- Feature Articles
- CodeSOD
- Error'd
- Forums
-
Other Articles
- Random Article
- Other Series
- Alex's Soapbox
- Announcements
- Best of…
- Best of Email
- Best of the Sidebar
- Bring Your Own Code
- Coded Smorgasbord
- Mandatory Fun Day
- Off Topic
- Representative Line
- News Roundup
- Editor's Soapbox
- Software on the Rocks
- Souvenir Potpourri
- Sponsor Post
- Tales from the Interview
- The Daily WTF: Live
- Virtudyne
Admin
Fantastic security!
I remember a shareware password recovery app (uncovering characters in password field text boxes) that would only report the first half of your passwords (so, for an 8-character password it would only report the first 4 - you had to register for the others). Simply pad the password to twice the real length and there you have it!
Admin
<FONT face=Arial>Excellent!</FONT>
<FONT face=Arial>The message here: Don't just tell your coders what to do, tell them what to do and what its purpose is...</FONT>
Admin
Thats the worst error message possibile. Wonder how many calls this Brian person gets a day.
capatcha: truthiness
Admin
sadly this has made my day
CAPTCHA : wtf
Admin
This has got to be one of the funniest WTFs this year. I literally laughed out loud really badly after reading that second dialog. This reminds me of the original Windows Update hack where you just set RegDone to 1 in the registry under HKLU/Software/Microsoft/Windows/CurrentVersion. lol...
ROFLMAO
At least the guy didn't re-invent the wheel like Jed did.
Admin
Haha... sad really because anything that looks at the date for anything can be fooled by setting you system clock back. Unless of course they go out to the internet to get the time but who would use that?
Admin
I'm surprised Brian even works there still. He must have been pissed when he found out the developers hard-coded his name and telephone number into production software.
Alex, why did you anonymize the dialog box? Just blur out the last name and a few digits of the phone number. I like my WTFs as authentic as possible!
Oh yeah, the real WTF is that leetspeak primer for parents linked to in the article:
(Emphasis mine.) Leetspeak isn't phonetic at all. You can't "sound out" the characters (()!)*x3|_. It's kind of like a pictogram maybe -- but there's certainly nothing phonetic about it. YAMB*.
*Yet another Microsoft bug. (I'm trademarking this acronym.)
Admin
Not really. you just store the system date somewhere each time your app is run and/or store the fact that your app has already expired (in a not-so-obvious manner, of course). Pretty easy to figure out when the clock has been messed with.
Admin
Admin
This is like stealing Mona Lisa and accidentally leaving her behind while buying a burger. I feel sorry for the guy who coded the copy protection. It was all in vane.<o:p></o:p>
Admin
Captcha what?
Admin
Grr...I remember a freeware program (forgot the name of it) that started complaining "go to some website and get the newest version" after a while. Rather annoying since I didn't have the web! Ended up having to fiddle the system clock when I wanted to use it.
But yeah...that is one huge cock-up.
Admin
Somehow I doubt that an actual fully-fledged with office and everything company produced this software. I have the feeling that Brian is an independent developer, and the number posted was a personal line.
Admin
Eons ago, I had a demo copy of Quicken Quickbooks. It was made for Windows 3.1. It was fully functional, with a limit on the number of times you could run it. Considering the pricetag, the best security they could come up with was a line in the INI file like, "RunsRemaining=30". Brilliant.
Admin
i remember the first time i 4ax0red a program--i was like 12, i heard rumours that on aol it was required to put the serial number somewhere within the program but obviously not tell the public...so one program (i think it was lprint or something) and i just typed in my name and typed in their zip code for the cd-key and lo and behold it actually worked. it was the only program i was ever able to do this trick with so i dunno how true this rumour was.
Admin
Err, shouldn't that be 1337? Or what might "Ette" possibly mean? Or were you just trying to be funny?
Admin
Well this is an interesting WTF
Admin
That's not fair. The file specifically told him, "Do Not Modify".
Admin
And there was this RTS game that was made to run without it's CD by a few switches in if...else clauses in the assembly code.
Yes, I remember being taught how to do it. Which makes me loathe the software published by that house.
Admin
Rarely I go "WTF!?" after reading a WTF, but today's WTF made me go "LOL!" (yes, phonetically!).
I bet this was a hint from "Brian" who hoped it will help him to avoid annoying calls after he'd retire.
Admin
Nice choice of phone number. Is that your standard?
Admin
I had a game (<tinfoil-hat>relatively recently, so I won't give details</tinfoil-hat>) that required the CD in the drive to play, even if you did a full installation. That is, until I noticed that it stored the letter of the CD-ROM drive in its configuration, and could be tricked by changing it to point to the directory the game was installed into.
Admin
How about the fact that it the pop up had the expected key value? I think I am going to put that in the app I am currently working on. "Could not find user 'John Smith.' Did you mean to login with a username of Admin and password of God?"
Admin
Mmm, kr@xx0rs... (Do they come in barbeque?)
Admin
Why 2010?
The problem will recur in 4 years.
Admin
wow, that is exactly what I encountered at my job this day. Some poorly designed application returns something to VBscript if the right hash is provided. If the hash isn't right, it will say 'should've been this one'. "How come you need a hash in the first place?" I asked my colleague. "well, I can't remember, but it had a véry good reason." Yeah right...
Admin
<font size="5"><font size="3">I do tricks like this practicly every week, had a few that were just change 0x74 to 0x75 (single jz / jnz) and it'd work beautifuly.</font>
</font>
Admin
By then Brian Emmit would have become AOL's CEO.
Admin
Many (all?) Unreal engine games worked like this. In the [gamename].ini file to be precise. I have done this on my (legal) copies of Unreal, Unreal Tournament and Deus Ex so I'm assuming its built into the engine. Given you say relatively recently I'll assume this practise is still in use in some departments.
Admin
My thoughts exactly.
Admin
cheat codes are for lamers!
Admin
Most UT games these days just disable CD checks with the later patches.
Admin
The real WTF is that the expiration date in the license file used a 4-digit year, which is much less efficient than simply using 2 digits.
CAPTCHA: captcha
Admin
oh yeah, you are real "krakzor". try to make a keygen instead of patching conditional jumps.
i don't understand how this type of protection like "bpx MessageBoxA, here's your serial number" will stop anyone.
Admin
<font size="2"><font color="#000000">Wasn't trying to been a 3773 krakzor, just saying how easily some of them are defeated.
CAPTCHA: genius
</font></font>
Admin
... and if you want to be really 'leet, you might want to use something like 7337 or !337 instead of 3773. ;-)
captcha: captcha. (Seriously.)
Admin
Jenny is the bean bag girl.
Admin
Rarely do the WTF's here make you say WTF!? Where do you work? I would just like to know, so to avoid it should I look for a new job in the near future. ;-)
Admin
No wonder Brian don't do that any more. Can't offer ya' any help with it, either.
He put himself out of business!!
Admin
Now you make me feel *really old*.
When I was 12 AOL did not exist yet. Actually, the Internet did not exist. DARPA had not started a network. There were no personal computers.
However, I could play PONG at the local arcade (or bowling alley) for a quarter!
Admin
A few days ago, when making that "recieved" message box with spell checking, I thought: Why not make a contest for faked WTF message boxes, dialogs that are so absurdly WTF that it's obvious that nobody can be that stupid. My first idea for a faked message box appallingly matches todays WTF. Well, there goes my idea. Why make a contest for faked message boxes when you can't distuingish them from real word WTFs?
Admin
There are lots of posts about poorly written authentication - as though the authentication really HAS TO BE PERFECT AND UNCRACKABLE in order to work.
The truth, however, is quite different. Stupid schemes such as writing "RunsRemaining=30" in an ini file is PERFECTLY SUFFICENT to stop most users. There are a very few people who will actually look into an obscure file in the Windows directory to look for this.
99.99% of everybody else will call and get an updated license, and pay the $50 to not have to see the message.
CAPTCHA=stfu
Admin
Well, those 0.01% were only able to access those .ini files because they're familiar with the technical details of the system. No one else would ever be able to actually figure that out on their own.
A typical person would use google and download the "crack" that does exactly the same, but automatized. I know lots of people who does it.
Admin
I remember Winzip used to complain if you use it more than a certain number of times without registering (wouldn't stop you using it, it would just complain). Being in College and poor, I found the file that stored the number of times it had been run, and reset it to zero.
Admin
IMO anyone who downloads a crack and uses the same computer for anything important, e.g. internet banking, is at least grossly negligent.
Admin
I agree security only needs to be appropriate to the task and that in many cases simple security is sufficient.
But for quite a lot of applications editing the ini file is a completely normal way of configuring the app. Putting a parameter in there (unhashed) doesn't even qualify as simple security.
And your 99.99% is way optimistic. I reckon that the majority of 12-year olds would crack this, either by working it out themselves or by simply loooking it up on the net.
Admin
Not quite a hack, but I was pretty proud of cracking the save game feature in the Lord of the Rings game for the Super Nintendo. It required you to type in a long string of letters and numbers (and to write down the string in order to "save" the game). My friends and I realized that different substrings of the save string represented the members of the fellowship, their levels, and their inventories. There was also a section that indicated the progress through the game of the fellowship, and the last part was the group inventory. So it was pretty easy to change the section of the string that specified the location of the group and teleport around the world. Or you could add all the members of the game to your group from the very beginning (along with high levels and the best equipment). Good times.
Admin
It's a lot of bad attempts to "secure" a particular type of software like this. I remember I had my moment as a l33t cracker. I was trying to install the 'PowerDVD' program that comes with the D311(manufacturer name confusicated so I won't get any lawyers on my neck...) computers on my homemade computer. On my first attemt to install the software the installation process was halted and telling me that this software was only ment for D311 computers. I started to look at the files on the installation CD and found one text file with the following line (I dont remember which one):
Hardware ="D311"
I copied the files to my hardisk and changed this line to:
Hardware = "Asus"
I could now install PowerDVD.
Admin
That 1337 ?p34k article was hillarious. And it totally failed to address the form's real orgins in gaming. The point was that you could type stuff in a game without taking your hand off the mouse. Most 1337 ?p34k can be typed with the left hand using the number pad and characters near the arrow keys.
Admin
Dude, your sig was part of the tagline file distributed in Mustang Software's OLX over 15 years ago, which almost guarantees you're a part of the BBS generation. Not only SHOULD you feel old, you should be *lording* it over all those little whippersnappers who don't even know the difference between RS-232 and RS-422.
Just like me. Why, I remember being EXCITED when I got my first 1200 baud modem! And even MORE excited when it didn't need the phone receiver strapped onto it!