� A S.ludepiess
!4i er.e.n t r.l l en
EYal:uati.B B.aJ~d
Never fear hardware again with the
Parallax Professional Development
Board (PDB). Avariety oftypical I/O
(LEOs, LCD interface, buttons, etc.)
devices and circuitry are built into
the PDB, providing users with an ideal
experimentation environment for
.................. ...................
Be sure to check out the losl-
I Neural TCP/IP contestat DC14!
I
� Subscrlpt/ons: Advertising:
$20 U.S., $24 Canada , $35 Foreign Blacklisled I 41 1 Advertising
Check or Money Order (U.S. Funds only) P.O. Box 2506, Cypress , CA 90630
Email: advertising@b lacklisted41 1.net
Letters/Articles:
Blacklisted l 411 letters and Articles World Wide Web:
P.O. Box 2506, Cypress , CA 90630
(Include name & address-we PA Y for articles) Website: http://www .blacklisted411.net
Store: http ://store.blacklisted411.net
Forums: http://www .bI411forums.com
Copyrigh t 1983-2006 by Syntel Vista. Inc.
All opinions and views expressed in Blacklisted! 411 Magazine are those of the writers of the article s, and do not necessari ly
reflect the views or opinions of any Syntel Vista, Inc. stalTm embers or it's editors.
All rights reserved . No part of this material may be reproduced, stored in a retrieval system , or transmitted in any form or by
any means, electronic, mechanical, photocopying. recording or otherwise, without the prior written permissi on of Syntel Vista,
Inc.
9035768ABBAJBVJB-0027
DBBl01,07,32,41 ,52
PRINTED IN THE UNITED STATES OF AMERICA
Icons used on the front cover are from Dropline Neu! created by Silvestre Herrera and are released under the GNU
General Public License (GPL). A full copy of the license and icons can be located at http://www .silvestre .com.ar/or
available on request 8S required . --
�Black/isted141 J introduction/or those ofyou who are new••...
Who we are... and were ... exclusively passed around by modem (unofficially on paper)
and disks were still being released at this time.
The question often arises on the subject of, "How did it all
start?" in reference to our magazine and it's history. In June of 1987 marked the end of Blacklis/ed! 411, the hackers
response to this popular question, here is a quick history monthly. The last disk based magazine (# 46) was distributed
lesson of Blacklisted! 411 magazine, including names, dates that month. Since all of the original crew were finally out of
and little known facts which have, thus far, been hidden away high school and onto college, work and the biggerlbetter
for years... things in life, nobody had the time or inclination to put any
effort into the disk based magazine anymore. The once
Blacklisted 411 magazine dates back to October 1983 with a thriving Blacklisted! 411 group broke up and people went
group of friends from a Southern California high school that their separate ways. Naturally, it was assumed that this was
shared a common interest. They were all deeply interested in the end and Blacklisted! 411 would never be resurrected in
their Atari, Apple and Commodore computers, electronics, any form.
sciences, arcade games, etc. They built projects, hacked
into various things, made their own programs, came up with In the summer of 1993, one member (and the original editor-
grand ideas and tried to make them into some sort of reality. in-chief), Zachary Blackstone, felt it was lime to revive the
The group started a monthly hackers "disk magazine" (an Blacklisted! 411 concept, but this time do it as a print
early form of what is now known as an e-zine) called magazine. It was extremely difficult to get started because
"Blacklisted 411, Ihe hackers monthly'". This may sound the group was no more and he was alone. He was the only
strange today but circulating information on disk was the best one of the original group members remaining that had an
interest in bringing the hacker group and magazine alive
way to get it out (at the time) without all the cool toys we take
for granted today. There was no internet to utilize and nobody again. With some money, the will to make it happen, top of
had printers which could print anything other than plain text the line (at the time) computer gear and page layout
(and didn't even do that well). With a disk based system, text software, Blacklisted! 411 was reborn. Blacklisted ! 411
files, primitive graphicslpictures, and utilities were fairly easy
Volume 1, Issue 1 was released in January 1994. Blacklisted !
to distribute and it could be copied by anyone who had a 411 was finally BACK. The issues were released monthly and
compatible computer. AI our peak, at least 150 disk copies distribution was small. Regardless, the related user meets
of the disk magazine were sent into the public, were packed! The interest in the magazine was great. After
though there is no way to know how many were copied by a year passed, it was decided to try a quarterly format in an
others. effort to increase distribution. During that year Zachary
managed to get in contact with many of the old group
Eventually modems caught on and the magazine was members, most of whom which are active staff members
distributed through crude BBS systems. Using the power of a even today.
Commodore 64, a Blacklis/ed! 411 info site, which anyone
could log into without handle or password, was created and In 1999, what was to be the last issue of Blacklisted! 411
operated. 1\ was a completely open message center. Using (Volume 5, Issue 4) was published. It was unknown at the
X-modem or Punter file transfer protocols, one could time, but many pitfalls would ultimately cause the demise of
download the latest Blacklisted! 411 files or readl1eave the magazine. Officially, it was dead as a doornail. After 4
"messages" which later became known as a "message base" years of regrouping and planning, Blacklisted! 411 magazine
and has evolved into what are now commonly known as was resurrected yet again..
"newsgroup postings" or "forum poslings". There was only
one message center, no email capability & only 1 phone line. To date, Blacklisted! 411 is one of the oldest group of
Primitive, indeed. Effective, however. hackers still remaining and releasing gathered and compiled
information within the hacker community and the mainstream
Around 1984, the purchase of a 9 pin dot matrix printer that community as well. Hanging onto the very same hacker
could print basic graphics was entered into the mix. mentality and code of ethics from the 80's, Blacklisted! 411
Printing out copies of the Black/is/ed 411 monthly and stands apart from the rest. Their ideal is that hackers are not
copying them at the media center at the high school became thieves - they're curious people who are the makers and
the new "experiment". The media center staff graciously shakers of the technology sector. They're not elitist hackers
allowed the production of these copies free of charge which by any means and believe that no question is ever a "stupid"
was very cool at the time. The copies were passed out at the question. Old school hackers and newbie hackers alike,
local "copy meets" (an interesting phenomenon of past Blacklisted! 411 caters to you.
times - hordes of computer users would meet at a
predetermined location and setup their computers with the What' about now...
sole purpose of copying software and exchanging this
software with each other). Piles of the magazine were left Community
anywhere and everywhere people could see them. One The last two years have been an exciting time for the staff
popular location was next to the Atari Gauntlet and Gauntlet and crew over here. We have become extremely active in
II arcade gaines strategically located at 7-11's all over the the hacker community. As we are based in the Los Angeles
place. It's been a longtime myth that people photocopied area, we have built relationships with the local Hacker groups
those original copies and then those were photocopied, etc. such as LA2600. SD2600, twentythreedotorg, Irvine
There's no telling just how many generations of early Underground and many others. We have been attending and
printouts of Blacklis/ed! 411 mon/hly made it out there. sponsoring Hacker Conventions and Conferences such as
the Layer One Convention and the ever popular Defcon. You
Years went by and Black/is/ed! 411 evolved. The short life- can find us attending these conventions regularly. We
span of the printouts was both a great success and a usually run a vendor booth at these events and we make
miserable failure. No mailer where they were left, they were available our wares - subscriptions, back issues, t-shirts,
taken - and taken quickly! The feedback was awesome in hats, stickers and other SWAG. We also provide several
that people wanted more. The interest was very high, but the "convention only" promotions such as the Apple IPOD give-
inability to meet this growing demand was completely away we held at DefCon 13. Our give-away was a big hit.
overlooked. The plug was officially pulled on the printout We're planning on attending DefCon 14 this year and we'll be
experiment and distribution through diskettes remained the holding our own private catered reception for subscribers and
norm. 1\ was really the easiest way to go at the lime. The supporters. Additionally, we'll be handing out membership
Blacklis/ed! 411 info site grew into a 2-line system. This was cards with all new subscriptions this year. Whatever you do,
a big deal in 1985. By that time, information was almost be sure to check out our booth first, you'll be glad you did!
4 Volume 8 Issue 3 - Fall 2006 Blacklisted I 411
�Magazine Development First and foremost is the local chapter of the Ronald
A major effort has been made to increase our exposure to the McDonald House. Many people have never even heard of
hacking and information security community. Our distribution this place, but nevertheless, they're a wonderful bunch of
goals for the magazine was to break 100K copies distributed people who offer an amazing service to those less fortunate
each quarter sometime in 2004 and we far surpassed our families who have a child in the hospital....they offer a place
goal within our timeframe.. To date, BlacklistedI 411 has a to stay and a hot meal - for FREE (or a very small donation if
circulation over 200,000 copies per issue. Based on orders you can afford it). We've donated many items to help their
from distributors and sell through, we're doing excellent in the cause because we really believe in it. One of our favorite
marketplace. Additionally, we have been seeking and hiring donations was the 200 some odd small children costumes we
freelance writers, techs, photographers, and editors to supplied them with to give to the children around Halloween.
increase the quality and scope of the magazine. We've also If you have children of your own, maybe you can appreciate
been promoting the magazine outside of our community to this place a little better. Blacklisted! 411 Magazine
bring in cross-over readers. Wholeheartedly supports the Ronald McDonald House
mission and their programs.
Merchandising I SWAG
We now have a whole series of Blacklisted! 411 themed Additionally, we've donated heavily to the Westminster Parish
swag and merchandise. This currently includes stickers and Festival, specifically with the intent to help support their youth
apparel, but will soon include posters, a new DVD, gadgets programs and special classes for the mentally and physically
and technology.... .whatever our creative minds can come up handicapped. The festival they operate is much like a small
with. Ideas and suggestions on this subject will be accepted carnival with rides, food, drinks, and entertainment. They
and appreciated. also run a huge raffle which is right up our alley as far as
lending a helping hand goes. We've been able to supply
Charities them with some unique and stunning prizes for the children
People generally believe that hackers are awful scum- who attend the festival. Prizes you wouldn't expect to win for
SUcking low life degenerates not fit to inhale the air they a cheap raffle ticket.
breathe. This idea has been pounded into the heads of
people repeatedly by the mainstream media. Not necessarily Our hope is that we were able to brighten up the day for
because they're evil-doers, but more likely due to the fact that some children, maybe even a family or two....and help our
they simply have no idea what hackers are or what we're all community at the same time.
about.
Of course, we also donate to EFF and other hacker-friendly
They think we're an uncaring bunch of thieves. They couldn't groups. That really goes without saying, right?
be any further from the truth. Hackers do care. In fact, they
probably care more about the things that really matter than Closing thoughts
your average Joe does. Let's start our closing thoughts by mentioning that we're your
friendly neighborhood hacker magazine. We're one of the
Blacklisted! 411 is owned and operated by real people who team players and happy to help people. Please don't feel
care about things aside from hacking. No, really. In the spirit that you cannot approach us.
of helping people and organizations outside of our community
by offering real support, not only have we done a good deed, So, if you have questions, comments, articles, ideas,
but we've demonstrated our philosophy at it's core level. We suggestions, have a business proposition or wish to offer
want to help. As such, Blacklisted! 411 Magazine has support in some way, please contact us and let's see what
officially donated to several local charities in an effort to we can come up with. Thanks for your support, hackersI
achieve this goal. BL411
Important notes ofinterest:
SWAG NOW AVAILABLE
That's rightl We have SWAG now. We have some cool "Hack the System" T-shirts and baseball caps, plus a
wide variety of bumper stickers available at our online store. We'll soon have some additional SWAG and
technology available as well . Keep watching. www.blacklisted411 .net
DEADLINES
For some reason, people seem to miss our deadline mention in the magazine and online, so be sure to read
this. The DEADLINE for articles, letters, artwork and ads for Volume 8, Issue 4 is January 21st, 2007. Got
that? JAN 21 2007
ADVERTISING
People often email us asking if classifieds are free. We keep telling everyone YES. Classifieds are free. If
you have a classified you want us to run and it's topic related to the magazine, send it in and we'll consider it
Ads are limited to space constraints per issue. First come, first served. Naturally, we reserve the right to
reject advertising for any reason.
ARTICLES
Do we really need to mention this one? We're a magazine and we NEED articles. If you're a writer and want
us to consider your work, send something to us. Don't waste any time . We're a PAYING MARKET. What
does that mean? It means that we pay for articles which we use••.but only If you want the $. We can donate
your payment to your favorite charity if you 'd like. Our rates are generally $25 a page, depending on size,
quality & use of photos.
ONLINE CONTENT
If you haven't noticed It yet, we have a website (www.blacklisted411 .net) and we like to fill our pages with
Interesting, topic related content If you'd like to write artlcles/revlews for use on our website, send them In.
Blacklistedl411 -
- Volume 8 Issue 3 - Fall 2006 5
�Letter from ZaclUlry Blackston e, editor-in-chief. ....
We lcome 10 the latest edition of Blacklisted 411 Magazine. Subscriber access to the forum may not sound like much, but let
We ' ve go t some ground III cover, so I'm going to dive right on me explain what Ihis will include. First of all, subscriber access
in and gel to il. 10 the forum will g ive you immediate access to the full range of
sections, including a special subscriber-only area that has a
As you may have noticed, this issue has been released relatively Q&A topic directly linked back to and operated by the magazine
ear ly co nsidering Ihe Summer issue 's late release. We're trying staff Additionally, as soon as we bring the onli ne magazine
10 close the gap on our issues lor 2006 so we can actually back , subscribers will have immediate access to it. We're also
release four issue s Ihis yeur . going to create a few other intere sting item s for subscribers. A
radio show and possibly a TV show . It's only going to get more
Aller Ihe super-laic release of Volume 8 Issue 2, peop le began interesting as time passes. Stay tuned.
10 as k if we were going IIIjust skip WI issue this year. Looking
bac k at my letter from Ihe editor from the Summer edition, it's Note : If you 're not already a subscriber. you can subscribe
obvious that my coverage of Ihis topic was inadequate. The directly from the forum area and get instant upgraded access to
short of il is tluu we 're going to try and squeeze out four enti re the forum. Just click on the "SUIlSCRIBE NOW " link near the
issues this yenr, even if it means the time between the last few top of the page .
issues is shortened.
Like I said , we're working on a Radio Show which is be ing
Additionally, so me readers were worried that they were going to headed up by "ThelnstaIlGuy" and we 're considering the idea of
be stiffe d an issue . I'd like III make this one crystal clear to putting together a monthly (maybe even a weekly) TV Show.
everyone. If you pai d for a subscription, you'll receive the We don't have any specifics on either one of these yet, bu t
number of issues you paid tor (ic: 4 issues for a Iyr we're accepting suggestions and offers of help from our readers
subscription, K issues lor a 2yr subscription, etc) . '11 point is for the time being. If you 'd like to be part of either, send me an
11.'
thai we consider a years worth of subscriptions 10 be four issues . email rightawayatzachary@blacklisted411.net
This is how we determine that a subscriber gets what they paid
for. I hope this clears things up Ior everyone. You 'll notice that Alex is being a lot more active lately, in both
online WId in-person mailers. He 's recently taken over as head
Ano ther complaint is Ihal we don't communicate with our of the magazine. This change means that he'll be bringing his
readers us well as we could, We've already put changes in place business experience to the magazine which is good for backend
10 alleviate this issue. Not only arc we posting regular updates operations and the overall health of the magazine. You'll be
10 the main page ot' our website, but we 're leaving those seeing him at more conventions and events, too. Be sure to
messages there a lillie bit longer and storing them in our news swing by our booth at the various hacker cons.
sec tion database so they can he viewed even when they're nol
on the mai n page uny longer. In the past , we would delete Speaking of hacker cons, Defcon was an amazi ng eve nt th is
various news items from time 10 lime, mainly due to a technical year . It's 141h convention to date, they get better every year.
issue we tried to gel around. We no longer delete our news Even though the event was moved to a new location this year
items . I believe that Ihese changes wi ll correct any general which caused some grief, it was still an awesome social
communication issues we've heen having. gathering. Quite frankly , it's arguably the best hacker con on
the planet .
Abou t the page cou nt of Ihe magazine. Ever since the day the
magazi ne was made uvuiluhle 10 the public, it was a 60 -page Unfortunately, I could not attend, but the magazine staffran a
"d igest" format. We decided to try something new somewhat booth in Ihe vendor room and mingled w ith the attendees dur ing
recent ly. Vo lume 7 Issue 4 and Vo lume 8 Issue I were both Ihe ofT hours. I've read the reports, I've heard the gossip and
released as 84-page "digest" format . We adde d 24 pages of I've see the pictures. All in all, this was a great success for Dark
extra content in each of those two issues. We didn't increase Tangent and his awesome event! You can read about Defcon in
our cover price or increase our subscription prices . However, this issue . Be sure to check it out ,
our IIlUldlingcost was increased dramatically. The weight of the
additional 24 pngcs per copy added up! We knew it would, but What about me? Regardless of Alex taking over, I'll still be
we were willi ng to cal the additional cost 10 Iry out our idea. here working on the magazine itse lf and he lping create new
Our hope was that the increased page COUlII would increase sales content for the website and anything else we come up with . In
and interes I in Ihe magazine. fact, you'll probably see me more often now that I have extra
time on my han ds. Having Alex take care of day to day has
While Ihe interest did appear 10 increase, the sales did nol. Aller freed up a lot of my time that I would otherwise have spe nt
two issues of lesti ng ou l Ihis theory, it was decided to pull the dealing with magazine operations. I can now devote a
plug on the idea and revert huck tu our original 60-page format. significant portion of my attention to the magazine in more
creative ways .
So, whal have we heen doing over here at the magazine lately?
We ' ve been maki ng sweeping changes across every level of the We're thinking abo ut expanding our "street crew" to include
magazi ne. Some of Ihese changes arc obvious while others are more people who want to help spread the word about the
not easi ly noticed. I'll luke some time now to explain some of magazine, attend meetings, conventions and be our eyes and
what's going on . ears in the community. We've already got a few good people
laking on the project, but they can only do so much . If you like
First und foremost wou ld he Ihe forum . If you haven't noticed the magazine and want to help out in any way , you really should
already, check o ut Ihe loruml We migrated over 10 vBu lletin contact us and let us know. There's so many possibilities with
from the phpBB plutform. vBulleti n will give us much more the magazine and ple nty of roo m for expansion. We've very
creative contro l ofhow we usc our foru m, We intend 10 usc the receptive to ideas and constructive criticism, so don't be afraid
forum 10 provide a reliable means for the community to share 10 approach us.
ideas and communicntc with the magazine staff, II' you have nol
done so yet, please check out the forum , By the way, if you 're a As alway s, we want to hear from you, our readers . If you have
subscriber, contact Alex so he CIUl set you up with subscriber WlY questions, comments, suggestions or complaints, speak up.
access to Ihe forum . Be sure 10 include real name/address so he Hack the system!!
can identi ty your subscription slatu~. -Editor
6 Volume 8 Issue 3 - Fall 2006 Blacklistedl411
� THE ART OF DSL
Written By: ThelnstallGuy
Introduction
I feel this topic has been neglected lately and would like to reopen the topic for discussion . Since the release ofVDSL,
there have been a lot of changes in the way the service works and things that can be done to enhance your experience
with it. Now, keep in mind that this article will primarily be based on NVDSL connections in Canada . Most of the
information here should be cross-platform. In the very least, this article should get you pointed in the right direction.
How It Works
I am sure most of you are aware of how ADSL works. I will only offer a summary here.. All DSL connections
require an authentication (uname and pword). Once this is authorized by the SHASTA (Large servers used for
nothing but authentication), an IP address is handed out by the RADIUS server . Alot of people are under the
impression that the IP's are Dynamic, this is only partially true. An explanation of Radius servers is beyond the scope
of this article, but feel free to Google it. Alright , so now you have an IP address and are able to browse. The last thing
of mention here is to notice that it is actually the PPPoE adapter that gets the IP on your computer. When you first
install the software for a DSL connection, (Pre-Windows XP. XP actually has built in software to do this) it creates a
software layer connection that allows you to authenticate to the providers service. This connectoid is what actually
receives the IP address from the provider. In Windows command prompt, running an "ipconfig lall" will show you
two different connections, I for the actual physical network card and I for the software level connection . You will
notice your actual network card will still have a 169.. ... Non-routable IP address and the software connectoid holds
the valid IP to the network.
With the introduction on VDSL, a few things have changed. Most noticeably is the VDSL box that now sits atop of
your TV. This new device not only acts as a DSL modem, but also acts as your TV receiver. The way this is
accomplished is by sending multiple signals down the phone line (TV, DSL, Land Line). These signals are separated
into frequency bands. Once inside the home, the land line or phone frequency is filtered off immediately. The
remaining frequencies are sent to the TV box and filtered appropriately. Lastly, I would just like to point out that since
the introduction of VDSL, all VDSL subscribers are receiving 17-20MB connect ions to there home! Most of that is
required for the TV, but we will explore shifting that number in a later article.
How to Fix it
In this part of the article, I am going to discuss a few of the common and not so common errors seen in DSL
connections . Although there are numerous sites that explain various error codes, most of them are very generic and
don't help all that much. The trouble codes that are listed below are Windows XP generated. If you are using an older
OS, then refer to the manual that came with the PPPoE software. There will be specific codes generated by that
software .
Error 619 & 691 : For all intensive purposes, these are the same. Incorrect uname and pword. The only other option
here is to disable the Symantec Password Validator in MSConfig under the services tab if you are using Norton 2004
or later.
Error 769: This error tells you that your network card is disabled. Locate your network connections, right click the
"local area connection" and select enable. You should be good to go.
·Note: This problem does misrepresent as error 678 on occasion.
Error 678: This one is a fun one. You have and endless selection of options. Basically, this error means that you
either have no communication between your computer and the modem or no communication from the modem to your
provider . If the lights flash on the modem (without a router) while you 're trying to connect, then you can be fairly
certain the problem exists at the provider level. Check all cables and connections and contact your provide r. If the
lights do not flash on the modem while trying to connect, then there is something that is blocking any communicati on
to your modem. I will start with the most common fix and move to the more detailed. First, try power-cycling the
modem and the computer. Next, as mentioned above, check network connections for a disabled network card. If the
prob lem hasn't been resolved at this point, it is most likely due to software, Software firewalls and anti-virus are
common culprits, especially after they run automatic updates. The easiest and most effective is to either disable them
on startup from the MSConfig utility, or ju st uninstall them. Yes, the un-installation takes some time, but it will allow
Blacklistedl 411 -Volurne 8 Issue 3 - Fall 2006 7
�you to configure them from scratch and hopefully not have the problem again in the future. Lastly, I would re-create
the PPPoE connection. These connectoids due go corrupt sometimes and it is worth the 2 minutes to re-create it.
Routers: About the only thing that ever goes wrong with PPPoE and routers is the router drops the connection after a
brief interruption in service. Routers are pretty sensitive to a loss of service. They will often not try to reconnect after
a minute or so of no service. The most effective fix is to power cycle the modem first, wait 2 minutes, then power
cycle the router. This will fix the issue 99.9% of the time.
Slow Speeds: This one can be a little tricky to diagnose, therefore I will stick to problems pertaining to the article.
To say that subscribers don't have consistent speeds from house to house or even neighbor to neighbor is a gross
understatement. There is however a reason for this. Before any connection reaches a SHASTA or RADIUS server, the
connection routes through either a DSLAM (Digital Subscriber Line Access Multiplexer) or a BSAM (Broadband
Subscriber Access Multiplexer) .These are the boxes located at the end of your street. They can generally handle
anywhere from 8 ·400 customers and cost about $150,000 - $200,000 ea. The difference between the two is this;
DSLAM's handle ADSL customers while BSAM's handle VDSL customers. Regardless of the type of service a
subscriber may have, the connection from the box to their door is essentially the same. Every Subscriber is on what is
called a loop. A loop is the section of cable to and from the phone jack to the BSAM or DSLAM. The farther a loop
goes has a direct ratio to how fast and/or stable the connection is. The longest an ADSL line can be is about 3 miles.
VDSL has a loop length maximum of about 0.8 miles. The main reason for the large difference is due to the massive
data that travels down this line. The stability of the connection degrades very quickly over long distances. To sum this
up, the longer your loop the slower/less stable the connection will be.
How to Hack it
Please keep in mind that this is information only. What you choose to do with it is solely your responsibility. I will not
be held liable for any stupidity that arises from any misuse of this information.
It wouldn't be much of an article if I didn't at least share one hack, so here we go. As I mentioned in the beginning of
the article, all DSL connections authenticate through a SHASTA. All service providers maintain a lot of them. This is
a good thing. While all SHASTA's will communicate with the RADIUS server, they do not communicate with each
other. For example, if you maintained more than one residence in town, there is a very good chance that there are 2
different SHASTA's servicing these locations. This means that the same uname and pword can be used in 2 locations
as one SHASTA does not know that the other has already auth'd that username and password. This could allow you to
maintain a server at one location and a regular internet connection at the other.
We pay enough for internet as it is these days. I feel you shouldn't have to maintain 2 accounts just because you
maintain more than one residence or place of business.
Conclusion: Well, as my first article to Blacklisted 411, I hope you enjoyed the article or in the very least learned
something new. If you have any questions or feedback, I would love to hear it. Please be aware that some of the topics
discussed here have been generalized a little to improve the readability of the article (no one likes a manual).
Hack The System!
About The Author
Most people know me as ThelnstaliGuy, T.I.G., or that new admin guy @ blacklisted 411 forums . I have been involved in
computers in many facets for about the last 20 years. My first computer was an Apple II C Plus. I programmed my first RPG
game at the tender age of 13. It wasn't much , but it was better than Choplifter. Since then, I have maintained a steady
interest in computers, mainly focusing on server deployment and network infrastructure . My hobby is all things wireless and
radio. Currently, I reside up north in central Canada. Yes, it's cold 6 months of the year, no, we don't travel by dog sled, and
yes, it's legal to reproduce copyrighted digital media for our own personal use.
Favorite Moment: Having a Hawaiian art gallery ask if extra packaging was needed on a painting being shipped. Apparently,
they were concerned about it being damaged while it was transported by dog sledl? I wonder if they really thought I was
going to hang it on the inside of my igloo???
Recently, I have decided to embark on the Blacklisted 411 Radio project. I will be working with Zack and Alex on this project
and have a tentative date of mid September for the pilot episode. Please watch the forums for upcoming news and info on
the show.
I will be sure to keep you all posted . Please feel free to email any ideas and comments at: theinstallguy [at] gmail (dot) com
8 Volume 8 Issue 3 - Fall 2006 Blacklisted I 411
� Fixing a~ratcft~I;e.iC D s
J\'actr >'I7'er-st~e
by UnicOder
unicoder@b/ack/isted411 .net
A couple of weeks ago a friend of mine called me on Sunday evening and asked me for advice in a
miserable situation: He had a scratched CD with extremely important data on it and he needed these data
on the next day in the morning. Unfortunately the disk was in such a horrible condition that his CD drive did
no longer accept the CD and the standard tricks like trying to read the CD with another drive or simply
cleaning the CD with some cleaning agent did not help as well.
It was clear: What my friend really needed was a disk repair kit (one can buy in nearly every computer
store), or even better, the help of a professional data rescue company. But he had neither the time nor the
money for one of these options. So I told him: "Okay, sit down and relax, I'll find a way to fix your CD until
tomorrow."
Let's do it MacGyver-style .. .
My friend had nothing to loose, he needed these data now or never again. That meant for me it was time to
try some of these crazy MacGyver-style CD repair tricks one can find all over the internet (Do you guys still
remember the 80s TV series "MacGyver" where Richard Dean Anderson's alter ego could solve almost any
problem by using science and his wits instead of violence? Good old times! ;-) ). But let's continue with the
story: Just like MacGyver I tried to find a solution to the problem by using only stuff everybody normally has
at hands and by utilizing Google I found lots of tips and tricks on how to repair CDs with typical household
equipment in a couple of minutes. While some of these tricks sounded pretty much stupid (like cooking the
scratched CD in a bowl of water) some really seemed to make sense (like using car- or furniture polish).
Since I had no idea which of these tricks really worked and due to the fact that there were controversial
discussions on nearly all repair methods in lots of internet forums I decided to try them all to find out which
one works the best for me.
So I took a couple of old CDs I didn't need anymore and scratched them until they were unreadable in both
my hi-fi system and all -my computer drives. Then I tried nearly all those crazy tricks from the internet, and
guess what; I even tried the CD cooking trick; I mean heY,.you:1I never know, it may really work. ;-) But the
results of my experiments' were bad: Not only the CD cooking trick was (as expected) a total blank, but also
tricks that seemed kind of logical to me did n~t resurrect any .~f m~ 'prepared Test-CDs, except one trick:
The toothpaste trick·· .·
Some of you may' have heard about this trick before and thought it's a joke, but I can now confirm: No, it's
not a joke! Polishing scratched CDs and DVDs with toothpaste is really the ultimate homebrew data rescue
solution. (Flg 1)
But keep in mind that the whole procedure needs time (I needed over one hour to fix my Test-CD with the
toothpaste trick) and that it's not guaranteed that the -trlck will work with every scratched CD. If the
scratches are too deep or if the data layer on the upper side of the CD is damaged you will have no chance
to resurrect the CD with this trick - no matter how long you polish. Also bear in mind that this is only a
temporary.solution to pull the data off the damaged disc. That means: Use the trick to resurrect the broken
CD, immediately copy all data to your hard drive and burn them onto a new CD. .
.r. ' ; ij ' . '
Here's how it works:
1. Apply the toothpaste to the data/rear side of your CD; Especially to the areas with lots of scratches.
(Fig 2) ' •
2. Before ,you start polishing the CD with a fine cloth or tissue wait at least 5 minutes.
3. Put some drops.of,water., onto the CD 'and start polishing the CD (always rub from the inside of the
CD to the outside, never rub in circles!). If the CD gets too dry while polishing add some more water.
4. After polishing a couple of 'minutes gently wash the CD with warm water (until all toothpaste is wiped
off), dry it and test it in your hi-fi system or computer.
5. Repeat all steps until your CD drive can read the disk ...
That's it, it's really that simple. In this spirit let the toothpaste do the work, relax and hack the system. And
Blacklistedl 411 Volume 8 Issue 3 - Fall 2006 9
�before I forget: Yes, the whole story with my friends CD had a happy ending as the toothpaste trick worked
for him as well. J Peace!
Last but not least: If you have more time and money buy a disc repair kit or let professionals do the work for
you. The toothpaste trick is only a solution for you if you have nothing to loose. The Blacklisted!411
magazine and I are not responsible for any data loss or damage caused by using the toothpaste trick.
Fig 1: A scratched CD before (left) and after (right) the toothpaste trick. As you can see the heaviness of scratches Is
Incredibly reduced on the pol/shed disc. (Picture post·worifed to Improve the visibility of scratches)
Fig 2: Put toothpaste onto the rear side of the CD and let It rest for at least 5 minutes.
10 Volume 8 Issue 3 • Fall 2006 Blacklistedl 411
� THe Rise OF SHyneT?
By Rick Davis
Fans of the movie series Terminator will remember the global computer system, called Skynet, which was
I
made by the military then ultimately grew selt-aware and went to war with humanity. This is surely a far cry
from today's technology however it does offer some insights and ideas for an advanced computer network.
Also, while borrowing concepts from a movie genre it's hard to ignore The Matrix series which can also
throw some inspiration for this project.
The purpose for this network was born from the need that myself and a group of friends had after our high-
school and college days had passed and we scattered around the world to start our lives although we still
wanted to do more than keep in basic contact through e-mail. Interest in various projects and many coming
interests forced the need to share files and find a means for group communication that basic e-mail or
phone could not provide. Also, our interest in distributed computing projects served by distributed .net
sparked our interest in new projects and more productivity.
What we needed.
After a brief review of our needs we decided our Skynet needed to support these features.
Central point for data storage and distribution
Messaging system
Varied levels of access
Ability to easily add new systems
Active security features
With these features in mind each system on the network would have specific access and roles.
Core - Central depository of data. Hosting of messaging system. Root network access.
Sentinel - Specific security related role. Access to core. Contribute to computing projects.
Node - Access point for each user to the core. Contribute to computing projects.
Drone - Minimal access, if any, to the core. Contribute to computing projects.
Network architecture.
The Core : The core itself was the most powerful computer on the network, built specifically with our goals
in mind. It needed to have a lot of computing power to handle network operations as well as the storage
capacity for all the users involved. Above all else it would need to be expandable and upgradeable for at
least 3-5 years.
The most difficult part was the various permission levels of the data. Each user has a certain amount of
storage space that only they have access to. Also, each user has a "public" area where they can place
material securely and change the password when needed. There is also a general public area that all users
could access. From there things got complicated . The bulk of the storage was broken down into three main
sections, each needing increasing access. This was done because of the number of people involved. For
example, the small group who started this project definitely wanted to share any material we placed on the
core however the users we brought in to use their computing power did not get full access since only one or
two of the ·Super-users" would actually know these people. Then , somewhere in the middle would be those
that contributed several systems or those that really had no interest in what we were doing. These users
had varying access, usually custom defined.
Sentinel: Sentinels were our idea for active security. The initial design called for two and really there was
no need for any more. One would continue to actively scan the network for virus and assorted malware
threats. Scanning by the sentinels included the core as well as all nodes with ·Super-User" access. The
other sentinel would scan for intrusions. Mind you we were not worried about being targeted but rather
random attacks and such we wanted to deal with quickly. The sentinel would log any activity and would
have options for certain circumstances. For example, repeated attempts from a port scanner or anonymous
access might see that entire subnet blocked.
Nodes: The nodes were initially the only other part of the network. These systems would be the primary
systems that each of the original group used. In most cases this meant everyone's most powerful home
BlacklistedI 411 Volume 8 Issue 3 - Fall 2006 11
�computer. These systems would be eachusers only link to the core and besides from participating in the
functions the core provided the nodes would provide a major contribution to the computing projects.
Drone : A late addition to our plan which came from the idea to pull in as much computing power as we
could. Users with more than one system could connect the others for computing support or any other needs
that arose. Anyone that had an account would still only be able to connect from their primary system. Some
group members brought in a drone system belonging to a friend or colleague for the rare need of a file
transfer or if they were working on a project with any of us. In the meantime the drones would continue to
provide added computing power.
Network hardware.
The only specific needs were for the core. It was designed for the most computing power with the available
parts and funds. At the time this meant a dual-dual-core Opteron system with 4GB of RAM on each CPU.
The RAM was expandable well beyond that and the CPU's were far from the best the motherboard could
handle. The decision was made to get the core running and then as funding allowed upgrades and
additions could be easily made. The massive case allowed for a floppy drive, a variety of optical drives and
10 additional empty bays. A 250GB hard disk formed "COdrive for the operating system and associated
software. Then four-500GB hard disks formed the data storage area. The option was there for both the
addition of extra drives as well as the replacement of existing drives when higher capacities when prices
dropped.
All others systems spanned the full range of available hardware. Nearly all of the "Super-user" systems
were at least a 2Ghz CPU although some of the drones were well under 1Ghz. Basically, any system we
could access was brought in as a drone just for the processing power.
Network software.
Connections to the network were based on a VPN that the network operated from. All users had a login and
password to access the network. Also, those that had a static IP had that address listed so that it was their
only access to the network. Ideally, we would have liked everyone to have access limited to one IP address
but that was not reasonable with standard ISPs.
It took a long time to decide on an operating system for the core but eventually the decision was to stay
with a windows based system because of the variety of software available. Of course a server version was
utilized. An intricate permissions system was spread throughout the drives and a commercial bulletin board
program was set up.
For security standard commercial anti-virus and firewall software was used and a combination of freeware,
commercial software and our own coding formed the security intrusion logging system.
Network permissions.
Probably the most complicated aspect of the system the various levels of access required a lot of thought.
First, it was decided that absolute root access on the core could only be accessed in person while
physically on the machine and this level of access would be required to affect anything on the super-user
level accounts as well as network and software settings.. There were five "super-users' at the beginning
and three were in close proximity to access the system if needed. Four of these five could create new
accounts and permissions to effect all levels below themselves while the fifth was given this access only as
a courtesy knowing they had no interest in dealing with the accounts although their knowledge in other
areas made it important to have this access.
From there access was streamlined into four more areas. We were planning ahead incase we needed this
much separation although at first we had only another 6 or 8 systems on the network. Access was
organized into three levels of decreasing permissions (level 1, 2 and 3) along with another level which only
kept in contact with the core and provided computing support. Accounts at level 1 had nearly all the access
of a super-user expect the ability to create and alter accounts. Level 2 could only access limited areas of
the core and most of time was not a permanent account. Level 3 was always a temporary account which
we used for communication and file transfers to those that would likely not be visiting the network again.
Aside from accessing the data on the core user access also limited what you could see on the bulletin
board as well as information about the network in general.
12 Volume 8 Issue 3 - Fall 2006 Blacklisted I 411
�Starting your own skynet.
Basically, the principles behind the network could be employed by anyone. Any computer can serve any
purpose and instead of some costly software an FTP could be used for data transfer while a free bulletin
board package could be run .
Depending on your resources, needs and number of users the general idea of the network can be easily
adjusted for any needs . In fact, our design came out the way it did because of our limited money to invest in
the project combined with our needs at the time .
Visual network representation.
Component I Acce•• Level Data I Forum Acce•• Admin Access Other I Misc.
Core System iStorage of data and host for Physical access needed for Contribute CPU Power
forum. super-user account changes.
Physical access needed for
many software and network
chanaes.
Sentinel Systems ~one. Access only to .reas relating Contribute CPU Power
o their tasks.
Super-Users Private Directories. Set Permissions for all lower ~ontrlbute CPU Power
Shared Directories. ilccount levels .
Ability to create/delete some
material and directories.
ull forum access.
Level 1 Access to a majority of !Some ability to create lower ~ontribute CPU Power
storage. ~ccounts.
No personal directories.
Forum access to all but
super-user areas.
Level 2 Selected access to data and !Admin uses only given as ~ontrlbute CPU Power
orums. needed .
Level 3 No forum access . ~one. ~ontribute CPU Power
Temporary access to !'-evel 3 accounts are
specified directories . -'mpgrary.
Drones None ~one ~ontribute CPU Power
BlacklistedI 411 Volume 8 Issue 3 - Fall 2006 13
� A Blacklisted 411 Exclusive!
How to Secure'Your Email
Written by Maxy
Each time you log into your email client or website, send or even just read emails, you leak a significant amount of
information . Not only are your communications sent over networks as plaintext , and that mean 's anyone with a packet
sniffer who just happens to be on the same network as you--corporate espionage, anyone?-ean read what you typed,
but did you know that just by viewing an email you leak your Internet Protocol (IP) address to the sender?
In this article I will show you some ways to protect your IP; how to use secure, encrypted e-mail accounts, and how to
help anonymize your email transmission/reception.
Secure Email Accounts
Chances are you use a free email account like Yahool, Hotmail, or, yes, even Gmail . The first option towards securing
your email is to set up an alternative account on a secure server which encrypts the email transmiss ions for you, as
well as masking your IP in some cases. The advantages of using secure email accounts is that you don't need to
download any separate plugins like GPG or PGP and bother learning how to set them up, worry about incompatible
Outlook plugins, and other such inconveniences. The disadvantages are, as we will soon see, limited storage space,
and encryption limitations.
!Keep Your Se c ure E mail Private!
A small caveat before we get into the gist of the article: although this may appear
to be contrary to your common sense, consider that in some cases it may actually
be advantageous to keep your secure email account private, rel e a s in g it only to
close compatriots, and using a free 'unsecure' account (like Hotmail) for regular
transactions-to keep those whom you don't want to know about the secure
account in the dark! Think about it, the fewer people who know a b o u t your
private, secure account, the fewer people can try to attack an d co m p ro m ise it.
With all this in mind, let's now look at some free secure email account providers available on the web.
MailVault
http://www.mailvault.com/
The Good Stuff: According to MailVault's About page, "MaiIVault's OpenPGP implementation is 4096-bit/I024-bit
strong. MailVault supports 256-bit AES for SSL transmission security." The encryption keys are also stores in
"distributed offshore servers" which are located in Malaysia. MailVault also allows yo u to import PGP keys into your
keyring, which means that you can send encrypted emails to someone using their public key through MailVault, and
the email will be encrypted against any eavesdroppers. The MailVault interface is also very intuitive and easy to use;
fast-loading , and completely ad-free!
Looking at the Received paths in the headers of an email sent to a third-party account , you can see that MailVault also
protects your IP:
Received: from mailvault.com (Iocalhost (127.0.0. 1D.
(I did not paste the entire header, as that would just waste space, tho ugh you can easily view full headers yourself in
your favorite email program-in Gmail for instance , you can do so by clicking on ' More Options ,' and then on the
'Show Original' link under the email Subject).
Whereas most popular non-encrypted email servers like Yahoo or Hotmail (though notable not Gmail) will leak your
IP address.
Another interesting tidbit about MailVault comes from their FAQ (source: http://orlingrabbe.com/MaiIVaultfaq.htm),
which states "the MailVault server will not permit connections from a .gov or .m ll domain name. (If you are a slave of
the nation-state, then humbly beseech your masters to provide you with private ernail.)."
14 Volume 8 Issue 3 - Fall 2006 Blacklisted I 411
�And now the Bad Stuff: Email storage is limited to 4 Megabytes. That may be good for a few hundred small plain-text
messages, but not very useful for sending longer encrypted text or any attachments. MailVault's 'off-shore server
provider' also claims to provide DDOS protection (source: http://rayservers.comlnew/ddos-protection), however,
MailVault has just recently (at the time of this article's writing: Mid-August, 2006) recovered from a DDOS bounce
attack (source: https://ssl.mailvault.comIDDOS_Explained.html). This resulted in a lot of legitimate incoming!
outgoing email not being delivered, and which therefore resulted in a lot of pissed otT MailVault users! In fact. at the
time of this writing (August 2006), when I attempted to send emails to my MailVault account from a Yahoo account
as well as from a Gmail and Hotmail account, I received the following error from the mail daemon in all three cases:
This is an automatically generated Delivery Status Notification
Delivery to the following recipient failed permanently:
XXXXXXXXX@mailvault.com
Technical details of permanent failure:
PERM_FAILURE: SMTP Error (state 9): 550 relay not permitted
This just goes to show that email servers are certainly not infallible, and you should take their promises with quite a
big grain of salt. Though to be fair, keep in mind that no server is truly infallible against a sophisticated DDOS or
similar attack, so don't think that MailVault is somehow inferior to the congested Hotmail, Yahoo, or even Gmail
servers!
Also, while can send signed and encrypted emails to other users of MailVault, or to anyone who already has a PGP
key from another service, you cannot send encrypted emails to someone without a PGP key or a MailVault account.
And finally, MailVault does not seem to provide any sort of spam protection service.
Hushmall
http://www.hushmail.coml
The Good Stuff: Hushmail uses the Open PGP standard (RFC 2240 - http://www.faqs.orglrfcslrfc2440.html) to
provide 2,048 bit-strong keys, along with the AES encryption algorithm to encrypt the key. When selecting your
passphrase, Hushmaillets you know the strength of the phrase (something the aforementioned MailVault doesn't do).
Hushmail further provides a spam-fiItering and virus-scanning service for free, as well as a Hush Messenger client for
encrypted instant message (1M) conversations with your compatriots.
You can also export your Open PGP keys (both your private and keys). What this means is that if you are using
Hushmail, you can export your public key and give it to a compatriot who is using MailVault, who will then be able to
send you encrypted email from his MailVault account. Hushmail also allows the uploading of public keys, so you can
send your MailVault compatriot encrypted email as well, using his public MailVault key . Hushmail further lets you
setup a question/answer so as to be able to send encrypted email to someone even if they don't have their own PGP
key. The recipient of the email will have to know the answer to a question you specify in order to be able to see your
email.
Finally, Hushmail also strips out your IP from the e-mail headers:
Received: from hushmail.com (localhost.hushmail.com [127.0.0.1])
Figure J - Hushmail Security Dialogue. This screen appears whenjirstlnstalling the Hushmail encryption
engine when you're signing into your Hushmail email account
Blacklistedl411 Volume 8 Issue 3 - Fall 2006 15
�And now the Bad Stuff: Hushmail provides even less storage space than MailVault, clocking in at a mere 2
Megabytes. Free Hushmail email accounts will also be deactivated if not accessed at least once every three weeks
(sucks if you're going on a retreat with no Internet access!), and you will then either have the option of purchasing a
premium account, or having the email address deleted after six months (at which point an attacker can register that
email account anew and then attempt to spoof your identity-this is a very serious issue, so if you decide to get a
Hushmail account be sure to check it regularly to avoid losing it!).
With regard to security of the Hushmail servers, a little over a year ago in July 2005 Hushmail underwent a DNS
attack (source: http://www.theregister.co.uk/2005/04/25/hushmail_dns_attackl) wherein users who typed in 'hushmail.
com ' into the URL field of their browser were sent to a different IP. This obviously presents the possibility for the
phishing and keylogging of user passphrases. Hushmail blamed the attack on their domain name registrar, Network
Solutions, and claimed that the data on the 'secure' Hushmail servers itselfhad not been compromised.
Lastly, the Hushmail encryption engine, which is Java-based and loads each time you login to the Hushmail website
(or after each time you empty out your browser's cache-which you should do regularly) can take a while to load for
56K users, though to their credit there is an option to bypass the Java engine if you do not have install rights on the
computer you are using.
CryptoMaii
http://www.cryptomail.org/
The Good Stuff: CryptoMail appears to be another Java-based encrypted email option. The one innovative feature of
CryptoMail is that it offers the option of sending your non-CryptoMail email account a notification each time you
receive an encrypted email at your CryptoMail account. The sender's IP address, like with all of the other
aforementioned secure email providers, is also protected (Recei ved: from cryptomail.org (localhost [127.0.0.1]). I'm
sorry, but that's about all the good stuff I could muster; on to the bad.
And now the Bad Stuff: The Java-based email interface is slow and clunky, which would be tolerable if you at least
had the guarantee of strong encryption. Looking over the CryptoMail FAQs, Documentations, and so-called Technical
Specifications, I couldn't find any mention of just what the hell kind of encryption algorithms CryptoMail uses. All
the documentation in general is, in fact, very short and illusive, which leads me to believe the 'Snake Oil' corporation
who owns CryptoMail (no, seriously, that's their real name) is deliberately withholding information from their end-
users. When generating the keys, the interface said something about Open PGP, only to later state that CryptoMail is
only "on its way to being RFC 2240 compliant ", therefore apparently meaning that it's not even up to par with the
Open PGP specifications?!
Figure 1- CryptoMait Key Generation Screen. CryptoMa il allows you to move your mouse around the screen to
randomly gene rate a keypair, however, notice that they don't bother telling you what encryption algorithm and
key- bit strength this generated keyset will use! .
Furthermore, when looking at the raw 'encrypted' data generated only when sending email from one CryptoMail
account to another, the 'encrypted' data was prefaced with "################CryptoMail Version
O.IA################". I find it just a little bit troubling that a service that claims to have been around since the
year 2000 still uses an encryption engine that's version 0.1A.
And finally, as CryptoMail does not allow either the import or the export of public/private keys (and as I already
mentioned, CryptoMail doesn't even tell you what algorithm these keys are based on, let alone the key-strength), you
16 Volume 8 Issue 3 - Fall 2006 Blacklisted l41 1
�can therefore only send encrypted emails to other CryptoMail users, not to mention that you don't even know the
maximum storage capacity of your email box. Now, maybe some readers of Blacklisted are more intimately
acquainted with CryptoMail, but until someone sets me straight, my advice is do not use CryptoMail for securing
your email. We can not assume that their withholding of information is just due to simple negligence, and must
therefore surmise that an ulterior motive is in place.
Stea/thMessage
http://www.stealthmessage.com/
Figure J - St~althMaii Email enat;onScreen.St~althMa;1 allowsyou to input your m~ssag~.
and set a "ar;~ty of f~atur~s such as s~/f-destruction and antloCopy;"g protection:
The Good Stuff: StealthMaii provides a truly unique service which sets it apart from the three aforementioned secure
email providers. StealthMessage provides 160-bit encryption with 128-bit SSL, but going further it offers several
innovation features that are rarely seen in a free, secure email provider.
First of all, StealthMaii provides the option of setting a 'self-destruct' timer for your emails. After the recipient opens
your email, he has a limited amount of time to view it (which you set: maximum of 30 minutes, minimum of I
second). You can also instantly self-destruct a message from your StealthMaii account, which means that while the
recipient will still be able to know that you indeed sent him a message, he will be unable to read it! This is a great
feature if you change your mind about sending a particularly sensitive message. The self-destruct feature is also great
for sending a short communique to a compatriot who is in a sensitive environment such as a workplace or public area
where the chances of someone shoulder-surfing and reading the message are quite high, in which case you set the self-
destruct timer to a mere one second, and-poofl-the message vanishes!
Secondly, StealthMail provides an anti-copying feature which prevents someone from copying the text of your
message-a great feature if you want someone to read your message, but don't want them to retain a.copy of it for
evidence!
And thirdly, StealthMail lets you select the number of times you want the recipient to be able to re-enter the
passphrase to be able to read the email, which will prevent an attacker from brute-forcing or even just randomly
guessing your keyphrase.
Finally, as is to be expected, the StealthMail messages arrive at the recipient's inbox from a randomly generated
StealthMessage.com account, with the Received field saying: from EWHSERVERI22 (unknown (10.10.13.1», thus
masking your IP. The body of the email then says " A private message has been posted for you from
whoever@whatever .com" and directs the recipient to go to a secure StealthMessage website and enter his passphrase
so as to be able to view the email message.
Blacklistedl411 Volume 8 Issue 3 - Fall 2006 17
� Figure 4 - StealthMaii Message Receipt S creen. Afte r the email recipient enters his passphrase that y ou (as the sender)
agreed upon witll him , he 'll be presented with this Message Receipt screen. As soon as he clicks 'Decode '
the timer will start ticki ng down until the message self-destructs. Neat ]
And now the Bad Stuff: Unfortuna tely, most of StealthMail good points also have slightly negat ive counterp arts. The
anti-copying feature can easily be defeated by taking a screens hot (even ifStealthMail designed their scripts to disabl e
the Print Screen keyboard key, yo u coul d still use a third-party screen grabber program, there's tons of them around).
Likewis e, the sel f-destruct timer yo u set may not be enough for a recipient with a slow computer or who is a slow
reader and doesn 't finish readin g the message within the allotted time.
However, the biggest inconvenie nce of StealthMail is its requiremen t that the recipient enter a special passphrase--
which you two will have to have previously greed upon in advance--in order to read the message. It is imperative that
you two agree on the passphr ase in a secure environment-not a plaintex t instant message conversation or in a place
which may be bugged or otherwise monitored/surveilled!
Conclusion
So out of these four aforementioned secure email services, which one would I recommend? Well, assuming that
MailVault successfully recovers from the DDOS bounce attacks and you're able to both send and receive emails from!
For the most realistic, mind blowing kidnapping adventures
anywhere period!
Get kidnapped by our sexy Elite All Girls Team, or get your ass
kicked by the hardcore and sinister Henchman!
It's your choice, but you only live once!
WWW . EX TR EM EKIDNAPPIN G . C OM
18 Volume 8 Issue 3 - Fall 2006 Blacklisted I 411
�to the account, they would definitely be my first choice based on security and ease of use. Following MailVault, I
would pick Hushmail as my second choice, due to its somewhat clunky interface, which is nonetheless compensated
for by its wealth of available features. Stealth Message would come in a close third place, due to the fact that you can't
export or import encryption keys, yet I very much like its innovative self-destruct feature. Finally, the mysterious
CryptoMail would come in at a far fourth place, as I guess it's still better than using completely unencrypted email
like Hotrnail, though I'm not sure just how much better it actually is ;)!
If you don't like any of these secure email providers, you can always run your own Simple Mail Transfer Protocol
(SMTP) server (assuming that your Internet Service Provider (ISP) allows you to do so!). One such server is called
'Email Privacy' (source: http://www.download3000.com/download_4469.html) and turns your own computer into a
secure SMTP server for sending emails directly to your compatriots using any other third-party email program such as
Microsoft Outlook, bypassing any mainstream email servers, and therefore lessening the chance that your email is
intercepted. Though please note that this doesn 't guarantee security! As such, I would highly recommend encrypting
ernails, not just sending them from your own SMTP server.
Figure 5 - Email Privacy Main Screen, A screenshot ofthe shareware version ofthe email privacy SMTP server program. As the full
version costs almost $50, J, unfortunately, could not experiment with the full version and more fully report Oil its functionality:
Finally, remember that these are just four secure email options out of the hundreds that are out there. My reviews are
simply meant to get you to start thinking cogently about securing your ernails, and should be taken as a guide to
exploration on your own! When you google "secure email" or "free encrypted email" and see lots of different
corporations offering their services, be very skeptical and be sure to evaluate each email provider at least on these
points:
Level of encryption
Protection of sender 's IP address
Mail storage space
Allowance of the importation/exportation of encryption keys
Customer reviews of the service
Any past attacks like DDOS or DNS hijacking against the mail-server
Anything else you feel is important!
I wish you luck in your search for and use of secure email services , and remember the warning of keeping your secure
email private given at the beginning of this article-so as to keep it from falling into the wrong hands!
Notice of Non-Affiliation and Disclaimer
I am neither affiliated with nor in any way compensated by any of the companies
and organizations mentioned in this article. The opinions stated herein are just
that: opinions, which are my own and do not necessarily represent the views of
anyone but myself. They are not necessarily the views of BlackListed 411 or of
any of the mentioned companies. This article is presented for information purposes
only, and I will not be held responsible for any misuse of the information
contained herein, or any data loss resulting from the use of said information.
Blacklistedl411 Volume 8 Issue 3 - Fall 2006 19
�I MODDING TilE MOTOROLA RAZR V3
By M@
This article is one of many that I will write ded icated to giv ing others the correct information about modding the Razr V3. I
have owned my V3 for a little over a year now and have had endless amounts of fun with modifying it. I hope this art icle , and
the others to come , sheds some light on what is poss ible for the V3 . That being said , I will accept no responsibility for
anything that goes wrong with your phone . I'm giving you all of this information on a trial and error basis . (I've done it myself
and this has worked for me , and will work for you if done correctly. Don 't do something to your phone if you're not sure what
your doing. Ask firs!!)
Introduction
First off, V3 modding is usually done with someth ing called a data cable . This cable will allow you to connect your phone to a
computer. It looks like this :
You can buy these cables from your Service Provider or from the Internet, however, you may have noticed that there really
isn't anything special about this cable . It's just a standard USB cable with a min i 5-pin USB head on the other end . In fact, if
you have a dig ital camera , check the cable that came with it. Chances are that cable will work fine for your V3 . If you don 't
have a camera , head on over to an electronic store and shop around for a cable that would work.
There are many programs out there, some of which will be covered later , that allow you to use Bluetooth technology instead
of using a data cable . However, I don 't know a lot about Bluetooth and I know that a data cable would be the better way to go
because most programs recogn ize a cable rather then Bluetooth.
Terminology
I don 't know about all of you , but I hated this in English class, but I will try to make it as painless as possible. There are a few
terms that many of you may already know , or you 're hearing them for the first time . Either way it's important to have an idea
of what it all means BEFORE you start modding.
Flash - The Flash of a V3 can most easily be described as the Operating System of the phone . It is the most common thing
you will modify on your V3 . When you flash your phone , you will not lose any of your med ia on your phone .
Flex - These are the files that conta in the Serv ice Prov ider 's "branding" on the phone . (start up animation and sound , shut
down animation and sound, and other labels) They also include all the prog ramming needed in order to connect you to the ir
Internet service and text messaging on their network .
20 Volume 8 Issue 3 - Fall 2006 Blacklistedl 411
�Bootloader - This operates like the BIOS on a PC. It's software telling the phone what is what and where it can find
everything it needs to function . It can be upgraded and downgraded . Most modders (like me) downgrade it. It was the first
thing I did on my V3 because some programs may not work on later versions of bootloaders .
Seem - Seems control every single aspect of how the phone operates . "SEEMS are storage containers for Phone Settings
information ...Each setting is stored as a single bit, which can have a value of 1 or O. Often , the value of a bit is represented
by a check box, Checked = 1, Unchecked = 0." -Manalive
Unlocking - There's some discrepancy as to what an "unlocked" Razr is so this should explain it. An unlocked Razr means
that it may be used on other Service Provider's networks freely. Service Provider 's lock the phone making it difficult for users
to switch networks and keep the same phone. More on this later.
GSM - Global Systems for Mobile Communications. GSM based phones , (like my Razr) have a sim card in it. (The little chip
near the battery that holds all of the Service Provider's information and can be used to save your phonebook, etc.) GSM is
nothing more than a network type. It allows easy switching between Service Providers .
Ex. T-Mobile, Cingular , Rogers Wireless, Fido, etc.
CDMA - COMA stands for Code-Division Multiple Access . Arguabl y not as good as the GSM based phones , due to the fact
that it's old technology and does not use sim cards . Also , COMA based phones use software called BREW. (Binary Runtime
Environment for Wireless) BREW is the hardest software to modify on these types of phones . In fact, most of the programs
out there only work for GSM based phones, so that's a major downfall .
Ex. Verizon, Bell, Alltel , etc.
Get Started
Now, assuming that you have your data cable and ready to begin, you'll need to get your hands on a folder called P2K
Drivers. These drivers will allow your computer to recognize your phone's new hardware when you connect it to your
computer. You can get them here:
http://themotoguide .comlindex .php?PI0= 1&PGID=430&PHPSESSI D=eeaOb329229df215c75e52227 d7ac71b.
Also , you'll need a copy of RSD Lite. This program will allow you to flash/flex your phone . (We will discuss that later) For now,
you'll need to download it, from the uri above also, and don't install it just yet.
When you connect your data cable to the computer , then your phone to the cable, your computer will recognize new
hardware on your computer . When you open the new hardware wizard , select the option to "Install from a list or specific
location (Advanced)" At the next window, uncheck the "Search removable media..." box and check the "Include this location
in the search". From the drop down menu, navigate your way to the P2K drivers folder , (uncompressed of course) then click
next. It should install the Motorola USB Modem for you. When completed, click finish.
Now, you can install RSD Lite. Follow the on screen instructions to install it. When that's done , open up RSD Lite. With your
phone still connected, the new hardware wizard should pop-up again. Follow the same instructions as before, selecting the
P2K Drivers folder. When that's completed , the wizard should show up again. This time, leave the "Install the Software
automatically" selected, and let it do its thing. There should be only one more hardware installation. Just do the same thing
for the rest of them . When it's all done you can close RSD Lite for now.
Downgrading the Bootloader
The main reason why you would want to downgrade the bootloader is due to RSA protections on the phone, basically
policing you from doing what you want. (Which for some, can be a good thing)
Before going any farther , you'll need to know the current bootloader on your V3. To find this out, turn your phone off and then
press and hold the * and # buttons while hitting the power button to turn it on. A black screen should appear showing you
your bootloader version, (Mine was 08.26) and SW Version . (The flash of the phone) If you see that you have version 08.26,
you'll need to use a downgrader program . A good one can be found here: http://rapidshare .delfiles/13848110/
scotty2_8.26_downgrader _v2.zip.html. It's called Scotty2 Downgrade r. Only version 08.26 users should use this program.
If you see that your version is 08.23, you should not use this program. In stead, you'll have to flash the R374_V3BL_07.DO
bootloader on to your phone. I will cover how to flash your phone later in this article. You can find this flash bootloader at:
http://rapidshare .de/fiIes/13842811/R374 _V3BL_07.DO.zip.html.
Eventually you will end up with 07.00. This is the best bootloader to use and you'll never need to change it again .
Caution: Make sure your battery is fully charged . Make sure you have a stable connection to your computer . Don't run any
other programs when using the downgrader . Proceed at your own risk.
All you need to do is connect your phone to the computer and run the downgrader. It's a completely automatic process and
should take about 5-6 minutes. .
For the rest of you, who have 08.23 and lower, all you'll have to do is re-flash that bootloader to your phone. For this you'll
need RSD Lite. Then follow the instructions for flashing the phone further down.
Backup Your Phone
This should be, clearly, the most important step you do before going any further. I will show you how to backup your calendar
and phonebook first. You can do this with a program called Motorola Mobile Phone Tools or DataPiiots Universal Essentials. I
will explain how to use MpT , because that is the one I am most familiar with, though I'm sure DataPiiots isn't that hard to use.
You can get MPT from Motorola, your Service Provider, or of course the Internet. I would suggest finding a cheaper version
of it on the Internet somewhere . Just search around and you'll find it no problem .
Blacklistedl 411 Volume 8 Issue 3 - Fall 2006 21
�Once installed, and your phone is setup, a little picture of your phone should show up on your computer screen. When you
see this, click on the menu button on the keypad , then click Organizer, then Mobile Phone, and finally Backup/Restore . Then
you should be able to follow the on screen instructions for backing up your info. Make sure you know where your backing up
your files.
Next comes backing up your system files. Get a copy of Flash Backup from here: http://www.mark-world.tv/motorola/page1 .
html. After launching it, select Backups at the top. Select Full Backup under Backup Mode. Under Phone Memory Size, select
32 MB. Check the box saying Disable Backup Compression ...Now go to the area that says Select Loader (Only For
Advanced Users) and choose Select Another . After a pop-up shows, navigate to the installation directory for Flash Backup,
and go to the folder named RamDld Pack. Select the 32 MB (08AO).ldr file and click open. Now just click create. When it's
done, you'll be left with a single file. Success!
There are two other backups you can do also . (A bootloader backup and a PDS backup.) For this, do the same as before, but
this time just choose the correct backup type from the Backup Mode drop down box.
Flashing the Phone
For flashing your phone, you'll need RSD Lite and you'll need a re-f1ash file. Go to http://www.planetmotox .net and find a new
flash file for your carrier. (ex. Cingular)
Launch RSD Lite and plug in your phone into the computer. It should detect your phone right away. If not, turn your phone off
and turn it back on in flash mode (* and # upon startup.) After it detects your phone, click the ... button. Navigate to your new
flash file that you got, then once selected, click Start. Your V3 should display a black screen with SW Upgrade in Progress on
it. When it's done, click close and your done .
Flashing your phone should not delete any personal files on your phone, however, if you have something on your phone that
you don't want to lose, highly suggested that you back it up before you start.
Flexing the Phone
As you should know by now, the flex of the V3 are the files that contain your Service Provider's branding on the phone, and
also include the programming needed to connect to their network. You don't really need to flex your phone unless your goal
is to unbrand it or because you purchased a used phone with outdated software on it. I never flexed my phone, there was no
need to, but I will show you how to do it.
First you'll need a new flex file. Head to http://www.planetmotox .net and find yourself the newest flex file. We will use RSD
Lite for this process as well. Launch RSD Lite and plug your phone into your computer. Once RSD recognizes your phone,
click the "..." button and locate your new flex file. Once you've found it, click the start button. Once it's done just close RSD
Lite.
Screenshot courtesy of http://www.mark-world.tv/motorola/page1.html.
Again, I really found no need to flex the phone so don't be in a big hurry to do it yourself . The only reason, I can think of, why
you'd want to flex your phone is if you have one Service Provider's branding on the phone but you're using services from a
different provider. (Ex. You bought a used phone .) Also , when you flex your phone, it will delete all of your personal files from
the phone. (Photos, ringtones, etc.)
Seem Editing
I have just recently discovered seem editing , and the wonders it holds. Seems basically control the flex of the phone by
activating and deactivating features on the phone.
I will cover two seem edits. (One from the 0032_0001 seem, and one from the gain_table .bin seem. All of this will become
clear in a few minutes.) You will need to use P2K Phone File Manager (P2K Man) to download and upload the seems from
and to your phone, and you'll need XVI32 to edit the downloaded seems. You can get both of these from here: http://www.
mark-world.tv/motorola/page1 .html.
22 Volume 8 Issue 3 . Fall 2006 Blacklistedl411
�Now let's begin with the gain_table.bin seem. For -this seem edit I will show you how to turn up the earpiece volume for a
phone call.
Launch P2K Man and connect your phone. It should recognize it right away. When it does, hit the "update list" button. Look
in the fa directory (on the left) and on the right look for a file called gain_table.bin. When you find it, select it and hit the
"Phone» >PC" button. This will download the file to your computer, of course. After the file downloads, you can close P2K
Man for now.
Screenshot courtesy of http://www.mark-worfd.tv/motorofa/page1.htm/
Launch XV132 Before you open your file, you need to make sure your viewing hex instead of decimal. To make sure this is
.
the case, just click on options, then data inspector.After that's done, click the open button and select your gain_table.bin file.
When it opens you should be left with a table full of numbers and letters. Make sure the "big-endian (Motorola)" is checked.
Leave the options. Now your ready to open your file, so go to Open and find your gain_table.bin file. When it opens you
should see a table fullof letters and numbers.
D3 IlA 8B !BIl !02 !08 !00 !00 84FDt.?-F !6C !03 l!.!1?_-:6~!~~
00 00 01 [6BjA4 !AOjC4 !IlO 01 FD !A1 !A8 I 07 1Il7 01 !03 \
40 f03 04 3S !90 !A8 !88 i3B 03 SO iFIl iA6 i40 :0B jOO OO IOOl
Illllfll!IIlllllllll!lllj [ilmllllllllllil
ooti o 00 ~100 100 100 ioo
lif00 100 100 100 100 100 00 oclox]
~o o~itff oo~1
Screenshot courtesy of http://www.mark-world.tv/motorola/page1.htm/
Blacklistedl411 Volume 8 Issue 3 - Fall 2006 23
�These are the things you change when you do seem editing. Look at the bottom of the window when you select one of these
numbers. It gives you a hex address. (The screenshot above shows the address 1D) Look for a hex address "0 ". (Or 00) it
should be right at the top, and fourth one in from the right. This is the offset that controls how loud the earpiece is for a phone
call. (The default setting is 1 of course.) I changed mine to 04 and it works perfect. I can even hear the person when I'm
outside with lots of background noise, and it's not so high that I need to worry about blowing the speaker, so I would
recommend 04. To change the value, just select the offset, (01) and type in 04, and it should change for your. Next, save this
new gain_table.bin file.
Then quit XVI32, and re-open P2K Man. When the phone is recognized, hit "update list" again. Make sure you don't have a
gain_table.bin file still in the la directory . (Delete it if it's there.) Now, making sure that the la directory is selected, click the
"PC>>>Phone" button, and locate your gain_table .bin file and upload it. When it's done, hit the restart phone button and let
your phone restart. Vuala! Now you should be able to hear the person you're talking to next time you call someone , or
someone else calls you.
The next seem edit I will show you will allow you to keep a speaker phone call active even with the phone flipped shut. For
this, you'll need to open up P2K Man again. Once you've updated the list of all the files on your phone, go to the "Seem" area
and enter "0032" in the "From" box and "0001" in the "to" box. Click download seem. Save the seem file to somewhere you
can find later. (Obviously) Next, open up XVI32 and load your downloaded seem file. Click on offset 8A to select it. Click on
Tools and select Bit manipulation. In the "Status of Bits" area, uncheck bit 2. When this bit is unchecked, you will be able to
flip the phone shut while on speaker phone and still be connected to your call. If it is checked, your phone will hang up the
call when flipped shut. Now save this newly edited seem file, and upload it to back to the phone using P2K Man. To do this,
enter "0032" into the "Seem" box and "0001" in the "rec" box. Hit upload seem. Locate the new seem file and hit open. Tah
Dahl
BeliCoreRadio
The Evolution of Media
BellCoreRadio is a snowtor allthe
phonephreaks, hacker~ and
geeks ofa/Ikinds. Visit us online
at www:bellcoreradio.i1el to hear
the show
(ii\ B~,ic;;~.
~Omnimedia Group
24 Volume 8 Issue 3 - Fall 2006 Blacklistedl 411
�That's the basics of seem editing. There is a great seem map on all the different seem edits you can do at :
http://www.mark-world.tv/motorola/doc/seems .doc. It is updated by http://xlr8.us/hofo.
cl.gif Changing
Ever wanted to change that outer LCD image on your V3? Typically it has the name of your Service Provider on it and
nothing else. Well never fear, something can be done about this. All you need to do is find a .gif image of your choice , (some
can be found here: http://www.motox.info/showthread .php?t=435 .) and make sure it has the proper proportions . (96x80
pixels) Using P2K Man, all you need to do is navigate to the /a/mob ile/skins folder and find the file called cl.gif and delete it.
Now all you do is hit PC»>Phone and locate your new cl.gif image. (Be sure to name your new image c1.gif. Also the picture
must be a .gif format or it won't work) After that's done, restart the phone and check it out. Cool, huh.
Custom DRM Icon Sets
Installing your own icon sets are surprisingly easy. All you need is a .shx icon file (filled with all the new icons, duh.) and just
follow the instructions for flashing your phone. (Using RSD Lite.) You can find some cool icon sets here: http://www.mark-
world.tv/motorola/page10 .html.
Custom Start-up and Shutdown Animations
Putting on your own start-up and shutdown animations is always a cool idea to give your phone some style. All you need to
do is connect your phone up to the computer and load P2K Tools . (Found here: http://www.mark-world.tv/motorola/page1 .
html) Once you have that loaded up all you need to do is hit "tools' at the top and "custom animation ." Now from here it's
pretty straight forward. All you have to do now is check the box on the left of the start-up and shutdown animations and locate
where your .gif files are on your computer. Then restart your phone and your done. (you can follow the same steps for putting
on your own start-up and shutdown sounds)
Cleaning Inside the LCD
This used to really bug me with my phone. No more than a week after I got it, there was dust accumulating under the screen.
I found myself rubbing the screen so much I was slowly going insane. So I looked into cleaning it out for myself, rather than
having to send it all the way to Motorola just for some guy to wipe it out. Here's how I did it. (Official manual, with pictures
here: http://www.mark-world .tv/motorola/pdf/Getting _the_dust_out.pdf .)
All you need is some sharp end tweezers and a new LCD cover . I found one at http://www.cellphoneshop .net. Use the
tweezers to pry under the LCD cover. Once you have it, just pull up and it should come right off. Now take your new LCD
cover, remove the plastic from it, and starting at the bottom, line up the new LCD cover with the inset. Be sure to apply even
pressure across the edges to make sure it sticks in place. Vuala !
Conclusion
Well that does it for my Motorola Razr V3 modding guide. I hope the pictures I added, courtesy of http://www.mark-world.tv/
motorola/page1 .html, has helped at least a little bit. By now you should have more than enough knowledge to do your own
mods without much help. Again, be sure to ask about anything your concerned about before you start modding . (It's your
phone, not mine. The info. I share with you has worked for me and should also work for you, but I will not accept
responsibility if you brick your phone. You have been warned.) I will be sure to work on a third and final edition to this series,
mainly consisting of little mods you can do to your phone easily. Well that does it for me. Talk to you soon.
About the Author
My name is Matt (M@) and I live in Canada, eh! I'm in my senior year of high school. I am athletic, outgoing, and have been
interested in technology ever since I got my first gameboy color, way back in the day. I mainly stick to cell phones,
computers, MP3 players and gaming consoles. My favourite food is Fettuccini Alfredo, and I love Mountain Dew. My email
address is chalupaman_99@hotmail.com .
Electronics Inventory Online
EIO is a versatile electronics surplus source
associating information with the distribution
of electronics, computer and
optical materials. We have implemented
interactive via e-mail, technical forums on
Liquid Crystal Displays, Charge Couple
Devices, Stepper Motors, Lasers, Laser Light
Shows, Microcontrollers, Holography, Fiber
Optics, Electro-Optics and EIO Products with
many more forums to come. We boldly
supply links to competitors, revealing
alternate and additional sources of surplus
electronics, along with providing a rich
. listing of information on events (trade shows,
swap meets, conferences, etc.) and
resources such as web sites, magazines,
newsgroups, and information of interest to
the technologically inclined.
Be sure to check us out at: www.eio.com
Electronics Inventory Online
22412 Normandie Ave, Unit A, Torrance, CA 90502
TEL: (877)-746-7346 (310)533-5150
Blacklistedl411 Volume 8 Issue 3 - Fall 2006 25
By: Hevnsn t
What happens when you place 6,000 of the worlds best hackers in one hotel? Stuff gets hacked, normally the hotel's
stuff, This year, Surbo and I wanted to change that -- and this is the story of how we did it. We made the sacrifice to
put our lives on hold and go to Las Vegas (yeah it was rough) to mingle with the worlds best hackers. As we got there
and checked in we were given the lowlyest of badges, the "General Population" badges -- referred to as the "Human
Class". Don't get me wrong, Joe Grand (of GrandldeaStudios.com) did a great job on the badges, but did I-hacked
staff deserve the plain "Human" class badges? We certainly didn't think so, later we will discuss how Joe's design
ultimately led to the compromising of Defcon .
After we had rece ived our badges, we made a short trip back up to the room to do a little modding to the badges . After
10 minutes of pulling apart official I-Hacked Throwies and soldering we had modded our badges to stand out from the
crowd . Happy but not satisfied, we strutted our stuff among the crowd as quite possibly the first to "mod " their
badges. As we explored the convention center we found our way (passed some velvet rope) to a hallway that was
protected by a guard . Without any discussion between us, we both knew that we wanted passed the guard. As
nonc halantly as possible we struck up a conversation between the two of us and tried to walk passed the guard as
though we were meant to be there. Politely yet firmly the guard told us: "Red Badges Only" and told us to leave.
As I had been to a 'Con before, I knew that "Red Badges" meant one thing, and one thing only . Goons. The holy grail
fear of any Defcon goer, the goons are the elite of the defcon staff We wondered what wonderful things they had
down that hallway, sure ly they had gigabit connections, imported beer tilled swimming pools, and rainbows made of
skittles. We had to get back there to find out. We decided it was time to figure out exactly what the other color badges
looked like. Surbo put on his social engineering hat and asked the registration desk : "What are the red badges for?"
The goon who at the time was wearing a red badge replied smugly "You have obviously never been to a con before."
While surbo's job was to pull information from the registration guy, my job was to get a close inspection of the badge.
At this stage we were still gathering information, an important step in any hack. Gather as much information on yo ur
target as possible, then take your time and have a beer.
Speaking of beer it was time to hit the strip, we packed up and walked down to the main strip. We toured a lot of the
diffe rent bars around, but because it was a thursday night nothing was really happening. Th is was not my first trip to
vegas, but I still wante d to see all the street shows again. As surbo and I walked up and down the strip we stoppe d to
see-the Treas ure Island show (pirates kick ass), some guy who was doing incredible artwork with spray paint, and
some really crazy bands performing in each one of the casinos we ducked into to grab a beer along the way. Anyway,
enough about vegas, lets get on to the hack already.
The next day (friday) was the beginning of Defcon and the crowd was among us. The amo unt of people that showed
up for this years defcon was absolutely staggering. I don't know the oflicial number but I do know that it was well
over 6,000.
We had had a night to discuss what we tho ught about the badge . We had already scanne d our badges with our favori te
RFID Scan ner (APSX RW-310) and could not find any trace of signal. Our program manual stated that Joe Grand
would be giving a talk about the badges the next morning -- maybe he would talk about the differences of ours vs. the,
other color badges .
All the different colors avai lable
26 Volume 8 Issue 3 - Fall 2006 Blacklistedl 411
�During Joe's talk he started discussing the proces s of creating the badges. He mentioned that the cost per badge had to
stay below $5, so it became apparent that there probab ly wasn't any embedded RFID in the other colored badges. Then
he finally talked on how he created the different colors , he simply used a colored solder mask to create the different
badges.
BINGO. Thanks Joe!
The only difference between my badge (white) and a Goon badge is the Red color . On the way out of the speech, I
looked at surbo and I could tell he was thinkin g the same thing I was... Lets go visit the spray paint artist on the street.
Later that afternoon, we left our hotel and defcon festivities behind to go see the guy who would change our defcon
experience for exchange of nothing more than a I-Hacked throwie that he could place on his lamp. I showed him a
picture of the red badge that we would like to emulate, and he mixed and matched his colors to get it per fect.
Urn, I would like it Red Please.
Simply put, it came out perfect. As far as anyone was concerned we were now official Defcon goons . We only had
him paint the front of the badge red (and left the back white) so that we could later prove to the security staff how
weak their securit y measures where .. This later turned out to be a bad decision. (but I wont get into that jus t yet) =p
Later on that night at the private parties (as goons, we didn't have any trouble just walking in now) when anyo ne asked
if we were goons we would just nod our head yes and sw itch topics. We didn't want to blow our cover jus t yet. We
were in the penthou se suite, partying with the guys who put on defcon -- we introduced ourselves to as many peop le
as we could to get a few names to drop if needed .
Sat urday: Completely hung over, my only goal for that ent ire day was to see Dan Kaminsky 's talk on net neutrality.
As we finally made our way down to see his talk, we found the room to be completely full. No one else was being let
in. Surbo had noticed the day before that the Goon HQ was a skybox overlooking the particular conference room
where Dan was giving his talk. Being as though I really wanted to see this presentation, we made the call... It was time
to try out our goon badges.
As we made our way down the hallway , we passed the guard with out any incident. In fact she even stopped a few
other people who tried to surf in with us. (Sorry guys, apparently you need a Red Badge to get past her =) We were
now past the guard , finally in "Goon-Land". We tried door I, Locked. We tried Door 2, Locked ... Arrgh Out of
desperation , Surbo knocked on door number two. A few seconds one of the largest goons I have ever seen opened the
door and asked what we wanted . Surbo said "XXXXXX told us to come up here to watch Dan, to give up some seats.
(XXX XX's name has been removed to protect him, lets just say it was one of the names we snarfed from the party the
night before)
Without hesitation, he opened the door and took us out to the balcony. Now unless you were there you can't imagine
the tension. We are co mpletely surrounded by goons, in their room, with fake goon badges . I snapped a few pictures
as proof from there as discreetly as possible, but they turn ed out horrible . None of the other goons were taking
pictures so I figured I should lay low with that.
Blacklisted l411 Volume 8 Issue 3 - Fall 2006 27
�During Dan's talk, a goon walked out on the balcony with a huge juicy steak. We hadn't eaten yet, and damn that thing
looked good. As soon as the talk was over I asked the goon "Where did you get the steak?" and he looked at me a little
weird and said "The Refrigerator" and then walked me into the kitchen and showed me exactly where .. =)
Fast forward to later that night. The badges opened up more than physical doors. We were now invited to the best
party of the 'con (Ninja Party absolutely rocks) where I had a few too many drinks . After bouncing between Ninja, the
White Ball, and the pirate party (all of which I continued to drink) surbo decided to leave me to my own fruition.
(Mistake # I)
Well my liquid courage had set in, so I figured that I would go tell the goon squad exactly what I felt about their
physical security and identification methods. I stumbled right passed the security guard, and at no time did I question
what I was about to do. (Mistake #2)
Ready for mistake #3? I threw open the door to Goon HQ, and was presented with a room full of goons (Seriously it
was somewhere around 4am, and there was probably 15 goons in there) and sitting in a chair right in front of me was
the head of security, Priest. (Which btw if you have never seen him, is a big dude) Undaunted, I began my speech
about how I was able to bypass all of their security methods using a can of spray paint.
Lets just say, that this probably wasn't one of my shining moments. Sure, I had proven that I could bust their security.
I had proven that when it really comes down to it, I have a sack of fortitude, and I had proven that after all that beer I
really need a second opinion on things. =)
Priest was incredibly cool, and although he confiscated my badge he told me to get a hold of him in the morning.
Sunday morning I found Priest; and after a stem warning about next year he told me. "Good job, you hacked defcon.
You made it past our security . For that, I am going to get you another badge, another WHITE badge" I of course
appreciated this, but I asked for my original badge back, I mean it meant so much to me. He told me that it had already
been destroyed, but I like to think that he has it hanging up as a memento of Defcon 14.
Fare well Badge, thanks for all the fun.
Sure this wasnt the most "Elite" of hacks out there, but it really goes to show how something as simple as spray paint
can be used to circumvent some of the most sophisticated security forces. I hope you liked the story, and I can't wait
for DCI5.
28 Volume 8 Issue 3 - Fall 2006 Blacklistedl 411
� Defcon Physical Security Hole
Written by: Matrix
My name is Matrix. No , that's not my real name , but people know me by this name. I'm a regular Defcon attendee.
I'd like to think that most of the other regular Defcon goers know me very well. For those who do not know me, my
specific daytime job is supervising physical security at a nameless technology center. Enough about me. Let's get
back to the subject of this article : Defcon. I have been attending Defcon for well over a decade. One could
reasonably argue that I'm one of the original attendees. I mention this, why? During my many trips to Defcon, I've
witnessed just about every conceivable situation over the last 12 events. I was sure that I've seen everything possibly
imaginable.
I attend Defcon for a couple of reasons. Well, three if you really care to know. I like to party. I need not explain . I
enjoy technology. Again, no explanation necessary. I enjo y the company. I like to surround myself with the kind of
forward thinking people who attend Defcon for personal satisfaction and to help expand my job skills. My job
depends on understanding how people think. Who better to learn from than the best of the best. Oh, I also enjoy the
various competitions and speaker presentations. I particularly enjoy the scavenger Hunt. Shouts to Vegas 2.0!
This year, while I was somewhat apprehensive of the new venue, I was happy to stand in line and wait it out. What
appeared to be yet another " typical" event, I quickly changed my tune. I was immediately aware of a possible security
flaw when I got my first glimpse of one of the Goon badges. Those beautiful RED badges! The possibilities began to
spawn while I stood there. I tuned out my buddies and began to consider the options.
Here was the key problem with Defcon security this year. The ·ONLY· difference between the goon badges and the
human (uh, that's us regular folks for those who don't know the lingo) was only a matter of color. The color of the
solder mask, that is. Goon badges were RED and human badges were WHITE. It was conceivable that simply
painting the white badges with red paint would grant immediate access to goon territory. I later found out that I was
correct. Very correct!
You see, in the security field, difficult to duplicate VSE 's (or visual security elements) are vital to a strong physical
security barrier. Without this , anyone with the know-how can easily bypass this most basic first defense and render
the entire security solution useless. The most basic VSE is an "overt" VSE which means that the security element (in
this case, the color of the badge) is easily visible to the human eye. Overt VSE's are designed to make ID
authentication easy to verify, Next, you have Covert VSE's which are, you guessed it, not visible to the human eye.
An example of this would be a hologram or "invisible inks" which will appear under a black light. Hidden text and
"micro" text are some other examples. Last is Forensic VSE's. Just like covert VSE's, but much harder to detect-
and to counterfeit. This typically entails the use of nano-text.
Defcon used an overt VSE, obviously. They do this every year. The objective was to create an overt VSE which is
easy to authenticate, but difficult to duplicate. Given the limited time span of Defcon, it's conceivable that they were
aware of this situation, but accepted the risk factor. Either way, they failed with the implementation of their VSE . It
was easily overcome with a $1 can of spray paint. That sounds bad no matter how you word it.
Now, it was all a matter of finding some of that paint I keep talking about. Have you ever tried to find a can of paint
in Las Vegas? It sounds easy, doesn't it? However, I had no idea where to look . I didn't learn about the street ven dor
with the paint until much later, but I was still able to pull off nearly the same exact hack. I don't really consi der this a
hack, but more of a type of social engineering. Who really wants to argue over the difference, though? Suffice to say,
SE is a type of hacking. I believe most readers would agree with that sentiment.
I asked David and Carl if they could go find some red paint. After I explained what was on my mind, they wandered
off and I didn't see them for another 3 hours. Later that evening, I found them hanging out with Alex from
Blacklisted 411 Magazine. I asked if they had any luck and they quickly produced a can of spray paint from one of
their backpacks. I was jazzed! They mentioned that they had bought it at Wal-mart and it was "really cheap."
When I got back to our room, I didn 't waste any time . I pulled apart my badge (yes, I brought my tool kit with me.
Complete with soldering iron), painted it up on both sides and let it dry . I reassembled, checked that it still functioned
and set it aside. As promised, I painted up Dave and Carl's badges, too. A Ilnle while later I caught myself staring at
the badges. I was daydreaming about all the possible situations I may possibly get myself into . Anything from
getting kicked out to receiving a pat on the back. Honestly, I had no idea what to expect if I got caught. I sucked it up
and ventured out.
Skipping ahead, I found the secure goon entrance very quickly. How could I have possibly missed it? I was able to
walk right by the "guard" without incident. It worked! Could it be that simple? I kept telling myself that they knew I
wasn't supposed to be there and they were just fucking with me . Just waiting for the right moment to snare me. For
Blackllsted l 411 Volume 8 Issue 3 - Fall 2006 29
�the first 30 minutes or so, I was worried about it. As time passed, I slowly found my comfort zone and eased up on
the worries . I began to open up and sociali ze with the other goons, trying to collect as many names as possible.
Nobody seemed to suspect a thing and every one was very open with me the ent ire time. I wanted to take some
pictures of a few things , but I felt that it may appear too suspicious. I didn 't see anyone else taking pictures, so I
followed their example. After maybe an hour of wanderin g around in the backstage area, talking to various goons and
enjoying the fact that I was getting away with something otherwi se unheard of, I became bored with my new found
free-pass and deci ded to bailout.
The next day, I brought Dave and Carl with me and we slid right by the guard again without incident. I showed them
around and introduced them to several of the goons I met the day before , all who shall remain forever name less. My
buddies were obviously nervous . No doubt it was because they were up so close to the goons . I played off of their
terror and poked some fun at them. Sor ry Dave, 1 co uldn' t help it. I explained that it was thei r first yea r and they
were a bit overwhelmed . The statement was reasonable and nobody questioned it.
During my time in the restricted areas, I had an opportunit y of see ing a real goon badge up close a few times .
realized that my pa inted badge was severa l shades too dark. Nobod y else seemed to notice it, though .
While I applaud Defcon and Joe Grand of GrandldeaStudios.com for their efforts in trying to make a unique badge for
this year-which they did succeed in doing, I can' t help but be sadd ened that they overlooked what I cons ider to be
the most basic physical securit y principl es. Yeah, make it easy to authenticate, but come on. All it took was $1 and a
little of my time to open up the doors. I understand that cost is a major factor in the produ ction of something like this
and I realize that they were most likely awa re of the possible risk and decided to accept that risk. No harm was done,
it was only a learning expedition. However, I would sugges t that the next DC goon badge implement more security
features. The least costl y method would be to use a different shape/s ize or go with a material which doesn't lend itself
to being so easily re-color ed. Of course, anything can be bypassed with enough determ ination and time.
I found out at a later point in time that we were not the only ones to have beaten the physical security at Defcon this
year. While Hevnsnt had the gon ads to report his finding s d irectly to Priest during what was probably the most
inoppo rtune moment, we can't make the same claim. We remained anonymous in our activities. Our intent was to
provide a proof of concept. 1 believe we succeeded in our goal. I'd like to state for the record, however, that I did fess
up after the event was concluded. Everyone was cool with it. They appeared to treat the breach as trivial. I even got
to keep my painted up badge! Thanks for being so cool , guys.
Defcon is an awesome event. I can't wait to see everyone there next year.
III~ (~I{I. rsren -n r ,TilN'rS ¥()(JII
il lrr"T
()III{
Are you an artist? Do you li ke Bla ck listed l 411? Coul d you us e a few bucks? Well, if you 're looking for
work we have a job waiting for you ? If yo u' d li ke to sho w off som e of you r talent and pick up this gig . why
not send us some hardcopy samp les, send us a disk w ith yo ur samp le artwork or email us. We'd be
happy to look over your work an d co nsider br ing ing you onboard or pu rchasing your photos outright
We can even arrange a free s ubsc ri pti on or make some other arrangement if you 'd like. If you 're
interested, take a look through the magaz ine and make note of the existing artwork and our topics. Think
about it and try to come up with someth ing comp letely or ig ina l w hich coinci des w ith the overall theme of
the magazine.
Here's who you send your artwork to:
Blacklisted! 411 ARTWORK
P.O. Box 2506
Cypress, CA 90630
We WANT to hear from yOU. ...don 't dela y - just send us what you have. We prefer
freehand artwork on PAPER, but will accept in high reso lution (if at all possible) computer
graphics formats: TlF, TGA, JPG , GIF. PS D, PCX and mo st ot her pop ular image formats.
We look forward to hearing f rom you . If yo u have addi tio nal qu esti ons, sim ply contact us
through our website :
30 Volu me 8 Issue 3 - Fall 2006 Blacklistedl411
� ~Ii1A=tL CA=ti)~ 10 1
BACK TO HARDWARE HACKING BASICS
Written by: Zachary Blackstone
Have you ever started what would otherwise be a simple hardware project only to find yourself deep in the middle of a
journey through hardware hacking? It happens to me a lot more often than not. In fact, it happens to me so often, I've gotten
into the habit of taking step by step notes and photographs along the way. It's a good idea for a many reasons. I'm going to
share my latest experience with you because I thought it was somewhat interesting. I'd like to mention that I went overboard
in my "testing" before doing any actual hardware hacking. I only ' partially' did this for presentation purposes.
So, let's roll back three years. No, let's go back even further. Motorola was plugging away, producing a smart card system
for various commercial uses. Their Smart Information Transfer (SIT) division was bought by Atmel in 1999. At the time, all of
the smart card technology assets of Motorola passed onto Atmel. A few years later, a few Motorola offices throughout the U.
S. closed up shop. One such office happened to be [relatively) close to the Blacklisted 411 Magazine offices . Being that the
staff of BL411 are a bunch of technology junkies, we had an opportunity of looking over the assets of the office in question
before they (Motorola) brought in the trash man to haul every1hing off to the dump.
Typical of a office shutdown, there were plenty of cubicles, desks, chairs,
shelving, components, paperwork, phone systems and various other office
knick knacks up for grabs. It was a free for all. Luckily, we were one of
the first to the scene, so we had first dibs on most of the items others
might overlook - programmers, internal memorandum, tech notes,
technologies of all types, etc. However, we found one interesting stash
we hadn't conceived. Piled away in one room was the remnants of their
former SIT division's latest project. It was a fUlly manufactured Smart
Card. No, not just the smart chip. Rather, a smart chip embedded within
a credit card sized (CR-80) plastic card. And I'm not saying there was
only one of these. Try "hundreds-of-thousands" on for size. First thought
at the time was, "cool, they're free so let's take 'em all!" And take all of
them we did. Thank you Motorola!
Ok, fast forward to 2006. Early this year we introduced the first-ever
hacker membership card to our subscribers. It was met with an overall
warm response. Ok-that'll do. So, I've been considering my options for
a new membership card for the 2007 year. I've thought about doing
another one made from stainless steel just like the 2006 model. I've
Figure 1 • X2 Coolsat Card Reader. considered producing them from brass or maybe even aluminum. I was
sitting at my desk three days ago thinking about this topic yet again, while
I was browsing the internet for something interesting to occupy my thoughts before everyone else arrived at the office. Low
and behold, I stumbled upon the free to air (FTA) satellite receivers again (a SUbject for another article, perhaps). I really dig
the X2 Coolsat 6000 model., so I began my standard search pattern. Check google, check ebay, take notes and compare. I
immediately noticed the X2 Coolsat Smart Card Readers (figure 1). At that moment, it occurred to me that we still had those
smart cards in the warehouse-somewhere. I dropped every1hing and proceeded to recover those cards.
After an hour of collecting dirt and dust on my brand new Hack the System
shirt while digging through shelving unit after shelving unit, I located the MIA
cards. I grabbed a small box of 1000 cards and brought them back to my
desk. I pulled out a handful of them and started taking mental notes about
the physical characteristics of the card. I immediately noticed a small
anomaly-at least what I considered to be a possible problem. The pad
layout of the smart device didn't look quite right. It appeared to have 10 solid
pads (figure 2). We all know that ISO 7816 (the standard by which all smart i
cards are designed) specs out an 8-pin pad. Hmmm. I began my search for ,
tech docs on the smart card. A brochure, a tech spec doc from Motorola... ,
from Atmel. A photograph of the card from any other source on the net.
Nothing.
Figure 2 • Smart Card with 10 pin lay out.
I decided to do some destructive testing of the card. The first
sacrificial lamb was stripped of the plastic backing (behind)
the smart device (figure 3). My intent was to expose the chip
inside of the card and find the identifying chip part number.
After taking a blade to it, the plastic didn't put up any notion
of a fight. It was clear, however, that there was no markings
of any kind. I went a step further and separated the chip from
the gold pad leads, hoping I could discover something useful.
I was successful in this attempt. Not only did I learn that the
chip was well connected to the gold leads I was trying to
remove it from, but I also noted that the chip had 6
connections. ISO 7816 only utilizes 6 signal/power lines.
Ok, so I had a little more info. It was starting to add up.
Figu re 3 • Smart chip exposed, no markingsl
Blacklisted l 411 Volume 8 Issue 3 - Fall 2006 31
� Figure 4· Photo on left clearly shows that the Smart Chip (SC) is offset slightly higher than a standard ISO 7816
sample card.. Photo on right shows that both chips are placed in identical horizontal locations.
Additionally, I cut up a few more cards , trimming away two sides of plastic away from the card so I could compare the pad
layout to a known 7816 compliant card (Dish Network access card). See figure 4. What I found what that the spacing was
off ever so slightly. Essentially, the middle six pins appear to line up within a 7816 socket, but the outer four pins don't quite
cut it. I marked the card accordingly with the corresponding pin designations. I'll check that later. I also noted a few wires
around the outer edges of the card when I cut them. That was unexpected !
Eventually I posted about this topic on the BL411 forum and one of the staff responded with a tidbit that set me in the right
direction. Deadpainter (a staff member) suggested that the card looked similar to the Calypso Card (used for fare collection) .
I checked out the link and immediately focused on the embedded smart device's pad layout. Strikingly similar, to say the
least! It too had a 10-pin layout. Ahh, I felt as if I was on the right track. In addition to this I also noted that the brochure
mentioned that the card-the 10-pin card-was ISO 7816 compliant. Interesting. It's also IS014443 (A&B) compliant., which
is for a contactless connection , opposed to ISO 7816 for CONTACT connection. So, the card has both contact and
contactless standards. I was extremely intrigued by this discovery .
I went back and looked at the card I had cut and noticed that it indeed has a loop antenna embedded within it. It has exactly
three loops all the way around. I took the time to determine the layout of the embedded antenna . So, it looks like we have a
dual standard card in our grasp. I'll get back to this subject later on in the article.
Ok, now I'm going to backup a little and explain ISO 7816, ISO 14443 and try to get everyone up to speed on the lingo.
Overall, it's pretty easy to get a handle on, so you guys shouldn't have any trouble following along. ISO 7816 is an
international standard by which electron ic cards, in this case smart cards, are described and manufactured . There are
several parts to the standard which I will only touch on very lightly.
7816-1, that is part 1, describes the physical characterist ics of the standard . It was created in 1987 (yeah, a long time ago)
and updated as late as 2003. It describes exposure limitations to x-rays, UV light, EMF and temperature . It goes on to
define how far much stress the card should be able to withstand by bending or flexing. Surprisingly, these cards are a lot
tougher than you'd think.
7816-2 defines the dimensions and locations of the contacts. This part was created in 1988 and last updated in 2004.
describes the number, function and position of the contacts . A table which identifies the ISO 7816-2 standard is below.
Contact Designation Use
Cl Vee Powe r connection through which opera ting powe r is supplied to the micropr ocessor chip in the card
C2 RST Reset line through whic h the IFD can signal to the sma rt card's micro processo r chip to initiate its
reset seque nce of instructions
C3 CLK Clock signal line through which a clock signal can be provided to the microprocessor chip. This line
control s the operation speed and provides a com mon framework for data communica tion betwee n
the IFD and the ICC
C4 N/C No co nnection . Reserved for future use.
CS GND Gro und line providi ng common electrica l ground between the IFD and the ICC
C6 Vpp Program ming power co nnection used to program EEPROM of first generation ICCs.
C7 110 Input/out put line that provides a hal f-duplex communication channel betwee n the reader and the I
smart card .
C8 N/C No co nnection. Reserved for future use. 1
I'm going to skim over the next few parts 0I11y because they're outside of the scope of this article. 7816-3 describes the
electronic signals and transmission protocols. 7816-4 describes the industry commands for interchange. 7816-5 describes
number system and registration procedure for application identifiers. 7816-6 describes industry standard elements . It goes
on through part 15 which specifies cryptog raphic functionality.
32 Volume 8 Issue 3 - Fall 2006 Blac klisted I 411
�ISO/IEC 14443 is a four-part international standard for Contactless Smart Cards operating at 13.56 MHz in close proximity
with a reader antenna. Proximity Integrated Circuit Cards (PICC) are intended to operate within approximately 10cm of the
reader antenna. These proximity "contactless" cards are typically of credit card sized form factor (which is separately defined
by ISO 781Q-yeah, all this ISO stuff can get confusing) . This standard consists of four parts and also describes two types of
cards: type A and type B. The difference between the type A and B are with respect to modulation methods .
Part 1 defines the size and physical characteristics of the card. It also lists several environmental stresses that the card must
be capable of withstanding without permanent damage to the functionality. These tests are intended to be performed at the
card level and are dependent on the construction of the card and on the antenna design; most of the requirements cannot be
readily translated to the die level. The operating temperature range of the card is specified in "Part 1 as an ambient
temperature range of O°C to 50°C.
Part 2 defines the RF power and signal interface. Two signaling schemes , Type A and Type B, are defined in part 2. Both
communication schemes are half duplex with a 106 kbit per second data rate in each direction . Data transmitted by the card
is load modulated with a 847.5 kHz subcarrier. The card is powered by the RF field and no battery is required.
Part 3 defines the initialization and anticollision protocols for Type A and Type B. The anticollision commands, responses,
data frame, and timing are defined in Part 3. The initialization and anticollision scheme is designed to permit the construction
of multi-protocol readers capable of communication with both Type A and Type B cards. Both card types wait silently in the
field for a polling command. A multi-protocol reader would poll one type of card, complete any transactions with cards
responding, and then poll for the other type of card and transact with them.
Part 4 [ISOIIEC 14443-4:2001(E)) defines the high-level data transmission protocols for Type A and Type B. The protocols
described in Part 4 are optional elements of the ISOIIEC 14443 standard; proximity cards may be designed with or without
support for Part 4 protocols. The PICC reports to the reader if it supports the Part 4 commands in the response to the polling
command (as defined in Part 3).
Ok, now that I've given you a short lecture on the ISO's involved with smart cards, let's get back to the hardware hacking.
Many of the readers would probably ask me, "why don't you just shove the card into a standard smart card slot and see what
happens?" Well, anyone who actually knows me, wouldn't bother asking as they know I'm a stickler for the details. I like to
research an unknown as much as possible before I dive in. It's all about saving my equipment from certain death. If you've
ever taken an electronics class, just think back to the guy in the corner who's projects blow up when power is applied . That
guy isn't me. :-)
Now, given the information I have, I'm reasonably certain that middle six pins of MY card will line up with a standard ISO
7816 socket. Next step is to insert the card into a socket which isn't powered up so I can visually confirm pin alignment.
Sounds easy, right? By all accounts, it should be a piece of cake to jump through this hoop and move onto the next step.
Figure 5 - Example of standard Smart Card inserted into ISO 7816 socket.
If you go back and look at figure 4, you'll notice that the slight difference in height of the placement of the smart device on my
card should make a difference when inserted into a socket. I attempted the procedure and just as I suspected, the pins of the
socket align perfectly with the middle six pads of the card. However, the top 2 pads and the bottom 2 pads don't align with
any of the pins of the socket. The sockets pins C4 and C8 don't mate up with the card, but that's OK since both of those pins
are designated "N/C" or "No Connection" anyway. That means they're not used... .yet. It appears that C1, C2, C3, C5, C6
and C7 (all necessary for complete connection to a smart card) are actually making contact with the card. This is a very good
sign that the card will work in a standard ISO 7816 card reader and encoder.
Blacklistedl411 Volume 8 Issue 3 - Fall 2006 33
� ..
Figure 6 shows a scan of the actual smart chip contacts from my smart
card. I've superimposed the contact designations which are derived from
where the pins of the card socket connect when the card is inserted.
What bothers me is the top right corner, that I've indicated with an arrow.
If you look at a normal smart card's contacts, the upper right corner, which
is always electrically connected to the middle of the device, is the ground
or C5 designation. The fact that the socket places C5 at the contact just
below the corner really bothers me and makes me second guess "just
plugging it in". Vcc and Gnd across the wrong pins of a device can spell
sure destruction of said device. The likelihood of destroying my
equipment? Not likely, but possible nevertheless. I need to find some
additional evidence that this is the correct pinout. Some specs on the
device would be very useful right about now. Chances of me getting the
needed documents? Unlikely. Ok, so off to the bench to do some quick
Figure 6 • Scan of our smart device. comparative testing to determine if I'm on the right track or not.
To further describe the difference between the contacts of the standard 1507816 and my card, I'm going to draw up a couple
of samples of the standard card and my card to illustrate how the connections are being made in the socket.
Vee
CI
- I - CS
Ground
Reset
C2
- - C6
Vpp
Clock
C3
- - C7
I/O
-
N/C
C4
- I -
Figure 7· Standard Smart Card Pinout
C8
N/C
I
Vee
CI
- - CS
Ground
Reset
C2
- -
-
C6
Vpp
Clock
C3
- - C7
I/O
I
Figure 8 • My Smart Card Pinout
What's the easiest way to test for Vcc and Ground? Who
needs fancy equipment. Use a multi-meter and check for
resistance. You'll almost always get a reading across VccJ
Gnd. Naturally, I have just the tool I broke out my handy
dandy Metex multi-meter (it's an old model M-4650 of 80's
flavor) and did some quick measurements. First, I checked
the satellite card to ensure I was getting a good read off a
• known Vcc and Ground pair. I then went over to the
, unknown card and tested across the very top two pins (figure
10). No reading. I then tested across the next two (figure
11). Bingo! Sure enough, the corresponding pins that I
designated as C1 (Vcc) and C5 (Ground) above in figure 6
was very likely to be correct. What do the pins above these
two do? Not sure yet. I'm not too interested in those pins
'~L . .....
~_ right now. I'm delighted that it looks like this card may be
7816 compliant for the most part. It may not be compliant
with ISO 7816 Part 2 with regard to C4 and C8 not mating up,
but that's beside the point.
Figure 9 • My extensive testing of the two cards.
34 Volume 8 Issue 3 - Fall 2006 Blacklistedl 411
� ..
Figure 10· I first tested across these points. No reading at all. Probably not VcclGnd.
..
Figure 11 - I then tested across these points. I got a valid reading. Very likely to be VcclG nd.
At this point, I believe it's safe to assume that figure 6 is correct. Now onto the real tests. I'm going to install my smart card
reader and try to read one of these cards. Of course, my first thought was to create my own reader. Bargain basement
pricing smart card readers are under $20 now, so why bother? Upon closer inspection of my smart card reader, I realize that
it's not Windows XP compatible - no drivers for it. Sure, the reader is compatible with ISO 7816-1/2/3 standards and T=O,
T=1 microprocessor card protocols, but sadly no XP support. I'm not about to setup a 2000 box for this project. Does
anyone even remember Windows 2000? It was awful. Ok, so it looks like it's time for me to shop for a new Smart Card
Reader.
Fig ur e 12 - First attempt. SCM Microsystems Model SCR3310 (on the right) and Mo del 5 0 /010 (on the left) . Both
appear to support Windows XP and are touted as readerlwriter units.
So, after a little bit of research, I decide to try a couple of the SCM Microsystems models. The SCR3310 seems to be well
suited for my purposes, but I also picked up a SDI010 because it has "contactless" support. Remember that embedded
antenna I found inside of the card? Well, I think it's worth a shot looking into that a little more. And why not, these card
readers are relatively inexpensive, plus SCM Microsystems was gracious enough to send us some test subjects on their
dime. Thanks guys. You can check them out at www.scmmicro.com
Blacklisted I·411 Volume 8 Issue 3 - Fall 2006 35
� Figure 13 - Second attempt. Gemplus Model GCR410 (on the lett} and HackerHomepage " hous e model" (on the
right) . Both appear to be decent product, however the old school feel of the house model really does it for me.
Additionally, I spoke with the guys over at Hackers Home Page because when it comes to interesting hardware, they're the
place to contact. I told them about the article I was working on and what I was looking for, hoping they'd have some
suggestions for me. Not only did they have suggestions but, without hesitation, they sent out a couple sample units for me to
play with, The first was their own generic smart card readerlwriter and the other was a Gemplus GCR410 universal smart
card reader/writer. I can't believe the excellent support I'm getting for this article.
Visit Hackers Homepage at www.hackershomepage .com - they have a very interesting selection of gadgets,
A few days later, I had some packages waiting for me at the office when I stumbled in around 11AM (yeah, had a late night...
hey, even the old school hackers like to party). So, yeah, I had some packages waiting for me. Now that's what I like when I
show up to work. I thought maybe I had another care package from the dude in NV who always sends us crazy off-the-wall
junk. Nope, it was the card readers I had been so anxiously waiting on! I didn't waste any time, I grabbed the boxes and
headed to the lab. Once in the lab, I busted out those smart card devices and began to look 'em over.
At first glance, the Gemplus GC410 really caught my eye. What a nice piece of work it is.
The SMC Microsystems SCR3310 first appeared to be another run of the mill card reader, but I immediately took note
of the classy packaging. Yes, I pay attention to such details. Anyhow , the reader had a good feel to it-definitely a
well manufactured item. However, the unit was not bundled with any software which is a drag.
The SMC SOl010 is a contactless/contact smart card reader. This was packed just as nicely as their other model.
However, my first impression of the item was that it was a few notches better than the other model. I couldn't wait to
try this one out and see how that contactless mode worked.
Last reader I checked out was the "generic· unit from Hackers Home Page. At first glance, this one looked a little low-
end. But let me tell you something, it was the most interesting of the bunch. The bundled software is pretty slick and
looks powerful enough for my needs. Again, looking forward to trying this one out.
I connected the SCR3310 model first. It was a relatively easy install. However, the unit didn't come with bundled software
which was a bummer. So, now the search for some generic Smart Card software begins. Where better to start than the
SCM Microsystems website.
I visited www.scmmicro .com and immediately found their product driver page. I downloaded the version 4.14 drivers and the
V8.06.001 English installer for firmware revision V5.21. Installation was easy and no problems encountered. The device was
recognized immediately and everything appeared to be functioning correctly. I checked out the developer tools and utilities
section of their website. I was somewhat displeased with the selection of tools, so I went elsewhere .
After only minimal searching , I found IS07816Prog and SmartCache (www.smartcache .net). Both files are generic software
for use with 'any' smart card reader. Seems like it might just what I was looking for.
Ok, so SmartCache looks like it might be handy. However, IS07816Prog proved to be a useless program with no support
whatsoever, so I continued my search for another piece of software.
More on this subject later...
After extensive destruction of several cards , I was able to determine the antenna pattern and electrical connections. The
antenna consists of three loops of very thin gold wire which is laid out near the outer edge of the card. The antenna has
leads running directly into the area of the smart chip. I'm not sure if it's connected to the actual smart chip itself or a
secondary chip which is located near the smart chip. While this could be a completely proprietary setup, it's more likely that
it's either a 125Khz proximity card or a 13.56Mhz contactless smart card. Given the age, I'm going to go with the 125Khz
proximity card type. However, RFIO was around in 2003, so it's possible that this could possibly be a genuine contactless
smart card running at 13.56Mhz. Only the original docs for this card or physical testing will reveal it's true nature.
36 Volume 8 Issue 3 - Fall 2006 Blacklisted I 411
� 'r -y.'
~ 3 LOOPS OF GOLD WIRE ~
Sample
F(F
•
Motorola
Smart Card
'-~ ~
Figure 2 • Smart Card Embedded Antenna.
Since Motorola sold off their SIT division and Atmel doesn't have any idea what I'm talking about, it looks like we're going to
have to resort to physical testing. Hey, that's ok. I live for this shit. I'd like to first focus on the older 125Khz proximity
"standard" (I put that in quotes because it was a very loose standard) and, if that doesn't work, move forward to the
13.56Mhz contactless RFID/smart card standard. If neither work, it's possible that Motorola came up with their own
proprietary design in which case, I'm probably out of luck.
Figure 13· SmartCache screen shots showing data from a sample file.
Ok, back to software for a minute. After fiddling around with smartcac he for awhile, I've decided that I really just don't care
for it very much. Wh ile it does an OK job of reading the cards, it doesn 't offer too much as far as cool features . In fact , I'm
having a difficult time locating any decent software for this phase of the article, so I'm going to have to cut the article short
while I try to drum up some additional software. So, until next time, keep on hacking.
Blacklist ed I 411 Volume 8 Issue 3 - Fall 2006 37
�Build and program two high-quality SUffioBot robots designed to
wrestle in the mini-sumo competition ring (included in the kit)!
The electronics consists of asurface-mounted BASIC Stamp 2
module and an array ofinfrared sensors todetect your opponent
and the edge ofthe Sumo Ring. Additional components include
plezospeakers, resistors, push buttons and LEOs to build custom
breadboard circuits for program mode selection and sensor state
feedback. The hardware package Includes black anodized aluminum
chassis and scoops, servo motors, wheels, 4AA power packs
(batteries not included) mounting standoffs, and screws for two
complete SumoBot robots.
� SIJI11)I..IJS SC)IJI1(~I~S
Your Electronic Hobby / Repair Source list
Here's a small list of new and surplus electronics sources you may find useful if you're trying to build a project or repair a piece of
equipment. We've (lone business wit" all of these companies and personally recommend them to anyone. Don't forget to mention
where you heard about them. Ifyou want a company listed, contact us.
Action Electron ics Advanced Component Electronics
1300 E Edinger Ave # B, Santa Ana , CA 92705 1534 Berger Dr. San Jose, CA 95112
(714) 547-5169 (408) 297-1383
http://www .action -electronics.com/ http ://www .acecomponents.com
Active Surplus Advanced Computer Products
347 Queen Street West 1310 E Edinger Ave # A, Santa Ana, CA 92705
Toronto , M5V 2A4 CANADA (714) 558 -8813
(800)465 -5487 (416)593 -0909 Http ://www .acpcomponents.com
http://www .activesurplus.com
All Electronics Corp .
Active Electron ic Supplies Depot P.O. Box 567, Van Nuys , CA 90408
2015 -32nd Avenue N.E. (818) 904 -0524
Calgary , Alberta, Canada T2 E 6Z3 http ://www.allcorp .com/allcorp/
(403)291 -5626
http://www .active-tech .com Alltech Electronics
Active Electronic Supplies Depot 1300 E Edinger Ave # 0 , Santa Ana , CA 92705
6029 -103rd Street (714) 543 -5011
Edmonton , Alberta , Canada T6H 2H3 http ://www .malltech .com/
(780)438-0644
http://www .active-tech .com Alltronics
2300-0 Zanker Rd. San Jose , CA 95131
Act ive Electron ic Supplies Depot (408) 943 -9773
1350 Matheson Blvd . Unit 2 http://www.altronics.com
Mississauga , Ontar io, Canada L4W 4M1
(905)238-8825 American Design Components
http://www .active-tech.com 400 Country Ave ., Secaucus, NJ 07094
800-776-3800
Active Electron ic Supplies Depot
6080 Metropolitain East American Science & Surplus
St-Leonard , Quebec, Canada H1S 1A9 P.O. Box 1030, Skok ie, IL 60076
(5 14) 256-7538 (847) 647-0010
http://www .active-tech.com http ://www .sciplus .com
Active Electronic Supplies Depot
5349 Ferrier American Science & Surplus
Montreal , Quebec , Canada H4P 1M1 5316 N. Milwaukee Avenue
(5 14) 731-7441 Chicago,IL
http://www .active-tech.com (773)763-0313
http ://www .sciplus .com
Active Electron ic Supplies Depot
1023 Merivale Rd. American Science & Surplus
Ottawa , Ontario , Canada K1Z 6A6 33W361 Route 38 (1/4 mile east of Kirk Road)
(6 13) 728-7900 West Chicago, IL
http://www .active-tech.com (630)232-2882
http ://www .sciplus.com
Active Electronic Supplies Depot
1990 Jean -Talon SI. North Suite 109 American Science & Surplus
Ste. Fay, Quebec , Canada G1N 4K8 6901 W. Oklahoma
(4 18)682- 1130 Milwaukee, WI
http://www.active-tech .com (414)541 -7777
http ://www.sciplus .com
Active Electronic Supplies Depot
3790 Victoria Park Ave Suite 100 Ax-Man Surplus
Toronto, Onta rio, Canada M2H 3H7 1639 University Avenue
(416) 498-9886 SI. Paul , MN 55104
http://www .active-tech.com (651)646-8653
http ://www.ax-man .com/
Active Electronic Supplies Depot
3695 East 1st Ave Ax-Man Surplus 2
Vancouver, British Columbia, Canada V5M 1C2 1071 East Moore Lake Drive
(604) 654- 1057 Fridley , MN
http ://www .active-tech .com (612)572-3730
http ://www .ax-man .com/
Active Electronic Supplies Depot
106 King Edward SI. East Ax-Man Surplus 4
W innipeg , Manitoba , Canada R3H ON8 8008 Minnetonka Dlvd.
(204) 786-3 131 SI. Louis Park , MN
http ://www .active-tech .com (612)935-2210
http ://www .ax-man .coml
Blacklistedl 411 Volume 8 Issue 3 - Fall 2006 39
�B. G. Micro Electron ic Surpl us Inc.
555 N. 5th Street, Suite 125 Garland , TX 75040 5363 Broadway Ave ., Cleveland , Ohio 44127
(800) 276-2206 (216) 441-8500
http://www.bgmicro.com http://www .electron icsurplus .com/
Ball Electronics Electronics Warehouse
2960 W Ball Rd, Anaheim , CA 92804 2691 Main St, Riverside , CA 92501
(714) 828-1310 (909) 686-6186
http://www .the-ewarehouse.com/
Bob Roberts
bob147@bellsouth .net Ford Electronics
http://www.dameon .neUBBBB/parts.html 8431 Commonwealth Ave, Buena Park, CA 90621
(714) 521-8080
Boeing Surplus Sales http://www .fordelectronics.coml
2065 1 84th Avenue S.
Kent, WA Future-Bot Components
(425)393-4065 203 N. Pennock lane, Jupiter, Flo 33458
http://www.boeing.com/assocproducts/surplus/retail/ (561) 575-1487
http://www .futurebots.coml
C & H Sales
2176 E. Colorado Blvd., Pasadena , CA 91107 H&R Company , Inc.
(800) 325-9465 353 Crider Avenue, Moorestown, NJ 08057
http://www.aaaim.comlCandH/ (856) 802-0422
http://www .herbach .com/
Cal's Computer Warehouse
3083 Grandview Hwy Halted Specia lties Co. (HSC)
Vancouver , BC V5M 2E4 3500 Ryder Street , Santa Clara , CA 95051
(604)437-5551 (800) 4-HAlTED
http://www .goseeca l.com http://www .halted .com/
California Electronic & Industrial Supply Hi-Tech Surplus
221 N Johnson , EI Cajon CA 92020 605 #. 44th St., Boise 10 83714
(6 19) 588-5599 (208) 375-7516
http://www.californ iaelectronic .com/ http://www .hitechsurplus.com
Circuit Specialists Hoffman Industries
P.O. Box 3047, Scottsda le, AZ 85271-3047 853 Dundee Ave., Elgin, Il60120
(800) 528-1417 (847) 622-8201
http://www.cir.com http://www .hoffind .com
Davilyn Corp. Hosfelt Electron ics
13406 Saticoy St. 2700 Sunset Boulevard Steubenville , OH 43952-1158
North Hollywood , CA 91605-3475 (800) 524-6464
(800) 235-6222 (818) 787-3334 http://www .hosfelt.com
Http://www.davilyn .com
International Components Coporation
DC Electronics 1803 NW lincoln Way , Toledo OR 97391-1014
P.O. Box 3203, Scottsdale , AZ 85271-3203 (800) 325-0101
(602) 945-7736
http://www.dckits.com Jameco Electronics
1355 Shoreway Road Belmont , CA 94002-9864
DIGI-KEY Corporation (800) 831-4242
701 Brooks Avenue South, Thief River Falls , MN 56701 http://www.jameco .com
(800) 344-4539
http://www.digikey .com JDR Microdevices
1850 South 10th Street San Jose, CA 95112-4108
Edlie Electronics (800) 538-5000
2700 Hempstead Tpke ., levittown, NY 11756-1443 http://www.jdr .com
(800) 645-4722
http://www.edlieelectronics.com/ JGl Components , Inc.
455 Aldo Avenue , Santa Clara , CA 95054
Edmund Scientific (408) 980-1100
101 E. Gloucester Pike, Barrington , NJ 00807 -1380 http://www .jglcomp .comlhtmllindex.html
(609) 573-6250
http://www.edsci.com Johnson Shop Products
P.O.Box 160113, Cupert ino CA 95016
Electronic Goldmine (408) 257-8614
PO Box 5408 Scottsdale, AZ 85261
(800) 445-0697 Just In Time IC-s
http://www.goldmine-elec .com/ 4450 Enterprise St #113 , Fremont , CA. 94538
(510) 490-1377
Electronic Materials Recovery , Inc. http ://www .batnet.comfjustintime/xtal.html
3102 W. Thomas Road, Suite 902 Phoenix,AZ 85017
(602) 272-3200 Kelvin Electronics
email: emcphx@xroads .com 7 Fairch ild Ave , Plainview NY 11803
(800) 645 -9212
http://www .kelvin .com
40 Volume 8 Issue 3 - Fall 2006 Blacklistedl 411
�Mark Capps Sav-On Electronics
1842 Chrysler Dr Atlanta, GA 30345 13225 Harbor Blvd, Garden Grove, CA 92843
catfishh@bellsouth.net . (714) 530-0555
Marlin P. Jones & Assoc . Skycraft Parts & Surplus Inc.
P.O. Box 12685 Lake Park, FL 33403-0685 2245 West Fairbanks Ave, Winter Park, FL 32789
(407) 844-8764 (407) 628-5634
http://www .mpja.com http://skycraftsurplus.com
MCM Electronics Surplus Sales of Nebraska
650 Congress Park Dr., Centerville, OH 45459-4072 1502 Jones St., Omaha , NE 68102
800-543-4330 (402) 346-4750
www .mcmelectronics.com/ www .surplussales.com
Mendelson Electronics Surplus Shed
340 E First St Dayton, OH 45402 8408 Allentown Pike, Blandon, PA 19510
(937) 461-3391 (877) 7-SURPLUS
http://www .mecLcom/ http://surplusshed.com/
Mouser Electronics SURPLUS TRADERS
958 North Main SI. Manfield , TX 76063 PO Box 276, Alburg, VT 05440
(800) 346-6873 (514)-739-9328
http://www .mouser.com http://www .73.com
MWK Industries Unicorn Electronics
1269 W. Pomona, U112, Corona, CA 91720 1142 State Route 18 Aliquippa, PA. 15001
(909) 278-0563 (800) 824-3432
http://www.mwklasers .com/ http://www .unicornelectronics.com/
Ocean States Electron ics Vetco Electron ics
PO Box 1458, 6 Industrial Drive, Westerly RI 02891 12718 Northrop Way
(800) 866-6626 Bellevue, WA 98005
http://www .oselectronics .com (425)641-7275
http://www .vetcoelectron ics.com/
Orvac Electronics
1645 E Orangethorpe Ave, Fullerton , CA 92831 Weird Stuff Warehouse
(714) 871-1020 384 W. Caribbean Dr., Sunnyvale, CA 94086
(408) 743-5650
R-Vac electronics http://www .weirdstuff.com
23684 EI Toro Rd # 0 , Lake Forest , CA 92630
(949) 586-1210
RA Enterprises
2260 De La Cruz Blvd., Santa Clara, CA 95050
(408) 986-8286
http://www .angelfire .com/free/proto.html
WWW.HACKERSHOMEPAGE.COM
• VENDING MACHINE DEFEATERS
• GAMBLING MACHINE JACKPOTTERS
• MAGNETIC STRIPE READER/WRITERS
• CONTROVERSIAL HACKING MANUALS
• EMP DEVICES, RADAR JAMMERS
• LOCKPICKS, SMART CARD READERS
OUR 10th YEAR IN BUSINESS! (407)965-5500
Blacklistedl 411 Volume 8 Issue 3 - Fall 2006 41
�r- D J4Pt TER
U
,~ The ta lent of digging up valuab le items from a hea p of garbage
By Trash-O X
O
You may have heard the term "dumpster diving" a few times and wondered to yourself what it's all about. It's easy to imagine
it as a sport of some kind where someone jumps off a roof into a dumpster. I mean, there have been much more crazy
"sports" out there, so why not? Maybe, but that's not what it is. In fact, dumpster diving isn't really a sport but rather a way of
living. In a nutshell, dumpster diving is nothing more than the act of digging through the trash. I'm sure you know what a
"trash digger" is, right? Dumpster diving is what a trash digger does, most likely to make a living or to obtain something with
perceived value for no cost at all.
According to the dictionary jargon file, Dumpster Diving is defined as:
"The practice of raiding the dumpsters behind buildings where producers and/or consumers of high-tech equipment are
located, with the expectation (usually justified) of finding discarded but still-valuable equipment to be nursed back to health in
some hacker's den. Experienced dumpster-divers not infrequently accumulate basements full of moldering (but still potentially
useful) cruft."
Ok, but digging in the trash to make a living?! What, are dumpster divers bums or something? Not really. While you'll find
your average bum, hobo, transient, etc digging in the garbage for food, clothing or cans to recycle, this isn't the same breed
of people we're going to talk about in this article. We're going to focus on the people who seem normal (ie: have a job,
money, a home and most like a family as well) and find it worth-while to hop into the trash... Jor some reason.
Face it, a lot of people find value in other
people's refuse. One person may believe
something to have no value while another
believes differently. This concept is what
has made the idea of dumpster diving
become so popular. In fact, it's such a
popular subject, that there are websites
devoted to the topic. Now, that's pretty
amazing.
Ok, so let's get on with the article.
One day, you might come along a dumpster
such as the one pictured to the right. "Yeah,
so what?" you may think to yourself. It may
seem just like any other dumpster, but what
makes this one so different from your run of
the mill dumpster is the fact that there's
some hidden value in this otherwise plain
looking garbage. The lay person would
never notice this, so don't feel bad.
The experienced dumpster diver would
immediately recogn ize the obv ious
electronic equipment sitting on the top of the heap as being somewhat valuable. This would normally be enough to persuade
further investigation (ie: digging a little deeper). Upon a detailed inspection of the contents of this dumpster, the number of
valuable items obtained was large. The final results were quite staggering and a real eye opener.
Gathered up were about two dozen pieces of equipment
total. A quick look on ebay proved to get an initial valuation
of the equipment at roughly $200. The items were cleaned
up, tested, and listed on ebay (some listed "as-is" because
they did not function). I know, most people who read
Blacklisted! 411 probably don't like to use ebay, but for the
purpose of demonstrating "value" for the sake of a timely
completion of this article, I decided to offload the items in this
fashion to get quick results. So, the final tally once
everything sold on ebay (everything was listed 3-day with no
reserve) was over $700! To be honest, I was surprised by
the total. income from the material. Everyone paid and the
items were sent out. Done deal.
The point is, the garbage found in this one specific example
generated over $700 on the open market. Dumpster diving
truly is a way to make some money, either on the side or for
a full time living if you can handle it. Yes, these are ebay
42 Volume 8 Issue 3 - Fall 2006 Blackliste d I 411
�prices, but it's only one example of how this kind of find can be later sold to generate some decent money .
~ERESHOULDILOOK?
Where can you find scores such as the one described in this
article? All over the place I However, I'll try to help guide you a
r
little bit so you can find your own treasure trash.
Mainly , you will find these kind of dumpsters (the ones filled with
cool junk) behind industrial business centers . You'll also find
them being manufacturers of electronics and computers , but
their trash tends to be locked up and inaccessible. One of the
most overlooked places are the dumpsters behind THRIFT
STORES - they toss a lot of stuff they don't think they can sell
(you can find a lot of old computers and game consoles here) .
You can also check electron ic/computer store dumpsters,
bookstore dumpsters and video rental dumpsters. They all
usually have something worth grabbing . If you're not sure, look
in the local phone book for places such as the above and get
their address . Go there and take a peek in their trash . It can't
hurt .
IS IT LEGAL TO LOOK THROUGH SOMEONE ELSES TRASH?
Some cities and counties have laws against digging in the trash, so your best bet would be to ask the people/company who
dumped the trash if you can have it. If they agree, there's no issue of possibly break ing the law to deal with. If they say NO
and you dig anyway , there 's a good chance you'll get in trouble . You can take your chances, but remember, ignorance is no
excuse for breaking the law. Be careful and check with your local city ordinances on the subject. Don't trespass and don't
steal. Follow this and you should be fine.
IS THERE ANYTHING I SHOULD DO OR A CODE OF ETHICS?
Use some common sense and clean up any mess you may make during the process of a dumpster dive. In fact , even if you
don't make a mess and there happens to be a mess near the dumpster you're diving into, clean it up anyway to avoid being
blamed for it. Naturally , if you have to dig deep , you're going to end up making a mess. Clean it up when you're donel If
anything , this will help to ensure the dumpster will not be fenced in at a later date. If there's a fence surrounding the
dumpster , don't climb over it. The fence was put there for a reason , so respect it's limit.. If you hurt yourself during a
dumpster dive, don't sue the owner of the trashcan since you went out of your way to get into the dumpster in the first place .
Oh, and don't take the name ' dumpster diving' literally - in other words , don't actually ' dive' into the dumpster! Climb in,
carefully .
WHAT SHOULD I BRING OR WEAR?
A vehicle is usually a good start, but you should at the very least have a bag or a box to contain any findings you may come
across . Be sure you wear long pants and avoid wearing shorts . Bring some gloves as well . Further , you may wish to bring a
bottle of water (or a key for a water faucet - a lot of business centers have faucets with no key on them) so you can wash
your hands and a bottle of hand sanitizer. Try not to dress like a ninja (in all black) and dumpster dive at night - it looks too
conspicuous and people will make complaint calls to the police. Bad idea.
WHAT KIND OF STUFF CAN I FIND?
It's fairly easy to assume you will be able to locate any of the follow ing if you look enough :
Computers , televisions, stereos, VCR 's, DVD players , CD players, telephones, answering machines , electronic components,
wire, test equipment, magazines , books , software , furniture , and many other items of value.
What's somewhat interesting is that a lot of the electronic/computer ' reclamation' centers around today started with a guy
digging in the trash . No, seriouslyl I can name at least three VERY well known places in the area which started this way.
There 's still plenty of room for this cash-cow to spit out money for new people getting started .
In closing , alii have to say is ENJOY YOUR DUMPSTER DIVING!!
SOME INTERESTING WEBSITES TO VISIT:
http://www.frugalvillage.com!dumpsterdiving.shtml
http://www.dumpsterworld.com!
http://www.phonelosers.org/dd.html
http://members .aol.comITheDumpsterLady/thedumpsterlady.htm
http://mytrashy .com!
http://www.goddessofgarbage.com!
http://www.allthingsfrugal.com!dumpster.htm
http://www.thelivingweb.netldumpster_diving_for_fun_andJlrofit.html
http://www .angelfire .comlks/mcguirkldumpsterdiving2.html
http://www.net4tv .comlvoicelstory.cfm?storyid=3565
http://asuaf.org/-fsgpeldive.htm
BlacklistedI 411 Volume 8 Issue 3 - Fall 2006 43
�Greetings fellow collector. I have been collecting, buying and reselling integrated circuits (otherwise known as "chips"), electron ic parts
and equipment since the early 1980's. In the time that I have been doing this, I have grown to know first hand many sources who deal in
LESS THAN WHOLESALE priced chips, computer equipment, electronic equipment and parts. That's right, these items are available for
pennies on the dollar and this is literally, not figuratively speaking. Some of the things you will be able to find at rock bottom prices:
Intel, AMD, NEC and DEC gold chips, Macintosh computer equipment , EPROMs, EPROM programming equipment, vintage computers,
chips, parts, newer equipment , computer parts, brand new excess inventory chips...the list goes on and on.
Have you ever wondered about those $300 - $400 Intel C4004 chips for sale on ebay and wonder to yourself how much you cou ld get
them for if you knew the sellers source? How does $40 per POUND sound to you? It takes quite a few of these chips to add up to a
pound, so you can see the potential. The going rate for "gold" chips is in the range of $20-$45 per pound and you can buy this stuff all
day long at those prices... IF you know where. The sources I will reveal generally don't care what the chips are, only their bulk value.
This is where a person with the right knowledge can make a killing regarding resale of the same items.
I've seen these sources come and go by the dozens over the years. What few of these sources remain have been a very well kept secret
among the few in the know and to my knowledge, nobody has ever revealed these sources in an all in one information article before.
What is about to be revealed to you isn't "fluff' like a lot of other informational articles or those "e-books" provide, you know the ones
that claim they're going to reveal wholesa le sources to you and you end up finding out it's just a bunch of useless, and I use this term
loosely, information. Anyhow, the information I will provide you with is specific hardcore rock bottom priced sources which other
people use to obtain the parts they resell - even EBAY sellers! You can use this information right now and make money immediately!
Furthermore, it won't break your wallet to stock up on some parts for immediate resale....or collecting.
I'm officially out of the chip/equipment collecting/buying/selling business and since this highly secretive information no longer serves my
needs, I'm going to spill the beans once and for all which will allow a whole new generation of collectors and entrepreneurs to access the
massive opportunities us old-timers have had all to ourselves for decades. Are you ready? Be sure to check out each and every single one
of these places and BUY, BUY, BUY as much as you can -- stock up and resell until you're blue in the face. Don't forget where you got
this information, either -- a simple letter to Blacklisted! 411 telling them about the great deals you've found for yourself will do. I'm
going to be listing salvage yards, obscure retail locations and swapmeet sources. These are all worth the time to visit and explore.
First on the list is a favorite of mine:
SILICON SALVAGE
1500 N. DALE ST REET
ANAHEIM, CA 92801
TEL (714)523-2425
FAX (714)523-2552
EMAIL: sales@siliconsal vage.com
URL: http://www.sili consalvage.com
EBAY 10: SSINCI500
Type: Salvage Yard/Excess Inventory
Contact: Chuck Hulse
Alternate Contact: Dan (VERY cool guy)
This is by far the most interesting salvage yard of them all. Not only are they huge, but they have a very wide variety of stock to choose
from. The down side to this place is that they're very aware of EBAY and have started to price their items based on what they -might-
get for it on EBAY. There's still room to haggle, so don't give up on this one. They're a bit on the moody side as well. One day they
might be your best friend in the world, the next you might be treated like they never saw you before. It doesn't matter how much money
you spend at this place, you're just another customer. Try to remain calm and friendly at all times (even in the face of apparent rudeness)
and flash some money around (I recommend that you stick with cash only at this place). Whatever you do, don't waste their time and be
sure to arrive no later than 2:30PM if you want to buy anything. If you want something from them, be prepared to follow through and
spend on the spot.
This place has an INCREDIBLE supply of used EPROMS in -excellent- condition (pins real straight, stickers still on therrr- nothing a
little acetone bath won't fix right up). Going price is anywhere from $3nb to S5/lb for the EPROMs. Purchase them by the 5 gallon
buckets. (roughly 55-651bs per bucket). Generally, the more you buy, the cheaper per pound rate you'll get. You won't find a better deal
on better quality used EPROMS than this place! They also have a great selection of overstock components, sometimes still in the rails -
be prepared to pay a bit of a premium on these (whatever they feel like charging you that day). Whatever the price, you'll still be getting a
killer deal on the components. This place has a fully functional scrapping business going on each and every weekday - what this means is
you will have access to incredible amounts of recovered chips....if they're not recovering them already, tell them what you're looking for
and how much you'll pay for them (if ceramic/plastic, offer $4/lb - $5/lb, if INTEL brand chips, offer $6nb • $7/lb) and they'll usually
start saving them for you. Come back once a month and collect your spoils. This is a great way to stock up on old obsolete 6500, 6800,
68000, Z80 series processors and the support chips. I've found that with a typical purchase from this place, 98 out of 100 chips are
typically GOOD functional product. If you want gold plated Intel chips from these people, be prepared to pry soine hands. If you're not
equipped with the proper information, they'll hmm and haw and play the price dance with you. Just be prepared to spend $4onb and offer
it right from the start. Things will go more smoothly once you do this. Trust me.
44 Volume 8 Issue 3 - Fall 2006 Blacklistedl 411
�If you're looking for laser equipment, this place usually has an interesting supply of such material. I've seen everything from HeNe's to
full blown argon setups complete with power supply, fully functional and CHEAP! I once helped arrange a deal for a friend on a huge
load of laser equipment from Silicon Salvage and the entire load only cost S700 -- not badconsidering the amount of lasers. The person
whom which I arranged the deal for turned the lasers around and made S7000 cash while keeping two of the argon lasers for himself.
How's that for some fast cash? Only one dead HeNe in the pile - everything else was top notch product ready to sell.
Do you want hard drives, Macintosh computers, Silicon Graphics machines, network cards, ram chips or anything else computer related?
This is by far one of the largest computer scrappers I have ever seen. Again, pennies on the dollar for GOOD stuff] You will lind things
like Seagate Barracuda, IBM, Maxtor and WD hard drives, DIMMs, netgear, 3Com and Intel network cards, IDE, SCSI, Fiberchannel,
etc. The selection is quite stunning and very impressive.
If you're looking for scrap circuit boards, boy this is the place to be. I found a pile of Tektronix 1240DI and 1240D2 (9 channell IS
channel) acquisition cards headed for the grinder. I obtained them for S5/1b. Needless to say, this was an excellent price. I managed to
lind a couple of 1'6460 PODs the same day which were thrown in to the pile for free. Wow! I've also found tons of old arcade game
circuit boards heading into the same grinder-bound pile. Everything from old Atari Asteroids, Tempest and Spaceduel boards to more
rare Cinematronics boards. All were in non working condition, but easily repaired (nothing physically damaged on them). Again, SSlIb.
Can't beat that with a stick, I tell ya!
If you're looking for old equipment, they've got that too.... and lots of it. EPROM programmers, o-scopes, muhimeters, Huntron Tracker
circuit testers, Tek 1241 logic analyzers, they have it... or will have it sometime soon. God, the selection is simply stunning! The
equipment comes and goes all the time, so tell them what you want, tell them you'll I' AY and give them a way to get ahold of you. Let
me give you some for instances. What's the going rate for a Huntron Tracker 2000? How about the Tek 1241 logic Analyzer? How about
a Data VO 29B with LogiPack and Unipack 2B? I found each and every one of these for S25 each at this place. Fully functional and
worth every penny! This was a time when the Tracker was going for S700 on ebay, the 1241 was going for S1500 on ebay and the Data II
o was going for a cool S300. Times change and prices fluctuate, but I know you'll get a great deal on anything you buy from these
people.
GOLD'N WEST SURPLUS
346 AMERICAN CIRCLE
CORONA, CA 92880
TEL (909)340-1 SOI
FAX (909)340-1504
Email: sales@goldnwestsurplus.com
URL: hl1p:/Iwv.w.goldnwestsurplus.com
Type: Salvage Yard
Contact: Mark Pickering
This one is an oddity . If you walk in the front door, to the right you will lind yourself in a retail-style used computer showroom. Don't
bother with it. Ask the receptionist if you can check out the yard and warehouse. You may get an OK or they may just ask you what
you're looking for - your mileage may vary here. Just so you're prepared, this is what they have. When you walk into the warehouse, the
lirst thing you will notice are racks and racks and racks of old useless POS dot matrix printers. Stay away from this junk . Focus on the
circuit board salvaging. They have a full service board scrapping business going on in here. They have the most incredible selection of
gold plated chips I have ever seen in a scrap yard. You'll pay S30-S401lb for these, but you can pick and choose .
I've personally purchased a small pile of white ceramic Intel C4004 and Intel C 1702 E1'ROMs from them lor S301lb. I turned those
around quickly and made bank. Another time, I found a handful of CSOOS chips and a handful of the super rare G800S chips for the same
S3011b. The GSOOS's sold for over SSOO each to some very eager collectors! Anyhow , when I was there, I mainly focused on the
EPROMs they had for sale at S4/1b- S5/1bwhich was easy to tum around for S6-SI 0 per 27C4004 EPROM at the time. While the quality
wasn't nearly as good as that of Silicon Salvage, they had a lot to pick and choose from - and you could buy as much (or as little) as you
wanted. No "by the bucket" minimums here. The deals are so great though, that you may lind yourself buying a bucket or two anyway.
Aside from the EPROMs were tons of boards coming through with 6S000 microprocessors. I scrapped a few myself and bought them at
SS/lb. Every single 6S000 was in perfect condition and was tested GOOD. Anyhow , they have boards coming through with all the old
6500, lSO, 6S00, 6S000 processors as well as 4116, 2114, 6116, 6164 RAM chips. It's a part lovers dream particularly with the low
prices. You'll be able to spend days on end digging out those jewels for your own collection. The people arc rcally nice here, but please
be forewarned, make all purchases at the front desk and get a receipt!
They scrap a considerable amount of computers here, so it's worth mentioning that you can get yourself an awesome deal on used hard
drives, network cards and Pentium elass processors as well as scrap value SOSOthrough S0486 CPU 's.
You will also lind large amounts of electronic test gear over here. This is usually located in the hack yard area and may be swapmeet-
bound. If you make the right offer, you can get yourself some serious equipment for cheap. Prices fluctuate severely in this area, so I
cannot guide you directly , Offer low, when they make a counter offer, try about 20-30010 less than they want as a counter offer to them. It
usually works.
This one is simply a "must visit" if you're a chip collector or reseller of collectible chips. Period!
Blacklistedl411 Volume 8 Issue 3 - Fall 2006 45
�RECOMP GROUP (RECYL.CING)
1704 s. SANTE FE STREET
SANTA ANA, CA 92705
TEL.(714)542-3144
FAX (714)542-3145
PGR (800)938-7296
Email: greg@recomp .tv
URL: www.recomp.tv
EBAY 10: recomptv
Type: Salvage Yard
Contact: Greg McBride
Alternate Contact: Ed
In a word: EQUIPMENT. You name it, they have it or can get it. Tektronix, Intel, Data VO, HP, etc. I've seen it all and bought a lot of
it for myself. Lots of room to tum a profit on their stuff, even through they're selling on ebay now. They have an incredible supply of
printers and run a board scrapping facility much like GoldnWest. Tell them what you're looking for, ask to look around. If you want to
stick with gold plated Intel, they got it. If you want EPROMs, they got it. It's a bit difficult to get your foot in the door, so spend some
cash on something real quick and then let them know what else you want. They'll perk up when they see some cashflow coming in their
direction. If you check out ACP every odd month, these people have a huge display in the back lot right in front of their place. Lots of
goodies to look through at great prices, too! Scrap wire (18GA - 22GA) still in spools of several thousand feet available here from time to
time for $4 a spool. GREAT deal! If you take the time to dig around at the swapmeet, you'll find some great deals, particularly with old
equipment. I've found Hewlett Packard 1631D logic analyzers by the dozens here over the years. $25-$35 each, complete with pods,
leads, clips, etc....and WORKING. I've never purchased a non-working unit at this place to date. It's good stuff for great prices! I've also
picked up a lot of Intel gear as well - mostly vintage CPU/component evaluation units - for $10-$15 each. These are highly collectible
items worth hundreds each on ebay and the open market. It's worth your time to know these people.
PACIFIC SYSTEMS
1505 E MCFADDEN
SANTA ANA, CA 92705
TEL (714)541-4121
FAX (7\4)541-4858
Email: pacsys@deltanet.com
Type: Salvage Yard
Contact: Ivar
Alternate Contact: Paul Hom
Alternate Contact: (Herman - very cool warehouse guy)
This is a smaller outfit, but very useful if you're looking for specifc equipment. This place hascrazy hours of operation. I know they're
closed on Friday at 12 noon through the entire weekend. Show up on a weekday somewhere between lOAM through I I:30AM and go to
the back of the place (enter through the north-most rollup door) and talk to Herman (he's usually sitting at the desk in the back or pulling
something apart). Ask him if you can look around. He'll say, "yes." Now it's time to go dig in. Look around and have at it. It usually
takes some digging to find the treasures, but they're there.
This place used to be excellent for monitors (17", 21") NEC, SONY, SILICON GRAPHICS, etc. Then the government decided monitors
were hazardous waste product (you know, all the lead, phosphorous, etc) and Pacific stopped collecting these for resale, mostly. It's a
shame because the cost for a nice BIG working monitor was CHEAP!! Anyhow, on to what they DO have. Printers -tons of them. Big
ones, small ones, b&w, color. You name it, they probably have it or will get it sometime soon. Just a note, they sell their printers (and
used to sell their monitors) to a company listed below (AIItech) - you can see what this place sells it for then go to the other place to see
how much profit they're making...and they do this every day of the week. $$$ machine, man!!
So, if you're not in the market for a used printer, how about some test equipment or network equipment? I've purchased morc Data I/O,
Tek and Macintosh equipment from this place than I'll ever know what to do with. Did I pay much? Nope. $25 each for the Data I/O
gear, $20-$50 each for the Tektronix gear, usually $25 each for the PowerMacs. All easy to tum around and double, triple, ten times my
money back. You know thc drill. This is a wonderful source for Tektronix 1241 units - most paid was $25 each - complete with PODs,
leadsets and grabbers!! You can also find Hewlett Packard 163\ D logic analyzers and 165OOA, 16700A logic analysis systems for next to
nothing. I've never paid over $50 for any of these items. See what they go for on Ebay right now. I've even managed to find EPROM
programmers (the top end stuff) over here - Everything from the PSX 1000 and Unisite!Chipsite down to the lower end System 19 and
296 units -- everything under $75 ($25 for the lower end stuff). If you like Fluke, this stuff shows up from time to time as well •
everything from the 9010A to the 9100A and every imaginable accessory for these babies. The biggest equipment score here was a HP
1670D for $100. It was working and brought in some serious cash. Look at what these are going for - as-is, untested, etc. $U$
I once found a small box with over 10,000 Tektronix clips (grabbers) (the kind used with their logic analyzers). All of them were brand
new, still in their factory packages. I bought the box for $35. SCORE!!! If you know anything about Tektronix, you know what those
clips go for - especially when they're brand new still in the package. The deals like this are many and very similar. This is an excellent
source for used APC UPS units. I've picked up a dozen or so used 1250 SmartUPS units for $25 each - working!!
You just have to check this place out from time to time and see what they have. You'll have to make sure Paul or lvar is there when
you're ready to make a purchase. Herman's great and will hold stuff for you, but he can't make any sales - he's just the eyes and ears of
the place who keeps it running along. Make sure you get to know him as he's worth it. If you need something, he'll usually know whether
they have it or not and where it is.
46 Volume 8 Issue 3 - Fall 2006 Blacklistedl411
�SCRAPTRONICS
ONTARIO,CA
TEL (714)476-2420
Type: Salvage Yard
Contact: Dean
I've bought many items from this place, everything from computers and chips to equipment and wire. Excellent bottom dollar scapper.
The selection isn't as good as the bigger places above, but the prices are about 115thof the ones above. I've found working Amiga
Toaster 2000 systems for S20, Data I/O Unisite programmers for SI5, Data I/O System 298 loaded with extras for SI 0, etc. The deals are
awesome when they come along and this place is definitely worth the mention. You have to visit them a lot to find quantity. This place
has moved a lot over the years and I'm not quite sure where they're located now. The place used to be owned by Kevin, then sold to
Terry, then sold to Dean. Dean answers the number above and takes orders. Tell him what you're looking for and he'll help you. It's
really worth the call.
GLOBAL METAL RECYCLING INC
930 EAST WALNUT STREET
SANTA ANA, CA 92701
TEL (714)547-9079
FAX (714)547-4655
Type: Recycling Center
Contact: George
I wandered into this place one day just out of curiosity. From the outside, it looks just like any other recycling center; people bringing in
their cans, bottles and newspaper for n . Upon a quick scan of the place, I found that they had large bins full of 180A - 22GA spooled
wire - hundreds upon hundreds of spools (3000' - 10,000' spools). I asked around and found the guy in charge. His name is Geroge. He
quoted me a price of SO .35/1bon the wire which is GREAT. I bought a few hundred spools and spent some money for the day. This was
good stuff, too. Anyhow, I was able to sell the spools for much more than I paid, so I was happy.
The second trip was even more successful. I found more spools of wire, this time it was silver plated Tefzel military grade wire! How
much? SO.35/lb!! Needless to say, that was a killer deal! On another trip, I found a few gaylords (large pallet boxes) worth of scrap
circuit boards - most likely headed over to Gold'n West or Silicon Salvage. I took a quick look at some boards and found that they were
laced with 4116 RAM chips, 2114 RAM chips and tons of gold plated Intel 8080 circuitry and support chips. They wanted S2IIb on the
ceramic and plastic RAM chips and S25/lb on the gold plated chips. Done deal! Another purchase for boards cost me S2Ilb for high
grade! Not bad. Another trip, I picked up 200lbs worth of aluminum heat sinks (mixed, but brand new). I managed to pick 'em up a
scrap prices! Anyhow, I've bought from these people maybe a dozen times... each time was an excellent score and the price was just
right. Check them out.
A&M METALS INC
2301 W 5TH STREET
SANTA ANA, CA 92701
TEL (714)547-6507
Type: Recycling Yard
Contact: Steven Carr
This is a recycling center. You'll find a lot of people bringing in their cans and old copper pipes for scrap money. Ignore this. What most
people don't notice are all the cool items in the back of the yard. There are piles and piles of monitors (some working, some not), piles of
old Maclntosh (Apple liE, Apple IIC, Apple llgs, Powermacs, etc) computers worth taking the time to scrap for parts. I found a pallet of
brand spanking new KEC transistors from this place, the usual 2N3904I2N3906 - 10 crate boxes of each and a ton (roughly 15 crate boxes
of two different values) of surface mount transistors (I don't recall the part numbers) all for S100. This was an incredible find as the parts
were only 2 months old on the date codes and the parts sold like crazy once I had them. I made S30 a reel on the surface mount parts and
SlOper 100 pieces of the 2N3904I2N3906. I never sold all of them (I kept the 2N390412N3906 for myself after I sold a few crates
worth), but I sure made a lot off this single deal. I've found boxes of wire, boxes of new old stock gel cell batteries, boxes of brand new
motors and even metal cabinets with drawers for S20...really NICE stuff. I also found two of the most beautiful metal card cabinets I've
ever seen (they work great for storing tubes of chips) - for only SI0 each! These were easily S800ea new.
Somewhere along the way, the owner got wise to the art of electronics and computer scrapping and hired Steven Carr to take care of the
job. They are now a full on monitor recycling place and they scrap out tons of electronic equipment. If you ask for Steve, hc'Il show you
the circuit boards and other good stuff available. You can get good prices on EPROMs and other socketed components if you're willing
to take the time to pull the parts. Expect to pay S2Ilb on the high grade circuit boards, S4/1b-S6/lb for plastic/ceramic components you
pull from the boards. It's tedious work, but it's worth the money saved!
MARKETPLACE CLASSIFIED
ADVERTISING IS CURRENTLY FREE!
FIRST COME, FIRST SERVED
Blacklistedl411 Volume 8 Issue 3 - Fall 2006 47
� BG MICRO
555 N. ST II STREET surrs 125
GARLANI>, TX 75040
TEL (800)276-2206
TEL (972)205·9447
FAX (972 )205-9417
Email: bgmicro@bgmicro.com
URL: hllp:/lwww .bgmicro.com
Type : Retail/Catalog Sales
Contact : None
This is a very coo l place , l've done most of my purchases over the phone with them and boy have I obtained some pure gems from them .
They do a 101of salvaging and sell what we call "reconditioned" components - thai means they're socket pulls. They fully guarantee the
parts and the best part is thai on any given part you order, you could get plastic, ceramic, white ceramic, gold plated, etc - they only care
about the base part number. So. the idea is to ask them for the "gold" or "white ceramic" version of the intel 4004 or 8008 you've been
nceding so badly. l've ended up with loads of gold plated Intel chip s through them for less than retail, but more than my usual wholesale -
but it wasn't of any concern when I was able to immediately tum around and sell the m for hundreds of dollars per chip to those crazy chip
collectors. They may be out of 4004/8008. but you'll probably still be able to find a lot of highly collectible AMD/INTEL chips . Tell
them what you're looking for. Be sure 10 ask for a free catalog from them and download their PDF version to tide you over until the real
one arrives . They have a lot of excellent stock and a lot of sources for the parts they don't have in stock . They once had a pile of new old
stock Condor brand power supplies for old Cinernatronics arcade games . I believe they were $4.95 each . It was a killer deal conside ring
these arc impossible to lind anymore. They'll surprise you with their selection. Oh yeah, they're extremely friendly and BILL 3ll-day if
you're a good buyer .
ALL TECII ELECTRONICS CO
1300 E EI>ING.:R AVENUE 1#1>
SANTA ANA, CA 92705
TEL (714)543·5011
FAX (714)543-0553
Email: saleS@malhL..Ch.com
URL: hllp://www .malhech.com
Type : Retail/Surplus
Contact: None
This one is usefu l mainly tor Ihe material on their back wall. When they moved into the place, their back wall of the store was lined with
these containers (much like a IIUGE parts bin). In these containers are all kinds of connectors, components and hardware. They will sell
in bulk and give a great price, The more you buy, the better price you gel. I've found everyt hing from molex connec tors and crystals to
atari 2600/5200 cartridge connectors and LED's for less than pennies on the dollar. When you are in the neighborhood (RECOMP,
PACIFIC SYST EMS, ACI' SWAI'ME ET), take a momen t to check out ALLTECH.
3016 IIALLA UA Y STRE.:T
SANTA ANA, CA 92705
TEL (714)751-5476
TEL (714)632-5585 EXT 20 1
Email: ray@connectcomp.nct
URL: hllp://www .Cllnncet-comp.cmn/
EllA Y II): connect -comp
Type: Salvage Yard
Contact: Ray
This place has gone mostly EllA Y, but let me tell you about them. They have a wonderful selection of used com puter gear and
equipment. Check them out and find some great deals!! Here's their self-writeup: "Guaran teed low prices on qual ity used computers and
monitors. We specialize in selling only top brand used computer eq uipment like Dell, Gateway, Compaq, IBM, Sony, Viewsonic,
Mitsubishi, etc" So there you have it. I've found a lot of old Data I/O EPROM program ming equipment there as well. I have notieed that
they do not sell their entire stock on cbay. Thcy still have a lot of scrap to sort through. The scrap is where I always find my best deals.
I'ORT C IIAIN INUUSTR..:S INC
12785 MAG NO LI A AV.:NUE
RIVERSmE, CA
TEL (909)279.0819
Type : Salvage Yard
, Contact: None
I checked this place out two times right before I quit the entire collectinglbuyinglselling experience. While I have had no extensive
dealings with them, I found them to be a quite surprising source of excess inventory components and scrap computer/equipment deals.
They're 'a lillie standoff-ish, but they love money just like everyone else, so they'll sell if you tell them exactly what you want and don't
waste theirtime. h's worth a looksic , I know a lot of people who buy and sell monitors with this company. They've been thrilled with
Port Chain, so I am lead 10 believe they're OK to deal with.
48 Volume 8 Issue 3 - Fall 2006 Blacklistedl 411
�INFINITY RE·SALES
(BY APPOINTMENT ONLY)
2936 Lincoln Avenue PMB 13
San Diego, CA 92104
TEL (619)683-7949
Email: jeb inf@pacbell.net
Type: Salvage YardlSwapmeet Sales
Contact: Joshua Bailey
This one is interesting. While I have never made an appointment to see him, I find him over at the ACP swapmeet every other month. I
believe he shows up at the TRW swapmeet as well. Both of these swapmeets will be deseribed later - both excellent sources for great
deals. I've bought tons of stuff from Joshua. He's really easy to work with and he has great prices. The last deal was a pile of 50
Tektronix 1'6460 PODS complete with leads and a little over 1500 grabbers for $220. SCORE!!! Ebay selling price on these: $30-$60
each for the PODs, $20-$40 each for the leads. Grabbers sold for $35 per set of 10. $220 in and over $9000 out in a simple deal. I don't
think he sells anything on ebay, so his pricing tends to remain very reasonable (read: VERY LOW). Find this guy and tell him what
you're looking for. You'll get a wonderful deal. The deals are there, every time I see him.
JK ELECTRONICS
6395 WESTM INSTER BLV D.
WESTM INSTER, CA 92683
TEL (714)890-400 1
FAX (714)892-6175
Email: sales@ikelectronics .com
URL: http://jkelectroni cs.com
Type: Retail/Surplus
Contact: None
This is a retail store located in Westminster, CA. What's cool about this store is that they deal with a small amount of surplus parts and
equipment and there's always a treasure to be found. I've picked up everything from IC's for $5 a box, to connectors and switches for
about I/ Ioo'h of a penny each, to a box of 12 Fluke 9OIOA Microsystem Troubleshooters complete with dozens of PODS (8080, 6502,
6800, 68000, Z80, 6809) for only $50 for the entire package. At the time, these 9010A's sold for $300-$400 with one or two PODS
included. The'PODS sold for anywhere between $30-$ 150 each! Cha-ehing!!
When you first walk into the place, it looks like your average electronics store. What you need to look for is the surplus section on your
right. Make your way over there and look for the "good stuff '. If you don't like the price, walk up with the whole box and do a little
wheeling and dealing. For instance, they sold IMHz, 3.579545MH z (colorburst), 5MHz and 12MHz crystals (new old stock) in small
boxes which contained roughly 4000-5000 loose pieces each. Each crystal was marked at $0.25 each. I brought the boxes up to the
counter and walked out with them for only $25 a box!! Needless to say, this was a killer deal!
Anyhow, this one is worth a mention because quite frankly, I've made thousands off the items I've bought from this place. It's worth a
visit every now and again even though they don't have a huge supply of surplus like the big boys listed above.
ECSC (Electronics and Co mp uten Surplus City)
P,O, BOX 3148
REDONDO BEACH , CA 90277
TEL (800)543-0540
TEL (3 10)217-802 1
FAX (3 10)217-0950
Email: ecsc@cio.com
URL: http://www.eio. com
Type: Salvage/Surplus/Excess Inventory
Contact: Barry Gott
This place used to be my most favorite salvage yard to visit. In fact, I visited this place for over a decade, finding awesome deals every
single time I dropped in on them. They've shut down the yard, but they show up at all of the electron ics swapmeets every month. You'll
find them at ACP and TRW. They still have a lot of interesting items for sale. If you check out their website, you'll find all sons of
interesting items for decent prices. The real meat of this particular mention is BARRY (yes, a person). He's the owne r/operato r of ECSC
and he's one heck of a cool guy to know. He knows everyone in the business and everything about every company in the business. He's
what I like to refer to as the grandfather of electronic surplus. He's been around since the beginning and he's watched all the big guys stan
from scratch. If you want to know where to find something (and ifhe doesn't have it), he'll tell you where to find it.
Let me give you some history on this outfit. They used to run a BIG (and I mean, HUGE) salvage yard in Gardena, CA off of Artesia, A
picture of the old yard is on their website - boy, it brings back the memories. (sob, sob). Everytime I went to this place, they had junk
(and I mean, the good stuff kinda junk) piled 10 to 20ft high everywhere... and this was outside of the building. Inside was an incredible
selection, much like a well stocked electronic store, but way better. They had it all. Chips, caps, resistors, meters, motors, diodes,
rectifiers, transformers, connectors. wire, switches. Man, they had it all and then some! And none of this was scrap - it was all excess
(usually NEW) inventory at rock bottom prices! What the best pan was that if you brought out a big load oflet's say $25,000 retail value
worth of pans, waited to talk to BARRY and get a price from him, you'd walk out with the entire load for maybe $200-$300 at most. It
was too easy to spend money here. I still have pan s coming out of my ears from this place which I'll probably never use, but who cares.
A deal is a deal and this place had the deals like no other.
Back to the yard with the 20ft high loads of junk. I spenl a lot of time digging around in the yard. I found all sons of interesting scrap
items that I was always able to tum into profit. I suppose it was more of a field trip for me than anything else but there were some
treasures to be found in those piles. I found them, too.
Blackliste d l 411 Volume 8 Issu e 3 - Fall 2006 49
�Anyhow, sometime down thc road, they either lett the building thcy had or got the boot out of the bulding, I was never too sure on this
one. Either W:IY. Ihcy still showed up at thc swapmcets every month, so I still bought some stuff here and there, but not like when they
had the serap yard. Whencver I hit up the swapmcets, I always make it a point to talk to Barry. He's worth every second of time I've ever
spent with him. So, next lime you're at ACI', check out the SouthWest comer of the lot and you will find ECSC and probably Barry if
you look around. He's the bearded guy with thc hat. Ifhe doesn't have a deal for you, he'll tell you who does. Talk to this guy and if he
helps you. buy something from him. Iley, he's still got to make a living and infonnation is worth U$.
"UPDATp· At the timc of the writing of this article, Barry was alive and well. Unfortunately, he has since passed and his kids are
now running the business. Wc're all very sad to sec Barry go.
ORV AC ELECTRONICS
1645 E. ORANGETHORI'E AVENUE
FULLERTON. CA 92831
TEL (714)871·1020
Type: Retail/Surplus
Contact: None
Orvac is one the of the places I first explored in the 80's. I found this place to be quite exciting at the time. While they are a fully
stocking retail store, they also have a surplus section. Yes, it's gotten smaller over the years, but they still have one. They mostly have
connectors and switches in the surplus section. but from time to time other obseure items show up like transformers, displays (LCD, LED,
etc). 1 have bought many loads of connectors from these people for less than wholesale over the years. They have been a great backup
source since the day I first found out about them. Once upon a time, they used to sell grab-boxes, much like the ones Radio Shack used to
sell in the 70's _. but MUCII larger.. and only $1 a box. The amount of goodies was massive. Anyhow. check them out because they're
still useful and have the potential 10 make anyone some money.
SAV-ON ELECTRONICS
13225HARBOR BL VU
GARDEN GROVE. CA 92843
TEL (714)530-0555
Type: Retail/Surplus
Contact: None
This is another retail location who has a surplus section. What I find unique about this place is the amount of surplus flyback
transformers they manage to come up with. They buy from a souree (Electronics Warehouse in Riverside- mentioned below) for some of
the surplus Ihey sell. sometimes the prices are better than that of Electronics Warchouse. Either way. they have a good selection of
vintage parts for less than wholesale, This one rates a 4 out of a lOon my seale. but it's still useful overall.
FORD ELECTRONICS
8431 COMMONWEALTH AVENUE
BUENA PARK. CA 90621
TEL (714)521-8080
FAX (714)521-8920
Email: saleS@fordeicctronics.com
URL: hup://www.l(.rdck.etronie s.com
Type: Retail/Surplus
Contact: None
I've been buying from them from these people since the 70's. They have a full retail store intermingled with surplus parts. Just about
everything is a surplus part and entitles you to wheel and deal with them. I once picked up a load of roughly 15.000 thousand each of 7
different types of bridge recliliers. These each sold for $5+ retail at the time, but 1 paid less than SO.OI per piece. I've been selling these
off for S5-S20 each for the last 18 years and I don't see any end to my supply anytime soon! They have a section with old electronic junk .
too • I found a few items with Intel 4004 boards inside them- with socketed "gold" C4004 and support chips on each board. I paid $5 per
unit and walked away with a smile. There are still deals like this to be had at this place. They always talked to me about their
overstocked "warehouse" which I never made the time to make an appointment to visit. but it sure sounds like the place to be. I'm still
considering checking this warehouse out someday just out of curiosity (I'd be able to write about it. then). Anyhow. this place hassome
excellent deals on old parts- they have a BIG chip supply. so ask them if they have what you're looking for - it can't hurt.
BALL ELECTIWNICS
2960 W. BALL ROAU
ANAHEIM. CA 921104
TEL (714)828-1310
Type: Retail/Surplus
Contact: Larry
This one is a mom and pop operation which has been around longer than most electronic stores. I have mixed feelings about this place,
but they're worth the mention. They have a surplus section which takes up a good portion of their store- in this surplus section, they have
connectors. caps. diodes, switches, displays, sockets, serap cireuit boards, old junker equipment and hardware parts. It's really kind of
interesting. The guy who runs the place is a bit moody and his prices fluctuate in fact, he's downright difficult to hagle with, but I find
that persistence prevails with him. Just keep on top of it and he'll cave in eventually. I once bought a large pile of cireuit boards
(roughly 150 of them) from this place. Each board was riddled with piles of socketed logic. gold plated CPU chips, and RAM chips
(4116,2115.6116. etc). I paid SO.50per pound and walked away with another excellent deal. No need to haggle with him on this one.
lie said the price and I paid. I had no idea what I really stumbled upon until I looked everything over a week later. Come to find out, I
had picked up a pile of Ohio Scientific 500 and 600 series boards. You know. vintage computer boards which just happened to be highly
collectable. Score! They have a somewhat decent selection of old chips and vacuum tubes. Check them out.
50 Volume 8 Issue 3 - Fall 2006 Blacklistedl 411
� By radio....phreak
Right I am back by popular demand with a segment on rad io scanning, so I thought how about I write you all a guide with
some pointers? I am everyday discovering new frequency's in my local area (I live in south east England). With this article I
am go ing to show you how I personally find frequency's. You might have your own way that you find perfectly fine and by all
means don't listen to me that's fine but this works for me and I would like to sha re it with you . In this article I will give you
some small pointers on how to discover frequency's and traffic analys is. First a little explanation as to what traffic analysis is.
It sounds pretty cool doesn 't it? (well it does to me) but all it is, is at.the most basic level is leaving your scanner locked on 1
frequency to dete rmine what is in use on the said frequency. Some people prefer to go further in depth and go the whole
wack with spectrum analyzer plots and direction finding , my solution is very simple and 1 that everyone is capable of using
again you may think my method is no good and may want to develop your own method and that's fine as well .
How to discover the frequency's
First off you need to take a couple of things into account:
1. What exactly are you looking for? take for example airplanes, you know that it falls between 108-137MHz (AM) so you
know to search between them (Dont forget which mode it is as well listening to AM in NFM mode sounds weirdl)
2. The location, say if you are looking for a mall secur ity frequency, there is no point in trying to listen to a frequency 70
miles away when it's on UHF
3. What time do they operate from? Taxi's are 24fT however interstore comms will stop at the end of the business day or
it could even be a security firm or nightclub that only operate at night times
4. Are you suitably equipped? Your scanner might only cover 25 - 173 MHz and the frequency you are searching for may
be at 201MHz for example, so your scanner is next to useless. Are you using the right type of aerial? if not you may
want to upgrade it, the aerial that comes with your scanner is usually okish but they aren't great think about purchasing
or home brewing a Dipole or Discone .
5. Also bear in mind that some frequency's are not meant to be shared, say for example cash delivery guards because
by making that kind of thing public knowledge you may well have aided a gang in plann ing a robbery
6. Don't make it to widely known that you are a scanner I refer you to my previous article, if you have a radio license you
have more than enough excuse to be carrying all sorts of radio telephony equipment. If not you may find yourself
being asked some awkward questions.
7. As above, be discreet don't walk up to people and ask them what frequency they are on and don't be seen to be taking
to much interest in people 's radio equipment it seems to make them nervous
8. Cons ider investing in a close call nt or signal stalkernt equipped scanner this basically means you can sit there and
leave the close call running, any transmissions that pop-up your scanner will automatically tune into it and you can
either discard or take note of the frequency, they don't usually cost anymore than a frequency counter and the bonus
side of it is that you can actually listen to the frequency you have found automatically, excellent for long distance road
trips .
9. If you are operating from home, make your lair/pitiholelhomeJwherever as comfortable as possible. Consider getting in
a nice comfy chair , cheap food (Gloop) and someth ing to entertain yourself while you are waiting for something to pop
up. You may have to wait a while when you are scanning, just because you aren 't hearing or finding any new
frequency's doesn 't mean that they are not there, just means they aren't transmitting
10. Be prepared to share your finding 's you will find that once you have shared others will be more than willing to share
back (remember what I said about something's are not to be shared though)
Traffic Analysis Tips
1. Find the frequency you wish to find out more about in this list I will be referring to my local Port Control Frequency
2. First of all determine who is in control of the said frequency is there a clear call sign that says anything like control?
3. What call signs are in use on the frequency? To call the control at the port you call "Ramsgate Port Control" ships
usually identify themselves by there name , but there is also an ships international call -sign so that all country's can
identify ships uniquely (because sometimes ships names tend to be repeated amongst others)
4. What are the procedures in use on the frequency, say for example a secur ity company may try and task CCTV to keep
an eye on someone, in the local port to leave the port they say "Dover Port control permission to leave to the harbor)
determine procedures once a call has been put out
5. What CCTSS tones are being used? Are there alert tones that can be sent out if an officer or a ship is in trouble?
6. What mode are is the user using? NFM ,WFM,AM ,SSB ,USB ,LSB,DFM,ATV,SSTV,PSK31,RTTY?
7. Other things you may want to keep a track of are the times and the duration of the call, this can help determine internal
procedures such as perimeter patrol times , CCTV scans , shift change etc
8. Cons ider purchasing a hardware based or download a software based spectrum analyzer this can help you in
determining the frequency, any tones that may come up it can also help you determine what (if any) type of data is
being used
9. Don't be afraid to go online and ask for help because s times out of 10 you will usually find someone to help you and if
they don 't answer you or flame you then you are either ask ing the wrong people or they don't know themselves and
are trying to deflect any attent ion you have aimed at them .
10. If you have access to an S-Meter you can also determine signal strength , these are available from ham fests or retail
outlets .
Blacklistedl 411 Volume 8 Issue 3 - Fall 2006 51
�An example Traffic Analysi,s log may look 'sornethinq like this (it depends on your preference):
Frequency Mode Tone Known User Date Time Notes
156.7000 NFM None Ramsgate Port Control 08/2512006 16:34:06 Ferry to Ramsgate Port Control:R'Gate
Port Control ····spur Permission to leave
156.7000 NFM None Ramsgate Port Control 0812512006 16:34:47 Ramsgate Port Control to Ferry:
Permission to leave·
156.7000 NFM None Ramsgate Port Control 08/2512006 16:45:02 Ferry to Ramsgate Port Control: · · · · · spur
clear of the channel good evening and
good watch"
You get the idea anyway. It can come in handy to aid in the determination of traffic on a certain frequency (i.e. 1 that rarely
transmits if at all!)
Port of Ramsgate
Also don't forget as well there are some things that are not meant to be shared or mentioned (if listening to a frequency in
use by what seems to be intelligence or military) and some are meant to be shared. So there you have there are a few tips to
get you started. I hope that this kind of information helps you, Also don't forget most information about most thing's can be
found on the net with a little bit of research as many a good phreaklhacker knows research is very important so consider
buying literature on radio's and antenna 's. Also keep an eye out for my homebrew Sat TV dish hack in which I will show you
how to convert an old Sat TV dish into something usable with your 802.11 network or Bluetooth projects. I may also do some
equipment reviews in the future and eventually talk further about war tracking (the process of tracking and listening to
satellites) I will also talk about the INMARSAT's plans to abandon there constellation of INMARSAT analogue satellite's and
what that means for us in the global phreaklhacker community (basically that means there's a freebie for us all to use!)
Signing off
RadioJlhreak
MARKETPLACE CLASSIFIED ADVERTISING
IS CURRENTLY FREE!
FIRST COME, FIRST SERVED
SUBMIT AD AT WWW.BLACKLISTED411.NET
52 Volume 8 Issue 3 - Fall 2006 Blacklisted I 411
� !&gitech Harmony Remote Review
Written by: ThelnstallGuy
Today , I am going to give my personal review of the Logitech Harmony 676 Remote. I just purchased one the other
day, and am enjoying it so much, I figured I would share my experiences with it. The Harmony 676 is the middle to
high end remote . At the time of this writing, the cost was $149.00 CON. Currently , the Logitech web site is selling it
for about $229.00 CON, which is a little odd, but I will right it off to the web site not being updated. That being said,
let's get started.
How It Works: Quick and easy set-up by connecting the Harmony Remote to your home computer via USB.
Create an account on HarmonyRemote .com, and follow step-by-step instructions to tell us about your configuration .
It's as easy as picking your components from lists and supplying us with the component's model number. Download
the configuration to your Harmony Remote by attaching it to your Windows or Mac PC via the supplied USB cable .
Once your Harmony Remote is configured, it can control your entire home theater system with one button press!
Using Activity buttons labeled "Watch a Movie", "Watch TV", "Listen to Music" and "More Activities", your
Harmony Remote can send all the right comman ds to your entertainment system without requiring you to program a
macro.
Controls all brands and device types
The Harmony Remote has access to the largest online database of devices. This means that it will support all brands of
Televisions, Projectors , Monitors, Amplifiers, Stereo Receivers, Audio/Video Switches, Channel Decoders, Cable
Boxes, Satellites, Digital Set Top Boxes, Video Recorders, VCRs, PVRs, TVNCR Combos, DVDs, DVD Recorders ,
Laserdisc Players, DVDNCR Combos , CD Players, CD Jukeboxes, Digital Music Servers , Game Consoles, Mini
Systems, Comp uters, Microsoft Windows XP Media Center Edition PC, Laptops , Tape Decks, Light ' Controllers,
Minidisc Players, DATs and more! There is even a specific activity for the Harmony Remote that integrates
your Microsoft Windows XP Media Center Edition PC with your entire entertainment system.
Packaging: Enclosed in a nicely put together package is the following:
Harmony® 676 remote control
3 changeable faceplates (Metallic Blue, Metallic Red, and Silver)
USB cable
Installation CD
Installation guide
4 AAA batteries (DuracellJ )
Limited I year repair/exchange warranty from date of purchase
You can be guaranteed to receive everything in the package. There is no way anything can be removed from the
plastic tray insert. This tray holds all components and is sealed on all four sides. If it has been cut open and put back
together , you will know. All in all the packaging is good. It did take me 5 minutes to get into it, but I knew everything
was there.
Setu p: The instruction manual was pretty well laid out. The instructions were simple to follow and there was even a
small chart included that allowed you to write down all of your devices before you start programming the remote.
Blacklistedl 411 Volume 8 Issue 3 - Fall 2006 53
�For the sake of this article, I decided to follow the directions to the letter in order to deliver a fair analysis of the
process. From the start, everything went as expected. Put batteries in the remote and locate devices you wish to
program into the remote. There are clear examples of what info is needed from any device you may want to use and
the chart is large enough to actually read what you write down.
To the computer! At this point, the rest of the configuration takes place on your computer. My installation was on a
Windows XP machine, but Mac is also supported from the same CD.
Minimum Requirements: Win 98SE/ME/2KJXP, IE 4.0 or better 10MB HOD space, and an internet connection.
Mac: OSX Only, Safari 1.0 or better, 10MB HOD Space, and an internet connection. The program is located here: cd!
Harmony Remote/Software.mpkg
The first difference I noticed was that the instructions asked me to plug the USB cable into the remote and the PC
before inserting the CD.. Usually we are confronted with the oversized yellow sticker "DO NOT plug in device until
software is installed .. ...you nOOb". However, I said I would follow the instructions . To my surprise, no new found
hardware wizard .....sweet! The device was just installed as stated in the manual, as a Human Interface Device. I
imagine Windows 98 and ME users would be forced to dig their Windows CD's out of the closet.
Ok, so I am on page 6 of the instruction manual and all is going well. At this point, I am asked to insert the disk into
my PC. Now, the reason I even bring up this point is I am expecting to be ravaged by pop-ups that state that "this
software has not passed Windows logo testing". To my surprise, I receive no such warning. For those of you counting,
that's twice my assumptions have been wrong. Kudos to Logitech so far for a well put together installation package.
The software did install without issue in about 25 seconds. After the installation completed, the instructions state that
the computer mayor may not reboot. Mine didn't. Instead, I was immediately redirected to a web page that wanted me
to upgrade the software I had just installed. In addition, another window opened and wanted me to start the
configuration process . From here the instruction manual is useless and a little confusion ensues.
Instinctively, I want to upgrade the software first. Clicking the upgrade button opens a third window identical to the
configuration page that is already open. Ok, I guess we are configuring the remote first. The online configuration
wizard is nicely laid out and easy to read. No sooner than I click next, the upgrade page shows up. The instructions
state that the program will be upgraded and the remote will be flashed with a new firmware upgrade. The upgrade
started with no issues, but 5 minutes in, the installer is frozen and the computer is locking up .. .REBOOT!
Strangely enough, I feel I am in a familiar place. New software, new product, Windows crashes, but in the interest of a
fair trial, we will move on and try again. Looking back in the instruction manual for the reboot after installation part, I
found the link used to gain access to the Harmony Remote page; http://www.harmonyremote.com. Upon my second
visit to this site, I am prompted to create an account. Now, I do remember seeing this page earlier, but was pushed
passed it to upgrade he software and firmware. The account page is pretty straight forward and allows you to leave out
certain personal information that you may not want to share (Nice to see our privacy is important to some companies).
At the end of the form is the always present "Would you like to receive special offers from so and so", No spam for
me, thanks!
~lrVine Underground
Located in Orange County, California
Irvine Underground Organization
www.irvineunderground.org
54 Volume 8 Issue 3 - Fall 2006 Blacklistedl 411
�After this point, I was again prompted to upgrade the software and firmware. This time the upgrade went 011' without a
problem . I had the curr ent software and firmware downloaded and installed in about 3 minutes. From here. I was led
to a page that asked for all my devices I wished to use. I entered the information exactly as it was on each device (I
did use caps and dashes where needed) , clicked next and moved on. The sol1ware had recognized every device as I
had entered except for my TV set top box (Motorola RG-2400). At this point. I was asked to retrieve the remote and
place it 1-2 inches away from the bottom of the Harmony remote. Aller pressing a few buttons when instructed, I
think there was 4 buttons to press), the Harmony remote had learned every facet of my Motorola remote .......again,
Sweet!
From here, all that was left was to answer simple questions about how I used certain devices and what channels and
receiver settings I used . Lastly , I was told to press the save button and test the remote with all devices. Everything
worked perfectly! I did not have to perform any tweaks or reprogram any devices back into the remote. It just worked
as it was supposed to.
Life Since Setup: It has been about a week since the initial setup of the Ilarmony Rcmote and all is well. There have
been no instances of pulling out an old remote looking for a certain feature that is not on the new remote . In fact. I can
even program all of my Dolby and FX features from my receiver on the LCD of the Ilarmony Remote . At this point
and time, I can honestly say that I will never go back to a multiple remote situation.
The remote its sclfhas proven to be durable as well. There have been a few occasions where it has hit the floor with a
good thump and has shown no signs of damage at all. The LCD screen is bright and easy to read. There arc also 6
buttons on either side of the screen that allow lor more advanced settings to be changed. I was also impressed with the
way the lettering on the buttons is done. It appears that they are all screened below the one that is in constant contact
with your fingers. If I am correct, I would tend to believe that the numbers and letters will nol fude on the remote,
increasing its longevity.
Conclusion: My bigge st problem with the Harmony 676 Remote is the sol1ware installation, Don't get me wrong, I
do understand the need for updates and fixes. I would hope that newer software will be included in future packaging.
In the very least, I believe Logitech should refine the web interface to not have 2-3 windows open up with different
instructions. To the average user, this creates a mass amount of confusion.
All in all, I believe this unit to be an incredible addition to any home thealre user, regardless of the price . I give it a 9
out of 10.
Pro 's: Great feel and look - not heavy or bulky
Easy to read buttons and the backlighting (glow feature) covers all buttons
Over 80,000 IR Codes and a seemingly unending list of devices
One touch control to tum on all devices relating to a task
Cons: Flakey installation software (at least for now)
Expensive
References:
How it works section - content by Logitech http ://www .harmonyremote.com
Direct link to Harmony 676 - http://www.logitech.com/index.cfm/productsldetailsharmony/CA/EN.CRID=2084.
CONTENTID=95 I I
Picture is courtesy of- http://www.harmonyremote.com
BlacklistedI 411 Volume 8 Issue 3 - Fall 2006 55
�·
URBAN EXPLORATIONI Phone obsessionsI Pointless 6.500 MHZ CRYSTALS $4 a piece, 50 for $115, 100 for
conversation! And a slight chance of hacking! It's Doug TV $200. Add $3.00 for shipping. Send checks to C. Wilson, P.
baby http://www.dougtv.org O. Box 54348 Philadelphia, PA 19105-4348
LOCKPICKING101.COM Open forum discussion to educate COIN-QP VIDEO ARCADE GAMES. Parts, boards, and
yourself and others about lock picking and lock security. empty cabinets available for your projects. Cabinets
INFOSEC NEWS is a privately run, medium traffic list that available for $75. C.J. Stafford, (301)419-3189.
caters to the distribution of information security news articles. THE BLACK BAG TRIVIA QUIZ: On MSDOS disk.
These articles will come from newspapers, magazines, online Interactive Q&A on bugging, wiretapping, locks, alarms,
resources, and more. For more information: http:/twww.c4i. weapons and other wonderful stuff. Test your knowledge of
orglisn.html the covert sciences. Entertaining and VERY educational.
I'M RAFFLING my original APPLE-1 computer I have no use Includes catalogs of selected (no junk) shareware and
for it anymore so I'm giving anyone who wants a chance on restricted books. Send $1.00 for S.25 disk, $1.50 for 3.5, plus
owning a piece of history all I ask is for a one paragraph letter two stamps, to: MENTOR PUBLICATIONS, Box 1549-W,
telling me why you would want my computer, and $2.00 cash Asbury Park NJ 07.112
or money order to: MY RAFFEL, 567 W. channel lsi. Blvd. ANARCHY ONLINE A computer u e In oard resource for' "
Port Hueneme CA, 91341 suite 416 anarchists, survivalists, adventurers, investigatorS)
HACKER STICKERS Geeks, Coders and Hackers get our researchers, computer hackers and phone phreaks.
stickers, shirts, hardware and caffeine from Scheduled hacker chat meetings. Encrypted E-maillfile
hackerstickers.com exchange. WWW: hhtp:/Ianarchy-online.com Tel .
TRUE TAMPER·PROOF Security Screw Removal Bits. The rchy-online.com Modem: 214-289-8328
super tone kit includes: T-10, T-15, T-20 & T-25. Complete ~;;;:~!"f'I:ii?iit'"nfE':i~~~~ft~;;;-,~-=~1-:':
AC P ET ne excr Ing oar g~m~ in
set for $19.60. TOCOM 5503 bit $8.95. TOCOM 5507 bit which 2-4 players race to complete a hacking mission.
$19.95. Zenith PM/PZ-1 bit $10.95. Jerrold Starcom bit Please send $3.00 check or money order payable to CASH.
$19.95. Pioneer (oval) bit $23.95. Oak Sigma (oval) bit Hand-scanned 99XX exchanges in 516 AC. Included may be
$23.95. Security Screws available. Tamper-Bit Supply Co. data kit modem numbers, WFA/FA, SSCU, TSAC(SCC),
(310)866-7125. CO#'s, etc. Send $2.00 check or money order payable to
HIGH·TECH security/survival books/manuals: Computers, CASH and specify exchange. "MCI-Style" Phone Patrol hats
Internet, Phones, Energy, Physical Survival, Financial, Law, are now availablel Just $18 check or money order payable to
MedicallRadionics, Mind Control, Weird/Paranormal. Free CASH. 2447 5th Ave, East Meadow, NY 11554.
Online Catalog at: Consumertronics.net (PO 23097, ABQ, ATTENTION HACKERS & PHREAKERS. For a catalog of
NM 87192), or $3 hardcopy (USA/Canada, $7 foreign). See plans, kits & assembled electronic "TOOLS" inclUd ing the
display. RED BOX, RADAR JAMMER, SURVEILLANCE, COUNTER
HOME AUTOMATION. Become a dealer in this fast growing SURVEILLANCE, CABLE DESCRAMBLERS & many other
field. Free information. (800)838-4051. HARD-TO-FIND equipment at LOW PRICES. Send $1.00 to
TIRED OF SA TEST KITS with marginal or inconsistent M. Smith-02, P.O. Box 371, Cedar Grove, NJ 07009
performance? 21st Century Electronics and Repair VOICE CHANGING ACCESSORY. Digital voice changing:
guarantees peak performance with 4D-pin processor kits. male to female, female to male, adult to child, child to adult.
New, more flexible program with additional features puts Use with any modular phone. 16 levels of voice masking.
others to shame. Price $49 each or 5 for $233. 1st time Connects between handset and phone. STOP THOSE
offered. (404)448-1396 ANNOYING TELEPHONE CALLS! Sound older and tougher
FEDERAL FREQUENCY DIRECTORYI Kneitel's "Top when you want to. Not a kit. Fully assembled. Use with
Secret" registry of government frequencies, New 8th edition. single or multi-line phones. 30-day refund policy. Ask for
268 pages! FBI, DEA, Customs, Secret Service, BATF, free catalog of our products. VISA/MC ok. Xandi
Immigration, Border Patrol, IRS, FCC, State Dept., Treasury, Electronics. 1270 E. Broadway, Tempe AZ 85282-5140. Toll
CIA, etc. & surveillance, bugs, bumper beepers, worldwide Free order line: (800)336-7389. Technical Support: (602)
US military, 225 to 400 Mhz UHF aero band, Canadian 894-0992
listings, & more! Ultimate "insider's" directoryl Standard MAGENCODERS.COM Manufacturer of the World's
reference of law enforcement, news media, private security, Smallest Portable Magnetic Card Reader & Point of Sale
communications industry & scanner owners. $21.95 + $4.00 Data Loggers. We also have Magnetic Stripe Reader/
shipping ($5.00 to Canada). NY State residents add $2.21 Writers, Smart Card Loaders & Copiers, etc... (407)540-
tax. CRB Research Books, Box 56BL, Commack, NY 11725. 9470
Visa/MC welcome. Phone orders (516) 543-9169 weekdays UNDETECTABLE VIRUSES. Full source for five viruses
(except Wednesday) 10 to 2 Eastern. which can automatically knock down DOS & windows (3.1)
TOP SECRET SPY DEVICES Home of the Worlds' Smallest operating systems at the victim's command. Easily loaded,
Digital Voice Recorders and Spy Cameras. We stock many recurrently destructive and undetectable via all virus
items including: Transmitters, Bug Detectors, Audio detection and cleaning programs with which I am familiar.
Jammers, Telephone Recorders, Lock Picks, Voice Well-tested, relatively simple and designed with stealth and
Changers, Keystroke Loggers. www.spydevicecentral.com victim behavior in mind. Well-written documentation and live
(305)418-7510 antidote programs are included. Priced for sharing, not for
HACKERS '95 THE VIDEO by Phon-E & R.F. Burns: See making a ridiculous profit. $10.00 (complete) on six 1.44MB,
what you missed at Defcon III and Summercon 95! Plus, our 3.5" floppy discs. Money orders and checks accepted. No
trip to Area 51 and coverage of the "CyberSnare" Secret live viruses providedI Do NOT ask. Satisfaction guaranteed
Service BUSTS. Elec Cntr Measures, HERF, crypto, and or you have a bad attitudeI The Omega Man. 8102 Furness
more! Interviews with Eric BlookAxe, Emmanuel, and others. Cove, Austin, TX 78753
VHS 90 min. Only $25 - distributed by Custom Video 908- NO SOUND ON PREMIUM CHANNELS? It will happen
842-6378. sooner or later on your Jerrold DPBB-7 Impulse. Ask
EUROZINES AND OTHER CULTURAL HACKER ZINESI A Manhattenl Soundboard brings the sound back. Best sound
one-stop, cutting-edge mail-order source for over 1,000 titles. fix on the market. Easy to install soundboard $24.95. Easy
Beautifully illustrated 128-page catalog includes: alternative/ to build soundboard schematic, parts list and common chip
fringe science, conspiracy, Forteana, sexuality, computer number $34.95. Send us your unit and we will install the
hacking, UFOs, and much more. Send $3.00 to Xines, Box soundboard for $59.95. SOUNDMAN, 132 North Jardin St.,
2qLB, 1226-A Calle de Comercio, Santa Fe, NM 87505. Shenandoah, PA 17976. (717) 462-1134.
56 Volume 8 Issue 3 - Fall 2006 Blacklistedi 411
�SINGLE DUPLICATION OF CD-ROMS Send your CD and HACKERSHOMEPAGE.COM - Your source for Keyboard
$25 and you will receive your CD and an exact copy. Want Loggers, Gambling Devices, Magnetic Stripe ReaderlWriters,
more than one copy? Send a additional $15 for each Vending Machine Defeaters, Satellite TV Equipment,
duplicate. Make checks or money orders Payable tolMail to: Lockpicks, etc...(407)650.2830
Knoggin, 582 Merket Street Suite 616, San Francisco, CA I-HACKED.CqM is a hardware hacking based website and it
94114 currently looking for articles! Membership is limited to
CB RADIO HACKERS GUIDE! Newl Big 150 pages; contributing members, so come and share your knowledge
pictorials, diagrams, text. Peaking, tweaking and modifying with other hackers around the world. Topics we are currently
200 AM and SSB CB radios. Improved performance, extra looking for include: DVD "Dual-Layer" Firmware hacks, CD-
capabilities! Which screws to tum, which wires to cut, what RW / DVD+/- Speed Hacks, Video Card Hacks, Motherboard
components to add: Cobra, Courier, GE, Midland, Realistic, Hacks, IDE Card / Raid Hacks, Xbox Hacks, Playstation
SBE, Sears, UnideniPresident. $18.95 + $4 S&H ($5 Hacks, cell phone tricks, or anything else you might have.
Canada.) NY State residents add $1.96 tax. CRB research, Check us out @ http:/twww.i-hacked.com
Box 56BL, Commack, NY 11725. VisalMC accepted. Phone ADD A CONVERSATIONAL USER INTERFACE to your
order M-Tu-Th·F, 10 to 2 Eastern time. (516) 543-9169. web site or Windows-based software applications with
NULL MODEMS - Download laptop: or upload to your pc the Foxee™, the friendly interactive arctic blue fox agent
easy way! w/ direct connect, or (DOS 6.1) Customized setup, character! In the real world not everyone who navigates your
no bulky adapters, MAC or IBM compatibles. Send $18.95 for web site or software are expert hackers, and some users
6ft cable, specify 25 or 9db ends, custom ok. Instructions need a little help. Foxee is a hand-drawn animated cartoon
included. P.O. Box 431 Pleasanton, CA 94566 (510)485- character that will accept input through voice commands, text
1589 boxes, or a mouse, and interact with your users through text,
A TO Z OF CELLULAR PROGRAMMING. Programming animated gestures, and even digital speech to help guide
instructions on over 300 phones in a software database. them through your software with ease! Foxee supports 10
Also back door and test mode access instructions for all the spoken languages and 31 written languages. She can be
popular models; manufacturer's contacts, system select, lock/ added to your software through C++, VB6, all .Net
unlock info. Just $59.95. Orders only: (800)457-4556, languages, VBScript, JavaScript, and many others! Natively
inquiries: (714)643-8426. C.G.C. compatible with Microsoft Internet Explorer and can work with
GAMBLING MACHINE JACKPOTTERS We offer a Mozilla Firefox when used with a free plug-in. See a free
complete range of gambling products designed to cheat demonstration and purchasing information for Foxee at www.
gambling machines as well as other games. Our products are foxee.net!
designed to demonstrate to gambling machine owners the DO YOU WANT MORE underground information? Are you
vulnerabilities of their machines. Our product line consists of ready to go to a whole new level of knOWledge? Then you
Gambling Machine Jackpotters, Emptiers, Credit Adding need to check out "Binary Revolution" magazine.
is a
Devices, Bill Acceptor Defeats and Black Jack Card Counting printed hacking magazine put out by the DDP that covers
Devices. Please visit www.jackpotters.com hacking, phreaking, and other assorted topics from the
KEYSTROKEGRABBERS.COM Manufacturer of discreet computer underground. For more information on the
keyboard logging hardware. Our devices capture ALL magazine, forums, HackRadio, HackTV, or any of our other
keystrokes on a computer including user name and numerous projects, come to www.binrev.com and join the
password. PARENTS--Monitor your child's internet, e-mail, revolution. "THE REVOLUTION WILL BE DIGITIZED."
instant messaging and chat room activity. EMPLOYERS-·· TUNE IN TO CYBER LINE RADIO on the internet, on the
Monitor employee computer usage compliance. Employees USA Radio network. We can be heard Saturday Evenings
will spend less time browsing the internet and sending e- 9:00 pm to 12:00 am (Central). Heard Exclusively On The
mails if they are being monitored. EXECUTIVES & SYSTEM USA Radio Network & Via The Internell We discuss
ADMINS--detect any unauthorized access of your PC. If Technology, Space, Hacking, Linux and more. For more
someone uses your computer after hours, you will know. details meet us at www.cyber·line.com.
(305)418-7510 BLACKLISTED MEETINGS will begin in Greece as the new
HACKING, PHREAKING , computer security and education year arrives, They will be held every 3rd saturday of the
on the First Tuesday of every month in the Detroit area. month and they will begin at 7pm. Meeting point will be the
Meeting is at 7pm at Xehdo's cafe in Ferndale. Bring your centre of Athens at the metro station Panepistimio by the
open mind and positive attitude. fountains . Also check the webpage www.blacklisted411.gr.
I WANT TO OFFER my playstation 2 game burning service. A+ CERTtFIED TECHNICIAN offering cheap repairs in
Any game that you would like for a back-up or just for fun. Or Louisville Area. Will make house calls or take home with me.
maybe that Japanese game that just won't be out in the I do everything from virus and spyware removal to t
United states for a few months.. I have bundles that you can networking. Send an email to alanb6100@gmail.com with
choose from if you want handfulls depending how much you your name and phone number as well as a description of the
order. the games are $25 each IPLEASE NOTE THAT YOUR problem. Also I have Gmail invites available for a reasonable
PLAYSTATION 2 NEEDS TO BE MODOED I ALSO HAVE price. Louisville area only unless you want to Western Union
THAT SERVICE BUT YOU CAN ALSO GOOGLE SEARCH me some moneyI Thanks!
FOR PREMODDED SYSTEMS TO BUY. EMAIL IF YOU SELLING USED HIRSCH SCRAMBLEPADS that retail new
HAVE ANY QUESTIONS AT ALL. for around 500$ for your best offer! They are for very high
ACCUSED OF A COMPUTER RELATED CRIMINAL security places, every time you press the START button on
OFFENSE IN ANY CALIFORNIA OR FEDERAL COURT? the keypad it randomizes the digits so that any onlookers
Consult with a semantic warrior committed to the liberation of cannot find a pattern in the digits you press. Also, you cannot
information specializing in the defense of alleged see the numbers from the side, so for anyone to see your
cybercriminals, including but not limited to, hackers, crackers, code they would have to be directly behind you. Email me for
and phreaks. Not a former prosecutor seeking to convince more information. guiltyspark414@netscape.net
defendants to plead guilty, but an idealistic constitutional and WANTED: FEATURE FILM JUNKIE who can access up-to-
criminal defense attorney who helped secure a total dismissal date FAX numbers for hot agents and/or producers &
of all charges in Los Angeles Superior Court for Kevin directors. My objective: to bring to their allention my action-
Mitnick, who was falsely charged with committing computer- thriller script. Can pay by the hour. (909)275-9101
related felonies in a case with $1 million bail. Please contact HI, MY NAME IS RICK. Me and my friend Rob where looking
Omar Figueroa, Esq., at (415) 986-5591. at omar@aya.yale. for a low cost rackmount server one day to use for a web and
edu or omar@stanfordalumnLorg, or at 506 Broadway, San mail server that we could have racked at a local datacenter,
Francisco, CA 94133-4507. Complimentary case consultation Not finding anything real cheap we decided to start our own
for Blacklisted 411 readers. (Also specializing in medical company building fast cheap servers for you also. www.
marijuana and cannabis cultivation cases.) All consultations cheaplu.com was born. Menlion this ad and get 10% off any
are strictly confidential and protected by the attorney-client server order. Also since I am the owner, if you mention this
privilege. ad buy 10 servers and I will throw in the 10lh server for freel
Blacklisted I 411 Volume 8 Issue 3 - Fall 2006 57
� Interested in meeting up with some of the Blacklistedl 411 readers? . We will list all hacker meeting information that is
provided to us. We will list "Blacklisted! 411" only meetings as well as "independent" meetings open to all.
Califomia Minnesota
(949 Area Code) - Irvine (612 Area Code) - Minneapolis
Extreme Pizza - 14141 Jeffrey Road, Irvine, Ca. 92714 - Spyhouse coffee shot at the corner of 25th South and Nicollet
Meeting is not Blacklistedl 411 specific. The meeting date Ave. Look for the Blacklistedl 411 magz on the table.
may change from month to month. For specifics, check here: Last Friday of the month, 5:00pm - 8:00pm
www.irvineunderground.org Hosted by: Thea DeSilva
Hosted by: Freaky
HewM.
ColorGdo (505 Area Code) - Albuquerque
Winrock Mall - Louisiana at 140.food court. east side doors
(719 Area Code) - Colorado Springs under the security camera dome.
DC719 - Hack the Rockies. Meetings held on the 3rd Sat. of First Friday of the month, 5:30pm - 9:00pm
every month. 8pm-11pm @ Xtreme Online, 3924 Palmer Hosted by: Mr. Menning
Park BLVD
Hosted by: DC719 POC: h3adrush
Texas
(303 Area Code) - Centennial (713 Area Code) - Houston
We meet the first Friday and third of every month at 5:00pm
In front of Rocfish on Westheimer/Kirkwood. Last Sunday of
at the Borders cafe on Parker in Arapahoe Crossings.
every month. 7:00pm till close.
Hosted by: Ringo
Hosted by: Muel1oChongo
Aorida (915/325 Area Codes) - Blackwell
John's Detectors. 501 W. Main St. Third Friday of every
(407 Area Code) - Orlando month. 7:00pm until...? For more information. visit our site at
The computer room in the Grand Reserve Apts. at Maitland www.johnsdetectors.com
Park Hosted by: Wirechlef
Last Friday of the month, 12:00pm - 1:30pm
Hosted by: Whisper
Wyoming
Georgia (307 Area Code) - Rock Springs/Green River
White Mountain Mall-Sage Creek Bagels. The last Friday
(678fl701404 Area Codes) - Duluth or every month from 6:30pm until 9:30pm.
Meetings are the first and third Tuesday of every month, in Hosted by: Phreaky
the cafe of Frys Electronics. They start at 6:30 until we get
kicked out, and then continue elsewhere. Visit our site at
www.HackDuluth.org and sign up on the forums to receive Mexico
emails about the group. (666 Area Code) - Tijuana, B.C.
Hosted by: P(?)NYB(?)Y Cafe Internet, Calle 12, Felix M. Gomez #844, Col. Libertad.
In back room by payphone. First Friday of the month,
Illinois 5:00pm to 8:00pm
, Hosted by: Tom
(217 Area Code) - Urbana
• Espresso Royale Caffe. 1117 W. Oregon St., Urbana, IL
61801. At the corner of Goodwin and Oregon, across the
street from the Krannert Center fQr the Performing ' Arts.
Every second Friday of the month, 8 PM
Hosted by: r3tic3nt (r3tic3nt@gmail.com)
Iowa
(515 Area Code) - Ames
ISU Memorial Union Food Court by the payphone. First
Friday of each month, from 5:00pm onward.
Hosted by: Omikron
SUBSCRIPTIONS AVAILABLE ONLINE
WWW.BLACKLISTED411.NET
SUBSCRIPTIONS AVAILABLE ONLINE
58 Volume 8 Issue 3 - Fall 2006 Blacklistedl411
���