The random ramblings of a French programmer living in Norway...
← Simple C++ threadingHome-automation experiments →
  Communication protocol exploits
Sun 27th February 2011   
If you found this page using a search engine with the hope of finding any relevant information about exploiting things on the Internet, you are going to be disappointed. What I'm going to write about now was relevant only in a now semi-distant past.

I have to start first with a disclaimer: What you will read is related to events that happened a long time ago, when we were young, stupid and lucky. If you try to do this kind of thing now, you may very well do some jail time and have heavy fines to pay as well.

Stamp reuse

Tools of the trade
Tools of the trade
Back in 1989 I was part of a demogroup called NeXT.

The founders were closely related to a cracking group called The Replicants and happened to use the same mail box address in Marseille1. Soon NeXT got famous2 so we decided it would be a wise move to not use the same mail address as a software cracking group. From this moment we started to use my own home address for all NeXT related communication, which in theory should have been only related to swapping demo disks, source code, disk magazines, etc... only legal things.

In all our productions we clearly stated that we would answer to mail only if the sender provided a self-addressed and pre-stamped envelope, and if necessary blank floppy disks.

This worked fine for a while.

Then one day somebody mixed up the addresses and sent me a large bubble wrap envelope fully packed with cracked software. The problem was not the cracked software. The problem was that this person had the super smart idea to use the UHU Stick trick, and unfortunately the agents at the central post office noticed it.

If you never heard of it, the concept is super simple: Stamps are costly, so why not just reuse them! Of course the problem is to find out how to remove the stamping mark added by the post office.

Well, the solution is super simple: Put the stamps on the envelope and cover them by applying a thin layer of glue. The weapon of choice was the famous yellow UHU stick, just spread a bit of glue on the stamp, wait for it to dry. When stamped the ink will not impregnate the paper and just brushing the surface of the glue will move the ink out. All the correspondent has to do is to steam remove the stamps and reuse them again when sending back the mail3.

One day the postman rang, he had a very serious face and was handling this bubbled wrap letter - covered with stamp marks and big scary red writings. He told me that this was a serious infraction to the Postal Service Code, and that the Postal Administration was considering filling a complain. I pointed out that it was obviously the sender who was in fault, not me... Fortunately I was able to show my good faith, because the postman had other letters for us, each of them had a self-addressed envelope in it, with a clearly written address and legit stamps on them.

He asked me if I knew the person, I answered that I did not know all the persons who were contacting us (because we were famous of course!), and that possibly they could track the culprit by starting investigations from the place where the letter was posted. Obviously he decided that I was being honest because I had no more problems.

Now well, I knew who the moron was, and I told him what I thought of him by phone the very same day.

Booby-trapped floppies

When they were are asked about the dangers of swapping floppies around, most people would think of the risk of being infected by a nasty virus. Sure, they were common threats, and I had my share of these on the Atari ST. The most common one was the Ghost Virus, which was pretty much innocuous by itself: All it did was to copy itself on any other non protected disk you inserted, and after a short while was swapping the vertical axis of the mouse so when you moved the mouse up the cursor would move down4.

So yes, Virus were a nuisance, but they were not as dangerous as booby-trapped floppies which would pretty much physically damage your computer. I know of two methods used to do that, and both involve killing the floppy disk drive.

The first method required some programming, and assumed that the recipient would actually run the program present on the floppy. The idea is to write a program that repeatedly tries to access a track out of the normal use range. The way a floppy drive is built is that the reading head is moving along an Archimedes screw, when the screw rotates in one direction the head moves slowly in one direction, when you reverse the movement it goes in the other direction. If you continue to rotate the head will eventually be stopped, but if you push again and again it will result in the head getting de-calibrated: the drive is never going to be able to read a standard floppy again, because these things need to be very accurately calibrated by special heavy equipment5.

The second method is a lot simpler: Slide open the metal protective door on the floppy disk and put some of your favourite syrup on both sides of the exposed magnetic surface. Then all you have to do is rotate the disk a bit so it's does not look like anything is wrong, put a sticker with an impossible to resist appeal (like "Dungeon Master 1.2 final 101%" or "TCB leaked source codes") and send to your target (generally a high-profile swapper you want to get out of business). If you are lucky enough the person will have read errors on the machine he first tries to use and will try on a second machine as well. Both machine will be unable to read any floppy until the glue-ish syrup is removed from the magnetic head, which will require the opening of the machine, removal of the drive, and very very very gentle care: Touching too much the heads will de-calibrate them.

Fun no?

I guess that post was long enough for today, next one will be about how to make money using the Minitel!

1. The famous 5 & 7 Place des marseillaises.
2. First with The Charts and then with the Phaleon Gigademo.
3. Reusing the envelope by covering the original address is pushing the luck a bit too much.
4. I eventually had to do a pass of eradication of this virus because it was buggy and would destroy the file allocation table if the disk was using a non system standard format.
5. That's the reason why there is some shiny red varnish spots in some places, it's to stop vibrations and keep the assembly in perfect stable position
comments powered by Disqus