Old-School Hacking
by Kim Moser
I thought other 2600 readers might enjoy hearing about some of my early programming and hacking experiences.
While most of my hacking was quite legal, and only crossed over to being occasionally unethical at worst, I have changed the names of my fellow participants, unwitting third parties, and associated institutions to protect their identities. (If you're resourceful and tenacious, you can follow the link listed at the end of this article to determine some of those hidden details, if you really care.)
Part 1: The Teletype
My exposure to computers began in the late 1970s, when I was in the sixth grade.
My school had an old Teletype terminal, which operated at approximately 50 baud and printed on a continuous roll of newsprint-like yellow paper. It also had a mechanism for storing and retrieving programs on punch tape. Just about any keystroke sequence could be punched on tape and played back later.
We didn't use the tape punch much, except as a curiosity and to make confetti; the mechanism would punch out tiny paper disks, similar to (but smaller than) those produced by a regular paper hole punch, which would accumulate in a plastic hopper beneath the terminal.
After letting the tape punch do its thing for a few minutes, we'd have a handful of confetti suitable for dumping on the head of the nearest person or tossing out the fourth floor window.
Because the Teletype was a "dumb" terminal, it couldn't do much by itself. It could, however, dial out and connect to remote computers, which let you operate them though the Teletype, in effect making it appear as if the Teletype itself was the remote computer.
My school had an account on a Hewlett-Packard 3000 mini owned by a nearby university that was otherwise unaffiliated with our high school. This account allowed us to access the university's HP through the Teletype and to use the HP's resources, specifically its BASIC interpreter.
My school's computer teachers, Harold Tanner and Ellen Smith (not their real names), created accounts for each student, under the main SCHOOLNAME account.
To log on to the HP from the Teletype, we would first use the Teletype's phone to dial the number of the university's HP.
After the call connected, we would wait for the HP to send a high-pitched signal indicating that it was waiting for a connection. We would then hit the "Enter" key on the Teletype. After the HP responded with a : (which appeared on the Teletype), we would press the "Escape" key, then type a semicolon (;) and log in by typing HELLO XMOSER.SCHOOLNAME and hitting "Enter".
(Everyone's login name was their last name with an X in front of it, so we all had a unique login.)
We would then be prompted for our password, which we would type, and then we would be able to use the system. When we were finished, we would type BYE to disconnect from the HP.
The Inadvertent Hack
One day one of my classmates, Ed Franklin, came up to me with a sneaky look on his face.
He started to wonder out loud whether or not I could be trusted to keep a secret. I assured him I could. A bit reluctantly, he consented.
He held up a sheet of paper from the terminal, and pointed at one part of it. I recognized it as the place where you typed in your password in order to use your account.
Just before the HP asked you for your password, it would type XXXXXXXXXX, MMMMMMMMMM, and WWWWWWWWWW, all on top of each other, so that when you typed your password on top of that, nobody could read the jumble of overwritten characters.
The Teletype would print these characters fairly quickly and if the ribbon was low on ink then the characters wouldn't be very effective in obscuring the password that you typed over them.
The ink on the paper was slightly faint, and I could read most of the letters. Ed sat down next to me and, in a low voice, told me that this was Mr. Tanner's password.
That was sort of obvious, since directly above it was typed HELLO HAROLDT.SCHOOLNAME, meaning it was Harold Tanner who was signing in to his account. We carefully looked at the lettering where Mr. Tanner had typed his password over the line of X, M, and W characters. It read: TANNER
Ed and I looked at each other and knew what we could do with this information. I asked Ed where he got this sheet of paper, and he told me that it was the sheet that Mr. Tanner used to demonstrate how to log in.
Ed and I ran up to the computer room and used the Teletype to dial the university's HP.
Ed typed: HELLO HAROLDT.SCHOOLNAME
When the computer asked for his password, Ed typed TANNER, while I stood guard to make sure nobody saw what we were doing. When the machine responded with :, we knew that we had indeed found Mr. Tanner's password. This meant that we could use his account, which was a master account, and we could create new accounts. Ed and I were practically jumping for joy.
The next day, during our lunch period, Ed and I went up to the computer room.
I stood guard as Ed logged on. He then proceeded to type out the necessary information to create a user called XMAN. Afterwards, he tested it out. It worked!
The next day, instead of typing in the usual HELLO XMOSER.SCHOOLNAME, I typed in HELLO XMAN.SCHOOLNAME.
Now I didn't have to use account XMOSER time any more, which was important because each user's account was allocated only a certain amount of computer time, and once that time was used up they wouldn't be allowed to log in again.
Epilogue: Trashing the Teletype
One day in my senior year, I was leaving school to go home.
Usually I went out the back door, since it put me a block closer to my house, but this day I was already near the front door. As I walked by the pile of garbage bags lined up on the sidewalk in front of the school, I noticed the Teletype sitting on the side, obviously being thrown out.
I was with a couple of other students who had used the Teletype, and our first instinct was to destroy it. In a matter of minutes we had gutted the machine of every removable, yet useless, part, including the telephone dial and many buttons from the keyboard.
That marked the end of the Teletype era at my school.
Afterwards, I regretted having destroyed the machine because I thought that I could have brought it to my house, although in reality I wouldn't have gotten much use out of it. By then I already had a Commodore 64 and a 300 baud modem which, while not particularly powerful, was still far superior to the Teletype, which I could have used as a crude printer at best.
Part 2: High-Score Hacking
One summer day in 1984, after each of us had owned a Commodore 64 for some time, Ed Franklin visited me.
Ed and I both subscribed to Commodore Power/Play magazine, which was dedicated for the most part to C64 users. In each issue, they would publish the names of readers who had attained the highest scores on video games published by Commodore.
These games included Le Mans (a car racing game), Lunar Lander (a game whereby you had to guide a lunar module to a safe landing on the uneven lunar terrain), Gorf (a copy of an arcade game by the same name), and others. Although they were originally manufactured on cartridge, Ed and I had all of these games on disk. (You might say that we had "creatively acquired" them.)
It didn't take too much skill to become fairly proficient at some of these games, and Ed and I decided that we'd put an end to the high score challenges once and for all. We would get an absurdly high score and send in a photo of the screen as proof. But we didn't want to waste hours trying to play a perfect game. Besides, none of these games saved the high scores to disk; as soon as you shut off the machine, that session's highest score was lost.
It turns out that because the Commodore 64's built-in character set, like that of most computers, is not particularly fancy, most games define their own character set. Most of the Commodore games did this, and each had a slightly different font, which was designed to match the game's visual theme.
The computer's character set is really a string of bytes that determine the pattern that will appear for each character.
In the ASCII character set, the 65th character is "A", the 66th is "B", etc.
Because lowercase letters are different from their uppercase counterparts, they start with 97 ("a"), 98 ("b"), etc.
Other characters (digits and punctuation) are assigned other numbers.
For each character, the computer has to know how to represent it; otherwise it can't display anything. It turns out that each character is represented in an 8-by-8 grid of pixels (dots) on the screen.
The letter "A" might be represented as follows:
For most characters, the rightmost and bottom-most column and row of pixels are empty so that the characters don't run into each other when they're printed adjacent to each other. If the bits from each row are then grouped into one byte, the pattern above is represented by the following eight bytes:
Notice that row 2, 3, 5, 6, and 7 all contain the same number (194) because those corresponding rows in the "A" character are all exactly the same.
Each of the computer's available 256 characters are thus represented in 8 bytes, which causes the character set to take a total of 2048 bytes.
Every time you hit the "A" key on the keyboard, and subsequently every time the computer displays the 65th character in the character set (note that I don't want to say "the 'A' character," and you'll see why in a second), "A" is printed on the screen, exactly as it is represented in the character set.
If, however, the representation of the 65th character is changed to the following pattern:
Then every time the computer displays the 65th character, you'll see that character on the screen. Likewise, every time you hit the key that is marked "A", the above character (not an "A") will appear on the screen.
Most of Commodore's arcade games listed the highest score in the format 000000, i.e. they always showed six digits; even if your score was 1, it would be displayed as 000001.
If we redefined just the 0 character so that it represented whatever the 9 character represented (i.e. so that it appeared as a 9 character), a score of 000000 would be displayed as 999999.
This was our basic approach, but since 999999 was too perfect a score (and, more likely, a wildly impossible score), nobody in their right mind would believe it.
To get around this, we had to manage to get even a mediocre score of, say, 004697, which was fairly easy, and which would appear as 994697.
For each game, Ed and I determined the memory location of the customized character set. We then found the location of the eight bytes which represented the 48th character (normally displayed as 0), as well as the eight bytes which represented the 57th character (normally represented as 9).
We then copied the eight bytes from the 9 character over the eight bytes from the 0 character and ran the game.
Subsequently, every instance of 0 on the screen was displayed as 9.
Some games were a bit harder to cheat because they scored in increments of 10, which meant that the right-most digit of a score had to be 0. In this case, our trick didn't work, since a score of 001240 would show up as 991429, whereas we wanted 991420 (0 in the right-most place).
To get around this, we left the 0 character as it was, but redefined the 1 character so that it looked like a 9. Then, a score of 001420 showed up as 009420.
Ed and I got some wildly high scores and photographed the screens as proof. (Of course, back then we didn't have digital cameras so we used film.)
Unfortunately, our subscriptions to Power/Play ran out before we sent in our photos, so we never knew whether they were printed, but by then we had lost any interest in seeing our names published. We had really done it only to prove that it could be done.
Had we not been able to redefine the games' character sets, we could have used a graphics program to recreate an image of the screen and then put in any score we pleased. This would have been difficult and time-consuming, but would have achieved almost the same results.
Some screens would have been difficult to render precisely because the games displayed certain combinations of colors that were possible only through programming tricks, and which most drawing programs wouldn't attempt to mimic. Drawing the games' screens wouldn't have been nearly as much fun or challenging as reprogramming their character sets, though.
For more ephemera from my high school programming years, including printouts from the Teletype and photos of my fake high scores, visit: www.kmoser.com/oldschool