Welcome To The EndGame : EndGame | Torhoo darknet markets Torhoo!

17 points

5 years ago

This is really epic. Thanks a million to you and everyone else who contributed to this!

What a game changing day for this community.

/u/polluxdrunk

8 points

5 years ago

Dope! We're gonna think back on these DDOS days and have a big laugh!

/u/MrXXXT

2 points

5 years ago

Yeah super Dope! log in with eaze on your mind :)
We probly forget about DDOSS

Newbies will not even know what the word means

/u/bigdog24

3 points

5 years ago

never will i have to zoom in to find the missing captche piece

/u/MrXXXT

1 points

5 years ago

I gues thats more of an EYE problem than and captche issue bro :P
You should chek, your eyes at an docter, maybe try on some glasses

Just saying :P jokes

/u/SpaceCadet2020

1 points

5 years ago

For real tho lmfao

/u/DEEPLY_CONCERNED

7 points

5 years ago

Publishing a generator means this captcha will be 100% cracked in less than a day.

/u/Paris 📢 A

5 points

5 years ago

Not really. One of the benefits of the captcha generation is that it is easily changed. You can change the icons, layouts, font sizing, background generation system, color formatting, well basically everything. While I do not think it won't get cracked when it does you can change it enough that the previous bypass just won't work and they would need to start it again.

/u/DEEPLY_CONCERNED

12 points

5 years ago

I take this as a challenge, and I accept. There's no workaround if you go public. If you publish a generator, any random retard who took a class in ML can solve the captcha in less time than it takes to bake a cake.

http:// haste bin .net/axijebimok . py

/u/Paris 📢 A

5 points

5 years ago

To say I am depressed about this is not an understatement. Thanks fucker lol <3

/u/DEEPLY_CONCERNED

12 points

5 years ago

You can actually solve the main Dread captcha in a very similar way, with just a couple extra steps. First, get a large unlabelled sample set of captchas. Then, sort them using T-SNE so that structurally similar neighbors are close together on a 1 dimensional axis. Then, for each captcha in the data set, compute the SSIM score of each of its K nearest neighbors. If the score meets a given threshold (maybe something like 0.6) then you can consider those two images to have the same background image. You can cluster the unlabelled captchas based on their backgrounds by doing this.

Then, for each automatically labelled cluster, you take all the images in that cluster and use the median value of each x,y coordinate to produce the final output. This will give you a folder full of the background images you guys use for captcha generation, with no shapes attached. You can then paste whatever shapes you want onto the image to generate your own fresh captchas. This method is effective because it's resilient to changes on the server side, since all you need is a steady stream of captchas to use for clustering, and reclustering the images can be done automatically.

Honestly if I were you I would just switch back to a text based captcha. Sure, you might have to deal with 2captcha/Anti-Captcha faggots paying poor people in 3rd world countries to do the captchas for them, but that quickly becomes costly. Text based captchas, at least with good background static, are much harder to crack with machine learning just because they contain more entropy. Right now, there are 2^9 (512) possible answers for the shape captcha, but if you used a 6 character a-z text captcha, that's 26^6 possible solutions (308,915,776). You could increase the grid size of the shape captcha to 4x4 and get 65,536 possible solutions, but people are already struggling with the image captcha, whereas machine learning excels. It'd be as simple as changing the sigmoid output layer of the model to a 16-value output instead of a 9-value output and retraining.

/u/Paris 📢 A

3 points

5 years ago

You know. You are very well right. Here I'm like "oh boy this is going to be so difficult to solve with a fucking machine" and then boom 1 hour is all it takes. It's crazy how far machine learning has come. It is something that I have underestimated even with this new captcha. When I was specifically looking out to counter machine learning. I guess releasing it with the captcha process intact was a mistake. With the machines learning as it is there is never a truly secure captcha that is open source because you can automate the training so fast to break it.

In your view what kind of text based captcha is the hardest to break?

/u/DEEPLY_CONCERNED

15 points

5 years ago

There are a couple of things you can do to raise the bar for both ML-powered and poor-people-powered attacks. They all have their drawbacks, but honestly I think they could all work better.

First, if possible, make a GIF captcha. What I imagine in my head is something like this: first a red "D" appears on the left, then disappears. Then a green "G" appears slightly to the right of where the "D" was, then disappears. Then a blue "F" appears slightly right of that, then disappears too. Repeat however many times is necessary. The downside to this is that it will likely require either more CPU power (to compress the GIF) or more bandwidth (to send poorly compressed GIFs). I don't run a hidden service so I don't know which one of these resources is more important to you, but you'll have to choose. The upside to this is that solving it will require either several rounds of 2D convolutions (one for each frame of the GIF) or will require 3D convolutions (which are far more computationally expensive than 2D convolutions). The idea here is to raise the bar so that training a model to attack the captcha on a CPU isn't plausible, which introduces a financial strain on the attacker that wasn't previously present. This is the same principle that proof-of-work or DNS reflection DOS works on; you're increasing your resource usage a little bit, but your adversary has to increase their resource usage disproportionately to match you.

Including instructions (rendered as part of the image - that's important, if they're rendered as HTML they can be read automatically) is also a good tactic. It increases the complexity required for a working machine learning library, and in my experience captcha solving services' workers don't usually read English very well so they struggle to follow instructions. However, it's best not to do something like Empire did where you're told "enter the (color) characters" because this can be easily read and then the attacker can just filter out colors that aren't what they're looking for. The downside to this is that your forum serves drug users, and drug users aren't known for their ability to follow instructions well.

Try to make whatever captcha you design generator-proof. The attack I just did on the new EndGame captcha was super easy because I had a generator handy, so for this to work you'd have to keep your tools private. The theoretical computer vision based approach I described in my last post would also be very effective, because creating a generator is a plausible task there as well. Collecting a labelled data set is extremely time consuming, especially on Tor, so your attackers will always want a data generator. By making the background variational in a way that's hard for an attacker to imitate on their end, you will force them to collect a real dataset and thus increase their resource expenditure. Take Empire's captcha for example. It's seemingly very simple, but the way that they create those layered polygons is very specific. While it may seem easy to imitate the generation of a captcha like that, remember that the neural network has to learn not only what to pay attention to, but also what not to pay attention to, so small changes in the structure of the background can really throw it off. Note that I say the structure of the background - adding static like you do to the background images in the current captcha doesn't work, because algorithms that compare x,y in one image to x,y in another image to measure their similarity will see very little difference and realize the images are similar. You have to create significant pixelwise changes across the entire image.

Hope this helped. Feel free to ask any more questions you have, I love computer vision problems.

/u/syduri4567

3 points

5 years ago

Wow this is pretty cool. I never thought captcha's could be so interesting

/u/PsyenceLabs

1 points

5 years ago

I'm glad I wasn't the only person that sat here baked learning about ML and captchas. It was really interesting on a lot of levels.

/u/[deleted]

2 points

5 years ago

This is exactly what I suggested to /u/mr_white and /u/Paris.
I told them they need a different captcha, because releasing a generator makes it extremely easy to train neural network. I wouldn't say anyone can do it, because that's a ridiculous claim to make, for even this challenge requires some programming related knowledge and neural networks, but it is not hard for someone determined.

/u/goldenwolfman

0 points

5 years ago

First, if possible, make a GIF captcha. What I imagine in my head is something like this: first a red "D" appears on the left, then disappears. Then a green "G" appears slightly to the right of where the "D" was, then disappears. Then a blue "F" appears slightly right of that, then disappears too. Repeat however many times is necessary.

The thing is that nobody would ever want to deal with this type of captcha. For example white house markets captcha gives headaches.

/u/[deleted]

-2 points

5 years ago

First, if possible, make a GIF captcha. What I imagine in my head is something like this: first a red "D" appears on the left, then disappears. Then a green "G" appears slightly to the right of where the "D" was, then disappears. Then a blue "F" appears slightly right of that, then disappears too. Repeat however many times is necessary.

Doesn't change shit.

(rendered as part of the image - that's important, if they're rendered as HTML they can be read automatically)

Doesn't change shit.

Collecting a labelled data set is extremely time consuming, especially on Tor, so your attackers will always want a data generator.

There are other ways to break captchas, not just bare neural networks. You can combine multiple approaches. We use something called a hybrid approach.

It's seemingly very simple, but the way that they create those layered polygons is very specific.

It isn't.

By making the background variational in a way that's hard for an attacker to imitate on their end, you will force them to collect a real dataset and thus increase their resource expenditure.

Not necessarily.

/u/DEEPLY_CONCERNED

6 points

5 years ago

Maybe in the future you could make a well thought out post instead of just going "no, bad, I'm better computerman than u." Maybe make your own suggestions about how the captcha might be improved?

/u/[deleted]

-2 points

5 years ago

Well, I have never stated I am a better computerman or whatever it means, have I? This is just what you think yourself. Understandable, many people suffer from Impostor Syndrome. IMO you can't compare yourself to anyone here because it's not soccer or weightlifting. People have different skillsets.

I have suggested improvements to Paris already, we don't want to discuss the internals in public. This will give him more time.

TL-DR: no captcha is unbreakable, it's better to prepare 3 different models and change them when one of them gets broken, which are difficult, than one "impossible" one.

/u/p0wer

1 points

5 years ago*

I don't think the gif thing is necessarily a bad idea. Of course if, in each frame, it is showing the word then it would actually make it easier to solve. If you, however, it dark on one side and slowly light up each area (never showing the full word at once), you will definitely make it require more effort to determine. They would need to break each individual letter up and add them together (to make a single clear image). It would allow you to do things like insert icons (which are supposed to be ignored) or whatever. It is definitely a lot more effort to create a gif captcha compared to what you'd actually get from it.

You could tweak the current one to be kinda like recaptcha and say "select all boxes which show an icon of a lion". Then you could store thousands of different animals or something. You're still going to get it cracked if you ever release it public.

Best bet is a captcha which includes: [a-z0-9-_] and maybe a few symbols. Captchas are like cryptographic algorithms. The longer they exist without being cracked, the more confident we are in using them. There's no point in reinventing the wheel. The captcha is what it is, and if it doesn't do the job then you can't blame the captcha. Include several different captcha algorithms and spit out each one at random. That makes the job of actually fingerprinting a single captcha algorithm and reverse engineering it a difficult task, since you'd need to first separate which captcha is which. I've been doing this on CryptBB with a color scheme although I should mess around with fonts more too and randomize every aspect of captcha generation.

/u/[deleted]

1 points

5 years ago

The captcha with animals that you've mentioned, is what actually brought me here, lmao.
Ask /u/mr_white.

/u/p0wer

1 points

5 years ago

I'm confused what you mean.

/u/LaRouge

1 points

5 years ago

Maybe i have a way to beat machine learning.

/u/Paris 📢 A

2 points

5 years ago

If you do I'll pay big money for it because preventing this kind of machine learning attack is exactly what we need to do to prevent the spam.

/u/DEEPLY_CONCERNED

4 points

5 years ago

It's worth pointing out that at a certain point, you hit one of two upper limits. Either the captcha becomes so hard that a real user can't reliably solve it without getting frustrated and leaving, or you make it complex enough visually that the time it takes to generate isn't viable for use as DDOS protection. Either way, the limit is low and machine learning power is high, even for a novice. It's true that you can change things like text rotation or the symbols shown, but anyone with 15 minutes to sit down and inspect the new captchas can determine what you've changed and implement a change in their generator. Since the model takes only a few minutes to train when you have a generator handy, the new captcha can be broken almost as fast as the changes were implemented. You could make significant structural changes, but at that point you're basically writing a whole new captcha, and the fact that the EndGame captcha is modular stops being meaningful if you do that. And again, if you release a generator, the captcha WILL be cracked.

/u/Paris 📢 A

1 points

5 years ago

I feel like I'm going to need to scrape fucking google's recaptcha system for massive image libraries to counter all this god damn machine learning. lol

/u/DEEPLY_CONCERNED

3 points

5 years ago

There's actually a clever trick behind ReCaptcha that most people don't know about. The biggest factors in how ReCaptcha calculates whether or not you passed the captcha isn't whether you identified the image correctly (as ML libraries can do this much better than you would think) but instead a combination of browser variables such as:

1. If you have Google tracking cookies already attached to your browser - this is a big one

2. Where you're located

3. How long the time between your clicks on the images are, and meta-stats about these stats (e.g. median time, mean time, max time dist between clicks)

4. Screen resolution, addons installed, fonts installed (look up fingerprint2.js - this is all available if you have JS enabled)

The reason Tor exit nodes are singled out so much is dual. There's the obvious reason that people use them for spam, but there's also the fact that you don't have the correct browser attributes to pass easily. You can test this yourself by doing a clean install of Firefox, adding some dumb plugins and installing some gay Web 3.0 font sets, and then using localhost:9050 as your proxy settings. The real advantage they have, and the one that will always escape you, is that they don't care about forcing users to use JS.

/u/[deleted]

3 points

5 years ago

Captcha is only a part of EndGame and even if broken it won't help with ddos but mostly with spam. The whole thing is modular so operators can (and should) get creative and change the captca models to their own, keeping that private.

Your comments are, well, enlightening regardless.

/u/DonGoya

1 points

5 years ago*

So what exact role does the captcha play in the anti-ddos system?

/u/[deleted]

2 points

5 years ago

the captcha is just a tiny part of it , most of the meat is in the rest of the code .

/u/WhiteShark

1 points

5 years ago

Read the code and understand it, so you can also give a technical opinion better sentenced :)

/u/WhiteShark

1 points

5 years ago

Well imho a base library text based can be more safer than this one /u/Paris, for example the library c-based like https://github.com/huacnlee/rucaptcha require a decent amounts of "assholity" and servers power in order to be passed by AI.

/u/DonGoya

1 points

5 years ago

Are you suggesting that it's better to replace _already cracked_ :) EndGame's captcha with RuCaptcha?

/u/OneLifeRemaining

6 points

5 years ago

I think it's worth trying a false negative system. If you were to make roughly half of the captchas that are solved correctly randomly act as if they weren't regardless of the user input you'd make it significantly harder to machine learn since a bad response doesn't mean a bad input in most cases. It shouldn't create more user friction, worst case scenario a user gets stuck solving 2 (or 3) captchas before they're able to log in.. I think we'd all get used to that reality if it meant more uptime or more effecient security. I'm not a dev by any means, but is there also a way to map where the user actually clicks? If both captcha attempts are submitted using a keyboard instead of a mouse for input or are submitted by clicking the same exact screen position it should push the user to another form of verification - perhaps a menial task, something that could help you machine learn a system to make defenses better. Again, I'm not a dev - I just read a lot and think of what I would go for if it were me (and considering any of this is even plausible or possible to do).
As always your dev work to advance the DN astounds me, 10 years from now when I'm reading an article about the dread community I'll be happy to know that I was there.

/u/bobd

1 points

5 years ago

This actually could work, at the bare minimum training a neural network would be more difficult and would result in worst accuracy.

/u/PsyenceLabs

1 points

5 years ago

Interesting ideas. It sounds great. I'm not a dev either, but have plenty of coding experience. Love learning about the logic side of things so thanks for sharing

/u/satoshisnipple

3 points

5 years ago

I hate to be negative but this captcha is trivial to solve by ML and difficult to solve by humans. You've created the worst of both worlds.

This captcha will probably be solved by ML this week if not within days.

I assume there are other anti DDOS capabilities in this script, but calling it "endgame" is very naive and will likely motivate people to beat it.

/u/PCFMA

2 points

5 years ago

YEAHHHH ALL THE DDOS GAYS AND SUCK PISS OUT OF OUR ASSSSSS

/u/gurkin

2 points

5 years ago

A better catpcha is a solver. In graphics, write 5 + 10 minus four (Use both text and numbers). The result is a simply maths problem to solve.

Or "what colour is the word what" and have each word in a different colour, solve by having a text field with the word or a multiple choice with the different colours to select.

These kind of logic puzzles are much easier to solve by humans, but extremely difficult to machine learn.

Far more difficult to break than simply pattern matching icons.

/u/[deleted]

2 points

5 years ago

Your contribution towards the community is just awesome

/u/goldenwolfman

1 points

5 years ago

You guys just made a history! You guys are amazing! Thank you so much for doing it and publishing it for free!

/u/RevK

1 points

5 years ago

Congratulations on finishing this guys, looks awesome. Great contribution to the community

/u/PremierGhost

1 points

5 years ago

Amazing work Paris, can already imagine how many services will put this to use!

/u/PillChills

1 points

5 years ago

Make it look like you know what the fuck you are doing.

I want this for my shop

/u/DougIasAdams

1 points

5 years ago*

Wow that's a great release, thanks a ton for sharing it with us!
Will be very useful in the future.

EDIT: Would you mind explaining it how it works?

/u/PCFMA

1 points

5 years ago

UNITED WE STAND

DIVIDED WE FALL

TOGETHER WE FORM VOLTON AND FAKE ON ALLLLLLL

PIIIIISSSSS COMING FROM MY ASS

/u/[deleted]

1 points

5 years ago

Congrats. From the quick overview you have used similar approach as we did in our filter. Good to have such a technologies available freely, I hope the community will appreciate it.

/u/WhiteShark

1 points

5 years ago

/u/Paris, a big up for your job.
This system that is helping projects to grow up against ddoss\kiddo's revenges will make real changes.
Also it's hardly to be configured for whom run a market only for fun.
LUA captcha is a pain the ass, but with time everyone can handle to change it.

/u/Paris 📢 A

1 points

5 years ago

The LUA captcha will need to be changed soon. Or maybe I should publish instructions on how to customize a new captcha for a site's use. No sense keeping it standardized.

/u/WhiteShark

1 points

5 years ago

Yep, it's just require time to proper customizations :))

/u/[deleted]

1 points

5 years ago

If someone who runs the market cannot configure/use it then he should not run the market in the first place.

/u/WhiteShark

1 points

5 years ago

Absolutelly agreed ;*

/u/[deleted]

1 points

5 years ago

its very easy there is a step by step guide

/u/[deleted]

1 points

5 years ago

it does require some config .With /u/mr_white 's bash scripting it really makes it idiot proof . For us at Big Blue we really had to find a nice balance in tweaking the params.py on onion balance to get that balance we needed . Since then we have had something like 4 weeks up time . I would also add sometimes on the script tor --hash-password didnt take , so you might have to gen a new control password and replace the old one with the new one in the torrc after everything install cleanly . Other than that top of the line work

This is a game changer for sure . We at Big Blue is happy we could get on the project early . Big thanks to /u/Paris /u/mr_white

personally for those that been around here forever .. it is refreshing to see new and innovative shit come back to this side of the Darknet

/u/tuxedotom

1 points

5 years ago

Damn, I logged on saw this and though for a brief moment the world was over. Careul getting people's hopes up with misleading titles

/u/adversa

1 points

5 years ago

It's not even June yet. Plenty of time for 2020 to deliver!

/u/dillinja

1 points

5 years ago

its been trying pretty hard so far

/u/[deleted]

1 points

5 years ago

Great work!!!

/u/Waters

1 points

5 years ago

Thank you, /u/Paris. I will begin testing and implementing the endgame into my customers and personal websites from today, I will be testing the endgame with 10,000s of real users and will let you know how it goes for us!

/u/terrnc

1 points

5 years ago

Just wanted to drop some props here for making the work available to everybody. It requires a lot to not keep it private. Also a lot of people will look at your work and also will come up with criticism, anyway you should keep this project maintained. I will definitely set this script up for testing and if I find any bugs or improvements I will let you know.

Finally some kind of open source dev feeling in the deepweb.

/u/onionltd

1 points

5 years ago

I took the liberty to make copies available via RootGit and GitHub, I hope you don't mind /u/Paris.

@RootGit: http://rootgit4rghbuenb.onion/onionltd/EndGame
@GitHub: https://github.com/onionltd/EndGame

/u/Paris 📢 A

1 points

5 years ago

I don't mind at all. It is free for all to use. Just make an adjustment at the top line pointing to this subdread for the latest information.

/u/RickAstley

1 points

5 years ago

holy crap. i didnt know there was a github clone for tor. sweet!

/u/RickAstley

1 points

5 years ago

I just bookmarked that bad boy for later.

/u/xoxo

1 points

5 years ago

I am curious if it uses Docker containers, Kubernetes orchestration? If no, why not?

/u/Alpha_Wolf

1 points

5 years ago

Amazing contribution .. Thanks Dread and WHM

/u/AcuTex

1 points

5 years ago

This is awesome! Thanks!
Great Regards.

/u/[deleted]

1 points

5 years ago

Good job /u/Paris, tested by me.

I warned you about the captcha lol

/u/AnadoluXinhua

1 points

5 years ago

People like you, Paris, are the pillars the DN is built on. Only such a foundation gives us the sturdy DN we need!

/u/libromantic

1 points

5 years ago

This is huge. Congrats!

/u/[deleted]

1 points

5 years ago

i really appreciate the effort you have put into this

/u/FinalBoss

1 points

5 years ago

Honored to be able to witness this in real time.

/u/PINECONE

1 points

5 years ago

Wonder how long this one is going to take to beat

/u/pappenpillenpep

1 points

5 years ago

WOW Thank you so much!!!
You are fkn awesome guys!

/u/Bavariapetrol

1 points

5 years ago

Nice job man!!
Hope all goes well

/u/HappyHours

1 points

5 years ago

Ive always loved Paris.

To you, sir!

/u/redlotus

1 points

5 years ago

I cant even begin to imagine how long this took to put together, well done!

/u/6ix

1 points

5 years ago

>Provided by Dread and White House Market. With help from Big Blue Market and Empire Market.
This must be biggest colab in history since avengers

/u/majorfame

1 points

5 years ago

I fucking love this!! Whew!

/u/Harper7

1 points

5 years ago

Thank you! This is incredible for the whole community. Thank you for stepping up and working so hard on something that benefits us all.

/u/Xanitforthecash

1 points

5 years ago

Not much to say but wow, Great job to all involved.

/u/Enter7aineR

1 points

5 years ago

This is great! I have downloaded and will pour over it later. Thank you all for your contribution to the scene.

/u/cdvvn

1 points

5 years ago

The innovation coming out of the DN is incredible.

I cant think of anyone else who has given so much to the DN community other than the Dread team.

/u/monser

1 points

5 years ago

Really congratulations, Chapeau

/u/happyshopper

1 points

5 years ago

damn wish dream stuck around for this...

/u/superbhuka

1 points

5 years ago

I am not religious, but if there is in fact a god, he shall bless you and all the people involved! You could've made a fortunate out of this and yet you decide to let everyone use it for free. I have never experienced this uptime of empire. Love you

/u/happyshopper

1 points

5 years ago

damn wish speedstepper stuck around to see this...

/u/Sankhara

1 points

5 years ago

Very good work! Well done :)

/u/Phreak

1 points

5 years ago

Thank you for the release /u/Paris!

I have been eagerly anticipating this and look forward to reviewing the code.

Some great discussion taking place in the comments re: beating the captchas using ML. Good food for thought.

Have a great day everyone.

/u/premium_sand

1 points

5 years ago

i like that its free for all to use.

/u/elbee69

1 points

5 years ago

This is seriously one of the least disability friendly CAPTCHA I've ever seen.

I hope that there's an option for the visually impaired.

/u/plutoexpo

1 points

5 years ago

BLOCKCHAIN FOR DREAD. HAVE YOU GUYS EVEN CONSIDERED THIS?

/u/Paris 📢 A

1 points

5 years ago

No. It wouldn't provide much more value than Monero if I was to spend the months it takes to code and do the math work.

/u/plutoexpo

1 points

5 years ago

What if it was a progressive one time coding? Reaps benefits over time right?

/u/Paris 📢 A

3 points

5 years ago

What in gods name is a "progressive one time coding?" Is this code that believes in womans rights and wants blacks to be free? lol

I don't know what you are getting at but dread is in a healthy financial state and we don't need to do an ICO to try and earn more funds to keep things running.

/u/MyDickDidGrow

1 points

5 years ago

Cause you to grow a bigger dick than the asshole DDOSER (true *figuratively*, lies *probably*)

Literally, not figuratively or probably. My 5-inch chode grew into a 10-inch beer can thanks to The EndGame.

/u/Big_Mac

1 points

5 years ago

the end is the new start

/u/twocool

1 points

5 years ago

Is this implementation why dread was down yesterday?

/u/kushbaby

1 points

5 years ago

How to get this to implement on my website?

/u/Paris 📢 A

1 points

5 years ago

There is a readme. Follow it and you can do it!

/u/Della

1 points

5 years ago

Sounds great though I understand about 0.01% of tech related to ddos attacks. Sound like you know what you are doing so thumbs up lol ????

/u/bigdope

1 points

5 years ago

update your canary paris

/u/Paris 📢 A

1 points

5 years ago

oh shit now I'm useless. All updated.

/u/Kend69

1 points

5 years ago

FInally I can piss out of my ass in piece

Thanks Paris :)

/u/MDUK

1 points

5 years ago

this is a wicked post need more like this all the best guys stay safe

/u/katanunu

1 points

5 years ago

Only been here for a few weeks, but your guys are doing great work. Thanks!

/u/xhrecernit

1 points

5 years ago

Thank you so much for doing it and publishing it for free!

/u/DurbanPoison

1 points

5 years ago

ur captcha has gone main stream..
https://twitter[.]com/nc2y/status/1265653864356892673

the comments are people trying to solve it. lmao

/u/shit_on_milky

1 points

5 years ago

Meh fuck em ... the capctha is so tiny part of it and can be tweaked easily . Fact is Sites have been up for 4 weeks +.

/u/bat-thorn

1 points

5 years ago

why is it called the end game? is it avengers inspired?

/u/TakingXans

1 points

5 years ago

I fucking love yall and all the effort you put into running this community for us. Thank you.

/u/TenPester

1 points

5 years ago*

I think the effort and collaboration that went into this is superb.

That said, you may want to be cognizant of divulging the upstream projects / libraries you're making use of.
All it takes is one dodgy pull request to be accepted..

Edit: Have had a look at the README, and it's super clear on which external packages it uses. Bravo.

/u/nsa_advisor

1 points

5 years ago

What about as additional protection is to give some math quiz or general question quiz
1. e.g. math quiz like )3+5( * 4 - ((7 + 3)
brackets intentionally made this way to confuse machine learning

2. general question quiz, like e.g. show planets in order and enter the name of planet with rings or smth like that.
3. show some famous comic superheroes and asking their name, of combining superheroes parts. show batman head and body of spiderman and asking what superheroes parts found here
"batman spirderman"

/u/Paris 📢 A

1 points

5 years ago*

Text characters are specifically what machine learning is built to identify. Text based captchas are extremely broken against even the more simple machine learning scripts. It's not like you can really change the character shapes either. With icons you can rotate and change them up in a way where it's much more modular. Then you can obscure it with multiple icon backgrounds which are confusing to computers to identify what icon goes where. However that all falls on the face when the machine learning script can mass test multiple hundreds of thousands of captchas to build a really good model.

Question quizes would need to be hard coded and thus are designed to be broken by even the most simple script kitties.

Image recognition libraries are specifically designed to recognize those kinds of identifiable markers.

/u/[deleted]

1 points

5 years ago

I am pretty sure with 1. probably 50% of dread users would not be able to access dread ever again.
With 3. i would not be able to access dread ever again :D

/u/Socialist

1 points

5 years ago

FREE AND OPEN SOURCE WTF

I expected it to be proprietary huge ups to you guys

/u/[deleted]

1 points

5 years ago

Thanks!

/u/AANVOER

1 points

5 years ago

thanks paris for your hard effort always. the only man we can always count on.

/u/hellwind

1 points

5 years ago

Amazing, thank you a lot for giving a proper blow to all those wannabe kids and LE trying to DDOS Forums and Markets, with the hope of getting paid for stopping or believing to stop the online drugs selling activities.

You Team up and made something amazing, and above everything, you shared this to community!

AAA+++!

/u/[deleted]

1 points

5 years ago

gOOD JOB /u/Paris

Regards, your boy

-bK

/u/g00chy

1 points

5 years ago

/u/Paris: Can or should Whonix be used with this? What do you recommend for the backend infrastructure to support scaling and high availability/high performance? Is there an example server layout diagram you show?

/u/skizm88

1 points

5 years ago

Nerd. Funny ass nerd tho.

/u/Tragbarer

1 points

5 years ago

Why white house not using the same captcha you and empire have?

/u/pigtownblues

1 points

5 years ago

I just got the new captcha down and feel like a genius! These things are one hell of a puzzle!

/u/workhard

1 points

5 years ago

I just logged in to contact someone, but it took me forever to solve the new captcha. I preferred the 9 dots thing

/u/RiteAid

1 points

5 years ago

Rounds of appalause to EVERYONE!!! INVOLVED!!!!!!<3
-RiteAid

/u/shatshack

1 points

5 years ago

wow. this community on its own amazes me everytime with its security abilities!
ill be looking out for it on git, hope i can learn a lot from it

/u/[deleted]

1 points

5 years ago

congratulations, its fantastic!

/u/exoconnazennnnc

1 points

5 years ago

.tzg what extention is that

/u/Paris 📢 A

1 points

5 years ago

tzg is a tar archive which has been compressed with gnu zip. It's a shorthand of .tar.gz. You can extract by doing

tar zxvf EndGame-v1.tgz

/u/moscowlegend

1 points

5 years ago

good work

/u/killjoy

1 points

5 years ago

Its very nice, but Empire customers spend a lot of their time repeatedly messaging admin about unsettled disputes and scammers who continue on unchecked. So tbh this will only increase the amount of work you don't already do and further alienate your customers, some of the other markets are starting to look a lot more appealing now. In order for Empire to "make it look like you know what the fuck you are doing" just forget the 'End Game' and concentrate on the 'Beginning of The Game' and all the basic things you need to do before getting all lofty. No offense.

/u/Paris 📢 A

1 points

5 years ago

Sounds more of a critique of Empire than of EndGame. EndGame gives darknet sites a foundation to stand on. As such they have more uptime. I'm not apart of Empire and neither is EndGame. EndGame is a tool darknet sites can use and nothing more. Don't think because EndGame is on a site that gives us any control of their site itself. Got a problem with them take it up with them.

/u/NewBastille

1 points

5 years ago

So its the end of ddos era? Hope so

/u/liveordie

1 points

5 years ago

Where i can upload iformations about somebody to destroy him!

/u/Paris 📢 A

1 points

5 years ago

Nowhere on here or you will be banned for the rest of eternity.

/u/liveordie

1 points

5 years ago

no i ask for some site in this hiden web community!

/u/kingstone06

1 points

5 years ago

great!!

/u/guilt

1 points

5 years ago

Thumb up to yall involved in this

/u/bojak

1 points

5 years ago

Unfortunately, I didn't understand much...

/u/Daeva

1 points

5 years ago*

Thank you.

/u/Raspberry

1 points

5 years ago

It seems the EndGame module now needs to be updated once again, considering a troll has already bypassed it and now spamming "HEIL HITLER" in posts.

/u/Paris 📢 A

1 points

5 years ago

Just the captcha portion. Which is fine but a pain in the ass. Still got to update the dread one too.

/u/satoshisnipple

1 points

5 years ago

It's really no surprise /u/Paris that the captcha you created has been beaten within hours. You made something that can be defeated easily programmatically but is a PITA for humans.

I appreciate the effort - it's actually some decent work - but stop trying to re-invent the wheel.

/u/Paris 📢 A

1 points

5 years ago

Easily? The guy used fucking machine learning to do it. It was so strong a person couldn't program a computer to know what to do so that he built a training script to have a computer process train another computer process to figure it out.

I have to re-invent it because there regular simple ones are easily bypassed. The harder ones need machine learning to get it done.

/u/satoshisnipple

1 points

5 years ago

Yes, as you've seen, that is easy. You described a very simple, straightforward and cheap machine learning process.

I already told you that the captcha you created would be simple for ML but hard for humans. That's the opposite of what you want.

/u/Paris 📢 A

1 points

5 years ago

It was broken easily because the generator was published openly. As such he used it to mass train the machine learning in a way which wouldn't have been possible if I kept it private.

/u/satoshisnipple

1 points

5 years ago

Ok brother. If you're looking for inspiration take a look at Empire's login captcha. The black lower case characters on the lines. Relatively easy for humans but complex for ML. Nothing is perfect but that one is decent.

/u/Paris 📢 A

1 points

5 years ago

That one is already broken. It was broken by a hacker group within like 2 weeks I believe.

/u/outofthyme

0 points

5 years ago

[removed]

/u/satoshisnipple

1 points

5 years ago

I literally used the word "appreciate" in my post. And I do happen to have some expertise in ML and Neural Networks. I'm sure /u/paris has some skills that I don't, that's a nice but irrelevant comment you made.

Filling in a harder captcha does not equal less spam as you seem to imply. The captcha should be a balance of something that is easily recognizable by humans but hard to automate. None of /u/paris efforts so far meet that criteria.

/u/Paris 📢 A

1 points

5 years ago

Hey man no need for words like that. It is OK to criticize me. I always take that as feedback to be better. It doesn't mean anyone is right or anyone is wrong but the solution is working together. At the end that is what endgame hopes to achieve. Cooperation regardless of differences to create a better world for all.

/u/satoshisnipple While I don't agree that making a harder captcha doesn't directly result in less spam (because from my side it 100% does lol) there is a balance. It's very hard to find and I'm always trying to figure out the best course of action. It's hard without JavaScript because we must rely on the image itself.

/u/SonicWoof

1 points

5 years ago

its only Work On Debian?

/u/Paris 📢 A

1 points

5 years ago

Yes. Only Debian 10. You can put it into a container though if you want.

/u/lance_brown

1 points

5 years ago

is this new captcha is what you meant by endgame?

/u/Paris 📢 A

1 points

5 years ago

The captcha is only a part of endgame itself. Most people think that the captcha is there because of DDOS but it's really not. It does help with bots and does allow us to kick people to the captcha if they are misbehaving. The captcha in this endgame is not new and when I get the git online I should be pushing the latest one.

/u/yourdarkestnightmare

1 points

5 years ago

This is a great thing to come back to. Uptime has been perfect for me over the past month. Great work guys.

/u/findmolybdenum

1 points

4 years ago

I have a order ongoing on your market but i cant get past the recent pgp on the log in page what do you suguest ? thanks

/u/Paris 📢 A

1 points

4 years ago

You are talking to the wrong person. Dread isn't a market and we don't control any markets.

/u/VivaFrance

1 points

5 years ago

Amazing shit right here Paris!!

A couple of questions for speeding things up. If proxying traffic to a private v3 from the EndGame nodes, it will obviously be pretty damn slow for the end user, any ideas on how to make this is fast as possible?

Thinking HiddenServiceNumIntroductionPoints should be the maximum 10 for the private v3.. Right? Anything else I can do to speed tings up? Should I use separate private v3's for each EndGame node, or would it be better to use the same and hope tor will create a fast circuit over time with the 10 introduction points?

Right now I would say proxying to a onion is working too slow to be feasable, so any pointers on making it just a tiny bit faster would make the day.

Thanks!!

/u/Paris 📢 A

2 points

5 years ago

A couple of questions for speeding things up. If proxying traffic to a private v3 from the EndGame nodes, it will obviously be pretty damn slow for the end user, any ideas on how to make this is fast as possible?

If you need it as fast as possible boot up a secondary Tor process on the same system to handle the outgoing to the core service. You can also setup a one-hop connections if you don't need to worry about the privacy of your systems. It will never be as fast or stable. as a local connection but it would be less latency
than what is default.

Thinking HiddenServiceNumIntroductionPoints should be the maximum 10 for the private v3.. Right? Anything else I can do to speed tings up? Should I use separate private v3's for each EndGame node, or would it be better to use the same and hope tor will create a fast circuit over time with the 10 introduction points?

The reason why we don't use 10 (or well 20 is the max for v3 onion services) is simply because we want the onion to look like others. It also reduces the guard node load on first boot which helps a lot for stability under attack and makes it to not exhaust the introduction points as quickly when an introduction cell attack goes. That is also one of the reasons why we don't use the ddos defense system that Tor created because it does nothing but hurt the service's uptime when getting attacked with the introduction cell attack.

If you want the connection fast you got to do it locally.

/u/speakintongues

0 points

5 years ago

***Claps hands!

/u/obsolete

0 points

5 years ago

This is a very generous contribution to the community. And we appreciate it.

/u/BarGiant

0 points

5 years ago

Right. It took me 15 or 20 attempts to get in! After today I'm not coming back until this is changed. I don't really have much call to come here often anyway. This is a classic case of smug people trying to be smart when this trash is actually to the detriment of the people who visit the site. What a farce.