Monday, March 10, 2008

Talking with your dial up modem

Written by
Xtreme Great
(for k0r0pt)

::=::Introduction::=::

Have you EVER wondered about controlling your dial up modem with your own two hands and ten fingers? If not, then it is the right time to plug in your telephone wire in your modem port, and get started in an adventure, that you’ll never forget.

Well, that was the starting lines of some dumb TV serial. This one is way more than a sucking adventure.

::=::The modem::=::

The modem, as we all must know, is a device that is used to connect to the Internet. You connect your telephone line in the modem port, start up some dialer, and dial right to your ISP, and hurray, you’re connected to the Internet, and you start wondering what to do next.

In this article, it is good to start thinking how all this dialing and stuff takes place, because that is what this entire article is about.

The modem, like any other thing connected as your peripherals is a piece of circuitry and nothing more. Well, it’s a bit more than that, if taken into consideration, its uses. The connecting to the Internet is the most obvious use today, but in olden days, it was used in other purposes as well. One would be, well, to chat. You dial to your friend’s telephone number, and that is connected to his computer. He accepts the call, and you two start chatting with your keyboards.

::=::The working::=::

The modem accepts what we call commands. I have been dying to know about the details of this thing. After a lot of research, I could figure out a lot about this piece of shit I checked out the device manager on a windows machine, where querying the modem was supported. I built logs from the queries, (whose option was available there. So, don't get heralded over how I did it) and got into the details of the commands there. I tried to interpret all the details from the conversation between my OS and my hardware and figured out the following:

Every command started with the alphabets AT, except for the abort command, which is a simple character return <cr> (ASCII character 15).

The modem responds as follows:

<cr>RESPONSE<cr>

And best of all, the modem can be directly controlled from your programs, if you know which port it resides in. Also, you’ve got to know a bit of programming (How do you think you are going to program, if you don't know it?), and most importantly, the commands relating to the modem. At the end of this document, I have appended a small basic program, which demonstrates how you can use the modem directly from your programs.

AT Initialize the modem. I have also seen ATZ here.

ATM1 Turns on the modem speaker

ATH# Hang up the modem. The # is a number. Don't know its purpose. Seen a 0 there, while reading about the ATH0 DoS.

at#ud Enable diagnostic info

ATDT###### Dial a number. #es being the phone number. A blocking signal can be given to the modem, if a *67 is refixed to the phone number. Don't know what it does. The T in the end specifies that dialling is to be done in tone mode. If the T is replaced by a P, then the modem will dial in pulse mode.

ATL# Set the loudness of the modem speaker. Hash being a number. 5, prrobably, the loudest.

<cr> Abort some given command. Typically useful in hanging up, when already dialing.

-----Unresolved commands-----

Well, the following are the commands, which I was unable to figure out:

AT&FE0V1S0=0&C1&D2+MR=2;+DR=1;+ER=1;W2 ATS7=60S30=0L2M1+ES=3,0,2;+DS=3;+DS44=3;+IFC=2,2;X4

at+vcid=1

ATS0=0

::=::The program::=::

The key to control the device is to treat is like a port. In my machine, it is on the COM3 port. In your machine it would be something else. To know which port it is on, just check out your device manager in windows. In case of Linux, it would be in the /dev folder. I don’t know much about it in Linux. My modem is not supported in any distro, and I had Ethernet connectivity, so I didn’t think much about it.

I give a simple basic program here. You can make the same program in any language, if you understand how I am doing it here. Just use the device port as a file.

To compile and run it, just get quick basic(windows) and Free Basic(windows and *nix) from somewhere, and get started. This one here is to dial in to a computer only. To make a full fledged chat program, you need to spend about half of an hour. I leave that on to you. The following program is for Windows. You can infer that because I am using a COM port.


CLS
PRINT "Opening a path to your modem..."
OPEN "COM1:9600,N,8,1,RB7048,TB7048" FOR RANDOM AS #1
PRINT "Please enter the phone number you wish to call"
INPUT PhoneNumber$
PRINT "Talking to your modem..."
PRINT #1, "ATDP"; PhoneNumber$
PRINT "There you go, pick up the phone and talk! Or type something out"
PRINT "Press the ESC key to hang up!"
DO
LOOP UNTIL INKEY$ = CHR$(27)
PRINT #1, "ATZ"

I have used Pulse Dialing, as my telephone line didn’t support Tone dialing. If your line supports Tone dialing, do that. It’s faster.

::=::Epilogue::=::

This concludes the end of the article. If you have any doubts, I’d be more than happy to help you. Just leave a comment. If you like that, leave a comment, and that will help me write more interesting articles like this. If you don’t like this, leave a comment, and that will help me correct my mistakes.

Sunday, March 9, 2008

A Unicode chart generator

Written by
Xtreme Great
(for k0r0pt)

For those of you, that want a complete unicode chart, well why not just generate your own, that will have all possible unicode characters. Here goes a simple C program, that will generate an HTML file showing all unicode characters that can be.

#include<stdio.h>

int main(){
unsigned long i;
printf("<html><head><title>The complete character chart"
"<body><font size=13>");
for(i=0; i<=65535; i++)
printf("%ld: &#%ld <br>", i, i);
printf("</span></body></html>");
return 0;
}

Make this file and then execute it from the command line. While execution, just pipe out the output to an external file, say ucc.htm. This will generate a 1.16MB html file. If you don't know how to pipe out the output to a file, just leave a comment. This html file will contain all possible unicode charaters. If it shows question marks or Boxes, just change the encoding to Unicode(UTF-8), as directed in the previous post.

This however shows abnormal behavior after 8238, in the sense that the numbers are written from right to left rather than left to right. That is after 8238, comes 9328. Read that in the other direction. In many, the character is written first and the number after that. I believe this is caused due to some cr or lf or something.

Before I finish, I'd give one more advice. Don't get freaked out, if your browser stops responding. Instead wait for some time. It will get okay. It's doing that because of the huge size of the file, that it normally doesn't encounter in normal cases. Happy unicoding...

Saturday, March 8, 2008

The character power unleashed

Written by
Xtreme Great
(for k0r0pt)

Introduction


The ASCII characters were invented, to give the world a way to write. But, soon it was realized, that a more vast and varied character set has to be incorporated, in order to meet the needs of various scripts around the globe. So, the UNICODE came into picture.

Tech details

Whereas the ASCII character is one byte long, the Unicode is two bytes long. That means, where the ASCII can store 256 characters at max, Unicode can store 65536 characters. This gives enough space to incorporate all the possible characters in any language.

More details


Here, I shall use Unicode characters to display some bangla characters. If you don't see them or see some boxes or question marks, try changing the character encoding of your browser to Unicode (UTF-8). In Firefox, it will be under the View menu. In Internet Explorer, it will be in the right click menu.


আমার নাম সুদীপ্ত

That of course means, my name is "you know what...". Now I am not going to tell you how I did that. If you really want to know, check out the page source. All I can tell here, is that I directly used the codes for the characters. You can possibly create any kind of character using Unicode. Just use your imagination. You of course, do need to have the Character chart. You can print, say, chess characters, or even a chess board, using Unicode.















So you see, Unicode gives us the ultimate power needed to write anything we want.


For Programmers

Unicode has been utilized in programming languages as well. The wide character functions like wprintf(), wscanf() etc would carry out operations in wide characters, of which Unicode is the most prevalent type. I won't go into details of those here. It will a long one that way. If you really need to know, just Google it out. You'd find answers. In Windows, Unicode is supported in many applications. All browsers of present day are Unicode compatible. So the next time you need to write out something regional in your program, do use these functions.

Epilogue

Well, that's all folks! Happy Unicoding.

Sunday, March 2, 2008

The ATM card



Written by
Xtreme Great
(for k0r0pt)
(no copying please)

Disclaimer

This document is for informational purposes only. I do not condone any form of fraud or deceit or any exploit carried out as a result of this document. So, I cannot be held responsible for any act carried out by you or the consequences thereof. Use this document to learn. To explore and not to exploit. And beware if you land doing any shit with this, you're gonna land your ass in trouble. And also remember, that it is the case with banks, so if you do something really stupid and serious, the cops will definitely ram your ass. Better look out.

Introduction

How often, in your life have you thought about cracking into someone's bank account? How much have you wondered about the infinite possibilities of doing so. How deep have you delved into the sea of "possibilities"?

I'm going to tell you one aspect of the securities of bank accounts in present day life. Remember, NOTHING is foolproof. Everything can be broken. In today's world of cyber banking, nothing is safe. There is no security. No privacy. Everything is publicized, without of course, the prior knowledge of the VICTIMS. We expose our information, every time we buy something from the Internet, or give our Credit card numbers. What is the guarantee that the credit card database won't be cracked? There is no guarantee. There is only HOPE, and trust me, HOPES never work out. So, the end users are the ultimate losers.

In this post, I'll shed some light on ATM card hacking.

ATM's are the most widely used cash money machines around. They'd handle thousands of transactions every single day. A single card holds the key to all of your money. And that card is protected by only one key - The PIN, and that too is only 4 digits long, and if we'd calculate the permutation, there are only 10^4 possible combinations, which can be cracked "very" easily, provided we have the card. Now, how the fuck would someone crack the PIN from a card, you may ask, and I say, why not? Broaden your point of view. The answer lies right in front of you. You're not noticing it though. Every magnetic card, in today's world, works on a single basis - Magnet. Magnets are all around - in your hard disk, your cassette tapes, your DATs, your Floppy disks, Your Debit card, your ATM card. Not only is it possible to read out and crack PINs from ATM cards, but also, it is possible to MAKE your own ATM card, with a card writer, which is of course quite costly. Now, we'd delve a bit more deeper into the world of magnetic cards.

But before I go any further, I'll assure you that there are thousands of other articles out there, that will tell you the same thing. I will only tell you what to do to do what they say, in addition.

Techstuff

All the magnetic cards have what "they" (the makers) call tracks. Tracks are nothing, but tracks (don't ask me again), of magnets that contain data. There are three standard tracks. Track one, track two and (you guessed it) track three. These tracks contain different kinds of information.
The information is stored in different formats. But first, I'd tell how to read all those 1's and 0's from the cards. After all, that's what we're upto. These 1's and 0's are our business... When we read a card with a card reader (when I say card, I mean magnetic card, so don't get confused again) we get voltages. High voltage obviously means a 1, and low means 0. These voltages would be produced due to electromagnetic induction. If you don't know what this is, try googling it. After this, you'd get some voltages. When you stripe your card against the read head (I used a tape player read head. Search for them, and you'd definitely get one around. If not, try going to some radio shack store), remember that in the ATMs, the card get read, when you pull the card outside, not when you push it inside. So, if your magstripe is facing upwards and away from you, you stripe it right to left. Here, you'd get two types of frequencies. Remember, when I mean frequency, I mean the width between two waves, that you'd get, not the height of the waves, which is the amplitude. The frequency for a one, will always be double the frequency for a 0. Thus, we can read either of the three tracks. But how do we know which track we've read? The positions of tracks is standardized, with respect to the edge of the card.

As you can see the positions of the three tracks, with respect to the edge of the card, you can easily construct a card reader, and start reading your card right away. Now, we get to the nitty gritty details of the hardware and software parts. This is where the Computer comes into play.

The Hardware

For the hardware part, as I already said, all you need to get is a card reader, lying around somewhere in your basement or something. Then solder that thing's end terminals to a copper wire and attach it to a mono jack, that can be inserted in your computer microphone slot.

The software

Assuming you've got the hardware, Let's leap to the software. There are two ways for all hackers, when it comes to softwares. Either fetch some software made by some other person, or make your own. Well, the former is the case with most of the people around. But believe me. The true hacker, will go to every nitty gritty detail of everything, spend night after night, reading out man pages, and make the software him/herself (in case there are female hackers around). With the details I've given and that I am about to give, anyone could build that program to read magnetic stripes and dig out information. There are two ways. Either you make a microphone reader program, or you can make a program, that will read out a wave file, that contains the information of the card recorded in it, and give out the information.

Getting back to the main discussion, the magnetic card does have three tracks, the tracks have information coded as 1's and 0's. Now we get to interpreting those information. There are two standard formats used to encode data on cards The ANSI/ISO BCD Data Format and ANSI/ISO Alpha Data Format.

You must find the information regarding these standards yourself. C'mon if I give you all the details, what would you do?

The last two tracks are encoded by the BCD format, and the First one, by the Alpha standard. The second track is generally used to store information regarding the account thing. The first track contains information about the owner's name. The densities and number of characters per track are:

1st track: 210 bpi 79 characters
2nd track: 75 bpi 40 characters
3rd track: 210 bpi 107 characters

The 3rd track is generally, rarely used in any type of card. These standards also apply to all sorts of Credit cards, Debit cards, Metro Cards and whatever cards you can imagine. The deviation from the standards can also be there in particular case, for example, in case of Hotel room cards, that give you access to hotel rooms.

Epilogue

Well then, that's all the information I could give you. It's not enough, but still more than enough. Happy exploring, and remember not to do anything stupid. Till next time...