Torrent Support

Following our recent introduction to Scan Providers, here’s a first implementation example. In this post we’ll see how to add support for Torrent files in Profiler. Of course, the implementation shown in this post will be available in the upcoming 2.5.0 release.

Let’s start by creating an entry in the configuration file:

For the automatic signature recognition we may rely on a simple one:

Torrent files are encoded dictionaries and they usually start with the announce item. There’s no guarantee for that, but for now this simple matching should be good enough.

The encoded dictionary is in the Beconde format. Fortunately, someone already wrote the Python code to decode it:

We can now load the file and decode its dictionary:

We call the GetDictionary method first time in the _initObject method, so that the parsing occurs when we’re in another thread and we don’t stall the UI.

Let’s display the parsed dictionary to the user:

Dictionary

This is the description extracted from Wikipedia of some of the keys:

  • announce—the URL of the tracker
  • info—this maps to a dictionary whose keys are dependent on whether one or more files are being shared:
    • name—suggested filename where the file is to be saved (if one file)/suggested directory name where the files are to be saved (if multiple files)
    • piece length—number of bytes per piece. This is commonly 28 KiB = 256 KiB = 262,144 B.
    • pieces—a hash list, i.e., a concatenation of each piece’s SHA-1 hash. As SHA-1 returns a 160-bit hash, pieces will be a string whose length is a multiple of 160-bits.
    • length—size of the file in bytes (only when one file is being shared)
    • files—a list of dictionaries each corresponding to a file (only when multiple files are being shared). Each dictionary has the following keys:
      • path—a list of strings corresponding to subdirectory names, the last of which is the actual file name
      • length—size of the file in bytes.

While the dictionary already could suffice to extract all the information the user needs, we may want to present parts of the dictionary in an easier way to read.

First, we’d like to show to the user some meta-data information, which may be contained in the dictionary. To do that, we add a meta-data scan entry:

We also warn the user if the file exceeds the allowed maximum. We perform the whole scan logic in the UI thread, since we’re not doing any CPU intensive operation and thus we return SCAN_RESULT_FINISHED, which causes the _threadScan method not be called.

Here we return the meta-data to the UI:

MetaData

Also it would be convenient to see the list of trackers and files. Let’s start with the trackers:

Trackers

When retrieving data from the dictionary, we also make sure that it is in the correct type, so that the code which handles this data won’t end up generating an exception when trying to process an unexpected type.

And now the files:

Files

And that’s it. Now again the whole code for a better overview:

We could still extract more information from the torrent file. For instance, we could show the list of hashes and to which portion of which file they belong to. If that’s interesting for forensic purposes, we can easily add this view in the future.