Hacking the Small Stuff
by Leonardo Brandson
I've always been a hacker. When I was in third grade, the math tests that my class would be subjected to had the answers at the bottom of the page, encrypted with a simple substitution cipher. The code changed from week to week. Rather than work the whole quiz, I'd just do the first few problems, double-check them carefully, then crack the code, and fill out the rest of the quiz in no time. Sometimes I'd even pass the code along to the other kids... Wasn't this a whole lot harder than just doing the arithmetic? Of course it was. The cost-benefit ratio was definitely not in my favor, but I just had to figure this stuff out. And it's that spirit of inquiry that is, to me, what hacking is all about.
This article won't give the details on the latest switches the RBOCs are installing, nor will it tell how to reverse-engineer your cellular phone. In fact, most of the hacks I'm about to describe are quite obsolete. What I hope they will do, though, is illustrate some of the thought processes that go into hacking, and show how a hacker should always take time to play with technology, and be constantly alert to the little details that most other people overlook.
Automatic Teller Machines
There are several different varieties of ATM.
On the version at my old bank, I always played around, trying different sequences of key presses whenever I used it. I found that if, at the end of my first transaction, I requested another transaction, then immediately pulled my card out of the slot before the machine could suck it back in, the machine would lower the window that protected its display, and a little red "CLOSED" sign would pop up.
The machine would then stay down for about five minutes, as it began clicking and cycling each component (envelope slot, bill counter, etc.) in sequence. Presumably, it was performing some sort of diagnostic self-test. Five minutes later, the sign would switch back to "OPEN", and the ATM would resume its usual behavior.
After a couple of years, the firmware on these machines got revved, and this trick no longer worked. But I still try doing weird things during ATM transactions, just to see what else I might discover. If it eats my card, well, it'll arrive in my mail a week or two later...
Old Calculators
When I was in high school, calculators were rather large things with LED displays that ate batteries like crazy. I had a Texas Instruments TI-30 calculator that did little more than square root, reciprocal, and trig functions. All the keys were arranged in a standard rectangular matrix, one where each key, when pressed, closed a circuit between one vertical and one horizontal wire. This kind of arrangement of course precludes any meaningful decoding when multiple keys are pressed simultaneously.
One day, while drumming my fingers around on the calculator (which was turned off), some LED segments lit up!
Intrigued, I started experimenting. The ON/CLEAR and OFF buttons were part of the same matrix as the rest of the keys. Of course, with the power off, there would be no way for the ON/CLEAR key to be detected, so it was wired to an additional circuit. This meant, though, that the separate circuit could be triggered, not only by pressing the ON/CLEAR key, but by pressing any combination of keys that would complete a circuit between the row and column of the ON/CLEAR key. In fact, the OFF key worked the same way. So now I could turn my calculator on and off without touching the ON/CLEAR and OFF keys.
That was nifty but utterly worthless, so I'll move on to a more interesting calculator: the Sharp EL-512.
I bought this one several years after the TI-30. It had an LCD display, and all kinds of useful functions, like two-variable statistics, programmability, factorials, and hexadecimal conversion. Sometimes, though, it would get confused and put garbage on the screen - not even numbers, just odd LCD segments. Of course, I had to figure out why and how this happened, so I could spell out words on my (numeric-only) display.
Here is what I found: When a decimal-to-hex conversion is performed, the EL-512 checks to make sure that the number is not already expressed in hex. (This calculator predates the current method of hex conversion, which is to have a separate mode for each base: "hex mode", etc.) If the number is already in hex, no conversion is performed. When the conversion occurs in a program, however, no such check is made, and the jumbled-up screen resulted from attempting to convert to hex a number that was already expressed in hex.
The line segments on the top-half of the display were consistent: they were the upper four segments of the number which had been previously displayed. The bottom segments, though, depended on the calculations which had gone before. Eventually I determined them to be dependent only upon the value in the accumulator register. These segments would be activated as follows:
Starting from the third digit of the number in the accumulator, each bit in that digit would correspond to a segment in the lower part of the digit on the display (starting from the first digit on the display, so only the top segments of the last two digits could be controlled).
Getting the desired value into the accumulator was trivial: the EL-512 had a key marked with a double-headed arrow, pointing up and down. Its function was to swap the value in the display register with the value in the accumulator register. Its intended use was to enter ordered pairs of values for the two-variable statistics: you would enter X, press this button to store X in the accumulator, then enter Y. (It could, of course, be used for other things, such as recalling the last intermediate value in a series of calculations after the final result was noted.)
Here's an example:
With the display reading 55b105b180 and the accumulator containing 19000900, the result would be FELinELion.
With a display of C99bC8b11 and an accumulator value of 9000939, the result would be CooLCAt.
And so on. Not of any practical value, but amusing... I kept a small slip of paper with that calculator, listing all of the characters I could produce with this method, both upright and inverted.
Upright, I could recognizably generate versions of: ACcEFHhiLlnoPqrtuyZ
The upside down character set I'll leave as an exercise for the reader...
Vending Machines
Hacking vending machines and other coin-op devices is a whole topic unto itself. But this example illustrates the chain of reasoning that led to my discovery of the hack.
There is a type of vending machine which has items stacked in metal spirals. When you make your selection, the spiral wire turns one full revolution, effectively screwing a single package (candy bar, bag of chips, or whatever) off the end, dropping it into the hopper below. Nowadays, most of these machines have a panel where you must specify the row and column of your choice, but earlier versions of these machines simply had one button per selection.
The machine in the office where I worked was of the latter type, and had two separate banks of buttons, about 20-25 buttons on each. Now, I found myself wondering why the buttons had been separated into two separate banks. The separation was not really significant enough to be helpful in locating your selection, and they did not seem to have any logical separation between them, either. I concluded that they were put into two separate banks because of some internal limitation, some circuit that could only read one bank of buttons at a time, something like that.
I had already tried putting my money into the machine, then simultaneously pressing two buttons in the same bank. It was simply a race: whichever button closed first would determine the selection I got. But now I tried pressing two corresponding buttons, one in each bank, at the same time. Sure enough, as long as I had put in enough coins to cover the more expensive of the two items, both coils would turn, and I'd get two snacks for the price of one.
In Conclusion
I see many people asking, in letter columns, on the Internet, on BBSes, the same question: "How can I become a hacker?' The answer, of course, is always the same: experiment, play around, try to figure out for yourself just how the technology works. But hacking isn't just phones and computers - the same process can be applied to the small stuff that we come into contact with every day.
Never miss an opportunity to practice your hacking skills!