I've been tinkering with Python all day today... it's pretty slick. Just for practice, I tried to cobble together a tripcode decoder that would let you have "real" words in your tripcode as !WAHa and Sling and others do, and it actually came out better than I thought it would be. I'm aware there's already a program that does this, but if memory serves me, it's Windows-only and in Japanese besides. My script is kind of dumb in the way it goes about things -- it basically just tears through random strings until it finds one that fits -- but I've tested it repeatedly and it seems to work. If you'd like to check it out, nab it here:
http://www.anre.org/crap/detripper.bz2
Of course, you may need to modify the hashbang line depending on where Python is on your machine, and don't forget those execute bits, people... Use "-h" for help.
First person to ask how to get this to run on Windows gets pointed and laughed at.
translatio of tripcode explorer plz
translation of tripcode explorer plz
I assume it's possible to have a tripcode where the input is the same as the output, any examples?
>>403
the input is 8 characters. the output is 10 characters.
so no, it isn't possible.
Not sure where to post it, I don't want to bump really old threads so I'll ask here:
at the initiative of SAoVQ, we are writing a small guide to anonymous boards on a wiki. It's not very good right now, but we've just started: http://tanasinn.info/wiki/A_Guide_to_Anonymous_Boards
On the part about tripcodes, I talked out of my ass about choosing a good tripcode. Could someone who actually understands well the CPU cost of cracking various tripcodes help us to provide an easy rule to follow for choosing something uncrackable?
>>405 tripcodes are designed to be a useful tool in establishing an identity, not a secure one. The length of the #hash is, however, a factor in how long it would take to crack.
>>405
anything shorter than about 6 characters is easy to crack.
anything that's all alphanumeric is easy to crack.
by "easy to crack" i mean it'd take less than a week on my crappy slow computer.
>>406-407
Thanks. But does that mean that realistically all tripcodes are bound to fall in a few weeks of brute-forcing, or that something like #f8&45?p3 is expensive enough to make it way too long for a troll with spare CPUs to crack?
Do you think that "8 characters with letters, numbers, and punctuation marks" is a good enough guideline to provide for a short primmer that is not primarily about this topic?
>>408 That'd likely work; there's not much call for tripcode cracking. That said, make sure you at least make a note that it's not a perfect system, and whatever key they use, don't make it your password for anything else!
A note of caution: Some characters (like &<>"',) get translated into HTML entities, and can push the rest of the characters off the end of the 8-character limit. This is essentially a bug, but is implemented in Wakaba and Kareha for bug-by-bug compatibility with the original implementation.
grghf
Hello all,
I stumbled upon this post here (id never even heard of the site here) and i must say this is one of the more interesting reads ive come across.
I was originally looking for a reverse tripcode program. from what ive read here, that seems pretty impossible, and the only thing you seem to have come up with to compensate is a brute force generator.
Most of what was said here kinda flew over my head, but what i DID get has really inspired me to want to learn all about this.
I must confess however, that the reason why i wanted to find a reverse tripcode program may be pretty obvious; i wanted to figure out someones tripcode. But this person is not just some random anon, or an undeniably annoying fellow. This person has some interesting controversy surrounding him/her.
You may or may not have heard about Oversight. If you have, you know where this is going. If you have NOT, please read this:
http://encyclopediadramatica.com/Operation_Falcon_Punch
this person has intrigued me, and i am beginning to think that there is more to his/her riddles than is there for us to see. I have a feeling that his tripcode has something to do with the overall puzzle.
Computer programmers and true "hackers", (not crackers), are by and large, the most intelligent of society because of their strive for knowledge, and the urge to figure out as much as possible.
Because of that, and the prowess you display here, i ask you, if willing, to take a crack at this little mystery.
If nothing else, it will be a chance to stretch those detective muscles i know you all have.
Thank you for this thread, your time, and your knowledge.
TeSeC
P.S. if you want to find me, ask for me in irc.partyvan.fm #fm
P.S.S. im not even gonna bother with a tripcode here.
>>413
You want to crack one of 4chan's secure tripcodes?
Good luck with that, lol.
Why would anyone want to fake being someone with controversy surrounding them?
LOL, go make your own controversy, it's easy enough.
See? That was easy.
!!Gutm29O5FPS ?
Hi again,
I see you guys didnt really like my last post.
Well, can you at least tell me how this Oversight can have a tripcode with two exclamation points at the beginning? i tried putting one before the tripcode, but that didnt work. Really baffled about this one. Shed some light please?
TeSeC
wat
>>419
It's a secure tripcode. Salted with 4chan's secret key.
It helps if you read the 4chan FAQ about tripcodes, you know.
Guys, tripcodes are for fags.
>>264
the symbol ¼ can be used to replace ¼ if your tripcode isn't showing up properly
http://www.megaupload.com/?d=igu8r1cq
TripExplorer, apparently the english translation. Unfortunately, it has a password, and I have no clue what said password is.
>>424
moot, gb2/NIGGERTITS/ and fix /b/ will ya
shut up
>>433
What exactly is TripExplorer? Zip passwords aren't that hard to crack, though all 8 of my CPU cores are currently busy trying to generate a tripcode.
PROTIP: Tripper+ only uses one core. Modern computers often have 2 or more. Just run however many Tripper+'s as you have cores.
(This 8 core 2.8 GHz Mac Pro is doing about 1.3 million tripcodes a second over 8 Tripper+'s running in Wine.)
I'm attempting to crack the password for TripExplorer now, will post once done.
>>436
i think tripexplorer uses bitslice des, and it can use multiple cores. tripper+ uses UFC crypt(), which is pretty slow (compared to other implementations) on most modern machines.
i'm doing about 3.8 million per second on a 2.53GHz core 2 duo right now.
i could do about 1.5 million per second on my single-core 1.6 GHz laptop, so 1.3 million on an 8-core 2.8GHz machine is pretty pathetic.
http://download.kousaku.in/trip/tripper1206-20080216.zip
translate to english plz
>>441
anyone got any ideas where to put anythings and which buttons to pusgh
>>396
What do I do with this? Could it be adapted for CUDA seeing that GPUs are faster than CPUs in number crunching? Incidentally, I got this from 4chan /g/ and don't know how to build/execute/etc.
#include <stdio.h>
#include <unistd.h>
#include <crypt.h>
void strreverse(char* begin, char* end){
char aux;
while(end>begin)
aux=*end, *end--=*begin, *begin++=aux;
}
void itoa(int value, char* str, int base){
static char num[] = "0123456789abcdefghijklmnopqrstuvwxyz";
char* wstr=str;
int sign;
if (base<2 || base>35){ *wstr='\0'; return; }
if ((sign=value) < 0) value = -value;
do *wstr++ = num[value%base]; while(value/=base);
if(sign<0) *wstr++='-';
*wstr='\0';
strreverse(str,wstr-1);
}
int main(void){
char lol[10], ha[3];
char* trip;
int x = 10000;
for(;; ++x){
itoa(x, lol, 10);
ha[2]='\0';
ha[0]=lol[1];
ha[1]=lol[2];
trip = crypt(lol, ha);
if(trip[3] == 'L' && trip[4] == 'O' && trip[5] == 'L'){
printf("%u: %s\n", x, trip);
exit(0);
}
}
return 0;
}
http://download.kousaku.in/trip/tripper1206-20080216.zip
this is the untranslated version of http://rapidshare.com/files/131154477/tripexplorertranslation.zip
also, i'm guessing that in order to get passes that don't contain japanese characters you have to tick the "ASCII blablabla" box in the options in this new version of tripcode explorer?
Was wondering about this too.
Also, are there (H) and (T) [begin with, end with] settings anywhere in Tripexplorer? I can't find them.
>>451 we didn't put the password on it, though.
X̓t@Cւ̃pX[hljĂȂB(GoogleTrans)
>>451
Hello(ɂ)
Sorry about the password, we do not know who put it(pX[hɂĂ͐\܂AN̂Ȃ)
The only file I know of is this >>433 (̒mĂB̃t@C >>433)
That poster also does not know the password(̃|X^[ɂpX[hmĂ̂ł͂܂)
Sorry about the whole thing. Many thanks for your software.(S\܂BȂ̃\tgEFA܂Đɂ肪Ƃ܂B)
I do not know Japanese. I used Google Translate.(͓{mĂ邱Ƃ͂܂B́uGoogle TranslatevgB)
;
If OPs program is in python, why wouldn't it work in Windows? Python is an interpreted language, after all.
>>461
PHP is Perl and C++ haphazardly mixed together, and painted yellow and lime-green plaid.
>>460
When Visual Basic is the only language you've ever used, every language looks like either "Visual Basic with [something]".
dwdw
>>460
Wow, what? Dude wroooooooong
No, really. They're not much different at all.
The differences between C# and VB are merely social and syntactical, and current development is continually narrowing the gap between the two. They're both garbage collected, VM managed, can interoperate with OS components and load external libraries just the same, and they even compile to the same bytecode. Essentially, every language construct available in VB is also available in C#, just with different syntax (and vice versa). The only real differences are whether you want to write End If, Exit While, and Select Case, or the more terse }, break, and switch (and for the close braces, I bet if you have a bunch of } } } } together, you're probably going to comment at least one of them anyway to keep from going cross-eyed), and whether you want to be associated with code monkeys who just write CRUD apps (VB) or with bandwagon hoppers who want to try out the flavor-of-the-week (C#).
>>463
I have been programming for a number of years, and can write substantial amounts of code (i.e. not some first-year-student "hi what's your name" nonsense) in about 20 languages, including Perl, Java, Haskell, Forth, Fortran, and 6502 assembly. Thanks for playing, though.
garbage collection is for faggots
>>469
Not sure why I'm feeding a troll, but...
> unsafe code blocks
Not generally necessary unless you're interfacing with legacy code, since they're unneeded unless you're dealing with old API calls, and most recommended-practices documents say to avoid them whenever possible. I see this as a minor nitpick, and typically irrelevant. Personally, I have always found manipulating pointers to be a pain in the butt in C, and I don't want them in higher level languages.
> Anonymous methods
Supported as of VS 2008.
> Iterators and the yield keyword
VB can do iterators by implementing IEnumerable. There's no keyword for it, but the code is definitely possible. (Although I do think it'd be a fantastic addition for the next version)
> checked and unchecked contexts
I think this fits under the "social" category. You can certainly get VB to ignore overflows and do your own checks if need be. In my experience, it's never been an issue.
I find it interesting that you didn't paste the three adjacent sections. Maybe it's because the "criticisms of VB.NET" section is a bit weak, and the lists of features missing from C# and criticisms of C# don't support your argument.
That, and the entire page is a bit outdated, not entirely accurate, and poorly written.
Also, as I previously stated:
> current development is continually narrowing the gap between the two.
> Also, as I previously stated:
>
> > current development is continually narrowing the gap between the two.
yes, but features generally move from C# to VB.NET, not the other way around. VB is becoming more like C#, C# isn't "VB with braces".
>>453
Well, about TripExplorer, has the password finally been found/cracked?
>>471
While that may be the case, C# is (conceptually) based on C++ and Java, which are both more recent than the BASIC variants on which VB.Net is derived. Also the original BASIC dates back the 1960s and even back then, it had many high-level abstractions that C still doesn't have now (proper string support for example). I strongly suspect MS had VB in mind for a reference model when designing a large portion of C#'s featureset, too.
Regardless, I really didn't mean for my nonsensical comment to get into a drawn-out discussion about the differences between orange-flavored apples and apple-flavored oranges. Back to the topic at hand...
I have been considering some qualities that would make a tripcode decidedly more difficult to crack. In particular, using SJIS, especially in the 2nd and 3rd position of the tripcode. Since an SJIS character is (obviously) not in the range [A-Za-z0-9/], the corresponding byte of the salt will end up as ".", but as it uses the high bit, the actual byte value as far as DES is concerned is (c & 0x7f). Now, looking at the SJIS table, if we only work with halfwidth katakana, we will end up with what amounts to another representation of all numbers and uppercase ASCII letters that produces a separate salt value. (Lowercase letters correspond to double-byte characters and are a bit more complex, but the underlying principle is the same.) Considering the possibility of an SJIS character in any combination of position 2, 3, both, or neither, an SJIS tripcode is theoretically four times as difficult to crack as one using plain ASCII.
As an example, #12345678 produces the tripcode !WBRXcNtpf. -- produced by crypt("12345678", "23"). To illustrate the effect of stripping the high bit, the key #23 of course produces the same tripcode because the salt is the same and all of the high bits are stripped without any side effects. However, the key # instead produces !XlUiP8mHCU, the result of crypt("12345678", "..").
Since the high bit is simply stripped from the other six positions in the key, a tripcode searcher can conveniently ignore the possibility that the input data might be SJIS, and iterate through all ASCII characters in the range 1->127. (No SJIS character uses value 0x80, so we don't have to worry about any 0x0 bytes, and this reduces the total character set by one.) Then check if the second or third byte is in the range [A-Za-z0-9/] and substituting the first and second byte of the salt as appropriate.
One must keep in mind, though, the fact that such tripcodes are sometimes a pain to enter due to character set conversions and implementation differences, and when searching for a "safe" tripcode none of this applies. However, I would imagine using SJIS and so forth would make a tripcode much more secure, and it might be something to consider when looking for "vanity" tripcodes.
>>473
i've considered adding single-byte shift-jis characters to my tripcode searcher, but decided it's not worth the effort and added code complexity unless i'm going to replace the crypt() i'm using now with bitslice des code...
there's also the fact that certain characters get expanded into html entities, while their counterparts with the 8th bit set don't.
None of the characters that are expanded fall under the range of characters that wouldn't already produce a salt character of ".", and they can all be represented as characters with the high bit set with no change to the resulting crypt, so that's not a point that you really need to worry about, and really, doing those checks is just a waste of processor power.
Some equivalents:
# =
! =
< =
> =
& =
" =
' =
, = If your tripcode searcher checks all characters from 0x1 to 0x7f, and checks all applicable combinations for salt values, you're getting the complete range of possibilities, and with a bit of finagling, any tripcode it generates can be converted into a format acceptable for use on a board, without needing to do any complex and expensive html conversions.
>>475
but '&aaaaaaa' and 'aaaaaaa' produce different tripcodes. with '&aaaaaaa', '&aaa' gets passed to crypt, but 'aaaaaaa' the result is the same as if '&aaaaaaa' were passed to crypt. note that in this case it also changes the salt, in one it is 'am', and in the other it is 'aa'.
also, if you're printing to stdout, you need to convert to the appropriate character set before you print the tripcodes, which isn't necessary if you restrict it to just ascii. printing shift-jis to a utf-8 terminal is just plain broken.
>>476
You're thinking too hard about the wrong things. Of course they produce different tripcodes; if you're implementing the searcher you should be able to figure out how to deal with the characters it uses. Just change your &'s to and so forth.
Second, if you search all possible characters, or even random eight-character strings, you will eventually check the plaintext &aaa as well. And why worry about printing sjis and converting stuff? Just escape it and deal with it elsewhere. (i.e. after collecting the tripcodes) Figuring out how to get a tripcode key you can input into a textbox based on the data printed from a function such as this shouldn't be too difficult if you're familiar with how crypt works (which, considering you're even posting here, I would assume is the case :)
void print_key(char *k) {
while (*k) {
if (*k > 32 && *k < 127 && *k != '\\')
putchar(*k);
else
printf("\\x%02x", *k);
k++;
}
}Naturally if you were making a general-purpose tripcode searcher meant for mass consumption you would want to have some kind of "real" conversion -- and definitely use some sort of GUI rather than output to the terminal in the first place, because let's face it, terminal support for non-ASCII frankly sucks. (Especially when working with multiple OSes, and with different locales... and different terminal types... ugh.)
> And why worry about printing sjis and converting stuff? Just escape it and deal with it elsewhere. (i.e. after collecting the tripcodes) Figuring out how to get a tripcode key you can input into a textbox based on the data printed from a function such as this shouldn't be too difficult if you're familiar with how crypt works (which, considering you're even posting here, I would assume is the case :)
just because i know how to do it, doesn't mean i want to when i can have the computer do it for me. copying and pasting from a terminal is a lot easier than converting it myself.
> and definitely use some sort of GUI rather than output to the terminal in the first place, because let's face it, terminal support for non-ASCII frankly sucks.
terminal support for non-ascii on any modern operating system isn't too bad, and you can just disable any non-ascii stuff for windows builds.
> just because i know how to do it, doesn't mean i want to when i can have the computer do it for me.
Oh, I definitely agree there. But until spending the time getting a really nice implementation going, it kinda works. (I used that function to get this tripcode, incidentally.)
I would think Vista counts as a modern OS. :P (unless they finally updated the command prompt and I never heard about it?)
In any case a GUI is a much more flexible and friendly interface.
Most tripcode searchers have horrid UI. Typing big long regexes into a one-line textbox, or worse, onto the command line and having to be careful with all the special characters, is really not fun. It would be awesome to be able to have a list of "interesting" patterns, and be able to modify it on-the-fly while the searcher is running.
> I would think Vista counts as a modern OS. :P (unless they finally updated the command prompt and I never heard about it?)
IMO, proper unicode support is the only thing keeping it from being a modern OS. until they update the command prompt to support unicode and add proper unicode support to the GUI, windows will not be a modern OS.
> In any case a GUI is a much more flexible and friendly interface.
but cross-platform GUIs are a lot harder to get right than cross-platform non-ascii terminal support.
> or worse, onto the command line and having to be careful with all the special characters,
putting single quotes around the regex isn't really that hard.
> It would be awesome to be able to have a list of "interesting" patterns, and be able to modify it on-the-fly while the searcher is running.
that would be awesome... perhaps put the patterns into a text file and have the searcher reread the file if it receives a certain signal...
writing a GUI wrapper to a command-line program is just as easy as putting a GUI into the program itself, and doesn't require several hundred megabytes of libraries that would otherwise not be used at all on my quad-core server when i'm just going to be sending the results back to my desktop over an SSH connection. and you could even have functionality in the GUI to control multiple instances of the command-line program over SSH.
Windows doesn't have Unicode? Are you sure you're not using Win95 by accident?
I use a WinXP box to deal with both Japanese and Pashto text on a regular basis, and I have yet to come across any shortcomings aside from the command prompt. (Which I don't care about, since the GUI is developed well enough that I hardly ever need to touch it anyway.)
> putting single quotes around the regex isn't really that hard.
No, but it's annoying, and an extra step that shouldn't be necessary.
> but cross-platform GUIs are a lot harder to get right
HTML certainly isn't hard to get right cross-platform, and doesn't require a bunch of extra libraries on the server to implement a networked GUI -- just some way to serve the page to the client. You could implement the controller as a CGI script. If you want, you can add in secure connections, access control lists, etc. -- and, best of all, no ssh needed! (Doing work over a ssh connection outside my lan generally makes me want to beat myself with a hammer.)
Plus, it would be highly flexible: you could still wrap a fancy GUI around it if you were clever. It'd send POST data to the server (or if you had a multiple configuration, each server in the list) to update its search terms, and fetch new trips periodically.
(Tangentially, there are many cross-platform GUI libraries that are far lighter than "several hundred megabytes". I suspect you've mostly had experience with wxWidgets+gtk or something similar.)
Something else I have been considering the possibilities of is a Map/Reduce style-model -- it might be a good excuse for me to learn a bit about Hadoop...
> Windows doesn't have Unicode? Are you sure you're not using Win95 by accident?
have you ever tried using characters outside the BMP? only a few programs handle them correctly, due to the fact that microsoft seems to think that the BMP is all there is.
> HTML certainly isn't hard to get right cross-platform, and doesn't require a bunch of extra libraries on the server to implement a networked GUI -- just some way to serve the page to the client. You could implement the controller as a CGI script. If you want, you can add in secure connections, access control lists, etc. -- and, best of all, no ssh needed! (Doing work over a ssh connection outside my lan generally makes me want to beat myself with a hammer.)
> Plus, it would be highly flexible: you could still wrap a fancy GUI around it if you were clever. It'd send POST data to the server (or if you had a multiple configuration, each server in the list) to update its search terms, and fetch new trips periodically.
so instead of using SSH, you'd try to use HTTP to do what SSH was designed to do? and why use HTML? why not just serve the results as plain text and use javascript to insert them into an HTML document? that way if you do wrap a fancy GUI around it you don't need to have HTML parsing in your GUI.
>>483
You don't understand what I'm suggesting, and don't seem willing to either.
Shame, too; at first I'd thought you had some common sense.
Ive been running the japeneese tripcode program for 7+ hours?
how long does it take to find a 8 character, noncase sensitive tripcode?
2.4ghz dual core, so i dont think its a power restraint slowing it down...
>>485 it's a big keyspace. if you're trying to find something that long, be prepared to wait for a long time.
anysort of timeframe? hopefully in hours but any estimation would be nice ( its not actually my computer so its a friends their resources, about 50% of them)
>>487
it took me about two weeks to find a 7-character string on a ~1.7ghz ppc. of course that's apples and oranges, but it should give you a bit of a bearing.
>>489-495
please read the rules at the top of the page:
> This board is not for testing your tripcodes.
and you could have at least used sage.