What's new
By:
  • Visit Rebornbuddy
  • Visit Panda Profiles
  • Visit LLamamMagic
  • Visit Resources
  • Visit Downloads
  • Visit Portal
RebornBuddy Forums

Register a free account today to become a member! Once signed in, you'll be able to participate on this site by adding your own topics and posts, as well as connect with other members through your own private inbox!

[Q] Is it possible to do IP lookups on who is using a key?

A

AutomaticCoding

New Member
Joined
Dec 20, 2011
Messages
1,091
kYXOlRk.png


I was using Hearthbuddy, but, I've not touched Demonbuddy in months, I don't even own a copy of Demonbuddy any more. Obviously, it's never a good sign to see a bot with negative running time that you're not running, so, I'm going to assume it's a bug, but, I'd still like to be sure my BuddyAuth/BuddyKey isn't compromised.
 
You can't look it up yourself, buddy staff can. Contact the support.
 
Actually, I just realized this isn't even my key:-

vLPNkM4.png


This key starts with 55, my key starts with 6l:-

msMP9U7.png


It would appear as though there's some sort of database lookup error surrounding my account.

EDIT:- Just tested Demonbuddy with this phantom key (I assume it's someone else's legitimate key):-
EbJsctr.png


It does auth me, compared to running with a fake key:-
F4Cp0Yx.png


So, yeah, database lookups and leaking serial keys. *Yay*. I'd change the key for the other user (As now, theoretically, I have it), work out the issue, and, hope to god it's not a global issue with everyone's serials being leaked.

For reference, considering the serial is 20 hex-bytes long, and, I've given away the first 12 bits (Plus a sha512sum of a salted version of the serial, which I've since removed), that's sixty eight bits worth of entropy, not amazing, but, enough to actually break it, so, staff really should go about changing this user's serial key, for security of both me knowing it, and, what I've posted.
 
Last edited:
You must log in or register to reply here.
Back
Top