I've been tinkering with Python all day today... it's pretty slick. Just for practice, I tried to cobble together a tripcode decoder that would let you have "real" words in your tripcode as !WAHa and Sling and others do, and it actually came out better than I thought it would be. I'm aware there's already a program that does this, but if memory serves me, it's Windows-only and in Japanese besides. My script is kind of dumb in the way it goes about things -- it basically just tears through random strings until it finds one that fits -- but I've tested it repeatedly and it seems to work. If you'd like to check it out, nab it here:
http://www.anre.org/crap/detripper.bz2
Of course, you may need to modify the hashbang line depending on where Python is on your machine, and don't forget those execute bits, people... Use "-h" for help.
First person to ask how to get this to run on Windows gets pointed and laughed at.
If you just want to read the code without downloading and unpacking the file...
http://www.anre.org/crap/detripper
thanks!
What you live or die by when doing this is the speed of your crypt() implementation. The default ones are often horribly slow. If you're only doing 4000 crypts per second, you'll have to wait a long time for those codes. Tripper+ uses the UFC crypt() implementation, and it pushes about 64000 crypts per second per gigahertz on an Athlon processor. I've used some assembly-optimized crypt() code from John the Ripper to get up to 110000 crypts per second per gigahertz.
I don't know how hard it is to interface those from Python, though. I see there's a Perl wrapper for the UFC code, so maybe somebody made one for Python, too.
>>4: Hmm... Can't seem to find anything that ties Py and UFC together. I'll keep looking into it, although, to tell the truth, I don't care that much. :P Again, this was just coding practice.
>hunter.apana.org.au/~cjb/Code/4tripper.c
...gives a syntax error when I try to compile it, both on Darwin and Ubuntu (Debian). Don't know enough about C to try to fix it...
Man, this thread got hit hard by 100webspace's strange hiccups today.
>First person to ask how to get this to run on Windows gets pointed and laughed at.
lol cygwin wins it
but i think i'll stick to using my perl script since it's much faster (my perl script found 4 tripcodes matching 'abc' in about 2 seconds, while your python script took about 11 seconds to find one and then about 26 seconds to find another one... and about 107 seconds for the third one...
Are you using the UFC wrapper for that?
>>16
i wasn't, but then i saw your post and decided to try it... now it works much faster...
http://hotaru.freelinuxhost.com/wu/src/trip.bz2 (with ufc wrapper)
http://hotaru.freelinuxhost.com/wu/src/trip.noufc.bz2 (without ufc wrapper)
Last login: Wed Nov 17 23:34:30 on ttyp1
Welcome to Darwin!
Twelve:~ Albright$ bunzip2 /Users/Albright/Desktop/trip.bz2
bunzip2: /Users/Albright/Desktop/trip.bz2 is not a bzip2 file.
Twelve:~ Albright$
By the way, again, I'm not trying to attest my script is anything near teh fast, but could you get faster results with it if you ran it with the Windows port of Python natively instead of using Cygwin?
Cygwin is just a POSIX implementation for Windows, so it doesn't really give any significant performance hit.
>>18
looks like the server is giving incorrect content-length headers again...
these should work:
http://hotaru.freelinuxhost.com/wu/src/trip
http://hotaru.freelinuxhost.com/wu/src/trip.noufc
Some ideas:
1) Allow '1337' substitution (o == O == 0, 5 == s == S, |=l=1 etc.)
2) Force unmatched characters to be alpha, alphanum, num, etc.
3) Match anywhere (not just beginning)
So you end up building a regex from the command line parameters, then compile it, then use it to pick out matches.
Or maybe you should just add a "user-supplied regex" command line option. XD
Some ideas:
1) Allow '1337' substitution (o == O == 0, 5 == s == S, |=l=1 etc.)
2) Force unmatched characters to be alpha, alphanum, num, etc.
3) Match anywhere (not just beginning)
So you end up building a regex from the command line parameters, then compile it, then use it to pick out matches.
Or maybe you should just add a "user-supplied regex" command line option. XD
>Or maybe you should just add a "user-supplied regex" command line option. XD
Are you talking to me, or hotaru? Hotaru's script does seem to support this. However, I haven't been able to test it, as I can't get the feckin' Crypt::Passwd module to install on my machine... seems to fail at the "make test" step. :(
I hate Perl. I really do. Do all you Perl folk also start your cars by turning a big crank in front of the engine? Bah...
Where's a link to an internet-based tripcode whatever thing? I want a cooler tripcode and can't be arsed installing Python (mainly because it hasn't finished downloading yet :/ ).
>>26 is not "internet-based", by the way, but it's a program you can run on your windows machine without any problems. It's in Japanese, but you do not have to know the language to play with it a little. After that you will understand how it works on your own pretty quickly.
i have a web-based script... http://hotaru.freelinuxhost.com/webtrip.txt
you'll have to find your own web server to run it on, tho
hotaru: I'm noticing that your script always tries strings that are exactly eight characters long. (Mine randomly builds strings between three and twelve characters long.) Was there any particular reason you chose eight? Have you ever come across a tripcode you tried to generate, but you couldn't find any string of exactly eight characters that would work?
If you're building strings of random lengths like that, you're going to test the same three-character codes a lot of times if you let it run for any length of time. Usually it's better to pick a fixed length. The length to pick depends on how specific a result you are looking for. A good rule of thumb is to use one or two characters more than the string length you are searching for. If you are using any more complex conditions for your search, it gets trickier, and you might need to either go through the combinatorial maths to figure out an optimal length, or just pick a sufficiently long one.
That code seems to require this code... http://astrange.ithinksw.net/tools/crypt.c
Even still, I kept getting errors about "error: `for' loop initial declaration used outside C99 mode". I had to tweak the code a bit...
http://www.anre.org/crap/tripper.c
But after all that, it worked... though I don't like how it counts matches in the middle or end of the hash (instead of the beginning) as a match. Thanks, anonymous... Why did you sage for that?
Hmm... Also, it seems to have a glitch where, when the string it's testing begins with a single quote ', all of the output hashes are the same... When searching for "dog"...
#'3/ !I5SZO7dog6
#'3/" !I5SZO7dog6
#'3/$ !I5SZO7dog6
#'3/% !I5SZO7dog6...etc...
#'=! !4e7lRoFDog
#'=!" !4e7lRoFDog
#'=!$ !4e7lRoFDog#'\I !tVdOGttIJU
#'\I" !tVdOGttIJU
#'\I$ !tVdOGttIJUand so on... I don't think ' is a valid character for tripcodes anyway, is it?
>>33
http://hotaru.freelinuxhost.com/trip.htm?'3/$
http://hotaru.freelinuxhost.com/trip.htm?'3/%
i'm pretty sure ' is a valid character for tripcodes... any character in the range ' ' to '~' except '#' and '!' should be valid... i'm not sure about characters lower than ' ' or higher than '~', tho...
i have a new version of my perl script now... it's at http://hotaru.freelinuxhost.com/trip.txt
quite a bit smaller and a little faster than before...
I have the coolest tripcode ever, now ;D
Someone using my software? Amazing!
>>33
This is a side-effect of a basic design flaw in tripcodes:
>>35
I've seen inputs for gimmick tripcodes on 2ch that used higher ASCII and ShiftJIS. I think any input is acceptable as long as you can send it in an HTML form and it doesn't trigger secure mode on Shiichan or Kareha.
Oh, yes, and compile with '-std=c99' to enable ISO C99 mode and have it actually work.
I used tripper+, that japanese one.
Doesn't seem to work. Bah
>>40
Secure tripcodes are generated differently, the whole point of them is to not be able to be brute-forced like that. Use a normal tripcode if you want a novelty one.
Technically, the whole point of them is to not be able to be brute-forced by other than the site owner. I could brute-force on haibane.info (lol), WAHa could do it here, WTSnacks or Lucid could on 4chan, etc.
As a matter of fact, I did brute-force myself a secure tripcode on iichan.
Incidentially, I process tripcodes before I do the (perl equivalent of) htmlspecialchars(). I must admit that I've forgotten what futaba does (which is the one I've copied), and I've never seen the original 2ch source.
I didn't check Futallaby, but Shiichan and 2ch itself do htmlspecialchars first. You can try it yourself by posting on 2ch (the English boards or News4VIP probably wouldn't notice) as #> or something along those lines.
Maybe I should change that, then.
Incidentially, you don't happen to have any idea where to get the 2ch source code?
I have no idea; I just verified by posting.
(Also, this would be a novelty tripcode "!FLYEt.NIEA" if htmlspecialchars() was run)
>>41
I guess I gotta change my normal tripcode then.
i just finished this...
http://hotaru.freelinuxhost.com/trip.zip
it's the first program i've ever written in c... the .exe requires cygwin1.dll to run...
I think the best way to go about this would be to follow RainbowCrack's example... generate every possible tripcode and store it in a database, and then search it. Since you know that 2ch-style tripcodes have to be eight characters or less, you can check every possibility.
I haven't checked how much disk space or CPU time that would take, though.
Using just A-Z, a-z, 0-9 and two more to pad out to 64 characters means (2^6)^8 = 2^48 tripcodes. Each one needs 12 bytes of storage if you sort them listed by hash (6 bytes if you keep them listed by password, but that makes for really slow searches), so 3072 terabytes. Using only lowercase a-z takes 2.3 terabytes, or a little bit less if you encode your data a bit more cleverly.
I think I'll just stick to brute-force, then. Maybe steal a faster crypt() from Jack The Ripper.
>>51
interesting idea...
i now have a list of all tripcodes 0-4 characters in length...
one file for each length... the one with the 4 character tripcodes took a little over an hour to generate on my 733mhz pentium 3 machine (using a perl script), and it takes about 5 minutes to grep the whole file...
I have a list of all tripcodes 0 characters in length too. I'll post it below:
How big is that four character file? Just curious.
the file of 0 character tripcodes has jPpg5.obl5 (the tripcode you get if you put # with nothing after it in the name field) in it...
the 4 character file is 1.16gb... 675mb when compressed with bzip2...
it probably could be a bit smaller if i listed them in a better format than hash = password
Incidentially, the 0-character tripcode is wrong in Wakaba and Kareha - it doesn't match the futaba one (haven't checked 2ch, though). The next release will update the tripcode code to fix this.
>>56: Oh, that's right... the script appends characters (".H" or something) to the end of codes before it hashes 'em... so a blank trip is never truly blank... My bad.
The funny thing is, the algorithm appends two characters ("H."), but then uses the second and third characters, thus making a zero-character tripcode technically invalid. Of course, it does generate SOMETHING anyway, and it appears this differs between languages due to different handling of strings, no doubt. Appending "H.." instead seems to get the same behaviour as the futaba script, at least.
It appends "H." to the salt, which is different behavior than doing it to the actual hash. Look at tripcode_2ch() in tripper.c; as far as I know, I get it right.
hmm... crypt("",".") in perl and crypt . "" both return "..Qfnkquv7jY2" (same as using ".\0" as the salt), unix_std_crypt("",".") (ufc crypt in perl) returns "..X8NBuQ4l6uQ" (same as using ".." for the salt), and openssl passwd -salt . "" returns ".AmEwFrvDWaHo" (same as using ".A" for the salt)...
"..X8NBuQ4l6uQ" is what Futaba uses. I just checked 2ch, and they don't allow 0-character trips. I changed the salt postfix string in the development versions of Wakaba and Kareha to "H.." to match the Futaba generator.
I just rewrote Shiichan's tripcoding algorithm after realizing what was so good about the name#trip#securetrip setup. I couldn't get zero-character tripcodes to work (mostly because I don't understand regexes well enough), so I've just banned them from use.
Can anyone shed a light on the differences between tripper and tripper+, or what the C, R, H and T checkboxes or second input box do?
I think C forces the tripcode you want to be case-sensitive
and H forces the expression you want to appear in it to be
at the beginning of the tripcode.
lol tripcodes
lol
That would've worked better if everyone's secure trip hadn't just changed.
Testing tripcode bug... this is #' and should NOT trigger secure trips, but does on shiichan4.
Like I thought. ' -> htmlspecialchars -> ' -> # triggers securetrips. Oh well, not high priority bug.
There's a lot of special characters that trigger secure trips, also on Kareha/Wakaba.
Second quote should be & #039;.
Probably only under Shift_JIS. Pretending Shift_JIS is ASCII leads to problems with the double-byte encodings. I'll try to work on a fix for that.
> Probably only under Shift_JIS
I think there have also been some under utf-8. I am going to screw around with that and report back later, though.
i set up a sandbox if anyone wants to test anything
configs are almost identical to the ones used in nubchan /b/
http://www.blackmage.org/bm/wakaba/sandbox/wakaba.html
feel free to spam with attempts to break anything
Oh, also, in Wakaba and Kareha you can avoid this by using "!" as the tripcode marker instead. "name!'" should not trigger secure trips.
Also also, it will be fixed in the next version.
I'm working on adding WAHa's RC4 tripcodes to my searcher. I've so far created something that runs and prints out some tripcodes (with -DWAKABARC4), but not the right ones. I'm sure I'll get to that eventually, though.
You can test it against http://paracelsus.hollosite.com/ - SECRET is "fuck" there.
At a quick glance, I'd say your problem is that you should be discarding the 256 first bytes of the RC4 output. The tripcode is generated from bytes 256-261.
> You can test it against http://paracelsus.hollosite.com/ - SECRET is "fuck" there.
http://paracelsus.hollosite.com/res/1295.html
shouldn't "##a" be "!!axTADlL+" if SECRET is "fuck"?
Like I thought, I screwed up a bunch of stuff in the rc4() function. I've updated that archive with one that actually works and comes with a build script.
./tripperc4 <search substring> <wakaba secret word>
hotaru@firefly> ./build.sh < ~/My Documents/trip/vacbob/tripper >
In file included from tripper.c:33:
crypt.c: In function `crypt':
crypt.c:519: error: `_PASSWORD_EFMT1' undeclared (first use in this function)
crypt.c:519: error: (Each undeclared identifier is reported only once
crypt.c:519: error: for each function it appears in.)
tripper.c: In function `testeverytripoflength':
tripper.c:180: warning: comparison between pointer and integer
tripper.c: In function `testeverytripoflength':
tripper.c:180: warning: comparison between pointer and integer
/cygdrive/c/DOCUME~1/hotaru/LOCALS~1/Temp/ccXQSSQZ.o(.text+0x59f):tripper.c: undefined reference to `_strcasestr'
collect2: ld returned 1 exit status
tripper.c: In function `testeverytripoflength':
tripper.c:180: warning: comparison between pointer and integer
/cygdrive/c/DOCUME~1/hotaru/LOCALS~1/Temp/cca0ySOr.o(.text+0x39a):tripper.c: undefined reference to `_strcasestr'
collect2: ld returned 1 exit statushotaru@firefly> _ < ~/My Documents/trip/vacbob/tripper >
Oh, that part of the code was relying on pwd.h defining _PASSWORD_EFMT1. I just removed that since 2ch trips never use extended crypt(); I reuploaded the archive.
What kind of gimped libc doesn't have strcasestr()? I don't know of any simple replacement for that, but changing CFLAGS to
CFLAGS="-O3 -DCASE_SENSITIVE"
will make it compile with strstr(), at least.
usage:
trip [-c] <regex>
triprc4 [-c] <SECRET> <regex>
tripsha1 [-c] <salt> <regex>
rc4crack attempts to brute force the SECRET string using a known secure tripcode... brute forcing a SECRET string longer than 4 characters would probably take longer than you would want to wait, though...
The (C) is indeed for case sensitive.
The first blank is to be filled with a string that should go at the BEGINNING of the tripcodes. Check the (H) box.
The second blank is to be filled with a string that should go at the END of the search (when the (T) box is checked).
For searches where string placement doesn't matter, either blank can be used. Don't use both blanks simultaneously unless at least one of the blanks underneath is checked.
As for the (R) checkbox, I can't figure out what it does. It seemed at first to limit the characters used for tripcodes, but that doesn't seem to be the case. Perhaps it just eliminates the extra features in order to speed up the search.
(R) sounds like (R)egexp.
Ha, you're right, WAHa. That would explain why searching with a period didn't necessarily find periods. :)
Also - the original "tripper" only searches the last 8 digits of tripcodes. tripper+ does 10-digit tripcodes that most boards use. That's the only difference.
I only discovered this after searching over 24 hours using tripper and then realizing that my tripcodes had two extra characters at the end. :P For instance, this tripcode shows as ".umfash." in tripper, but if it was found in tripper+, it would show the full "JW.umfash."
I simply changed my Wakaba implementation (which I love, by the way) to just use the last 8 characters because I didn't really feel like generating a new batch. ;)
Here's my take on a tripcode searcher:
http://elite-dot.8bit.co.uk/tcs.c
Should be quite fast as it keeps the salts for a while, which allows UFC-crypt to utilise it's optimisations better. No support for regexps or such fancy stuff, though.
I updated mine again; no extreme changes, but I removed almost all the pointless memcpy calls, so it's much faster.
>>96
Updated. Less waste of cycles, benchmark mode and logging of results.
>>96
it only finds tripcodes where the search string is at the beginning of the tripcode ;_;
>it keeps the salts for a while, which allows UFC-crypt to utilise it's optimisations better.
i thought of doing that, but never got around to it...
done: http://hotaru.freelinuxhost.com/fasttrip.tar.gz
also, 100GET!
>>96
Added optional case insensitive mode and optional searching of strings in the whole string.
test
another board bug.
tripcode passwords with # are allowed, ex:
lame#tes#tes
name lame, trip #tes#tes
(by proper 2ch)
if you're the developer of this software, after reading that reply all i have to say at this point is go fuck yourself.
>>104
lol my tripcode password is '####' and it works here...
I saw you complaining on 4chan, and now you're complaining in here. Nobody cares that your customized hyper-special customized tripcodes don't work right, as secure tripcodes are in fact a useful feature.
hint: !
itt you have a stupid tripcode
sup
lol, fag.
see the difference is it works on 2ch, so i kind of expect it to work here too.
Well since you articulate your sentiments so eloquently, let me just remove this feature that people enjoy and use so you can think you're on another site, how about that?
the fuck what?
Not too bright, are you? Now get the fuck out of this thread already.
By request, I wrote a dictionary generator. It needs a system with fgetln(), though. Porting to glibc and getline() wouldn't be too hard, but I'm not interested enough.
Same URL as always.
>>116 typical whiteboy nerd pretending to be a jap while masturbating to shitty anime.
Oh come on, that's pathetic. Surely you can do better than THAT. Try again.
oh timecop-chan -_-
ID:gLTSfIiG
Does anyone think getting Tripper+ translated into English would be useful? 'Cause I'm working on it some, though I don't know any Japanese.
>Name: !WAHa.06x36 2004-11-15 14:22
>I've used some assembly-optimized crypt() code from John the Ripper to get up to 110000 crypts per second per gigahertz.
out of curiosity, was that in a "finding a cute tripstring" (wild discovery) or a "breaking some trips" (targeted discovery) context?
also, was it with the "normal" or the "bitslice" code from john?
and, was it done by cramming a tripcode-format specification into john, or by transplanting john crypto into a tripcode-specific framework?
I'm not too familiar with what the "bitslice" and "normal" code is. What I did was take the version of the DES code that generates results that are padded and out-of-order, and transformed those back to the normal format in base64, and used that to make a small utility that searched for specific substrings and output them. Even with the overhead of the conversion, it was nearly twice the speed of any other DES code. If I was trying to crack specific tripcodes, I could do the conversion in the other direction just once and make it even faster, but I didn't find that very interesting.
So, wild discovery, and using the john code in my own program.
>>126
ah, interesting.
that sounds very much like you used the bitslice code, the output is 64bit binary there, does not include the salt, and it looked like converting it back would be possible.
"bitslicing" is class III vooodoo that treats one N-bit CPU like N 1-bit CPUs. john has a (already somewhat optimized) "normal" DES implemtation (that generates 128bit output with the salt mangeled in), and a even more insane bitslice one that does 32 or 64 crypt()-like operations "in parallel".
some stats, 1GHz athlon, custom framework (based on 4brute.c) doing targeted discovery on about 4k targets, kcps == kilo crypt()-equivalent-operations per second, including comparison, and measured against process user-time (not wallclock. so its equivalent to johns "virtual" rate.):
'John 1.6.38 / 64/64 BS MMX' => 279kcps (this is the "bitslice" version)
'OpenSSL 0.9.7e 25 Oct 2004' => 71kcps
'John 1.6.38 / 48/64 4K MMX' => 64kcps (this is the "normal" one)
'UFC-crypt 1c, 1.9 03/02/92' => 37kcps
'glibc2.3.4 slackware crypt' => 30kcps
this session taught me some things i didnt really expect:
1) forget ufc-crypt unless you have prehistoric hardware.
2) openssl fcrypt() is a very good starting point.
3) at 279kcps, the framework spends 10-15% of the cputime on generating the next input plaintext and comparing output against targets. and that is after some serious optimization in those areas. was more like 60% before that.
How were you choosing the salt on those? Some algorithms take a big performance hit every time you change the salt, so to get them to perform well, you want to arrange your lookups to do many lookups with the same salt in a row.
for the bitslice code to be really useful i had to run it on N sets with the same salt at once, which in case of the odd "salt derived from plaintext" tripcodes made me buffer up candidate-plaintexts mapping to the same salt, only activating the real backend when a salt-bank is full.
in case of john-bitslice the banksize is 64 (didnt have much choice there), for all other backends i was using 128 (thats the "max keys per crypt" johns non-bitslice des code was using).
(exception to the "only fire full banks" is the "endgame" phase when the plaintext-generator says "i am done" and there are partially full banks to purge, but that is pretty much irrelevant for the total performance on a run of several Mcrypt().)
as a sidenote, openssl performance seem to be the same even with not-sorted-by-salt use, but i guess it just initializes by salt every time, even if you pass it the same one again on next call.
Searching through: 0123456789abcdef
Number of users scanned: 4129
...
Exiting after 4581298448 crypt, 35442 inner, 71582993 salts, 22 found
'John 1.6.38 / 64/64 BS MMX' => Real: 26626s, 172kcps
'John 1.6.38 / 64/64 BS MMX' => Virt: 18416s, 248kcps
that was on a duron900 that does a lot of other things all the time.
4.3 Gcrypt run through the bitslice code, changing salts 68M times.
35442 fcrypt() run through openssl in response to the john-crypt giving a 29bit confidence match, 22 actually were full matches.
35420 openssl fcrypt() "wasted" sounds like much, until you realize its (even assuming a worst-case with some swapping) still less than 2 seconds total on a 7hour+ run, so i dont give a damn.
68M salt-changes also sounds like much, but profiling said its responsible for less than 3% of the cpuload, so again i dont give a damn.
so, i couldnt help myself and wasted even more time on it.
here some more highly unrepresentative stats of different systems, all using the john-bitslice code:
Penti-M 1600MHz 1024kB 526kcps 328cpspMHz
Duron 895MHz 64kB 248kcps 277cpspMHz
Athlon 1009MHz 256kB 279kcps 276cpspMHz
Pentium 233MHz 52kcps 223cpspMHz
Penti-4 2000MHz 512kB 406kcps 203cpspMHz
Celeron 2400MHz 256kB 436kcps 181cpspMHz
3rd column is second level cache size.
4th is raw "kilo-crypt() per second", virtual.
5th is "crypt() per second per MHz"
the insanely high score of the Pentium M, and the insanely low ones for the Pentium4 and P4Celeron indicate that version of the code was working on data-sets between 512kB and 1MB.
the Duron with the tiny cache scoring second seemed odd, but if i am trashing through the whole cache anyways, second-most-important feature is ram speed, and that machine is using dual-port DDR.
the pentium 233 using johnbs pushing almost twice the crypt()s the athlon1000 did with UFC amused me. unless i was using some kind of "wrong (version of) UFC", it seems that optimizations done 13+ years ago do not consider modern hardware. shocking.
(so unless you are running a cracking cluster with 15 year old RISC machines, dont bother with UFC)
did some improvements in the comparison framework to reduce the activity-relevant ramsize, in particular some lookup tables where i traded ram for speed earlier, got me another 10% or so, depending on the cachesize. trying this on the 512kB machine is still pending, this will be most interesting, i dont think i got it small enough for the 256kB cache to be enough. (thats where i am seeing 5-10% improvement, depending on how many targets i feed it.)
regarding dictionary generators, i found there is little need to write any, since john has a -stdout option. very handy.
even without any wordlists, just using character-probability/distribution lists and making up words, this is far more effective than the raw bruteforce tries 4brute implements.
the benchmarking-list is about 6800 tripcodes grabbed from various boards, and using "john -i -stdout | 4brute-johnbs -i", 1GHz of cpu find solutions for more than 1000 of those within a minute.
but to not just be a smelly-creepy cracker, i did some work in the direction of wild-discovery ("searching for cute tripcodes"), but without reversing the output of johns code. example, i want to find something beginning with a certain 4-5 char prefix, like /^waha\W/i ... which is just 32 different prefixes after all, upper-and-lowercase combinations for the four letters plus . or / behind it. at the same time, those 5 chars are 30bit worth of target, 5bit (32 strings) of which are considered "hits". so, i mongled the matching code in a way that allows it to just match prefixes, and handed it a list of those 32 possible prefixes i might like as targets. plus "random starting point of 8 char length" as input.
assuming an even distribution, the 30-5 bit suggest i should find a solution about every 33.5 million attempts. here output from a run of ~350 Million tries:
4brute using 'John 1.6.38 / 64/64 BS MMX'
Starting search from "sG+ym_8u"
Limit set to: 350000000
Searching through (randomised): ucWZXdw(P]Eb2gC_I7[/Q3MFKS$G`N}yql0jTm!Yz +UJa#5r89eh*D-:Ais)fOHtBRpvL.1x{k6V4no
Number of users scanned: 32
"WahA.DY8KI" == Gx "3Gxwm_8u" for WahA.aaaaa
"wAha.RNmpE" == .. "_}!Qu_8u" for wAha.aaaaa
"WaHA/D5Jq." == cY "j]Y0u_8u" for WaHA/aaaaa
"wAHA/GeRU." == R8 "NR8vu_8u" for wAHA/aaaaa
"WahA.7NzhI" == 9d "w9d{u_8u" for WahA.aaaaa
"WaHA/GE/Ng" == MU "hMU3c_8u" for WaHA/aaaaa
"WAhA.S/aOs" == bO "AbOac_8u" for WAhA.aaaaa
"wAHa/HPJco" == GC "KGC8c_8u" for wAHa/aaaaa
"WAhA.EyH8c" == l2 "ll2jX_8u" for WAhA.aaaaa
"WAhA/5Fmuw" == hC "+hCWd_8u" for WAhA/aaaaa
"Waha.D1AzY" == .M "G-MWd_8u" for Waha.aaaaa
"WAhA.2piT6" == K9 "LK9_d_8u" for WAhA.aaaaa
"WaHa/0qPHI" == xl "hxl7w_8u" for WaHa/aaaaa
"wAHA.jhgAw" == .x "x-xF(_8u" for wAHA.aaaaa
Exiting after 350059520 crypt, 14 inner, 4267664 salts, 14 found
'John 1.6.38 / 64/64 BS MMX' => Real: 1513s, 231kcps
'John 1.6.38 / 64/64 BS MMX' => Virt: 1308s, 267kcps
so, 25 minutes for finding 14 solutions. the 14 here is above average, i had other runs that coughed up only 8 hits in 350M tries. this run was on my trusty duron900 again, and as the difference between the "real" and "virtual" time indicates, 4brute only got about 85% of the cpu during the time.
I am your arch nemesis!
I updated my code again, now it compiles on Cygwin because I wrote my own strcasestr()!
In the process, I discovered a gcc optimization bug, but it doesn't cause miscompilation so it's not that bad.
Also, I think that at one point I tried dropping in hotaru's ufcrypt to replace the rather slow one I'm using, and it gave different (wrong) results for some tripcodes.
i've been playing around with the bitslice code from john the ripper... and i'm wondering... how the heck do i get a normal hash out of it? i see DES_bs_get_hash() returns an int, and i'm guessing i probably want to do something with that, but i have no idea what...
What John does is take a hash, and turn it into a bitslice, and then compares the bitslices. That's the faster way, but for searching for strings in tripcodes, you need the hash. What you do is take the algorithm for changing a hash to a bitslice and invert it.
>take the algorithm for changing a hash to a bitslice and invert it.
i don't think i can do that...
i updated mine...
i fixed it so it doesn't crash after a few minutes of searching now... and i made some other changes... i tried dropping in openssl's fcrypt(), but it gave wrong results and i don't really feel like trying to figure out what's wrong with it right now, so i'm still using ufc-crypt...
same url as before...
>>127
Can you please provide source code for your test application?
Anders
>>138
hotaru, your site doesn't work, can you put your code on another host or email it to me ([email protected]) ?
anders
>>138
Actually, the site does work, just not the .tar.gz links... If you can make these available somehow I'd be glad.
Anders
How do I get this to run on Windows? It's not working.
I'd really rather people did not link to programs for doing cracking of actual tripcodes. It's a fun academic exercise, but there's no legitimate use for those.
i didn't figure out how to use john's crypt(), tried linking the object with my code then changing the calls...
anyone who got 4brute.c compiling btw?
i get:
anders@home:~$ gcc -O3 -o 4brute 4brute.c -lssl
4brute.c:65: error: syntax error before '(' token
4brute.c:65: error: syntax error before 'const'
Eh, I should remove that one too. It got left behind back in the day.
i fixed the 4brute/4tripper source
>>147
seconded
>>25
http://4dist.yi.org/4cute
but, of course, "there's no legitimate use" for this.
note that 4cute is just a quickly slapped-together CGI frontend for a souped-up 4brute that is pretty much unchanged since the link to it got deleted here for being "evil" two days ago.
(i did add a "exit after finding N solutions" commandlineoption, fixed some typos, added two things to the Usage() output, and shuffled around some defines. which are not exactly any changes to the main functionality, just touching up code i had not open in an editor for some weeks.)
No need to be ironic, you know damn well what I meant earlier.
>>152
Of course there is need to be ironic about something like this.
Thats way better than me being pissed off about it.
4cute is a proof-of-concept frontend, obviously designing userinterfaces is not my strong point.
and of course its keeping a local copy of the results, in the very same format used by 4dist, so i dont end up wasting cputime on cracking 8char cutetrips i supplied myself.
of course, anyone interested and having a x86 mmx cpu could just go grab the source, and waste their own cpu cycles on generating whatever amount of cutetrips they want.
if they were allowed to know where the source is.
not that it is hard to find without the direct link.
which just confirms again that "no legitimate use" is not exactly true, and deleting the link is pretty pointless.
You are wilfully misinterpreting what I said (I am being generous here and not assuming you are too dumb to read what I said). I said, and I quote, "I'd really rather people did not link to programs for doing cracking of actual tripcodes." Your 4cute does not do that, and has nothing to do with the discussion. It seems to do much the same as anything else in this discussion, none of which I had a problem with. Why are you assuming I'd have a problem with yours if I didn't with everybody else's?
>>154
its the very same program you deleted the link to, with your little "no legitimate use" comment.
just run from a perl CGI that feeds it with four commandline options, and wraps its output in some html.
so either there is a legitimate use for 4brute, or 4cute isnt one either.
cant have it both ways.
I never said there weren't legitimate uses for your program, I said there was no legitimate use for cracking tripcodes. I understand your program does that, which is why I didn't want a link to it. All you'd be doing is supplying script kiddies with tools. Make a version that doesn't do that, and I won't mind you linking it.
And how is that supposed to work?
ship it with a "complete" list of "known to be used" tripcodes and make it not output these? yeah, right.
include an AI that evaluates cuteness rating of supplied targets? sure.
of course, in any case of "exit_if_not_political_correct_target();" or other artificial "policy" limits, i would have to start shipping it closed source too.
because else people might comment out that call.
4brute generates plaintexts (or reads them from a pipe), crypt()s them in a tripcode way, and compares the results.
how is it supposed to know what are "good" or "bad" targets for a comparison?
if i take any of the "good" tripcode generators in this thread, tell it to use an alphanumeric charset, begin with one char length and rotate-enlarge, and run it to find me stuff that matches /^WAHa\./, how long would it take to find !WAHa.06x36 ?
seriously, whats the difference between a "bad_cracker" and a "good_generator | grep" ?
How many people do you see using Tripper++ for cracking? It just doesn't work, because it only uses randomized long strings for input. It also has no facilities for doing birthday attacks.
>>158
... which of course only works because its a closed-source GUI-thing?
better delete those links to "Mr VacBob"s tools too, those are evil opensource commandline hackery.
oh, and either you dont understand what a "birthday attack" is or you are assuming i dont know and want to confuse me by using the term? because i fail to see how an "any to any" attack with free choice of targets is related to the current topic.
i repeat: whats the difference between a "bad_cracker" and a "good_generator | grep" ?
Birthday attack in the sense of having many targets. Not entirely correct usage, I guess, but eh.
And stop trying to pick a fight, OK? There's a pretty obvious difference between making a tool that can be used out-of-the-box for cracking tripcodes, and one that can be modified to do it with some work. If you're a good enough programmer to modify it, chances are you could make it from scratch anyway.
Of course, releasing something that is a lot faster than all the others is a bit of a problem, since most people wouldn't develop that on their own. You may have noticed I did a lot of the same as you did, but chose not to release it because it didn't feel it was for the common good.
Now for some less faggy discussion:
I noticed your code said it was comparing against 32 candidates to do a case-insensitve match for 5 characters. I don't remember exactly how the bitslice data was laid out, so I am not enitrely sure it would work, but I'd think you'd get away much easier with a single bitmasked comparison.
>>160
I strongly disagree. Even if it does use UFC crypt() or John's bitslice stuff, the legitimacy is the same... It's just faster.
>>160
actualy, due to the "first character of crypt output cut off" aspect of tripcodes, you could in theory do a birthday-style attack on it, to find a pair of plaintexts that result in the same tripcode.
and if i make you use one of those, i could post with the other.
too bad no one would realize what clever hackish thing i have done, so they wont give me head for it, so its pointless. ;)
>>161
my comparison is doing a two-layered hashed check, then a full recheck using openssl.
meaning:
first it grabs 12-16 bit (a #define, actualy, thats one of the things i changed yesterday) of the bitslice output, and looks it up in a table.
and only if it has any targets in that table-slot it fetches another 16-20 bit (well, 32-$firstmatch) bit, and compares those to the targets in the slot discovered in step one.
and if there is a match in this step, it runs openssl on the plaintext, and compares it char by char to the may-be-a-match.
sounds bad?
Exiting after 1000000485 crypt, 565 inner, 41 salts, 0 found
565 times it hit the openssl inner-stage comparison, and none of it was a true match. gasp
but wait, openssl does more than 70000 crypt per second on this hardware, so its ... even assuming a 2x overhead for it not being in cpu cache or whatever, its less than 200ms of a 1 Gcrypt() batch taking more than an hour total. so its pretty insignificant.
in exchange, the comparison doesnt really slow down even with a lot of match targets. the default target limit is set to 4096, and the mask for stage 1 to 16 bit. that gives me a nice 1:16 rate of its-not-a-match detection right in the first stage.
it could even be scaled up quite a bit (at least to 24 bit, and an equally increased maxtargs), but at that point the ram footprint grows and grows and grows, and since i am allocating all the lookup tables statically...
how is that relevant for the case-insensitive comparison? a 5-char-alpha case-insensitive prefix has 32 possible variants. instead of doing that 1:32 step in the comparison stage for every single of the very many tried crypt()s, i do it before even firing up the crypter, by generating all those possible 32 targets.
what? two of the chars have l33tmode alternatives? thats 72 variants. scary.
what? you want only 4-char case-insensitive alpha prefix? that means full 64 options for char5, giving 1024 variants. bring it on.
oh, i forgot. for matching 5char prefixes, i only have 30bit at all to match, so the stage-2 comparison has 4x less reliability. but, of course thats nonsense, because if all 30 bits match, its a match in stage-3 for sure.
the "where are the bits hiding in johns format" for the individual tripchars is in 4brute-johnbs.h ... those defines are not used anywhere, but i kept them there just in case i ever need them again. it does not say which bit is which, so figuring out which one to ignore for case-insensitive direct matching would be another run of "see which bit flips".
i prefer the current system that stands up to whatever the user may throw at it, even if its leet-mode substitutions, which would be moderately hard to do bitmasked.
rethinks ... aeh, and since we are matching base64 targets here, it wont really work at all, because case-insensitive bitmatching works with ascii, but not base64.
but the idea was good! :)
>>162
would SOMEONE please run benchmarks comparing UFC and openssl crypt() speed?
and by someone, i dont mean me, and not anyone using my code?
my benchmarks (somewhere earlier in this thread) indicated that UFC was really, really bad.
it may have had a point in 1992 (when it was last updated) on 30MHz RISC machines, but i really, really fail to see any use for it today.
but, who knows, perhaps i did something really wrong, or was using an outdated variant, or whatever.
so, please, someone do some benchmarking.
and i dont mean the benchmark included in ufc, because that compares ufc against the libc crypt(), which indeed is the only thing worse than UFC in my tests.
well, or use the benchmark in ufc, and cram in the openssl crypt() so it uses the same framework for testing.
> aeh, and since we are matching base64 targets here, it wont really work at all, because case-insensitive bitmatching works with ascii, but not base64.
Ah, damn, that's right. Oh well!
>>141
my code is at http://hotaru.freelinuxhost.com/fasttrip.tar.bz2 now
>>164
I did some testing on a Pentium M with 1.6GHz. Time for 5,000,000 iterations, changing the salt every 500,000 iterations:
OpenSSL DES_crypt(): 45.144s
UFC-crypt crypt(): 37.078s
>>169
interesting. can i get the code you used somewhere?
i just did some benchmarking again too, not using the sodomized 4brute as framework, but the "speeds.c" that comes with ufc. runs the crypt() for 10sec cpu time, reports number of done cycles. no saltchanges at all. it has defines for ufc and libc, i added a ossl variant.
Results from my trusty Duron900 (64kB cache):
code here: http://4dist.yi.org/misc/ufc-crypt/
the speeds.c and Makefile are modified to add ossl.
this agrees with the numbers i had for 4brute using different backends.
perhaps i am using somethings that calls itself ufc, but really is outdated, wrong, or so?
from patchlevel.h: "UFC-crypt, patchlevel 1c, @(#)patchlevel.h 1.9 03/02/92"
from the README (most people reading this probably dont know any of those except the 386. ;):
but, the README contains also a possible reason for the sucky performance i am seeing:
165 > 64. uh-oh.
let me guess, the Penti-M has 1MB cache?
goes to find something with bigger cache to rerun benches
athlon1000, 256kB
pentiumII 266, 512kB, 2.4.31 SMP
pentiumII 266, 512kB, 2.6.12.1 SMP
(note that the first P2 run only confirms that the linux 2.4.x SMP scheduler sucks frozen goats through nanotubes, with 2.6.x its right back in the pattern seen on the other hosts)
so, it does not seem to be just the size of the cpu cache.
makes me more interested in seeing the code used in >>169 ...
Hrm, i dont quite see the use of cracking tripcodes if you cant post.
I wonder if there is a working proxy server somewhere...
Some Japanese tripcode searchers, not tested and stolen from http://ansitu.xrea.jp/guidance/?FAQ1#t17de328
hello thar. Why doesn't my tripcodes work? I'm using tripper+ but I don't know how to configure the options because my computer won't show Japanese characters...
‚ÃÂÂÂÂÂ�ƒÂƒÃ‚ƒÃ‚ƒÃ‚‚‚è‚ÃÂÂÂÂÂ�ƒÂƒÃ‚ƒÃ‚ƒÃ‚‚‚ÃÂÂÂÂÂÂÂÂÂÂÂ[ is 26% faster than mine on my G3. I suppose I should find a faster crypt, but I remember UFC not giving correct output in some case.
>>178
afaik, john has bitslice-des code for fruity platforms.
you could take a stab at adapting the 4brute++ code, but i dont even want to think about what parts of it might be endianess-sensitive.
updating the x86 DESBS code to some newer extensions than MMX would be a pretty heroic task for some highly motivated young coder. :)
Hi. Can someone here please explain why my tripcodes doesen't work?
According to a program called tripper+, "#/te¦4M¼A" will generate tripcode: "!aWrYyYlkcw".
But when I tested it on Sandbox, i got "!nbn1dFk5FA"
Why won't it work?
Because it's full of non-ASCII characters that will get parsed differently depending on which board you post it on, especially if you use HTML entities instead of the actual characters. If you want tripcodes that work everywhere, stick to plain ASCII characters only.
>>179
MMX registers are already 64 bits and have NOT AND and such. The only optimization that comes to mind would be vectorizing and doing two at once in SSE2 128bit registers
>>182
i am not so sure you know what bitslicing means. ;)
basicly it means using a CPU with N bit registers as N CPUs with 1 bit registers.
some operations (like DES) can profit from that a lot.
johns DESBS code does 64 "crypt() equivalent operations" in parallel on MMX, or 128 on altivec.
so porting this to newer extensions like SSE(2) would probably get another performance increase by a factor of 1.5-2 ...
but its hard to say without trying it since this stuff is getting really non-intuitive already. (direct influence of ram-speed on the performance, or the retarded linux 2.4.x SMP scheduler eating 70% of the performance, just to name two cute examples.)
>>183
SSE lacks the instructions to do the needed operations on its 128 bit registers, out of all of the additional instruction sets I can think of SSE2 is the only one that fit (I only know x86 chipsets). Maybe I didn't state it cleary, but I said you would not be likely to gain more than just being able to do two times as many as once. Not exactly something that is going to bring something that is currently an unreasonable search to feasability.
Altivec could certainly do it; it's much better than any x86 SIMD. Too bad it's only on the G4 and up. I could manage 32 bits at once, I guess.
>>185
For those curious of the AltiVec performance, a PowerPC G5 1.8 GHz
currently achieves the following:
Benchmarking: Traditional DES [128/128 BS AltiVec]... DONE
Many salts: 1103K c/s real, 1105K c/s virtual
Only one salt: 910566 c/s real, 910566 c/s virtual
The latest Pentium 4's aren't quite there yet (with MMX code).
Although SSE support for JtR is coming, preliminary testing shows that
it won't achieve this much speedup.
I would indent the quote but I am scared of markdown, straight from the horses mouth though (solar)
>>168
Your site doesn't work... It only redirects me to stuff like http://www.100webads.com/
>>187
100webspace is DQN.
this should work... http://wilson.merseine.nu/download/fasttrip.tar.bz2
>>184
well, it might be enough to shut up those fruituser claims about hardware superiority, considering they are less than factor 2 ahead while using 2x width. ;)
but, seeing how the biggest change in john 1.6.39 is adding a macosx-x86-mmx-cc build target, i guess apple will be shipping real computers before john grows SSE2 support. :)
>>188
Some instructions for using this would be nice.
>>189 doesn't seem to understand much :(
In the G5's case it's entirely CPU bound... I would look into running scalar and AltiVec at the same time, and why jtr's altivec code uses signed numbers.
But since I don't have one, I don't really care. I will see if I can make the non-DES parts parallelizable easily without making it really unreadable. SHA1 is supposedly AltiVecable as well; RC4 doesn't look like it is, though.
RC4 runs like a dream on 8-bit microcontrollers, though.
>>190
to search for a tripcode you just dotrip [regex]
ortrip -c [regex]
where [regex] is the regular expression you want to match. if you don't supply a regular expression it uses .* (matches all tripcodes). if you use -c it does case sensitive matching.
Wow those posts got screwed up..
anyways. Someone asked if it is impossible to crack a tripcode if you use an 8 character random string in aprevious life of this thread. The answer is no, if you really care about being the only one with the tripcode you should use a secure tripcode (name#trip#secure). This is the third and shittiest version of this post I have made. I shall not make another one.
I think the NSA has been attacking this thread to stop this information from getting out!
>>196
Damn bastards cannot leave DES alone! Why bother making the S-boxes resistant to differtial cryptology 15 years before anyone knows about it and then suggest a reduced keysize.. AND THEN hide the information that tripcodes are about as secure as a plastic lock!
does anyone have a copy of 4brute-johnbs?
Not on this board.
Someone really should make a post(somewhere) of all of the technical details of tripcodes. I keep forgetting to verify (and wel.l redo as they are totally fucked up) >>221-222 and list any other inconsitencies. I'm sure I'll eventually get around to it or someone else will do it for me.
Also, is it still 200GET if it isn't the first time?
> this should work... http://wilson.merseine.nu/download/fasttrip.tar.bz2
Error! Could not locate remote server
>>201
yeah... my "dynamic" ip never changes, so the dynamic dns never gets updated, so it expired...
i'm working on setting up a new server, i'll post a link here when i'm done.
I like potatoes.
>>200
the best thing to do is look at the actual 0ch/futaba code to see what they do...
nnnnnnnnnnnn
dd
This is not a tripcode testing thread. Use the testing thread over at /sup/ if you really need to.
A friend has been running tripper2ch on his Macbook looking for "MUSASHI" tripcodes for so long it's reached eight character inputs.
All the hoorj bitslice sse stuff up there is way past my ability to care about this, but maybe I should multithread it or look into OpenMP.
(and, man, the Darwin crypt.c I'm using is awful. I still won't change it to something that's wrong, but maybe at least I'll use Free/OpenBSD'sÂÂÂÂÂÂc)
Hey, why can't I use an ellipsis if I post from inside the thread!
………...……
4brute-johnbs-p5 (that's the prefix-matching one) + john 1.7.2 (Bitslice DES assembly code for x86-64 making use of the 64-bit mode extended SSE2 with 16 XMM registers has been added for better performance at DES-based crypt(3) hashes with x86-64 builds on AMD processors.) = 1211kcps on my 1.6GHz machine :)
I'm sorry to say that no human being can follow all those prepositions.
I feel inadequate and want to take a computer science class.
Don't worry. People who take computer science classes feel inadequate in the grand scheme of things too.
i use tripmona
I think I'm going to rewrite mine so it uses OpenMP, because OpenMP is pretty cool.
Also I guess it should support modern wakaba and be endian-safe on shiichan. Even though I'm the only one that uses shiichan's.
>>204
I am running Tor, but how do I make it (or Privoxy?) aware of .tor domains?
Someone explain the process for generating tripcodes anyway.
I'm goofing around teaching myself php and want to make a tripcode test script for the hell of it.
That'd be re-inventing the wheel. Here's the (slightly poorly-written) snippet of code from Thorn that generates 2ch-style trips:
$pos=strrpos($name,"#");
if ($pos!==false) {
$nombre=substr($name,0,$pos);
$trip=substr($name,$pos+1);
//echo($trip);
//2ch-style tripcodes...
//More or less stolen from Futallaby
$salt=substr($trip."H.",1,2);
$salt=ereg_replace("[^\.-z]",".",$salt);
$salt=strtr($salt,":;<=>?@[\\]^_`","ABCDEFGabcdef");
$trip=substr(crypt($trip,$salt),-10)."";
}
else {
$nombre=$name;
$trip="";
}The point of re-inventing the wheel is that you understand it better and aren't just copying stuff you saw other people do. As it is I can't make heads or tails of your code.
To tell the truth, I have a hard time following it too. Why? Because (as the comments say) it was lifted with few modifications from another (open-source) PHP image board script. And the guy who wrote that probably transcribed it from another image/message board script written in Perl. So I didn't reinvent the wheel either. But you know what? It works.
I'll write it out a bit
$salt=substr($trip."H.",1,2);Take the second and third characters of the trip key with "H." appended to the end of it. This is the "salt."
$salt=ereg_replace("[^\.-z]",".",$salt);Replace characters that don't match the regular expression [^\.-z] (basically, non-ASCII characters) with a period.
$salt=strtr($salt,":;<=>?@[\\]^_`","ABCDEFGabcdef"); Replace a bunch of characters that are ASCII but not letters with letters. Remember that "\\" in this case is an escaped "\".
$trip=substr(crypt($trip,$salt),-10)."";The trip code is the last ten characters of the result of a standard UNIX encryption function, with the trip key and the salt as input. http://us3.php.net/crypt
Wanna rewrite that in your own code? Have fun.
To get it entirely right, you should probably apped "H.." instead of "H.". Also, you should convert from whatever charset you are using to Shift_JIS before doing anything else.
Would conversion to Shift-JIS really make a difference, seeing as it's only working with ASCII characters anyway?
It's not only working with ASCII characters. It's working with the full 8-bit bytes.
For instance, #kï½ÂÂÂÂÂÂ�ƒÂƒÃ‚ƒÃ‚ƒÃ‚ƒÃ‚¯Ã‚½ÂÂÂÂÂÂï½ÂÂÂÂÂÂ� doesn't work if you don't convert to Shift_JIS, and furthermore, tripcodes will change depending on the charset of the board.
...and now, it's not working here. Seems I've got some fresh new bugs to sort out.
Righteous.
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>whee</title>
</head>
<body>
<?php
@header('Content-type: text/html; charset=utf-8');
if (function_exists("mb_internal_encoding")) {
//This server will support multi-byte strings. Unicodey goodness!
mb_internal_encoding("UTF-8");
mb_language("uni");
mb_http_output("UTF-8");
}
error_reporting(E_ALL^E_NOTICE);
if(isset($_POST['nombre'])==true){
$name=explode("#",$_POST['nombre']);
$trip=array_pop($name);
$name=array_pop($name);
$trip=mb_convert_encoding($trip,"SJIS");
$salt=substr($trip."H.",1,2);
$salt=ereg_replace("[^\.-z]",".",$salt);
$salt=strtr($salt,":;<=>?@[\\]^_`","ABCDEFGabcdef");
$trip=substr(crypt($trip,$salt),-10)."";
$trip=mb_convert_encoding($trip,"UTF-8");
?>
<p><?php echo("<strong>".$name."</strong>!".$trip); ?></p>
<?php
}
?>
<form method="post" enctype="multipart/form-data" action="index.php">
<input type="text" size="20" name="nombre" /><input type="submit" />
</form></body></html>This'll go into Thorn 2.
http://astrange.ithinksw.net/tools/trippersrc.zip
Now endian-safe, slightly slower on icc, much faster on gcc.
Switched to FreeBSD crypt() because it's much shorter. Unfortunately also much more bottlenecked in one random-access array lookup that goes to main memory. Didn't switch to the JTR code WAHa sent me because it would ruin my beautifully short program.
Also I forgot to add modern wakaba trips but I'll do it sometime.
This crypt isn't reentrant :(
>>237
freebsd crypt() is faster than openssl crypt on my laptop (turion, 64-bit freebsd), but it's slower on the machine i'm using now (pentium 3, 32-bit freebsd)... i wonder why?
This thread has blown my mind.
I'm an internet dumbass and a computer illiterate; how do I even run that program?
>>243
I am by no means a linux/unix expert, but I assume that you compile it by running "build.sh" script and run the executable from the command line?
>>245
yeah no problem if it would even build on my end
tripper.c:23:28: error: mach/mach_time.h: No such file or directory
tripper.c:23:28: error: mach/mach_time.h: No such file or directory
In file included from tripper.c:28:
sha1.c: In function ÂÂÂÂÂÂearray_swapÂÂÂÂÂÂf:
sha1.c:96: warning: implicit declaration of function ÂÂÂÂÂÂehtonlÂÂÂÂÂÂf
tripper.c:23:28: error: mach/mach_time.h: No such file or directory
tdict.c: In function ÂÂÂÂÂÂemainÂÂÂÂÂÂf:
tdict.c:108: warning: implicit declaration of function ÂÂÂÂÂÂefgetlnÂÂÂÂÂÂf
tdict.c:108: warning: assignment makes pointer from integer without a cast
/tmp/ccQVniCX.o: In function `main':
tdict.c:(.text+0xcce): undefined reference to `fgetln'
collect2: ld returned 1 exit status
redownload
I'm not going to bother rewriting tdict to use getline() just because glibc is crazy though :(
'
hay guyz, wuts goin on in dis tread?
I'd kill or die for a windows version of a decent tripcode decoder. Failing that, instructions for an idiot. I like YEAH but I'd like to make more. This was a pain in the ass to get.
<3
FBI has deleted all links... how sad
So.. how does this work? All I get is a command prompt spamming with tripcodes and what they convert into, but doesn't seem to dump anywhere that I can see.
>>255trip <string> to find tripcodes containing <string> (case insensitive)trip -c <string> to find tripcodes containing <string> (case sensitive)
there's also http://hotaru.thinkindifferent.net/fasttrip-regex.tar.bz2, which supports regexes.
>>256
What? Where do I put that?
In a txt file or something?
This shit's useful ~desu
trip -c <ROFLCOPTER>
XD
Thanks, dude!
I found a tripcode that I've been looking for with Tripper+. However, it uses a non-standard character, "¼". Is there something that will convert that character into either kanji or a standard numeral or letter?
Thanks in advance.
>>264
¼ = U+00BC
0xBC in Shift-JIS = U+FF7C (http://wakaba-web.hp.infoseek.co.jp/table/sjis-0208-1997-std.txt)
U+FF7C = ¼
>>265
oh, and now i know how to make this tripcode work ^^
>>265
Thanks a lot. Unfortunately, my trip's still not working, though.
>>267
it might have other characters you need to convert...
or if it has any of the characters that are converted to html entities (i think just ,<>"'&) it might not work at all... i'm not sure if tripper+ handles those correctly...
>>268
There's a ~ and / in it, but I don't think those would pertain to HTML entities.
>>269
where are you trying to use it? if it doesn't contain any of the characters mentioned in >>268 and you've converted any characters that aren't the same in unicode and shift-jis it should work on wakaba and kareha boards.
futallaby and shiichan (at least the versions used on 4chan) are apparently horribly broken wrt tripcodes.
ok, apparently such tripcodes can be made to work on 4chan.
you just have to set the character encoding to shift-jis before you post.
> futallaby and shiichan (at least the versions used on 4chan) are apparently horribly broken wrt tripcodes.
they're interpreted as utf-8, except on /sjis/ where they aren't. official policy is to not fix this because we hate people who use tripcodes.
sage lol
Trip works alright, but do any other generators that run under Windows do strings that aren't 8 characters long? Seems like it's pretty limited by that, and it repeats them pretty often.
well, this one has no html entities...
LOL FAIL
seeking 4brute-johnbs.... or some better glue for x86-sse.S (etc)
I've had some luck using OpenSSL's crypt, but I'm struggling to get the right bits in and out of john's bitslicing DES code.
Have a look at vectripper. It's written for OS X but it uses john.
> seeking 4brute-johnbs
you won't get it on this board.
... indeed. After reading through the entire thread, and seeing this place's visibility on google, I can understand why nobody is just going to hand over the code to me...oh well. I'm making progress hacking something together. VecTripper's source hurts my eyes so I'm just sticking to peekin' through John. Reinventing the wheel sucks by the way...
I noticed an odd property of tripcodes (well, crypt actually): the last character will always be one of [.26AEIMQUYcgkosw] -- one of every fourth character in the overall character set.
DES output is 64 bits. It is encoded into a string consisting of characters from a set of 64, meaning each character encodes 6 bits. The output is 11 characters long, which adds up to 66 bits, the two last of which thus go unused. A loss of two bits means every fourth character is used.
Hmm. Maybe it'd've been better to substr($crypted, 2, 10) to get more useful bits? Oh well, too late now.
Anybody have a link to hotaru's tripcode program? I've tried tripper+, but it can't find the same ones his did.
>>293
source:
without regex
with regex
windows binaries:
without regex
with regex
>>265
So I've found one I liked, but it uses a "ÂÂÂÂÂÂ�ƒÂƒÃ‚ƒÃ‚ƒÃ‚‚ÂÂÂÂÂ�". However I'm too dumb to actually understand how to find it in that list. /r/ help
>>300
That's already a Shift-JIS character. Since only the lower seven bits matter, you can usually find the ASCII character it matches with the high bit removed, but unfortunately for you ÂÂÂÂÂÂ�ƒÂƒÃ‚ƒÃ‚ƒÃ‚‚ÂÂÂÂÂ� corresponds to " (a quotation mark) -- and quotes get mangled in tripcodes.
At least for Wakaba/Kareha based boards, you can just switch the page's charset to Shift-JIS before posting and it'll work.
No, Wakaba and Kareha both automatically convert tripcodes to Shift-JIS no matter what the charset. If you start changing it manually, you're more likely to break it than anything else.
>>302
http://4-ch.net/code/kareha.pl/1187656971/7,11
http://kei.iichan.net/sand/res/849.html [first three messages]
In both of those I left the encoding alone on the first post, and switched to SJIS afterward.
I also have three test installations of both Wakaba and Kareha on three separate systems, and none of them convert the character sets correctly.
http://kei.iichan.net/sand/res/976.html
So what am I doing wrong here? It's not matching with what it said it should change to. D:
I'm not sure what you're trying to do, but the test case works exactly as it should - #‚‹‚ÂÂÂÂÂÂ�ƒÂƒÃ‚ƒÃ‚ƒÃ‚‚‚‚ÂÂÂÂÂÂ� becomes !yGAhoNiShI.
Do not test tripcodes in here. If you really have to, use the test thread.
Python-fag here, this seems to work fairly decently for ASCII tripcodes, seeing as Albright's original Python version is nowhere to be found, so it's based on the Thorn PHP version he posted earlier.
This code probably sucks and is slow.
def tripcode(trip):
if len(trip) > 0:
salt = trip[1:3] + "H.."
kill_non_ascii = re.compile("[^\.-z]")
salt = kill_non_ascii.sub('.', salt)
replace_dict = {
":" : "A",
";" : "B",
"<" : "C",
"=" : "D",
">" : "E",
"?" : "F",
"@" : "G",
"[" : "a",
"\\" : "b",
"]" : "c",
"^" : "d",
"_" : "e",
"`" : "f",
}
for line in replace_dict:
salt = salt.replace(line, replace_dict[line])
trip = trip.encode('shift_jis', 'replace')
salt = salt.encode('shift_jis', 'replace')
result = crypt(trip, salt)[3:]
else:
result = ""
return result>>311
Ugh!
def get_tripcode(pw):
pw = pw.encode('sjis', 'ignore') \
.replace('"', '"') \
.replace("'", ''') \
.replace('<', '<') \
.replace('>', '>') \
.replace(',', ',')
salt = re.sub(r'[^\.-z]', '.', (pw + 'H..')[1:3])
salt = salt.translate(string.maketrans(r':;=?@[\]^_`', 'ABDFGabcdef'))
return crypt.crypt(pw, salt)[-10:]import re,string,crypt
def get_tripcode(pw):
pw = pw.encode('sjis', 'ignore') \
.replace('"', '"') \
.replace("'", '\'') \
.replace('<', '<') \
.replace('>', '>') \
.replace(',', ',')
salt = re.sub(r'[^\.-z]', '.', (pw + 'H..')[1:3])
salt = salt.translate(string.maketrans(r':;=?@[\]^_`', 'ABDFGabcdef'))
return crypt.crypt(pw, salt)[-10:]
print(get_tripcode("faggot"))Horribly in-efficient and shitty code for seeing how many tripcodes per second your machine can push. Needs the shit optimizing out of it.
import re,string,crypt,time,mathdef get_tripcode(pw):
pw = pw.encode('sjis', 'ignore') \
.replace('"', '"') \
.replace("'", '\'') \
.replace('<', '<') \
.replace('>', '>') \
.replace(',', ',')
salt = re.sub(r'[^\.-z]', '.', (pw + 'H..')[1:3])
salt = salt.translate(string.maketrans(r':;=?@[\]^_`', 'ABDFGabcdef'))
return crypt.crypt(pw, salt)[-10:]def ts(): return int(time.time())end = ts() + 60
i = p = 0while ts() < end:
p = 0
end2 = ts()+1
while ts() < end2:
p=p+1
i=i+1
get_tripcode("string")
lol = "%d tc/s" % (p)
print(lol)
#print("\b") * len(lol)print "%d tripcodes generated in 60 seconds\nAverage rate: %d tripcodes per second\n" % (i,int(math.ceil(i/60))) My comp is 0.9GhZ (lolol), and with this script I get around 1500 tc/s
With this script however, I get over 9000 tripcodes a second
<?php
function tripcode($plain)
{
$salt = substr($plain."H.", 1, 2);
$salt = ereg_replace("[^\.-z]", ".", $salt);
$salt = strtr($salt, ":;<=>?@[\\]^_`", "ABCDEFGabcdef");
return substr(crypt($plain, $salt), -10);
}$end = time()+60;
$i=$p=0;
while(time()<$end)
{
$p=0;$end2 = time()+1;
while(time()<$end2)
{
$p++;$i++;
tripcode(time());
}
echo $p." tc/s";
echo str_repeat("\x08",strlen($p)+5);
}
echo "$i tripcodes generated in 60 seconds\nAverage rate: ".round($i/60)." tripcodes per second\n";
?>>>314
An interpreted python script that wasn't intended to crack tripcodes is slow at cracking a tripcode? Holy shit, Batman.
That's why all the decent tripcode searchers are written in C.
>>316
You could possibly use Psyco or similar JIT compiler to boost your speed by a significant margin. It's pretty surprising how much faster PHP is, after all it's not a real programming language ;-)
>>319
You're still comparing that PHP code to a function in Python that's designed to produce correct tripcodes, and isn't intended for speed in the first place. If you're going to start benchmarking languages, at least do so competently.
forgive my lack of understanding on this topic, but is it possible to have any tripcode you want, given enough time/resources/whatever?
>>321 here
Sorry, retarded question
What I meant was: I've seen a few trips containing whole 8 letter words, uncanny matches to the poster's name, other things like that. I've used trip.exe and found that the list of trips output for a certain criteria is finite, so my more appropriate question is: is it possible to get EXACTLY the trip you want? if so how?
>>322
It's very unlikely that you could just find an 8 character tripcode that's exactly the one you want it to be, it would possibly take years and years of processing time to find an exact match.
However it might be possible to randomly generate tripcodes and match them against a list of dictionary of 8 letter words, hence you could find full words and then change your name to match the new tripcode. Still wouldn't be very fast though.
>>322
different runs of trip.exe will produce different repeating lists of tripcodes because windows doesn't have random() and it's rand() sucks.
>different runs of trip.exe will produce different repeating lists of tripcode
Interesting, I am running two instances of trip.exe right now, searching for matches to the same string and I'm getting the exact same output from them both.
>>325
If you started them at the same time, that will be the case since the random number generator is seeded by the time in seconds.
Lol, you guys are smart. (Seriously. Not trolling. Some people's knowledge here really impresses me.)
C:\>trip.exe | grep -P \d{10}
`Eqppj9l = 1354773682
eyd!{P0V = 0841327956
I560v;3t = 8550610352
`Eqppj9l = 1354773682
eyd!{P0V = 0841327956
I560v;3t = 8550610352This took ~4hrs to generate. (lol intel celeron)
>>329
What I'm trying to say is that trip.exe PRNG is terribly cyclic: The more complex the search string, the more likely the PRNG will run around in circles.
Instead of using rand(), which does suck horribly, just use this:
s1=((s1&4294967294)<<12)^(((s1<<13)^s1)>>19);
s2=((s2&4294967288)<<4)^(((s2<<2)^s2)>>25);
s3=((s3&4294967280)<<17)^(((s3<<3)^s3)>>11);
return s1^s2^s3;Tausworthe random number generator, generates quality 32-bit random integers with a cycle of something like 2^88, extremely fast and simple. Seeding is left as an excercise to the reader, I just set s1, s2 and s3 to the seed times various large integers.
>>333
Nice. Never could get my head 'round bitwise operators, though...
>>333
Cycle of 2^88? So that is not a linear shift feedback whatchamacallit then?
Oh, of course. There are three variables, so the longest possible cycle isn't 2^32, it's 2^96...
I know it's faster, and the state is much, much smaller, but I'm not sure how it stacks up quality-wise. It's supposed to be a viable competitior, though, and it's certainly good enough for pretty much all casual uses.
>>331,333
here's a better one:
z1=((z1&4294967294)<<18)^(((z1<<6)^z1)>>13);
z2=((z2&4294967288)<<2)^(((z2<<2)^z2)>>27);
z3=((z3&4294967280)<<7)^(((z3<<13)^z3)>>21);
z4=((z4&4294967168)<<13)^(((z4<<3)^z4)>>12);
return z1^z2^z3^z4;Just out of curiosity (I'd like to compare it to the work I'm doing now). How many kilo-crypts per second (kcps) are people getting right now with faster processors out such as a 2.6 ghz core 2 conroe?
>>339
897 mhz/7.15945 kcps
___ ___
/\_ \ /\_ \
\//\ \ ___\//\ \
\ \ \ / __`\\ \ \
\_\ \_/\ \L\ \\_\ \_
/\____\ \____//\____\
\/____/\/___/ \/____/>>340
Killed non-essential process, 'optimised' my code, now I can get 8.9kcps. VICTOLY.
I hate to rain on your parade there, but I used to get ~100 on similar hardware.
>>342
I'M USING WINDOWS XP HOME EDITION ON AN EMACHINE 130. CONSIDER MY SHITTY PARADE DRY.
339 here.
I'm managing 520kcps with what I wrote in a couple hours, but that doesn't really say much.
I've been running 3 simultaneous instances of trip.exe for ~40 mins now, and got 31 trips matching a case sensitive 5 character string. Quad core's aiiiite.
More notably though, Vista (which I'm using) gives me completely unique results which is nice.
> More notably though, Vista (which I'm using) gives me completely unique results which is nice.
what
> Where's a link to an internet-based tripcode whatever thing?
http://hotaru.thinkindifferent.net/tripper.html
if you have a fast processor and run it in a decently fast browser like opera or safari it might actually be fast enough to be useful.
on my computers here it's horribly slow in firefox (freebsd and windows xp), slightly better in konqueror (freebsd) and IE 7 (windows xp), and almost fast enough to be useful in opera (freebsd and windows xp) and safari (windows xp). and these machines are all more than 2 years old.
>>356
0.4cps on my phone!
And 0.7cps on my DS ite with the DS browser!
To tie this thing into a current conspiracy theory of mine, since you're all talking about tripcode searchers...
Densha Otoko's trip code was nm4g8qV1Cg.
How long would it have taken, realistically, for someone to crack it in 2004? I'm interested in learning at what point it would no longer be plausible for someone to step forward and claim to be him, citing the tripcode as evidence.
(reposted without sage)
To tie this thing into a current conspiracy theory of mine, since you're all talking about tripcode searchers...
Densha Otoko's trip code was nm4g8qV1Cg.
How long would it have taken, realistically, for someone to crack it in 2004? I'm interested in learning at what point it would no longer be plausible for someone to step forward and claim to be him, citing the tripcode as evidence.
use mty or Tripcode Explorer instead. ;)
mty
http://naniya.sourceforge.jp/
Tripcode Explorer
http://tripper.kousaku.in/20050618.html
anyone know of an english translation of Tripcode Explorer?
>>360 A week? a few days? Not long, even back in 2004.
ITT: Idiots who can't even find stable hosting pretending to offer links to their shitty software.
>>360 depends on who that ``someone'' is. Your average otaku? Pretty long. Someone with access to a supercomputer? Probably a day at most.
So what's the status of tripcode decoders for *nix? Everything ITT seems to either be dead links, for windows or slow as hell python.
>>371
http://hotaru.thinkindifferent.net/trip-regex.c
http://hotaru.thinkindifferent.net/trip.c
http://astrange.ithinksw.net/tools/trippersrc.zip
there's also that version of 4brute that uses the bitslice code from john the ripper, but don't ask for it on this board.
>>372
I'm not too familiar with c and I'm getting this error message when compiling trip.c:
>>warning: this decimal constant is unsigned only in ISO C90
which affects lines
>> z1=((z1&4294967294)<<18)^((((z1<<6)^z1)&UINT32_MAX)>>13);
>> z2=((z2&4294967288)<<2)^((((z2<<2)^z2)&UINT32_MAX)>>27);
>> z3=((z3&4294967280)<<7)^((((z3<<13)^z3)&UINT32_MAX)>>21);
>> z4=((z4&4294967168)<<13)^((((z4<<3)^z4)&UINT32_MAX)>>12);
Which seem to be declared by
>>static uint_fast32_t z1,z2,z3,z4;
I also get the error message
>> strcasestr undeclared
which affects the line
>>compare=cflag?&strstr:&strcasestr;
The regex version gets similar errors (though with more errors). The package in trippersrc compiles at least but does so with errors.
Any ideas on if I'm missing packages or something?
Specifically (on the trippersrc):
>>gcc -Os -march=pentium -mtune=generic -std=gnu99 -o 2chdict tdict.c || true
returns
>>tdict.c: In function âmainâ:
>>tdict.c:108: warning: implicit declaration of function âfgetlnâ
>>tdict.c:108: warning: assignment makes pointer from integer without a cast
>>/tmp/cco547v3.o: In function `main':
>>tdict.c:(.text+0xc8c): undefined reference to `fgetln'
>>collect2: ld returned 1 exit status
And doesn't compile 2chdict. tripper2ch doesn't seem to work for 4chan and tripperc4 and trippershii don't seem to do anything.
gcc -std=c99 -O2 -funroll-all-loops `pcre-config --cflags` `pcre-config --libs` -lcrypto -o trip trip-regex.cor if you don't have pcre and can't install it:
gcc -std=c99 -O2 -funroll-all-loops -lcrypto -o trip trip.cyou're probably better off using trip-regex.c instead of trip.c if you can. if you have to use trip.c, you should grab it again (i just made some minor changes), and if you still get an error about strcasestr not being defined, try compiling it with -DNO_STRCASESTR.
It needs to use getline instead of fgetln with glibc, because I'm lazy. However, you don't need 2chdit.
>>375
If others are having compile error "optind undeclared" when compiling trip-regex.c, I needed to add
#include <getopt.h>
to the list of includes in trip-regex.c to get it to compile with the command line pasted.
>>380
optind should be in unistd.h, not getopt.h.
http://www.opengroup.org/onlinepubs/007908775/xsh/getopt.html
So has anyone been able to write a really optimized one that can work with dual or quad core?
Just run several processes with different random seeds-
I'm sensing that my iPhone getting 800kcps may produce rage.
Someone should thread and compile the regex tripper for Nvidia graphics cards. I can't, my dev machine is blarg dead
sdf
sdf
>>384 is equivalent to any threaded tripper. And easier too, crypt() isn't reentrant :(
Python Image Bord.
>>394
i can't figure out if this is spam or if someone just posted in the wrong thread...
>>393
it's really not that hard... it's still pretty pointless, but i was bored, so...
http://hotaru.thinkindifferent.net/trip-threaded.c
oh ok, thanks
oh ok, thanks
3000kcps. WEEEEEEEEEEEEEEE GO LITTLE CORE2 GO!
translatio of tripcode explorer plz
translation of tripcode explorer plz
I assume it's possible to have a tripcode where the input is the same as the output, any examples?
>>403
the input is 8 characters. the output is 10 characters.
so no, it isn't possible.
Not sure where to post it, I don't want to bump really old threads so I'll ask here:
at the initiative of SAoVQ, we are writing a small guide to anonymous boards on a wiki. It's not very good right now, but we've just started: http://tanasinn.info/wiki/A_Guide_to_Anonymous_Boards
On the part about tripcodes, I talked out of my ass about choosing a good tripcode. Could someone who actually understands well the CPU cost of cracking various tripcodes help us to provide an easy rule to follow for choosing something uncrackable?
>>405 tripcodes are designed to be a useful tool in establishing an identity, not a secure one. The length of the #hash is, however, a factor in how long it would take to crack.
>>405
anything shorter than about 6 characters is easy to crack.
anything that's all alphanumeric is easy to crack.
by "easy to crack" i mean it'd take less than a week on my crappy slow computer.
>>406-407
Thanks. But does that mean that realistically all tripcodes are bound to fall in a few weeks of brute-forcing, or that something like #f8&45?p3 is expensive enough to make it way too long for a troll with spare CPUs to crack?
Do you think that "8 characters with letters, numbers, and punctuation marks" is a good enough guideline to provide for a short primmer that is not primarily about this topic?
>>408 That'd likely work; there's not much call for tripcode cracking. That said, make sure you at least make a note that it's not a perfect system, and whatever key they use, don't make it your password for anything else!
A note of caution: Some characters (like &<>"',) get translated into HTML entities, and can push the rest of the characters off the end of the 8-character limit. This is essentially a bug, but is implemented in Wakaba and Kareha for bug-by-bug compatibility with the original implementation.
grghf
Hello all,
I stumbled upon this post here (id never even heard of the site here) and i must say this is one of the more interesting reads ive come across.
I was originally looking for a reverse tripcode program. from what ive read here, that seems pretty impossible, and the only thing you seem to have come up with to compensate is a brute force generator.
Most of what was said here kinda flew over my head, but what i DID get has really inspired me to want to learn all about this.
I must confess however, that the reason why i wanted to find a reverse tripcode program may be pretty obvious; i wanted to figure out someones tripcode. But this person is not just some random anon, or an undeniably annoying fellow. This person has some interesting controversy surrounding him/her.
You may or may not have heard about Oversight. If you have, you know where this is going. If you have NOT, please read this:
http://encyclopediadramatica.com/Operation_Falcon_Punch
this person has intrigued me, and i am beginning to think that there is more to his/her riddles than is there for us to see. I have a feeling that his tripcode has something to do with the overall puzzle.
Computer programmers and true "hackers", (not crackers), are by and large, the most intelligent of society because of their strive for knowledge, and the urge to figure out as much as possible.
Because of that, and the prowess you display here, i ask you, if willing, to take a crack at this little mystery.
If nothing else, it will be a chance to stretch those detective muscles i know you all have.
Thank you for this thread, your time, and your knowledge.
TeSeC
P.S. if you want to find me, ask for me in irc.partyvan.fm #fm
P.S.S. im not even gonna bother with a tripcode here.
>>413
You want to crack one of 4chan's secure tripcodes?
Good luck with that, lol.
Why would anyone want to fake being someone with controversy surrounding them?
LOL, go make your own controversy, it's easy enough.
See? That was easy.
!!Gutm29O5FPS ?
Hi again,
I see you guys didnt really like my last post.
Well, can you at least tell me how this Oversight can have a tripcode with two exclamation points at the beginning? i tried putting one before the tripcode, but that didnt work. Really baffled about this one. Shed some light please?
TeSeC
wat
>>419
It's a secure tripcode. Salted with 4chan's secret key.
It helps if you read the 4chan FAQ about tripcodes, you know.
Guys, tripcodes are for fags.
>>264
the symbol ¼ can be used to replace ¼ if your tripcode isn't showing up properly
http://www.megaupload.com/?d=igu8r1cq
TripExplorer, apparently the english translation. Unfortunately, it has a password, and I have no clue what said password is.
>>424
moot, gb2/NIGGERTITS/ and fix /b/ will ya
shut up
>>433
What exactly is TripExplorer? Zip passwords aren't that hard to crack, though all 8 of my CPU cores are currently busy trying to generate a tripcode.
PROTIP: Tripper+ only uses one core. Modern computers often have 2 or more. Just run however many Tripper+'s as you have cores.
(This 8 core 2.8 GHz Mac Pro is doing about 1.3 million tripcodes a second over 8 Tripper+'s running in Wine.)
I'm attempting to crack the password for TripExplorer now, will post once done.
>>436
i think tripexplorer uses bitslice des, and it can use multiple cores. tripper+ uses UFC crypt(), which is pretty slow (compared to other implementations) on most modern machines.
i'm doing about 3.8 million per second on a 2.53GHz core 2 duo right now.
i could do about 1.5 million per second on my single-core 1.6 GHz laptop, so 1.3 million on an 8-core 2.8GHz machine is pretty pathetic.
http://download.kousaku.in/trip/tripper1206-20080216.zip
translate to english plz
>>441
anyone got any ideas where to put anythings and which buttons to pusgh
>>396
What do I do with this? Could it be adapted for CUDA seeing that GPUs are faster than CPUs in number crunching? Incidentally, I got this from 4chan /g/ and don't know how to build/execute/etc.
#include <stdio.h>
#include <unistd.h>
#include <crypt.h>
void strreverse(char* begin, char* end){
char aux;
while(end>begin)
aux=*end, *end--=*begin, *begin++=aux;
}
void itoa(int value, char* str, int base){
static char num[] = "0123456789abcdefghijklmnopqrstuvwxyz";
char* wstr=str;
int sign;
if (base<2 || base>35){ *wstr='\0'; return; }
if ((sign=value) < 0) value = -value;
do *wstr++ = num[value%base]; while(value/=base);
if(sign<0) *wstr++='-';
*wstr='\0';
strreverse(str,wstr-1);
}
int main(void){
char lol[10], ha[3];
char* trip;
int x = 10000;
for(;; ++x){
itoa(x, lol, 10);
ha[2]='\0';
ha[0]=lol[1];
ha[1]=lol[2];
trip = crypt(lol, ha);
if(trip[3] == 'L' && trip[4] == 'O' && trip[5] == 'L'){
printf("%u: %s\n", x, trip);
exit(0);
}
}
return 0;
}
http://download.kousaku.in/trip/tripper1206-20080216.zip
this is the untranslated version of http://rapidshare.com/files/131154477/tripexplorertranslation.zip
also, i'm guessing that in order to get passes that don't contain japanese characters you have to tick the "ASCII blablabla" box in the options in this new version of tripcode explorer?
Was wondering about this too.
Also, are there (H) and (T) [begin with, end with] settings anywhere in Tripexplorer? I can't find them.
>>451 we didn't put the password on it, though.
‰äX‚̓tƒ@ƒCƒ‹‚ւ̃pƒXƒ[ƒh‚ð’ljÁ‚µ‚Ä‚¢‚È‚¢B(GoogleTrans)
>>451
Hello(‚±‚ñ‚É‚¿‚Í)
Sorry about the password, we do not know who put it(ƒpƒXƒ[ƒh‚ɂ‚¢‚Ä‚Í\‚µ–ó‚ ‚è‚Ü‚¹‚ñ‚ªA’N‚ª‚·‚é‚Ì‚©•ª‚©‚ç‚È‚¢)
The only file I know of is this >>433 (Ž„‚Ì’m‚Á‚Ä‚¢‚é—Bˆê‚̃tƒ@ƒCƒ‹‚±‚ê >>433)
That poster also does not know the password(‚»‚̃|ƒXƒ^[‚É‚àƒpƒXƒ[ƒh‚ð’m‚Á‚Ä‚¢‚é‚à‚Ì‚Å‚Í‚ ‚è‚Ü‚¹‚ñ)
Sorry about the whole thing. Many thanks for your software.(‘S•”\‚µ–󂲂´‚¢‚Ü‚¹‚ñB‚ ‚È‚½‚̃\ƒtƒgƒEƒFƒA‚¢‚½‚¾‚«‚Ü‚µ‚Ľ‚É‚ ‚肪‚Æ‚¤‚²‚´‚¢‚Ü‚·B)
I do not know Japanese. I used Google Translate.(Ž„‚Í“ú–{Œê‚ð’m‚Á‚Ä‚¢‚邱‚Æ‚Í‚ ‚è‚Ü‚¹‚ñBŽ„‚ÍuGoogle Translatev‚ðŽg‚Á‚½B)
;
If OPs program is in python, why wouldn't it work in Windows? Python is an interpreted language, after all.
>>461
PHP is Perl and C++ haphazardly mixed together, and painted yellow and lime-green plaid.
>>460
When Visual Basic is the only language you've ever used, every language looks like either "Visual Basic with [something]".
dwdw
>>460
Wow, what? Dude wroooooooong
No, really. They're not much different at all.
The differences between C# and VB are merely social and syntactical, and current development is continually narrowing the gap between the two. They're both garbage collected, VM managed, can interoperate with OS components and load external libraries just the same, and they even compile to the same bytecode. Essentially, every language construct available in VB is also available in C#, just with different syntax (and vice versa). The only real differences are whether you want to write End If, Exit While, and Select Case, or the more terse }, break, and switch (and for the close braces, I bet if you have a bunch of } } } } together, you're probably going to comment at least one of them anyway to keep from going cross-eyed), and whether you want to be associated with code monkeys who just write CRUD apps (VB) or with bandwagon hoppers who want to try out the flavor-of-the-week (C#).
>>463
I have been programming for a number of years, and can write substantial amounts of code (i.e. not some first-year-student "hi what's your name" nonsense) in about 20 languages, including Perl, Java, Haskell, Forth, Fortran, and 6502 assembly. Thanks for playing, though.
garbage collection is for faggots
>>469
Not sure why I'm feeding a troll, but...
> unsafe code blocks
Not generally necessary unless you're interfacing with legacy code, since they're unneeded unless you're dealing with old API calls, and most recommended-practices documents say to avoid them whenever possible. I see this as a minor nitpick, and typically irrelevant. Personally, I have always found manipulating pointers to be a pain in the butt in C, and I don't want them in higher level languages.
> Anonymous methods
Supported as of VS 2008.
> Iterators and the yield keyword
VB can do iterators by implementing IEnumerable. There's no keyword for it, but the code is definitely possible. (Although I do think it'd be a fantastic addition for the next version)
> checked and unchecked contexts
I think this fits under the "social" category. You can certainly get VB to ignore overflows and do your own checks if need be. In my experience, it's never been an issue.
I find it interesting that you didn't paste the three adjacent sections. Maybe it's because the "criticisms of VB.NET" section is a bit weak, and the lists of features missing from C# and criticisms of C# don't support your argument.
That, and the entire page is a bit outdated, not entirely accurate, and poorly written.
Also, as I previously stated:
> current development is continually narrowing the gap between the two.
> Also, as I previously stated:
>
> > current development is continually narrowing the gap between the two.
yes, but features generally move from C# to VB.NET, not the other way around. VB is becoming more like C#, C# isn't "VB with braces".
>>453
Well, about TripExplorer, has the password finally been found/cracked?
>>471
While that may be the case, C# is (conceptually) based on C++ and Java, which are both more recent than the BASIC variants on which VB.Net is derived. Also the original BASIC dates back the 1960s and even back then, it had many high-level abstractions that C still doesn't have now (proper string support for example). I strongly suspect MS had VB in mind for a reference model when designing a large portion of C#'s featureset, too.
Regardless, I really didn't mean for my nonsensical comment to get into a drawn-out discussion about the differences between orange-flavored apples and apple-flavored oranges. Back to the topic at hand...
I have been considering some qualities that would make a tripcode decidedly more difficult to crack. In particular, using SJIS, especially in the 2nd and 3rd position of the tripcode. Since an SJIS character is (obviously) not in the range [A-Za-z0-9/], the corresponding byte of the salt will end up as ".", but as it uses the high bit, the actual byte value as far as DES is concerned is (c & 0x7f). Now, looking at the SJIS table, if we only work with halfwidth katakana, we will end up with what amounts to another representation of all numbers and uppercase ASCII letters that produces a separate salt value. (Lowercase letters correspond to double-byte characters and are a bit more complex, but the underlying principle is the same.) Considering the possibility of an SJIS character in any combination of position 2, 3, both, or neither, an SJIS tripcode is theoretically four times as difficult to crack as one using plain ASCII.
As an example, #12345678 produces the tripcode !WBRXcNtpf. -- produced by crypt("12345678", "23"). To illustrate the effect of stripping the high bit, the key #±23´µ¶·¸ of course produces the same tripcode because the salt is the same and all of the high bits are stripped without any side effects. However, the key #±²³´µ¶·¸ instead produces !XlUiP8mHCU, the result of crypt("12345678", "..").
Since the high bit is simply stripped from the other six positions in the key, a tripcode searcher can conveniently ignore the possibility that the input data might be SJIS, and iterate through all ASCII characters in the range 1->127. (No SJIS character uses value 0x80, so we don't have to worry about any 0x0 bytes, and this reduces the total character set by one.) Then check if the second or third byte is in the range [A-Za-z0-9/] and substituting the first and second byte of the salt as appropriate.
One must keep in mind, though, the fact that such tripcodes are sometimes a pain to enter due to character set conversions and implementation differences, and when searching for a "safe" tripcode none of this applies. However, I would imagine using SJIS and so forth would make a tripcode much more secure, and it might be something to consider when looking for "vanity" tripcodes.
>>473
i've considered adding single-byte shift-jis characters to my tripcode searcher, but decided it's not worth the effort and added code complexity unless i'm going to replace the crypt() i'm using now with bitslice des code...
there's also the fact that certain characters get expanded into html entities, while their counterparts with the 8th bit set don't.
None of the characters that are expanded fall under the range of characters that wouldn't already produce a salt character of ".", and they can all be represented as characters with the high bit set with no change to the resulting crypt, so that's not a point that you really need to worry about, and really, doing those checks is just a waste of processor power.
Some equivalents:
# = £
! = ¡
< = ¼
> = ¾
& = ¦
" = ¢
' = §
, = ¬If your tripcode searcher checks all characters from 0x1 to 0x7f, and checks all applicable combinations for salt values, you're getting the complete range of possibilities, and with a bit of finagling, any tripcode it generates can be converted into a format acceptable for use on a board, without needing to do any complex and expensive html conversions.
>>475
but '&aaaaaaa' and '¦aaaaaaa' produce different tripcodes. with '&aaaaaaa', '&aaa' gets passed to crypt, but '¦aaaaaaa' the result is the same as if '&aaaaaaa' were passed to crypt. note that in this case it also changes the salt, in one it is 'am', and in the other it is 'aa'.
also, if you're printing to stdout, you need to convert to the appropriate character set before you print the tripcodes, which isn't necessary if you restrict it to just ascii. printing shift-jis to a utf-8 terminal is just plain broken.
>>476
You're thinking too hard about the wrong things. Of course they produce different tripcodes; if you're implementing the searcher you should be able to figure out how to deal with the characters it uses. Just change your &'s to ¦ and so forth.
Second, if you search all possible characters, or even random eight-character strings, you will eventually check the plaintext &aaa as well. And why worry about printing sjis and converting stuff? Just escape it and deal with it elsewhere. (i.e. after collecting the tripcodes) Figuring out how to get a tripcode key you can input into a textbox based on the data printed from a function such as this shouldn't be too difficult if you're familiar with how crypt works (which, considering you're even posting here, I would assume is the case :)
void print_key(char *k) {
while (*k) {
if (*k > 32 && *k < 127 && *k != '\\')
putchar(*k);
else
printf("\\x%02x", *k);
k++;
}
}Naturally if you were making a general-purpose tripcode searcher meant for mass consumption you would want to have some kind of "real" conversion -- and definitely use some sort of GUI rather than output to the terminal in the first place, because let's face it, terminal support for non-ASCII frankly sucks. (Especially when working with multiple OSes, and with different locales... and different terminal types... ugh.)
> And why worry about printing sjis and converting stuff? Just escape it and deal with it elsewhere. (i.e. after collecting the tripcodes) Figuring out how to get a tripcode key you can input into a textbox based on the data printed from a function such as this shouldn't be too difficult if you're familiar with how crypt works (which, considering you're even posting here, I would assume is the case :)
just because i know how to do it, doesn't mean i want to when i can have the computer do it for me. copying and pasting from a terminal is a lot easier than converting it myself.
> and definitely use some sort of GUI rather than output to the terminal in the first place, because let's face it, terminal support for non-ASCII frankly sucks.
terminal support for non-ascii on any modern operating system isn't too bad, and you can just disable any non-ascii stuff for windows builds.
> just because i know how to do it, doesn't mean i want to when i can have the computer do it for me.
Oh, I definitely agree there. But until spending the time getting a really nice implementation going, it kinda works. (I used that function to get this tripcode, incidentally.)
I would think Vista counts as a modern OS. :P (unless they finally updated the command prompt and I never heard about it?)
In any case a GUI is a much more flexible and friendly interface.
Most tripcode searchers have horrid UI. Typing big long regexes into a one-line textbox, or worse, onto the command line and having to be careful with all the special characters, is really not fun. It would be awesome to be able to have a list of "interesting" patterns, and be able to modify it on-the-fly while the searcher is running.
> I would think Vista counts as a modern OS. :P (unless they finally updated the command prompt and I never heard about it?)
IMO, proper unicode support is the only thing keeping it from being a modern OS. until they update the command prompt to support unicode and add proper unicode support to the GUI, windows will not be a modern OS.
> In any case a GUI is a much more flexible and friendly interface.
but cross-platform GUIs are a lot harder to get right than cross-platform non-ascii terminal support.
> or worse, onto the command line and having to be careful with all the special characters,
putting single quotes around the regex isn't really that hard.
> It would be awesome to be able to have a list of "interesting" patterns, and be able to modify it on-the-fly while the searcher is running.
that would be awesome... perhaps put the patterns into a text file and have the searcher reread the file if it receives a certain signal...
writing a GUI wrapper to a command-line program is just as easy as putting a GUI into the program itself, and doesn't require several hundred megabytes of libraries that would otherwise not be used at all on my quad-core server when i'm just going to be sending the results back to my desktop over an SSH connection. and you could even have functionality in the GUI to control multiple instances of the command-line program over SSH.
Windows doesn't have Unicode? Are you sure you're not using Win95 by accident?
I use a WinXP box to deal with both Japanese and Pashto text on a regular basis, and I have yet to come across any shortcomings aside from the command prompt. (Which I don't care about, since the GUI is developed well enough that I hardly ever need to touch it anyway.)
> putting single quotes around the regex isn't really that hard.
No, but it's annoying, and an extra step that shouldn't be necessary.
> but cross-platform GUIs are a lot harder to get right
HTML certainly isn't hard to get right cross-platform, and doesn't require a bunch of extra libraries on the server to implement a networked GUI -- just some way to serve the page to the client. You could implement the controller as a CGI script. If you want, you can add in secure connections, access control lists, etc. -- and, best of all, no ssh needed! (Doing work over a ssh connection outside my lan generally makes me want to beat myself with a hammer.)
Plus, it would be highly flexible: you could still wrap a fancy GUI around it if you were clever. It'd send POST data to the server (or if you had a multiple configuration, each server in the list) to update its search terms, and fetch new trips periodically.
(Tangentially, there are many cross-platform GUI libraries that are far lighter than "several hundred megabytes". I suspect you've mostly had experience with wxWidgets+gtk or something similar.)
Something else I have been considering the possibilities of is a Map/Reduce style-model -- it might be a good excuse for me to learn a bit about Hadoop...
> Windows doesn't have Unicode? Are you sure you're not using Win95 by accident?
have you ever tried using characters outside the BMP? only a few programs handle them correctly, due to the fact that microsoft seems to think that the BMP is all there is.
> HTML certainly isn't hard to get right cross-platform, and doesn't require a bunch of extra libraries on the server to implement a networked GUI -- just some way to serve the page to the client. You could implement the controller as a CGI script. If you want, you can add in secure connections, access control lists, etc. -- and, best of all, no ssh needed! (Doing work over a ssh connection outside my lan generally makes me want to beat myself with a hammer.)
> Plus, it would be highly flexible: you could still wrap a fancy GUI around it if you were clever. It'd send POST data to the server (or if you had a multiple configuration, each server in the list) to update its search terms, and fetch new trips periodically.
so instead of using SSH, you'd try to use HTTP to do what SSH was designed to do? and why use HTML? why not just serve the results as plain text and use javascript to insert them into an HTML document? that way if you do wrap a fancy GUI around it you don't need to have HTML parsing in your GUI.
>>483
You don't understand what I'm suggesting, and don't seem willing to either.
Shame, too; at first I'd thought you had some common sense.
Ive been running the japeneese tripcode program for 7+ hours?
how long does it take to find a 8 character, noncase sensitive tripcode?
2.4ghz dual core, so i dont think its a power restraint slowing it down...
>>485 it's a big keyspace. if you're trying to find something that long, be prepared to wait for a long time.
anysort of timeframe? hopefully in hours but any estimation would be nice ( its not actually my computer so its a friends their resources, about 50% of them)
>>487
it took me about two weeks to find a 7-character string on a ~1.7ghz ppc. of course that's apples and oranges, but it should give you a bit of a bearing.
>>489-495
please read the rules at the top of the page:
> This board is not for testing your tripcodes.
and you could have at least used sage.
>>488
Are there any detrimental effects of having your pc run an app at %100 cpu for 2 weeks non-stop?
darn, still no password turn up
>>488
By that measure, it'll take this guy 2 * 36 weeks, or a year and a half. 8-character codes just aren't going to turn up, unless you're incredibly lucky like m0hey/p0ri. Even then, his tripcode was kind of in l33tspeak and not exactly what he expected.
>>502
it took me about half an hour to find this tripcode... of course that was when i was having a run of unbelievably good luck.
after i found this one i left the tripcode searcher running for about 6 hours and found !HOTaRuCUtE, too.
gfgaf
I found this one completely by accident when playing around with a trip searcher. Took me less than 2 hours.
Too bad it doesn't seem to work on 4chan at all; it's perfect for /prog/...
>>502
The trip came way before the whole identity of Mohey, so i wouldn't exactly say there was much planning to get a unique trip from the get-go.
hai
sss
Would it be conceivable to brute force every possible combination and result, and then save that as a list for future reference? Or would searching such a list take longer than brute forcing each combination again?
>>510
searching the list could be pretty fast, if you store it in a format that's fairly well optimized for searching. the biggest problem i've found with this approach is that the list would take up several teraby tes of space, which i don't have.
>>511
Then perhaps a list with a dictionary of common words in different combinations, rather than every possible combination, perhaps?
> the biggest problem i've found with this approach is that the list would take up several teraby tes of space,
Far more than that.
You have a 56-bit keyspace, which is 65536 teras or 64 petas, and each one of those is not a byte, but several. In addition, you would have to keep the auxillary data to mangage it.
A binary search over 64 petarecords takes only 56 divisions, so searching the table would be many orders of magnitude faster than bruteforcing.
But anyone with that amount of storage would not be using it to store tripcode tables anyway.
http://trip.orz.hm/
In theory, a google search would find every tripcode listed on that site.
Also remember the keyspace is more than 56 bits. The second and third byte of the key affect the salt used if you use characters outside the range 0-127, and since the algorithm changes various other characters with htmlspecialchars and by character set translation, there are other effects of using characters with the high bit set.
>>514
Hooooooooooooly shit! Those pages have got to be dynamically generated.
Also, those tables don't even allow upper+lowercase+digits in the same tripcode, or at least from what I've seen.
lol
> Also remember the keyspace is more than 56 bits.
actually it's less than that. you can't use control characters, and the & character can only be followed by certain sequences of characters.
>>517
Erm, no, sorry... it's more.
If you use sjis characters in positions 2 and 3, it alters the salt value used without changing the 56-bit key. Same goes for using characters with the high bit set in other positions, and control characters as well as &"#<> etc. are still usable by setting the high bit - so long as it's still valid Shift-JIS data.
Determining the actual keyspace is fairly difficult, since sjis is a stateful encoding and what byte values are allowed is dependent on previous input data, but it's definitely more than 56 bits.
I wonder if the person who posted that patch was basing the implementation on >>312-314, which is also missing &.
In related news, various threads suggest that 2ch doesn't seem to run htmlspecialchars -- or at least, not for some characters.
Namely, lots of the "novelty" tripcodes listed in posts like http://gimpo.2ch.net/test/read.cgi/puzzle/1129465527/203 have such characters as & and ' in them. It doesn't make a ton of sense to me for someone to post these if they have to be reencoded in order to be used, considering the "fixed" tripcode could be posted just as easily and it's a fairly trivial process. So what gives?
asdf
>>520
Having just dissected the 0ch source, it only substitutes "<> with entities.
DSFARGEG
>>524
Uhhh, what?
>>525
That would be Russian spammers of a highly persistent sort.
asdfg
Still nothing on the password for the English version of Tripper?
>>When Visual Basic is the only language you've ever used, every language looks like either "Visual Basic with [something useful]".
fixed
s
>>534
please see >>275,496,528
This board needs something like die S_READTHERULESMORON if length($comment) < 10 and $trip and !$name;
wat ?
>>536
Oh god yes.
And die S_ENJOYTHEBAN if name == 'heh man'
>>540die S_ENJOYTHEBAN if $comment=~/(?:kasuba|serissa)/i would be better.
trippie code
feeee
dddddeee
>>545,547,548
stop spamming and read the rules, faggots
tge
Let's go away.dsfargbump
Hi. Believe it or not, this is the OP. (I hope I got my tripcode right - it's been a while.)
Even though the links in my posts have been 404s for years, I'm still getting an absurd amount of traffic from them. Could a mod please do me the favor of removing those links just to stop flooding my server's logs with requests to those files? Much thanks if you can.
;_;
>>553
you know people are going to start clicking that link just to spam your logs and annoy you now, right?
>>553
!WAHa.06x36's e-mail address is on the front page. (http://wakaba.c3.cx/) He is the admin.
>>553
'sup Albright. What have you been working on lately?
>>558
it took me FUCKING 100 MINUTES to figure out where to click in that poorly designed WEB 2.0 bullshit to download the file.
and then i had to reload the page 5 times to get a captcha that wasn't black text on a dark blue (almost black) background.
also, your file has a lot of duplicates in it.
Why not just 301 redirect the requests to a page stating this?
I'm a professional web developer now. No, really. I've done a lot of stuff with the Drupal CMS in the last two years or so and I'm really enjoying it. And I've improvedc to the point where I'd rather just forget about that thing I released a while back. No, not the tripcode decoder; the other thing. If you don't know what I'm talking about, just forget it. I hope nobody's still using it.
Okay, perhaps I'll try emailing him.
Because I suspect it's not humans who are hitting the links. There just can't be that many people who are interested in five-year-old tripcode decoders written by a Python n00b. (I haven't really used Python since, BTW.)
> No, really. I've done a lot of stuff with the Drupal CMS in the last two years or so and I'm really enjoying it. And I've improved
most people wouldn't admit to switching from python to php, let alone call it an improvement.
Is there anything as mature & easy to deploy as drupal that is written in python? PHP sucks but it does have its good points.
can't figure out how to use this stuff. is there something more noobfriendly?
>>564
drupal, like the language it's written in, is basically a 10 minute hack plus years of feeping creaturism.
HAY EVRY1 MY SCRIPTING LANG OF CHOISE HAS A BIGER PENIS THAN URS! LOLOLO
I need to know how to get a copy of that detripper.exe. I'm on windoze, can anyone help?
Okay, I see a moderator is here deleting posts. Could same moderator delete my posts too, please? Or edit them? Do I need to offer cash or favors or something?
I don't really feel like going to the effort to dig into and edit posts, and deleting the first post in the thread would kind of ruin it. Just put in a redirect already.
I found an english language executable file, no readme of anything else: http://www.megaupload.com/?d=kepnylnz
No pass.
>>573
I've made it a while ago from tripexpl 1.2.6.2 with some help of 4chan.org/ja and google translate. It has some non-critical bugs with menus, but at least you can understand what you're clicking. Produces >2.5 Mtrips per processor at my PC.
how do i use this
>>573
Is it just me or do all the trips this creates come out as something other than what they purport to be?
how2runonwindows?
>>601
HAHAHAHAHAHAHAHAHAHAHAHAHhahahahahahahahahahahaHAHAHAHAHAHAHAHAHA!!!!!!!!!!!!!!¡!!!!!!!!!!!!!!!!!!1!!!!!!!!
Why exactly do you have that as a non-capturing group?
can someone tl;dr this thread for me?
I just want to make a secure tripcode with words in it, I've been attempting to use >>http://trip-table.com/
but it doesn't seem to be working.
Suggestions?
Just makes no difference in a die condition and adds to verbosity. KISS, lel.
asdf
Reading this thread is like nostalgia to me. More than 5 years ago, commodity PCs could barely get 1 million trips per second. Now the average i7 can manage over 10M, and GPGPU solutions like MTY exceed 100MT/s. There's rumor of a CUDA version getting close to 1GT/s too. How far we've come...
.
/* 4tripper -- brute-force searching for simple crypt() tripcodes,
* as used by the futallaby-based image boards (i.e: 4chan.org)
* --
* Compile:
* gcc -O3 -o tripper 4tripper.c -lssl # Most Linux
* gcc -O3 -o tripper 4tripper.c -ldes # NetBSD
* gcc -O3 -o tripper 4tripper.c ../mumble/libdes.a # Mine
* gcc -O3 -fast -mcpu=7450 -o 4tripper 4tripper.c -lcrypto -lssl # OSX on a G4
* --
* Usage:
* ./tripper | grep -i monkey
* --
* Copyright 2004 Chris Baird,, <[email protected]>
* Licenced as per the GNU Public Licence Version 2.
* Released: 2004/12/22. Your CPU heatsink /is/ working, right?
* --
* TODO:
* Accept arguments for the key to resume/finish searching from (for
* simple load distribution)
*/
#include <stdio.h>
#include <unistd.h>
#include <stdlib.h>
/* Not quite the fastest DES library around, but still reasonable, and
* most free Unixen should have it available. (Works for at least NetBSD
* and Debian GNU/Linux (after "apt-get install libssl-dev")
*/
#include <openssl/des.h>
/* How I call a special DES library.. It has to supply a des_fcrypt() as
* declared below.
* #include "../libqwikdes/des.h"
*/
/* gotta ask for a robust way to tell the difference between the two..
*/
#if !NEW_OPENSSL
# define our_fcrypt des_fcrypt /* NetBSD, Linux... */
#else
# define our_fcrypt DES_fcrypt /* Gentoo, OSX... */
#endif
extern char *our_fcrypt(const char *buf,const char *salt, char *ret);
int main()
{
#define BUFSIZE 8192
int quit=0, i, counts[8], bp;
char c, buffer[BUFSIZE+32], result[14], salt[3], word[9];
/* I haven't throughly checked whether all these characters are valid
* in a tripcode as yet. */
char table[]="abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ"
"0123456789 .!:#/`()_$[]+*{-"; bp = 0;
salt[2] = 0;
for (i=0; i<8; i++)
{
counts[i] = -1;
word[i] = 0;
} counts[0] = 0;
word[0] = table[0];
while (!quit)
{
salt[0] = word[1];
salt[1] = word[2]; our_fcrypt (word, salt, result); for (i = 0; (word[i] != 0) && (i < 8); i++)
buffer[bp++] = word[i];
buffer[bp++] = ' '; for (i = 3; i < 13; i++)
buffer[bp++] = result[i];
buffer[bp++] = '\n'; if ((bp > BUFSIZE))
{
write (1, buffer, bp);
bp = 0;
} i = 0;
check:
counts[i]++;
c = table[counts[i]];
word[i] = c; if (c == 0)
{
counts[i] = 0;
word[i] = table[0];
i++;
if (i < 8)
goto check;
quit = 1;
}
} return 0;
}
dudebro
This program is incorrect, it doesn't call htmlspecialchars.
>>615
Of course not. Constantly tripping over a bunch of dumb string transforms is a great way to make a searcher much much slower. And notice that the character set it searches isn't even affected by that, so it's a moot point regardless.
Also, note that not every tripcode implementation does the same combination of dumb things.
> Constantly tripping over a bunch of dumb string transforms is a great way to make a searcher much much slower.
The amount of time spent generating the string vs hashing is completely insignificant no matter how much time is spent on it.
> Also, note that not every tripcode implementation does the same combination of dumb things.
Yes they do. Otherwise they're wrong. No point in a tripcode that doesn't match 2ch.
>>617
No, sorry, you're wrong on both counts. Learn more.
> Constantly tripping over a bunch of dumb string transforms is a great way to make a searcher much much slower.
Another great way: Print every single tripcode to stdout.
>>619
Hahahwhat the hell?
I didn't bother actually looking at that code, as I have seen more than enough tripcode searchers before.
Wow that's pretty idiotic.
>>619
well, unless you use multiple threads or processes, that can be faster on a lot of systems than checking the tripcodes in the searcher.
Fyi, trip explorer is not the fastest anymore (though it does offer a gui)
MTY for ATI is multithreaded (like trip explorer) AND uses ATI stream compatible graphics cards.
Intel Core 2 Quad Q8200 @ 3Ghz is doing 13.8Mtrips/s, while the ATI 4850 is doing 63.75Mtrips/s
I'm currently trying a case sensitive seven character trip. I'll report back with the time it takes.
>>623
if you just output all tripcodes, you can generate tripcodes on one core and grep on another, instead of doing both on one core.
It won't be faster. It's more expensive to fill the queue between threads with generated tripcodes than it is to just filter them in the first place.
>>627
of course it's more expensive, but is it twice as expensive? you do get almost twice as much processing power that way...
but obviously the real solution is to filter them in the first place and do that in multiple threads or processes.
> of course it's more expensive, but is it twice as expensive? you do get almost twice as much processing power that way...
You don't use all of it, because the tasks are unequal (one is faster)c
> but obviously the real solution is to filter them in the first place and do that in multiple threads or processes.
cwhich is why you can should that, yes. OpenCL looks pretty convenient for this, it seems like it can be made to run well even without having to write bitslice algorithms.
virus
>>213
That doesn't work, as you need the des library that it's trying to include. It just gives you compile errors.
Kyon
testing
last testing@2
1
831
>>649,652-654
wtf is this shit? incompetent spammers?
>>655
You missed >>630-634,636-646,650-651.
For some reason this thread's become a retard magnet.
>>656
i think i just heard that someone wanted me to post ITT
http://github.com/astrange/tripper
Lots of minor cleanup changes just because I don't like my old code, no actual feature changes. forking (or rewriting it to be reentrant and threadingc) is the obvious next step, that and being able to search SJIS strings.
fag
bump
test
boxxy
sd
,.....
'll even pretend to believe that you don't like furry for the ENTIRE thread
Hanstanding ?! Oh Yeahhh
Roni
dfdf
>>676-684
are people really that stupid, or is there some sort of broken spambot making posts like that everywhere there's any thread with "tripcode" in the title?
asd