Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Newer
Older
100644 160 lines (111 sloc) 5.473 kb
56b4296 @driverdan Initial commit
authored
1 dropship - Dropbox API utilities
2 ============================================================
a6d8038 @driverdan Add message about project no longer working to README.
authored
3 Dropbox changed the way they dedupe a while ago and this project no longer works.
4 ---------------------------------------------------------------------------------
56b4296 @driverdan Initial commit
authored
5
6 These utilities make use of the deduplication scheme of Dropbox__
7 to allow for "teleporting" files into your Dropbox account
8 given only a list of hashes, provided of course that the files already exist
9 on their servers. This enables arbitrary, anonymous transfers of files between
10 Dropbox accounts.
11
12 __ http://www.dropbox.com
13
14 This package includes:
15
16 * ``dropship``: Inject a file into your account using a JSON
17 description.
18 * ``hash_blocks``: Produce a description from a file that can
19 be used with ``dropship``.
20
21 How does it work?
22 ------------------
0c15630 @moritz [README] grammar improvement
moritz authored
23 The deduplication scheme used by Dropbox works by breaking files into blocks.
56b4296 @driverdan Initial commit
authored
24 Each of these blocks is hashed with the SHA256__
25 algorithm and represented by the digest. Only blocks that are not yet
26 known are uploaded to the server when syncing.
27
28 By using the same API as the native client, Dropship pretends to sync a
29 file to the dropbox folder without actually having the contents. This bluff
30 succeeds because the only proof needed server-side is the hash of each 4MB block
31 of the file, which is known. The server then adds the file metadata to the folder,
32 which is, as usual, propagated to all clients. These will then start downloading
33 the file.
34
35 __ http://en.wikipedia.org/wiki/SHA-2#SHA-256_.28a_SHA-2_variant.29_pseudocode
36
37 Configuration
38 ------------------------
39 To be able to access the Dropbox server, the utilities need your credentials. These
40 can be provided in the following way:
41
42 - Copy ``config.py.example`` to ``config.py``.
43
44 ::
45
46 $ cp config.py.example config.py
47 $ chmod 600 config.py
48
49 - Extract host_id and root_ns from your Dropbox configuration. In the current version of Dropbox
50 this can be done with:
51
52 ::
53
54 $ ./sqlite_dump ~/.dropbox/config.db
55 ...
56 INSERT INTO "config" VALUES('host_id','00000000000000000000000000000000');
57 INSERT INTO "config" VALUES('root_ns',12345);
58 ...
59
60 ``sqlite_dump`` is provided with this package for convenience.
61
62 - Edit ``config.py``, fill in host_id and root_ns as follows.
63
64 ::
65
66 host_id='00000000000000000000000000000000'
67 root_ns=12345
68
69 Usage
70 -----------------
71
72 A quick example of using ``dropship``. It is very simple, type:
73
74 ::
75
76 $ ./dropship examples/sintel_trailer-1080p.mp4.json
77 File /sintel_trailer-1080p.mp4 dropshipped succesfully.
78
79 After this, the file ``sintel_trailer-1080p.mp4`` (a trailer for the open source movie Sintel__
80 by the Blender Foundation) will magically appear in your Dropbox folder. It will be synced to all devices attached to it.
81
82 If it fails with an error message, make sure that there is enough room on your quota to receive the file.
83
84 __ http://www.sintel.org/download/
85
86 You can hash your own files to ``.json`` format with the ``hash_blocks`` utility:
87
88 ::
89
90 $ ./hash_blocks ~/downloads/ext-4.0-beta3.zip
91 {"blocks": ["4f52526814cb28ecb2683c8f365f88cccaa1c213d6f36875ff98fcf980c21daa", ...
92
93 ::
94
95 $ ./hash_blocks ~/downloads/ext-4.0-beta3.zip > ~/downloads/ext-4.0-beta3.zip.json
96
97 The resulting ``.json`` file can be shared as you wish. It contains only data from the file,
98 and is not bound to your account in any way.
99
100 ``.json`` file format
101 ----------------------
102
103 ``.json`` files, as their name implies, are in JSON__ format. The top-level object contains the following fields:
104
105 __ http://www.json.org/
106
107 *blocks*
108 List of SHA256 hashes. Each hash is a 64 character hexadecimal string.
109
110 *size*
111 Size of the file, in bytes.
112
113 *name*
114 Name of the file.
115
116 *mtime*
117 Last modification time of the file as UNIX timestamp. If not provided
118 it defaults to the current time.
119
120 Disclaimer
121 -----------
122 Currently this is only a proof of concept, satisfying my own curiosity as
123 to how Dropbox works. However, this probably has some interesting
124 applications as well. Feel free to fork this project if you want to
125 add a fancy interface or user-friendlyness.
126
127 License
128 ---------
129 Copyright (C) 2011 by Wladimir van der Laan
130
131 Permission is hereby granted, free of charge, to any person obtaining a copy
132 of this software and associated documentation files (the "Software"), to deal
133 in the Software without restriction, including without limitation the rights
134 to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
135 copies of the Software, and to permit persons to whom the Software is
136 furnished to do so, subject to the following conditions:
137
138 The above copyright notice and this permission notice shall be included in
139 all copies or substantial portions of the Software.
140
141 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
142 IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
143 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
144 AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
145 LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
146 OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
147 THE SOFTWARE.
148
149 Authors
150 ---------
151
152 - Wladimir van der Laan laanwj@gmail.com
153
154 Kudos
155 -------
156
157 - Krzysztof Dziądziak mentioned the theoretical possibility of this on `his blog`__.
158
159 __ http://forwardfeed.pl/index.php/2011/03/23/theoretical-vulnerability-of-dropbox-platform-to-quick-exchange-files/
Something went wrong with that request. Please try again.