/-------------------------------------------------------/
/ In real life : Dejan Rogic /
/ Fakultet organizacije i informatike /
/ VARAZDIN /
/ Phone:+385 51 812 278 /
/ e-mail: drogic@barok.foi.hr /
/-------------------------------------------------------/
---------- Forwarded message ----------
Date: Mon, 20 Jan 1997 10:55:44 GMT
From: Hrvoje Crvelin <crv@efri.hr>
To: Dejan Rogic <drogic@barok.foi.hr>
Cc: Dragan Popadic <popadic@erc.riteh.hr>, Igor Varljen <igor@efri.hr>,
Marina Janko <mjanko@barok.foi.hr>, Ratko Mladenic <ratkom@efri.hr>,
vedran@osiguranje.com
Subject: telnet coffe machine or nowadays hackers
-----BEGIN PGP SIGNED MESSAGE-----
Originial advisory released Feb 2 '96 to select building hackers -
Re-released Jan 14th 97 to the general public.
LLL 00000000 PPPPPPPP HHH HHH TTTTTTTTTTTT
LLL 00 000 PPP PP HHH HHH TTT
LLL 000 0 000 PPP PPP HHH HHH TTT
LLL 000 0 000 PPP PPP HHHHHHHHHHH TTT
LLL 000 0 000 PPPPPPPP HHH HHH TTT
LLLLLLL 0000 000 PPP HHH HHH TTT
LLLLLLLL 00000000 PPP HHH HHH TTT
Who says we don't have a sense of humor!
First you were given Monkey, the MD4/MD5 s/key cracker program that
works with either sniffer logs or /etc/skeykeys data. Next you
were told of a blatant flaw in the current implementation of Security
Dynamics' SecurID card where you can trivially predict the passcode
of a person about to log in (oh so sorry, did we forget to post that
one?). Lotus Domino was cakewalk for Weld as he cut-and-pasted his
way to spoofing their server. Sendmail 8.7.5 stayed in place pretty
long until we finally brought its demise. Kerberos 4 turned out to be
the hackers friend. This month a hack close to the heart of computer
enthusiasts everywhere is unveiled (complete with ascii art!).
Inspired by the lack of truly K-RAD G-Philes floating around out
on the net, following in the style of such greats as the Stoner's
Hymnal and the Countlegger files. We'd mention the influence of greats
such as cDc but that should go without saying! L0pht Heavy Industries
presents:
How to scam coffee from FILTER FRESH coffee vending machines. [trust
us about this fun one as next week the potato-head hits the
proverbial fan with a couple of big companies - besides we needed the
caffeine to take on the upcoming giants]
HINT_HINT_HINT_HINT_HINT_HINT_HINT_HINT_HINT_HINT_HINT_HINT_HINT
Before you go on, re-read that last paragraph - paying special
attention to the last part!!!
HINT_HINT_HINT_HINT_HINT_HINT_HINT_HINT_HINT_HINT_HINT_HINT_HINT
The motivation:
- ---------------
Suppose you don't work at Microsoft, Sun, or any of the companies
that provide free hot caffinated beverages to their employees. It's a
sad day when you find yourself at work (or scrounging around someone
elses place of employment... I dunno, perhaps leaving a portable
sniffing laptop up in the acoustic ceiling tiles) around 2am and the
only coffee available is from a FILTER FRESH vending machine. It's
even sadder when you are being asked to deposit .55 cents for an 8oz.
cup of really poor java.
The culprit:
- ------------
The particular model under scrutiny is relatively distinctive. It
stands about 2' tall and about 1.5' wide with a section on the bottom
left to insert your cup for the monstrosity to spit joe into. The
upper left corner will most likely have an emblem similar to the
following.
--------------------------------------
| ....... |
| ******* |
| FILTER FRESH ##### |
| &&& |
| Coffee Excellence ! |
| |
--------------------------------------
Beware! There are two main different models of these. One exhibits
the 'flaw' while the other doesn't. Both have LED/LCD displays in the
upper left corner that spout the following message in stand-by mode.
Right next to it is a button labeled 'Start'.
------------------- -------
| For this choice | | |
| Insert $.55 | | Start |
------------------- -------
Or some similarly outlandish price for a cup of coffee. Remember,
above all else, coffee wants to be free!
Both models also have the standard selection of 'cell-membrane' style
buttons to the right of the logo and under the LED/LCD.
-----------
| cup size | Coffee Hot Water
| ------- | ------------------------------------ --------------
| | / | | -------- -------- -------- -------
| |/ sml | | | / | | / | | / | | / |
| | | | |/ | |/ | |/ | |/ |
| ------- | | Coffee | | Decaf | | 50/50 | | Water |
| ------- | -------- -------- -------- -------
| | / | | -------- -------- -------- -------
| |/ lrg | | | / | | / | | / | | / |
| | | | |/ | |/ | |/ | |/ |
| ------- | | Mild | | Medium | | Strong | | Carafe|
----------- -------- -------- -------- -------
--------- ---------
| / | | / |
|/ Hot | |/ Mocha |
|Chocolate| | Java |
--------- ---------
One model will have the buttons 'Hot Chocolate' and 'Mocha Java' while
the other model does not. This scam has worked on most of the machines
that *do* have the extra buttons (at least that I've come across).
NOTE: sometimes the pad connectors are still there but the pads are
not. On the machines that normally do not have these extra buttons
you will only see one hole for a led. On machines that would normally
have these buttons you will find holes for two led's.
The Flaw:
- ---------
It seems it is a default software setup (firmware?) as it comes from
the distributor.
The exploit:
- ------------
The machine will undercharge you for the same selection if you specify
carafe. To wit:
1) press the "coffee" button.
2) press the "strong" button (hey, it's gonna taste nasty no matter
what you pick... You didn't think it was _really_ fresh did
you?!?. Might as well get a caffeine kick out of it).
3) press the "carafe" button.
The LCD/LED will change it's display to:
------------------
| Press 'carafe' |
| for each cup |
------------------
4) deposit your .25 cents
5) press the 'start' button.
You just saved your scrawny little ass .30. If you are a poor sod
who is unfortunate enough to work at a company with these
monstrosities and don't have other means for coffee at odd hours you
can save yourself a small bundle over the period of a single month.
Month X = 30 days
Weeks in month ~4
Work days in month 20.
Cups of shitty coffe consumed per day = 4
Normal price = 20 X 4 X .55 = $40
New Improved price = 20 X 4 X .25 = $20
Hey, that's a case of the _good_ beer you just saved for! Maybe that
will help you to forget you work in such a sweat house!
[note to our friends at Filter Fresh Co.:
Don't buy us! We aren't very thrilled with your coffee. We also do
_not_ want you to send us scantilly clad women as we don't think
you would do a much better job choosing them. We will not
continue to drive you insane by picking apart your coffee kiosks and
posting the exploits publicly to the world. You can send money
if you feel like it. It will be used to help switch various l0pht
members over to decaf corinthian coffee. Actually, that last line
is a lie as all we drink is beer and Coca-Cola... ahhh we give up,
Scriptors of Coffee we ain't. This one goes out to the SOD guys:
come back from vacation! We can't stand the boring nothingness that
each day brings without your p1mpin sk1llz.]
The guys and gals (hi Meg!) at L0pht Heavy Industries.
MOTD: "Careful now. Ya'll might tip over da trailer!" - Raven
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: cp850
iQCVAwUBMuKsWosoybE0rGOlAQGhgQP/fHX3KYb9umGRKZc+GOTEJD2FYRz2EChT
ZVhHcd7xKGpnPJOJ2vpxNADJwaW/jB9wWWb1H4EOzWBuMnqpYquAvFj8AGlDUHpN
/0597MSJIOpUOfk5MhxqNJPNiX111nuVTX58VYl+gb3Ssq4SeA0vhhYyhIYECgaM
qdlbXv9HtNI=
=d1VE
-----END PGP SIGNATURE-----
Recent Comments