What is eMule Peer-to-Peer Software?
There are and have been many applications that allow computer users to share files over the Internet.
Peer-to-peer (P2P) sharing software allow users to connect directly to other users and transfer files between themselves. One such application is eMule.
eMule allows computer users connected to its network via the Internet to share files within specific designated folders.
The software interface allows the users to identify files that match criteria by searching the content of other participating computers for relevant matches.
Any search results are provided within eMule by matching the search terms conducted to any of a number of different properties of a file including type, name description, title etc.
Once the search has been submitted within eMule the interface returns the results in a list that can then be downloaded by the user either individually by the user selecting separate files or as a group of files as a result of the user selecting multiple files.
The History of eMule
eMule began on 13th May 2002 by Hendrik Brietkreuz who decided to develop the software as he was not happy with the function of eDonkey.
The first version 0.02 was released on Sourceforge on 6th July 2002 and as a binary at version 0.05a on 4th August 2002 and the eMule website went line on 8th December 2002.
From version v0.40 onwards, eMule added support for the Kad network that does not rely upon central servers, instead, it uses a distributed hash table as well as the ability to search for alternative sources of files on the eDonkey network.
In newer versions, eMule adds the IP to a bad source list if it provides an unsuccessful connection and then it is treated as it it does not exist for up to 45 minutes.
The software developers also added intelligent corruption handling where a file did not need to be fully downloaded again if a part of it was found to be corrupt.
In version 0.47b, protocol obfuscation was added so that eMule would automatically select 2 random port numbers on startup in order to negotiate around the bandwidth throttling for peer-to-peer software that were introduced by Internet service providers in 2007.
A Brief Explanation of the Operation of eMule
When a file is shared over eMule, it is hashed using the MD4 algorithm. The MD4 hash, the file size, file name, bit rate, etc are stored on the Kad network.
An eMule user can conduct a search for the file name of a file on the network and those matching results, the unique identifier including the MD4 hash of the file are returned and can be selected for download.
The eMule application then sends this request to the servers where other users are sharing that hash and those servers return the locations of those clients.
The file is then requested from the clients and the eMule application then queues until the file can be downloaded.
When a 9 KiB portion of the file has been downloaded then that part is also shared by the downloading user so that others can then download it from them as well as the other sources previously available.
Advanced Intelligent Corruption Handling was developed in later versions of eMule to keep up with BitTorrent, SHA-1 hash values are calculated for each 180 KiB of data.
The Credit System
eMule allows Credits to be exchanged between clients and rewards contributions from users on the network, such as those uploading to others by reducing the waiting time that the user will need to wait in the queue.
The credits are held within the clients.met file and a unique user hash is provided to identify the client. Your credits are held by the client that owes the credit and your own credits cannot be displayed.
Emule Configuration Files
The eMule application normally saves its configuration files within the directory path \ProgramData\eMule\config and those files include the following:
- Clients.met – Stores all credits achieved.
- Preferences.ini – Contains all settings within the Options menu including column width and application layout.
- Cancelled.met – Stores all files that were cancelled without being fully downloaded so that the application can identify them in the future.
- Known.met – Stores all shared, currently downloading or previously downloaded files via eMule including file name, hash value and file size.
- Known2_64.met – Stores the AICH hash values of all downloaded and shared files.
- EmFriends.met – Contains all friends added to the users account.
- Server.met – Contains all known servers.
About Athena Forensics
For information on our digital forensic services or if you require any advice or assistance please contact a member of our team on 0845 882 7386 or via email on firstname.lastname@example.org, further details are available on our contact us page.
Our client’s confidentiality is of the utmost importance. All correspondence is treated with discretion, from initial contact to the conclusion of any computer forensics investigation.
Our digital forensics experts are fully aware of the significance and importance of the information that they encounter and we have been accredited to ISO 9001 for 10 years.
Our forensic experts are all security cleared and we offer non-disclosure agreements if required. Our premises along with our security procedures have been inspected and approved by law enforcement agencies.
Athena Forensics do not disclose personal information to other companies or suppliers.