BACKGROUND:
Most of you already know that WTV maintains two PW protected sites that are easily accessible from our lowly station in life here in Production Services. They can be reached using the GoTo box, deleting http:// and typing WTV-TRICKS:/TRICKS or WTV-TRICKS:/INFO. As it turned out, INFO was but a page on the main TRICKS Menu.
Cracking the TRICKS Site had always been somewhat of a Hacker's Holy Grail. In early '98 There were as many false claims about cracking TRICKS as there were about hacking accounts. It was probably the hacker's biggest status symbol... made more frustrating by the fact that no one could ever prove they had been inside. The best anyone seemd to be able to do was get to what some of us called TRAPS. It contained a humorous message that our attempt to subvert WTV security had been documented and to sit still. Someone would be over to pick us up soon.
One of my first efforts at organizing a group effort on TRICKS was trying to develop contingincy plans so that IF someone DID get in... there could be a systematic effort to milk it for what it was worth. The first person in could get the contents of the main index, if there was one. Maybe they could make printouts. But, it would be vital to get the word out to others and divide the work up with others before the PW was changed. Underlying this approach was a fear that all we got was one warning fom WTV. It was almost as if one received a sub-lethal dose of radiation when one went in. Anyone who got into TRICKS had to grab all the info they could then, give it to others, then let them go in for their sub-lethal dose. Another plan I pushed was trying to determine if TRICKS was merely another page on the Web. If so maybe a PC with a cracking program might be tried. But no one knew how to make any sense of the only URL we had: WTV-TRICK:/TRICKS. It was as if WTV was a virtual (if not an actual) network within the greater Web. Linked validators could get a referrer but never any page code. If PC could not access TRICKS, maybe the WebTV box could be adapted. The Classic boxes had a PC keyboard input jack. What if all the wireless keyboard codes could be duplicated by a PC with an IR Blaster? These were some of the first ideas discussed at the formation of the Hacking NG in late March 98.
The first big break came on Sunday Aug 16. The history of this is somewhat murky. Someone (either Bad_Brad or Lord_IZM) at WebTV Crew had posted the TRICKS PW: "seqret1". This was one secret that would not stay secret very long. Soon TRICKS was inundated by invaders.
INSIDE WTV-TRICKS: WTV-TRICKS is a collection of various WebTV utilities meant to be used by employees and licensees. Below is what one saw on the main index page. Included are the URLs and a brief description of the page's purpose:
WEBTV TRICKS
INFO (wtv-tricks:/info) An expanded version of our 411 Tech Info.
VISIT BIG WILLIES (wtv-flashrom:/willie) Contained a large library of Client Builds.
BLAST BACKLIST (wtv-tricks:/BlastBackList) Cleared cache.
BLAST NVRAM Not only cleared cache, but returned the box to a "scriptless" state requiring it to dial in for a new Tellyscript.
GO ON A POP TOUR (wtv-customscript:/poptour) POPs are "point of presense" local dialups.
STAYIN' ALIVE (wtv-tricks:/StayConnected) This allowed a box to remain connected for 24 hours despite the 10 minute inactivity shutoff. In the background a midi of the old disco hit.
(client:ShowServices) The IP List for all our WTV Services.
JIFFYPOP-O-RAMA (wtv-custonscript:/jiffypop-o-rama) Type in any phone number and JiffyPop would give all the local POPs as well as a cost breakdown for using each.
RUN A WWW TOUR ( )
VISIT VEND-A-TELLY! (wtv-customscript:/vendatelly) Source for pre-written Tellyscripts. It also allowed you to design your own.
VISIT LITTLE WILLIE'S! (wtv-flashrom:/willie?lable=littlewillie) Possibly an old version of Big Willie.
UNREGISTER THIS BOX Need I say more? I don't believe anyone got the code for this page. Just as well.
OUT, DAMN SPOT! (wtv-tricks:/spots) Ad spots,
DOWNLOAD-O-RAMA (wtv-disk:/content/Downloads.tmpl) Seemed to be two versions... on e for Plus Users, another for Classics. The Plus DoRAMA contained VideoFlash and Music downloads and a utility for downloading other file://disk files.
Also on the main TRICKS Index page was an additional PW box for those who did not get all they wanted from TRICKS itself. What is behind that barrier remains a mystery.
In retrospect the TRICKS' security model was patheticly inadequate. All WTV did was put a PW on the main Tricks Index.... but not on the individual pages within Tricks. But we did not know this until we began to explore.
There was never any doubt that we would be discovered. The PW page had prominent warnings to that effect that all access to TRICKS was monitored. Knowing that the PW might be changed at any minute... and realizing that the TRICKS pages themselves were NOT PW protected, but could be saved in FAVs or direct accessed.... the group I worked with concentrated first on getting the page URLs. Even if WTV changed the PW that day, we still would have access to all the TRICKS pages. The next step was to get all the HREF action codes so even if, say the WILLIES page was pulled, we might still be able to access the library of WTV Client Builds either for an upgrade or, say if someone wanted to get back the use of Javascript in the GoTo, a delibrate downgrade.
I don't doubt that all the while WTV was in panic over the Breakin, those who broke in were like Babes in Toyland. Maybe it was our equivalent of playing on the road. Many were soon to get run over. Some fried their box on the Manufactures Printer Test Build. Others found themselves trapped in a place called TestDrive. I tried a link at POPTOUR only to find my box making long distance phone call after phone call.
To Be Continued: