Protect your privacy when torrenting

I recently received a Notice of claimed copyright infringement from my Internet Service Provider, TekSavvy.

I’m not worried about this alleged breach of the law, but it still prompted me to up my torrent privacy game. After all, I don’t want my ISP to be involved in all the weird stuff I’m doing on the internet.

I did a bit of research, mainly around VPN splitting, but I’m getting ahead of myself. Here is a guide explaining how I actually torrent now:

Requirement: BitTorrent and VPN software

I’ll assume you already have qBittorrent and OpenVPN installed.

If not, I highly encourage you to install those through Chocolatey. It’s a package manager for Windows that provides the following advantages over installing stuff “the old way”:

  • Automatically selects the right binary (no more guessing the right download button)
  • Installs fast and silently (no wizard, next, next, next, next…)
  • Installs that package adware are prohibited
  • Updates software easily (just type choco upgrade all)
  • Feels like 2015, on par with linux that had this for the last decade

Choosing a VPN Provider

A Virtual Private Network is essentially an encrypted tunnel through which you can access network resources on the other side. VPNs are primarly used by people working from home that need access to internal company resources. In our case, a VPN will be used as a gateway to the Internet, so people on the other side looking at your connection will see your VPN gateway’s IP address instead of the one provided by your ISP.

A lot of companies are offering such a service but not all VPNs are created equal. TorrentFreak has a nice list of VPN providers that take privacy seriously.

I like Private Internet Access, because they’re cheap (40$ / year) and they’ve been there for some time. I’ve been using them for the last 3 years.

However, I wouldn’t recommend using Private Internet Access in a hostile environment as their security configuration is a bit lacking (no certificate authentication, weak encryption). For such networks, I use PrivateTunnel (disclosure: get +200 MB on signup with my referal link) which have stronger security and have a different pricing scheme: they bill by usage (in GB) instead of time (monthly, yearly). Ideal when you’re doing light usage in public places or security conferences.

The following assumes the use of the Private Internet Access VPN so it might be a bit different if you choose another provider. In either case, don’t install their bundled client software, we’ll use OpenVPN instead.

Setting up Private Internet Access on Windows

  1. First step is to download the OpenVPN configuration files
  2. Extract the contents of the zip file to OpenVPN’s config directory (usually C:\Program Files\OpenVPN\config)

Optional: Skip username/password prompt

Private Internet Access use password authentication with their VPN. As such, you’ll be prompted to enter your username/password each time you connect. You can avoid this prompt by creating a new file in that directory called auth.txt with your username in the first line and password in the second line, like this:

p5235234           <-- username
oMZ1dXD-$9mB1zsN   <-- password

Next, update the .ovpn file of your choice (or all of them) by adding the following line:

auth-user-pass auth.txt

This will tell your OpenVPN client to use the username and password contained in the auth.txt file that you just created.

Optional: VPN Splitting

By default, the VPN providers will set the redirect-gateway option, meaning that all your internet traffic will go through the VPN.

There are some important reasons why you might not want to do that:

  1. It cuts you off from your local network. You’ll lose access to your local server, printer, chromecast…
  2. It introduces latency and network overhead. Everything will be a tiny bit slower. Say goodbye to online gaming.
  3. It might block you from online services. Some services (espicially media streaming like Netflix) are blocking known VPN gateways.

Those are deal-breakers for me. Fortunately, there is a way to split the traffic into 2 streams: your regular traffic and your torrent one.

You’ll have to edit your .ovpn file(s) to add the following lines:

route net_gateway
route net_gateway
route net_gateway
route net_gateway

This will tell Windows to avoid using the VPN interface to reach the Internet.

For the next step, you’ll have to know the name of the OpenVPN adapter on your machine.
Go to your “Network and Sharing Center” and look for the TAP-Windows Adapter V9 interface. Default name is “Ethernet” but mine is is called “OpenVPN #1”.

Back to qBittorrent, in the advanced options, select your VPN network interface.

This will effectively “bind” qBittorrent to a specific network interface, telling the app to only use that particular one (and its IP address).

Launching OpenVPN

Last step is to launch OpenVPN GUI and establish a connection to your provider. You’ll need to do that as an administrator. Rest easy knowing that no torrent traffic will be sent from your public IP. What a great time to make use of the excellent qBittorrent built-in torrent search!


With this setup, I shouldn’t receive any more of those “Notice of claimed copyright infringement”. Hopefully this has been of some help to you. Now excuse me while I get back to download completely legitimate torrents.

Plaid CTF “Torrents” write-up


This post is about a challenge from the Plaid CTF computer security competition. Check out this blog post for more information about the competition in general.

Challenge (200)

It turns out that robots, like humans, are cheap and do not like paying for their movies and music. We were able to intercept some torrent downloads but are unsure what the file being downloaded was. Can you figure it out?

The file is a wireshark capture containing a torrent transfer between 2 peers. We had to extract the data inside the pieces and sort them in the right order.


My solution is not as pretty as Squall’s or Michael’s but I’m pretty sure I’m the only one crazy enough that did it with Powershell instead of Python.

[powershell]# Ask tshark
$raw= &amp; ‘tshark.exe’ -r torrent.pcap -R ‘’ -T fields -e bittorrent.piece.index -e -E separator=/s

# Split into pieces
$data = @{}
$raw -split ‘[nn]’ | ForEach-Object {
$packet = $_ -split ‘ ‘
if ($data.ContainsKey($packet[0])) { # There are 2 packets for each piece so we concat them here
$data.set_Item($packet[0], (‘{0}:{1}’ -f $data.get_Item($packet[0]), $packet[1]))
} else {
$data.Add($packet[0], $packet[1])

# Sort and concat
$HexString = [String] ”
$data.GetEnumerator() | Sort-Object Name | Select-Object Value | ForEach-Object {
$HexString += (‘{0}:’) -f $_.Value

# Convert hex to byte
$count = $hexString.Length
$byteCount = $count/3
$bytes = New-Object byte[] $byteCount
$byte = $null

$x = 0
for ( $i = 0; $i -le $count-1; $i+=3 )
$bytes[$x] = [Byte]::Parse($hexString.Substring($i,2), [System.Globalization.NumberStyles]::HexNumber)
$x += 1

# Write in a file
set-content -encoding byte ‘output’ -value $bytes[/powershell]

It was a bzipped file with a mp3 and a key containing the answer: t0renz0_v0n_m4tt3rh0rn.
Fun was had.