Back to the main page

Mailing List Logs for ShadowRN

Message no. 1
From: Adam J <fro@***.AB.CA>
Subject: Hacking Security Tallies (Was Re: Weird Campaigns)
Date: Thu, 21 May 1998 04:30:44 -0600
At 10:36 21/05/98 +0100, you wrote:

[Hacking Security Tallies]
>The way to go about this would, I guess, be to do a Locate File to find
>the file (or memory address) containing the security tallies, and then an
>Edit File operation to change them.

Memory address, almost certainly. Harder for the average person to mess
with and less likely to be a victim of a randomly-deleting-stuff-dork-hacker.

I don't have VR2 right here, but Locate Memory Address would probably be
much the same as Locate File.

>However, I think there'd be some protection built into the system, for
>example that only supervisor-level users can alter security tallies. Any
>thoughts?

I think it would be nice to have longer days and require less sleep. Oh!
Thoughts about this stuff! Well, it makes sense -- if the computer does
something, it has to be poking bytes somewhere, and a skilled "user" should
be able to manipulate those bytes.. and yes, modifying something like that
would obviously be superuser only -- that's the point of superusers, to fix
shit when users break it, right? :)

Back to the time thing, I really need some time to work on JIaFU.. :/

-Adam
-
http://www.interware.it/users/adamj \ fro@***.ab.ca \ ICQ# 2350330
ShadowRN Assistant Fearless Leader \ FreeRPG Webring \ TSS Productions
The Shadowrun Supplemental \ SR Archive Co-Maintainer \ RPGA Reviwer
Message no. 2
From: Alfredo B Alves <dghost@****.COM>
Subject: Hacking Security Tallies (Was Re: Weird Campaigns)
Date: Thu, 21 May 1998 09:46:13 -0500
On Thu, 21 May 1998 04:30:44 -0600 Adam J <fro@***.AB.CA> writes:
>At 10:36 21/05/98 +0100, you wrote:
>[Hacking Security Tallies]
>>The way to go about this would, I guess, be to do a Locate File to find
>>the file (or memory address) containing the security tallies, and then
an
>>Edit File operation to change them.

>Memory address, almost certainly. Harder for the average person to mess
>with and less likely to be a victim of a
randomly-deleting-stuff-dork-hacker.
>
>I don't have VR2 right here, but Locate Memory Address would probably be
>much the same as Locate File.

Hmmmm.... VR2 doesn't have a listing for Locate Memory Address, but I
don't think it'd be like Locate File ... Dunno, I'm still *working on* my
computer savyness, but if SR computers are like modern computers , they
don't have a FAT table like the File system does ... IIRC, the closest
thing is if a chunk of memory is needed for a proggie, the proggie needs
to tell the OS that and so in the OS section there's a map that says this
chunk is allocated for this proggie. This map would even have an entry
for the OS, but it wouldn't actually tell you what the little bits mean
... I would say to remove the security Tallies you would need to:
1) Get a memory dump (shouldn't be too hard)
2) Find the OS section
3) Locate/decrypt the Security Tallies section
4) Find the Security Tallies in Active Memory
5) Alter the Security Tallies in Active Memory

How much time would all this take? Quite a bit, I think, but once you do
it the subsequent attempts should be easy ... unless the OS shifts in
memory (not a good idea, IMO).

>>However, I think there'd be some protection built into the system, for
>>example that only supervisor-level users can alter security tallies.
Any
>>thoughts?

>I think it would be nice to have longer days and require less sleep.
Oh!
>Thoughts about this stuff! Well, it makes sense -- if the computer does
>something, it has to be poking bytes somewhere, and a skilled "user"
should
>be able to manipulate those bytes.. and yes, modifying something like
that
>would obviously be superuser only -- that's the point of superusers, to
fix
>shit when users break it, right? :)
>
>Back to the time thing, I really need some time to work on JIaFU.. :/
>
>-Adam
<SNIP Sig>

Query: Win 95 gives GPFs (General Protection Faults) when a proggie tries
to access memory outside of the general block it was assigned (It can
jump out of the memory assigned to it a little sometimes ... but
sometimes it'll GPF [Blue Screen of Death!]) ... Does this happen to
Deckers or is this what Masking is for?

D.Ghost
(aka Pixel, Tantrum)

_____________________________________________________________________
You don't need to buy Internet access to use free Internet e-mail.
Get completely free e-mail from Juno at http://www.juno.com
Or call Juno at (800) 654-JUNO [654-5866]
Message no. 3
From: Mike Elkins <MikeE@*********.COM>
Subject: Hacking Security Tallies (Was Re: Weird Campaigns) -Reply
Date: Thu, 21 May 1998 11:09:16 -0500
<snip: reset security tally>
>Well, it makes sense -- if the computer does something, it has to be
>poking bytes somewhere, and a skilled "user" should be able to
>manipulate those bytes.. and yes, modifying something like that would
>obviously be superuser only -- that's the point of superusers, to fix
>shit when users break it, right? :)

Except that the security tally will be implemented in hardware as much
as possible, for this very reason. Reseting a security tally manually
should require inserting a special key into a lock on the mainframe. You
can't put too much into hardware or you loose the flexibilty to adapt or
upgrade, but security tally certainly can go there.

Double-Domed Mike
--MIT&M: We Bring Good Things to Life
Message no. 4
From: Lehlan Decker <decker@****.FSU.EDU>
Subject: Re: Hacking Security Tallies (Was Re: Weird Campaigns) -Reply
Date: Thu, 21 May 1998 11:23:27 -0500
>
> <snip: reset security tally>
> >Well, it makes sense -- if the computer does something, it has to be
> >poking bytes somewhere, and a skilled "user" should be able to
> >manipulate those bytes.. and yes, modifying something like that would
> >obviously be superuser only -- that's the point of superusers, to fix
> >shit when users break it, right? :)
>
> Except that the security tally will be implemented in hardware as much
> as possible, for this very reason. Reseting a security tally manually
> should require inserting a special key into a lock on the mainframe. You
> can't put too much into hardware or you loose the flexibilty to adapt or
> upgrade, but security tally certainly can go there.
>
A very possible solution, depending on your level of paranoia.
However, depending on exactly what the key does, you can probably
write code to mimic it. (What signal does it generate to what process?)
To remove a security Tally, the decker is probably going to either know
what process/files are involved, or be able to act as "superuser" to
command the correct process. I'm thinking this is why a talented decker
would spend some time in a system quietly, creating some back doors, etc.
Them during the run with time and stealth is critical, much less stress.
Then again, your applying real life computer principals to SR again.
And that doesn't always work. :)

--
--------------------------------------------------------------------
Lehlan Decker 644-4534 Systems Development
decker@****.fsu.edu http://www.scri.fsu.edu/~decker
--------------------------------------------------------------------
The universe doesn't have laws, it has habits. And habits can be broken.
Message no. 5
From: Mike Elkins <MikeE@*********.COM>
Subject: Re: Hacking Security Tallies (Was Re: Weird Campaigns)
Date: Thu, 21 May 1998 11:49:34 -0500
Lehlan Decker wrote:
>However, depending on exactly what the key does, you can probably
>write code to mimic it

On a PC, sure. On a multi-million nuyen piece of equipment designed by
paranoid and clever engineers, no. The security tally and other critical
security information can be stored in a read-only memory block (read
only at the HARDWARE level, the write pin can be physically
disconnected) and can be written to ONLY when the master key is in
the lock. The chief programmer only puts the key in the lock when his
deckers report that they are in place and ready to make the changes.
Put the key in, reset security tally, take the key out, then look at the
security block and make sure it still says exactly what you think it should
(in case someone with a great deal of masking happened to be in your
system during this critical time). If at all possible, the system should be
Off-line during this operation, but that might not be possible with some of
these systems.

Double-Domed Mike
--MIT&M: We Bring Good Things to Life
Message no. 6
From: Mike Elkins <MikeE@*********.COM>
Subject: Re: Hacking Security Tallies (Was Re: Weird Campaigns)
Date: Thu, 21 May 1998 12:05:31 -0500
<snip: my hardware solution>

D'Oh! One thing I missed, of course, is that if the security tally is in
read-only memory, it won't increase no matter what deckers do :)

I was trying to keep it simple, but how about this: The description of the
computer's security sheath etc. is stored in the read-only page like I
described, but the actuall tally is a hardware register, not a memory
location. Software can push a "button" and increment it, but there is no
software "button" to decrement it. That can only be done by hardware
timer (causing the system to relax) or by pushing real life buttons on the
outside of the mainframe case, controled by the aformentioned security
key. Red systems probably get even more paranoid.

Just for context, "cheap" minicomputers (like the RS6000) do stuff like
this now, and they start at the $6000 buck range.

Double-Domed Mike
--Real life Otaku...
Message no. 7
From: Lehlan Decker <decker@****.FSU.EDU>
Subject: Re: Hacking Security Tallies (Was Re: Weird Campaigns)
Date: Thu, 21 May 1998 13:06:51 -0500
>
> Lehlan Decker wrote:
> >However, depending on exactly what the key does, you can probably
> >write code to mimic it
>
> On a PC, sure. On a multi-million nuyen piece of equipment designed by
> paranoid and clever engineers, no. The security tally and other critical
> security information can be stored in a read-only memory block (read
> only at the HARDWARE level, the write pin can be physically
> disconnected) and can be written to ONLY when the master key is in
> the lock. The chief programmer only puts the key in the lock when his
> deckers report that they are in place and ready to make the changes.
> Put the key in, reset security tally, take the key out, then look at the
> security block and make sure it still says exactly what you think it should
> (in case someone with a great deal of masking happened to be in your
> system during this critical time). If at all possible, the system should be
> Off-line during this operation, but that might not be possible with some of
> these systems.
>
Yep, I agree with this one, for the hard core ultra-secure places. But
for the less secure places, it may be a bit more painful. You have to remember
if security makes life difficult for the people who are implementing the system
they are much less likely to do so. (ex crypto cards, you should have heard
the *(&(*& at my place of work, because it would add one more step to login).
At that point, I had my shadow team physically go in, "borrow" the key, manager,
etc. And then I do my work. :)

--
--------------------------------------------------------------------
Lehlan Decker 644-4534 Systems Development
decker@****.fsu.edu http://www.scri.fsu.edu/~decker
--------------------------------------------------------------------
The universe doesn't have laws, it has habits. And habits can be broken.
Message no. 8
From: DisnyShamn <DisnyShamn@***.COM>
Subject: Re: Hacking Security Tallies (Was Re: Weird Campaigns)
Date: Thu, 21 May 1998 13:15:38 EDT
> Software can push a "button" and increment it, but there is no
> software "button" to decrement it. That can only be done by hardware
> timer (causing the system to relax) or by pushing real life buttons on the
> outside of the mainframe case,

Hey,. here's an idea. Howsabout waiting around in a system for hours or days
or whatever (ain't IV great?) for a sec tally to drop, then forging on from
sratch. Time-consuming, but for those hypersensitive systems with the *big*
IC....

- Disney Shaman
Message no. 9
From: Mike Elkins <MikeE@*********.COM>
Subject: Re: Hacking Security Tallies (Was Re: Weird Campaigns)
Date: Thu, 21 May 1998 14:57:10 -0500
>Yep, I agree with this one, for the hard core ultra-secure places. But
>for the less secure places, it may be a bit more painful.

I can't imagine any Green or higher system NOT requiring a special
hardware procedure to modify the basic security setup. You can't
locate the ICE's executeable file and delete it before it gets triggered, for
example. There is NO reason a legitimate remote user should be able to
reconfigure the security on your system. You should only need to do
that a couple of times a year.

For an ultra-secure system, there would be the key, plus a keypad for
password. The key could only be turned when the machine was OFF,
and the machine would not connect to the matrix until the key was
turned back to the "secure" position. In addition, any time the key was in
place, the room lighting would go red and a bell would sound, all under
hardware--not software--control.

Double-Domed Mike
--Speech Input: Years beyond Microsoft!
Message no. 10
From: Mike Elkins <MikeE@*********.COM>
Subject: Re: Hacking Security Tallies (Was Re: Weird Campaigns)
Date: Thu, 21 May 1998 15:02:22 -0500
DisnyShaman wrote:
>Hey,. here's an idea. Howsabout waiting around in a system for hours
>or days or whatever (ain't IV great?) for a sec tally to drop, then
>forging on from sratch. Time-consuming, but for those hypersensitive
>systems with the *big* IC....

Kid's, don't try this at home.
see Null Operation, page 117, VR2.0

Double-Domed Mike
--Hack and the World Hacks with You
Message no. 11
From: Lehlan Decker <decker@****.FSU.EDU>
Subject: Re: Hacking Security Tallies (Was Re: Weird Campaigns)
Date: Thu, 21 May 1998 15:50:14 -0500
>
> >Yep, I agree with this one, for the hard core ultra-secure places. But
> >for the less secure places, it may be a bit more painful.
>
> I can't imagine any Green or higher system NOT requiring a special
> hardware procedure to modify the basic security setup. You can't
> locate the ICE's executeable file and delete it before it gets triggered, for
> example. There is NO reason a legitimate remote user should be able to
> reconfigure the security on your system. You should only need to do
> that a couple of times a year.
>
Yes and no. I do and have friends who do alot of consulting. Being
able to do EVERYTHING remotely is often necessary. (its why
I love Unix over NT, IMHO :)). Its always a tradeoff.
Besides the other part is what is more expensive/time consuming to upgrade
hardware or software. (Imagine everytime a new version of sendmail
came out, having to go around to each box, pull out an old card and
put in a new one). Ah well..the problem is as always, real life analogies
don't always translate perfectly to shadworun. :)

> For an ultra-secure system, there would be the key, plus a keypad for
> password. The key could only be turned when the machine was OFF,
> and the machine would not connect to the matrix until the key was
> turned back to the "secure" position. In addition, any time the key was in
> place, the room lighting would go red and a bell would sound, all under
> hardware--not software--control.
>
True. For an ultra-secure system I'll buy it. (Most of the Ultra Secure
systems I've thought up, aren't even connected to the matrix directly.
Usually via somesort of proxy server, or one way gateway).


--
--------------------------------------------------------------------
Lehlan Decker 644-4534 Systems Development
decker@****.fsu.edu http://www.scri.fsu.edu/~decker
--------------------------------------------------------------------
The universe doesn't have laws, it has habits. And habits can be broken.
Message no. 12
From: Alfredo B Alves <dghost@****.COM>
Subject: Re: Hacking Security Tallies (Was Re: Weird Campaigns)
Date: Thu, 21 May 1998 20:59:11 -0500
On Thu, 21 May 1998 12:05:31 -0500 Mike Elkins <MikeE@*********.COM>
writes:
><snip: my hardware solution>
<snip: his new hardware solution>
>Just for context, "cheap" minicomputers (like the RS6000) do stuff like
>this now, and they start at the $6000 buck range.
>
>Double-Domed Mike
>--Real life Otaku...

Hey, actually, what would the realistic costs be for servers? (I know VR
2 gives some costs but I don't think that's right ... anybody know the
price / processing power ranges for modern-day servers?

D.Ghost
(aka Pixel, Tantrum)

_____________________________________________________________________
You don't need to buy Internet access to use free Internet e-mail.
Get completely free e-mail from Juno at http://www.juno.com
Or call Juno at (800) 654-JUNO [654-5866]
Message no. 13
From: Gurth <gurth@******.NL>
Subject: Re: Hacking Security Tallies (Was Re: Weird Campaigns)
Date: Fri, 22 May 1998 11:36:28 +0100
Adam J said on 4:30/21 May 98...

> Memory address, almost certainly. Harder for the average person to mess
> with and less likely to be a victim of a randomly-deleting-stuff-dork-hacker.

OTOH, what's the real difference between a file and a memory address with
the storage systems described in Shadowtech? Probably only the way in
which the computer treats them.

> I don't have VR2 right here, but Locate Memory Address would probably be
> much the same as Locate File.

That's what I thought too, but there's no Locate (or Edit) Memory Address,
only L/E File so that's what I used. It doesn't matter for the actual game
rules anyway.

> >However, I think there'd be some protection built into the system, for
> >example that only supervisor-level users can alter security tallies. Any
> >thoughts?
>
> I think it would be nice to have longer days and require less sleep. Oh!
> Thoughts about this stuff!

Keep your mind at the stuff we're talking about, will you? :)

--
Gurth@******.nl - http://www.xs4all.nl/~gurth/index.html - UIN5044116
"You haven't given me a headache. I like you."
-> NERPS Project Leader * ShadowRN GridSec * Unofficial Shadowrun Guru <-
-> The Plastic Warriors Page: http://www.xs4all.nl/~gurth/plastic.html <-
-> The New Character Mortuary: http://www.electricferret.com/mortuary/ <-

-----BEGIN GEEK CODE BLOCK-----
Version 3.1:
GAT/! d-(dpu) s:- !a>? C+(++)@ U P L E? W(++) N o? K- w+ O V? PS+ PE
Y PGP- t(+) 5++ X++ R+++>$ tv+(++) b++@ DI? D+ G(++) e h! !r(---) y?
------END GEEK CODE BLOCK------
Message no. 14
From: Gurth <gurth@******.NL>
Subject: Re: Hacking Security Tallies (Was Re: Weird Campaigns) -Reply
Date: Fri, 22 May 1998 11:36:29 +0100
Mike Elkins said on 11:09/21 May 98...

> Except that the security tally will be implemented in hardware as much
> as possible, for this very reason. Reseting a security tally manually
> should require inserting a special key into a lock on the mainframe. You
> can't put too much into hardware or you loose the flexibilty to adapt or
> upgrade, but security tally certainly can go there.

But there's still a part that depends on software -- some or another
routine has to check whether the key is in the computer. If you can
fool that, you're as good as there. (Except for defeating any IC that may
be sitting around the security tally...)

--
Gurth@******.nl - http://www.xs4all.nl/~gurth/index.html - UIN5044116
"You haven't given me a headache. I like you."
-> NERPS Project Leader * ShadowRN GridSec * Unofficial Shadowrun Guru <-
-> The Plastic Warriors Page: http://www.xs4all.nl/~gurth/plastic.html <-
-> The New Character Mortuary: http://www.electricferret.com/mortuary/ <-

-----BEGIN GEEK CODE BLOCK-----
Version 3.1:
GAT/! d-(dpu) s:- !a>? C+(++)@ U P L E? W(++) N o? K- w+ O V? PS+ PE
Y PGP- t(+) 5++ X++ R+++>$ tv+(++) b++@ DI? D+ G(++) e h! !r(---) y?
------END GEEK CODE BLOCK------
Message no. 15
From: "Jeremy \"Bolthy\" Zimmerman" <jeremy@***********.COM>
Subject: Re: Hacking Security Tallies (Was Re: Weird Campaigns)
Date: Sat, 23 May 1998 17:37:29 -0700
----------
> From: Alfredo B Alves <dghost@****.COM>
> To: SHADOWRN@********.ITRIBE.NET
> Subject: Re: Hacking Security Tallies (Was Re: Weird Campaigns)
> Date: Thursday, May 21, 1998 6:59 PM
>
> On Thu, 21 May 1998 12:05:31 -0500 Mike Elkins <MikeE@*********.COM>
> writes:
> ><snip: my hardware solution>
> <snip: his new hardware solution>
> >Just for context, "cheap" minicomputers (like the RS6000) do stuff like
> >this now, and they start at the $6000 buck range.
> >
> >Double-Domed Mike
> >--Real life Otaku...
>
> Hey, actually, what would the realistic costs be for servers? (I know VR
> 2 gives some costs but I don't think that's right ... anybody know the
> price / processing power ranges for modern-day servers?
>

Off the top of my head, I recall seeing a dual-pentium processor that would
function as a server selling for something like $8,000+ in the Dell
catalog. I think that would qualify as a low end Blue server, not counting
the VR sculpting and stuff like that. I always imagine Red servers being
something on par with a super computer.
Message no. 16
From: Lehlan Decker <decker@****.FSU.EDU>
Subject: Re: Hacking Security Tallies (Was Re: Weird Campaigns)
Date: Sun, 24 May 1998 15:01:49 -0500
>
> On Thu, 21 May 1998 12:05:31 -0500 Mike Elkins <MikeE@*********.COM>
> writes:
> ><snip: my hardware solution>
> <snip: his new hardware solution>
> >Just for context, "cheap" minicomputers (like the RS6000) do stuff like
> >this now, and they start at the $6000 buck range.
> >
> >Double-Domed Mike
> >--Real life Otaku...
>
> Hey, actually, what would the realistic costs be for servers? (I know VR
> 2 gives some costs but I don't think that's right ... anybody know the
> price / processing power ranges for modern-day servers?
>
Depends. You can get a kick butt multi-cpu intel based system for
what $2000 or so. I think the Alpha 500 Mhz is probably in the $5000 range
(somebody check me on that), and IBM's SP-2's are considerably more
expensive (Into the 100,000's) depending on how much memory they have
and when you bought them.
As far as mainframes go, I have no idea.

--
--------------------------------------------------------------------
Lehlan Decker 644-4534 Systems Development
decker@****.fsu.edu http://www.scri.fsu.edu/~decker
--------------------------------------------------------------------
The universe doesn't have laws, it has habits. And habits can be broken.
Message no. 17
From: Mike Elkins <MikeE@*********.COM>
Subject: Re: Hacking Security Tallies (Was Re: Weird Campaigns)
Date: Tue, 26 May 1998 11:27:02 -0500
Gurth wrote:
>But there's still a part that depends on software -- some or another
>routine has to check whether the key is in the computer. If you can
>fool that, you're as good as there. (Except for defeating any IC that
>may be sitting around the security tally...)

No, not if you design it correctly. If hardware controls access to that
section of memory or whatever, then there is no amount of software
changing that can modify it.

Before people use this to design un-hackable computers, remember that
anything in hardware must be designed in when the machine is
designed, and can never be changed or updated. Also, good design
practices indicate that you should keep this part as simple as possible.
Putting ICE there probably wont work. Putting a simple listing of what
ICE should exist on the system probably would.

Double-Domed Mike
Message no. 18
From: Craig J Wilhelm Jr <craigjwjr@*********.NET>
Subject: Re: Hacking Security Tallies (Was Re: Weird Campaigns)
Date: Tue, 26 May 1998 17:01:59 -0400
Mike Elkins wrote:
> Before people use this to design un-hackable computers, remember that
> anything in hardware must be designed in when the machine is
> designed, and can never be changed or updated.

Good point. One other thing to consider if you use this idea, is that
since upgrading this kind of system will be realatively hard, and
expensive, they will rarely be SOTA. Not far behind SOTA but very likely
not spot on SOTA.

--
Craig "Knee Deep in the Blood of Swine" Wilhelm
Inside every living human being, there's a dead one waiting to come out.
UIN: 1864690
-------------BEGIN GEEK CODE BLOCK-------------
v3.12
GAT/$ d- s+:+ a- C+++ U--- P+ L- E-- W++ N++
o K- w+ O> !M-- !V PS+ PE Y+ PGP++ t--- 5+++
X-- R++ tv b++ DI-- D+(Q2++) G++ e++ h* r y++**
--------------END GEEK CODE BLOCK--------------

Further Reading

If you enjoyed reading about Hacking Security Tallies (Was Re: Weird Campaigns), you may also be interested in:

Disclaimer

These messages were posted a long time ago on a mailing list far, far away. The copyright to their contents probably lies with the original authors of the individual messages, but since they were published in an electronic forum that anyone could subscribe to, and the logs were available to subscribers and most likely non-subscribers as well, it's felt that re-publishing them here is a kind of public service.

Thwap!