359 lines
14 KiB
Plaintext
359 lines
14 KiB
Plaintext
==Phrack Inc.==
|
|
|
|
Volume 0x0e, Issue 0x44, Phile #0x02 of 0x13
|
|
|
|
|=-----------------------------------------------------------------------=|
|
|
|=------------------------=[ PHRACK PROPHILE ON ]=-----------------------=|
|
|
|=-----------------------------------------------------------------------=|
|
|
|=------------------------=[ FX of Phenoelit ]=-----------------------=|
|
|
|=-----------------------------------------------------------------------=|
|
|
|
|
|=---=[ Specifications
|
|
|
|
Handle: FX
|
|
AKA: 41414141
|
|
Handle origin: First and last letter of my first name
|
|
(I had no idea it had a meaning in movie production)
|
|
Produced in: East Germany
|
|
Urlz: http://www.phenoelit.de/
|
|
Computers: Metric tons of them
|
|
Creator of: much crappy and useless code
|
|
Member of: Phenoelit, Toolcrypt
|
|
Projects: PH-Neutral, Phonoelit
|
|
Codez: IRPAS (bunch of tools that somehow still cause havoc)
|
|
cd00r.c (later called PortKnocking by the copycats)
|
|
works-on-my-machine exploits
|
|
Active since: late 80s
|
|
Inactive since: unlikely to happen
|
|
|
|
|=---=[ Favorites
|
|
|
|
Actors: don't care
|
|
Films: Hackers (1995) - imagine it actually would be like that
|
|
Authors: Neal Stephenson, Iain M. Banks, Frank & Brian Herbert
|
|
Meetings: Bars
|
|
Sex: ACK
|
|
Books: Computer Security, Time-Life Books (1986), and it began
|
|
Novel: too many to list
|
|
Music: Progressive House Kitsch
|
|
Alcohol: Oh Yes!
|
|
Cars: Mercedes-Benz
|
|
Girls: SYN
|
|
Foods: German
|
|
I like: honesty, pragmatism, realism, tolerance, style, empathy
|
|
I dislike: fakes, aggression, ignorance, senselessness, deception
|
|
|
|
|=---=[ Describe your life in 3 sentences
|
|
|
|
Every work day is packed with challenges, great hacks and awesome people.
|
|
Every free day compensates with non-security hobbies and sleep.
|
|
This sentence is padding.
|
|
|
|
|=---=[ First contact with computers
|
|
|
|
At the age of 6 at the computing department of the university of Sofia,
|
|
Bulgaria. Didn't leave much of an impression, as I was only allowed to play
|
|
a silly game (in CGA color).
|
|
|
|
Second contact happened at the age of 9 or 10, a Robotron Z9001. It came
|
|
without software but with a typewriter made programming manual for BASIC.
|
|
I read it cover to cover.
|
|
|
|
|=---=[ Passions: What makes you tick
|
|
|
|
Like-minded people: Conversations give me the greatest boost. Let me
|
|
explain something to a person who gets it, and I will have a new idea how
|
|
to take it further.
|
|
|
|
Also, work. That state of a problem where it is no longer fun, but actual
|
|
work, to get it where you want it. Not letting go. Stubbornness compensates
|
|
for a lot of talent.
|
|
|
|
|=---=[ Unix or Windows? Juniper or Cisco?
|
|
|
|
Unix and Windows. I like both, I use both, they both suck in their own
|
|
ways. The only thing you will not see me with is anything Apple.
|
|
|
|
Juniper, Cisco, all networking equipment is broken, Cisco being in the
|
|
lead. How can you sell equipment that is in most cases simply forwarding
|
|
IPv4 packets from interface 1 to interface 2 since 1987 and still crash on
|
|
parsing IPv4 in 2011?
|
|
|
|
|=---=[ Color of hat?
|
|
|
|
undef($hat);
|
|
|
|
|=---=[ Entrance in the underground
|
|
|
|
First contact must have been around 1990. Shortly after the Berlin wall
|
|
came down, I got my first 80286 machine and hung out at a computer club in
|
|
a Thaelmann Pionieers' (youth organization of schoolchildren in East
|
|
Germany) youth center. In a back room, two older guys downloaded infrared
|
|
images from Russian satellites. While the download ran, they cracked PC
|
|
games for the kids to pass the time. First time I saw a hex dump.
|
|
|
|
I had the great honor to meet many people that I consider(ed) part of the
|
|
real underground. Some of them still are. But I don't think I was ever part
|
|
of that myself.
|
|
|
|
|=---=[ Which research have you done or which one gave you the most fun?
|
|
|
|
Anything I did was fun at the time, why doing it otherwise? I generally
|
|
like fiddling around with Bits and bytes more than hunting bugs in large
|
|
environments. Writing disassemblers, debuggers and the like is a pleasure.
|
|
It's also monkey work. But it lets you feel so much about the history and
|
|
design of a platform.
|
|
|
|
I also like network protocols, because you can often see the vulnerability
|
|
potential by reading the specifications already. Protocols are interfaces
|
|
and interfaces are where the bugs live. Also, logging functions love to use
|
|
packet contents and fixed buffers.
|
|
|
|
|=---=[ Personal general opinion about the underground
|
|
|
|
Much. Fucking. Respect.
|
|
|
|
Seriously, what is published is only the tip of an iceberg. Once you talk
|
|
to people, it's simply insane how much knowledge there is. Interestingly,
|
|
I have the impression that little of this knowledge is ever used.
|
|
|
|
One aspect often considered essential in the underground I dislike:
|
|
Owning people fails to impress me. It's like beating people up, everyone
|
|
can do that and none of it makes it an achievement. If you found that
|
|
vulnerability yourself and made a custom exploit, that's an achievement.
|
|
|
|
|=---=[ Personal general opinion about the German underground
|
|
|
|
Regardless of the definition of underground, the hacking scene in Germany
|
|
is very alive and diverse. However, I would love to see more of them
|
|
write exploits.
|
|
|
|
|=---=[ Personal general opinion about the European underground
|
|
|
|
The U.S. is much more visible, but Old Europe kicks their ass any time.
|
|
Just looking at the French scene is scary. If only they would speak
|
|
English ;) And don't even get me started on east Europe and Russia.
|
|
|
|
|=---=[ Memorable experiences/hacks
|
|
|
|
- Finding my first overflow in Cisco IOS TFTP, resisting the urge to post
|
|
it immediately and deciding to write an exploit. Then realizing how much
|
|
of a journey lay ahead of me, since I had never written any exploit
|
|
before.
|
|
|
|
- Writing an exploit that needed to be stable, i.e. work in the wild. After
|
|
weeks of frustration finally understanding that PoC is only 10% of
|
|
exploit development. Halvar saving my ass again with a simple hint.
|
|
|
|
- Being asked by my employer to take the CISSP exam, being initially
|
|
rejected due to my "connections to hackers" as a DEFCON speaker, being
|
|
allowed to take the exam and finding a 12 octet MAC address in a
|
|
question. Finding out afterwards that (ISC)2 probably has more admin
|
|
users on their web servers than paying members.
|
|
|
|
- Asking someone to look at Cisco IOS exploitation after I spent about
|
|
a decade with it and getting my ass kicked in less than a week. True
|
|
talent trumps everything.
|
|
|
|
- Caesar's Challenge over the years: hearing about it, being invited in,
|
|
being told by Caesar that he accepts my solution, welcoming Caesar to
|
|
PH-Neutral.
|
|
|
|
- Being invited to train a team of hackers and later finding out that
|
|
the whole purpose of the exercise was to cure them from their respect
|
|
for me. And it worked.
|
|
|
|
- The nights in Wuxi (China) with the Wuxi Pwnage Team.
|
|
|
|
|=---=[ Memorable people you have met
|
|
|
|
- Halvar Flake
|
|
I have to thank this man for a lot of things in my life.
|
|
|
|
- Sergey Bratus
|
|
A great man with a great vision. He changed how I look at academia and
|
|
hacking. With people like Sergey, there is hope.
|
|
|
|
- John Lambert
|
|
One of the smartest men I've ever met. Just in case you wonder why
|
|
Windows exploitation is so challenging today.
|
|
|
|
- Dan Kaminsky
|
|
Dan and I share a passion for protocols. We first met in 2002, about five
|
|
times, at cons all over the planet, and talked IP(v4). Good times.
|
|
|
|
- ADM, that one summer
|
|
|
|
|=---=| Memorable places you have been to
|
|
|
|
- Idaho Falls
|
|
|
|
|=---=[ Disappointing people you have met
|
|
|
|
Many manufactured or self-styled experts giving presentations at
|
|
conferences. If you didn't write or at least read the code in question,
|
|
shut up. The number of charlatans is unfortunately growing steadily.
|
|
Some would probably count me in that category as well.
|
|
|
|
Also, friends that betray they very people that trust them most.
|
|
|
|
|=---=[ Who came up with the name "Phenoelit" and what does it mean?
|
|
|
|
Nothing to see here, move on.
|
|
|
|
|=---=[ Who are you guys?
|
|
|
|
Just friends.
|
|
|
|
|=---=[ Who designed those awesome Phenoelit t-shirts?
|
|
|
|
I always did the designs for Phenoelit and PH-Neutral. I greatly enjoy
|
|
doing them. For PH-Neutral, the process was that I had to come up with a
|
|
motive and would do all the work, Mumpi watching me, drinking beer and
|
|
complaining. It would not have worked any other way.
|
|
|
|
|=---=[ Phenoelit vs 7350 vs THC?
|
|
|
|
We met 7350 and THC first time at the 17c3 and became friends with several
|
|
of them over time. I sincerely miss 7350, but their time had come.
|
|
|
|
|=---=[ Things you are proud of
|
|
|
|
The team I am blessed to work with.
|
|
|
|
|=---=[ Things you are not proud of
|
|
|
|
- Writing shitty exploits
|
|
- Having a pretty good hand at picking research topics that are not
|
|
relevant to the real world
|
|
- Being strictly single-tasking
|
|
|
|
|=---=[ Most impressive hackers
|
|
|
|
- Dvorak
|
|
- Halvar Flake
|
|
- Philippe Biondi
|
|
- Ilja van Sprundel
|
|
- Anonpoet
|
|
- Greg
|
|
- Last Stage of Delirium
|
|
|
|
This list is biased by me not knowing many of the really impressive
|
|
hackers.
|
|
|
|
|=---=[ Opinion about security conferences
|
|
|
|
Security conferences have been essential for my personal development and I
|
|
still love to go to them. I have a preference for smaller cons, since it is
|
|
more likely to get to talk to people.
|
|
Almost any talk has something for me to take away. But more important is
|
|
the hallway track and going out with fellow hackers.
|
|
|
|
The distinction between hacker cons and corporate or product security
|
|
conferences used to be clear. It is no longer, which is sad.
|
|
|
|
|=---=[ Opinion on Phrack Magazine
|
|
|
|
IMHO one of the most well regarded e-zines in the world, influencing much
|
|
research over the time of its existence. Just look at how many academic
|
|
publications cite Phrack articles. Keep it up!
|
|
|
|
|=---=[ What you would like to see published in Phrack?
|
|
|
|
I think Phrack does just fine. For me, exploitation techniques are at
|
|
the heart of Phrack. I also enjoy reading about environments that not
|
|
many people have access to: control systems of all kinds, for example.
|
|
|
|
Maybe you should aim for more timely releases though.
|
|
|
|
|=---=[ Personal advices for the next generation
|
|
|
|
That implies that I'm old and expired, right?
|
|
|
|
The one advice I would give is: Don't care about the opinion of others when
|
|
it comes to research. It doesn't matter if they think it's cool, you must
|
|
think it's cool. Look for and credit prior art, build on what is there
|
|
already and have fun doing so.
|
|
|
|
And if you really have to use Python, understand that error handling is not
|
|
the same thing as stack traces. Catch your exceptions and handle them, or
|
|
at least display something useful.
|
|
|
|
|=---=[ Your opinion about the future of the underground
|
|
|
|
Predictions are hard, especially when they concern the future.
|
|
|
|
|=---=[ Shoutouts to specific (group of) peoples
|
|
|
|
To the hacker and vx groups of the 80s and 90s, who built the foundation
|
|
of everything we still concern ourselves with today.
|
|
|
|
|=---=[ Flames to specific (group of) peoples
|
|
|
|
To the snake-oil security product vendors, who refuse to innovate and bind
|
|
available talent in signature writing sweat jobs, because that model pays
|
|
them so well. Your "protections" add vulnerabilities to every aspect of
|
|
modern networks, and you know it. The halting problem is UNDECIDABLE!
|
|
|
|
|=---=[ Quotes
|
|
|
|
"Does it just look nice or is it correct?"
|
|
- zynamics developer about a control flow graph
|
|
|
|
"Nine out of the ten voices in my head say I'm not schizophrenic. The
|
|
other one hums the melody of Tetris."
|
|
|
|
|=---=[ Anything more you want to say
|
|
|
|
I would like to thank the Phrack staff for this honor, although I'm still
|
|
convinced there are 0x100 people who deserved it more.
|
|
|
|
|=---=[ A eulogy for PH-Neutral ]=---=|
|
|
|
|
We created PH-Neutral in 0x7d3 as an attempt to bring together the people
|
|
we respected most. We were simply unaware of the other small events that
|
|
already existed. The intention was to have an informal meeting with ad-hoc
|
|
workshops and a great party. We failed at the party, despite a full-blown
|
|
dance floor. However, the people actually worked together and discussed
|
|
their projects and exploits. We were sending out the invitations
|
|
individually by email and I was surprised about the many positive
|
|
reactions. We would not have thought that so many well-known and
|
|
interesting people would actually show up.
|
|
|
|
Over the years, the event grew. Although we kept it invite-only, the
|
|
mechanism for invitations had to consider people that were there in the
|
|
past as well as fresh blood. Therefore, one way or another, it had a snow
|
|
ball effect to it. But in the early years, this was a good thing. There
|
|
was an astonishing amount of innovation going on during the first five
|
|
years. We never expected to see people actually working together. It was
|
|
the time of sharing code and knowledge, of searching for JTAG on a dance
|
|
floor and of the Vista ASLR release.
|
|
|
|
The bigger the event got, the more the focus shifted from hacking to party.
|
|
Since that corresponded with our second initial goal, we did encourage it.
|
|
We really like to party with our friends, and by party we mean actual
|
|
dancing and not just standing around and getting drunk. It was amazing
|
|
to see how well the party developed over the years. Despite the growth,
|
|
it still had a very intimate feeling.
|
|
|
|
Initially meant as a joke during setup of the second PH-Neutral, we had
|
|
decided to not have it run forever. For one, we didn't want to see it going
|
|
down and fading away. When more and more conferences started to show up on
|
|
the map, it only encouraged us to conclude the story of PH-Neutral. It had
|
|
its time and place.
|
|
|
|
The last PH-Neutral 0x7db then proved that the decision was right. It was
|
|
that little bit of too many people that turns a large group of
|
|
international friends into a somewhat anonymous crowd. Although luckily
|
|
not many guests noticed, it changed the way we had to run the event
|
|
completely. Where in the years before, we could hack and party with our
|
|
friends, we had to fire-fight, manage and regulate. That was not the way it
|
|
was meant to be for us, so it was a good time to call it quits.
|
|
|
|
PH-Neutral was made into what it was by the people that participated, more
|
|
so than any other event I know. The people decided on the spin of each
|
|
year's event by how they filled the frame we gave them. It was their
|
|
party and they took it and made it great. Thank you forever!
|
|
|
|
[ EOF ]
|