Jump to content


Most Liked Content


#360356 Has everyone been down repped or is it just me?

Posted by Powermaniac7 on 11 February 2012 - 08:01 AM

Hi all,

Been busy for a while and was distracted by other facets of life. Signed in today was reading some of the posts to see if anything major or interesting has happened and not much has changed as I expected (no offence). So it seems no harm there in being temporarily gone.

Now as I was reading some of the posts and a reply to my "Everything is Assumed" thread I noticed I had been down rep to -6 so I checked the Binary Revolution forum index page where it has a list of where you were down repped and which it was in like each thread over a long past with no replies as to why...I in some ways don't care but was wondering has another spam bot got lose or some dumb-ass, or did I make a thread that offended some community and they say it and one of them joined and down repped me for that. Anyway I was also wondering if this had happened to anyone else as well.

Thanks in advance for any replies.
  • 5imp7y, tekio, johnnymanson and 5 others like this


#357224 Dell Laptop Password Issue ???

Posted by heisenbug on 18 February 2011 - 03:47 PM

Truth is i found the Laptop and intend keeping it but can't access the system without the password. In this case whats the best tool to use to hack the password?


After seeing your post #4, I withdrawal my advice.


After reading your comment #4 I also got really annoyed. I agree with Berzerk on this. Correct me if I am wrong, but it seems you don't know the difference between petty theft and hacking.

Here is what I consider the difference:

HACKING -
  • Taking a computer, and figuring out a way to bypass the password.
  • Disseminating the contents of the drive to find the owner's name, address, and pictures of them to identify them.
  • Being nice and installing programs to help them find their PC if they lose it again.
    • VNC - (to view the system)
    • An SSH server - (to help retrieve their files)
    • An IP beacon - (To say when the PC is online and what the IP address is)
  • Returning the laptop to the owner.
  • Occasionally checking in on the PC to make sure the system is ok, and they didn't lose it again. (What a good citizen!!!)

PETTY THEFT -
  • Not using google to find a simple kiddie script.
  • Being an idiot and telling everyone you are committing a crime.

  • StankDawg, Berzerk, nyphonejacks and 2 others like this


#351481 password generator

Posted by SigFLUP on 22 March 2010 - 06:53 PM

So I just logged into binrev using this:
Posted Image
it automatically generates, stores, and types passwords and looks like a usb-keyboard to your computer.

That's a at89c5131 dev-board, this mcu is pretty much an 8051 with usb hardware. I'm probably going to keep touching up the code a little before I start printing boards.
  • Seal, tekio, phr34kc0der and 1 other like this


#367465 You all remember the old AMPS networks

Posted by yuu on 06 January 2016 - 02:28 PM

tumblr_o0jpwe9VQu1ut5dmlo1_1280.png

 

I got this bag phone last month and was playing around with it to see if there was some tiny chance that it could connect to any network. As I suspected, there aren't any crumbling remains of AMPS networks anywhere near me. An interesting feature about this phone is there's an "Aux Out" which apparently was for sending faxes. Can't imagine lugging all of that around and plugging everything into the 12v jack in your car...


  • scratchytcarrier, user1 and kc9pke like this


#361501 Understanding the Tandem Network

Posted by ThoughtPhreaker on 07 September 2012 - 04:44 AM

Hey Samo! Good to hear from you again. Sorry to give you a wall of text here, there's really no concise way to explain this.

In short, if you want to explore a long distance tandem, your best bet is to use a PIC code. There's a very simple trick that lets you push any destination you want directly into the tandem. We'll use Worldcom as an example, since it works from basically anywhere in the United States.
Ready? Dial 101-0555. That's it; no zero, nothing. What you get next is a dialtone straight from the tandem. In the case of the ex-Worldcom tandems, it's not quite as fun as it could be; it wants an authorization code a-la 950 calling card.

Here's an example of what you might find - http://thoughtphreak..._800223110.flac

That's from a DMS (500, I think) owned by Integra, one of the local CLECs. Most long distance tandems (AT&T's aside - we'll get into that in a bit) don't like terminating toll-free calls, so you'll end up getting weird messages that you'll never be able to hear normally unless your switch loses it's mind. What's so great about this is you're completely free from the dialing restrictions of a normal end office. Want to dial an NXX starting with 1 or 0? A code starting with #? *? There's nothing standing in your way. Sprint in particular stuck a speed dial function on their tandem for some weird reason in the #xx range. #99+anything seems to be it's own little exception - it'll wait for a very large amount of digits before eventually giving you a generic CBCAE recording. This might indicate they're hiding something else here.

There's one downside to this technique; if you're not subscribed to a carrier, they won't always let you play with the tandem. ex-MCI (0222) and Sprint are a couple good examples of this, but Sprint will give you a cool message as a consolation prize. Depending on your area, you might have better luck too. For example, the Qwest long distance network has a combination of DMS-250 and Sonus switches.

Sonus isn't fond of letting people have fun on the phone, so you'll just get a generic error recording. If you encounter Global Crossing's Sonus switches, you won't even get a custom recording, you'll get the Sonus stock one. It's worth a laugh if you ever hear it. It's under three seconds, and was clearly made last minute by an engineer.

Speaking of Global Crossing, like MCI/0222, they have a number of Alcatel DEX switches floating around. Dialing 101-0444 will just get you an error, though. The solution? 950-1044! What dialplan they're using is absolutely beyond me, though, so you're on your own there. There's suggestions - like 800-223-1104 (but only without a 1) going to an invalid code recording that suggest it might be for calling card use, but most things I can think to try just go to a CBCAD.

And then we come to AT&T's 0288 network. I'll level with you, this is something I haven't figured out at all. Whenever I've been fortunate to get a dialtone back, it's always been from one of their 5ESS toll tandems. If there's such thing as a pushy phone switch, this is it. It'll let you know right away if it thinks you're doing something wrong. And putting a 1 in front of your destination number is wrong. I haven't had time or an opportunity to just sit down and investigate this, but what I do know is it's unique from a lot of other switches. For one, it'll terminate toll-free calls, but only on specific carriers. I believe just AT&T and Global Crossing toll-frees. Sometimes, it gets a little weirder - like, if you dial 800-244-1111, you'll get a recording from a McLeodUSA DMS. What this means I'm not sure exactly, but my guess is since the 5E toll tandems are responsible for lending a hand in connecting toll-frees, they'll store translations for those toll-frees. If it happens to have one - outdated or not, it'll just use that instead of doing an SMS-800 dip.

Also of note on the AT&T tandems is the 600 NPA. Instead of just intercepting it like any invalid NPA, it'll pass this onto the 4ESS. This might indicate AT&T stashed something in there.

As for your question - is SS7 relevant to phreaks?

Absolutely. The very core practice of phreaking - introducing unorthodox input into the phone network - is fair game to everything, in or out of the speech channel. In the past, we've proved ISDN cause codes can trigger calls to take a different route, and it's been demonstrated that originating a ghost call (in short, an ANI fail on steroids - a call originated with no field other than the destination number) can be enough trouble that phone companies would probably scratch their heads as to whom they should send the bill to. It's understandable that figuring these things out is a challenge, but if anything, that should be a motivator. We're phone phreaks, we've got the resourcefulness to identify a piece of telco hardware by nothing more than vague sounds, and have fun in the process. This should be a reminder that there's always more to explore, and always another limit to break.
  • Y0ungBra1n, nyphonejacks and skywanter like this


#361318 New to network hacking

Posted by phr34kc0der on 08 August 2012 - 02:37 PM

It's a mindset.

You hack to learn, you don't learn to hack.
  • Y0ungBra1n, SixThousandFish and specialgriff like this


#357578 YOUR ATM CARD CAN PAY YOU REAL MONEY

Posted by tmwhtkr on 22 March 2011 - 03:33 PM

That sounds like a lot of work! Can I just send you my bank account numbers and social and have you help me out?
  • seabass, anon3614 and CYB3R_THR34T like this


#349663 Spoofcall/Trapcall

Posted by decoder on 21 January 2010 - 10:02 PM

Not to stir shit up, but I certainly agree that this forum shouldn't be a place where fake accounts come along and post allegations which result in people being terminated from their employment.

If "unlucky" was indeed the victim of a violation of his privacy by an employee of trapcall/spoofcard then he should have contacted them.

Also, if Lucky was fired without any evidence of a particular account being accessed by an employee, then he worked for a piece of shit company.

If I were a mod, i would have deleted this thread because even if the allegations were true, there was not a shred of evidence provided, and I do not believe that this is a place for such things. perhaps if "unlucky" simply voiced a concern over the privacy expectations when dealing with a particular service, but he didn't - he made an accusation directed at one man, without anything to back it up.

That being said, it's probably all true. :laugh: ...seriously.
  • dinscurge, nyphonejacks and jeremy_ like this


#344876 I need to manipulate my cable tv.

Posted by R4p1d on 06 September 2009 - 11:50 PM

Every time i needed a channel on my cable tv, the company always ask for more money. Is there a way i could manipulate my cabletv without a hole in my pocket? Oh, i have direct tv.


Stop paying for tv service

Look into "FTA" or "FTA Receivers" Etc.

Just read up on the "Free to Air broadcasts"

You just buy a receiver, point your satellite at the orbiting satellite and you can get over 1,000 channels

Free.
  • StankDawg, Spyril and Gr4v170N like this


#344337 Apparently SCO owns UNIX again

Posted by Colonel Panic on 28 August 2009 - 03:37 AM

SCO doesn't own UNIX, at least not yet. The actual "ownership" and copyright to UNIX is a very complicated issue. All this court decision did was "reverse material aspects" of the earlier verdict from 2007 that found Novell to be the rightful copyright owner. Now there's going to be yet another trial case to determine whether SCO does in fact own the copyright.

I don't think anybody seriously gives a shit about System V UNIX, UnixWare or any of SCO's other crappy, outdated products.

But a company like SCO, which has been in bankruptcy for over 2 years, has virtually no market share and appears to exist these days only for the purpose of suing other companies, might well gain legal ownership of the original System V UNIX code. In other words: they might gain a legal "leg to stand on" and cause more trouble for OSS creators and vendors.

For years, SCO has been bitching that Linux infringes on a copyright for the original UNIX code that it assumes it holds. They have sued companies like IBM and Novell which produce Linux-based software and distribute Linux as an OEM OS. They have disseminated propaganda to Linux users, accusing them of copyright infringement and alleging they could be liable for damages simply by running Linux. They have sued their own (former) customers who switched from using their products to using Linux. SCO is also known to have received financial backing from other, far more powerful interests whose goal is to ruin the open source software movement by any means possible. At this point, SCO clearly has nothing to lose, and Microsoft doesn't have to dirty their hands or risk hurting their own public image by attacking open source developers in court. Microsoft can just sit back and bash the OSS movement in the press, allege IP infringements, negotiate cross-licensing agreements and provide financial support to companies like SCO to file anti-OSS suits.

This may not be a potent threat to the very existence of Linux, but it could definitely harm Linux in the business market and lead to some very bad precedents regarding OSS and software copyright/patents in general.


BTW, I'm not the one who voted down your post. It's an interesting bit of news on a case I haven't really followed in awhile. Thanks for posting it.
  • Michael R. Wally, Spyril and Wintermute21 like this


#343963 Postage Machine Hacking

Posted by Phail_Saph on 21 August 2009 - 01:02 AM

Posted Image

The above is the 'offical' Postal Regulation for an IBI or Information Based Indicia. All this information is contained in the 2-D barcode to the upper left of a piece of metered mail. Look at some of your junk mail and it will be very clear what I mean. It's that box that looks like Lattera's avatar. The column that says barcode are all of the data items in that 2-D barcode that I'm talking about and the Human Readable is what you can decipher when you look at it...date, time, etc.

The information is digitally signed so that when the Post Office reads the mail it can be fairly certain that it came from a particular licensed meter.

What's crazy is that the meter internally communicates with 'itself' using an asymetric key system...public/private. That is the meter contains a postal security device which is tamper resistant (of course resistance is a relative term) that sends out commands to create and sign the indicia with all the signals being encrypted. Think of it like an HTTPS setup for internal communications or more appropriately like each command being digitally signed. Digital signatures use the public/private key system so this is closer to what is happening.

The whole postage meter industry is so wacky. What I mean is that to actually attack the meter directly is incredibly hard but not impossible;however, there are far easier ways to 'hack' a meter. The meter itself and access thereof is fairly easy due to primitive security. If you have physical control of a meter and a system that can interface with it you can do pretty much whatever you want. But not to be too much of a worry wort...printing postage is printing money; stamps are a legal form of tender so if you play games with this stuff the penalties are insanely harsh because of that. I know some smartass is saying to himself, "Oh then I can use it to buy my groceries?" Not exactly...unclaimed stamps can and must be refunded by the post office. If you show up with a stamp that is legally yours or if you can 'somehow' prove that that is a stamp of yours the post office refunds the amount on the stamp. Of course it isn't an immediate refund. You can't just show up with a meter label for a hundred bucks and walk away with a c-note.

  • Spyril, dinscurge and chilly9630 like this


#341651 RIP Pirate Bay

Posted by .solo on 01 July 2009 - 11:30 AM

Ohm, you obviously get off on policing binrev. Seriously, I've seen you crush countless topics with your sense of superior morality. The only thing that impresses me about you is that you always find some way to condescend. You've got a real talent.
  • decoder, Phail_Saph and Freed.Info like this


#340641 New Operating Systems

Posted by Ohm on 12 June 2009 - 11:42 PM

Clearly the best was Windows 95. Don't you miss 3 reboots a day?

As for XP, it was received pretty badly at first. Pre-SP1, XP was quite buggy. Also, for the time it was resource heavy, so a lot of people complained they couldn't run it on their current machines. I always got a chuckle when people bashed Vista, yet praised XP which had similar problems at the start. Of course people were willing to bite the bullet since the alternative was Windows 98 (or for the enlightened few, Windows 2000). Now, you have XP which works and is stable, so you can sit back and poo Vista all you want.

I've also had no problems with Vista. If you have a fast enough machine, there's just not much to complain about. It works, what more do you want?

As long as you're listing future OSs, why not list Ubuntu 9.10?
  • decoder, Phail_Saph and R4p1d like this


#326986 Technical Books Online

Posted by Ohm on 03 January 2009 - 10:03 PM

Great link. Who wants to mirror this and stick up a torrent?
  • droops, chaostic and dinscurge like this


#364724 Looking for Electronics Engineers

Posted by ChatterNoise on 19 October 2014 - 07:37 PM

Hey guys, I recently signed up for an AMD Embedded Developer account and have access to all sorts of tfiles for the Embedded G-Series Processors and SoCs, as well as the R-Series Processors. I've been looking to develop a board around these things for a while. I need someone who has the ability to help me through the process (both physics and design) and is willing to do so without financial compensation (well, unless I decide to start selling these boards for multipurpose stuffs, then there will be percentages involved). Now, all of these things are very closed source and I signed maybe four too many non disclosure agreements. And they can very much make lawsuits against me, so anyone who is going to be working with me must also be able to obtain access to the files.
This is a link to the developer registration.
The process shouldn't be too hard, given I (at 17 years old) signed up and got approved. It took an overnight approval process, but other than that, there were no hiccups. (Also, within 15 minutes I was declined, then in the morning I was approved, so I don't know what's going on there, just try it if you are interested).


  • Michaelesic and MarthaArer like this


#356679 That paper I mentioned...

Posted by phaedrus on 12 January 2011 - 09:30 AM

I could write lots on this, but Ive just posted some notes I made on reading it the first time. I don't care about the layout and readability, all that is just window dressing to pretty it up, Im interested in the meat of the contents.

I think it misses the big elephant in the closet that causes the whole issue of security to arise and be such a shock in the first place.

Computers are NOT a black box system. They are a framework which lets you hang what modules you like off them to do various tasks. Modules == software programs. Thats the reason users end up shocked at their first virus, because they missed this after treating them as a switch on and go consumer device.
The car and toilet analogies dont work for me either, to change the oil in a car needs some prior understanding of the car, the quantity of oil, the grade of oil, what quality of oil to use, the frequency of changing it, in fact a whole bunch of factors which understanding the need for, bootstraps into a understanding of the car as a system. To change the oil in a car with abstraction, would be to take it to the garage and pay them to do so. The oil still gets changed, but you dont have to know anything that way apart from how to pay for it. People are reading your paper because they want to learn about how to change their computer/network's oil and some of its inner workings, not just take it a garage.

"First and foremost, one needs to accept that their
information is fundamentally safe, but that doesn’t mean they don’t need to worry. "
Its not fundamentally safe. Otherwise they wouldnt need to worry would they? We could all go and procreate with stunning playgirl models instead of reading your paper. In fact, its fundementally unsafe, and we must just take our best measures to mitigate our exposure to the risk.

the basics of network security :-
"Vulnerability assessment is the very first,"
The very first step is to want to understand and secure it. Vulnerability assessment is how you quantify how secure it is according to some metrics once youve taken that decision. Its a small but important distinction. It puts the first step about securing a network as wanting and caring enough about a networked system to want to secure it. And we're in the caring for things business in a way.

Layer 2 The Data Link Layer:
Local layer 2 attacks, at the moment are common and more disturbingly, mind numbingly simple.

Theyre only mind numbingly simple because script kiddies are using someone elses abstraction without understanding it therefore without the tool its horribly complex so you rely on the tool to deal with all that. Having to rely on a tool that I dont understand how works isnt simple, its complex to me. Im trusting it knows best...
You could say "there are automated tools to perform this which do not rely on the attacker having a deep understanding of the attack vector or what is being done." , it'd be more accurate. Even a tool used like that is is not mind numbingly simple, not to 99% of the computer using populace, some of which your hoping to catch with this tutorial in some way. A analogy here would be that you do not have to understand how a gun works to kill someone with it. The script kiddies dont understand the gun/tool but the end results are still devistating.

Also I think your fine china udp analogy doesnt work , I thought about it a bit and I'd go with something like "udp is like shouting your message to someone and *hoping* they hear in the manner of a newspaper seller, and tcp is the same, except the seller waits for each person to shout back to say they received and understand what was shouted. If you have a LOT of data which it doesnt matter if a little gets lost on the way (streamed music for eg), the udp is more efficient because you dont have to wait for everyone to shout back they got it."

First and foremost, one needs to start thinking of their network as something tangible,
something that can be stolen, because make no doubt about it, if it's too vulnerable, it can, and more
than likely will be compromised.
:-
To help you flesh out this bit , the something that can be stolen is the DATA contained therein and the computational resources. Your stopping people stealing your information to use it on their own systems to their gain, or stopping them stealing your network to co-opt it into a scheme under their own control, be it to attack other networks directly, to join a botnet or spam etc.

You think the above is bad, you want to see it when I get my red pen out on something I dont like.
The intent and effort your putting in is great, I hope the above comments help you think about the contents and concepts your trying to outline.
  • Trikk and seabass like this


#348514 FCC Considers Moving Phone Network to IP

Posted by Phail_Saph on 19 December 2009 - 04:24 AM


Chronomex...lol...because this is Chronomex...anyway you are just interjecting to show that you also know something about the telephone network...congratulations. This isn't a zero sum game. But, see this is a conversation and if you read from the beginning until you started wanting to see who has the biggest phreaking penis then your contributions would have led to a even more fruitful discussion.

Reread everything you just wrote...you are essentially agreeing with me except for some minimis...if you do don't think that packets switching would be a good idea then just say so and support it with the reasons you brought forth and we'll continue the discussion...jeez...You must seriously be intimidated by me...I'm a nice guy, just be civilized back. I don't know everything about telephony as that isn't my primary focus but I do know more than enough.

Uproarious laughter...haha...lol...that is so 80's...who talks like that anymore...made me laugh though.


No, sir, filer isn't me. He's a friend of mine, but not me. I don't have a problem with you as a person. I'm not taken to long replies, and I have no interest in trying to educate people online. I have better things to do with my time. :)

Packetized voice certainly has some benefits. For example, flexible use of bandwidth. By not reserving unused bandwidth for possible voice calls, it can be used for more data traffic. (This isn't impossible in TDM-based networks; there's been a standard protocol for dynamically reusing unused voice channels on T1s for data.)

The merits of TDM in my mind are also fairly clear. TDM (in the traditional sense of 64 kilobit voice circuits) guarantees a consistent delivery delay for the voice samples. VoIP, unless properly engineered, doesn't guarantee timely delivery, or for that matter delivery at all. Because the receiving end of a TDM connection doesn't have to de-jitter the voice stream, it can deliver the audio with a lower end-to-end delay.

I'd be glad to discuss this with you offline; feel free to call me at 206-569-5478.

See that is the kind of post that I appreciate. As to the VoIP issues check out what I said to ThoughPhreaker regarding his friends problems with dial-up over VoIP...I went over the engineering that you described. I still think you are filer but, if not, the fact that you are close friends means essentially the same thing for this conversation nor is it of any consequence.

Anyway, the phone number thing is a little weird. I don't know what to make of it. I'm definitely not going to call you directly as that is what this forum is for...I'm a nice guy but if people want to discount me or make me out to be an ass I'm prepared to give it right back and I know my shit so flaming or, as I like to say, "Ohming" won't work on me.

This has been one of the more interesting posts that I have had on this board. If you guy(s) have any 'inside' info on this proposal don't forget to share with the rest of us.


  • The Philosopher and dinscurge like this


#345163 Binrev Hacked 2009-07-29

Posted by army_of_one on 12 September 2009 - 11:29 AM


Guess they showed us, didn't they?


Yeah, they showed us how insecure hacker websites are, but didn't we already know this?

Producing content to fill the forums is more important then securing the forums.


You beat me to it. These guys are run of the mill hackers with excellent showmanship. How can I make that claim? They exploited common vulnerabilities, using common tools and techniques. It was evident that their brains were required occasionally, and I'm sure it was refreshing after all that routine hacking they bragged about. The choice of targets? High profile hacking- or security-oriented sites that focused more on content than their site security. Bragging about these sites is like saying you can shoot fish in a bucket... with a machine gun! Of course, these sites do get lots of press, so whatever happens to them gets noticed. In the end, Zero for Owned resembles a Richard Nixon publicity stunt more than a Kevin Mitnick exploit story. Does anyone else think Zero was named after its contribution to IT security?

To Zero for Owned: You've Just Been Powned! :cool:
  • StankDawg and WaMu like this


#342321 Massive DDoS attack underway

Posted by R4p1d on 10 July 2009 - 01:23 AM



Kevin Mitnick talked about it for 10min on Coast to Coast AM last night - equating it to a script-kiddie attack. I think the N. Korean Government would be a little more advanced. I mean every country that has any nuclear capability should be able to write buffer-over-flows and the like.

Why though? Being a nuisance and preventing communication can be just as useful of a tool for "cyber-warfare" as more 'tactical strikes' with a much lower technical barrier. Also, exploits can be patched (in a perfect world, they would be patched) and then lose their value to the attacker, but a DDoS can be a right bitch to deal with.

I guess that is what makes you a dangerous free thinker.... It just seems like a government like N.K., if they wanted to could possibly do better... crippling some major infastructure or what-not. I've not researched it much, so my opinion is coming from what Mitnick stated about the attacks - something to the effect it was more teenage in nature than government.

Looking at the attack, something was obviously compromised though, in order to get a botnet that large.


I'm not saying N.Korea did this, but I wouldn't be surprised, because they've done alot of childish things lately.
  • Phail_Saph and Freed.Info like this


#342106 milw0rm is closing up shop

Posted by StankDawg on 07 July 2009 - 05:23 PM

That is very sad... Peopel don't realize how much work it takes to run a site like that. I really liked milw0rm a lot. :(
  • R4p1d and Freed.Info like this


BinRev is hosted by the great people at Lunarpages!