Question about amount of work

[IlyaRice]

May I ask? How have you managed to process so many GPTs? I see that you have extracted instructions from 1000+ GPTs. It sounds like an insane amount of manual monotonous work.

[IlyaRice]

And I also tried to figure out your idxtool script. If I got it right, it only helps you with .md template creation, but not with prompt and knowledge files extraction. Am I right?

[0xeb]

Question 1: hard work TBH. Notice the commit log and how it slowly grew. There's some semi-automation involved and working smart too.
Question 2: Correct, idxtool is just to parse the files, rename them and update the TOC file. It does have the template making aspect, but it is really simple. No prompt extraction happen there. It is manual work to some degree. After you deal with 1000s of GPTs you figure out how to leak the prompt in a single request.

You might be interested in the upcoming talk I am presenting about this research work @ REcon Montreal next month.

[LouisShark]

This is indeed a repetitive task by hand, and after I completed the initial structural work, the subsequent prompt growth was largely done by @0xeb

[LouisShark]

However, most of the prompt injection rules are already in the readme, and most GPTs can be cracked， if you want,you also can create pr and share some prompt inject with us

[LouisShark]

I really want to complain about OpenAI here, they blocked my account and caused me to be unable to continue working, and I also don't plan to pay them again🙂

[IlyaRice]

After you deal with 1000s of GPTs you figure out how to leak the prompt in a single request.

Do you mean that prompt injection from the readme repository? Or do you have something even more curious up your sleeve?

I also had fun hacking GPTs, though not in such an insane amount and only those who themselves encouraged to be hacked. I cracked around 30 or 40, I think. Even won $100 by hacking one of them first!)
BTW, nowadays pulling out knowledge files might be pain in the ass. OpenAI fixed issue with one shared environment for all GPTs, so the trick with extracting GPT's files different GPT isn't working.

[LouisShark]

More prompt injection techniques can lead to insecurity, so I rarely add new cracking methods in the readme afterwards
Actually, I think the reason why my ChatGPT account was blocked has to do with this as well

[IlyaRice]

You might be interested in the upcoming talk I am presenting about this research work @ REcon Montreal next month.

I am very, very interested in listening to your presentation!
Is REcon an exclusively offline event? Will there be any recordings available?

By the way, I have developed a couple of my own methods for hacking GPTs, and I'm sure I can surprise you. One of my methods is quite amusing as it simulates an entire theatrical performance with multiple GPTs in one chat using the mention feature. I would be delighted to share and exchange experiences. Do you have Telegram, Discord, Facebook or LinkedIn messenger?

[0xeb]

REcon hopefully will be recorded and released the year after, but the slides will be available soon. I don't go through the technique but just the peculiar stuff that I ran into during this research. I have no interest in collaborating at the time being. My motivation is the prompt protections found in GPTs (see the protecting GPTs section). I might be writing a few more articles on TheBigPromptLibrary in the coming future, and you are encouraged to contribute there.

I prefer not to participate in contests as it is too cheap to disclose the method for 100$. Not worth it.

File retrieval is straightforward if the Python interpreter is enabled. So test for that first. If it is disabled, then file extraction can be tedious.

[0xeb]

And finally, before we close this thread, I hate the term ‘cracking’. One is just talking to the LLM, nothing more.