You are reading:
Under the Surface of Azeroth:
A Network Baseline and Security Analysis
of Blizzard's World of Warcraft
|
|
The Blizzard Downloader is a single-use BitTorrent-compliant application. This all-in-one program includes information about the torrent, as well as an alternative download function. Because of firewall or router issues, not everyone can take advantage of the BitTorrent protocol, so Blizzard has created an alternative that can retrieve the patch directly through a standard HTTP file transfer. This dual functionality ensures that everyone can obtain the upgrade without the worry of properly configured network and security components.
As soon as the Blizzard Downloader starts, it sends an announcement message to the central Blizzard "tracker" at us.tracker.worldofwarcraft.com on TCP port 3724. The tracker is a central server that contains a list of the other workstations that are currently participating in the BitTorrent-based file transfer. The announcement message from the Blizzard Downloader informs the tracker that we're now online and ready to participate in the peer-to-peer download process.
In our trace file, the announcement to the tracker contained this BitTorrent-compliant information:
GET /announce info_hash=a%7C.%85%A4%C1%7B%A2%92%151%88%0BX%950%80%00s%3E peer_id=BLZ%00%07X5%B2%DDU%CA%DDj%DB%84S%B9%C2S%60 key=E894CC7A port=3724 connectstats=0,0,0,0,0 ip=192.168.0.10 uploaded=0 downloaded=0 httpdownloaded=0 left=0 stats=3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 compact=1 event=started
Although some of this information isn't completely documented within the BitTorrent protocol specification, we know that our workstation is announcing that it would like to participate as a peer with the file that matches the hash value specified with info_hash. Our randomly generated peer_id number is also provided, along with our port number and IP address. Some additional byte counters and statistics are also included in the announcement description.
The Blizzard tracker responds back with a grouping of some useful information (for readability, the BitTorrent structure has been removed):
direct url: http://blizzard.vo.llnwd.net/o16/content/WoW-2.1.0.6692-to-2.1.0.6729-enUS-patch.exe http://blizzard.vo.llnwd.net/o16/content/WoW-2.1.0.6692-to-2.1.0.6729-enUS-patch.exe http://blizzard.vo.llnwd.net/o16/content/WoW-2.1.0.6692-to-2.1.0.6729-enUS-patch.exe http://ak.worldofwarcraft.com.edgesuite.net/WoW-2.1.0.6692-to-2.1.0.6729-enUS-patch.exe threshold: 50000 interval: 1800 ip: 168.235.218.216 peers: (150 IP addresses listed in hexadecimal)The first section of the response lists four URLs for direct download of the patch using the well-known HTTP protocol. This is useful if your computer is behind a firewall that doesn't support the BitTorrent protocol, but these four sites may be highly utilized during a patch rollout.
The next two lines refer to a threshold and interval. Although there's no documentation for these values, it's reasonable to assume that these variables are related to connectivity and timing.
The local IP address of the Blizzard Downloader workstation is sent next, and the tracker also identifies 150 other IP addresses that are currently participating in the BitTorrent "swarm." The Blizzard Downloader will check-in with the tracker periodically to obtain status updates and changes to the stations participating in the swarm.
