Thursday, May 8, 2008

BitComet 1.01 Final unpacked

BitComet 1.01 Final unpacked - The Clean EdiTion
Program Exe is compressed with PE Compact 2.8
following content:
http://update.bitcomet.com/bitcomet/channel/demo.gif
http://update.bitcomet.com/bitcomet/channel/demo_zh_cn.xml
http://download.bitcomet.com/bitcomet/bitcomet_setup.exe
http://passport.bitcomet.com/client/mydetails/?l=3D${LANG_=
ID}&v=3D${CLIENT_VER}
http://blog.mdbchina.com/u/${NICK_NAME}
http://my.mdbchina.com/community/1029/
http://passport.bitcomet.com/client/mydetails/?l=3D${LANG_=
ID}&v=3D${CLIENT_VER}
reference to Passport sources app:passportlogin, graphics, htm...


Following is taken from BitComet.exe original:

http://update.apphit.com/update/submit/
http://update.jprj.com/update/submit/
http://update.apphit.com/update/software.xml.gz
http://update.jprj.com/update/software.xml.gz
http://www.bitcomet.com/client/bcb/?v=${CLIENT_VER}&l=${LANG_ID}
http://www.bitcomet.com/client/leftband/?from=bcb&v=${CLIENT_VER}&l=${LANG_ID}
http://www.didai.com/client/leftband/?from=bcb&v=${CLIENT_VER}&l=${LANG_ID}
http://www.bitcomet.com/client/video-download/?from=bcb&v=${CLIENT_VER}&l=${LANG_ID}
http://www.bitcomet.com/client/help/?item=download-video&from=bcb&v=${CLIENT_VER}&l=${LANG_ID}
http://www.bitcomet.com/client/help/?item=mpc&v=${CLIENT_VER}&l=${LANG_ID}
http://www.bitcomet.com/client/help/?item=conflict-software&value=${CONFILCT_SOFTWARE}&v=${CLIENT_VER}&l=${LANG_ID}
http://www.bitcomet.com/client/file-extension/?extension=${FILE_EXTENSION}&v=${CLIENT_VER}&l=${LANG_ID}
http://update.bitcomet.com/client/bitcomet/
http://crash-report.bitcomet.com/translation/translation.asp
http://googlecn.bitcomet.com/pinyin/
http://googlecn.bitcomet.com/toolbar/
http://google.bitcomet.com/toolbar/
http://download-partner.bitcomet.com/client/first-run-download/?v=${CLIENT_VER}&l=$ {LANG_ID}&key=${INSTALL_PACKAGE_FILENAME}
http://inside-snap.bitcomet.com/snap-submit/http/${HASH_CODE}/${SIZE}/?
v=${CLIENT_VER}&l=${LANG_ID}
http://inside-snap.didai.com/snap-submit/http/${HASH_CODE}/${SIZE}/?v=${CLIENT_VER}& l=${LANG_ID}
http://inside-snap.bitcomet.com/snap-query/http/${HASH_CODE}/${SIZE}/?v=${CLIENT_VER}&l=${LANG_ID}
http://inside-snap.didai.com/snap-query/http/${HASH_CODE}/${SIZE}/?v=${CLIENT_VER}&l=${LANG_ID}
http://inside-snap.bitcomet.com/snap-query/bt/${HASH_CODE}/${SIZE}/?v=${CLIENT_VER}& l=${LANG_ID}
http://inside-snap.didai.com/snap-query/bt/${HASH_CODE}/${SIZE}/?v=${CLIENT_VER}&l=$ {LANG_ID}
http://inside-stats2.bitcomet.com/xmlstats/
http://inside-stats2.didai.com/xmlstats/
http://inside-stats.bitcomet.com/xmlstats/
http://inside-stats.didai.com/xmlstats/
http://www.bitcomet.com/client/torrent-share-search/?v=${CLIENT_VER}&l=${LA
NG_ID}&type=bt&q=${UTF8_TITLE}&hash=${HASH_CODE}&size=${SIZE}
http://snapshot.${DOMAIN}/web/${TASK_TYPE}/${HASH_CODE}/${SIZE}/?v=${CLIENT_VER}&l=${LANG_ID}&title=${UTF8_TITLE}
http://post.${DOMAIN}/web/${TASK_TYPE}/${HASH_CODE}/${SIZE}/?v=${CLIENT_VER}&l=${LA NG_ID}&title=${UTF8_TITLE}
http://inside.${DOMAIN}/task_recommend/${HASH_CODE}/${SIZE}/?v=${CLIENT_VER}&l=${LANG_ID}&type=${TASK_TYPE}&filename=${FILE_NAME}&url=${ESCAPED_URL}
http://inside.${DOMAIN}/task_recommend/${HASH_CODE}/${SIZE}/?v=${CLIENT_VER}&l=${LANG_ID}&type=${TASK_TYPE}&filename=${FILE_NAME}
http://inside.${DOMAIN}/task_recommend/${HASH_CODE}/${SIZE}/?v=${CLIENT_VER}&l=${LANG_ID}
http://inside.${DOMAIN}/task_snapshot/${HASH_CODE}/${SIZE}/?v=${CLIENT_VER}&l=${LANG_ID}&type=${TAS
K_TYPE}&filename=${FILE_NAME}&url=${ESCAPED_URL}
http://inside.${DOMAIN}/task_snapshot/${HASH_CODE}/${SIZE}/?v=${CLIENT_VER}&l=$
{LANG_ID}&type=${TASK_TYPE}&filename=${FILE_NAME}
http://inside.${DOMAIN}/task_snapshot/${HASH_CODE}/${SIZE}/?v=${CLIENT_VER}&l=${LANG_ID}
http://inside.${DOMAIN}/task_post/${HASH_CODE}/${SIZE}/?v=${CLIENT_VER}&l=${LANG_ID} &type=${TASK_TYPE}&filename=${FILE_NAME}&url=${ESCAPED_URL}
http://inside.${DOMAIN}/task_post/${HASH_CODE}/${SIZE}/?v=${CLIENT_VER}&l=${LANG_ID}&type=${TASK_TYPE}&filename=${FILE_NAME}
http://inside.${DOMAIN}/task_post/${HASH_CODE}/${SIZE}/?v=${CLIENT_VER}&l=${LANG_ID}
http://inside.${DOMAIN}/task_content/${HASH_CODE}/${SIZE}/?v=${CLIENT_VER}&l=${LANG_ ID}&type=${TASK_TYPE}&filename=${FILE_NAME}&url=${ESCAPED_URL}
http://inside.${DOMAIN}/task_content/${HASH_CODE}/${SIZE}/?v=${CLIENT_VER}&l=${LANG_ID}&type=${TASK_TYPE}&filename=${FILE_NAME}
http://inside.${DOMAIN}/task_content/${HASH_CODE}/${SIZE}/?v=${CLIENT_VER}&l=${LANG_ID}
http://sidebar.${DOMAIN}/task/${TASK_TYPE}/${HASH_CODE}/${SIZE}/?v=${CLIENT_VER}&l=${LANG_ID}&filename=${FILE_NAME}&url=${ESCAPED_URL}
http://sidebar.${DOMAIN}/task/${TASK_TYPE}/${HASH_CODE}/${SIZE}/?v=${CLIENT_VER}&l=${LANG_ID}&filename=${FILE_NAME}
http://sidebar.${DOMAIN}/task/bt/${HASH_CODE}/${SIZE}/?v=${CLIENT_VER}&l=${LANG_ID} http://inside.${DOMAIN}/inside_hot/?v=${CLIENT_VER}&l=${LANG_ID}
http://passport.bitcomet.com/client/weblogin/
http://passport.bitcomet.com/client/modify/?v=${CLIENT_VER}&l=${LANG_ID}
http://passport.bitcomet.com/client/retrievepassword/?v=${CLIENT_VER}&l=${LANG_ID}
http://passport.bitcomet.com/client/help/?v=${CLIENT_VER}&l=${LANG_ID}
http://passport.bitcomet.com/client/register/?v=${CLIENT_VER}&l=${LANG_ID}
http://www.bitcomet.com/client/help/?item=plugin-emule-search&from=search_dlg&v=${CLIENT_VER}&l=${LANG_ID}
http://www.bitcomet.com/client/help/?item=download-video&from=download&v=${CLIENT_VER}&l=${LANG_ID}
http://www.bitcomet.com/client/help/?item=translation&from=maker&v=${CLIENT_VER}&l=${LANG_ID}
http://www.bitcomet.com/client/help/?item=maker&from=maker&v=${CLIENT_VER}&l=${LANG_ID}
http://www.bitcomet.com/client/help/?item=plugin-emule-download&from=options&v=${CLIENT_VER}&l=${LANG_ID}
http://www.bitcomet.com/client/help/?item=plugin-emule&from=options&v=${CLIENT_VER}&l=${LANG_ID}
http://www.bitcomet.com/client/help/?item=360safe&from=options&v=${CLIENT_VER}&l=${LANG_ID}
http://www.bitcomet.com/client/help/?item=killvirus&from=options&v=${CLIENT_VER}&l=${LANG_ID}
http://www.bitcomet.com/client/help/?item=tcpip-patch&from=options&v=${CLIENT_VER}&l=${LANG_ID}
http://www.bitcomet.com/client/help/?item=${ITEM}&value=${STATUS}&from=statusbar&v=${CLIENT_VER}&l=${LANG_ID}
http://www.bitcomet.com/client/help/?item=peer_share&from=toolbarbelow&v=${CLIENT_VER}&l=${LANG_ID}
http://www.bitcomet.com/client/help/?item=my_share&from=toolbarbelow&v=${CLIENT_VER}&l=${LANG_ID}
http://so.mdbchina.com/query/${QUERY}
http://www.bitcomet.com/client/toolbar/?item=${ITEM}&from=toolbar&v=${CLIENT_VE
R}&l=${LANG_ID}
http://www.bitcomet.com/client/help/?item=changelog&from=menu&v=${CLIENT_VER}&l=${LANG_ID}
http://www.bitcomet.com/client/help/?item=shortcut&from=menu&v=${CLIENT_VER}&l=${LANG_ID}
http://www.bitcomet.com/client/help/?item=forums&from=menu&v=${CLIENT_VER}&l=${LANG_ID}
http://www.bitcomet.com/client/help/?item=help?from=menu&v=${CLIENT_VER}&l=${LANG_ID}
http://www.bitcomet.com/?refer=BitCometSoft&v=${CLIENT_VER}&l=${LANG_ID} ${DOMAIN} didai.com bitcomet.com ${UTF8_TITLE} ://task Unknown stream
addchannel vod /? bctp:// task/ vod/ stream/ addchannel/ HASH_ level WARNING ACCEPT rules\Blocklist.dat g‹ x7ak£™$ Sotware Update Check Frequency: CheckSoftwareUpdateDlg: :ContentLabel BitComet is now able to check your installed software and tell you if any new version is released . ....blah blah blaaahhh....


${ESCAPED_URL} &key= google-analytics.com 85851.com  passport_info_  passport_login_ weburl   xmlns:BitComet  channel description language  pubDate %a,%d %b %Y %H:%M:%S %q  Sun, 1 Jan 2006 00:00:00 GMT copyright BitComet:columns  format  BitComet:category BitComet:pages  page  total BitComet:search item  guid  opened  url_download  url_bc  url_torrent url_web a to left ...

SpyWare, AdWare !?!?
http://inside-stats2.bitcomet.com/xmlstats/
http://inside-stats2.didai.com/xmlstats/
http://inside-stats.bitcomet.com/xmlstats/
http://inside-stats.didai.com/xmlstats/
http://googlecn.bitcomet.com/pinyin/
http://googlecn.bitcomet.com/toolbar/
http://google.bitcomet.com/toolbar/
http://download-partner.bitcomet.com/
http://update.apphit.com/update/submit/
http://update.jprj.com/update/submit/
http://update.apphit.com/update/software.xml.gz
http://update.jprj.com/update/software.xml.gz
http://so.mdbchina.com/query/
http://blog.mdbchina.com/u/${NICK_NAME}
http://my.mdbchina.com/community/1029/

FW rule drop in/out to:
*.didai.com
didai.com
*.bitcomet.com
*.apphit.com
*.jprj.com
*.mdbchina.com


- BitCometRes.dll v1.0.0.1 is embedded in the program exe

- up to the Language settings bitcomet.exe download different toolbars from website folders:
http://googlecn.bitcomet.com/pinyin/
http://googlecn.bitcomet.com/toolbar/
http://google.bitcomet.com/toolbar/
an embedded Toolbar installer file from:
http://download-partner.bitcomet.com/

Some languages (Local Country OS Settings) return no need to install 3th party apps partner... toolbar xxx.

If you in Europe, North America, Language and Local settings to USA, Germany etc... No need found in code, it skip the toolbar downloader if the local os settings and language is in code listed as "not required". If you are in South America, Middle East, Asia, most Countries settings required the Toolbar downloading and automatical installation progress. It pops up as a failed download dialog if remove the url's and 3th party toolbar filenames for it in the program exe.

In this case I don't make changes in this sh1t program and don't try to clean it or make it more user friendly without ads. It's simple to much messed up in the newer versions which is really annoying.

About running the setups I never did it. Use universal extractor unpack/extract the nullsoft nsis installer (7zip compr.), run only the program exe.
Bitspirit.exe creates by self subfolders and files if use only the program exe in a folder without any other files from the setup. It adds lots of regkeys. A uninstaller will fail to clean the program rests from system even if run via the setup installer the unistallation routines.

BitComet.exe support Virus Scan with Kaspersky v5/6/7 + Rising if its present.
Bitcomet.exe adds a lot of registry keys to windows registry. Browser menu entries, FirewallPolicy rules on port: 19350:TCP and UDP *Enabled
...etc...
run regedit, search bitcomet

No comments:

Post a Comment