UUHash
|
|
UUHash is a hash algorithm employed by clients on the FastTrack network. It is employed for its ability to hash very large files in a very short period of time, even on older computers. However, this is achieved by only hashing a fraction of the file. This weakness makes it trivial to create a hash collision, allowing large sections to be completely altered without altering the checksum.
This method is used by Kazaa and is exploited by the RIAA to corrupt downloads whenever possible.
How it works
UUHash will hash the first 300 kilobytes using MD5 and then apply a custom smallhash function to 300 KB blocks at file offsets 2^n MB with n being an integer incremented from 0 until the offset reaches end of file. Finally the last 300 KB of the file are hashed. If the last 300 KB of the file overlap with the last block of the 2^n sequence this block is ignored in favor of the file end block.
So, for example:
- offset 1 MB, 300 KB hashed
- offset 2 MB, 300 KB hashed
- offset 4 MB, 300 KB hashed
- offset 8 MB, 300 KB hashed
- ...
- last 300 KB of file hashed
The 128 bit MD5 hash and the 32 bit smallhash are then concatenated yielding the 160 bit hash used to identify files on the FastTrack network.
The actual hash used on the FastTrack network is a concatenation of 128 bit MD5 of the first 300 KB of the file and a sparse 32 bit smallhash calculated in the way described above. The resulting 160 bits when encoded using Base64 become the UUHash.
Sig2Dat
The name UUHash is an unfortunate choice and derives from the sig2dat (http://www.geocities.com/vlaibb/tools.html) utility which creates URIs referencing files on Kazaa. These URIs are of the form:
sig2dat://|File: surprise.mp3|Length:5845871Bytes|UUHash:=1LDYkHDl65OprVz37xN1VSo9b00=
Not considering the fact that this URI format is not RFC conformant, it is clear that UUHash refers to the Base64-encoding of the hash and not the hash itself.