[ News ] [ Paper Feed ] [ Issues ] [ Authors ] [ Archives ] [ Contact ]

..[ Phrack Magazine ]..
.:: Phrack Prophile on FX ::.

Issues: [ 1 ] [ 2 ] [ 3 ] [ 4 ] [ 5 ] [ 6 ] [ 7 ] [ 8 ] [ 9 ] [ 10 ] [ 11 ] [ 12 ] [ 13 ] [ 14 ] [ 15 ] [ 16 ] [ 17 ] [ 18 ] [ 19 ] [ 20 ] [ 21 ] [ 22 ] [ 23 ] [ 24 ] [ 25 ] [ 26 ] [ 27 ] [ 28 ] [ 29 ] [ 30 ] [ 31 ] [ 32 ] [ 33 ] [ 34 ] [ 35 ] [ 36 ] [ 37 ] [ 38 ] [ 39 ] [ 40 ] [ 41 ] [ 42 ] [ 43 ] [ 44 ] [ 45 ] [ 46 ] [ 47 ] [ 48 ] [ 49 ] [ 50 ] [ 51 ] [ 52 ] [ 53 ] [ 54 ] [ 55 ] [ 56 ] [ 57 ] [ 58 ] [ 59 ] [ 60 ] [ 61 ] [ 62 ] [ 63 ] [ 64 ] [ 65 ] [ 66 ] [ 67 ] [ 68 ] [ 69 ] [ 70 ]
Current issue : #68 | Release date : 2012-04-14 | Editor : The Phrack Staff
IntroductionThe Phrack Staff
Phrack Prophile on FXThe Phrack Staff
Phrack World NewsTCLH
LoopbackThe Phrack Staff
Android Kernel Rootkitdong-hoon you
Happy Hackinganonymous author
Practical cracking of white-box implementationssysk
Single Process ParasiteCrossbower
Pseudomonarchia jemallocumargp & huku
Infecting loadable kernel modules: kernel versions 2.6.x/3.0.xstyx^
The Art of Exploitation: MS IIS 7.5 Remote Heap Overflowredpantz
The Art of Exploitation: Exploiting VLC, a jemalloc case studyhuku & argp
Secure Function Evaluation vs. Deniability in OTR and similar protocolsgreg
Similarities for Fun and ProfitPouik & G0rfi3ld
Lines in the Sand: Which Side Are You On in the Hacker Class Waranonymous author
Abusing Netlogon to steal an Active Directory's secretsthe p1ckp0ck3t
25 Years of SummerConShmeck
International Scenesvarious
Title : Phrack Prophile on FX
Author : The Phrack Staff
                              ==Phrack Inc.==

                Volume 0x0e, Issue 0x44, Phile #0x02 of 0x13

|=------------------------=[ PHRACK PROPHILE ON ]=-----------------------=|
|=------------------------=[  FX of Phenoelit   ]=-----------------------=|

|=---=[ Specifications

           Handle: FX
              AKA: 41414141
    Handle origin: First and last letter of my first name
                   (I had no idea it had a meaning in movie production)
      Produced in: East Germany
             Urlz: http://www.phenoelit.de/
        Computers: Metric tons of them
       Creator of: much crappy and useless code
        Member of: Phenoelit, Toolcrypt
         Projects: PH-Neutral, Phonoelit
            Codez: IRPAS (bunch of tools that somehow still cause havoc)
                   cd00r.c (later called PortKnocking by the copycats)
                   works-on-my-machine exploits
     Active since: late 80s
   Inactive since: unlikely to happen

|=---=[ Favorites

          Actors: don't care
           Films: Hackers (1995) - imagine it actually would be like that
         Authors: Neal Stephenson, Iain M. Banks, Frank & Brian Herbert
        Meetings: Bars
             Sex: ACK
           Books: Computer Security, Time-Life Books (1986), and it began
           Novel: too many to list
           Music: Progressive House Kitsch
         Alcohol: Oh Yes!
            Cars: Mercedes-Benz
           Girls: SYN
           Foods: German
          I like: honesty, pragmatism, realism, tolerance, style, empathy
       I dislike: fakes, aggression, ignorance, senselessness, deception

|=---=[ Describe your life in 3 sentences

Every work day is packed with challenges, great hacks and awesome people.
Every free day compensates with non-security hobbies and sleep.
This sentence is padding.

|=---=[ First contact with computers

At the age of 6 at the computing department of the university of Sofia,
Bulgaria. Didn't leave much of an impression, as I was only allowed to play
a silly game (in CGA color).

Second contact happened at the age of 9 or 10, a Robotron Z9001. It came
without software but with a typewriter made programming manual for BASIC.
I read it cover to cover.

|=---=[ Passions: What makes you tick

Like-minded people: Conversations give me the greatest boost. Let me 
explain something to a person who gets it, and I will have a new idea how
to take it further.

Also, work. That state of a problem where it is no longer fun, but actual
work, to get it where you want it. Not letting go. Stubbornness compensates
for a lot of talent.

|=---=[ Unix or Windows? Juniper or Cisco?

Unix and Windows. I like both, I use both, they both suck in their own
ways. The only thing you will not see me with is anything Apple.

Juniper, Cisco, all networking equipment is broken, Cisco being in the
lead. How can you sell equipment that is in most cases simply forwarding
IPv4 packets from interface 1 to interface 2 since 1987 and still crash on
parsing IPv4 in 2011?

|=---=[ Color of hat?


|=---=[ Entrance in the underground

First contact must have been around 1990. Shortly after the Berlin wall
came down, I got my first 80286 machine and hung out at a computer club in
a Thaelmann Pionieers' (youth organization of schoolchildren in East
Germany) youth center. In a back room, two older guys downloaded infrared
images from Russian satellites. While the download ran, they cracked PC
games for the kids to pass the time. First time I saw a hex dump.

I had the great honor to meet many people that I consider(ed) part of the
real underground. Some of them still are. But I don't think I was ever part
of that myself.

|=---=[ Which research have you done or which one gave you the most fun?

Anything I did was fun at the time, why doing it otherwise? I generally
like fiddling around with Bits and bytes more than hunting bugs in large
environments. Writing disassemblers, debuggers and the like is a pleasure.
It's also monkey work. But it lets you feel so much about the history and
design of a platform.

I also like network protocols, because you can often see the vulnerability
potential by reading the specifications already. Protocols are interfaces
and interfaces are where the bugs live. Also, logging functions love to use
packet contents and fixed buffers.

|=---=[ Personal general opinion about the underground

Much. Fucking. Respect.

Seriously, what is published is only the tip of an iceberg. Once you talk
to people, it's simply insane how much knowledge there is. Interestingly,
I have the impression that little of this knowledge is ever used.

One aspect often considered essential in the underground I dislike:
Owning people fails to impress me. It's like beating people up, everyone
can do that and none of it makes it an achievement. If you found that
vulnerability yourself and made a custom exploit, that's an achievement.

|=---=[ Personal general opinion about the German underground

Regardless of the definition of underground, the hacking scene in Germany
is very alive and diverse. However, I would love to see more of them
write exploits.

|=---=[ Personal general opinion about the European underground

The U.S. is much more visible, but Old Europe kicks their ass any time.
Just looking at the French scene is scary. If only they would speak
English ;) And don't even get me started on east Europe and Russia.

|=---=[ Memorable experiences/hacks

- Finding my first overflow in Cisco IOS TFTP, resisting the urge to post
  it immediately and deciding to write an exploit. Then realizing how much
  of a journey lay ahead of me, since I had never written any exploit

- Writing an exploit that needed to be stable, i.e. work in the wild. After
  weeks of frustration finally understanding that PoC is only 10% of
  exploit development. Halvar saving my ass again with a simple hint.

- Being asked by my employer to take the CISSP exam, being initially
  rejected due to my "connections to hackers" as a DEFCON speaker, being
  allowed to take the exam and finding a 12 octet MAC address in a
  question. Finding out afterwards that (ISC)2 probably has more admin
  users on their web servers than paying members.

- Asking someone to look at Cisco IOS exploitation after I spent about
  a decade with it and getting my ass kicked in less than a week. True
  talent trumps everything.

- Caesar's Challenge over the years: hearing about it, being invited in,
  being told by Caesar that he accepts my solution, welcoming Caesar to

- Being invited to train a team of hackers and later finding out that
  the whole purpose of the exercise was to cure them from their respect
  for me. And it worked.

- The nights in Wuxi (China) with the Wuxi Pwnage Team.

|=---=[ Memorable people you have met

- Halvar Flake
  I have to thank this man for a lot of things in my life.

- Sergey Bratus
  A great man with a great vision. He changed how I look at academia and
  hacking. With people like Sergey, there is hope.

- John Lambert
  One of the smartest men I've ever met. Just in case you wonder why
  Windows exploitation is so challenging today.

- Dan Kaminsky
  Dan and I share a passion for protocols. We first met in 2002, about five
  times, at cons all over the planet, and talked IP(v4). Good times.

- ADM, that one summer

|=---=| Memorable places you have been to

- Idaho Falls

|=---=[ Disappointing people you have met

Many manufactured or self-styled experts giving presentations at
conferences. If you didn't write or at least read the code in question,
shut up. The number of charlatans is unfortunately growing steadily.
Some would probably count me in that category as well.

Also, friends that betray they very people that trust them most.

|=---=[ Who came up with the name "Phenoelit" and what does it mean?

Nothing to see here, move on.

|=---=[ Who are you guys?

Just friends.

|=---=[ Who designed those awesome Phenoelit t-shirts?

I always did the designs for Phenoelit and PH-Neutral. I greatly enjoy
doing them. For PH-Neutral, the process was that I had to come up with a
motive and would do all the work, Mumpi watching me, drinking beer and
complaining. It would not have worked any other way.

|=---=[ Phenoelit vs 7350 vs THC?

We met 7350 and THC first time at the 17c3 and became friends with several
of them over time. I sincerely miss 7350, but their time had come.

|=---=[ Things you are proud of

The team I am blessed to work with.

|=---=[ Things you are not proud of

- Writing shitty exploits
- Having a pretty good hand at picking research topics that are not
  relevant to the real world
- Being strictly single-tasking

|=---=[ Most impressive hackers

- Dvorak
- Halvar Flake
- Philippe Biondi
- Ilja van Sprundel
- Anonpoet
- Greg
- Last Stage of Delirium

This list is biased by me not knowing many of the really impressive

|=---=[ Opinion about security conferences

Security conferences have been essential for my personal development and I
still love to go to them. I have a preference for smaller cons, since it is
more likely to get to talk to people.
Almost any talk has something for me to take away. But more important is
the hallway track and going out with fellow hackers.

The distinction between hacker cons and corporate or product security
conferences used to be clear. It is no longer, which is sad.

|=---=[ Opinion on Phrack Magazine

IMHO one of the most well regarded e-zines in the world, influencing much
research over the time of its existence. Just look at how many academic
publications cite Phrack articles. Keep it up!

|=---=[ What you would like to see published in Phrack?

I think Phrack does just fine. For me, exploitation techniques are at
the heart of Phrack. I also enjoy reading about environments that not
many people have access to: control systems of all kinds, for example.

Maybe you should aim for more timely releases though.

|=---=[ Personal advices for the next generation

That implies that I'm old and expired, right?

The one advice I would give is: Don't care about the opinion of others when
it comes to research. It doesn't matter if they think it's cool, you must
think it's cool. Look for and credit prior art, build on what is there
already and have fun doing so.

And if you really have to use Python, understand that error handling is not
the same thing as stack traces. Catch your exceptions and handle them, or
at least display something useful.

|=---=[ Your opinion about the future of the underground

Predictions are hard, especially when they concern the future.

|=---=[ Shoutouts to specific (group of) peoples

To the hacker and vx groups of the 80s and 90s, who built the foundation
of everything we still concern ourselves with today.

|=---=[ Flames to specific (group of) peoples

To the snake-oil security product vendors, who refuse to innovate and bind
available talent in signature writing sweat jobs, because that model pays
them so well. Your "protections" add vulnerabilities to every aspect of
modern networks, and you know it. The halting problem is UNDECIDABLE!

|=---=[ Quotes

"Does it just look nice or is it correct?"
- zynamics developer about a control flow graph

"Nine out of the ten voices in my head say I'm not schizophrenic. The
other one hums the melody of Tetris."

|=---=[ Anything more you want to say

I would like to thank the Phrack staff for this honor, although I'm still
convinced there are 0x100 people who deserved it more.

                  |=---=[ A eulogy for PH-Neutral ]=---=|

We created PH-Neutral in 0x7d3 as an attempt to bring together the people
we respected most. We were simply unaware of the other small events that
already existed. The intention was to have an informal meeting with ad-hoc
workshops and a great party. We failed at the party, despite a full-blown
dance floor. However, the people actually worked together and discussed
their projects and exploits. We were sending out the invitations
individually by email and I was surprised about the many positive
reactions. We would not have thought that so many well-known and
interesting people would actually show up.

Over the years, the event grew. Although we kept it invite-only, the
mechanism for invitations had to consider people that were there in the
past as well as fresh blood. Therefore, one way or another, it had a snow
ball effect to it. But in the early years, this was a good thing. There
was an astonishing amount of innovation going on during the first five
years. We never expected to see people actually working together. It was
the time of sharing code and knowledge, of searching for JTAG on a dance
floor and of the Vista ASLR release.

The bigger the event got, the more the focus shifted from hacking to party.
Since that corresponded with our second initial goal, we did encourage it.
We really like to party with our friends, and by party we mean actual
dancing and not just standing around and getting drunk. It was amazing
to see how well the party developed over the years. Despite the growth,
it still had a very intimate feeling.

Initially meant as a joke during setup of the second PH-Neutral, we had
decided to not have it run forever. For one, we didn't want to see it going
down and fading away. When more and more conferences started to show up on
the map, it only encouraged us to conclude the story of PH-Neutral. It had
its time and place.

The last PH-Neutral 0x7db then proved that the decision was right. It was
that little bit of too many people that turns a large group of
international friends into a somewhat anonymous crowd. Although luckily
not many guests noticed, it changed the way we had to run the event
completely. Where in the years before, we could hack and party with our
friends, we had to fire-fight, manage and regulate. That was not the way it
was meant to be for us, so it was a good time to call it quits.

PH-Neutral was made into what it was by the people that participated, more
so than any other event I know. The people decided on the spin of each
year's event by how they filled the frame we gave them. It was their
party and they took it and made it great. Thank you forever!

[ EOF ]
[ News ] [ Paper Feed ] [ Issues ] [ Authors ] [ Archives ] [ Contact ]
© Copyleft 1985-2021, Phrack Magazine.