Back to the main page

Mailing List Logs for ShadowRN

Message no. 1
From: Mark A. Imbriaco mark.imbriaco@*****.com
Subject: Seraph.
Date: Tue, 3 Oct 2000 14:49:49 -0400 (EDT)
***** PRIVATE: Seraph
>>>>>[ I apologize, I haven't had the free time to put together the
instructions on how to circumvent the new header protection scheme that
was put in place for you yet. I will, of course, understand if you
wish to turn the job over to another and will refund the money that you
donated to Haven should you be unwilling or unable to wait for me to get
to it. ]<<<<<
-- Neuron Basher <14:48:10/10-03-61>
Message no. 2
From: Ratinac, Rand (NSW) RRatinac@*****.redcross.org.au
Subject: Seraph.
Date: Wed, 4 Oct 2000 09:54:36 +1000
***** PRIVATE: Neuron Basher
>>>>>[ I don't want apologies, Basher, I want results. I've paid, so I
expect to get my money's worth.

I'm demanding, aren't I? *grin*

Right now, however, I don't think I'd get faster service elsewhere, so
you're still on. Don't take too long, though - I've had to curtail my
activities significantly because of this little problem. I mean, to some
people, this is an irritation, but for me, having my T/D stamp display where
I am to the world is a major problem.

Look, I'm sure you're not doing this to try to gouge more money out of me,
but would it be possible to BUY some of your time? Say, if I double the
donation - think that could get me a mask within the next week? ]<<<<<
-- Seraph <09:50:58/10-04-61>
Message no. 3
From: Mark Imbriaco mark.imbriaco@*****.com
Subject: Seraph.
Date: Tue, 3 Oct 2000 23:13:55 -0400 (EDT)
***** PRIVATE: Seraph
>>>>>[ I'll do my best to get the finished product to you this week, but
additional money is not required. I have a pretty full plate, unfortunately,
so I don't have as much time as I anticipated for my little diversionary
jobs as I expected to. My fault, and I'm not making excuses.

What makes it difficult is trying to distill the process down to someone
who doesn't have the ... special ... access that I do to Shadowland. I
assume that you have a reasonably competent decker that handles your
postings for you, correct? I -really- don't have the time to distill the
process into a point-and-shoot utility for you. ]<<<<<
-- Neuron Basher <23:13:01/10-03-61>
Message no. 4
From: Ratinac, Rand (NSW) RRatinac@*****.redcross.org.au
Subject: Seraph.
Date: Wed, 4 Oct 2000 14:20:48 +1000
***** PRIVATE: Neuron Basher
>>>>>[ My...decker friend will be in touch. ]<<<<<
-- Seraph <14:17:11/10-04-61>
Message no. 5
From: Ratinac, Rand (NSW) RRatinac@*****.redcross.org.au
Subject: Seraph.
Date: Wed, 4 Oct 2000 14:24:33 +1000
***** PRIVATE: Neuron Basher
>>>>>[ Hmmm...now where have I heard that name before? *grin*

Hoi, chummer. Seraph asked me to get in touch. Said you were being kind
enough to code her up a time/date stamp mask, but you were concerned with
some of the details.

Well, between you'n'me, I reckon we can sort something out.

I'd do it myself - did it for the lady once before - but I'm afraid I
have...other responsibilities at the moment.

Anyway, you just send me what you come up with, and I'll worry about
implementing it for Seraph. ]<<<<<
-- Power <14:20:46/10-4-61>
Message no. 6
From: Mark Imbriaco mark.imbriaco@*****.com
Subject: Seraph.
Date: Tue, 3 Oct 2000 23:48:25 -0400 (EDT)
***** PRIVATE: Power, Seraph
>>>>>[ Alright, alright, I feel bad. I don't usually fail to deliver
when I say I'm going to deliver and I let guilt goad me into coming up
with a less elegant solution than I would have preferred, but hey, it
works.

Ok, here's the basics that are involved. I didn't go into a whole
lot of detail, but I did provide some example code for a couple of the
trickier steps. Keep in mind that there is quite likely a much simpler
way to defeat the system, but this is the first one that I tried. It's
time consuming but functional.

The entire protection scheme is based on a pretty new cryptographic
signature technique combined with a couple of other little tricks. There's
not a really easy way to brute force the cryptography, at least not just
yet, and I don't intend to spend time doing a thorough cryptanalysis on it.
No doubt someone will do so in the (relatively) near future, and that will
allow customizable header manipulation rather than the simple garbling
that my method allows.

The first step you need to is subscribe to a high-volume mailing list (or
several). The trick is to make sure that there are constant messages coming
in at a rate of at least one every five minutes. Write a utility to save
a new message to a temporary file once every five minutes, replacing the
one that was last in that location.

What you're going to do in this next step is manipulate the message body
and delivery instructions to meet your requirements. Additionally, there
is a field that is offset 0.182 Mp from the end of the message. This field
contains the name that will be displayed in the sender area upon delivery
of the message, and is not cryptographically protected. If the person
who receives a message that has been manipulated in this fashion attempts
to verify the digital signature, tampering will be evident.

The next thing you need to do is insert some garbage data at the file offsets
that are referenced in the included code. This code will corrupt the
cryptographic signature in a very special way. The corruption is designed
such that the message will still be allowed through the system -- provided
the "source" message that you modified is less than 5 minutes old. After
that, the system will reject it based on the timestamp in the signature.

+++++ include file: header_hack.sh

You need to be very careful not to establish a pattern with regard to
the source that you use to get the base message you modify. While you
wouldn't be trackable via the message headers, if someone was able to
cross-reference mailing list subscriptions and backtrack to you from
there you're defeating the entire purpose.

This message was sent using this method, incidentally. I know it's
pretty short on details -- oh hey, what's that? You've got Power
working for you? Okay, nevermind. It shouldn't be an issue -- these
are pretty straightforward.

+++++ include file: sland_randmsg.sh

That little gem will pull a message from the Shadowland forums in an
extremely random way. Instead of subscribing to mailing lists, you
can just pull from one of the boards on demand.

Let me know if I was unclear on any of the above .. I whipped it up in a
realy hurry because I felt bad about not delivering when I promised. ]<<<<<
-- Neuron Basher <$#:!z:qP/.)-a4-|'>
Message no. 7
From: Ratinac, Rand (NSW) RRatinac@*****.redcross.org.au
Subject: Seraph.
Date: Wed, 4 Oct 2000 16:07:31 +1000
***** PRIVATE: Neuron Basher, Power
>>>>>[ You're a gentleman, Mr. Basher. I'm sure Power will be most happy to
play with your idea. Thank you kindly.

By the way - Power has informed me of your...role. Do you ever accept
outside contract work? I could use a skilled decker such as yourself
located...in your locale, at times. ]<<<<<
-- Seraph <16:02:39/10-04-61>
Message no. 8
From: Mark Imbriaco mark.imbriaco@*****.com
Subject: Seraph.
Date: Wed, 4 Oct 2000 01:10:18 -0400 (EDT)
***** PRIVATE: Seraph
>>>>>[ I do occaisionally accept contract work, but I can't guarantee
availability by any means. I would be willing to discuss it on a case
by case basis however, and would likely be able to refer you to someone
else if I am not available. ]<<<<<
-- Neuron Basher <01:09:01/10-04-61>
Message no. 9
From: Ratinac, Rand (NSW) RRatinac@*****.redcross.org.au
Subject: Seraph.
Date: Wed, 4 Oct 2000 16:19:34 +1000
***** PRIVATE: Neuron Basher
>>>>>[ Nice toy, Basher. I'll have to play with it - see if I can customise
it. But really - whatever happened to elegance in coding? *grin*

Stop by sometime if you're ever down my way. We can have a game of Doom 3k,
or something. ]<<<<<
-- Power <#*:$B:dj/k(-$h-K#>
Message no. 10
From: Ratinac, Rand (NSW) RRatinac@*****.redcross.org.au
Subject: Seraph.
Date: Wed, 4 Oct 2000 16:25:48 +1000
***** PRIVATE: Neuron Basher
>>>>>[ Someone of your calibre, I hope, Mr. Basher.

But in any event, that sounds workable.

As it so happens, I already have some work for you - if you're interested.

I'd like Corrina and Bottle Boy tracked down as fast as humanly possible. If
they come on line, I want to know about it the instant they do. Do you think
you can handle that? I'm prepared to pay >>generous sum<< to yourself, or
any other person or charity you nominate. ]<<<<<
-- Seraph <#n:d(:$L/!(-#$-zZ>

Further Reading

If you enjoyed reading about Seraph., you may also be interested in:

Disclaimer

These messages were posted a long time ago on a mailing list far, far away. The copyright to their contents probably lies with the original authors of the individual messages, but since they were published in an electronic forum that anyone could subscribe to, and the logs were available to subscribers and most likely non-subscribers as well, it's felt that re-publishing them here is a kind of public service.

Thwap!