- Feature Articles
- CodeSOD
- Error'd
-
Forums
-
Other Articles
- Random Article
- Alex's Soapbox
- Announcements
- Best of…
- Best of Email
- Best of the Sidebar
- Bring Your Own Code
- Coded Smorgasbord
- Mandatory Fun Day
- Off Topic
- Representative Line
- News Roundup
- Editor's Soapbox
- Software on the Rocks
- Souvenir Potpourri
- Sponsor Post
- Tales from the Interview
- The Daily WTF: Live
- Virtudyne
Admin
VMWare + XP + limited user account = win.
Captcha: [_____] ma nizzle
Admin
Some of us under 30 know what RS-232 and RS-422 are, I can just never remember that it's 422 and not 458 or 485 or any other 4XX number. :D
My first modem was also 1200 baud, but I wasn't very excited about it, because it was 1994! :( (once it got zapped in a thunderstorm it's 14.4k replacement was much more warmly recieved.)
Admin
Hm, what if you simply delete the file or delete both keys?
a fail-resistant program would recreate it, with a new date. This is not that efficient, but it works on some more programs.
captcha: error
Admin
Jenny, Jenny...
Who can I turn to?
Admin
I've got a much better registration WTF than any of yours.
Back when I was at my first job, I was double-jobbing at my day job as a programmer and my night job in a fast food place. The fast food job was one that I had in college, and was only meant to tide me over until the company I'd started working for had enough money to start paying me properly.
Only, two months into the job, they still hadn't payed me squat.
At this point, I was a little pissed, so I talked to my bosses to get them to pay me something, anything. I couldn't get them to budge, so I suggested that I'd take ownership of my dev workstation until such time as they paid me the money I was owed. They weren't even slightly happy with the idea, and I left the company at the end of the week.
When I was leaving, I decided I'd might as well get some recompense for my work, so I grabbed the Visual Studio 6 installation CDs along with the rest of my stuff. Little did I realise that the discs didn't come the product key on the jewel case as well as the box.
So here was me with what appeared to be a useless copy of VS6, so I decided to try a few guessed product keys just for fun. The second one I tried was all zeros, and lo-and-behold, it worked! My guess is that whoever wrote the installer left it as a back door for testing and never thought to remove it, or it accidently fell out of the code for validating keys.
Admin
Admin
In the JED.NET framework, anything implementing the IIsMostlyRound interface is presumed to be a wheel.
Admin
Using all "1"s would work too, IIRC.
Not that I ever DID that.
Admin
My first modem was 300 baud, with no autodial/autoanswer. In fact, you had to flip a switch to switch from originate/answer-mode carrier tone. And, you had to dial manually on a telephone, then when you heard the carrier from the other computer, you had to unplug the headset and plug it into the modem. It was great fun manually redialing a one line BBS for hours while busy. It was called a HesModem. You can probably google it. And all this for a data transfer rate where you could read the words faster than the host could send them. This was back probably around the mid 80's. Great times, though.
Admin
Microsoft Bob had a "feature" whereby if you entered your password wrong three times it would just say something along the lines of: "have you forgotton your password? [Yes]/[No]". click yes - "Please enter a new password" - that is security
Admin
Of course, we can presume that anybody who installed Microsoft Bob didn't really have anything worth hiding anyway.
The minute I typed "Microsoft Bob," hives broke out on my arms.
Admin
I agree to an extent.
Once I had to write a key/licensing logic piece to some software that was going to be deployed to various workstations. The software had a very small user base and it was designed before the internet became quite so ubiquitous. Anyway, I don't remember all the details but essentially, it stored time information in a file on the user's hard drive to determine if the clock had been tampered with and such. It worked really well but if you thought about it for a few minutes, you could easily get it to give you access forever. No, I didn't store time information in plain text format - it was hashed in some way. I don't really remember. Anyway I didn't feel too bad about it because the client never wanted to pay me and kept reminding me that they were "non-profit" to which I kept reminding them that I was "for profit" and I'm not giving my services away for free so I can get into heaven.
The client may or may not have been affiliated with a certain large religious group most often associated with one of the western states :)
The topic is still a WTF though.
Admin
Admin
Admin
I was using some trial software a while back of a very popular photoediting suite that ran out after 150 days. Unfortunately for the first 160 days of the trial i didn't use it due to other commitments.
When I finally did get around to using it, I found that my trial was over and I needed to register. I thought to myself, I wonder if just turning back the system clock a year would let me at least trial the program, and to my surprise, worked like a charm.
Admin
You kids and your fancy 1200 baud modems!
I started with a 300 baud accoustic-coupled, manualy switched Heathkit modem!
Admin
Any registration scheme based on dates is going to fail, ultimately. As I see it, there are three levels of cleverness in determining the date. All of them can be broken:
1. Just trust the system date. Any moron can fiddle with the date. Weakest method.
2. Get the date from an Internet time server. A little stronger, but anyone with skill could configure their network to spoof the time server and give bogus timestamps.
3. Get a CRYPTOGRAPHICALLY SIGNED timestamp from a well-known, trusted public server. This guarantees the timestamp can't be spoofed. Again though, it would be possible to configure the network to delay delivering the timestamp so that it is stale by the time it reaches the program. Or the binary itself could be hacked to return a bogus timestamp, or the entire dependence on timestamps could be chopped out.
Ultimately the battle is hopeless.
Admin
No, it wasn't a backdoor, it was just a very poor mechanism. IIRC, the way it worked was that they added all the numbers in the CD key you presented and took it modulo a constant; if and only if it was 0, the key was accepted. In this era, a CD key such as 123-123456 would also work. (Once they moved to the ([A-Z0-9]{5}-){4}[A-Z0-9] keys they use now, that trick no longer worked.)
Admin
Gaming? I thought l33t predated online gaming, and the main purpose was to defeat keyword searches.
Admin
"Legalese Pro" doesn't exist. Is this article a hoax?
Admin
Duh. Of course it is going to be hopeless. As long as all of the code is executed on the client machine, the executable can be changed (checks cut out, stuff can be spoofed, etc.) and all of that good stuff. The point is that the protection only needs to be good enough to keep out "normal" users (the problem gets a little worse when you're selling software for techies). In the article, this did keep out the "normal" user, so even a check this sad still worked.
Admin
And that was the long way around entering the cheat code of 'IBETYOUCANTPRINTCUNT' which would decode the control files for editing. I don't know how many hours I wasted playing that in the college computer labs. That and Starcraft. Ah the good old days.
Admin
"Names have been changed to protect the guilty"
Admin
Neat trick, seeing as PONG couldn't have been in a local arcade until 1972, while the first ARPA network was up in 1969 (between four universities). It became DARPA in 1971.
Admin
Almost too simple... I remember, in the good old days, when almost all shareware / demo software were also checking the system clock for license expiration. One of my first personnal project was a wrapper calling an "exec" system call to launch any program after changing the date for 1990 then setting it back to the correct value after the program quitted. And I don't think that is/was illegal :)
Ahhh souvenirs, souvenirs...
----
P.S. (souvenirs is memories in French)
Admin
My favorite go at being a 'h4x0r' was CD Keys for games. Using the CD filled with just 2's or 3's installed Quake 3. Starcraft worked with 12345678901234... or somthing similar.
Admin
<FONT face=Tahoma>
</FONT><FONT face=Tahoma>lol</FONT>
Admin
The battle against Crackers can't be won with most methods. A committed cracker can change the bytecode without problems and thus render 99.99% of protections useless, unless strong cryptography and trusted verification servers are used.
captcha: batman
Admin
Yeah, worked with Office 97 or anything released thereabouts. Everyone did that at my school until I brought in a copy of 2K. That's one of 2 product codes I ever memorized because I installed it so many damned times.
As for "security" measures. I had a program that let you adjust the size limit for doing a certain activity, but since it communicated with a central server, I never tried it for fear of being bitch-slapped over TCP/IP.
camptcha: stfu (fine, I will)
Admin
That "unless..." is also wrong...
Especially when that works as a "wrapper" for the program itself, you just dump it to a file, and have it load up again later. I believe methods like this were popular against use-preventers (otherwise known as copy protection - copies needing protection indeed!) for games a while ago.
Admin
I suspect you could even fudge that by dropping a packet sniffer to see which NTP server the connection goes to. Change your /etc/hosts(or whatever windows uses) file and point the ip/dns name to your local machine running NTP at your desired date and time.
Admin
"<font size="5"><font size="3">I do tricks like this practicly every week, had a few that were just change 0x74 to 0x75 (single jz / jnz) and it'd work beautifuly."
I'm a fan of 0x90 (NOP), personally. Make it forget the whole thing.
"you don't need to see his identification"
"we don't need to see his identification..."
</font></font>
Admin
This reminds me of a major sale of big budget product X on license to an Arabic country. The license key was generated to expire a year hence and sent to the client. Some time after the expiry software vendor X contacted them and asked them why they did not renew. They had no idea it was expired, they were running a totally different calendar and had a few more hundred years to go.
Admin
... that's not the origin at all.
Admin
Was "3773" a deliberate mistake? :) (I don't know about you guys, but I haven't heard of "ette-speak" up until now)
Anyways, stuff like this doesn't surprise me anymore.
Sad really, I can only hope these things only happen in older software. (although some WTF's prove the opposite)
Admin
Disregard my first remark. I knew I should have ctrl+f'ed on 3773 in the comments first :)
Admin
I actually have a cousin who was smart enough to pull the system date back to the 90's to get a software to work...sadly, where i'm from (india), nothing is sacred...license-key's are bypassed without even the slightest tug on the conscience....as a developer myself, that depresses me...but as a hacker...hehe welcome to india, have a nice day...:)
Admin
This post made me reminisce my elite hacking. As a 12 year old I cracked Duke Nukem 3D.
As a piece of history, Duke Nukem 3D's original release was censored in Australia. It just so happened that shortly after the release of the (uncensored) shareware release, a gunman run amok and massacred a bunch of people, meaning the government was overly sensitive and when it came time to rate the full game, it was banned. Instead of working around the problem or editing out certain elements, the game's distributor just decided to turn the games built-in "Kids Mode" function on which censored the game to a ridiculous degree.
The duke3d.ini file just contained something like AdultMode=0, Password=FjCxlas8x, but I found that if duke3d.exe found adultmode=1, it would set it back to 0 and tell you to run it again. I fired up DOS edit (not even a hex editor) and changed the first "0" i found to a 1. Suddenly it enforced adultmode=1. It wasn't very glamorous, and 2 days later I found a real patch that removed it properly on some BBS, but even as a 12 year old I laughed at their lack of security.
It also turns out that within 2 weeks pretty much everyone in Australia was playing the full cracked game, and the government tried to pull it off store shelves. But because the distributor had explained that the full content was on the disc and the only censoring was in the game engine (sort of like an inverse of "Hot Coffee") it was deemed illegal to do so and the couldn't. Within a few months they released the proper version anyway.
(I also seem to recall that UNIVBE (remember that?)'s registration program (register.exe) had hard-coded serial numbers in it for Pro, Ultra, and Lite, or something like that. All you had to do was unpack it and read the number out. I wonder if they were just backdoor serial numbers for testing or if everyone who bought UNIVBE got that same serial number.
Admin
The real WTF is all the people deriding this simplistic security scheme, that apparently fooled somebody who could use the words "extract", "database" and "excel" correctly in a single sentence, whilst they spend many days, weeks or even months on implementing security schemes which are NOP'ed out by hackers in a few minutes.
The truth is; unless you're willing to spend a lot of time and money on stopping hackers, this simple security scheme works just as well as any other for 99% of the user-base. Or you could spend that same time and money on improving or marketing the product.
Admin
Hahahaha...this one made the other folks in the office wonder what I was chortling about for 3 whole minutes...
So I guess Brian's out of a job because of that?
Admin
I always like poorly designed protections.
I remember a shareware Amiga app that used a keyfile-based protection. The keyfile was basically some encrypted data, and some function checked whether it was good and returned some flags.
This would already be very easy to crack, but the decryption and verification function was in the keyfile... The keyfile was basically a shared library loaded at runtime, with a function called by the application to ask whether the registration data was good.
I made a library to put in place of the keyfile, with a function that just returned what the app expected, and that was it.
The app was so good that I ended up paying for it anyway (althought it may have been caused by the fact that the author, for some reason, stopped distributing demo versions of it altogether at some point)
Admin
Actually, thats completely wrong. As any BBS user from the early 90s will know, 1337 speak has always been a way for kids online to try and be "cool" and "different". It was in use well before there were online games, back in the days when you played games with joysticks and loaded them from floppy disk. Player 2 was the guy next to you with the other joystick, not someone else around the world. So not only were your hands not even near any number keys, there wasn't anyone to send 1337 speak to.
Admin
*yawn* + LOL (if that's possible)
If you put any kind of cracking reference into a computer geek forum, you inevitably get beef between a couple of guys desperately trying to be kewl by showing that they know how to type "cracking tutorial" into google... and that they can read. Great WTF Alex, really made me giggle and hopefully these 2 will carry on thrashing it out for a while demonstrating their mega-trega-1337 skillz.
Giant who cares to both of you.
Admin
Makes me remember of two of my most brilliant kr4kz.
2) I came across a copy of Windos 3.1 update. It didn't want install on the empty hard drive: it complained about not finding any Windos 3 on the drive. I had no 3.0 either. I just mkdir'ed C:\WIN and echoed some characters into WIN.COM. The update worked.
Rudy
(Italy)
Admin
Admin
I agree that a good security algorithm isn't really worth the effort (except it can be fun to see just how obscure you can be!), but seriously, telling the user what the key ought to have been? WTF?
I think you ought to go slightly beyond a plaintext date in an INI file, even for ordinary Joe. A slightly hashed registry key/user info file is probably good enough for any product under $100, though (unless it's for developers/kids).
Admin
A coworker has a bootable floppy disk that resets all Windows passwords. The Ophcrack Live CD has the advantage, though, of allowing you to read encrypted files because the password that Windows stores using one or more different insecure hash algorithms is the same that's used to generate the file encryption key.
Actually, that would be very similar to a replay attack, and such attacks are easily thwarted using a proper challenge-response technique.
Ultimately, though, a hacker with sufficient resources can just remove all the cryptographical copyprotection stuff from your application. That's why we need "Trusted Computing" so that big brother Microsoft can just turn off users not abiding to the wise and just Oceanian laws.
Admin
Well, duh, "no, stupid, the password isn't 'soy bean', that's yesterday's password. Today's is 'pancake'. ...oops..."
When I was in school, we had some educational programs. For DOS. Written in QuickBasic or something. Got bored in the computer class* and found out that the licence key and some sort of checksum was in a file. Changing the name made the program display "A rather sorry end" in Finnish, and nothing else. I stuck in an anagram of the licencee name and the program run just fine. If I had been bored enough, I might have figured out the checksum system, but in no way I will admit I was geeky enough to WaReZ educational software from school and it's probably rotting somewhere in an awful huge stack of floppies somewhere. ...oops... (well, actually, I can't remember if I did, maybe I just have a hazy memory =)
* weird how I could get temporarily bored on a computer class. At least we had programming too (GW-BASIC and PC Logo, and the l33test kids in the class programmed in Turbo Pascal in home!). Nowadays, they only seem to teach kids how to start up Word or double-click that Internet icon thing...
Admin
I guess that depends on why you make the effort.
One prime example is Skype. Their code is encrypted, obfuscated and armed-against-debuggers six ways from Sunday. :-(
Admin
And how many 12 year olds do you know using "Legalese Pro"? The point remains that this was "good enough" security when the program was written. Obviously stumped the lady who was using the program!
And you would be amazed at the number of solo, small, and even medium-sized law firms out there with some of the most abysmal computing policies, procedures, and software that I have ever seen in business. My wife got a 3.5" floppy disk with one .doc file on it from a medium-sized firm less than 6 months ago for a case she was working on. Guess who was able to hex-edit that entire disk to find out all kinds of info about other cases they had worked on? (They were even so cheap as to use a Gateway backup floppy that had been erased (not reformatted) for reuse to send these electronic docs around. I only found this out because my wife and I were unable to read the FAT8 blocks on that stupid thing with Windows XP and I had to 'hack' the thing just to find the .doc file she needed. In the process I found out all kinds of other fun stuff on that disk. Stupid!)