� ,
This publication Is dedi cated to all of those before us
who built the foundation for the hackers of the worid to
xpress themselves openly and without prejudice.
While we attempt to continue In our quest to obtain
knowledge and understanding, we Inv ite you, the read er,
to join In and sh are any thoughts you may have
regarding the magazine, hacking, life , work and anything
else that you feel Is Import ant enough to be shared.
We're not go ing to knock anyone down for askin g
questions or ri dicule the steadfast elitist folks who
believe that knowledge should not be shared. We beli eve
knowledge should In fact be shared with one another, no
matter how trivial the Information may appear to be.
After all, knowledge Is power.
Think back to the way It was , when hackers s tuc k
tog eth er and had a good time . An amusing time wh en
hackers shared their stories of exploration and ultlmat .
conques t. A wondrous time when hackers were
considered the good guys and looked up to by those not
fortunate enough to understand the technology around
them. A s imple time when a hackers harmless efforts
gained a new understanding of technology Issues and
the praise from thei r peers and superiors alike.
That time can stili be NOW. Hackers of the world un it .
and exercise your freedom to disseminate Informationl
Distribution
Greg , Boiler, Syntax, David B.
Assistant Editors Photography
Alexander Tolstoy CHS, Dark Pala din, Daniel Spisak
Dave S.
Forum Admin
Office Help Spratt_
Pixel Pixie, Jess, Lexus,
Dark Paladin, DoctorWHO,
Writers
ML Shannon, Goldfinger, BarfBag , Kingp in,
MomoPi, Mr. Asshole
Double-O -Ja ke, Grandpa Hackman, Trash-OOX ,
Artwork Wild E. Coyote , TechnoHeap, Rogue ,
Derek Chatwood - A.K.A. Searcher The Crypt Phreake r, Erik Giles , Sam Nitzberg,
Kat e 0 ., Paralla x, Mother Goose , Cactus Jack ,
MasonIWolf Bob Blick, Stank Dawg , MobbyG,
ISSN 1082·2216
Copyright 1983-2004 by Syntel Vista, Inc .
All opinions and views expressed in Blacklisted! 411 Magazine are those of the writers of the articles, and do not necessarily
refle ct the views or opi nions of any Syntel Vista, Inc. staff members or it's ed itors .
All rights reserved . No part of this material may be reproduced, sto red in a retrieval system, or transmitted in any form or by
any means , electronic, mechanical, photocopying. recording or otherw ise, without the prior writte n permission of Syntel Vista,
Inc .
Blackllsledl411 Magazine
P.O. Box 2506
Cy press CA, 90630
9035768ABBAJBVJB-Q020
DBBl01 ,07,32,41,52
PRINTED IN THE UNIT ED STATES OF AM ERICA
�~'~~~~~'~1~~"""~'
Blacklisted! 411 s
Doc Salvage Neuromancer
ECSC Doc Jones
oleBuzzard Line Tech
Dark Tangent Alaric
DEFCON Short Circuit
Freaky Mingle
Blackwave The Goldfinger
IrvineUnderground E. Coli
Consumertronics Group 42
Wizguru SWAT
Greyhawk Trash-OOX
Spratt_ Doule-O-Jake
The Underground Mac Ender Wiggin
Bobeeve TechnoHeap
German GI Electronics
Big Dog Briel Computers
Skippy
Avatar ....and a few ANONYMOUS people
Inside this issue
4 - Introduction 35 - My Amlga Is Stili Ticking•...
5 - Letter from the editor 36 - The Hacker Chronicles
6 - Letters and Comments 39 - Serious Salvage Part IV
12 - Defcon 2004 Recap 42 - Don 't Let Your Bab ies Grow up to •..•.
15 - Authentication devices for your MAC 43 - Hacking with Proxy Servers
18 - PDA Security 46 - DTMF Tone Decoder [Project]
21 - Electronic Surveillance 49 - Thief or Thrill Seeker
25 - Hacking a Wireless Router 50 - Caller 10 Spoofing Primer
28 • Owning Universal Studios Florida 51 - LCD Serial Terminal [Project]
30 - Review Corner 54 - Black Market [Marketplace Classlfieds]
32 • Dumpster Diving 58 - Monthly Meetings
Additional information
How to Contact us: Distributi on and Sales:
Blacklisted! 411 Magazine Blacklisted! 411 Distribution
P.O. Box 2506 P.O. Box 2506' Cypress, CA 90630
Cypress, CA 90630 Email: sales@blacklisted411 .net
Subscriptions: Advertising:
$20 U,S" $24 Canada, $35 Foreign Blacklisted! 411 Advertising
Check or Money Order (U,S, Funds only) P.O. Box 2506, Cypress, CA 90630
Email: advertising@blacklisted411 .net
Art ic les :
Blacklistedl411 Articles
P,O, Box 2506, Cypress, CA 90630 World Wide Web :
(Include name & addres&-we PA Y for articles)
Web si te: htt p ://www. blac kliste d411.net
Lett ers : Store: http://store.bla ckli st ed4 11.net
Blacklistedl 411 letters Forums: http://www.bI411forums.com
P.O. Box 2506, Cypress, CA 90630
�Blacklisted! 411 introdu ction for those ofyou who are new .....
Who we are... and were ... chief) , Zack Blackstone, felt it was time to revive the Blacklisted/
41 1 concept, but this time do ~ as a print magazine. It was
The question often arises on the subiect of, -How did it all start?" extremely difficull to get started beca use the group was no more.
in reference to our magazine and it's history. In response to this He was the only one of the original group members remaining
popular Question, here is a quick history lesson of Blacklisted ! that had an interest in bringing the hacker group and magazine
4 11 magazine, induding names, dates and littl known facts alive aga in. With some money, will to make it happen, and with
e
whichhave. thusfar, been hiddenaway for years... the help of some top of the line of the disk magazine , though there is no way to still have the same hacker menta lity and code of ethics from the
know how many were copied by others. SO Hackers are not thieves - they're curious people. We are
's.
not elitist hackers by no means and no question is a stupid
Eventually modems caught on and we began to distribut e the
monthly via crude BBS syste ms. Using the power of a question. We 're not going to knock you down, call you a ' tamer'
Commodore 64, we put up a Blacklisted! 4ft info site, whic h "larnah" or give you crap for being a newbie! Every hacker
anyone could log into without handle or password, It was a started somewhere . W e rem ember this most fundamental fact
and we wHl never forget it.
completely open message center. U sing Xcmodem or Punter file
transfer protocols, you couid downloa d the latest Blackliste d! What's Next,.,
4 11 files or readlleave ' rnassaqes" which later became known
as a ·message base" and has evolved into what are now Community
commonly known as · newsgroup postings" or "forum postings". Over the next few month s a lot will be happe ning . We are
We had only one message center , no email capability & only 1 becoming more active in the Hacker Community. A s we are
phone line . Primitive, indeed . Effective, however. based in the Los Angeles area, we are building relationships
with the local Hacker groups such as lA2600, 502600,
Around 1964 we purch ased a 9 pin dot matrix printer that could twentylhreedotorg, Irvine Underground and more. We will be
print basic graphics. We experimented with printing out attending and sponsoring Hacker Conve ntions and Conferences.
copies of the Blacklisted 411 monthly and copying them at the The first being the Layer One Convention, June 12·13, at the LA
media center at the high school. The media center staff Airport Westin . We will have a booth at this event where we will
graciously ailowed us to make these copies free of charge whi ch be selling subscriptions, current and back issues of the
was very cool at the time. We'd pass these out at the loca l 'copy magazine , and other swag. W e will also be having several
meets" (an interesting phenomenon of past times · hordes of "convention only" promotions so look for us there.
computer users would meet at a predetermined location and
setup their computers with the sole purpose of copying software Magazine Development
and exchanging this software with each other) . We'd leave a pile A major effort is being made to increase our exposure to the
of our magaz ine copies anywhere we were allowed to do so. Hacking and Information Security Community. Our distribution
One popular location was next to the Atari Gaunttet and Gauntlet goals are for the magazine to break 100K copies distributed
II arcade games strategically located at 7·11 's all over the place, each quarter sometime next year. Based on the demand, and
We're only guessing here, but we think people photocopied our orllelS from distributor.>we are on the right path . We are seeking
copies and then those were photocopied, etc. There's no telling and hiring freelance writers , photographers, and editors to
just how many generations of early printouts of Blacklistedl 4 f1 increase the quality and scope of the magazine. Add~ionally, we
monthly made nout there . have people who are adively trying to promote the magazine
both inside and outside of our dose community.
Years went by and Blacklisted/4ft evolved . The short lif....pan
of the printouts was both a great success and a miserable Merchandl.lng'SWAG
failure. No matter where we left them , they were taken · and We wish to have a whole series of Blacklisted/411 themed swag
taken quickly1 The feedback was awesome in that people and merchandise. This Indudes stickers , apparel, posters, and
wanted more. The interest was very high, but our inability to whatever else our creative minds can corne up with , Input, help,
meet this growing demand was completely overlooked . We had and direct submissions for this will be accepted and appreciated .
to offICially pull the plug on the printout experiment and we stuck
with electronic files. It was really the easiest way to go. The Charille.
Blacklisted l 4 ft info s~e grew into a 2·line system. This was a Black/istedl 411 is run by real people who care about other
big deal in 1985. By that time, information was almost things aside from hacking . No, really . In the spirit of helping
exdusively passed around by modem (unoffICially on paper) and people and organizations outside of our community, Blacklistedl
we were still releasing disks at this time. 411 Magazine has officially donated to the local chapter of the
Ronald McDonald House charity . After all, children are our
June of 1987 marked the end of Blacklistedl 4 f l , the hackers future. Blacklisted l 411 Magazine whoieheartedly supports the
monthly . Our last disk based magazine was distributed that Ronald McDonald House mission and their programs.
month. Now that all of us were out of high school and onto Additionally, we've donated heavily to the Westminster Parish
college, work and the biggerib etter things in life, nobod y had the Festival, specifically w~h the intent to help support their youth
time or inclination to put any effort into the disk based maga zine program s and special classes for the mentally and physically
anymore . The once thriving Blacklisted! 41 1 group broke up and handicapped .
people went their separate ways. Naturally, we all assumed this
was the end and Blacklistedl 4 11 wo uld never come back in any If you have questions, comments, articles, ideas , flames , general
form. ·screw you guyZ· messages or wish to offer support in some
way, please contact us immediately and let's see what we can
In the summer of 1993 , one membe r (and the original editor-in- do. Thanks for your support , hackersl BL411
4 Volume 6 Issue 4 • Fall 2004 Blacklisted I 411
�Letter from Zachary Blackstone, editor-in-chief. .•..
Welcome to another issue of Blacklisted! 41 I Magazine. or suggestions, by all means, please let us know as soon as possible.
Some of our readers suggested that there wasn 't enough technical
Has another three months gone by already? Yep. That's right. material in the latest issue of which I agree whole heartedly. Our
We've made our way to the Fall 2004 issue and it's getting better. magazine has always included a bit of information from the fringes,
The content is cleaning up to reveal the true hacking articles we which has given the magazine the gritty underground reputation it's
like to publish and the number of contributors has increased had for so long. However, the last issue was a bit over the top with
tremendously. more than the usual non-hack for reasons of marketing & targeting
specific user groups. The materia l content will revert to more
So much has happened since our Summer issuc--nothing but good technical reading starting with this issue, the Fall 2004 edition.
things. Most notably, the amount of response and feedback we've
been getting. The Fall 2004 issue' s distribution officially puts Part of my usual routine, I've been on top of the gossip with the
Blacklisted! 4 1I back in the position to lay claim that we're the grapevine and I've read and listened to just about every review and
most widely distributed hacker magazine on the planet! Thank you piece of commentary on our magazi ne since our return . Overall,
to everyone that made this possible so quickly. people are generally happy we ' re back with only two real gripes.
We've taken the time to make our presence known at both the One, which I jus t addressed above, was about the content which is a
LayerOne convention and the DefCon convention. Alex, my resolved issue as far as I'm conce rned. The next, which came from
assistant editor, and some staff managed to attend both conventions. only three people, one of which was very persis tent in his constant
If you came by and said HI to us, thanks - we appreciate it. nagging on the topic, was that our tagline of "t he official hackers
Everyone generally welcomed us with open arms and allowed us to magazine' was inappropriate for two reasons:
take our place among the community with little resistance. A few
people approached us with some preconceptions, but those ideas I. The hacking content was not enough to qualify .
were quickly laid to rest and we made more new friends. 2. We don't have any reason to make this claim.
We received many new subscriptions, picked up new writers and Let' s put this gripe to rest right here and right now.
generally made friends with a lot of new people. That's right.
WhiJe our real reason for attending the conventions was to make I. The magazine has always been abo ut hacking. Period.
our presence known among the community and to contribute back Sometimes the fringe materia l which somewhat tits into the social
into the community, it couldn' t be helped. We sold some engineering concept-which has long been established as a hacking
subscriptions and back issues. Thanks for the support, guys! In relevant topic-is heavy from issue to issue, but we've since
addition to this, many of you voiced your support for what we 're decided to tone it down and push back into the technical side of the
doing and subsequently made contact with us after the event(s) to magazine which people apparen tly liked better and want to see
offer your support in various tangible ways. From articles to more of . Ok, resolved. See, that was good constructive criticism.
artwork and everything in between, it's greatly appreciated!
2. We do have a real and specific reason for using the tagline of the
People have been dumping off stuff for us to review and play with. "official hackers magazine" The original need for this was because
In fact, I decided to write about some of the more interesting stuff of a knock-off of our zinc, but that's long since passed . Now, here
in this issue. You can read about it and, hopefully. find some of and today, Blacklisted! 411, granted only first available in disk
these things useful. Many other groups and media have been format. was around "well" before any of the other hacker
contacting us to arrange interviews and possibly exchange material, magazines still available today. Second, with our distribution for
ideas to work toward some sort of mutually beneficial arrangement. the Summer and now the Fall issues , we have the undeniable right
to make this claim if based solely on the fact that we now have
One of the big news items of ours is the fact that our website has higher distribution than any other hacker zine on the planet.
recently expanded to include a FORUMS section that all are Nobody touches us! That's it. It' s done. Get over it. ' nuff said.
welcome to join and participate in. People kept asking for it, so we
made it a reality. Spratt_of UGM networks put the forums Yep, that was pretty much it for the gripes. Pretty standard stuff, I
together for us and he's the official Admin for the site. The forums suppose. Either way, we shut down both topics with ease and we
will finally bring the Blacklisted! 4 I I magazine media to a new can now move on to bigger and bette r topics .
level, offering additional means for our community to express
themselves, exchange their ideas and offer their opinions in an open Again, don't forget to visit our forums availab le from our main
medium. website: http://www.blacklisted 4 11.net
We've always been about technology and offering the newbie a All in all, I' d say this has been a great summer for us all over here
means to start their hacking careers on the right path as well as the at Blacklisted! 4 I I magazine . I would be sorely mistaken if I
old school hackers a place to call home. In fact, hundreds of old didn't realize that it's because of each and every single one of you,
school hackers have taken the time to contact us and express their our readers, that Blacklisted! 4 11 is where it is today. So please
gratitude that we' re doing what we are, providing the hacker, old understand that myself and the rest of the staff over here sincerely
and new alike, a place to congregate and that we're not all about the thank you for your continued support and feedback. THAN K YOU.
b.s. ' Ieet haxor script kiddy hacker wannabe's.
Blacklistedl 411 Magazin.
It's a great feeling to know that what we do is appreciated by so P.O. Box 2506
many people. The only way we know this is by the feedback wc Cyp ress, CA 90630
get from all of you. So, keep it coming. If you have any comments -Editor
~'-":II::IL]' • •::L.~.-IULIl~. 1ULIl.-L.~.=. ::LII::-=- • •__ I
Notes a/interest: :
• We currently have all of Volume 1 back Issues available at thi s time. _
• Volume 5, Issue 3 and Volume 5, Issue 4 Is stili available in very limit ed quantity.
• We're no longer offering a ny t-shlrts, baseball ca ps or bumper stickers, but we're accepting de sign Ideas for new swag. _
• Deadline on aU arti cles, lett ers, artwork and ad!ifor Volume 7, Issu e 1 is November 11st , 1664. .-
~c1assmedads ar e now FREE and are limited to space constra ints per issue. First come , first serve d. i
- We're a PAYING MARK ET for articl e. we use! We pay 525-5600 dep ending on size, quality & use of pho los. ~
_ =-:I::.II-=-= •••
Blackhstedl411
•• ~ .=II:::£££a~_.=--£"'~ .:!III
Volume 6 Issue 4 - Fall 2004
•
5
�Letters and comments/ rom our readers.....
Blacklisted! 411, the scene in many numbers of ways and have put a lot of
time and effort into their knowledge and understanding of the
I have a question that I am having great difficulty finding the inner workings or things. Myself, I have not. The things that I
answer to. I recently picked up a copy of your mag at know and that I pick up have come natural to me. I have not
borders and am pleased to see it out again. I think the last really reached out to learn the inner workings of thing 0' have
time I even saw one was like 100 years ago. I really enjoyed contributed to the scene. I have read up on things because I
the article The Ear by M L Shannon, anyway. was a little curious and I even held a stance on the whole
Kevin Mitnick ordeal.
I am trying to learn security and I am testing my own windows
network... I was able to find my FTP port open and when I Why do I/didl do these things? I did them because I feel that
typed ftp:/Imyip in the browser it showed that I was as an American that freedom of speech and freedom of ,.
connected but did not allow me to browse anything. It was expression, while being one of our rights, the only way you ' ,'
just like ~ was blank. My question is why does ~ not allow me truly have them is if you are a undergrounder. I support
to browse things like C:\ or any other directory and how can these peopie because they are the ones that have stepped
that be exploited. up from the foot of big brother and didn't care. Myself I am
actually afraid to dig too deep into anything for the simple fact
Every time I ask this on a message board people are like "get that one slip up and my life can be taken from me instantly.
a firewall" and I never get the answer to my actual question. Not physically, but socially. I would love nothing more than to
I never did install a trojan to see.if I could actually upload and broaden my knowledge and horizons, but you have to start
get in for fear of exposing a backdoor into my network. I am somewhere. And with these days and time you can't trust a
a beginner at this and am just trying to learn. soul, and the ones that say you can trust them don't want to
help you out any. Now I am 24 years old and I have been
Great mag by the way and plan to get a subscription soon. It using a computer since I was in the first grade. To the
was kind of funny when I bought it because this grey bearded "hacking" world I am a newbie, a lamer. But to you
guy who was running the cash register said "you'll like this intellectuals out there I am knowledgeable and willing to learn
one better than 2600 " it was kind of freaky but way cool. so to you guys that are intellectuals I thank you for your time
Peace. and your dedication.
Mike P. Sorry about the rambling I get into those from time to time,
Routed: Internet but read it and my point is there. That while some like to run
around calling themselves "hackers" there are some out
I believe you 're mlssmg some important background there that do respect you guys for what you do and what you
information for an adequate answer. but I'm going to affempt have done. I am one of them....
to answer you regardless. Let's assume you are running XP
and have an FTP server setup on the machine. If this is true I plan on doing what I can to hook you guys up with some
and you're getting the results you've described. you need to graphic designs cause it is my way of helping out those that
go into your FTP server config and set the sharing to truly deserve it. Thank you.
whatever areas you want available to be served up.
NIiCode
If you 're nof running FTP on your machine and you ftp:l/ Rou ted: Internet
yourip, it will error out and than giva you a blank screan -
whare you canY do anything. Somewhat the way you Nllcode, thank you for your thoughts and comments. Whila
describoJd. If this is the case, you need to setup a server on you may nof care to cany the title of hackar. you obviously
your machine. XP has a server option, too. Open up your share in the ideals of tha hacker community. Continue on
control panel, click on add/remove> windows components> your quest to laam at whatavar pace makes you feal
us services> ffp service and away you go. comfortable. You're. apparently, well versed in the
technology around you and you 're a hands-on kinda guy, so
tha remainder of your journey should ba a cake walk for you.
Blacklisted! 411.
Thank you again and we look forward to your grephic design
Hey guys what's up? Just wanted to drop you guys a line or wot!
two or three. I picked up my first Blacklisted Mag today at my
local Borders. When I first saw it I thought that 2600 had
changed the name of their mag cause I had never heard of Blacklisted! 411,
the blacklisted brand before. After skimming through it I had
to buy the mag so that I can start my collection. I ha ve a few I'm looking for newer ways to make long distance phone calls
comments ~y first issue of blacklisted to bestow on the from payphones. The 01' generated tones on the tape
rest of the community. I for one can not and will not consider recorder do not work in Oklahoma anymore.
myself a "hacker", "cracker" "haxOr" or any of that. I am very
much interested in the art and the culture of "hacking" Can you point me in the right direction?
though. I emphasize these word explicitly because from time
to time friends and family like to call me a hacker because of Drkdalz
the knowledge that I do have dealing with computers. I get Routed: Internet
pissed off at them and try to tell them that I am not. II doesn't
work in the least. The general idea people have (especially I once saw a movie. I think it was an 80's movie, where a
with myself) is that just because I can fix just about any teenage girl was standing on her head, talking on a phone to
computer problem that I come across that it makes me a so her best friend. I didnY think much of it at the time, but your
called "hacker". question reminded me of it. You really might want to try
something like this. Maybe you'll start a new trend and
Now some might ask why I get pissed at the fact that I am become the figure head of this talent. We'll be sure to look
considered a "hacker" amongst family and friends. Well it is for you on the news. Ha-ha...
simple I have knowledge, yes. But the ones that made the
"hacking" community what it is have superceded anything I Anyhow. if you're talking about red boxing ....n'e preffY much
could ever do. They took their knowledge and made it a skill, dead. In case you dldnY know, red boxing and the like is
a art form, a culture. a way of life. They have contributed to fairly well know to be quite illegal. We would recommend
6 Volume 6 Issue 4 · Fall 2004 Bl acklistedl411
�staying as far away from this type of activity as possible. Ok, joining our ranks. Admittedly, there are a lot of trolls out
that being said, you might want to try Phone Losers of there to wade through, but in the end I think it's worth the
America (http://www.phone/osers.org/) if you want more effort if only a small percentage of those new recruits actually
information on payphones. If anything, it's an interesting pan out. Call me an optimist, but I think it's great that the
website full of strange and amusing information. newbies want to join up and share in the fun.
Blacklisted! 411, Blacklisted! 411 ,
I found Ihe latest issue in Ihe Borders Bookstore in New The question that SkyFox88 asked was about the ANAC 955-
Britain, CT; the same place I bought it off Ihe shelf five years 1122. I have a friend that worlks for SBC . He lold me thai
ago. Congrats on your return to the scene! Your 'magazine that number is good ANYWHERE in California . So I tried it
was one of the few I missed dearly when it ceased from San Francisco to San Diego; it INDEED does worl<...
publication back in 1999, and I am glad to see it return; peace-out ,
especially since the other "hacking magazine" lacks
substance and is uninterested in getting any. This time, a MO 10411
will be sent out to you so I don't miss an issue . Routed: Internet
My main inlerests are hardware hacking, telecommunicalions Correction: 959-1122. Thanks for checking on it for us. Just
sysl ems, and radio communications moniloring . (I send for the heck of it, I tested it again. Still good. Enjoy. If
occasional pieces 10 Scanning USA Magazine.) I am worlking ,anyone has any other known good ANAC 's to share, please
on a few articles along those lines that are more hacker- do so. It's all about sharing the knowledge, people.
oriented, and when they are complete I will forward them off
for your perusal.
Blacklisted! 411 ,
On an inleresling historical nole, I used to attend Ihe 2600
Meetings in New York City during the early 1990s when In the current issue (Summer 04) on page 10 you gave a guy
Blacklisted 411 firsl came oul and 2600 started going called Jason D. from San Francisco a list of hacker movies .
downhill. Eric Corley was all perturbed aboul this "new" Bul in my opinion you forgot 10 mention one real kickass TV·
hacker zine thai was "copying" him. It was then that I first Series . It is called Bugs ( http://www.bugs .co.ukl ) and was
saw a copy of Blacklisled 411. I examined your periodical made from 1995 to 1999.
and had to bite my tongue because the first thought that
popped into my head was "This blows 2600 away." After that Maybe you could forward this mailfonfonnation 10 this guy
meeting, I was having dinner with some of the old-schoolers Jason D. - I think il will help him . :-)
(TAP-era) who used to show up at the meetings and they all
commented on how much better Blacklisted 411 was Btw: Blacklisled 411 rulez Ihe world . :. j) Keep on worlking
compared to 2600. So, you can credit your competition with guys - I love your magazine ...Greetz from Austria.
getting you some readers <101>.
Mac05X
Anyway...best of luck with your return! I look forward to Routed: Internet
hearing from you and seeing more issues. Best Regards ,
Thanks MacOs. Thanks for the article you sent in, too. It's
"Berkshire" Tom been included in this issue. Jason, did you get this
Rouled: Inlernel information? I'll admit that I've never heard of this TV series
before now, but it's not uncommon for people in the U. S. to
Hey man, thanks for the contact. We appreciate your kind be totally unaware of TV shows in the U.K. It happens all the
words and look forward to hearing from you again. We're time. Anyhow, upon a quick look at the site and doing some
very interested in bringing back the hardware hacking aspect additional research, I'd say that "Bugs" definitely looks
of the magazine which is why we've included a couple of interesting enough to at least warrant further investigation.
project articles in this Issue. Our hope Is that this will spur a As soon as I can find them available here in the U.S., I'll
new generation of hardware hackers into jumping onboard, watch them and give you my opinion on the series. It looks
creating new, more interesting project ideas to share with like the series only made it through three seasons - typical
everyone . with anything you happen to like watching, huh?
As for Ihe stroll through history. It's been so long since we Though, the reader was asking about movies which is why I
first put out a print form version of our magazine that the tried to limit myse" to movies alone. If we want to expand
memories and details of the events ensuing shortly thereafter into TV series, I could come up with a long list of interesting
are becoming somewhat fuzzy - for me, at least. I definitely titles. However, most of them are just cool sci·fi series, etc.
recall that our retum as a print form magazine (or zina)
created quite a stir among certain people and organizations. After the last issue went to print, I thought of a few more
The best part was people from the old days making contact movIes I should have mentioned ....but didnY. Hey, hindsight
with us and congratulating us for retuming to the scene and is 20120according to the experts. Anyway, I wanted to add
finally taking the big step from a disk based magazine to a Ihe following:
print based magazine. It was an exciting time for all of us to
say the least. The Italian Job, 2003 111min (/ can 1 believe I forgot this
one - it was a great "heist" movie!)
Nonetheless, we came back and made people notice us.
Most of our members, then and now, are old-school hackers Oceans Eleven, 2001 116min (maybe not about hacking per
(hardware hacking and digging into technology was our thing) se, but has a lot of social engineering topics covered - and I
which is why we have an appeal to the very old school enjoyed the movie quite a bitl)
hackers of yesteryear. We count on the old schoolers being
here for us. Gone in 60 Seconds, 2000 117min (how is this movie
hacking related? Beats me. I don T seem to recall. But I do
Additionally, our "newbie friendly" attitude gains us an remember liking the movie ....so I had to mention it)
audience that hardly anyone else out Ihere can compare to.
That's right, we go after the new bloodl It seems to me Ihat Catch me if you can, 2002 141min (total social engineering
it's terribly short-sIghted for others 10 automatically exclude movie-loved it)
anyone new to hacking that is lruly interested in leaming and
Blacklisted I 411 Volume 6 Issue 4 - Fall 2004 7
�Paycheck, 2003 119min (I'd have to say it's one of Ben 's http://www.pushback.comlWattenburglbioicraditcards.html
better movies. Maybe not completely hacking, but worth a
look-main character raverse engineers his own destiny with It's about Bill Wattanburg and his rola in tha whola BART
a selection of mundane items. Thought it was very card controvarsy back in the 70's. I know it's old naws, but
interasting.) it's still rathar interasting.
And, just for the heck of it. Hera 's a few movies you should If anyone has any information to add to this topic, go for it.
see if you haven t alraady:
As for THUD. It went out of print the same time Blacklistedl
Terminator 2, 1991 137min (forget the lame hacking aspect, 411 did (last part of 1999). We have not brought THUD back
it's just a cool friggen movie) to the marl IrooUkey.txt
# chmod 700 Iroot/key.txt
# cp IrooUkey Nolumeslusb_login_key/key.txt
.txt
Then simply put the key paths into the perl script:
#lIusr /bin/perl
# usbkey .pl
# A quick 'n dirty validator
# Coded by Barfbag
# Copyright, (c) 2004 Team Blank . All Rights Reserved
# Anyone is free to modify or distribute as long as credit is given
$USB_KEY_PATH = "N olumesl usb_login_key/key.txt" ;
$LOCAL_KEY_PATH = "/rooUkey.txt";
while(1==1){
$kilLswitch = "0";
if(-e $USB_KE Y_PATH){
if(-e $LOCAL_KEY_PATH ) {
open(USB, $USB_KEY _PATH};
open(LOCAL, $LOCAL _KEY _PATH) ;
$locaLkey = ;
$usb_key = ;
close{USB);
close(LOCAL);
}
else{
$kilLswitch = "1";
I
else{
$kilLswitch = "1"
if«$locaLkey 1=$usb_key) II ($kilLswitch == "1")){
#Violation , Add your actions here
$status = ' killali login' ;
Running the command from root in the background can be accomplished by:
# .Iusbkey .pl &
r
And thats it. You could can easily script your own actions into the script to make almost any part of your box react to the usb
key. All you have to remember is to store your usb-drive in a safe place in order to keep you key private , Better yet format ~
with an encrypted file system:
16 Volume 6 Issue 4 - Fall 2004 Blacklistedl411
�CreaUng a proxy-log-off with a cell phone
The idea here is to make your cell phone automatically tell you r compu ter to logout when you walk away. To do this you will
need the following :
Bluetooth enabled cell phone
Bluetooth enabled Mac
Salling Clicker ($20) http://www.salling .com
For those that don 't know , bluetooth is a wonderful short range wireless protocol designed to eliminate wires between
computers and peripherals, Using a brilliant program called Salling Clicker (for OSX) you can control your computer from
your phone . Salling Clicker allows you to script your own actions that can be executed manually, or triggered by actions like
leaving the area or receiving a call . Follow the directions to install and setup the program with your phone and then follow
the se instructions.
1. In the Salling Clicker control pane l click the Phone Evenfs tab .
2. Click the small gear icon near the bottom of the panel and select: new scripf
'?> Set IChat AV's status auton
Edit In Script Editor
Delet e...
Export ...
Export As Web Page ..,
Show Info, ..
Clear Script Dat a...
More Scripts ...
3. Name the script: Logoff when away
4. Right click on the new scripl and select: Edit in Script Editor
5. Delete the detaun script and replace ~ ~h this:
on leflJ'roximityO
tell application "SEC Helper"
show scree n message "Log out" duration 1.5
Ig no ri ng appl ication responses
tell application "Ioginwindow"
«even t aevtrlgo.
end tell
end Ignoring
end tell
end Iefl.Jll'Oxim~
6, Close the script save It
7. Click Apply Now, in the Salling Clicker Panel
Although this will not save you the trouble of logging back in when you return , it is a pretty swee t hack providing you have the
hardware. It should be noted that this script can fail Wyou have unsaved documents open wihen you leave since OSX will ask
Wyou want to save them before you logout.
BarINg Is the edmln of Tum Blanlc, a macintosh undelground programming fNm. His texts he... been posted on
various sites around the mac underr1round. He enjoys programming and caffeine and can be contM:ted at
barfbag@theblanlcpages.com
ARE YOU INTERESTED IN WRITING
FOR BLACKLISTED! 411?
PLEASE CONTACT US IMMEDIATELY
WE'RE A PAYING MARKET!
WWW.BLACKLISTED411.NET
Blacklistedl411 Volume 6 Issue 4 - Fall 2004 17
� PDR SECURITY
By Sam Nitzberg
Personal Digital Assistants - PDA's are quickly becoming more capable, They are starting to routinely command tens or
hundreds of megabytes of memory, have processors in the multi-hundred MHz range, and can communicate through multiple
networking mechanisms, With this power comes a variety of security issues, This paper discusses a variety of security
issues that relate to PDAs.
Biometrics
The 5400-series iPAQ PDAs feature a fingerprint biometric system for recognizing its owner. The way this system works is to
have the owner pull his finger across the sensor. The sensor contains an infrared sensor, which can read the differences in
heat caused by the ridges in the fingerprints as a basis for user recognition.
Password -4 E4:40 HP actually recommends that you train the system usif;1g more than one
finger, and I think that this is an excellent practice. Should your finger
Owner: become injured or damaged, you can still obtain your data. Yes, in theory
you could lose your finger entirely. More involved strategies may involve
Enter your PIN or swipe one of the training the system to recognize more than one finger , from more than one
enrolled fingers , hand. If this doesn't provide sufficient redundancy, you could even
experiment with toes. If that approach is still not sufficient for your needs,
just put the PDA down, walk away; and stay away from me. If you have
someone going after you who is ptepared to take your fingers from both
hands, and toes If necessary - then you need to hire a security team to
protect you while you carry your PDA in an armored briefcase.
I would expect additional software involving biometrics to be released for
PDAs. This would include software to take advantage of voice-stress
analysis models , visual recognition , and all the conventional biometrics
that may be used for authentication and identification purposes.
The book, "How to Do Everything with Your iPAQ Pocket PC" has an
entire chapter that addresses security configuration and issues for the
iPAQ. This chapter discusses built-in security tools, securing the iPAQ,
sign-on security, and commercially available products, including signature-
recognition systems. I recommend this book for anyone wanting an
introduction to these topics, as well as anyone wanting to quickly come up
to speed on the use of the iPAQ, and the variety of hardware available to
make the best use of a PDA. There are also other related books in the
series.
iPAQ Fingerprint ID Sample Screen
Cryptography:
If you have data that you want to keep private, some thought should be given to your cryptographic options. If your PDA is
stolen - especially if it has removable media , cryptography may be all that keeps your data secret.
Pocket GnuPG is a port of the Gnu Privacy Guard encryption software. This is intended as a patent-free alternative to PGP
(Pretty Good Privacy) software, and is supported in multiple platforms. You can migrate your data between your PC and
PDA, accessing it through a single cryptosystem. There are additional options, including a number of commercial systems
for cryptography on PDAs, and the decision to use any cryptographic product should balance your needs against the threats
your data may face.
Wireless
The iPaq 5400 series has built-in 802.11b wireless networking, as do some Toshiba PDA models, and some other Pocket
PCs. Wireless sniffing programs such as MiniStumbler (the Pocket-PC version of NetStumbler) are available, and will
identify wireless access points, as well as whether or not they are configured to use encryption. If your PDA does not have
built-in wireless networking , you still have options available. iPAQ "expansion sleeves" are availabl e that allow the iPAQ to
use PCMCIA-format wireless cards. For PDAs that do not take PC (or CF-factor cards), there are also wireless cards now
available to occupy the SD ("Secure Digital") memory slot that is often available.
A word of warning about wireless connectivity - it's a two-way street. Once you connect to a network, your handheld may be
scanned and probed. Even if your PDA is only going to be on friendly networks. it's not a bad idea to occasionally run a
vulnerability scanner such as nessus (http://www .nessus.org) against it.
Blu etooth
There are a number of security issues associa withBlueto communica
ted oth tions mechanisms. These topics 'include man-in-
the-middle attacks, eavesdropping and impersonation, and denial-of-service. A paper referenced below (Bluetooth and its
Inherent Security Issues) is a very fun read on this topic.
18 Volume 6 Issue 4 - Fall 2004 Blacklistedl411
�More common ly mentioned in the media are issues related to Bluejacking , Bluesnarfing , and Bluestumbling. These relate to
having a device scan for available Bluetooth devices, and recording data relevant to their, an d also describe surreptitious
methods for obtaining data from Bluetooth-enab led devices, without authorization or notice being provided to the owner of the
device.
Infrared
Many PDAs have infrared ports. These are relatively low-bandwidth communications ports using the infrared part of the
spectrum. Any PDA that has an infrared capability will also have seltings to manage it. If yo u do not plan to use your
infrared capability, ensure that the appropriate seltings have been disabled . If you are a member of the tinfoil-hat crowd, you
may also want to cover the infrared emilter 's/receiver 's port with duct tape, or a similar material, capable of blocking infrared.
Warw al ki ng
Programs such as Ministumbler (for Windows CE), and Kismet (for Linux), can both be run on Pocket PCs. These programs
allow you to walk freely with your wireless-equi pped PDA while it records available data (name, MAC address, signal
strength, the use or lack of WEP encryption, the location if you have GPS gear, and other related information).
Virtual Private Network ing
There are a number VPN client products available to load on vour PDA to li se to connect to your home system (or corporate
systems) via encryption . I am not recomme nding any, but If you want to remotely connect via your PDA to administer or
maintain systems while you are away, or to access data remotely , be sure that you have the appro priate crypto in place. The
free product VNC (Virtual Network Client) client-side application is also available for the Pocket PC platforms .
Audit
I am not aware of any real operating-systems level auditing capability for either Windows CE, or the Linux distributions
available for handhelds. As PDAs are used in more and more mission-critical applications, I would expect to see these
features appear. Still, if these handheld devices are being used to connect to databases over sec ured networks, some steps
can be taken to perform auditing at the database.
PDA Phones:
With the continuing emergence of "smart phones," worms and other security hazards may beco me a headache. Already, a
worm that spreads between phone has been devised; this worm targets phones with the Sym bian opera ting system, and
uses Bluetoot as its conveyancemechanism.
h
A Germa n firm, GSMK mbH - Gesellschaft fOr sichere mobile Kommunikation mbH, produces the Cryptophone. This is a
very-specia l PDA phone: it uses two cryptographic algorithms (AES and Twofish) to ensure security . Should a fiaw be
revealed in one cryptosystem, the other still attords strong cryptographic protection. The Cryptophone also uses open-
source products , and its source code is available to all. More information is available from the company's web site; the web
address is provided below. I would recomme nd that anyone interested in secure cellular telepho ny take a look at their web
site
The Open Microphone Problem
Hopefully, no one is out to get you. Dependin g on how tricked-out your mode l is, it may have a
speaker , microphone, camera, Bluetooth, large amounts of memory, and wireless networking
capabilities. You've got a machine capable of recording, possibly storing, and transm itting a
significant amount of audio and even video. Show your PDA the respect it deserves - it may
be watching you. There are two papers on the Open Microphone pro blem on my personal web
page.
Tak ing another Road :
If you are adventurous, there is another way to work with PDAs and app ly your comp uting
knowledge. You can get your hands on a copy of Familiar Linux for your PDA , and install it.
You can leverage your knowledge of Unix to securely run client softwa re and applications on
your PDA. My iPAQ 3970 with expa nsion sleeve (which provides support for two PC-cards)
serves double-duty as a wireless file server with both a wireless networking card (802 .11b), and
a 5-Gig hard drive on a PCMCIA card (this is made by Toshiba) .
Not to be overlooked are opportunities of running certain key Unix-base network analysis tools -
even over wirelessnetworks Runningnmap from a wireless handheld is just plain fun.
.
The C ryptop hone
Conclusions:
Since PDAs are small, convenien t, and less-powerfu l than larger systems , some will grossly underestimate the potential
harm that can result if they are lost or have their security subverted . However, there are opportunities for users to protect
themselves, and for the manufacturers to craft more security into their systems.
Blacklistedl411 Volume 6 Issue 4 - Fall 2004 19
�References:
Bluetooth and its Inherent Security Issues
http://www.giac .org/practical/GSECrru_N iem_GSEC.pdf
Tu C. Niem
Cryptophone web site
http://www.cryptophone.de/
How to Do Everything with your iPAC Pocket PC. Second Edition, Osbome McGraw Hill
Derek Ball, Barry Shilmover
PDA Security 101
http://www.intranetjoumal.comiarticles/200304/iL04_07_03a.html
Serious flaws in bluetooth security lead to disclosure of personal data
http://www.thebunker.netirelease-bluestumbler.htm
Speaker Intent Analysis System
http ://appftl .uspto.gov/netacgi/nph-Parser?Sectl =PT0 1&Sect2=HITOFF&d=PG01 &p =1 &u =%2Fnetahtml%2FPTO%
2Fsrchnum.html&r=1 &f=G&I=50&s 1=%2220040093218%22.PGNR.&OS=DN/20040093218&RS=DN/20040093218
Worm ready to wriggle into smart phones
http://zdnet.com.comI2100-1105_2-5233517.html
Bluefire Disables Bluetooth and Infrared Device Communication With New Version of Mobile Security Software
http://www.pdatoday.comimore/1505_0_1_0_M /
Sam Nitzberg is a computer security analyst who has presented and published on subjects relating to in/ormation security,
in/ormation war/are, and technowgy and society. His papers and presentations have been conducted in both national and
international venues, and most recently, he has presented at the Fifth Hackers on Planet Earth Conference in New York
Cily. His wdsite is at http://www.iamsam.com.andhemaybereachedatsam@jamsam.com.
NOTICE :
1** BLACKLISTEDI411 FORUMS ONLINE ** I
Blacklisted! 411 magazine is pleased to announce
that our long awaited message forum is now
officially open for busines s.
Please visit our forum located at the following URL:
WWW.BLACKLISTED411.NET
CLICK THE FORUMS LINK ON THE NAV BAR
Blacklisted! 411 magazine is committed to off
ering both the advanced as
well as the newbie hacker a common place to exchange ideas and to
discuss hacking, phreaking, technology and community news.
Our hope and intention is to help bring the wide-sp read hacker
community closer together for a common goal to learn and to
experience. Enjoy!
20 Volume 6 Issue 4 - Fall 2004 Blackllstedl411
� ~ntr[][jll[:t.[]n tJy E~amp~E
A series of articles written exclusively for B1acklistedl 411
By M L Shannon
Hal is an electronics technician who works for a medium size company that produces, among other products , machined parts
for manufacturers of hard disk drives. One evening, he is watching a movie about submarine warfare in which there are
scenes where the sonar operators are able to identify other subs by the unique sounds or 'signature ' they make, . This is a
combination of mechanical vibrations and noise from the propellers, called 'cavitation'. The signatures of known boats are
stored in the ship's computer.
The operator has detected a Russian sub , and is explaining to the eXecutive Officer that not only has he identified it, but that
the sub has had some repa irs made recently to the propeller shaft and bearings . That alone, that small bit of information is
useful in intelligence as there are only so many ports at which the repairs could have been made, it helps track the vessel.
So, Hal gets to thinking about this and comes up with an idea. After searching the Internet he is unable to find any reference
to someone having already thought of this - his idea is to design an inexpensive contact microphone - the "hear through
walls" type with a small circuit board containing various audio filters and an interface.
The microphone would be attached to the hard disk drive and the interface would feed the intemal sounds of/he drive to the
fiKers and then to a specially developed applicatio n. When the drive is brand new. the software makes a signature just like
was done with submarines in the movie. And as it is used over a period of time. wear on the spindle and bearings will cause
these sounds to change. So, if such a device were to be rigorously tested under lab condit ions over a period of time, it would
be possible to make a series of these signatures, fine tune the audio filters and be able to pred ict when a drive Is about to fail.
The savings in preventing lost data to corporete America would make this a profitable venture
SUddenly, Hal is all fired up and decides to build a prototype . He starts by using a contact microphone that he had amongst
his piles of electronics stuff, which is clamped to the drive, and a stock audio equalizer cannibalized from an old stereo . A
small Data Acquisition Device , a sample sent by the Dataq Corporation takes the output from the equalizer and feeds it to an
RS-232 port my mounting the Dongle inside the tower case . Then he begins testing various applications that will sense
changes in the sound over a period of time and alert the user when ~ indicates the drive might crash .
It seems to work and, encouraged, Hal starts making improvements. Instead of the Dataq , he decides to make it less
complicated by feeding the microphone output directly into his Montego sound card . Unfortunately, none of the available
applications he has been able to find are suitable for processing and analyzing the sounds . And since Hal is not a
programmer, he takes what he has built so far , along with his notes, to work and presents it to the CEO of the company. The
boss says he will pass it on to the engineering department for them to determine if it is feasible to produce .
Hal didn't hear anything from the CEO for a few weeks, but there were rumors floating around that the company was going to
take Hal's idea and run with it. So, he arranged to see the CEO, wanting to know how much the company was willing to pay
for his idea.
The CEO advised Hal that ownersh ip of any such inventions that applied to the company's products , and made by any
employee of the company automa tically reverted to the company.
Hal didn1 believe this to be true ; he was not asked to sign any kind of agreement to the effect that his company would have
first rights to any ideas or inventions he might create- so he started to argue with the CEO only to be told that the law was
behind the company and that the re was nothing he could do about it and that If he wanted to keep his job he would forget
about his fantasies' and get back to work.
Like hell!
Hal decides to fight the CEO and that evening he gets together with a few of his hacker friends to draw up the plans of battle
Since he doesn' t know how far the company has gone in building a prototype or whether or not they have cons ulted a patent
attorney , and as severa l weeks have passed since he made his presentation , it becomes a race against time . He has to find
out.
So, together they consider their options . Since Hal has access to most of the entire plant, including the back room where the
router and telephone wiring are installed, but unfortunately not R&D lab , they consider several methods.
Use a surveillance transmitte r hidden in the CEO's office
Tap the CEO's phone
Install a rogue Access Point in the company wireless LAN
Intercept the CEO's alpha-nume ric pager messages
Blacklistedl411 Volume 6 Issue 4 - Fall 2004 21
�Having read The Bug Book, Hal knows that in the real world of elect ronic surveillance, it is sometimes difficult if even possible
for an operative to obtain the specific informatio n that they need. Other times , it is very easy; it depends on many things .
And, being an electronics tech nician , he knows how much work is involve d in designing and building a transmitter, "Why
reinvent the whee l"? , he asks himse lf and so he visits a local compan y that makes com mercial wireless microphones.
Removed from its bulky housi ng it, along with eno ugh AA batteries to power it for at least a month in a series/parallel
configura tion, it fits neatly inside the back of a large picture frame in the CEO's office.
Transmitti ng on 172.450 MHz it can be received by most scan ners , but then there is the matter of recording the transmitted
conversations. .
This is handled by using a PRQ-2006 scanner running RadioMax softwa re fro m Data Delivery Devices , fo rmerly Future
Scanning Systems- it converts the audio to MP3 on Hal's extra notebook computer he keeps in his works hop at the company.
So, the entire operation is automated runni ng 24/7 so Hal needs only to bum the MP3 files to a CD after work and take them
home to listen to at his leisure ,
Hal knows the CEOs pager number and from that , with a little social engineering, is able to find the compa ny that provides
his service. A couple hours work and he builds a four level decoder and with a scanner and an old Pentium II laptop, he
builds an intercept system . Then he sends alpha-numeric pages to the CEO with a unique string of characters and lets the
pager Intercept program run in search mode till it finds that string . He now knows the Capcode of the targe t pager . It takes
only a few hours , after which he sets the program to capture every message sent to the CEOs pager and print it out on his
home computer .
In the late night meeting with his hacker friends, the idea of installing a rogue Access Point generates a lot of enthusiasm.
Everyone agrees this would be not just the coolest way to get the goods on the CEO, but also the most effective.
Probably true, Hal agrees, and while he knows the basics of wireless networking, he certain ly is not an expert . So, his
hacker friends go over the methodology- how Hal will be able to pull this off .
The first step, they explain, is to use a PCMCIA card on yet another portable computer (Hal only has two, both being used , so
one of the girlgeeks offers to loan him one she is not using right now) that has a card with an extemal connection, and a little
6 dB antenna made by SMC .
Whil e the hackers are working on the details , as well as a case of Heineken, she runs home to get it. While she is gone , the
group considers a wiretap.
The phon e tap is problematic.
The company has a digital electronic system with muli-line phones and Hal is not familiar with it, nor does he have time to
leam .
And even if he did , there is no easy way to string a pair of wires from the CEOs desk to Hal's workshop. So, he would need to
use a bug attached to the phone, but with two transmitters operating in the same location it would requi re the monito ring
system , Hal's 2006 scanner, to scan back and forth between the two frequencies. This could result in lost informa tion .
So, that is out.
Girlgeek retums and fires up the laptop , showing Hal how Network Stumbl er works and then gets into how Hal may need to
Electronics Inventory Online
_. cs AND~TERS
L erRON
f l I. SURP:S CITY
EIO Is a versatile eleclronlcs surplus source
associating Infonnatlon with the d/strlbutlon
of electronics , computer and
optical materials. We have Implemented
Interactive via ...mal/, technical forums on
Liquid Crystal Displays, Charge Couple
Devices, Stepper Motors, Lasers, Laser Light
Shows, Mlcrocontrollers, Holography, Fiber
Optics, Electro-Optics and EIO Products with
many more forums to come, We boldly
supply links to competitors, revealing
alternate and additional sources of surplus
electronics, along with providing a rich
I/stlng of Infonnation on events (trade shows,
swap meets, conferences, etc.) and
resources such as web sites, magazines,
newsgroups, and Infonnatlon of Interest to
the technologically Inclined.
Be sure to check us out at : www.eio.com
Electronics Inventory Online
1243 W.134th Street, Gardena, CA 90247
TEL: (877)·746·7346 (310)324-8861
22 Volume E! Issue 4 • Fall 2004 Blacklisted! 411
�leam details of the company LAN, the router, how many LAN segments there are and which hosts are on what segment. It
has been a long night and Hal is getting dizzy hearing about DHCP and MACs and a bootable Linux CD called 'Audito( so
they decide to call it a night.
The woman who maintains the network is a friend of Hal's- they went to college together , and so he will probably be able to
get the answers he needs. Tomorrow, he will ask her to have lunch together.
Meanwhile, time to crash.
Over the next few days, Hal used what he already knew as well as what he had recently learned, and went about selling up
his electronic tools of self defense.
Mills Thomas is a patent and trademark attorney, sitting at his desk, waiting for a client who has an appointment at 3 PM. He
knows that this is about a new hardware utility but no more than that and he has never before met the client, the CEO of a
local company.
The intercom buzzes- it is his secretary advising that there is a gentleman in the reception area insisting that he has to talk to
you right away, that it is a most urgent matter... aren't they all... but Mills still has a few minutes and agrees to see the man.
As he is shown into the office, Mr. Thomas makes the usual observations, first noticing that the man with the frizzy blonde
hair and drooping mustache seems upset, nervous ...not unusual for someone consulling an attorney ... Before he get a
chance to ask anything, he greets you by name, explaining that an associate had recommended you.
He takes a seat, and opening his attache case, spills some papers on the floor. Apologizing , he leans over to pick them up,
then begins his story. His father, his very wealthy father has recently died and the terms of his will are - well , he explains, he
has been left nothing and he insists that the will must be contested.. .
'" he rambles on as he takes a cigarette pack from his shirt pocket.
The attorney interrupts to inform him that smoking is not permitted in the office ... ...he mumbles something about quitting and
tosses the pack in the waste basket ... and that he is not a probate attomey. "My specialty is patents and trademarks ".
He tums and looks at the lawyer, an expression of surprise on his face, and apologizes - explaining that he thought you
specialized in probate law.
He jumps out of his seat, walks to the window and looking out grasps the edge of the drape , still rambling on about his
damned father until you take his arm and escort him to the reception area.
Where the CEO has just arrived.
Across the street, a few minutes later, the distraught man climbs into a Dodge van parked in sight of the attomey's office
window. He removes the yellow wig and with a grunt, tears off the fake mustache. Hal then settles into a chair in front 01 a
fold-lowntable. On \I is an lcom R-8500 receiver and two scanners, each with a cable from the audio output feeding into a
notebook computer that Is recording the transmissions that the radios are picking up.
When Hal was picking up the papers he 'accidentally' spilled, he placed a transmitter under the lawyer's desk using double
sided adhesive. A very special bug once made by Intemational Micro, that has a pre-emphasis circuit. It amplifies the higher
audio frequencies to eliminate the 1alking inside a barrel' distortion.
The cigarette pack he tossed in the waste paper basket contained another transmitter, an inexpensive one. When he went to
the window, he installed the third listening device; an old Deco Industries UX-SOcrystal controlled bug with a hook attached
that he hung on the inside of the drapes.
Also under the desk, Hal left behind a cell phone. Not an ordinary type, this one was special.
In the space of ten minutes, Hal placed four listening devices. And now, he is hearing and recording everything being said in
the lawyers office.
When the CEO was presented with the recordings of his conversation with Mr. Thomas, he was outraged . Hal was told to get
back to his job and that he would be called back later. After the CEOs attomeys arrived Hal was called back to the office and
advised that he would be prosecuted for violation of various federal laws including but not limited to the Eleclronic Privacy
Communications Act, and the Omnibus Crime Control and Safe Streets Act of 1968. He was then told that even if he were
not prosecuted, the tape and its contents would not be admissible as evidence if Hal were to sue. And of course Hal was
fired...
Obviously, Hal was able to get what he needed since Mr. Thomas would have asked the CEO a number of questions before
he began the complex process of applying for a patent. Such as whether the CEO or someone in his company was the true
creator of the product, and if an employee, was a document signed that assigned rights to such ideas to the company.
In legal court authorized electronic surveillance , the operatives can listen for a certain period of time, called 'minimization' but
if the intercepted conversation is not directly related to the suspected crime being investigated, then they are required to stop
the interception and continue it after a certaininterval.
Since Hal's interception of 'wire or oral conversation' was not legal, he was under no such restrictions. And anyway , since his
installation was automated, he captured everything. And, indeed, much of what was spoken concemed the theft of Hal's
intellectual property.
Blacklisted! 411 Volume 6 Issue 4· Fall 2004 23
�And the transmitter in the picture frame captured talk of activities that would have been more than a little upsetting to the
CEO's wife, had she known about them.
Hal got his job back, along with a nice raise, but the patent matter still had not been settled and again, the company attorneys
reiterated to Hal that the information contained in the recordings was not admissible as evidence in court.
Technically, this is true. However. Due to a quirk of the law, under some circumstances, if the contents of the tape are
broadcast by a radio or TV station whose programming was intended for the public domain, it may now be admissible as
evidence. Even though it was illegally obtained. And Hal has, as he explains to the lawyers, some media connections,
including but not limited to some of the altemative FM radio stations. This is 'iffy' and subject to the Judge, and of course to
appeal to a higher court, but this alone was sufficient to cause the company attomeys to reconsider. Which they did.
Hal has his own company now, producing the patented device that analyzes the internal sounds of disk drives and alerts the
user when a crash Is predicted. He has a good life with a substantial income. Enough for he and Girlgeek to live well and
later, maybe produce a kindergeek or two. :
Yes, while it can be very difficult for a spy, or a hacker, to obtain the information they need, sometimes it works out that way.
Access to the place to be bugged, availability of the right equipment that will work for the required period of time, knowing
how to cover their tracks and avoid being caught (especially true in wireless hacking) and finally, how will the operative be
able to use the information obtained through the listening devices to their advantage; whether it is blackmail or being able to
have it introduced as evidencein a courtof law.
And yes, electronic spying whether it is a bug, a wiretap, a 'special' cell phone conveniently left behind, or hacking into a
wireless network, is usually against the law.
And while these laws are ignored, violated on a daily basis by those who have no other way to fight those who oppress them,
it is not necessarily morally wrong. So, why should this knowledge, this technology be denied them? when it is readily
available to government and corporate America who ignore and violate such laws on a daily basis, and in every single case
that the public hears about, get away with it.
M L Shannon Is a SF writer, author of several books on electronic surveillance from Paladin Press, ••.graduate of a 2
year college In electron ics, former countermeasures sweep technician, has been guest speaker and made a few
radio and TV appearances ...
For the most realistic, mind blowing kidnapping
adventures anywhere period!
Get kidnapped by our sexy Elite All Girls Team, or get
your ass kicked by the hardcore and sinister Henchman!
Its your choice, but you only live once!
w W 'w . E X' H E:: M E ' K I O N A I-' PIN G C O M
24 Volume 6 Issue 4 - Fall 2004 Blacklistedl41 1
� by Rob ert Pelosch ek a.k.a MacOS X
The today' s possibility to download firmware update s for wireless routers from their manufacturer' s websites is, as you will certainl y see
in the followin g article. a cool thing . You can not only keep your router up-to-d ate, but also easily have a closer look at your devices
firmware . The search for hidden secrets, backdoors and security flaws becomes in such a way a simp ler thing.
So one rainy summer evening I took my App le iBook and started hacking my D-Link DI-624 Wire less Router (Revi sion B).* My
intention was to prove , that eve n a router, that is secure , stab le and reliable (as many computer magazines like " NextGen Electronics" or
. "Wired Mag azine" tell), can easi ly be accessed without the knowledge of the admin istrators usemame and pas sword .
Exa mination of the firmw are
I decided to start with a close view into the routers main software. Therefo re I downloaded the most c urren t firmware (Version 1.28) from
the manufacturers website and decom pressed the *.bin file (which contains the compressed firmware in an old kind of ARJ Format) with
the Aladdin Stuffit Expa nder. The outcome of this decompression process was a file ca lled "nml. mem ".
Briefly. after I had opened " nml.mem" in a normal text edi tor I found out that the router works under a real time operating system called.
"ThreadX" from ExpressLogic . Howeve r. there were much more amazing things to find in the firmware. For exam ple. have a look at the
following part of the firmware (F ig l) and guess what attracted my attention ; ~) :
[",l icreate iINet acces s loc kIunknown flashiI ir estore def tirneriiINet heap locki iil ock
NETi i 1 i u nl o c k NETii LOGFILE .TXTiNATLIST . TXT i CONF1G. BINiiCHKLST .TXTiiRemot e Managment http
Se rve rliiiRe mot e Managmen t Te l n e t Serverii Allow to Ping WAN
por tiidefau l t i o . 0.0 . Oiadminiii 111101 · ea e t r u s e r i 11 lD MZ Ho s t l ii i %02x - [_.l
Fi gl : Part 0/ the rout ers fi rmware
Bingo. you have it! The four filenam es logfile.txt, natlist.txt, config.bin and chklst.txt attrac ted my atte ntion. I was ab le to down load two
of them by simply loading the page ht tp://ip_o/ _the_routerlfilename.txt. And believe me. that was really simple to find out, cause the
administrators web interface can be obta ined in a similarly way. The other two files in F igl (logfile.txt and config.bin) were only
accessible by the admins passwo rd - and that was not what I was looking for, Neverthel ess. let us have a look at the two files (Fig2.
Fig3) I was able to download:
c u r r ti me : 92
0 ) TCP 10 .0 . 0 .138: 1723 c - » 10 .0 .0 .140 :1024 . o uty o rt :60 019. last_use : 7 0
1) UDP 0.0 .0 . 0 :0 (-) 192.168.0.11 0 :49939. ou tyo r t :60016, las t _use: 38
2 ) UD ? 0 .0 . 0 . 0 : 0 c -» 1 92 .168.0 . 1 10 :4 9938, o utyo rt : 60 0 14 , las t_use :38
3 ) UDP 0 .0 . 0. 0 :0 ( .) 192 .168 . 0 .11 0 :49937, o utyort :60013 , las t _use:38
4 ) UDP 0.0.0 .0:0 c- » 192 .168 .0 .110 :49936, ou tyor t :60008, las t_use:37
5 ) TC P 66.1 02 .11.99:80 , .> 192 .168 .0 .110 :56677. ou tyort : 600 07. l a s t _ u s e: 8 4
6 ) TCP 66 .102 .11.99:80 , -> 192 .168 .0 .110 :56676. o u tyo rt :60006. last_use :84 [6 ]
Mon i tor Po r tl: 1720, m t i c kB O
Moni t or Po r t 2 : 150 3 , m=ti ck c O
Fig2: natlist.txt (http ://19 2.168 .0.l/natlist.txt)
Fig2 shows a part of the file natlist.tx t, which contai ns the amount of seconds the router is up and a list of all open NAT conn ect ions.
LAN MAC· 00 · 80 -C 8 ·12 ·62 'OC
WAN MA = 00 -80 -C8 -12 -62 -0D
C
F / 1'1 = 1. 31
Date '" Tue , 25 Ma r 2004
AR5 I'ILAN MAC = 00 -80 -C8 -1 B -07 -71
AR5 F/ W • 3 .0.0 .43A
AR5 Domain '" 4 8
AR5 SS ID = RPNet
Watch Dog ... 0
Re s t ore Default ~ 0
Fig3: '[hklst.txt (http:// 192.16 8.0.llchklst.txt)
Chklsttxt (F ig3) contains information about the MAC-Addresses of the Router, the SSID used, the current finn warc vers ion and other
stufT.
As you can see. there are amazing things in the firmware , whic h are accessib le for everyo ne connected to the rout er via LAN and/or
WLAN. Unfortunately. I was not able to obtain more information via HTTP, Therefore, I decided to carry on with a port scan (wh ich
would possibly show me some interesting open ports).
Let the port scanner do the wor k ;-) •..
Blacklisted! 411 Volume 6 Issue 4 - Fall 2004 25
�Full of enthusiasm I started the port scanner (or exactly said the port scanner QUI for "nmap") "NMapFE" on my Mac . First, I scanned
the TCP ports, and well , the result was not amazing at all - only the regular TCP port 80 was open . After that, I scanned the UDP ports
and the result was, as you can see in Fig4. damn pleasing :
Starting nrna p 3.50 ( http ://www .insecure .org/nrnap/ ) at 2004 -07-16 02:12 CEST
Interesting p o r t s on 192.168.0.1:
(The 19 99 4 ports scanned but not shown below are in state: c losed)
PORT STATE SERVICE
53/udp open domain
69/udp open tftp
1 9 0 0 / u d p open UPnP
6221/udp open un kno wn
6280/udp open unknown
1 3120 / udp open unknown
Nmap run co mpleted . - 1 IP address (1 host up) scanned in 101 .3 14 seconds
Fig4 : Output ofthe nmap port scanner
From the six open ports you can see in Fig4, especially the open TFTP port attracted my attention. Therefore. I decided to have a look at
the firmware again. This time I especially focused on the TFTP related part. I had the feeling that I had overseen something in the
finnware before .
BTW : The UDP scan was too much for the router - it completely crashed after the scan of 19994 ports (Fig4). To make my router work
again I had to disconnect it from the power . Therefore , make a note : If you like to crash a O-Link 01-624 wirele ss router, just make a port
scan. So much about the reliability of the dev ice. .. ;.)
Downloading with TITP
The fastest and easiest way to find the TFfP related part of the firmware was to do a little search on the term '"TFfP" with my text editor.
The result of my search was the following lines of the firmware (FigS) :
(0] iiiiTFTP Server : couldn 't o pen file
iliiUnknown transfer IDiFi le a lready existsiDis k f ul l i I I s e e textiiiiFile not
foundIIAccess vio lationiIiiIl lega l TFT P operationii No such useriiiiUDP send fai ledIUDP
alloc failedllliBad len (too shor t I Lshor t; data from peerii1iRcvd unexpected data b loc k1i
IIlbogus tftp error text111file read error1UDP send failedIUDP alloc fai ledlIii 1 iRetry
limit exceeded , giving upiretry limit exceeded1iiizero length f il e i i I I Tr a n s f e r r e d 's Iu
bytes in %u. %u seconds!ir iwllrbiwbiiarS maco. datiar5eepo . dat10x%4 x -
'02x : '02x: '02x : '02x: '02x: '02xiHdbgout. txtiiSmurf Attack DetectiPacket [OJ
Fig 5: Part ofthe routers firmware
Again, like in Fig} , you can see three different filenam es, that seem to be interesting . First, I tried to download them with the common
_the_Touter/fllename.txtmethodlmentionedbefore, but unfortunately, it did not function this time. Then I had a brilliant idea:
http://ip _of
I thought something like "Hey, that's the TITP part of the firmware . Let's try to download these files with a TITP client ".
Therefore. I started MacTFTP on my iBook and tried to download arSmaco .dat with it - and boom - the file download did function .
(Ar5maco .dat is not very spectacular by the way ; it just contains the WLAN MAC Address of the router.)
Next, I downloaded ar5eepo .dat and found out, that it contains some information on the wireless card used in the router (it is an Atheros
Communications, Inc. AR500I..()()()()..()( Wireless LAN Reference Card) . Finally yet importantly, I downloaded dbgout.txt, which
seems to be. as you can see in Fig6, a debug log of the router :
System starting . . .
Pr ima r y i ns t r u c t i o n c ache 16kb , l i n e si z e 16 b y t e s .
Pri mary d at a cac h e 16kb, I ine size 16 by te s .
vtclk • 9953280 0
c I kd i v • 3
Scanning bus 00
Found 00 :58 [ 1282/ 9102J 000200 0 0
Found 00 ,60 [16 8C/13] 000200 00
Fig6: dbgo ut.txt
Next, I decided to investigate the firmware update function of the 01--624.
Destroying the routers firmware
Nonn ally the firmware of a router is updated with the routers integrated TFTP server.
which can be acces sed via a password protected "web interface". However, 1 wanted to
upload the firmware without using/knowing the admin s uscrnam e and password.
Therefore , I decided to use the "Send" function of MacTFTP instead of the routers web
interface to do a firmw are update (Fig 7).
I was excited when the upload of the firmware started. It seemed that I had prove, that
it is possible to do firmwa re updates with out the knowledge of the admin istrators
username and password . But then something strange happened: The connection broke
when 99,9% of the uplo ad was done. My first thought was "Damn, I have destro yed Fig 7: Uploading afirmware with MacTFTP
my whole routers firm ware".
26 Volume 6 Issue 4 • Fall 2004 Blacklistedl411
�Fortunately, as I found out a bit later, not the whole firmware was destroyed . Only the WAN port seemed to be affected by the incomplete
firmware update, because every time I hied to access the Internet nothing happened, but the red error LED " M 2" on the routers front
started to blink. The only way to revive the router was to upload the finnware again with the integrated firmware update function of the
router .
I guess that some kind of flag must be set that the firmware upload functions properly (which is only done when the integrated TFTP
server of the router is used for the update) . Nevertheless, every kiddie with a computer. a WLAN card and a TFTPclientcandestroythe
firmware of the router - and that is a real big security flaw.
Co ncl us ions
It is amazing how many secrets and security flaws one can find in 8 modem router. Without knowing the administrators usemame and
password
one can simply destroy the whole routers firmware with a TFTP upload
or download information about the MAC addresses of the router, have a look at the open NAT connections, etc .
Now it is up to you to fmd the secrets and security flaws in your router at home or anywhere else. Here are some tips for you. to make
your hacking adventure a lot easier:
You will need a text editor with a search function, a port scanner, a TITP client, and maybe some kind of decompression software
(if the firmware is packed).
Scan the firmware for files with the endings v.bin, e.bek, - .dat, s .db, -.txt and - .htm(l). Often these files co ntain inte resting
information,
A port scan can help you to find interesting open ports.
Try 10 down load things via HTTP and TFTP.
Try to upload something via TFTP(Notethatthiscandestroyyourrouters firmware!!!)
Fina lly, you will need the patience and obsession of a good hacker. ;-)
At last, I have to say to all the peeps out there - Keep the Mac Underground strong ! Peace .
Links
O-Link 0 1-624 - hnp :llwww .d-link.comlproductsl.!pid-6
NmapFE port scanner - http ://sourceforge.netlprojectslnmapfc-osl 8.6)
• All information tested twice with the current official firmware J.28 and the new unofficialfirmware 1.3/.
Blacklistedl411 Volume 6 Issue 4 - Fall 2004 27
� Owning Universal Studios Florida
By: StankDawg@binrev.com
No, I didn 't call this article "Hacking Universal Studios Florida" because this is more or less a list of interesting things you may not have
known about Universal Stud ios. Most afthis information came through Social Engineering and repeat visits to the park . Th is will not tell
you how to get free passes , or anything like that. I will tell you some neat little tricks and fun things you can do once you are in! This is a
very difficult article to organize. so I thought the best way to do it would be to simp ly give you a list
I) First, I should tell you that 1 have a season pass . This means
that I can come and go to both parks (Universal Studios Florida and
Islands of Adventure) as much as I want during the year . lf this
sounds like it could be useful to you, you might be interested to
know that they will put any name you want on your season pass!
Most people simply don't ask , but when I confronted them with my
nickname, they had no problem putting it on the card . The rule is
"as long as you answer to it" (which I do) . So if you want to cross
that line to uber-geek, have a pass like mine .
You can also request that they shoot you with your 2600 shirt or hat
on. or whate ver else you think of. I have done this on several
occasions, and every person was very accommodating of my
requests . The only thing they wanted was my face on the card ,
obviously so they could make sure that it was me using the card .
You might be pushing your luck with a profan ity-lade n Teshirt.
Another tip for annual pass holders is that you get a discount on food and merchandise as we ll as tickets to the park . If you do not have
one, ask someone who does or hook up with me and I will help you out if I can. I am usually glad to hoo k up with friends at the park.
Now , before this sounds any more like a commercial for Universal, I will move on.
2) Single rider lines are the quickest, easiest way to get through those long lines. If you are willing to ride by yourself, you can use the
single rider tine and jump to the front of the line ... well , almost. Also, I have found that you usually have no problem getting 2 or 3
people still able to sit together, so the tcrm "single rider" is not exactl y true . If it is a rollereoaster, usually you get stuck sitting next to
some sweaty fat chick because there was only one seat left. On most rides or show s, however, it will pay off big time. If you have more
than 2 or 3 people, you are on your own .
3) Express Pass was a computerized system to reserve a time for you to come back and get in line . When it first rolled out, it was
AWESOMEI When you scanned your pass , it would give you a ticket with time on when to come back and you cou ld go straight to the
front of the line. Basically, it held your place in line for you. Well, problem one was that the estimations were very short in the first
rollout. We were able to get tickets that were basically immediate! It would give us a 5 or to min ute time to come back for a ride that
had a 2 hour line! Once you got out , you could go right back to the machi ne and get another ticket and ride agai n in another 5-10
minutes! They put a stop to that quick ly and added a lim itation that put an automatic limit of at least a I hour wait . So our next step was
to get a ticket for the first ride, then go to the next ride while we waited and get another ticket. We conti nued this thro ughout the park.
By the time we got all of our tickets, we came back to the first ride and started the nonstop ride frenzy . This was also put to a stop by
setting in a time limit on how many tickets you cou ld have outstanding. Why am [telling you about stuff that doesn't work anymore? I
want to save you the time of bothering with this waste of technology. Yo u wil l thank me.
4) Lockers are scatte red allover the park to store your belo ngings in while you ride . This sounds like a nice idea, right? But the deal is
that they are free for a certain amount of time . They estimate the ride wait and give you I hour (for example) to put your stuffin a locker
while you wait for the ride. If you don't get back in time to get your stuff out , you get charged to reopen the locker. So besides this little
underhanded hostage tactic to get your money , it still may be a useful thing for some people to have so J hesitate to reveal this logistical
nightmare. I hope none of you abuse this, but I wi ll let the information be free and hope that you don't use it to be an ass.
The simple premise upon which the lockers work is flawed. You go up to a touch screen and request a locker. The comp uter
automatically assigns you an available locker number and prints out a pass code (6 character, numeric) for you to access that locker later,
when you return. When you are ready to pick up your be longi ngs, you again go to the touch screen and enter in your pass code and it will
electronically unlock the correct locker. If you are thinking of brute forcing the password. you are thinking the wrong way. It would take
quite a while on this manual system. Yes the potential exists to accidentally guess a valid pass code , but again the odds are very low. If
you haven't seen the flaw, allow me to exp lain . You sec, the act of assigning the locker to someone first, allows the potential for someone
to have a locker assigned to them. and then walk the hell om That one locker is now locked forever! Actually, I found out via social
engineering some of the managers that the park resets the lockers every night, but you would still cause a log jam at the lockers for that
day . By repeating this pattern, a malicious person could create probably the world stupidest and most low tech Denial of Serv ice attack!
5) One of my mottos is, "See a button, push if'. I like to push buttons and see if any of the set decorations or parts actually does
anything. I have never found any that have any little hidden "Easter eggs" in them. so if Someone does, please email me . I saw this
particularly cute girl on the Spider Man ride in lOA pushing furious ly on a console of flashing buttons at the Spider man ride . I asked her
what the buttons do, and she informed that even those buttons did nothing. She was just bored to tears and pressed the buttons just for the
pure boredom of it. One game that I do like to play is to watch out in all of the sets and backgrounds for the rides if I can spot any
payphones or computers. The line on Spider man has an interesting room full of desktop computers that are all running a spider man
screensaver. I got the impres sion that they were all running the same TV feed and no actual computers were runni ng. Those ofyau who
28 Volume 6 Issue 4 - Fall 2004 Blacklistedl411
�know me realize that I couldn 't resist and I crawled over the divider and checked. The "computers" were apparently just props, and were
all glued, right down to the keys on the keyboard. I couldn't be 100010 positive but I suspect they monitors were just dumb terminals, or
even more likely, just video displays looping a recorded tape .
6) As you can tell, employees there can get really bored from sitting in the same place, doing the same job all day. They are ripe for
Social Engineering. Flirt with the girls, even the ones that you don't find attractive, to get infonnation. Ask blunt straightforward
question of employees, they are usually so happy to have anyone talking to them that they will tell you anything! I started flirting with
this young lady at one of the rides and she started going through the computer that holds all of the pictures, and showed me some on the
funny pictures that were in the computer of peopl e on the ride . They pass the time by looking through the pictures of hot guys and girls
on the ride. This is how those pictures of flashers on the Disney rides sneak out! (As a side note , the software that they use looks exactly
like the kiosk software used in those Wal-Mart photo kiosks.)
7) Yes, but Stank, how do 1 Ownthe MIB (Men In Black) ride? I get asked this question more than any other. Ok , I really never get
asked that question, but there are a couple of things you can do specifically on this ride to impress the chlxnrz with your mad L337 skillz .
The MIB ride is an interactive ride, like many at Universal Studios, that has you ride in a little ship where each of the 6 people have a gun
in front of them to shoot alien targets . The special effects on this ride are less than special, but I guess they want you to be able to see
where you are shooting. First of all, hold the trigger down . It makes it a lot easier on your finger and makes sure you get ofT the most
shots possible. Secondly, aim for the eyes of the aliens . I have not been able to confirm this, but I think you get points for hitting the
aliens in general, and I think you get more points for the eyes. You will notice them tum from green to red , so you should move on to
another target. Another hypothesis I have is that you get more points for shooting the other teams ship. You will be going through the
ride with other ships at the same time . Each ship has a target above it that causes the ship to spin and make it harder for them to shoot. I
suspect that you get big points for that as well . Finally, the biggest way to get phat points on this ride is to RTFM, or in this case LTFM
(Listen To ... ). The speakers arc very faint, but if you listen closely at the beginning and quit fingering up the equipment, you will hear
them tell you to press the button when you see the big alien boss. That would be the big red button sitting right in front of your non-
observant self. At the end of the ride, press it when it flashes and you will get a mad 100,000 point bonus. No one ever does this and you
can Own them and brag about your mad Counter Strike abilities. It is also possible that this button gives points at other points during the
game , but I don't think so. If anyone finds more , come to www.stankdawg.comand let me know .
8) Wi-Fi is available for certain events . Not to the public, but for employees and vendors and such . On the way in from the parking lot,
we passed a bunch of laptops sitting out with people trying to lure you into signing up for free credit cards or season passes or whatever
else they are trying to sell. The first thing we noticed was that they had no network cables, indicating wireless. A quick check showed
the presence of a wireless network with the appropriately titled SSID of "universal" which was WEP encrypted. Since we were there to
ride rides, and have fun. we dec ided to leave that adventure for another trip . Once inside that network, who knows what kind of fun stuff
can be found
So. that should give you tons of fun things to do at Universal Studios (as if you didn't have enough already). Please don't use these tricks
and be a destructive jerk. Just have some fun. learn how the system works , and tell them Stank sent ya!
Shoutz : wi nt3nnut3 , Mr VTEC, dualjparallel, mi hennana, and everyone in the DDP!
StankDawg Is a senior level programmer/analyst who has worlred for Fortune 500 companies and several large
universities. He has been published In several printed magazines and numerous websltes. He Is founder of "The
Digital DawgPound" (the DDP) which is a group of whlte-hatlgray-hat hackers who produce their own printed
hacking magazine, radio show, TV show, and other projects at http://www.blnrev.coml. "The revolution will be
digitized"
"I Can't find your meqezine in my local bookstor e "
Sound familiar?
Are you having trouble find ing our Magazine?
Since we 've been out o f print for a few years. most of the retail book stores and newsstands are not ca rrying o ur utle. yet.
After a few issues hit the streets . more and more stores will carr y OUT rnaqazine . Its all a matter of time. We know It can be
ne xt to impossible to find Blacklisted! 411 In your local neighborhood bookstore at a tune like thi s There are a few ways you
can gel our magazine. Subs cribing is the best way to get the magazine " NOW . Ttus can be done ttlrough requla r
mail or by viSIting our website It s somewhat easy to obtain our magazine If you really want It
If you're 111 a place that doesn I carry o ur maga zine and youd like to see it there In the future. do one of the followmq
1. If you're not sure If til e store you re In came s our magazine, ASK THEM! They nuqht be sold out or they may have hidden
the mapazine In a spec ial section or behmd other maga zine s Those pesky ant i-ha cker type dron es mi ght be hiding them
2. If they do not carry our maga zine . tell the store manaqer that you would like to see this maga zin e In their stor e In the
future. Our ISSN IS 1082-2216 Give them this number an d tell them they sho uld call thetr rnaqa zin e drstnbutort s ) to obtain
Ihe title Make sure you let them know how disappoin ted you 'd be If they didn t sto ck them or "torq ot to at least call and TRY
to get them In s toc k
3. If that falls you can give us their address and phone number and possibly a contact name We Will have the chance to
cal! them and convince them into carryrnq ou r wonderful ma gazine.
4 . Subscnbe if you don t want to bo ther with any of the previous methods.
5. Take a look In Tower Records.. Magazines. Barnes & Noble s. Borders or Bookstar They usually have them in stock.
6. Borrow a copy from a friend - make su re to return It when you 're done.
Blacklisted! 411 Magazine
P.O. Box 2506
Cypress , CA 90630
Blac kli stedl 411 Volume 6 Issue 4 • Fall 2004 29
�30 Volume 6 Issue 4 - Fall 2004 Blacklistedl411
�4 Chann el DTMF to RS2 32 DTMF Decoder
Classification: Tool
Cost : $104.00
URL : htlp:/Iwww.d sc hm idt.com /dtmf.htm l#4CH _DTMF
A great little item brought to us by Dschmi dt Techn ologies, this 4 channel DTMF decod er is useful in any numb er of ways .
Most notably, decoding DTMF from 4 different sour ces simultaneously! If you're big into rad io mon itoring o r have a need to
keep your own phone line monitored, this wonderful piece of gear gets the job done. Running on anything between 7-
24VDC , this decoded doe s Ir s job ...very well. All of the decoding is pumped o ut through the RS232 po rt to your de sktop for
recc rding or to a termin al. your laptop. etc. And, yes , thi s little sucker will decode not oniy the standard 0-9 'tones. but also
the ABCD #' tones as well ! How's that for cool.. The input s a re exceptionally sensitive and pu lls down tone s ea sily. Each
input is sha red among a com ing ground. Accordin gly. you'll need to isolate eac h inputif yo ur audio sources do not already
share a common ground . Th is is somew ha t of a drawb ack that isolation isn't already included. but ir s still a useful device .
Che ck their site - they have other DTMF items for sale!
8255 PC Interfa ce Card
Cl ass if ication : Tool [Ava il ab le i n ki t fo rm]
Cost: $49.00-$69 .00
URL : htlp: /Iwww.boondog.coml
Wh at I have here is the "e nse mble" version of this product mad e by Boondog Automation . I wa s given a n e~alu ati on Unit to
look over and comment on a couple of week s back. I decided that it was finally time to break this sucker out and see what it
can do. First, I need to mention that the applications manual is not only HUGE , but it's also well written-if you subscribe to
the RTFM mentality, you'll appreciate this one! I'm also impre ssed with the quality of the build . as well-ver y nicel y don e .
high qual ity. The manual shows you with fairly clear detail how to connec t this devi ce up to m otor s (DC and steppers),
relays . transistors, LCO ·s. ke ypads as well as AI D and O/A converters. W ithin no time , I had this unit up and running (it
require s an 8-bit ISA slot) which makes hooking it up to old PC' s a snap. Finall y, anothe r goo d use for that old 486 laying
around. Ye ah, don't you still ha ve some old 486' s in the closet?
I had the unit co ntrolling a bunch of mock traff ic lights we ha ve .. . that was kind of cool to see. I decid ed to lug it (and the
computer it was installed In) home With me and rig it up to an X10 controller to see If I co uld mak e it co ntro l some of the X10
devices at the neighbors house across the street. I've been wanting to mess with their X10 stuff for month s now- as soon as
I realized they had X10 crap operating over there . That was some what amusi ng, but I cut the e xperiment short when my
conscience started nagging me . It was a succes sful test. Why'd I do it? Because I could. No othe r rea S?n. Do I need one?
Anyhow. something I reall y liked about this unit was the fact that all of the con trol lines and voltages (+1 12, +1-5) are brough t
-
out to the small expansion board outside of the PC . It makes the process of expanding upon this de vice just that much
eas ier. In addition, the people who designed this unit. so graciously opted to use standa rd plug in ID C connec tors. If we
decide to do somethi ng with this later on. this simple fact Will make the hack much easie r on us . I ha te dea ling with DB
connectors that most of these controllers tend to have. So. I was pleasa ntly surprised by this discove ry.
To bring this to a close, I think the 8255 PC Interface card is a great little device and fa irly Inexpens ive fo r what you get. It's
top notch . high quality merchan dise with exceptional documentation and decent software to boot. T ry this out If you've been
wanting to get into home PC automat ion. It's fun. It's interesting. It's within the means of most people . Enjoy.
Binary Revolution
Classificat ion : Zine [Limi ted D ist ribut io n]
Co st: $5.00
URL : hltp:/fww w .b inre v.co m/ma gaz inel
I first experienced this hacke r zine back in mid 2003 wit h their 1.1 May 2003 relea se. A copy was dropped on my des k and I
thum bed through It very quick ly, thinkin g to myself , "coo l ano ther hacker zine!" It took me a coup le of wee ks before I actually
sat down to read it. W hen I finally took the time. I was pleasa ntly surprised with the read . Th e informa tion is fresh, on topic
and in your face. Their articles are well written and the accompa nying artwork is done quite we ll. I did some re search and
found that this was a publication don e by DDP (Digital Dawg Pound ) and it's availa ble online only through their websi te-they
are not available in your local bookstore. Since their debut issue in 2003. they've release two more issue s: 1.2 and 2. 1. 2.1
was released at the recent HOPE conference in NY C in July and was well received from my reports .
Their frequency of publication is unknown to me at this time , but appea rs to be somewhat sporadic, which is common in the
hacker community. They obviously subsc ribe to the whitehatlgray hat hacker code of ethics and atte mpt to spotlight the
hacker in a good way. This alone gets them my full support and respect. I don't have a cop y of their late st issue . but the first
two issues are well done and worth the $5. But don't take my word for it. go check them out, spend the $5 on a copy of their
latest issue and decide for yourself. You may be plea santly surprised.
Phone Man ager Plus
Classification : Tool
Cost· $79.99
URL : http://w ww. spygalaxy .com/phon eman ag erpl .htm
So, my last birthday rolledaround and someone bought this little gadget for me . When I first saw it , I thought to my self , "oh
boy , a caller 10 box-the y sure don 't know me too well. do they?! - I stuffed it away and forgot all about it-sorry Jason . As it
happens , I was going through my junk recently and came across this small device once more . For some reason , I decided to
read the box ...and then it hit me! What I SUddenly realized was that it was much more than a caller 10 box. What comes off
as a simple Caller 10 box , is actua lly a ful! fledged phone call logger -incoming and outgoing alike. I hooked it up and did
some initial testing of the device. It keeps track of outgoing cail s, up to 15 digits on any outgoing call made. in addition to the
time the call was placed and the length of the call. That's so cool. The best part? It stores up to 2000 calls AND you can
password protect the device to keep people from deleting information (ie: your kids. cheating girlfriend . etc). The price is a
tiny bit on the steep side for the a logger . but it' s decent. do es the job well and I recommend this g reat little piece of plastic to
anyone needing to spy on the outgoing calls in their home or business. It's fairly useful.
Blacklistedl411 Volume 6 Issue 4 • Fall 2004 31
� By The Goldfinger
Have yo u ever saw a dumpster and wonder ed what Jdnda coo l stuff might be lurking within it? Has it ever occurred to you that companies
and businesses throwaway tons of stuff that is still in good condition. sometim es still new ? Apparently, many people are into dump ster
diving for fun and profit and a whole subcu lture has sprung forth from this odd endeavor.
Now, some of you out there are probably thinking, "ha , I know all about dumpster divin g, but I wasn't looking for re-usable junk." You
see. there are 2 types of dump ster divers. The hobbyi st variet y which includes all serious and legit imate dumpster divers, and then there's
the Darkside Divers . I myself dabbl ed in the Darksid e of the Dive in the ear ly 90's. Profe ssional carders and identity th ieves are we ll
aware that many banks and S & L's have little or no secur ity on their dumpsters. and those receptacles of supposed trash are often full of
private confidential information. Information that can be pieced together allowing one to open or empty bank accounts , harvest credit
card information, and all manner of shad y activities. (shudder)
We will not be focusing on the darkside divers , because that's not cool and its illegal so instead we will focus on dumpster diving as a
hobb y and as a means to save money , and salvage useabl e items. We will examin e all the ins and outs of this activi ty. Aite then . throw on
the Sanford & Son theme song, strap on your diving snorkel an lets dive in!
Definition: Du mpster Diving is an active search for what others have thrown away .
Dum pster Divers are peopl e who search for thin gs that other peop le have thrown out that are still useful , ca n be recyc led , and have val ue .
Obvious ly, this activity is not gonna be for eve ryone. but it has become quit e popular and is considered a great resour ce by many people .
Living in 2K4, we kind of make the J980's repu tation for excess and waste look frugal. so I don 't think we should look down on anyon e
that finds a way to utiliz e that "wa ste" .
Not only do dumpster divers pick up stuff from the curbside, but they also dive into dumps ters at apartment complexes and behind
shopping center s. Diving can be profitable in are as where aluminum cans have return deposits. Of course , your not gonna get rich dcin
it. but there is money to be made. Lots of the stuff you can find can be sold at rummage sales , paw ned or sold for scrap .
NOTE : In case your not to bright (and that can't be the case if your reading th is fine magazine!), dumpster diving has abso lutely nothing
to do with ACTUAL diving! You don' t climb up on the side of the dumpster or on a nearby wall and dive into the dumpster. There are
no judges, and doing a swan dive into the dumpster is a good way to split your wig!
The "d iving" is metaphorical. Most people don't actua lly get in the bins. They have some sort of long po le which allows them to just lean
over the dumpste r and pull the items up to them ...which brings us to the gear you'll nee d:
Equipment
Most divers use some kind of grabber stick. The best gra bber stic k acco rding to the "Dumps ter Lady" , is the Unger Nifty Nabber. You
can take a look at the Unger (or "Felix" as folks ca ll it on the mess age boards) here : www .ungerusa.com
LM Colker Supply is a good source for 51" Ungers. 19.95 + sib.
Identify yourse lf as a Dump ster Diver and get a discoun t! Co ntact them : 8()()-533-6561 or email info@ lmco lker .com
You'll also want to bring the follow ing gear :
Gloves
Flas hlight (varies; I suggest going during the day as there is plenty of light)
Box cutter
Pocketknife
Dirt clothes (clothed you don't mind ruining)
Old towels
Trash bags
Duct tape
32 Volume 6 Issue 4 • Fall 2004 Blacklisted I 411
�Duffel bags
Car (p referred but dumpster diving can be done witho ut a car for storage)
Durable pair of shoes or galoshes
Wet wipes and Anti-bacterial gel are a good idea, were ta lkin' about dumpsters aftera ll.
It couldn't hurt to bring a smal l First Aid Kit either.. .
How do I get started now that I' m eq uip ped?
Folks. d-diving is not rocket science so don', make it harder than it has to be . For most peeps the hardest part of any endeavor is getting
up the nerve to do it. Start out by scoping out prospects.
Do a few "drive-bys" looking for likely dumpsters. Look for dumpsters that are free-standing and not the compactor variety. Compactors
are those large dumpsters that are attached to buildings with a chute and have no visible openings. Steer clear of those. Apartment and
office complexes have definite possibilities. There is toot to be had. Enclosures are ok as long as their not locked. If you happen to have
bolt cutters, this wouldn 't be a problem, but I don't recommend it. Your best bet is to stay away from locked enclosures.
Now that you've scouted, and found some good prospects, park your car grasshopper, walk over and look inside! Its that easy.
Where shou ld (dive?
You can dive retail store, office, and residential dumpsters. Most folks choose to dive retail from what I gather. Any store tha t sells stuff
that you want can be a good place to dive. Grocery stores, bakeries, and health food stores are by far the most consistent producers. You
can find something almost every single day at these stores. Yes, I mentioned food stores because many people dive for food too.
Personally, I wouldn't do it. But I bet it's a good skill to have and be able to do in the case of Annageddon for example. Or if the
landscape of America was suddenly transformed like it was in Dark Angel. Dumpster diving for food would be about the most important
skill to have, but since that's not the case yet, I'll stick to Arby's and Heloburger.
According to the Dum pster Lady ; (excerpt taken from her site) ...
"Yes, some ofus really dive/or food Jfyou keep an open mind about this, food diving can end up making a huge difference in your fife.
Many of us get to the point where we just don't want to deal with any more nonfood "stuff". Then. we start thinking about diving/or
expendable items
Thefirst day I dived for food. I had just been IN the store buying marked down 1/2 gal/ons oforange juice for $0.50. While I was doing
the rest of my shopping. someone came with a cart and loaded up all the orange juice into a shopping cart. So, I hung around to see
what happened to it. They wheeled the cart out and threw scores ofgatlons and //2 gallons oforange juice away...that were still 2 days
from their due date. They were pasteurized Theywere still cold It was winter. so it was cool. I went to the dumpster and grabbed as
many as I could carry. This experience was life changing/or me. Where would you draw the line? Would you not buy the marked down
OJ? Would you take it out ofthe guy's cart ifhe were a few feet from the dumpster and asked you ifyou wanted it/or free? Wouldyou
take it out ofthe dumpster?
Wefood divers top into the sad fact that we're throwing away 96 BILLION pounds ofperfectly good food into landfills each year in this
country. By EPA estimates, we're spending $4.8 BILLION a year disposing ofthat perfectly goodfoed."
Well, she makes a pretty good argument and she does have a point. Still , that aspect of diving isn't gonna be for everyone. If you want to
talk more about it with a real pro , she's happy to answer your questions if you have any:
TheDumpsterLady@aol.com
When to dive?
Every diver has their own preferences. Some divers try to discover when stores take out the " trash" and wait for those times. This can be
accomplished with a bit of pee-text calling.
Others simply wait till the stores close, but its really up to the individual. Some people don't want to risk being confronted, so they wait
till later after the stores close. A lot of people, especially women divers, like to take a buddy. Having a partner can be an asset to assist
with larger finds, and to act as a lookout, but most importantly, to have back-up in case of trouble.
What to do if someone sees you.. .
Were talking about people you know, and people you don '1 know. If you worried about people you know seeing you, then maybe you
shouldn't be doing it. Some people care a lot, but still want to do it. According to them. it does get easier over time . They say that in
time , you simply won't care anymore who sees you do it. If you got a rep to protect, your best bet is to dive far from home so that you
don't run into anyone. Simple enough.
Now as for the people you don't know, were talking mostly about store employees. Evidently some of them can't stand divers, but most
employees will just pretend they don't see you .
If someone asks what your doing., just say, "I'm looking for boxes". And be prepared to drop whatever your carrying. If your asked to
leave, just say "ok" or "yes, sir", there's no reason to Challenge an emp loyee or cause drama. The dumpster is still gonna be there later
when everyone's gone home, and its still gonna be there tomorrow, and the next day, and so on.
Don't cause static. If your asked to leave and never come back. then leave, and never go back.
If you do, its trespassing. Remember, there's a million other stores, and tons of stuff so don't even trip. Also, don't think you can
circumvent this whole problem of potentially being confronted by asking permission to dive. This is usually a mistake and will usually be
met with a NO. And once your told no, you can't legally go back. Asking permission is a mistake.
Blacklisl edl 411 Volume 6 Issue 4 • Fall 2004 33
�Ninja ste alth ta ctica l di vin g
Don't pull your car right up to the dumpster. This is like waving a giant flag o ver you that says "Hey, I'm illegally dumping crap in you r
dumpster!' Park away from the dumpster and stro ll up to it. Approach quietly like ninja. Do not make no ise. Nigh t dives and early
Sunday morning dives when ma ny stores are short staffed co uld work to your benefit. Do not linger around.
A typical dive shou ld last no longer than 5-7 minutes . To maximize the number of dumpsters you can hit in an outing. keep each dive at
about 2 minutes. The longer you hang around, the better your chance of being confront ed.
Divin g Buddies
If you don't want to go alone , try to convince a rea l-life friend or family member to go along .
You can try to advertise for a buddy in your area using one of the AOL message boards or on the alt .dumpster newsgroup on the
internet. Some divers are strictly loners though , and might not want to buddy up even if they live in you r area . Some of these people
have spent a lot of time developing their sources and they do n't necessari ly want to share them with others .
Dumpsters can end up getting locked if too many people start rolling them .
I came, I saw, I got nada .••
Look, just cuz you went a couple times and didn't find anything doesn't mean your " unlucky" or your not good at it. Newbies often get
discouraged their first week or two out because they didn't find anything or they might have checked a dumpster once or twice a week
and got nothing . Heres what you should be doing:
- Look every day, or almost every day
"Persistence Pays
"Find dumps ters that are consistent providers
"Zen; become one with the dumpster, develop a "dumpster sense"
By looking daily or on a semi-regular basis, you will begin to discover the stores "toss-out" cycles and you will begin to recognize these
patterns and know when to dive .
Not everything is in plain sight Ya gotta poke around in there. Remember, your not gonna find cool stuff every time, but if your
con sistent, you will begin to see your efforts payoff.
All the pros say not to get discouraged, just keep at it.
Legality
The fint thing you should do is find out if dumpster diving and scavenging are lega l in your town and county. Diving is illegal in a few
lawns and counties .
You can try to call your local cop shop and ask. Most divers choose to call from a pay phone so as not to identify themselves to law
enforcement
Often local law enforcement is not always aware of the exact laws . They might tell you that diving is illegal when the divers know for a
fact that it isn't. Do your research.
Be respectful, and don't trip out. Don't ever dump your own trash in someone else's dumpster - that's a/ways against the law . If it says
"No Trespassing", then don't. If a dumpster or an enclosure is locked, don't mess with it. lts not worth the has sle.
(f you find that it's illega l in your area, then dive outside the city or county lim its.
Obeyyour local laws an you'll be ok.
Can I really fin d stull? WiIIlhls really SAVE me SSS?
A lot of veteran divers swear you ca n. They say if you stick with it. you can find mor e than you and 10 other families can use. There are
folks out there that are practically suppo rting themselves ofTdumpster divin g alone. The key is bein g frugal. An d I guess that ' s what
appea ls to most of the people involved in this activity. Use the money your savi ng on things like co llege, home ownership, investments,
reti rement. Almost anythi ng you co uld ever need can be found this way, and a lot of stufT you don' t need can be sold or traded, so therein
lies the profit the money you save from not having to bu y certain things. All in all, in sounds like a interesti ng hobb y and I bet it can
become quite addictive .
We want to hear from our readers and get some Input on every topic from the articles we print to the
content on our website. If you have any Ideas , comments, complaints or suggestions, the best way to get
something done about It Is to contact us and let us know what you're thinking. We are a magazine written
for the hacker community. We want to have the best possible magazine with the most fresh Ideas and
subject matter. This Is your chance to help out and get something done. Don't fall prey to the thought,
"w hat I think won't matter" or "let someone else do It." You can make a dlfferencel
We want to hear from hackers, event coordinators, group leaders, graphic artists, writers, creative
assistants, magazine editors, system administrators, forum moderators, webmasters, photographers,
electronic hobbyists, design engineers, technical writers, field technicians and anyone else who Is
Interested In the hacker community In any way . Here's how to contact us :
Blackllstedl411 Magazine
P.O. Box 2506, Cypress, CA 90630
34 Volume 6 Issue 4 • Fall 2004 Blacklisted I 411
� MYAMIIM IS STILL TICKING
HOWA80UT YOURS?
A few more resources for your Amiga
By MobbyG
Unless you've been under a rock or been busy getting spyware and virii out of your Win XP box , you may have noticed that
the Amiga has made something of a comeback , with the release of the Amiga OS version 4. Granted this comeback is
small in scale and isn't going to bring back the glory days anytime soon. But it is remarkable enough that many die hard
users and past fans now have hope for our beloved platfonm, while others are convinced that the Amiga they knew , is gone
forever. To them I say, please keep your mind open. You never know if you may be surprised by something in the future .
This version of the OS is to take the Amiga into a new age in the spirit of the old Amiga , but is very different from the classic
we know and love. For one , the Amiga has left behind the custom chipset that gave it the power it enjoyed in the old days .
Now it's based on a Power PC chip and the ability to use "off the sheff parts", But it's still capable of emulating 68K cpus for
older software so we don't have to say goodbye to our favorite applications and programs. Hell, ~ I still had my Kindwords
floppies , I'd be using that instead of some M$ program to write this.
Anyways, here are some sites, lists and resources you can check out for info on the new 054, what's happening with it
now.
Mailing Lists
http://groups,yah oo,com /group /am lga on e/ : This group is for talking about the new AmigaOne. The new motherboard
that was released as the newest generation of the Amiga . This is a pretty active group and has lots of info on past
problems and fixes.
http://groups.yahoo.comigroup/AmlgaOS4I : This group, as you might guess from the name, is for talking about the new
054. Even though it's still a pre-release , aka beta, it's still proving to be just as versatile and powerful as the classic
versions of the OS.
Many of the sites I would recommend were already listed in the last issue of BL411 . So I'll simply skip the descriptions and
just give you a quick and dirty laundry list of the two I vislt for most of my news.
http://www.amlgawortd.net & http://www.amlga.org
These 2 sites constantly have up to date news and info on cunrent happen ings and news of interest to the Amiga
community . If you don't visit these sites, you may be missing a 101. This is not to say the other sites are not any better or
good enough . Just that these are the sites I like and recommend to anyone who asks me about the Amiga .
I think it's pretty safe to say that no legacy platfonm has more software for it than the Amiga. And a good smattering of iI
can be found on Aminel. I would take down my Cnet BBS just to surf this site for literally hours to read and peruse the
latest stuff uploaded during the week. This is quite possibly the best archive of software for the Amiga, post Fred Fish.
Hopefully this will get you a little fired up to dig out, dust off and fire up your old Amiga. Be it a 1000 or a 4000 . There is still
life to this platfonm and I hope to show you that starting with my next article. Till then, "Make Mine Am/gal"
'nuff said.
MobbyG Is also known to radi o listene rs In the Rapid City, SD a",a as Rich Lawt8nc e. on Classic Hltsl Q92.3 and
their sister sta tion Star 106.3. When not on the radio he's been known to pl ay on his ham radios and runs a telnet
BBS called Am lga-Z. MobbyG Is also married with one daughter and anoth er child on the way In May .
BLACKLISTEDI 411 FORUMS
NOW ONLINE
WWW.BLACKLISTED411.NET
Blacklistedl 411 Volume 6 Issue 4 • Fall 2004 35
� The Hacker Chronicles
An acc o u nti ng of t h e l i fe and events of a real ho n est t o
goodne ss old s cho ol hacker.
** A series of articles written exclusively for Blacklisted! 411 **
By Cactus Jack
Inspired by the recent re-discovery of Blacklisted! 411 magazine and at the request of my wife, I've agreed to write a quasi,
autobiography of some of the goings on in my life that relate to hacking , from as far back as I
can recall. Amazingly enough. I recall everything from the time I was a few months old up until right now, thirty some odd
years later. Very few people have a memory like mine, but those who do should use their gift to teach, instruct and entertain
others. If anything, Simply detailing experiences and providing a lesson in history would be more than adequate in helping the
cause. With this in mind , I intend to detail as much of my life as possible , noting the many hacker related experiences I've
had. I hope you enjoy the read.
The very early years
liKe many old time hackers of today, we tend to have started our careers early on in life. Apparently , I was no exception to
this general rule. According to my parents , I was a "very curious baby". They had 7 kids before me. so I figured they knew
What they were talking about. I didn't cry much - I was a happily curious baby - but rather focused much of my energy on
trying to get into anything and everything I could , leaving a wake of pulled apart toys and misplaced items behind me. Many
of my early life photograph s depict a kid wanting nothing more than to get into the thick of it. I was especially adept at taking
things apart by the time I was only a year old, utilizing my fathers tools Whenever possible . This was a serious problem for
my family, yet they couldn 't seem to stop me. It wasn't for lack of them trying to. either.
I routinely checked out the television, stereo system and heating/cooling systems in our home. Naturally, I had to make
control adjustments as often as possible and note the resulting changes made . I was specifically interested in the television
and how so many things and people could be inside of it. I recall having the most impossible to overcome urge to take these
things apart. but there was no way I could manage to do it covertly as too many people were around to witness it and to stop
me. I filed it away and decided to tackle these items at some later point in time.
It wasn't until another couple of years passed that I moved on from taking everything apart (and tenribly upsetting Whomever
owned Wha tever I took apart) to being able to put things back together again . This made the task of learning trom my parents
belong ings much easier since they were usually none the wiser that I had taken their stuff apart in the first place. That
television continued to evade my attempts to be dug into. however.
I was someWhat distracted by our telephon e. though . This ominous looking device . connected to our wall with a long wire.
ringing every so often and containing voices of people I knew (my older bothers. babysitter, etc) perplexed the shit out of me.
I took it upon myself to play with this thing as much as possible and soon found myself understanding how to place calls to
people. I spoke to people I didn't know. had conversations with the operator and loved every minute of it. My conversations
usually went something like this:
Other person: Hello? (sometim es. they'd answer with "so and so speaking ')
Me: Hi
Other person: Who is this?
Me: Jack
Other person: Who ?
Me: JACK
Other person: Oh. Wh y are you cailing me Jack?
Me: I'm just pushing buttons .
Other person: Oh, How ald are you?
Me: I'm three.
Other person: Three? Wh ere are your parents?
Me: At work / At the store / At wherever, etc
Other person: You shouldn 't be playing with the phone Jack.
Me: I know. They told me that.
Other person: You should listen to them.
.. .. .. .etc. etc.
Most of the time, they'd just keep talking and talking , trying to get me to either hang up or to agree to not call again. ' Nobody
ever hung up on me surprisingly. Sometimes, mostly if it was a woman on the other end, they'd happily talk to me and tell
me things about where they lived and worked, their kids names and thing s you wouldn't normally thin k they'd openly tell you
about. At least, not today anyway.
I loved calling the operator to no end.
"OP-ER-A-TOR speaking. how may I assist you?" - every single time without fail.
The operator. she was so easy to get a hold of , with a single flick of the dial. I say "she" because When I was three years old.
in my hundreds of calls to the operator . not once did a male operator ever answer the other end. The operator was always
super nice to me and always seemed to have a good sense of humor about me calling them. Further . she always appeared
36 Volume 6 Issue 4 • Fall 2004 Blacklistedl411
�to know who my parents were, or at least my father, by name. I figured at the time that my dad was ju st a really popular guy
and everyone knew him not knowing they could trace calls back to the owner of the line. The operator is the person who,
ultimately, was able to answer most of my questions about the phone, how and why it worked. The first question I had was
how she got into my phone exactly and more importantly how she was able to get back out. Of course, I was laughed at, but
she graciously took the time to explain things to me. It didn't take long for me to understand the phone quite well. Before I
knew it, I was an expert phone user.
My phone calls to the operator became somewhat well-known among the operator pool and I started to get a reputation . I
didn't know this or realize it until my father mentioned it to me one morning while we had breakfast. While I was gobbling up
my cereal, he explained that he was aware I had been making a lot of calls to the operator and that he was told about it, but I
wasn't in trouble for it. He wasn't mad at me, just slightly amused by what I had been doing without his knowledge , He told
me that I shouldn't let my mother ever catch me doing it because she wouldn't be as understanding about it. I agreed to be
careful and not let her catch me. No problem,
While making my rounds dialing random numbers one day, I found that if I got a busy signal I could
hear other people pick up their phones - no doubt to dial someone else. I'm not sure why I just didn't hang up when I heard
the busy signal - maybe it was because I had no idea what it was, but I knew it meant I wasn't going to get someone on the
other end. However, while I was listening to the "funny sound" as I referred to it as, I could hear "clicks"...click .. .. Click .. ,
click.. ..click.... .click.. . "dammit, why do I have a busy signal!l" I suddenly heard someone say. The man continued to pick up
and hang up, getting more angry each time he did it. Eventually, three or four other people were doing the same thing, I just
sat and listened, quite entertained. Naturally, I assumed I was the cause of their discomfort and was not about to hang up
that phonel
After awhile, I started to get bored and I decided to say hello to someone when I heard them complaining into their phone,
The other person, a lady, was surprised she heard someone and asked me who I was. I complied and told her who I was
without thinking of any consequences for doing this, She knew me, and more importantly, she knew my parents! She asked
me what I was doing and I told her I was listening to my phone. I don't think she knew I was the cau se of her problem, but
she told me I was too young to be on the phone and asked me to please hang up, Before I had a chance to say "Ok"
someone else had joined into the conversation. Anyhow, to bring this topic to a point, before I hung up the phone, there were
maybe three others speaking to each other, identifying themselves and then asking each other if they had any idea what the
heck was going on with the phone. After a few minutes of this, it just wasn't fun for me anymore so I hung up. I picked it up
again and there was nobody on the line, just a dial tone. Oh well,
Over the next few months, I tried this a many more times and always got the same results. It provided me with much
entertainment.
I was awaken fairty earty in the morning one day by the sound of heavy machinery working just outside of my home. I
wandered to my window so I could see what was making all of the noise. All I could see were some big trucks with huge
spools of wire and a lot of people wearing orange clothes. After I had some time to wake up and ask if it was ok to go outside
and see what was going on, I headed straight to the first orange clothed person I could find, I bombarded the man with
several questions, mostly wanting to know what was going on. He explained that they were installing a new traffi c signal for
the intersection. I then asked if I could have any of the leftovers. He agreed to let me take anything from a specific pile, I
ended up with a massive pile of wire by the time the installation was complete a week or two later.
I watched them install the control box for the traffic signals and asked questions. I also paid close attent ion to how everything
was hooked up. The guys must have thought it was cute or funny that I was so interested in what they were doing or maybe
they needed some cheap labor. Either way, they immediately put me to work, They had me "test" the push to walk buttons
for them. It wasn't much, but I sure was excited to be part of what I perceived to be a massive undertaking. I was able to get
some free tools out of it, too. All I had to do was ask and they handed over SOme of their old tools . This was the first time I
received something I saw as worth a lot just for asking. This was a big deal to me and helped mold me into who I am today.
The Underground Mac (UGM) Is a site dedicated to providing macintosh users with all their hacking, Security, and
Messaging needs. The site is was made to help the macintosh underground community which has risen and fallen
over the years, and provide a good place for knowledge and tools. The site has grown and adapted to the
community and is now one of the largest mac underground sites. The site has also grown a lot, it went from a small
site to an enormous site with many sections and hundreds of megabytes In tools. This site also opened the doors
for the network It Is now a part of and made it possible for many other great sites to rise . Ugm has expanded and
helped the community greatly, and it will continue to do so and continue to grow as long as it is around. It was
started by me (SprattJ but Is now the work of quite a few people and all of it's content is made by great
programmers which also playa huge role In the site.
Blacklistedl411 Volume 6 Issue 4 - Fall 2004
�By the time I was four years young, I was gathering up heaps of materials from our garage, the junk drawer, the
neighborhood trashcans and from anyone who had something I thought was "interesting" and I stored all of my choice items
in my backyard . By interesting, it usually meant that the item was some sort of technology. Back in those days, technology
wasn't anything like it is today; we didn't have home computers or anything really cool just yet. However, there was plenty of
wire, switches , air conditioning controls, lights , etc. If it was available for free, I had a few in my collection.
I had no idea what I was going to do with all of this junk , but I couldn't stop myself from collecting it. Day after day, I would
troll the neighborhood and bring back my treasures. Eventually, my search expanded to tools, lumber and hardware (nails,
screws, etc).
One early weekday morning during the summer, just before I turned five, I found myse~ at a neighbors trash heap,
overlooking a dead television they intended to throwaway. I had finally found myse~ something substantial to bring back
home and tinker with. Back in those days , all televisions were huge . There was no way I was going to be able to move this
thing, no matter how big I was for a four year old . I ran back home, picked up a few choice tools, trotted back and proceeded
to disassemble the television as much as possible before the trash man showed up. After maybe an hour of hard work, I had
myself a metal chassis wilh tons of tubes and wires . I had never seen a tube before this day. I was pleased with myself and
what I had picked up for the day . I happily added it to my collection.
My collection continued to grow, week after week. So, my birthday finally came along. I turned five , had a decent birthday
and got some TOOLS. It was the best birthday ever .
Shortly after my birthday, we moved to the other side of the city , close to a go~ course and the foothill area . Before we made
the move, my parents decided it was time to rid themselves of my collection in the backyard and proceeded to take
everything to the dump . ! was extremely unhappy about this predicament and began to have a fit. However, I was appeased
by an offering from my father . He promised that once we made the move , he'd give me their old stereo complete and
working . I agreed and shut up .
We made the move, I got my stereo and I was thrilled. Ok, so I was in a new place and quickly made some friends (Jason,
Jeff, Steven, Michael and his brother Troy-yep, still remember them) . With some friends handy , I began to explore the
area and found my way into every crack and crevice of my immediate surrounding. You know , the normal things a kid back
then would do. In fact , back then it was fairly normal for a 5 year old to go roaming around the neighborhood without any
cause for alarm .
Anyhow, within the first week I was there, I was sitting on the front lawn and saw a huge airplane
slowly moving down my street. I hopped to my feet and quickly ran up behind it as fast as I could . I followed it closely,
looking it over as best I could without touching it. It sped up and eventually took off , me chasing right behind it the whole time
until it was in the air. Then I stopped to watch it fly around. I was convinced a small animal or creature of some sort was
operating the plan&-you see , I already figured out people couldn 't shrink themselves to get inside of small devices and it
was clearly too small for a person to fit into iI. So, I diligently watched this place fly around for maybe 15 minutes and the
then it came back down, landing on my street again . Once more, I was right on top of iI. It sped up, slowed down, turned
around the comer... ! kept up with it no matter what. The noisy contraption finally slowed down to a crawl and an older man
came up to me and the plain , laughing vigorously. He was obviously the owner of the plane . I had a zillion questions for him .
It was that day I learned about remote controlled devices. I was truly amazed by this concept and the idea further intrigued
my curiosity .
One day a few weeks later, I got ahold of a butter knife and I had this great idea of taking apart a frog I had just captured from
a puddle of water which crept under the sidewalk next to the front door of my home . Instead , along the way to the awailing
frog , I noticed the doorlbell button on the wall and after a quick eyeballing of the button, I decided it was ripe to be
investigated a little more . I proceeded to pry the button off with the knife (and my wet, froggy hands) to see what was
underneath. What was about to happen, I hadn't conceived in any way . ! managed to get rnyse~ a pretty good joltl This was
a pivotal point in my life as I had never known about electricity. That small shock opened up my mind to more questions than
I ever had previously.
Yeah, I know. You're still thinking, "Take apart a frog with a knife? Are you disturbed or something?" What can I say, I was
a five year old boy. Anyhow, due to my new found engrossment, I decided to release the frog back into the puddle .
Accordingly, he readily swam away. The frog had survived the day.
When I had a chance, I explained to my parents what I had done and asked them to explain to me what it was that I feil and
why I felt it. They failed to explain to me how and why it works, but what they did tell me was that "electri city" was what I had
felt and that everything around the house - the television, the stereo, the lights - all ran on electricily. Whoal I had finally
made a connection between everything. I immediately asked if the phone ran on electricity too? YES. The car? NO , not
exactly . Ok, but I was getting the idea.
Now I was really interested in things . There was no stopping me from that point on.
In the next installment, I'll take the reader on a tour of my experiences from age five on up through my early teens . Hope
you're enjoying the accounting of my life thus far .
MARKETPLACE CLASSIFIED ADVERTISING IS
CURRENTLY FREE!
FIRST COME, FIRST SERVED
SUBMIT AD AT WWW.BLACKLISTED411.NET
38 Volume 6 Issue 4 • Fall 2004 Blacklistedl 411
� THE ART OF LOCATING QUALITY SALVAGE ITEMS
By TechnoHeap
Greetings fellow collector. This is the fourth and most likely the final installment of an ongoing art icle on the subject of locations wher e
one can find awesome deals on components, equipment and parts .
I have been collec ting, buying and reselling integrated circuits (otherwi se known as "chips"), electronic parts and equipment since the
early 1980's. In the time that I have been doing this , I have grown to know first hand many sources who deal in LESS THAN
WHOLESALE priced chips, computer equipment. electronic equipment and parts . That' s right. thes e item s ar e available for penni es on
the dollar and this is literall y, not figurativel y speaking. Some of the things you will be able to find at roc k bottom price s: Intel, AMD ,
NEe and DEC gold chips, Macintosh computer equipment, EPROM s, EPROM programming equipment, vinta ge computers, chip s. parts,
newer equipment, computer parts, brand new excess inventory chip s...the list goes on and on.
Have you ever wond ered about those $300 - $400 Intel C4004 chip s for sale on ebay and wond er to you rself how much you could get
them for if you knew the sellers source? How doe s $40 per POUND sound to you? It takes quite a few of the se chips to add up to a
pound , so you can see the potential. Th e going rate for "gold" chips is in the range of $20 -$45 per pound and you can buy this stuff all
day long at those prices... IF you kno w where . Th e sources I will reveal generally don't ca re what the chi ps are , only their bulk value.
This is where a person with the right knowledg e can make a killin g regardin g resale of the same item s.
I've seen these sources come and go by the dozens over the years. What few of these sourc es rem ain hav e been a very well kept secret
among the few in the know and to my knowledg e, nobod y has ever revealed these sources in an all in one informa tion article before .
What is about to be revealed to you isn't "fluff' like a lot of other informational articles or those " e-books" pro vide, you know the ones
that clai m they're goin g to reveal wholesale sources to you and you end up finding out it's ju st a bunch of usele ss, and I use this term
loose ly, information. Anyhow , the informati on I will provid e you with is specific hardcor e rock bottom priced sources which other
people use to obtain the parts they resell - even EBA Y sellers! You can use this Information right now and mak e money immediately!
Furthermore, it won't break your wallet to stock up on some parts for immediate resale ....or collecti ng.
I'm officia lly out of the chip/equipment collectinglb uyinglse lling business and since this high ly sec retive infonnation no longer serves my
needs , I'm going to spill the bean s once and for all which will allow a whole new generation of co llectors and entrepreneurs to access the
massiv e opportunities us old-timers have' had all to ourse lves for decades. Are you read y? Be sure to chec k out eac h and every single one
of these places and BUY, BUY, BUY as much as you can - stoc k up and resell until you're blue in the face. Don't forget where you got
this information . either -- a simple letter to Blacklisted ! 4 11 telling them about the great deals you've fo un d for yourse lf will do. I'm
going to be listing salvage yards, obscure retai l locations and swa pmeet sources. These are all worth the time to vis it and exp lore.
AC P (Advanced Computer Products)
1310 E. Edinger Aven ue
Sa nta Ana , CA 91705
TEL (714)619-3487
Email: dfrecman@acpsuperstore.com
URL: http://www .acpsuperstore.com
Type : Retail/Surplus/Excess Inventory
Contact: Dave Freeman
Th is is probably one of the first electronic stores I ever visited as a child It was 1975 or )976 and I was thrilled to see this place for the
first time. It was by far, the biggest comput er/electron ics store I had ever visited at the time . Yeah, back in those days the retail store was
much larger than it is today . They've downsized so many times , I lost count. Each time they did, I was witness to the auction/sale!
whatever when on when they got rid of the excess . I walked away with excel lent deals and stocked up my own personal warehouse with
great parts for so-much-Iess-than-wholcsale-price s. Like clockwork, I used to visit this place almost weekly to see what other great deal I
could find. I missed one downsi zing but J was there for the aftermath. The leftovers included massive amounts of rapid rack shelving.
the wood for the shelving, cardboard parts bins and lots of hardware-screws, nuts. spac ers. etc. I had to fil my truck up three times to
get everything-and it was FREE!
A few downsizing's back , a few days before the down sizing actually happened, I was in the retail store looking around. I was interested
in buying a lot that day because they had an incredible amount of connectors availab le. I talked to a guy named Jeff (I believ e-he's no
longer there) and I asked him out of curiosity how much he wanted for the entire surplus area in the store. He said , " give me $700 and it' s
yours:' I know my mouth dropped open when he said this. I quickly closed my mouth , thought for a second and asked him , "S700??"
He confirmed what I thought I had heard and said, "Ok , so you want it?" Naturally, I agreed to take everyth ing on the spot . J couldn 't
give him the money fast enough . He and a helper started boxing everything up for me and helped me load up my truck. It took four trips
to get everything. When it was all said and done , I had scored one of the biggest parts purchases to date.
So, they've downs ized and downsized so many times over the years , the retail store has shrunk down to an itty bitty place. Keep in mind
that they still have a good amount of surplus available, so give 'em a visit ,
Ok, so what about now? First, most of their good surplus isn't located in the main retai l area any longer . A few months back, they had a
couple isles of surp lus on the floor and a wall of co mponent cabinets stocked up with common and unco m mo n chips . It was still fairly
impressive , though nothing like the early days . Anyhow , the surplus is now located in the back warehouse and the HUGE ware house they
maintain across the street (Edinger). Many people have no idea that ACP has the large warehouse directly across from their retai l store .
BlacklistedI 411 Volume 6 Issue 4 - Fall 2004 39
�When you visit the retail, you must ask to either look at the surplus in the back or try to arrange a time to visit the surplus across the street
The stock in the warehouse is impressive . Not only do they store the bulk of their surplus , but they maintain the "biggest" stash of1.C .'s
that I've ever seen in one place! Apparently this is their bread and butter business (ACP Components). They have great prices and a
wonderful selection. Don't let the retail space fool you beca use there's a lot more to them than meets the eye . Anned with the little bit of
information I' ve given you. there 's no reason you can 't go there righ t now and pick up yourself a great dea l on some exce llent surplus
parts. Go visit them today!
Mark Ca pps (AKA Big Dog)
1842 C hrys ler Dr
Atlanta, GA 30345
Email : catfishh@beUsouth.net
Type : Scavenger/B roker-O nline
Contact: Mark Capps
This guy posts his parts list on the usenet all the time . He appears to cater to the arcade groups, but his list of parts is somewhat
impressive--a lot of hard to find parts and good prices. When you have a second. check out a Google search for: "Mark Capps" The
guy can be slow from time to time because he seems to go on trips often, but he is a good supplier . There's no phone number available
for him, so you're going to have to email him. If you can't emai l him, find someone who can email him for you.
eBa rgai n Elect ro nics
27Z0 S. Ha r bor Blvd #G
Sa nla Ana, CA 92704
TEL: (714)444-4934
FAX : (714)444-4936
URL: http://www .ebargainelectronics.com
Type : Retail/Surplu s/Sa lvage
Contact: Hamid
This is an interesting place. I never heard of it unt il a few years back while I was driving from anothe r surp lus place . Nestled in your
standard business complex , this small place packs a lot of good junk. Set up like a retail store, you walk into this place and immediately
realize it's a salvage/surplus store with shelving all the way up to the ceiling. If you like old tech, go to this place. The prices vary from
excellent to OH-MY -OOD- YOU- WANT-HOW-MUCH for that old 2400baud modem? If you run a prod uction company and need time
sensitive computer/e lectronics props, this place is for you. Neatly organized, the shelving has just about anything you cou ld want-
modems, KVM 's , wan warts, c-scopes, eprom programmers, eprom erasers, lab kits and what have you . I' ve picked up so many good
deals at this place in such a short time, I really have only good things to say about them . It would be easy to grab up some equipment at
this place and quickly turn it around on ebay or your own website . I know ,l've done it. This place is worth the visit, people .
R·Vac Electro nics
23684 EI T oro Rd. #0
Lake Forest, CA 92630
TEL : (949)586 -1210
Type : Retail/Surplu s
Contact : None
I've been to this place a few times and usually find a good deal each time I visit 1 don't have too much information on this place, but I'll
give you want I have. When you walk into this place, the first thing you'll notice is how incred ibly stuffed and disorganized the place is.
It used to be a normal retail electronics store some time ago, but with all the closing of the other electron ic stores from the 80's on up, this
place managed to get ahoId of more stock than they can effectively display in an organized fashion . So, they have heaps of junk
everywhere! If you dig. you can find a lot of good stuff here. I picked up several small piles of goodies for a few bucks each time.
Disregard the notice in the front that says more or less, " No Deals". They ' ll dea l just flne.
Marvac Electronics
2001 Harbo r Blvd
Costa Mesa, CA 92627
TEL : (949)650 -2001
Type: Full Retail/Surplus
Contact : Gene
There are maybe 6 of these stores left in the chain . This particu lar one happens to be the one I've visited the most. Ok, so this place is
one of myoid stomping grounds . They always have a lot of surplus goodies in the back " surplus" section . they have a table on the other
end near the parts counter which has piles of stuff that used to be on the shelve s-marked down to MOVE . Further, they have little grab
boxes all the time, anywhere from $2.99-$6 .99 (buy more of them , get price break) which are stocked up with vast amounts of surplus
pans that used to be pan of their retail stock. The best pan of those grab boxes is that they usua lly contain at least one or two items worth
10 times the price of the whole box. I always pick up a few of these because it reminds me of the grab boxes Radio Shack used to sell way
back in the 70's when they actually catere d to electronics hobbyists -anyone remem ber that? Anyhow, I've picked up tools, chips,
displays , switches, lights and more all for great prices. The cool pan is that they maintain a HUGE warehouse of parts that nobody knows
about or has ever been to. However. the dad who owns the chain just passed the biz on to his kids, so things are changing. If you want
access to great untouche d stock, go to this store . talk to Gene and tell him that you want to visit the ware house and he' ll hook you up .
40 Volume 6 Issue 4 • Fall 2004 Blacklistedl411
�C an C nla Electronic. & Indu. trl al Supp ly
or
22 1 N Johnson Avenue
EI Cajon, CA 92020
TEL: (619)588-5599
TEL: (866)225-3532
FAX: (619)588-0371
Type: Retail/Surplus
Contact: None
I foundthisplace while searchon ebay for some partsone day. I ended up biddingon andwinning a massive amountof chips at a typical
price of SO.99 per auction. After I won everything, I decided to go to this place in personand check it out thoroughly. I spent a whole
day at this place. Why'? It's HUGE inside and they have a lot of surp lus. The first thing I did was go to the bookshelf and gathered up
roughly 150 books-c-databooks , manuals, etc. Really good sruffl After tbis, I hit up the back area of tbe place and spent most of my time
digging through everything. They have an incredible amountof surplus everything fromheat sinks and ribboncable to connectors and
-
OLD non-pc keyboards. Even thoughI'm out of the business, I plan to go to this place manymore times just to see what else I can find.
Anyhow, after closing time, I was still there for another30 minutes and they let me look around since they knew I was going to be
spendingmoney.. ... You see. most electronicsstoresaren'tdoing well like theydid back in the 80's (the height of electronic hobbyists)
so money is KlNG now at these places. After it was all said and done, I filled up my truck with piles and piles of obsolete (read :
expensive) components, books, eprom programmers, 5-100 buss cards arcade parts connectors, keyboards and other surplus parts for
, ,
only a hundred bucks! Now thatwas a deal. Visit thisplace as fastas you can!
THE SWAPMEET LIST
I had to includethis because quite a few of the sellers mentionedin the series I have written sell at one or more of these swapmeets and
you'll usuallyfind a selection of partsthatyou wouldn't otherwisebe able to find fromthem.
ACPSWAPMEET
When: Last Sunday of each ODD month (Ianurary, March, May, July, September, November)
Where : ACP parking lot. 1310 East Edinger Avenue, Santa Ana, CA 92705
Time: 7:00AM - 12:ooPM
Cost: FREE
This is one of the oldest if not the oldest computer/electro swapmeetsavailable While it's toned down over the years, it's still a cool
nic .
swapmeet. Runby the same people thatbrought AdvancedComputer Products andthe ACP Superstore, there's a decent selection of old
vintage electronic equipment, computers and NEW computerequipment here. I always buy something at this one.....usually a truckload
worth. Manyof the salvageplaces sen here.
TRW SWAPMEET
When: LastSaturday of every month .
where: TRW parking lot at intersection of Aviation BLVD andMarineAvenue in EI Segundo,CA
Time : 7:30AM - 11:30AM
Cost: FREE
Excellent swapmeet with lots of old electronics- parts, equipment, tools. etc. I founda great deal there every single time I have been
there. This happens to still be my favoriteswapmeet of them all. It's really gearedtoward ham radioenthusiastand electronics guys. If
you look. you'll findgreatdeals on electronicpartsandcomponents here. Manyof the salvage places sell here.
CAL PO LY POMONA CO M PUTER SWA PMEET
When: Third Saturday of every month.
Where: Cal Poly Pomona Parking Lot F. 3801 West Temp le Avenue, Pomona, CA 91768
Time: 8:00AM - 11:30AM
COSI: FREE
Small electronics swapmeetbutworth the tripmost of the time. They have a lot of peop le witholdervintage partsandequipment. Found
a good deal thereevery time I'vebeen. Thisswapmeethas always been somewhatsmall and it lends to move around the parking lot a lot.
In fact, the swapmeet has been slowing down over the yearsand I don't know how much longer it's going to last, so visit before it's too
late.
ARC SW APMEET (Inland Empire)
When : Second Saturday of every month .
Where: AB Miller High Schoo l. 682 1 Oleander, Fontana, CA 92335
Time : 7:30AM· I I :30AM
Cost: FRE
Anothersmall swapmeet, but a good one. It's beenabout a 50150 deal here,but when I find a deal, it's excelle nt!
SANTEE SW APME ET
When : First and Third Saturday of every month .
Where: Santee Drive-In Theater . 10990 Woodside Avenue (ofThighway 67)
Time : 7:30AM - I 1:30AM
Cost: FREE
So-so swapmcet. Not the best, but still worthmentioning. I'vefoundmore thanmy fairshare of exce llent deals at thisplace. Made some
big $$ ofTof them, as well.
Blacklistedl 411 Volume 6 Issue 4 • Fall 2004 41
� BY
MOTHER
GOOSE
Aren' t kids lucky these days? The y get to grow up in a world of computers and the internet . satellite and cable tv, gameboys , dvd players.
cell phone . etc, etc, etc. Boy, we must have had it prett y bad in the dark ages to have to deal with lame things such as Atari, Commodore
64's , tape and record players, and rotary dial phones . How on earth could we have lived like that?? The truth of the matter is, kids, every
generation has berter, more technicall y advan ced "stuff', and it' s all thank s to the hacker generation before them . I think 010:-.1 people need
to realize that, as it seems that a lot of people don't.
1 am not a hacker , the best 1 can do on a computer is find Gymboree' s website , and charge a hefty sum on the cutest kids clothes I can
find. I am also not a professional writer . What I am is a hacker advocate , simpl y sitting here writing down my thoughts . I am a proud wife
of a hacker , and mother of three small children ages 6 and under who I'm hopin g will grow up to be hackers . I did not say that I want my
kids to grow up to be criminal s, I said hackers. Just as you would not call a banker who stole money out of his till simply a "banker", you
would call him a thief. aka criminal. You should not call a hacker that does something illegal simply a " hacker", he is a criminal that also
happens to be a hacker. There are criminal s in every profession. There are also good people in every profes sion. Hacker s are responsible
for many things that keep "criminal hackers " from doin g harm . What does a company do to protect their company from criminal hackers ?
They hire hackers , and they pay them a lot of money to do it. We tend to think of hackers as people who can 't get enough of computers.
Maybe that's becau se anyone with a hackers mindset loves a good challenge, and the computer has so many possibilities that have yet to
be explored . But hackers are not just computer geeks, hackers love all technology. Any sort of electronics they can get their hand s on is
good. They make things that make the world a better place . Yes, I want my kids to grow up to be hackers .
I love the idea of my kids bein g the next inventors of sc rne great technology we haven't even thought of and can't even imagine yet. A
fresh generation of minds to take what my husbands generation of hackers hav e come up with and practice, take apart , manipulate, and
hack these things to do whatever it is that they can think of to make them do. I for one encourage my kids to explore and "hack" a
technology they find intere sting.
Howe ver, it took some persua sion from my first child to allow me to understand the scope of it. My daught er, at the time three years old,
had a huge interest in o ur satellite box and bow it worked .. My husband the "hacker" of the family, and I were very reserved about the
idea of her having the remot e control and doing with it as she pleased. He preferred the remote to be put up high and out of her reach .
Now just to show you that we are born curious, thus actually we are born hackers , what do you think a three year old would normally do?
That's right a three year old certainly would not sit there and take that, they would do what they could to reach that darn remote and play
with it until their heart was content. Well. being that this was my first child. J did not realize this. My daughter not only from being simply
three years old. but also pre sumably having a hackers mentality would some how climb up something and get that remote without any
evidence to condemn her. Apparentl y she would do this when my husband and I were in the next room having a conversation. and she
would keep an ear on what we were saying . I am assuming that when she would here our conversation come to a close, she would quickly
and without proof put the remote back where she found it. This must have gone on for a while becaus e for the longest time we'd find
cartoons and kids programming recorded and we just couldn't figure out why that darn satellite receiver keep recording these frigen
things! We didn't even imagine that our little three year old would be able to record them. I mean gee, the remotes were always put up.
My sweet little three year old would honestly think that n1Y ears were going to fall off when she would rattle on and on, SO much so that
she 'd have to stop in mid sentence to push my hair back and check that my ears were still there . So, how on earth co uld such an innocent
three year old understand how and cov ertly record the show she was watchin g? Well, she did. She must not have been paying attention
one day, because 1 walked in to find her in front of the TV with the remote in hand . She was startled, she jumped, and then she started to
cry for fear that she was going to be in trouble . I know it sounds mean, but I couldn't help but chuckl e at the discov ery, and I had to call
my husband in to see for himself. There she was with her little bottom lip sticking out, tears down her face, remot e in hand, Blues Clue s
on the TV and the record button lit red on the receiver. It was cute , it was humorou s, it was a revelation , and it was also a little sad. It was
sad becaus e she had to hide her thirst and desire to under stand and learn . It w as sad be cause she felt afraid of a consequence for wanting
to educate herself. This was a revelation for my husband and I. We decided that if she wanted to learn how someth ing worked, then she
was free to explore. Naturally with many things, we would . or rather my husband would need to be there for tech nical suppo ~.
Aren ' t we always telling OUT childr en to study up . Don 't we try to send them to the finest pre-school s we can find to give them the best
head stan on learnin g that we can? Yet, we still stifle their naturall y curio sity. Who knows how many peopl e out there today would have
already invented a flying car had they been allowed to tinker with things more as a kid. Yeah, I know I'm reaching with that example , but
it gives you the idea. Let ' s try to encourage our childr en to have a thirst for kno wledge from a young age. Why not buy a newspaper. look
in the freebies section and find an old T V to take apart together? Why not let your teenager stay up late on a Friday or Saturda y night
messing around on his computer and sleeping in late the followin g day? Who knows, that teenager of yours might be on the verge of a
breakthrou gh on a new comp uter program that will make him mill ions and make life easier for billions of people includ ing you..
In the sense that scientist invent cures to make the world a better place for human kind, hackers on a different level, give human kind new
technology to make the world a better place . We should thank them . We should encourage them to learn, tinker , and explore . Mama ' s,
please let your babies grow up to be hackers . I would hate to miss out on what good things they could have contributed.
42 Volume 6 Issue 4 • Fall 2004 Blacklistedl411
� Most folks have never utilized a proxy server because, well, why should they? It's usually only done by folks whose ISP
requires them to use one. It's slower and more hassle to deal with. So why on Earth would you want use one? Well,
have you ever been in a location with web access that is censored? Maybe you want to check out that www.playboy.
com (for the articles), but the school district's "NetNanny" shuts you down. Or maybe you're a hacker , just looking for
some innocent (?) info (like a mailbox bomb), and up pops the thought police, No, no, no, no. Maybe you've got a slow
dog phone line connection at home, but you'd sure like to download that 25 Meg file on the workplace 's T- 1 to burn to
CD and take home instead of tying up your phone line for hours and hours. But you can't, because it had a metatag that
your administrator considers dangerous. I find that oftentimes it's not even the intent to limit access on a particular
subject, just some wording somewhere on the page that trips the "censor" erroneously.
Or maybe it's a web location that you don't trust altogether, and you don't want them to be able to see your IP address .
For me, warezlvirii sites fall in this category.
While there is no "one size fits all" solution, you may find that a proxy server will do the job . There are also hlml to email
portals that will email "forbidden" web locations to you through your email server. This will always get through . And,
done properly, the location being accessed will not be able to view your IP address , they will instead see only the IP
address of the proxy server. Of oourse, law enforcement will be able to track you, so don't send that threatening letter to
the president. But even they will have quite a time of hunting you down if you do it right. For example , I used to use a
proxy server that was in a far off country, and not one of the friendliest of nations to the U.S. I think I would have to do
something very serious for them to agree to play ball with the Feds.
How does one go about using a proxy server? Well , first you have to find a proxy server. Now, they are really not all that
happy about you doing this, because this server is maintained to serve a certain number of customers, and ~ you start
using it, you just become one more straw on the camels back. So they just don't freely advertise that they can be used
in this way. Actually, a few do, I've never used those.
Blacklisted I 411 Volume 6 Issue 4 • Fall 2004 43
� HACKING WIllI PROXY 5IRVU5
But, as I said, many ISP's require their customers to use a proxy server. And bless their hearts ; they usually maintain
web pages that explain in great detail how to set the browser up with the proxy. This is so that they don't have to hold
their customer's hand on the voice phone explaining this information. The trick is to find these web pages.
I hate to give this info out, because it has served me well over the years. But there are so many proxy servers I guess ~
really doesn't mailer. Go to your favorite search engine and look for "Internet Explorer" 'proxy", something like that.
"Configure" is another good search word. I like using "intemet explorer" no mailer which browser you prefer to use,
because 90 + some percent of the ISP's out there "recommend" the Bloated One to their users. I know from experience
that this search will give you all the hits you need to complete your task. You'll get thousands of hits, I recommend not
using the ones on the first page your search engine finds, but rather, go several pages in and pick some. That way the
ones on the first page aren't being used by 95% of the "specters."
It isn't really necessary for me to tell you the rest because the found web pages will explain to you in great detail how to
set up "Intemet Explorer". If you're using another browser, I'm sure you'll be able to figure it out quite easily. Basically, in
IE, you go to Tools> Options> Connections> Lan Sellings, click on the checkbox that says "Use a proxy server for
your LAN", and enter the proxy server's URL. Be sure and type a full URL, don't skip the htlp:1Istuffl
You'll probably find that you need to try several to find the one that works best for you. Some are just _too dam slow,
some just don't work at all (who wants to waste time figuring out why, just get another one), others will censor material
on you (the Arab sites don't like anything that has the word sex, for example). But if you are perseverant. you'll find
several youcan use.
How does it all work? When your local browser sends out a request for a web page, it no longer sends it directly to the
site (after DNS lookup). Now the request is sent to the remote proxy server. The proxy server then sends the request to
the site retrieves the data stream and then sends it back to you. It's like a middleman .
I used to work at a school and the administrator there was very diligent about limiting access to certain sites. But this
technique slipped through every time, because it didn't see something like www.playboy.com as a request, instead it
saw :www.playboy.com, etc. Something like that , I don't recall the exact syntax. Frankly, I didn't care
about the above mentioned site at all; I was just interested in the challenge. Er, and I was reading the articles .
After you've configured your browser to use the proxy and you're curious about just how invisible you are, check out
one of the many "IP testers" on the web. Here 's the URL of one, there are many:
hllp:llall-nellools.comltoo lbox
You'll find that ~ you did your proxy configuration correctly, and you have a good proxy, your local IP address will be
invisible to the site (You can view your local IP address by starting a command prompt and typing IPconfig) .
Congratulations, you now have a low-grade IP spoofer . Remember though, the dateltime, requested site, and your real
IP address is logged by the proxy server, so there IS a track record. Although, if it's in say, China , the track record might
as well be non-existent.
It's not really "IP spoofing" because that involves changing the outbound packets to reflect an IP other than your own.
That is much more diffleult, and for the most part, not necessary to become relatively invisible on the web. The huge
number of proxy servers available makes this the hands-down easiest approach for most purposes. Those that would
require real IP spoofing are advised to investigate the subject further on the web; It is beyond the scope of this article.
Now, you may occasionally find this doesn't do the trick for you, for various reasons. For example, maybe you like that
Arab proxy, but when you go looking for, ah, somewhat clandest ine information, the sites with that information are
loaded heavily with porn banner ads. As I said , to the best of their ability, the Arabs try to censor that. Even though you
had no interest in those ads (right?), the server is going to refuse access. Now what can you do? Well , you can use a
web to email gateway. These way-cool servers just sit and wait for you to write them an email , really! You write them an
email with the URL you're having trouble getting , and voilal In a few minutes, the web page is sent to you via email. In
text or hlml format -with pictures even. What could be cooler than that?
The following URL has much information on tha subject, inctuding a list of several servers:
htlp:llwww .bellanet.orgIemail.htrn
You can find many more servers, just type "web to email" in your favorite search device. There are a multitude of uses
for these servers. In addition to the "forbidden" URL workaround mentioned , you may sometimes find that you are
occasionally reduced to surfing in a very limited bandwidth situation. Maybe at the hotel , or connectad through your
cellular, etc. Actually, that is really the reason these servers were created . While most of us have become spoiled and
cannot stomach the time it would take to go from web page to web page in such an instance, you can request several
web pages at once, wait a few minutes for tnern to arrive in your email, and then view them in rapid succession after
downloading your mail. Or write an email with your favorite sites that you hit daily, send it off to one of these 'servers in
the morning, and have your favorite news sources, etc. on tap, updated daily without the wait. At least not the
maddening "human assisted" waiting between each page. And if you ARE in a censored environment, these emailed
web pages will come through witih out a hitch, no mail er what their content.
Do use these resources responsibly though, abuse could put a serious hitch in the availability of these handy sites.
Most are free, maintained by volunteers.
Repeat after me, the hacker mantra, "There's always a way ."
44 Volume 6 Issu e 4 • Fall 2004 Blacklisted I 411
� HACKING WI1II PROXY SlRVlRS
Although off-toplc, while we're on the email subject , have you ever been in a remote location and wanted to view your
pop email (not web-based) on another computer? While most pop servers have a web-based interface just for this
purpose nowadays, not all do. And some can be quite the hassle to access if you can 't recall the exact URL. You have
to go to your ISP's general infomnation page and fish through links, and many don't do a very good job of making this as
easy as it could be.
www.mail2web.comis the answer. Here's what they say about themselves: "From any computer , anywhere in the
world, No need to register!" That pretty much tells the whole story. Just put in the name of your email server , your
usemame and password, they can retrieve your email on the spot as though it were web-based .
While some might argue that there is no need for such security measures ("what are you trying to hide?") others would
argue that in a society with an ever increasing intrusion into personal daily affairs, such techniques are more than
necessary. They are mandatory.
The founding fathers took great pains to protect us from the very intrusions that many of our peers consider "nomnal"
today. They knew what they were doing, for they had experience with a very intrusive governme nt themselves. That is
why they CLEARLY stated that the right to pursue liberty and happiness were inalienab le rights "endowed by the
Creator." Not some permlssion granted to you by powerful men, mind you, but rights that you were given when you
were born, by the Creator. Inalienable, they cannot be separated from you.
May we always remember to question those that would chip away at our rights, that it is their job to demonstrate by
what right they attempt to do such a thing, when it is a power higher than them that gave us these rights in the very first
place. The only other option is to scrap the entire concept of the United States as having been founded on erroneous
concepts in the first place. I doubt you'd find any support for that (thank goodness1).
At this point you may have deduced that the author has degenerated into a drifting ramble, but there is a point to be
made. There is no freedom , except for that which we make for ourselves. There is much information available on the
web regarding security; I recommend that all readers become familiar with at least some of it. PGP is still Pretty Good
encryption (won't stop the Feds though, it is rumored) . Remailers are a very powerfu l and useful tool. These remailers
will allow you, when used property, to send TRULY anonymous email messages . You can also "chain" the remailers,
making any attempt to track the source a nightmare without end. Who knows when and if such a thing might become
more than an exercise in security measures; it's conceivable that it could become necessary at some point. One thing
you can be sure of, if that time were to come, it would be too late to find the remailers and learn how to use them . The
same thing is true of many of the security measures mentioned in this article.
Browser-based anonymous FTP is possible using the proxy server techniques spoken of earlier. You'll note that in the
IE options menu for the proxy there is an "Advanced" button. Clicking on this, you'll see how you can do the same thing
spoken of earner for your browser for browser-based FTP access. Usually the web browser proxies use port 8080, and
the FTP proxies use port 21. These are the standard default values for these functions . They are not written in stone
however, note the ports that the proxy server mentions if they are not the default values .
The techniques mentioned in this article are easy to implement, you'll be a pro in no time . You'll have another feather in
your hacker headband, and you'll have the knowledge that you can become invisible on the web on whim . You can
laugh at any attempt to censor your interests. And, if need be, you can get information out to others, without sacrificing
yourseif as a martyr. Heck, you'it be needed for your other talents.
•
Onwards and upwards!
~ lrVine Underground
Located in Orange County, California
Irvine Underground Organization
www. irvineunderground .org
Blacklistedl 411 Volume 6 Issue 4 • Fall 2004 45
t By Bob Blick
Add/Uonal excepts by Klngp/n
EdlUng by Zachary Blackstone
These plans explain in detail how to construct a project which
displays telephone numbers decoded from DTMF (Dual-Tone-
Multi-Frequency) tones, or touch tones. This is a useful tool for
any hacker to keep handy.
A microphone picks up the tones, a preamplifier boosts the
signals , an SSI-202 DTMF chip decode all 16 of the DTM F
tones (1-9, A-D), a Basic Stamp acts as an interface to an LCD
display and also provides "RS·232" serial output.
Alternative ly, the DTMF decode r can be directly connected to a
telephone, scanner, or a tape recorde r using an optional circuit
described in this article.
The tone decoder can be used for many things. Anytime you
hear a DTMF tone, and want to know what it is, just hook up the
decoder. Wh en it is hooked up to a phone line, any tones sent
over the line can be decode d immed iately . It is great for services like credit card verification, voice mail systems , answering
machines, COCOTS, etc. DTMF signaling is so widesprea d, there is no doubt that you will discover many useful applications
wilh the decoder.
Speaking of DTMF, the 16 tones that this circuit decodes are as follows:
1209 Hz 1336 Hz 1477 Hz 1633 Hz
697 Hz ABC DEF
1 2 3 A
770 Hz GHI JKL MNO
4 5 6 B
852 Hz PRS TIN WXY
7 8 9 C
941 Hz oper
* 0 # D
A PCBoard has not been designed for this project, thus you must use a breadboard or design your own PCBoard before you
build the project. On a scale of 1-10, this is about a 6 as far as difficulty is concerned . In order to build this circuit , you will
need quite a bit of electronics knowledge . Therefore , if you have never built anything involving electronics before, we
suggest that you seek help from someone with intermediate electronics experience when trying to complete this project. A
schematic of the circuit is provided to guide you but, again, a PC Board layout is not included at this time .
You might have trouble finding the SSI-202 chip, even though Radio Shack used to sell them . In the United States, the best
place to buy them in small quantities is B.G. Micro, www .bgmicro.com. They have the SSI·202 chip for $6.95 (part number
ICSSSI202) . In addition, B.G. Micro also supplies a SSI·202 datasheet at $0.50 for those who are interested (part number
ACS1023) . Editors note: At time of publication, the SSI-202 is also evailable from ACP components www.acpcomponents .
com - price unknown. -
If you have access to Mitel 8870 DTMF chips , you could use it in this circuit if you change the pins to match the
corresponding functions . I have not done it, so I can't help you . Silicon Systems, maker of the SSI·202 chip , has been
dissolved by Texas Instruments . •
Concerning the schemati c diagram of this project. I have not included a parts list, but I've tried to make the diagram self-
explanatory. If you can understand it, you can probably build it. Due to popular demand , I have included a modification that
allows direct connection to the phone lines . I must say, however, that I have not tried the modification (I have been told it
does wor1) and it's probably against the laws of certain countries, states , provinces , townships , and telephone companies to
connect home-made devices to the phone lines.
Edi/ors note: We've supplied a parts list and have suggested locations to purchase these components. The Basic Stamp
can be purchased from Jameco (www.jameco .com). Support for the Basic Stamp can be found at Parallax (www .para llax.
com). About the LCD - i/'s a Hi/achi H2570 lx16 matrix LCD. We have them available at $10 each. However, you may
substi/u1eany number of LCD panels in the place of this one if you have difficulty locating this one. The fol/owing LCD's are
sui/able replacements: Hitachi H2572, Sharp LMOI6L , Sharp LM0 18L, Sharp LM038L, Sharp LM16 15A, Vikay VK2116L or
the Philips LTN211F- l 0.
46 Volume 6 Issue 4 - Fall 2004 Blacklistedl411
47
� DTMF TONE DECODER PROJECT - BASIC STAMP CODE
'TONE DETECT PROGRAM FOR BASIC STAMP/HD44100 LCD DISPLAY/RS-232 OUTPUT
' Th i s simple program was developed for the 16xl ascii LCD display from
' Tl MELI NE using the 4 bit interface option, stamp set currently for 2400
' ba ud. Uses 51202 tone decoder chip.
'W i t t e n by Bob Blick with some LCD code thanks to Jim Remington.
r
' Bo b Blick 1996
' Re l e a s e d into the public domain. No warranties expressed or implied .
' Bob Blick February 18 , 2002
' Pl e a s e see accompanying schematic " t.one achi q Lf "
, CONNECTIONS
'led pin 14 13 12 11 6 5 2 1
"por t pin on stamp 7 6 5 4 3 1 qnd +5 gnd
'function db? db6 db5 db4 e ! s DV rs232 r/w vee gnd
I LCD pin numbers correspond to TIMELINE t s xr LCD display.
'Cha ng e LCD pin numbers to suit yOUI display.
"e e enab Le rS"'Ieset
' DV is data valid output of tone decoder chip
' S t amp supplies 5 volts to LCD , tone decoder, preamplifier.
' v a r i a b l e s used: bo- command byte, ba e da t a byte, b2 .. temp
dirs • %11111101 '7 output , 1 input bits
gosub init ' i n i t i a l i z e display - 4 bit mode with high n.i bb Le e da t a
'send hello string to display
for b2 • °
lookup b2, ("
to 15
Bob Blick " ) ,b1
gosub IcdoLlt
next
for b2 • °
to 1
lookup bz , (0,1l2I,bO ' s c r o l l mode selected
gosub send
next
'main loop, no check for line length. Plenty space for such options!
loop: dirs ... %00001101 'prepare for decoded tone
test1 : if pin1 .. 0 then testl ' do we have a tone?
bl - pins 'got one
b l, - bl/16 'convert to ascii
lookup b1 , (6S,49, 50, 51 , 52,53,54, 55 , 56, 57 ,4S ,42, 35,65,66,67) , b 1
dirs .. %11111101 ' p r e pa r e for output
gosub lcdout ' s e nd it to LCD
serout 0,4, (b1) 'serial port gets it too
test2 : if pinl • 1 then test2 ' s a m tone?
e
goto loop ' r e a dy for new tone
, SUBROUTINES
ini t:
'set 4 bit interface and initialize, standard plus display on , cursor off
for b2 • to 13 °
lookup b2,(4S,4S,4S,32 ,32,0,0,12S,0,16,O ,96 ,O,192),bO
gosub send
next
return
send:
' o u t pu t command byte bO to port, pulse e. Note : assumes bit 2 is clear
pins' bOis: low 3
r e t.ur n
lcdout :
' s e nd character in b r to display , first tOP nibble then bottom
bO-b1&240+' gosub send ' b i t 2 .. 4 sets data mode
bO-16*b1&240+4 : gosub send
return
The software for this project. It is only a bare-bones program- The smart people that build this circuit will surely write some
belte r programs and send them 10 me 10include in this page _ This program works fine, iI'Sjusl very basic. You must rename
il with a .bas extension before loading il into a Basic stamo. Editors note: This source code is available for download on
Bob's website at the following URL: hnp:llwww_bobblick.comltechref/projectsltonedecltonadec.txt Additionally, this code will
be made available on the Blacklisted! 411 website in the magazine forums ~ project discussion area.
48 Volume 6 Issue 4 • Fall 2004 Blackllstedl411
� Thief or Thrill seeker?
By Eri k Giles
I wonder how many readers of Blacklisted! 411 have seen the film called The Thomas Crown Affair? For those of you who haven 't , let
me quickly summ arize it for you .
Portrayed by Pierce Brosnan, the main character is a multi-billionaire named Thomas Crown. He's reached to the pinnacle o f the business
world and he ' s run out of challeng es in life. Billion-dollar business deal s bore him . Crown crash es expens ive sailboats for spite.
Mr. Crown. now in his mid-life crisis , concocts a diabolical criminal masterpiece and steals a priceless painting from a mu seum . Why did
a man who had everything risk going to jail? He didn't need the money. It was never about the money for him. He did it for the
challenge. The game itself is more important to him than the rewards ever were.
The vast majority of the world' s computer hackers are the same. They break into systems just for the challenge. While they aren't
necessarily above breaking a few rules, they don 't do it for personal gain. Like Crown viewed his an theft, they view computer hacking as
a victimless crime.
Unlike the hacker who breaks into a website and steals customer information , Crown had the luxury of returning the painting to the
rightful owners. Sure, an ethical hacker can return any information he acquired. but no one knows how many copies he made and to
whom he or she might have sent it.
Growing Trend Is Er od ing Tr ust
Many of you have probably heard of the recent hack of 81's Wholesale . Announced in March, this hack involves hundreds of thousands
of customer accounts. Over the past few years there have been numerous other notorious hacks. Amazon, Axcion, Egghead and others
come to mind. There have been many more, smaller hacks that did not make the news. I think it will get worse before it gets better .
Merchants generally react when they become aware of their customers accounts getting used fraudulently . Banks react to these situations
by cancelling accounts and reissuing new cards . They can also implement aggressive transact ion monitoring strategies. But the down side
of these countermeasur es is impact on the customer. They are inconvenienced, and they can lose time and money.
In the wake of these incidents, merchants and banks can also tum against each other. A few banks are already pursuing the matter in
court, looking to recover losses from B1's. 81' s has vowed to fight these lawsuits.
But I think the worst damage is not financ ial. Faith in the banking system begins to erode. Customers become less willing to spend money
and merchants and banks tum on each other.
Blinks and Merchants Dilemma
Once a hack has been discovered, the merchant andlor the banks now has a number of choices . Leadership has to weigh a number ofrisks,
financial, public relations, consumer privacy and others against each other and come to the right decision . Despite the emerging stereotype
of the corporate criminal whose only guiding principal is the bottom line, the people I've worked with in the banking industry truly want
to do what's right for the shareholders and the consumer.
Financial risks are the most tangible. As losses mount, the bank and/or merchant is forced to act. The longer they wait, the more money
they lose. However, taking action carries its own costs. Closing accounts and sending new cards costs money . Monitoring accounts costs
money.
I know all this very well, because I've been in the management side, helping make decisions to safeguard the interests of the bank. My
responsibilities were to manage the overall costs suffered by the bank and take care of the customers. I could reduce the short-term
impacts, but all along 1 wondered, what is the long term solution to this? What is the b ig picture?
How Ca n (or SHOULD) the El hlcal Uacker Co mm unity Help ?
Okay, the Thomas Crown Affair was just a movie. Pure fiction. But I imagine that a real world Thomas Crown Affa ir wo uld motivate the
management of the art museum to re-evaluate and upgrade their security . Crown's actions allowed them to gain valuab le information
about security gaps that would enable them to prevent similar losses in the future.
At the end of the day, the art museum learned of their vulnerabilities and did not lose the paintin g. From this point of view, one could
rationally argue that Crown did them a favor. But this does not make Crown's actions legal or morally right?
Looking at it from the strictly economic point of view of the insurance company, the theft was a good thing . Sure , they had to pay the
investigator, played by Rene Russo, her finders fee. But her fee was insignificant compared to the loss of the painting. The security
vulnerabilities cou ld be addressed. or theinsurance company cou ld revoke the museum' s policy.
In the real world, a hack of customer infonnation works out much the same way. The victim, in this case the merchant who got hacked,
becomes aware of their security loopholes after the information and the money is gone.
Blackllstedl 411 Volume 6 Issue 4 - Fall 2004 49
�Where do the 'White Hat' hackers enter here? Of course I cannot suggest or condone this kind of activity, but I wonder, what if an ethical
hacker, rather than a crim inal, found the next major exploitable gap in a large merchant? If he reported the vu lnerability, would the victim
even bother to respond? Or would wait for real losses in order to get them to react?
What if an ethical hacker had identified the breach at BJ's wholesale and informed the right people before any dollars were lost? Would
anybodyhaveacted?
We all hear about the mass compromises where there are losses associated with it. But how many more occur , where the hacker is a
Thomas Crown, not intent on stealing the cash, but just beating the system?
Would the merchant or bank work to close the loophole then? Somehow, J don't think so. Sure, the card associations such as Visa,
MasterCerd and Discover have strict rules regarding storage and protection of customer information , but they can't possibly enforce these
rules in every database in the world. In our current climate , like the tree that didn't really fall because no one hears, loopholes are not truly
loopholes until money is lost.
Hacke r Wargames: Rad ical Idea For A Solution
If you want to safeguard trust, you've got to prevent the hack from happening in the first place. But I don't think that it's possibl e to close
every potential loophole in every data system, so it's futile to even try.
But there is a large, untapped resource out there that the business community could harness. And I don 't think it would cost nearly as
much money as they are currently losing to these hacks .
I suggest that the banks. merchants and credit card associations get together with the ethical hacker community and run large scale hacker
wargames . Certain businesse s could declare their systems as legal targets within certain timeframes, offering bounties and amnesty to the
hackers who find the most exploitable gaps. I believe that most of the worst vulnerabilties would be discovered before a criminal hacker is
able to.
Everybody wins. The ethical hackers would relish in beating the system, the security issues could be fixed with no customer impact, and
these threats to trust and consumer privacy could be greatly reduced. J think the hardest part would be figuring out how to get the risk-
taking, free-thinking hacker types and business leaders to work together.
Enjoy yourself, Mr. Crown. Try to beat the system again. Steal the paintings and give them back, but be sure to tell us how you did it.
Links
http://www .usatoday.comitech/newsicomputcrsecurity/2004-08-10-database-culture_x.htm
http://business.bostonherald.comlbusinessNewsiview.bg?articleid=40303
http://www .eweek
.comiarticle2/0%2CI759%2CI597974%2COO.asp
About the auth or: Erik Giles has worked for thre e of Ame ricas top ten banks, specialiZing In fraud p rev entio n. His
first novel, Terror Cell, features a computer hacker as the main character. See www .terro rc ellbo ok.com for more
Information.
BY THE CRYPT PHREA KER
So, you've hea rd of ca ller 10 spoofing as it's a fairl y hot topic . You want to know wh at it's all about? No probl em . W e'll
give you a real quick lesson on the subject and hit you with a detailed article in the next issue.
In a nutshell, Calle r 10 spoofing is pretty much exactl y wh at it sounds like. It's a method by which the caller 10 of the
calling party is 's poofed" to indicate a different (use r se lectable) caller 10 on the receiving end of a phone call. Wh y
would anyone want to do this? For any number of reasons, all of which are to hide or conceal the true identifying
number of the calling party by replacing it with a false number. It's an extremely useful tool for the phreake r, private
investigato r and bill collector. Yes, even bill collectors use this. See www.s tar38.com for more info rmatio n.
How does it work ? With out going into heavy detail on the subject , I'll give you a coupl e examples. Each of these
examples require the use of a third party service of some sort.
#1 The most popu lar method is the use of the Telus service which was first discovered by Lucky225 . The caller places
a call to Telus (800)646-0000 with an ANI fail (using AT&T op divert ), gives the operator the number they're dialing from
(fake #) and complet es the call. The called party receive s the call with caller 10 indicating the fake number originally
provide d to the Telus operator . As of this writing , the AT&T op divert was working only some of the time . This method
still works, depending on which AT&T call center you reach . Varying reports are coming in on this subject , so YMMV.
#2 Method two invo lves the use of Voicepulse voi ce ove r IP (VO IP) service (www .voicepul se.com) . The caller sets up
their Voicepulse acco unt to forw ard to the numb er of the person they wish to call. They the n call their own Voicep ulse
number with their caller 10 blocked . They are pro mpted to enter the calling number (fak e # inserted here) and the call
goes through .
Ok , that's it for now. Sound i~te resting ? Stay tuned for the full article in the next issue of Blacklistedl 41 1.
50 Volume 6 Issue 4 • Fall 2004 Blacklisted I 411
� """~ -'.
Introduction:
In the 1980s a serial terminal was a big thing witb a picture tube and keyboard. You used it to commun icate with a computer by RS-
232 cable or with a modem . In this century, we still sometimes have need for a serial terminal, and we 'll typically use a personal
computer running a terminal program (Hyperterminal, bundled with Windows, is a terminal program). Thi s project is a self-contained
serial terminal using a PICI6F84 microcontroIler chip, an inexpensive LCD character display, a keypad , and very little else. It is full-
duplex, meaning keypresses cause RS-232 output , and RS-232 input makes characters appear on the LCD . If you connect the RS-232
output to the input you can see the keys as you press them, without connectin g to anything else (that's called " looping back').
Project Description:
The picture above doesn 't show the electronics, ju st a keypad and LCD display. The electron ics is on a smal l board behind the LCD.
This LCD is a 4 line by 20 character inteIligent LCD display . Displays from Ix8 to 4x20 or 2x40 and pretty much anything in
between are compatible . I paid less than USSIO for this display from AIl Electronics (http://www .aIlelectronics.com) (editors note:
All Electronics still has a backlit Samtron UC20402 TLAT5-H 2Ox4LCD available at the time af p ublicatian, part number LCD- 89 at
a cost of $24.80. The spec sheet is available in PDF format at http:iMww.allelectronics.com/sp edLCD-89 .pdj) . The keyboard you
use should be a matrixed keyboard or keypad with up to 5 rows and 4 columns (20 keys maximum) .
This smaIl PC board is the terminal itself. Someday I will document
a PC board design, but currentl y I am only making available the
schematic diagram, source code for the PICI6F84, and compiled
hex code for a typicahconflguration so you can quickly test it out.
The source code is in C and very easily configured for different
baud rates, LCD and keypad confignrations . The program should be
compiled with Hi-Tech PICC (http://www .htsoft.coml) . A free
version supporting the PIC I6F84 called "PICLITE" is available and
wo rks fine.
The mapping of the keys is fuIly configurable, and each key can also
be configured for one of four different modes. Each key is allowed
to have a primary code and a secondary code. Depending on what
mode is c hosen, the secondary code might be sent when the key is
released , or when the key is held more than one second , etc . Key
repeat is also programmable, and each key can have a different mode .
Many cursor movement features are implemented, aJl the standard ones (backspace, carriage return etc.) and if you tell the program
your LCD format, text will flow from line to line.
Every pin of the PICl6F84 is used, and some pins are used for 4 functions, through multiplexing the LCD, keyboard drive, and
auxiliary input and output, using a feature I calI "supennultiplexing" . I intended the auxiliary outputs to drive LEOs . The picture on
the top of the opposite page shows a terminal mounted in a computer's drive bay, see the five LEDs on the right side. The LEDs are
time-sliced , so the pins are not dedicated all the time , so the LEDs will show a faint glimmer when off. Nonetheless, it's a useful
feature. Auxiliary inputs should be connected through a 10K resistor and wiIl read high if left floating . One PIC pin is completely free
Blacklistedl 411 Volume 6 Issue 4 • Fall 2004 51
�and is configured as an output. The sourcecode is easily modified if you need morepinsandcan sacrifice keypad columns.
Technical Notes:
Baud rates are chosen in the program before compiling, If you use a 4 MHz crystal the maximum baud rate is about 2400 baud.
Actually you can get 2400 baud with a 3.58 MHz crystal. If you need 9600 baud you can use a 14.318 or 16 MHz crystal, even
though the PICI6F84 is only rated for 10 MHz(or use a PICI6F84A) . "Funny" baud rates are possible, within limits any baud rate
can be used. It is not possible to bave split (different baud rate for send and receive) rates. The PIC16F84 does not have a hardware
UART (serial port) so each bit must be done in software using a method called "bit-bashing". I used the timer-based interrupt to
managethe timing.This limitedthe maximwn baudrate,but the code is less messy usingthe timerinterrupt.
The circuit requires a 5 volt DC power supply at a few milliamps. Although the PICI6F84 can run from 4 to 6 volts, the LCD
contrast varies wildly with voltage. In the schematic I have shown LCD pin 3, the contrast pin, grounded. This might give you too
dark a display. Connect it to ground through a 470 Ohm or IK ohm resistor to lighten the display.
RS-232 is supposed to have +12 and -12 volts. This circuit does neither. Driving long, noisy lines could be troublesome. The receive
pin is a Schmitt Triggerso it shouldrejectmost sources of noise, but if you have problems you could terminate it with a 4.7K resistor
to ground at the board.
Supermultiplexing is not shown on the schematic. It is available on 5 pins (RB3-7). For output, connect LEOs through resistors
(minimum 220 Ohms). The are commanded with control-P followed by the binary pattern you wish to output. The upper 5 bits of the
byte you send will be output, and the lowest bit is sent out RBO. The other two bits are ignored. for input, hook to pins RB3 through
RB7 through 10K resistors You can use switches to ground, sense logic levels, or even sense 12 volt logic in an automotive
.
application. Read the pins with control-N. A byte will be sent out showing the state ofPORTB. The bottom 3 bits are not cleared so
you should ignore them.
The source code is heavily commented so you should consult it before asking questions!
Timing is based on the crystal. You may substitute a ceramicresonator insteadof a crystal, the accuracy of a resonator is adequate.
Although a PIC can use an RC oscillator, it should not be used in this circuit, your baud rate would not be accurate. Use a crystal or
resonator.
Editors note: The C source code for the PIC16F84 is about 23K in length, so we decided NOT to include it in print form . II's
available on Bob 's website at rhefol/owing URL: htlp:/Iwww.babbliek.comllechref/projecls/lcdtermllcdlenn6.cAddilional/y.this
code wiII be made available on the Blacklisted.' 41J website in the magazi ne forums > project discussion area .
WWW.HACKERSHOMEPAGE.COM
• MAGNETIC STRIPE READERSIWRITERS
• GAMBLING MACHINE JACKPOTTERS
• VENDING MACHINE DEFEATERS
• KEYSTROKE LOGGERS
• SMARTCARDLOADERS
• LOCKPICKS
OUR 8TH YEAR IN BUSINESS (407)650-2830
52 Volume 6 Issue 4 • Fall 2004 Blackllstedl411
� LCD SERIAL TERMINAL PROJECT - SCHEMATIC DIAGRAM
o (,)
Blacklistedl411 Volume 6 Issue 4 • Fall 2004 53
�LARGE SELECTION of items of interest to the hacker SCANNER MODIFICATION HANDBOOK. Big! 160 pages!
community. Surplus, stun guns, pepper spray, hobby More than 20 performance enhancements for PRO-2004 and
supplies, electronics, survivalist, spyware, too much to list PRQ-2oo5. Restore cellular, increase scanning speed, add
here. Huge selection of FREE ebooks, Succeed With 6,400 memory channels, etc. Step by step instructions,
Women, Guerilla Web Promotion, many others, some for photos, diagrams. Only $17.95, + $3.50 hipping ($4.50
purchase, the cream of the crop. Come check us out! 'tf!!:t!.,. Canada). (NYS residents add $1.38 tax.) CRB research, Box
hacksupplies.com 56BL, Commack, NY 11725. Visa/Me welcome. (516) 543-
URBAN EXPLORATION! Phone obsessions! POintless 9169.
conversation! And a slight chance of hackingl It's Doug TV HIGH-TECH security/survival booksrrnanuals: Computers,
baby hltp:/lwww.dougtv.org Internet. Phones, Energy, Physical Survival, Financial, Law.
THE WORLDWIDE WARDRIVE is an effort by security MedicallRadionics, Mind Control, WeirdlParanormal. Free
professionals and hobbyists to generate awareness of the Online Catalog, at: Consumertronics.net (PO 23097. ABO,
need by individual users and companies to secure their NM 87192), 0'$3 hardcopy (USNCanada, $7 foreign). See
access points. 'The goal of the WOr1dWide WarDrive (or display.
WWWD) is to provide a statistical analysis of the many SIX DIGIT LED CLOCKS (with seconds); AC powered,
access points that are currently deployed. http://www. highly accurate. Several models. Free catalog! Whiterock
wor1dwide......rdriv'l.orgl Products, 309 South Brookshire, Ventura, CA 93003. (805)
LOCKPICKING101.COM Open forum discussion to educate 339-0702.-9169. '.
yourself and others aboot lock picking and lock security. CELL PHONE cloning for the guy who has (two of)
HACKER ART WANTED! We're actively recruiting people everything. Must have current service contract. For more
to submit artwork to us. We're looking for freehand as well info, call Keith (512)259-4770. 6426, Yuma, AZ 85366-6426.
as computer artwork of technology, people using technology, BUILD A RADAR JAMMER out of your old radar detector.
events, devices, utility personnel, utility vehicles in action (or No electronic knowledge needed. Only $9.95 + $2.50 S&H
doing nothing at all), tradeshows, technology swap meets Call 24fr. for easy step-by-step plans. 1-800-295-0953 Visal
and hacker meets, comics, etc. If if s related in any way, we MC/Dis.
want artwork!! Blacklistedl 411 Magazine, P.O. Box 2506, BOGEN FRIDAY FR-1000 all digital answering machines.
Cypress, CA 90630 www.blacklisted411.net An excellent all-purpose digital answering machine with 8
LOOKING FOR HACKERS AND PHREAKERSI We're mailboxes (4 announcement only). Has a total recording time
looking for hackers and phone phreakers to work on a new of 18 minutes. $52 each including shipping. GI Electronics
community based WWW project. If you're interested and www.gielectronics.comP.O.Boxll 029.Westminster.CA
would like to know more, email keynet@spoonybard.org or 92685
visithltpJlspoonybard.orgIkeyne\.html ALL YOUR 802,11B ARE BELONG TO US Unlikeanyolher
INFOSEC NEWS is a privately run, medium traffic list that database system that exists since or during the period of "the
caters to the distribution of information security neWS articles. collective" (2002), none other has given a return of the entire
These articles will come from newspapers, magazines, online collective back to the submitter. The collective is not a
resources, and more. For more information: httpJIwww.c4i. mapping database system. 1\ is a mechanism to exchange
orglisn.html data in a cumulative fashion for such interested parties
I'M RAFFLING my original APPLE-I computer I have no use through anonymous assimilation . http ://www.
for it anymore so im giving anyone who wants a chance on allyourB0211barebelongtous.orgl
owning a piece 01 history alii ask is for a one paragraph leller BLACKLISTEDI 411 MEETINGS We know some of the
teiling me why you would want my computer.and $2.00 cash diehards kept the meetings going while we were out of print.
or money order to: MY RAFFEL. 567 W. channel lsI. Blvd., Thanks guys!! You need to contact us and ret us know the
Port Hueneme CA, 91341 suite 416 details of your meetings so we can list you in the magazine.
HACKERSHOMEPAGE.COM - Your source for Keyboard For everyone else. Would you like to start up a meeting,
Loggers, Gambling Devices. Magnetic Stripe ReaderNVriters, yourself? It's fun, tt's easy and you get a free subscription
Vending Machine Defeaters, Satellite TV Equipment. out of it. Tell us where you want it held and give us a contact
l.ockpickaetc...(407)65O -2830 name and number or email address. If you want your free
HACKER STICKERS Geeks, Coders and Hackers get your subscription, you'll need to provide an address, of course.
stickers, shirts, hardware and caffeine from www. Think about starting a meeting yourself. Blacklisted! 411
hackerstickers.com Magazine, P.O. Box 2506, Cypress, CA 90630 www.
CELLUlAR PROGRAMMING CABLES : For Motorola Flip blacklisted411.nel
Series $100, 8000/Brick Series $150, Mobile/Bag: $100 SCIENTIFIC ATLANTA 8580 $225, 8570 $250, 8550 $150,
(includes handset jack, the only way to program Series 1). 8500 $120. Will program your 8550, 8500 EAROMS for
Panasonic and Milsubishi Cables $100. All cables are high $7.50. Cable security key gets past collars $25. Add $5
quality, professionally assembled and guaranteed. Guide to shipping. No TX sales. Send money order to: K. Perry, PO
Cellular Programming, everything you ever wanted to know, Box 816, Leander, TX 78646-0816. Phone: (512)259-4770.
correct wiring diagrams, trouoleshootinq, etc.: $45. Other HEAR NON-COMMERCIAL SATELLI TE RADIO programs
accessories and programming software available. Inquiries right in your area without the use of a dish or any other
to: (714)643-8426, orders only to: (800)457-4556. C.G.C. expensive receiving equipment. Thousands of these
HIGHLY COLLECTIBLE INTEL 4004 Processors. We have programs are operating today across America. Programs
these available in NEW OLD STOCK condition. Ceramic as may include talks shows, weather, sport events, news feeds,
well as plaslic. Ceramic "04004" $70. Plastic "P4004" $40. financial reports, music programs and data ports. This
Shipping cost of $6 not included. We also have P40011 technology is received through a high tech. SCSRTI card.
P4002 support devices available @ $26 each, shipping Find out today what you have been missing! (800) 944-0630.
included. GI Electronics www.gielectronics.com P.O. Box Credit card orders accepted.
11029, Westminster, CA 92685 USED CELLUlAR HANDHELDS: Panasonic EB3500
GET YOUR FREE AD IN BLACKLISTEDI 411 Reach portables, includes a battery (but no charger) forty number
thousands of readers in the US. Canada, Japan, the UK, alpha memory. good working order, avaitable as an extension
Australia, and elsewhere. Join our long list of satisfied clients to your existing line for $279, or as is for $129. Orders only:
who have made Blacklisted.411 their vehicle for reaching (800)457-4556, Inquiries to: (714)643-6426. C.G.C.
customers. Blacklisted! 411 Magazine, P.O. Box 2506, HOME AUTOMATION . Become a dealer in this fast growing
Cypress, CA 90630 www.blacklisted411.net field. Free information. (800)838-4051.
54 Volume 6 Issue 4 - Fall 2004 Blacklistedl411
�TIRED OF SA TEST KITS with marginal or inconsiste nt SPECIAL SALE arnd 2400+ syste m with 256mb ram, 40gig
performance? 21st Century Electronics and Repair hdd, 64meg int video w/agp slot and ext remel y portable case
guarantees peak performance with 40-pin processo r kits. wlh andle $450.00 + shipping handlin g. for details send email
New, more flexible program with additiona l features puts to xteraco@yahoo .com w/ subject special sale??
others to shame. Price $49 each or 5 for $233 . 1st time OBSOLETE COMPONENTS Are you lookin g for an old IC
offered . (404)448-1396 you can't seem to find anymore? W e hav e a very wide
FEDERAl FREQUENCY DIRECTORYI Kneite!'s "Top variety of hard to find and obso lete co mpo nents available.
Secrer registry of govemment frequencies, New 8th edition. Check us out. Odds are, we have the part you need or can
268 pagesl FBI, DEA, Customs, Secret Service, BATF, find it for you. GI Electronics www .gi electronics .com P.O.
Immigration, Border Patrol, iRS, FCC, State Dept., Treas ury, Box 11029, Westminster, CA 92685
CIA, etc. & surveillance, bugs. bumper beepers , worldwide COIN-OP VIDEO ARCAD E GAM ES . Parts , boards , and
US military, 225 to 400 Mhz UHF aero band, Canadian empty cabinets available for your projects. Cabine ts
listings, & more! Ultimate "insider's" directory! Standard available for $75. C.J. Staffo rd, (301 )4 19.31 89.
reference of law enforcement , news media; private security, WANTED: FEATUR E FILM JUNKIE w ho ca n access up-to-
communicatio ns Industry & scanner owners . $21.95 + $4.00 date FAX numbers for hot agents and/or producers &
shipping ($5.00 to Canada). NY State residents add $2.21 directors . My objective : to bring to thei r attention my action -
tax. CRB Research Books, Box 56BL, Commack , NY 11725. thriller script. Can pay by the hour. (909)275-9101
Visa/MC welcome. Phone orders (516) 543-9169 weekdays THE BLACK BAG TRIVIA QUIZ : On MSDOS disk.
(except W ednesday) 10 to 2 Eastem . - -- / Interactive Q&A on bugging, wiretapping, locks, alarms,
TV CABL E/SATE LLITE ( "GRAY " "M A R K ET ) weapons and other wonderful stuff. Test your knowledge of
DESCRAMB LER EXPOSE, 160pp, illustrated, with vendor the covert sciences. Entertaini ng and VERY educational.
lists for chips , parts. Law, countermeasures, much more! Includes catalogs of seleeled (no junk) sharewa re and
$23.95 + $3 S/H. Check/MO . INDEX, 3368 Governor Dr., restricted books . Send $1.00 for S.25 disk, $1 .50 for 3.5, plus
Ste. 273, San Diego, CA 92122. Credit cards only: (800) two stamps, to: MENTOR PUBLICATION S, Box 1549-W ,
546-6707 . Free catalog of "insider" books on scanners , Asbury Park NJ 07712
cellular, credit, eavesdropping, much more. 6.500MHz or 6.5536MH z CRYS TALS Your choice . $4 each.
TOP SECRET Spy DEVICES Home of the Worlds ' Smallest No shipping charges . Send to TCE Information Systems,
Digital Voice Recorders and Spy Cameras . We stock many P.O. Box 5142, Los Alam itos, CA 90721
items inclUding: Transmitters , Bug Detectors, Audio ANAR CHY ONLIN E A computer bulletin board resou rce for
Jammers, Telephone Recorders, Lock Picks, Voice anarc hists, surv ivalists, adventurers, investigators,
Changers, Keystroke Loggers . www.spydevicecentra l.com researchers, computer hackers and phone phreaks.
(305)418-7510 . Scheduled hacker chat meetings . Encrypted E-maillfi le
EUROZINES AND OTHER CULTURAl HACKER Z1NESI A exchange. WWW : hhtp:l1anarchy-o nline .com Telne!:
one-stop, cutting-edge mail-order source for over 1,000 titles. anarchy-o nline.com Modem: 214-289-8328
Beautifully illustrated 128-page catalog includes: alternative/ WAR DRIVING IS NOT A CRIME The benign act of locating
fringe science , conspiracy, Forteana, sexuality , computer and logging wireless access points while in motion -
hacking, UFOs, and much more . Send $3.00 to Xines , Box Ward riving is NOT a crime, being stupid should be . htlp:11
26LB, 1226-A Calle de Comercio, Santa Fe, NM 87505 . WW'W.wardrivingisnotacrime.coml
WEB SITES We have a list of hundreds of interesting and ARE YOU A PHOTOGRAPHER? With the increasing
unusal web sites. Some of the sites are related to this number of high resolution digital camera s in the hands of our
magazine and some are not. Hacking, phreaking, breaking readers , we're actively recruiting people to submit photos to
the law, sovereign citizenship, lasers, eleelonics, surplus, us. We're looking for 3.0megapixel or better digital photo's of
credit, etc.. You have to check this out! Save hundreds of technology , people using technology, events, devices, utility
hours of time by getting our list. We will provide the list on 3- personnel , utility vehicles in action (or doing nothing at all),
1/2" disk and you can load it directly into your web browser tradeshows, technology swap meets and hacker meets . If it's
and click on the links OR we can provide the list on paper - related to hacking in any way , we want photographs!!
whichever you prefer. Send $5 to TCE Information Systems , Blacklisted! 411 Magazine , P.O. Box 2506 , Cypress, CA
P.O. Box 5142, Los Alamitos , CA 90721 90630 www.blacklisted411 .net
FM STEREO TRANSMI TTER KIT. Transmitter broadcasts HACK THE PLAN ET A new and exciting board game in
any audio signal from a CD player, VCR , or cassette player which 2-4 players race to complete a hacking mission .
to FM stereo radios throughout your home and yard. Uses Please send $3.OQcheck or money order payable to CASH.
the unique BA1404 IC. Tunable across the FM band, runs on Hand-scanned 99XX exchanges in 516 AC . Included may be
1.5 to 12 volts CD. PC board/component s, $24 . Visa/MC . data kit modem numbers , WFAlFA, SSCU , TSAC(SCC),
TENTRONIX, 3605 Broken Arrow,. Coeur d'Alene, 1083814. CO#'s, etc. Send $2.00 check or money order payable to
(208)664-2312. CASH and specify exchange . "MCI-Style" Phone Patrol hats
CALLING ALL WRITERS I We want YOU to write for us. are now available! Just $18 check or money order payable to
We're looking for articles related to the hacker "scene", CASH. 2447 5th Ave, East Meadow , NY 11554 .
technology reviews , opinions on issues, etc. If you submit an ATTENTIO N HACKERS & PHREAKERS. For a catalog of
article for print and we use it. we'll pay you $25-$600, plans, kits & assembled electronic "TOOLS" including the
depending on length , content and the use of additional RED BOX, RADAR JAMMER , SURVEILLANCE, COUNTER
material such as (diagrams, photos, pictorials . schematics , SURVEILLANCE , CABLE DESCRAMBLERS & many other
etc). We require all photos to be 3.0megapixel or greater. HARD-TO -FIND equipment at LOW "RICES. Send $1.00 to
JPG format is acceptable . Blacklisted! 411 Magazine, P.O. M. Smith-02 , P.O. Box 371, Cedar Grove, NJ 07009
Box 2506, Cypress, CA 90630 www.blacklisted411 .net PRIVACY ACT AND SOCIAL SECURITY NUMBER
TRUE TAMPER·PROOF Security Screw Removal Bits. The LIMITATIONS , How anyone can win $10K fin e for this simple
super torx kit includes: T-l0, T·15 , T·20 & T·25 . Complete violation of your rights. Open a bank account without aSSN
set for $19 .60. TOCOM 5503 bit $8.95. TOCOM 5507 bit $5 plus 3 FIC stamps . Obta in a major credit card without a
$19.95. Zenith PM/PZ·l bit $10.95. Jerrold Starcom bit SSN (making it impossible for a bank or any institution to
$19.95. Pioneer (oval) bit $23.95. Oak Sigma (oval) btt check your credit history or records) $25 plus 5 FIC stamps .
$23.95. Security Screws available. Tamper-Bit Supply Co. For info send $1 and LSASE to: Know Your Rights , cia R.
(310)866-7125. Owens, 1403 Sherwood Dr., Bowling Green, KY 42103 . NO
CELLULA R RESTORA TION on your 800 Mhz scanner CHECKS PLEASE. M/O or FRN's only.
performed expertly for $40 including return shipping. HARD TO FIND 6502 6800 68000 Microprocessors. We
Guaranteed. Offer expires soon. Keith Perry, 607 Osage have a wide array of very hard to find microprocessors and
Dr., PO Box 816, Leander, TX 78641. (512) 259-4770 . micro support devices available. If you need it, we proba bly
6.500 MHZ CRYSTALS $4 a piece, 50 for $115, 100 for have it. GI Electronics www .gielectronics.com P.O. Box
$200. Add $3.00 for shipping. Send checks to C. Wilson , P. 11029, Westminster, CA 92685
O. Box 54348 Philadeiphia, PA 19105-4348
Blacklistedl 411 Volume 6 Issue 4 - Fall 2004 55
�VOICE CHANGING ACCESSORY. Digital voice changing: CB RADIO HACKERS GUIDEI New! Big 150 pages;
male to female, female to male, adult to child, child to adult. pictorials, diagrams, text. Peaking, tweaking and modifying
Use with any modular phone. 16 levels of voice masking. 200 AM and SSB CB radios. Improved performance, extra
Connects between handset and phone. STOP THOSE capabilities! Which screws to tum, which wires to cut, what
ANNOYING TELEPHONE CALLS! Sound older and tougher components to add: Cobra, Courier, GE, Midland, Realistic,
when you want to. Not a kit. Fully assembled. Use with SBE, Sears, Uniden/President. $18.95 + $4 S&H ($5
single or multi-line phones. 3Q-day refund policy. Ask for Canada.) NY State residents add $1.96 tax. CRB research,
free catalog of our products. VISNMC ok. Xandi Box 56Bl, Commack, NY 11725. Visa/MC accepted. Phone
Electronics. 1270 E. Broadway, Tempe AZ.85282-5140. Toll order M-Tu-Th-F, 10 to 2 Eastem time. (516) 543-9169.
Free order line: (800)336-7389. Technical Support: (602) S-100 BUSS CARDS for sale. I have piles & piles of S-100
894-0992 cards I'd like to sell off at $15 each. Vector, Corvus,
MAGENCODERS.COM Manufacturer of the World's SpaceByte, Cromemco, Heath, etc. Please contact me for a
Smallest Portable Magnetic Card Reader & Point of Sale complete list of available items. techgathering@comcast.net
Data loggers. We also have Magnetic Stripe Reader/ AUCTIONSI You hear about them all the time, but you've
Writers, Smart Card Loaders & Copiers, etc... (407)540- never been to one? You gotta GO to one. You can buy just
9470 about anything for pennies on the dollar! Cars, trucks, boats,
UNDETECTABLE VIRUSES. Full source for five viruses houses, electronic equipment, furniture, etc. Forget that "cars
which can automatically knock down DOS & windows (3.1) for $100" crap. That's a loadl But, you can get some pretty
operating systems at the victim's command. Easily loaded, awesome deals for small amounts of cash.. Our favorite
recurrently destructive and undetectable via all virus auctions (and many of the BL411 staff) include the arcade
detection and cleaning programs with which I am familiar. auctions and the car auctions. Remember those arcade
Well-tested, relatively simple and designed with stealth and games you played as a kid in the 80's? Man, you can get
victim behavior in mind. Well-written documentation and live some bitchen deals on those! This is only the tip of the
antidote programs are included. Priced for sharing, not for iceberg. There's SO MANY things you can get for a small
making a ridiculous profit. $10.00 (complete) on six 1.44MB, fraction of their worth. Send $5 and we'll send you a booklet
3.5" floppy discs. Money orders and checks accepted. No loaded with names, numbers and places to go...You NEED to
live viruses provided! Do NOT ask. Satisfaction guaranteed do this! You'll find out how you can attend the non-advertised
or you have a bad allitude! The Omega Man. 8102 Furness auctions, which will mean better deals for you. Don't miss
Cove, Austin, TX 78753 out on all the great deals! So send $5 right NOW: TCE
NO SOUND ON PREMIUM CHANNELS? It will happen Information Systems, P.O. Box 5142, Los Alamitos, CA
sooner or later on your Jerrold DPBB-7 Impulse. Ask 90721.
Manhatten! Soundboard brings the sound back. Best sound WE WANT WRITERSI That's right! We want YOU to write
fix on the market. Easy to install soundboard $24.95. Easy for us. The people at Blacklistedl 411 are currently seeking
to build soundboard schematic, parts list and common chip freelance writers to increase the quality and scope of the
number $34.95. Send us your unit and we will install the magazine. We're looking for quality articles related to the
soundboard for $59.95. SOUNDMAN, 132 North Jardin St., hacker "scene", events, technology reviews, opinions on
Shenandoah, PA 17976. (717) 462-1134. issues, etc. If you submit an article for print and we use it,
BAD CREDIT? WANTINEED A VISA CARD? If so, send us we'll pay you $25-$600, depending on length, content and
$19.95 (cash/check/MO) and we will send you a very useful the use of additional material such as (diagrams, photos,
list of addresses and phone numbers of banks and financial pictorials, schematics, etc). We require all photos to be
institutions that 'WILL' work with you. Most will give you a 3.0megapixel or better. JPG format is acceptable.
VISA credit card regardless of your credit rating. We even Blackllstedl 411 Magazine, P.O. Box 2506, Cypress, CA
include a few banks that will require a deposit, just to "round 90630 www.blackllsted411.net
out" the list a bit. For an additional $10 we will include a NULL MODEMS - Download laptop: or upload to your pc the
small "how-to" program showing you step-by-step how to easy way! w/ direct connect, or (DOS 6.1) Customized setup,
improve your credit rating and dealing with creditors. You no bulky adapters, MAC or IBM compatibles. Send $18.95 for
might think that your bad credit doesn't mean anything right 6ft cable, specify 25 or 9db ends, custom ok. Instructions
now.. Wait until you need to buy a house or a car, then you'll included. P.O. Box 431 Pleasanton, CA 94566 (510)485-
see how much you REALLY need to have GOOD CREDIT. 1589
So, get back on track. Buy our list and the how-to program NEW BOOK FOR CABLE HACKING. All about the industry
and start your way back into a good credit status. Cash or and how to install test chips in nearty every model of
money order. TCE Information Systems. P.O. Box 5142, decoder. Test chips available, Etc. (408)581-2380
los Alamitos, CA 90721. SECURITY SCREWDRIVER BIT SET Our best selling 30
SINGLE DUPLICATION OF CD-ROMS Send your CD and piece screwdriver bit set is now available for $40 including
$25 and you will receive your CD and an exact copy. Want shipping to anywhere in the U.S. The set includes 9 security
more than one copy? Send a additional $15 for each Torx bits from TT? through T140, 7 security Hex bits from
duplicate. Make checks or money orders Payable to/Mail to: 5/64" through 1/4", 4 Scrulox bits from S-o through S-3, 8
Knoggin, 582 Merket Street Suite 616, San Francisco, CA standard pieces, covered plastic case w/ a nice handle for all
94114 of the bits. This is an extremely handy toolset you'lI wonder
LOOKING FOR A BLACKLISTEDI411 MEETING IN YOUR how you ever did without! TCE Information Systems, P.O.
AREA? Why not host one yourseif? It's easy. Tell us where Box 5142, Los Alamitos, CA 90721
you want it held and give us a contact name and number or DON'T BUY A MODIFIED CABL E CONVERTERI I'll show
email address. If you want your free subscription, you'll need you what to do. Where to get parts, everything. Call 24hr.. 1-
to provide an address, of course. Think about starting a 800-295-0953 Only $9.95 + $2.20 S&H Visa/MCIDis.
meeting yourself. SPEECH CHIPS" WE GOT 'EM Yes, we have hard to find
FIND PIRATE SOFTWARE Learn how to find pirate software speech chips. We have General Instruments SP025O,
on the Intemet. Get thousands of dollar's worth of programs SP0256 , Votrax SC-ol, Harris HC-55532, Texas Instruments
for free such as Office97 and more games than you can play. TMS5220Nl, TMS5220CNl and more. Come and check us
Complete guide includes background, tools, techniques, out. We have a wide seiection to choose from. GI
locations, and shell scripts that will find software for youl Electronics www.gielectronics.com P.O. Box 11029,
Send $5.00 money order or CASH (no checks) to The Westminster, CA 92685 .
Knoggin Group, P.O. Box 420943, San Fransisco, CA 94121- HACKERS '95 THE VIDEO by Phon-E & R.F. Bums: See
0943, USA. what you missed at Defcon III and Summercon 95! Plus, our
RAM DRAM SRAM GALORE We have many hard to find trip to Area 51 and coverage of the "CyberSnare" Secret
memory devices available. If your project requires old RAM Service BUSTS. Elec Cntr Measures, HERF, crypto, and
not available any longer, check us out. We have a very wide more! Interviews with Eric BlookAxe, Emmanuel, and others.
selection of RAM to choose from. GI Electronics www. VHS 90 min. Only $25 - distributed by Custom Video 908-
gielectronics.com P.O. Box 11029, Westminster, CA 92685 842-6378.
56 Volume 6 Issue 4 • Fall 2004 Blacklistedl411
�HACKERS SCREWDRIVER BIT SET Brand new for 20041 MAKE MONEY NOW, HACKERSI Have an interesting story
Our newest selling 60 piece security screwdriver bit set is to share? Write for us and make some money. Have some
now available for $55 including shipping to anywhere in the cool photo's of something nobody has seen? Send it to us
U.S. The set includes 3 Spline bits M5 through M8, 4 scrulox and get PAIDI Doodle on paper all the time and wish you
(square) bits SO through S3, 3 torq-set bits 6 through 8, 12 could catch a break...along with a paycheck? Draw for us
security torx T-5 through T-40, 13 security hex bits 2mm and make $$$! Blacklistedl 411 Magazine, P.O. Box 2506,
through 5/32" , 5 tri-wing bits 1 through 5, 3 posidrive bits PZO Cypress, CA 90630 www.blacklis ted411.net
through PZ2, two flat bits 1/8" and 3/16", 3 phillips bits 0 ZINE PUBLISHER RESOURCE BOOK If you're thinking
through 2, 5 spanner bits 4 through 12, 3 bowtie bits C1 about publishing or already started publishing a zine, you
through C3, triangle bit 2mmx2mmx2mm, wing nut driver, need this resource booklet. Discover who you can distribute
1/4" x 60mm bits holder, bit holder socket, socket adaptor, your zine through and make more money . Send $14.95,
ratchet screwdriver and a covered plastic case. This is an cash or money order only. TCE Information Systems, P.O.
extremely handy toolset no hacker should be without! TCE Box 5142, Los Alamitos, CA 90721
Information Systems, P.O. Box 5142, Los Alamitos, CA CELLULAR EXTENSIONS, SEND US YOUR PHONE or buy
90721 a new or used phone from us! Proof of line ownership
SPEECH CHIPS - WE GOT 'EM Yes, we have hard to find required. We have phones from $129. Call for a list of
speech chips. We have General Instruments SP0250, available models, we program many different brands
SP0256, Votrax SC-01, Harris HC-55532, Texas Instruments including all Motorola, same day service. Orders only: (800)
TMS5200NL, TMS5220NL, TMS5220CNL and more. Come 457-4556, inquiries to: (714)643 -8426. C.G.C.
and check us out. We have a wide selection to choose from. WANTED: OLD COMPUTERS for my collection . Looking for
GI Electronics www.gielectronics.com P.O. Box 11029, Commodore, Atari, Amiga computers , accessories, books,
Westminster, CA 92685 cables, software. If you have something like this that you no
A TO Z OF CELLULAR PROGRAMMING. Programming l o ng e r wan t , please contact me ASAP.
instructions on over 300 phones in a software database. techgathering@comcast.net
Also back door and test mode access instructions for all the NEW BOOK ON HACKING We 're going to put together a
popular models: manufacturer's contacts, system select, lock! hard cover book full of interesti ng stories from hackers,
unlock info. Just $59.95. Orders only: (800)457-4556, crackers and phreakers. If you have a story to share, please
inquiries: (714}643-8426. C.G.C. send it to us along with some contact informatio n (ie: name,
WE NEED ARTISTSI We're actively recruiting people to address, email, phone number - we won't publish this
submit artwork to us. We're looking for freehand as well as information), your handle/alias /pen-name for print. The
computer artwork of technology, people using technology, longer the story, the better. We 'd like factual stories, but we'll
events, devices, utility personnel, utility vehicles in action (or consider fictional stories as well . If you have any suggestions
doing nothing at all), tradeshows, technology swap meets on the topic of this book, we'll consider your ideas. Once the
and hacker meets, comics, etc. If it's related in any way, we book is complete, each person who submitted material we
want artwork!! Blacklisted! 411 Magazine, P.O. Box 2506, use will get a FREE copy of the book. Please send your
Cypress, CA 90630 www.black!isted411.net material to: Blacklisted! 411 Book Project, P.O. Box 2506,
GAMBLING MACHINE JACKP OTTERS We offer a Cypress, CA 90630.
complete range of gambling products designed to cheat ATARIIBALLYIWILLIAMS ARCADE PARTS We stock hard
gambling machines as well as other games. Our products are to find parts for your ancade games . We have custom ROMs,
designed to demonstrate to gambling machine owners the PROMs, custom sound and speech chips (AY-3-8910, AY-3-
vulnerabilities of their machines. Our product line consists of 8912, AY-3-8913, HC-55532 , TMS52oo . TMS5220 , SG-01,
Gambling Machine Jackpotters, Emptiers, Credit Adding SP0 250, SP0256, LM379, etc), custom video chips
Devices, Bill Acceptor Defeats and Black Jack Card Counting (TMS9928), custom Atari chips (AVG, SLAG, SLAPSTIC,
Devices. Please visit www.jackpotters.com POKEY, etc), custom Namco chips , custom Williams "Special
ADVERTISE IN BLACKLISTED! 411 Classifieds are now Chip 1", D-to-A and A-to-D converter chips (AD561JD ,
FREE for everyone. Reach thousands of readers in the US, AM6012, AD7533, ADC0804, ADC0809, etc), Atari LED
Canada, Japan, the UK, Australia, and elsewhere. Join our buttons, Kenron brand Cinematronics flyback transformers,
long list of satisfied clients who have made Blacklisted! 411 trackball roller repair kits, 6500, 6800 and Z80 series CPU's
their vehicle for reaching customers. Blacklisted! 411 and support chips. We even carry manuals and schematics.
Magazine, P.O. Box 2506, Cypress, CA 90630 www.We havea wide selectionof arcadepartstochoosefrom. GI
blacklisted411.net Electronics www.gielectronics.com P.O. Box 11029,
KEYSTROKEGRABBERS,COM Manufacturer of discreet Westminster, CA 92685
keyboard logging hardware. Our devices capture ALL CHIP COLLECTOR I SALVAGE SOURCEBOOK Have you
keystrokes on a compu1er inctuding user name and ever looked online for some collectable component s or
password. PARENTS-Monitor your child's Internet, e-mail, vintage electronic equipment, only to find out that it's cost is
instant messaging and chat room activity. EMPLOYER5- way too high? This souncebook will provide you with the
Monitor employee computer usage .compliance. Employees ability to locate the same items at only a small fraction 01 the
will spend less time browsing the intemet and sending e- bloated online cost. Buy collectable gold chips (Intel,
mails Wthey are being monitored. EXECUTIVES & SYSTEM Motoroia, Zilog, National Semiconductor, etc) for $2Q-$40nb .
ADMINS-detect any unauthorized access of your PC. If Do you have any idea how many chips are in a single pound?
someone uses your computer after hours, you will know. More than enough to make this souncebook worth a peek!
(305)418-7510 Find that Intel C4004 you've been looking for and pay
ADAPTEC SCSI CARDS for sale. We have AHA-2940, pennies, not hundneds of dollars. Grab a few thousand
AHA2940UW, AHA-2944, etc. $20-$30 each. We also have EPROMs and pay a few bucks a pound, not a few bucks per
brand new 3' and 6' SCSI cables $2-$4 each. DB25-to-SCSI, EPROMII Find older high end EPROM programmers for $20-
SCSI-to-SCSI II, etc. We also have brand new Belkin 15' $30, not $2oo-$300! The deals are many, the price is
IEEE printer cables $3 each. Shipping extra. We have a minimal. You'll be glad you got yourself a copy of this
wide selection of SCSI products to choose from at low. low sourcebook and wonder how you ever did withoutl Send
prices. GI Electronics www.gielectronics.com P.O. Box $19.95, cash or money orde r only. TCE Information
11029, Westminster, CA 92685 Systems, P.O. Box 5142, Los Alamitos, CA 90721
INTEL SDK-85 SYSTEM DESIGN KITS available here. I've BUILD YOUR OWN REPLI CA APPLE I 8-bit computert The
been collecting this stuff for years. They're in GREAT replica 1 is a functional clone of the first Apple computer.
condition. $100 each plus shipping. If you're interested, Prices start at $129. See www.vintagecomputer.tk for more
please contact me ASAP. techgathering@comcast.net details.
Market place classified advertisi ng Is c urrent ly FREE to anyone . It's a first co me, fi rst served off er, li mited only by
space con straints within each Issue. If you 'd like an ad placed with in Black list ed l 411, yo u shou ld se nd it In as
soon as poss ible. We accept both commercial as well as personal ads. We may dec id e not to publish any ads
whi ch are inapproprt ate or have no conne ction wi t h the hacker commun ity.
CONTACT US A T: www. blackl/s ted411.net
� MONTHLY MEETINGS
Interested in meeting up with some of the Blacklisted! 411 readers? We will iist all hacker meeting information that is
provided to us. We will list "Blacklisted! 411" only meetings as well as "independent" meetings open to all.
Calilomia
(949 Area Code) - Irvine
iHop - By Airport (Upstairs Room), 18542 MacArthur, Irvine,
CA. 92714 - Meeting is not Blacklisted! 411 specific. The
meeting date may change from month to month. For
specifics , check here: lNWW.irvineunderground.org
Hosted by: Freaky
New"'_
(505 Area Code) - Alb uquerq ue
YOUR MEETING HERE
Want to set one up? Contact us and give us your
Winrock Mall - Louisiana at 140 food court, east side doors Infonmation in a similar fonmat to the meeting info. li sted
,
under the security camera dome. here.
First Friday of the month, 5:30pm-9:00pm
Hosted by: Mr, Menning
(505 Area Code) - Albuquerque
The computer room in the Grand Reserve Apts. at Mailland
Park
Last Friday of the month, 12:00pm-1:30pm
Hosted by: Whisper
We removed all of the hacker meetings we could not confinm were still in existence. If you 're still running a meeting,
contact us right away and we'll get you listed here on this page.
If you are interested in organizing a new meeting in your area, please contact us, advising us of your interest, where
you 're located, where you would like to hold the meetings, etc . (Be sure to include your contact name, area code ,
city , stat e, day of month and ti me as well as a des cription of meet ing location). Also include con tact Infonmati on for
our use such as: name, phone number, address, email, etc.
The repliCaI is a furu;lional clooe of the apple 1computer !l lncludes a 65C02 MCU ""'""'ll' K RAM
and 8K ROM wiIh mQn~or buik in The replica has buill in video and the capability u en euthent.; ASCII keyboard or
moemodem PS/2 keyboard. Simply add a standard PC style AT power supply, keyboard and NTSC composite TV 0(
rC! ca I
mon~. Add the optional sorial llO interface and you can store and load programs from any PC. Kits start at just S129 and
assemllledboardsare juS!SI99
visit www.vintagecomputElr for more info
,tk I.3rk'! cornputc:!r)
58 ~ Volume 6 Issue 4 - Fall 2004 Blacklisted I 411
� e.r, I~LI~f~r"IIONIf~S
YOUR BEST SOURCE FOR HARD TO FIND AND OBSOLETE COMPONENTS
WWW.GIELECTRONICS.COM
DRAM/SRAM 6800/68000 SPECIAL SERIES
1101 $15.00 Z80 $2.00 6800 $4.00 MC1495 $8 00
1103 $15.00 Z80A $4.00 6802 $10.00 AM2901 $800
2016 $5.00 ZSOB $6.00 6803 $9.00 AM2903 $20.00
2101 $8.00 ZSO-CTC $2.50 6808 $12.99 AM2907 $8 .00
2102 $10.00 Z80A-CTC $4.50 6809 $8.00 AM2909 $8 .00
2104 $8.00 Z80B-CTC $6.50 6809E $8.00 AM2910 $800
2107 $15.00 Z80-PIO $3.00 6810P $2.99 AM291 1 $8.00
2114 $5.00 Z80A·PIO $3.50 6810 $9.99 AM2914 $15.00
2115 $15.00 ZSOB-DAR
T $3.00 6821 $5.00 AM2960 $15.00
2117 $12.00 Z80A-DART $3.00 68B21 $5.00 AM2964 $ 14.00
2128 $6.50 Z80-S101o $4.00 6840 $6.00 AM29116 $20.00
2147 $7.00 Z80A-SIOIO $4.00 6850 $4.00 AM2951 6 $20.00
2148 $8.00 Z80B-SIOIO $4.00 68000P8 $4.99 AM29701 $8.00
2149 $9.00 Z80-S10/2 $4.00 68000Pl0 $5.99 TM59927 $35.00
X2212 $35.00 ZSOA-SIOI2 $4.50 68000P 12 $6.99 TM59928 $45 .00
27503 $5.00 Z84COO-4 $8.00 88000L8 $14.99 DG201 $4.50
4016 $6.50 Z85305CC $6.00 68000L10 $16.99 LF1320 1 $4.50
4027 $4.00 Z8603R5 $20.00 68000 L12 $17.99 LF13331 $9.95
4116 $4.00 68008 $10.00 CD4016 $ 1.50
4118 $10.00 6500 EPROM/EEPROM CD4066 $2.00
4164 $4.00 6502 $5.00 2516 $10.00 LM324 $6.50
4416 $5.00 6502A $6.50 2532 $16.00 LM3900 $6.50
4801 $10.00 6502B $8.00 2564 $16.00 TL081 $3 .50
5101 $10.00 65C02 $8.00 2708 $15.00 TL082 $3 .50
5114 $25.00 5504A $8.00 2718 $10.00 TL084 $4.00
8116 $6.00 6507 $8.00 27C18 $8.00 WD10l 0 $15.00
8264 $7.00 6510 $8.00 2732 $12.00 WD1014 $15.00
9101 $8.00 6512 $8.00 2732A $10.00 1771 $15.00
9128 $6.50 6520 $8.00 27C32 $8.00 1791 $15.00
74589 $5.00 6522 $6.00 TM52732 $11.00 1793 $15.00
93415 $15.00 65C22 $8.00 TM52732A $11.00 1795 $15.00
93419 $10.00 6525 $8.00 2764 $4.50 1797 $15.00
93422 $15.00 6526 $7.00 2764A $4.50 2793 $21.00
82509 $15.00 6529 $7.00 27C64 $2.00 2797 $21.00
SOUND/SPEECH 6532 $8.50 27128 $3.50 D5P32010 $15.00
AY-3-8910 $15.00 6551 $6.00 27128A $3.50 TMS32020 $15.00
AY-3-8912 $15.00 6551A $6.00 27C128 $2.50 TM538010 $15.00
AY-3-8913 $15.00 27256 $4.50 TMS4500A $15.00
COl2294B $15.00 PROM 27C266 $2.00 TMS5501NL $45.00
LM3795 $25.00 82523 $15.00 27512 $5.50 TM55502NL $45.00
MB3730 $35.00 825123 $8.00 27C512 $2.50 8X3OO $15.00
5 C.Ql $45.00 825128 $8.00 27C010 $5.00 8X305 $15.00
5 P0 250 $35.00 825129 $8.00 27C010A $5.00 G171S-35C $10.00
SP0258 $35.00 825130 $9.00 27C02O $8 .00 N30021 $35.00
TDA1004 $25.00 825131 $8.00 27C04O $9.00 N532201 $10.00
TDA2D02 $15.00 825137 $9.00 27C080 $9.00 N532203 $10.00
TMS5200NA $25.00 825140 $16.00 27Cl024 $6.00 P4004 $40.00
TM55220NA $25.00 825141 $16.00 27C2048 $8.00 D4OO4 $70.00
TM55220NL $25.00 825147 $20.00 27C4096 $10.00 INS4004 $60.00
TM5 5220CNL $30.00 825153 $25.00 NC7055 $35.00 P4001 $20.00
HI55532 $55.00 825180 $12.00 ER2055 $35.00 P4002·1 $20.00
WWW.GIELECTRONICS.COM
GI ELECTRONICS, P.O. BOX 11029, WESTMINSTER, CA 92685
Blacklistedl411 Volume 6 Issue 4 - Fall 2004 59
�