Weblog

Latest Entries

01
Jun
2012
Categories: Meetings

Today we have celebrated the 25th Anniversary of 2600 meetings. There were only six of us, all "old timers" so everyone knew each other for years and it was nice to catch up on things. The meeting coincided with the Defcon CTF quals, so a lot of people were busy hacking and could not make it. After hanging out at EC4 for a few hours, we have gotten a table at the Schroeders restaurant to mark the occasion. This place is associated with good times for many of us, so we have worked with the management to possibly return the meetings there in the future.

Posted by iphelix

Comments

05
Nov
2011
Categories: Meetings

During the November meeting we have discussed the phreaking culture of 70s and 80s, traded nostalgic stories about boxing experiments and played a bit with Project MF mentioned in the previous post. There were several hacker themed documentaries playing on the projector: Hackers - Wizards of the Electronic Age, Hackers '95, video recordings of wardialers and BBS door games from the era.

Posted by iphelix

Comments

15
Oct
2011
Categories: History

There is another notable anniversary this month. Exactly 40 years ago, an article titled Secrets of the Little Blue Box was published in the October 1971 Esquire magazine. The article has shown how Blue Boxing could be used to get control over telephone company's switching equipment. It contains interviews with Captain Crunch, Joybubbles and several other phone phreaks which helped to popularize the phone phreaking culture. For example, after reading the Esquire article, Steve Wozniak aka "Berkeley Blue" built and sold blue boxes to help fund his other pet project - Apple I.

The days of blueboxing are long gone; however, you can still relive the glory days of phone phreaking thanks to Project MF. The project has set up a public Asterisk box with patches to enable in-band signaling thus allowing you to use the 2600 Hz tone. The number for the Asterisk box is 630-485-2995. If you don't feel like building a hardware blue box, there are a number of software based blue boxes including Android and iPhone apps. Enjoy!

Posted by iphelix

Comments

02
Jun
2011
Categories: History

This month marks exactly 40 years since the first publication of YIPL (later renamed to TAP) in June 1971. Long before 2600, there was YIPL or Youth International Party Line - a publication started by the YIPPIEs founder Abbie Hoffman and "Al Bell". Its mission was originally to disseminate information on fighting monopoly, specifically Ma Bell. Here is an excerpt from the very first issue:


Published						     June, 1971
Monthly

	       THE YOUTH INTERNATIONAL PARTY LINE'S FIRST ISSUE

			       We at YIPL would
				 like to offer
				   thanks to
				all you phreeks
		      out there.  Most of you who are now
		receiving this met us in Washington on Mayday,
	       where we distributed 10,000 promo flyers.  So far
	       we have received over 50 responses, complete with
	       contributions, encouragement, and spirit.  We may
	       not have done well percentage-wise, but the fact
	    that there are 50 people all over the country willing
	    to fight back speaks for itself.  We are sure that from
	    the spirit of response, YIPL membership will really
	    skyrocket.	However, more important than our numbers,
	    in our opinion, is the feeling and motivation for this
	    movement.  The disappointment we feel toward Amerika has
	    turned to hatred as we saw the futility of the movement
	    to improve it, and to frustation as our outside efforts
	    were repressed and forbidden.  But we did NOT turn our
	    backs on the movement for change.  YIPL believes that
	    education alone cannot affect the System, but deucation
	    can be an ivaluable tool for those willing to use it.
	    Specifically, YIPL will show you why something must be
	    done immediately in regard, of course, to the improper
	    control of the communication in this country by none
	    other than the BELL TELEPHONE COMPANY.

	    So if your friends want to get in on the fun, let them
	   read your newsletter, and you might want to research your
	  own questions in your local library, and help to start the
	 education of your community of the phone company's part in the
	war against the poor, the non-white, the non-conformist, and in
       general, against the people.  Show your neighbors, friends and the
      representatives of your area how the Bell System and the Amerikan
     government are co-conspirators.  If your friendscan't subscribe to
    YIPL, that; is cool, is convenient for our small staff, and is right on
   if they can send a buck as a donation and read your newsletter.  We also
  need stamps, letters, and envelopes, which maybe they can get from their
  office at work.  Because we are already sending out issues to people short
 on bread, we really do need this kind of help.  We will report on all of our
 finances from time to time, and if you can dig it, we will probably need some
 kind of bail fund set up.  If any YIPL busts happen, we'd like to ask you all
  in advance to work extra hard for the cause.	People, thanks again.  Love

In addition to a large number of color box schematics (e.g. Red Box, Black Box, and the all time favorite Blue Box), the magazine has published several controversial articles like How To Not Get Caught Making Fake Credit Card Calls, The Burglar's Tool Box, and others on the topics ranging from home-made explosives to computer hacking.

In 1973 Al Bell renamed the publication to TAP (Technological American Party) - The Hobbyists Newsletter For The Communications Revolution to reflect its role as a technical resource covering a wider array of technical topics with less "political crap". The publication has changed editors twice with Tom Edison taking over in late 70s until his apartment was firebombed at which point Cheshire Catalyst kept the publication running until its death in 1984. Most of the TAP/YIPL readers have switched to the shiny new phreaker/hacker publication at the time called 2600: The Hacker Quarterly which started printing the very same year TAP/YIPL died. As a result, 2600 Magazine was directly influenced (and still is) by the ideals first set forth in YIPL.

Interestingly there were several brief attempts to resurrect TAP from the ashes first in 1989-1991 by Aristotle and Predator and later in 2009 by John Galt. Ultimately both attempts failed to live up to the heydays of the original publication.

In celebration of YIPL's anniversary join me by leafing through some of the old issues online provided courtesy of textfiles.com and Green Bay Professional Packet Radio.

Fuck Ma Bell!

Posted by iphelix

Comments

07
May
2011
Categories: Meetings

Another fun meeting. During the initial gathering at EC4, it was really interesting to take a look at a copy of Steve Jackson Games' GURPS Cyberpunk. The historical significance of this manual is that Steve Jackson Games was raided by Secret Service during their investigation of Loyd Blankenship also known as The Mentor. During the raid Secret Service seized a manuscript of GURPS Cyberpunk which they called a "handbook for computer crime." Naturally, it was a huge stretch to call anything written in Cyberpunk remotely practical hacking; however, it does contain interesting descriptions of phreaking, encryption cracking, trashing, and in a typical 80s cyberpunk fashion - a howto on breaking ICE.

We have moved to Elephant and Castle later that evening. There was an interesting discussion on the Playstation Network Hack as well as the role that Anonymous Group may or may not have played in the attack. The discussion has progressed to "voluntary botnet" organized by Anonymous in order to launch the DDOS attack against Sony. The primary tool of choice used in this attack was LOIC which was voluntarily used by individuals to participate in the act equivalent to a classic civil disobedience tactic. Interestingly, the tool (intentionally or unintentionally) has very predictable attack patterns susceptible to detection and filtering.

Another memorable discussion during the meeting (before beer content reached critical levels) was the discussion on the use of computer science methods such as formally proving the correctness of a security system and problems you might encounter in dealing with today's complex systems. If you are interested in learning about current research in this area, be sure to check out Towards a formal theory of computer insecurity: a language-theoretic approach presentation.

Posted by iphelix

Comments

01
May
2011
Categories: History, Meetings

I came across an interesting San Francisco Chronicle article titled Outlaws on the Cyberprairie published on April 02, 1995. The article is interesting from a historical perspective as it captures one reporter's view of San Francisco 2600 meetings of more than a decade ago. Let's look at the article and see how much have things changed in 15 years.

Near a row of pay phones in an Embarcadero Center plaza, the early birds are hovering over white picnic tables wedged between a Mrs. Fields and a wine bar.

Today, the meeting still takes place in Embarcadero 4 plaza. However, pay phones have long made place for wall advertisements. There are no longer any picnic tables and a wine bar is long gone.

Mostly young men, they wear the grunge fashions of plaid shirts, ski caps and baggy pants. They show off cellular phones, hand out copies of pirated software and swap stories about how to add value to a BART card without paying. A few older men sport survivalist wear -- army fatigues and fly-fishing jackets. The men with natty blazers and polished shoes are computer security specialists.

The audience haven't changed much in years, most attendees are in their teens and twenties with a few older members. Although most of us have jobs and prefer regular jeans to baggy pants and army fatigues. People are still showing off their cellular phones loaded with the latest and greatest iOS, Android, and other variety. There is no longer any need to exchange pirated software as most of the interesting titles are available for free with complete sources. The "men with natty blazers and polished shoes" no longer attend 2600 meetings to learn about the latest and greatest attacks on their networks. The security industry has grown exponentially since mid-90s. Today's security professionals have their own professional information security conferences (RSA) and meetings (baysec).

In keeping with the anarchic hacker ethos, the meeting has no agenda. Conversation among the 25 hackers turns to one of their own who made it to the front page of the New York Times: Kevin Mitnick, the reputed "Billy the Kid" of the Internet...

The number of attendees stayed roughly the same and so did the agenda - everyone is free to share whatever topic they are interested in.

An hour into the hackers meeting, the information begins to flow like beer at a keg party with little concern for legality or ethics -- or whether a cop mingles with the throng. A high-tech show-and-tell begins spontaneously. Some refer to textbooks they've brought along: "Introduction to Computing" and "Cellular Phone Principles and Design." Security experts trade information with young hackers.

While there is indeed a free flow of information over the years the topics tend to steer clear of something outright illegal or unethical. This is partially due to the learning to hack process no longer requiring "borrowed" powerful computers from corporations. Today an entire complex network of systems can be virtualized on a single reasonably powerful desktop computer. Hacking has never been more about the pursuit of knowledge as it is today.

At the end of the hackers meeting, a few head out to Harry Denton's for post-meeting drinks. Others go home to parents for dinner or to their bedroom computer to try a few new tricks. As they bade each other farewell, an Embarcadero security guard in a brown uniform cleaned up the litter of milk cartons and cigarette butts.

We call it 2621 aka 2600 for 21+ year olds, but the idea is the same. I have never seen anyone drink milk during the meetings, but then again times have changed ;-).

The article has some hints of sensationalism especially in its coverage of Kevin Mitnick saga; however, in retrospect this serves as another pointer of the long gone era.

Posted by iphelix

Comments

07
Apr
2011
Categories: Other

HA! another company. Take a look at the below email. It's always funny when you receive an email like the one below.

"On April 4, we were informed by Epsilon, a company we use to send emails 
to our customers, that files containing the names and/or email addresses 
of some Crucial customers were accessed by unauthorized entry into their 
computer system.

We have been assured by Epsilon that the only information that may have 
been obtained was your name and/or email address. No other personally 
identifiable information that you have supplied to Crucial was at risk 
because such data is not contained in Epsilon's email system.

For your security, we encourage you to be aware of common email scams 
that ask for personal or sensitive information. We will not send you emails 
asking for your credit card number, social security number or other 
personally identifiable information. If ever asked for this information, you 
can be confident it is not from Crucial.

For your security, however, we wanted to call this matter to your attention. 
We ask that you remain alert to any unusual or suspicious emails and remain 
cautious when opening links or attachments from unknown third parties. Our 
service provider has reported this incident to the appropriate authorities.

We regret this has taken place and for any inconvenience this may have 
caused you. We take your privacy very seriously, and we will continue to 
work diligently to protect your personal information."
Lucky for me this was in my spam email address, but it serves as a great example of the tight security out there. I Wonder if a bank would ever email me something like this?

Posted by shazbot

Comments

06
Apr
2011
Categories: Challenges

Congratulations to dbsynergy for solving the first SF2600 challenge! nodus and yotta completed the challenge second and third respectively.

To celebrate the completion of the site, a hacking challenge was posted in the Terminal section. The challenge involved reversing of the algorithm used to encrypt passwords of JS/UIX OS and recovering of the root password.

Below are several code snippets used to solve the challenge. Everyone found the encrypted password in jsuix_krnl.js and correctly reversed the algorithm:

//dbsynergy's Quick 'n Dirty Solution
//-------------------------------------------------
var printable = new
Array('a','b','c','d','e','f','g','h','i','j','k','l','m','n','o',
'p','q','r','s','t','u','v','w','x','y','z','A','B','C','D','E',
'F','G','H','I','J','K','L','M','N','O','P','Q','R','S','T','U',
'V','W','X','Y','Z','1','2','3','4','5','6','7','8','9','0','-',
'=','[',']','\',';','\'',',','.','/','_','+',
'{','}','|',':','"','<','>','?');

var decrypted = '';
var currentTest = '';
for(var i=0; i < conf_rootpassskey.length; i+=2){
      for(var p=0; pprintable.length; p++){
              if(krnlCrypt(currentTest+printable[p]) ==
conf_rootpassskey.substr(0,i+2)){
                      currentTest += printable[p];
                      continue;
              }
      }
}

This algorithm has a slightly longer runtime, because it iterates over entire alphabet. This can be optimized a bit more by decoding the string character by character as as done in the next example.

#nodus's Algorithm Decode Solution
#--------------------------------------------------

import re
#from line 50 of jsuix_krnl.js
hashed='735ABB3DBD9AFA7FF2DE4C'
pairs=re.split('(..)',hashed)
while '' in pairs:
   pairs.remove('')

#got this from the js console in chromium with
keys=[14, 122, 255, 33] 
console.log(crptKeyquence)
numbers=[]
for str_pair in pairs:
   numbers.append(int(str_pair,16))

count=0;last=0;numbers2=[];string='';

for i in numbers:
   number = (i-last)-keys[count%4]
   while number <1:
       number+=256
   count+=1
   last=i
   #string+=(ascii[i])
   numbers2.append(number)
for i in numbers2:
   string+=(chr(i))
print string

It took nodus a bit longer (15 minutes to be exact) to write a complete decoder. While the code looks a bit longer, it is actually more efficient (no nested loops and reverses the algorithm character by character).

iphelix's Masochist Calculator Solution
---------------------------------------
If you feel like torturing yourself a bit, you can
solve the puzzle manually with a piece of paper 
and a calculator ;-)

The algorithm went along something like this:

Hash = 73 5A BB 3D BD 9A FA 7F F2 DE 4C
Salt = 0e 7a ff 21

0x73 - 0x0e - 0 [+0x100]    = 'e'
0x5A - 0x7a - 73 [+0x100]  = 'm'
0xBB - 0xff - 5A [+0x100]   = 'b'
and so on...

Well I hope everyone enjoyed the challenge, I will cook up something more evil for the next one.

Feel free to design and submit your own challenges to the site.

Posted by iphelix

Comments

04
Mar
2011
Categories: Meetings

This was one of our best meetings to date in part due to excellent amenities offered to us by Elephant and Castle restaurant. After the usual chitchat at Embarcadero 4 we moved to a private room at the restaurant where DFY gave us a presentation on Kerberos protocol. An organizer from Bay Area Hacker's Association advertised the upcoming monthly meeting taking place at Noisebridge hacker space.

The rest of the evening we have spent planning for Defcon CTF competition and discussing random technical topics while playing various hacker related movies and documentaries on the projector.

As far as attendance there were about ten regulars as well as three new people at the meeting.

Posted by iphelix

Comments