Silk Road forums
Market => Product offers => Topic started by: scripter on December 25, 2012, 09:28 pm
-
!THIS IS FOR VENDORS ONLY!
(If you decided to buy this listing, dont do it from vending account. Register new account, transfer money for additional privacy. This way I will not know, which vendor exactly is you. Less I know>Better I sleep)
This script actually saves me great deal of effort and time, when I check for new orders. Below is snippet from item description:
...
This Python script does everything itself. Logging, keeping cookies in a jar, retrieving orders. Script is multiplatform, will run everywhere Python is installed. Script makes username'-cookie-jar' file in directory for cookies(duh) and asks for captcha if user is not logged in. Image window can be closed any time, and script will automatically keep requesting page, should TOR be exceptionally slow or SR is down, until it gets it.
...
Read more in item description: http://silkroadvb5piz3r.onion/silkroad/item/6e379a6509
-
And here is snippet of script itself
def saveCookie ( self ) :
self . cj . save ( self . cookieFile , ignore_discard = True )
def log ( self , output ) :
I11i = re . search ( 'src="([^"]*)"' , output )
I1IiI = I11i . group ( 1 )
self . getFile ( I1IiI , 'captcha.jpg' )
o0OOO = Image . open ( 'captcha.jpg' )
o0OOO . show ( )
iIiiiI = raw_input ( 'Please enter a CAPTCHA value(image window can be closed):' )
self . login ( self . user , self . password , iIiiiI )
if 23 - 23: iii1II11ii * i11iII1iiI + iI1Ii11111iIi + ii1II11I1ii1I + oO0o0ooO0 - iiIIIII1i1iI
-
I fully agree with Jackie(Merry Christmas again!) but more than that...
Server-load. A bunch of vendors all running this at the same time might not be good for SR.
-
No, no.. You didn't understand.
Precompiled code IS untrusted code, like this item here: http://silkroadvb5piz3r.onion/silkroad/item/002ba2ec85 (not making bad advertisement, but I myself wouldnt run precompiled code)
My code is just, well, unmodifiable, but buyer is absolutely free to check plain-text python script for any suspected code (the only place script asks for anything external is places with urllib2.Request, and import string is: import urllib2,cookielib,re,urllib,Image,os)
Obfuscation used only to maintain monopoly on updates, nothing else.
Thanks for link notification, and let us do this way: I will give checker script free of a charge to two first askers in exchange for review and may be a little analysis of the fact, that script doesnt ring home.. not very hard to do. Check imports, check for tricky eval codes, see that requesting doesn't ask for variables and here you go)
-
No, no.. You didn't understand.
Precompiled code IS untrusted code, like this item here: http://silkroadvb5piz3r.onion/silkroad/item/002ba2ec85 (not making bad advertisement, but I myself wouldnt run precompiled code)
My code is just, well, unmodifiable, but buyer is absolutely free to check plain-text python script for any suspected code (the only place script asks for anything external is places with urllib2.Request, and import string is: import urllib2,cookielib,re,urllib,Image,os)
Obfuscation used only to maintain monopoly on updates, nothing else.
Thanks for link notification, and let us do this way: I will give checker script free of a charge to two first askers in exchange for review and may be a little analysis of the fact, that script doesnt ring home.. not very hard to do. Check imports, check for tricky eval codes, see that requesting doesn't ask for variables and here you go)
I would accept unobfuscated code and review it, but I'm not actually a python-coder, so the best I could say is "After looking at this for the last ten hours and retroactively figuring out what every piece does, I'm pretty sure it isn't bad but someone else should test it and only on a fully secure system that has all traffic going through tor, even when faced with attempts to find the real IP-address of the user".
And that only happens if my brain figures out what the code actually means. I was able to decipher ActionScript after a few hours, dunno if it would work for python.
-
And as about serverload, well - this script does constantly hammer for reply, here is unobfuscated getPage function:
def getPage(self,url):
flag=0
while (flag==0):
try:
output=urllib2.urlopen(url).read()
if (self.isLogged(output)):
flag=1
else:
self.log(output)
flag=0
except urllib2.HTTPError, error:
flag=0
self.saveCookie()
return output
So, as you see it is reloading infinitely page until it gets no error in reply, those in normal network "hammering" site. And this is actually the case, should SR work in some unimaginable mode.
Wouldn't recommend starting checker and leaving it unchecked for hours.. This could be annoying in special cases. Otherwise script hammers with tor network speed, which is very slow, and does exactly what I do manually, so I really fail to see how this script increases load on SR.
On another hand it really does save the time. I myself (run unobfuscated code with little improvements) at first check for orders and only then start browser IF there is something new.
-
As about two copies for review, lets make it that way:
I lowered price to 0.01btc and quantity to two.
This offer is only for first two, first come first served.
-
Should be completely honest though, before mentioned
def saveCookie ( self ) :
self . cj . save ( self . cookieFile , ignore_discard = True )
is a bit different from browser handling.
Usually browsers discard session cookies on end of browser session, enforcing logging again on new browser session.
ignore_discard bit prevents it, and it is not completely right, but this is for user security - otherwise browsers cookie jar would be stagnant and very possible vulnerable, since usually browsers jar is not in secure storage. Script which contains critical info with password should be in encrypted storage, but script generates username-cookie-jar file, which is plaintext netscape cookie file, which is also critical and never should be out of secure storage.
Keep script and cookiejar in secured storage and you are set to be as safe, as your storage is.
-
As for next script, or perhaps update, I am thinking of showing all unread messages.. but not too much sure about it. This is side project, fork from Instant Lotto for SR being in development.
(Realized in process usefulness of checkscript, as well as usefulness for other vendors, so put it in lists)
Privacy and honesty are big concern to me, and all my developments are actually on the same trust level, as SR itself. All routines are checkable, here and will be in lotto too, which will work exactly on math and totally checkable for honesty.
-
Sorry folks, lapse of judgement.
What I mean, is that buyer will have script unobfuscated.
Obfuscated script with some restrictions will be put for everyone to see. This way it is more feasible..
Price is about 5btc AND obfuscation. Should be OR, not AND.
-
Sorry folks, lapse of judgement.
What I mean, is that buyer will have script unobfuscated.
Obfuscated script with some restrictions will be put for everyone to see. This way it is more feasible..
Price is about 5btc AND obfuscation. Should be OR, not AND.
Well! I see no problem with that, personally.
-
The only problem with that is... Anyone know, where I can put obfuscated code in torland, for anyone to get? Like pic sharing, but code sharing instead?
-
o, yeah! this one seems to be good: http://snipt.org/zaYg4 (for example)
Notice: Not my code, just some snippet. Do not open link in unprotected browser, copy/past to torrified browser for privacy.
Obfuscated copy will be published today, need to infuse it with some restrictions.. (Sorry guys, but I have put time into it.. hopefully its ok to ask some reasonable sum of money for that)
-
And, here we go:
http://snipt.org/zaifd9 (Tor for privacy!)
Please, notice import string, please notice no "eval" in code, no ips, no other urls, except SR. Feel free to examine obfuscated copy however you like.
Buyers of item will receive unobfuscated copy without restrictions.
Restricted script is till useful. It shows only 1 order, yet it is still indicator if there is any.
Full script will be sent unobfuscated, and of course without 1. order restriction.
-
Now I know how to do new messages.
It will not read messages (and hammer pages), but will just get counter and insert it in last line.
This feature will not be in obfuscated script, but will be in retail version.
This way retail version will have small use to non-vendors too, as a message checker.