Noticing that the ID number feature enabled on some Kusaba boards posts a six digit hex ID (which may as well be a 12 digit oct like an IP), I guess that it would be fairly easy to decrypt and ID to an IP, so I did a bit of research into how ID were created and found this to be quite true. Using what I learned (and 17 days of nice runtime) I was able to make a table of all IP=ID combos so now I can look up the IP of any post on an ID enabled Kusaba board.
I am I the first guy to do this?
Wow WHAT?
WHAT?
I thought they would be randomly generated and then assigned to a user. WHY OH WHY would ANYONE actually make a real connection between someones IP and the poster code? WHY?
Tell the KusabaX and Anonsaba devs about this NOW!
>inb4 people start freaking out users of KusabaX/Anonsaba boards by "guessing" approximately where they live.
>>3
Before someone comments on how horrible this code is, it was written in 20 minutes to quickly test it.
More information about this issue: https://github.com/Laurelai/tsukiboards/issues/15
>>2
But from what I know the ID is generated from the IP in 2ch. And Kareha too.
The thing is, it encrypts it, then does a base64 conversion, and then it truncates the result to 8 chars. The truncation is the key, you can't get the original IP this way.
>>6
Well, you can, unless some sort of private salt is used. No matter what, if you're able to reproduce the algorithm you can create a rainbow table of all IPv4 addresses (2^32) and thus decrypt an ID. With an algorithm that produces an 8 character base32 string, there would be no collisions, so it would actually be easier.
>>7
is your salt the number of times the string "jew" appears on the front page of /new/?
on a somewhat related note, you need to make one of these for .net:
http://animeholic.net/i/n/index.htm
>>8
4chon doesn't have a salt; we don't use IDs (and the IDs in Tinyboard aren't vulnerable anyway).
Fuck off.
>>6
Hunh. Didn't know that.
I still say it would just be a lot safer and easier to have them be randomly generated.
this is all total bullshit, you can't reverse hack the ID's
>>14
Oh, but you can. Did you even try reading the thread?
>>2
This "exploit" if you could even call it that. Has been patched in Anonsaba. Have fun getting Jewsaba to fix it.
>>18
Isn't Anonsaba a derivative of ``Jewsaba''? And yes, it is an exploit.
http://www.louisvuittonhandbags-outlets.net/ Louis Vuitton Handbags outlet Louis Vuitton Handbags
http://www.getcoachfactoryoutlets.org/ Coach Factory outlet Coach Factory
http://www.atcoachoutletsonlines.com/ Coach Outlet Coach Outlet Online
http://www.pradabag-outlet.org/ prada outlet prada bags
http://www.saleincoachoutlets.net/ Coach Outlet Online Coach Outlet
Broadsidecomics Furry Sex Porn Comics Site For Adult.
Enjoy my site.