THOUSANDS OF FREE BLOGGER TEMPLATES

NOTE: This stuff is only for the knowledge not for any personal usage...

Please don't try this anyways... This is just for the educational purpose not for Hacking Purpose...

From: O&M Enterprise
Oscar & Micheal...

Mar 26, 2008

Cookie Poisoning

Cookie poisoning attacks involve the modification of the contents of a cookie (personal information stored in a Web user's computer) in order to bypass security mechanisms. Using cookie poisoning attacks, attackers can gain unauthorized information about another user and steal his identity.

Detailed Description
Many Web applications use cookies to save information (user IDs, passwords, account numbers, time stamp, etc.). The cookies stored on a user's hard drive maintain information that allows the applications to authenticate the user identity, speed up transactions, monitor behavior, and personalize content presented to the user based on identity and preferences. For example, when a user logs into a Web site that requires authentication, a login CGI validates his username and password and sets a cookie with a numerical identifier in the user's browser. When the user browses to another page, another CGI (say, preferences.asp) retrieves the cookie and displays personalized content according to the values contained in the cookie.

Cookie poisoning is in fact a Parameter Tampering attack, where the parameters are stored in a cookie. In many cases cookie poisoning is more useful than other Parameter Tampering attacks because programmers store sensitive information in the allegedly invisible cookie. For example, consider the following request:GET /store/buy.asp?checkout=yes HTTP/1.0 Host: www.onlineshop.com Accept: */* Referrer: http://www.onlineshop.com/showprods.asp Cookie: SESSIONID=570321ASDD23SA2321; BasketSize=3; Item1=2892; Item2=3210; Item3=9942; TotalPrice=16044;

In this example, the dynamic page requested by the browser is called buy.asp and the browser sends the parameter checkout to the Web server with a yes value, indicating that the user wants to finalize his purchase. The request includes a cookie that contains the following parameters: SESSIONID, which is a unique identification string that associates the user with the site, BasketSize (how many items are in the purchase), the price of each item and the TotalPrice. When executed by the Web server, buy.asp retrieves the cookie from the user, analyzes the cookie's parameters and charges the user account according to the TotalPrice parameter. An attacker can change, for example, the TotalPrice parameter in order to get a "special discount".
Since programmers rely on cookies as a location for storing parameters, all parameter attacks including SQL Injection, Cross-Site Scripting, and Buffer Overflow can be executed using cookie poisoning.

Cookie Poisoning Attack Prevention
Solution....................................................Blocks cookie poisoning?
Imperva SecureSphere.......................YES
Firewalls...................................................No
Intrusion Detection Systems......................No
Intrusion Prevention Systems....................No

Detection of cookie poisoning attacks involves compound HTTP statefulness. The intrusion prevention product must trace down cookies "set" commands issued by the Web server. For each set command the product should store important information such as the cookie name, the cookie value, the IP address and the session to which that cookie was assigned as well as the time it was assigned. Next the product needs to intercept each HTTP request sent to the Web server, retrieve the cookie information out of it and check it against all stored cookies. If the attacker changes the content of a cookie the product should be able to identify that using the information it stores on the specific user. The product must trace application-level sessions and not just IP addresses in order to provide accurate results.

Intrusion Detection and Prevention Systems which are not Web application oriented simply do not provide this functionality. These products are unable to trace users by the application session and are unable to store information on each specific user currently logged into the Web application.

Mar 24, 2008


Top 10 Most Famous Hackers of All Time
Get to know these notorious hackers, famous for wreaking havoc and driving technological innovation.
on April 24th, 2007

10_Most_Famous_Hackers_of_All_Time

The portrayal of hackers in the media has ranged from the high-tech super-spy, as in Mission Impossible where Ethan Hunt repels from the ceiling to hack the CIA computer system and steal the "NOC list," to the lonely anti-social teen who is simply looking for entertainment.
Related Articles
103 Free Security Apps for Mac, Windows and Linux
Protect Your Email Against Threats
Deconstructing a 20 Billion Message Spam Attack
Targeted Cyber Attacks
The reality, however, is that hackers are a very diverse bunch, a group simultaneously blamed with causing billions of dollars in damages as well as credited with the development of the World Wide Web and the founding of major tech companies. In this article, we test the theory that truth is better than fiction by introducing you to ten of the most famous hackers, both nefarious and heroic, to let you decide for yourself.
Black Hat Crackers
The Internet abounds with hackers, known as crackers or "black hats," who work to exploit computer systems. They are the ones you've seen on the news being hauled away for cybercrimes. Some of them do it for fun and curiosity, while others are looking for personal gain. In this section we profile five of the most famous and interesting "black hat" hackers.
Jonathan James: James gained notoriety when he became the first juvenile to be sent to prison for hacking. He was sentenced at 16 years old. In an anonymous PBS interview, he professes, "I was just looking around, playing around. What was fun for me was a challenge to see what I could pull off."
James's major intrusions targeted high-profile organizations. He installed a backdoor into a Defense Threat Reduction Agency server. The DTRA is an agency of the Department of Defense charged with reducing the threat to the U.S. and its allies from nuclear, biological, chemical, conventional and special weapons. The backdoor he created enabled him to view sensitive emails and capture employee usernames and passwords.
James also cracked into NASA computers, stealing software worth approximately $1.7 million. According to the Department of Justice, "The software supported the International Space Station's physical environment, including control of the temperature and humidity within the living space." NASA was forced to shut down its computer systems, ultimately racking up a $41,000 cost. James explained that he downloaded the code to supplement his studies on C programming, but contended, "The code itself was crappy . . . certainly not worth $1.7 million like they claimed."
Given the extent of his intrusions, if James, also known as "c0mrade," had been an adult he likely would have served at least 10 years. Instead, he was banned from recreational computer use and was slated to serve a six-month sentence under house arrest with probation. However, he served six months in prison for violation of parole. Today, James asserts that he's learned his lesson and might start a computer security company.
Adrian Lamo: Lamo's claim to fame is his break-ins at major organizations like The New York Times and Microsoft. Dubbed the "homeless hacker," he used Internet connections at Kinko's, coffee shops and libraries to do his intrusions. In a profile article, "He Hacks by Day, Squats by Night," Lamo reflects, "I have a laptop in Pittsburgh, a change of clothes in D.C. It kind of redefines the term multi-jurisdictional."
Lamo's intrusions consisted mainly of penetration testing, in which he found flaws in security, exploited them and then informed companies of their shortcomings. His hits include Yahoo!, Bank of America, Citigroup and Cingular. When white hat hackers are hired by companies to do penetration testing, it's legal. What Lamo did is not.
When he broke into The New York Times' intranet, things got serious. He added himself to a list of experts and viewed personal information on contributors, including Social Security numbers. Lamo also hacked into The Times' LexisNexis account to research high-profile subject matter.
For his intrusion at The New York Times, Lamo was ordered to pay approximately $65,000 in restitution. He was also sentenced to six months of home confinement and two years of probation, which expired January 16, 2007. Lamo is currently working as an award-winning journalist and public speaker.
Kevin Mitnick: A self-proclaimed "hacker poster boy," Mitnick went through a highly publicized pursuit by authorities. His mischief was hyped by the media but his actual offenses may be less notable than his notoriety suggests. The Department of Justice describes him as "the most wanted computer criminal in United States history." His exploits were detailed in two movies: Freedom Downtime and Takedown.
Mitnick had a bit of hacking experience before committing the offenses that made him famous. He started out exploiting the Los Angeles bus punch card system to get free rides. Then, like Apple co-founder Steve Wozniak, dabbled in phone phreaking. Although there were numerous offenses, Mitnick was ultimately convicted for breaking into the Digital Equipment Corporation's computer network and stealing software.
Mitnick's mischief got serious when he went on a two and a half year "coast-to-coast hacking spree." The CNN article, "Legendary computer hacker released from prison," explains that "he hacked into computers, stole corporate secrets, scrambled phone networks and broke into the national defense warning system." He then hacked into computer expert and fellow hacker Tsutomu Shimomura's home computer, which led to his undoing.
Today, Mitnick has been able to move past his role as a black hat hacker and become a productive member of society. He served five years, about 8 months of it in solitary confinement, and is now a computer security consultant, author and speaker.
Kevin Poulsen: Also known as Dark Dante, Poulsen gained recognition for his hack of LA radio's KIIS-FM phone lines, which earned him a brand new Porsche, among other items. Law enforcement dubbed him "the Hannibal Lecter of computer crime."
Authorities began to pursue Poulsen after he hacked into a federal investigation database. During this pursuit, he further drew the ire of the FBI by hacking into federal computers for wiretap information.
His hacking specialty, however, revolved around telephones. Poulsen's most famous hack, KIIS-FM, was accomplished by taking over all of the station's phone lines. In a related feat, Poulsen also "reactivated old Yellow Page escort telephone numbers for an acquaintance who then ran a virtual escort agency." Later, when his photo came up on the show Unsolved Mysteries, 1-800 phone lines for the program crashed. Ultimately, Poulsen was captured in a supermarket and served a sentence of five years.
Since serving time, Poulsen has worked as a journalist. He is now a senior editor for Wired News. His most prominent article details his work on identifying 744 sex offenders with MySpace profiles.
Robert Tappan Morris: Morris, son of former National Security Agency scientist Robert Morris, is known as the creator of the Morris Worm, the first computer worm to be unleashed on the Internet. As a result of this crime, he was the first person prosecuted under the 1986 Computer Fraud and Abuse Act.
Morris wrote the code for the worm while he was a student at Cornell. He asserts that he intended to use it to see how large the Internet was. The worm, however, replicated itself excessively, slowing computers down so that they were no longer usable. It is not possible to know exactly how many computers were affected, but experts estimate an impact of 6,000 machines. He was sentenced to three years' probation, 400 hours of community service and a fined $10,500.
Morris is currently working as a tenured professor at the MIT Computer Science and Artificial Intelligence Laboratory. He principally researches computer network architectures including distributed hash tables such as Chord and wireless mesh networks such as Roofnet.
White Hat Hackers
Hackers that use their skills for good are classified as "white hat." These white hats often work as certified "Ethical Hackers," hired by companies to test the integrity of their systems. Others, operate without company permission by bending but not breaking laws and in the process have created some really cool stuff. In this section we profile five white hat hackers and the technologies they have developed.
Stephen Wozniak: "Woz" is famous for being the "other Steve" of Apple. Wozniak, along with current Apple CEO Steve Jobs, co-founded Apple Computer. He has been awarded with the National Medal of Technology as well as honorary doctorates from Kettering University and Nova Southeastern University. Additionally, Woz was inducted into the National Inventors Hall of Fame in September 2000.
Woz got his start in hacking making blue boxes, devices that bypass telephone-switching mechanisms to make free long-distance calls. After reading an article about phone phreaking in Esquire, Wozniak called up his buddy Jobs. The pair did research on frequencies, then built and sold blue boxes to their classmates in college. Wozniak even used a blue box to call the Pope while pretending to be Henry Kissinger.
Wozniak dropped out of college and came up with the computer that eventually made him famous. Jobs had the bright idea to sell the computer as a fully assembled PC board. The Steves sold Wozniak's cherished scientific calculator and Jobs' VW van for capital and got to work assembling prototypes in Jobs' garage. Wozniak designed the hardware and most of the software. In the Letters section of Woz.org, he recalls doing "what Ed Roberts and Bill Gates and Paul Allen did and tons more, with no help." Wozniak and Jobs sold the first 100 of the Apple I to a local dealer for $666.66 each.
Woz no longer works full time for Apple, focusing primarily on philanthropy instead. Most notable is his function as fairy godfather to the Los Gatos, Calif. School District. "Wozniak 'adopted' the Los Gatos School District, providing students and teachers with hands-on teaching and donations of state-of-the-art technology equipment."
Tim Berners-Lee: Berners-Lee is famed as the inventor of the World Wide Web, the system that we use to access sites, documents and files on the Internet. He has received numerous recognitions, most notably the Millennium Technology Prize.
While a student at Oxford University, Berners-Lee was caught hacking access with a friend and subsequently banned from University computers. w3.org reports, "Whilst [at Oxford], he built his first computer with a soldering iron, TTL gates, an M6800 processor and an old television." Technological innovation seems to have run in his genes, as Berners-Lee's parents were mathematicians who worked on the Manchester Mark1, one of the earliest electronic computers.
While working with CERN, a European nuclear research organization, Berners-Lee created a hypertext prototype system that helped researchers share and update information easily. He later realized that hypertext could be joined with the Internet. Berners-Lee recounts how he put them together: "I just had to take the hypertext idea and connect it to the TCP and DNS ideas and – ta-da! – the World Wide Web."
Since his creation of the World Wide Web, Berners-Lee founded the World Wide Web Consortium at MIT. The W3C describes itself as "an international consortium where Member organizations, a full-time staff and the public work together to develop Web standards." Berners-Lee's World Wide Web idea, as well as standards from the W3C, is distributed freely with no patent or royalties due.
Linus Torvalds: Torvalds fathered Linux, the very popular Unix-based operating system. He calls himself "an engineer," and has said that his aspirations are simple, "I just want to have fun making the best damn operating system I can."
Torvalds got his start in computers with a Commodore VIC-20, an 8-bit home computer. He then moved on to a Sinclair QL. Wikipedia reports that he modified the Sinclair "extensively, especially its operating system." Specifically, Torvalds hacks included "an assembler and a text editor…as well as a few games."
Torvalds created the Linux kernel in 1991, using the Minix operating system as inspiration. He started with a task switcher in Intel 80386 assembly and a terminal driver. After that, he put out a call for others to contribute code, which they did. Currently, only about 2 percent of the current Linux kernel is written by Torvalds himself. The success of this public invitation to contribute code for Linux is touted as one of the most prominent examples of free/open source software.
Currently, Torvalds serves as the Linux ringleader, coordinating the code that volunteer programmers contribute to the kernel. He has had an asteroid named after him and received honorary doctorates from Stockholm University and University of Helsinki. He was also featured in Time Magazine's "60 Years of Heroes."
Richard Stallman: Stallman's fame derives from the GNU Project, which he founded to develop a free operating system. For this, he's known as the father of free software. His "Serious Bio" asserts, "Non-free software keeps users divided and helpless, forbidden to share it and unable to change it. A free operating system is essential for people to be able to use computers in freedom."
Stallman, who prefers to be called rms, got his start hacking at MIT. He worked as a "staff hacker" on the Emacs project and others. He was a critic of restricted computer access in the lab. When a password system was installed, Stallman broke it down, resetting passwords to null strings, then sent users messages informing them of the removal of the password system.
Stallman's crusade for free software started with a printer. At the MIT lab, he and other hackers were allowed to modify code on printers so that they sent convenient alert messages. However, a new printer came along – one that they were not allowed to modify. It was located away from the lab and the absence of the alerts presented an inconvenience. It was at this point that he was "convinced…of the ethical need to require free software."
With this inspiration, he began work on GNU. Stallman wrote an essay, "The GNU Project," in which he recalls choosing to work on an operating system because it's a foundation, "the crucial software to use a computer." At this time, the GNU/Linux version of the operating system uses the Linux kernel started by Torvalds. GNU is distributed under "copyleft," a method that employs copyright law to allow users to use, modify, copy and distribute the software.
Stallman's life continues to revolve around the promotion of free software. He works against movements like Digital Rights Management (or as he prefers, Digital Restrictions Management) through organizations like Free Software Foundation and League for Programming Freedom. He has received extensive recognition for his work, including awards, fellowships and four honorary doctorates.
Tsutomu Shimomura: Shimomura reached fame in an unfortunate manner: he was hacked by Kevin Mitnick. Following this personal attack, he made it his cause to help the FBI capture him.
Shimomura's work to catch Mitnick is commendable, but he is not without his own dark side. Author Bruce Sterling recalls: "He pulls out this AT&T cellphone, pulls it out of the shrinkwrap, finger-hacks it, and starts monitoring phone calls going up and down Capitol Hill while an FBI agent is standing at his shoulder, listening to him."
Shimomura out-hacked Mitnick to bring him down. Shortly after finding out about the intrusion, he rallied a team and got to work finding Mitnick. Using Mitnick's cell phone, they tracked him near Raleigh-Durham International Airport. The article, "SDSC Computer Experts Help FBI Capture Computer Terrorist" recounts how Shimomura pinpointed Mitnick's location. Armed with a technician from the phone company, Shimomura "used a cellular frequency direction-finding antenna hooked up to a laptop to narrow the search to an apartment complex." Mitnick was arrested shortly thereafter. Following the pursuit, Shimomura wrote a book about the incident with journalist John Markoff, which was later turned into a movie.
We hope you have enjoyed our introduction to some of the most famous real-life hackers, both white and black alike, and have gotten a clearer impression of who hackers really are. To find out more about hacking, cracking, these or other famous hackers, or just how to keep your computer safe from all of the above, check out the following resources:
Kevin Mitnick's Security Advice
IT Security: 10 Steps to Make Your Firewall More Secure
Frontline: Hackers
InfoSEC Institute Ethical Hacking

Hacking Videos



Mar 22, 2008

CDMA CLONING

CDMA CLONING

After doing a lot of research and a bit of help from Av1, Av4 and a number of Avatar235's friends I have come to the conclusion that the Australian CDMA network structure is insecure. This document will describe (in layman's terms) a method that can be used to Clone (copy) another CDMA phone wirelessly and in an unintrusive manner (ie. sneakyness).

***Cloning.
Cloning of mobile phones is the activity of copying the subscriber information from one phone onto the other for purposes of obtaining free calls. This is done by reprogramming an empty CDMA compatible phone (you can do a Factory reset to empty them) with the 'victims' ESN (Electronic Serial Number) and MIN (Mobile Information Number. Getting these numbers can be tricky unless you have physical access to the victim's phone.

***Eavesdropping.
Eavesdropping is simply the act of listening in on a conversation over the network from your mobile phone. See the next section for details on which phones can be used.

***The infamous OKI.
The oki 900 cellular phone is one of the if not the most modifiable cellular telephone in the world. It is based around an 8051 microprocessor, and the main program is stored on a 27C512 eprom. Oki reproduced it's popular model 900 cellular phone for AT&T under the model AT&T 3730. Both are identical in appearance and in circuitry. The 900 operates off of 6 volts, either from a ni-cad battery or one of two types of battery eliminators . The 900's antenna is an sma connector.
This phone (the 900) was the basis of most cellular hacks in the time of AMPS system structure in the US (and still is due to poor upgrading of network structure. But don't be fooled, not all OKIs are able to do the things described in this file. The phones compatible with the functions described herein are: OKI 900, 1150, 1325, and 1335.
None of these phones were for sale within Australia from memory. You may be able to find similar functioning phones in Aus like a number of Motorola Phones, but I have no interest in these 'lower class phones'.

***Forced Analog Transmission (FAT).
Forced Analog transmission is where the CDMA network is congested to such a level that any new phones to enter the Cell area are connected to the AMPS (analog) backbone system of the Telecommunication Corporations. This sub-network is in use everyday by employees of the Telcos and even by your GSM and CDMA mobiles.
How is it used? Well, when ever you are out of normal coverage on your GSM phone your phones on-screen status should display 'Emergency calls only' or similar, this status is your GSM mobile transferring over to the AMPS backbone network. GSM for some reason does not transfer over to the Backbone when it encounters congestion possibly because of the encryption differences or the fact that the GSM system is fairly reliable, don't qoute me on this.
So anyway, your victims CDMA phone tranfers it's ESN/MIN set over to the Backbone for authentication via CDMA's standardized CAVE (Cellular Authentication and Voice Encryption), this algorithm generates a 128-bit sub-key called the “Shared Secret Data” (SSD).
The A-Key, the ESN and the network-supplied RANDSSD are the inputs to the CAVE that generates SSD. The SSD has two parts: SSD_A (64 bit), for creating authentication signatures and SSD_B (64 bit), for generating keys to encrypt voice and signaling messages (voice encryption is not done when over FAT) .

The SSD can be shared with roaming service providers to allow local authentication. A fresh SSD can be generated when a mobile returns to the home network or roams to a different system.
I'm guessing most people here are thinking 'What the hell did that mean?' Simply the data for Network Identication of the mobile is sent to the MSC (Mobile Switching Centre) for authentication before 'pairing' the phone to the system.
The trick is that the ESN/MIN data is NOT encrypted on the way to the MSC for further authentication. So you can scan the airwaves for this data if you wish to clone a phone (after decoding the bitstream and re-encoding via software/hardware).

***Scanning the waves.
There are two purposes for scanning:
1. Eavesdropping.
Using an OKI described earlier, you will need to do the following:
Power on phone and immediately hold 7 + 9 at the same time while it boots up for about two seconds.
Release 7 + 9 and hit Menu, Send, End, Recall, Store, Clear and the phone should read good timing!!!
If all goes well hit 1 + 3 at the same time to clear the prompt.
Now hit #12 SND to recieve audio.
Then hit #77 SND and you should hear a buzzing noise because you have just enabled the loud speaker.
Ok, now to begin the scanning of channels enter the following command:
#73AAAABBBBCC SND AAAA = 4 digit low channel number (Channel to begin scan on) BBBB = 4 digit high channel (Cell Channel to end scan on) CC = 2 digit number for how many seconds to scan each channel
For example if you want to scan channels 50-300 at a 1 second interval you would enter:
#730050030001 SND and your scan should begin.
Press # when you find a channel with someone talking you want to listen to and press # again to resume scanning. Press * to restart the scan.
Now if you only want to listen to a specific channel on a lower volume just enter this instead: #12 SND#76 SND to turn the receiver on#09SND to select channel you want to listen on.
2. Snatching Pairs.
Now sometimes you will come across a channel that is widely described as 'Hornets/Bees Buzzing'. This is the encoded ESN/MIN pair. The OKI series described has a headphone jack so you can plug this into your computer to record and decode. I will not go into decoding here, as this is only a proof of concept, NOT a trainer in Electronic Identity Theft.
If you wish to build some devices that can scan the airwaves there is a book out by the author Rudolf F. "Rudy" Graham, called the Encyclopedia of Electronic Projects, Vol 7. Has everything you would want to know about electronic serveilence EXCEPT the holy grail, GSM Intercepting.
***Cloning from your Snatched Pair You will need to follow these instructions to the letter, a s this is very tricky stuff and could ruin your phone.
The ESN/MIN pair is called the NAM, this is what you will need to program using these intructions:
1. Turn power on.
2. Within 30 seconds press RCL & MENU keys together and release, enter * 1 2 3 4 5 6 7 8 #, (or enter dealer password if one has been used).
NOTE: If the dealer password is unknown and the factory default does not work use the following "back door" code: * 6 2 7 2 9 8 5 4 #.
3. The phone will then display the Software Version followed by the ESN in hex
NOTE: If you used the dealer password successfully in step 2 go straight to step 5 below.
4. The phone will display "ENTER NEW PW AND STO" you may enter a ten digit password at this stage to be used in future re-programings. Press STO to retain default password or enter a ten digit password and press STO.
5. The phone will display "RE-ENTER PW AND STO" re-enter the password, press STO to confirm. Again, press STO to retain default password.
6. The following "re-set" options can be bypassed by pressing volume down to scroll. Each step is followed two seconds later by "Press * to Clear", you can either press * or press CLR to bypass. Step# Display Action 01 SSN# Wait 2 seconds. Press * to Reset Press * to clear social security (not used)02 SPD MEM CLR Wait 2 seconds. Press * to Reset Press * to initialize speed dial memories.03 DEFAULT DATA SET Wait 2 seconds. Press * to Reset Press * to initialize unit. POWER ON MESSAGE Wait 2 seconds. Enter ALPHA Enter up to 8 characters followed by STO, or press CLR to bypass.
7. The STO key stores each entry.
8. The Volume UP key scrolls down through the steps.
9. The Volume DOWN key scrolls UP through the steps.
10. At any time press CLR to exit program mode. Phone will display "NAM x Program" press CLR to exit, or continue with additional NAMS. You may also go directly to any NAM by pressing Volume Down when phone displays "NAM x Program". NAM's 2 through 5 only have steps 01 - 06 below. {PROGRAMMING DATA: STEP# #OF DIGITS/RANGE DISPLAY DESCRIPTION 01 10 DIGITS Own# MIN (AREA CODE & PHONE NUMBER)02 5 DIGITS System ID SYSTEM ID03 4 DIGITS IPCH NO. IPCH AUTOMATICALLY SET04 2 DIGITS ACCOLCC ACCESS OVERLOAD05 2 DIGITS GIM GROUP ID (10 FOR USA)06 3 OR 4 DIGITS Unlock LOCK CODE07 4 DIGITS SCM STATION CLASS MARK, USE 1000.08 4 DIGITS/0 OR 1 OPTION OPTION BITS: 1 enables, from left to right: MIN Mark Hands Free Local Use NOT USED9 6 DIGITS SECURITY SECURITY CODE (DEFAULT IS LAST SIX DIGITS OF ESN) }

***Enhancing your OKI.
13. OKI 900 Modifications
Several software modifications exist, below is a list and an explanation of each. These mods are to be burned into the 27c512 SOIC chip inside the OKI 900. They are 150ns 28 pin SOIC chips. An SOIC adapter will be required, and can probably be aquiered through the same place you got your burner. This chip is located on the same side and same board as the lcd, in the lower left hand corner.
4701 - The original mod, holds 5 ESN programmed byte by byte.4711 - Update to the 4701 (fixed bugs).4712 - The most popular and least buggy mod. Works well with C-TEK (See 'C-tek' next section).
Change ESN: (for all above mods)
Press MENU 8 times, until you see ADM menu. Press RCL and enter 123456Use RCL to move from one ESN to another, and STO to save your options. REBOOT Phone!!!!!
Enter Debug Mode: ESN Number Address -------------------------------- ESN Location #1 $BE8E-$BE91 ESN Location #2 $BE93-$BE96 ESN Location #3 $BE98-$BE9B ESN Location #4 $BE9D-$BEA0 ESN location #5 $BEA2-$BEA5 Key: #54 XXXX xx In order, one thru four bytes of ESN Address (Location) The write byte debug command
To use the 0-9 keys, just use 0-9, to access A-F, hit STAR ("*") before 1-6 for A-F. The "*" key can be thought of as a shift key. If you hit the "*" twice, it will act as if you did not hit the "*" at all.
Program NAM:
Enter RCL + MENU, *, 6, 2, 7, 2, 9, 8, 5, 4, # you can then use the up and down keys to scroll through the information and change the appropriate nam.
4715 - Newest widely available mod. Should work with C-TEK This mod will allow you to use 230 ESNs and set a number of times each ESN can be used before auto deletion. Each NAM must be programmed manually.
I have data relating to these mods and can be given on request.
The actual microcontroler is an 8051 derivitave, and a lot of information on programming it can be found on the Internet.

***C-TEK.
Cellular Telephone Experimenters Kit for the OKI-900/1150
The Cellular Telephone Experimenters Kit allowscontrol of a cellular telephone from a personal computer. The Kit connects any DOS-based PC with a serial port to an OKI-900/1150 phone.
The kit is designed for technicians, students, professionals, hobbyists, and others interested in using, learning, repairing, and experimenting with cellular telephone technology.
The kit consists of an interface adapter, software and manual. The interface adapter converts the cellular phone's proprietary interface to a standard RS-232 interface, and allows connection of external audio signals to the cellular phone. The interface is not designed for data transmission over the cellular system.
The kit includes the cellular telephone interface adapter; a manual and a short cellular tutorial; four programs; a programming library and documentation; and cellular related informational files.
One program is designed for testing the phone and allows a technician to activate many of the OKIs built in test modes and functions, such as tuning to a particular channel, activating carrier, sat, signaling tones, etc.
Another program can be used to access the phone's user features, such as programming NAMs, or uploading, downloading and editing the phone's 200 alphanumeric telephone number memories on the PC.
A programming library object module is supplied to allow you to write your own programs to access the phone in both normal operating mode and in test mode. The library contains functions such as tuning to a channel, turning carrier/audio/sat-tones/signaling-tones on and off, reading received signal strength, sending and receiving digital control messages, and sending and decoding DTMF tones.
Two programs are supplied in source form that give examples of writing applications in either of these modes. One of these programs shows how the PC can completely control the cellular phone, making and receiving calls while the phone is only operating in its test mode, with the PC handling all of the cellular protocol and messaging functions. The other program simply controls the phone by simulating presses on its keypad from the PC.
All code and libraries were compiled using Borland Turbo C 2.0 running under DOS.
NOTE: The OKI 1335 Does not require the C-Tek Dongle Interface cable, it is already RS-232 compliant :).
I have the schematics for a hacked version of the C-Tek and sample software for learning to program your OKI yourself.

***Software.
CIA-SCAN: fvoc and dtmf display via c-tek (does more) Various other c-tek applications exist, mail me your list, and the files and I will include them.
Scan1c: This appears to be an update to CIA SCAN. It has a graph of signal strengths and most of the same features as CIA but with better control, and can scan both forward, and backwards.
Please let me know of any additional Software you find for the OKI.

***Conclusion.
This is only a proof of concept. I do not condone Electronic Identity Theft.
When I recieve my OKI 1335 from the US I will re-write this doc with pictures and make it a PDF.

*Note: I just went off on a tangent with this doc and forgot to say that you will need to enter the ESN/MIN pair into an empty CDMA phone. I have not tested using the OKI for Forced Analog Transmission as standard.

Regards,
O&M Hackers.

Mar 20, 2008

GSM Cloning

GSM Cloning

Here is some information on our GSM cloning results, starting at a very high level, and moving on eventually to detailed technical information, with data for the cryptographers and mathematicians at the end. Please feel free to contact us micheal.oscar@yahoo.com with any questions.

Important note added after publication: This article was released on April 13, 1998. This is the original version of that article (with no changes made other than this note), and is provided primarily for historical reasons. Please beware that some of our understanding about some details of the attack -- especially the possibility of over-the-air cloning -- has changed since when we wrote this note. We now feel that we understated the risk of over-the-air attacks in our initial announcement; based on new information, we have come to the conclusion that over-the-air cloning must be considered a very real threat which should not be ignored. Please see here for a more recent update.

Executive summary:

We've shown how parties with physical access to a victim's GSM cellphone can ``clone'' the phone and fraudulently place calls billed to the victim's account. This shows that the GSM fraud-prevention framework fails to live up to expectations, and casts doubt on its foundation (as well as the design process). However, we should be clear that this is only a partial flaw, not a total failure of the authentication framework: our experiments have been limited to showing that GSM phones can be cloned if the attacker has physical access to the target phone. (In US analog cellphones, one can clone the cellphones with only some radio reception equipment, which is a much more serious flaw; as a consequence, US providers lose over $500 million yearly to fraud.)

One potential threat is that the salesman who sells you a cellphone may have made ``a spare copy of the keys'' for his own use; he may later make fraudulent calls billed to you. Because most providers today apparently rely purely on the authentication codes, with no fallback position if those codes are cracked, such fraud might go undetected until long after the money has been lost.

Background

The GSM fraud-prevention framework relies on special cryptographic codes to authenticate customers and bill them appropriately. A personalized smartcard (called a SIM) in the cellphone stores a secret key which is used to authenticate the customer; knowledge of the key is sufficient to make calls billed to that customer. The tamper-resistant smartcard is supposed to protect the key from disclosure (even against adversaries which may have physical access to the SIM); authentication is done with a cryptographic protocol which allows the SIM to "prove" knowledge of the key to the service provider, thus authorizing a call.

As a result of our mathematical analysis, we have discovered that the cryptographic codes used for authentication are not strong enough to resist attack. To exploit this vulnerability, an individual would interact with the SIM repeatedly; with enough queries, the attacker can use some mathematical techniques to learn the supposedly-secret key. Once the key is compromised, it is possible to make fraudulent calls which will be billed to the victim.

Clarification: not a total break of the authentication framework

We wish to emphasize that we have only demonstrated how to clone a phone if given physical access to the phone (or its SIM chip). Many will probably be interested in the question of whether these attacks can be performed ``over the air'' (i.e. by accessing the target cellphone remotely with specialized radio equipment). While we cannot rule out the possibility that someone may learn how to perform ``over the air'' cloning, we have not demonstrated such an attack in our work.

What went wrong?

This vulnerability can be attributed to a serious failing of the GSM security design process: it was conducted in secrecy. Experts have learned over the years that the only way to assure security is to follow an open design process, encouraging public review to identify flaws while they can still be fixed. There's no way that we would have been able to break the cryptography so quickly if the design had been subjected to public scrutiny; nobody is that much better than the rest of the research community.

In the telecommunications security field, openness is critical to good design. Codemaking is so hard to get right the first time that it is crucial to have others double-check one's ideas. Instead, the GSM design committee kept all security specifications secret -- which made the information just secret enough to prevent others from identifying flaws in time to fix them, but not secret enough to protect the system against eventual scrutiny. With 80 million GSM users, fixing flaws in such a widely-fielded system is likely to be quite costly.

We expect that fixing the flaw may potentially be expensive. A new authentication algorithm would have to be selected. Then new SIMs would have to be programmed with the new algorithm, and distributed to the 80 million end users. Finally, a software upgrade may be required for all authentication centers.

Technical details of the attack

We showed how to break the COMP128 authentication algorithm, an instantiation of A3/A8 widely used by providers. Our attack is a chosen-challenge attack. We form a number of specially-chosen challenges and query the SIM for each one; the SIM applies COMP128 to its secret key and our chosen challenge, returning a response to us. By analyzing the responses, we are able to determine the value of the secret key.

Mounting this attack requires physical access to the target SIM, an off-the-shelf smartcard reader, and a computer to direct the operation. The attack requires one to query the smartcard about 150,000 times; our smartcard reader can issue 6.25 queries per second, so the whole attack takes 8 hours. Very little extra computation is required to analyze the responses.

Though the COMP128 algorithm is supposed to be a secret, we pieced together information on its internal details from public documents, leaked information, and several SIMs we had access to. After a theoretical analysis uncovered a potential vulnerability in the algorithm, we confirmed that our reconstruction of the COMP128 algorithm was correct by comparing a software implementation to responses computed by a SIM known to implement COMP128.

Information for cryptographers

The attack exploits a lack of diffusion: there's a narrow ``pipe'' inside COMP128. In particular, bytes i,i+8,i+16,i+24 at the output of the second round depend only on bytes i,i+8,i+16,i+24 of the input to COMP128. (By ``round'', I refer to one layer of ``butterflies'' and S-boxes; there are a total of 5*8 rounds in COMP128.) Bytes i,i+8 of the COMP128 input are bytes i,i+8 of the key, and bytes i+16,i+24 of the COMP128 input are bytes i,i+8 of the challenge input.

Now we ``probe'' the narrow pipe, by varying bytes i+16,i+24 of the COMP128 input (i.e. bytes i,i+8 of the challenge) and holding the rest of the COMP128 input constant. Since the rounds are non-bijective, you can hope for a collision in bytes i,i+8,i+16,i+24 of the output after two rounds. The birthday paradox guarantees that collisions will occur pretty rapidly (since the pipe is only 4 bytes wide); collisions in the narrow pipe can be recognized, since they will cause a collision in the output of COMP128 (i.e. the two authentication responses will be the same); and each collision can be used to learn the two key bytes i,i+8 with a bit of analysis of the first two rounds (i.e. perform a ``2-R attack'', in the terminology of differential cryptanalysis).

As stated, this would require 2^{4*7/2 + 0.5} = 2^{14.5} chosen-input queries to COMP128 to learn two key bytes (since each of the four bytes of output after the second round are actually only 7-bit values), and thus would require 8 * 2^{14.5} = 2^{17.5} queries to recover the whole 128-bit key Ki. However, we have some optimizations to get this number down a bit.

Note that there is a significant amount of literature on the design of cryptographic hash functions out of a FFT-like structure (as COMP128 is designed). For instance, Serge Vaudenay's work on a theory of black-box cryptanalysis (as well as his other work, e.g. ``FFT-Hash II is not yet secure'') is more than sufficient to uncover this weakness in COMP128. In other words, our attack techniques are not particularly novel.

Mar 17, 2008

How To Become A Hacker


Why This Document?

As editor of the Jargon File and author of a few other well-known documents of similar nature, I often get email requests from enthusiastic network newbies asking (in effect) "how can I learn to be a wizardly hacker?". Back in 1996 I noticed that there didn't seem to be any other FAQs or web
documents that addressed this vital question, so I started this one. A lot of hackers now consider it definitive, and I suppose that means it is. Still, I don't claim to be the exclusive authority on this topic; if you don't like what you read here, write your own.

If you are reading a snapshot of this document offline, the current version lives at http://fuckinmachines.blogspot.com/.

Note: there is a list of Frequently Asked Questions at the end of this document. Please read these—twice—before mailing me any questions about this document.

Numerous translations of this document are available:
Arabic Bulgarian, Catalan, Chinese (Simplified), Danish, Dutch,
Farsi, Finnish, German, Greek Hebrew, Italian Japanese,Norwegian,Polish, Portuguese(Brazilian),RomanianRussianSpanish,Turkish, and Swedish. Note that since this document changes occasionally, they may be out of date to varying degrees.

The five-dots-in-nine-squares diagram that decorates this document is called a glider. It is a simple pattern with some surprising properties in a mathematical simulation called Life that has fascinated hackers for many years. I think it makes a good visual emblem for what hackers are like — abstract, at first a bit mysterious-seeming, but a gateway to a whole world with an intricate logic of its own. Read more about the glider emblem here.

What Is a Hacker?


The Jargon File contains a bunch of definitions of the term ‘hacker’, most having to do with technical adeptness and a delight in solving problems and overcoming limits. If you want to know how to become a hacker, though, only two are really
relevant.

There is a community, a shared culture, of expert programmers and
networking wizards that traces its history back through decades to the first time-sharing minicomputers and the earliest ARPAnet experiments. The members of this culture originated the term ‘hacker’. Hackers built the Internet. Hackers made the Unix operating system what it is today. Hackers run Usenet. Hackers make the World Wide Web work. If you are part of this culture, if you have contributed to it and other people in it know who you are and call you a hacker, you're a hacker.

The hacker mind-set is not confined to this software-hacker culture. There are people who apply the hacker attitude to other things, like electronics or music — actually, you can find it at the highest levels of any science or art. Software hackers recognize
these kindred spirits elsewhere and may call them ‘hackers’ too — and some claim that the hacker nature is really independent of the particular medium the hacker works
in. But in the rest of this document we will focus on the skills and attitudes of software hackers, and the traditions of the shared culture that originated the term ‘hacker’.

There is another group of people who loudly call themselves hackers, but aren't. These are people (mainly adolescent males) who get a kick out of freaking into computers and phreaking the phone system. Real hackers call these people ‘crackers’ and want nothing to do with them. Real hackers mostly think crackers are lazy, irresponsible, and not very bright, and object that being able
to break security doesn't make you a hacker any more than being able to hotwire cars makes you an automotive engineer. Unfortunately, many journalists and writers have been fooled into using the word ‘hacker’ to describe crackers; this irritates real hackers no end.

The basic difference is this: hackers build things, crackers
break them.

If you want to be a hacker, keep reading. If you want to be a cracker, go read the alt.2600 newsgroup and get ready to do five to ten in the slammer after finding out you aren't as smart as you think you are. And that's all I'm going to say about crackers.

The Hacker Attitude


1. The world is full of fascinating problems waiting to be solved.
2. No problem should ever have to be solved twice.
3. Boredom and drudgery are evil.
4. Freedom is good.
5. Attitude is no substitute for competence.

Hackers solve problems and build things, and they believe in freedom and voluntary mutual help. To be accepted as a hacker, you have to behave as though you have this kind of attitude yourself. And to behave as though you have the attitude, you have to really believe the attitude.

But if you think of cultivating hacker attitudes as just a way
to gain acceptance in the culture, you'll miss the point. Becoming the kind of person who believes these things is important for you — for helping you learn and keeping you
motivated. As with all creative arts, the most effective way to become a master is to imitate the mind-set of masters — not just intellectually but emotionally as well.

Or, as the following modern Zen poem has it:


To follow the path:

look to the master,

follow the master,

walk with the master,

see through the master,

become the master.

So, if you want to be a hacker, repeat the following things until
you believe them:

1. The world is full of fascinating problems waiting to be solved.


Being a hacker is lots of fun, but it's a kind of fun that takes lots of effort. The effort takes motivation. Successful athletes get their motivation from a kind of physical delight in making their bodies perform, in pushing themselves past their own physical limits. Similarly, to be a hacker you have to get a basic thrill from solving
problems, sharpening your skills, and exercising your intelligence.

If you aren't the kind of person that feels this way naturally, you'll need to become one in order to make it as a hacker. Otherwise you'll find your hacking energy is sapped by distractions like sex, money, and social approval.

(You also have to develop a kind of faith in your own learning capacity — a belief that even though you may not know all of what you need to solve a problem, if you tackle just a piece of it and learn from that, you'll learn enough to solve the next piece — and so on,
until you're done.)

2. No problem should ever have to be solved twice.


Creative brains are a valuable, limited resource. They shouldn't be wasted on re-inventing the wheel when there are so many fascinating new problems waiting out there.

To behave like a hacker, you have to believe that the thinking time of other hackers is precious — so much so that it's almost a moral duty for you to share information, solve problems and then give the solutions away just so other hackers can solve new problems instead of having to perpetually re-address old ones.

Note, however, that "No problem should ever have to be solved twice." does not imply that you have to consider all existing solutions sacred, or that there is only one right solution to any given problem. Often, we learn a lot about the problem that we didn't know before by studying the first cut at a solution. It's OK, and often necessary, to decide that we can do better. What's not OK is artificial technical, legal, or institutional barriers (like closed-source code) that prevent a good solution from being re-used and force people to re-invent wheels.

(You don't have to believe that you're obligated to give all your creative product away, though the
hackers that do are the ones that get most respect from other hackers.
It's consistent with hacker values to sell enough of it to keep you in
food and rent and computers. It's fine to use your hacking skills to
support a family or even get rich, as long as you don't forget your
loyalty to your art and your fellow hackers while doing it.)

3. Boredom and drudgery are evil.


Hackers (and creative people in general) should never be bored or have to drudge at stupid repetitive work, because when this happens it
means they aren't doing what only they can do — solve new problems. This wastefulness hurts everybody. Therefore boredom and drudgery are not just unpleasant but actually evil.

To behave like a hacker, you have to believe this enough to want to automate away the boring bits as much as possible, not just for yourself but for everybody else (especially other hackers).

(There is one apparent exception to this. Hackers will sometimes do things that may seem repetitive or boring to an observer as a mind-clearing exercise, or in order to acquire a skill or have some particular kind of experience you can't have otherwise. But this is by choice — nobody who can think should ever be forced into a situation that bores them.)

4. Freedom is good.


Hackers are naturally anti-authoritarian. Anyone who can give you orders can stop you from solving whatever problem you're being
fascinated by — and, given the way authoritarian minds work, will generally find some appallingly stupid reason to do so. So the authoritarian attitude has to be fought wherever you find it, lest it smother you and other hackers.

(This isn't the same as fighting all authority. Children need to be guided and criminals restrained. A hacker may agree to accept some kinds of authority in order to get something he wants more than the time he spends following orders. But that's a limited, conscious
bargain; the kind of personal surrender authoritarians want is not on offer.)

Authoritarians thrive on censorship and secrecy. And they distrust voluntary cooperation and information-sharing — they only like ‘cooperation’ that they control. So to behave like a hacker, you have to develop an instinctive hostility to censorship, secrecy, and the use of force or deception to compel
responsible adults. And you have to be willing to act on that belief.

5. Attitude is no substitute for competence.


To be a hacker, you have to develop some of these attitudes. But copping an attitude alone won't make you a hacker, any more than it will make you a champion athlete or a rock star. Becoming a hacker
will take intelligence, practice, dedication, and hard work.

Therefore, you have to learn to distrust attitude and respect competence of every kind. Hackers won't let posers waste their time, but they worship competence — especially competence at hacking, but competence at anything is valued. Competence at demanding skills that few can master is especially good, and competence at demanding skills
that involve mental acuteness, craft, and concentration is best.

If you revere competence, you'll enjoy developing it in yourself — the hard work and dedication will become a kind of intense play rather than drudgery. That attitude is vital to becoming a hacker.

Basic Hacking Skills


1. Learn how to program.
2. Get one of the open-source Unixes and learn to use and run it.
3. Learn how to use the World Wide Web and write HTML.
4. If you don't have functional English, learn it.

The hacker attitude is vital, but skills are even more vital. Attitude is no substitute for competence, and there's a certain basic
toolkit of skills which you have to have before any hacker will dream
of calling you one.

This toolkit changes slowly over time as technology creates new skills and makes old ones obsolete. For example, it used to include programming
in machine language, and didn't until recently involve HTML. But
right now it pretty clearly includes the following:

1. Learn how to program.


This, of course, is the fundamental hacking skill. If you don't know any computer languages, I recommend starting with Python. It is cleanly designed, well documented, and relatively kind to beginners. Despite being a good first language, it is not just a toy; it is very powerful and flexible and well suited for large projects. I have
written a more detailed evaluation of Python. Good
tutorials
are available at the Python web site.

Java is also a good language for learning to program in. It is more difficult than Python, but produces faster code than Python. I think it makes an excellent second language. Unfortunately, Sun's reference
implementation is still proprietary. This is not so much an issue with the Java language itself, as high-quality open-source Java interpreters are readily available; the real problem is the class libraries that travel with the language. The open-source class libraries lag behind Sun's. So, if you do choose to learn Java, do it with one of the open-source implementations rather than becoming dependent
on Sun's proprietary code.

But be aware that you won't reach the skill level of a hacker or even merely a programmer if you only know one or two languages — you need to learn how to think about programming problems in a general way, independent of any one language. To be a real hacker, you need to get to the point where you can learn a new language in days by relating what's in the manual to what you already know. This means you should learn several very different languages.

If you get into serious programming, you will have to learn C, the core language of Unix. C++ is very closely related to C; if you know one, learning the other will not be difficult. Neither language is a good one to try learning as your first, however. And, actually, the more you can avoid programming in C the more productive you will
be.

C is very efficient, and very sparing of your machine's resources. Unfortunately, C gets that efficiency by requiring you to do a lot of low-level management of resources (like memory) by hand. All that low-level code is complex and bug-prone, and will soak up huge amounts of your time on debugging. With today's machines as powerful as they are, this is usually a bad tradeoff — it's smarter
to use a language that uses the machine's time less efficiently, but your time much more efficiently. Thus, Python.

Other languages of particular importance to hackers include Perl and LISP. Perl is worth learning for practical reasons; it's very widely used for active web
pages and system administration, so that even if you never write Perl you should learn to read it. Many people use Perl in the way I suggest you should use Python, to avoid C programming on jobs that don't require C's machine efficiency. You will need to be able to understand their code.

LISP is worth learning for a different reason — the profound enlightenment experience you will have when you finally get it. That experience will make you a better programmer for the rest of
your days, even if you never actually use LISP itself a lot. (You can get some beginning experience with LISP fairly easily by writing and modifying editing modes for the Emacs text editor, or Script-Fu plugins for the GIMP.)

It's best, actually, to learn all five of Python, C/C++, Java, Perl, and LISP. Besides being the most important hacking languages, they represent very different approaches to programming, and each will educate you in valuable ways.

I can't give complete instructions on how to learn to program here — it's a complex skill. But I can tell you that books and courses won't do it (many, maybe most of the best hackers are self-taught). You can learn language features — bits of knowledge — from books, but the mind-set that makes that knowledge into living skill can be learned only by practice and apprenticeship.
What will do it is (a) reading code and (b)
writing code.

Peter Norvig, who is one of Google's top hackers and the co-author of the most widely used textbook on AI, has written an excellent essay called Teach Yourself Programming in Ten Years. His "recipe for programming success" is worth careful attention.

Learning to program is like learning to write good natural language. The best way to do it is to read some stuff written by masters of the form, write some things yourself, read a lot more, write a little more, read a lot more, write some more ... and repeat until your writing begins to develop the kind of strength and economy you see in your models.

Finding good code to read used to be hard, because there were few
large programs available in source for fledgeling hackers to read and tinker with. This has changed dramatically; open-source software, programming tools, and operating systems (all built by hackers) are now widely available. Which brings me neatly to our next topic...

2. Get one of the open-source Unixes and learn to use and run it.


I'll assume you have a personal computer or can get access to one. (Take a moment to appreciate how much that means. The hacker culture originally evolved back when computers were so expensive that individuals could not own them.) The single most important step any newbie can take toward acquiring hacker skills is to get a copy of Linux or one of the BSD-Unixes or OpenSolaris, install it on a personal machine, and run it.

Yes, there are other operating systems in the world besides Unix. But they're distributed in binary — you can't read the code, and you can't modify it. Trying to learn to hack on a Microsoft Windows machine or under any other closed-source system is like trying to learn to dance while wearing a body cast.

Under Mac OS X it's possible, but only part of the system is open
source — you're likely to hit a lot of walls, and you have to be
careful not to develop the bad habit of depending on Apple's
proprietary code. If you concentrate on the Unix under the hood
you can learn some useful things.

Unix is the operating system of the Internet. While you can learn to use the Internet without knowing Unix, you can't be an
Internet hacker without understanding Unix. For this reason, the hacker
culture today is pretty strongly Unix-centered. (This wasn't always
true, and some old-time hackers still aren't happy about it, but the
symbiosis between Unix and the Internet has become strong enough that
even Microsoft's muscle doesn't seem able to seriously dent it.)

So, bring up a Unix — I like Linux myself but there are other aways (and yes, you can run both Linux and Microsoft Windows on the same machine). Learn it. Run it. Tinker with it. Talk to the Internet with it. Read the code. Modify the code. You'll get better programming tools (including C, LISP, Python, and Perl) than any Microsoft operating system can dream of hosting, you'll
have fun, and you'll soak up more knowledge than you realize you're learning until you look back on it as a master hacker.

For more about learning Unix, see The Loginataka. You might also want to have a look at The Art Of Unix Programming.

To get your hands on a Linux, see the Linux Online! site; you can
download from there or (better idea) find a local Linux user group to help you with installation. From a new user's point of view, all Linux distributions are pretty much equivalent.

You can find BSD Unix help and resources at http://www.bsd.org/.

I have written a primer on the basics of Unix and the Internet.

(Note: I don't really recommend installing either Linux or BSD as a solo project if you're a newbie. For Linux, find a local Linux user's group and ask for help.)

3. Learn how to use the World Wide Web and write HTML.


Most of the things the hacker culture has built do their work out of sight, helping run factories and offices and universities
without any obvious impact on how non-hackers live. The Web is the one big exception, the huge shiny hacker toy that even politicians admit has changed the world. For
this reason alone (and a lot of other good ones as well) you need to
learn how to work the Web.

This doesn't just mean learning how to drive a browser (anyone can do that), but learning how to write HTML, the Web's markup language. If you don't know how to program, writing HTML will teach you some
mental habits that will help you learn. So build a home page. Try to stick to XHTML, which is a cleaner language than classic HTML. (There are good beginner tutorials on the Web; here's one.)

But just having a home page isn't anywhere near good enough to make you a hacker. The Web is full of home pages. Most of them are pointless, zero-content sludge — very snazzy-looking sludge, mind you, but sludge all the same (for more on this see The HTML Hell
Page
).

To be worthwhile, your page must have content — it must be interesting and/or useful
to other hackers. And that brings us to the next topic...

4. If you don't have functional English, learn it.


As an American and native English-speaker myself, I have
previously been reluctant to suggest this, lest it be taken as a sort of cultural imperialism. But several native speakers of other languages have urged me to point out that English is the working language of the hacker culture and the Internet, and that you will need to know it to function in the hacker community.

Back around 1991 I learned that many hackers who have English as a second language use it in technical discussions even when they share a birth tongue; it was reported to me at the time that English has a richer technical vocabulary than any other language and is therefore simply a better tool for the job. For similar reasons, translations
of technical books written in English are often unsatisfactory (when they get done at all).

Linus Torvalds, a Finn, comments his code in English (it apparently never occurred to him to do otherwise). His fluency in English has been an important factor in his ability to recruit a worldwide community of developers for Linux. It's an example worth following.

Being a native English-speaker does not guarantee that you have language skills good enough to function as a hacker. If your writing
is semi-literate, ungrammatical, and riddled with misspellings, many hackers (including myself) will tend to ignore you. While sloppy writing does not invariably mean sloppy thinking, we've generally found the correlation to be strong — and we have no use for sloppy thinkers. If you can't yet write competently, learn to.

Status in the Hacker Culture


1. Write open-source software
2. Help test and debug open-source software
3. Publish useful information
4. Help
keep the infrastructure working
5. Serve the hacker culture itself

Like most cultures without a money economy, hackerdom runs on
reputation. You're trying to solve interesting problems, but how
interesting they are, and whether your solutions are really good, is
something that only your technical peers or superiors are normally
equipped to judge.

Accordingly, when you play the hacker game, you learn to keep score primarily by what other hackers think of your skill (this is why
you aren't really a hacker until other hackers consistently call you
one). This fact is obscured by the image of hacking as solitary work;
also by a hacker-cultural taboo (gradually decaying since the late
1990s but still potent) against admitting that ego or external
validation are involved in one's motivation at all.

Specifically, hackerdom is what anthropologists call a gift
culture
. You gain status and reputation in it not by dominating
other people, nor by being beautiful, nor by having things other
people want, but rather by giving things away. Specifically, by
giving away your time, your creativity, and the results of your
skill.

There are basically five kinds of things you can do to be respected by
hackers:

1. Write open-source software


The first (the most central and most

traditional) is to write
programs that other hackers think are fun or useful, and give the
program sources away to the whole hacker culture to use.

(We used to call these works “free software”, but this
confused too many people who weren't sure exactly what “free” was
supposed to mean. Most of us now prefer the term “open-source
software).

Hackerdom's most revered demigods are people who have written large,
capable programs that met a widespread need and given them away, so
that now everyone uses them.

But there's a bit of a fine historical point here. While
hackers have always looked up to the open-source developers among them
as our community's hardest core, before the mid-1990s most hackers
most of the time worked on closed source. This was still true when I
wrote the first version of this HOWTO in 1996; it took the mainstreaming of
open-source software after 1997 to change things. Today, "the hacker
community" and "open-source developers" are two descriptions for what
is essentially the same culture and population — but it is worth
remembering that this was not always so.

2. Help test and debug open-source

software


They also serve who stand and debug open-source software. In
this imperfect world, we will inevitably spend most of our software
development time in the debugging phase. That's why any open-source
author who's thinking will tell you that good beta-testers (who know
how to describe symptoms clearly, localize problems well, can tolerate
bugs in a quickie release, and are willing to apply a few simple
diagnostic routines) are worth their weight in rubies. Even one of
these can make the difference between a debugging phase that's a
protracted, exhausting nightmare and one that's merely a salutary
nuisance.

If you're a newbie, try to find a program under development that
you're interested in and be a good beta-tester. There's a natural
progression from helping test programs to helping debug them to
helping modify them. You'll learn a lot this way, and generate
good karma with people who will help you later on.

3. Publish useful

information


Another good thing is to collect and filter useful and
interesting information into web pages or documents like
Frequently Asked Questions (FAQ) lists, and make those generally
available.

Maintainers of major technical FAQs get almost as much respect as
open-source authors.

4. Help keep the infrastructure working


The hacker

culture (and the engineering development of the
Internet, for that matter) is run by volunteers. There's a lot of
necessary but unglamorous work that needs done to keep it
going — administering mailing lists, moderating newsgroups,
maintaining large software archive sites, developing RFCs and other
technical standards.

People who do this sort of thing well get a lot of respect, because
everybody knows these jobs are huge time sinks and not as much fun as
playing with code. Doing them shows dedication.

5. Serve the hacker culture

itself


Finally, you can serve and propagate the culture itself (by, for
example, writing an accurate primer on how to become a hacker :-)).
This is not something you'll be positioned to do until you've been
around for while and become well-known for one of the first four
things.

The hacker culture doesn't have leaders, exactly, but it does have
culture heroes and tribal elders and historians and spokespeople.
When you've been in the trenches long enough, you may grow into one of
these. Beware: hackers distrust blatant ego in their tribal elders,
so visibly reaching for this kind of fame is dangerous. Rather than
striving for it, you have to sort of position yourself so it drops in
your lap, and then be modest and gracious about your status.

The Hacker/Nerd Connection


Contrary to popular myth, you don't have to be a nerd to be a
hacker. It does help, however, and many hackers are in fact nerds.
Being something a social outcast helps you stay concentrated on the
really important things, like thinking and hacking.

For this reason, many hackers have adopted the label
‘geek’ as a badge of pride — it's a way of declaring
their independence from normal social expectations (as well as a
fondness for other things like science fiction and strategy games that
often go with being a hacker). The term 'nerd' used to be used this
way back in the 1990s, back when 'nerd' was a mild pejorative and
'geek' a rather harsher one; sometime after 2000 they switched places,
at least in U.S. popular culture, and there is now even a significant
geek-pride culture among people who aren't techies.

If you can manage to concentrate enough on hacking to be good at it
and still have a life, that's fine. This is a lot easier today than
it was when I was a newbie in the 1970s; mainstream culture is much
friendlier to techno-nerds now. There are even growing numbers of
people who realize that hackers are often high-quality lover and
spouse material.

If you're attracted to hacking because you don't have a life,
that's OK too — at least you won't have trouble concentrating. Maybe
you'll get a life later on.

Points For

Style


Again, to be a hacker, you have to enter the hacker mindset. There
are some things you can do when you're not at a computer that seem to
help. They're not substitutes for hacking (nothing is) but many
hackers do them, and feel that they connect in some basic way
with the essence of hacking.

  • Learn to write your native language well. Though
    it's a common stereotype that programmers can't write, a
    surprising number of hackers (including all the most accomplished
    ones I know of) are very able writers.

  • Read science fiction. Go to science fiction
    conventions (a good way to meet hackers and proto-hackers).

  • Train in a martial-arts form. The kind of mental
    discipline required for martial arts seems to be similar in
    important ways to what hackers do. The most popular forms among
    hackers are definitely Asian empty-hand arts such as Tae Kwon Do,
    various forms of Karate, Kung Fu, Aikido, or Ju Jitsu. Western
    fencing and Asian sword arts also have visible followings. In
    places where it's legal, pistol shooting has been rising in
    popularity since the late 1990s. The most hackerly martial arts
    are those which emphasize mental discipline, relaxed awareness,
    and control, rather than raw strength, athleticism, or physical
    toughness.

  • Study an actual meditation discipline. The perennial
    favorite among hackers is Zen (importantly, it is possible to
    benefit from Zen without acquiring a religion or discarding one
    you already have). Other styles may work as well, but be careful
    to choose one that doesn't require you to believe crazy
    things.

  • Develop an analytical ear for music. Learn to
    appreciate peculiar kinds of music. Learn to play some musical
    instrument well, or how to sing.

  • Develop your appreciation of puns and
    wordplay.

The more of these things you already do, the more likely it is that you
are natural hacker material. Why these things in particular is not
completely clear, but they're connected with a mix of left- and
right-brain skills that seems to be important; hackers need to
be able to both reason logically and step outside the apparent
logic of a problem at a moment's notice.

Work as intensely as you play and play as intensely as you work.
For true hackers, the boundaries between "play", "work", "science" and
"art" all tend to disappear, or to merge into a high-level creative
playfulness. Also, don't be content with a narrow range of skills.
Though most hackers self-describe as programmers, they are very likely
to be more than competent in several related skills — system
administration, web design, and PC hardware troubleshooting are common
ones. A hacker who's a system administrator, on the other hand, is
likely to be quite skilled at script programming and web design.
Hackers don't do things by halves; if they invest in a skill at all,
they tend to get very good at it.

Finally, a few things not to
do.

  • Don't use a silly, grandiose user ID or screen name.

  • Don't get in flame wars on Usenet (or anywhere
    else).

  • Don't call yourself a ‘cyberpunk’, and don't waste
    your time on anybody who does.

  • Don't post or email writing that's full of spelling
    errors and bad grammar.

The only reputation you'll make doing any of these things is as a
twit. Hackers have long memories — it could take you years to live
your early blunders down enough to be accepted.

The problem with screen names or handles deserves some
amplification. Concealing your identity behind a handle is a juvenile
and silly behavior characteristic of crackers, warez d00dz, and other
lower life forms. Hackers don't do this; they're proud of what they
do and want it associated with their real names.
So if you have a handle, drop it. In the hacker culture it will only
mark you as a loser.

Other

Resources


Paul Graham has written an essay called Great Hackers, and
another on Undergraduation,
in which he speaks much wisdom.

Peter Seebach maintains an excellent Hacker
FAQ
for managers who don't understand how to deal with
hackers.

There is a document called How To Be
A Programmer
that is an excellent complement to this one. It
has valuable advice not just about coding and skillsets, but about
how to function on a programming team.

I have also written A
Brief History Of Hackerdom
.

I have written a paper, The Cathedral
and the Bazaar
, which explains a lot about how the
Linux and open-source cultures work. I have addressed this topic even
more directly in its sequel Homesteading
the Noosphere
.

Rick Moen has written an excellent document on how to run
a Linux user group
.

Rick Moen and I have collaborated on another document on
How
To Ask Smart Questions
. This will help you seek assistance
in a way that makes it more likely that you will actually get it.

If you need instruction in the basics of how personal computers, Unix, and the Internet work, see The Unix and Internet Fundamentals HOWTO.

When you release software or write patches for software, try to
follow the guidelines in the Software Release Practice HOWTO.

If you enjoyed the Zen poem, you might also like Rootless Root: The Unix Koans of
Master Foo
.

Frequently Asked Questions


Q: How do I tell if I am already a hacker?
Q: Will you teach me how to hack?
Q: How can I get started, then?
Q: When do you have to start? Is it too late for me to learn?
Q: How long will it take me to learn to hack?
Q: Is Visual Basic a good language to start with?
Q: Would you help me to crack a system, or teach me how to crack?
Q: How can I get the password for someone else's account?
Q: How can I break into/read/monitor someone else's email?
Q: How can I steal channel op privileges on IRC?
Q: I've been cracked. Will you help me fend off further attacks?
Q: I'm having problems with my Windows software. Will you help me?
Q: Where can I find some real hackers to talk with?
Q: Can you recommend useful books about hacking-related subjects?
Q: Do I need to be good at math to become a hacker?
Q: What language should I learn first?
Q: What kind of hardware do I need?
Q: I want to contribute. Can you help me pick a problem to work on?
Q: Do I need to hate and bash Microsoft?
Q: But won't open-source software leave programmers unable to make a living?
Q: Where can I get a free Unix?
Q:

How do I tell if I am already a hacker?

A:

Ask yourself the following three questions:

  • Do you speak code, fluently?

  • Do you identify with the goals and values of the hacker community?

  • Has a well-established member of the hacker community ever called you a hacker?

If you can answer yes to all three of these questions, you are already a hacker. No two alone are sufficient.

The first test is about skills. You probably pass it if you have the minimum technical skills described earlier in this document. You blow right through it if you have had a substantial amount of code
accepted by an open-source development project.

The second test is about attitude. If the five principles of the hacker mindset seemed
obvious to you, more like a description of the way you already live
than anything novel, you are already halfway to passing it. That's the
inward half; the other, outward half is the degree to which you
identify with the hacker community's long-term projects.

Here is an incomplete but indicative list of some of those projects: Does it matter to you that Linux improve and spread? Are you passionate about software freedom? Hostile to monopolies? Do you act on the belief that computers can be instruments of empowerment that make the world a richer and more humane place?

But a note of caution is in order here. The hacker community has some specific, primarily defensive political interests — two of them are defending free-speech rights and fending off
"intellectual-property" power grabs that would make open source illegal. Some of those long-term projects are civil-liberties organizations like the Electronic Frontier Foundation, and the outward attitude properly includes support of them. But beyond that, most hackers view attempts to systematize the hacker attitude into an
explicit political program with suspicion; we've learned, the hard way, that these attempts are divisive and distracting. If someone tries to recruit you to march on your capitol in the name of the hacker attitude, they've missed the point. The right response is probably “Shut up and show them the code.

The third test has a tricky element of recursiveness about it.
I observed in the section called “What Is a Hacker?” that being a hacker is partly a matter of belonging to a particular subculture or social network with a shared history, an inside and an outside. In the far past, hackers
were a much less cohesive and self-aware group than they are today. But the importance of the social-network aspect has increased over the last thirty years as the Internet has made connections with the core of the hacker subculture easier to develop and maintain. One easy behavioral index of the change is that, in this century, we have our own T-shirts.

Sociologists, who study networks like those of the hacker culture under the general rubric of "invisible colleges", have noted
that one characteristic of such networks is that they have gatekeepers
— core members with the social authority to endorse new members into the network. Because the "invisible college" that is hacker culture is a loose and informal one, the role of gatekeeper is informal too. But one thing that all hackers understand in their bones is that not every hacker is a gatekeeper. Gatekeepers have to have a certain degree of seniority and accomplishment before they can bestow the title. How much is hard to quantify, but every hacker knows it when they see it.

Q:

Will you teach me how to hack?

A:

Since first publishing this page, I've gotten several requests a
week (often several a day) from people to "teach me all about
hacking". Unfortunately, I don't have the time or energy to do this;
my own hacking projects, and working as an open-source advocate,
take up 110% of my time.

Even if I did, hacking is an attitude and skill you basically have to teach yourself. You'll find that while real hackers want to help you,they won't respect you if you beg to be spoon-fed everything they
know.

Learn a few things first. Show that you're trying, that you're
capable of learning on your own. Then go to the hackers you meet with
specific questions.

If you do email a hacker asking for advice, here are two things to know up front. First, we've found that people who are lazy or
careless in their writing are usually too lazy and careless in their
thinking to make good hackers — so take care to spell correctly, and
use good grammar and punctuation, otherwise you'll probably be ignored. Secondly, don't dare ask for a reply to an ISP account that's different from the account you're sending from; we find people who do that are usually thieves using stolen accounts, and we have no interest in rewarding or assisting thievery.

Q:

How can I get started, then?

A:

The best way for you to get started would probably be to go to a LUG (Linux user group) meeting. You can find such groups on the LDP General Linux Information Page; there is probably one near you, possibly associated with a college or university. LUG members will probably give you a Linux if you ask, and will certainly help you install one and get tarted.

Q:

When do you have to start? Is it too late for me to learn?

A:

Any age at which you are motivated to start is a good age. Most people seem to get interested between ages 15 and 20, but I know of exceptions in both directions.

Q:

How long will it take me to learn to hack?

A:

That depends on how talented you are and how hard you work at it. Most people can acquire a respectable skill set in eighteen months to two years, if they concentrate. Don't think it ends there, though;
if you are a real hacker, you will spend the rest of your life
learning and perfecting your craft.

Q:

Is Visual Basic a good language to start with?

A:

If you're asking this question, it almost certainly means you're thinking about trying to hack under Microsoft Windows. This is a bad idea in itself. When I compared trying to learn to hack under Windows to trying to learn to dance while wearing a body cast, I wasn't
kidding. Don't go there. It's ugly, and it never stops being ugly.

There is a specific problem with Visual Basic; mainly that it's not portable. Though there is a prototype open-source implementations of Visual Basic, the applicable ECMA standards
don't cover more than a small set of its programming interfaces. On Windows most of its library support is proprietary to a single vendor (Microsoft); if you aren't extremely careful about which features you use — more careful than any newbie is really capable of being — you'll end up locked into
only those platforms Microsoft chooses to support. If you're starting on a Unix, much better languages with better libraries are available. Python, for example.

Also, like other Basics, Visual Basic is a poorly-designed language that will teach you bad programming habits. No, don't ask me to describe them in detail; that explanation would fill a book. Learn a well-designed language instead.

One of those bad habits is becoming dependent on a single vendor's libraries, widgets, and development tools. In general, any language that isn't fully supported under at least Linux or one of the BSDs, and/or at least three different vendors' operating systems, is a poor one to learn to hack in.

Q:

Would you help me to crack a system, or teach me how to crack?

A:

No. Anyone who can still ask such a question after reading this FAQ
is too stupid to be educable even if I had the time for tutoring.
Any emailed requests of this kind that I get will be ignored or
answered with extreme rudeness.

Q:

How can I get the password for someone else's account?

A:

This is cracking. Go away, idiot.

Q:

How can I break into/read/monitor someone else's email?

A:

This is cracking. Get lost, moron.

Q:

How can I steal channel op privileges on IRC?

A:

This is cracking. Begone, cretin.

Q:

I've been cracked. Will you help me fend off further attacks?

A:

No. Every time I've been asked this question so far, it's been from some poor sap running Microsoft Windows. It is not possible to effectively secure Windows systems against crack attacks; the code and architecture simply have too many flaws, which makes securing Windows like trying to bail out a boat with a sieve. The only reliable prevention starts with switching to Linux or some other operating system that is designed to at least be capable of security.

Q:

I'm having problems with my Windows software. Will you help me?

A:

Yes. Go to a DOS prompt and type "format c:". Any problemsyou are
experiencing will cease within a few minutes.

Q:

Where can I find some real hackers to talk with?

A:

The best way is to find a Unix or Linux user's group local to you and go to their meetings (you can find links to several lists of user groups on the LDP site at ibiblio).

(I used to say here that you wouldn't find any real hackers on IRC, but I'm given to understand this is changing. Apparently some real hacker communities, attached to things like GIMP and Perl, have IRC channels now.)

Q:

Can you recommend useful books about hacking-related
subjects?

A:

I maintain a

Linux Reading List HOWTO
that you may find helpful. The
Loginataka may also be interesting.

For an introduction to Python, see the introductory
materials
on the Python site.

Q:

Do I need to be good at math to become a hacker?

A:

No. Hacking uses very little formal mathematics or arithmetic. In particular, you won't usually need trigonometry, calculus or analysis (there are exceptions to this in a handful of specific application areas like 3-D computer graphics). Knowing some formal logic
and Boolean algebra is good. Some grounding in finite mathematics (including finite-set theory, combinatorics, and graph theory) can be helpful.

Much more importantly: you need to be able to think logically and follow chains of exact reasoning, the way mathematicians do. While the content of most mathematics won't help you, you will need the discipline and intelligence to handle mathematics. If you lack the intelligence, there is little hope for you as a hacker; if you
lack the discipline, you'd better grow it.

I think a good way to find out if you have what it takes is to pick up a copy of Raymond Smullyan's book What Is The Name Of This Book?. Smullyan's playful logical conundrums are very much in the hacker spirit. Being able to solve them is a good sign; enjoying solving them is an even better one.

Q:

What language should I learn first?

A:

XHTML (the latest dialect of HTML) if you don't already know it.
There are a lot of glossy, hype-intensive bad
HTML books out there, and distressingly few good ones. The one I like
best is HTML: The Definitive Guide.

But HTML is not a full programming language. When you're ready to start programming, I would recommend starting with Python. You will hear a lot of people recommending Perl, and Perl is still more popular than Python,
but it's harder to learn and (in my opinion) less well designed.

C is really important, but it's also much more difficult than either Python or Perl. Don't try to learn it first.

Windows users, do not settle for Visual Basic. It will teach you bad habits, and it's not portable off
Windows. Avoid.

Q:

What kind of hardware do I need?

A:

It used to be that personal computers were rather underpowered and memory-poor, enough so that they placed artificial limits on a hacker's learning process. This stopped being true in the mid-1990s; any machine from an Intel 486DX50 up is more than powerful enough for development work, X, and Internet communications, and the smallest disks you can buy today are plenty big enough.

The important thing in choosing a machine on which to learn is whether its hardware is Linux-compatible (or SD-compatible, should you choose to go that route). Again, this will be true for almost all modern machines. The only real sticky areas are modems and wireless
cards; some machines have Windows-specific hardware that won't work with Linux.

There's a FAQ on hardware compatibility; the latest version is
here
.

Q:

I want to contribute. Can you help me pick a problem to work on?

A:

No, because I don't know your talents or interests. You have to be self-motivated or you won't stick, which is why having other
people choose your direction almost never works.

Try this. Watch the project announcements scroll by on Freshmeat for a few days. When you see one that makes you think "Cool! I'd like to work on
that!", join it.

Q:

Do I need to hate and bash Microsoft?

A:

No, you don't. Not that Microsoft isn't loathsome, but there was a
hacker culture long before Microsoft and there will still be one long after
Microsoft is history. Any energy you spend hating Microsoft would
be better spent on loving your craft. Write good code — that will
bash Microsoft quite sufficiently without polluting your karma.

Q:

But won't open-source software leave programmers unable to make a living?

A:

This seems unlikely — so far, the open-source software
industry seems to be creating jobs rather than taking them away. If
having a program written is a net economic gain over not having it
written, a programmer will get paid whether or not the program is
going to be open-source after it's done. And, no matter how much
"free" software gets written, there always seems to be more demand for
new and customized applications. I've written more about this at the
Open Source
pages.

Q:

Where can I get a free Unix?

A:

If you don't have a Unix installed on your machine yet,
elsewhere on this page I include pointers to where to get the most
commonly used free Unix. To be a hacker you need motivation and
initiative and the ability to educate yourself. Start now...


From:

Oscar & Micheal
O&M Enterprises


Copyright © 2008 O&M Enterprises.