ozo: Do you mind to check if 7a1n is working ? It is the only one i found so far (and i solved additionally some other rars from your site) where the file in the archive doesn't end with ".txt" and i don't get a solution for it.
Additionally, as Nordhbane mentioned, according to your help page 7a1n would be worth 8.5 and max should be 8, or not ?
Comment has been collapsed.
it shouldn't matter if there is or isn't txt at the end. and i changed that number is 1 character as well.
and that hash has been solved by others, so it works
Comment has been collapsed.
Ok, thanks for the feedback. Thinking about other keywords
Comment has been collapsed.
I have two questions. Maybe you will consider one of them as a request for a hint, but nevertheless.
- In the FAQ section of your website you write: "Meaning that, for example, maximum lenght of password containing 1 uppercase letter is 7 characters ". Is it exactly 7 characters in this case or somehow the password may contain less than 7 characters?
- Does the uppercase letter have to be in the beginning of a word or it can be randomly anywhere? I do not mean that the whole password should start with the uppercase letter, but if the password is a concatination of several words, one of them should start with uppercase.
Comment has been collapsed.
- you get length of password from a filename of the file
- uppercase can be anywhere
Comment has been collapsed.
-
The rar-file tells you how many characters there are in the password. 6a1A.rar would be 7 characters long (6 lowercase and 1 uppercase).
-
I hope it's always at the start, or I'm going to have to rethink a lot of my rulesets for cracking those otherwise =) I'm on a 6a1A at the moment. If the uppercase character can be on any position, it will take 6 times longer on an already several day long bruteforcing.
Edit: Oh damn, ozo just replied before me. That creates a lot of problems.
Comment has been collapsed.
Thanks for sharing your thoughts. I guess we need to create smarter rules because I hope that something meaningful is used as a password. So, bruteforcing every possible combination is not a very good idea. At least, we can try to omit those combinations of letters that never occur in English. However, it can be dangerous because there can be any combination when two words are concatenated.
Edit: I also at 6a1A, but I am not sure if it is the same one since I already decoded one such pattern :)
Edit2: Also, some music band name can be used in the password, and it can be abbreviation (e.g. JFB). So, just forget my idea about checking combinations of letters, it's rubbish :)
Comment has been collapsed.
I solved the 6a1A.rar, but I'm on _2 at the moment, which I've come up empty with so far using different wordlists, but now that I know the capital letter can be in the middle, it creates a whole other ballgame of things to try without bruteforcing, because that would just take too long.
Comment has been collapsed.
I am also there but I just solved two hashes before this one. I guess, the order of getting hashes is a random one (I saw in the previous comments that you solved quite a lot of them).
Comment has been collapsed.
I'm on _3 and i am block, i need try more words xD
Comment has been collapsed.
ozo, would it be possible to request a feature that when you are stuck on a word for a few/several days, you can request a new unsolved hash and the one you're on gets pooled into the pile of hashes that you can randomly get again.
Comment has been collapsed.
gonna add something like that - only by requesting new you will have to give up one "success" :D > meaning that if a minimum to be eligible is 5, with a request minimum for you will be 6 for one request, 7 for two, etc... :D
only as the assign is random, you may end up with same hash afterwards :D
Comment has been collapsed.
Knowing my luck i 'll end up with the same rar after giving that one up.
But that is a good solution imho.
Will you add new rars ?
Comment has been collapsed.
of course i will, only after big update comming soon
Comment has been collapsed.
That's good because i am at 16/17 now ;) /bragging
Comment has been collapsed.
I'm still on 7a1n. It's really got me beat at this point.
Comment has been collapsed.
Weird, I got that one pretty fast... But I'm stuck at 8a_2 right now... Sometimes I wonder if ozo is secretly working for the power companies, trying to get us to use more power ;)
Comment has been collapsed.
I am hanging at 6a1A_3 now. Do you solved that one ?
Tried 772924 words so far. for that one.
Comment has been collapsed.
I'm stuck at 6a1A_3 as well.. Tried a lot of things as well as partially bruteforce but haven't found it yet either..
Comment has been collapsed.
Same here. Tried A LOT of different wordlist with quite mangling. But still not going to request a new one :)
Comment has been collapsed.
Who is that idiot who made 2000 fake users consisting of numbers?
P.S. Due to this, I'll make an update bit later and you will need to login with steamid!
Comment has been collapsed.
In each town it has to be some asshole T_T. Sorry to hear that, mate.
Comment has been collapsed.
deleting took like 2 seconds + i have a code for steam login from another project.
it's just that it looks stupid.
I can't find the point of creating those thousands of fake users. any ideas?
Comment has been collapsed.
ip isn't saved anywhere
edit. scratch that, found ip. will ban it from using my site when update site later
Comment has been collapsed.
Whats about using a captcha ? This would it make it harder for bots to create accounts.
I don't really get whats the point in creating that many accounts, though.
Comment has been collapsed.
Will progress be reset then? Just so I know if I should keep trying to bruteforce the one I'm on, or just wait for the update to start fresh with new hashes.
Comment has been collapsed.
all will stay, no reset. i'll assign existing sg users to steam ids in database
Comment has been collapsed.
Okay, I managed the first 3 quite fast but now I'm stuck... But mainly due to lazyness on my part so... nice puzzle :D
Comment has been collapsed.
So much hackers, such skills. wow
I'm passing by now, I already had too much luck the last time.
Maybe some day I will be motivated to make a wordlist for the event and try to solve at least the first one.
Comment has been collapsed.
I just noticed that I did not read that right... I only read "decrypt at least 5 passwords" and "10 decrypters will get invited"... SO I thought I could lean back now that I had 5 done, but damn, more work... Now I really wish the brute force cluster we intended to build at work would have been finished :P
Comment has been collapsed.
So I was wondering if anyone's been able to decrypt "6a"? I've tried everything I can think of (including pretty much all games on Steam + wikipedia pages from the bands in the mood music :-P) and no luck... So I'm beginning to wonder if it's really 6a...
Comment has been collapsed.
Nice, this means that so far I'm at least in the TOP 5 :-D
Comment has been collapsed.
One of the easier ones to bruteforce if nothing else. Only 6 letters. :) I'm one of those that solved it.
Comment has been collapsed.
Yes, that's what I thought when I got it... shrug not giving up yet.. the final resort would be to just have an algorhythm run all 300 million options :-D
Comment has been collapsed.
Well, at least the chances are about 50% chance that you'll only have to run about 150 million of them. ;D
Comment has been collapsed.
To be honest? I don't even get it. That's too complicated for me.
Comment has been collapsed.
Seem like i got blocked for multiple accounts.
I created about 2 other accounts to test your application, as mentioned in the other thread.
If i was the guy with the 2000 accounts please add me on steam asap, int that case i found something.
Any way, please unblock me ;)
BTW: a way to restart all over again would be great, because i am still hanging on my 5th (7an1), but have solved 14 (I thought maybe i get a idea for 7an1 pass).
Comment has been collapsed.
restart wont happen, add me and tell me your ip. i blocked only few, like 3 or 4 ips that have visibly more tries to register
Comment has been collapsed.
Hey mate.. How do I recover my access key? I stupidly copied and pasted the download link before saving off the access code... am I just SOL now?
Comment has been collapsed.
if you haven't posted any solves yet, i can just delete you and register again for new key
Comment has been collapsed.
Yeah, i literally lost it 30 seconds after seeing your site for the first time lol (dope) Looks good by the way.
Comment has been collapsed.
Hi again..
Wondered what constitutes the TOP 10? Is it the first 10 to decrypt 5... or the 10 people who decrypt the most files by the end? In any case, when will we know when all 10 spots are taken (if they aren't already).
Thanks!
BTW... i'm with the others who would be happy to see a leaderboard for some friendly competition :)
Comment has been collapsed.
I lost my access key because I cleared my browser text field history.
Can I regain it?
Comment has been collapsed.
Is it just me, or does the amount of registered users keep dropping?
Comment has been collapsed.
Am I currently on the last place of the top10? Cause for the last... 4 solves I think... the "Minimum amount of decryptions to be eligible for giveaway" reflected my current solves :-D
Comment has been collapsed.
site still has old version, and that number represents top 5 instead of top 10
Comment has been collapsed.
Yay! That means it might not be that "dangerous" to stop for now, having run out of ideas as to how to tweak my wordlist to work for my current hash
Comment has been collapsed.
May I ask you where you got a password (that I've already solved) from in a PM or otherwise?
Comment has been collapsed.
I'm confused on why a password was chosen, since I can't find any relevant source for it, so I wanted to know if I missed something. I've already solved it, I just wanted to know why it was that password. :)
Comment has been collapsed.
Do you want me to write the file here in the open, or should I PM you?
Comment has been collapsed.
just file name. not like file names are such secret
Comment has been collapsed.
7a1n
Nah, but just me saying that I can't actually find the source of where you'd get it is would be a clue that people might be looking for it in the wrong places. :P
Comment has been collapsed.
Maaaan... how many people did get 6a1A_3.rar so far? Every time I got stuck on something else I had a good idea to tweak my wordlist or usage thereof, but this one has me stumped for ages now... and 6a1A is getting into the realm of not really brute-forcable either :-/
Comment has been collapsed.
Thanks... so it's just me... damn...
I already have the 6a1A one, I meant "6a1A" as a format...
Comment has been collapsed.
You are not the only one. Me and at least one guy i know about are stuck at this one, too.
Comment has been collapsed.
Damn.... 6a1A seemed like the easiest one for me, but have been stuck on 6a1A_3 for quite some while. Now I have to rethink everything over again, I must be missing something obvious.
Comment has been collapsed.
Seems like multiple people who got a lot of decrypts are stuck on 6a1A_3, so surprised to read 11 people managed to solve it.. I guess we're missing something obvious :-)
Comment has been collapsed.
Based on the above comments, it seems like at least 6 of us are on currently stuck on 6a1A_3.rar!
Comment has been collapsed.
So there are FOUR 6a1A types currently.
I have found:
6a1A.rar
6a1A_1.rar
6a1A_2.rar
6a1A_3.rar
All of which have been solved by me except 6a1A_3.rar :(
So yes there are a bunch of us stuck on that one.
The site gave me 6a1A_3.rar as my third hash and have not been able to pass it, even though I have solved a bunch of others.
Edit found.
Comment has been collapsed.
Oh, you cheated the system and downloaded other ones in advance...
Comment has been collapsed.
The site gave me 6a1A_3.rar as my third hash and have not been able to pass it, even though I have solved a bunch of others.
Have you been performing direct downloads based on predicted file names in order to get around the hash you can't solve?
Comment has been collapsed.
Yes I tried different combinations to see if the others were as hard as 6a1A_3.rar and if I am wasting my time. I have found out they are not as hard and have been tweaking my wordlists since. I have not been able to replicate the hashes for my other downloaded rars therefore I have not been able to input them as solved. I do not feel I cheated since I have not added any solved to my account that I have not been assigned and it does not say anything about this in the rules.
Comment has been collapsed.
I don't consider it cheating. In fact just the opposite: it is unfair for someone to be potentially excluded from the Top 10 leaderboard just because the site randomly gave them a more difficult hash than the other participants.
Ozo is a very smart guy; if he didn't want this sort of thing to happen, he could have easily placed each RAR file in a separate subdirectory named after a random GUID.
Comment has been collapsed.
Sorry, cheating sounded to... harsh... Maybe I should have said "gaming the system" :-) I don't think that this was intended behaviour, but it's not cheating either :)
Comment has been collapsed.
Ran another "educated" brute force attempt with my computer last night, trying over 150 million passwords.. still haven't found it :-(
Comment has been collapsed.
Well, my attempts are getting less and less "educated"... currently at 2.3 billion tested brute force passwords and going... not counting all the weird wordlists i tried before
Comment has been collapsed.
7.3 billion tested and counting. =P I wouldn't be surprised if the kicker's gonna be that the capital's not at the start of the word, which means a LOT more bruteforcing to go.
Comment has been collapsed.
Well, thanks for the hint! starts crying in a corner
Comment has been collapsed.
Question:
As TheRealKotA mentioned, random is kinda unfair. So I'm asking you for your suggestions of giving access to hashes instead of random?
Do not suggest giving all at the same time because that would be too heavy. It could work for now, as there's only 17 hashes, but as of update I'm planning for more than 100 hashes, so giving all at once won't really work and will be very confusing.
So, your suggestions?
Comment has been collapsed.
May I suggest adding a "Get next hash" type of button on the Home tab which gives out the hashes? Perhaps add a timer (1h, 8h, 24h, ?) to prevent people from grabbing a bunch of hashes at once if that is a concern of yours.
Really anything that allows solvers to still move forward if they get stuck on a particular hash would be awesome.
Comment has been collapsed.
I was thinking of something similar: allow people to bypass current rar and move on to the next one but they are only allowed to do it once every day?
Optionally only allow people to input their solves for their current hash?
Comment has been collapsed.
I like this idea the most (even if I am not playing by now). The timer is important since in another case everybody would just take all the keys at once the first day. Since there will be around 100 archives and there are around 37 days left, 1 key daily is too few, I would suggest 1 key/2 hours, and with a captcha (although I don't know if it would be enough to stop automatic scripts lol Here are people really good).
Comment has been collapsed.
I think it is the most fair suggestion.
I literally stucked with 7a.rar for days even though I wrote a program to crawl steamgifts and other sources to build the word list for dictionary attack.
Comment has been collapsed.
I think the timer can be a bit longer still, seeing that this is a competition that will end in July. I do think that skipping should come with a punishment though, something like -1 to your total passwords completed, but if you get the same one again, and you manage to solve it, you get that -1 back.
Comment has been collapsed.
Punishment can be unfair too: if one gets a really hard hash, he will skip it. However, when one gets this very hard hash the last, he wont skip it and will not get any punishment.
Comment has been collapsed.
Well, the punishment could be removed upon receiving the same one again, instead of when you solve it if that's what you're worried about. But since ozo keeps adding hashes, even if you get the hardest one as your current last, there is an incentive to skip it when he adds more. I don't think that's a problem.
Comment has been collapsed.
Well here's a bit more advanced version of "get next hash button".
Why not mix it together with a slot system that's similar to SteamGifts?
See the picture of how it could work
The picture assumes that there are 10 hashes in total. [The hashes could be shuffled once in a specific order, so it wouldn't be random for everyone]
Player starts with a one hash slot. By solving the slot he gets a new set of slots. If all of the hashes in a slot set are solved then the player gets +1 hash slot for the next slot set.
If a player can't solve a hash then he can "cancel" it (it gets moved to the very end of the hash shuffle). Doing so, the player gets -1 hash slot for each "canceled" hash in the next slot set.
If the player has been "canceling" till he's back to only one hash slot, then he has to wait a certain time to "cancel" the current hash and move on to the next one.
The currently solved hashes for each player could be just skipped from the initial shuffle.
I think that by doing it this way, it would ensure that players with somewhat good wordlists don't get completely stopped in their tracks if there's a hash that they can't solve in a reasonable amount of time. And the people who "cancel" too much would be forced to wait out a certain period of time, maybe forcing them to improve their wordlists.
Comment has been collapsed.
Similar to Amrahds suggestion, but maybe easier to implement.
Give the user x (5/10) unsolved (by that user) random hashes at all time:except the user has less as n remaining OFC.
edit: Something like (for mysql)
SELECT hash from hashes, user_solved AS s WHERE s.userid=?user? AND s.solved=false AND hash_id = s.hash_id ORDER BY RAND() LIMIT 5;
Sry its a long time since i wrote mysql the last time
mysql select random rows
Comment has been collapsed.
I think you could give out all passwords, but that would change the system to use A LOT... a lot more planing about what to do next etc... My preferred solution would be to give out a random and allow us to abandon it after a while, i like the 8-24h part. I don't feel that this is "too few" cause the plan is not to get ALL right and you should only abandon after trying a lot of stuff... But I would not punish people for doing it, the "wasted time" should be punishment enough.
Giving out a few like Amrahd supposed sounds acceptable as well... Giving out all changes too much how this works, in my opinion. You suddenly would have to do a lot more planing of what hashes to do when etc...
Comment has been collapsed.
Considering we are given a lot of time I'd vote for a simpler solution - a timer. After getting a new hash if not solved within 12 hours you'll get a button "request a new hash" and so on.
Comment has been collapsed.
Don't overcomplicate this. Just post a table with all 100+ hashes and users will decide themselves what they want to solve. And in the submitting form add a dropdown list where you choose for which hash you want to provide answer.
Comment has been collapsed.
Finally found the 17th. yay
I dreamed about the sound my cracker produces when finding hashes XD
Comment has been collapsed.
Arghh so close, I am at 16/17. What is your cracking speed?
Comment has been collapsed.
Ridiculous slow. Between 300 and 600 p/s for dictionary attacks.
But i wrote some crawler and wordlist generator stuff to target the hashes.
Comment has been collapsed.
Bump for "Warning: array_rand() expects parameter 1 to be array, null given in /var/www/sub/gta/classes/local/Access.php on line 70"
All current hashes solved! :-)
Comment has been collapsed.
One question, if you can answer me: the numbers can be anywhere in the password or those too can only be found in the beginning/end of the word?
Comment has been collapsed.
in current passwords only in the end. when updated will be added, then anywhere
Comment has been collapsed.
Hi. As I mentioned little time ago in Besiege giveaway where you needed to decrypt random .rar passwords to get into a giveaway, I am now making bit more advanced version of that for GTA V giveaway.
As this is a bit more advanced, I made it bit more automated so I don't need to check for answers or post new files / hashes.
I made a small website for it: http://gta.skudra.us, where you can get hashes to decrypt and post answers there as well.
Few things you need to know before start decrypting:
If you have any questions, do not hesitate to ask
Rules:
P.S.
If you have lost your access key, contact me so we can sort it out.
If you are on my blacklist from before and want to participate, please send me a message and I will remove you for this participation here.
Good luck.
Mood music
Looking for beta users!
New version of site is in progress, but won't go live so soon. Currently looking for few people who could help me test my site on daily basis. No actions for now there, workinf on design. So, I need few people for feedback on design, site usability, speed, bugs, etc. If you're interested, just PM me on Steam or write comment below. No programming experience required, but greatly appreciated. Beta site will be available here: http://beta.gta.skudra.us. Beta users will receive passwords for access. Thank you.
Comment has been collapsed.