My first program that made me money. The destroy program

rjwhite

RJ White

Posted on April 17, 2023

My first program that made me money. The destroy program

Let me tell you a story.
A story of the first program I wrote that made me money.
The destroy program - a program designed to destroy your enemies.

It's a story of intrigue, subterfuge and guile - back in an exciting era when powerful computer afficionados were called wizards and had magical powers in their realm.

The age of wizards

Almost a half century ago, in the mid-seventies, I was a hack while a student at the University of Waterloo. Not to be confused with the modern day definition of a hack, which I prefer to call cracker, but instead a more noble designation of a computer enthusiast who spent countless hours learning as much as (s)he could about this exciting hobby of computers. And while many hacks did do occasional mischievous pranks while trying to circumvent security measures, it was always non-destructive with the sole purpose of learning.

This was before PC's and the Internet. We had BigAss mainframes. Public rooms for CRT terminals running at 300 baud, or IBM 2741's running at 134.5 bps with type-balls that used rolls of paper for output. Operators collected your program output from large secured printers and filed it for you to collect. I was fortunate in those days that I got to use high-level languages at the university, because after graduation, I spent years in the real-world coding in assembler (Sperry-Univac and later VAX), using paper-tape to load operating system drivers I wrote, and other fun stuff.

The rumor and the bribe

When I was young and still a newbie at UW and hoped to learn the secrets of those that came before me, I reasoned that if people believed I had a greater store of knowledge than I truly did, that those real hacks would be more loose-lipped about their techniques. And so I created an empty directory in my account, called /u/rjwhite/stuff/junk and removed all access permissions and password protected it so no-one could see inside and know that it was empty. And then I started a rumour that all my best security hacking software was kept there.

At the time, there was a smart high-school student who hung out in the university public terminal rooms. He was volunteering help to those students who had difficulties understanding computers. They were often arts students who were encouraged to take an introductory course to computers. But what he was really doing was stealing their userid and password information to use their accounts in mischievous ways. I'll call him Bob.

So one day, a friend of mine who was a legitimate super-user (a university staff member who had full access to everything), who could see that my rumoured stash of hacking software was actually an empty directory, came to me and told me that Bob had offered him $20 to steal anything for him, from /u/rjwhite/stuff/junk, and that he'd give me half of it if I put something there to steal. So I told him, OK, tonight I'll write the destroy program.

The carnage

So it came to be that Bob was sold the compiled binary image (not the B source code) for the destroy program. That evening, I got a call from another friend of mine (probably half the UW hacker community by this time knew about this prank being pulled on Bob) and told me that the Honeywell operators had received a restore request (from the backup tapes) for Bobs files. It seems he somehow blew himself up!

Now Bob is a smart guy - he can use debuggers to step through the binary image, see embedded strings, etc. And there were plenty of false clues to keep him busy. He figured out that there was a goods guys list that he had to be on. So he patched his own userid over one of my friends userids that was the same length. And he ran it again. And another restore request went to the operators. Each time he tried to destroy somebody, he blew himself up. What the program did was hidden by real-time bit-shifting of commands being built before execution:

str[0] = 0634660674610;
str[1] = 0200710624660;
str[2] = 0312100136124;
str[3] = 000000000000;

str[0] >>= 2 ;
str[1] >>= 2 ;
str[2] >>= 1 ;
Enter fullscreen mode Exit fullscreen mode

I don't know how many times he blew himself up, but I heard that he then started passwording his files so the program could not just delete his own files unhindered.

That bit-shifting of the variable str results in a "glob rele /*" in case you were wondering.

You are not God!

He probably noticed in the binary code the string "God", implying that the userid God can use the program. If he did manage to somehow convince the program that he was God, then he'd run into the last bit of code:

if ( ! (equal( user, "God") ) ) {
    printf(-1,"%s*n",str);
    printf(-4,"unpriviledged user!*n");
}
else {            /*  nail him anyway    */
    printf(-1,"%s*n",str);
    printf(-4,"sneaky!  but still unpriviledged...*n");
}

Enter fullscreen mode Exit fullscreen mode

Writing to file descriptor -1 is to run a system command, which was in the disguised bit-shifted string called str.
Writing to descriptor -4 sends output to the terminal.

There was no way to win. Anyone that ran the program trying to destroy someone would end up removing their own files.
Poetic justice.

Conclusion

And that was the first program I wrote that made me money!

This distracted Bob for a short time from his normal activities of account stealing, while my friend and I both ended up $10 richer and gave some friends of mine some amusement. Although I suppose that maybe the operators were not amused at the repeated restore requests by Bob. Surprisingly, it was not the last time Bob was distracted and fooled by software he obtained from /u/rjwhite/stuff/junk.

That was 45 years ago. I'd like to believe that Bob eventually followed a less destructive path in life and I wish him all the best wherever he is now. But it was disturbing that to run the program meant he was actually trying to destroy some person without even knowing what that truly meant.

The End.

Addendum: the B programming language rules!

Those of you familiar with the C programming language will see a strong resemblance to the above B code. B however, is an untyped language. It was up to you to deal with whatever you stuck into a 9-bit byte or 36 bit word on the Honeywell. When I later first started coding in C on Unix, I thought that types were a hindrance and C-coders were weenies! Real programmers didn't need types!

For your amusement, this line of code is from a Unix-type shell I wrote for the Honeywell GECOS system, in B. It subtracts two characters from one another to get a relative offset integer, to then multiply by an integer length of storage space, to add to a pointer to the beginning of that storage. All without requiring type-casts of pointer, char, and int:

point = table + (( ch - 'a' ) * ( MAX3 + 1 ));

This was to come up with a memory pointer for setting a 1-character shell variable of maximum length MAX3. This would break on a EBCDIC system (IBM) since it requires a continuous a-z alphabet character code set, like ASCII - but the program was designed for the 36 bit word Honeywell GECOS system, for creating pipes, background jobs, redirection of I/O, etc.

💖 💪 🙅 🚩
rjwhite
RJ White

Posted on April 17, 2023

Join Our Newsletter. No Spam, Only the good stuff.

Sign up to receive the latest update from our blog.

Related