Pimp My uTorrent" that directly changes your uTorrent settings. It only connect to your uTorrent Client and call a uTorrent Procedure with valid parameters (see my first post to see parameters used). This way it is your uTorrent itself that changes some settings (to removes ads) - and none of your files that can't be accessed by normal use of uTorrent can be change (unless you gave it all rights :rolleyes:).

EDITED to be more understandable
 
Last edited:
  • Like
Reactions: harlan4096 and shmu26
DardiM said:
1) if this java script can change my file system, even if browser is sandboxed, what is to stop other exploits from changing my file system?
=> No, it's the uTorrent client wich is made to accept localhost connection, and communicate this way with another process.
So, only what the creator of uTorrent has allowed can be change uTorrent. Not on sytem files.

2) And if exploits can change file system, why run browser in sandbox?

EDIT: it could be argued that sandboxing the browser protects against downloads. But that can be accomplished by an anti-exe.

3)

This way, chrome has permission to etablish a connection on localhost, on ports, then :



It isn't the JavaScript used by "Pimp My uTorrent" which directly change files. It only communicate with uTorrent Client by Local Neywork, connecting directly to uTorrent Client witch is made to accept this connection and interaction. So only files that can be accessed in normal use by uTorrent can be modified, no system files.
Click to expand...
hey, thanks a lot. that clears up a lot of things.
 
  • Like
Reactions: DardiM
I have edited my previous posts, to be more understandable
(I need to improve my English :()
 
Status
Not open for further replies.

You may also like...