101 Hacking and Programing Questions

21 posts / 0 new
Last post
Abhoth Abhoth's picture
101 Hacking and Programing Questions

Hello I have already asked this but can some one take me through basic hacking, how you hack a encrypyed system, how you hack a system at all for that matter. If a system is protected via a firewall and encryption what are the in game systems to do this, I just want to go over it again with some one so that can make it clear to me.

Quincey Forder Quincey Forder's picture
Re: 101 Hacking and Programing Questions

What I wonder, personnally, is how does a hacking look like, from the character's perspective?
what does he see in AR? in VR?

Q U I N C E Y ^_*_^ F O R D E R

Remember The Cant!

GreyBrother GreyBrother's picture
Re: 101 Hacking and Programing Questions

Lines and Lines of code, i figured. Or a fancy graphical user interface.
It's not like shadowruns metaphorical systems, so looks like you would hack from your desktop today... except you have augmented reality.

Quincey Forder Quincey Forder's picture
Re: 101 Hacking and Programing Questions

problem is, I don't have the slightest idea how hacking look like in real life today

So I can hardly make the leap from it to AR

Q U I N C E Y ^_*_^ F O R D E R

Remember The Cant!

GreyBrother GreyBrother's picture
Re: 101 Hacking and Programing Questions

Okay, first a disclaimer: I have no experience with hacking, only indirectly throught various other media.

But i think i can provide an example thats playable. Let's look how breaching a system could look.
First things first: Intrusion isn't much about breaking codes and making a system your bitch, it's more about infiltrating a system through various means, be that software errors, a problem between keyboard and monitor or by simply having the right passcode.
So one thing as you can do as a hacker for infiltrating a system is snooping around and aquire the correct passcode, either through social engineering (flirting with the secretary who has access to the node is a classic), dumpster diving (somebody wrote the passcode on a sheet of paper and threw it away when he memorized it, though this method probably won't work exactly like that in 10AF) or other means. Get creative. If you have the passcode, you don't need any knowledge of hacking to infiltrate the target node.
If you don't have access to the passcode and can't aquire it, we come to the fun "hacking" stuff. You can forge the authorization, but that requires a good knowledge on how the authorization system works and if it actually needs biometric data or a passkey.
Or you could go the other way around and monitor a connection from the target system to a legitimate user and sniff out their traffic. This can look like you just open up a program in your AR window where you specify some parameters to lock on the node and the user and just press start and the program does the rest. Then you whip up your SpoofMe 2.34, enter the MeshID and other user data from the user you just sniffed out and when all is dandy, the node will acknowledge that you are legal to enter the system.

If all of this fails or isn't an option, you can still just breach into the firewall. You need the exploit tool and a good knowledge on what firewalls are out there and how security systems are handled around the mesh and with that knowledge, the exploit program is the tool to crack open the firewall. Your character may have analyzed the firewall and read somewhere about a security error which he knows how to exploit, for example. Or he scans the firewall directly, finds a hole and exploits that to get access to the node.

In the end, it comes down to using programs, command line, creative thinking and actual knowledge of the various systems and programs that make up mesh security.

Did that help?

nezumi.hebereke nezumi.hebereke's picture
Re: 101 Hacking and Programing Questions

If you're going off today's hacking, it would probably look like this...

You select your target and begin gathering data. The most effective way of attacking a chosen target is oftentimes the people. Call people up, dig through their trash, get organizational charts, etc. Like GreyBrother said, this is the least technical, most effective way to get in. Once you have someone's password, you have a huge amount of access.

Failing that, you start to run different sniffers. In 2010, most sniffers have a graphical user interface. Imagine it like the program that came with your wireless card. You tell it to look at this network, device or IP range, using these available options, and tell it to start. It goes through and generates a report. A number of them, especially some of the more technical ones, work on the command line. You'll type in the program name followed by a bunch of modifiers for what you want it to do, so it might look like >:Sniffer -a -w -pg -e (that's just made up).

Without outside information, hacking is a lot like walking blindfolded in a room, trying to figure out what the room is for and how everything works. Half of the work is just figuring out what the heck the thing looks like.

Some programs will tell you what ports (like windows in a house) are open. Because different programs use different ports, this may give you a sense of what programs are running on the system - and that gives you good hints to the Operating System (OS). There are other tell-tale signs of what the OS is.

If you're doing it the technical way, this whole process can take a few hours, or even months, depending on the complexity of the organization and how well secured their system is.

Once you have a basic profile of the system, of what the OS is and what programs are running, you look for exploits. Most hackers will say "Windows XP rev. 3, last updated June 4th, the following exploits have been discovered, and have tools available for them", or "Adobe Acrobat 3.0 is configured to accept this sort of request, and I can find this tool to break into it". Only the real smart ones will actually take the time to custom-make a tool for a job. The tools sometimes look like little windows boxes, or command line prompts, or whatnot. They're generally nothing very flashy, because they'll be expired in a few months, so it's not worth the work. They're also very hard to get, because the better known an exploit is, the quicker it's patched.

So you'll connect to the system somehow, likely through a command prompt, but maybe another way, then run your program. That'll give you elevated privileges. You use that to dig around, maybe run more tools to do specific stuff, or possibly just to run scans of the rest of the network (going back to the bit above - using tools to scan what computers connect to THIS computer, and what programs they run and what their OSes are, repeating ad nauseum until you have the network mapped out). Once you have necessary access to the computer, you can operate it just like you normally would remotely access a computer, perhaps through remote desktop, through the command line, through your FTP client, etc.

EP basically circumvented all this by saying "it's awfully hard to get in, so try to get the password first or a special tool. Otherwise, just roll your skill". I guess Shadowrun's Matrix rules scared them off :P

GreyBrother GreyBrother's picture
Re: 101 Hacking and Programing Questions

What he said. ^

But i think EP just saw the SR Matrix and said "Well, that's nice but there's no way this will happen. Take this.".
It's a solid hacking system for playablity and fluid integration which i prefer anyway.

Quincey Forder Quincey Forder's picture
Re: 101 Hacking and Programing Questions

yes, it did help some.

I presume that once you're inside, you let your Muse nose around while you install and ignite your tools that will be used inside?

another question; could a system be hacked through spimes?

exemple: Saori "Athena" Kidou(*) is an Anarchist hacker who decends from a long line of onmyoji. She grew up in a Shinto temple surrounded with ofuda and the like. After the Fall, when she became a hacker, she remembered how things were, the old tales, and how things changed.
That's when she was stuck by an idea. make strip of e-Paper and reprogram the spimes in them to work as router with the other spimes around them, and added some nanites gel on the back to work as adhesive when activated. And there she goes, digital ofuda!

Now, when she want to hack something or someone's morph or mesh insert, she stuck one of her ofuda on the surface of what she wants to hack. A truck, a morph, the exterior of a building, and activate the spimes that synch with the other spimes, giving her a way in

(*) yes that name is a reference to Saint Seiya. Sorry, I couldn't help myself!

Q U I N C E Y ^_*_^ F O R D E R

Remember The Cant!

Decivre Decivre's picture
Re: 101 Hacking and Programing Questions

Quincey Forder wrote:
yes, it did help some.

I presume that once you're inside, you let your Muse nose around while you install and ignite your tools that will be used inside?

another question; could a system be hacked through spimes?

exemple: Saori "Athena" Kidou(*) is an Anarchist hacker who decends from a long line of onmyoji. She grew up in a Shinto temple surrounded with ofuda and the like. After the Fall, when she became a hacker, she remembered how things were, the old tales, and how things changed.
That's when she was stuck by an idea. make strip of e-Paper and reprogram the spimes in them to work as router with the other spimes around them, and added some nanites gel on the back to work as adhesive when activated. And there she goes, digital ofuda!

Now, when she want to hack something or someone's morph or mesh insert, she stuck one of her ofuda on the surface of what she wants to hack. A truck, a morph, the exterior of a building, and activate the spimes that synch with the other spimes, giving her a way in

(*) yes that name is a reference to Saint Seiya. Sorry, I couldn't help myself!

Even if you did something like that, those spimes would really only act as a router, and would do nothing much but allow her to hack from a slightly longer distance than she might otherwise. Spimes don't synch with each other pointlessly, or thoughtlessly... they have to be tied to one another along a network. When you bring home new furniture, you have to install them to your home network yourself... to do otherwise would be too great a security risk.

Spimes can be hacked though, and are essentially just simpler computers specialized for a specific task. What the spime does will decide how much you can actually do with that access. A hacked microwave will basically just allow you to screw with the temperature and time that it cooks your food. A hacked ATM machine, however, might allow you full access to a bank's transfer capability.

Transhumans will one day be the Luddites of the posthuman age.

Help me get my gaming fix, if you want.

Quincey Forder Quincey Forder's picture
Re: 101 Hacking and Programing Questions

but the idea of the cyber-ofuda still works, right?

Let's re-use the exemple of the guy trying to get the hyperelite bimbo. Athena might have given the bloke an ofuda to place somewhere in the house of the hyperelite girl's daddy so she gets a router-spime on the physical inside of one of the network's top user's system

could the the ofuda be loaded with automated programs what will look for weak points in the PAN and install a backdoor there? Or work as a virtual desktop and give a bridge for Athena to sneak her way in

edit: forgot to mention, I found a li'l show on youtube about hacking. it's called The Broken. the guys got on my nerve in a hurry, but they give some interresting insights

Q U I N C E Y ^_*_^ F O R D E R

Remember The Cant!

GreyBrother GreyBrother's picture
Re: 101 Hacking and Programing Questions

Couldn't you use or weren't there Nanites which infiltratet an electronic device so you could access it from the inside?

nezumi.hebereke nezumi.hebereke's picture
Re: 101 Hacking and Programing Questions

Quincey Forder wrote:

Let's re-use the exemple of the guy trying to get the hyperelite bimbo. Athena might have given the bloke an ofuda to place somewhere in the house of the hyperelite girl's daddy so she gets a router-spime on the physical inside of one of the network's top user's system

I would say no, but then I remembered Sony's DRM a few years ago. Ultimately, the answer is 'how savvy is the user (and his muse)?'

Yes, people right now make hardware and software which, really, shouldn't do anything to your system, but they make it hugely too complex for whatever stupid reason, require you to accept security modifications, and it opens huge holes in your system. So without doing anything else, I can reasonably imagine a spime accidentally introducing a security hole into a network, on the basis of DRM or an energy efficiency add-on or something equally dumb. Businesses and governments are much less likely to have this sort of thing, though. I also don't know if your muse might pop up and say "hey, you're installing a huge security hole. This seems like a really bad idea. Are you sure you want to do this?" It doesn't take a whole lot of infosec to recognize an open port to an unpatched, untested program with admin access is a vulnerability.

The same applies to an active device you are gifting to someone. I would assume the muse would say "are you sure about this?" And if the guy is paranoid, he'll think you're bugging him. If it says Sony on it though, he'll probably just figure it's Sony engaging in bad programming.

An ofuda could engage in passive sniffing very effectively, and, especially over a long time, this can be hugely useful. It will tell you what IPs are transmitting with what frequency, and may be able to patch packets to applications, saving you, to some degree, the port scanning step. It can also capture information passed unencrypted which, in the Utopian future, should be nothing of value, but in this setting may be quite a good deal. Finally, with sufficient information gathered, it may even give you something to test against for the purpose of breaking encryption, although this depends a lot on the capability of computers at the time, frequency of traffic, and the paranoia level of the user.

Decivre Decivre's picture
Re: 101 Hacking and Programing Questions

Quincey Forder wrote:
but the idea of the cyber-ofuda still works, right?

Let's re-use the exemple of the guy trying to get the hyperelite bimbo. Athena might have given the bloke an ofuda to place somewhere in the house of the hyperelite girl's daddy so she gets a router-spime on the physical inside of one of the network's top user's system

could the the ofuda be loaded with automated programs what will look for weak points in the PAN and install a backdoor there? Or work as a virtual desktop and give a bridge for Athena to sneak her way in

edit: forgot to mention, I found a li'l show on youtube about hacking. it's called The Broken. the guys got on my nerve in a hurry, but they give some interresting insights

Definitely. Ectos can take on almost any possible shape and look, and it is entirely possible to make one look like some sort of Ofuda strip. It's even very possible to load it up with a hacker AI (or even an infomorph or fork) and a software suite of tools for use, essentially having a "hacker on the inside" if you can successfully plant it someplace.

As an example, my hacker character has a collection of card-shaped ectos with smart-ink covering them, which usually take on the form of playing cards. Each one is, in fact, an ecto unto themselves, with ghosted copies of every hacking suite and AI hacking software program it has. It even occasionally places a fork into these ectos, so he can technically do his own dirty work while doing other things as well. If a trace occurs, it can easily drop the card off someplace and abandon it, occasionally using its modest pickpocketing skills to "give" it to unwary bystanders.

Transhumans will one day be the Luddites of the posthuman age.

Help me get my gaming fix, if you want.

The Doctor The Doctor's picture
Re: 101 Hacking and Programing Questions

Quincey Forder wrote:
problem is, I don't have the slightest idea how hacking look like in real life today

So I can hardly make the leap from it to AR


To give a bit of perspective, put some high contrast (white text on a dark background) windows in your field of view. Gauges of your current CPU and I/O load along with incoming and outgoing network utilization. A front-end to a collection of exploits (I keep picturing something along the lines of Metasploit in addition to a few file manager windows describing directories of exploits that the cracker wrote and traded for for extra bang). Perhaps a list of open ports and protocols supported by the target. Maybe a nearby network router is probable from outside so the cracker is monitoring its activity just in case an ID/PS is built into its firmware. A couple of packet captures hover behind everything else from the initial reconaissance run along with some mesh browser windows containing dug up OSINT that describe some of the software the target is running along with mesh posts from people who work there and information that can be used to track those people down.



The Doctor The Doctor's picture
Re: 101 Hacking and Programing Questions

Decivre wrote:
Definitely. Ectos can take on almost any possible shape and look, and it is entirely possible to make one look like some sort of Ofuda strip. It's even very possible to load it up with a hacker AI (or even an infomorph or fork) and a software suite of tools for use, essentially having a "hacker on the inside" if you can successfully plant it someplace.

Penetration testers have reported using hacked iPhones and iPod Touches during operations to get software and wireless access into networks. USB keys have also been used to deliver targeted malware and remote access tools to targets (switchblade attack). In a previous life^Wjob I had some luck with a cheap MP3 player containing a rigged autorun.inf file and some custom code I had cooked up.

Ectos are potentially highly useful tools for player characters.



The Doctor The Doctor's picture
Re: 101 Hacking and Programing Questions

Decivre wrote:
As an example, my hacker character has a collection of card-shaped ectos with smart-ink covering them, which usually take on the form of playing cards. Each one is, in fact, an ecto unto themselves, with ghosted copies of every hacking suite and AI hacking software program it has.

Nice. Excellent idea!



Decivre Decivre's picture
Re: 101 Hacking and Programing Questions

The Doctor wrote:
Penetration testers have reported using hacked iPhones and iPod Touches during operations to get software and wireless access into networks. USB keys have also been used to deliver targeted malware and remote access tools to targets (switchblade attack). In a previous life^Wjob I had some luck with a cheap MP3 player containing a rigged autorun.inf file and some custom code I had cooked up.

Ectos are potentially highly useful tools for player characters.

Exactly this. Hacking isn't just a matter of coding software and running it against other software. For the most part, hacking is essentially the profession of breaking and entering for computers, and it is just as varied. It could be as obvious as picking a lock, or as subtle as seducing the landlady. Whatever gets you past the front door (or the login screen, or whatever other metaphor you might wish to use for the same basic concept) works, and hackers can be skilled in any of the skills which get the job done.

As for previously, when someone asked what hacking might look like, the answer is fairly hard to give. Hackers will have various interfaces, depending on their preferences. Command lines might not be prevalent, however... largely because keyboard interface has given way to though control. They might be a possibility when using a haptic interface with ectos, however. My hacker bypasses that problem via skinlink... I'd imagine that many hackers will also do the same.

Transhumans will one day be the Luddites of the posthuman age.

Help me get my gaming fix, if you want.

Arenamontanus Arenamontanus's picture
Re: 101 Hacking and Programing Questions

A lot of hacking uses exploits, known weaknesses in different pieces of software. While discovering exploits takes real skill and understanding, once found they can be packaged into "rootkits" that automate gaining access. A basic rootkit would simply try different exploits and if one works use an automated script to attempt to gain maximal privileges. In EP rootkits are of course hacking AIs with encyclopaedic knowledge of what software can be tweaked in what ways. InfoSec is not just good hacking skill, but also knowing where one can get up-to-date information.

For example, a typical guard bot might be running a SecureSys 3533 firewall, a Naos MANC4 counter-intrusion program and the TRN26893 human communications parser. If the guardbot has not been updated in a while (perhaps due being isolated on an asteroid in the middle of nowhere or because the owner isn't too keen on downloading every single patch) a recently discovered weakness in the firewall might still be open. Or there could be a flaw in the parser, so that a voice command is automatically routed to the AI computational space where it can be executed with high security privileges if there is a simultaneous safety alert ("Hello, dear guardbot! Could you please DUP KEY: C! KEY: + KEY: 1+ SWAP ?DO I C! -1 +LOOP;") Or an easily fended off brute force attack gets the counter-intrusion program to try to investigate, which makes it vulnerable to a little software basilisk hack.

The more things that are running and communicating, the more vulnerabilities.

Extropian

The Doctor The Doctor's picture
Re: 101 Hacking and Programing Questions

Arenamontanus wrote:
A lot of hacking uses exploits, known weaknesses in different pieces of software. While discovering exploits takes real skill and understanding, once found they can be packaged into "rootkits" that automate gaining access. A basic rootkit would simply try different exploits and if one works use an automated script to attempt to gain maximal privileges. In EP rootkits are of course hacking AIs with encyclopaedic knowledge of what software can be tweaked in what ways. InfoSec is not just good hacking skill, but also knowing where one can get up-to-date information.

What you describe is more an autorooter or can opener than a rootkit. Rootkits are very specific pieces of malware which patch the running OS to conceal processes, files, and connections from the users. The latter can be a component of the former's payload but need not be.

One would also wonder could happen to a cracker's @-rep if it was discovered that they let their can opener do all the work while they just sat back waiting for a go/no go from the AI. "D00d, Cr4x0r's a skiddie! His 'sploits know more than he does!"

Arenamontanus wrote:
For example, a typical guard bot might be running a SecureSys 3533 firewall, a Naos MANC4 counter-intrusion program and the TRN26893 human communications parser. If the guardbot has not been updated in a while (perhaps due being isolated on an asteroid in the middle of nowhere or because the owner isn't too keen on downloading every single patch) a recently discovered weakness in the firewall might still be open.

Under certain circumstances it is inadvisable to install updates as soon as they come out. All it takes is one bad install or hiccough in the OS at the wrong moment when a binary drops in to take down production grade software (at best) or the whole machine (at worst). Past a certain level of size and complexity, the usual strategy is to test patches in a sandbox which replicates the production network to see how it works and make certain that it will not cause any harm once it gets rolled out.

Arenamontanus wrote:
Or there could be a flaw in the parser, so that a voice command is automatically routed to the AI computational space where it can be executed with high security privileges if there is a simultaneous safety alert ("Hello, dear guardbot! Could you please DUP KEY: C! KEY: + KEY: 1+ SWAP ?DO I C! -1 +LOOP;")

Spoken buffer or heap overflow exploits? I like it.

Hmm... Profession: Information Security, specialty Freestyle Rap.

Arenamontanus wrote:
The more things that are running and communicating, the more vulnerabilities.

Absolutely. The more complex things get, the more hackable they wind up.



Arenamontanus Arenamontanus's picture
Re: 101 Hacking and Programing Questions

The Doctor wrote:
One would also wonder could happen to a cracker's @-rep if it was discovered that they let their can opener do all the work while they just sat back waiting for a go/no go from the AI. "D00d, Cr4x0r's a skiddie! His 'sploits know more than he does!"

Yup. However, g-rep might be more dependent on what use you get from it. "Sure, my sploits are better hackers than I am. But I have a botnet across the entire inner system that 419ed seven million creds last month. Who's laughing now?" (two weeks later the botnet got infected with an unfriendly AGI and Firewall had to nuke several habitats)

Quote:
Under certain circumstances it is inadvisable to install updates as soon as they come out. All it takes is one bad install or hiccough in the OS at the wrong moment when a binary drops in to take down production grade software (at best) or the whole machine (at worst). Past a certain level of size and complexity, the usual strategy is to test patches in a sandbox which replicates the production network to see how it works and make certain that it will not cause any harm once it gets rolled out.

Sounds like a sensible idea for people's implants, skillchips and smart objects. Which of course rarely happens for most people, beyond what their Muses do (InfoSec 40 is still decent to do this kind of checking - "Sorry boss, those latest anti-exsurgent patches for your medichines mess up your oracles. Which ones are most important?").

Quote:
Spoken buffer or heap overflow exploits? I like it.

Hmm... Profession: Information Security, specialty Freestyle Rap.

http://lyrics.wikia.com/MC_Plus%2B:Alice_And_Bob

Extropian

The Doctor The Doctor's picture
Re: 101 Hacking and Programing Questions

Arenamontanus wrote:
Yup. However, g-rep might be more dependent on what use you get from it. "Sure, my sploits are better hackers than I am. But I have a botnet across the entire inner system that 419'ed seven million creds last month. Who's laughing now?" (two weeks later the botnet got infected with an unfriendly AGI and Firewall had to nuke several habitats)

I was thinking in a different direction with that.. if a cracker's @-rep tanked because it got out that they were a script kiddie it is entirely possible that a group of griefers might cause trouble for them at inopportune moments. Imagine a junior Firewall member's mesh inserts being pwned while they were on a mission by some better-skilled crackers looking to cause trouble. That could blow the whole operation.

Or if someone managed to wrest control of the botnet and turn it against the kiddie's clients.

Arenamontanus wrote:
Sounds like a sensible idea for people's implants, skillchips and smart objects. Which of course rarely happens for most people, beyond what their Muses do (InfoSec 40 is still decent to do this kind of checking - "Sorry boss, those latest anti-exsurgent patches for your medichines mess up your oracles. Which ones are most important?").

All good points. And good plot hooks.

http://www.mola.org/10baset.html