I.D.s in Kusaba (24)

1 Name: Anonymous : 2011-10-16 22:20 ID:2V8Ja+P4 [Del]

Noticing that the ID number feature enabled on some Kusaba boards posts a six digit hex ID (which may as well be a 12 digit oct like an IP), I guess that it would be fairly easy to decrypt and ID to an IP, so I did a bit of research into how ID were created and found this to be quite true. Using what I learned (and 17 days of nice runtime) I was able to make a table of all IP=ID combos so now I can look up the IP of any post on an ID enabled Kusaba board.
I am I the first guy to do this?

2 Name: Anonymous : 2011-10-17 07:33 ID:Heaven [Del]

Wow WHAT?
WHAT?
I thought they would be randomly generated and then assigned to a user. WHY OH WHY would ANYONE actually make a real connection between someones IP and the poster code? WHY?
Tell the KusabaX and Anonsaba devs about this NOW!

>inb4 people start freaking out users of KusabaX/Anonsaba boards by "guessing" approximately where they live.

3 Name: Anonymous : 2011-10-17 09:04 ID:Heaven [Del]

Nope: http://pastie.org/private/fm1ddvzfegxhlmficwkbq
STI was way ahead of you.

4 Name: Anonymous : 2011-10-17 09:06 ID:Heaven [Del]

Also, Kusaba devs being idiots is nothing new.

5 Name: savetheinternet!yf7kimmo9k : 2011-10-17 14:17 ID:FKIx9Y8O [Del]

>>3
Before someone comments on how horrible this code is, it was written in 20 minutes to quickly test it.

More information about this issue: https://github.com/Laurelai/tsukiboards/issues/15

6 Name: Anonymous : 2011-10-17 19:46 ID:Heaven [Del]

>>2
But from what I know the ID is generated from the IP in 2ch. And Kareha too.
The thing is, it encrypts it, then does a base64 conversion, and then it truncates the result to 8 chars. The truncation is the key, you can't get the original IP this way.

7 Name: savetheinternet!yf7kimmo9k : 2011-10-18 14:35 ID:FKIx9Y8O [Del]

>>6
Well, you can, unless some sort of private salt is used. No matter what, if you're able to reproduce the algorithm you can create a rainbow table of all IPv4 addresses (2^32) and thus decrypt an ID. With an algorithm that produces an 8 character base32 string, there would be no collisions, so it would actually be easier.

8 Name: Anonymous : 2011-10-18 23:11 ID:j1wUbPwb [Del]

>>7
is your salt the number of times the string "jew" appears on the front page of /new/?
on a somewhat related note, you need to make one of these for .net:
http://animeholic.net/i/n/index.htm

9 Name: savetheinternet!yf7kimmo9k : 2011-10-19 00:00 ID:FKIx9Y8O [Del]

>>8
4chon doesn't have a salt; we don't use IDs (and the IDs in Tinyboard aren't vulnerable anyway).

Fuck off.

10 Name: Anonymous : 2011-10-20 05:42 ID:Heaven [Del]

>>6
Hunh. Didn't know that.
I still say it would just be a lot safer and easier to have them be randomly generated.

11 Name: Anonymous : 2011-10-20 17:39 ID:Wof0nH4+ [Del]

>>7
Yes, my bad; Kareha does use a secret salt.

12 Name: savetheinternet!yf7kimmo9k : 2011-11-03 16:03 ID:FKIx9Y8O [Del]

13 Name: Anonymous : 2011-11-04 02:11 ID:Heaven [Del]

>>12 Nice.

14 Name: Anonymous : 2011-11-09 18:16 ID:Heaven [Del]

this is all total bullshit, you can't reverse hack the ID's

15 Name: Anonymous : 2011-11-12 02:32 ID:Heaven [Del]

>>14
Oh, but you can. Did you even try reading the thread?

16 Name: savetheinternet!yf7kimmo9k : 2011-11-12 02:34 ID:FKIx9Y8O [Del]

17 Name: anonymous : 2011-11-14 03:09 ID:2xQeCwKi [Del]

>>1 And no your not the first guy to do this

18 Name: grumpy !!lZKXI3jf : 2011-11-24 05:32 ID:uVIanVWB [Del]

>>2
This "exploit" if you could even call it that. Has been patched in Anonsaba. Have fun getting Jewsaba to fix it.

19 Name: savetheinternet!yf7kimmo9k : 2011-11-25 03:42 ID:FKIx9Y8O [Del]

>>18
Isn't Anonsaba a derivative of ``Jewsaba''? And yes, it is an exploit.

20 Name: Gucci Outlet : 2012-08-16 12:12 ID:xH1/HDcA [Del]

21 Name: Louis Vuitton Handbags outlet : 2012-08-21 17:47 ID:E4mqdKt5 [Del]

http://www.louisvuittonhandbags-outlets.net/ Louis Vuitton Handbags outlet Louis Vuitton Handbags
http://www.getcoachfactoryoutlets.org/ Coach Factory outlet Coach Factory
http://www.atcoachoutletsonlines.com/ Coach Outlet Coach Outlet Online
http://www.pradabag-outlet.org/ prada outlet prada bags
http://www.saleincoachoutlets.net/ Coach Outlet Online Coach Outlet

22 Name: Gucci Outlet : 2012-08-24 05:38 ID:uCms0RfI [Del]

23 Name: Anonymous : 2014-01-13 15:31 ID:rmLrMl52 [Del]

>>17

>your

24 Name: Broadsidecomics : 2014-04-03 09:02 ID:DD5t0To/ [Del]

Broadsidecomics Furry Sex Porn Comics Site For Adult.
Enjoy my site.

Name: Link:
Leave these fields empty (spam trap):
More options...
Verification: