8460342QZOPLVSNF-7512 EKCI 92,59,17,28,03 Blacklisted! 411 introduction for those ofyou who are new . .... Who we are... and we re.. . exclusively passed around by modem (unofficially on paper) and disks were still being released at this time . The question often arises on the SUbject of, "How did it all start?" in reference to our magazine and it's history In . June of 1987 marked the end of Blacklisted! 411, the hackers response to this popular question, here is a quick history monthly . The last disk based magazine (# 46) was distribute d lesson of Blacklisted! 411 magazine, including names, dates that month . Since all of the original crew were finally out of and little known facts which have, thus far, been hidden away high school and onto college, work and the biggerlbetter for years... things in life, nobody had the time or inclination to put any effort into the disk based magaZine anymore. The once Blacklisted 411 magazine dates back to October 1983 with a thriving Blacklisted! 411 group broke up and people went group of friends from a Southern California high ,school that their separate ways. Naturally , it was assumed that this was shared a common interest. They were all deeply interested in the end and Blacklisted! 411 wo uld never be resurrected in their Atari, Apple and Commodore computers , electronics, any form. sciences, arcade games , etc. They built projects, hacked into various things, made their own programs, came up with In the summer of 1993, one member (and the original editor- grand ideas and tried to make them into some sort of reality . in-chief), Zachary Blackstone, felt it was time to revive the The group started a month ly hackers "disk magazine " (an Blacklisted! 411 concept, but this time do it as a print early form of what is now known as an e-zine) called magazine . It was extremely diff icult to get started because 'Blacklisted 411, the hackers month ly'. This may sound the 9rouP was no more and he was alone. He was the only strange today but circulating information on disk was the best one of the original group members remai ning that had an way to get it out (at the time) without all the cool toys we take interest in bringing the hacker group and magazine alive for granted today. There was no internet to utilize and nobody again . With some money. the will to make it happen, top of had printers which could print anything other than plain text the line (at the time) computer gear and page layout (and didn't even do that well). With a disk based system , text software, Blacklisted! 411 was reborn . Blacklisted! 411 files, primitive graphics/pictures, and utilities were fairly easy Volume 1, Issue 1 was released in January 1994. Blacklisted! to distribute and it could be copied by anyone who had a 411 was finally BACK. The issues were released monthly and compatible computer. At our peak, at least 150 disk copies distribution was small . Regardless, the related user meetsof the disk magazine were sent into the public , were packed I The interest in the magazine was great. After though there is no way to know how many were copied by a year passed, it was decided to try a quarterly format in an others. effort to increase distribution . During that year Zachary managed to get in contact with many of the old group Eventually modems caught on and the magazine was membe rs, most of whom which are active staff members distributed through crude BBS systems . Using the power of a even today. Commodore 64, a Blacklisted! 411 info site, which anyone could log into without handle or password , was created and In 1999, what was to be the last issue of Blacklisted! 411 operated. It was a completely open message center . Using (Volume 5, Issue 4) was published . It was unknown at the X-modem or Punter file transfer protocols, one could time, but many pitfalls would ullimately cause the demise of download the latest Blacklisted! 411 files or read/leave the magazine. Officially, it was dead as a doornail. After 4 "messages' which later became known as a "message base" years of regrouping and planning , Blecklisted! 411 magazine and has evolved into what are now commonly known as was resurrected yet again.. "newsgroup postings" or "forum postings" . There was only one message center, no email capability & only 1 phone line. To date, Blacklisted I 411 is one of the oldest group of Primitive, indeed. Effective , however . hackers still remaining and releasing gathered and compiled informa tion within the hacker community and the mainstream Around 1964, the purchase of a 9 pin dot matrix printer that community as well. Hanging onto the very same hacke r could print basic graphics was entered into the mix. mentality and code of ethics from the 80's , Blacklistedl 411 Printing out copies of the Blacklisted 411 monthly and stands apart from the rest. Their ideal is that hacke rs are not copying them at the media center at the high school became thieves - they're curious people who are the makers and the new "experiment". The media center staff graciously shakers of the technology sector . They're not elitist hackers allowed the production of these copies free of charge which by any means and believe that no question is ever a ' stupid" was very cool at the time . The copies were passed out at the question . Old school hackers and newbie hackers alike, local "copy meets" (an interesting phenomenon of past Blacklistedl411 caters to you. times - hordes of computer users would meet at a predetermined location and setup their computers with the What' about now... sale purpose of copying software and exchanging this software with each other) . Piles of the magazine were left Community anywhere and everywhere people could see them. One The last two years have been an exciting time for the staff popular location was next to the Atari Gauntlet and Gauntlet and crew over here . We have become extremely active in II arcade games strategically located at 7-11's all over the the hacker community . As we are based in the Los Angeles place. It's been a longtime myth that people photocopied area, we have built relationships with the loca l Hacker groups those original copies and then those were photocopied, etc. such as LA2600, S02600, twentylhreedotorg, Irvine There's no telling just how many gene rations of early Underground and many others. We have been attending and printouts of Blacklisted! 411 monthly made it out there . sponsori g Hacker Conventions and Conferences such as n the Layer One Conventi on and the ever popular Oefcon. You Years went by and Blacklisted! 411 evolved . The short life- can find us attending these conventions regularty. We span of the printouts was both a great success and a usually run a vendor booth at these events and we make miserable failure. No matte r where they were left, they were available our wares - subscriptions , back issues, t-shirts, taken - and taken quicklyl The feedback was awesome in hats, stickers and other SWAG . We also provide several that people wanted more . The interest was very high, but the "convention only" promotions such as the Apple IPOO give- inability to meet this growing demand was completely away we held at OefCon 13. Our give-away was a big hit. overlooked. The plug was officially pulled on the printout We 're planning on attending OefCon 14 this year and we'll be experiment and distribution through diskettes remained the holding our own private catered receptio n for subscribers and norm. It was really the easiest way to go at the time . The supporters . Additionally, we'll be handing out membership Blacklisted! 411 info site grew into a 2-line system. This was cards with all new subscripti ons this year. Whatever you do, a big deal in 1985. By that time , information was almost be sure to check out our booth first, you'll be glad you didl 4 Volume 8 Issue 2 - Summer 2006 Blackli sted I 411 Magazine Development First and foremost is the local chapter of the Ronald A major effort has been made to increase our exposure to the McDonald House . Many people have neve r even heard of hacking and information security community . Our distribution this place, but nevertheless, they're a wonderful bunch of goals for the magazine was to break lOOK copies distributed peop le who offer an amazing service to those less fortunate each quarter sometime in 2004 and we far surpassed our families who have a child in the hospilal.. ..they offer a place goal within our timeframe.. To date, Blacklistedl 411 has a to stay and a hot meal- for FREE (or a very small donation if circulation over 200,000 copies per issue. Based on orders you can afford ill . We've donated many items to help their from distributors and sell through, we're doing excellent in the cause because we really believe in it. One of our favorite marketplace. Additionall y, we have been seeking and hiring donations was the 200 some odd small children costumes we freelance writers, techs, photographers , and editors to supplied them with to give to the children around Ha llow een. increase the quality and scope of the magazine . We've also If you have children of your own, maybe you can appreciate been promoting the magazine outside of our community to this place a little better. Blacklisted! 411 Magazine bring in cross-over readers . wholeheartedly supports the Ronald McDonald House mission and their programs. Merch and ising I SWAG Additionally , we've donated heavily to the Westminster Parish We now have a whole series of Blacklisted! 411 themed Festival , specifically with the intent to help support their youth swag and merchandise . This currently includes stickers and programs and special classes for the mentally and physically apparel, but will soon include posters, a new DVD, gadgets handicapped. The festival they operate is much like a small and technology ... ..whatever our creative minds can come up carnival with rides, food, drinks , and entertainment. They with. Ideas and suggestions on this subjeel will be accepted also run a huge raffle which is right up our alley as far as and appreciated . lending a helping hand goes . We've been able to supply them with some unique and stunning prizes for the children Charities who attend the festival. Prizes you wouldn 't expeel to win for People generally believe that hackers are awful scum- a cheap raffle ticket. sucking low life degenerates not fit to inhale the air they breathe . This idea has been pounded into the heads of Our hope is that we were able to brighten up the day tor people repeatedly by the mainstream media . Not necessarily some children , maybe even a family or two .. ..and help our because they're evil-doe rs, but more likely due to the fact that community at the same time. they simply have no idea what hackersare or what we're all about. Of course , we also donate to EFF andother hacker-friendly groups . That really goes without saying, right? They think we're an uncaring bunch of thieves. They couldn't be any further from the truth. Hackers do care. In fael, they Closing tho ughts probably care more about the things that really matter than Let's start our closing thoughts by mentioning that we're your your average Joe does. friendly neighborhood hacker magazine. We 're one of the team players and happy to help people. Please don't feel Blacklisted! 411 is owned and operated by real people who that you cannot approach us. care about things aside from hacking. No, really. In the spirit of helping people and organizations outside of our community So, if you have questions, comments, articles. ideas, by offering real support, not only have we done a good deed, suggestions. have a business proposition or wish to offer but we've demonstrated our philosophy at it's core level. We support in some way, please contact us and let's see what want to help. As such, Blacklisted! 411 Magazine has we can come up with. Thanks tor your support , hackers I officially donated to several local charities in an effort to achieve this goal. Blackhste d l411 Volume 8 Issue 2 - Summer 2006 5 Letterfrom Zachary Blackstone, editor-in-chief. .... Welp, this makes another issue late to print and late to the Many have been asking about the Hack the System DVD newsstand. It seems like there's a never ending supply of and if we're still doing it. In short, yes. The long of it is excuses which printers and distributors have avai lable at that we're dealing with more serious issues and we've any given moment in time, most notably when WE need slowed down our work on the DVD itself. Most, if not something. Oh , I don't know, like getting paid, maybe? all, of the footage has been shot and the product is in post Or how about having our issue printed? I'm still waiting production now. There's no set ETA for this product, but for this one : "My dog died" . Close, but not yet. we hope to have it ready by Christmas 2006. Yeah, so I won't name any names, but needless to say, Given that approximately 99% of our Q&A letters had to I'm a little perturbed right about now . Regardless, no deal with nothing appealing enough for print, I decided to matter what the setback, we're going to keep publishing axe the Q&A section for the summer issue. I know, I issues as long as the readers still want them . know. What a bummer. People complain about these kind of crap letter so we won't publish them anymore. If So, what's new for this issue? Well, we've streamlined you have some serious questions for print, please send the magazine on just about every level which ultimately them in. We'd be happy to answer them in print. means more hacking and less crap. I'm sure that's what you wanted to hear, right? Good . That's what we like. What about the online magazine? Again, little to no support from the community, so the project has been put It appears that we had a little bit of trouble with the on indefinite hold until we decide what to do about it. We shipment of our last issue with the release of our 2006 made it six issues in, the whole time asking for support. membership card. We tried our hand at bulk mail, using a What'd we get? Tons of praise, little support. The idea is service provider and it blew up in our face. Seems that wonderful in theory, but it doesn't seem to work in many of our subscribers didn't get their issue along with practice. We're not giving up on it yet, just rethinking the their membership card. Figures. Anyhow, Alex took the idea before we try a second go at it. situation head on and replaced the missing issues/cards. If by some chance you 're still missing your issue along So, we're planning on being at Defeon this year . Hope to with the membership card, fire off an email to see you there , HACK THE SYSTEM. subscriptions@blacklisted4 1I.net and let us know . - Editor "I Can't find your magazine in my local bookstore" Are you having trouble finding our Magazine? Believe it or not. this still happens from time to time. Even though we're the #1 distributed hacker magazine on the planet, there are stillmany stores who have not yet made the move to carry our title, It's possible they simply don 't know about our magazine. This is where your help comes into play. There are a few ways you can get our magazine into the store in question . Ifyou're in a place that doesn 't carry our magazine and you'd like to see it there in the future, do one of the following : 1, If you're not sure if the store you're in carries our magaZine, ASK THEMI They might be sold out or they may have hidden the magazine in a spe cial section or behind other maqazines , Those pesky anti-hacker type drones might be hidrngthem. If they do not carry our magazine , tell the store manager that you would like to see this magazine in their store in the future. Our ISSN is 1082-2216. Give them this number and tell them they should call their magazine distributor(s) to obtain the title. Make sure you let them know how disappointed YOU'd be ifthey didn't stock them or "forgot" to at least call and TRYto get them in stock. 3 If that fails, you can give us their addre ss and phone number and possibly a contact name . We willhave the cha nce to call them and convince them intocarrying our wonderfulmagazine. Overall, the best way to get a store to carry our magazine is for you, their customer , to bug them about it until they finallydo something about it. Second to this is going through us. While we have no way to force their hand . we can strongly suggest to them the benefits of stocking our magaZine. In the meantime, you have alternative options to get our maga zine in your hands : Subscribe to our magazine We don't share our subscriber list with anyone. Further our subscriber information is . , isolated from the internet, so there's no chance of it being disclosed . Take a look in Tower Records , Barnes & Nobles, Borders , Bookstar, Hastings, Books-A-Million or B Dalton. They usually have our magazine in stock. Ifyou can 't find it. ASK THEM. Borrow a copyfroma friend - make sureto return it when you're done. Of these, s ubscribing is the best way to ensure you get your copy of each issue as they are made available. This can be done through regular mail or by visitingour website . It's very easy to obtain our magazine if you really want it. Blacklisted! 411 Magazine P.O. Box 2506 Cypress, CA 90630 6 Volume 8 Issue 2 - Summer 2006 Blacklistedl411 Scann i ng the U.K Hi I am radio_phreak . I am a scanner here in the UK and am going to explain a little about scanning here in the UK and how with a little bit of creativity it can aid you in your social engineering applications . A little background on myself. I have been into scanning for 2 years now and have generally avoided the scene for a number of reasons :- 1. Why draw attention to yourself and your activities? 2. I find a number of people on the scene steal your ideas. 3. Why should I share my knowledge when people are going to claim it as there own? 3. I am shy I am not going to tell you exactly how to do all the techniques. My aim is more to put the idea into your head and point you in a better direction . This will allow you to discover all the information and exploit in your own way. If I were to tell you how to say, install yourself into a trunk and you did that, not only would that make you a criminal it would then make you the radio phreak equivalent of a script kiddie. By all means ask questions , play dumb online , even if you know what you are talking about just to confirm your knowledge but do not just copy people's work. The contents within this article are for educational and information purposes only. If you choose to use the techniques or idea's in this article and are dumb enough to get caught doing anything illegal, it is not my fault. I am just sharing my knowledge because I don't believe that any 1 person should have absolute knowledge and who knows, I might even be wrong and someone else can help me I am in no way responsible, Consequently, Inconsequently or directly any damageslloss of earnings or anything remotely possible as a consequence of misuse of the information given. In the UK the Wireless telegraphy act of 1949, states "It is illegal to receive broadcast's for which you are not licensed for." Which basically means in a nutshell: No listening to boats, airplanes, taxis , police, ambulance's, fire brigade (which we can't do anyway because they have all moved to TETRA , read later on in the article). Basically the only things you are allowed to listen to are broadcast radio, amateur radio (how boring) and PMR 446 which isn't really interesting but doesn 't stop a lot of people . This is an old and outdated law which originated in 1949. There have even been calls to see scanners banned all together! A few years ago man who shall remain nameless for legal reasons was approached by 2 reporters working for a nationwide TV channel here in the UK Basically he spilled his guts to the channel who then broadcast it. As a result this has led to all sorts of things changing . It has also been suggested that (not by me) spilling his guts. Helped the police push their new communications system, which has 128 bit encryption which is basically uncrackable . Here in the UK the Police, Fire Brigade and Ambulance service can no longer be heard via a normal scanner they are all on a scheme called airwave (http://www.airwaveservice .co.ukl) it is run buy G8M mobile phone provider 02. This is basically a Tetra based system (Tetra stands for TErestrial Irunked RAdio). It is highly encrypted and so far no programme's or even solutions have come even close to cracking it. The encryption algorithm changes hourly. I personally believe it may be many years before a crack is found. Tetra is far superior to UHF analogue in that it allows multiple users on to a single frequency (AKA Full Duplex Conversations) . The people in the control room have the option to announce all units' broadcast or just to speak to an individual officer . In addition to these features with stolen equipment: the control room can lock it out of the network and switch on a GP8 unit allowing 8 Volume 8 Issue 2 - Summer 2006 Blacklistedl411 them to track the unit down. One of the advantages of tetra is that it allows GPS and data packets performance wise it offers GSM like performance without the GSM based costs. The Police were on analogue UHF using Motorola PMR equipment and communicated privately with their control room via GSM Nokia mobile phones. This was found to cost more than the implementation cost's and radio channel hire therefore Airwave was rolled out. There have been rumbling's inside the police however, about a number of things. First it does not have the reliability of GSM and UHF analogue based radio (because it's new and because its all Computer based) also the police do not own the communications infrastructure for Airwave which means 02 UK can cut it off at will. This is being implemented over the next 2 years with all Forces expected to be on airwave by 2007 with some Forces remaining on MPT1327 Trunking schemes until then. So what reason is there for us to carry on scanning in the UK? Well, for people who are performing security evaluations on a company, you can determine the building's security frequency. This kind of thing can be use to gather all sorts and can and aid you with any social engineering projects you have going and I will explain how. Consider this, when you are listening to security for a building or area you may wish to enter you can establish the security's patrol time's any internal codes and inside talk patrol locations. You can also gather information on procedures , l.e. what there action is on shift swap. Armed with this information you can do all manner of things . You can create a false intruder alert, drawing security away from the area that you wish to enter. Alternatively if the security guard has to radio your arrival to control someone from your team can then either answer the call or jam it. The problem with this type of solution is that if the control hears your friend or team member answer the call they will instantly know something is wrong causing them to immediately become suspicious. It all seem's a little too techy and mission impossible like, but I tell you its actually great fun! Remember all these things can be bought up on a security evaluation. There are all manner of different techniques and methods you can use radios for . Here's one I tried that worked. I tried this on my own camera system and must say was surprised when it worked. Remember, if you have a hunch or a gut feeling then act on it. Consider this; wireless camera's also emit radio signals as well. These can fall anywhere from 900 MHz to 2.4 GHz range. With the aid of a palm top or laptop and the appropriate software you can find wireless video signals like War Driving (it's better known as War Spying). So you can evaluate camera positions and blind spot's, which is the sort of information again that can be raised during a security assessment. With the right sort of equipment you can gain all sorts of information whether it is encrypted or not (which means you be able to impose your own signal over it) this is the kind of thing that can be bought up when white hat's have been tasked to perform a security evaluation of facility's . Equipment wise you are looking for 13cm and 23cm ATV receiver and transmitters . The 13cm radio ham band actually covers 2.3 GHz to 2.5 GHz. You can also get transmitters for this band. Which with the aid of a DVR you can record footage and later play it back on the frequency with more wattage and a half decent aerial (Like a Yagi or di-pole) Just bear in mind yagi is very very directional and di-pole proved all around coverage you could even hack a satellite TV dish with a cantenna or something similar I personally use an umbrella dish or a di-pole all of these antenna's can be homebrewed you may be able to wipe the original signal out and replace it with your own again aiding your entry into the building, if you do not like the thought of purchasing these item's there are a number of website's with schematics for the 13cm ATV receiver and transmitter, personally I prefer to buy them for a number of reasons • If they Break I can send them back and get a replacement, saves time with a o'scope and stuff • I know it has been tested before it is released for sale therefore I know its going to work under pressure. • Sometimes I can't be arsed to sit there and play and tweak things. I lose my temper with things really easily (Which is why most of my equipment is broken) Blacklistedl411 Volume 8 Issue 2 - Summer 2006 9 A few tip's for anyone visiting the UK and planning on scanning. After the appalling and cowardly attacks on the London Underground on the 7nl2005 we in the U.K are in a heightened state of alert (And quite rightly so) below is a few tips for most of it is common sense but here they are anyway. • Don't walk up to any official looking person, or in fact anyone with a radio and ask "What channel are you on" because people don't take to kindly to that • If you are coming into the U.K with a scanner don't arrive with pre-programmed frequency's because scanner's will generate a lot of interest both with Customs , the Police and Special Branch (The Anti-Terrorist Branch) and they will make a note of any frequency's you may have pre-programmed . • Be ready to be searched the Police have the powers here if you are suspected as a terrorist to hold you without detention for a period of 40 days which can be extended where needed and until they see fit to release you. • Don't fiddle with anything like scanners in your coat pocket at official events or in tourist locations because I can almost guarantee you, you ARE being watched and you will be approached by the police and lets face it where terrorists are concerned its better to be safe than sorry. Remember also, the UK is a very small country, so that makes surveillance very, very easy. You Have Been Warned! A little advice. I have done this in the U.K and it might also be a good idea's for any Social Engineers to get yourself a radio amateur licence. You might think well why should I? sod the government and all that blah. Well think of it like this, if you get caught in possession of radio's and TNC's (Terminal Node Controller) and all sorts you have got a genuine reason. You are a radio ham experimenting with different ways of using your radio to the max and simply explain you are a licensed amateur and you are more than within your rights to be in possession and using the equipment. This has got me out of trouble in more than one incident I tell you and sure beats a jail sentence and a fine doesn't it? You don't have to do it, but it is an excellent way to cover your ass, it is also advisable to transmit on the Ham bands as well every now and then who knows perhaps you might even enjoy it! For more information on getting licensed go to http://www.arrl.org/.By becoming a Ham as well not only will it not raise suspicion when purchasing equipment, it also opens up equipment that is not normally available to just normal people. Remember also "illegal use" of your equipment can lead to confiscation of equipment and maybe even prosecution . A set up at home, my EGHQ (Evil Genius Headquarters as my fiance calls it) is in my home, I have all different manner of equipment I will list all them all here and there uses and covert aerial's. Scanning wise I have a Realistic Pro-2042 and a UBC278CLT both linked to a commercial desktop discone style antenna which provides coverage from 50 MHz-2000 MHz (not that I operate any lower than 140 MHz anyway).The 278 is there to listen to local traffic. I intend to modify it so that it has a discriminator output (for more information on discriminator output's go to http://www.discriminator.nl/index-en.html). I can then link it up to AIS software called "Ship plotter" and create real time marine radar. My Pro-2042 is basically used to monitor everything else. I do have plans to buy an Opto Trakker allowing me to decode DTMF, CTCSS (so I know the correct tones for when I plan to create a false radio message during a security assessment) it also decodes some Motorola trunking systems. In the very near future (as time and money allow) I intend to link the Pro-2042 to a computer so I can use a VOX recorder so I can listen into stuff while I have been away. I also have been writing a database in HTML and intend to run this on a small computer with a touch screen (available off of eBay for next to nothing). Using this alongside my scanners to allow me rapid access to my information, sure beats searching through thousands of print outs doesn't it? Transmitting wise I have 2 Jingtong handheld radio's capable of transmitting 137-174 MHz and 400 to 470 MHz linked to a small dipole hidden behind a drain pipe (which aids in keeping my EGHQ secret). I also have a marine band radio but I don't use it to transmit because those frequencies are monitored by the coastguard and they have D.F (direction finding) 10 Volume 8 Issue 2 - Summer 2006 Blacklisted! 411 equipment and it's more of a hobby thing anyway. Don't forget to carry with you a good amount of mobile equipment as well because lets face it who really wants to lug a car battery around with them? Remember you are a social engineer, not a criminal and there is nothing wrong with LEGITIMATE system exploration. It's when you use your knowledge for gain that you become no better than a script kiddie. To Summarize • Always look for bargains on eBay, at ham technical sales and retail outiets . Remember commercial products are always best because they are tested and have a warranty should they decide to stop working • Be careful when learning i.e. if you have installed yourself into a trunk don't walk down to the place and start talking to them • Remember 1 of Murphy's law's if it looks to good to be true it usually is so don't get cocky. • Experiment, Experiment, Experiment by all means look for information on the net and learn it. Who knows perhaps you will discover SOmething new. • Be prepared to share knowledge . • When asking questions in online groups, act dumb you will find people will provide more information if they think you are a newbie and remember, they are superior and you respect there knowledge, nothing like an inflated ego to make someone tell you all of there secrets (social engineering again). • Keep on buying 411 cos this mag kicks ass! For those of you who are interested I am in the process of establishing a website on geocities I only started learning code three weeks ago so you may have to bear with me. I will have one up and running with pictures, sound recording and all the other lovely things that you mayor may not be interested in. Remember keep on learning, keep on discovering and keep on not getting caught also remember if it is too good to be true, it usually always is. So don't get cocky with your knowledge and don't use it for naughty things Be: By Erik Giles There 's been much talk in recent years about the power of information . Good, bad, and even humor can result from false or inaccurate use of this power . 1 have always been fascinated by the power of false information, which is one reason 1 am attracted to the business 1 work in (bank fraud prevention) and a reason that drives my interest in hacking , hackers , social engineering, and writing for Blacklisted!41 I. Recent events got me thinking about this topic. The biggest was tragedy of the miners in West Virginia, followed by the salt rubbed in the wounds of the victims families due to false rumors and reports of their survival. What a nightmare that must have been for those folks in West Virginia; days of anxous ly waiting at the church for news about your trapped loved one, then the elation of the miracle of their survival, followed by a second, possibly worse horror of finding out they truly were dead. 1 feel for the victims families. For posterity, 1 picked up a copy of the USA Today last week with a headline proclaim ing the miners survival. 1 imagine that one day this newspaper will be remembered with the same notieriety as the ' Dewey Wins' headline s from Deweys loss to Roosevelt. To their credit, USA Today ran an apology the next day, not every news source did this. Another recent incident of this kind was the phony article in Wikipedia, that falsely implicated a respected journalist as having a part in the assas sinat ion of one of the Kennedy s. That this man had been a good friend of the Kennedy family, indeed, he was a pallbearer at Robert Kennedys funeral, made this one particularl y cruel. Another one was a recent fake ' Amber Alert ' about a non-existent missing child that was forwarded to me by my sister. Snopes .com is very useful in these situations, it helped me to confirm that this Amber Alert was indeed false. Bad News: Stop the Presses Probably the most famous example of an erroneous news item were the various 'Dewey Wins' or ' Dewey Defeats Truman' headlines from the 1948 election . I do have a bit of sympathy here for large- scale print media that operates under deadline pressure. The time needed for productio n runs and a daily deadline sometimes means that a newspaper has to print the best available information they have at the time and they don't want to get scooped by the competition. The Dewey case probably caused very little real harm, apart from some consternation on the part of some Dewey fans, but that was nothing like the pain felt by those poor souls in West Virginia. And who can forget Steve Glass's "Hack Heaven", an entirely fictitious and easily disproved story about a hacker who'd scammed the non-existent "Big Time Software Finn" called "Jukt Micronics" out of thousands of dollars . As a writer of fiction who has been working to get publis hed, 1 have to admit a bit of begruding respect for Glass . 1 think Glass could be an excellent contributo r to this magazine, for he is an expert in the field of fiction as well as social engineeri ng. His career at The New Republic stands as one of the classic examp les of socia l eng ineering of our times. Glass's ruse was so complete, he covere d his tracks with fictit ious web sites, copius fake reporters notes, cell phone voicemails and emai l messages . And on top of all that, Glass was played by Hayden Christ iansen in a move about his exploits called ' Shattered Glass'. That's pretty impressive, if you think about it. I mean, I'd be bragging quite a bit if someone made a movie about my life, casting me with the same actor who played the greatest all-time movie villian known as Darth Vader. 12 Volume 8 Issue 2 - Summer 2006 Blacklisted I 411 A close cousin to this is the intended fiction story that somehow gets misinterpreted. This is pretty rare given the rise of electronic media and the fact that most people realize that fiction appears. War of the Worlds, a fictitious account of a Martian invasion that was dramatized as a series of newscasts, is the prime example. Apparently some folks were so spooked by the story that they opened up with their rifles on local water towers, mistaking them for Martian vehicles. A more malignant version of this kind of thing are news stories intended to influence stock prices, up or down. Many people don't know that it is possible to make money on a stock. The SEC has gone so far as to create phony websites which tout a non-existent stock, as a means to create more public awareness and prevent investors from being scammed. Urban legends & Hoaxes When I was a kid, I fell for all manner of urban myths, from rumors about spider eggs in bubble gum, or exploding cacti, to alligators in the sewers. I think that my first encounter with urban legends was in junior high school. My friend in the 9th grade told me about some old lady in his neighborhood who'd attempted to dry out her cat by putting it in the microwave, of course killing it. To my credit, at first I didn't believe the story but he swore that it had happened in his own neighborhood and he knew whieh lady had done it. So I believed it. Sometime later this same friend told me about how the old lady had come home from work to find her pet Doberman was ill, apparently having ingested something, and when the vet pumped its stomach they found the fingers of a thwarted burglar. I didn't believe that either, but again he claimed the lady lived 'just down the street' so I fell for it again . Some time later I repeated one of the stories to someone else, who informed me that it was an urban legend. At that point I realized that I had, in my own mind, ascribed the Doberman finger story and the microwaved cat story to the same old lady in my friends neighborhood, they had had merged together within my mind, back to the same old lady in my friends nighborhood. But, I was shocked most of all to realize that I had never consciously made the connection between the two incidents. And I also wondered, why had I been so gullable? I decided I had been hooked because my friend claimed to have personal knowledge of the incidents, that he knew who the old lady was and where she lived. A more malignant story I remember from my college days was when a friend of mines father worked as a referree during a nationally televised college football game. During the game, this referee was injured. This not only greatly upset my friend who was watching it, but it got worse when someone else we know called her home and informed her that her referree father had sufferred a severe inj ury and would have a hard time being able to walk again. Thuis wasn't true; the injury he suffered was no picnic, but his ability to walk was never at risk. To this day I can't believe our mutual 'friend' did that. How do Urban Legends get started? Some urban legends are created on purpose, to harrass or embarrass someone else. According to Snopes, a high school student in Pennsylavnia was apparently angry at another for stealing his girlfriend, and created a phony email bemoaning his 'severe ostriopliosis of the liver' which caused him an 'enflamed liver' with his rivals name attached, has circulated for years and caused numerous phone calls by concerned 'good samaritans' who want to help. Other urban legens, like the doberman finger story, the microwaved cat, and others seem to have to intended victims but they circulate anyway. How would these have gotten started? I have no idea. I am going to purposely make an attempt to start up a new urban legend today, and aliI will say is that it involves laser pointers and some other well known urban legend themes. If an urban legend associated with laser pointers and eye damage does get forwarded to you, please drop me a line at erikgiles_07@yahoo.com. I'm really interested to see if it gets forwarded, how long it lasts (if at all), and whether or not it changes over time. Ifit ever makes snopes dot com I will certainly let you all know. Links: Blacklistedl411 Volume 8 Issue 2 - Summer 2006 13 www .snopes .com urbanlegends.about.coml http://www.editorandpublisher.com/eandp/news/article_d isplay.jsp?vnu _contentjd> I00 1805699 http://www.pbs.org/wnet/histOl).ofusiwebI3/segment5y.html http://college.hmco.com/history/readerscomplrcahlhtmllah_02804 1_1948.htm' http://en.wikipedia.org/ wiki/Thomas Dewey http://J1ews.com.coml2100-1023-215292.html http://www.sec.gov/newslheadlines/scamsites.htm http://www .mcwhortle.com/ipogreenlight.htm http://www.forbes.com/1998/05/11/0tw3yrint.html http://www .cbsnews.comlstoriesl2003/05107/60minutes/main552819.shtml http://www.usatoday.com/techlnews/2005-12-II-wikipedia-apology_x.htm www .wikipedia-watch.org http://www.snopes.com/inboxer/medicallcancer.asp Urban legend Alert: Don't look through your door security peephole! This guy Ian Restil who lived next door to Amy (my girlfriend) went last week on a business trip out of town. The plane got in late, and he checked into his hotel anxious to get some sleep before the big presentation he had to give the next morning. At about 5:11 in to morning Ian was awakened by a knock at the door. When he looked through the peephole , he sawa flash like a cameras flashbulb , and the next thing he knew, his vision in his right eye was black. In some pain and dizzin ess, he went to the hotel lobby, still in his pajamas , and summoned a cab and went immediatel y to the emergency room. Apparentl y, after being examined, the police arrived and he found out more of what had happened. It is a new and increasingly common trend . He'd been flashed directly in the eye by a laser pointer, through the peephole of his hotel room door. The man missed the big meeting and as a result, he lost his job, including his health care benefits. His company did not care what had happened to him, they only cared that he missed his presentation. He now has severe ostriopilosis of the retina, meaning his eye is enflamed and his vision is blurred. He needs a variaiton of Lasik surgery to repair it, but due to the loss of his job and his health insurance, he cannot afford the approximate $5,000 cost. Apparently, this has been a common occurrence in some cities, as new gang initiation rites require some new initiates to blind someone with this method. Luckily, no one has sufferred permanent vision loss but this is a real possibility. Ian Restil wants everyone to forward this to as many people as possible, to warn them about this very real threat to their health. o.k , you guys .. . this isn't a chain letter, but a choice for all of us to help Ian save his vision, ifhe doesn't getthe surgery within 6 months , his blurred vision and enflamed retina will be permanent. , the american ostriopilosis society will donate 3 cents per name to his treatment and recovery plan. one guy sent this to 500 people!!!! so, i know that we can send it to at least 5 or 6. come on you guys.... I) It's a an awesome way to rack up POSITIVE karma points :) 2) j ust think, she could be you one day ... and in addition there's no need to send any form of money, ju st your time. So how about it? Thanks in advance! 14 Volume 8 Issue 2 - Summer 2006 Blacklistedl411 Identity Theft; Plugging the keyhole By: DuskKnight Overview Identity theft is one of the most severe of the common crimes. It is literally assuming the identity of your victim, such as using their credit card or name to obtain something. This article will help teach you how to recognize and avoid situations that could potentially lead to your identity being stolen which can have a large negative impact on your life, from your credit history to your family. I cannot possibly go over all the ways your identity can be stolen or all the solutions for each attack, but I hopefully covered most of the more common ones and gave some simple ways to avoid them. A simple ID theft example: The pizza parlor One of the simplest attacks I've heard that have been successfully done is by going into a pizza parlor and acting like they are reading the menu while they are either recording all the conversations in the room on small recorder or if they have a good memory, listening to names and remembering them. This is especially done during busy times so they can chose the target and get the kind of pizza they want. They will make a note of the name of the customer and the time the pizza is to be ready. If the customer pays for the pizza and leaves the parlor until its ready the thief can leave and call the parlor 15 or 20 minutes after the pizza was supposed to be ready and tell them that he is running late. When they say that the pizza has already been picked up the thief then will make a fuss about how somebody else must have got the pizza and demand either a new pizza or a refund. Though I know people who have accomplished this successfully I also know people who have failed. It is not a failsafe strategy and especially wont work if the parlor isn't in one of its busy times of the day, or they happen to target a frequent customer, or somebody in the parlor knows the customer they targeted. Some examples of how thieves might get your identity and how to avoid them The Attack: Phishing. One of the ways that I am personally targeted frequently is through phishing. This is when the attacker either sends an email or puts up a website that mimics a company out and hopes that people don't notice the small difference and enters their personal information. I recently got an email that looked like it would have come from PayPal saying that my account had been accessed by a third party and said I needed to re-enter all of my information. The email contained a link that the link title was to PayPal's website but the actual URL was to a name that looked similar to it but was off by one letter. Because I thought the email seemed phishy I looked at the URL and knew that it was not really PayPal Evasion: Always verify where these emails and sites are really leading. If in doubt, forward the email to the company and ask if it is authentic. In my case an easy check if I still wasn't sure after I looked at the URL would have been to log into my PayPal account and looked for anything on there that would have said my account was on hold. I know for a fact something on my account would have flagged me. The Attack: Dumpster Diving Another common way people can get your identity is to go through your garbage. If you throwaway a credit card, or an offer for a credit card that you get in·the mail and they find it. Another thing I have found my personal information is on my check stubs from my employer. This for a time had my social security number on it until I pointed it out to the management, who pays a service to write the checks and send it out for them, and shortly after that they starred out all but the last four digits of it. So in reality there is a lot of things that people commonly throwaway that contain your personal information. The thieves know it and you should watch out for it. Evasion: Buy a shredder. Every paper that you throwaway should be shredded. I especially recommend using a Blacklistedl411 Volume 8 Issue 2 • Summer 2006 15 cross-cut shredder so it cuts the paper into little tiny squares that would be next to impossible to put back together. Strip cut shredders are difficult to put back together, but it's still possible if the thief puts the time into it. I have even seen people going as far as putting all of the papers that might contain personal information in their fire pit or fireplace. Though this might be a little overkill. " The Attack: Packet sniffing Though this attack method is getting easier to avoid, it is still probably pretty easy. Especially over corporate or public networks. My classmates and I used to (10 this "in high school to attempt to get full access to the Internet. My school had a filter that wouldn't allow us to go on inappropriate websites. By sniffing the packets that our teachers would send out when they went to access the Internet, I was easily able to obtain their password and start using ii to access the Internet. . Evasion: Avoiding this one was simple. The snifTers stopped working when the school admin caught on and upgraded to using switches in place of the hubs. Though, I believe there were still ways to do it I never really cared to find one. After all, I had a new way to get the passwords shortly after. Another way you can avoid this is to use security. A lot of sites that collect personal information use SSL (Secure Socket Layer) to encrypt your data. Try to use these sites as much as possible, I actually wont even buy from sites that don't. The Attack: Key Logging A Key Logger is a program or device that captures key strokes. I actually had a physical device that I attached to my keyboard that would log around 130,000 keystrokes and all I had to do is type in the password I had set and it would display all the keystrokes that occurred. Evasion: Don't put things you don't want people to know into a computer used by other people. You never know who might be watching you. It's very difficult to tell if your keystrokes are being watched, and I see people doing this all the time. Library computers are a hot spot for checking mail, be weary of these, you could lose your password very easily if you use one. The Attack: Carbon Copy Besides magnetic strip readers that stores have, they often have carbon copy machines that can take an imprint of your credit card. These work good for when the network is down or the power is out, but it would also be very easy for a restaurant waiter or waitress to use to get your credit card information. With doing this they then have your name and your credit card number and can easily use this to get money from you. Evasion: You can refuse to allow the waiter/waitress to walk ofTwith your card, or you can go to a cash machine and get cash. I actually have found most restaurants at least in my area have ATM machines right in the restaurant. When I pay using my card I explain to them that I don't let it leave my sight for my safety and most of them don't mind me following them to the cash register till the transaction completes, a few of them make fun of me for it but find it irritating, but thats their problem not mine. The Attack: Looking over your shoulder Though I am not entirely sure how often this one is done, the idea is in my head that it is possible. I go to coffee shops all the time that people are sitting there using their laptops with their headphones on being completely oblivious to their surroundings. It would be incredibly to look over their shoulder and see what they are typing, especially if you have good vision. Evasion: Once again, this is one that you just need to be careful what you type when you are in a public place. This is why passwords are often starred out. But you know, credit card numbers are usually not. They should be, but they are not. Now that you know a few of the more common attack types and some simple ways you can evade them I want to point out that the list is not complete, and there is almost always other evasion tactics you can use. 16 Volume 8 Issue 2 - Summer 2006 Blacklistedl411 Common Mistakes I see a lot of common mistakes. Even from people that are close to me. I once was at a bank with my girlfriend and they asked her to verify her identity by giving them her social security number, and she obediently recited it in an audible level. I really blame the bank for this honestly, because they should have handed her a piece of paper and a pen and asked her to write it down for them, and then when they were done should have either put it into a shredder so she could see it being shred or handed it back to her so she could take care of it later. Though she is also to be blamed for saying it out loud without thinking about it. Another time I was with her, and she was returning something she charged on her store credit account, and they handed her a piece of paper. I had told the clerk that she had done a good job by not making her ask for a piece of paper and just getting it for her. I also have to point out that a somewhat related mistake to the previous one is givmg out your information freely. I know somebody who got in a fender bender, and the lady didn't want to get the cops involved, and that person gave the lady that hit her her contact information. It wasn't very long before the lady had a lawsuit against her and she had to fight it in court over who owed who money. Another mistake I sometimes see is somebody reciting a phone number and a name out loud when they are talking on the phone. Though, this isn't as bad as your social security number, this can sti II lead to a few problems, especially if you either give out your house number or you are the owner of your house and have your name in the phone book. What to do if your Identity has been stolen Social Security: If you suspect somebody has been using your Social Security Number, you can request a copy of your Social Security statement by going to the following address and filling out the form: https://s044a90 .ssa.gov/apps6z/isss/main.html If you find that your Social Security Number has been stolen, and as long as you have not filed for bankruptcy a new one can be given to you by using the contact information provided on http://www. ssa.gov. Credit Cards: Because of the Fair Credit Billing Act, you are only held liable for up to $50 for any purchase on the card that is not you. You must contact the creditor and tell them the error within 60 days of receiving the bill. You can find out how to contact the creditor by going to the creditor's website (Visa, Mastercard, etc.) References used Though most of this article was written off of personal experiences and memory I did use a couple of resources. Wikipedia To help define exactly what is and isn't Identity Theft http://en.wikipedia.org/wiki/ldentity_theft To help define exactly what is and isn't Identity Theft Who Else Is Me http://www.whoelseisme.com To be accurate about what to do if your identity has been stolen About the author Nicholas Steele, a.k.a Dusk Knight, has been actively into computers, security, and programming for five years, even though he has known how to use a computer since he was a lot younger. He works a side job of consulting even though he is mainly a college student and factory worker. Even the factory he works at pulls him from what he is doing to fix the computer systems from time to time. Blacklistedl411 Volume 8 Issue 2 - Summer 2006 17 FEIJSIBILITY OF IJ.N EXHIJ.USTIVE SEIJ.RCH IJ. TTIJ.C/( ON THE RCS ENCRYPTION IJ.LGORITHM By Rick Davis Intro RSA laboratories has lead the way in cryptography since its inception in the mid 1980's and their RC5 algorithm developed in 1994 helped to improve their already shining image although after a number of years the question remains of just how effective this aging system still is. Originally designed by Ronald Rivest, a professor at MIT at the time, the system was amazing and even today it stands up to all attempts to break it by using assorted mathematical tools although any code can be broken through a brute force attack, at least in theory. It is with this in mind that the following sections attempt to show the current state of the RC5 system. A Brief Background When discussing cryptography systems its important to understand some key terms and concepts. Basically, at the core of any encryption is some kind of mathematical system which encodes and decodes the information . The RC5 system is no different and its genius is that it is based on three components each of which utilizes only three very basic mathematical operations . The three parameters that determine the level of protection offered by the algorithm (block size, key size and number of rounds) are all variable which allows the user to set an appropriate level depending on their needs. Understanding how the operations behind the system works is only half the issue where the other half is understanding what effect computers have in relation to the algorithm. Many types of research in the field of mathematics, of which cryptography is a part, rely heavily on a computers Random Access Memory (RAM) in order to solve problems however this type of encryption can be attacked via the brute force method with very little RAM. Of course the trade off is that a massive amount of processing power is needed. This has both good and bad points for the code-maker and code-breakers alike. First, with a RAM intensive attack you can generally only use one computer whereas a distributed network of systems can be used where only computing power is needed . Also, systems that can apply large amounts of RAM are very costly and rare while 4Ghz computers can be bought for a couple hundred dollars. It is also important to view the field of computers as a moving variable since progress in the field cannot be accurately predicted. For example, in the 1960's home computers were science fiction and mainframes were just moving along, in the 1980's home computers had under 10 Mhz of speed with under 64k of RAM, the 1990's saw home systems with 500Mhz CPU's and 64MB RAM and then today we are almost about to see 5Ghz CPU's (with multi-core and multi-processor systems getting popular) and RAM topping out at a whopping 2-4GB. Aside from the limits of design economic considerations also effect a major hardware purchase. Global conflicts, materials shortages and other unforeseen events all contribute to wildly fluctuating prices . Current Search Attacks One of the most productive attempts for the exhaustive search has been conducted by the distributed. net group. They rely upon the power of distributed computing to slowly chip away at the key space . Anyone who chooses to can simply go to their website and download a client program which runs quietly in the background of any computer and through the efforts of some 20,000 computers their system successfully cracked the 56-bit as well as the 64-bit system. Keeping in mind that these successes took 250 days and 1750 days respectively across tens of thousands of computers however it does show that this search attack is possible. The question is at what point does the key space expand 18 Volume 8 Issue 2 - Summer 2006 Blacklistedl411 faster then the level of technology and how realistic will it be at that point to commit to a brute attack. Answering these questions is vital for anyone interested in deploying the algorithm as well as those who may step beyond the confines of this particular equation. The Current Attack Currently the distributed. net project is working on the 72-bit challenge and it is with this challenge that we can begin to determine the feasibility of the brute attack. The first thing to keep in mind is that the project only runs until the key is found therefore its possible to find the key within the first ten percent of the keyspace, its because of this that the time of completion is misleading therefore a full view of total time required is absolutely necessary in order to gauge the strength of this algorithm. A quick look at figure I and you can see the total number of keys possible for a 72-bit key is 4,722,366,482,869,645,213,696. But to really appreciate this number you have to build an estimate of just how long it takes to compute this many keys. Let 's start with one standard desktop computer with a 2 Ghz CPU. In a 24 hour period this system will compute 515,396,075,520 keys on average which means that this system alone would take 9,162,596,898 days, or just over 25 million years, to search the entire keyspace. Now let's compare that to the cost of running this system. Ignoring the trivial cost of the machine itself with today's national average of about 7 cents per kilo-watt hour it costs roughly forty dollars per year to run this computer (not including a monitor) which translates to I billion dollars over the course of the run. Obviously in this case money is not the major issue, the more pressing matter is that it will take 25 million years to crack the code. Now the point of the distributed computing project is to speed this up by running the data across many computers, so lets take a big jump and assume we have 10,000 computers performing the exhaustive search. All together the 10,000 computers will process 5,153 ,960,755,200,000 keys every 24 hours and therefore will run the entire keyspace in 916,260 days , or just over 2,500 years. Obviously that's of no use so what happens if we jump to 100,000 computers? In that case we can search the entire key space in 251 years. In fact to even approach a realistic time frame we would need TEN MILLION computers in order to run the entire keyspace in just over 2.5 years. However now that we have our time frame in the realm of possibility (but not practicality) it should be noted that to run ten million computers for two and a half years we would now need to pay the power bill of I billion dollars plus the cost of all the computers, monitors and the salary of what is sure to be the largest computer support team ever devised. So then we have quite the conundrum that leads to the question what can be done to shift these values in a favorable manner? Well, using current statistics we can assume that a 3 Ghz computer can search 449,280,000,000 keys per day, while a 4 Ghz system can do as much as 829,440,000,000 per day. With this data we can replace our 2 Ghz systems in the last example with 4 Ghz systems which now means we can run the entire key space in 15 million years on one system or 1,500 years using 10,000 computers. And once again to approach a realistic time frame ten million computers can process the entire keyspace in a year and a half. In fact if we needed to search the keyspace in one year using only 10,000 computers each computer would need to process 1.3 quadrillion keys a day which is about 3.5 orders of magnitude higher that what the best 4 Ghz cpu can do today. Is it necessary to search the entire keyspace? For the purposes of reviewing the feasibility of the exhaustive search it must be considered however if the goal was to only crack the encryption algorithm it would only be necessary to search the keyspace until the key is found, which could be as soon as less than I percent or as much as within the 99th percentile. Because of this there is a certain luck factor inherent with the algorithm. Again a massive amount of funding is required for the computing power but it could be possible, with luck, to run across the correct key very early in the sequence . Data encrypted by the algorithm is secure from anyone decrypting it live, or even for several years, however if data was stolen it would only be a matter of time before the key was found if those behind the theft had enough funding, computing power and patience to locate the key. Supercomputers and Money What about using a supercomputer? Well to compare a supercomputer to a large array of desktops there are two main things to keep in mind, they are cost and processing speed. As we ignored the cost of storage, maintenance, power and other items for the desktops we can do the same for a supercomputer since it uses less space and maintenance but more power, in the end these extra costs even out. Looking at supercomputers we can go right to the top of the list to the inventor and long time leader in the field, Cray systems. Cray has two supercomputers at the top of their production called the XT3 and X I E. The first has a top processing power of around 450 Gflops or roughly the power behind I 10 4 Ghz desktops and its big brother has a top speed of 140 Tflops or about the power from 350 4 Ghz systems. Now although this is more than impressive under normal conditions it would still take these monsters 141,000 and 44,000 years respectively to run the keyspace and to get enough of them running at once to search the keyspace in a year or less would cost more than the current national debt. Its also worth noting that there is no pricing available for these supercomputers, you have to place a order which is completely customized in order to get an estimate, but I estimate the cost of the XT3 at 5 million dollars and that of the XIE at 20 million dollars, also once the order is placed you have anywhere from 3 months to 3 years before its built, tested, delivered, installed and ready to go. Does that make supercomputers less cost effective? Well, that mostly depends on your resources and point of view. To get equal computing power of the XT3 it would cost around fifty thousand dollars in desktop computers which is definitely cheaper than five million dollars, but over the long run when you consider storage space, power consumption, monitors, other components and lots of support personnel the scales of practicality definitely tip towards the supercomputer. Consumer "Supercomputers" Today's flood of technology has changed the definition of this word over the years. Initially this term was used to describe systems with a specific purpose or a specific brand however today a supercomputer is simply one of the fastest systems in relation to its overall processing speed. Some go further and reserve this title for the top 100 processing systems although with such a limitation that list can change monthly ifnot faster. With the current flood of new technology at ever decreasing prices there are two very reasonable options to owning a super system from consumer sources. First, it's easy to build a quad CPU system from off the shelf parts and 8-16 CPU systems are slowly creeping up. These systems are used as a low price option for small businesses who need file servers and such and all the parts are readily available over the internet or from local suppliers and very basic computer knowledge is needed to assemble them. The leaders in these systems are the AMD Opteron's which excel in quad configurations and keeping in mind these are 64-bit CPUs their price of around $200 per CPU is very cheap. In fact a basic quad CPU system could be built for around $2500 (retail) which would include the CPU's, Motherboard, Case, a single Hard drive and about 4GB of RAM. The other major option is known as a 20 Volume 8 Issue 2 - Summer 2006 Blacklistedl411 "Blade Server" within the industry. This is a large box ranging in size from one foot in each dim ension to a 19-inch wide rack that is 10 feet high. The box itself simply has an array of location for the blades to plug into much like a graphics card or modem plugs into a normal motherboard. The difference here is that each "blade" has one or more CPU's along with dedicated RAM and other features, all starti ng under $1000 each. In this configuration you could have 100' s ofCPUs or more runnin g in a space no larger than a washing machine. Of course this assumes these pieces are bought retail although anyone with a tax-ID could find them cheaper in bulk which would therefore be able to compete and most likely outperform standard home computers in the long run no to mention there would only be the need to have a single person oversee the array which would require much less space and power. So where does this leave us? Will the Engineers beat the Mathematicians? It would appear that there is no reasonable way to run an exhaustive search of the entire 72-bit keyspace with today' s technology costs and their related computing power. The only possible light at the end of the tunnel would be if technology took a huge leap forward so that within a short time 15-20 Ghz cpu's or more were on the market at today's 2 Ghz prices and then with a large enough cash flow you could setup a very large computer array. All of the previous examples have dealt with the assumption that the 72-bit key is the goal to beat when in fact the RC5 algorithm can extend to a 128-bit key. The jump from 72 to 128-bit inc reases the number of keys to search by 1017 (that' s 17 zeros added). Using the previous examples as a ben ch mark that means that it would take 100,000 4-Ghz systems II x 1018 (11,000,000,000,000,000,000) years to search the entire key space. And to bring the time frame to under a year you would need I 1 x 1023 4- Ghz systems. It' s obvious these are huge numbers that prohibit current systems from runn ing the keyspace however the question is if new computing technology can catch up quick enough to pose a threat to the algorithm. Using a very liberal guess of what a 10-ghz CPU might process with today's processor architecture we could assume that it would process 200 billion keys per day or the entire keyspace in 550,000 years . This does mean that about 120,000 of these could search the keyspace in one year. Of course the limit of the RC5 system running at a 128-bit key would mean that our fictional processor would need to be )07 as powerful and far beyond being able to guess at its power. Will computing power ever catch up? With new technology and theory ever evolving and quantum computing on the horizon its inevitabl e that computers will continue to move ahead in leaps and bounds however within the scope of RC5 this question only applies for as long as its being used therefore we need only look to the coming 5 or 10 years along with the past in order to form a benchmark and an educated guess of the near future. A popular guideline for computing advancements is Moore's Law. This law observed by Gordon Moore in 1965 predicts that the number of transistors per square inch would double every yea r. The present day values have this doubling every 18-months, or a performance increase of over I % per week. Of course as technology increases this guideline will be less useful as design features and processing architecture makes a simple 2-D measurement of the chip useless. Where is RSA and what is the future of the RC system? Although corporations do not discuss their specific security measures the customer list on the RSA website shows an impressive list of clients including credit unions, airlines, banks, variou s manufactures and many others. Aside from these clients that use network encryption to secure the ir data, RSA now offers portable devices for authentication that have such a low cost and ease of use that even an end user could employ them. The bottom line is that with RSA reaching far and wide the RC5 system is still a big part and does not look like its going to let up anytime soon. As strong as the RC5 system seems to be it is by no means the end of the line for the algorithm. In the Blacklistedl411 Volume 8 Issue 2 • Summer 2006 21 late 1990's the RC6 system was announced and was entered into the competition for the new Advanced Encryption Standard (AES) which was to replace the older Data Encryption Standard (DES) which had been broken many times and was no longer backed by the federal government. Conclusions With all of this in mind the final question and the only really important one is weather it is still safe to employ the RCS system and for those that use it or might in the future the question is would you feel safe with it protecting your data? The bottom line is that RCS still holds a great deal of use and it is near impossible for an exhaustive search attack to be effective by anyone with the current level of technology. Anyone employing it may wish to step up to the 96-bit key or higher since operations are underway to break the lower levels although even the lower levels show great strength. Of course any system based on an equation may eventuall y be broken by one as well so it is important to keep an eye on the current cryptographic information for any new methods that may make the ReS system vulnerable. Key Size Maximum Possible Keys 32-bit 4,294,967,296 140-bit 1,099,511,627,776 ~8-bit 281,474,976,710,656 56-bit 72,057,594,037927,936 ~4-bit 18,446,744,073,709,551,616 72-bit 4722366,482.869645213,696 80-bit 1208925819,614629174706176 88-bit 309,485.009.821.345068724781,056 ~6-bit 79228 162514264337593543950336 104-bit 20,282409,603651,670,423,947251286.016 112-bit 5 192 296 858 534 827 628.530 496 329 220 096 120-bit 1329,227,995784915,872,903,807060280,344,576 128-bit 340,282,366920,938,463,463,374607431 768,211,456 Figure J numBER S'T'STEmS By Jewstah Editor-in-Chief, ieet magazine Number systems define a set of values used to represent quantity. Knowledge of these systems can help in many different fields of hacking. As you probably already know it is imperative that one should know these systems to see just how data is read, stored , and transfered in computers. Here is a simple guideline to understanding these systems, easily. Decimal system: Base 10 system , the name originates from the word 'deca' mean ing 10. This system uses ten different symbols to represent values. The set values for this system are: 0 1 2 3 4 5 6 7 8 9 . o having the least value and 9 having the greatest. However in the Decimal system the digit on the left has more importance than the right. When doing a calculation, if the highest digit (9) is exceeded, then you must transfer over to the next column (left column). Example of addition exceeding the base : 8+4 . 8 9 +1 10 +2 (note) 11 +3 12 +4 Note : When 9 is exceeded, you must go back to the beginning of the set (0), and carry a value of 1 over to the next column (left) . Positional values : Columns represent powers of 10, this is expressed as columns of ones (0-9), tens (groups of 10), hundreds (groups of 100) etc . 237 =(2 groups of 100) + (3 groups of 10) + (7 groups of 1) =(100 +100) + (10 + 10 + 10) + (1 + 1 + 1 + 1 + 1 + 1 + 1) =(200) + (30) + (7) =(237) Each column move left is 10 times the value before. Binary system : The binary number system uses two values to represent numbers. The values are, 0 and 1 with 0 having the least value and 1 having the greatest. Columns are used in the same way as in the decimal system, the left most column is used to represent the greatest value. The values in the set (0 and 1) repeat, in both the vert ical and horizontal directions. o 1 10 11 100 101 110 111 Note : Goto value lowest in set , carry over to left . Blacklisted I 411 Volume 8 Issue 2 - Summer 2006 23 When it comes to computers, a binary variable capable of storing a binary value (0 or 1) is called a Bit. Just as in the decimal system, columns represented multiplied values of 10 because there were 10 values (0 - 9), in the binary system, columns represent multiplication values of 2 (0 - 1). Rules for Binary Addition: Operation 1 Result 0+0 0 0+1 1 1+0 1 1+ 1 0 and carry 1 Rules for Binary Subtraction: Operation I Result 0-0 0 o- 1 1 and borrow 1 1- 0 1 1- 1 0 Rules for Binary Multiplication: Operation I Result O' 0 0 0'1 0 1•0 0 1• 1 1 Hexadecimal system: The hexadecimal number system uses sixteen values to represent numbers. The values are, o 1 2 3 4 5 6 7 8 9 ABC D E F with 0 having the least value and F having the greatest. Columns are used in this system like the others, the left most column is used to represent the greatest value. 0- F, 10 -1F, 10 - 2F, 30 - 3F .... Hexadecimal is often used to represent values (numbers and memory addresses) in computer systems. Decimal I Binary I Hexadecimal o 10000 I 0 1 10001 I 1 2 10010 I 2 3 10011 I 3 4 10100 1 4 5 10101 1 5 6 10110 I 6 7 I 0111 I 7 8 11000 I 8 9 I 1001 1 9 10 11010 I A 11 \1011 I B 12 11100 I C 13 11101 I D 14 11110 IE 15 11111 IF 24 Volume 8 Issue 2 - Summer 2006 Blacklistedl411 Converting Decimal to Binary: Continuously divide number until it is reduced to O. On dividing by 2, if there is a remainder of 1, the corresponding binary number is 1, however if the remainder is 0 then the binary number willbeO. Converting Binary to Decimal : The decimal value of a binary number is equivalent to the sum of the decimal values of the binary digits . Converting Hexadecimal to Binary to Decimal : The best way to convert hexadecimal into decimal is to convert it into binary first , then from there convert the binary into decima l. Gray Code: This is a variable weighted code and is cyclic. It is arranged so that every transition from one value to the next involves only one bit change . The gray code is sometimes referred to as reflected binary , because the first eight values compare with those of the last 8 values, but in reverse order. Decimal Binary I Gray o 0000 10000 1 0001 10001 2 0010 10011 3 0011 10010 4 0100 10110 5 0101 10111 6 0110 10101 7 0111 10100 8 1000 11100 9 1001 /1101 10 1010 11111 11 1011 11110 12 1100 11010 13 11101 11011 14 11110 11001 15 11111 11000 The gray code is often used in mechanical applications such as encoders. Modulo 1 Arithmetic. This is binary addition but the carry is ignored. Converting Gray to Binary: Write down the number in gray code . The most significant bit of the binary number is the most significant bit of the gray code Ass (using modulo 2) the next significant bit of the binary number to the next significant bit of The gray coded number to obtain the next binary bit Repeat until all bits of the gray coded number have been added modulo 2 The resulting number is the binary equivalent of the gray number. ASCII : ASCII is the American Standard Code of Information Interchange, and 8 - bit code, which only consists of 1 and O. The 8 - bit code can be broken down into two smaller parts of 4 - bits. The plain text value of an 8 - bit ASCII code is the value obtained at the intersection of the two 4 - bit values. Refer to an ASCII chart for example. I hope this brings you to a greater understanding of just how the information in computers work . Enjoy . Blacklistedl411 Volume 8 Issue 2 - Summer 2006 25 The hardware based keylogger is an excellent addition when performing physical penetration testing. The ease at which you can install them, and the fact that precautions are often not taken to prevent such an attack make them a relatively easy way to gain sensitive information. Unlike software keyloggers, which are detectable using anti-virus software and forensic analysis, hardware based keyloggers are almost completely transparent to the user. Unless the keylogger fails or the user regularly checks the back of his computer, these devices usually remain unnoticed . The following article will cover the production of your own hardware based keylogger using basic parts that can easily be acquired . If you aren't up to building your own keylogger, I would highly suggest taking a look at keelog.com. These keyloggers are cheap (Remember, many commercial keyloggers cost up to 100 USD just for a 128kb version. Keelog.com offers you 64kb, 128kb, and 256kb versions for under half the price [Based on $36.99 for the 128kb version vs. $89.99 for another 128kb commercial keylogger]) Overall I would highly recommend the people at keelog.com for any of your hardware based keylogger needs. In addition to PS2 keyloggers, they also offer keylogging modules designed to integrate into pre- existing PS2 keyboards for even greater stealth capabi lities along with a new product for USB based keylogging (Which has not been released yet). What you Need Before you start, go down this list and see if you have all the basic stuff needed to do this project on your own: a little bit of experience in electronics a soldering iron a microcontroller programmer supportin g the Atmel 89C20XX family 26 Volume 8 Issue 2 - Summer 2006 Blacklistedl411 The biggest problem faced with building the device is the need for a programmer for the A T89C205 1 chip. Purchasing one would probably be impractical since you will only need it once . If yo u know someone that has this type of programmer, you may want to borrow it or if you feel up to it, you may want to build your own (http://chaokhun .kmitl.ac.th/-kswichit/89proglindex.html). The following is a list of materials to build the keylogger: • an Atmel AT89C2051 microcontroller (AT89C1051 or AT89C4051 will do as well) • a 24C512 serial EEPROM chip • a 12MHz crystal (as small as possible) • two 33pF capacitors • one lOuF capacitor (as small as possible) • one 10kiloohm resistor • a small push-button You will also need casing for the device. A variety of materials can be used to encase the device . Materials such as heat shrink tubing and possibly even plumbing material may be used to encase the device. Be creative when finding material to encase the keylogger. The smaller less noticeable cas ing would probably be preferred due to the decreased likelihood of detection. The first thing to do is program the microcontroller. The first step is to bum the AT89C205 I using the programmer you borrowed, purchased, or made. Use the following binary version (Downloadable from http://www.keelog.com/file s/diy.bin) or the hex version (Downloadable from http://www.keelog.com/ files/diy.hex) .You can also compile your own binary using the source code (Downloadable from http:// www.keelog.com/files/diy.asm )anda8051 compiler. After flashing the device, you're ready for soldering. This is probably the most difficult part in the whole project since the keyboard logger should be made as small as possible. The electrical schematic below shows how connections should be made between components. 10k 24C512 Vee Vcr:. CLK eLK DATA DATA GNO GND Blacklisted I 411 Volume 8 Issue 2 - Summer 2006 27 Solder the components together starting from the microcontroller and the EEPROM. Unused pins can be removed if needed. Make sure the push button is accessible and the IOuF capacitor is biased correctly (minus should be connected to pin 1). Leave the PS/2 connectors for the end. Try to make the keyboard logger as compact as possible while avoiding short circuits since they will be very difficult to remove after the device is ready. The finished product should look somewhat like the prototype shown on the photo after the core is assembled. Now it is time to solder the PS/2 connectors. In order to do this, cut the PS/2 extension cable into two pieces and solder each part separately. Make sure you put the heat shrink tubing on one part of the cable. Be sure to connect all four used PS/2 pins (CLK, DATA, VCC, and GND) on both plugs (at the keyboard and at the computer). Vee Vee ClK ClK DATA DATA GND Before placing the casing on it's a good idea to place resin or glue in order to make the device more resistant to impact. Finally pull the thermal tubing on, heat it until it wraps around the soldered components, and cut a small hole out so the button is accessible. The keyboard logger starts recording key-strokes once plugged between the keyboard and the computer. Only PS2 PC keyboards are compatible with the device. The logger is completely transparent for computer operation and cannot be detected by software in recording mode. All data sent by the keyboard will be logged in internal non-volatile EEPROM memory (up to 65536 bytes). Recording mode is completely independent from the operating system installed on the computer. 28 Volume 8 Issue 2 - Summer 2006 Blacklistedl411 In order to install the device follow the steps listed below: Find the PS/2 connector at the computer. Disco nnect the keyboar d. Connect the keyboard logger in place of the keyboard. Blacklistedl411 Volume 8 Issue 2 - Summer 2006 29 Connect the keybo ard to the logger. On computer power-up data will start being recorded. Once data has been recorded into the keyboard logger, it can be retrieved to a PC running Windows 9X1MeIXP/2000 . The keyboard logger does this by simulating the keyboard. The transmitted characters are acquired by a special appl ication called KeyGrab (http://keelog .com/down .htm l). After using the software to replay and capture the keystrokes, you're ready to reap all the sensit ive information from the unsuspect ing victim. Listen! Part Two By ML Shannon Welcome back. For you who have just tuned in, in Part One, I rewrote the original article on scanning, which was called The Ear, and shortened it to include only the most useful chapters. This was followed by the first half of a long list of services, organizations that use two way radio communications that you might be able to monitor. Please be aware that while some entries contain known or believed actual frequencies, this is not intended as a frequency guide or listing. There are many available in the Sources section at the end of this article. Agencies come and go and change frequencies as well as bands. What listings are there are only as a convenience. Now, the second half followed by monitoring repeater input frequencies, online Internet scanners, Data signals, near-field monitoring, the trunked radio system, and a little technical stuff on radios. PART TWO LISTINGS Garage Door Openers Try 3i5, 390 and 288-418 MHz. Interesting article about these being interfered with near some military bases: http://www.aaaremotes.com/fccpunoforga.htmi Golden Age of Radio On some commercial broadcast and international shortwave stations, you can hear old radio program s from the thirties to the sixties. They come and go from one station to another , so they are where you find them. If you are really interested in these wonderful old programs, you can find a list of sources on my web site www.fusionsites .com/otr GreenPeace Aboard their vessels at sea, amateur HF frequencies may be used; at least this once was true. Also try 151.625,462.575,462.600,462.625,464.500,464.550. Homeland Security Here is an area where some serious research is needed. Perhaps you might get involved in trying to find some good frequencies. Keep in mind that there has been some re-shuffling of agencies so some that were formally independent, such as the Secret Service, are now part ofDHS. Hot Air/ helium Balloons Wouldn't it be fascinating to hear Steve Fosset in his next adventure? International Short-wave broadcasting All the many stations I heard as a kid and lots more; from practically every nation on the planet. And while some are weak and fade in and out, a new system used by some of these stations solves that problem. This is called Digital Radio Mondiale (DRM) which uses a type of transmission called COFDM (Coded Orthogonal Frequency Division Multiplex). With this system, those shortwave stations that use it can be received with excellent signal quality. You can learn about DRM here: http://www.drm.orglindexdeuz.htm. or http://www.owdjim .gen.nzlchrislradio/DRM/ I haven't tried DRM, preferring to spin the knob on my Icom R-8500 (Very nice radio) and tune in what I can. Blacklistedl 411 Volume 8 Issue 2 - Summer 2006 31 Law enforcement Agencies City, County and State In many states including California, the Hiway Patrol uses 45 MHz as their main channels. They also have VHF for comms with their aircraft and UHF for various 'MARS' (Mutual Aid Radio Systems). In San Francisco as well as many other areas, local police also have 'Low Band' but unless they use the trunked system, they will likely be between 460 .050 and 460.550 MHz. Law enforcement Networks. State and nationwide common channels for law enforcement, firefighters and others [f a police vehicle from one city visits another, or even a different state, they may be able to access the local radio station on CLEMARS, California Law Enforcement Mutual Radio System, or NALEMARS, the national equivalent. Now, some cities have gone to the trunked system, but they may, as does San Francisco, still maintain some of the UHF 'PIC' (Police Instant Communications) ehannels which include CLEMARS. Try 154.92 and 154.935 for CLEMARS and 460.025 for NALEMARS. Local government agencies Public works, utilities, the dogcatcher. Normally not the most exciting transmissions to monitor, but in the trunked radio system even the Mayor or District Attorney have their own 'channels'. You never know... International Short-wave broadcasting All the many stations I heard as a kid and lots more; from practically every nation on the planet. And while some are weak and fade in and out, a new system used by some of these stations solves that problem. This is called Digital Radio Mondiale (DRM) which uses a type of transmission called COFDM (Coded Orthogonal Frequency Division Multiplex). With this system, those shortwave stations that use it can be received with excellent signal quality. You can learn about DRM here: htrpz/www.drm.org/indexdeuz.htm, or http://www.owdjim.gen.nzlchrislradio/DRM / Local government agencies Public works, utilities, the dogcatcher. Normally not the most exciting transmissions to monitor, but in the trunked radio system even the Mayor or District Attorney have their own 'channels'. You never know... Marine telephone. From 155 to [56 including Coast Guard. M.A.R.S. Military Affiliate Radio System http://public.afca.af.mil/LIBRARY/MARSI.HTM: "The program consists of licensed amateur radio operators who are interested in military communications. They contribute to the MARS mission providing auxiliary or emergency communications on a local, national, and international basis as an adjunct to normal communications." See this link for a long list of emergency frequencies including M.A.R.S. (Most are HF; shortwave) http://www.ominous-valve.com/hurricne.txt Media and remote relay Get the news before anyone else does! Newspaper and TV reporters tend to be very chatty; they say a great deal about what is happening, obviously, to report to the 'City Desk' or whatever. An example is later in this book. Often around 450- 453 with repeater input 5 MHz lower. (May be unlawful to monitor) Medical Telemetry These will usually be very short range transmissions, within a hospital or other medical facility and are sometimes on the 2.4 GHz no-license band along with wireless 802.11 computer networking. 32 Volume 8 Issue 2 - Summer 2006 Blacklistedl411 I might mention that if you are into wireless, that using a directional antenna and a hi-power card such as the Senao, that it is possible to interfere with medical telemetry. So please, be careful what you point your antenna at, and use RMM; Radio Monitor Mode when applicable. Military aircraft and Facilities. "KC-I this is Blue Leader, we got two thirsty Tomcats here. And check the oil, will ya'. Just like in the movies. Aircraft refueling, the SAC, fighters on training missions, maybe even transmissions from those stratospheric tankers that criss-cross the sky with Chemtrails. Bob Kelty's books are an excellent source and are available at Ham Radio Outlet. Much military traffic is in the 200-300 MHz area, but virtually any frequencies might be used. Mobile Data Terminals, Law Enforcement Probably unlawful to monitor, and most definitely illegal to reveal any information you intercept. Someone posted MDT data on a web site. As the story goes, he was raided by the feds, his house and all electronic equipment confiscated. Some years ago, police MOTs used simple ASCII and with a 4 level decoder, it was easy to intercept their transmissions and display on the computer screen. Since then, many agencies have changed to a secure system, allegedly encrypted with the DES. While it is true that it is possible to derive a key for DES, it takes a specially built machine that costs a couple hundred thousand dollars. So, you aren't likely to do this with a fast Pentium. Mobile Data Terminals, Private Business The same laws apply as to revealing what you intercept. These terminals may be easier to 'crack' but I don't have current info on how it is done. The sounds, audio clips in .wav format are available from the publisher's new web site. MURS Multi-Use Radio Service Private two way short-distance voice, data, or image communications for personal or business. 151.820,151.880,151.940,154.570,154.600 National Guard Will vary from one location to another, but some frequencies are probably shared nationwide. A few you can try: 38.450, 148.175, 148.225, 148.450, 148.550, 148.545, 149.175, 150.200, 173.5375, 173.5875,395.100 Networks. State and nationwide common channels for law enforcement, firefighters and others If a police vehicle from one city visits another, or even a different state, they may be able to access the local radio station on CLEMARS, California Law Enforcement Mutual Radio System, or NALEMARS, the national equivalent. Now, some cities have gone to the trunked system, but they may, as does San Francisco, still maintain some of the UHF 'PIC' (Police Instant Communications) channels which include CLEMARS. Try 154.92 and 154.935 for CLEMARS and 460.025 for NALEMARS. Newsline The Ham radio news program. Stories about amateurs being involved in emergencies individually or through RACES; Radio Amateur Civil Emergency t Service or ARES, Amateur Radio Emergency Service and other newsworthy stories about ham operators. A list of repeaters that may still broadcast NewsLine is here http://www.amewsline.org/nlsurvey2000 /nlrepeaters.html NexTel Direct Connect NexTel has a simplex feature- direct from one radio to another. I have not verified this, but apparently is it ordinary FM and so is easy to monitor. One report is that Motorola incorporated FRS frequencies into the radios. If true, not a very god idea. Blacklistedl411 Volume 8 Issue 2 • Summer 2006 33 NOAA National Oceanic and Atmospheric Administration, the weather channe ls. 162.400,162.425,162.450,162.475,162.500,162.525,162.550 NORAD North American Air Defense Command. Check this site: http://www.abovetopsec ret.com/pages /mil_freq.htm I and Input Freq uencies ercial two way radio systems , including trunked, use repeaters. . ina police car, or the hand held radios they have, are too weak to reach other o.tthese radios transmit on an 'i nput' frequency (offset) that is picked up by at a much higher power. . , oudon' t want to listen to everything that is happening all over town, you just want to know if something is happening in your neighborhood. By programming these input frequencies into a separate bank, you can do just that. It works with the trunkedsystem, too! OnStar Supposedly uses cellular for voice communications. Interesting article : http://www.windley.com/archives/2003/0 1/ 16.shtml OSCAR Orbiting Satellite Carry ing Amateur Radio. Try 145.9738 . See also AMSAT at http://www .amsat.orglamsat-new/ind ex.php Also: http://science.nasa.gov/Reallime/jtrackiAmateur.html Pagers, Voice and text NOTE: Unlawful to monitor. Voice pagers seem to be disappearing, replaced by text messaging. Pagers are all over the spectrum; 30, 50, 150,454, and mostly around 929. Pirate Stations 'Micro-Broadcasting' Low Power stations legal and otherwise. Google has current information; these stations come and go frequently . Public Transportation Busses, trolleys and in San Francisco , cable cars. Often in the 470-480 MHz band. I RadioSonde Telemetry I Possibly 400 to 407 MHz as well as above 1 GHz. Railroads, freight trains, switch-yards, Amtrak Mostly VHF with some UHF and also data transmissions. Many web sites are devoted to railroads and monitoring. See the Blacklisted site for .wav files. Also interesting is a decoding program that could apparently be modified to read the modem police MOTs. Or so I hear. Receiver Local Oscillators One of the ways countermeasures experts were able to zero in on the listening post, once a surveillance transmitter, bug, was found, was to calculate the local oscillator frequency based on the bug frequency and IF. So if you are bugged, go find the spy using this technique . The LO from car radios can be detected by roadside sensors to determine what station the driver is listening to. Sneaky, no? 34 Volu me 8 Issue 2 - Summer 2006 Blacklisted I 411 Remot e Monit oring Sta tions Many frequencies, satellite phones, and HF, amateur bands for long range. An interesting site : http://www.dxworld.com/antarctic.html RTTY Radio Teletype. Mostly on HF, and require a decoder, of which there are several available. Satellite Teleph one Iridium and Globalstar among others. SCADA Supervisory control and data acquisition. Scientific Expediti ons Search & Rescu e, Priv at e Security gua rds; mobile patrols an d base stations. This can sometimes be very interesting! Such personne l do not usually have the training of sworn law enforcement officers, which includes being careful what is transmitted. In the 540 area but many agencies are moving to high UHF. Shopping Centers and Malls Space Shuttle, Voice Sometimes rebroadcast on the 2 meter ham band. Space Station According to National Communications magazine (www.nat-com .org) the International Space Station can sometimes be heard on 145.8, in the ham 2 meter band. Spy Stations Such as the enigmatic Spanish language 'numbers' stations on short-wave. More on this in Part Thr ee. Online Scanners . You live in South ElMonte and you want to know what is happening in Brooklyn ? Being able to listen to a radio via computer dates back to the mid-eighties when a local electronics store set up an RBBS with an operating scanner. (Anyone remember BBSs and 300 baud?)Itdidn't work too well much of the time but it was an innovation. And today, there are manv web sites that have online scanners that scan local police departments and other services. A Google 'searc h will find many listings, but a good way to get started is through one of the Web Rings . http://s.webring.com/hub?ring=onIinescanners Fascinating. Stock Car Racing Ever wonder what the drivers and pit crews are saying to each other? Here is a place to start: http://w8akr.dynip.com:8080/info.htm. I don't know if it is difficult to get a scann er into the stands. Another situation where the little credit card size Alinco is useful. Studio to Transmitter Links Microwave, or maybe the 450 - 451 MHz band the media uses for two way radios. Can get very interesting as reporters often blab stuff they perhaps should not. Surveillance Operations Federal agencies are likely to use 406 - 420 MHz, but any frequencies are possible. Local pol ice use their own regular comm frequencies, but with trunked systems, any of dozens of Ta lk Groups. Blacklisted I 411 Volume 8 Issue 2 - Summer 2006 35 Surveillance tran sm itt ers The chances of intercepting a real 'bug' are not good. But it could happen . It might be an inexpensive 'toy' that some kid hid in his schoo l, or a transmitter that was never intended for surveillance such as a baby monitor that might have a range of several blocks. Or: it might be a real spy transmitter. Bugs can transmit on virtually any frequency. The cheap 'S py Shop' types are likely to be on or slightly abovelbelow the commercial FM band. Others such as Cony may be around 144.050 or 300 MHz. An interesting trick used to hide bugs; prevent them from being found, is to transmit vel)' close to the audio portion (Which is FM) of TV stations. A good radio, preferably a communications receiver with good selectivity much make them readab le. Tax icabs a nd Lim os As a former driver and dispatcher while in college, I can tell you that listening to these cabbies can get interesting. Drivers fighting over fares (passengers) and now and then being ripped off or even robbed. Some companies have duplex radios; operate through a repeater, so you can hear the cabbies yacking back and forth. If you have a CAS system, you might hear the police investigating the incident. Interesting to hear both sides of the story! Telep hone compa ny maintenance I have always had more than a passing interest in telephones. Well once upon a time, many years ago, I believed that if I could find these 'secret' frequencies, I would be able to hear telco technicians tracing calls and maybe even talking about what they were hearing from the taps. Alas, no, I never heard anything 'fascinating'. Some old records list Bell Telephone Company maintenance on 151.9850, 152.6300,152.6600 and 152.7800. Television No, not TV programs. TV stations in a given area don't broadcast on all of the available channels, which leaves large (6 MHz wide) slice of the spectrum unused. At one time there were government agencies that took advantage of this and set up some of their radio system within these empty channels. Tune through them carefully and you might be surprised to find some action. Utilities Gas, electric maintenance trucks, supervisors, base stations Vehicle Tracking Bumper Beepers. Vending Machine Telemetry These are gizmos that send out a signal when the machine needs maintenance or refilling. They do not transmit anything when they take your money but fail to deliver the product you paid for. A good hard kick is appropriate. That, they might transmit. Check Vlink The Vlink Personal Voice-Link System is a walkie talkie for kids. Ch 1 916.875, Ch 2 915.8625, Ch 3 915.0000, Ch 4 914.0875 Ch 5 913.3375, Ch 6 912.0000, Ch 7 910.9125, Ch 8 910.2375 Ch 9 909.3375, Ch 10 908.5000, Ch II 907.6625, Ch 12 907.0000 Ch 13 906.3375, Ch 14 905.6625, Ch 15 904.5000, Ch 16 904.0000 Ch 17 903.4875, Ch 18 903.0000, Ch 19 902.5000 WeFax Weather fax. Check Google- mostly HF. Requires a decoder, available from Optoelectronics. Wildlife Animal tracking Try 150.000-152, 160.120-16L325, 164.000-165 and 173.000-174 MHz. Wireless Headsets On or around 300 MHz as the military listed above, and also cordless phone frequencies. A pub across the street from where I once lived used them, and during their Halloween party, I used a modified cordless phone and broadcasted them some interesting sound effects. Howling wolves, cackling witches and the like. Some were so interesting that the club manager patched them into the music system. It was a blast! Wireless Microphones Here is an interesting list: http://www.rentcom.comlwpapers/telex/telex3.html Wireless PA System input Mostly the same as wireless microphones, but remember, you never know what you might find where. What You Might Not Hear! Signals on the airwaves may take forms other than the ordinary speech. They may be encrypted analog, digital, encrypted digital, or data. Right- digital is not necessarily encrypted. Analog Scrambling Let's start with encrypted analog transmissions which use Frequency Inversion. This is a method of processing an audio signal-speech- by taking the frequencies above a certain point called the baseline and substituting them or converting them to low frequencies and vice versa. The frequencies are switched or 'inverted'. Low becomes high and high becomes low. This is one of the signals you may hear on cordless telephone frequencies or certain brands of Baby Monitors. What it sounds like A bit like Donald Duck with a sort of metallic twang or whine. You can tell that this is Human speech and sometimes you think you can make out a word here and there. It may be possible to reconstruct this type of signal back into clear speech using another Frequency Inversion scrambler if it is the same kind; if the baseline frequency is the same and many of them do use the same one. And, there are decoding programs available on the Internet that have an adjustable base frequency. Frequency Inversion, Variable Baseline Also called "Rolling-Code" this is a form of Frequency Inversion scrambling in which the baseline frequency is changed many times per second. When this system was new, it sounded much the same as ordinary frequency inversion but with a loud 'knock' sound about two times per second. I haven't found a wave sample of this but if you happen to hear it you will recognize it. Blacklisted! 411 Volume 8 Issue 2 - Summer 2006 37 Sophisticated software (Fast Fourier Series, I believe) and a powerful workstation or perhaps a super- computer may convert some such scrambled speech back to "clear". This depends upon how often it changes. Since then, several 'levels' of FI have been developed by Transcrypt International, as well as other speech encryption systems. Digital Transmissions The method of converting analog speech to digital in two way radio systems is not unlike that which is used in the digital CDs you play on your stereo. Sound feeds into the front end of a circuit that opens a 'window' for a specified length of time (microseconds) where it is 'sampled' or measured. The frequency that is in the window at the time is given a digital (binary) number. How long the window is open; the sampling rate, depends on the required frequency response. For music, the rate is much higher in order to be able to reproduce the entire range of hearing; 20 to 20,000 cycles. For two way radio, a bandwidth of 3000 cycles is sufficient so they have a 'splatter filter' that reduces or 'clips' the audio so it has a narrower bandwidth, and so the sampling rate is lower. To tum it back to sound, the process is reversed . An oversimplification but basically that's how it works. Unencrypted Digital This includes some cellular phones, NexTel and probably others. Digital speech sounds much like the background noise on your scanner; with the squelch open while tuned to an unused frequency. Enc rypted Digital There are several digital encryption methods used, some more complex than others, the difference being in how secure, they are. This is based upon the 'keyspace' or length of the 'password'. None of them - as far as I know - can be converted back to normal clear speech by us hobbyists with our Pentiums. One of the first methods used was the Data Encryption Standard; the DES, Developed by IBM years ago as ' Project Lucifer' . It used a keyspace of 56. The DES can be successfully attacked with a specially designed computer, such as the one developed by the Electronic Frontier Foundation several years ago. It cost them something like half a million dollars to build. Today, a group of hobbyists might be able to crack the DES as a joint effort, but for radio transm issions, I doubt it is being used much any more; New systems of encrypt ion are in use by federal agencies. DVP or Digital Voice Protection is one, the military Fascinator algorithm is another , but they are secure enough that they won't be defeated for many years to come, after which the information won't be of much use to anyone. Digital Scanners Uniden has several scanners that can monitor some digital transmissions, such as APCO 25, used in trunking systems. But as to other digital systems such as NexTel or cell phones, and the above, not that I have heard of. Data Transmissions So far this article has been about voice transmissions but a great deal of what is being broadcast over the airwaves is data. Transmitting data by radio has been used since at least the days of World War II when there was wireless teletype (RTTY), and weather maps and documents were sent by 'wirephoto'. And the strange sounding signals I mentioned that you can hear on the HF bands. In the VHF and UHF bands you will hear many data signals. Pagers such as Flex, ReFlex and Pocsag, Mobitex data terminals, police Mobile Data Terminals, Ardis, and others. Now some of these signals are not encrypted. They may use a proprietary system but some of them use plain old ASCII . Some years ago it was possible to decode police MDTs in some areas, because they used plain ASCII, but most of them have switched to a new system and I have no details on how it works. NEAR FIELD Monitoring This is similar to listening to input frequencies, except that there are none to program in, no banks to scan. A nearfield radio sweeps through a wide range of frequencies and locks on to the strongest signal it hears. 38 Volume 8 Issue 2 • Summer 2006 Blacklisted I 411 I started with the Optoelectronics Scout. I hear a 'beep'. It says 489.785 which I quickly punch into the ICOM R-8500, and I hear a firefighter being advised by the dispatcher that it is a false alarm, return to the Company. I look out the west window and see the ladder truck in the middle of the street, half a block away, getting ready to back into the garage. They hadn't even turned on the siren yet. A few minutes later, it beeps again, and I punch in the numbers I see on the automatically backlighted display and hear a ham operator on 440. He is from New York, is coming off the Bayshore Freeway (US 10I) and is asking if anyone is around to give him directions. I decide it is time for a break, grab my U-I6 and go out on the street to assist him in finding the Hyatt at Embarcadero Center. He waves as he goes by and we decide to get together for an eyeball and some coffee after he is settled in. Beep: A cab driver picking up at a bar down the street. Beep: San Francisco Police are calling in a license number. The Scout is an excellent product, but it does not demodulate the signal; it only beeps when it picks up something. But it can be interfaced to some scanners using something called Reaction Tuning. See the Opto site for details. Now, the Xplorer, also from Opto, does have audio. And as well as displaying the frequency it has locked to, it also has a bar graph for signal strength and can decode DTMF, 'Touch-Tones' ™ The Xplorer was, far as I know, the first radio of its kind, and while the one I have is very old, and subject to near constant intermod from powerful paging stations, a newer model is now avai lable that gives the operator more control over what is received. And, Opto also has filters to restrict what is received. Understanding wavelength and frequency Frequency refers to the number of complete cycles of an alternating or time varying current in one second. Cycles, or Hertz per second. This is easier to understand by seeing a sine wave on an oscilloscope display. The current flow starts at the horizontal line or 'baseline ' and increases to the top of the curve, known as the peak. The current then reverses direction, flowing the other way, to the bottom of the curve, the negative peak. The measurement from the very top to the very bottom is known, logically, as peak-to-peak, usually just called PTP or 'peak'. This, then, is one cycle. A pure signal such as Morse code transmissions, known as a carrier, would look like our sine wave here, but an AM or FM signal would be much more complicated because of the sound that is superimposed upon this carrier. Wavelength refers to the actual physical length of a radio wave, referred to meters. Near the low end of the spectrum is AM radio which is about 550 megacycles, and here the frequency and wavelength are close to the same. Up the spectrum are international shortwave stations at 80, 40 (7 MHz) , 31, 20, 19, 15,6 (50 MHz) and 2 (\44 MHz) meter bands. To convert one to the other: Wavelength in meters divided into 300 yields the frequency in megahertz. A few examples: 100 meters into 300 equals 3; that is 3 MHz. 500 meters into 300 equals 0.6 MHz, or 600 KHz; the low end of the commercial AM broadcast band. 2 meters into 300 equals 150 MHz, and etc. An online converter is here: http://online.unitconverterpro.comlunit-conversionlconvert-alphalfrequency-wavelength.html Intermod There is a transmitter operating on 200 MHz and another at 300 MHz. Both are physically close together. So, out in space, the two signals 'meet' and combine which results in additional frequencies. Add 200 to 300 and you get a weak signal at 500. Subtract 200 from 300 and get another at 100 MHz. Additional signals are generated at the sum and differences of all the others; 500 plus 100, 500 minus 100 and etc. This results in dozens of these generated frequencies. Fortunately most of them are very weak but some, the first 'series' of 500 and 100 MHz are strong enough to interfere with reception of totally different frequencies. A good example, are commercial paging systems. They have a higher output, stronger signal than most other services; a pager might use 1000 watts where a police repeater uses only 100. So the signals from the paging transmitters mix with many other signals and the result is that they can be heard in many different parts of the spectrum. Dual conversion receivers help control this, but can not eliminate it completely, and with nearfield scanning, they become a serious problem . The Trunked Radio System I will use the San Francisco Police Department as an example here. Other systems may be different. Before the trunked system went into effect a few years ago, they used conventional UHF on the 460 MHz band referred to PIC (Police Instant Communications) with which there were reception problems in certain areas. PIC consisted of about 14 frequencies, of which several were infrequently or rarely used, so most traffic was over only PIC 1,2,3,4 and 6. The new trunked system eliminated these problems almost completely; I talked to several SF cops, all of whom like it much better than PIC. Once they got used to it: 40 Volume 8 Issue 2 • Summer 2006 Blacklisted I 411 How it works. The system consists of 21 or so individual frequencies which are shared by various services including police, county sheriff, parking and traffic, Department of Public Works (the people who blast you awake at 7 AM with a chorus ofjackhammers) Animal Control, and others. When someone on the system keys their radio, the computer picks up the signal and assigns it to the first available, unused, frequency. Regardless of what service it is; police or dogcatcher. When the transmission ends, after a short delay, the frequency is clear and will be placed back in the "pool" waiting to be used by the next service that transmits. Now, to avoid the possibility that when a police officer has an emergency situation and needs to call the dispatcher and not end up talking to the dogcatcher, the system has a number of 'channels' called Talk Groups. When a radio is set to a particular TG, it hears (and transmits) only to other radios that are tuned to, operating on, that TG. Regardless of the frequency being used. Now, again using San Francisco as an example, the police have radios, Motorola, that can operate on any of three sets of TGs, with each set having 16 TGs. There are two rotary switches, the first labeled for the set, A, B, C, and the second numbered from I to 16. Total of 48 TGs. All 16 of the A TGs are used and are assigned to particular areas of the city or for special events. So if you want to monitor the police, you have to select the TGs for your area plus some of those used for special events As of this writing, none of the C TGs are in use and many of the B TGs are used only under special situations. One of them is to track bank robbers using the RAT system. And the raid on a suspected crack house I heard. That was interesting. Especially what I could hear in the background! Remember background sounds while monitoring. The trunked system provides a great deal of privacy that the old PIC system did not. With at least the 32 talk groups to choose from, they can quickly select one that normally isn't used much ifat all.. So, this makes it difficult for the bad guys to stay on top of what the cops are doing - they can switch to any of the 48 TG as they wish - while still making it possible for we scannists with trunking radios to know what is going on in our neighborhoods, and to be able to call in the '20' of a bad guy we happen to spot. It doesn't happen that often but one I remember was for a 211-221; a guy with a gun who car- jacked; yanked a woman out of her vehicle at a red light and stole it. I got a call from the watch commander thanking me for being an "alert citizen". Using the right trunked TGs makes it possible to stay on top of what is happening in your neighborhood. IJlll61~ JlllNII)UI..ll'I'1C)N 11)1~N'I'II~I~ll'I'IC)N Keyed by: primate Inspiration I was inspired to write this by StankDawg from his article in BL411 V81l named : "The Art of Electronic Dedu ction" . It was a great article, one which I belie ve if he had the time and some help could expand into a larger publication which would include his lessons in metad ata and digital forensi cs. His article sure was a good indepth look at basic foot printing applic ations for images and small bits of visual infonnation. I understand what he is saying , and will help elaborate with some of my own ideas on image manipulation and identification. Stank, write up some more? I am sure BL4 I 1 would love a sequel as well as the readers. Intra There is a big deal goi ng on about digital photography and image manipulation. Especially with the media altering images and publishin g them as such. Many pictures flood the internet and media everyday, constantly being created with Adobe Photoshop or the free, open sourc e software known as the Gimp . It is so easy, anyone can do it. All one must do is to read the free online manuals, of which there are many . I myself have created images so life like, you would think it is real. Want some blood in the picture ? How about we get rid of those freckles and that glare? Let's add some piercings and tattoo s. The possibilities are endle ss. Your imag ination is the only firew all toward artistic creation. Digital photo manipulation is not photography . The first stage , tak ing the picture is photography in the purest sense, but then photo manipulation goes off into the deeper realm s of art. I mean not to say that photography is not an art in itself, but when you take it to the next level and actually paint on and around your picture, that my friend is even more artistic and creative. This then makes for a less real picture though, which is the pred icament here. What do we do when we can not tell the difference if something is real or not? What do we do when a pictu re or now even video is submitted for evidence into the court room? This is the digital age and digita l media can be hacke d. It can no longer be automatica lly acce pted as trut h. Images, video , and audio are all data types that we can no longer trust with just our sense of sight. We must use intuition and deductio n, never seeing and be lieving automa tica lly. For if we were to do so, we would create a very unhol y, unreal reality for ourselves . This is what med ia has been since its invention, manipulation , not of only human language but now images and sound. You may now refer to your Orwell ien dictionary for the double speek of 'manipulation '. (fyou were to be framed in the court room and you are the defendant , let's say, you are going to want to get a computer programmer to take a look at the pictures integr ity. They will be able to pretty much tell automatically by looking at the code and/or the pixels of the image itself if it is real, manipulated or not. Then you will be able to throw the evidence out of court or defend it to the best of your ability and truthfulness, that is, if you really are innocent. It can go the other way too, and you can create your own evidence that the prosecuters will probably not be too happy about and have to test for integrity as well. A predicament like this reminds me of cases in court history from the 1800's and back where either of the two parties would create forged and adulterated documents making claims which backup their word as evidence. This was done simply because it was easy and no one could tell the difference, like now. Using technology to manipulate data is liken to forging documents in the 1800's, and this is the dichotomy of the digital era as it was in the past. This digital era will not end and will always evolve as long as we humans are here and kickin'. You need to keep your eyes open and use your innate human abilities of intuition and deduction! Look at ads, newspapers, billboards, cards, signs, posters, books, magazines, and especially the internet. Rip them apart with your mind, believe nothing and keep your mind open. You will see. Electronic Deduction Well, Stank said it good, "Your powers of intuition and deduction should be something that you always have turned on. Think of it as the hacker's version of "spidey-sense", As the type of people who question everything and believe nothing until we have confirmed it with our own eyes, analytical skills playa huge part in most hacker's personalities. When you see anything on the internet, or anywhere else for that matter, it should always be studied and questioned." That is totally right. Think for yourself, question authority. Our powers of intuition and deduction are very powerful indeed. Most normal people of normal level intelligence use but a fraction of this power because they know not of it or are simply lazy due to being preprogrammed by culture. We hackers are by nature self meta-programmers and can reprogram ourselves because we realize the actual programmability of the human brain. Ok fellow hackers, let us tum on our powers always. Never blink, eyes wide open, take it all in. I do not think that myself elaborating past Stanks "Art of Electronic Deduction" is necessary, for his article is expandable to all aspects of foot printing not only screenshots and small pictures, but any other type of visual information which one can gather. I do think however that he could himself elaborate more on metadata and forensics, since not all of us have this knowledge. We do not need anymore visual foot printing examples, so let's learn how to identify those pesky manipulated photos... Manipulation Identification It is so easy when your brain has been trained, just look at the pixels in different resolutions. You will want to copy the image from where ever you can and open it with Photoshop or Gimp. Your not going to look at the image's code, believe is or not, you will be looking at the actual image and this is where your brain comes in, use it. Looking for fakes can not only be done on your computer with the software that probably created it, but also in print and other visual media; as long as you can get close to it or use a magnifying glass. Zooming for Pixel Patterns In either program you can zoom in and out. ( suggest zooming all of the way out and then in to the suspected areas, again and again. Zoom in and out fast and slow too, record the whole image at every possible resolution in your brain. (fyou don't pick up on it being a fake by the time you are finished copying it in your head, it might just be real. (fyou find faults or questionable pixels, look harder. PS and Gimp both have loads of different brushes and I believe you can make your own custom brushes too. Take a look at them, do you see any of their patterns in questionable areas? If you spot a pattern in any of the pixels, whether it be a brush or not, that is a dead give away to photo manipulation. Check the Color Codes If the image is black and white, it will be more difficult to tell ifit was manipulated. Good luck there, it's tuff to tell because of the natural flatness ofB+W. It is easy to mix and manipulate black pixels together. Yet in color, you can catch a fake easily. Zooming into the pixels and comparing visually their colon; to each other through out the whole picture is one of two techs you can do. The other is to use the "eye dropper" tool in PS or Gimp. Click individual pixels and look at their color codes, compare the codes instead of just the colon; to each other. Look for patten; and irregularities. Real photos have a smooth realness to them in color and tone, manipulated photos obviously do not and if anything are pixelated at those questionable spots when zoomed onto. Remember, if the photo you are looking at is doctored, the person whom did it inevitably left tracks of their doing. Spot them at high resolutions. Double Doc and Reverse Psych Sometimes we can't get a copy of the original fake photo, if that isn't an oxymoron. And sometimes they are double doctored, where someone takes an already manipulated photo and either adds their own crap or tries to use reverse psychology to trick your brain into believing what you can't see. Imagine someone wants to release and get credit for a picture like the faked tourist on top of the WTC building before impact. (fthey were smart, they would have create a diversion or purposely placed manipulation, like people jumping, or in windows. Look for anything to coax your mind which is obvious and would be picked out before the main manipulation (the standing person themselt). The main idea is to not stop at the first manipulation you find, keep looking. Use what you previously learned in electronic foot printing deduction. Good luck! Shouts to: StankDawg for a great concept, elwood the arcitect from europe, and mrprva77 who told me to RTFM. Blacklistedl411 Volume 8 Issue 2 - Summer 2006 43 The Care and Feeding of Your Amiga 3000 A well balanced diet for your Amiga will keep it strong! By MobbyG My first Amiga was an ASOO model with only 512K ram. After some updates and tweaks. that ASOO ran like a champ for many years and served me well! After some technical mishaps I had to get rid of ~ and upgraded to a PC machine. But I missed my Amiga days and soon decided to get a new Amiga . While trolling around in the news groups and on the web, I found someone in Massachusetts that sold Amigas second hand and had an A3000. I always wanted a higher end Amiga . So I emailed him and sent him $300 and wham I I had a stock Amiga 3000 desktop at my house in a few days . Now since ~ was almost 10 years old when I got my A3000, the man, Darius, sent me a few tips on how to keep my A3000 in top form . Some of which I have also found online, and I want to share with you should you come across an A3000 and want to bring it back up to top form! One of the first things to do, is open up the A3000 and check the battery on the motherboard! This is a NiCad 3.6v, 60mAH battery , that is soldered to the motherboard between the Paula Audio I/O and the Denise Enhanced 1280 hires chips, which are next to the system expansion bus on the motherboard. If you're looking at the rnobo from the front it would be on Ihe left hand side, and look like a small barrel, usually red, blue or green . These batteries are known to leak acid when they get older. The acid will leak down and also corrode the copper traces on your motherboard and that can lead to much more nasty things, such as your A3000 not working anymorel So care should be taken to inspect the battery and remove/replace it as soon as you canl I would suggest, replacing it even if the person you got it from says it's new. Jusl to be safe . Replacement batteries are not hard to find. A quick search online and you can find a few stores that carry them. Your local electronics store should, or if your in a pinch, try "Cell" Shack ...er..Radio Shack. They may have some in the back or can order ~ for you, but you may pay more then you would fiM an independent place, or try one of the advertisers here in this fine mag. I have read of people trying to use cordless phone batteries , but you do that af your own risk . I recommend getting a proper replacement. Removing the battery shouldn't be too difficult , Simply snip the 3 legs that hold ~ to the mobo ~ it's already leaking . You can later desolder the pegs in the holes for installation of the replacement later when you get one. To desolder it you do need to remove the motherboard from the case , and there are a lot of screws so, get a dixie cup or something to put those screws in to keep them from spilling all over the rug and dissapearing , untill your wife or girlfriend vacums the rug. After replacing the battery, bootup and let ~ run for a few hours to charge up the battery. Then shutdown and reboot to check and see ~ the battery is helping to power the RAM keeping the settings in place as well as the clock on time . Now what ~ the motherboard already has some of the acid on it? Well, clean ~ of course! Battery acid cleaning kits or some simple kitchen chemistry to whip up something to neutralize the acid and clean ~ up. Take special care or small traces and leads from componets near the battery terminal, not not break them. Once the battery is taken care of, another trouble spot is usually the LEOs on the front. They are on a small thin board which are prone to breaking. I should know, I broke minel Since breaking the board means breaking the trace to the LEOs, I simply took a small piece of wire from an old transistor radio that died and ran a jumper . Quick and easy . Next thing is to check your Kickstart ROMS . This requires removing the power supply and floppy drive as well as the hard drive if ~ came with one. Get a separate Dixie cup and put those screws in there 10keep them safe. You'll find the ROMS just to the left of the keyboard and mouse~oystick ports. Make sure they are seated properly in the sockets . The A3000 had some heat issues and I have seen this cause the chips to "POP" out. Just simply give them a little push to make sure they are in all the way. If your particualr motherboard rev is the kind with the ROMS soldered down. then you can skip that part. The A3OO0 came with v2.04 of the Kickstart . But 3.1 Roms are still regularly avaialble through Amiga dealers online and can be found on eBay as well. I suggest upgrading to 3.1 if you get an A3000 with the stock 2.04. Simply for the benefits, plus being able to upgrade the OS to 3.9. From there we check the FAST RAM. There were 2 kinds that could be used on the A3000 . ZIP and DIP. Sounds like a british comedy group I know , but that is what they were called . Now all of my experience was with ZIP ram, which basiclly are small chips, with tines like "tinfoil" . Well they seemed like that to me. Bent every easily and could snap off with little or no problem . But nowadays, these are pretty cheap and you can beef up your ram quickly. Check your favorite Amiga dealer for availabil~ and pricing . There was also a device that would sit in the ZIP slots and allow you to install SIMM memory modules . Never used this, so check with your dealer once again for info on how well these work. But, you want to check that the ZIP chips are insterted and not bent over or anything, or any have broken tines on them. If they do. a pair of needle nose pliers will get the job done for removing broken ones from slots or giving you the a little more control on straightening the tines. The ZIP ram sockets can be found on the far right of the motherboard, just below the keyboard jack . All these things together , when done, will make sure you have many more years of happy times with your Class ic Amiga 3000. If you want info on what hardware and specs of the Amiga 3000, please visit the Big Book of Amiga Hardware at http:// www.amiga -hardwaro.com . 44 Volume 8 Issue 2 ..Summer 2006 Blacklisted! 411 A Source List for New England Technological Enthusiasts, and Other Like-Minded Individuals by Tom from New England Nothing beats going on a road trip in a random direction to see what interesting places are out there, especially if you are a technological enthusiast. The best is when you come across some out-of-the-way army/navy , electronic , or bookstore that you can rummage though looking for neat stuff to buy for your place. I compiled this list of places for the benefit of technological enthusiasts living in or visiting the New England area, along with comments about particular establishments that stand out. Of course no list like this is ever complete, and in particular I have not been in upstate New York, Northem Vermont and New Hampshire, or Maine recently to check out places that might be up there. If you happen to know of a place that is not on this list, please send the information to Blacklisted! 411. Army/Navy Stores Military surplus type Army/Navy stores have gotten more rare in recent years as the government isn't surplusing out as much as it used to, and the rush of stuff that came from overseas in the late 1980s and early 1990s is slowing down. There are a number of mail order and Internet outlets where you can buy military surplus , but I prefer to support local businesses as much as possible. I also like to examine stuff before I make a purchase; going though bins of surplus gear looking for the one that's in the best shape. Amherst Drop Zone Payne Plaza 227 Russell St. 456 Payne Rd. Hadley, MA 01035 Scarborough , ME 04074 413-585-5800 207-885-0680 Army Barracks 1053 D Riverdale Street http://www.armybarracks.com/ W. Springfield , MA 01090 413-733-8300 361 S.Broadway Salem NH 03079 Battle Zone 603-893-4864 371 Boston Post Rd Orange , CT 06477 328 Newbury Street 203-795-8387 Boston, MA 02115 617-437-1657 Bill's Military Surplus 81 Whiting St. 234 Essex Street Plainville, CT 06062 Salem, MA 01970 (860) 410-0700 978-825-1201 A lot of reasonably priced foreign military surplus . 257 Main Street Northampton , MA 01060 The Duffle Bag 413-585-9330 21 Front St. Patterson , NY 12563 Route 16 845-878-7106 347 White Mountain Highway http://www.thedufflebaginc.coml Conway, NH 03818 The first Army/Navy store I visited , back in the 603-447-6323 early 1980s when it was ''The Militaria Mart" in Brewster , NY. Blacklistedl411 Volume 8 Issue 2 - Summer 2006 45 Jamrozys War Relics State Highway 28 MiiSurp (and Air Guns) Arkville, NY 12406 Route 7 845-586-2265 Pownal , VT Joey's Army/Navy Store Military Specialities 20 Depot St. 2543 Berlin Tpke . Watertown, CT 06795 Newington, CT 06111 860-274 -3278 860-666-4275 Maine Military Supply Thames Army Surplus http://www.mainemilitary.com 241 Thames St. Groton, CT 06340 735 Wilson Street 860-445-4902 Brewer, ME 04412 A wide and eclectic variety of military surplus 207-989-6783 and collectibles. 80 Moosehead Trail Newport, ME 04953 (207) 368-5460 " Computer/Electronic/Industrial Surplus You never know what type of interesting tech stuff you might find at these places . Generally speaking , I've had better luck overall at P&T Surplus . P&T Surplus 198 Abeel Street Kingston, N.Y. 12401 845-338-6191 A little out of the way, but usually worth the trip. Pratt & Whitney Surplus 400 Main St # 1 East Hartford, CT 06118 860-565-6850 Book Stores The BookBam 41 West Main Street Niantic, Connecticut 06357 860-739-5715 http://www.bookbarnniantic.com/ Probably the best bookstore in Connecticut. Toadstool Books The Colony Mill Marketplace Keene , NH 03431 603-352-8815 http://www.toadbooks.com/ Another favorite bookstore of mine . While you're at The Colony Mill Marketplace, go have something to east and drink at Elm City Brewing Co. Eclectic 46 Volume 8 Issue 2 - Summer 2006 Blacklistedl411 Trash American Style 12 Mill Plain Rd. Danbury, CT 06811 203-792-1630 http://www.trashamericanstyle.com/ 'Vinyl records, CD's, cassettes, videos, books, clothes, body jewelry, posters, patches, pins, hair dye, rings, knick knacks, geegaws, bricabrac , etc etc etc. New and used. WE ARE NOT A HEAD SHOP!" I've been going here since the early 1990s when my friend Marcus told me about it. This was one of a handful of places that sold Cybertek . Electronic Supplies/Parts Cables & Connectors 2307 Berlin Turnpike Newington, CT 06111 860-665-9904 http://www.cablesandconnectors.com/ "You-do-it" Electronics Center 40 Franklin Street Needham, MA 02494 781-449-1005 http://www.youdoitelectronics.com/ Radio Communications (ham, CB, scanner) Dealers Ham Radio Outlet 224 N Broadway, Suite 012 Salem NH 03079 603-898-3750 http://www.hamradio.com/ J&S Radio Sales 1147 Main Street Willimantic, CT 06226 860-456-2667 Lentini Communications 21 Garfield St. Newington, CT 06111 860-666-6227 http://www.lentinicomm.com/ Rogus Electronics 250 Meriden - Waterbury Tpk. Southington, CT 06489 Rogus deals exclusively in used radio gear, and has an eclectic stock of used electronics equipment. If I'm looking for something odd or somewhat unusual, I visit here and he often has it. New England Area Ham - Electronic Flea Market Calendar http://web.mit.edu/w1gsl/Publiclne-fleas The definitive list of ham/electronic fleas for New England. WWW.BLACKLISTED411.NET Blacklistedl411 Volume 8 Issue 2 - Summer 2006 47 by UnicOder unicoder@blacklisted411.net Maybe some of you guys still remember my article about Motorola phone modding in the Summer 05 issue of Blacklisted!411. At that time the Motorola Razr V3 was the "latest and greatest", and everybody wanted to own one (okay, not everybody, but lots of people ;-) ). This year we have a very similar situation, but this time in the area of Smartphones. Since the introduction of Microsofts Push E-Mail technology in the AKU2 service pack of Windows Mobile 5 and the introduction of the highly anticipated QWERTY Smartphone Motorola Q Windows Mobile Smartphones have become the ultimate tool for both businessmen and technology enthusiasts. But seriously, What would a phone be without some nice little hacks? Yep, just a phone, not a "smart phone". ;-) That's Why I am here today to present you "The Top Ten Tweaks for Windows Mobile Smartphone" that will help you to make your kickin' Windows Mobile Smartphone even better. Fasten your seatbelts, start your phones and let the hacking begin .•. Attentionl Please note that it absolutely makes sense to write down all original settings before you do any registry changes so that you can go back to your original registry values if something does not work in a way you want it to. Please do also keep in mind that some of the tweaks (like overclocking your phone) will void your warranty and that I and the Blacklisted!411 magazine are not responsible for any data 1055 or damage to your phone that you might cause by applying one of the following tweaks . All modifications are done at your own risk. 1. Application unlock (decertify) your phone This is what one forum poster at MoDaCo [1] called "the mother of all tweaks" and it really is, because an application unlocked phone is a precondition for many tweaks featured in this article. But before I tell you how you can easily decertify your phone you probably want to know what the so called Application lock is: What is the Application Lock and why does It make sense to disable it? The Application Lock is a security feature of Windows Mobile that places significant restrictions on the APls that can be called by software. Programs that have not been signed and approved by authorities trusted by Microsoft are simply not allowed to access certain somewhat "security critical" APls . This makes sense because that way possible phone viruses or hazardous programs cannot call premium-rate numbers on their own or delete important system files. And don't forget: Microsoft and the greedy certification authorities earn lots of money by selling these certificates as part of their Mobile2Market program. That's why most Windows Mobile Smartphones are shipped with certificate security enabled by default. The bad thing about this situation is that certification is simply not an option for most hobbyist or open source software developers as it is a long and costly process. Therefore most programs in the Windows Mobile world are not signed and require the application unlock tweak that enables full access to all APls and registry entries for unsigned programs. 48 Volume 8 Issue 2 - Summer 2006 Blacklisted I 411 So let's disable the friggin application lock ••. To decertify your phone the first thing you have to do is to install a certified registry editor. Pretty ironic, right? I recommend RegEditSTG (5), a modified version of the free PHM registry editor that was signed by the Windows Mobile device manufacturer HTC to help them with their ROM development. If the download link [5} does not work for you simply google for "RegEditSTG" and you will have no problems to find an alternative download location. ;-) After you have downloaded RegEditSTG the application unlock process can Ultimately start: 1. Simply put the · .zip file with RegEditSTG.exe in it with ActiveSync into a folder on your phone (but not onto the memory card). 2. Unzip the file with the · .zip program that comes with your phone. 3. Start RegEditSTG and change the following Registry Keys: HKEY_LOCAL_MACHINE\Security\Policies\Policies\00001001 --+ Change the value data from "2" to "1" HKEY_LOCAL_MACHINE\Security\Policies\Policies\00001005 --+ Change the value data from "16" to "40" HKEY_LOCAL_MACHINE\Security\Policies\Policies\00001017 --+ Change the value data from "128" to "144" HKEY_LOCAL_MACHINE \Security\Policies\Policies --+ Add a new DWORD value "0000101b" and set the value data to "1" 4. After you have done all these steps close the registry editor and reboot your phone. That's it, Your phone is now totally application unlocked. J Note: I know that the application lock is a security feature that makes sense when ~ comes to hazardous software. But as far as I know there are no viruses for Windows Mobile "in the wild" (at least at the moment) and as long as you don't install any cracked software on your phone you don't have to worry about anything. ;-) 2. Ove rclock the processor with OmapClock (for all phones with a TI OMAP processor) You think that you're cool with your super-hyper-mega and whatnot else overclocked PC? Forget about it, you are not, because overclocking phones is the new big thing for the real freaks. ;-) And the good news is: You don't even need a soldering iron, a good set of screwdrivers or a master's degree in Computer Science to make your phone faster. All you need is a Windows Mobile Smartphone with a Texas Instruments OMAP processor (about 80% of all Windows Smartphones have one in them) and the little freeware utility OmapClock 0.2 [6}. As you can see in Fig 2.1 OmapClock 0.2 has a really simple user interface: Just select the clock r ate you want your phone to run at and press "Action". That's it. If you don't like the GUI you can also control OmapClock via command line arguments (Tab 2.1). To create and edit shortcuts so that they can contain command line arguments I recommend the free Total Commander [7}. J - c l o c k Sets the clock rate of the processor in Mhz - c onf i rm Require acknowledgement to change the frequency -la u n c h Launch a program - re s t ore Restore the origi na l c lock rate after the termi nation of the program launched with " -l aun c h " Tab 2.1: Command line arguments for OmapClock 0.2 Here are some examples for shortcuts with command line arguments: "\Program Files\OmapClock\OmapClock.exe" -clock 220 "\Program Files\OmapClock\OmapClock.exe" -clock 235 -confirm "\Program Files\OmapClock\OmapClock.exe" -clock 235 -launch "\Program Files\TCPMP\player.exe" - restore Blacklistedl411 Volume 8 Issue 2 - Summer 2006 9 Note: Most phones processors can run up to 20% faster then specified. Keep in mind that going above these 20% may seriously damage your phone. ! Average Speed Select 1 MI ~ ~ I 240 9272 1 Video Frames 7074558 •. Audio Sampl s 1.• ·· e 10669KB •• Amountof Data Current clock: 180 MHz , Bench. Time 3:29.686 i Bench.lime Bench. Frame Rate 44.22 "B ench. Frame Rate B . Sample R ench ate 3373S i Bench, Sample Rate B . DataRate ench 417kbif/s i Bench. Data Rate Originallime 5:09.066 Orginal F i rame Rate 30.00 Original Sample Rate 22050 O ' inaI Fig 2,1 (left): The user interf ace of OmapClock 0.2 Fig 2.2 (m iddle): TCPMP /8/ Benchmark running with the default 180Mhz ofmy phone Fig 2.3 (right): The same benchmark with 240Mhz. Can you see the massive performance increase? 3. Use the Smartphone as Mass Storage Device (Windows Mobile 5 only) Another freeware application that you don't want to miss once you had it on your Windows Mobile Smartphone is WM5torage [9]. This clever program allows you to export the flash memory card inside your Smartphone as USB Mass Storage Device - effectively turning your Smartphone into a flash card reader (Fig 3.1, Fig 3.2). You always had your USB Pendrive with you? Throw it into the trash can! Now you have your phone with WM5torage. ;-) Status: Inactive 1 Read-Only I 0 [i;iiJ RemovableClass LE I Vibrators Ds Read: § ] Write: § ] Version 1.53 (c) 2006 byIgorV. Bozhko Fig 3.1 (left) : WM5torage in action Fig 3.2 (right): Access your storage card without ActiveSyncjust like a normal USB Pendri ve 4. Store the Temporary Internet Files on your Storage Card This tweak is my personal favorite as my phone (i-mate SP5) has built-in WiFi which makes web surfing on the phone very comfortable and useful. The only huge problem with the SP5 and most other Windows Mobile Smartphones is that they offer only a very limited amount of internal storage resulting in annoying "low storage" popup messages when the free storage space gets close to zero. Unfortunately the built-ln Internet Explorer stores all Temporary Internet Files into the precious internal memory of the phone and does not allow to set a cache limit for them or to move them to the storage card where probably more free space is available. As you may guess this is a very unfortunate situation as today's websites are often several megabytes big. You can literally see how your internal memory is eaten up by the Temporary Internet Files within seconds. let's put an end to this and let a little registry tweak rescue the situation: To move your Temporary Internet Files to the Storage Card ... 1. Start Internet Explorer (on your phone ;-) ), go to "Options -+ Memory" and clear the Temporary Internet Files. (Fig 4. 1) That way you make sure that nothing is left back in your internal memory. 2. Start your registry editor and navigate to the key HKEY_CURRENT_USERISoftware\ Microsoft IWindowslCurrentVersionlExplorerlshel1FolderslCache. 3. Replace the original value of Cache with "IStorage CardlTemporary Intemet Files". 4. Close the registry editor and reboot the phone. The directory for the Temporary Internet Files will be created on the Storage Card next time you surf the web. (Fig 4.2, Fig 4.3) Fig 4.1 (left): Don't forget to clear the Temp Files bef ore you do the registry tweak Fig 4.2 (middle): Visiting www.blackli..ted41I .netimmediately after the tweak Fig 4.3 (right): As you can see the Temporary Internet Files are now on the Storage Card 5. Enable Page Up Page Down in Intern et Explorer Another must-have registry tweak for Internet Explorer is the "Page Up Page Down" hack that allows you to map functions like "page up" or "page down" to the number keys of your phone. I think I don't have to explain how useful this is, so let's start off with the tweak without any further delay: 1. First start your preferred registry editor and navigate to HKEY_LOCAL_MACHI NE\ So f t war e \ Mi c r oso f t \I n t er net Exp lorer. 2. If the entry is not already there" create a new key with the name "KeyMaps ". 3. For "page up" and "page down" create the following two DWORD values under KeyMaps: Add a new DWORD value "50" and set the value data to "1" (this will set key "2" to page up) Add a new DWORD value "56" and set the value data to "2" (this will set key "8", to page down) 4. But that's not all you can tweak here. You can also set a couple of other functions (Tab 5.1) to any number key you like (Tab 5.2). For example adding a new DWORD value "53" with the value data "12" will give you the ability to activate full screen mode in Internet Explorer when you press the number key 5 on your phone. 5. Last but not least close the registry editor, restart the phone and test the new key mapping. ~nction Value Data Page Up 1 Page Down 2 trop 3 1B0ttom 4 Left 5 lRight 6 1H0rizon ta l Top 7 1H0r izonta l Down 8 Defa ult La yout 9 Des kt op Layout 10 pne Colum n Lay out 11 Ful l Screen Toggle 12 Sho w Picture s Toggle 13 Tab 5.1: Functions corresponding to Value Data Tab 5.2: Keys and corresponding Keycode (DWORD) values "Note: If you are using the latest Windows Mobile 5 version with AKU2 update you may notice that page up and page down are already set to the number keys 2 und 8 by default. Good to know that ' Microsoft has realized that this is a really important tweak. ;-) 6. Turn off the Message Sent Notification for SMS If you regularly send SMS messages you are perhaps annoyed by the "Message Sent" notification that pops up every time after a SMS was successfully sent. As Microsoft has not built a control into the as that allows one to deactivate these notifications the cure for the disease is again ... hard to believe ... a registry tweak. ;-) To deactivate the message sent notification ... 1. Start your registry editor, navigate to HKEY LOCAL MACHINE\Software\Microsoft\Inbox and create a new key with the name "Settings". - 2. After that create a new String Value with the name "SMSNoS entMs g" under Settings and give it the value "1". 3. Close the registry editor, reboot the phone and you will see: No more annoying SMS sent notifications. J 7. Change your Operator Name On a lot of Homescreens, including the default one that comes with Windows Mobile, you can see your Operator Name displayed whenever you are logged into your cellular network (Fig 7.1). This fun tweak allows you to change this text (e.g. "T-Mobile A") to anything you want, like "Hack The System" (Fig 7.3). To change your Operator Name ... 1. Start your favorite registry editor and navigate yourself to HKEY LOCAL MACHINE\S oftwa re \M icro s o ft \ RIL \ Ope r a t orName s (this is where the alternative operator names are held). 2. Then create a new value of type String. The name of this value needs to correspond to the operators number" of your cellular network (in case of T·Mobile Austria this is 23203). 3. The text you set for the value data of the newly created value will be your new operator name. (Fig 7.2) 4. Close the registry editor, reboot the phone and enjoy your new operator name. (Fig 7.3) J "Note: If you don't know your operators number I suggest googling for it or asking your network operator. Fig 7.1 (left): My Homescreen before the tweak; Operator Name is "T-Mobile A" Fig 7.1 (middle): This Is how the tweak works .. . 23103 Is the Operator Number ofmy Cellular Network "T-Moblle Austria" Fig 7.3 (right): My Homescreen with the new OperaJorName "Hack Jhe System" 52 Volume 8 Issue 2 - Summer 2006 Blacklistedl411 8. Change the hard-coded Start Menu order You may have noticed that when you spark up your Start Menu a number of items are pinned to the top of it (like Internet Explorer , Tasks, Windows Media, ...) (Fig 8.1). Unfortunately Microsoft was not clever enough to build a function into the OS that allows one to change this predefined order of items . I know this is pretty lame, but I have good news for you: The following registry tweak lets you not only choose which items are pinned but also allows you to change the order of them . To change your Start Menu order ... 1. Start your favo rite registry editor and navigate to HKEY CURRENT . USER\Software \Microsoft\Shell \StartMenu where you will see a key named "Orde? If you view the contents of this key, you'll see the list of items that are pinned on your Start Menu. (Fig 8.2) 2. Now you can change the order of all items or add your own items (shortcuts or folder names) that you want to have pinned at a specific location of the Start Menu . If you want you can also delete items (If you delete all items the start menu will be sorted alphabetically). In any case the items will be pinned in exact order you enter them in the list. (Fig 8.3) 3. If you're done close the registry editor, restart the phone and enjoy your neWly-arranged Start Menu. (Fig 8.4) Fig 8.1 (left): The Start Menu bef ore the tweak Fig 8.2 (right): The hard-coded Start Men u order as shown in the registry Fig 8.3 (left): Let 's put Tasks on top ofthe list Fig 8.4 (right): After the tweak: As you can see Tasks is now the first item in the Start Menu 9. Turn off the Grid View (Windows Mobile 5 only) In Windows Mobile 5, the latest version of Microsoft's Smartphone OS, a completely new Start Menu style called "Grid View" (Fig 9.1) was introduced while the old sort of "list like" style was quietly discarded. To be honest I prefer the new style, but from reading hundreds of forum posts I know that there are lots of people out there who still prefer the old skool style from Windows Mobile 2002/2003. While Microsoft has again forgot to implement a user-accessible control to switch between the two styles (at least that 's the case in most phones) a little registry tweak does the trick again. Blacklistedl411 Volume 8 Issue 2 - Summer 2006 53 To bring back the old skool style ... 1. Start your registry editor, navigate to HKEY CURR ENT USER\Software\Mi crosof t\Shell \StartMenu and select the key "GridView";;. - 2. For the original old skool style set the value of GridView to "0". 3. To complete the tweak close the registry editor and reboot your phone. (Fig 9.2) (Note: To revert to the Grid View style redo the whole procedure and set GridView to "1") Fig 9.1 (left): The Start Menu in default Windows Mobile 5 "Grid View" styl« Fig 9.2 (right): The Start Menu after the tweak. Looks very old skoal, hugh? ;-} 10. Change the BaseHue of the phone (Windows Mobil e 5 only) Just like in Windows XP Microsoft has decided that blue has to be the all-dominant color in Windows Mobile 5 (Fig 10.1). While this was definitely not the worst decision some people may still want to use a more unobtrusive system color. This is where the little freeware program BaseHue Express (10) comes into play that allows ~s user to chance the so called BaseHue of the as. This single hue value has impact on most user interface elements of Windows Mobile such as the softkeys, buttons or the taskbar. To change this hue go on and run BaseHue Express on your device, choose a color from the color wheel (there is also an own wheel for greyscale hues) and press the left softkey "Apply" (Fig 10.2). And booooom, the magic will happen and all colors affected by the BaseHue will be automatically changed. (Fig 10.3) J Hint: To restore the original system color go to "Settings --> Home Screen' , set "Color Scheme" to "Guava Bubbles" (or any other available color scheme) and press "Done". Then set "Color Scheme" to "Default" and press "Done" once again. Voila, back is your blue Windows. Fig 10.1 (left): The Calendar in standard colon Fig 10.2 (middle): The Interface ofBaseHue Express; (Greyscale is beautiful ;-)} Fig 10.3 (right): The Calendar after the tweak in a smooth all-greyscale style 54 Volume 8 Issue 2 - Summe r 2006 Blackli sted l41 1 Final words As you can see Windows Mobile Smartphones are very tweakable due to the fact that they have a system registry just like your Desktop Windows. And due to their affinity to Pocket PCs some of the tweaks featured in this article do even work on Pocket PCs (notably tweak 1, 2, 3 and 10). Pretty cool, hugh? And you know what? There are still hundreds of more tweaks out there , many of them for specific Smartphones like the Motorola Q. You just have to find them. ;-) Therefore I have - to make things a little bit easier for you - compiled a small list with the biggest Windows Mobile communities where you can find all these other hacks and get help if something does not work in a way you want it to. But that's not the only place where you can get technical support: If you have any further questions regarding this article or Windows Mobile in general don't hesitate to send me a mail (unicoder@blacklisted411.net) or post your questions into the "Article Discussion " section of the Blacklisted!411 forums. Happy hacking! Window s Mobile communities around the globe [1] www.modaco.com (Probably the biggest and most active Windows Mobile community in the net) [2] www.xda-developers.com (The place where most developers hang out) [3] www.airfagev.com (A pinoy community with many devoted developers) [4] www.qusers.com (You have a Motorola Q? Then this is the place you have to go... ) Links [5] http://www.spv-developers.comicontenVregeditSTG.zip (RegEditSTG) [6] http://forum.xda-developers.com/viewtopic.php?t=40284 (OmapClock) (7) http://www.ghisler.comismartphone.htm (Total Commander) [8] http://tcpmp.corecodec.org/ (TCPMP / The Core Pocket Media Player) [9] http://www.modaco.comlindex .php?automodule=downloads&showfile=1702 (WM5torage) [10] http://greatbal.blogspot.com/2006/04/basehue-express-for-wm5-devices .html(BaseHue Express) Shou ts Special thanks go to all folks who found these nice registry tweaks , especially to all the friendly guys over at MoDaCo.com and to the creators of the fantastic freeware apps featured in this article, notably Intruders, Igor V. Bozhko and Greatbal. You guys keep the Windows Mobile community alive and kickin '! J And to Steve Ballmer and Bill Gates: Thanks for creating Windows Mobile. ;-) URBAN EXPLORATIONI Phone obsessions! Pointless 6.500 MHZ CRYSTALS $4 a piece, 50 for $115, 100 for conversation! And a slight chance of hacking! It's Doug TV $200. Add $3.00 for shipping. Send checks to C. Wilson, P. baby http://www.dougtv.org O. Box 54348 Philadelphia, PA 19105-4348 lOCKPICKING101.COM Open forum discussion to educate COIN-QP VIDEO ARCADE GAMES. Parts, boards, and yourself and others about lock picking and lock security. empty cabinets available for your projects. Cabinets INFOSEC NEWS is 'a privately run, medium traffic list that available for $75. C.J. Stafford, (301)419-3189. caters to the distribution of information security news articles. THE BLACK BAG TRIVIA QUIZ: On MSDOS disk. These articles will come from newspapers, magazines, online Interactive Q&A on bugging, wiretapping, locks, alarms, resources, and more. For more information: http://www.c4i. weapons and other wonderful stuff. Test your knowledge of org/isn.html the covert sciences. Entertaining and VERY educational. I'M RAFFLING my original APPLE-1 computer I have no use Includes catalogs of selected (no junk) shareware and for ~ anymore so I'm giving anyone who wants a chance on restricted books. Send $1.00 for S.25 disk, $1.50 for 3.5, plus owning a piece of history all I ask is for a one paragraph letter two stamps, to: MENTOR PUBLICATIONS, Box 1549-W, telling me why you would want my computer, and $2.00 cash Asbury Park NJ 07712 or money order to: MY RAFFEL, 567 W. channel lsI. Blvd., ANARCHY ONLINE A computer bulletin board resource for Port Hueneme CA, 91341 suite 416 anarchists, survivalists adventurers, investigators, , HACKER STICKERS Geeks, Coders and Hackers get your researchers, computer hackers and phone phreaks. stickers, shirts, hardware and caffeine from www. Scheduled hacker chat meetings. Encrypted E·maiVfile hackerstickers.com exchange. WWW: hhtp:/Ianarchy-online.com Telnel: TRUE TAMPER-PROOF Security Screw Removal Bits. The anarchy-online.com Modem: 214-289-8328 super torx kit includes: T-10, T-15, T-20 & T-25. Complete HACK THE PLANET A new and exciting board game in sel for $19.60. TOCOM 5503 bit $8.95. TOCOM 5507 bit which 2-4 players race to complete a hacking mission. $19.95. Zenith PMIPZ-1 bit $10.95. Jerrold Starcom bit Please send $3.00 check or money order payable to CASH. $19.95. Pioneer (oval) bit $23.95. Oak Sigma (oval) bit Hand-scanned 99XX exchanges in 516 AC. Included may be $23.95. Security Screws available. Tamper-Bit Supply Co. data kit modem numbers, WFAlFA, SSCU, TSAC(SCC), (310)666-7125. CO#'s, etc. Send $2.00 check or money order payable to HIGH·TECH security/survival books/manuals: Computers, CASH and specify exchange. "MCI-Style" Phone Patrol hats Internet, Phones, Energy, Physical Survival, Financial, Law, are nowavailablel Just $18 check or money order payable to MedicaVRadionics, Mind Control, Weird/Paranormal. Free CASH. 2447 5th Ave, East Meadow, NY 11554. Online Catalog at: Consumertronics.net (PO 23097, ABO, ATTENTION HACKERS & PHREAKERS. For a catalog of NM 87192), or $3 hardcopy (USA/Canada, $7 foreign). See plans, kits & assembled electronic "TOOLS" inclUding the display. RED BOX, RADAR JAMMER, SURVEILLANCE, COUNTER HOME AUTOMATION. Become a dealer in this fast growing SURVEILLANCE, CABLE DESCRAMBLERS & many other field. Free information. (800)838-4051. HARD·TO·FIND equipment at LOW PRICES. Send $1.00 to TIRED OF SA TEST KITS with marginal or inconsistent M. Smith-02, P.O. Box 371, Cedar Grove, NJ 07009 performance? 21st Century Electronics and Repair VOICE CHANGING ACCESSORY. Digital voice changing: guarantees peak performance with 40-pin processor kits. male to female, female to male, adult to child, child to adult. New, more flexible program with additional features puts Use with any modular phone. 16 levels of voice masking. others to shame. Price $49 each or 5 for $233. 1st time Connects between handset and phone. STOP THOSE offered. (404)448-1396 ANNOYING TELEPHONE CALLSI Sound older and tougher FEDERAL FREQUENCY DIRECTORYI Kneite!'s "Top when you want to. Not a k~ . Fully assembled. Use with Secret" registry of governmenl frequencies, New 81h edilion. single or multi-line phones. 3O-day refund policy. Ask for 268 pagesl FBI, DEA, Customs, Secret Service, BATF, free catalog of our products. VISA/MC ok. Xandi Immigration, Border Patrol, IRS, FCC, State Dept., Treasury, Electronics. 1270 E. Broadway, Tempe AZ 85282-5140. Toll CIA, etc. & surveillance, bugs, bumper beepers, worldwide Free order line: (800)336-7389. Technical Support: (602) US military, 225 to 400 Mhz UHF aero band, Canadian 894-0992 listings, & morel Ultimate "insider's" directory! Standard MAGENCODERS.COM Manufacturer of the World's reference of law enforcement, news media, private security, Smallest Portable Magnetic Card Reader & Point of Sale communications industry & scanner owners. $21.95 + $4.00 Data Loggers. We also have Magnetic Stripe Reader/ shipping ($5.00 to Canada). NY State residents add $2.21 Wr~ers , Smart Card Loaders & Copiers, etc... (407)540- tax. CRB Research Books, Box 56BL, Commack, NY 11725. 9470 VisalMC welcome. Phone orders (516) 543-9169 weekdays UNDETECTABLE VIRUSES. Full source for five viruses (except Wednesday) 10 to 2 Eastern. which can automatically knock down DOS & windows (3.1) TOP SECRET Spy DEVICES Home of the Worlds' Smallest operating systems at the victim's command. Easily loaded, Digital Voice Recorders and Spy Cameras. We stock many recurrently destructive and undetectable via all virus items including: Transmitters, Bug Detectors, Audio detection and cleaning programs with which I am familiar. Jammers, Telephone Recorders, Lock Picks, Voice Well-tested, relatively simple and designed with stealth and Changers, Keystroke Loggers. www.spydeviceeentral.com victim behavior in mind. Well-written documentation and live (305)418-7510 antidote programs are included. Priced for sharing, not for HACKERS '95 THE VIDEO by Phon-E & R.F. Burns: See making a ridiculous profit. $10.00 (complete) on six 1.44MB, what you missed at Defcon III and Summercon 951 Plus, our 3.5" floppy discs. Money orders and checks accepted. No trip to Area 51 and coverage of the 'CyberSnare" Secrel live viruses providedl Do NOT ask. Satisfaction guaranteed Service BUSTS. Elec Cntr Measures, HERF, crypto, and or you have a bad attitude! The Omega Man. 8102 Furness more! Interviews with Eric BlookAxe, Emmanuel, and others. Cove, Austin, TX 78753 VHS 90 min. Only $25 • distributed by Custom Video 908- NO SOUND ON PREMIUM CHANNELS? It will happen 642-6378. sooner or later on your Jerrold DPBB-7 Impulse. Ask EUROZINES AND OTHER CULTURAL HACKER ZINESI A Manhatten! Soundboard brings the sound back. Best sound one-stop, cutting-edge mail-order source for over 1,000 titles. fix on the market. Easy to install soundboard $24.95. Easy Beautifully illustrated 128-page catalog includes: alternative/ to build soundboard schematic, parts list and common chip fringe science, conspiracy, Forteana, sexuality, computer number $34.95. Send us your unit and we will install the hacking, UFOs, and much more. Send $3.00 to Xines, Box soundboard for $59.95. SOUNDMAN, 132 North Jardin St., 26LB, 1226-A Calle de Comercio, Santa Fe, NM 87505. Shenandoah, PA 17976. (717) 462-1134. 56 Volume 8 Issue 2 - Summer 2006 Blacklisted I 411 SINGLE DUPLICATION OF CD-ROMS Send your CD and HACKERSHOMEPAGE.COM - Your source for Keyboard $25 and you will receive your CD and an exact copy. Want Loggers, Gambling Devices. Magnetic Stripe ReaderlWriters. more than one copy? Send a additional $15 for each Vending Machine Defeaters, Satellite TV Equipment, duplicate. Make checks or money orders Payable to/Mail to: Lockpicks, etc...(407)65Q-2830 Knoggin, 582 Merket Street Suite 616, San Francisco, CA I-HACKED.COM is a hardware hacking based website and it 94114 currently looking for articles! Membership is limited to CB RADIO HACKERS GUIDEI Newl Big 150 pages; contributing members , so come and share your knowledge pictorials. diagrams. text. Peaking, tweaking and modifying with other hackers around the world. Topics we are currenlly 200 AM and SSB CB radios. Improved performance. extra looking for include: DVD "Dual-Layer" Firmware hacks. CD- capabilities! Which screws to turn, which wires to cut, what RW I DVD+I- Speed Hacks. Video Card Hacks. Motherboard components to add: Cobra. Courier, GE. Midland. Realistic. Hacks. IDE Card I Raid Hacks, Xbox Hacks, Playslation SBE, Sears. UnideniPresident. $18.95 + $4 S&H ($5 Hacks. cell phone tricks. or anything else you might have . Canada.) NY State residents add $1.96 lax. CRB research. Check us out@ http://www.i-hacked .com Box 56BL. Commack, NY 11725. VisalMC accepted. Phone ADD A CONVERSATIONAL USER INTERFACE to your order M-Tu-Th-F. 10 to 2 Eastern time. (516) 543-9169. web site or Windows-based software applications with NULL MODEMS - Download laptop: or upload to your pc the Foxee TM. the friendly interactive arctic blue fox agent easy wayl wi direct connect. or (DOS 6.1) Customized setup, characterl In the real world not everyone who navigates your no bUlky adapters, MAC or IBM compatibles . Send $18.95 for web site or software are expert hackers . and some users 6ft cable, specify 25 or 9db ends, custom ok. Instructions need a little help. Foxee is a hand-drawn animated cartoon included. P.O. Box 431 Pleasanton, CA 94566 (510)485- character that will accept input through voice commands, text 1589 boxes, or a mouse, and interact with your users through text, A TO Z OF CELLULAR PROGRAMMING. Programming animated gestures , and even digital speech to help guide instructions on over 300 phones in a software database. them through your software with ease! Foxee supports 10 Also back door and test mode access instructions for all the spoken languages and 31 written languages . She can be popular models; manufacturer's contacts, system select, Iocki added to your software through C++, VB6, all .Net unlock info. Just $59.95. Orders only: (800)457-4556. languages, VBScript , JavaScript , and many othersl Natively inquiries: (714)643-8426. C.G.C. compatible with Microsoft Internet Explorer and can work with GAMBLING MACHINE JA CKPOTIERS We offer a Mozilla Firefox when used with a free plug-in . See a free complete range of gambling products designed to cheat demonstration and purchasing information for Foxee at www . gambling machines as well as other games. Our products are foxee.nell designed to demonstrate to gambling machine owners the DO YOU WANT MORE underground information? Are you vulnerabilities of their machines. Our product line consists of ready to go to a whole new level of knowledge? Then you Gambling Machine Jackpotters, Emptiers, Credit Adding need to check out "Binary Revolution" magazine .
is a Devices, Bill Acceptor Defeats and Black Jack Card Counting printed hacking magazine put out by the DDP that covers Devices. Please visit www.jackpotters.com hacking , phreaking , and other assorted topics from the KEYSTROKEGRABBERS.COM Manufacturer of discreet computer underground. For more information on the keyboard logging hardware. Our devices capture ALL magazine, forums, HackRad io, HackTV, or any of our other keystrokes on a computer including user name and numerous projects, come to www.binrev.com and join the password. PARENTS-Monitor your child's internet, e-mail, revolution. "THE REVOLUTION WILL BE DIGITIZED." instant messaging and chat room activity. EMPLOYERS- - TUNE IN TO CYBER LINE RADIO on the internet, on the Monitor employee computer usage compliance . Employees USA Radio network. We can be heard Saturday Evenings will spend less time browsing the internet and sending e- 9:00 pm to 12:00 am (Central) . Heard Exclusively On The mails if they are being monitored. EXECUTIVES & SYSTEM USA Radio Network & Via The Internet! We discuss ADMINS-detect any unauthorized access of your PC. If Technology, Space, Hacking, Linux and more. For more someone uses your computer after hours, you will know. details meet us at www.cyber-Iine.com. (305)418-7510 BLACKLISTED MEETINGS will begin in Greece as the new HACKING, PHREAKING, computer security and education year arrives, They will be held every 3rd saturday of the on the First Tuesday of every month in the Detroit area. month and they will begin at 7pm. Meeting point will be the Meeting is at 7pm at Xehdo's cafe in Ferndale. Bring your centre of Athens at the metro station Panepistimio by the ' open mind and positive attitude. founlains . Also check the webpage www.blacklisted411 .gr. I WANT TO OFFER my playstation 2 game burning service. A+ CERTIFIED TECHNICIAN offering cheap repairs in Any game that you would like for a back-up or just for fun. Or Louisville Area. Will make house calls or lake home with me. maybe that Japanese game that just won't be out in the I do everything from virus and spyware removal to United states for a few months.. I have bundles that you can networking. Send an email to alanb6100@gmail.com with choose from if you want handfulls depending how much you your name and phone number as well as a description of the order. the games are $25 each IPLEASE NOTE THAT YOUR problem. Also I have Gmail invites available for a reasonable PLAYSTATION 2 NEEDS TO BE MODOED I ALSO HAVE price. Louisville area only unless you want to Western Union THAT SERVICE BUT YOU CAN ALSO GOOGLE SEARCH me some moneyl Thanksl FOR PREMODDED SYSTEMS TO BUY. EMAIL IF YOU SELLING USED HIRSCH SCRAMBLEPADS that retail new HAVE ANY QUESTIONS AT ALL. for around 500$ for your best offerl They are for very high ACCUSED OF A COMPUTER RELATED CRIMINAL security places, every time you press the START button on OFFENSE IN ANY CALIFORNIA OR FEDERAL COURT? the keypad it randomizes the digits so that any onlookers Consult with a semantic warrior committed to the liberation of cannot find a pattern in the digits you press. Also , you cannot information specializing in the defense of alleged see the numbers from the side, so for anyone to see your cybercriminals, including but not limited to, hackers, crackers , code they would have to be directly behind you. Email me for and phreaks. Not a former prosecutor seeking to convince more information . guiltyspark414@netscape.net defendants to plead gUilty, but an idealistic constitutiona l and WANTED: FEATURE FILM JUNKIE who can access up-to- eriminal defense attorney who helped secure a total dismissal date FAX numbers for hot agents andlor producers & of all charges in Los Angeles Superior Court for Kevin directors . My objective: to bring to their attention my action- Mitnick, who was falsely charged with committing computer- thriller script. Can pay by the hour. (909)275-9101 related felonies in a case with $1 million bail. Please contact HI, MY NAME IS RICK. Me and my friend Rob where looking Omar Fi9ueroa, Esq., at (415) 986-5591, at omar@aya.yale. for a low cost rackmount server one day to use for a web and edu or omar@stanfordalumnLorg, or at 506 Broadway, San mail server that we could have racked at a local datacenter, Francisco, CA 94133-4507. Complimentary case consultation Not findin9 anything real cheap we decided to start our own for Blacklisted 411 readers. (Also specialiZing in medical company building fast cheap servers for you also. www. marijuana and cannabis cultivation cases.) All consultations cheap1u.com was born. Mention this ad and get 10% off any are strictly confidential and protected by the attorney-client server order. Also since I am the owner, if you mention this privilege, . ad buy 10 servers and I will throw in the 10,th serve r for freel Blacklistedl411 Volume 8 Issue 2 - Summer 2006 57 Interested in meeting up with some of the Blacklisted I 411 readers? We will list all hacker meeting infonmation that is provided to us. We will list "Blacklisledl 411" only meetings as well as "independent" meetings open to all. Clllifomill Minnesotll (949 Area Code) - Irvine (612 Area Code) - Minneapolis Extreme Pizza · 14141 Jeffrey Road, Irvine, Ca. 92714 • Spyhouse coffee shot at the corner of 25th South and Nicollet Meeting is not Blacklistedl 411 specific. The meeting date Ave. Look for the Blacklistedl 411 magz on the table. may change from month to month. For specifics, check here: Last Friday of the month, 5:00pm· 8:00pm www.irvineunderground.org Hosted by: Thea DeSilva Hosted by: Freaky New Mexico Coloflldo (505 Area Code) - Albuquerque Winrock Mall· Louisiana at 140, food court, east side doors (719 Area Code) - Colorado Springs under the security camera dome. DC719- Hack the Rockies. Meetings held on the 3rd Sal. of First Friday of the month, 5:30pm. 9:00pm every month. Bpm-11pm @ Xtreme Online, 3924 Palmer Hosted by: Mr. Menning PariBLVD Hosted by: DC719 POC: h3adrush Texlls (303 Area Code) - Centennial (713 Area Code) - Houston at the Borders cafe on Parker in Arapahoe Crossings. every month, 7:00pm till close. Hosted by: Ringo' Hosted by: MuerloChongo Aoriclll (915/325 Area Codes) - Blackwell John's Deteelors, 501 W. Main 51. Third Friday of every (407 Area Code) - Orlando month. 7:00pm until...? For more infonmation, visit our site at The computer room in the Grand Reserve Apts. at Maitland www.johnsdetectors.com Park Hosted by: Wlrechie' Last Friday of the month, 12:oopm • 1:30pm Hosted by: Whisper Wyoming Georgill (307 Area Code) - Rock Springs/Green River WMe Mountain Mall--Sage Creek Bagels. The last Friday (678/770/404 Area Codes) - Duluth or every month from 6:30pm until 9:30pm. Meetings are the first and third Tuesday of every month, in Hosted by: Phreaky the cafe of Frys Electronics . They start at 6:30 until we get kicked out, and then continue elsewhere . Visit our site at www.HackDuluth.org and sign up on the forums to receive Mexico emails about the group . (666 Area Code) - Tijuana, B.C. Hosted by: P(?)NYB(?)Y Cafe Internet, Calle 12, Felix M. Gomez #644, Col. Libertad. In back room by payphone. First Friday of the month , Illinois 5:00pm to 8:00pm Hosted by: Tom (217 Area Code) - Urbana Espresso Royale Caffe . 1117 W. Oregon 51., Urbana, IL 61801. At the corner of Goodwin and Oregon, across the street from the Krannert Center for the Perfonming Arts. Every second Friday of the month, 8 PM Hosted by: r3tic3nt (t3tic3nt@gmBiI.com) lowlI (515 Area Code) - Ames ISU Memorial Union Food Court by the payphone. First Friday of each month, from 5:00pm onward. Hosted by: Omikrori SUBSCRIPTIONS AVAILABLE ONLINE WWW.BLACKLISTED411.NET SUBSCRIPTIONS AVAILABLE ONLINE 58 Volume 8 Issue 2 - Summer 2006 Blacklistedl411