Path: senator-bedfellow.mit.edu!bloom-beacon.mit.edu!howland.erols.net!news-out-b.news.pipex.net.MISMATCH!tank.news.pipex.net!pipex!dispose.news.demon.net!demon!news.demon.co.uk!demon!quinny.demon.co.uk!not-for-mail From: Harlequin Newsgroups: alt.2600,alt.answers,news.answers,alt.test.a Subject: alt.2600 FAQ Revision .014 (4/4) Followup-To: alt.2600 Date: Thu, 14 Oct 1999 22:20:04 +0000 Organization: Harlequin's Consultancy Approved: news-answers-request@MIT.EDU Expires: Fri, 22 Oct 1999 12:00:00 GMT Message-ID: Reply-To: voyager@attrition.org (FAQ Comments address), harlequin@fnord.org.uk (Harlequin) NNTP-Posting-Host: quinny.demon.co.uk Summary: This posting contains a list of Frequently Asked Questions (and their answers) about hacking. It should be read by anyone who wishes to post to the alt.2600 newsgroup or use the IRC channel #hack. X-NNTP-Posting-Host: quinny.demon.co.uk:193.237.46.237 X-Trace: news.demon.co.uk 939939895 nnrp-08:15503 NO-IDENT quinny.demon.co.uk:193.237.46.237 X-Complaints-To: abuse@demon.net X-Newsreader: Forte Agent 1.6/32.525 MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Lines: 403 Xref: senator-bedfellow.mit.edu alt.2600:419457 alt.answers:44962 news.answers:169029 alt.test.a:6363 We've been selling 2600 at the same newsstand price ($4) since 1988 and we hope to keep it at that price for as long as we can get away with it. At the same time, $21 is about the right price to cover subscriber costs, including postage and record keeping, etc. People who subscribe don't have to worry about finding an issue someplace, they tend to get issues several weeks before the newsstands get them, and they can take out free ads in the 2600 Marketplace. This is not uncommon in the publishing industry. The NY Times, for example, costs $156.50 at the newsstands, and $234.75 delivered to your door. Editors Note: The newstand price is now $4.50. =3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D= -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-= =3D =3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D Section G -- = Miscellaneous =3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D =3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D= -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-= =3D G-01. What does XXX stand for? TLA Three Letter Acronym ACL Access Control List PIN Personal Identification Number TCB Trusted Computing Base ALRU Automatic Line Record Update AN Associated Number ARSB Automated Repair Service Bureau ATH Abbreviated Trouble History BOC Bell Operating Company BOR Basic Output Report BOSS Business Office Servicing System CA Cable COE Central Office Equipment COSMOS Computer System for Main Frame Operations CMC Construction Maintenance Center CNID Calling Number IDentification CO Central Office COCOT Customer Owned Coin Operated Telephone CRSAB Centralized Repair Service Answering Bureau DID Direct Inbound Dialing DDD Direct Distance Dialing ECC Enter Cable Change LD Long Distance LMOS Loop Maintenance Operations System MLT Mechanized Loop Testing NPA Numbering Plan Area PBX Private Branch Exchange POTS Plain Old Telephone Service RBOC Regional Bell Operating Company RSB Repair Service Bureau SS Special Service TAS Telephone Answering Service TH Trouble History TREAT Trouble Report Evaluation and Analysis Tool LOD Legion of Doom HFC Hell Fire Club TNO The New Order ACiD Ansi Creators in Demand CCi Cybercrime International =46LT Fairlight iCE Insane Creators Enterprise iNC International Network of Crackers NTA The Nocturnal Trading Alliance PDX Paradox PE Public Enemy PSY Psychose QTX Quartex RZR Razor (1911) S!P Supr!se Productions TDT The Dream Team THG The Humble Guys THP The Hill People TRSI Tristar Red Sector Inc. UUDW Union of United Death Workers -------------------------------------------------------------------------= -- G-02. How do I determine if I have a valid credit card number? [Note from Markus McKenna: "I tried the credit card algorithm on one of my credit card numbers... it's out of date." H.] Credit cards use the Luhn Check Digit Algorithm. The main purpose of this algorithm is to catch data entry errors, but it does double duty here as a weak security tool. =46or a card with an even number of digits, double every odd numbered digit (1st digit, 3rd digit, 5th digit, etc...) and subtract 9 if the product is greater than 9. Add up all the even digits (2nd digit, 4th digit, 6th digit, etc...) as well as the doubled-odd digits, and the result must be a multiple of 10 or it's not a valid card. If the card has an odd number of digits, perform the same addition doubling the even numbered digits instead. [Note from Dan Mellem: This really needs an example; it reads like all the odds should be handled first. E.g.: * * * * * * * * 1234 9876 0000 0008 2264 9856 0000 0008; sum =3D 50 H.] This program, presented in C source code form, will perform this math for you. Feed it all but the last digit of your credit card number, and it will give you the last digit. If it gives you a last digit different from the one you have, you have an invalid credit card number. #include /* * Return last digit of a bank card (e.g. credit card) * Receives all the digits, but the last one as input * By Diomidis Spinellis */ int bank (u) char *u; { register i, s =3D 0; int l, t; l =3D strlen(u); for(i =3D 0; i < l ; i++) { t =3D (u[l - i - 1] - '0') * (1 + ((i + 1) % 2)); s +=3D t < 10 ? t : t - 9; } return 10 - s % 10; } void main (argc, argv) int argc; char **argv; { while (--argc) printf ("%d\n", bank (*++argv)); } -------------------------------------------------------------------------= -- G-03. What is the layout of data on magnetic stripe cards? This FAQ answer was written largely with information supplied by wea$el: Data is laid out on a standard magnetic car in three tracks. A card may have any of these tracks, or a combination of these tracks. Track 1 was the first track standardized. It was developed by the International Air Transportation Association (IATA) and is still reserved for their use. It is 210bpi with room for 79 7-bit characters. Track 1 is encoded with a 7-bit scheme (6 data bits plus one parity bit) that's based on ASCII. If your reader does not perform the ASCII conversion, all you have to do is add 0x20 to each byte to turn it into ASCII (there are no "control" characters). The seventh bit is an odd parity bit at the end of each byte. Track 1 Fields .-----------------------------------------------------------------------. | Start sentinel | 1 byte (the % character) | | | | | Format code | 1 byte alpha (The standard for financial | | | institutions specifies format code is "B") | | | | | Primary Account | Up to 19 characters. American Express inserts] | | number | space characters in here in the same places the | | | digits are broken up on the face of your card. | | | | | Separator | 1 byte (the ^ character) | | | | | Country code | 3 bytes, if used. (The United States is 840) | | | This is only used if the account number begins | | | with "59." | | | | | Surname | | | | | | Surname | (the / character) | | separator | | | | | | First name | | | or initial | | | | | | Space | (when followed by more data) | | | | | Middle name | | | or initial | | | | | | Period | (when followed by a title) | | | | | Title | (when used) | | | | | Separator | 1 byte (^) | | | | | Expiration date | 4 bytes (YYMM) or the one byte separator if a | | or separator | non-expiring card. | | | | | Discretionary | Optional data can be encoded here by the issuer. | | data | | | | | | End Sentinel | 1 byte (the ? character) | | | | | Longitudinal | 1 byte. The LRC is made up of parity bits for | | Redundancy | each "row" of bytes, making the total even. That| | Check (LRC) | means that the total of all the bit 1s of each | | | byte has to come out to an even number. Same for| | | bit 2, etc. The LRC's parity bit is not the sum | | | of the parity bits of the message, but only the | | | parity bit for the LRC character itself. (It's | | | odd, just like any other single byte's parity | | | bit.) | `-----------------------------------------------------------------------' Track 2 was developed by the American Bankers Association (ABA) for on-line financial transactions. It is 75bpi with room for 40 5-bit numeric characters. Track 2 is encoded with a 5-bit scheme (4 data bits plus one parity bit.) To convert this data into ASCII, add 0x30 to each byte. Track 1 Fields .-----------------------------------------------------------------------. | Start sentinel | 1 byte (0x0B, or a ; in ASCII) | | | | | Primary Account | Up to 19 bytes | | number | | | | | | Separator | 1 byte (0x0D, or an =3D in ASCII) = | | | | | Country code | 3 bytes, if used. (The United States is 840) | | | This is only used if the account number begins | | | with "59." | | | | | Expiration date | 4 bytes (YYMM) or the one byte separator if a | | or separator | non-expiring card | | | | | Discretionary | Optional data can be encoded here by the issuer. | | data | | | | | | End Sentinel | 1 byte (0x0F, or a ? in ASCII) | | | | | Longitudinal | 1 byte. | | Redundancy | | | Check (LRC) | | `-----------------------------------------------------------------------' Track 3 is also used for financial transactions. The difference is its read/write ability. It is 210bpi with room for 107 numeric digits. Track 3 is used to store the enciphered PIN, country code, currency units, amount authorized, subsidiary account information, and other account restrictions. Track 3 has the same properties as track 1 (start and end sentinels and an LRC byte), except that there is no standard for the data content or format. Track 3 is not currently used by any national bank card issuer. In those rare systems where the PIN is stored on the card, this is the track where it is stored. =46or more information of this topic, read the ANSI/ISO 7811/1-5 = standard. This document is available from the American Bankers Association. Other standards documents covering related topics include: ANSI X3.92 Data Encryption Algorithm (DEA) ANSI X3.106 Modems of DEA Operation ANSI X4.16 American National Standard for financial services, financial transaction cards, magnetic stripe encoding ANSI X9.8 Personal Identification Number (PIN) Management and Security ANSI X9.19 Financial Institution Retail Message Authentication (MAC) ISO 7810 ISO 7811 ISO 7812 ISO 8583 Bank card originated messages Interchange message specifications Content for financial transactions. ISO 8731-1 Banking: Approved algorithms for message authentication Part 1 - DEA Part 2 - Message Authentication algorithms ISO 7816 Identification cards, Integrated circuit(s) with contacts Part 1 - Physical Characteristics Part 2 - Dimensions and locations of the contacts Part 3 - Electronic signals and transmission protocols -------------------------------------------------------------------------= -- G-04. What is pirate radio? Pirate radio is broadcasting outside of the rules laid down by the =46ederal Communications Commission (FCC). Pirate radio usually occurs = on the FM band because that is where the most receivers are. Under Part 15 of the FCC rules, you can legally broadcast on the FM band if you broadcast using less that 100 milliwatts of output power and and antenna less than 3' long. By contrast, commercial FM broadcasters are required to broadcast using at least 100 watts of output power. 100 milliwatts will give your signal an effective range of less than one mile. You can build the gear needed to transmit pirate radio or you can buy much of what you need from Radio Free Berkeley. An entire broadcasting system can be put together for well under $1,000. =46or more information, check out Radio Free Berkeley at http://www.freeradio.org. -------------------------------------------------------------------------= -- G-05. What are the ethics of hacking? An excerpt from: Hackers: Heroes of the Computer Revolution by Steven Levy Access to computers -- and anything which might teach you something about the way the world works -- should be unlimited and total. Always yield to the Hands-On imperative. All information should be free. Mistrust Authority. Promote Decentralization. Hackers should be judged by their hacking, not bogus criteria such as degrees, age, race, or position. You can create art and beauty on a computer. Computers can change your life for the better. -------------------------------------------------------------------------= -- G-06. Why did you write this FAQ? Hacking is an interest of mine. Years ago, I would often communicate on IRC with other people who were also interested in hacking and we would discuss the topics covered in this FAQ. Over time, I grew tired of having the same discussions again and again. I wrote down these questions and answers with the hope that I would never again have to explain the basics of hacking and that our conversation would move on to more advanced and interesting topics. In the beginning, this was the #hack FAQ. Later, Tomes suggested that we adopt it as the alt.2600 FAQ also. I have enjoyed writing this FAQ, and I hope you enjoy it also. -------------------------------------------------------------------------= -- G-07. Where can I get a copy of the alt.2600/#hack FAQ? Get it on FTP at: rahul.net /pub/lps/sysadmin/ rtfm.mit.edu /pub/usenet-by-group/alt.2600 ftp.primenet.com /users/c/cracked/hacking/2600faq.zip Get it on the World Wide Web at: http://www-personal.engin.umich.edu/~jgotts/underground/hack-faq http://www-personal.engin.umich.edu/~jgotts/underground/hack-faq.tar.gz [and the HTMLised, bookmarked version on the alt.2600 Web site at http://www.jssquires.freeserve.co.uk. H.] EOT --=20 Greater Poop: Maybe you are just crazy. Malaclypse the Younger: Indeed! But do not reject these teachings as false because I am crazy. The reason that I am crazy is because they are true. [Interview with Malaclypse the Younger, K.S.C.]