I remember in high school, the computers where running windows 95. They used this shell hacking "protection" software called Fortress. It worked by hiding buttons and menus and trying to prevent you from opening up various apps or clicking certain files in common dialog boxes.
My first "hack" was just a boot disk that simply copied fortress.exe to another directory (a little choice.exe with autoexec.bat magic).
The second hack came later. The computers were upgraded to Windows 98 and my autoexec.bat trick stopped working because of a BIOS password. Thankfully the machines came with Word which had nice shinny feature called Visual Basic for Applications. Most of the shell was hacked to hide menues still in Fortres 2.0 but good old VBA was still accessible. Using VB I could call Win32 apis and it was just a few calls to enumerate and kill the startup entries for fortress in the registry.
The best part of this was that it was all sanctioned activities sort of. The IT department was in a central building downtown (30 minutes away from our school) and who was always a pain to work with for the teachers. Their gradebook apps failed under fortress and even their teacher passwords failed to disable all the shell hacks. Shutting off fortress was the only compatible way to get things to run correctly for the teachers.
At first when the local IT department found out, they laughed, but then later got upset when the disk of my magic word document spread. It was making it's way across the district via email lists.
At some point in the school year I got accused of spreading 'a virus' to other students that allowed them to download 'warez' on school computers. Apparently fortress was the only thing preventing kids from using WinPopUp and windows NT messenger to send broadcast messages to all desktops across the network.
I tried to fight it and explain exactly how the thing worked and the silliness of shell hack in the first place. It didn't work. The Principal said I was hacking regardless and suspended me. After getting the suspension (and after they called my parents who knew before I did and were very upset already), I quickly called the computer programming teacher (who knew knew C++ and VB and had previously been an assistant for in my sophomore year). He called the principle and super and explained that I was not hacking and that I was 'improving productivity' and that the IT department's policies were hindering teachers. I got out of the suspension by the super the next day but no apology was given. Just a stern "stop hacking" the next week when I got back.
I was later voted most likely to succeed by my class. Apparently in a class size of 1200+, I was well known for my exploits.
My internet forebears had already catalogued most of Fortres' flaws by the time I became familiar with it, but most of the holes had been closed upstream. The one obvious chink in the armor that still remained was their "Backdoor Password"
If you keyed Ctrl+Shift+Esc, an Unlock dialog would pop up and prompt you for the admin password. Alternately, there was a 6 digit integer in the titlebar that you could give to Fortres customer support and they would give you back a corresponding 6 digit unlock code. Some enterprising individual had figured out this algorithm and published the VB(6?) source for a keygen application.
My contribution to The Fight was a port of the keygen to the TI-83+ (it was a very prevalent platform at the time). No acclaim ever came to me for the port however; after I experienced the IT personnel rage when they discovered a classroom full of un-hobbled PCs, I decided to keep the authorship a secret.
My High School had fortres installed, and I recall that one day, another student came to school with the latest issue of 2600 magazine, which contained the necessary code to crack the fortres backdoor from a TI-86 calculator. From that day forward, high school computer classes got a lot cooler.
Coincidentally I did some TI-83/84 hacking my self and went to go work for TI after school in the education/productivity group on that same calculator line.
I knew of the secret fortres screen but didn't know there was any keygens out there. Heh.
Open up "DEBUG" in a DOS prompt, and write a few-line assembly loop that writes increasing register numbers to port 70h (register select), and 0 to port 71h (value) -- to reset CMOS memory with all 0's.
Then you can just enter BIOS to set it all up from scratch.
I've personally seen a BIOS implementation (on an HP computer, I think) that would let you in if you typed in an incorrect password three times. That was pretty hilarious, maybe the programmers thought that nobody would be that tenacious?
"Fortunately", back in the days when I was at school, the BIOS tended to have backdoor passwords that were easily googleable. That stopped working eventually, but then I happened to procure for myself a second-hand school computer which turned out to have the BIOS password still set when I bought it. Short work to then run a tool to read the password directly from CMOS.
I've forgotten what it was, but for all I know they're still using the same password. Oh, the lengths I went to to run linux livecds...
Funny that you did it this way - I just wrote a single byte using 'o' directly from the prompt, which was enough to ruin the checksum and cause the bios to reset to defaults.
High school CS was my first exposure to what 'hacking' usually is. Grade 11, we were learning VB6 (don't ask). Our term project was to make a game, and three of us decided that we wanted to make a top-down shooter that had networked multiplayer. We soon figured out that only teacher accounts could see other computers on the network, so the obvious solution was to obtain the teacher password. Cue 48 hours straight of my poor 200Mhz Pentium Pro (with MMX!) trying to crack the SAM file, with no success. Frustrated, I was in the lab after school and went to grab a paperclip from the teacher's desk to reset the BIOS password. Open the drawer, and what do I see? The teacher's login and password written on a sticky note.
The game actually kicked ass, and the teacher never did figure out how we made the multiplayer work. We told him "it uses socks".
> I was later voted most likely to succeed by my class. Apparently in a class size of 1200+, I was well known for my exploits.
I know, off topic, but I'm really wondering. You guys have "who's the smartest kid" elections in high schools? Which country is that? What's the idea behind these things?
Reminds me of my high school days, though I don't recall the software being named Fortress. I'm thinking it was something else, but same idea. Eventually the teachers gave a small group of us formal access to disable it as they realized we weren't out to be malicious, only wanting to make full use of the computers.
My school used one called "PC Lockout". It wasn't long before the necessary DEBUG.EXE commands to switch a strategically chosen JNZ to a JZ were being distributed.
I recall that Fortres had an admin password common to all installations, so that their support people could access and troubleshoot machines. The "quick and dirty" way to get past the app, I guess.
Our staff also didn't find "net send *" very amusing...
My first "hack" was just a boot disk that simply copied fortress.exe to another directory (a little choice.exe with autoexec.bat magic).
The second hack came later. The computers were upgraded to Windows 98 and my autoexec.bat trick stopped working because of a BIOS password. Thankfully the machines came with Word which had nice shinny feature called Visual Basic for Applications. Most of the shell was hacked to hide menues still in Fortres 2.0 but good old VBA was still accessible. Using VB I could call Win32 apis and it was just a few calls to enumerate and kill the startup entries for fortress in the registry.
The best part of this was that it was all sanctioned activities sort of. The IT department was in a central building downtown (30 minutes away from our school) and who was always a pain to work with for the teachers. Their gradebook apps failed under fortress and even their teacher passwords failed to disable all the shell hacks. Shutting off fortress was the only compatible way to get things to run correctly for the teachers.
At first when the local IT department found out, they laughed, but then later got upset when the disk of my magic word document spread. It was making it's way across the district via email lists.
At some point in the school year I got accused of spreading 'a virus' to other students that allowed them to download 'warez' on school computers. Apparently fortress was the only thing preventing kids from using WinPopUp and windows NT messenger to send broadcast messages to all desktops across the network.
I tried to fight it and explain exactly how the thing worked and the silliness of shell hack in the first place. It didn't work. The Principal said I was hacking regardless and suspended me. After getting the suspension (and after they called my parents who knew before I did and were very upset already), I quickly called the computer programming teacher (who knew knew C++ and VB and had previously been an assistant for in my sophomore year). He called the principle and super and explained that I was not hacking and that I was 'improving productivity' and that the IT department's policies were hindering teachers. I got out of the suspension by the super the next day but no apology was given. Just a stern "stop hacking" the next week when I got back.
I was later voted most likely to succeed by my class. Apparently in a class size of 1200+, I was well known for my exploits.