[ b / kemono / coomer ]

/kemono/ - kemono.party

Kemono Development and Discussion
Password (For file deletion.)

File: 1665638984030.png (169.71 KB, 959x703, Screenshot (1990).png)


So apparently, the artist have gotten wiser and decided to hide his post behind passwords encrypted rar. It's been consistently updated but no password is given. Anyone know how to bypass it or does the importer have the password? Tried brute forcing it using multiple methods with no luck so far.


Using hashcat could perhaps work


Been happening with https://kemono.party/fanbox/user/53945019 too. Any solution would be much appreciated, lads.


I have attempted to decrypt but frankly it would take a LONG LONG while… Kemono must put a system in place so we can get the passwords the easy way via scraper.


That's exactly what I used. Both hashcat and john. When I opened it up to see the encryption length, it was fucking massive. A literal wall of text, nearly 3 MB of it. Unless I have a dictionary to use, it would take an impossible amount of time to brute force. Thx anyways tho


Exactly. My computer can't handle that. All I know is that it's sent through an email. If we can get one of the password, we could make a possible dictionary out of it. It needs to be put there in the post in some form, one way or another.


What's the encryption used? Some archive formats are notorious for unfixed vulnerabilities, still need to know which ones are used for each situation.

A much easier way is to have the creator leak it (or all of them at once) deliberately in plaintext, just make sure you recompose with different passwords when sending back because creators can of course automatically generate different passwords sent to different accounts for obvious reasons.


As a community we either go through the hard way and make our own custom build of John the Ripper + Hashcat optimized for RAR/ZIP breaking or we do it the easy way by getting directly from FANBOX/FANTIA/Whatever… this is a real issue and must be addressed.


what zip and cracker software are you using? ill try helping you out since i got extra ram on my gaming system


If I'm not wrong, it's RAR3-P (Compressed).


Yeah. I just wish the importer would add it someway, somehow. Maybe hide it in the jpg files in an encrypted way or something. If there even is someone doing it


Hashcat and John the Ripper. JtR to get the hashes that Hashcat can process, but the most recent ver of JtR for Windows can already read the hash file now without trouble. I have a different file I wanted to crack which apparently the link no longer exist on the post (?) but any file should do if the password isn't a random string of words and numbers. If it's not much trouble, I can send the file in question through somewhere else instead.


Also, weird thing, one of the links to download a file disappeared from the post. I got the file already fortunately, but it's weird that it disappears like that. Could the whole thing be edited by someone or was it erased when it was updated?


There's a system for importing DMs, right? Since there's a "Recent DMs" section. Maybe someone can grab it and put it there?


The problem with importing DMs is they might be traced to a specific subscriber (e.g. with randomised tells). The passwords themselves need to be specific to each encrypted file, so if the link to the encrypted file is posted (meaning, it will be the same for everyone), the password can't differ subscriber-to-subscriber, so it will be anonymous, therefore untraceable.

However, Kemono doesn't currently have a method to share passwords or other critical data without importing the entire DM. And the issue with adding functionality to share the password without sharing the DM is that submissions from internet randoms are basically unverifiable, so malding badguys could submit "passwords" containing coded real CP, "information that will lead to H** C**'s arrest", etc. that could get the glowboys' attention. (Yes I know it sounds stupid but cybersec is full of stupid-sounding things that do happen)



The problem with importing DMs is they might be traced to a specific subscriber (e.g. with randomised tells). The passwords themselves need to be specific to each encrypted file, so if the link to the encrypted file is posted (meaning, it will be the same for everyone), the password can't differ subscriber-to-subscriber, so it will be anonymous, therefore untraceable.


IDK why my first post got posted 2x and my second one didn't show up. Hoping it works this time

The question is then, is it worth adding functionality to submit the password and have it checked by volunteers who would test it on the file? Which volunteers are going to do this - how will they be found? How do you prevent volunteers getting fake passwords submitted (i.e. you could have 2+ randomly selected volunteers check, but how do you arrange this)? Perhaps there is a technical solution - test the submitted password against the file it claims to decrypt - but this might be pretty hard to implement, since there are a lot of different encryption methods.

It really depends on the password. If it's a short, readable string such as "ilovemesukemo" then it's not possible to create different passwords for each subscriber as long as the encrypted file is the same for each subscriber, because the information content of the password is too low. If, however, the password is some 100-character long random mess, I reckon it's possible a different password could've been sent to each subscriber.


Looks like another artist is converting to password protected zips


Oh wonderful. Soon enough, it'll all be back to square one. Just wonderful



File: 1666666997790.png (72.32 KB, 256x256, IMG_1017.PNG)

we got too cocky kemonobros…


For anyone who's wondering about the passwords for this month for e19700, all the $3 posts are under the password "Bambipump" and the growing diaries are under the password "Bambibomb"


YO my guy, u are a savior. Btw, do you happen to know about the psswrd for the other ones like Sandra Guts Dirty Play? Still, that one was already super helpful so its ok if u dont have it. Thanks a ton.


Also, next time someone has a password, probably try and encrypt it in base64 so it won't get found from google searches. We gotta be extra safe.


We need a final solution for this issue once and for all. Down with the paywalls.


Any half-competent creator is going to be able to find it reguardless.

Anyways, the problem with them password protecting the archive files, is it only works if no one in the chain leaks the password, which given users are leaking the files already, is a massive oversight.

One solution, is at import, check if any of the files are archives, and if so, test to see if there is a password. If there is, prompt whoever is importing the files to provide it. Verify that the password at least opens the file, then post the archive with the password.

This isn't perfect, as it assumes artists are not going to start putting a password protected archive in ANOTHER password protected archive, but the simple solution is just ask the user if this is the case, and assume they will willingly provide all the passwords going down.

Obiously, this has the slight risk of a creator including one, maybe two passwords that aren't needed, and slowly weeding out people who publicly post them, to weed out anyone just copy+pasting them.

Another solution, allow users to contribute files directly. This has risks, obviously, but utterly defeats any attempt at password-locking files, either because the uploader goes ahead and rearchives the files without the password, or because someone already downloaded the files from MEGA or whatever, and can deny arbitrary closing of the links.


Any creator who goes that far would be losing backers rapidly. There becomes a point of diminishing returns in which a creator will lose far more subscribers not willing to put up with that bullshit.

Plus, it still enables people to leak them via archives on panda/e/hitomi without leaking the password(s) for any artworks, or pdfs/txt/etc in the case of stories, or torrents in the case of videos in a archive pack (again similar to how some dump artist archives).

Then they would be stuck looking at going even further… again annoying prospective backers and getting a reputation for being batshit crazy over it, hurting chances to getting new/replacement backers. It becomes a downward spiral…. because they went to zip archives with a pass (and nuking the links to them as some do at the end of each month anyhow) and couldnt settle for that.

Nah. They're already at the peak of what they'll ever do imo. Going much further would harm subscriptions more than any delusional lost money from piracy could ever net them (which they're losing making people jump through hoops with limited release times + pass protected archives (I wouldnt even sub to someone who did that if I even liked them).



The unlock for those is “OTIxRWFydGhxdWFrZQ”. Use usual sources to encrypt.


Weird. I tried it and it worked on one file, but didn't on the actual file I asked. Maybe I'm doing something wrong?


True, but still. At least they'll have to painstakingly check manually.

Nah, as someone said before, it won't happen. That'll absolutely kill the interest of the backers. All that password gymnastics for a few contents.


I was wondering if the file is corrupted but it isn't. Already tested it and repaired it. Still nothing.



My apologies, the one I gave was for the ones on 9/21 and a bit after that. The one for what you’re asking is “ ZGlydHkzUA”.


No problem! Now I'll just have to wait for the next part to pop up in kemono. Thanks again!


File: 1666901111595.png (1.25 MB, 1612x787, 4561231231.png)

I completely agree, look at pic related artist.
All his post are on kemono, but he shares his passwords on fucking Discord, and the discord importer is defunct so no luck there.

It hurts more because his fanbox post are getting updated in kemono, we know someone is doing God's work and importing the dude, but the password stuff make it so we can't see anything anyway. It sucks so bad.


Thought I did say something about that in the post, guess not.

You very quickly run out of people willing to run in circles to get the things they bought with their money. Everyone has their breaking point and I'm fairly sure some creators are really starting to push to it for a lot of people (see: PrimeLeap).


The simplest way to solve this issue is to implement a comment section for Kemono users and have the contributor post the password here


If passwords are from DM's I think it would be a nice idea to implement a scraper that can get the user's DMs and the make it so that the user selects only the message that contains the password?
That'd solve in a way the verification and avoid spam. Then again we have the case where creators post the password in discord so there is no other way than it being user submitted via comments.


File: 1666948188043.png (48.5 KB, 620x394, access dead.png)

I've come across a different but similar issue. A writer locking their stories not just behind patreon, but private google drive pages. Clicking the link at the bottom of the imported patreon pages, when logged in to a google account, leads you to relevant image. https://kemono.party/patreon/user/7553661/post/72629787
The only solution I'd see to this is someone personally downloading and importing the stories, which would have to be done individually and manually. I think I used to be subbed to their patreon, it was a couple years ago likely if not more, and I don't remember it being this much of a pain. It's like requiring a discord for access. Are there any solutions to this other than what I've said? These imported pages are functionally useless, worse than encrypted zips cause at least you technically have the file.


Unfortunately, that is not the case. Sometimes it's in DM, sometimes Discord, and on this particular post, it's in emails. Nearly impossible to do unless we have someone manually adding it.


Yeah, it's a war of attrition. Artists are nearly at the breaking point, but so are the scrappers.


It seems like people don't even know they need to manually add, as per the google post above. All of the imported pages would require being verified by the artist on patreon to view the content through the links, but they just assumed an import would work.


You can be assured that artists can make more than enough profit from people that do pay them. Making it harder for even those giving them money to access their material is dumb and makes the experience worse for everyone. Why are you going on to a chan board for a piracy site, and attaching your email and a name to inflammatory posts?


Noticed a lot of "dead" google drive links to. Like they just go to google's 404 page.

I mean, it's just annoying. Eventually everyone's work will be out there or it will disappear entirely and be forgotten.


The latter will be true far more than the former. The notion of everything on the internet being there forever has always been a myth in most cases, but it'll be way worse if the paywalling gets more extreme.


File: 1667102947800.png (40.07 KB, 496x134, 2022-oct-29_23-06-47.png)

In the meantime I think it would be a good idea to flag creators that do this practice. See pic related for an example (I'm not too good with HTML/CSS but you get the idea).

Note: This is just an example, I don't know this account is hostile to attachments or not.


File: 1667132878407.png (199.65 KB, 618x265, paywall.png)

These two XIV artists have their content locked as well, the former through a patreon redirect? and the latter, a discord.

In a perfect world we'd just have direct download links to paywalled content, or a thread for passwords


Yeah, I’ve noticed a user who links to their Deviantart Sta.sh, has dead links, so that’s pretty annoying since their uploads onto Patreon are apparently just previews.


File: 1667779286616.png (19.4 KB, 580x193, lonely.png)

It's been the case with Kanel too. Barely ever updates the Patreon page. It's all discord discord discord. https://kemono.party/patreon/user/2432219

It's also the case with multiple people on my list. They either exclusively post on discord, post password locked encrypted files, comment a dropbox link that they change every few days, and all sorts of obnoxious roundabout ways.

Discord is especially annoying as there's no way to scrape the content or upload the content directly. The irony in all this is that Kanel just chronically complains about having no friends and how his discord supporters are insufferable.



The ones required for this artist are "Q29ubmFyZGRldm9sZXVyc2FsZWF1eGNvbnNTYWxvcGFyZGQnZW5jdWzDqWRlbWVzZGV1eA== " for October and "UmlwcGFTcGxpdHRhV2g0MEtmb3JldmVy" for November. Use the usual encryption methods


Yeah zeroGravitas (https://kemono.party/patreon/user/69324511) does a similar thing every month.

On the upside he also made a google drive this month, so maybe in the future he'll forgot to lock one of his archives as we go into new months.

But I hope the hero that has been uploading his new mega links is still around, can't wait to see what else he's got.


Any decent way to flag uploads so that someone can actually know just importing automatically will not work? Someone's kept importing >>24704 from the artists page linked on kemono here, not realizing they're all locked behind drive links and thus useless. Flagged the newest post but not really sure if that's good.


other than specific extra flagging options that would just open the way to massive trolling and spam

you still have to look at the individual posts to notice there's a flag on them anyway, and how many importers or users actually do that and check if the post was properly updated once the flag is gone?


pure french poesy


Do we have the password for the heroine harem comic?


I tried right now to decrypt the files for this month. But yes, not possible.

hashcat has a has size limit of 320Kb, so there may be some files we cannot decrypt due to that.

Files are indeed RAR3-p (compressed).

Quite a bummer, sadly


Does anyone know the password for November stuff ?


anyone has december password?


If anyone got the psswrd for Nov and Dec, you can drop em off here


and if the artist decides the retire/go-off-the-grid or bites the big one, the art is lost forever


Well, that's a new one. He posts links to his own website, which is set up to only work if you've been redirected from the fanbox post. Fortunately, it can only check the URL you're coming from, so you can trick it by going to the locked fanbox post and using the browser console to navigate to the external URL.


>>26709 >>26710 >>26711
what browser do you use? ive had this double posting problem before but only happens rarely when i click back and forward


Passwords everywhere, kemono bros…we lost


That assumes they aren't giving the password via Discord or some other off-site method.
It could be in DMs as well, but the person providing the feed chose not to import them. (Since if you ever actually contacted them it'd be obviously identifiable, also if they did slightly different messages to each person)


Just hashcat them, thats how I get 90% of the encrypted content.


quick guide and examples? i have trouble using this on wangblows even with HCgui how long does one password typically take? with CUDA enabled?
can you share some recent commands feel free to redact info? i got some stuff to crack too and need some help the docs are a bit confusing doe


Hashcat is usable on windows ? i wanna try this thing but i can't


File: 1673065364365.png (292.48 KB, 1537x315, efweifunjom.png)


File: 1673065786088.png (39.29 KB, 637x210, secret located.png)

oh. i see. the numbers are pointless. looks like the password is hidden in these embeds (they go to their site when you click on it).

hopefully embeds get better for fanbox so these can actually be shown


File: 1673066279851.png (153.86 KB, 820x836, 831-8318812_view-samegoogl….png)

also completely retard-moded and forgot to share the passwords

these are for the artist zankuro and only apply to the kemono posts listed (if it's not in the list, check the kemono post you're looking for, it might still be in the Google Doc era)

221 - もちつき大会 - k7g_F46lx
220 - アンリエッタさん🍑 - Z_90g-hFvb
219 - デスロックさん🍼 - Sg8u4dQs
218 - 搾らせベリィちゃん - zankuro_3961
217 - セリィちゃん - z3658
216 - アシブトガラス とお知らせ - z3658
215 - ダークエルフの泉 - z3658

i'll put my session key into the system to upload any new zankuro posts that happen this month (also to serve as a subtle reminder to share their passwords). this shit cost me 500 JPY so y'all better like it lol


if 216's password doesnt work check the comments, Zankuro tried a different strategy before and it's in the comments. anything older than 215 though and you're on your own unless those passwords in the google docs don't work anymore. i don't feel like posting like 200 passwords though so just list your favorites or some shit and i'll see if it has an embed password or not


Personally I find Zankuro's art very hit or miss but I still appreciate this sort of thing.


who the fuck is behind this CP bot spam can jannies just post the IP publicly? were getting the same exact repost on our own chan as well


Can you post the link for the last 2. The broken embed aren't even showing up anymore so we don't even have the mega links


I managed to get the Hash. However, I don't know how to proceed to unlock the password after that. I tried 13000 hash but failed.
What's the code for RAR-3p compressed?



Now he deleted the files from the mega links and is using DMs to send the rewards now, could you upload those somewhere?


>Now I'll just have to wait for the next part to pop up in kemono.
Is the Sandra comic even there in the first place? I did a quick looksee but it looks like no one uploaded it and it isn't an attachment to any of the posts advertising it.





please mobukichi's pass…


anyone got Brocobich password


would greatly appreciate 199s PW if possible




Thread locked due to incessant requesting. This wasn't made to be a request thread. Retards somehow decided it was so no more thread.

[Return][Go to top] [Catalog] [Post a Reply]
Delete Post [ ]
[ b / kemono / coomer ]