I'm planning on using C++ (my language of choice) to generate a list of possable URLs of the unlinked preview imges we know to go up on Wizards.com before the previews go up.
Does anyone have any suggestions? I'm going to make in iterative code that will generate a line of numbers one by one and assign each number to a single character, possibly using the entire QWERTY character set.
Private Mod Note
():
Rollback Post to RevisionRollBack
...
I have no extendo-sig. Sorry, I'm just not vain enough to think someone will click on it.
I think the guy is getting the url through other means, FTPing, Googleing, I dunno.
Private Mod Note
():
Rollback Post to RevisionRollBack
Quote from Jedit, regarding Walls »
"OK, lads, here they come! Move that Wall of Stone ... a-one, a-two, and a-THREE!"
Quote from dragyn_mage »
I think assaulting another player should have a range of penalties. (A light slap is a game loss, a kick in the nuts is a DQ, ghetto-stomping someone is a Ban for Life.) There could be article all about it, like "when to mulligan"
Those are all simple operations. I am reinstalling Codewarrior on this computer so that I can do it quickly.
Okay, I installed it.
Since I have to generate a list of numerical equivalents for alphanumeric characters, (none of the libraries I'm using have one that I know of) I will be significanly shortening my alphanumeric library. It will be:
abcdefghijklmnopqrstuvwxyz1234567890()&*-_
I will limit my filenames to 31 characters, since that's the longest filename that early Mac systems can deal with, so I figure it's a good idea.
All the filenames I generate will be Jpegs (*.jpg).
Maybe C++ has some sort of parser? I dunno.
Btw, apparently Wizards.com is NOT case-sensitive, so you don't need to worry about capital letters too.
Private Mod Note
():
Rollback Post to RevisionRollBack
Which color are you?
Non-Judge - Comprehensive Rules Delver
|| Autocard || My Latest Project || Random quote of the last time I updated my sig:
"...FOMG THE SCROLL LOCK KEY DOES SOMETHING "
At least in my PHP (my primary coding language) there's a char() function that converts a number into the appropriate ASCII code (a letter).
But I don't think your code is going to work, unless it can figure out a more intelligent manner for guessing image names.
Generously, I'll give you 100 tests/second. That comes out to a bit less than 1 million tests/day. That is an approximate scale - the limit should definitely be with your bandwidth and connection latenancy, not CPU.
At 42 characters, the number of tests required to brute force a file name of N characters is 42^N. At that rate, it gets impossible to crack (thousands of years) after only 6 characters.
Obviously that won't do.
We can attempt to break down the URL into parts, which is absolutely necessary if we want to make any progress with this code.
SOK29462_RushZubBig
The first part is the expansion abbreviation. Then, it's followed by a five digit number that is a "card ID" of sorts. Now, I remember five digit card ID numbers were used in the old Magic the Gathering Interactive Encyclopedia's database, because that was the same database that was used in the old Ultimate Spoiler Generator. I would guess that the programmers on the IE were really really lazy (which seems like a somewhat fair assumption) so they just directly used the Wizards internal card database. My guess is that this five digit sequence is the card ID in Wizard's internal database, and we can get a sense of what they are both from the IE database and from other cards in a set. The numbers should be dropped around the same values, because the database is sequencial.
As for the last part of the name, here is where it gets really difficult. Part of the URL is from pieces of the card name (doable) and the other part is some esoteric reference. This will make it take quite a while
Dictionary attacks are probably too slow for this part, but there's no alternative. The other trouble is that wizards wouldn't even need to do anything special to break this technique, just had a few more truly random characters manually to each URL (the last part of the name seems to be randomly assigned) and there's no way we could ever get it because it will take way too long.
If someone could make a list of more URL names to analysis, it would be helpful but honestly I think this attempt is pretty hopeless.
"The bird of wonder dies, the maiden phoenix,
Her ashes new-create another heir
As great in admiration as herself.”
—William Shakespeare, King Henry the Eighth
I did the picture hacking for the sets where they kept the preview cards the same as regular article pictures, once we got a bunch of legions and scourge, they realized what we were doing, and started using the current formatting, we tried to use a brute forcing techniqe then, but they changed their format too much for it to be plausible to crack within 24 hours.
Darth: Are you assuming that this will be run on one machine? BAH!
Also, it will generate the list once. I will then set up a webpage which has every one of those images linked to on it. Then anyone can perform as many tests as they wanted whenever. Or I could do a thing like what SETI did, and make a screensaver that anyone can download that will process it for me!
Okay, so it's a bad idea.
Private Mod Note
():
Rollback Post to RevisionRollBack
...
I have no extendo-sig. Sorry, I'm just not vain enough to think someone will click on it.
But here is the thing. You all say it is impossible. Ok now lets look at the Rumor Mill. That david guy is one of three things:
A) Works somehow with Wizards Server
*Probably not. Would you risk your job to bring some cards to some Magic player? Espically cards we already have and we be up in six hours anyway?
B) Works with Wizards and is purposly trying to Hype
*Even as unlikly. They know we have the spoiler and they know we will go tot he site when they go live. They do not need to Hype at this point
C) He is able to hack through Brute Force and we can not
*Maybe he is smarted. Maybe he bought some kind of program. Maybe he figured out the code...I really do not know but he did somethign! He is not speaking up but whatever he did we need do.
Why not just use PHP and have the user input the number of tests they wanted to process and have it know which ones have already been tried? Or something like that...
PHP only runs scripts for 30 secs, If it takes longer, it just takes the script as "not worth the try/time"
You could reconfigure your PHP server if you actually had the server (And isnt some webpage you are renting)
I prefer c++, its very similar to php though.
IMO, we should ask the guy at the mill who's already doing it. As I said, i doubt he'll say how, since if he does, that'll take credit away from him.
Private Mod Note
():
Rollback Post to RevisionRollBack
Quote from Jedit, regarding Walls »
"OK, lads, here they come! Move that Wall of Stone ... a-one, a-two, and a-THREE!"
Quote from dragyn_mage »
I think assaulting another player should have a range of penalties. (A light slap is a game loss, a kick in the nuts is a DQ, ghetto-stomping someone is a Ban for Life.) There could be article all about it, like "when to mulligan"
It's quite obvious he's found something. Maybe it's a schedule of promos. Maybe it's a number system. All I know is that it's easy for him, and not us.
Private Mod Note
():
Rollback Post to RevisionRollBack
...
I have no extendo-sig. Sorry, I'm just not vain enough to think someone will click on it.
I think there is little to do when trying to crack preview pics. It seems like the number that wizards uses is more or less random, and the filename of the jpg has something to do with the name of the card itself, followed by BIG. You would have to try and think of which card wizards would be previewing in order to generate that name even if you were to find the random number after SOK.
SOK(random number of length 5)(First 3-4 Letters of card name)BIG.jpg
there are too many variables to pull this off. Look at promise of bunrei. It uses ProBruBIG.jpg as the endpart. Bunrei is spelled Bunrei, Bru***.
I dunno if i helped any, or maybe just confused everyone even more, but i think that its almost impossible unless you have some idea as to what the card name is going to be.
Edit: I think the way the dude in the rumor mill does it is the way images are done with each article. MaRo uses the same number scheme and pic titles week to week. If he changes a few numbers around, he most likely pulls em up. Example:
I dunno if i helped any, or maybe just confused everyone even more, but i think that its almost impossible unless you have some idea as to what the card name is going to be.
that is what brute force is exists for ^^
to simplify the work of a brute force program we have just to figure out how the name is created
if we know that we can break the name in 4 parts with their propreties:
- TLA of the set (we can easily figure out what that will be)
- 5 random number (?) (5^10 different numbers)
- abbreviation of the card's name (n^26 "different words")
- scale (?)
we then have something like (5^10)*(n^26) different possibilities instead of (n+5)^36
it's still big but we reduced the number from 10^37 to 10^27 if n=6...
we just have to procede in reducing the possibilities...
"The bird of wonder dies, the maiden phoenix,
Her ashes new-create another heir
As great in admiration as herself.”
—William Shakespeare, King Henry the Eighth
To post a comment, please login or register a new account.
Does anyone have any suggestions? I'm going to make in iterative code that will generate a line of numbers one by one and assign each number to a single character, possibly using the entire QWERTY character set.
I have no extendo-sig. Sorry, I'm just not vain enough to think someone will click on it.
Anyway as I said in the Rumor Mill I would only go with Letters and Numbers, as thats all wizards uses.
Also would said program be able to tell us when it hit?
Example URL
http://wizards.com/magic/images/mtgcom/fcpics/features/SOK29462_RushZubBig.jpg
images/mtgcom/fcpics/features/SOK29462_RushZubBig.jpg
Its pretty hard to guess that way.
I think the guy is getting the url through other means, FTPing, Googleing, I dunno.
Anyway, the program will have to:
*start at 0
*Increment through every character on a QWERTY keyboard
*Apply proper formatting to it (IE: http://www.wizards.com/magic/images/fpics/features/*.jpg)
*export it to a list
Those are all simple operations. I am reinstalling Codewarrior on this computer so that I can do it quickly.
Okay, I installed it.
Since I have to generate a list of numerical equivalents for alphanumeric characters, (none of the libraries I'm using have one that I know of) I will be significanly shortening my alphanumeric library. It will be:
abcdefghijklmnopqrstuvwxyz1234567890()&*-_
I will limit my filenames to 31 characters, since that's the longest filename that early Mac systems can deal with, so I figure it's a good idea.
All the filenames I generate will be Jpegs (*.jpg).
1=a
2=b
3=c
4=d
5=e
6=f
7=g
8=h
9=i
10=j
11=k
12=l
13=m
14=n
15=o
16=p
17=q
18=r
19=s
20=t
21=u
22=v
23=w
24=x
25=y
26=z
27=1
28=2
29=3
30=4
31=5
32=6
33=7
34=8
35=9
36=0
37=(
38=)
39=&
40=*
41=-
42=_
I will be condesning my code. This wil probably take until tomorrow, since I have better things to do with my time (IE:Sleep) than code.
EDIT: Yes, yeas, I know, blood, sweat, and code. Here's my question:
Does anyone know a more elegant system of changing a number into a letter than a 42-line IF(*) string?
Thanks.
I have no extendo-sig. Sorry, I'm just not vain enough to think someone will click on it.
Btw, apparently Wizards.com is NOT case-sensitive, so you don't need to worry about capital letters too.
Which color are you?
Non-Judge - Comprehensive Rules Delver
|| Autocard || My Latest Project ||
Random quote of the last time I updated my sig:
"...FOMG THE SCROLL LOCK KEY DOES SOMETHING "
Ok I corrected myself. i think that post did not express what I was trying to say. I think the correct on did. Sorry.
Good luck Rob!
But I don't think your code is going to work, unless it can figure out a more intelligent manner for guessing image names.
Generously, I'll give you 100 tests/second. That comes out to a bit less than 1 million tests/day. That is an approximate scale - the limit should definitely be with your bandwidth and connection latenancy, not CPU.
At 42 characters, the number of tests required to brute force a file name of N characters is 42^N. At that rate, it gets impossible to crack (thousands of years) after only 6 characters.
Obviously that won't do.
We can attempt to break down the URL into parts, which is absolutely necessary if we want to make any progress with this code.
SOK29462_RushZubBig
The first part is the expansion abbreviation. Then, it's followed by a five digit number that is a "card ID" of sorts. Now, I remember five digit card ID numbers were used in the old Magic the Gathering Interactive Encyclopedia's database, because that was the same database that was used in the old Ultimate Spoiler Generator. I would guess that the programmers on the IE were really really lazy (which seems like a somewhat fair assumption) so they just directly used the Wizards internal card database. My guess is that this five digit sequence is the card ID in Wizard's internal database, and we can get a sense of what they are both from the IE database and from other cards in a set. The numbers should be dropped around the same values, because the database is sequencial.
As for the last part of the name, here is where it gets really difficult. Part of the URL is from pieces of the card name (doable) and the other part is some esoteric reference. This will make it take quite a while
Dictionary attacks are probably too slow for this part, but there's no alternative. The other trouble is that wizards wouldn't even need to do anything special to break this technique, just had a few more truly random characters manually to each URL (the last part of the name seems to be randomly assigned) and there's no way we could ever get it because it will take way too long.
If someone could make a list of more URL names to analysis, it would be helpful but honestly I think this attempt is pretty hopeless.
from gatherer/autocard (it seems that sok is not up, not even the previewed cards...):
http://www.wizards.com/global/images/magic/homelands/abbey_gargoyles.jpg
http://www.wizards.com/global/images/magic/fd/abunas_chant.jpg
http://www.wizards.com/global/images/magic/bok/kodama_of_the_center_tree.jpg
from preview articles, big images:
http://www.wizards.com/magic/images/mtgcom/fcpics/features/SOK78621ProBruBig.jpg
http://www.wizards.com/magic/images/mtgcom/fcpics/features/SOK84963KageBig.jpg
http://www.wizards.com/magic/images/mtgcom/fcpics/features/SOK31098SasaBig.jpg
I think that the most important thing to do is to figure out how are the numbers generated... I don't think it's random...
Her ashes new-create another heir
As great in admiration as herself.”
—William Shakespeare, King Henry the Eighth
Also, it will generate the list once. I will then set up a webpage which has every one of those images linked to on it. Then anyone can perform as many tests as they wanted whenever. Or I could do a thing like what SETI did, and make a screensaver that anyone can download that will process it for me!
Okay, so it's a bad idea.
I have no extendo-sig. Sorry, I'm just not vain enough to think someone will click on it.
A) Works somehow with Wizards Server
*Probably not. Would you risk your job to bring some cards to some Magic player? Espically cards we already have and we be up in six hours anyway?
B) Works with Wizards and is purposly trying to Hype
*Even as unlikly. They know we have the spoiler and they know we will go tot he site when they go live. They do not need to Hype at this point
C) He is able to hack through Brute Force and we can not
*Maybe he is smarted. Maybe he bought some kind of program. Maybe he figured out the code...I really do not know but he did somethign! He is not speaking up but whatever he did we need do.
P.S. Not illegal GB?
PHP only runs scripts for 30 secs, If it takes longer, it just takes the script as "not worth the try/time"
You could reconfigure your PHP server if you actually had the server (And isnt some webpage you are renting)
I prefer c++, its very similar to php though.
IMO, we should ask the guy at the mill who's already doing it. As I said, i doubt he'll say how, since if he does, that'll take credit away from him.
I have no extendo-sig. Sorry, I'm just not vain enough to think someone will click on it.
SOK(random number of length 5)(First 3-4 Letters of card name)BIG.jpg
there are too many variables to pull this off. Look at promise of bunrei. It uses ProBruBIG.jpg as the endpart. Bunrei is spelled Bunrei, Bru***.
I dunno if i helped any, or maybe just confused everyone even more, but i think that its almost impossible unless you have some idea as to what the card name is going to be.
Edit: I think the way the dude in the rumor mill does it is the way images are done with each article. MaRo uses the same number scheme and pic titles week to week. If he changes a few numbers around, he most likely pulls em up. Example:
http://www.wizards.com/default.asp?x=mtgcom/daily/mr177 shows us the channel ability article. This is from today. Now, if we change mr177 to mr176, we will get last mondays article on the Maro cycle. (http://www.wizards.com/default.asp?x=mtgcom/daily/mr176)
One of the pictures MaRo uses in his maro cycle article is mtgcom_daily_mr176_picMain_en.jpg (http://www.wizards.com/global/images/mtgcom_daily_mr176_picMain_en.jpg)
If we replace the mr176 in the picture title to mr175 (yes, going back a week because all the images in todays article are ones found on gatherer), we get a piece of art for the red epic spell. (http://www.wizards.com/global/images/mtgcom_daily_mr175_picMain_en.jpg)
Its all about the numbers imo.
that is what brute force is exists for ^^
to simplify the work of a brute force program we have just to figure out how the name is created
if we know that we can break the name in 4 parts with their propreties:
- TLA of the set (we can easily figure out what that will be)
- 5 random number (?) (5^10 different numbers)
- abbreviation of the card's name (n^26 "different words")
- scale (?)
we then have something like (5^10)*(n^26) different possibilities instead of (n+5)^36
it's still big but we reduced the number from 10^37 to 10^27 if n=6...
we just have to procede in reducing the possibilities...
Her ashes new-create another heir
As great in admiration as herself.”
—William Shakespeare, King Henry the Eighth