I've been tinkering with Python all day today... it's pretty slick. Just for practice, I tried to cobble together a tripcode decoder that would let you have "real" words in your tripcode as !WAHa and Sling and others do, and it actually came out better than I thought it would be. I'm aware there's already a program that does this, but if memory serves me, it's Windows-only and in Japanese besides. My script is kind of dumb in the way it goes about things -- it basically just tears through random strings until it finds one that fits -- but I've tested it repeatedly and it seems to work. If you'd like to check it out, nab it here:
http://www.anre.org/crap/detripper.bz2
Of course, you may need to modify the hashbang line depending on where Python is on your machine, and don't forget those execute bits, people... Use "-h" for help.
First person to ask how to get this to run on Windows gets pointed and laughed at.
>>4: Hmm... Can't seem to find anything that ties Py and UFC together. I'll keep looking into it, although, to tell the truth, I don't care that much. :P Again, this was just coding practice.
>hunter.apana.org.au/~cjb/Code/4tripper.c
...gives a syntax error when I try to compile it, both on Darwin and Ubuntu (Debian). Don't know enough about C to try to fix it...
Man, this thread got hit hard by 100webspace's strange hiccups today.
>First person to ask how to get this to run on Windows gets pointed and laughed at.
lol cygwin wins it
but i think i'll stick to using my perl script since it's much faster (my perl script found 4 tripcodes matching 'abc' in about 2 seconds, while your python script took about 11 seconds to find one and then about 26 seconds to find another one... and about 107 seconds for the third one...
Are you using the UFC wrapper for that?
>>16
i wasn't, but then i saw your post and decided to try it... now it works much faster...
http://hotaru.freelinuxhost.com/wu/src/trip.bz2 (with ufc wrapper)
http://hotaru.freelinuxhost.com/wu/src/trip.noufc.bz2 (without ufc wrapper)
Last login: Wed Nov 17 23:34:30 on ttyp1
Welcome to Darwin!
Twelve:~ Albright$ bunzip2 /Users/Albright/Desktop/trip.bz2
bunzip2: /Users/Albright/Desktop/trip.bz2 is not a bzip2 file.
Twelve:~ Albright$
By the way, again, I'm not trying to attest my script is anything near teh fast, but could you get faster results with it if you ran it with the Windows port of Python natively instead of using Cygwin?
Cygwin is just a POSIX implementation for Windows, so it doesn't really give any significant performance hit.
>>18
looks like the server is giving incorrect content-length headers again...
these should work:
http://hotaru.freelinuxhost.com/wu/src/trip
http://hotaru.freelinuxhost.com/wu/src/trip.noufc
Some ideas:
1) Allow '1337' substitution (o == O == 0, 5 == s == S, |=l=1 etc.)
2) Force unmatched characters to be alpha, alphanum, num, etc.
3) Match anywhere (not just beginning)
So you end up building a regex from the command line parameters, then compile it, then use it to pick out matches.
Or maybe you should just add a "user-supplied regex" command line option. XD
Some ideas:
1) Allow '1337' substitution (o == O == 0, 5 == s == S, |=l=1 etc.)
2) Force unmatched characters to be alpha, alphanum, num, etc.
3) Match anywhere (not just beginning)
So you end up building a regex from the command line parameters, then compile it, then use it to pick out matches.
Or maybe you should just add a "user-supplied regex" command line option. XD
>Or maybe you should just add a "user-supplied regex" command line option. XD
Are you talking to me, or hotaru? Hotaru's script does seem to support this. However, I haven't been able to test it, as I can't get the feckin' Crypt::Passwd module to install on my machine... seems to fail at the "make test" step. :(
I hate Perl. I really do. Do all you Perl folk also start your cars by turning a big crank in front of the engine? Bah...
Where's a link to an internet-based tripcode whatever thing? I want a cooler tripcode and can't be arsed installing Python (mainly because it hasn't finished downloading yet :/ ).
>>26 is not "internet-based", by the way, but it's a program you can run on your windows machine without any problems. It's in Japanese, but you do not have to know the language to play with it a little. After that you will understand how it works on your own pretty quickly.
i have a web-based script... http://hotaru.freelinuxhost.com/webtrip.txt
you'll have to find your own web server to run it on, tho
hotaru: I'm noticing that your script always tries strings that are exactly eight characters long. (Mine randomly builds strings between three and twelve characters long.) Was there any particular reason you chose eight? Have you ever come across a tripcode you tried to generate, but you couldn't find any string of exactly eight characters that would work?
If you're building strings of random lengths like that, you're going to test the same three-character codes a lot of times if you let it run for any length of time. Usually it's better to pick a fixed length. The length to pick depends on how specific a result you are looking for. A good rule of thumb is to use one or two characters more than the string length you are searching for. If you are using any more complex conditions for your search, it gets trickier, and you might need to either go through the combinatorial maths to figure out an optimal length, or just pick a sufficiently long one.
That code seems to require this code... http://astrange.ithinksw.net/tools/crypt.c
Even still, I kept getting errors about "error: `for' loop initial declaration used outside C99 mode". I had to tweak the code a bit...
http://www.anre.org/crap/tripper.c
But after all that, it worked... though I don't like how it counts matches in the middle or end of the hash (instead of the beginning) as a match. Thanks, anonymous... Why did you sage for that?
Hmm... Also, it seems to have a glitch where, when the string it's testing begins with a single quote ', all of the output hashes are the same... When searching for "dog"...
#'3/ !I5SZO7dog6
#'3/" !I5SZO7dog6
#'3/$ !I5SZO7dog6
#'3/% !I5SZO7dog6...etc...
#'=! !4e7lRoFDog
#'=!" !4e7lRoFDog
#'=!$ !4e7lRoFDog#'\I !tVdOGttIJU
#'\I" !tVdOGttIJU
#'\I$ !tVdOGttIJUand so on... I don't think ' is a valid character for tripcodes anyway, is it?
>>33
http://hotaru.freelinuxhost.com/trip.htm?'3/$
http://hotaru.freelinuxhost.com/trip.htm?'3/%
i'm pretty sure ' is a valid character for tripcodes... any character in the range ' ' to '~' except '#' and '!' should be valid... i'm not sure about characters lower than ' ' or higher than '~', tho...
i have a new version of my perl script now... it's at http://hotaru.freelinuxhost.com/trip.txt
quite a bit smaller and a little faster than before...
I have the coolest tripcode ever, now ;D
Someone using my software? Amazing!
>>33
This is a side-effect of a basic design flaw in tripcodes:
>>35
I've seen inputs for gimmick tripcodes on 2ch that used higher ASCII and ShiftJIS. I think any input is acceptable as long as you can send it in an HTML form and it doesn't trigger secure mode on Shiichan or Kareha.
Oh, yes, and compile with '-std=c99' to enable ISO C99 mode and have it actually work.
I used tripper+, that japanese one.
Doesn't seem to work. Bah
>>40
Secure tripcodes are generated differently, the whole point of them is to not be able to be brute-forced like that. Use a normal tripcode if you want a novelty one.
Technically, the whole point of them is to not be able to be brute-forced by other than the site owner. I could brute-force on haibane.info (lol), WAHa could do it here, WTSnacks or Lucid could on 4chan, etc.
As a matter of fact, I did brute-force myself a secure tripcode on iichan.
Incidentially, I process tripcodes before I do the (perl equivalent of) htmlspecialchars(). I must admit that I've forgotten what futaba does (which is the one I've copied), and I've never seen the original 2ch source.
I didn't check Futallaby, but Shiichan and 2ch itself do htmlspecialchars first. You can try it yourself by posting on 2ch (the English boards or News4VIP probably wouldn't notice) as #> or something along those lines.
Maybe I should change that, then.
Incidentially, you don't happen to have any idea where to get the 2ch source code?
I have no idea; I just verified by posting.
(Also, this would be a novelty tripcode "!FLYEt.NIEA" if htmlspecialchars() was run)
>>41
I guess I gotta change my normal tripcode then.
i just finished this...
http://hotaru.freelinuxhost.com/trip.zip
it's the first program i've ever written in c... the .exe requires cygwin1.dll to run...
I think the best way to go about this would be to follow RainbowCrack's example... generate every possible tripcode and store it in a database, and then search it. Since you know that 2ch-style tripcodes have to be eight characters or less, you can check every possibility.
I haven't checked how much disk space or CPU time that would take, though.
Using just A-Z, a-z, 0-9 and two more to pad out to 64 characters means (2^6)^8 = 2^48 tripcodes. Each one needs 12 bytes of storage if you sort them listed by hash (6 bytes if you keep them listed by password, but that makes for really slow searches), so 3072 terabytes. Using only lowercase a-z takes 2.3 terabytes, or a little bit less if you encode your data a bit more cleverly.
I think I'll just stick to brute-force, then. Maybe steal a faster crypt() from Jack The Ripper.
>>51
interesting idea...
i now have a list of all tripcodes 0-4 characters in length...
one file for each length... the one with the 4 character tripcodes took a little over an hour to generate on my 733mhz pentium 3 machine (using a perl script), and it takes about 5 minutes to grep the whole file...
I have a list of all tripcodes 0 characters in length too. I'll post it below:
How big is that four character file? Just curious.
the file of 0 character tripcodes has jPpg5.obl5 (the tripcode you get if you put # with nothing after it in the name field) in it...
the 4 character file is 1.16gb... 675mb when compressed with bzip2...
it probably could be a bit smaller if i listed them in a better format than hash = password
Incidentially, the 0-character tripcode is wrong in Wakaba and Kareha - it doesn't match the futaba one (haven't checked 2ch, though). The next release will update the tripcode code to fix this.
>>56: Oh, that's right... the script appends characters (".H" or something) to the end of codes before it hashes 'em... so a blank trip is never truly blank... My bad.
The funny thing is, the algorithm appends two characters ("H."), but then uses the second and third characters, thus making a zero-character tripcode technically invalid. Of course, it does generate SOMETHING anyway, and it appears this differs between languages due to different handling of strings, no doubt. Appending "H.." instead seems to get the same behaviour as the futaba script, at least.
It appends "H." to the salt, which is different behavior than doing it to the actual hash. Look at tripcode_2ch() in tripper.c; as far as I know, I get it right.
hmm... crypt("",".") in perl and crypt . "" both return "..Qfnkquv7jY2" (same as using ".\0" as the salt), unix_std_crypt("",".") (ufc crypt in perl) returns "..X8NBuQ4l6uQ" (same as using ".." for the salt), and openssl passwd -salt . "" returns ".AmEwFrvDWaHo" (same as using ".A" for the salt)...
"..X8NBuQ4l6uQ" is what Futaba uses. I just checked 2ch, and they don't allow 0-character trips. I changed the salt postfix string in the development versions of Wakaba and Kareha to "H.." to match the Futaba generator.
I just rewrote Shiichan's tripcoding algorithm after realizing what was so good about the name#trip#securetrip setup. I couldn't get zero-character tripcodes to work (mostly because I don't understand regexes well enough), so I've just banned them from use.
Can anyone shed a light on the differences between tripper and tripper+, or what the C, R, H and T checkboxes or second input box do?
I think C forces the tripcode you want to be case-sensitive
and H forces the expression you want to appear in it to be
at the beginning of the tripcode.
lol tripcodes
lol
That would've worked better if everyone's secure trip hadn't just changed.
Testing tripcode bug... this is #' and should NOT trigger secure trips, but does on shiichan4.
Like I thought. ' -> htmlspecialchars -> ' -> # triggers securetrips. Oh well, not high priority bug.
There's a lot of special characters that trigger secure trips, also on Kareha/Wakaba.
Second quote should be & #039;.
Probably only under Shift_JIS. Pretending Shift_JIS is ASCII leads to problems with the double-byte encodings. I'll try to work on a fix for that.
> Probably only under Shift_JIS
I think there have also been some under utf-8. I am going to screw around with that and report back later, though.
i set up a sandbox if anyone wants to test anything
configs are almost identical to the ones used in nubchan /b/
http://www.blackmage.org/bm/wakaba/sandbox/wakaba.html
feel free to spam with attempts to break anything
Oh, also, in Wakaba and Kareha you can avoid this by using "!" as the tripcode marker instead. "name!'" should not trigger secure trips.
Also also, it will be fixed in the next version.
I'm working on adding WAHa's RC4 tripcodes to my searcher. I've so far created something that runs and prints out some tripcodes (with -DWAKABARC4), but not the right ones. I'm sure I'll get to that eventually, though.
You can test it against http://paracelsus.hollosite.com/ - SECRET is "fuck" there.
At a quick glance, I'd say your problem is that you should be discarding the 256 first bytes of the RC4 output. The tripcode is generated from bytes 256-261.
> You can test it against http://paracelsus.hollosite.com/ - SECRET is "fuck" there.
http://paracelsus.hollosite.com/res/1295.html
shouldn't "##a" be "!!axTADlL+" if SECRET is "fuck"?
Like I thought, I screwed up a bunch of stuff in the rc4() function. I've updated that archive with one that actually works and comes with a build script.
./tripperc4 <search substring> <wakaba secret word>
hotaru@firefly> ./build.sh < ~/My Documents/trip/vacbob/tripper >
In file included from tripper.c:33:
crypt.c: In function `crypt':
crypt.c:519: error: `_PASSWORD_EFMT1' undeclared (first use in this function)
crypt.c:519: error: (Each undeclared identifier is reported only once
crypt.c:519: error: for each function it appears in.)
tripper.c: In function `testeverytripoflength':
tripper.c:180: warning: comparison between pointer and integer
tripper.c: In function `testeverytripoflength':
tripper.c:180: warning: comparison between pointer and integer
/cygdrive/c/DOCUME~1/hotaru/LOCALS~1/Temp/ccXQSSQZ.o(.text+0x59f):tripper.c: undefined reference to `_strcasestr'
collect2: ld returned 1 exit status
tripper.c: In function `testeverytripoflength':
tripper.c:180: warning: comparison between pointer and integer
/cygdrive/c/DOCUME~1/hotaru/LOCALS~1/Temp/cca0ySOr.o(.text+0x39a):tripper.c: undefined reference to `_strcasestr'
collect2: ld returned 1 exit statushotaru@firefly> _ < ~/My Documents/trip/vacbob/tripper >
Oh, that part of the code was relying on pwd.h defining _PASSWORD_EFMT1. I just removed that since 2ch trips never use extended crypt(); I reuploaded the archive.
What kind of gimped libc doesn't have strcasestr()? I don't know of any simple replacement for that, but changing CFLAGS to
CFLAGS="-O3 -DCASE_SENSITIVE"
will make it compile with strstr(), at least.
usage:
trip [-c] <regex>
triprc4 [-c] <SECRET> <regex>
tripsha1 [-c] <salt> <regex>
rc4crack attempts to brute force the SECRET string using a known secure tripcode... brute forcing a SECRET string longer than 4 characters would probably take longer than you would want to wait, though...
The (C) is indeed for case sensitive.
The first blank is to be filled with a string that should go at the BEGINNING of the tripcodes. Check the (H) box.
The second blank is to be filled with a string that should go at the END of the search (when the (T) box is checked).
For searches where string placement doesn't matter, either blank can be used. Don't use both blanks simultaneously unless at least one of the blanks underneath is checked.
As for the (R) checkbox, I can't figure out what it does. It seemed at first to limit the characters used for tripcodes, but that doesn't seem to be the case. Perhaps it just eliminates the extra features in order to speed up the search.
(R) sounds like (R)egexp.
Ha, you're right, WAHa. That would explain why searching with a period didn't necessarily find periods. :)
Also - the original "tripper" only searches the last 8 digits of tripcodes. tripper+ does 10-digit tripcodes that most boards use. That's the only difference.
I only discovered this after searching over 24 hours using tripper and then realizing that my tripcodes had two extra characters at the end. :P For instance, this tripcode shows as ".umfash." in tripper, but if it was found in tripper+, it would show the full "JW.umfash."
I simply changed my Wakaba implementation (which I love, by the way) to just use the last 8 characters because I didn't really feel like generating a new batch. ;)
Here's my take on a tripcode searcher:
http://elite-dot.8bit.co.uk/tcs.c
Should be quite fast as it keeps the salts for a while, which allows UFC-crypt to utilise it's optimisations better. No support for regexps or such fancy stuff, though.
I updated mine again; no extreme changes, but I removed almost all the pointless memcpy calls, so it's much faster.
>>96
Updated. Less waste of cycles, benchmark mode and logging of results.
>>96
it only finds tripcodes where the search string is at the beginning of the tripcode ;_;
>it keeps the salts for a while, which allows UFC-crypt to utilise it's optimisations better.
i thought of doing that, but never got around to it...
done: http://hotaru.freelinuxhost.com/fasttrip.tar.gz
also, 100GET!
>>96
Added optional case insensitive mode and optional searching of strings in the whole string.
test
another board bug.
tripcode passwords with # are allowed, ex:
lame#tes#tes
name lame, trip #tes#tes
(by proper 2ch)
if you're the developer of this software, after reading that reply all i have to say at this point is go fuck yourself.