DEF CON p2p configuration and policies - part 2-2
Version 1.0 8/21/2015

eMule / eD2K / KAD configurations and strategy

This post is a long time coming after part 1-2 focusing on bittorrent. That's because there are both less options and less things to tweak, but for completeness I'll post what we do on the server side:

eMule Server Configuration

- Do not automatically update server list when connecting to another server or client

- Support protocol obfsucation

- Use only the TCP port, default is 4662 (UDP is +10, so 4672)
Not all software allows you to disable UDP, and if you do you won't be reachable on the KAD network. Like with bittorrent, because we are only serving files and not searching for them, peer discovery is not important to us. If enough users connect to our server then THEY will share our address information through KAD, and we won't have to. Again it is a trade off of your server potentially being used as a DDOS amplifier vs. knowing about as many peers as possible. You will serve less files without UDP KAD, but you will do it in a safer way. Up to you.

- Select a server to connect to
We use eMule Security No1 at IP because it has the most files and users generally, and we delete all the other servers out of the server list so we won't randomly connect to some other server.

Creating .emulecollection files

For those not familiar an .emulecollection file is kind of like a .torrent file, but different.
It is the same in that you just need to download the emaulcollection file to start downloading a collection.
It is the same in that the file contains checksums of the files.
It is the same in that it can contain HTTP-sources (Think HTTP seeds in bittorrent language)

It is different in these important ways:
It can not handle HTTPS sources.
It can include Client-Sources, these are addresses of clients / servers that are known to hold the files referenced in the collection.
It can include links to the files with an AICH hashset [1] as well as an AICH hash [2]
It is a human readable and editable text file.

In eMule world you don't need a tracker so you don't have to worry about where to upload it, create a bunch of accounts on popular torrent sites, etc.

>> Important Difference to seeders <<
Let's say I need to rename all the files from DEF CON 10 to fix some mistakes. With bittorrent I would need to regenerate the DEF CON 10 torrents, and everyone that had the old torrent wouldn't be able to find the files unless I kept two copies, the old with the mistakes and the new with the corrections.

With an emulecollection, because it is the file hashes that are shared and not the filenames, what would happen is the old emulcollection file would still contain the correct file hashs, and the new emulecollection would have different filenames but the same hashes. I could keep one copy of the correctly named DEF CON 10 files.

So what does this all mean for us? Here is how DEF CON builds the .emule collections using eMule Link Creator v0.7
- Only generate .emulecollection files with no HTTP-sources because encryption is not supported.
- Add client-sources for your server(s) that will host the files.
- Create links with AICH hash.
- Create links with hashset.


There are now two (or three if you use KAD) ways to share your files. One is just like with torrent files, spread them around, post links to them, get people to download your collection files and start leeching. It is important to share your .emulecollection files over https to prevent people corrupting it and then sharing malicious files.

The second way is regardless of your .emulecollection file your files will be shared over the eMule network. If you have properly filled in the metadata in your eMule client then you should see more activity on them. When you add or update files the changes are immediate to the network, but you'll need to remember to update your .emulcollection files.

That's about it! If I had a wishlist for emule development it would include a few changes:
- Support for https client-sources - This would really help improve security and hide file sharing from nosy ISPs
- Update "protocol obfuscation" and replace it with https support to make all traffic look like https web traffic. CPUs can handle it now.

The Dark Tangent

[1] An AICH hashset is sort of like torrent pieces that describe chunks of the file. "It helps spread new and rare files faster, at the cost of an increased linksize"
[2] An AICH hash is the hash of the file to be shared, excluding the filename and extension. This hash is what is searched for in the eMule network.