mirror of
https://github.com/fdiskyou/Zines.git
synced 2025-03-09 00:00:00 +01:00
197 lines
8.9 KiB
Text
197 lines
8.9 KiB
Text
==Phrack Inc.==
|
|
|
|
Volume Three, Issue Thirty-four, File #9 of 11
|
|
|
|
._._._._._._._._._._._._._._._._._._._._._._._._.
|
|
! !
|
|
! Advanced Modem-Oriented BBS Security !
|
|
! !
|
|
! By Laughing Gas and Dead Cow !
|
|
! !
|
|
! Written Exclusively for PHRACK 8/22/91 !
|
|
!_._._._._._._._._._._._._._._._._._._._._._._._!
|
|
|
|
|
|
* Introduction =-= Things you need to know *
|
|
|
|
This is an introduction and guide to setting up your BBS and modem so that a
|
|
caller must know a certain code and append it to his dialing string in order to
|
|
access the BBS. This lets you have yet another way (besides newuser passwords,
|
|
etc) to lock out unwanted callers.
|
|
|
|
You can also set a certain pattern for your board's numerical code based on the
|
|
day or the month or something, and distribute this pattern instead of having to
|
|
distribute the access code.
|
|
You must have an intelligent modem to be able to run a board which requires the
|
|
access method I'm going to be discussing in this file. However you don't need
|
|
an intelligent modem to be able to call the same board, but you do have to
|
|
enter the code manually if you do not have an intelligent modem. (So only
|
|
certain people can run a board with this method of access control, but >almost<
|
|
anyone can call one.)
|
|
|
|
All modem commands in this manual will be hayes 'AT' style commands, and some
|
|
may be available only to USRobotics Courier modems with v.42bis, or certain
|
|
other intelligent modems. If you can't get it to work with your modem, your
|
|
modem may not be able to do it, but try looking in your modem manual, just in
|
|
case.
|
|
|
|
NOTE: The ONLY modem that this method has been tested with is a USRobotics
|
|
Courier HST modem, (the new kind) with the v.42bis. I tested it with my modem
|
|
which is an older HST (14.4, but no v.42bis) and it did NOT accept the AT%T
|
|
command (it returned "ERROR"). Check page 83 of your HST manual for more info,
|
|
or type AT%$ for on-line help from the modem firmware. (about as helpful as the
|
|
manual, and neither are very detailed.)
|
|
|
|
Things to know:
|
|
ATDT1234567; This command causes your modem to dial 1234567 and
|
|
then return to command mode.
|
|
ATDT1234567@1; This command causes your modem to dial 1234567, wait for
|
|
an answer, dial 1 and return to command mode.
|
|
|-----> AT%T This command causes every tone that goes into the modem
|
|
| to be identified and followed with a 0.
|
|
|
|
|
|---------------------- This is the key to the whole enchilada.
|
|
|
|
Alternate commands may be available depending on your modem type.
|
|
|
|
* Concept =-= How-To
|
|
|
|
The concept for the bbs access code would be as follows.
|
|
|
|
The caller dials the number to the BBS, when the BBS picks up, it sends a
|
|
digit, then the caller sends a responding set of digits. If the digits which
|
|
the caller sends match the access code for the BBS, the BBS will send an answer
|
|
tone and the caller's modem will acknowledge and connection.
|
|
|
|
How it works is like this:
|
|
(Sample Transcript)
|
|
|
|
CALLER> ATDT1234567@234
|
|
BBS> RING
|
|
BBS> ATDT1;
|
|
BBS> OK
|
|
BBS> AT%T
|
|
BBS> 203040
|
|
BBS> ATA
|
|
|
|
What happens is the caller dials 1234567 (the number of the BBS) the '@' tells
|
|
the callers modem to wait for a result (which is received when the BBS gets a
|
|
ring and sends a 1) then the callers modem dials 234 (the access code) after
|
|
|
|
the BBS sent the '1' it got a OK so it sent a AT%T which told it to monitor
|
|
tones. This command returned "203040" which is 234 followed by 0's (the format
|
|
of the output of AT%T) the BBS software would have to watch for this string.
|
|
Since 234 was the right code, the board sent an ATA which would connect the
|
|
caller since it's dial command was still open. If 234 hadn't been the code,
|
|
then the BBS would have sent a ATH0.
|
|
|
|
* Manual Dialing =-= Lame modems *
|
|
|
|
Anyway, if you don't have a modem that does the AT%T or ATDT1; commands you
|
|
CANNOT run a BBS with this type of security, unless your modem has EQUIVALENT
|
|
commands, or you can figure out a way to do it with the commands your modem
|
|
has. The toughest part is the reading of tones, which, as far as I know, is
|
|
unique to the HST/Courier modems.
|
|
|
|
However, if your modem does not do the ATDT1@1 thing, then you can PROBABLY
|
|
still call a board using this security. This is assuming you can just send a
|
|
"dial command" to your modem without a number (ie ATD on an HST.) What you do
|
|
is dial the BBS number manually, then you'll here a beep, you dial the code,
|
|
then send the dial command to your modem and put the phone down. This should
|
|
connect you in the same fashion.. (ie..)
|
|
|
|
CALLER> manually dials BBS
|
|
BBS> ATDT1;
|
|
CALLER> hears beep and dials 234, then sends ATD to his modem and puts the
|
|
phone down.
|
|
BBS> OK
|
|
BBS> AT%T
|
|
BBS> 203040
|
|
BBS> ATA
|
|
CALLER> his modem connects.
|
|
|
|
* Bells and Whistles =-= Wrapping It Up *
|
|
|
|
Your options when using this type of security. There are many different things
|
|
you can do.
|
|
|
|
Method #1: You can say "Hey, the access code for my board is 234" and give
|
|
that to the people you want to call.
|
|
|
|
Method #2: Set a pattern for your access codes. Say, the date (ie, for today,
|
|
8-22-91 the code would be 082291), or you could get more complex (add one to
|
|
each digit, run it through an algorithm, etc)
|
|
|
|
Method #3: Distribute a program that generates the code based on the day, the
|
|
month, what have you. (However this is only a solution if you can either
|
|
distribute a program like this to EVERY type of operating system, or you only
|
|
want callers from one operating system (or several, the only ones you can
|
|
produce it for..)
|
|
|
|
Method #4: Have the BBS accept several codes, and give out different code to
|
|
each class of users (say, newusers to apply = 1234, validated = 2345, elite =
|
|
3456) or something like that, this would allow for control of who calls when,
|
|
as well as logging of call class frequency, etc.
|
|
|
|
Method #5: Have a specific code for each user. This would take a lot of
|
|
maintenance, but would provide for a VERY secure BBS environment. This would
|
|
allow the same advantages above as well (logging, freq. etc).
|
|
|
|
Things to keep in mind however are if you have an access code generated by a
|
|
program or by the date, etc. you have to change the code whenever the program
|
|
would.
|
|
|
|
An interesting side note here is that the AT%T command can be used to call a
|
|
COCOT (private payfone) and record the tones, or possibly to record codes other
|
|
people entered, etc. (Ie, bring your laptop with modem to a office, attach
|
|
it to an extension and wait for a person to pick up, issue the ATD; command
|
|
right away, then AT%T command. If the person dials a 950, you should get
|
|
something like
|
|
|
|
90500010003030 (pause) 203040506070
|
|
|
|
that is assuming the code is 234567. Congratulations, you now have their code.
|
|
The modem can recognize the dtmf tones for 0-9, *, #, and the silver box tones
|
|
A, B, C, and E. I'm sure other interesting uses for this feature can be
|
|
found, and I'd love to hear from the other people out there in the h/p world.
|
|
I'm sure a lot of you have seen me around, for those that haven't I can be
|
|
reached on my board, Solsbury Hill or Ripco (312) or on Internet as
|
|
lgas@doomsday.spies.com.
|
|
|
|
(Note: Spies is down as of this writing, I have some other accounts, but I'd
|
|
prefer that most of them remain unknown... if anyone wants to offer me an
|
|
account I can use just for mail where I can have my alias for the account
|
|
name, on a stable system, please contact me.)
|
|
|
|
|
|
* Non-BBS Oriented Stuff =-= Conclusion *
|
|
|
|
In some issue of 2600 magazine someplace at some time they published an article
|
|
on how to build a tone detection device: Now you have your own, built in to the
|
|
modem.
|
|
|
|
An example application of this "in the field" would be calling a COCOT and
|
|
using the modem to decipher the tones. That would be done:
|
|
|
|
ATDT3014283268; ;call the COCOT
|
|
AT%T ;get tones
|
|
|
|
it should respond with the decoded tones.
|
|
|
|
You could fool around with it and get it to accept input from a tape recorder,
|
|
this gives you a way to decipher recorded VMB passcodes, or phone numbers, or
|
|
anything else that was recorded as it was dialed. Or use it with a radio
|
|
scanner set to scan the freqs that cordless fones operate on, and record those
|
|
tones. Then play 'em back into the modem and they're yours.
|
|
|
|
In conclusion... (ahem).. This is an area which I believe has never been
|
|
breached before, and this idea was brought to you by THUGS. As long as
|
|
technology keeps advancing, we'll be here to bring you the latest tricks such
|
|
as this one. Please contact me if you have any information about this area
|
|
(tone detection via modem, or anything relating to it at all..) especially if
|
|
you know of modems besides the v.42bis models of USRobotic's HSTs that can do
|
|
this.
|
|
|
|
Laughing Gas
|
|
Solsbury Hill BBS (301-428-3268)
|
|
_______________________________________________________________________________
|