A S.ludepiess !4i er.e.n t r.l l en EYal:uati.B B.aJ~d Never fear hardware again with the Parallax Professional Development Board (PDB). Avariety oftypical I/O (LEOs, LCD interface, buttons, etc.) devices and circuitry are built into the PDB, providing users with an ideal experimentation environment for .................. ................... Be sure to check out the losl- I Neural TCP/IP contestat DC14! I Subscrlpt/ons: Advertising: $20 U.S., $24 Canada , $35 Foreign Blacklisled I 41 1 Advertising Check or Money Order (U.S. Funds only) P.O. Box 2506, Cypress , CA 90630 Email: advertising@b lacklisted41 1.net Letters/Articles: Blacklisted l 411 letters and Articles World Wide Web: P.O. Box 2506, Cypress , CA 90630 (Include name & address-we PA Y for articles) Website: http://www .blacklisted411.net Store: http ://store.blacklisted411.net Forums: http://www .bI411forums.com Copyrigh t 1983-2006 by Syntel Vista. Inc. All opinions and views expressed in Blacklisted! 411 Magazine are those of the writers of the article s, and do not necessari ly reflect the views or opinions of any Syntel Vista, Inc. stalTm embers or it's editors. All rights reserved . No part of this material may be reproduced, stored in a retrieval system , or transmitted in any form or by any means, electronic, mechanical, photocopying. recording or otherwise, without the prior written permissi on of Syntel Vista, Inc. 9035768ABBAJBVJB-0027 DBBl01,07,32,41 ,52 PRINTED IN THE UNITED STATES OF AMERICA Icons used on the front cover are from Dropline Neu! created by Silvestre Herrera and are released under the GNU General Public License (GPL). A full copy of the license and icons can be located at http://www .silvestre .com.ar/or available on request 8S required . -- Black/isted141 J introduction/or those ofyou who are new••... Who we are... and were ... exclusively passed around by modem (unofficially on paper) and disks were still being released at this time. The question often arises on the subject of, "How did it all start?" in reference to our magazine and it's history. In June of 1987 marked the end of Blacklis/ed! 411, the hackers response to this popular question, here is a quick history monthly. The last disk based magazine (# 46) was distributed lesson of Blacklisted! 411 magazine, including names, dates that month. Since all of the original crew were finally out of and little known facts which have, thus far, been hidden away high school and onto college, work and the biggerlbetter for years... things in life, nobody had the time or inclination to put any effort into the disk based magazine anymore. The once Blacklisted 411 magazine dates back to October 1983 with a thriving Blacklisted! 411 group broke up and people went group of friends from a Southern California high school that their separate ways. Naturally, it was assumed that this was shared a common interest. They were all deeply interested in the end and Blacklisted! 411 would never be resurrected in their Atari, Apple and Commodore computers, electronics, any form. sciences, arcade games, etc. They built projects, hacked into various things, made their own programs, came up with In the summer of 1993, one member (and the original editor- grand ideas and tried to make them into some sort of reality. in-chief), Zachary Blackstone, felt it was lime to revive the The group started a monthly hackers "disk magazine" (an Blacklisted! 411 concept, but this time do it as a print early form of what is now known as an e-zine) called magazine. It was extremely difficult to get started because "Blacklisted 411, Ihe hackers monthly'". This may sound the group was no more and he was alone. He was the only strange today but circulating information on disk was the best one of the original group members remaining that had an interest in bringing the hacker group and magazine alive way to get it out (at the time) without all the cool toys we take for granted today. There was no internet to utilize and nobody again. With some money, the will to make it happen, top of had printers which could print anything other than plain text the line (at the time) computer gear and page layout (and didn't even do that well). With a disk based system, text software, Blacklisted! 411 was reborn. Blacklisted ! 411 files, primitive graphicslpictures, and utilities were fairly easy Volume 1, Issue 1 was released in January 1994. Blacklisted ! to distribute and it could be copied by anyone who had a 411 was finally BACK. The issues were released monthly and compatible computer. AI our peak, at least 150 disk copies distribution was small. Regardless, the related user meetsof the disk magazine were sent into the public, were packed! The interest in the magazine was great. After though there is no way to know how many were copied by a year passed, it was decided to try a quarterly format in an others. effort to increase distribution. During that year Zachary managed to get in contact with many of the old group Eventually modems caught on and the magazine was members, most of whom which are active staff members distributed through crude BBS systems. Using the power of a even today. Commodore 64, a Blacklis/ed! 411 info site, which anyone could log into without handle or password, was created and In 1999, what was to be the last issue of Blacklisted! 411 operated. 1\ was a completely open message center. Using (Volume 5, Issue 4) was published. It was unknown at the X-modem or Punter file transfer protocols, one could time, but many pitfalls would ultimately cause the demise of download the latest Blacklisted! 411 files or readl1eave the magazine. Officially, it was dead as a doornail. After 4 "messages" which later became known as a "message base" years of regrouping and planning, Blacklisted! 411 magazine and has evolved into what are now commonly known as was resurrected yet again.. "newsgroup postings" or "forum poslings". There was only one message center, no email capability & only 1 phone line. To date, Blacklisted! 411 is one of the oldest group of Primitive, indeed. Effective, however. hackers still remaining and releasing gathered and compiled information within the hacker community and the mainstream Around 1984, the purchase of a 9 pin dot matrix printer that community as well. Hanging onto the very same hacker could print basic graphics was entered into the mix. mentality and code of ethics from the 80's, Blacklisted! 411 Printing out copies of the Black/is/ed 411 monthly and stands apart from the rest. Their ideal is that hackers are not copying them at the media center at the high school became thieves - they're curious people who are the makers and the new "experiment". The media center staff graciously shakers of the technology sector. They're not elitist hackers allowed the production of these copies free of charge which by any means and believe that no question is ever a "stupid" was very cool at the time. The copies were passed out at the question. Old school hackers and newbie hackers alike, local "copy meets" (an interesting phenomenon of past Blacklisted! 411 caters to you. times - hordes of computer users would meet at a predetermined location and setup their computers with the What' about now... sole purpose of copying software and exchanging this software with each other). Piles of the magazine were left Community anywhere and everywhere people could see them. One The last two years have been an exciting time for the staff popular location was next to the Atari Gauntlet and Gauntlet and crew over here. We have become extremely active in II arcade gaines strategically located at 7-11's all over the the hacker community. As we are based in the Los Angeles place. It's been a longtime myth that people photocopied area, we have built relationships with the local Hacker groups those original copies and then those were photocopied, etc. such as LA2600. SD2600, twentythreedotorg, Irvine There's no telling just how many generations of early Underground and many others. We have been attending and printouts of Blacklis/ed! 411 mon/hly made it out there. sponsoring Hacker Conventions and Conferences such as the Layer One Convention and the ever popular Defcon. You Years went by and Black/is/ed! 411 evolved. The short life- can find us attending these conventions regularly. We span of the printouts was both a great success and a usually run a vendor booth at these events and we make miserable failure. No mailer where they were left, they were available our wares - subscriptions, back issues, t-shirts, taken - and taken quickly! The feedback was awesome in hats, stickers and other SWAG. We also provide several that people wanted more. The interest was very high, but the "convention only" promotions such as the Apple IPOD give- inability to meet this growing demand was completely away we held at DefCon 13. Our give-away was a big hit. overlooked. The plug was officially pulled on the printout We're planning on attending DefCon 14 this year and we'll be experiment and distribution through diskettes remained the holding our own private catered reception for subscribers and norm. 1\ was really the easiest way to go at the lime. The supporters. Additionally, we'll be handing out membership Blacklis/ed! 411 info site grew into a 2-line system. This was cards with all new subscriptions this year. Whatever you do, a big deal in 1985. By that time, information was almost be sure to check out our booth first, you'll be glad you did! 4 Volume 8 Issue 3 - Fall 2006 Blacklisted I 411 Magazine Development First and foremost is the local chapter of the Ronald A major effort has been made to increase our exposure to the McDonald House. Many people have never even heard of hacking and information security community. Our distribution this place, but nevertheless, they're a wonderful bunch of goals for the magazine was to break 100K copies distributed people who offer an amazing service to those less fortunate each quarter sometime in 2004 and we far surpassed our families who have a child in the hospital....they offer a place goal within our timeframe.. To date, BlacklistedI 411 has a to stay and a hot meal - for FREE (or a very small donation if circulation over 200,000 copies per issue. Based on orders you can afford it). We've donated many items to help their from distributors and sell through, we're doing excellent in the cause because we really believe in it. One of our favorite marketplace. Additionally, we have been seeking and hiring donations was the 200 some odd small children costumes we freelance writers, techs, photographers, and editors to supplied them with to give to the children around Halloween. increase the quality and scope of the magazine. We've also If you have children of your own, maybe you can appreciate been promoting the magazine outside of our community to this place a little better. Blacklisted! 411 Magazine bring in cross-over readers. Wholeheartedly supports the Ronald McDonald House mission and their programs. Merchandising I SWAG We now have a whole series of Blacklisted! 411 themed Additionally, we've donated heavily to the Westminster Parish swag and merchandise. This currently includes stickers and Festival, specifically with the intent to help support their youth apparel, but will soon include posters, a new DVD, gadgets programs and special classes for the mentally and physically and technology.... .whatever our creative minds can come up handicapped. The festival they operate is much like a small with. Ideas and suggestions on this subject will be accepted carnival with rides, food, drinks, and entertainment. They and appreciated. also run a huge raffle which is right up our alley as far as lending a helping hand goes. We've been able to supply Charities them with some unique and stunning prizes for the children People generally believe that hackers are awful scum- who attend the festival. Prizes you wouldn't expect to win for SUcking low life degenerates not fit to inhale the air they a cheap raffle ticket. breathe. This idea has been pounded into the heads of people repeatedly by the mainstream media. Not necessarily Our hope is that we were able to brighten up the day for because they're evil-doers, but more likely due to the fact that some children, maybe even a family or two....and help our they simply have no idea what hackers are or what we're all community at the same time. about. Of course, we also donate to EFF and other hacker-friendly They think we're an uncaring bunch of thieves. They couldn't groups. That really goes without saying, right? be any further from the truth. Hackers do care. In fact, they probably care more about the things that really matter than Closing thoughts your average Joe does. Let's start our closing thoughts by mentioning that we're your friendly neighborhood hacker magazine. We're one of the Blacklisted! 411 is owned and operated by real people who team players and happy to help people. Please don't feel care about things aside from hacking. No, really. In the spirit that you cannot approach us. of helping people and organizations outside of our community by offering real support, not only have we done a good deed, So, if you have questions, comments, articles, ideas, but we've demonstrated our philosophy at it's core level. We suggestions, have a business proposition or wish to offer want to help. As such, Blacklisted! 411 Magazine has support in some way, please contact us and let's see what officially donated to several local charities in an effort to we can come up with. Thanks for your support, hackersI achieve this goal. BL411 Important notes ofinterest: SWAG NOW AVAILABLE That's rightl We have SWAG now. We have some cool "Hack the System" T-shirts and baseball caps, plus a wide variety of bumper stickers available at our online store. We'll soon have some additional SWAG and technology available as well . Keep watching. www.blacklisted411 .net DEADLINES For some reason, people seem to miss our deadline mention in the magazine and online, so be sure to read this. The DEADLINE for articles, letters, artwork and ads for Volume 8, Issue 4 is January 21st, 2007. Got that? JAN 21 2007 ADVERTISING People often email us asking if classifieds are free. We keep telling everyone YES. Classifieds are free. If you have a classified you want us to run and it's topic related to the magazine, send it in and we'll consider it Ads are limited to space constraints per issue. First come, first served. Naturally, we reserve the right to reject advertising for any reason. ARTICLES Do we really need to mention this one? We're a magazine and we NEED articles. If you're a writer and want us to consider your work, send something to us. Don't waste any time . We're a PAYING MARKET. What does that mean? It means that we pay for articles which we use••.but only If you want the $. We can donate your payment to your favorite charity if you 'd like. Our rates are generally $25 a page, depending on size, quality & use of photos. ONLINE CONTENT If you haven't noticed It yet, we have a website (www.blacklisted411 .net) and we like to fill our pages with Interesting, topic related content If you'd like to write artlcles/revlews for use on our website, send them In. Blacklistedl411 - - Volume 8 Issue 3 - Fall 2006 5 Letter from ZaclUlry Blackston e, editor-in-chief. .... We lcome 10 the latest edition of Blacklisted 411 Magazine. Subscriber access to the forum may not sound like much, but let We ' ve go t some ground III cover, so I'm going to dive right on me explain what Ihis will include. First of all, subscriber access in and gel to il. 10 the forum will g ive you immediate access to the full range of sections, including a special subscriber-only area that has a As you may have noticed, this issue has been released relatively Q&A topic directly linked back to and operated by the magazine ear ly co nsidering Ihe Summer issue 's late release. We're trying staff Additionally, as soon as we bring the onli ne magazine 10 close the gap on our issues lor 2006 so we can actually back , subscribers will have immediate access to it. We're also release four issue s Ihis yeur . going to create a few other intere sting item s for subscribers. A radio show and possibly a TV show . It's only going to get more Aller Ihe super-laic release of Volume 8 Issue 2, peop le began interesting as time passes. Stay tuned. 10 as k if we were going IIIjust skip WI issue this year. Looking bac k at my letter from Ihe editor from the Summer edition, it's Note : If you 're not already a subscriber. you can subscribe obvious that my coverage of Ihis topic was inadequate. The directly from the forum area and get instant upgraded access to short of il is tluu we 're going to try and squeeze out four enti re the forum. Just click on the "SUIlSCRIBE NOW " link near the issues this yenr, even if it means the time between the last few top of the page . issues is shortened. Like I said , we're working on a Radio Show which is be ing Additionally, so me readers were worried that they were going to headed up by "ThelnstaIlGuy" and we 're considering the idea of be stiffe d an issue . I'd like III make this one crystal clear to putting together a monthly (maybe even a weekly) TV Show. everyone. If you pai d for a subscription, you'll receive the We don't have any specifics on either one of these yet, bu t number of issues you paid tor (ic: 4 issues for a Iyr we're accepting suggestions and offers of help from our readers subscription, K issues lor a 2yr subscription, etc) . '11 point is for the time being. If you 'd like to be part of either, send me an 11.' thai we consider a years worth of subscriptions 10 be four issues . email rightawayatzachary@blacklisted411.net This is how we determine that a subscriber gets what they paid for. I hope this clears things up Ior everyone. You 'll notice that Alex is being a lot more active lately, in both online WId in-person mailers. He 's recently taken over as head Ano ther complaint is Ihal we don't communicate with our of the magazine. This change means that he'll be bringing his readers us well as we could, We've already put changes in place business experience to the magazine which is good for backend 10 alleviate this issue. Not only arc we posting regular updates operations and the overall health of the magazine. You'll be 10 the main page ot' our website, but we 're leaving those seeing him at more conventions and events, too. Be sure to messages there a lillie bit longer and storing them in our news swing by our booth at the various hacker cons. sec tion database so they can he viewed even when they're nol on the mai n page uny longer. In the past , we would delete Speaking of hacker cons, Defcon was an amazi ng eve nt th is various news items from time 10 lime, mainly due to a technical year . It's 141h convention to date, they get better every year. issue we tried to gel around. We no longer delete our news Even though the event was moved to a new location this year items . I believe that Ihese changes wi ll correct any general which caused some grief, it was still an awesome social communication issues we've heen having. gathering. Quite frankly , it's arguably the best hacker con on the planet . Abou t the page cou nt of Ihe magazine. Ever since the day the magazi ne was made uvuiluhle 10 the public, it was a 60 -page Unfortunately, I could not attend, but the magazine staffran a "d igest" format. We decided to try something new somewhat booth in Ihe vendor room and mingled w ith the attendees dur ing recent ly. Vo lume 7 Issue 4 and Vo lume 8 Issue I were both Ihe ofT hours. I've read the reports, I've heard the gossip and released as 84-page "digest" format . We adde d 24 pages of I've see the pictures. All in all, this was a great success for Dark extra content in each of those two issues. We didn't increase Tangent and his awesome event! You can read about Defcon in our cover price or increase our subscription prices . However, this issue . Be sure to check it out , our IIlUldlingcost was increased dramatically. The weight of the additional 24 pngcs per copy added up! We knew it would, but What about me? Regardless of Alex taking over, I'll still be we were willi ng to cal the additional cost 10 Iry out our idea. here working on the magazine itse lf and he lping create new Our hope was that the increased page COUlII would increase sales content for the website and anything else we come up with . In and interes I in Ihe magazine. fact, you'll probably see me more often now that I have extra time on my han ds. Having Alex take care of day to day has While Ihe interest did appear 10 increase, the sales did nol. Aller freed up a lot of my time that I would otherwise have spe nt two issues of lesti ng ou l Ihis theory, it was decided to pull the dealing with magazine operations. I can now devote a plug on the idea and revert huck tu our original 60-page format. significant portion of my attention to the magazine in more creative ways . So, whal have we heen doing over here at the magazine lately? We ' ve been maki ng sweeping changes across every level of the We're thinking abo ut expanding our "street crew" to include magazi ne. Some of Ihese changes arc obvious while others are more people who want to help spread the word about the not easi ly noticed. I'll luke some time now to explain some of magazine, attend meetings, conventions and be our eyes and what's going on . ears in the community. We've already got a few good people laking on the project, but they can only do so much . If you like First und foremost wou ld he Ihe forum . If you haven't noticed the magazine and want to help out in any way , you really should already, check o ut Ihe loruml We migrated over 10 vBu lletin contact us and let us know. There's so many possibilities with from the phpBB plutform. vBulleti n will give us much more the magazine and ple nty of roo m for expansion. We've very creative contro l ofhow we usc our foru m, We intend 10 usc the receptive to ideas and constructive criticism, so don't be afraid forum 10 provide a reliable means for the community to share 10 approach us. ideas and communicntc with the magazine staff, II' you have nol done so yet, please check out the forum , By the way, if you 're a As alway s, we want to hear from you, our readers . If you have subscriber, contact Alex so he CIUl set you up with subscriber WlY questions, comments, suggestions or complaints, speak up. access to Ihe forum . Be sure 10 include real name/address so he Hack the system!! can identi ty your subscription slatu~. -Editor 6 Volume 8 Issue 3 - Fall 2006 Blacklistedl411 THE ART OF DSL Written By: ThelnstallGuy Introduction I feel this topic has been neglected lately and would like to reopen the topic for discussion . Since the release ofVDSL, there have been a lot of changes in the way the service works and things that can be done to enhance your experience with it. Now, keep in mind that this article will primarily be based on NVDSL connections in Canada . Most of the information here should be cross-platform. In the very least, this article should get you pointed in the right direction. How It Works I am sure most of you are aware of how ADSL works. I will only offer a summary here.. All DSL connections require an authentication (uname and pword). Once this is authorized by the SHASTA (Large servers used for nothing but authentication), an IP address is handed out by the RADIUS server . Alot of people are under the impression that the IP's are Dynamic, this is only partially true. An explanation of Radius servers is beyond the scope of this article, but feel free to Google it. Alright , so now you have an IP address and are able to browse. The last thing of mention here is to notice that it is actually the PPPoE adapter that gets the IP on your computer. When you first install the software for a DSL connection, (Pre-Windows XP. XP actually has built in software to do this) it creates a software layer connection that allows you to authenticate to the providers service. This connectoid is what actually receives the IP address from the provider. In Windows command prompt, running an "ipconfig lall" will show you two different connections, I for the actual physical network card and I for the software level connection . You will notice your actual network card will still have a 169.. ... Non-routable IP address and the software connectoid holds the valid IP to the network. With the introduction on VDSL, a few things have changed. Most noticeably is the VDSL box that now sits atop of your TV. This new device not only acts as a DSL modem, but also acts as your TV receiver. The way this is accomplished is by sending multiple signals down the phone line (TV, DSL, Land Line). These signals are separated into frequency bands. Once inside the home, the land line or phone frequency is filtered off immediately. The remaining frequencies are sent to the TV box and filtered appropriately. Lastly, I would just like to point out that since the introduction of VDSL, all VDSL subscribers are receiving 17-20MB connect ions to there home! Most of that is required for the TV, but we will explore shifting that number in a later article. How to Fix it In this part of the article, I am going to discuss a few of the common and not so common errors seen in DSL connections . Although there are numerous sites that explain various error codes, most of them are very generic and don't help all that much. The trouble codes that are listed below are Windows XP generated. If you are using an older OS, then refer to the manual that came with the PPPoE software. There will be specific codes generated by that software . Error 619 & 691 : For all intensive purposes, these are the same. Incorrect uname and pword. The only other option here is to disable the Symantec Password Validator in MSConfig under the services tab if you are using Norton 2004 or later. Error 769: This error tells you that your network card is disabled. Locate your network connections, right click the "local area connection" and select enable. You should be good to go. ·Note: This problem does misrepresent as error 678 on occasion. Error 678: This one is a fun one. You have and endless selection of options. Basically, this error means that you either have no communication between your computer and the modem or no communication from the modem to your provider . If the lights flash on the modem (without a router) while you 're trying to connect, then you can be fairly certain the problem exists at the provider level. Check all cables and connections and contact your provide r. If the lights do not flash on the modem while trying to connect, then there is something that is blocking any communicati on to your modem. I will start with the most common fix and move to the more detailed. First, try power-cycling the modem and the computer. Next, as mentioned above, check network connections for a disabled network card. If the prob lem hasn't been resolved at this point, it is most likely due to software, Software firewalls and anti-virus are common culprits, especially after they run automatic updates. The easiest and most effective is to either disable them on startup from the MSConfig utility, or ju st uninstall them. Yes, the un-installation takes some time, but it will allow Blacklistedl 411 -Volurne 8 Issue 3 - Fall 2006 7 you to configure them from scratch and hopefully not have the problem again in the future. Lastly, I would re-create the PPPoE connection. These connectoids due go corrupt sometimes and it is worth the 2 minutes to re-create it. Routers: About the only thing that ever goes wrong with PPPoE and routers is the router drops the connection after a brief interruption in service. Routers are pretty sensitive to a loss of service. They will often not try to reconnect after a minute or so of no service. The most effective fix is to power cycle the modem first, wait 2 minutes, then power cycle the router. This will fix the issue 99.9% of the time. Slow Speeds: This one can be a little tricky to diagnose, therefore I will stick to problems pertaining to the article. To say that subscribers don't have consistent speeds from house to house or even neighbor to neighbor is a gross understatement. There is however a reason for this. Before any connection reaches a SHASTA or RADIUS server, the connection routes through either a DSLAM (Digital Subscriber Line Access Multiplexer) or a BSAM (Broadband Subscriber Access Multiplexer) .These are the boxes located at the end of your street. They can generally handle anywhere from 8 ·400 customers and cost about $150,000 - $200,000 ea. The difference between the two is this; DSLAM's handle ADSL customers while BSAM's handle VDSL customers. Regardless of the type of service a subscriber may have, the connection from the box to their door is essentially the same. Every Subscriber is on what is called a loop. A loop is the section of cable to and from the phone jack to the BSAM or DSLAM. The farther a loop goes has a direct ratio to how fast and/or stable the connection is. The longest an ADSL line can be is about 3 miles. VDSL has a loop length maximum of about 0.8 miles. The main reason for the large difference is due to the massive data that travels down this line. The stability of the connection degrades very quickly over long distances. To sum this up, the longer your loop the slower/less stable the connection will be. How to Hack it Please keep in mind that this is information only. What you choose to do with it is solely your responsibility. I will not be held liable for any stupidity that arises from any misuse of this information. It wouldn't be much of an article if I didn't at least share one hack, so here we go. As I mentioned in the beginning of the article, all DSL connections authenticate through a SHASTA. All service providers maintain a lot of them. This is a good thing. While all SHASTA's will communicate with the RADIUS server, they do not communicate with each other. For example, if you maintained more than one residence in town, there is a very good chance that there are 2 different SHASTA's servicing these locations. This means that the same uname and pword can be used in 2 locations as one SHASTA does not know that the other has already auth'd that username and password. This could allow you to maintain a server at one location and a regular internet connection at the other. We pay enough for internet as it is these days. I feel you shouldn't have to maintain 2 accounts just because you maintain more than one residence or place of business. Conclusion: Well, as my first article to Blacklisted 411, I hope you enjoyed the article or in the very least learned something new. If you have any questions or feedback, I would love to hear it. Please be aware that some of the topics discussed here have been generalized a little to improve the readability of the article (no one likes a manual). Hack The System! About The Author Most people know me as ThelnstaliGuy, T.I.G., or that new admin guy @ blacklisted 411 forums . I have been involved in computers in many facets for about the last 20 years. My first computer was an Apple II C Plus. I programmed my first RPG game at the tender age of 13. It wasn't much , but it was better than Choplifter. Since then, I have maintained a steady interest in computers, mainly focusing on server deployment and network infrastructure . My hobby is all things wireless and radio. Currently, I reside up north in central Canada. Yes, it's cold 6 months of the year, no, we don't travel by dog sled, and yes, it's legal to reproduce copyrighted digital media for our own personal use. Favorite Moment: Having a Hawaiian art gallery ask if extra packaging was needed on a painting being shipped. Apparently, they were concerned about it being damaged while it was transported by dog sledl? I wonder if they really thought I was going to hang it on the inside of my igloo??? Recently, I have decided to embark on the Blacklisted 411 Radio project. I will be working with Zack and Alex on this project and have a tentative date of mid September for the pilot episode. Please watch the forums for upcoming news and info on the show. I will be sure to keep you all posted . Please feel free to email any ideas and comments at: theinstallguy [at] gmail (dot) com 8 Volume 8 Issue 3 - Fall 2006 Blacklisted I 411 Fixing a~ratcft~I;e.iC D s J\'actr >'I7'er-st~e by UnicOder unicoder@b/ack/isted411 .net A couple of weeks ago a friend of mine called me on Sunday evening and asked me for advice in a miserable situation: He had a scratched CD with extremely important data on it and he needed these data on the next day in the morning. Unfortunately the disk was in such a horrible condition that his CD drive did no longer accept the CD and the standard tricks like trying to read the CD with another drive or simply cleaning the CD with some cleaning agent did not help as well. It was clear: What my friend really needed was a disk repair kit (one can buy in nearly every computer store), or even better, the help of a professional data rescue company. But he had neither the time nor the money for one of these options. So I told him: "Okay, sit down and relax, I'll find a way to fix your CD until tomorrow." Let's do it MacGyver-style .. . My friend had nothing to loose, he needed these data now or never again. That meant for me it was time to try some of these crazy MacGyver-style CD repair tricks one can find all over the internet (Do you guys still remember the 80s TV series "MacGyver" where Richard Dean Anderson's alter ego could solve almost any problem by using science and his wits instead of violence? Good old times! ;-) ). But let's continue with the story: Just like MacGyver I tried to find a solution to the problem by using only stuff everybody normally has at hands and by utilizing Google I found lots of tips and tricks on how to repair CDs with typical household equipment in a couple of minutes. While some of these tricks sounded pretty much stupid (like cooking the scratched CD in a bowl of water) some really seemed to make sense (like using car- or furniture polish). Since I had no idea which of these tricks really worked and due to the fact that there were controversial discussions on nearly all repair methods in lots of internet forums I decided to try them all to find out which one works the best for me. So I took a couple of old CDs I didn't need anymore and scratched them until they were unreadable in both my hi-fi system and all -my computer drives. Then I tried nearly all those crazy tricks from the internet, and guess what; I even tried the CD cooking trick; I mean heY,.you:1I never know, it may really work. ;-) But the results of my experiments' were bad: Not only the CD cooking trick was (as expected) a total blank, but also tricks that seemed kind of logical to me did n~t resurrect any .~f m~ 'prepared Test-CDs, except one trick: The toothpaste trick·· .· Some of you may' have heard about this trick before and thought it's a joke, but I can now confirm: No, it's not a joke! Polishing scratched CDs and DVDs with toothpaste is really the ultimate homebrew data rescue solution. (Flg 1) But keep in mind that the whole procedure needs time (I needed over one hour to fix my Test-CD with the toothpaste trick) and that it's not guaranteed that the -trlck will work with every scratched CD. If the scratches are too deep or if the data layer on the upper side of the CD is damaged you will have no chance to resurrect the CD with this trick - no matter how long you polish. Also bear in mind that this is only a temporary.solution to pull the data off the damaged disc. That means: Use the trick to resurrect the broken CD, immediately copy all data to your hard drive and burn them onto a new CD. . .r. ' ; ij ' . ' Here's how it works: 1. Apply the toothpaste to the data/rear side of your CD; Especially to the areas with lots of scratches. (Fig 2) ' • 2. Before ,you start polishing the CD with a fine cloth or tissue wait at least 5 minutes. 3. Put some drops.of,water., onto the CD 'and start polishing the CD (always rub from the inside of the CD to the outside, never rub in circles!). If the CD gets too dry while polishing add some more water. 4. After polishing a couple of 'minutes gently wash the CD with warm water (until all toothpaste is wiped off), dry it and test it in your hi-fi system or computer. 5. Repeat all steps until your CD drive can read the disk ... That's it, it's really that simple. In this spirit let the toothpaste do the work, relax and hack the system. And Blacklistedl 411 Volume 8 Issue 3 - Fall 2006 9 before I forget: Yes, the whole story with my friends CD had a happy ending as the toothpaste trick worked for him as well. J Peace! Last but not least: If you have more time and money buy a disc repair kit or let professionals do the work for you. The toothpaste trick is only a solution for you if you have nothing to loose. The Blacklisted!411 magazine and I are not responsible for any data loss or damage caused by using the toothpaste trick. Fig 1: A scratched CD before (left) and after (right) the toothpaste trick. As you can see the heaviness of scratches Is Incredibly reduced on the pol/shed disc. (Picture post·worifed to Improve the visibility of scratches) Fig 2: Put toothpaste onto the rear side of the CD and let It rest for at least 5 minutes. 10 Volume 8 Issue 3 • Fall 2006 Blacklistedl 411 THe Rise OF SHyneT? By Rick Davis Fans of the movie series Terminator will remember the global computer system, called Skynet, which was I made by the military then ultimately grew selt-aware and went to war with humanity. This is surely a far cry from today's technology however it does offer some insights and ideas for an advanced computer network. Also, while borrowing concepts from a movie genre it's hard to ignore The Matrix series which can also throw some inspiration for this project. The purpose for this network was born from the need that myself and a group of friends had after our high- school and college days had passed and we scattered around the world to start our lives although we still wanted to do more than keep in basic contact through e-mail. Interest in various projects and many coming interests forced the need to share files and find a means for group communication that basic e-mail or phone could not provide. Also, our interest in distributed computing projects served by distributed .net sparked our interest in new projects and more productivity. What we needed. After a brief review of our needs we decided our Skynet needed to support these features. Central point for data storage and distribution Messaging system Varied levels of access Ability to easily add new systems Active security features With these features in mind each system on the network would have specific access and roles. Core - Central depository of data. Hosting of messaging system. Root network access. Sentinel - Specific security related role. Access to core. Contribute to computing projects. Node - Access point for each user to the core. Contribute to computing projects. Drone - Minimal access, if any, to the core. Contribute to computing projects. Network architecture. The Core : The core itself was the most powerful computer on the network, built specifically with our goals in mind. It needed to have a lot of computing power to handle network operations as well as the storage capacity for all the users involved. Above all else it would need to be expandable and upgradeable for at least 3-5 years. The most difficult part was the various permission levels of the data. Each user has a certain amount of storage space that only they have access to. Also, each user has a "public" area where they can place material securely and change the password when needed. There is also a general public area that all users could access. From there things got complicated . The bulk of the storage was broken down into three main sections, each needing increasing access. This was done because of the number of people involved. For example, the small group who started this project definitely wanted to share any material we placed on the core however the users we brought in to use their computing power did not get full access since only one or two of the ·Super-users" would actually know these people. Then , somewhere in the middle would be those that contributed several systems or those that really had no interest in what we were doing. These users had varying access, usually custom defined. Sentinel: Sentinels were our idea for active security. The initial design called for two and really there was no need for any more. One would continue to actively scan the network for virus and assorted malware threats. Scanning by the sentinels included the core as well as all nodes with ·Super-User" access. The other sentinel would scan for intrusions. Mind you we were not worried about being targeted but rather random attacks and such we wanted to deal with quickly. The sentinel would log any activity and would have options for certain circumstances. For example, repeated attempts from a port scanner or anonymous access might see that entire subnet blocked. Nodes: The nodes were initially the only other part of the network. These systems would be the primary systems that each of the original group used. In most cases this meant everyone's most powerful home BlacklistedI 411 Volume 8 Issue 3 - Fall 2006 11 computer. These systems would be eachusers only link to the core and besides from participating in the functions the core provided the nodes would provide a major contribution to the computing projects. Drone : A late addition to our plan which came from the idea to pull in as much computing power as we could. Users with more than one system could connect the others for computing support or any other needs that arose. Anyone that had an account would still only be able to connect from their primary system. Some group members brought in a drone system belonging to a friend or colleague for the rare need of a file transfer or if they were working on a project with any of us. In the meantime the drones would continue to provide added computing power. Network hardware. The only specific needs were for the core. It was designed for the most computing power with the available parts and funds. At the time this meant a dual-dual-core Opteron system with 4GB of RAM on each CPU. The RAM was expandable well beyond that and the CPU's were far from the best the motherboard could handle. The decision was made to get the core running and then as funding allowed upgrades and additions could be easily made. The massive case allowed for a floppy drive, a variety of optical drives and 10 additional empty bays. A 250GB hard disk formed "COdrive for the operating system and associated software. Then four-500GB hard disks formed the data storage area. The option was there for both the addition of extra drives as well as the replacement of existing drives when higher capacities when prices dropped. All others systems spanned the full range of available hardware. Nearly all of the "Super-user" systems were at least a 2Ghz CPU although some of the drones were well under 1Ghz. Basically, any system we could access was brought in as a drone just for the processing power. Network software. Connections to the network were based on a VPN that the network operated from. All users had a login and password to access the network. Also, those that had a static IP had that address listed so that it was their only access to the network. Ideally, we would have liked everyone to have access limited to one IP address but that was not reasonable with standard ISPs. It took a long time to decide on an operating system for the core but eventually the decision was to stay with a windows based system because of the variety of software available. Of course a server version was utilized. An intricate permissions system was spread throughout the drives and a commercial bulletin board program was set up. For security standard commercial anti-virus and firewall software was used and a combination of freeware, commercial software and our own coding formed the security intrusion logging system. Network permissions. Probably the most complicated aspect of the system the various levels of access required a lot of thought. First, it was decided that absolute root access on the core could only be accessed in person while physically on the machine and this level of access would be required to affect anything on the super-user level accounts as well as network and software settings.. There were five "super-users' at the beginning and three were in close proximity to access the system if needed. Four of these five could create new accounts and permissions to effect all levels below themselves while the fifth was given this access only as a courtesy knowing they had no interest in dealing with the accounts although their knowledge in other areas made it important to have this access. From there access was streamlined into four more areas. We were planning ahead incase we needed this much separation although at first we had only another 6 or 8 systems on the network. Access was organized into three levels of decreasing permissions (level 1, 2 and 3) along with another level which only kept in contact with the core and provided computing support. Accounts at level 1 had nearly all the access of a super-user expect the ability to create and alter accounts. Level 2 could only access limited areas of the core and most of time was not a permanent account. Level 3 was always a temporary account which we used for communication and file transfers to those that would likely not be visiting the network again. Aside from accessing the data on the core user access also limited what you could see on the bulletin board as well as information about the network in general. 12 Volume 8 Issue 3 - Fall 2006 Blacklisted I 411 Starting your own skynet. Basically, the principles behind the network could be employed by anyone. Any computer can serve any purpose and instead of some costly software an FTP could be used for data transfer while a free bulletin board package could be run . Depending on your resources, needs and number of users the general idea of the network can be easily adjusted for any needs . In fact, our design came out the way it did because of our limited money to invest in the project combined with our needs at the time . Visual network representation. Component I Acce•• Level Data I Forum Acce•• Admin Access Other I Misc. Core System iStorage of data and host for Physical access needed for Contribute CPU Power forum. super-user account changes. Physical access needed for many software and network chanaes. Sentinel Systems ~one. Access only to .reas relating Contribute CPU Power o their tasks. Super-Users Private Directories. Set Permissions for all lower ~ontrlbute CPU Power Shared Directories. ilccount levels . Ability to create/delete some material and directories. ull forum access. Level 1 Access to a majority of !Some ability to create lower ~ontribute CPU Power storage. ~ccounts. No personal directories. Forum access to all but super-user areas. Level 2 Selected access to data and !Admin uses only given as ~ontrlbute CPU Power orums. needed . Level 3 No forum access . ~one. ~ontribute CPU Power Temporary access to !'-evel 3 accounts are specified directories . -'mpgrary. Drones None ~one ~ontribute CPU Power BlacklistedI 411 Volume 8 Issue 3 - Fall 2006 13 A Blacklisted 411 Exclusive! How to Secure'Your Email Written by Maxy Each time you log into your email client or website, send or even just read emails, you leak a significant amount of information . Not only are your communications sent over networks as plaintext , and that mean 's anyone with a packet sniffer who just happens to be on the same network as you--corporate espionage, anyone?-ean read what you typed, but did you know that just by viewing an email you leak your Internet Protocol (IP) address to the sender? In this article I will show you some ways to protect your IP; how to use secure, encrypted e-mail accounts, and how to help anonymize your email transmission/reception. Secure Email Accounts Chances are you use a free email account like Yahool, Hotmail, or, yes, even Gmail . The first option towards securing your email is to set up an alternative account on a secure server which encrypts the email transmiss ions for you, as well as masking your IP in some cases. The advantages of using secure email accounts is that you don't need to download any separate plugins like GPG or PGP and bother learning how to set them up, worry about incompatible Outlook plugins, and other such inconveniences. The disadvantages are, as we will soon see, limited storage space, and encryption limitations. !Keep Your Se c ure E mail Private! A small caveat before we get into the gist of the article: although this may appear to be contrary to your common sense, consider that in some cases it may actually be advantageous to keep your secure email account private, rel e a s in g it only to close compatriots, and using a free 'unsecure' account (like Hotmail) for regular transactions-to keep those whom you don't want to know about the secure account in the dark! Think about it, the fewer people who know a b o u t your private, secure account, the fewer people can try to attack an d co m p ro m ise it. With all this in mind, let's now look at some free secure email account providers available on the web. MailVault http://www.mailvault.com/ The Good Stuff: According to MailVault's About page, "MaiIVault's OpenPGP implementation is 4096-bit/I024-bit strong. MailVault supports 256-bit AES for SSL transmission security." The encryption keys are also stores in "distributed offshore servers" which are located in Malaysia. MailVault also allows yo u to import PGP keys into your keyring, which means that you can send encrypted emails to someone using their public key through MailVault, and the email will be encrypted against any eavesdroppers. The MailVault interface is also very intuitive and easy to use; fast-loading , and completely ad-free! Looking at the Received paths in the headers of an email sent to a third-party account , you can see that MailVault also protects your IP: Received: from mailvault.com (Iocalhost (127.0.0. 1D. (I did not paste the entire header, as that would just waste space, tho ugh you can easily view full headers yourself in your favorite email program-in Gmail for instance , you can do so by clicking on ' More Options ,' and then on the 'Show Original' link under the email Subject). Whereas most popular non-encrypted email servers like Yahoo or Hotmail (though notable not Gmail) will leak your IP address. Another interesting tidbit about MailVault comes from their FAQ (source: http://orlingrabbe.com/MaiIVaultfaq.htm), which states "the MailVault server will not permit connections from a .gov or .m ll domain name. (If you are a slave of the nation-state, then humbly beseech your masters to provide you with private ernail.)." 14 Volume 8 Issue 3 - Fall 2006 Blacklisted I 411 And now the Bad Stuff: Email storage is limited to 4 Megabytes. That may be good for a few hundred small plain-text messages, but not very useful for sending longer encrypted text or any attachments. MailVault's 'off-shore server provider' also claims to provide DDOS protection (source: http://rayservers.comlnew/ddos-protection), however, MailVault has just recently (at the time of this article's writing: Mid-August, 2006) recovered from a DDOS bounce attack (source: https://ssl.mailvault.comIDDOS_Explained.html). This resulted in a lot of legitimate incoming! outgoing email not being delivered, and which therefore resulted in a lot of pissed otT MailVault users! In fact. at the time of this writing (August 2006), when I attempted to send emails to my MailVault account from a Yahoo account as well as from a Gmail and Hotmail account, I received the following error from the mail daemon in all three cases: This is an automatically generated Delivery Status Notification Delivery to the following recipient failed permanently: XXXXXXXXX@mailvault.com Technical details of permanent failure: PERM_FAILURE: SMTP Error (state 9): 550 relay not permitted This just goes to show that email servers are certainly not infallible, and you should take their promises with quite a big grain of salt. Though to be fair, keep in mind that no server is truly infallible against a sophisticated DDOS or similar attack, so don't think that MailVault is somehow inferior to the congested Hotmail, Yahoo, or even Gmail servers! Also, while can send signed and encrypted emails to other users of MailVault, or to anyone who already has a PGP key from another service, you cannot send encrypted emails to someone without a PGP key or a MailVault account. And finally, MailVault does not seem to provide any sort of spam protection service. Hushmall http://www.hushmail.coml The Good Stuff: Hushmail uses the Open PGP standard (RFC 2240 - http://www.faqs.orglrfcslrfc2440.html) to provide 2,048 bit-strong keys, along with the AES encryption algorithm to encrypt the key. When selecting your passphrase, Hushmaillets you know the strength of the phrase (something the aforementioned MailVault doesn't do). Hushmail further provides a spam-fiItering and virus-scanning service for free, as well as a Hush Messenger client for encrypted instant message (1M) conversations with your compatriots. You can also export your Open PGP keys (both your private and keys). What this means is that if you are using Hushmail, you can export your public key and give it to a compatriot who is using MailVault, who will then be able to send you encrypted email from his MailVault account. Hushmail also allows the uploading of public keys, so you can send your MailVault compatriot encrypted email as well, using his public MailVault key . Hushmail further lets you setup a question/answer so as to be able to send encrypted email to someone even if they don't have their own PGP key. The recipient of the email will have to know the answer to a question you specify in order to be able to see your email. Finally, Hushmail also strips out your IP from the e-mail headers: Received: from hushmail.com (localhost.hushmail.com [127.0.0.1]) Figure J - Hushmail Security Dialogue. This screen appears whenjirstlnstalling the Hushmail encryption engine when you're signing into your Hushmail email account Blacklistedl411 Volume 8 Issue 3 - Fall 2006 15 And now the Bad Stuff: Hushmail provides even less storage space than MailVault, clocking in at a mere 2 Megabytes. Free Hushmail email accounts will also be deactivated if not accessed at least once every three weeks (sucks if you're going on a retreat with no Internet access!), and you will then either have the option of purchasing a premium account, or having the email address deleted after six months (at which point an attacker can register that email account anew and then attempt to spoof your identity-this is a very serious issue, so if you decide to get a Hushmail account be sure to check it regularly to avoid losing it!). With regard to security of the Hushmail servers, a little over a year ago in July 2005 Hushmail underwent a DNS attack (source: http://www.theregister.co.uk/2005/04/25/hushmail_dns_attackl) wherein users who typed in 'hushmail. com ' into the URL field of their browser were sent to a different IP. This obviously presents the possibility for the phishing and keylogging of user passphrases. Hushmail blamed the attack on their domain name registrar, Network Solutions, and claimed that the data on the 'secure' Hushmail servers itselfhad not been compromised. Lastly, the Hushmail encryption engine, which is Java-based and loads each time you login to the Hushmail website (or after each time you empty out your browser's cache-which you should do regularly) can take a while to load for 56K users, though to their credit there is an option to bypass the Java engine if you do not have install rights on the computer you are using. CryptoMaii http://www.cryptomail.org/ The Good Stuff: CryptoMail appears to be another Java-based encrypted email option. The one innovative feature of CryptoMail is that it offers the option of sending your non-CryptoMail email account a notification each time you receive an encrypted email at your CryptoMail account. The sender's IP address, like with all of the other aforementioned secure email providers, is also protected (Recei ved: from cryptomail.org (localhost [127.0.0.1]). I'm sorry, but that's about all the good stuff I could muster; on to the bad. And now the Bad Stuff: The Java-based email interface is slow and clunky, which would be tolerable if you at least had the guarantee of strong encryption. Looking over the CryptoMail FAQs, Documentations, and so-called Technical Specifications, I couldn't find any mention of just what the hell kind of encryption algorithms CryptoMail uses. All the documentation in general is, in fact, very short and illusive, which leads me to believe the 'Snake Oil' corporation who owns CryptoMail (no, seriously, that's their real name) is deliberately withholding information from their end- users. When generating the keys, the interface said something about Open PGP, only to later state that CryptoMail is only "on its way to being RFC 2240 compliant ", therefore apparently meaning that it's not even up to par with the Open PGP specifications?! Figure 1- CryptoMait Key Generation Screen. CryptoMa il allows you to move your mouse around the screen to randomly gene rate a keypair, however, notice that they don't bother telling you what encryption algorithm and key- bit strength this generated keyset will use! . Furthermore, when looking at the raw 'encrypted' data generated only when sending email from one CryptoMail account to another, the 'encrypted' data was prefaced with "################CryptoMail Version O.IA################". I find it just a little bit troubling that a service that claims to have been around since the year 2000 still uses an encryption engine that's version 0.1A. And finally, as CryptoMail does not allow either the import or the export of public/private keys (and as I already mentioned, CryptoMail doesn't even tell you what algorithm these keys are based on, let alone the key-strength), you 16 Volume 8 Issue 3 - Fall 2006 Blacklisted l41 1 can therefore only send encrypted emails to other CryptoMail users, not to mention that you don't even know the maximum storage capacity of your email box. Now, maybe some readers of Blacklisted are more intimately acquainted with CryptoMail, but until someone sets me straight, my advice is do not use CryptoMail for securing your email. We can not assume that their withholding of information is just due to simple negligence, and must therefore surmise that an ulterior motive is in place. Stea/thMessage http://www.stealthmessage.com/ Figure J - St~althMaii Email enat;onScreen.St~althMa;1 allowsyou to input your m~ssag~. and set a "ar;~ty of f~atur~s such as s~/f-destruction and antloCopy;"g protection: The Good Stuff: StealthMaii provides a truly unique service which sets it apart from the three aforementioned secure email providers. StealthMessage provides 160-bit encryption with 128-bit SSL, but going further it offers several innovation features that are rarely seen in a free, secure email provider. First of all, StealthMaii provides the option of setting a 'self-destruct' timer for your emails. After the recipient opens your email, he has a limited amount of time to view it (which you set: maximum of 30 minutes, minimum of I second). You can also instantly self-destruct a message from your StealthMaii account, which means that while the recipient will still be able to know that you indeed sent him a message, he will be unable to read it! This is a great feature if you change your mind about sending a particularly sensitive message. The self-destruct feature is also great for sending a short communique to a compatriot who is in a sensitive environment such as a workplace or public area where the chances of someone shoulder-surfing and reading the message are quite high, in which case you set the self- destruct timer to a mere one second, and-poofl-the message vanishes! Secondly, StealthMail provides an anti-copying feature which prevents someone from copying the text of your message-a great feature if you want someone to read your message, but don't want them to retain a.copy of it for evidence! And thirdly, StealthMail lets you select the number of times you want the recipient to be able to re-enter the passphrase to be able to read the email, which will prevent an attacker from brute-forcing or even just randomly guessing your keyphrase. Finally, as is to be expected, the StealthMail messages arrive at the recipient's inbox from a randomly generated StealthMessage.com account, with the Received field saying: from EWHSERVERI22 (unknown (10.10.13.1», thus masking your IP. The body of the email then says " A private message has been posted for you from whoever@whatever .com" and directs the recipient to go to a secure StealthMessage website and enter his passphrase so as to be able to view the email message. Blacklistedl411 Volume 8 Issue 3 - Fall 2006 17 Figure 4 - StealthMaii Message Receipt S creen. Afte r the email recipient enters his passphrase that y ou (as the sender) agreed upon witll him , he 'll be presented with this Message Receipt screen. As soon as he clicks 'Decode ' the timer will start ticki ng down until the message self-destructs. Neat ] And now the Bad Stuff: Unfortuna tely, most of StealthMail good points also have slightly negat ive counterp arts. The anti-copying feature can easily be defeated by taking a screens hot (even ifStealthMail designed their scripts to disabl e the Print Screen keyboard key, yo u coul d still use a third-party screen grabber program, there's tons of them around). Likewis e, the sel f-destruct timer yo u set may not be enough for a recipient with a slow computer or who is a slow reader and doesn 't finish readin g the message within the allotted time. However, the biggest inconvenie nce of StealthMail is its requiremen t that the recipient enter a special passphrase-- which you two will have to have previously greed upon in advance--in order to read the message. It is imperative that you two agree on the passphr ase in a secure environment-not a plaintex t instant message conversation or in a place which may be bugged or otherwise monitored/surveilled! Conclusion So out of these four aforementioned secure email services, which one would I recommend? Well, assuming that MailVault successfully recovers from the DDOS bounce attacks and you're able to both send and receive emails from! For the most realistic, mind blowing kidnapping adventures anywhere period! Get kidnapped by our sexy Elite All Girls Team, or get your ass kicked by the hardcore and sinister Henchman! It's your choice, but you only live once! WWW . EX TR EM EKIDNAPPIN G . C OM 18 Volume 8 Issue 3 - Fall 2006 Blacklisted I 411 to the account, they would definitely be my first choice based on security and ease of use. Following MailVault, I would pick Hushmail as my second choice, due to its somewhat clunky interface, which is nonetheless compensated for by its wealth of available features. Stealth Message would come in a close third place, due to the fact that you can't export or import encryption keys, yet I very much like its innovative self-destruct feature. Finally, the mysterious CryptoMail would come in at a far fourth place, as I guess it's still better than using completely unencrypted email like Hotrnail, though I'm not sure just how much better it actually is ;)! If you don't like any of these secure email providers, you can always run your own Simple Mail Transfer Protocol (SMTP) server (assuming that your Internet Service Provider (ISP) allows you to do so!). One such server is called 'Email Privacy' (source: http://www.download3000.com/download_4469.html) and turns your own computer into a secure SMTP server for sending emails directly to your compatriots using any other third-party email program such as Microsoft Outlook, bypassing any mainstream email servers, and therefore lessening the chance that your email is intercepted. Though please note that this doesn 't guarantee security! As such, I would highly recommend encrypting ernails, not just sending them from your own SMTP server. Figure 5 - Email Privacy Main Screen, A screenshot ofthe shareware version ofthe email privacy SMTP server program. As the full version costs almost $50, J, unfortunately, could not experiment with the full version and more fully report Oil its functionality: Finally, remember that these are just four secure email options out of the hundreds that are out there. My reviews are simply meant to get you to start thinking cogently about securing your ernails, and should be taken as a guide to exploration on your own! When you google "secure email" or "free encrypted email" and see lots of different corporations offering their services, be very skeptical and be sure to evaluate each email provider at least on these points: Level of encryption Protection of sender 's IP address Mail storage space Allowance of the importation/exportation of encryption keys Customer reviews of the service Any past attacks like DDOS or DNS hijacking against the mail-server Anything else you feel is important! I wish you luck in your search for and use of secure email services , and remember the warning of keeping your secure email private given at the beginning of this article-so as to keep it from falling into the wrong hands! Notice of Non-Affiliation and Disclaimer I am neither affiliated with nor in any way compensated by any of the companies and organizations mentioned in this article. The opinions stated herein are just that: opinions, which are my own and do not necessarily represent the views of anyone but myself. They are not necessarily the views of BlackListed 411 or of any of the mentioned companies. This article is presented for information purposes only, and I will not be held responsible for any misuse of the information contained herein, or any data loss resulting from the use of said information. Blacklistedl411 Volume 8 Issue 3 - Fall 2006 19 I MODDING TilE MOTOROLA RAZR V3 By M@ This article is one of many that I will write ded icated to giv ing others the correct information about modding the Razr V3. I have owned my V3 for a little over a year now and have had endless amounts of fun with modifying it. I hope this art icle , and the others to come , sheds some light on what is poss ible for the V3 . That being said , I will accept no responsibility for anything that goes wrong with your phone . I'm giving you all of this information on a trial and error basis . (I've done it myself and this has worked for me , and will work for you if done correctly. Don 't do something to your phone if you're not sure what your doing. Ask firs!!) Introduction First off, V3 modding is usually done with someth ing called a data cable . This cable will allow you to connect your phone to a computer. It looks like this : You can buy these cables from your Service Provider or from the Internet, however, you may have noticed that there really isn't anything special about this cable . It's just a standard USB cable with a min i 5-pin USB head on the other end . In fact, if you have a dig ital camera , check the cable that came with it. Chances are that cable will work fine for your V3 . If you don 't have a camera , head on over to an electronic store and shop around for a cable that would work. There are many programs out there, some of which will be covered later , that allow you to use Bluetooth technology instead of using a data cable . However, I don 't know a lot about Bluetooth and I know that a data cable would be the better way to go because most programs recogn ize a cable rather then Bluetooth. Terminology I don 't know about all of you , but I hated this in English class, but I will try to make it as painless as possible. There are a few terms that many of you may already know , or you 're hearing them for the first time . Either way it's important to have an idea of what it all means BEFORE you start modding. Flash - The Flash of a V3 can most easily be described as the Operating System of the phone . It is the most common thing you will modify on your V3 . When you flash your phone , you will not lose any of your med ia on your phone . Flex - These are the files that conta in the Serv ice Prov ider 's "branding" on the phone . (start up animation and sound , shut down animation and sound, and other labels) They also include all the prog ramming needed in order to connect you to the ir Internet service and text messaging on their network . 20 Volume 8 Issue 3 - Fall 2006 Blacklistedl 411 Bootloader - This operates like the BIOS on a PC. It's software telling the phone what is what and where it can find everything it needs to function . It can be upgraded and downgraded . Most modders (like me) downgrade it. It was the first thing I did on my V3 because some programs may not work on later versions of bootloaders . Seem - Seems control every single aspect of how the phone operates . "SEEMS are storage containers for Phone Settings information ...Each setting is stored as a single bit, which can have a value of 1 or O. Often , the value of a bit is represented by a check box, Checked = 1, Unchecked = 0." -Manalive Unlocking - There's some discrepancy as to what an "unlocked" Razr is so this should explain it. An unlocked Razr means that it may be used on other Service Provider's networks freely. Service Provider 's lock the phone making it difficult for users to switch networks and keep the same phone. More on this later. GSM - Global Systems for Mobile Communications. GSM based phones , (like my Razr) have a sim card in it. (The little chip near the battery that holds all of the Service Provider's information and can be used to save your phonebook, etc.) GSM is nothing more than a network type. It allows easy switching between Service Providers . Ex. T-Mobile, Cingular , Rogers Wireless, Fido, etc. CDMA - COMA stands for Code-Division Multiple Access . Arguabl y not as good as the GSM based phones , due to the fact that it's old technology and does not use sim cards . Also , COMA based phones use software called BREW. (Binary Runtime Environment for Wireless) BREW is the hardest software to modify on these types of phones . In fact, most of the programs out there only work for GSM based phones, so that's a major downfall . Ex. Verizon, Bell, Alltel , etc. Get Started Now, assuming that you have your data cable and ready to begin, you'll need to get your hands on a folder called P2K Drivers. These drivers will allow your computer to recognize your phone's new hardware when you connect it to your computer. You can get them here: http://themotoguide .comlindex .php?PI0= 1&PGID=430&PHPSESSI D=eeaOb329229df215c75e52227 d7ac71b. Also , you'll need a copy of RSD Lite. This program will allow you to flash/flex your phone . (We will discuss that later) For now, you'll need to download it, from the uri above also, and don't install it just yet. When you connect your data cable to the computer , then your phone to the cable, your computer will recognize new hardware on your computer . When you open the new hardware wizard , select the option to "Install from a list or specific location (Advanced)" At the next window, uncheck the "Search removable media..." box and check the "Include this location in the search". From the drop down menu, navigate your way to the P2K drivers folder , (uncompressed of course) then click next. It should install the Motorola USB Modem for you. When completed, click finish. Now, you can install RSD Lite. Follow the on screen instructions to install it. When that's done , open up RSD Lite. With your phone still connected, the new hardware wizard should pop-up again. Follow the same instructions as before, selecting the P2K Drivers folder. When that's completed , the wizard should show up again. This time, leave the "Install the Software automatically" selected, and let it do its thing. There should be only one more hardware installation. Just do the same thing for the rest of them . When it's all done you can close RSD Lite for now. Downgrading the Bootloader The main reason why you would want to downgrade the bootloader is due to RSA protections on the phone, basically policing you from doing what you want. (Which for some, can be a good thing) Before going any farther , you'll need to know the current bootloader on your V3. To find this out, turn your phone off and then press and hold the * and # buttons while hitting the power button to turn it on. A black screen should appear showing you your bootloader version, (Mine was 08.26) and SW Version . (The flash of the phone) If you see that you have version 08.26, you'll need to use a downgrader program . A good one can be found here: http://rapidshare .delfiles/13848110/ scotty2_8.26_downgrader _v2.zip.html. It's called Scotty2 Downgrade r. Only version 08.26 users should use this program. If you see that your version is 08.23, you should not use this program. In stead, you'll have to flash the R374_V3BL_07.DO bootloader on to your phone. I will cover how to flash your phone later in this article. You can find this flash bootloader at: http://rapidshare .de/fiIes/13842811/R374 _V3BL_07.DO.zip.html. Eventually you will end up with 07.00. This is the best bootloader to use and you'll never need to change it again . Caution: Make sure your battery is fully charged . Make sure you have a stable connection to your computer . Don't run any other programs when using the downgrader . Proceed at your own risk. All you need to do is connect your phone to the computer and run the downgrader. It's a completely automatic process and should take about 5-6 minutes. . For the rest of you, who have 08.23 and lower, all you'll have to do is re-flash that bootloader to your phone. For this you'll need RSD Lite. Then follow the instructions for flashing the phone further down. Backup Your Phone This should be, clearly, the most important step you do before going any further. I will show you how to backup your calendar and phonebook first. You can do this with a program called Motorola Mobile Phone Tools or DataPiiots Universal Essentials. I will explain how to use MpT , because that is the one I am most familiar with, though I'm sure DataPiiots isn't that hard to use. You can get MPT from Motorola, your Service Provider, or of course the Internet. I would suggest finding a cheaper version of it on the Internet somewhere . Just search around and you'll find it no problem . Blacklistedl 411 Volume 8 Issue 3 - Fall 2006 21 Once installed, and your phone is setup, a little picture of your phone should show up on your computer screen. When you see this, click on the menu button on the keypad , then click Organizer, then Mobile Phone, and finally Backup/Restore . Then you should be able to follow the on screen instructions for backing up your info. Make sure you know where your backing up your files. Next comes backing up your system files. Get a copy of Flash Backup from here: http://www.mark-world.tv/motorola/page1 . html. After launching it, select Backups at the top. Select Full Backup under Backup Mode. Under Phone Memory Size, select 32 MB. Check the box saying Disable Backup Compression ...Now go to the area that says Select Loader (Only For Advanced Users) and choose Select Another . After a pop-up shows, navigate to the installation directory for Flash Backup, and go to the folder named RamDld Pack. Select the 32 MB (08AO).ldr file and click open. Now just click create. When it's done, you'll be left with a single file. Success! There are two other backups you can do also . (A bootloader backup and a PDS backup.) For this, do the same as before, but this time just choose the correct backup type from the Backup Mode drop down box. Flashing the Phone For flashing your phone, you'll need RSD Lite and you'll need a re-f1ash file. Go to http://www.planetmotox .net and find a new flash file for your carrier. (ex. Cingular) Launch RSD Lite and plug in your phone into the computer. It should detect your phone right away. If not, turn your phone off and turn it back on in flash mode (* and # upon startup.) After it detects your phone, click the ... button. Navigate to your new flash file that you got, then once selected, click Start. Your V3 should display a black screen with SW Upgrade in Progress on it. When it's done, click close and your done . Flashing your phone should not delete any personal files on your phone, however, if you have something on your phone that you don't want to lose, highly suggested that you back it up before you start. Flexing the Phone As you should know by now, the flex of the V3 are the files that contain your Service Provider's branding on the phone, and also include the programming needed to connect to their network. You don't really need to flex your phone unless your goal is to unbrand it or because you purchased a used phone with outdated software on it. I never flexed my phone, there was no need to, but I will show you how to do it. First you'll need a new flex file. Head to http://www.planetmotox .net and find yourself the newest flex file. We will use RSD Lite for this process as well. Launch RSD Lite and plug your phone into your computer. Once RSD recognizes your phone, click the "..." button and locate your new flex file. Once you've found it, click the start button. Once it's done just close RSD Lite. Screenshot courtesy of http://www.mark-world.tv/motorola/page1.html. Again, I really found no need to flex the phone so don't be in a big hurry to do it yourself . The only reason, I can think of, why you'd want to flex your phone is if you have one Service Provider's branding on the phone but you're using services from a different provider. (Ex. You bought a used phone .) Also , when you flex your phone, it will delete all of your personal files from the phone. (Photos, ringtones, etc.) Seem Editing I have just recently discovered seem editing , and the wonders it holds. Seems basically control the flex of the phone by activating and deactivating features on the phone. I will cover two seem edits. (One from the 0032_0001 seem, and one from the gain_table .bin seem. All of this will become clear in a few minutes.) You will need to use P2K Phone File Manager (P2K Man) to download and upload the seems from and to your phone, and you'll need XVI32 to edit the downloaded seems. You can get both of these from here: http://www. mark-world.tv/motorola/page1 .html. 22 Volume 8 Issue 3 . Fall 2006 Blacklistedl411 Now let's begin with the gain_table.bin seem. For -this seem edit I will show you how to turn up the earpiece volume for a phone call. Launch P2K Man and connect your phone. It should recognize it right away. When it does, hit the "update list" button. Look in the fa directory (on the left) and on the right look for a file called gain_table.bin. When you find it, select it and hit the "Phone» >PC" button. This will download the file to your computer, of course. After the file downloads, you can close P2K Man for now. Screenshot courtesy of http://www.mark-worfd.tv/motorofa/page1.htm/ Launch XV132 Before you open your file, you need to make sure your viewing hex instead of decimal. To make sure this is . the case, just click on options, then data inspector.After that's done, click the open button and select your gain_table.bin file. When it opens you should be left with a table full of numbers and letters. Make sure the "big-endian (Motorola)" is checked. Leave the options. Now your ready to open your file, so go to Open and find your gain_table.bin file. When it opens you should see a table fullof letters and numbers. D3 IlA 8B !BIl !02 !08 !00 !00 84FDt.?-F !6C !03 l!.!1?_-:6~!~~ 00 00 01 [6BjA4 !AOjC4 !IlO 01 FD !A1 !A8 I 07 1Il7 01 !03 \ 40 f03 04 3S !90 !A8 !88 i3B 03 SO iFIl iA6 i40 :0B jOO OO IOOl Illllfll!IIlllllllll!lllj [ilmllllllllllil ooti o 00 ~100 100 100 ioo lif00 100 100 100 100 100 00 oclox] ~o o~itff oo~1 Screenshot courtesy of http://www.mark-world.tv/motorola/page1.htm/ Blacklistedl411 Volume 8 Issue 3 - Fall 2006 23 These are the things you change when you do seem editing. Look at the bottom of the window when you select one of these numbers. It gives you a hex address. (The screenshot above shows the address 1D) Look for a hex address "0 ". (Or 00) it should be right at the top, and fourth one in from the right. This is the offset that controls how loud the earpiece is for a phone call. (The default setting is 1 of course.) I changed mine to 04 and it works perfect. I can even hear the person when I'm outside with lots of background noise, and it's not so high that I need to worry about blowing the speaker, so I would recommend 04. To change the value, just select the offset, (01) and type in 04, and it should change for your. Next, save this new gain_table.bin file. Then quit XVI32, and re-open P2K Man. When the phone is recognized, hit "update list" again. Make sure you don't have a gain_table.bin file still in the la directory . (Delete it if it's there.) Now, making sure that the la directory is selected, click the "PC>>>Phone" button, and locate your gain_table .bin file and upload it. When it's done, hit the restart phone button and let your phone restart. Vuala! Now you should be able to hear the person you're talking to next time you call someone , or someone else calls you. The next seem edit I will show you will allow you to keep a speaker phone call active even with the phone flipped shut. For this, you'll need to open up P2K Man again. Once you've updated the list of all the files on your phone, go to the "Seem" area and enter "0032" in the "From" box and "0001" in the "to" box. Click download seem. Save the seem file to somewhere you can find later. (Obviously) Next, open up XVI32 and load your downloaded seem file. Click on offset 8A to select it. Click on Tools and select Bit manipulation. In the "Status of Bits" area, uncheck bit 2. When this bit is unchecked, you will be able to flip the phone shut while on speaker phone and still be connected to your call. If it is checked, your phone will hang up the call when flipped shut. Now save this newly edited seem file, and upload it to back to the phone using P2K Man. To do this, enter "0032" into the "Seem" box and "0001" in the "rec" box. Hit upload seem. Locate the new seem file and hit open. Tah Dahl BeliCoreRadio The Evolution of Media BellCoreRadio is a snowtor allthe phonephreaks, hacker~ and geeks ofa/Ikinds. Visit us online at www:bellcoreradio.i1el to hear the show (ii\ B~,ic;;~. ~Omnimedia Group 24 Volume 8 Issue 3 - Fall 2006 Blacklistedl 411 That's the basics of seem editing. There is a great seem map on all the different seem edits you can do at : http://www.mark-world.tv/motorola/doc/seems .doc. It is updated by http://xlr8.us/hofo. cl.gif Changing Ever wanted to change that outer LCD image on your V3? Typically it has the name of your Service Provider on it and nothing else. Well never fear, something can be done about this. All you need to do is find a .gif image of your choice , (some can be found here: http://www.motox.info/showthread .php?t=435 .) and make sure it has the proper proportions . (96x80 pixels) Using P2K Man, all you need to do is navigate to the /a/mob ile/skins folder and find the file called cl.gif and delete it. Now all you do is hit PC»>Phone and locate your new cl.gif image. (Be sure to name your new image c1.gif. Also the picture must be a .gif format or it won't work) After that's done, restart the phone and check it out. Cool, huh. Custom DRM Icon Sets Installing your own icon sets are surprisingly easy. All you need is a .shx icon file (filled with all the new icons, duh.) and just follow the instructions for flashing your phone. (Using RSD Lite.) You can find some cool icon sets here: http://www.mark- world.tv/motorola/page10 .html. Custom Start-up and Shutdown Animations Putting on your own start-up and shutdown animations is always a cool idea to give your phone some style. All you need to do is connect your phone up to the computer and load P2K Tools . (Found here: http://www.mark-world.tv/motorola/page1 . html) Once you have that loaded up all you need to do is hit "tools' at the top and "custom animation ." Now from here it's pretty straight forward. All you have to do now is check the box on the left of the start-up and shutdown animations and locate where your .gif files are on your computer. Then restart your phone and your done. (you can follow the same steps for putting on your own start-up and shutdown sounds) Cleaning Inside the LCD This used to really bug me with my phone. No more than a week after I got it, there was dust accumulating under the screen. I found myself rubbing the screen so much I was slowly going insane. So I looked into cleaning it out for myself, rather than having to send it all the way to Motorola just for some guy to wipe it out. Here's how I did it. (Official manual, with pictures here: http://www.mark-world .tv/motorola/pdf/Getting _the_dust_out.pdf .) All you need is some sharp end tweezers and a new LCD cover . I found one at http://www.cellphoneshop .net. Use the tweezers to pry under the LCD cover. Once you have it, just pull up and it should come right off. Now take your new LCD cover, remove the plastic from it, and starting at the bottom, line up the new LCD cover with the inset. Be sure to apply even pressure across the edges to make sure it sticks in place. Vuala ! Conclusion Well that does it for my Motorola Razr V3 modding guide. I hope the pictures I added, courtesy of http://www.mark-world.tv/ motorola/page1 .html, has helped at least a little bit. By now you should have more than enough knowledge to do your own mods without much help. Again, be sure to ask about anything your concerned about before you start modding . (It's your phone, not mine. The info. I share with you has worked for me and should also work for you, but I will not accept responsibility if you brick your phone. You have been warned.) I will be sure to work on a third and final edition to this series, mainly consisting of little mods you can do to your phone easily. Well that does it for me. Talk to you soon. About the Author My name is Matt (M@) and I live in Canada, eh! I'm in my senior year of high school. I am athletic, outgoing, and have been interested in technology ever since I got my first gameboy color, way back in the day. I mainly stick to cell phones, computers, MP3 players and gaming consoles. My favourite food is Fettuccini Alfredo, and I love Mountain Dew. My email address is chalupaman_99@hotmail.com . Electronics Inventory Online EIO is a versatile electronics surplus source associating information with the distribution of electronics, computer and optical materials. We have implemented interactive via e-mail, technical forums on Liquid Crystal Displays, Charge Couple Devices, Stepper Motors, Lasers, Laser Light Shows, Microcontrollers, Holography, Fiber Optics, Electro-Optics and EIO Products with many more forums to come. We boldly supply links to competitors, revealing alternate and additional sources of surplus electronics, along with providing a rich . listing of information on events (trade shows, swap meets, conferences, etc.) and resources such as web sites, magazines, newsgroups, and information of interest to the technologically inclined. Be sure to check us out at: www.eio.com Electronics Inventory Online 22412 Normandie Ave, Unit A, Torrance, CA 90502 TEL: (877)-746-7346 (310)533-5150 Blacklistedl411 Volume 8 Issue 3 - Fall 2006 25 By: Hevnsn t What happens when you place 6,000 of the worlds best hackers in one hotel? Stuff gets hacked, normally the hotel's stuff, This year, Surbo and I wanted to change that -- and this is the story of how we did it. We made the sacrifice to put our lives on hold and go to Las Vegas (yeah it was rough) to mingle with the worlds best hackers. As we got there and checked in we were given the lowlyest of badges, the "General Population" badges -- referred to as the "Human Class". Don't get me wrong, Joe Grand (of GrandldeaStudios.com) did a great job on the badges, but did I-hacked staff deserve the plain "Human" class badges? We certainly didn't think so, later we will discuss how Joe's design ultimately led to the compromising of Defcon . After we had rece ived our badges, we made a short trip back up to the room to do a little modding to the badges . After 10 minutes of pulling apart official I-Hacked Throwies and soldering we had modded our badges to stand out from the crowd . Happy but not satisfied, we strutted our stuff among the crowd as quite possibly the first to "mod " their badges. As we explored the convention center we found our way (passed some velvet rope) to a hallway that was protected by a guard . Without any discussion between us, we both knew that we wanted passed the guard. As nonc halantly as possible we struck up a conversation between the two of us and tried to walk passed the guard as though we were meant to be there. Politely yet firmly the guard told us: "Red Badges Only" and told us to leave. As I had been to a 'Con before, I knew that "Red Badges" meant one thing, and one thing only . Goons. The holy grail fear of any Defcon goer, the goons are the elite of the defcon staff We wondered what wonderful things they had down that hallway, sure ly they had gigabit connections, imported beer tilled swimming pools, and rainbows made of skittles. We had to get back there to find out. We decided it was time to figure out exactly what the other color badges looked like. Surbo put on his social engineering hat and asked the registration desk : "What are the red badges for?" The goon who at the time was wearing a red badge replied smugly "You have obviously never been to a con before." While surbo's job was to pull information from the registration guy, my job was to get a close inspection of the badge. At this stage we were still gathering information, an important step in any hack. Gather as much information on yo ur target as possible, then take your time and have a beer. Speaking of beer it was time to hit the strip, we packed up and walked down to the main strip. We toured a lot of the diffe rent bars around, but because it was a thursday night nothing was really happening. Th is was not my first trip to vegas, but I still wante d to see all the street shows again. As surbo and I walked up and down the strip we stoppe d to see-the Treas ure Island show (pirates kick ass), some guy who was doing incredible artwork with spray paint, and some really crazy bands performing in each one of the casinos we ducked into to grab a beer along the way. Anyway, enough about vegas, lets get on to the hack already. The next day (friday) was the beginning of Defcon and the crowd was among us. The amo unt of people that showed up for this years defcon was absolutely staggering. I don't know the oflicial number but I do know that it was well over 6,000. We had had a night to discuss what we tho ught about the badge . We had already scanne d our badges with our favori te RFID Scan ner (APSX RW-310) and could not find any trace of signal. Our program manual stated that Joe Grand would be giving a talk about the badges the next morning -- maybe he would talk about the differences of ours vs. the, other color badges . All the different colors avai lable 26 Volume 8 Issue 3 - Fall 2006 Blacklistedl 411 During Joe's talk he started discussing the proces s of creating the badges. He mentioned that the cost per badge had to stay below $5, so it became apparent that there probab ly wasn't any embedded RFID in the other colored badges. Then he finally talked on how he created the different colors , he simply used a colored solder mask to create the different badges. BINGO. Thanks Joe! The only difference between my badge (white) and a Goon badge is the Red color . On the way out of the speech, I looked at surbo and I could tell he was thinkin g the same thing I was... Lets go visit the spray paint artist on the street. Later that afternoon, we left our hotel and defcon festivities behind to go see the guy who would change our defcon experience for exchange of nothing more than a I-Hacked throwie that he could place on his lamp. I showed him a picture of the red badge that we would like to emulate, and he mixed and matched his colors to get it per fect. Urn, I would like it Red Please. Simply put, it came out perfect. As far as anyone was concerned we were now official Defcon goons . We only had him paint the front of the badge red (and left the back white) so that we could later prove to the security staff how weak their securit y measures where .. This later turned out to be a bad decision. (but I wont get into that jus t yet) =p Later on that night at the private parties (as goons, we didn't have any trouble just walking in now) when anyo ne asked if we were goons we would just nod our head yes and sw itch topics. We didn't want to blow our cover jus t yet. We were in the penthou se suite, partying with the guys who put on defcon -- we introduced ourselves to as many peop le as we could to get a few names to drop if needed . Sat urday: Completely hung over, my only goal for that ent ire day was to see Dan Kaminsky 's talk on net neutrality. As we finally made our way down to see his talk, we found the room to be completely full. No one else was being let in. Surbo had noticed the day before that the Goon HQ was a skybox overlooking the particular conference room where Dan was giving his talk. Being as though I really wanted to see this presentation, we made the call... It was time to try out our goon badges. As we made our way down the hallway , we passed the guard with out any incident. In fact she even stopped a few other people who tried to surf in with us. (Sorry guys, apparently you need a Red Badge to get past her =) We were now past the guard , finally in "Goon-Land". We tried door I, Locked. We tried Door 2, Locked ... Arrgh Out of desperation , Surbo knocked on door number two. A few seconds one of the largest goons I have ever seen opened the door and asked what we wanted . Surbo said "XXXXXX told us to come up here to watch Dan, to give up some seats. (XXX XX's name has been removed to protect him, lets just say it was one of the names we snarfed from the party the night before) Without hesitation, he opened the door and took us out to the balcony. Now unless you were there you can't imagine the tension. We are co mpletely surrounded by goons, in their room, with fake goon badges . I snapped a few pictures as proof from there as discreetly as possible, but they turn ed out horrible . None of the other goons were taking pictures so I figured I should lay low with that. Blacklisted l411 Volume 8 Issue 3 - Fall 2006 27 During Dan's talk, a goon walked out on the balcony with a huge juicy steak. We hadn't eaten yet, and damn that thing looked good. As soon as the talk was over I asked the goon "Where did you get the steak?" and he looked at me a little weird and said "The Refrigerator" and then walked me into the kitchen and showed me exactly where .. =) Fast forward to later that night. The badges opened up more than physical doors. We were now invited to the best party of the 'con (Ninja Party absolutely rocks) where I had a few too many drinks . After bouncing between Ninja, the White Ball, and the pirate party (all of which I continued to drink) surbo decided to leave me to my own fruition. (Mistake # I) Well my liquid courage had set in, so I figured that I would go tell the goon squad exactly what I felt about their physical security and identification methods. I stumbled right passed the security guard, and at no time did I question what I was about to do. (Mistake #2) Ready for mistake #3? I threw open the door to Goon HQ, and was presented with a room full of goons (Seriously it was somewhere around 4am, and there was probably 15 goons in there) and sitting in a chair right in front of me was the head of security, Priest. (Which btw if you have never seen him, is a big dude) Undaunted, I began my speech about how I was able to bypass all of their security methods using a can of spray paint. Lets just say, that this probably wasn't one of my shining moments. Sure, I had proven that I could bust their security. I had proven that when it really comes down to it, I have a sack of fortitude, and I had proven that after all that beer I really need a second opinion on things. =) Priest was incredibly cool, and although he confiscated my badge he told me to get a hold of him in the morning. Sunday morning I found Priest; and after a stem warning about next year he told me. "Good job, you hacked defcon. You made it past our security . For that, I am going to get you another badge, another WHITE badge" I of course appreciated this, but I asked for my original badge back, I mean it meant so much to me. He told me that it had already been destroyed, but I like to think that he has it hanging up as a memento of Defcon 14. Fare well Badge, thanks for all the fun. Sure this wasnt the most "Elite" of hacks out there, but it really goes to show how something as simple as spray paint can be used to circumvent some of the most sophisticated security forces. I hope you liked the story, and I can't wait for DCI5. 28 Volume 8 Issue 3 - Fall 2006 Blacklistedl 411 Defcon Physical Security Hole Written by: Matrix My name is Matrix. No , that's not my real name , but people know me by this name. I'm a regular Defcon attendee. I'd like to think that most of the other regular Defcon goers know me very well. For those who do not know me, my specific daytime job is supervising physical security at a nameless technology center. Enough about me. Let's get back to the subject of this article : Defcon. I have been attending Defcon for well over a decade. One could reasonably argue that I'm one of the original attendees. I mention this, why? During my many trips to Defcon, I've witnessed just about every conceivable situation over the last 12 events. I was sure that I've seen everything possibly imaginable. I attend Defcon for a couple of reasons. Well, three if you really care to know. I like to party. I need not explain . I enjoy technology. Again, no explanation necessary. I enjo y the company. I like to surround myself with the kind of forward thinking people who attend Defcon for personal satisfaction and to help expand my job skills. My job depends on understanding how people think. Who better to learn from than the best of the best. Oh, I also enjoy the various competitions and speaker presentations. I particularly enjoy the scavenger Hunt. Shouts to Vegas 2.0! This year, while I was somewhat apprehensive of the new venue, I was happy to stand in line and wait it out. What appeared to be yet another " typical" event, I quickly changed my tune. I was immediately aware of a possible security flaw when I got my first glimpse of one of the Goon badges. Those beautiful RED badges! The possibilities began to spawn while I stood there. I tuned out my buddies and began to consider the options. Here was the key problem with Defcon security this year. The ·ONLY· difference between the goon badges and the human (uh, that's us regular folks for those who don't know the lingo) was only a matter of color. The color of the solder mask, that is. Goon badges were RED and human badges were WHITE. It was conceivable that simply painting the white badges with red paint would grant immediate access to goon territory. I later found out that I was correct. Very correct! You see, in the security field, difficult to duplicate VSE 's (or visual security elements) are vital to a strong physical security barrier. Without this , anyone with the know-how can easily bypass this most basic first defense and render the entire security solution useless. The most basic VSE is an "overt" VSE which means that the security element (in this case, the color of the badge) is easily visible to the human eye. Overt VSE's are designed to make ID authentication easy to verify, Next, you have Covert VSE's which are, you guessed it, not visible to the human eye. An example of this would be a hologram or "invisible inks" which will appear under a black light. Hidden text and "micro" text are some other examples. Last is Forensic VSE's. Just like covert VSE's, but much harder to detect- and to counterfeit. This typically entails the use of nano-text. Defcon used an overt VSE, obviously. They do this every year. The objective was to create an overt VSE which is easy to authenticate, but difficult to duplicate. Given the limited time span of Defcon, it's conceivable that they were aware of this situation, but accepted the risk factor. Either way, they failed with the implementation of their VSE . It was easily overcome with a $1 can of spray paint. That sounds bad no matter how you word it. Now, it was all a matter of finding some of that paint I keep talking about. Have you ever tried to find a can of paint in Las Vegas? It sounds easy, doesn't it? However, I had no idea where to look . I didn't learn about the street ven dor with the paint until much later, but I was still able to pull off nearly the same exact hack. I don't really consi der this a hack, but more of a type of social engineering. Who really wants to argue over the difference, though? Suffice to say, SE is a type of hacking. I believe most readers would agree with that sentiment. I asked David and Carl if they could go find some red paint. After I explained what was on my mind, they wandered off and I didn't see them for another 3 hours. Later that evening, I found them hanging out with Alex from Blacklisted 411 Magazine. I asked if they had any luck and they quickly produced a can of spray paint from one of their backpacks. I was jazzed! They mentioned that they had bought it at Wal-mart and it was "really cheap." When I got back to our room, I didn 't waste any time . I pulled apart my badge (yes, I brought my tool kit with me. Complete with soldering iron), painted it up on both sides and let it dry . I reassembled, checked that it still functioned and set it aside. As promised, I painted up Dave and Carl's badges, too. A Ilnle while later I caught myself staring at the badges. I was daydreaming about all the possible situations I may possibly get myself into . Anything from getting kicked out to receiving a pat on the back. Honestly, I had no idea what to expect if I got caught. I sucked it up and ventured out. Skipping ahead, I found the secure goon entrance very quickly. How could I have possibly missed it? I was able to walk right by the "guard" without incident. It worked! Could it be that simple? I kept telling myself that they knew I wasn't supposed to be there and they were just fucking with me . Just waiting for the right moment to snare me. For Blackllsted l 411 Volume 8 Issue 3 - Fall 2006 29 the first 30 minutes or so, I was worried about it. As time passed, I slowly found my comfort zone and eased up on the worries . I began to open up and sociali ze with the other goons, trying to collect as many names as possible. Nobody seemed to suspect a thing and every one was very open with me the ent ire time. I wanted to take some pictures of a few things , but I felt that it may appear too suspicious. I didn 't see anyone else taking pictures, so I followed their example. After maybe an hour of wanderin g around in the backstage area, talking to various goons and enjoying the fact that I was getting away with something otherwi se unheard of, I became bored with my new found free-pass and deci ded to bailout. The next day, I brought Dave and Carl with me and we slid right by the guard again without incident. I showed them around and introduced them to several of the goons I met the day before , all who shall remain forever name less. My buddies were obviously nervous . No doubt it was because they were up so close to the goons . I played off of their terror and poked some fun at them. Sor ry Dave, 1 co uldn' t help it. I explained that it was thei r first yea r and they were a bit overwhelmed . The statement was reasonable and nobody questioned it. During my time in the restricted areas, I had an opportunit y of see ing a real goon badge up close a few times . realized that my pa inted badge was severa l shades too dark. Nobod y else seemed to notice it, though . While I applaud Defcon and Joe Grand of GrandldeaStudios.com for their efforts in trying to make a unique badge for this year-which they did succeed in doing, I can' t help but be sadd ened that they overlooked what I cons ider to be the most basic physical securit y principl es. Yeah, make it easy to authenticate, but come on. All it took was $1 and a little of my time to open up the doors. I understand that cost is a major factor in the produ ction of something like this and I realize that they were most likely awa re of the possible risk and decided to accept that risk. No harm was done, it was only a learning expedition. However, I would sugges t that the next DC goon badge implement more security features. The least costl y method would be to use a different shape/s ize or go with a material which doesn't lend itself to being so easily re-color ed. Of course, anything can be bypassed with enough determ ination and time. I found out at a later point in time that we were not the only ones to have beaten the physical security at Defcon this year. While Hevnsnt had the gon ads to report his finding s d irectly to Priest during what was probably the most inoppo rtune moment, we can't make the same claim. We remained anonymous in our activities. Our intent was to provide a proof of concept. 1 believe we succeeded in our goal. I'd like to state for the record, however, that I did fess up after the event was concluded. Everyone was cool with it. They appeared to treat the breach as trivial. I even got to keep my painted up badge! Thanks for being so cool , guys. Defcon is an awesome event. I can't wait to see everyone there next year. III~ (~I{I. rsren -n r ,TilN'rS ¥()(JII il lrr"T ()III{ Are you an artist? Do you li ke Bla ck listed l 411? Coul d you us e a few bucks? Well, if you 're looking for work we have a job waiting for you ? If yo u' d li ke to sho w off som e of you r talent and pick up this gig . why not send us some hardcopy samp les, send us a disk w ith yo ur samp le artwork or email us. We'd be happy to look over your work an d co nsider br ing ing you onboard or pu rchasing your photos outright We can even arrange a free s ubsc ri pti on or make some other arrangement if you 'd like. If you 're interested, take a look through the magaz ine and make note of the existing artwork and our topics. Think about it and try to come up with someth ing comp letely or ig ina l w hich coinci des w ith the overall theme of the magazine. Here's who you send your artwork to: Blacklisted! 411 ARTWORK P.O. Box 2506 Cypress, CA 90630 We WANT to hear from yOU. ...don 't dela y - just send us what you have. We prefer freehand artwork on PAPER, but will accept in high reso lution (if at all possible) computer graphics formats: TlF, TGA, JPG , GIF. PS D, PCX and mo st ot her pop ular image formats. We look forward to hearing f rom you . If yo u have addi tio nal qu esti ons, sim ply contact us through our website : 30 Volu me 8 Issue 3 - Fall 2006 Blacklistedl411 ~Ii1A=tL CA=ti)~ 10 1 BACK TO HARDWARE HACKING BASICS Written by: Zachary Blackstone Have you ever started what would otherwise be a simple hardware project only to find yourself deep in the middle of a journey through hardware hacking? It happens to me a lot more often than not. In fact, it happens to me so often, I've gotten into the habit of taking step by step notes and photographs along the way. It's a good idea for a many reasons. I'm going to share my latest experience with you because I thought it was somewhat interesting. I'd like to mention that I went overboard in my "testing" before doing any actual hardware hacking. I only ' partially' did this for presentation purposes. So, let's roll back three years. No, let's go back even further. Motorola was plugging away, producing a smart card system for various commercial uses. Their Smart Information Transfer (SIT) division was bought by Atmel in 1999. At the time, all of the smart card technology assets of Motorola passed onto Atmel. A few years later, a few Motorola offices throughout the U. S. closed up shop. One such office happened to be [relatively) close to the Blacklisted 411 Magazine offices . Being that the staff of BL411 are a bunch of technology junkies, we had an opportunity of looking over the assets of the office in question before they (Motorola) brought in the trash man to haul every1hing off to the dump. Typical of a office shutdown, there were plenty of cubicles, desks, chairs, shelving, components, paperwork, phone systems and various other office knick knacks up for grabs. It was a free for all. Luckily, we were one of the first to the scene, so we had first dibs on most of the items others might overlook - programmers, internal memorandum, tech notes, technologies of all types, etc. However, we found one interesting stash we hadn't conceived. Piled away in one room was the remnants of their former SIT division's latest project. It was a fUlly manufactured Smart Card. No, not just the smart chip. Rather, a smart chip embedded within a credit card sized (CR-80) plastic card. And I'm not saying there was only one of these. Try "hundreds-of-thousands" on for size. First thought at the time was, "cool, they're free so let's take 'em all!" And take all of them we did. Thank you Motorola! Ok, fast forward to 2006. Early this year we introduced the first-ever hacker membership card to our subscribers. It was met with an overall warm response. Ok-that'll do. So, I've been considering my options for a new membership card for the 2007 year. I've thought about doing another one made from stainless steel just like the 2006 model. I've Figure 1 • X2 Coolsat Card Reader. considered producing them from brass or maybe even aluminum. I was sitting at my desk three days ago thinking about this topic yet again, while I was browsing the internet for something interesting to occupy my thoughts before everyone else arrived at the office. Low and behold, I stumbled upon the free to air (FTA) satellite receivers again (a SUbject for another article, perhaps). I really dig the X2 Coolsat 6000 model., so I began my standard search pattern. Check google, check ebay, take notes and compare. I immediately noticed the X2 Coolsat Smart Card Readers (figure 1). At that moment, it occurred to me that we still had those smart cards in the warehouse-somewhere. I dropped every1hing and proceeded to recover those cards. After an hour of collecting dirt and dust on my brand new Hack the System shirt while digging through shelving unit after shelving unit, I located the MIA cards. I grabbed a small box of 1000 cards and brought them back to my desk. I pulled out a handful of them and started taking mental notes about the physical characteristics of the card. I immediately noticed a small anomaly-at least what I considered to be a possible problem. The pad layout of the smart device didn't look quite right. It appeared to have 10 solid pads (figure 2). We all know that ISO 7816 (the standard by which all smart i cards are designed) specs out an 8-pin pad. Hmmm. I began my search for , tech docs on the smart card. A brochure, a tech spec doc from Motorola... , from Atmel. A photograph of the card from any other source on the net. Nothing. Figure 2 • Smart Card with 10 pin lay out. I decided to do some destructive testing of the card. The first sacrificial lamb was stripped of the plastic backing (behind) the smart device (figure 3). My intent was to expose the chip inside of the card and find the identifying chip part number. After taking a blade to it, the plastic didn't put up any notion of a fight. It was clear, however, that there was no markings of any kind. I went a step further and separated the chip from the gold pad leads, hoping I could discover something useful. I was successful in this attempt. Not only did I learn that the chip was well connected to the gold leads I was trying to remove it from, but I also noted that the chip had 6 connections. ISO 7816 only utilizes 6 signal/power lines. Ok, so I had a little more info. It was starting to add up. Figu re 3 • Smart chip exposed, no markingsl Blacklisted l 411 Volume 8 Issue 3 - Fall 2006 31 Figure 4· Photo on left clearly shows that the Smart Chip (SC) is offset slightly higher than a standard ISO 7816 sample card.. Photo on right shows that both chips are placed in identical horizontal locations. Additionally, I cut up a few more cards , trimming away two sides of plastic away from the card so I could compare the pad layout to a known 7816 compliant card (Dish Network access card). See figure 4. What I found what that the spacing was off ever so slightly. Essentially, the middle six pins appear to line up within a 7816 socket, but the outer four pins don't quite cut it. I marked the card accordingly with the corresponding pin designations. I'll check that later. I also noted a few wires around the outer edges of the card when I cut them. That was unexpected ! Eventually I posted about this topic on the BL411 forum and one of the staff responded with a tidbit that set me in the right direction. Deadpainter (a staff member) suggested that the card looked similar to the Calypso Card (used for fare collection) . I checked out the link and immediately focused on the embedded smart device's pad layout. Strikingly similar, to say the least! It too had a 10-pin layout. Ahh, I felt as if I was on the right track. In addition to this I also noted that the brochure mentioned that the card-the 10-pin card-was ISO 7816 compliant. Interesting. It's also IS014443 (A&B) compliant., which is for a contactless connection , opposed to ISO 7816 for CONTACT connection. So, the card has both contact and contactless standards. I was extremely intrigued by this discovery . I went back and looked at the card I had cut and noticed that it indeed has a loop antenna embedded within it. It has exactly three loops all the way around. I took the time to determine the layout of the embedded antenna . So, it looks like we have a dual standard card in our grasp. I'll get back to this subject later on in the article. Ok, now I'm going to backup a little and explain ISO 7816, ISO 14443 and try to get everyone up to speed on the lingo. Overall, it's pretty easy to get a handle on, so you guys shouldn't have any trouble following along. ISO 7816 is an international standard by which electron ic cards, in this case smart cards, are described and manufactured . There are several parts to the standard which I will only touch on very lightly. 7816-1, that is part 1, describes the physical characterist ics of the standard . It was created in 1987 (yeah, a long time ago) and updated as late as 2003. It describes exposure limitations to x-rays, UV light, EMF and temperature . It goes on to define how far much stress the card should be able to withstand by bending or flexing. Surprisingly, these cards are a lot tougher than you'd think. 7816-2 defines the dimensions and locations of the contacts. This part was created in 1988 and last updated in 2004. describes the number, function and position of the contacts . A table which identifies the ISO 7816-2 standard is below. Contact Designation Use Cl Vee Powe r connection through which opera ting powe r is supplied to the micropr ocessor chip in the card C2 RST Reset line through whic h the IFD can signal to the sma rt card's micro processo r chip to initiate its reset seque nce of instructions C3 CLK Clock signal line through which a clock signal can be provided to the microprocessor chip. This line control s the operation speed and provides a com mon framework for data communica tion betwee n the IFD and the ICC C4 N/C No co nnection . Reserved for future use. CS GND Gro und line providi ng common electrica l ground between the IFD and the ICC C6 Vpp Program ming power co nnection used to program EEPROM of first generation ICCs. C7 110 Input/out put line that provides a hal f-duplex communication channel betwee n the reader and the I smart card . C8 N/C No co nnection. Reserved for future use. 1 I'm going to skim over the next few parts 0I11y because they're outside of the scope of this article. 7816-3 describes the electronic signals and transmission protocols. 7816-4 describes the industry commands for interchange. 7816-5 describes number system and registration procedure for application identifiers. 7816-6 describes industry standard elements . It goes on through part 15 which specifies cryptog raphic functionality. 32 Volume 8 Issue 3 - Fall 2006 Blac klisted I 411 ISO/IEC 14443 is a four-part international standard for Contactless Smart Cards operating at 13.56 MHz in close proximity with a reader antenna. Proximity Integrated Circuit Cards (PICC) are intended to operate within approximately 10cm of the reader antenna. These proximity "contactless" cards are typically of credit card sized form factor (which is separately defined by ISO 781Q-yeah, all this ISO stuff can get confusing) . This standard consists of four parts and also describes two types of cards: type A and type B. The difference between the type A and B are with respect to modulation methods . Part 1 defines the size and physical characteristics of the card. It also lists several environmental stresses that the card must be capable of withstanding without permanent damage to the functionality. These tests are intended to be performed at the card level and are dependent on the construction of the card and on the antenna design; most of the requirements cannot be readily translated to the die level. The operating temperature range of the card is specified in "Part 1 as an ambient temperature range of O°C to 50°C. Part 2 defines the RF power and signal interface. Two signaling schemes , Type A and Type B, are defined in part 2. Both communication schemes are half duplex with a 106 kbit per second data rate in each direction . Data transmitted by the card is load modulated with a 847.5 kHz subcarrier. The card is powered by the RF field and no battery is required. Part 3 defines the initialization and anticollision protocols for Type A and Type B. The anticollision commands, responses, data frame, and timing are defined in Part 3. The initialization and anticollision scheme is designed to permit the construction of multi-protocol readers capable of communication with both Type A and Type B cards. Both card types wait silently in the field for a polling command. A multi-protocol reader would poll one type of card, complete any transactions with cards responding, and then poll for the other type of card and transact with them. Part 4 [ISOIIEC 14443-4:2001(E)) defines the high-level data transmission protocols for Type A and Type B. The protocols described in Part 4 are optional elements of the ISOIIEC 14443 standard; proximity cards may be designed with or without support for Part 4 protocols. The PICC reports to the reader if it supports the Part 4 commands in the response to the polling command (as defined in Part 3). Ok, now that I've given you a short lecture on the ISO's involved with smart cards, let's get back to the hardware hacking. Many of the readers would probably ask me, "why don't you just shove the card into a standard smart card slot and see what happens?" Well, anyone who actually knows me, wouldn't bother asking as they know I'm a stickler for the details. I like to research an unknown as much as possible before I dive in. It's all about saving my equipment from certain death. If you've ever taken an electronics class, just think back to the guy in the corner who's projects blow up when power is applied . That guy isn't me. :-) Now, given the information I have, I'm reasonably certain that middle six pins of MY card will line up with a standard ISO 7816 socket. Next step is to insert the card into a socket which isn't powered up so I can visually confirm pin alignment. Sounds easy, right? By all accounts, it should be a piece of cake to jump through this hoop and move onto the next step. Figure 5 - Example of standard Smart Card inserted into ISO 7816 socket. If you go back and look at figure 4, you'll notice that the slight difference in height of the placement of the smart device on my card should make a difference when inserted into a socket. I attempted the procedure and just as I suspected, the pins of the socket align perfectly with the middle six pads of the card. However, the top 2 pads and the bottom 2 pads don't align with any of the pins of the socket. The sockets pins C4 and C8 don't mate up with the card, but that's OK since both of those pins are designated "N/C" or "No Connection" anyway. That means they're not used... .yet. It appears that C1, C2, C3, C5, C6 and C7 (all necessary for complete connection to a smart card) are actually making contact with the card. This is a very good sign that the card will work in a standard ISO 7816 card reader and encoder. Blacklistedl411 Volume 8 Issue 3 - Fall 2006 33 .. Figure 6 shows a scan of the actual smart chip contacts from my smart card. I've superimposed the contact designations which are derived from where the pins of the card socket connect when the card is inserted. What bothers me is the top right corner, that I've indicated with an arrow. If you look at a normal smart card's contacts, the upper right corner, which is always electrically connected to the middle of the device, is the ground or C5 designation. The fact that the socket places C5 at the contact just below the corner really bothers me and makes me second guess "just plugging it in". Vcc and Gnd across the wrong pins of a device can spell sure destruction of said device. The likelihood of destroying my equipment? Not likely, but possible nevertheless. I need to find some additional evidence that this is the correct pinout. Some specs on the device would be very useful right about now. Chances of me getting the needed documents? Unlikely. Ok, so off to the bench to do some quick Figure 6 • Scan of our smart device. comparative testing to determine if I'm on the right track or not. To further describe the difference between the contacts of the standard 1507816 and my card, I'm going to draw up a couple of samples of the standard card and my card to illustrate how the connections are being made in the socket. Vee CI - I - CS Ground Reset C2 - - C6 Vpp Clock C3 - - C7 I/O - N/C C4 - I - Figure 7· Standard Smart Card Pinout C8 N/C I Vee CI - - CS Ground Reset C2 - - - C6 Vpp Clock C3 - - C7 I/O I Figure 8 • My Smart Card Pinout What's the easiest way to test for Vcc and Ground? Who needs fancy equipment. Use a multi-meter and check for resistance. You'll almost always get a reading across VccJ Gnd. Naturally, I have just the tool I broke out my handy dandy Metex multi-meter (it's an old model M-4650 of 80's flavor) and did some quick measurements. First, I checked the satellite card to ensure I was getting a good read off a • known Vcc and Ground pair. I then went over to the , unknown card and tested across the very top two pins (figure 10). No reading. I then tested across the next two (figure 11). Bingo! Sure enough, the corresponding pins that I designated as C1 (Vcc) and C5 (Ground) above in figure 6 was very likely to be correct. What do the pins above these two do? Not sure yet. I'm not too interested in those pins '~L . ..... ~_ right now. I'm delighted that it looks like this card may be 7816 compliant for the most part. It may not be compliant with ISO 7816 Part 2 with regard to C4 and C8 not mating up, but that's beside the point. Figure 9 • My extensive testing of the two cards. 34 Volume 8 Issue 3 - Fall 2006 Blacklistedl 411 .. Figure 10· I first tested across these points. No reading at all. Probably not VcclGnd. .. Figure 11 - I then tested across these points. I got a valid reading. Very likely to be VcclG nd. At this point, I believe it's safe to assume that figure 6 is correct. Now onto the real tests. I'm going to install my smart card reader and try to read one of these cards. Of course, my first thought was to create my own reader. Bargain basement pricing smart card readers are under $20 now, so why bother? Upon closer inspection of my smart card reader, I realize that it's not Windows XP compatible - no drivers for it. Sure, the reader is compatible with ISO 7816-1/2/3 standards and T=O, T=1 microprocessor card protocols, but sadly no XP support. I'm not about to setup a 2000 box for this project. Does anyone even remember Windows 2000? It was awful. Ok, so it looks like it's time for me to shop for a new Smart Card Reader. Fig ur e 12 - First attempt. SCM Microsystems Model SCR3310 (on the right) and Mo del 5 0 /010 (on the left) . Both appear to support Windows XP and are touted as readerlwriter units. So, after a little bit of research, I decide to try a couple of the SCM Microsystems models. The SCR3310 seems to be well suited for my purposes, but I also picked up a SDI010 because it has "contactless" support. Remember that embedded antenna I found inside of the card? Well, I think it's worth a shot looking into that a little more. And why not, these card readers are relatively inexpensive, plus SCM Microsystems was gracious enough to send us some test subjects on their dime. Thanks guys. You can check them out at www.scmmicro.com Blacklisted I·411 Volume 8 Issue 3 - Fall 2006 35 Figure 13 - Second attempt. Gemplus Model GCR410 (on the lett} and HackerHomepage " hous e model" (on the right) . Both appear to be decent product, however the old school feel of the house model really does it for me. Additionally, I spoke with the guys over at Hackers Home Page because when it comes to interesting hardware, they're the place to contact. I told them about the article I was working on and what I was looking for, hoping they'd have some suggestions for me. Not only did they have suggestions but, without hesitation, they sent out a couple sample units for me to play with, The first was their own generic smart card readerlwriter and the other was a Gemplus GCR410 universal smart card reader/writer. I can't believe the excellent support I'm getting for this article. Visit Hackers Homepage at www.hackershomepage .com - they have a very interesting selection of gadgets, A few days later, I had some packages waiting for me at the office when I stumbled in around 11AM (yeah, had a late night... hey, even the old school hackers like to party). So, yeah, I had some packages waiting for me. Now that's what I like when I show up to work. I thought maybe I had another care package from the dude in NV who always sends us crazy off-the-wall junk. Nope, it was the card readers I had been so anxiously waiting on! I didn't waste any time, I grabbed the boxes and headed to the lab. Once in the lab, I busted out those smart card devices and began to look 'em over. At first glance, the Gemplus GC410 really caught my eye. What a nice piece of work it is. The SMC Microsystems SCR3310 first appeared to be another run of the mill card reader, but I immediately took note of the classy packaging. Yes, I pay attention to such details. Anyhow , the reader had a good feel to it-definitely a well manufactured item. However, the unit was not bundled with any software which is a drag. The SMC SOl010 is a contactless/contact smart card reader. This was packed just as nicely as their other model. However, my first impression of the item was that it was a few notches better than the other model. I couldn't wait to try this one out and see how that contactless mode worked. Last reader I checked out was the "generic· unit from Hackers Home Page. At first glance, this one looked a little low- end. But let me tell you something, it was the most interesting of the bunch. The bundled software is pretty slick and looks powerful enough for my needs. Again, looking forward to trying this one out. I connected the SCR3310 model first. It was a relatively easy install. However, the unit didn't come with bundled software which was a bummer. So, now the search for some generic Smart Card software begins. Where better to start than the SCM Microsystems website. I visited www.scmmicro .com and immediately found their product driver page. I downloaded the version 4.14 drivers and the V8.06.001 English installer for firmware revision V5.21. Installation was easy and no problems encountered. The device was recognized immediately and everything appeared to be functioning correctly. I checked out the developer tools and utilities section of their website. I was somewhat displeased with the selection of tools, so I went elsewhere . After only minimal searching , I found IS07816Prog and SmartCache (www.smartcache .net). Both files are generic software for use with 'any' smart card reader. Seems like it might just what I was looking for. Ok, so SmartCache looks like it might be handy. However, IS07816Prog proved to be a useless program with no support whatsoever, so I continued my search for another piece of software. More on this subject later... After extensive destruction of several cards , I was able to determine the antenna pattern and electrical connections. The antenna consists of three loops of very thin gold wire which is laid out near the outer edge of the card. The antenna has leads running directly into the area of the smart chip. I'm not sure if it's connected to the actual smart chip itself or a secondary chip which is located near the smart chip. While this could be a completely proprietary setup, it's more likely that it's either a 125Khz proximity card or a 13.56Mhz contactless smart card. Given the age, I'm going to go with the 125Khz proximity card type. However, RFIO was around in 2003, so it's possible that this could possibly be a genuine contactless smart card running at 13.56Mhz. Only the original docs for this card or physical testing will reveal it's true nature. 36 Volume 8 Issue 3 - Fall 2006 Blacklisted I 411 'r -y.' ~ 3 LOOPS OF GOLD WIRE ~ Sample F(F • Motorola Smart Card '-~ ~ Figure 2 • Smart Card Embedded Antenna. Since Motorola sold off their SIT division and Atmel doesn't have any idea what I'm talking about, it looks like we're going to have to resort to physical testing. Hey, that's ok. I live for this shit. I'd like to first focus on the older 125Khz proximity "standard" (I put that in quotes because it was a very loose standard) and, if that doesn't work, move forward to the 13.56Mhz contactless RFID/smart card standard. If neither work, it's possible that Motorola came up with their own proprietary design in which case, I'm probably out of luck. Figure 13· SmartCache screen shots showing data from a sample file. Ok, back to software for a minute. After fiddling around with smartcac he for awhile, I've decided that I really just don't care for it very much. Wh ile it does an OK job of reading the cards, it doesn 't offer too much as far as cool features . In fact , I'm having a difficult time locating any decent software for this phase of the article, so I'm going to have to cut the article short while I try to drum up some additional software. So, until next time, keep on hacking. Blacklist ed I 411 Volume 8 Issue 3 - Fall 2006 37 Build and program two high-quality SUffioBot robots designed to wrestle in the mini-sumo competition ring (included in the kit)! The electronics consists of asurface-mounted BASIC Stamp 2 module and an array ofinfrared sensors todetect your opponent and the edge ofthe Sumo Ring. Additional components include plezospeakers, resistors, push buttons and LEOs to build custom breadboard circuits for program mode selection and sensor state feedback. The hardware package Includes black anodized aluminum chassis and scoops, servo motors, wheels, 4AA power packs (batteries not included) mounting standoffs, and screws for two complete SumoBot robots. SIJI11)I..IJS SC)IJI1(~I~S Your Electronic Hobby / Repair Source list Here's a small list of new and surplus electronics sources you may find useful if you're trying to build a project or repair a piece of equipment. We've (lone business wit" all of these companies and personally recommend them to anyone. Don't forget to mention where you heard about them. Ifyou want a company listed, contact us. Action Electron ics Advanced Component Electronics 1300 E Edinger Ave # B, Santa Ana , CA 92705 1534 Berger Dr. San Jose, CA 95112 (714) 547-5169 (408) 297-1383 http://www .action -electronics.com/ http ://www .acecomponents.com Active Surplus Advanced Computer Products 347 Queen Street West 1310 E Edinger Ave # A, Santa Ana, CA 92705 Toronto , M5V 2A4 CANADA (714) 558 -8813 (800)465 -5487 (416)593 -0909 Http ://www .acpcomponents.com http://www .activesurplus.com All Electronics Corp . Active Electron ic Supplies Depot P.O. Box 567, Van Nuys , CA 90408 2015 -32nd Avenue N.E. (818) 904 -0524 Calgary , Alberta, Canada T2 E 6Z3 http ://www.allcorp .com/allcorp/ (403)291 -5626 http://www .active-tech .com Alltech Electronics Active Electronic Supplies Depot 1300 E Edinger Ave # 0 , Santa Ana , CA 92705 6029 -103rd Street (714) 543 -5011 Edmonton , Alberta , Canada T6H 2H3 http ://www .malltech .com/ (780)438-0644 http://www .active-tech .com Alltronics 2300-0 Zanker Rd. San Jose , CA 95131 Act ive Electron ic Supplies Depot (408) 943 -9773 1350 Matheson Blvd . Unit 2 http://www.altronics.com Mississauga , Ontar io, Canada L4W 4M1 (905)238-8825 American Design Components http://www .active-tech.com 400 Country Ave ., Secaucus, NJ 07094 800-776-3800 Active Electron ic Supplies Depot 6080 Metropolitain East American Science & Surplus St-Leonard , Quebec, Canada H1S 1A9 P.O. Box 1030, Skok ie, IL 60076 (5 14) 256-7538 (847) 647-0010 http://www .active-tech.com http ://www .sciplus .com Active Electronic Supplies Depot 5349 Ferrier American Science & Surplus Montreal , Quebec , Canada H4P 1M1 5316 N. Milwaukee Avenue (5 14) 731-7441 Chicago,IL http://www .active-tech.com (773)763-0313 http ://www .sciplus .com Active Electron ic Supplies Depot 1023 Merivale Rd. American Science & Surplus Ottawa , Ontario , Canada K1Z 6A6 33W361 Route 38 (1/4 mile east of Kirk Road) (6 13) 728-7900 West Chicago, IL http://www .active-tech.com (630)232-2882 http ://www .sciplus.com Active Electronic Supplies Depot 1990 Jean -Talon SI. North Suite 109 American Science & Surplus Ste. Fay, Quebec , Canada G1N 4K8 6901 W. Oklahoma (4 18)682- 1130 Milwaukee, WI http://www.active-tech .com (414)541 -7777 http ://www.sciplus .com Active Electronic Supplies Depot 3790 Victoria Park Ave Suite 100 Ax-Man Surplus Toronto, Onta rio, Canada M2H 3H7 1639 University Avenue (416) 498-9886 SI. Paul , MN 55104 http://www .active-tech.com (651)646-8653 http ://www.ax-man .com/ Active Electronic Supplies Depot 3695 East 1st Ave Ax-Man Surplus 2 Vancouver, British Columbia, Canada V5M 1C2 1071 East Moore Lake Drive (604) 654- 1057 Fridley , MN http ://www .active-tech .com (612)572-3730 http ://www .ax-man .com/ Active Electronic Supplies Depot 106 King Edward SI. East Ax-Man Surplus 4 W innipeg , Manitoba , Canada R3H ON8 8008 Minnetonka Dlvd. (204) 786-3 131 SI. Louis Park , MN http ://www .active-tech .com (612)935-2210 http ://www .ax-man .coml Blacklistedl 411 Volume 8 Issue 3 - Fall 2006 39 B. G. Micro Electron ic Surpl us Inc. 555 N. 5th Street, Suite 125 Garland , TX 75040 5363 Broadway Ave ., Cleveland , Ohio 44127 (800) 276-2206 (216) 441-8500 http://www.bgmicro.com http://www .electron icsurplus .com/ Ball Electronics Electronics Warehouse 2960 W Ball Rd, Anaheim , CA 92804 2691 Main St, Riverside , CA 92501 (714) 828-1310 (909) 686-6186 http://www .the-ewarehouse.com/ Bob Roberts bob147@bellsouth .net Ford Electronics http://www.dameon .neUBBBB/parts.html 8431 Commonwealth Ave, Buena Park, CA 90621 (714) 521-8080 Boeing Surplus Sales http://www .fordelectronics.coml 2065 1 84th Avenue S. Kent, WA Future-Bot Components (425)393-4065 203 N. Pennock lane, Jupiter, Flo 33458 http://www.boeing.com/assocproducts/surplus/retail/ (561) 575-1487 http://www .futurebots.coml C & H Sales 2176 E. Colorado Blvd., Pasadena , CA 91107 H&R Company , Inc. (800) 325-9465 353 Crider Avenue, Moorestown, NJ 08057 http://www.aaaim.comlCandH/ (856) 802-0422 http://www .herbach .com/ Cal's Computer Warehouse 3083 Grandview Hwy Halted Specia lties Co. (HSC) Vancouver , BC V5M 2E4 3500 Ryder Street , Santa Clara , CA 95051 (604)437-5551 (800) 4-HAlTED http://www .goseeca l.com http://www .halted .com/ California Electronic & Industrial Supply Hi-Tech Surplus 221 N Johnson , EI Cajon CA 92020 605 #. 44th St., Boise 10 83714 (6 19) 588-5599 (208) 375-7516 http://www.californ iaelectronic .com/ http://www .hitechsurplus.com Circuit Specialists Hoffman Industries P.O. Box 3047, Scottsda le, AZ 85271-3047 853 Dundee Ave., Elgin, Il60120 (800) 528-1417 (847) 622-8201 http://www.cir.com http://www .hoffind .com Davilyn Corp. Hosfelt Electron ics 13406 Saticoy St. 2700 Sunset Boulevard Steubenville , OH 43952-1158 North Hollywood , CA 91605-3475 (800) 524-6464 (800) 235-6222 (818) 787-3334 http://www .hosfelt.com Http://www.davilyn .com International Components Coporation DC Electronics 1803 NW lincoln Way , Toledo OR 97391-1014 P.O. Box 3203, Scottsdale , AZ 85271-3203 (800) 325-0101 (602) 945-7736 http://www.dckits.com Jameco Electronics 1355 Shoreway Road Belmont , CA 94002-9864 DIGI-KEY Corporation (800) 831-4242 701 Brooks Avenue South, Thief River Falls , MN 56701 http://www.jameco .com (800) 344-4539 http://www.digikey .com JDR Microdevices 1850 South 10th Street San Jose, CA 95112-4108 Edlie Electronics (800) 538-5000 2700 Hempstead Tpke ., levittown, NY 11756-1443 http://www.jdr .com (800) 645-4722 http://www.edlieelectronics.com/ JGl Components , Inc. 455 Aldo Avenue , Santa Clara , CA 95054 Edmund Scientific (408) 980-1100 101 E. Gloucester Pike, Barrington , NJ 00807 -1380 http://www .jglcomp .comlhtmllindex.html (609) 573-6250 http://www.edsci.com Johnson Shop Products P.O.Box 160113, Cupert ino CA 95016 Electronic Goldmine (408) 257-8614 PO Box 5408 Scottsdale, AZ 85261 (800) 445-0697 Just In Time IC-s http://www.goldmine-elec .com/ 4450 Enterprise St #113 , Fremont , CA. 94538 (510) 490-1377 Electronic Materials Recovery , Inc. http ://www .batnet.comfjustintime/xtal.html 3102 W. Thomas Road, Suite 902 Phoenix,AZ 85017 (602) 272-3200 Kelvin Electronics email: emcphx@xroads .com 7 Fairch ild Ave , Plainview NY 11803 (800) 645 -9212 http://www .kelvin .com 40 Volume 8 Issue 3 - Fall 2006 Blacklistedl 411 Mark Capps Sav-On Electronics 1842 Chrysler Dr Atlanta, GA 30345 13225 Harbor Blvd, Garden Grove, CA 92843 catfishh@bellsouth.net . (714) 530-0555 Marlin P. Jones & Assoc . Skycraft Parts & Surplus Inc. P.O. Box 12685 Lake Park, FL 33403-0685 2245 West Fairbanks Ave, Winter Park, FL 32789 (407) 844-8764 (407) 628-5634 http://www .mpja.com http://skycraftsurplus.com MCM Electronics Surplus Sales of Nebraska 650 Congress Park Dr., Centerville, OH 45459-4072 1502 Jones St., Omaha , NE 68102 800-543-4330 (402) 346-4750 www .mcmelectronics.com/ www .surplussales.com Mendelson Electronics Surplus Shed 340 E First St Dayton, OH 45402 8408 Allentown Pike, Blandon, PA 19510 (937) 461-3391 (877) 7-SURPLUS http://www .mecLcom/ http://surplusshed.com/ Mouser Electronics SURPLUS TRADERS 958 North Main SI. Manfield , TX 76063 PO Box 276, Alburg, VT 05440 (800) 346-6873 (514)-739-9328 http://www .mouser.com http://www .73.com MWK Industries Unicorn Electronics 1269 W. Pomona, U112, Corona, CA 91720 1142 State Route 18 Aliquippa, PA. 15001 (909) 278-0563 (800) 824-3432 http://www.mwklasers .com/ http://www .unicornelectronics.com/ Ocean States Electron ics Vetco Electron ics PO Box 1458, 6 Industrial Drive, Westerly RI 02891 12718 Northrop Way (800) 866-6626 Bellevue, WA 98005 http://www .oselectronics .com (425)641-7275 http://www .vetcoelectron ics.com/ Orvac Electronics 1645 E Orangethorpe Ave, Fullerton , CA 92831 Weird Stuff Warehouse (714) 871-1020 384 W. Caribbean Dr., Sunnyvale, CA 94086 (408) 743-5650 R-Vac electronics http://www .weirdstuff.com 23684 EI Toro Rd # 0 , Lake Forest , CA 92630 (949) 586-1210 RA Enterprises 2260 De La Cruz Blvd., Santa Clara, CA 95050 (408) 986-8286 http://www .angelfire .com/free/proto.html WWW.HACKERSHOMEPAGE.COM • VENDING MACHINE DEFEATERS • GAMBLING MACHINE JACKPOTTERS • MAGNETIC STRIPE READER/WRITERS • CONTROVERSIAL HACKING MANUALS • EMP DEVICES, RADAR JAMMERS • LOCKPICKS, SMART CARD READERS OUR 10th YEAR IN BUSINESS! (407)965-5500 Blacklistedl 411 Volume 8 Issue 3 - Fall 2006 41 r- D J4Pt TER U ,~ The ta lent of digging up valuab le items from a hea p of garbage By Trash-O X O You may have heard the term "dumpster diving" a few times and wondered to yourself what it's all about. It's easy to imagine it as a sport of some kind where someone jumps off a roof into a dumpster. I mean, there have been much more crazy "sports" out there, so why not? Maybe, but that's not what it is. In fact, dumpster diving isn't really a sport but rather a way of living. In a nutshell, dumpster diving is nothing more than the act of digging through the trash. I'm sure you know what a "trash digger" is, right? Dumpster diving is what a trash digger does, most likely to make a living or to obtain something with perceived value for no cost at all. According to the dictionary jargon file, Dumpster Diving is defined as: "The practice of raiding the dumpsters behind buildings where producers and/or consumers of high-tech equipment are located, with the expectation (usually justified) of finding discarded but still-valuable equipment to be nursed back to health in some hacker's den. Experienced dumpster-divers not infrequently accumulate basements full of moldering (but still potentially useful) cruft." Ok, but digging in the trash to make a living?! What, are dumpster divers bums or something? Not really. While you'll find your average bum, hobo, transient, etc digging in the garbage for food, clothing or cans to recycle, this isn't the same breed of people we're going to talk about in this article. We're going to focus on the people who seem normal (ie: have a job, money, a home and most like a family as well) and find it worth-while to hop into the trash... Jor some reason. Face it, a lot of people find value in other people's refuse. One person may believe something to have no value while another believes differently. This concept is what has made the idea of dumpster diving become so popular. In fact, it's such a popular subject, that there are websites devoted to the topic. Now, that's pretty amazing. Ok, so let's get on with the article. One day, you might come along a dumpster such as the one pictured to the right. "Yeah, so what?" you may think to yourself. It may seem just like any other dumpster, but what makes this one so different from your run of the mill dumpster is the fact that there's some hidden value in this otherwise plain looking garbage. The lay person would never notice this, so don't feel bad. The experienced dumpster diver would immediately recogn ize the obv ious electronic equipment sitting on the top of the heap as being somewhat valuable. This would normally be enough to persuade further investigation (ie: digging a little deeper). Upon a detailed inspection of the contents of this dumpster, the number of valuable items obtained was large. The final results were quite staggering and a real eye opener. Gathered up were about two dozen pieces of equipment total. A quick look on ebay proved to get an initial valuation of the equipment at roughly $200. The items were cleaned up, tested, and listed on ebay (some listed "as-is" because they did not function). I know, most people who read Blacklisted! 411 probably don't like to use ebay, but for the purpose of demonstrating "value" for the sake of a timely completion of this article, I decided to offload the items in this fashion to get quick results. So, the final tally once everything sold on ebay (everything was listed 3-day with no reserve) was over $700! To be honest, I was surprised by the total. income from the material. Everyone paid and the items were sent out. Done deal. The point is, the garbage found in this one specific example generated over $700 on the open market. Dumpster diving truly is a way to make some money, either on the side or for a full time living if you can handle it. Yes, these are ebay 42 Volume 8 Issue 3 - Fall 2006 Blackliste d I 411 prices, but it's only one example of how this kind of find can be later sold to generate some decent money . ~ERESHOULDILOOK? Where can you find scores such as the one described in this article? All over the place I However, I'll try to help guide you a r little bit so you can find your own treasure trash. Mainly , you will find these kind of dumpsters (the ones filled with cool junk) behind industrial business centers . You'll also find them being manufacturers of electronics and computers , but their trash tends to be locked up and inaccessible. One of the most overlooked places are the dumpsters behind THRIFT STORES - they toss a lot of stuff they don't think they can sell (you can find a lot of old computers and game consoles here) . You can also check electron ic/computer store dumpsters, bookstore dumpsters and video rental dumpsters. They all usually have something worth grabbing . If you're not sure, look in the local phone book for places such as the above and get their address . Go there and take a peek in their trash . It can't hurt . IS IT LEGAL TO LOOK THROUGH SOMEONE ELSES TRASH? Some cities and counties have laws against digging in the trash, so your best bet would be to ask the people/company who dumped the trash if you can have it. If they agree, there's no issue of possibly break ing the law to deal with. If they say NO and you dig anyway , there 's a good chance you'll get in trouble . You can take your chances, but remember, ignorance is no excuse for breaking the law. Be careful and check with your local city ordinances on the subject. Don't trespass and don't steal. Follow this and you should be fine. IS THERE ANYTHING I SHOULD DO OR A CODE OF ETHICS? Use some common sense and clean up any mess you may make during the process of a dumpster dive. In fact , even if you don't make a mess and there happens to be a mess near the dumpster you're diving into, clean it up anyway to avoid being blamed for it. Naturally , if you have to dig deep , you're going to end up making a mess. Clean it up when you're donel If anything , this will help to ensure the dumpster will not be fenced in at a later date. If there's a fence surrounding the dumpster , don't climb over it. The fence was put there for a reason , so respect it's limit.. If you hurt yourself during a dumpster dive, don't sue the owner of the trashcan since you went out of your way to get into the dumpster in the first place . Oh, and don't take the name ' dumpster diving' literally - in other words , don't actually ' dive' into the dumpster! Climb in, carefully . WHAT SHOULD I BRING OR WEAR? A vehicle is usually a good start, but you should at the very least have a bag or a box to contain any findings you may come across . Be sure you wear long pants and avoid wearing shorts . Bring some gloves as well . Further , you may wish to bring a bottle of water (or a key for a water faucet - a lot of business centers have faucets with no key on them) so you can wash your hands and a bottle of hand sanitizer. Try not to dress like a ninja (in all black) and dumpster dive at night - it looks too conspicuous and people will make complaint calls to the police. Bad idea. WHAT KIND OF STUFF CAN I FIND? It's fairly easy to assume you will be able to locate any of the follow ing if you look enough : Computers , televisions, stereos, VCR 's, DVD players , CD players, telephones, answering machines , electronic components, wire, test equipment, magazines , books , software , furniture , and many other items of value. What's somewhat interesting is that a lot of the electronic/computer ' reclamation' centers around today started with a guy digging in the trash . No, seriouslyl I can name at least three VERY well known places in the area which started this way. There 's still plenty of room for this cash-cow to spit out money for new people getting started . In closing , alii have to say is ENJOY YOUR DUMPSTER DIVING!! SOME INTERESTING WEBSITES TO VISIT: http://www.frugalvillage.com!dumpsterdiving.shtml http://www.dumpsterworld.com! http://www.phonelosers.org/dd.html http://members .aol.comITheDumpsterLady/thedumpsterlady.htm http://mytrashy .com! http://www.goddessofgarbage.com! http://www.allthingsfrugal.com!dumpster.htm http://www.thelivingweb.netldumpster_diving_for_fun_andJlrofit.html http://www .angelfire .comlks/mcguirkldumpsterdiving2.html http://www.net4tv .comlvoicelstory.cfm?storyid=3565 http://asuaf.org/-fsgpeldive.htm BlacklistedI 411 Volume 8 Issue 3 - Fall 2006 43 Greetings fellow collector. I have been collecting, buying and reselling integrated circuits (otherwise known as "chips"), electron ic parts and equipment since the early 1980's. In the time that I have been doing this, I have grown to know first hand many sources who deal in LESS THAN WHOLESALE priced chips, computer equipment, electronic equipment and parts. That's right, these items are available for pennies on the dollar and this is literally, not figuratively speaking. Some of the things you will be able to find at rock bottom prices: Intel, AMD, NEC and DEC gold chips, Macintosh computer equipment , EPROMs, EPROM programming equipment, vintage computers, chips, parts, newer equipment , computer parts, brand new excess inventory chips...the list goes on and on. Have you ever wondered about those $300 - $400 Intel C4004 chips for sale on ebay and wonder to yourself how much you cou ld get them for if you knew the sellers source? How does $40 per POUND sound to you? It takes quite a few of these chips to add up to a pound, so you can see the potential. The going rate for "gold" chips is in the range of $20-$45 per pound and you can buy this stuff all day long at those prices... IF you know where. The sources I will reveal generally don't care what the chips are, only their bulk value. This is where a person with the right knowledge can make a killing regarding resale of the same items. I've seen these sources come and go by the dozens over the years. What few of these sources remain have been a very well kept secret among the few in the know and to my knowledge, nobody has ever revealed these sources in an all in one information article before. What is about to be revealed to you isn't "fluff' like a lot of other informational articles or those "e-books" provide, you know the ones that claim they're going to reveal wholesa le sources to you and you end up finding out it's just a bunch of useless, and I use this term loosely, information. Anyhow, the information I will provide you with is specific hardcore rock bottom priced sources which other people use to obtain the parts they resell - even EBAY sellers! You can use this information right now and make money immediately! Furthermore, it won't break your wallet to stock up on some parts for immediate resale....or collecting. I'm officially out of the chip/equipment collecting/buying/selling business and since this highly secretive information no longer serves my needs, I'm going to spill the beans once and for all which will allow a whole new generation of collectors and entrepreneurs to access the massive opportunities us old-timers have had all to ourselves for decades. Are you ready? Be sure to check out each and every single one of these places and BUY, BUY, BUY as much as you can -- stock up and resell until you're blue in the face. Don't forget where you got this information, either -- a simple letter to Blacklisted! 411 telling them about the great deals you've found for yourself will do. I'm going to be listing salvage yards, obscure retail locations and swapmeet sources. These are all worth the time to visit and explore. First on the list is a favorite of mine: SILICON SALVAGE 1500 N. DALE ST REET ANAHEIM, CA 92801 TEL (714)523-2425 FAX (714)523-2552 EMAIL: sales@siliconsal vage.com URL: http://www.sili consalvage.com EBAY 10: SSINCI500 Type: Salvage Yard/Excess Inventory Contact: Chuck Hulse Alternate Contact: Dan (VERY cool guy) This is by far the most interesting salvage yard of them all. Not only are they huge, but they have a very wide variety of stock to choose from. The down side to this place is that they're very aware of EBAY and have started to price their items based on what they -might- get for it on EBAY. There's still room to haggle, so don't give up on this one. They're a bit on the moody side as well. One day they might be your best friend in the world, the next you might be treated like they never saw you before. It doesn't matter how much money you spend at this place, you're just another customer. Try to remain calm and friendly at all times (even in the face of apparent rudeness) and flash some money around (I recommend that you stick with cash only at this place). Whatever you do, don't waste their time and be sure to arrive no later than 2:30PM if you want to buy anything. If you want something from them, be prepared to follow through and spend on the spot. This place has an INCREDIBLE supply of used EPROMS in -excellent- condition (pins real straight, stickers still on therrr- nothing a little acetone bath won't fix right up). Going price is anywhere from $3nb to S5/lb for the EPROMs. Purchase them by the 5 gallon buckets. (roughly 55-651bs per bucket). Generally, the more you buy, the cheaper per pound rate you'll get. You won't find a better deal on better quality used EPROMS than this place! They also have a great selection of overstock components, sometimes still in the rails - be prepared to pay a bit of a premium on these (whatever they feel like charging you that day). Whatever the price, you'll still be getting a killer deal on the components. This place has a fully functional scrapping business going on each and every weekday - what this means is you will have access to incredible amounts of recovered chips....if they're not recovering them already, tell them what you're looking for and how much you'll pay for them (if ceramic/plastic, offer $4/lb - $5/lb, if INTEL brand chips, offer $6nb • $7/lb) and they'll usually start saving them for you. Come back once a month and collect your spoils. This is a great way to stock up on old obsolete 6500, 6800, 68000, Z80 series processors and the support chips. I've found that with a typical purchase from this place, 98 out of 100 chips are typically GOOD functional product. If you want gold plated Intel chips from these people, be prepared to pry soine hands. If you're not equipped with the proper information, they'll hmm and haw and play the price dance with you. Just be prepared to spend $4onb and offer it right from the start. Things will go more smoothly once you do this. Trust me. 44 Volume 8 Issue 3 - Fall 2006 Blacklistedl 411 If you're looking for laser equipment, this place usually has an interesting supply of such material. I've seen everything from HeNe's to full blown argon setups complete with power supply, fully functional and CHEAP! I once helped arrange a deal for a friend on a huge load of laser equipment from Silicon Salvage and the entire load only cost S700 -- not badconsidering the amount of lasers. The person whom which I arranged the deal for turned the lasers around and made S7000 cash while keeping two of the argon lasers for himself. How's that for some fast cash? Only one dead HeNe in the pile - everything else was top notch product ready to sell. Do you want hard drives, Macintosh computers, Silicon Graphics machines, network cards, ram chips or anything else computer related? This is by far one of the largest computer scrappers I have ever seen. Again, pennies on the dollar for GOOD stuff] You will lind things like Seagate Barracuda, IBM, Maxtor and WD hard drives, DIMMs, netgear, 3Com and Intel network cards, IDE, SCSI, Fiberchannel, etc. The selection is quite stunning and very impressive. If you're looking for scrap circuit boards, boy this is the place to be. I found a pile of Tektronix 1240DI and 1240D2 (9 channell IS channel) acquisition cards headed for the grinder. I obtained them for S5/1b. Needless to say, this was an excellent price. I managed to lind a couple of 1'6460 PODs the same day which were thrown in to the pile for free. Wow! I've also found tons of old arcade game circuit boards heading into the same grinder-bound pile. Everything from old Atari Asteroids, Tempest and Spaceduel boards to more rare Cinematronics boards. All were in non working condition, but easily repaired (nothing physically damaged on them). Again, SSlIb. Can't beat that with a stick, I tell ya! If you're looking for old equipment, they've got that too.... and lots of it. EPROM programmers, o-scopes, muhimeters, Huntron Tracker circuit testers, Tek 1241 logic analyzers, they have it... or will have it sometime soon. God, the selection is simply stunning! The equipment comes and goes all the time, so tell them what you want, tell them you'll I' AY and give them a way to get ahold of you. Let me give you some for instances. What's the going rate for a Huntron Tracker 2000? How about the Tek 1241 logic Analyzer? How about a Data VO 29B with LogiPack and Unipack 2B? I found each and every one of these for S25 each at this place. Fully functional and worth every penny! This was a time when the Tracker was going for S700 on ebay, the 1241 was going for S1500 on ebay and the Data II o was going for a cool S300. Times change and prices fluctuate, but I know you'll get a great deal on anything you buy from these people. GOLD'N WEST SURPLUS 346 AMERICAN CIRCLE CORONA, CA 92880 TEL (909)340-1 SOI FAX (909)340-1504 Email: sales@goldnwestsurplus.com URL: hl1p:/Iwv.w.goldnwestsurplus.com Type: Salvage Yard Contact: Mark Pickering This one is an oddity . If you walk in the front door, to the right you will lind yourself in a retail-style used computer showroom. Don't bother with it. Ask the receptionist if you can check out the yard and warehouse. You may get an OK or they may just ask you what you're looking for - your mileage may vary here. Just so you're prepared, this is what they have. When you walk into the warehouse, the lirst thing you will notice are racks and racks and racks of old useless POS dot matrix printers. Stay away from this junk . Focus on the circuit board salvaging. They have a full service board scrapping business going on in here. They have the most incredible selection of gold plated chips I have ever seen in a scrap yard. You'll pay S30-S401lb for these, but you can pick and choose . I've personally purchased a small pile of white ceramic Intel C4004 and Intel C 1702 E1'ROMs from them lor S301lb. I turned those around quickly and made bank. Another time, I found a handful of CSOOS chips and a handful of the super rare G800S chips for the same S3011b. The GSOOS's sold for over SSOO each to some very eager collectors! Anyhow , when I was there, I mainly focused on the EPROMs they had for sale at S4/1b- S5/1bwhich was easy to tum around for S6-SI 0 per 27C4004 EPROM at the time. While the quality wasn't nearly as good as that of Silicon Salvage, they had a lot to pick and choose from - and you could buy as much (or as little) as you wanted. No "by the bucket" minimums here. The deals are so great though, that you may lind yourself buying a bucket or two anyway. Aside from the EPROMs were tons of boards coming through with 6S000 microprocessors. I scrapped a few myself and bought them at SS/lb. Every single 6S000 was in perfect condition and was tested GOOD. Anyhow , they have boards coming through with all the old 6500, lSO, 6S00, 6S000 processors as well as 4116, 2114, 6116, 6164 RAM chips. It's a part lovers dream particularly with the low prices. You'll be able to spend days on end digging out those jewels for your own collection. The people arc rcally nice here, but please be forewarned, make all purchases at the front desk and get a receipt! They scrap a considerable amount of computers here, so it's worth mentioning that you can get yourself an awesome deal on used hard drives, network cards and Pentium elass processors as well as scrap value SOSOthrough S0486 CPU 's. You will also lind large amounts of electronic test gear over here. This is usually located in the hack yard area and may be swapmeet- bound. If you make the right offer, you can get yourself some serious equipment for cheap. Prices fluctuate severely in this area, so I cannot guide you directly , Offer low, when they make a counter offer, try about 20-30010 less than they want as a counter offer to them. It usually works. This one is simply a "must visit" if you're a chip collector or reseller of collectible chips. Period! Blacklistedl411 Volume 8 Issue 3 - Fall 2006 45 RECOMP GROUP (RECYL.CING) 1704 s. SANTE FE STREET SANTA ANA, CA 92705 TEL.(714)542-3144 FAX (714)542-3145 PGR (800)938-7296 Email: greg@recomp .tv URL: www.recomp.tv EBAY 10: recomptv Type: Salvage Yard Contact: Greg McBride Alternate Contact: Ed In a word: EQUIPMENT. You name it, they have it or can get it. Tektronix, Intel, Data VO, HP, etc. I've seen it all and bought a lot of it for myself. Lots of room to tum a profit on their stuff, even through they're selling on ebay now. They have an incredible supply of printers and run a board scrapping facility much like GoldnWest. Tell them what you're looking for, ask to look around. If you want to stick with gold plated Intel, they got it. If you want EPROMs, they got it. It's a bit difficult to get your foot in the door, so spend some cash on something real quick and then let them know what else you want. They'll perk up when they see some cashflow coming in their direction. If you check out ACP every odd month, these people have a huge display in the back lot right in front of their place. Lots of goodies to look through at great prices, too! Scrap wire (18GA - 22GA) still in spools of several thousand feet available here from time to time for $4 a spool. GREAT deal! If you take the time to dig around at the swapmeet, you'll find some great deals, particularly with old equipment. I've found Hewlett Packard 1631D logic analyzers by the dozens here over the years. $25-$35 each, complete with pods, leads, clips, etc....and WORKING. I've never purchased a non-working unit at this place to date. It's good stuff for great prices! I've also picked up a lot of Intel gear as well - mostly vintage CPU/component evaluation units - for $10-$15 each. These are highly collectible items worth hundreds each on ebay and the open market. It's worth your time to know these people. PACIFIC SYSTEMS 1505 E MCFADDEN SANTA ANA, CA 92705 TEL (714)541-4121 FAX (7\4)541-4858 Email: pacsys@deltanet.com Type: Salvage Yard Contact: Ivar Alternate Contact: Paul Hom Alternate Contact: (Herman - very cool warehouse guy) This is a smaller outfit, but very useful if you're looking for specifc equipment. This place hascrazy hours of operation. I know they're closed on Friday at 12 noon through the entire weekend. Show up on a weekday somewhere between lOAM through I I:30AM and go to the back of the place (enter through the north-most rollup door) and talk to Herman (he's usually sitting at the desk in the back or pulling something apart). Ask him if you can look around. He'll say, "yes." Now it's time to go dig in. Look around and have at it. It usually takes some digging to find the treasures, but they're there. This place used to be excellent for monitors (17", 21") NEC, SONY, SILICON GRAPHICS, etc. Then the government decided monitors were hazardous waste product (you know, all the lead, phosphorous, etc) and Pacific stopped collecting these for resale, mostly. It's a shame because the cost for a nice BIG working monitor was CHEAP!! Anyhow, on to what they DO have. Printers -tons of them. Big ones, small ones, b&w, color. You name it, they probably have it or will get it sometime soon. Just a note, they sell their printers (and used to sell their monitors) to a company listed below (AIItech) - you can see what this place sells it for then go to the other place to see how much profit they're making...and they do this every day of the week. $$$ machine, man!! So, if you're not in the market for a used printer, how about some test equipment or network equipment? I've purchased morc Data I/O, Tek and Macintosh equipment from this place than I'll ever know what to do with. Did I pay much? Nope. $25 each for the Data I/O gear, $20-$50 each for the Tektronix gear, usually $25 each for the PowerMacs. All easy to tum around and double, triple, ten times my money back. You know thc drill. This is a wonderful source for Tektronix 1241 units - most paid was $25 each - complete with PODs, leadsets and grabbers!! You can also find Hewlett Packard 163\ D logic analyzers and 165OOA, 16700A logic analysis systems for next to nothing. I've never paid over $50 for any of these items. See what they go for on Ebay right now. I've even managed to find EPROM programmers (the top end stuff) over here - Everything from the PSX 1000 and Unisite!Chipsite down to the lower end System 19 and 296 units -- everything under $75 ($25 for the lower end stuff). If you like Fluke, this stuff shows up from time to time as well • everything from the 9010A to the 9100A and every imaginable accessory for these babies. The biggest equipment score here was a HP 1670D for $100. It was working and brought in some serious cash. Look at what these are going for - as-is, untested, etc. $U$ I once found a small box with over 10,000 Tektronix clips (grabbers) (the kind used with their logic analyzers). All of them were brand new, still in their factory packages. I bought the box for $35. SCORE!!! If you know anything about Tektronix, you know what those clips go for - especially when they're brand new still in the package. The deals like this are many and very similar. This is an excellent source for used APC UPS units. I've picked up a dozen or so used 1250 SmartUPS units for $25 each - working!! You just have to check this place out from time to time and see what they have. You'll have to make sure Paul or lvar is there when you're ready to make a purchase. Herman's great and will hold stuff for you, but he can't make any sales - he's just the eyes and ears of the place who keeps it running along. Make sure you get to know him as he's worth it. If you need something, he'll usually know whether they have it or not and where it is. 46 Volume 8 Issue 3 - Fall 2006 Blacklistedl411 SCRAPTRONICS ONTARIO,CA TEL (714)476-2420 Type: Salvage Yard Contact: Dean I've bought many items from this place, everything from computers and chips to equipment and wire. Excellent bottom dollar scapper. The selection isn't as good as the bigger places above, but the prices are about 115thof the ones above. I've found working Amiga Toaster 2000 systems for S20, Data I/O Unisite programmers for SI5, Data I/O System 298 loaded with extras for SI 0, etc. The deals are awesome when they come along and this place is definitely worth the mention. You have to visit them a lot to find quantity. This place has moved a lot over the years and I'm not quite sure where they're located now. The place used to be owned by Kevin, then sold to Terry, then sold to Dean. Dean answers the number above and takes orders. Tell him what you're looking for and he'll help you. It's really worth the call. GLOBAL METAL RECYCLING INC 930 EAST WALNUT STREET SANTA ANA, CA 92701 TEL (714)547-9079 FAX (714)547-4655 Type: Recycling Center Contact: George I wandered into this place one day just out of curiosity. From the outside, it looks just like any other recycling center; people bringing in their cans, bottles and newspaper for n . Upon a quick scan of the place, I found that they had large bins full of 180A - 22GA spooled wire - hundreds upon hundreds of spools (3000' - 10,000' spools). I asked around and found the guy in charge. His name is Geroge. He quoted me a price of SO .35/1bon the wire which is GREAT. I bought a few hundred spools and spent some money for the day. This was good stuff, too. Anyhow, I was able to sell the spools for much more than I paid, so I was happy. The second trip was even more successful. I found more spools of wire, this time it was silver plated Tefzel military grade wire! How much? SO.35/lb!! Needless to say, that was a killer deal! On another trip, I found a few gaylords (large pallet boxes) worth of scrap circuit boards - most likely headed over to Gold'n West or Silicon Salvage. I took a quick look at some boards and found that they were laced with 4116 RAM chips, 2114 RAM chips and tons of gold plated Intel 8080 circuitry and support chips. They wanted S2IIb on the ceramic and plastic RAM chips and S25/lb on the gold plated chips. Done deal! Another purchase for boards cost me S2Ilb for high grade! Not bad. Another trip, I picked up 200lbs worth of aluminum heat sinks (mixed, but brand new). I managed to pick 'em up a scrap prices! Anyhow, I've bought from these people maybe a dozen times... each time was an excellent score and the price was just right. Check them out. A&M METALS INC 2301 W 5TH STREET SANTA ANA, CA 92701 TEL (714)547-6507 Type: Recycling Yard Contact: Steven Carr This is a recycling center. You'll find a lot of people bringing in their cans and old copper pipes for scrap money. Ignore this. What most people don't notice are all the cool items in the back of the yard. There are piles and piles of monitors (some working, some not), piles of old Maclntosh (Apple liE, Apple IIC, Apple llgs, Powermacs, etc) computers worth taking the time to scrap for parts. I found a pallet of brand spanking new KEC transistors from this place, the usual 2N3904I2N3906 - 10 crate boxes of each and a ton (roughly 15 crate boxes of two different values) of surface mount transistors (I don't recall the part numbers) all for S100. This was an incredible find as the parts were only 2 months old on the date codes and the parts sold like crazy once I had them. I made S30 a reel on the surface mount parts and SlOper 100 pieces of the 2N3904I2N3906. I never sold all of them (I kept the 2N390412N3906 for myself after I sold a few crates worth), but I sure made a lot off this single deal. I've found boxes of wire, boxes of new old stock gel cell batteries, boxes of brand new motors and even metal cabinets with drawers for S20...really NICE stuff. I also found two of the most beautiful metal card cabinets I've ever seen (they work great for storing tubes of chips) - for only SI0 each! These were easily S800ea new. Somewhere along the way, the owner got wise to the art of electronics and computer scrapping and hired Steven Carr to take care of the job. They are now a full on monitor recycling place and they scrap out tons of electronic equipment. If you ask for Steve, hc'Il show you the circuit boards and other good stuff available. You can get good prices on EPROMs and other socketed components if you're willing to take the time to pull the parts. Expect to pay S2Ilb on the high grade circuit boards, S4/1b-S6/lb for plastic/ceramic components you pull from the boards. It's tedious work, but it's worth the money saved! MARKETPLACE CLASSIFIED ADVERTISING IS CURRENTLY FREE! FIRST COME, FIRST SERVED Blacklistedl411 Volume 8 Issue 3 - Fall 2006 47 BG MICRO 555 N. ST II STREET surrs 125 GARLANI>, TX 75040 TEL (800)276-2206 TEL (972)205·9447 FAX (972 )205-9417 Email: bgmicro@bgmicro.com URL: hllp:/lwww .bgmicro.com Type : Retail/Catalog Sales Contact : None This is a very coo l place , l've done most of my purchases over the phone with them and boy have I obtained some pure gems from them . They do a 101of salvaging and sell what we call "reconditioned" components - thai means they're socket pulls. They fully guarantee the parts and the best part is thai on any given part you order, you could get plastic, ceramic, white ceramic, gold plated, etc - they only care about the base part number. So. the idea is to ask them for the "gold" or "white ceramic" version of the intel 4004 or 8008 you've been nceding so badly. l've ended up with loads of gold plated Intel chip s through them for less than retail, but more than my usual wholesale - but it wasn't of any concern when I was able to immediately tum around and sell the m for hundreds of dollars per chip to those crazy chip collectors. They may be out of 4004/8008. but you'll probably still be able to find a lot of highly collectible AMD/INTEL chips . Tell them what you're looking for. Be sure 10 ask for a free catalog from them and download their PDF version to tide you over until the real one arrives . They have a lot of excellent stock and a lot of sources for the parts they don't have in stock . They once had a pile of new old stock Condor brand power supplies for old Cinernatronics arcade games . I believe they were $4.95 each . It was a killer deal conside ring these arc impossible to lind anymore. They'll surprise you with their selection. Oh yeah, they're extremely friendly and BILL 3ll-day if you're a good buyer . ALL TECII ELECTRONICS CO 1300 E EI>ING.:R AVENUE 1#1> SANTA ANA, CA 92705 TEL (714)543·5011 FAX (714)543-0553 Email: saleS@malhL..Ch.com URL: hllp://www .malhech.com Type : Retail/Surplus Contact: None This one is usefu l mainly tor Ihe material on their back wall. When they moved into the place, their back wall of the store was lined with these containers (much like a IIUGE parts bin). In these containers are all kinds of connectors, components and hardware. They will sell in bulk and give a great price, The more you buy, the better price you gel. I've found everyt hing from molex connec tors and crystals to atari 2600/5200 cartridge connectors and LED's for less than pennies on the dollar. When you are in the neighborhood (RECOMP, PACIFIC SYST EMS, ACI' SWAI'ME ET), take a momen t to check out ALLTECH. 3016 IIALLA UA Y STRE.:T SANTA ANA, CA 92705 TEL (714)751-5476 TEL (714)632-5585 EXT 20 1 Email: ray@connectcomp.nct URL: hllp://www .Cllnncet-comp.cmn/ EllA Y II): connect -comp Type: Salvage Yard Contact: Ray This place has gone mostly EllA Y, but let me tell you about them. They have a wonderful selection of used com puter gear and equipment. Check them out and find some great deals!! Here's their self-writeup: "Guaran teed low prices on qual ity used computers and monitors. We specialize in selling only top brand used computer eq uipment like Dell, Gateway, Compaq, IBM, Sony, Viewsonic, Mitsubishi, etc" So there you have it. I've found a lot of old Data I/O EPROM program ming equipment there as well. I have notieed that they do not sell their entire stock on cbay. Thcy still have a lot of scrap to sort through. The scrap is where I always find my best deals. I'ORT C IIAIN INUUSTR..:S INC 12785 MAG NO LI A AV.:NUE RIVERSmE, CA TEL (909)279.0819 Type : Salvage Yard , Contact: None I checked this place out two times right before I quit the entire collectinglbuyinglselling experience. While I have had no extensive dealings with them, I found them to be a quite surprising source of excess inventory components and scrap computer/equipment deals. They're 'a lillie standoff-ish, but they love money just like everyone else, so they'll sell if you tell them exactly what you want and don't waste theirtime. h's worth a looksic , I know a lot of people who buy and sell monitors with this company. They've been thrilled with Port Chain, so I am lead 10 believe they're OK to deal with. 48 Volume 8 Issue 3 - Fall 2006 Blacklistedl 411 INFINITY RE·SALES (BY APPOINTMENT ONLY) 2936 Lincoln Avenue PMB 13 San Diego, CA 92104 TEL (619)683-7949 Email: jeb inf@pacbell.net Type: Salvage YardlSwapmeet Sales Contact: Joshua Bailey This one is interesting. While I have never made an appointment to see him, I find him over at the ACP swapmeet every other month. I believe he shows up at the TRW swapmeet as well. Both of these swapmeets will be deseribed later - both excellent sources for great deals. I've bought tons of stuff from Joshua. He's really easy to work with and he has great prices. The last deal was a pile of 50 Tektronix 1'6460 PODS complete with leads and a little over 1500 grabbers for $220. SCORE!!! Ebay selling price on these: $30-$60 each for the PODs, $20-$40 each for the leads. Grabbers sold for $35 per set of 10. $220 in and over $9000 out in a simple deal. I don't think he sells anything on ebay, so his pricing tends to remain very reasonable (read: VERY LOW). Find this guy and tell him what you're looking for. You'll get a wonderful deal. The deals are there, every time I see him. JK ELECTRONICS 6395 WESTM INSTER BLV D. WESTM INSTER, CA 92683 TEL (714)890-400 1 FAX (714)892-6175 Email: sales@ikelectronics .com URL: http://jkelectroni cs.com Type: Retail/Surplus Contact: None This is a retail store located in Westminster, CA. What's cool about this store is that they deal with a small amount of surplus parts and equipment and there's always a treasure to be found. I've picked up everything from IC's for $5 a box, to connectors and switches for about I/ Ioo'h of a penny each, to a box of 12 Fluke 9OIOA Microsystem Troubleshooters complete with dozens of PODS (8080, 6502, 6800, 68000, Z80, 6809) for only $50 for the entire package. At the time, these 9010A's sold for $300-$400 with one or two PODS included. The'PODS sold for anywhere between $30-$ 150 each! Cha-ehing!! When you first walk into the place, it looks like your average electronics store. What you need to look for is the surplus section on your right. Make your way over there and look for the "good stuff '. If you don't like the price, walk up with the whole box and do a little wheeling and dealing. For instance, they sold IMHz, 3.579545MH z (colorburst), 5MHz and 12MHz crystals (new old stock) in small boxes which contained roughly 4000-5000 loose pieces each. Each crystal was marked at $0.25 each. I brought the boxes up to the counter and walked out with them for only $25 a box!! Needless to say, this was a killer deal! Anyhow, this one is worth a mention because quite frankly, I've made thousands off the items I've bought from this place. It's worth a visit every now and again even though they don't have a huge supply of surplus like the big boys listed above. ECSC (Electronics and Co mp uten Surplus City) P,O, BOX 3148 REDONDO BEACH , CA 90277 TEL (800)543-0540 TEL (3 10)217-802 1 FAX (3 10)217-0950 Email: ecsc@cio.com URL: http://www.eio. com Type: Salvage/Surplus/Excess Inventory Contact: Barry Gott This place used to be my most favorite salvage yard to visit. In fact, I visited this place for over a decade, finding awesome deals every single time I dropped in on them. They've shut down the yard, but they show up at all of the electron ics swapmeets every month. You'll find them at ACP and TRW. They still have a lot of interesting items for sale. If you check out their website, you'll find all sons of interesting items for decent prices. The real meat of this particular mention is BARRY (yes, a person). He's the owne r/operato r of ECSC and he's one heck of a cool guy to know. He knows everyone in the business and everything about every company in the business. He's what I like to refer to as the grandfather of electronic surplus. He's been around since the beginning and he's watched all the big guys stan from scratch. If you want to know where to find something (and ifhe doesn't have it), he'll tell you where to find it. Let me give you some history on this outfit. They used to run a BIG (and I mean, HUGE) salvage yard in Gardena, CA off of Artesia, A picture of the old yard is on their website - boy, it brings back the memories. (sob, sob). Everytime I went to this place, they had junk (and I mean, the good stuff kinda junk) piled 10 to 20ft high everywhere... and this was outside of the building. Inside was an incredible selection, much like a well stocked electronic store, but way better. They had it all. Chips, caps, resistors, meters, motors, diodes, rectifiers, transformers, connectors. wire, switches. Man, they had it all and then some! And none of this was scrap - it was all excess (usually NEW) inventory at rock bottom prices! What the best pan was that if you brought out a big load oflet's say $25,000 retail value worth of pans, waited to talk to BARRY and get a price from him, you'd walk out with the entire load for maybe $200-$300 at most. It was too easy to spend money here. I still have pan s coming out of my ears from this place which I'll probably never use, but who cares. A deal is a deal and this place had the deals like no other. Back to the yard with the 20ft high loads of junk. I spenl a lot of time digging around in the yard. I found all sons of interesting scrap items that I was always able to tum into profit. I suppose it was more of a field trip for me than anything else but there were some treasures to be found in those piles. I found them, too. Blackliste d l 411 Volume 8 Issu e 3 - Fall 2006 49 Anyhow, sometime down thc road, they either lett the building thcy had or got the boot out of the bulding, I was never too sure on this one. Either W:IY. Ihcy still showed up at thc swapmcets every month, so I still bought some stuff here and there, but not like when they had the serap yard. Whencver I hit up the swapmcets, I always make it a point to talk to Barry. He's worth every second of time I've ever spent with him. So, next lime you're at ACI', check out the SouthWest comer of the lot and you will find ECSC and probably Barry if you look around. He's the bearded guy with thc hat. Ifhe doesn't have a deal for you, he'll tell you who does. Talk to this guy and if he helps you. buy something from him. Iley, he's still got to make a living and infonnation is worth U$. "UPDATp· At the timc of the writing of this article, Barry was alive and well. Unfortunately, he has since passed and his kids are now running the business. Wc're all very sad to sec Barry go. ORV AC ELECTRONICS 1645 E. ORANGETHORI'E AVENUE FULLERTON. CA 92831 TEL (714)871·1020 Type: Retail/Surplus Contact: None Orvac is one the of the places I first explored in the 80's. I found this place to be quite exciting at the time. While they are a fully stocking retail store, they also have a surplus section. Yes, it's gotten smaller over the years, but they still have one. They mostly have connectors and switches in the surplus section. but from time to time other obseure items show up like transformers, displays (LCD, LED, etc). 1 have bought many loads of connectors from these people for less than wholesale over the years. They have been a great backup source since the day I first found out about them. Once upon a time, they used to sell grab-boxes, much like the ones Radio Shack used to sell in the 70's _. but MUCII larger.. and only $1 a box. The amount of goodies was massive. Anyhow. check them out because they're still useful and have the potential 10 make anyone some money. SAV-ON ELECTRONICS 13225HARBOR BL VU GARDEN GROVE. CA 92843 TEL (714)530-0555 Type: Retail/Surplus Contact: None This is another retail location who has a surplus section. What I find unique about this place is the amount of surplus flyback transformers they manage to come up with. They buy from a souree (Electronics Warehouse in Riverside- mentioned below) for some of the surplus Ihey sell. sometimes the prices are better than that of Electronics Warchouse. Either way. they have a good selection of vintage parts for less than wholesale, This one rates a 4 out of a lOon my seale. but it's still useful overall. FORD ELECTRONICS 8431 COMMONWEALTH AVENUE BUENA PARK. CA 90621 TEL (714)521-8080 FAX (714)521-8920 Email: saleS@fordeicctronics.com URL: hup://www.l(.rdck.etronie s.com Type: Retail/Surplus Contact: None I've been buying from them from these people since the 70's. They have a full retail store intermingled with surplus parts. Just about everything is a surplus part and entitles you to wheel and deal with them. I once picked up a load of roughly 15.000 thousand each of 7 different types of bridge recliliers. These each sold for $5+ retail at the time, but 1 paid less than SO.OI per piece. I've been selling these off for S5-S20 each for the last 18 years and I don't see any end to my supply anytime soon! They have a section with old electronic junk . too • I found a few items with Intel 4004 boards inside them- with socketed "gold" C4004 and support chips on each board. I paid $5 per unit and walked away with a smile. There are still deals like this to be had at this place. They always talked to me about their overstocked "warehouse" which I never made the time to make an appointment to visit. but it sure sounds like the place to be. I'm still considering checking this warehouse out someday just out of curiosity (I'd be able to write about it. then). Anyhow. this place hassome excellent deals on old parts- they have a BIG chip supply. so ask them if they have what you're looking for - it can't hurt. BALL ELECTIWNICS 2960 W. BALL ROAU ANAHEIM. CA 921104 TEL (714)828-1310 Type: Retail/Surplus Contact: Larry This one is a mom and pop operation which has been around longer than most electronic stores. I have mixed feelings about this place, but they're worth the mention. They have a surplus section which takes up a good portion of their store- in this surplus section, they have connectors. caps. diodes, switches, displays, sockets, serap cireuit boards, old junker equipment and hardware parts. It's really kind of interesting. The guy who runs the place is a bit moody and his prices fluctuate in fact, he's downright difficult to hagle with, but I find that persistence prevails with him. Just keep on top of it and he'll cave in eventually. I once bought a large pile of cireuit boards (roughly 150 of them) from this place. Each board was riddled with piles of socketed logic. gold plated CPU chips, and RAM chips (4116,2115.6116. etc). I paid SO.50per pound and walked away with another excellent deal. No need to haggle with him on this one. lie said the price and I paid. I had no idea what I really stumbled upon until I looked everything over a week later. Come to find out, I had picked up a pile of Ohio Scientific 500 and 600 series boards. You know. vintage computer boards which just happened to be highly collectable. Score! They have a somewhat decent selection of old chips and vacuum tubes. Check them out. 50 Volume 8 Issue 3 - Fall 2006 Blacklistedl 411 By radio....phreak Right I am back by popular demand with a segment on rad io scanning, so I thought how about I write you all a guide with some pointers? I am everyday discovering new frequency's in my local area (I live in south east England). With this article I am go ing to show you how I personally find frequency's. You might have your own way that you find perfectly fine and by all means don't listen to me that's fine but this works for me and I would like to sha re it with you . In this article I will give you some small pointers on how to discover frequency's and traffic analys is. First a little explanation as to what traffic analysis is. It sounds pretty cool doesn 't it? (well it does to me) but all it is, is at.the most basic level is leaving your scanner locked on 1 frequency to dete rmine what is in use on the said frequency. Some people prefer to go further in depth and go the whole wack with spectrum analyzer plots and direction finding , my solution is very simple and 1 that everyone is capable of using again you may think my method is no good and may want to develop your own method and that's fine as well . How to discover the frequency's First off you need to take a couple of things into account: 1. What exactly are you looking for? take for example airplanes, you know that it falls between 108-137MHz (AM) so you know to search between them (Dont forget which mode it is as well listening to AM in NFM mode sounds weirdl) 2. The location, say if you are looking for a mall secur ity frequency, there is no point in trying to listen to a frequency 70 miles away when it's on UHF 3. What time do they operate from? Taxi's are 24fT however interstore comms will stop at the end of the business day or it could even be a security firm or nightclub that only operate at night times 4. Are you suitably equipped? Your scanner might only cover 25 - 173 MHz and the frequency you are searching for may be at 201MHz for example, so your scanner is next to useless. Are you using the right type of aerial? if not you may want to upgrade it, the aerial that comes with your scanner is usually okish but they aren't great think about purchasing or home brewing a Dipole or Discone . 5. Also bear in mind that some frequency's are not meant to be shared, say for example cash delivery guards because by making that kind of thing public knowledge you may well have aided a gang in plann ing a robbery 6. Don't make it to widely known that you are a scanner I refer you to my previous article, if you have a radio license you have more than enough excuse to be carrying all sorts of radio telephony equipment. If not you may find yourself being asked some awkward questions. 7. As above, be discreet don't walk up to people and ask them what frequency they are on and don't be seen to be taking to much interest in people 's radio equipment it seems to make them nervous 8. Cons ider investing in a close call nt or signal stalkernt equipped scanner this basically means you can sit there and leave the close call running, any transmissions that pop-up your scanner will automatically tune into it and you can either discard or take note of the frequency, they don't usually cost anymore than a frequency counter and the bonus side of it is that you can actually listen to the frequency you have found automatically, excellent for long distance road trips . 9. If you are operating from home, make your lair/pitiholelhomeJwherever as comfortable as possible. Consider getting in a nice comfy chair , cheap food (Gloop) and someth ing to entertain yourself while you are waiting for something to pop up. You may have to wait a while when you are scanning, just because you aren 't hearing or finding any new frequency's doesn 't mean that they are not there, just means they aren't transmitting 10. Be prepared to share your finding 's you will find that once you have shared others will be more than willing to share back (remember what I said about something's are not to be shared though) Traffic Analysis Tips 1. Find the frequency you wish to find out more about in this list I will be referring to my local Port Control Frequency 2. First of all determine who is in control of the said frequency is there a clear call sign that says anything like control? 3. What call signs are in use on the frequency? To call the control at the port you call "Ramsgate Port Control" ships usually identify themselves by there name , but there is also an ships international call -sign so that all country's can identify ships uniquely (because sometimes ships names tend to be repeated amongst others) 4. What are the procedures in use on the frequency, say for example a secur ity company may try and task CCTV to keep an eye on someone, in the local port to leave the port they say "Dover Port control permission to leave to the harbor) determine procedures once a call has been put out 5. What CCTSS tones are being used? Are there alert tones that can be sent out if an officer or a ship is in trouble? 6. What mode are is the user using? NFM ,WFM,AM ,SSB ,USB ,LSB,DFM,ATV,SSTV,PSK31,RTTY? 7. Other things you may want to keep a track of are the times and the duration of the call, this can help determine internal procedures such as perimeter patrol times , CCTV scans , shift change etc 8. Cons ider purchasing a hardware based or download a software based spectrum analyzer this can help you in determining the frequency, any tones that may come up it can also help you determine what (if any) type of data is being used 9. Don't be afraid to go online and ask for help because s times out of 10 you will usually find someone to help you and if they don 't answer you or flame you then you are either ask ing the wrong people or they don't know themselves and are trying to deflect any attent ion you have aimed at them . 10. If you have access to an S-Meter you can also determine signal strength , these are available from ham fests or retail outlets . Blacklistedl 411 Volume 8 Issue 3 - Fall 2006 51 An example Traffic Analysi,s log may look 'sornethinq like this (it depends on your preference): Frequency Mode Tone Known User Date Time Notes 156.7000 NFM None Ramsgate Port Control 08/2512006 16:34:06 Ferry to Ramsgate Port Control:R'Gate Port Control ····spur Permission to leave 156.7000 NFM None Ramsgate Port Control 0812512006 16:34:47 Ramsgate Port Control to Ferry: Permission to leave· 156.7000 NFM None Ramsgate Port Control 08/2512006 16:45:02 Ferry to Ramsgate Port Control: · · · · · spur clear of the channel good evening and good watch" You get the idea anyway. It can come in handy to aid in the determination of traffic on a certain frequency (i.e. 1 that rarely transmits if at all!) Port of Ramsgate Also don't forget as well there are some things that are not meant to be shared or mentioned (if listening to a frequency in use by what seems to be intelligence or military) and some are meant to be shared. So there you have there are a few tips to get you started. I hope that this kind of information helps you, Also don't forget most information about most thing's can be found on the net with a little bit of research as many a good phreaklhacker knows research is very important so consider buying literature on radio's and antenna 's. Also keep an eye out for my homebrew Sat TV dish hack in which I will show you how to convert an old Sat TV dish into something usable with your 802.11 network or Bluetooth projects. I may also do some equipment reviews in the future and eventually talk further about war tracking (the process of tracking and listening to satellites) I will also talk about the INMARSAT's plans to abandon there constellation of INMARSAT analogue satellite's and what that means for us in the global phreaklhacker community (basically that means there's a freebie for us all to use!) Signing off RadioJlhreak MARKETPLACE CLASSIFIED ADVERTISING IS CURRENTLY FREE! FIRST COME, FIRST SERVED SUBMIT AD AT WWW.BLACKLISTED411.NET 52 Volume 8 Issue 3 - Fall 2006 Blacklisted I 411 !&gitech Harmony Remote Review Written by: ThelnstallGuy Today , I am going to give my personal review of the Logitech Harmony 676 Remote. I just purchased one the other day, and am enjoying it so much, I figured I would share my experiences with it. The Harmony 676 is the middle to high end remote . At the time of this writing, the cost was $149.00 CON. Currently , the Logitech web site is selling it for about $229.00 CON, which is a little odd, but I will right it off to the web site not being updated. That being said, let's get started. How It Works: Quick and easy set-up by connecting the Harmony Remote to your home computer via USB. Create an account on HarmonyRemote .com, and follow step-by-step instructions to tell us about your configuration . It's as easy as picking your components from lists and supplying us with the component's model number. Download the configuration to your Harmony Remote by attaching it to your Windows or Mac PC via the supplied USB cable . Once your Harmony Remote is configured, it can control your entire home theater system with one button press! Using Activity buttons labeled "Watch a Movie", "Watch TV", "Listen to Music" and "More Activities", your Harmony Remote can send all the right comman ds to your entertainment system without requiring you to program a macro. Controls all brands and device types The Harmony Remote has access to the largest online database of devices. This means that it will support all brands of Televisions, Projectors , Monitors, Amplifiers, Stereo Receivers, Audio/Video Switches, Channel Decoders, Cable Boxes, Satellites, Digital Set Top Boxes, Video Recorders, VCRs, PVRs, TVNCR Combos, DVDs, DVD Recorders , Laserdisc Players, DVDNCR Combos , CD Players, CD Jukeboxes, Digital Music Servers , Game Consoles, Mini Systems, Comp uters, Microsoft Windows XP Media Center Edition PC, Laptops , Tape Decks, Light ' Controllers, Minidisc Players, DATs and more! There is even a specific activity for the Harmony Remote that integrates your Microsoft Windows XP Media Center Edition PC with your entire entertainment system. Packaging: Enclosed in a nicely put together package is the following: Harmony® 676 remote control 3 changeable faceplates (Metallic Blue, Metallic Red, and Silver) USB cable Installation CD Installation guide 4 AAA batteries (DuracellJ ) Limited I year repair/exchange warranty from date of purchase You can be guaranteed to receive everything in the package. There is no way anything can be removed from the plastic tray insert. This tray holds all components and is sealed on all four sides. If it has been cut open and put back together , you will know. All in all the packaging is good. It did take me 5 minutes to get into it, but I knew everything was there. Setu p: The instruction manual was pretty well laid out. The instructions were simple to follow and there was even a small chart included that allowed you to write down all of your devices before you start programming the remote. Blacklistedl 411 Volume 8 Issue 3 - Fall 2006 53 For the sake of this article, I decided to follow the directions to the letter in order to deliver a fair analysis of the process. From the start, everything went as expected. Put batteries in the remote and locate devices you wish to program into the remote. There are clear examples of what info is needed from any device you may want to use and the chart is large enough to actually read what you write down. To the computer! At this point, the rest of the configuration takes place on your computer. My installation was on a Windows XP machine, but Mac is also supported from the same CD. Minimum Requirements: Win 98SE/ME/2KJXP, IE 4.0 or better 10MB HOD space, and an internet connection. Mac: OSX Only, Safari 1.0 or better, 10MB HOD Space, and an internet connection. The program is located here: cd! Harmony Remote/Software.mpkg The first difference I noticed was that the instructions asked me to plug the USB cable into the remote and the PC before inserting the CD.. Usually we are confronted with the oversized yellow sticker "DO NOT plug in device until software is installed .. ...you nOOb". However, I said I would follow the instructions . To my surprise, no new found hardware wizard .....sweet! The device was just installed as stated in the manual, as a Human Interface Device. I imagine Windows 98 and ME users would be forced to dig their Windows CD's out of the closet. Ok, so I am on page 6 of the instruction manual and all is going well. At this point, I am asked to insert the disk into my PC. Now, the reason I even bring up this point is I am expecting to be ravaged by pop-ups that state that "this software has not passed Windows logo testing". To my surprise, I receive no such warning. For those of you counting, that's twice my assumptions have been wrong. Kudos to Logitech so far for a well put together installation package. The software did install without issue in about 25 seconds. After the installation completed, the instructions state that the computer mayor may not reboot. Mine didn't. Instead, I was immediately redirected to a web page that wanted me to upgrade the software I had just installed. In addition, another window opened and wanted me to start the configuration process . From here the instruction manual is useless and a little confusion ensues. Instinctively, I want to upgrade the software first. Clicking the upgrade button opens a third window identical to the configuration page that is already open. Ok, I guess we are configuring the remote first. The online configuration wizard is nicely laid out and easy to read. No sooner than I click next, the upgrade page shows up. The instructions state that the program will be upgraded and the remote will be flashed with a new firmware upgrade. The upgrade started with no issues, but 5 minutes in, the installer is frozen and the computer is locking up .. .REBOOT! Strangely enough, I feel I am in a familiar place. New software, new product, Windows crashes, but in the interest of a fair trial, we will move on and try again. Looking back in the instruction manual for the reboot after installation part, I found the link used to gain access to the Harmony Remote page; http://www.harmonyremote.com. Upon my second visit to this site, I am prompted to create an account. Now, I do remember seeing this page earlier, but was pushed passed it to upgrade he software and firmware. The account page is pretty straight forward and allows you to leave out certain personal information that you may not want to share (Nice to see our privacy is important to some companies). At the end of the form is the always present "Would you like to receive special offers from so and so", No spam for me, thanks! ~lrVine Underground Located in Orange County, California Irvine Underground Organization www.irvineunderground.org 54 Volume 8 Issue 3 - Fall 2006 Blacklistedl 411 After this point, I was again prompted to upgrade the software and firmware. This time the upgrade went 011' without a problem . I had the curr ent software and firmware downloaded and installed in about 3 minutes. From here. I was led to a page that asked for all my devices I wished to use. I entered the information exactly as it was on each device (I did use caps and dashes where needed) , clicked next and moved on. The sol1ware had recognized every device as I had entered except for my TV set top box (Motorola RG-2400). At this point. I was asked to retrieve the remote and place it 1-2 inches away from the bottom of the Harmony remote. Aller pressing a few buttons when instructed, I think there was 4 buttons to press), the Harmony remote had learned every facet of my Motorola remote .......again, Sweet! From here, all that was left was to answer simple questions about how I used certain devices and what channels and receiver settings I used . Lastly , I was told to press the save button and test the remote with all devices. Everything worked perfectly! I did not have to perform any tweaks or reprogram any devices back into the remote. It just worked as it was supposed to. Life Since Setup: It has been about a week since the initial setup of the Ilarmony Rcmote and all is well. There have been no instances of pulling out an old remote looking for a certain feature that is not on the new remote . In fact. I can even program all of my Dolby and FX features from my receiver on the LCD of the Ilarmony Remote . At this point and time, I can honestly say that I will never go back to a multiple remote situation. The remote its sclfhas proven to be durable as well. There have been a few occasions where it has hit the floor with a good thump and has shown no signs of damage at all. The LCD screen is bright and easy to read. There arc also 6 buttons on either side of the screen that allow lor more advanced settings to be changed. I was also impressed with the way the lettering on the buttons is done. It appears that they are all screened below the one that is in constant contact with your fingers. If I am correct, I would tend to believe that the numbers and letters will nol fude on the remote, increasing its longevity. Conclusion: My bigge st problem with the Harmony 676 Remote is the sol1ware installation, Don't get me wrong, I do understand the need for updates and fixes. I would hope that newer software will be included in future packaging. In the very least, I believe Logitech should refine the web interface to not have 2-3 windows open up with different instructions. To the average user, this creates a mass amount of confusion. All in all, I believe this unit to be an incredible addition to any home thealre user, regardless of the price . I give it a 9 out of 10. Pro 's: Great feel and look - not heavy or bulky Easy to read buttons and the backlighting (glow feature) covers all buttons Over 80,000 IR Codes and a seemingly unending list of devices One touch control to tum on all devices relating to a task Cons: Flakey installation software (at least for now) Expensive References: How it works section - content by Logitech http ://www .harmonyremote.com Direct link to Harmony 676 - http://www.logitech.com/index.cfm/productsldetailsharmony/CA/EN.CRID=2084. CONTENTID=95 I I Picture is courtesy of- http://www.harmonyremote.com BlacklistedI 411 Volume 8 Issue 3 - Fall 2006 55 · URBAN EXPLORATIONI Phone obsessionsI Pointless 6.500 MHZ CRYSTALS $4 a piece, 50 for $115, 100 for conversation! And a slight chance of hacking! It's Doug TV $200. Add $3.00 for shipping. Send checks to C. Wilson, P. baby http://www.dougtv.org O. Box 54348 Philadelphia, PA 19105-4348 LOCKPICKING101.COM Open forum discussion to educate COIN-QP VIDEO ARCADE GAMES. Parts, boards, and yourself and others about lock picking and lock security. empty cabinets available for your projects. Cabinets INFOSEC NEWS is a privately run, medium traffic list that available for $75. C.J. Stafford, (301)419-3189. caters to the distribution of information security news articles. THE BLACK BAG TRIVIA QUIZ: On MSDOS disk. These articles will come from newspapers, magazines, online Interactive Q&A on bugging, wiretapping, locks, alarms, resources, and more. For more information: http:/twww.c4i. weapons and other wonderful stuff. Test your knowledge of orglisn.html the covert sciences. Entertaining and VERY educational. I'M RAFFLING my original APPLE-1 computer I have no use Includes catalogs of selected (no junk) shareware and for it anymore so I'm giving anyone who wants a chance on restricted books. Send $1.00 for S.25 disk, $1.50 for 3.5, plus owning a piece of history all I ask is for a one paragraph letter two stamps, to: MENTOR PUBLICATIONS, Box 1549-W, telling me why you would want my computer, and $2.00 cash Asbury Park NJ 07.112 or money order to: MY RAFFEL, 567 W. channel lsi. Blvd. ANARCHY ONLINE A computer u e In oard resource for' " Port Hueneme CA, 91341 suite 416 anarchists, survivalists, adventurers, investigatorS) HACKER STICKERS Geeks, Coders and Hackers get our researchers, computer hackers and phone phreaks. stickers, shirts, hardware and caffeine from Scheduled hacker chat meetings. Encrypted E-maillfile hackerstickers.com exchange. WWW: hhtp:/Ianarchy-online.com Tel . TRUE TAMPER·PROOF Security Screw Removal Bits. The rchy-online.com Modem: 214-289-8328 super tone kit includes: T-10, T-15, T-20 & T-25. Complete ~;;;:~!"f'I:ii?iit'"nfE':i~~~~ft~;;;-,~-=~1-:': AC P ET ne excr Ing oar g~m~ in set for $19.60. TOCOM 5503 bit $8.95. TOCOM 5507 bit which 2-4 players race to complete a hacking mission. $19.95. Zenith PM/PZ-1 bit $10.95. Jerrold Starcom bit Please send $3.00 check or money order payable to CASH. $19.95. Pioneer (oval) bit $23.95. Oak Sigma (oval) bit Hand-scanned 99XX exchanges in 516 AC. Included may be $23.95. Security Screws available. Tamper-Bit Supply Co. data kit modem numbers, WFA/FA, SSCU, TSAC(SCC), (310)866-7125. CO#'s, etc. Send $2.00 check or money order payable to HIGH·TECH security/survival books/manuals: Computers, CASH and specify exchange. "MCI-Style" Phone Patrol hats Internet, Phones, Energy, Physical Survival, Financial, Law, are now availablel Just $18 check or money order payable to MedicallRadionics, Mind Control, Weird/Paranormal. Free CASH. 2447 5th Ave, East Meadow, NY 11554. Online Catalog at: Consumertronics.net (PO 23097, ABQ, ATTENTION HACKERS & PHREAKERS. For a catalog of NM 87192), or $3 hardcopy (USA/Canada, $7 foreign). See plans, kits & assembled electronic "TOOLS" inclUd ing the display. RED BOX, RADAR JAMMER, SURVEILLANCE, COUNTER HOME AUTOMATION. Become a dealer in this fast growing SURVEILLANCE, CABLE DESCRAMBLERS & many other field. Free information. (800)838-4051. HARD-TO-FIND equipment at LOW PRICES. Send $1.00 to TIRED OF SA TEST KITS with marginal or inconsistent M. Smith-02, P.O. Box 371, Cedar Grove, NJ 07009 performance? 21st Century Electronics and Repair VOICE CHANGING ACCESSORY. Digital voice changing: guarantees peak performance with 4D-pin processor kits. male to female, female to male, adult to child, child to adult. New, more flexible program with additional features puts Use with any modular phone. 16 levels of voice masking. others to shame. Price $49 each or 5 for $233. 1st time Connects between handset and phone. STOP THOSE offered. (404)448-1396 ANNOYING TELEPHONE CALLS! Sound older and tougher FEDERAL FREQUENCY DIRECTORYI Kneitel's "Top when you want to. Not a kit. Fully assembled. Use with Secret" registry of government frequencies, New 8th edition. single or multi-line phones. 30-day refund policy. Ask for 268 pages! FBI, DEA, Customs, Secret Service, BATF, free catalog of our products. VISA/MC ok. Xandi Immigration, Border Patrol, IRS, FCC, State Dept., Treasury, Electronics. 1270 E. Broadway, Tempe AZ 85282-5140. Toll CIA, etc. & surveillance, bugs, bumper beepers, worldwide Free order line: (800)336-7389. Technical Support: (602) US military, 225 to 400 Mhz UHF aero band, Canadian 894-0992 listings, & more! Ultimate "insider's" directoryl Standard MAGENCODERS.COM Manufacturer of the World's reference of law enforcement, news media, private security, Smallest Portable Magnetic Card Reader & Point of Sale communications industry & scanner owners. $21.95 + $4.00 Data Loggers. We also have Magnetic Stripe Reader/ shipping ($5.00 to Canada). NY State residents add $2.21 Writers, Smart Card Loaders & Copiers, etc... (407)540- tax. CRB Research Books, Box 56BL, Commack, NY 11725. 9470 Visa/MC welcome. Phone orders (516) 543-9169 weekdays UNDETECTABLE VIRUSES. Full source for five viruses (except Wednesday) 10 to 2 Eastern. which can automatically knock down DOS & windows (3.1) TOP SECRET SPY DEVICES Home of the Worlds' Smallest operating systems at the victim's command. Easily loaded, Digital Voice Recorders and Spy Cameras. We stock many recurrently destructive and undetectable via all virus items including: Transmitters, Bug Detectors, Audio detection and cleaning programs with which I am familiar. Jammers, Telephone Recorders, Lock Picks, Voice Well-tested, relatively simple and designed with stealth and Changers, Keystroke Loggers. www.spydevicecentral.com victim behavior in mind. Well-written documentation and live (305)418-7510 antidote programs are included. Priced for sharing, not for HACKERS '95 THE VIDEO by Phon-E & R.F. Burns: See making a ridiculous profit. $10.00 (complete) on six 1.44MB, what you missed at Defcon III and Summercon 95! Plus, our 3.5" floppy discs. Money orders and checks accepted. No trip to Area 51 and coverage of the "CyberSnare" Secret live viruses providedI Do NOT ask. Satisfaction guaranteed Service BUSTS. Elec Cntr Measures, HERF, crypto, and or you have a bad attitudeI The Omega Man. 8102 Furness more! Interviews with Eric BlookAxe, Emmanuel, and others. Cove, Austin, TX 78753 VHS 90 min. Only $25 - distributed by Custom Video 908- NO SOUND ON PREMIUM CHANNELS? It will happen 842-6378. sooner or later on your Jerrold DPBB-7 Impulse. Ask EUROZINES AND OTHER CULTURAL HACKER ZINESI A Manhattenl Soundboard brings the sound back. Best sound one-stop, cutting-edge mail-order source for over 1,000 titles. fix on the market. Easy to install soundboard $24.95. Easy Beautifully illustrated 128-page catalog includes: alternative/ to build soundboard schematic, parts list and common chip fringe science, conspiracy, Forteana, sexuality, computer number $34.95. Send us your unit and we will install the hacking, UFOs, and much more. Send $3.00 to Xines, Box soundboard for $59.95. SOUNDMAN, 132 North Jardin St., 2qLB, 1226-A Calle de Comercio, Santa Fe, NM 87505. Shenandoah, PA 17976. (717) 462-1134. 56 Volume 8 Issue 3 - Fall 2006 Blacklistedi 411 SINGLE DUPLICATION OF CD-ROMS Send your CD and HACKERSHOMEPAGE.COM - Your source for Keyboard $25 and you will receive your CD and an exact copy. Want Loggers, Gambling Devices, Magnetic Stripe ReaderlWriters, more than one copy? Send a additional $15 for each Vending Machine Defeaters, Satellite TV Equipment, duplicate. Make checks or money orders Payable tolMail to: Lockpicks, etc...(407)650.2830 Knoggin, 582 Merket Street Suite 616, San Francisco, CA I-HACKED.CqM is a hardware hacking based website and it 94114 currently looking for articles! Membership is limited to CB RADIO HACKERS GUIDE! Newl Big 150 pages; contributing members, so come and share your knowledge pictorials, diagrams, text. Peaking, tweaking and modifying with other hackers around the world. Topics we are currently 200 AM and SSB CB radios. Improved performance, extra looking for include: DVD "Dual-Layer" Firmware hacks, CD- capabilities! Which screws to tum, which wires to cut, what RW / DVD+/- Speed Hacks, Video Card Hacks, Motherboard components to add: Cobra, Courier, GE, Midland, Realistic, Hacks, IDE Card / Raid Hacks, Xbox Hacks, Playstation SBE, Sears, UnideniPresident. $18.95 + $4 S&H ($5 Hacks, cell phone tricks, or anything else you might have. Canada.) NY State residents add $1.96 tax. CRB research, Check us out @ http:/twww.i-hacked.com Box 56BL, Commack, NY 11725. VisalMC accepted. Phone ADD A CONVERSATIONAL USER INTERFACE to your order M-Tu-Th·F, 10 to 2 Eastern time. (516) 543-9169. web site or Windows-based software applications with NULL MODEMS - Download laptop: or upload to your pc the Foxee™, the friendly interactive arctic blue fox agent easy way! w/ direct connect, or (DOS 6.1) Customized setup, character! In the real world not everyone who navigates your no bulky adapters, MAC or IBM compatibles. Send $18.95 for web site or software are expert hackers, and some users 6ft cable, specify 25 or 9db ends, custom ok. Instructions need a little help. Foxee is a hand-drawn animated cartoon included. P.O. Box 431 Pleasanton, CA 94566 (510)485- character that will accept input through voice commands, text 1589 boxes, or a mouse, and interact with your users through text, A TO Z OF CELLULAR PROGRAMMING. Programming animated gestures, and even digital speech to help guide instructions on over 300 phones in a software database. them through your software with ease! Foxee supports 10 Also back door and test mode access instructions for all the spoken languages and 31 written languages. She can be popular models; manufacturer's contacts, system select, lock/ added to your software through C++, VB6, all .Net unlock info. Just $59.95. Orders only: (800)457-4556, languages, VBScript, JavaScript, and many others! Natively inquiries: (714)643-8426. C.G.C. compatible with Microsoft Internet Explorer and can work with GAMBLING MACHINE JACKPOTTERS We offer a Mozilla Firefox when used with a free plug-in. See a free complete range of gambling products designed to cheat demonstration and purchasing information for Foxee at www. gambling machines as well as other games. Our products are foxee.net! designed to demonstrate to gambling machine owners the DO YOU WANT MORE underground information? Are you vulnerabilities of their machines. Our product line consists of ready to go to a whole new level of knOWledge? Then you Gambling Machine Jackpotters, Emptiers, Credit Adding need to check out "Binary Revolution" magazine.
is a Devices, Bill Acceptor Defeats and Black Jack Card Counting printed hacking magazine put out by the DDP that covers Devices. Please visit www.jackpotters.com hacking, phreaking, and other assorted topics from the KEYSTROKEGRABBERS.COM Manufacturer of discreet computer underground. For more information on the keyboard logging hardware. Our devices capture ALL magazine, forums, HackRadio, HackTV, or any of our other keystrokes on a computer including user name and numerous projects, come to www.binrev.com and join the password. PARENTS--Monitor your child's internet, e-mail, revolution. "THE REVOLUTION WILL BE DIGITIZED." instant messaging and chat room activity. EMPLOYERS-·· TUNE IN TO CYBER LINE RADIO on the internet, on the Monitor employee computer usage compliance. Employees USA Radio network. We can be heard Saturday Evenings will spend less time browsing the internet and sending e- 9:00 pm to 12:00 am (Central). Heard Exclusively On The mails if they are being monitored. EXECUTIVES & SYSTEM USA Radio Network & Via The Internell We discuss ADMINS--detect any unauthorized access of your PC. If Technology, Space, Hacking, Linux and more. For more someone uses your computer after hours, you will know. details meet us at www.cyber·line.com. (305)418-7510 BLACKLISTED MEETINGS will begin in Greece as the new HACKING, PHREAKING , computer security and education year arrives, They will be held every 3rd saturday of the on the First Tuesday of every month in the Detroit area. month and they will begin at 7pm. Meeting point will be the Meeting is at 7pm at Xehdo's cafe in Ferndale. Bring your centre of Athens at the metro station Panepistimio by the open mind and positive attitude. fountains . Also check the webpage www.blacklisted411.gr. I WANT TO OFFER my playstation 2 game burning service. A+ CERTtFIED TECHNICIAN offering cheap repairs in Any game that you would like for a back-up or just for fun. Or Louisville Area. Will make house calls or take home with me. maybe that Japanese game that just won't be out in the I do everything from virus and spyware removal to t United states for a few months.. I have bundles that you can networking. Send an email to alanb6100@gmail.com with choose from if you want handfulls depending how much you your name and phone number as well as a description of the order. the games are $25 each IPLEASE NOTE THAT YOUR problem. Also I have Gmail invites available for a reasonable PLAYSTATION 2 NEEDS TO BE MODOED I ALSO HAVE price. Louisville area only unless you want to Western Union THAT SERVICE BUT YOU CAN ALSO GOOGLE SEARCH me some moneyI Thanks! FOR PREMODDED SYSTEMS TO BUY. EMAIL IF YOU SELLING USED HIRSCH SCRAMBLEPADS that retail new HAVE ANY QUESTIONS AT ALL. for around 500$ for your best offer! They are for very high ACCUSED OF A COMPUTER RELATED CRIMINAL security places, every time you press the START button on OFFENSE IN ANY CALIFORNIA OR FEDERAL COURT? the keypad it randomizes the digits so that any onlookers Consult with a semantic warrior committed to the liberation of cannot find a pattern in the digits you press. Also, you cannot information specializing in the defense of alleged see the numbers from the side, so for anyone to see your cybercriminals, including but not limited to, hackers, crackers, code they would have to be directly behind you. Email me for and phreaks. Not a former prosecutor seeking to convince more information. guiltyspark414@netscape.net defendants to plead guilty, but an idealistic constitutional and WANTED: FEATURE FILM JUNKIE who can access up-to- criminal defense attorney who helped secure a total dismissal date FAX numbers for hot agents and/or producers & of all charges in Los Angeles Superior Court for Kevin directors. My objective: to bring to their allention my action- Mitnick, who was falsely charged with committing computer- thriller script. Can pay by the hour. (909)275-9101 related felonies in a case with $1 million bail. Please contact HI, MY NAME IS RICK. Me and my friend Rob where looking Omar Figueroa, Esq., at (415) 986-5591. at omar@aya.yale. for a low cost rackmount server one day to use for a web and edu or omar@stanfordalumnLorg, or at 506 Broadway, San mail server that we could have racked at a local datacenter, Francisco, CA 94133-4507. Complimentary case consultation Not finding anything real cheap we decided to start our own for Blacklisted 411 readers. (Also specializing in medical company building fast cheap servers for you also. www. marijuana and cannabis cultivation cases.) All consultations cheaplu.com was born. Menlion this ad and get 10% off any are strictly confidential and protected by the attorney-client server order. Also since I am the owner, if you mention this privilege. ad buy 10 servers and I will throw in the 10lh server for freel Blacklisted I 411 Volume 8 Issue 3 - Fall 2006 57 Interested in meeting up with some of the Blacklistedl 411 readers? . We will list all hacker meeting information that is provided to us. We will list "Blacklisted! 411" only meetings as well as "independent" meetings open to all. Califomia Minnesota (949 Area Code) - Irvine (612 Area Code) - Minneapolis Extreme Pizza - 14141 Jeffrey Road, Irvine, Ca. 92714 - Spyhouse coffee shot at the corner of 25th South and Nicollet Meeting is not Blacklistedl 411 specific. The meeting date Ave. Look for the Blacklistedl 411 magz on the table. may change from month to month. For specifics, check here: Last Friday of the month, 5:00pm - 8:00pm www.irvineunderground.org Hosted by: Thea DeSilva Hosted by: Freaky HewM. ColorGdo (505 Area Code) - Albuquerque Winrock Mall - Louisiana at 140.food court. east side doors (719 Area Code) - Colorado Springs under the security camera dome. DC719 - Hack the Rockies. Meetings held on the 3rd Sat. of First Friday of the month, 5:30pm - 9:00pm every month. 8pm-11pm @ Xtreme Online, 3924 Palmer Hosted by: Mr. Menning Park BLVD Hosted by: DC719 POC: h3adrush Texas (303 Area Code) - Centennial (713 Area Code) - Houston We meet the first Friday and third of every month at 5:00pm In front of Rocfish on Westheimer/Kirkwood. Last Sunday of at the Borders cafe on Parker in Arapahoe Crossings. every month. 7:00pm till close. Hosted by: Ringo Hosted by: Muel1oChongo Aorida (915/325 Area Codes) - Blackwell John's Detectors. 501 W. Main St. Third Friday of every (407 Area Code) - Orlando month. 7:00pm until...? For more information. visit our site at The computer room in the Grand Reserve Apts. at Maitland www.johnsdetectors.com Park Hosted by: Wirechlef Last Friday of the month, 12:00pm - 1:30pm Hosted by: Whisper Wyoming Georgia (307 Area Code) - Rock Springs/Green River White Mountain Mall-Sage Creek Bagels. The last Friday (678fl701404 Area Codes) - Duluth or every month from 6:30pm until 9:30pm. Meetings are the first and third Tuesday of every month, in Hosted by: Phreaky the cafe of Frys Electronics. They start at 6:30 until we get kicked out, and then continue elsewhere. Visit our site at www.HackDuluth.org and sign up on the forums to receive Mexico emails about the group. (666 Area Code) - Tijuana, B.C. Hosted by: P(?)NYB(?)Y Cafe Internet, Calle 12, Felix M. Gomez #844, Col. Libertad. In back room by payphone. First Friday of the month, Illinois 5:00pm to 8:00pm , Hosted by: Tom (217 Area Code) - Urbana • Espresso Royale Caffe. 1117 W. Oregon St., Urbana, IL 61801. At the corner of Goodwin and Oregon, across the street from the Krannert Center fQr the Performing ' Arts. Every second Friday of the month, 8 PM Hosted by: r3tic3nt (r3tic3nt@gmail.com) Iowa (515 Area Code) - Ames ISU Memorial Union Food Court by the payphone. First Friday of each month, from 5:00pm onward. Hosted by: Omikron SUBSCRIPTIONS AVAILABLE ONLINE WWW.BLACKLISTED411.NET SUBSCRIPTIONS AVAILABLE ONLINE 58 Volume 8 Issue 3 - Fall 2006 Blacklistedl411