Forging Time/Date Stamps David Girardot <[G--ar--t] at [dickinson.edu]> >>>[Okay ya lamerz. Who sez us old timers can't be K-rad kewl with the rest of yas. So here's an excerpt from the latest phrack, *not* available at yer favorite corp elec-bulletin, about how ya don't have ta follow da lame corp policy of dem stoopid time/date stamps. For some of yas dis'll be like Xmastime, you'll get dat warm feeling like we did back in '83 (that's, 19- 83) when we discovered sendmail. ]<<< -- Samurai Electricity *** DCC Channel Open *** Transmitting *** ...1...2...3...4...5...6...7...8...9...0 *** Transmission complete. Transaction Logged (12:03:33/2-31-53) *** Invalid Date Error -- Override -- *** Scan mode activated... >>>[...with our policy of providing you, the decker, with the very latest in personal privacy technology I have written this article to reveal once and for all how to escape the PhoneNet's tiresome time/date stamps. First, some background. The time/date stamps go back to security issues before even the great Matrix virus that crippled the first network. Back then there was no real way to validate the identity and/or veracity of the electronic modes of communication. The first incarnation of the time/date stamps occurred with the use of the private/public key cryptographic methods. Eventually, though, it was clear that there needed to be some standard way of identifying users with a clear electronic signature that would be difficult to forge. Thus, when the first worldwide network was designed, the crude time/date stamps were hard-wired into its infrastructure. Nowadays, when any bit of data enters the matrix it is time/date stamped by the Phone/Net infrastructure, and checked and re-checked with special self- correcting algorithms by each node the data passed through. Indeed, this process produces the Link from the decker's persona to his physical entry- point into the matrix (the selfsame Link that the trace family of IC is so fond of). Now then, the conventional wisdom is that because these time/date stamps are so deeply entrenched into the basic operations of the matrix that it is simply impossible to defeat. This is what the corporations would like you to think. The fact is that hacking the stamps is simply difficult. The weakness of the system is the redundancy checking that goes on after you enter a new node -- that is, a "trace" must occur back to the original entry point and a new "stamp" applied on top of the old one. However, as any decker knows, his "Link" to his entry point is not a literal link but a virtual one ... in other words, it is a not a rigid sequence from origin to present point, but the data packets flowing through it take the fastest path dictated between the two points. In other words, if a decker has gone through Nodes A, B, C, and D to reach node E his datapath will include these nodes plus any other nodes the data travels through at any given nanosecond. So, while our decker was at point C his Link path might have read: A, B, C it could read A,B,C,N,P,Q,D when he travels to point D. The nodes N, P, and Q though not physically visited by the decker are visited by the datastream link from the decker to his origin point. Confusing? Well it gets even more complicated. You see, the Link path differentiate between "real" link nodes (the ones the decker's persona has actually traveled through) and "gateway" nodes (the ones the link datastream takes for efficiency's sake.) So in the original example the Link path would really be something like A,B,C (N,P,Q), D. Okay, getting around the time/date stamps used to be pretty easy. All you did was modify your relocate program to "piggy back" on the Link-path and merrily send it through millions of "gateway" nodes. One of two things would happen: the link-path would get so long that it would actually be "broken" -- in other words your post would never get the time/date stamp added because the link path was so long. The other thing that would happen, if you wrote a really good relocate, was that the link-path would come out as total garbage, or better yet, someone else's link path. Unfortunately the corps instituted RFC 931, a security measure, that added a subroutine to the algorithm to limit the link-path length by number of gateway nodes. So you couldn't trash the path anymore by filling it with tons of garbage. That was until a friend of mine realized that the subroutine would always count gateway nodes of the same name as the same nodes. He developed a technique that would ping-pong the link-path between two or three nodes, back and forth, ad infinitum. This would really phuck the link path and made hacking the time-date stamps a real breeze. He also discovered that while the link-path was ping-ponging you could get it up to a good ten or twelve million teratocycles and that while this was going on, you could input any time/date stamp you pleased. So that's how easy it is. But what's the catch? The catch is that you *need* a link path. Your link is what allows you to control your persona from your, deck chummer. If you really did ping-pong your path even a couple hundred thousand teratocycles you'd have a response slower than the slowest turtle, nearly an eighth of a second delay for each keypress. Nope, while you've phucked your linkpath to hack the time/date stamping you need to hack yourself a real linkpath so you can go merrily about your business. The procedure is, again, a modified relocate program. There are two catches, however. One is that this program is about as degradable as it gets. Each combat round, yes round, it loses one point of rating ... unless the program is being hacked on the fly. Also, maintaining the link through multiple grids is difficult, so each grid change (for example LTG to RTG) requires one die per threshold of the grid (1 for blue, 2 for green, and so on). The rating of the link program must exceed the security rating of the current node, and *each* node passed through. For instance, if you need to maintain a link through a red-5 node you need to have a Link-6 running. The other bad news is that maintaining the link is rather hard on the deck and lowers the response rating by one. (Yes, that means you must have at least Response-1 to run the program.) Example: BlackBeard has 23 dice in his hacking pool and a Fuchi- CYber-4 with Response +2. He is maintaining a link from his apartment in Seattle to a Shadowlands based in a corp computer in a different RTG. The inter-grid nodes are all green so there's six dice gone from the pool to maintain them. BlackBeard has passed through three nodes in the corp computer to the shadowlands in one of the datastores (the Orange-5 SAN, the Green- 3 SPU, and the Red-3 CPU). He has to allocate another 12 dice from his pool for a Link-6 capable of getting through the rating- 5 of the SAN. 15 dice in all are allocated to the pool... bringing him down to a measly 8 dice ... and don't forget his Response is only +1 while his deck runs the link. Disengaging a link while in the matrix is tricky, because you have to re-connect to the "real" link-path you've been ping- ponging all over creation. Make a computer skill test against a target of the number of twice the minutes the link has been ping- ponging. You must get a number of successes equal to the threshold of the highest security rating of the nodes you've been through. (So in BlackBeard's case, if he'd been ping-ponging his link for 5 minutes while in the shadowlands he'd need to get at least 2 successes against a target number of 10). The base time for re-establishing a link is 1 minute, divided by the number of successes. Until the link is re-established, the decker has a reaction of 0 (and is allowed no modifiers) and always acts last in the round with his actions taking place at the end of the next round. This slowdown affects all actions, including jacking out. Well, I told you the procedure wasn't easy. But at least you know it's possible. Down with IC! Free data for all! Sayonara.]<<< -- NightWind (Field To Large) >>>[Yes, kiddies, if you gain control of a lamer's deck you *can* disconnect him from his link. A real nasty trick to play on your enemies!]<<< -- BlackBeard (Null) >>>[Disconnecting another decker from his deck isn't easy. The first step involves hacking a "trace" construct and the second winning a resisted computer test against the enemy decker to force them to "ping-pong" their own link.]<<< --David