Originial advisory released Feb 2 '96 to select building hackers - Re-released Jan 14th 97 to the general public.

       LLL         00000000      PPPPPPPP      HHH     HHH   TTTTTTTTTTTT
   LLL        00     000     PPP     PP    HHH     HHH        TTT
   LLL       000    0 000    PPP     PPP   HHH     HHH        TTT
   LLL       000   0  000    PPP     PPP   HHHHHHHHHHH        TTT
   LLL       000  0   000    PPPPPPPP      HHH     HHH        TTT
   LLLLLLL    0000   000     PPP           HHH     HHH        TTT
   LLLLLLLL    00000000      PPP           HHH     HHH        TTT

Who says we don't have a sense of humor!

First you were given Monkey, the MD4/MD5 s/key cracker program that works with either sniffer logs or /etc/skeykeys data. Next you were told of a blatant flaw in the current implementation of Security Dynamics' SecurID card where you can trivially predict the passcode of a person about to log in (oh so sorry, did we forget to post that one?). Lotus Domino was cakewalk for Weld as he cut-and-pasted his way to spoofing their server. Sendmail 8.7.5 stayed in place pretty long until we finally brought its demise. Kerberos 4 turned out to be the hackers friend. This month a hack close to the heart of computer enthusiasts everywhere is unveiled (complete with ascii art!).

Inspired by the lack of truly K-RAD G-Philes floating around out on the net, following in the style of such greats as the Stoner's Hymnal and the Countlegger files. We'd mention the influence of greats such as cDc but that should go without saying! L0pht Heavy Industries presents:

How to scam coffee from FILTER FRESH coffee vending machines. [trust us about this fun one as next week the potato-head hits the proverbial fan with a couple of big companies - besides we needed the caffeine to take on the upcoming giants]

Before you go on, re-read that last paragraph - paying special
attention to the second half!!!

The motivation

Suppose you don't work at Microsoft, Sun, or any of the companies that provide free hot caffinated beverages to their employees. It's a sad day when you find yourself at work (or scrounging around someone elses place of employment... I dunno, perhaps leaving a portable sniffing laptop up in the acoustic ceiling tiles) around 2am and the only coffee available is from a FILTER FRESH vending machine. It's even sadder when you are being asked to deposit .55 cents for an 8oz. cup of really poor java.

The culprit

The particular model under scrutiny is relatively distinctive. It stands about 2' tall and about 1.5' wide with a section on the bottom left to insert your cup for the monstrosity to spit joe into. The upper left corner will most likely have an emblem similar to the following.
|                           .......    |
|                           *******    |
|  FILTER FRESH              #####     |
|                             &&&      |
|      Coffee Excellence !             |
|                                      |
Beware! There are two main different models of these. One exhibits the 'flaw' while the other doesn't. Both have LED/LCD displays in the upper left corner that spout the following message in stand-by mode. Right next to it is a button labeled 'Start'.
 -------------------         -------
| For this choice   |       |       |
| Insert       $.55 |       | Start |
 -------------------         -------
Or some similarly outlandish price for a cup of coffee. Remember, above all else, coffee wants to be free!

Both models also have the standard selection of 'cell-membrane' style buttons to the right of the logo and under the LED/LCD.

|  cup size |   Coffee                                    Hot Water
|  -------  |   ------------------------------------    --------------
| | /     | |    --------    --------    --------          -------
| |/ sml  | |   | /      |  | /      |  | /      |        | /     |
| |       | |   |/       |  |/       |  |/       |        |/      |
|  -------  |   | Coffee |  |  Decaf |  |  50/50 |        | Water |
|  -------  |    --------    --------    --------          -------
| | /     | |    --------    --------    --------          -------
| |/ lrg  | |   | /      |  | /      |  | /      |        | /     |
| |       | |   |/       |  |/       |  |/       |        |/      |
|  -------  |   |  Mild  |  | Medium |  | Strong |        | Carafe|
 -----------     --------    --------    --------          -------

                                  ---------    ---------
                                 | /       |  | /       |
                                 |/  Hot   |  |/ Mocha  |
                                 |Chocolate|  |   Java  |
                                  ---------    ---------
One model will have the buttons 'Hot Chocolate' and 'Mocha Java' while the other model does not. This scam has worked on most of the machines that *do* have the extra buttons (at least that I've come across). NOTE: sometimes the pad connectors are still there but the pads are not. On the machines that normally do not have these extra buttons you will only see one hole for a led. On machines that would normally have these buttons you will find holes for two led's.

The Flaw

It seems it is a default software setup (firmware?) as it comes from the distributor.

The exploit

The machine will undercharge you for the same selection if you specify carafe. To wit:

  1. press the "coffee" button.
  2. press the "strong" button (hey, it's gonna taste nasty no matter what you pick... You didn't think it was _really_ fresh did you?!?. Might as well get a caffeine kick out of it).
  3. press the "carafe" button. The LCD/LED will change it's display to:
           | Press 'carafe'   |
           | for each cup     |
  4. deposit your .25 cents press the 'start' button.
You just saved your scrawny little ass .30. If you are a poor sod who is unfortunate enough to work at a company with these monstrosities and don't have other means for coffee at odd hours you can save yourself a small bundle over the period of a single month.

Month X = 30 days Weeks in month ~4 Work days in month 20. Cups of shitty coffe consumed per day = 4 Normal price = 20 X 4 X .55 = $40 New Improved price = 20 X 4 X .25 = $20

Hey, that's a case of the _good_ beer you just saved for! Maybe that will help you to forget you work in such a sweat house!

[note to our friends at Filter Fresh Co.: Don't buy us! We aren't very thrilled with your coffee. We also do _not_ want you to send us scantilly clad women as we don't think you would do a much better job choosing them. We will not continue to drive you insane by picking apart your coffee kiosks and posting the exploits publicly to the world. You can send money if you feel like it. It will be used to help switch various l0pht members over to decaf corinthian coffee. Actually, that last line is a lie as all we drink is beer and Coca-Cola... ahhh we give up, Scriptors of Coffee we ain't. This one goes out to the SOD guys: come back from vacation! We can't stand the boring nothingness that each day brings without your p1mpin sk1llz.]

The guys and gals (hi Meg!) at L0pht Heavy Industries.

MOTD: "Careful now. Ya'll might tip over da trailer!" - Raven