mIRC Homepage
Posted By: furriner67 enciphered host name - 24/12/19 08:46 PM
On a particular chatroom, we have;

[20:38] Rudolf is Mibbit@F106E8CA.CF432A26.70DE1124.IP * http://www.mibbit.com

How do I decipher this to produce an IPv4 or IPv6 IP address?

Thanks for help.
Posted By: WKN Re: enciphered host name - 25/12/19 04:48 PM
The hostname is masked/cloaked to NOT provide the IP/DNS information to public. Real IP/DNS information only accessible by network staff (admins and ircops) on those networks.
Posted By: maroon Re: enciphered host name - 25/12/19 06:36 PM
I'm not sure of the exact scheme, but it's something like, where the ipv4 address is a.b.c.d the scramble is hex1.hex2.hex3.IP and the hex are created like

hex3 = md5(c.d secret)
hex2 = md5(b.c.d secret)
hex1 = md5(a.b.c.d secret)

The md5 is longer, and they only return 8 of the hex digits, i'm not sure which 8. Not sure if they would have updated to sha1, because of the need to perform this hash so frequently. Once you know the exact format for the input to the md5, you'd still need to know the secret, and it's not necessarily the same secret for each function.

md5 is a one-way hash, so it's not like encryption where you just decrypt it if you know the key. Also, because they hide 24 of the 32 hex digits, there are lots of secrets which would create those matching 8 hex digits.

Probably the best you're going to do is know that everyone who has the same hex3.IP string as you have is going to have the same a.b portion of their ipv4 matching.

I don't know how they scramble ipv6's.
Posted By: Raccoon Re: enciphered host name - 26/12/19 01:00 AM
the parts are probably (a.b.c.d) . (a.b.c) . (a.b) . IP
as opposed to the a.b.c.d + b.c.d + c.d model you suggested.

there's also no reason they necessarily stick to 8-bit boundaries; they could also be using 12x.12y.8z bit boundaries.
(x.y.z) . (x.y) . (x) . IP
Posted By: furriner67 Re: enciphered host name - 26/12/19 09:11 AM
If I understand you correctly, you are going from IP to a.b.c.IP

What if I want to go the other way, from a.b.c.IP to IP?

Is there an algorithm for that?

Thanks.
Posted By: FroggieDaFrog Re: enciphered host name - 26/12/19 09:24 AM
There is not a way to decipher the host address to an IP. The server/service is obscuring the IP. For purposes of channel bans, ignores, etc the address will remain the same for a specific ip.

That is, for example, if the IP address is 0.1.2.3 then the resulting masked host will always be a.b.c.ip
© mIRC Discussion Forums