ulTRAX'S ARCHIVE

NEWSGROUP POSTS



THE END OF HACKING

Created: 11-26-00. Page design and Entire Site © ulTRAX@webtv.net.
NOTE: These discussions may contain inaccurate information and uninformed speculation.


~ WTV SECURITY INDEX ~
<h1>JAVASCRIPT ERROR!! RELOAD</h1>

From MattMan.... end of hacking? Group: alt.discuss.clubs.public.webtv.technical.ultrax Date: Fri, Oct 27, 2000 From: ulTRAX@webtv.net Mattman wrote: I was given this url from a previewer webtv.users.preview.XXXXXXX-wtv-token-3288813544-E9F1F6118A77686E9-8AD3ED928208155 Notice wtv-token, this is going to be added to every wtv-url, Mail, Setup, whatever.. The token is of course encrypted and it is unique to YOU a personalized service if you will.. By the next upgrade you can say good by to hacking.. No more pop3 hacks no more password tricks no more NOTHING! lol I guess there doing something like they did with the new head-waiter code wtv-tod wtv-url-signature. Once this is in effect if you were to use the Js Reader to grab the document.location of say wtv-mail:/listmail you would end up getting something like this wtv-mail:/listmail-wtv-token-retweuwty45436ytyer7yretwe7fer7erf77fre Some of you might think this isn't good news but it really is.. If i'm right it will be the end of webtv hacking as we know it.. Did webTV finally get there shit together? We'll find out in about a month! See Ya! MattMan69 Yep It could be Group: alt.discuss.clubs.public.webtv.technical.ultrax Date: Fri, Oct 27, 2000 From: Chezck@webtv.net it could be the end of webtv hacking and here are some urls that i found in favorites thats not BS wtv-favorite:/serve-folders-wtv-token-749801690-D605176496A02D074DC0C88BB0BAAC19?favorite-folder-name=webtv%20stuff wtv-setup:/options-wtv-token-1160065498-6FBC2D90C337A406C417D6E92CF54CCC wtv-setup:/billing-summary-wtv-token-688858934-CB47D5A89052147C342EDE4F0C258354 wtv-setup:/phone-call-waiting-wtv-token-758010533-A61FF739E7838D4A2404259C3EDE7088 wtv-setup:/phone-call-waiting-done-wtv-token-1347092814-B3655503DCB2DDCAB2A08C44538CC1AD?call-waiting-mode=HACK&CallWaitingPrefix=&AdjustSensitivity=Adjust+Sensitivity wtv-setup:phone-access-number-wtv-token-417262201-A3B65B27915DC10D6450F7C7778ACCED" wtv-setup:phone-wtv-token-2387527385-823953C1EC8EE12F72DA823C42A2A580" wtv-setup:/setupgames-success-wtv-token-2779493171-52D277FD9DC8E7F22CDC63ACFA43AB9A" wtv-setup:/mail-signature-wtv-token-3611401376-6EC2DA16B5AD9D9757F9CBE4890F2978 wtv-setup:/remove-users-wtv-token-3520031691-90CA0AE22271CE72FCB499911894AD4B wtv-mail:/GetSignature-wtv-token-3652997522-40E3AD880C5852BE180CCA7424E0C7F1?LastURL=http%3A%2F%2Fmembers.tripod.com%2F%7Eorbito214%2Fcgi-bin%2Fdownrama.html%3Fwtv-title%3D wtv-setup:/Accounts-wtv-token-2477588603-B4B814282EDF5DBE82E81BCAEE297E45?Done=Done wtv-setup:/mci-intro-wtv-token-3572951662-57C4AF85D3E2F1E277411C7F288B4374 Re: Yep It could be Group: alt.discuss.clubs.public.webtv.technical.ultrax Date: Fri, Oct 27, 2000 From: ulTRAX@webtv.net Are you saying the token code changes with each request to the network? Re: Yep It could be Group: alt.discuss.clubs.public.webtv.technical.ultrax Date: Sat, Oct 28, 2000 From: Chezck@webtv.net yep it change for each request never is the same All wtv url will change in the 2.6 maybe 2 or 3 months till you get it hacking is leaving say bye to it Re: Yep It could be Group: alt.discuss.clubs.public.webtv.technical.ultrax Date: Sat, Oct 28, 2000 From: Proxemo@webtv.net (Proxemo) wtv-token encrypts each URL. However, the old URL's already found will still work.(most... that is) Wtv-token prevents you from finding new URL's. :) Re: Yep It could be Group: alt.discuss.clubs.public.webtv.technical.ultrax Date: Sat, Oct 28, 2000 From: ulTRAX@webtv.net Matt asked an @corpie... seems the token will change every 15 minutes or so. Re: Yep It could be Group: alt.discuss.clubs.public.webtv.technical.ultrax Date: Sat, Oct 28, 2000 From: Chezck@webtv.net humm I post today early about that. I said that yeah it changes for every request you do Re: Yep It could be Group: alt.discuss.clubs.public.webtv.technical.ultrax Date: Sat, Oct 28, 2000 From: jasmat14@webtv.net (Jasmat) It seems to be that you wouldn't be able to access a url such as wtv-mail:/listmail without having -wtv-token-whateverYourTokenHappensToBeAtTheTime tacked on to the end...that could be a major obstacle. But the end of webtv hacking? LOL, I don't think so. A little too dramatic...but a good theory..I still don't understand it really. I'll be waiting. Re: Yep It could be Group: alt.discuss.clubs.public.webtv.technical.ultrax Date: Sat, Oct 28, 2000 From: PowerHexor@webtv.net sound like some peeps are happy about this the end of wtv hacking what will we do then ? all the secrets we have will be lost and we try so had to keep them from others lol i say if hacking is going to be shut down go out with a bang Re: .... end of hacking? never! Group: alt.discuss.clubs.public.webtv.technical.ultrax Date: Sat, Oct 28, 2000 From: ulTRAX@webtv.net From what I've been able to gather WNI's token system is a long overdue response to their historically poor security. But is it the end of hacking? Hardly. Hacking by definition is getting a system to perform in ways not intended by the system's designers. While I hope the new security scheme performs as advertised... I already see a few holes that could be exploited. Time will tell. Re: .... end of hacking? never? Group: alt.discuss.clubs.public.webtv.technical.ultrax Date: Sat, Oct 28, 2000 From: efficient2@webtv.net Well I was one to say that but I think the near is over! I don't think I KNOW IT IS First your box is asigned tokens AND you only can use those TOKENS IT's JUST a big "TOD" Job they did not just on HEAD-WAITER urls BUT ALL Ya you will have a Url Accessor But you won't have SHIT to put into it All Flashrom Users will have a TOKEN when and if you try the URL without a token You will receive a "BAD REQUEST" POP UP Everything is killed EVERYTHING the best you will do is hack yourself lmao! They can track your ass to the bathroom and walk you back to your keyboard I was one to Hope for the best when I knew it was over! ITS OVER ! every hacking script is worthless after 11/07/2000 This is not a client upgrade this is A SERVER-SIDE upgrade YOU WILL HAVE NO CHOICE! Their is no more sence in keeping secrets NOW because they will be as worthless as the word hacking on webtv Find somebody other to do TRUST me Time won't tell THE token already has This has all been tested by me and another user which I'll leave nameless Unless he want's to speak out ON his finds 11/07/2000 will be the end of webtv hacking! Re: .... end of hacking? never? Group: alt.discuss.clubs.public.webtv.technical.ultrax Date: Sun, Oct 29, 2000 From: efficient2@webtv.net (examine™) Its really heard to understand untill you are able to run on it thats when you really fell the kick to the balls! The end to hacking isn't far fetched ! you will see! Re: .... end of hacking? never? Group: alt.discuss.clubs.public.webtv.technical.ultrax Date: Sun, Oct 29, 2000 From: Chezck@webtv.net wtv-tokens do not change every 15 minutes they change for every request to the url. also you can not access news groups link in mail news:webtv.users the token apears and says that the ng does not exist. i think other user does not have the token Re: Yep It could be Group: alt.discuss.clubs.public.webtv.technical.ultrax Date: Sun, Oct 29, 2000 From: Chezck@webtv.net Proxemo wrote: "wtv-token encrypts each URL. However, the old URL's already found will still work.(most... that is) Wtv-token prevents you from finding new URL's. :)" at this time both tokened and regular urls are working because they are just new so they need a lot of testing Re: .... end of (my ass!) Group: alt.discuss.clubs.public.webtv.technical.ultrax Date: Sun, Oct 29, 2000 From: wasdiscovered@webtv.net (a-secret-file://) I remember the last end, it was somewhere around april or may of 99. People were preparing themselves by saving pages to favorites. Recent and find were slated to be killed and most people includng myself didn't know any other methods. I remember a period of time where I was with out access. It was the end. It was all over. What did I do? I got over it. Do I care about token? NO! Why not? Because this is what it's all about. In fact I look forward to it. ulTRAX post reads: Some of you might think this isn't good news but it really is.. My thoughts are: I agree. It really is good news. A mass exodus from the groups would certainly be a good thing. Then there's the challenge of cracking the token, replicating it and implementing it. A greater challenge might be keeping it a secret and playing dead. It could be like the times when people had no bounce codes. It gave them a false sense of security. They would use things that they normally would not. This sense of security made them careless. I suspect WebTV will also become careless in thinking that it's ok to do such and such because it's under the cloak of a token. Ya this could be a good thing. ulTRAX post also reads: If i'm right it will be the end of webtv hacking as we know it.. Response: As we know it maybe. So out with the old and in with the new. Re: .... end of hacking? never! Group: alt.discuss.clubs.public.webtv.technical.ultrax Date: Sun, Oct 29, 2000 From: ulTRAX@webtv.net Just to clear up any possible confusion... my first post in this thread is from Mattman... I just posted for him. The reason I don't believe hacking can EVER die is because I believe hacking is as much PROCESS as results. Sure it's nice to rest on past laurals and take advantage of what is already known.... but the essense of hacking is the continued process of discovery DESPITE obstacles are thrown in our path. That's why to me it's not a big deal if some tricks/techniques we use are killed.. especially if they are abused. Hacking isn't having some right to fuck others over... it's the intellectual challenge... it's the game. Re: .... end of (my ass!) Group: alt.discuss.clubs.public.webtv.technical.ultrax Date: Sun, Oct 29, 2000 From: ACIDBATH21@webtv.net (Vî®üs-†- Ømégå) well said wasdiscovered....i feel confident some of us will crack token.... : ) Re: .... end of hacking? never! Group: alt.discuss.clubs.public.webtv.technical.ultrax Date: Sun, Oct 29, 2000 From: Naphead@webtv.net Damn, I noticed this on the Weekly server. Even a simple URL like wtv-flashrom:/current says "bad request". URL hacking is pretty much over after this server side. C-ya Re: .... end of hacking? never! Group: alt.discuss.clubs.public.webtv.technical.ultrax Date: Sun, Oct 29, 2000 From: digital-fiction@webtv.net would that go the same for those with the viewer? maybe those could still give some life to webtv hacking Re: .... end of hacking? never! Group: alt.discuss.clubs.public.webtv.technical.ultrax Date: Sun, Oct 29, 2000 From: ulTRAX@webtv.net Naphead wrote: "Even a simple URL like wtv-flashrom:/current says "bad request". URL hacking is pretty much over after this server side." Granted it's not yet been established whether there is some IP service data in the Token... but did you try that WITH a valid token? Re: .... end of hacking? never! Group: alt.discuss.clubs.public.webtv.technical.ultrax Date: Sun, Oct 29, 2000 From: ulTRAX@webtv.net the wtv-flashrom service is not the only way to access a build. Re: .... end of hacking? never! Group: alt.discuss.clubs.public.webtv.technical.ultrax Date: Sun, Oct 29, 2000 From: jasmat14@webtv.net Many different opinions here... those of you who can't use regular urls like wtv-flashrom:/current or wtv-mail:/listmail, why not try tacking on -wtv-token-anysortofcrap? Any results besides "Bad Request"? Re: .... end of hacking? never! Group: alt.discuss.clubs.public.webtv.technical.ultrax Date: Sun, Oct 29, 2000 From: bkm-V2@webtv.net (('bkm')2322) End of Hacking . No Never. Token will be cracked. Its just another ATTEMPT of WNI trying to stop things. They will screw up some way some how. Havent they always? May take some thinking but it will be cracked. Just never give up. Re: .... end of hacking? never! Group: alt.discuss.clubs.public.webtv.technical.ultrax Date: Sun, Oct 29, 2000 From: Hack-0-Roma@webtv.net (Prank-0-Roma) The end is near! Stealing peoples mail, changing passwords, and all the other malicious hacks will no longer be an issue. First the token is "unique" to YOU no one will have the same token. Second even if someone was to get your token for a certain page by the time they sent it to you it would have expired. The bullshit is over you can all sit hear saying that there will be some break through but there won't be. You'll be lucky if you can hack your self when this is over. So whats left for hacking? Accessing wtv url's, sourcing pages LOL.. Maybe we will be able to still do things like access hidden features or download a new build here or there, boring! I've been around a long ass time and been a part of just about every major break through, hack, whatever. The only thing I see left for hacking is to continue to maintain are knowledge of how the box works, keeping up with the new changes. But thats not really hacking so hacking as we know it is going to be over.. LOL but as Reamer brought up to me in IM I predicted the end of hacking like 2 years ago and of course was wrong.. So who knows, only time well tell.. Once EVERYONE has the token then we can start doing some real testing until then ALMOST everything has been just speculation.. Re: .... end of hacking? never! Group: alt.discuss.clubs.public.webtv.technical.ultrax Date: Sun, Oct 29, 2000 From: flashrom-@webtv.net the token will be broken , someone will break it , it;s just a matter of time , No one ever theought DVD encryption would be broke , yet they were wrong , i honestly hope webtv doesn't think that just because they added a wtv-token that they are safe for good !! Re: .... end of hacking? never! Group: alt.discuss.clubs.public.webtv.technical.ultrax Date: Sun, Oct 29, 2000 From: ulTRAX@webtv.net Hack-0-Roma wrote:   "The end is near! Stealing peoples mail, changing passwords, and all the other malicious hacks will no longer be an issue." That was ever hacking anyway... that was merely hacking abuse. "First the token is "unique" to YOU no one will have the same token." We don't yet know what data goes into a Token... "Second even if someone was to get your token for a certain page by the time they sent it to you it would have expired." Maybe not... the expiration issue is still up in the air. See other thread. "The bullshit is over you can all sit hear saying that there will be some break through but there won't be. You'll be lucky if you can hack your self when this is over." Hacking is the process of understanding a system... then getting it to perform in some unintended way. There may be some new limits beyond which we can not go beyond... but we don't know what they are.. and we'd be making a mistake assuming they're worse than they may be. "So whats left for hacking? Accessing wtv url's, sourcing pages LOL.. Maybe we will be able to still do things like access hidden features or download a new build here or there, boring! I've been around a long ass time and been a part of just about every major break through, hack, whatever. The only thing I see left for hacking is to continue to maintain are knowledge of how the box works, keeping up with the new changes. But thats not really hacking so hacking as we know it is going to be over.. " Again.. not if you believe that hacking is process... not results. "LOL but as Reamer brought up to me in IM I predicted the end of hacking like 2 years ago and of course was wrong.. So who knows, only time well tell.. Once EVERYONE has the token then we can start doing some real testing until then ALMOST everything has been just speculation.. " Including that the end of hacking is near. Re: .... end of hacking? never! Group: alt.discuss.clubs.public.webtv.technical.ultrax Date: Sun, Oct 29, 2000 From: ulTRAX@webtv.net flashrom- wrote: "the token will be broken , someone will break it , it;s just a matter of time , No one ever theought DVD encryption would be broke , yet they were wrong ," Tokens will be tough.... maybe impossible. We don't know what goes into them and it's not like they're some neat linear HEX code like the timestamps. If they are encrypted.... WNI can send identical values in constantly differing forms... Maybe each Token has a built-in key... but 32 digit HEX is the same, I believe, as 128 bit binary... SSL grade. Maybe the best we'll be able to do is experiment with them within our own accounts. But who's to say. Re: .... end of hacking? never! Group: alt.discuss.clubs.public.webtv.technical.ultrax Date: Sun, Oct 29, 2000 From: flashrom-@webtv.net maybe the first wtv-token-number is the start time and the second is a end time Re: .... end of hacking? never! Group: alt.discuss.clubs.public.webtv.technical.ultrax Date: Sun, Oct 29, 2000 From: ulTRAX@webtv.net flashrom- wrote: "maybe the first wtv-token-number is the start time and the second is a end time" If all a token contained was a start time... and could be restated numerous ways... chances are there would be some interchangeability between users. I don't think even an encrypted timestamp would be enough since how they're accessed can not be predicted. I think the Token has to have some User ID data..... and the Token system will be a bit slack on the timestamp (session ID). As for an end time... what would be its purpose? A box can be left on with stored pages in cached for days... weeks. wtv-token! Group: alt.discuss.clubs.public.webtv.technical.ultrax Date: Sun, Oct 29, 2000 From: wtv-token@webtv.net It will bring a end to finding urls! it will be an end to downgradeing ! it will be an end to hacking other users! it will be an end to trying to find new urls threw the autohack! it will be the end to sourceing wtv pages it will be the end to webtv hacking! Re: wtv-token! Group: alt.discuss.clubs.public.webtv.technical.ultrax Date: Sun, Oct 29, 2000 From: JO5H@webtv.net (J05H) Blah....... WebTV by blocking hacking this way has become a decent secure ISP in my mind.... How long this will survive as a blocking method is still up in the air until 10/7/00. Have fun while you can.... :-) God knows I will Re: wtv-token! Group: alt.discuss.clubs.public.webtv.technical.ultrax Date: Mon, Oct 30, 2000 From: Delete-Cookie@webtv.net (Maynard) Tokens are usable by different users on the same box. As for expiring, Ive been using the same one now for about 2 or 3 hours and it always works even after powering off. From what Ive seen so far not all wtv-urls are targeted with the token.   They seem to go as follows: first group of numbers has 9 or sometimes 10 then second grouping, 32 letters and numbers 0-9, and A-F. Ive yet to see a token on my box with a letter higher than F. It would seem that being abe to change users and stil use the token could mean that they have something to do with SSID maybe? So not given to User-id's but to boxes. Shut up token Group: alt.discuss.clubs.public.webtv.technical.ultrax Date: Mon, Oct 30, 2000 From: ShadowMafia@webtv.net Damn dude every single NG and you have to go on this "y2k end of the hacking era" rant.End it man.Its not going to be the end,and it wont stop downgrading.Think about it-webtv has the downgrade available on thier help page.You think they will mess it up?NO! Re: Shut up token Group: alt.discuss.clubs.public.webtv.technical.ultrax Date: Mon, Oct 30, 2000 From: wtv-token@webtv.net Damn dude every single NG and you have to go on this "y2k end of the hacking era" rant. No fag boy I only posted to 2 ngs this one and hacking! End it man.Its not going to be the end,and it wont stop downgrading. Yes the end to hacking is over and you won't be able to downgrade unless webtv wants you too lmao Think about it-webtv has the downgrade available on thier help page.You think they will mess it up?NO! I will you a lamer because you have showed no true signs of even knowing a little about the webtv system! Re: Shut up token Group: alt.discuss.clubs.public.webtv.technical.ultrax Date: Mon, Oct 30, 2000 From: ShadowMafia@webtv.net Now i dont know what kind of past you had but do we really need to brin gyour dad into this? NO there is a way to get past the token as i said in hacking.And no im not going to give it to your lamer ass! WTF is "i will you a lamer"?Learn english.Umm my ass i havent.What do you want to see?I personally havent seen shit from you either so why dont you proove you can do something other than think up a gay ass name and shoot off at the mouth