Tripcode method? (47, permasaged)

1 Name: Albright!LC/IWhc3yc 2004-11-06 09:57 ID:IDrGM7oQ [Del]

I'm working on a little add-on to Wakaba that needs to peek into Wakaba's databases and count how many posts were made by a certain user. Any chance anyone who groks Perl could explain how Wakaba encodes tripcodes? (Pseudocode would work.) I'm a PHP nerd; Perl baffles me. I see "sub process_tripcode" on line 572, but I can't understand what it's doing.

TIA.

2 Name: h-cube!h3/bEAAN16!!gDWGntLS 2004-11-06 10:37 ID:wJMPhKwQ [Del]

I wrote a PHP function to generate old-style tripcodes; would that be helpful?

3 Name: hotaru!hoTarufiRE!!YMy/5ZNE 2004-11-06 11:41 ID:Ww16poYg [Del]

http://hotaru.freelinuxhost.com/trip.htm <-- javascript tripcodes (old-style only, the javascript md5 code i found is way too slow to really do anything useful)

4 Name: Albright!LC/IWhc3yc 2004-11-06 12:13 ID:IDrGM7oQ [Del]

Hmm... "old style?" Is there a new style? Clue me in...

>>2: Sure, I'd appreciate being able to check that out.

>>3: Ug, God, that's messy. Having to do things with huge hard-coded arrays full of values like that just doesn't seem natural to the way I code. Is that the only way, or is that some sort of workaround for JavaScript?

5 Name: Albright!LC/IWhc3yc 2004-11-06 12:15 ID:IDrGM7oQ [Del]

Hmm, seems like there's a WakabaMark parsing glitch in my above post. Scrolling through the board, I see glitches like that appearing elsewhere too.

6 Name: !WAHa.06x36 2004-11-06 15:19 ID:t1whw93A [Del]

"Old style" refers to the 2ch-style tripcodes that are in use on a wide variety of script, and is what most people use. The algorithm for these is sort of a mess. It is essentially a UNIX crypt() call, but with some weirdness to generate the needed salt value from the second and third characters of the tripcode string. (Using the second and third characters seems a bit like a mistake in the original algorithm, that was noticed too late for it to be changed.)

For closer details, I'd have to recommend looking at the wakaba source after all (since I can't recall the exact details right now). Note, however, that the wakaba source might not handle weird special cases quite correctly. The futallaby source has an implementation closer to the original, but that one is REALLY horrible to understand.

The Javascript one has such a big heap of weird code, because it has to include an implementation of the UNIX crypt() function. If you're coding in Perl or PHP, crypt() exists already so no need for that.

"New style" would be any of the secure tripcode implementations people have done. Wakaba has one, h-cube's ochiba has one, and Shii has one too I think. These are not standardized, because they don't really need to be. Essentially what they do is use a better hashing function than crypt(), such as MD5 or SHA1, and combine the trip input with a secret string, so that people who don't know the secret can't try and brute-force the tripcodes at home. These are not portable across sites like old-style codes are, even if the sites run the same script (unless they share the secret string).

7 Name: !WAHa.06x36 2004-11-06 15:23 ID:t1whw93A [Del]

Also, WakabaMark bug found and fixed.

8 Name: Albright!LC/IWhc3yc 2004-11-06 21:46 ID:JzZ8BmBA [Del]

>>6: I had forgotten about Futabally. I looked through the code and found it legible. (Lines 535-545 of imgboard.php.) I managed to knock together a quick script which works.

Regarding new-style tripcodes... Looking through this board, I'm seeing some folks have longer tripcodes with !! in them, like >>3. I'm assuming this is a "new style" tripcode?

I'm looking through "process_tripcode" again, and from what I saw in Futallaby and now knowing there are two tripcode methods, it's making a little more sense. I'm tripping over this, however;

if($trippart=~/^([^\#!])[\#!]+(.)$/)

Is this saying "if there are two pound signs with something after them?" So to trigger new-style tripcodes, you enter two pound signs instead of one? Just want to make sure I'm on the right track... again, TIA.

9 Name: Albright!LC/IWhc3yc 2004-11-06 21:51 ID:JzZ8BmBA [Del]

Oops. WakabaMark parsed that line of code I put in. :P I'm speaking of line 581.

10 Name: !WAHa.06x36 2004-11-06 22:12 ID:jyzpYeUw [Del]

Damn, I tried to make WakabaMark be smart about these things, but I don't think it'll ever handle regexps right... orz

I need to implement code blocks somehow, but I can't think of a properly elegant way to do it.

That regexp matches (and here I have to think for quite a bit, since regexps are write-only code) a string with no # or ! in it, followed by any number of # or !, and then an arbitary string. It finds the first and second part of the tripcode, essentially, as the secure tripcodes let you do "name#normaltrip#securetrip". To just use a secure one, you do "name##secure".

11 Name: Albright!LC/IWhc3yc 2004-11-07 10:02 ID:JzZ8BmBA [Del]

Thanks again. I think I'm on the right path, but there's a big huge ugly roadblock in the midst of that path; there doesn't seem to be a PHP equivalent to the "md5_base64" function you use. I can "md5" a string just fine, but that returns a value in hex as a string, and any method I've tried to convert it to base 64 doesn't seem to work. PHP does have a "base_convert" function, but that only works with bases up to 32... It also has a "base64_encode" function, but the problem with that is trying to tell it to encode the value of the string the "md5" function returns, not the string itself... I can't just "intval" the string, because that will always return the largest integer possible (214748364). GARARARAGAGAARRARRRRRR...

I'll keep working at it.

12 Name: Albright!LC/IWhc3yc 2004-11-07 10:52 ID:JzZ8BmBA [Del]

Okay, I figured out a way, but it's not ideal. Basically, I'm using PHP's "eval" function to run Perl from the command line and execute the "md5_base64"
call, then return the value to PHP. This is very hackish and will probably break on Winblows servers (oh shucky darn), but it works.

Thanks for your help, !WAHa.

13 Name: h-cube!h3/bEAAN16!!gDWGntLS 2004-11-07 13:03 ID:QrscatnQ [Del]

>I can "md5" a string just fine, but that returns a value in hex as a string

If you are using PHP>=5, you can add a "true" as the 2nd param to md5() to make it return a binary which can then be base64'd.

Otherwise, you can take the string that comes back and convert it to a binary manually before base64'ing it.

14 Name: h-cube!h3/bEAAN16!!gDWGntLS 2004-11-07 13:05 ID:QrscatnQ [Del]

$x = md5($s);
for($i=0;$i<32;$i+=2) {
$a = hexdec(substr($x,$i,2));
$bin .= chr($a);
}
$x = base64_encode($bin);

15 Name: Anonymous 2004-11-07 18:06 ID:Heaven [Del]

> I need to implement code blocks somehow, but I can't think of a properly elegant way to do it.

Allow [CODE][/CODE] tags which are automatically excluded from being parsed with Markup.

16 Name: !WAHa.06x36 2004-11-07 19:03 ID:Lt0R0FAw [Del]

That's nowhere near elegant!

My hate for BBcode burns with the fierce intensity of a million suns. The great thing about markdown, which I've tried to copy as faithfully as I can, is that it looks good even when it ISN'T parsed. You can publish a text written in markdown as a text-only document, and nobody will even notice. Similarly, if you write text in WakabaMark on a board that doesn't support it, it won't make you look like a retard, like BBcode does.

17 Name: Anonymous 2004-11-07 20:29 ID:Heaven [Del]

So basically you won't something shorter and less notable than [CODE][/CODE]?

Just take any of the more common special characters, like # or $.

18 Name: Albright!LC/IWhc3yc 2004-11-07 22:51 ID:xulp4INw [Del]

>>16: Perhaps do not parse all lines that begin with a space (and display them in monospaced font as well)? I believe Wikipedia does something similar to that.

>>14: I hate you. :P Good work. Using "chr" never occurred to me. One anomaly that I'm finding with that method is that the base 64 string always ends with "==" for some reason, but that's not much of an issue since we're only using the first eight characters of it anyway. Thank you.

$stuff=explode("#",$_GET['tc']);

...

$s=$secret.$stuff[2];
$x = md5($s);
for($i=0;$i<32;$i+=2) {
$a = hexdec(substr($x,$i,2));
$bin .= chr($a);
}
$x = base64_encode($bin);

$y=exec('perl -e \'use Digest::MD5 qw(md5_base64);print md5_base64("'.$secret.$stuff[2].'");\'');

echo $x." ".$y;

x8B08Fuu76D3Edrp1uMPwQ== x8B08Fuu76D3Edrp1uMPwQ

19 Name: Albright!LC/IWhc3yc 2004-11-07 23:03 ID:xulp4INw [Del]

Ah, and we can change that "for" clause to "for($i=0;$i<12;$i+=2)" and not have to "substr" the string later; that'll only spit out eight characters. Very cool.

20 Name: !WAHa.06x36 2004-11-08 15:20 ID:Heaven [Del]

>>18

Markdown turns any section of the text that is preceeded by four or more space as being code. I might steal that, except it's a bit of a pain to indent a larger section of code that way.

21 Name: h-cube!h3/bEAAN16!!gDWGntLS 2004-11-09 08:20 ID:ko1jH7rg [Del]

>Markdown turns any section of the text that is preceeded by four or more space as being code.

Cumbersome for nested stuff, no? What about tabs? And would you go to monospace font?

I know you don't like the bbcode idea, but as Anonymous mentioned, how about some less obtrusive marker, such as "---" or "###" on a single line, one to start and one to close. These will then get parsed out as <pre> and </pre>. Even if not "rendered", it's a meaningful visual marking.

22 Name: !WAHa.06x36 2004-11-09 13:32 ID:C3J4eSaA [Del]

Markdown actually uses "4 space or one tab". Of course, it's hard to enter tabs in a web form, but when you cut-and-paste, you get them.

Nested stuff is tricky. I've been thinking about that all day. As it is now, there's no nesting possible. I'd like to allow at least some nesting, though. I'll have to see what I can do about it all.

23 Name: Albright!LC/IWhc3yc 2004-12-25 04:09 ID:cqAFDNVk [Del]

Okay, so now that you've up and gone the tripcode methodage on me, I'm trying to figure out how to do this in PHP too. I found a PHP class that does RC4 ( http://sourceforge.net/projects/rc4crypt ), so I think I'm 75% of the way there, but there's still a bit in your code I can't decipher.

wakautils.pl line 365:

$trip=$tripkey.$tripkey.encode_base64(rc4(null_string(6),"t".$1.$secret),"");

Okay, but then... Line 487:

sub null_string($) { "\0"x(shift) }

I am guessing this line returns a string full of "\0"s of the length of the int passed to the function. Is this correct?

Your sub rc4 (line 701), I'm assuming, just does RC4 encoding like that PHP class does, using the first var passed as the key and the second as the message. It seems bizarre, then, that you'd use a null string as the key and put $secret in with the message... Is this what's going on here?

Going on these assumptions, I'm currently at the "this code should work, but it isn't" stage.

By the way, the "add-on" I mentioned in >>1 has already been released, but since its Wakaba support was "broken" soon after, I haven't mentioned it anywhere around here yet...

24 Name: !WAHa.06x36 2004-12-25 08:22 ID:wAFHOXaN [Del]

Right. A quick explanation of RC4 is in order first, I think.

RC4 is a stream cipher, which means that it works by taking a key, and generating a stream of random bytes. It then simply XORs the text to be encrypted with this stream. This means that encoding and decoding are the same operation. $ciphertext=rc4($message,$key) and $message=rc4($ciphertext,$key).

Now, I am not using it as a cipher at all, but as a one-way hash function. I do this by putting the data to be hashed in as the key, and using the stream of random bytes as the output.

Thus, what I do is: I construct the key as the letter "t", followed by the trip password, and finally appending the secret string. Thus, "t".$1.$secret. Then, I set the message to a string of 6 0-bytes. The null_string() function creates a string of n bytes, all zero. These 6 bytes, after encoding, are then base64-encoded and used as the tripcode.

Furthermore, for increased security, I discard the first 256 bytes of the RC4 stream. This is done transparently in the rc4() function, but you can also do it by simply running 256+6 bytes through the RC4 function, and using just the final 6 bytes.

25 Post deleted by moderator.

26 Name: Albright!LC/IWhc3yc 2005-02-05 17:54 ID:Heaven (Replies) [Del]

what

27 Post deleted by moderator.

28 Post deleted by moderator.

29 Post deleted by moderator.

30 Post deleted by moderator.

31 Post deleted by moderator.

32 Post deleted by moderator.

33 Post deleted by moderator.

34 Post deleted by moderator.

35 Name: KS Dev!aTripfagiw : 2011-07-12 16:31 ID:N5Jxq+tc [Del]

Test

36 Name: John : 2011-07-13 13:43 ID:uwxRX9wT [Del]

Whenever I access my kareha.pl file it just downloads it. :/
What do I do?

Permission is 755.

37 Name: Anonymous : 2011-07-15 12:27 ID:Heaven [Del]

>>36
Your server isn't set up to execute Perl files.

38 Name: )pMzS3J' : 2011-09-24 21:47 ID:HMeiByQI [Del]

,,,

39 Name: )pMzS3J' : 2011-09-24 21:48 ID:HMeiByQI [Del]

qwerty

40 Name: that guy!a2XZ7EBBSA : 2012-02-12 07:16 ID:giuLGZ0j [Del]

fd

41 Name: that guy!a2XZ7EBBSA : 2012-02-12 07:16 ID:giuLGZ0j [Del]

fd

42 Name: that guy!bcCXMznf6o : 2012-02-12 07:17 ID:giuLGZ0j [Del]

lets see...

43 Name: that guy!zwMvidrdKQ!!P/9J+zrt : 2012-02-12 07:18 ID:giuLGZ0j [Del]

mhmm

44 Name: that guy!vF2Sea6AZo : 2012-02-12 07:19 ID:giuLGZ0j [Del]

yeah man

45 Name: Anonymous : 2012-03-06 18:22 ID:B1dArO8t [Del]

gerger

46 Name: !bX4k8Yv25Q : 2013-07-18 11:02 ID:8lovCYkg [Del]

test

47 Name: Warframe : 2015-01-18 14:32 ID:Vkt+UikS (Image: 500x500 jpg, 43 kb) [Del]

src/1421620321203.jpg: 500x500, 43 kb

sup

Name: Link:
Leave these fields empty (spam trap):
More options...
Verification: