[ b / kemono / coomer ]

/kemono/ - kemono.party

Kemono Development and Discussion
Name
Email
Subject
Comment
Verification
File
Password (For file deletion.)

File: 1665638984030.png (169.71 KB, 959x703, Screenshot (1990).png)

 No.24195

So apparently, the artist have gotten wiser and decided to hide his post behind passwords encrypted rar. It's been consistently updated but no password is given. Anyone know how to bypass it or does the importer have the password? Tried brute forcing it using multiple methods with no luck so far.

 No.24287

Using hashcat could perhaps work

 No.24295

Been happening with https://kemono.party/fanbox/user/53945019 too. Any solution would be much appreciated, lads.

 No.24304

I have attempted to decrypt but frankly it would take a LONG LONG while… Kemono must put a system in place so we can get the passwords the easy way via scraper.

 No.24314

>>24287
That's exactly what I used. Both hashcat and john. When I opened it up to see the encryption length, it was fucking massive. A literal wall of text, nearly 3 MB of it. Unless I have a dictionary to use, it would take an impossible amount of time to brute force. Thx anyways tho

 No.24316

>>24304
Exactly. My computer can't handle that. All I know is that it's sent through an email. If we can get one of the password, we could make a possible dictionary out of it. It needs to be put there in the post in some form, one way or another.

 No.24408

What's the encryption used? Some archive formats are notorious for unfixed vulnerabilities, still need to know which ones are used for each situation.

A much easier way is to have the creator leak it (or all of them at once) deliberately in plaintext, just make sure you recompose with different passwords when sending back because creators can of course automatically generate different passwords sent to different accounts for obvious reasons.

 No.24459

>>24316
As a community we either go through the hard way and make our own custom build of John the Ripper + Hashcat optimized for RAR/ZIP breaking or we do it the easy way by getting directly from FANBOX/FANTIA/Whatever… this is a real issue and must be addressed.

 No.24470

>>24316
what zip and cracker software are you using? ill try helping you out since i got extra ram on my gaming system

 No.24471

>>24408
If I'm not wrong, it's RAR3-P (Compressed).

 No.24472

>>24459
Yeah. I just wish the importer would add it someway, somehow. Maybe hide it in the jpg files in an encrypted way or something. If there even is someone doing it

 No.24473

>>24470
Hashcat and John the Ripper. JtR to get the hashes that Hashcat can process, but the most recent ver of JtR for Windows can already read the hash file now without trouble. I have a different file I wanted to crack which apparently the link no longer exist on the post (?) but any file should do if the password isn't a random string of words and numbers. If it's not much trouble, I can send the file in question through somewhere else instead.

 No.24474

Also, weird thing, one of the links to download a file disappeared from the post. I got the file already fortunately, but it's weird that it disappears like that. Could the whole thing be edited by someone or was it erased when it was updated?

 No.24494

>>24195
There's a system for importing DMs, right? Since there's a "Recent DMs" section. Maybe someone can grab it and put it there?

 No.24504

The problem with importing DMs is they might be traced to a specific subscriber (e.g. with randomised tells). The passwords themselves need to be specific to each encrypted file, so if the link to the encrypted file is posted (meaning, it will be the same for everyone), the password can't differ subscriber-to-subscriber, so it will be anonymous, therefore untraceable.

However, Kemono doesn't currently have a method to share passwords or other critical data without importing the entire DM. And the issue with adding functionality to share the password without sharing the DM is that submissions from internet randoms are basically unverifiable, so malding badguys could submit "passwords" containing coded real CP, "information that will lead to H** C**'s arrest", etc. that could get the glowboys' attention. (Yes I know it sounds stupid but cybersec is full of stupid-sounding things that do happen)

[1/2]

 No.24507

The problem with importing DMs is they might be traced to a specific subscriber (e.g. with randomised tells). The passwords themselves need to be specific to each encrypted file, so if the link to the encrypted file is posted (meaning, it will be the same for everyone), the password can't differ subscriber-to-subscriber, so it will be anonymous, therefore untraceable.

 No.24532

>>24504
IDK why my first post got posted 2x and my second one didn't show up. Hoping it works this time

[2/2]
The question is then, is it worth adding functionality to submit the password and have it checked by volunteers who would test it on the file? Which volunteers are going to do this - how will they be found? How do you prevent volunteers getting fake passwords submitted (i.e. you could have 2+ randomly selected volunteers check, but how do you arrange this)? Perhaps there is a technical solution - test the submitted password against the file it claims to decrypt - but this might be pretty hard to implement, since there are a lot of different encryption methods.

>>24408
It really depends on the password. If it's a short, readable string such as "ilovemesukemo" then it's not possible to create different passwords for each subscriber as long as the encrypted file is the same for each subscriber, because the information content of the password is too low. If, however, the password is some 100-character long random mess, I reckon it's possible a different password could've been sent to each subscriber.

 No.24603

https://kemono.party/patreon/user/7963748
Looks like another artist is converting to password protected zips

 No.24612

>>24603
Oh wonderful. Soon enough, it'll all be back to square one. Just wonderful

 No.24613


 No.24629

File: 1666666997790.png (72.32 KB, 256x256, IMG_1017.PNG)

>>24612
we got too cocky kemonobros…

 No.24648

For anyone who's wondering about the passwords for this month for e19700, all the $3 posts are under the password "Bambipump" and the growing diaries are under the password "Bambibomb"

 No.24660

>>24648
YO my guy, u are a savior. Btw, do you happen to know about the psswrd for the other ones like Sandra Guts Dirty Play? Still, that one was already super helpful so its ok if u dont have it. Thanks a ton.

 No.24661

Also, next time someone has a password, probably try and encrypt it in base64 so it won't get found from google searches. We gotta be extra safe.

 No.24676

We need a final solution for this issue once and for all. Down with the paywalls.

 No.24677

>>24661
Any half-competent creator is going to be able to find it reguardless.

Anyways, the problem with them password protecting the archive files, is it only works if no one in the chain leaks the password, which given users are leaking the files already, is a massive oversight.

One solution, is at import, check if any of the files are archives, and if so, test to see if there is a password. If there is, prompt whoever is importing the files to provide it. Verify that the password at least opens the file, then post the archive with the password.

This isn't perfect, as it assumes artists are not going to start putting a password protected archive in ANOTHER password protected archive, but the simple solution is just ask the user if this is the case, and assume they will willingly provide all the passwords going down.

Obiously, this has the slight risk of a creator including one, maybe two passwords that aren't needed, and slowly weeding out people who publicly post them, to weed out anyone just copy+pasting them.

Another solution, allow users to contribute files directly. This has risks, obviously, but utterly defeats any attempt at password-locking files, either because the uploader goes ahead and rearchives the files without the password, or because someone already downloaded the files from MEGA or whatever, and can deny arbitrary closing of the links.

 No.24679

>>24677
Any creator who goes that far would be losing backers rapidly. There becomes a point of diminishing returns in which a creator will lose far more subscribers not willing to put up with that bullshit.

Plus, it still enables people to leak them via archives on panda/e/hitomi without leaking the password(s) for any artworks, or pdfs/txt/etc in the case of stories, or torrents in the case of videos in a archive pack (again similar to how some dump artist archives).

Then they would be stuck looking at going even further… again annoying prospective backers and getting a reputation for being batshit crazy over it, hurting chances to getting new/replacement backers. It becomes a downward spiral…. because they went to zip archives with a pass (and nuking the links to them as some do at the end of each month anyhow) and couldnt settle for that.

Nah. They're already at the peak of what they'll ever do imo. Going much further would harm subscriptions more than any delusional lost money from piracy could ever net them (which they're losing making people jump through hoops with limited release times + pass protected archives (I wouldnt even sub to someone who did that if I even liked them).

 No.24683

>>24660

The unlock for those is “OTIxRWFydGhxdWFrZQ”. Use usual sources to encrypt.

 No.24685

>>24683
Weird. I tried it and it worked on one file, but didn't on the actual file I asked. Maybe I'm doing something wrong?

 No.24686

>>24677
True, but still. At least they'll have to painstakingly check manually.

Nah, as someone said before, it won't happen. That'll absolutely kill the interest of the backers. All that password gymnastics for a few contents.

 No.24687

>>24683
I was wondering if the file is corrupted but it isn't. Already tested it and repaired it. Still nothing.

 No.24688

>>24685
>>24687

My apologies, the one I gave was for the ones on 9/21 and a bit after that. The one for what you’re asking is “ ZGlydHkzUA”.

 No.24690

>>24688
No problem! Now I'll just have to wait for the next part to pop up in kemono. Thanks again!

 No.24691

File: 1666901111595.png (1.25 MB, 1612x787, 4561231231.png)

>>24676
I completely agree, look at pic related artist.
All his post are on kemono, but he shares his passwords on fucking Discord, and the discord importer is defunct so no luck there.

It hurts more because his fanbox post are getting updated in kemono, we know someone is doing God's work and importing the dude, but the password stuff make it so we can't see anything anyway. It sucks so bad.

 No.24696

>>24679
Thought I did say something about that in the post, guess not.

You very quickly run out of people willing to run in circles to get the things they bought with their money. Everyone has their breaking point and I'm fairly sure some creators are really starting to push to it for a lot of people (see: PrimeLeap).

 No.24699

The simplest way to solve this issue is to implement a comment section for Kemono users and have the contributor post the password here

 No.24701

If passwords are from DM's I think it would be a nice idea to implement a scraper that can get the user's DMs and the make it so that the user selects only the message that contains the password?
That'd solve in a way the verification and avoid spam. Then again we have the case where creators post the password in discord so there is no other way than it being user submitted via comments.

 No.24704

File: 1666948188043.png (48.5 KB, 620x394, access dead.png)

>>24195
I've come across a different but similar issue. A writer locking their stories not just behind patreon, but private google drive pages. Clicking the link at the bottom of the imported patreon pages, when logged in to a google account, leads you to relevant image. https://kemono.party/patreon/user/7553661/post/72629787
The only solution I'd see to this is someone personally downloading and importing the stories, which would have to be done individually and manually. I think I used to be subbed to their patreon, it was a couple years ago likely if not more, and I don't remember it being this much of a pain. It's like requiring a discord for access. Are there any solutions to this other than what I've said? These imported pages are functionally useless, worse than encrypted zips cause at least you technically have the file.

 No.24707

>>24701
Unfortunately, that is not the case. Sometimes it's in DM, sometimes Discord, and on this particular post, it's in emails. Nearly impossible to do unless we have someone manually adding it.

 No.24708

>>24696
Yeah, it's a war of attrition. Artists are nearly at the breaking point, but so are the scrappers.

 No.24721

>>24707
It seems like people don't even know they need to manually add, as per the google post above. All of the imported pages would require being verified by the artist on patreon to view the content through the links, but they just assumed an import would work.

 No.24730

>>24727
You can be assured that artists can make more than enough profit from people that do pay them. Making it harder for even those giving them money to access their material is dumb and makes the experience worse for everyone. Why are you going on to a chan board for a piracy site, and attaching your email and a name to inflammatory posts?

 No.24732

Noticed a lot of "dead" google drive links to. Like they just go to google's 404 page.

I mean, it's just annoying. Eventually everyone's work will be out there or it will disappear entirely and be forgotten.

 No.24733

>>24732
The latter will be true far more than the former. The notion of everything on the internet being there forever has always been a myth in most cases, but it'll be way worse if the paywalling gets more extreme.

 No.24754

File: 1667102947800.png (40.07 KB, 496x134, 2022-oct-29_23-06-47.png)

In the meantime I think it would be a good idea to flag creators that do this practice. See pic related for an example (I'm not too good with HTML/CSS but you get the idea).

Note: This is just an example, I don't know this account is hostile to attachments or not.

 No.24763

File: 1667132878407.png (199.65 KB, 618x265, paywall.png)

These two XIV artists have their content locked as well, the former through a patreon redirect? and the latter, a discord.

In a perfect world we'd just have direct download links to paywalled content, or a thread for passwords

 No.24781

>>24733
Yeah, I’ve noticed a user who links to their Deviantart Sta.sh, has dead links, so that’s pretty annoying since their uploads onto Patreon are apparently just previews.

 No.24924

File: 1667779286616.png (19.4 KB, 580x193, lonely.png)

It's been the case with Kanel too. Barely ever updates the Patreon page. It's all discord discord discord. https://kemono.party/patreon/user/2432219

It's also the case with multiple people on my list. They either exclusively post on discord, post password locked encrypted files, comment a dropbox link that they change every few days, and all sorts of obnoxious roundabout ways.

Discord is especially annoying as there's no way to scrape the content or upload the content directly. The irony in all this is that Kanel just chronically complains about having no friends and how his discord supporters are insufferable.

 No.24999

>>24603

The ones required for this artist are "Q29ubmFyZGRldm9sZXVyc2FsZWF1eGNvbnNTYWxvcGFyZGQnZW5jdWzDqWRlbWVzZGV1eA== " for October and "UmlwcGFTcGxpdHRhV2g0MEtmb3JldmVy" for November. Use the usual encryption methods

 No.25036

Yeah zeroGravitas (https://kemono.party/patreon/user/69324511) does a similar thing every month.

On the upside he also made a google drive this month, so maybe in the future he'll forgot to lock one of his archives as we go into new months.

But I hope the hero that has been uploading his new mega links is still around, can't wait to see what else he's got.

 No.25165

Any decent way to flag uploads so that someone can actually know just importing automatically will not work? Someone's kept importing >>24704 from the artists page linked on kemono here, not realizing they're all locked behind drive links and thus useless. Flagged the newest post but not really sure if that's good.

 No.25254

>>25165
other than specific extra flagging options that would just open the way to massive trolling and spam

you still have to look at the individual posts to notice there's a flag on them anyway, and how many importers or users actually do that and check if the post was properly updated once the flag is gone?

 No.25260

>>24999
pure french poesy

 No.25315

Do we have the password for the heroine harem comic?

 No.25842

>>24195
I tried right now to decrypt the files for this month. But yes, not possible.

hashcat has a has size limit of 320Kb, so there may be some files we cannot decrypt due to that.

Files are indeed RAR3-p (compressed).

Quite a bummer, sadly

 No.25850

Does anyone know the password for November stuff ?

 No.26623

anyone has december password?

 No.26639

If anyone got the psswrd for Nov and Dec, you can drop em off here

 No.26641

>>24679
and if the artist decides the retire/go-off-the-grid or bites the big one, the art is lost forever

 No.26659

>>24295
Well, that's a new one. He posts links to his own website, which is set up to only work if you've been redirected from the fanbox post. Fortunately, it can only check the URL you're coming from, so you can trick it by going to the locked fanbox post and using the browser console to navigate to the external URL.

 No.26712

>>26709 >>26710 >>26711
what browser do you use? ive had this double posting problem before but only happens rarely when i click back and forward

 No.26755

Passwords everywhere, kemono bros…we lost

 No.26760

>>24304
That assumes they aren't giving the password via Discord or some other off-site method.
It could be in DMs as well, but the person providing the feed chose not to import them. (Since if you ever actually contacted them it'd be obviously identifiable, also if they did slightly different messages to each person)

 No.26764

>>26755
Just hashcat them, thats how I get 90% of the encrypted content.

 No.26775

>>26764
quick guide and examples? i have trouble using this on wangblows even with HCgui how long does one password typically take? with CUDA enabled?
can you share some recent commands feel free to redact info? i got some stuff to crack too and need some help the docs are a bit confusing doe

 No.26817

Hashcat is usable on windows ? i wanna try this thing but i can't

 No.26823

File: 1673065364365.png (292.48 KB, 1537x315, efweifunjom.png)


 No.26824

File: 1673065786088.png (39.29 KB, 637x210, secret located.png)

oh. i see. the numbers are pointless. looks like the password is hidden in these embeds (they go to their site when you click on it).

hopefully embeds get better for fanbox so these can actually be shown

 No.26825

File: 1673066279851.png (153.86 KB, 820x836, 831-8318812_view-samegoogl….png)

also completely retard-moded and forgot to share the passwords

these are for the artist zankuro and only apply to the kemono posts listed (if it's not in the list, check the kemono post you're looking for, it might still be in the Google Doc era)

221 - もちつき大会 - k7g_F46lx
220 - アンリエッタさん🍑 - Z_90g-hFvb
219 - デスロックさん🍼 - Sg8u4dQs
218 - 搾らせベリィちゃん - zankuro_3961
217 - セリィちゃん - z3658
216 - アシブトガラス とお知らせ - z3658
215 - ダークエルフの泉 - z3658

i'll put my session key into the system to upload any new zankuro posts that happen this month (also to serve as a subtle reminder to share their passwords). this shit cost me 500 JPY so y'all better like it lol

 No.26826

if 216's password doesnt work check the comments, Zankuro tried a different strategy before and it's in the comments. anything older than 215 though and you're on your own unless those passwords in the google docs don't work anymore. i don't feel like posting like 200 passwords though so just list your favorites or some shit and i'll see if it has an embed password or not

 No.26844

>>26825
Based.
Personally I find Zankuro's art very hit or miss but I still appreciate this sort of thing.

 No.26862

>>26861
who the fuck is behind this CP bot spam can jannies just post the IP publicly? were getting the same exact repost on our own chan as well

 No.26899

>>26825
Can you post the link for the last 2. The broken embed aren't even showing up anymore so we don't even have the mega links

 No.26935

I managed to get the Hash. However, I don't know how to proceed to unlock the password after that. I tried 13000 hash but failed.
What's the code for RAR-3p compressed?

 No.26940


 No.27092

>>26825
Now he deleted the files from the mega links and is using DMs to send the rewards now, could you upload those somewhere?

 No.27145

>>24660
>>24688
>>24690
>Now I'll just have to wait for the next part to pop up in kemono.
Is the Sandra comic even there in the first place? I did a quick looksee but it looks like no one uploaded it and it isn't an attachment to any of the posts advertising it.

 No.27149


 No.27154

RaydonXD?

 No.27221

please mobukichi's pass…

 No.27234

anyone got Brocobich password

 No.27261

>>26826
would greatly appreciate 199s PW if possible

 No.27264

>>27154
seconding

 No.27266

Thread locked due to incessant requesting. This wasn't made to be a request thread. Retards somehow decided it was so no more thread.



[Return][Go to top] [Catalog] [Post a Reply]
Delete Post [ ]
[ b / kemono / coomer ]