Invites generator

[Gekko]

OMFG, c'mon people, get a life... life is much more than private trackers...

not true

[pro267]

there is a difference between hacking and cracking. getting into someones SQL database is hacking. writing a keygen for software is cracking. you guys are getting the two mixed up.

hacking and cracking are night and day too. hacking involves finding a vulnerability aka an exploit and using it to your advantage. it is finding a hole. cracking is just looking through assem, seeing how a program works, and then either altering the code so it does what you want it to (easy) or reversing the code to make a keygen (harder).

cracking has nothing to do with hacking it is night and day.

No quite, although many make the same mistake you've made.

The actions of hacking and cracking are basically the same thing, which is finding a vulunerability in a certain system. The different is in the intent and subsequent actions after revealing the vulunerability. A hacker approaches hacking with curiosity and/or wishes to learn or educate, while a cracker wishes to harm or take advantage of something. Since both may perform the same action (at the initial stages of hacking/cracking), you might wonder what's the difference anyway? Well there is difference; a fine yet important one nonetheless.

To illustrate the difference, let's consider a guy who found a vulunerability in a switching system of a major telephone company. The guy could go both ways: if he refrains from taking advantage of it and/or notifies the company, then his action would constitute as "hacking". If he keeps the information to himself or his close contacts, and takes advantage of it, then his action would be considered as "cracking".

A person writing a code to override the copyright protection of a software, and distributes it, is usually considered a cracker. Not only did the cracker have no intention of notifying the developers of the vulunerability, but in fact he facilitated people exploiting it at a massive scale. That's why the majority of groups who participate in such activities are considered cracking groups, and not hacking groups. With time and the widening of the phenomena, the word cracking has become synonymous with that sort of activity, which explains why you've made the mistake yourself.

As for the idea of remote generation of invite codes, it is a complete and utter nonsense. In most cases, people who say that have no idea as to what they're talking about. For one thing, to generate the code and add it to the database, one would need access to the database, which is (or should be) locked to a certain workstation only, most usually localhost. They would then need to gain access to that machine, which means going past various filtering mechanisms. Finally, if he does gets access to a terminal with network access to the database, he would have to crack his way into the database without having a working account on it. Frankly, getting an invite to TTC would probably be easier than that.. They could ofc try to inject some code to the database through other means, but that would involve some application on the server not being secure enough, and frankly if that's the case he could do a lot worse than generate a new invite code.

Having said all that, the only remaining way would be guessing a valid invite code. With a standard 32bit MD5 digest, and assuming one would have to cover 50% of these options in average to guess the correct combination, we're talking about 2147483648 different options. ofc, if there are several invite codes floating around and the hashing function is uniform, it'll take a lot less than that (in average, the reduction would be proportional to the number of invite codes valid at any given time).

If you take into account the various packet header overheads, network and processing congestions, bandwitdth etc. that would make such an attack pretty hard, especially if the number of registration attempts per each IP is limited.

If a site uses a standard SHA1 digest, however, we're talking about a field of 2^160, which would reduce the feasibility of such an attack to 1/2^(not_gonna_happen)..

There are ways to reduce the number of options substantially but I'm certainly not going to discuss them here :-P

(Wow, that was a longer post than I had intended it to be..)

[Brenya]

In response to what a lot of people have said, about brute forcing, if an invite requires the inviter to verify, then brute forcing is null. It's like picking a lock, only to find the family home.

How does the inviter verify the invite?

[meelad]

On some sites like iplay, you need to verify the invite by clicking somewhere.. Then only the invitee's account is activated.

[Sanka113]

By asking them what their email is.

[Albo Da Kid]

Congratulations

You have all been suckered into an idiotic topic once again.

[sheriff 01]

Congratulations

You have all been suckered into an idiotic topic once again.

How did i get sucked in? I am the one selling the program!

[interwebz]

thank you, we're now all just a little dumber for even seeing this thread.

[cousspized]

owner will change it if it's hacked

[yayyyyyy]

i think it's possible...but you have to know well the source code of the tracker

it's IMPOSSIBLE.

invites are generated when you click on SEND... and to verify if an invite is valid the site checks if it has been generated...

you cannot create a working keygen as there's absolutely no mathematical algorith to be reversed...

otherwise wouldn't you think all romanian people would be already on SCT+SCC with 100 accounts each one? LOL