Nothing is ever FoolProof(tm) because fools are so inventive
From the 'Sordid Tales of High School' department.
'Hacking Wimpy Macintosh Security Programs in A Few Easy Steps'
There is a truism that the weakness in any given security system is the
people. That computers are so much better at being secure that it's not
even funny. This is generally true, but not necessarily accurate for
systems such as Windows (which is inherently insecure) and Macintosh
(which never had any pretentions about security to begin with). The
Mac system is not an inherently secure platform, in that it's rather
difficult to prevent anyone able to sit down at the machine from doing
whatever they bloody well please. This does not, however, stop people
from trying.
At the high school in which I spent grades 10-12, we had a big ol' lab
of nice Macintosh computers, a lot of old SE and Plus models, in addition
to a brand new bunch of Performa somethingorothers. Nice machines. Great
for playing games on. Except, of course, that there was a strict
'no-computer-games' policy. But, egads! How to prevent people from playing
games (which they were doing) on these wonderful, shiny new computers,
without having to have someone sit in there as a lab monitor?
The answer they chose was a software program called FoolProof(tm). I scoff.
It was not a particularly well written program, but even then, it could have
probably stymied me successfully if it hadn't been for the fact that it wasn't
properly installed. Properly set up, FoolProof(tm) would have prevented
someone from doing the obvious thing of going into the system folder and
clobbering its nifty little files. Whups! Next time, read the manual... Being
an enterprising young fellow, I not only whacked copies of FoolProof(tm)
whereever I discovered them (and with un-secured AppleTalk, it was trivial to
purge the entire school network), but I made copies of the FoolProof(tm)
system 'cdev' ('control device', one of the two types of Macintosh system
add-ons), plus the FoolProof(tm) Administrator that had foolishly been left
on the hard drive.
Someone finally figured out that reading the manual would be a wise move,
and security began to tighten. Clearly, more thoughtful methods of hacking
would be required.
Having access to all the programs themselves, I popped open the source code
editor in my favorite program, ResEdit(tm). This was a nifty feature that
did a partial decompile of the binary source, at least enough so that you
could see where all the loops, procedure calls, et cetera, were inside the
code. Very helpful. And so I set down to hack.
It was not at all like a movie, instead it was me slooooowly looking through
the binary, watching where the procedures went, what they were named, etc,
until I had grasped what this program was doing. I then realized that the
person who wrote it was an idiot.
A note to programmers out there: If you're going to write a program that
checks passwords, don't make the procedure call have a handy little tag
in the source that names it clearly as 'CheckPassword'. Verify that your
compiler does not do this.
'Hm,' I thought. 'CheckPassword? Wonder what happens if I replace the
procedure calls with NOPs.' (NOP is assembler for 'No Operation', in other
words, 'do nothing'. It's useful for whiting out things in the source code
because straight-out deleting them would change the checksums, the source
length, etc, etc.)
What happened was that it no longer checked for the password and I could
now run the program and access all administrative functions of the security
software without having a clue what Mr. Password was. Whups.
A second note to programmers out there: Password checks should always
be positive verification. The code in the FoolProof(tm) Administrator no
doubt looked like this:
validPassword=true;
checkPassword(validPassword);
if (validPassword==false) { becomeSnarky(); }
In other words, don't write code that assumes the user is valid unless
they behave invalidly.
Now, at this point, I *could* have been rather hideously evil. After all,
I had a valid copy of the Administrator, which meant I could have locked
out all the machines and changed the passwords (after all, the Administrator
would assume I had already entered the valid old password... and if not,
I could take out THAT check, too!). However, if I was too smart,
it would be obvious who it was... so I bided my time, content to have the
run of the network without anyone knowing.
Who says school never teaches you anything interesting?
Tomorrow: Comic books.
Rant 'o the day contains no additives, preservatives or
small woodland creatures of any kind. Use only as directed. Do not expose to
direct sunlight. Do not fold, spindle, multilate or remove identifying tags.
Handle with care. Contains less than 3% milk fat by weight, not by volume.
Squeeze the lemon.
THIS SPACE FOR RENT