|
phrack.org:~# cat .bash_history ==Phrack Inc.== Volume 0x0b, Issue 0x3f, Phile #0x04 of 0x14 |=---------------=[ P R O P H I L E O N T I A G O ]=-----------------=| |=-----------------------------------------------------------------------=| |=------------------------=[ Phrack Staff ]=-----------------------------=| |=---=[ Specification Handle: tiago AKA: module Handle origin: Lemme call my mom and ask, just a second... ok; "it was between pedro henrique and tiago, but after looking for reasons that would define we decided to throw a coin: head". catch him: By producing whatsoever sign/event pair that would take my attention and get you the expected feedback. Age of your body: 24 Produced in: Southeastern Coconutland Height & Weight: 178cm, 70kg Urlz: . Computers: SGI Indy (R4600PC at 100MHz, 128MB RAM, 2GB hdd), Sun Ultra-10 (UltraSparc IIi at 440MHz, 1GB RAM, 9GB hdd), Toshiba Portege 4005 laptop (Intel P3 at 800MHz, 512MB RAM, 20GB hdd). Member of: Teletubbies Projects: Many fields in computer theory. Software Engineering subjects such as: Abstract Interpretation, Program Transformation, Reverse Engineering, etc. Applied cryptography at work. Enjoy hardware design, operating system design/implementation hacks, software design/implementation security related exploitation. Anything that actually takes my attention for whatever reason. |=---=[ Favorite things Women: je veux un petite pipe, s'il vous plait Cars: I don't know how to drive Foods: taco-taco brrrito-brritooo Alcohol: combined with Benflogin Music: Symantec iz in tha houuuuuuuuuse!!!!! c'mon c'mooooooon sing sing! see tha solution! Symanteeeec, revoooolutiooooon... we give yooooooouuu... sweet soluttiooooonnss \o\ /o\ \o\ /o/ We! got your personal firewalllz! ... dunt dunt.. -> http://www.phrack.org/symantec_fancyness.mp3, por favor. Movies: GOBBLES.avi Books & Authors: HUHU, books are fancy q:D -- stuff that have been remarkable on my near past. still reading some: . Whom the Gods Love: The Story of Evariste Galois, infeld, (spanish, by Siglo Veintiuno Editores); . Computer Architecture: A Quantitative Approach, hennessy & patterson (english, by MK); . Comprehensive Textbook of Psychiatry, kaplan & sadock (english, LWW); . The Art of Computer Programming, vol. 1-3, knuth (3rd Ed., Addison Wesley) -- <3 dutchy; . Systems and Theories in Psychology, marx & hillix (portuguese, by Alvaro Cabral); . Cognitive Psychology and its Implications, anderson (portuguese, by LTC); . Axiomatic Set Theory, bernays (english, by Dover, 2nd Ed., 1968-1991); . La Fine della Modernità, vattimo (portuguese, by Martins Fontes); . Grundlegung zur Metaphysik der Sitten, kant (english, by H.J. Paton); . Einführung in die Metaphysik, heidegger (english, by Gregory Fried and Richard Polt); . Principia Mathematica, russel (english, by Cambrige Mathematical Library, 2nd Ed., 1927-1997); . Uber formal unentscheidbare Satze der Principia Mathematica und verwandter Systeme, I, gödel (english, by B. Meltzer); . Tractatus Logico-Philosoficus, wittgenstein (english, by Routledge & Kegan Paul); . A Philosophical Companion to First-Order Logic, hughes (english, by R.I.G.); . Freedom and Organization 1814-1914, russel (english, by Routledge); . Ethica, spinoza (english, by Hafner); . Gödel's Proof, nagel & newman (english, by NYU); . Zur Genealogie der Moral, nietzsche (english, by Douglas Smith); . Theory of Matrices, perils (englisn, by Dover, 1958-1991); . Modern Algebra, warner (english, by Dover, 1965-1990); . Security Assessment: Case Studies for Implementing the NSA -- National Symposium of Albatri; Urls: www.petiteteenager.com I like: HUHU'ing I dislike: not HUHU'ing |=---=[ Life in 3 sentences DG = DH - TDS |=---=[ Passions | What makes you tick Too complex to be described with a set of words: totally undecidable; cannot be solved by any algorithm whatsover -- equivalently, english, portuguese, .... Cannot be recognized by a Turing Machine, of which should halt for any input... ... but for coconuts! |=---=[ Which research have you done or which one gave you the most fun? Anything that made me stop and, extra-ordinarily, question the extra-ordinary. |=---=[ Memorable Experiences Going against my family and staying at the computer through nights. Having this to allow me to have fun and feel pain. Looking for the utopic job. Going to south Brazil, Mexico, and northeast Brazil to find it. Meeting the people I have met through this quest, seeing the history I have seen passing in front of my eyes in every place I stepped. Being drunk, being sober, falling down and off. Getting fucking up and HUHU'ing again. And again. Feeling, being cold, believing and being agnostic. Fighting. Getting girls for the pleasure and falling apart for theirs. Prank-calling, chopp-touring, writing, counting. Stopping. Looking for sharks, surfing, breaking my phusei-self. Going and bringging others into this. Being. |=---=[ Quotes . HUHU . \o/ . /o\ . wish I was dead so I could be happy and safe! . \o\ . q:D . :S . you better call someone smart! . \o\ . :/ . I'd rather have 300 beers a month than a formal education . /o/ . <3 |=---=[ Open Interview - General boring questions Q: What was your first contact with computers? A: Since really young I used to go to my grandparents' on the weekends. When I was 8 I started having some fun by sniffing around my uncle's electronic lab located at the back side of his room (the guy was an electronic eng. grad. student at the time). Fetching experiences from the subject I can tell I used to go crazy about the place -- serio. From encyclopedias, through pieces of plastic, ending in broken VCR's and widely exposed TV's. In certain saturday of my 11's there was little tiago playing around that room: I can clearly remember climbing (theo style) the closet, looking for fun objects, when I faced this box; I took it, I opened it, I faced a computer. Assembled by some brazilian manufactor, there was the CP200 with a board based on a Z80A CORE. There was tiago huhu'ing around because of that piece of fancyness. It lasted for exact 3 months, till the day the tape that was responsable for connecting the keyboard to the main board got screwd; ripped -- R.I.P. 3 months were enough for playing around with basic BASIC and abstracting that new fancy stuff. The time went through and I haven't had the possibility of having a computer again. In january 1996 I went to Sao Paulo, kids vacations you know. I stood with an uncle whom had this company of which had some DOS based machines, maintained by this Clipper programmer. I remember perfectly being "taught" how to turn on the computer an press the keys. Very few time after this moment I was being introduced to this very fancy toy known as PCTools -- anyone? Yes, there was 15 year old tiago, who could barely turn on that thing, giving his first steps on reverse engineering. 15 days, that was the exact time of my exposition to the environment. Again, no more computers. August 1999, dad arrives home with a Packard Bell station. It was a Pentium MMX at 166MHz, with the amount of 16MB of RAM, and a 3.1GB IBM hard disk. Not just that, it had multimedia fancyness and the great thing known as modem. It carried, and was being carried by, a Windows 98 operating system. Wow! tiago had his first modern computer. Yes. But wait, where is my black screen full of unintelligible numbers written on green letters?! Fuck this! Frustration... time.. Internet! time.. ICQ! time ... IRC, #hacking. "yo, click start menu, execute. Now type: telnet huhu.fancyworld.net 1470" -- orgasm --. It happened till the day I questioned what those sequence of magical pressed-keys actually meant. And then it began... HUUUU! coding! HUHUHUHHUHHUHUHUHUHUHUHUHUHUHUHUHUHUHU HUHUHUHUHUHU :D:D:D q:D \o/ \o\ /o/ /o/ /o\ \o/ But yeah, that crazy image of a bunch of green code in a dark screen never went out of my mind, I needed to go lower-level... and so I went, and keep on going, to never reach, to never end. Wait, I would like to make a comment out of the belou, kthx: there is no point to writting zero-day if you are not going to use it! I'm welcome. Q: What was your first contact with computer security and how important for you is computer security relative to your interest in computers in general? A: In the end of the above story. After that I've met some other coconuts who have been responsable for my first real adventures in security. That was the real kick: reading phrack and going HUHU, reading code, not having a damn clue of what it was doing, and being days awake till I could get the mininum insight. Getting bored of the "usual" things, giving the finger to the "common games" and comming to play in whatever I pleased. How important? It transformed me into a new form of coconut. Q: Being relatively seperate from the "scene" in general, what was your opinion on the concept of "the scene" and was your distance from this concept (that may possibly exist) deliberate or not? A: As I see, it is just another society around there. As the "getting into it" was happening, I tended to get more and more detached from this so called "scene". My being was thrown aside by the scene. All I wanted was to sit down and hack. I couldn't digest it and it couldn't digest my self. I sat back, I played, I watched you guys. Q: Actually isn't the whole current concept of "scene" a big load of social correlation and acceptability bullshit? A: It is "normal"; expected. Nothing that I don't see when I go to the bakery or to a club with friends. People "look", people perceive, people infer -- people judge based on their a priori context. What in the hell am I doing? Q: What do you think of Phrack magazine? Do you think it should be "resurrected" or continued to be maintained? If so, do you think it should change themes in any way (since many suggest that phrack is no longer a magazine for hackers but some bullshit academic fame making fluff for the computer security industry)? Would you rather see a Phrack that exclusively published movie reviews and cooking tips? A: It was responsable for many HU's bumping inside my head. I jumped, I got pissed, injuried and healthy. It gave me inputs, it drove me to many outputs, where all the results in between these events were responsable for keeping this coconut going on. Going on is the point, why to stop it? I was getting bored of the articles, yes. But I believe this is more for my personal changes than actually the magazine's. However, I see some big tendency of articles (as a reflection of the scene) converging always to the same place and getting stuck there, in a boring iteration that never ends. I've played with Linux's execution environment and the technical specs linked to it, but then I went to something else -- this being the same game, now with PalmOS or simply going play with Optimization, Obfuscation, or to hack the IrDA's driver of my laptop. How can people write articles on what you call "shellcodes" for every single computer architecture, operating system, supported ABI's, supported ISA's, or whatever? Isn't that just a matter of getting manuals? Why to dissert about the ELF format file and the dynamic linking system of some specific plataform without any "improvement" (take this as a big boom, I don't think it's worth to define the term here) in a "hacking technique"? I think that is what sucks in phrack nowadays. About the academic style, I have problems with formalism myself. Something what I really appreciate in phrack, for instance, is this mid-level formalism when compared to the academy. I believe it is very interesting the fact that you can submit a compilation of techniques with some basic scraps about it, in a non-defined format or dissertative way. If people behind it think the content is good, it will make it. Though, I also think that the minimum formalism is necessary, otherwise it gives excessive room for nonsense to be exposed, and I don't think it is cool for people to read "Assembly HOW-TO's" that "teach" you the usage of some "instructions", for some specific plataform, in some very restricted context and make the reader to believe they understand about that universe. About fame: unfair but expected -- feel like vomiting whenever I think of myths, however if I re-gurgitate myths will deliberately be pulled out, as gastric ulcer, of my very self. I would love to see a review of the /home/PORNO/ collection, indeed. And I really expect to be having some dope french food till the end of the year, yes. Q: What do you have to say about that whitehat/blackhat opposition that gained more attention in the last years and what do you reply to those people calling you a whitehat because one of your project was about porting PaX? A: How would I get called if I was running in circles and blubbering whilst wearing an orange suit? Teletubbie? Q: How would you qualify the hacking underground in 2005? Many people think there is no more underground because of all the commercial bullshit around security. Any comments? A: I believe thinking about this is an act of oblivion. You might be able to determine several characteristics and classify the pros and cons of the process. Though, as the process' development gets strongger its transformation power increases as well, thus the number of "ideal-branches" within this social group tend to increase and react between themselves. How are Montmartre and Montparnasse nowadays? Q: Who are your heroes of computer security, and why? A: I have many, serio -- and I'm a lucky bastard for being able to meet/know many of them. But what difference would it really make if I told you? The heroes are mine, the fucking myths are mine. Can I make a question myself? kthx. Q: Coxinha+guarana or Exchange 0-day? A: Q: How do you define the term "hacker"? A: I believe symbolic references determine a "fact". A linguistic representation of someone's type of reality, at certain time. As the Being of that being changes, so does its perception about that fact. When beings as such, or even as Nothing, interact, entropy increases and the fact tends to get more deformed. The technicism helps the process, as information media get more powerful and globally spread. Consumate Nihilism. I believe. Q: Come on, 'fess up. You're brazillian after all, so name all the sites you've defaced. A: HAPPY BIRTHDAAAAAAAY!!!!!!!!!!!!!!!1 Q: If you were having sex with route, would you be the top or bottom? A: I would try both. I would try others. Though I would really just be interested in the muscles, tattoos and guns :D Q.1: We hear you're the guy who schooled pageexec@freemail.hu on PaX. Is this true? Explain. Q.2: What was your motivation in porting PaX to MIPS, what were the biggest problems you encountered and how did you resolve them? A: Schooled? I don't think so :>. There is this story about the impossibility of PAGEEXEC on MIPS based computers, initiated by the great Theoretical de Raadt {[1],[2]}. Motivation: I simply thought it would be fun to try to prove it wrong and started playing around. In the end, I just found out I was the wrong one. For now at least :> [Warning] I'd like to advise that I'm DRUNK, at Bulas's, having a great party in the name of Tango's bday: happy bday, Tango!!! No aids, bro ;> just beerz and cheerz! [First approach] Trying to play with caching system. Failed. [From Linux-MIPS mailing list] "PAX can't be fully supported on MIPS anyway; the architecture doesn't have a no-exec flag in it's pages. PAX docs are bullshit btw. execution proection doesn't require a split TLB and anyway, the MIPS uTLBs are split." -- Ralf [Response] (despite the fact that Ralf, one of my fancy germans, missed the entire point of the PaX project) I see that MIPS has split TLB's, which can not be distinguished by software level, in another hand. Thus when a page-fault occours I don't see how a piece of (non-microcoded) exception handler can get aware whether the I-Fetch is being done in original ``code area'' or as an attempt to execute injected payload in a memory area supposed to carry only readable/writeable data. Plus the fact that JTLB holds references to data and code together in the address translation cache. Plus situations like kseg0 and kseg1 unmaped translations, which would occour outside of any TLB (having virtual address subtracted by 0x80000000 and 0xA0000000 respectively to get physiscal locations) making, as you mentioned, only split uTLB's (not counting kseg2 special case). But PaX wants to take care of kernel level security too. Even MIPS split cache unities (which can be probed separately by software) wouldn't make the approach possible since if you have a piece of data previously cached in D-Cache (load/store) the cache line would need to suffer an invalidation and the context to be saved in the I-Cache before the I-Fetch pipe stage succeeds. Indeed, execution protection (in a general way) does not require split TLB. Other solutions designed and implemented by PaX are SEGMEXEC (using specific segmentation features of x86 basead core's) and MPROTECT. The last one uses vm_flags to control every memory mapping's state, ensuring that these never hold VM_WRITE | VM_MAYWRITE together with VM_EXEC | VM_MAYEXEC. But as the solution becomes more complex it also tends to get more issues. First of all, this wouldn't be as simple and ``automatic'' as per page control. Another point is that this solution wouldn't prevent kernel level attacks so, among others, any compromise in this level could lead to direct manipulation of a task's mappings flags. At the end a known problem is an attacker who is able to write to the filesystem and to request this file to be mapped in memory as PROT_EXEC. In other words: yes it is possible to achieve execution protection in other ways, but not as precise as page-level. [Second approach] "Plus the fact that JTLB holds references to data and code together in the address translation cache." went from a problem to a solution, when discussing it to PaX team. The quote: "Multiple Matches: If more than one entry in the TLB matches the virtual address being translated, the operation is undefined." -- from [3]. The algorithm: - from the Refill exception handler, check fetching type { * _EPC = EPC; * if CP0(Cause(BD)) [ . _EPC += 4; ] * compare ( CP0(_EPC) , CP0(BadVaddr) ) [ . if TRUE ( I-Fetch ); . else ( D-Fetch ); ] * I-Fetch [ . build the valid PTE and load it normally in the J-TLB; ] * D-Fetch [ . build a valid PTE and load it in the J-TLB; . force it to be loaded in our lovely entry in the D-TLB ( __asm__ __volatile__ ("lw %0,0(%1)"\ : "=r" (user_data)\ : "r" (address)); ) . build an invalid PTE, for the same ASID/VPN, marked by PaX ( static inline pte_t pte_mkpax(pte_t pte) { pte_val(pte) &= ~(_PAGE_READ|_PAGE_SILENT_READ|_PAGE_DIRTY); } ) . load the invalid entry in the J-TLB ] } The conjecture: If a I-Fetch happens to that (previously marked by PaX) page, the circuit's TLB sorting algorithm should take the invalidated entry from J-TLB, load it within the I-TLB and generate a second page fault by trying to make use of this entry. - from the Refill exception handler, check fetching type { * _EPC = EPC; * if CP0(Cause(BD)) [ . _EPC += 4; ] * compare ( CP0(_EPC) , CP0(BadVaddr) ) [ . if TRUE ( I-Fetch ); . else ( D-Fetch ); ] * I-Fetch [ . for PaX marked pages ( pax_report_fault(...); do_exit(SIGKILL); ) . for non PaX pages, build the valid PTE and load it normally in the J-TLB; ] } [The experiment] The computer: IDT 79RV4600-100, 128MB of RAM. - Executive code { * play with CP0(Index); * play with CP0(EntryLo)'s flags; * play with CP0(Wired); } - Dump the Translation Lookaside Buffer entries to disk { * look for patterns; } The user code: #include <stdio.h> #include <unistd.h> #include <stdlib.h> #include <fcntl.h> #include <sys/mman.h> #include <asm/page.h> /* jr $31 ; nop */ const unsigned long payload[] = { 0x03e00008, 0x00000000 }; int main(int argc, char **argv) { unsigned long page, vpn; void *vaddr; int fd; /* mmap itself won't load/store the page, which means a virgin * place so we can be the fault's EPC. */ if (argv[1]) { fd = open(argv[1],O_RDWR); vaddr = mmap(0, PAGE_SIZE, PROT_EXEC|PROT_READ|PROT_WRITE,\ MAP_PRIVATE, fd, 0); } else { /* malloc's internals stores then loads somewhere in * the page range, it will generate our fault. */ /* This is ridiculous, but MIPS glibc's * does brk(PAGE_SIZE * 33) even if you * just want to malloc(few bytes), normally you get: * -> brk (0x10001000 + (PAGE_SIZE * 33)) * * If malloc requested size > 33 pages then it old_mmap * PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS * * Even funnier cause as far as I can tell glibc * assumes size >= 32 (instead of 33) to then * get_unmapped_area.... * * Thinking about the whole MIPS architecute i can't * think of anything that could justify this crap. */ vaddr = malloc (33 * PAGE_SIZE); memcpy(vaddr, (void *) payload, 8); } page = ((unsigned long) vaddr & (PAGE_MASK)); vpn = ((unsigned long) vaddr & (PAGE_MASK << 1)); printf("Payload @ %08lx\n", (unsigned long) vaddr); printf("CP0_BADVADDR : %08lx [VPN = %08lx]\n\n", (page+8), vpn); /* I-Fetch vaddr */ asm( "or $8,$2,$3\n" "jalr $8\n" : : "r" (page), "r" (((unsigned long) vaddr & ~(PAGE_MASK))) ); return page; } [The results] Patterns: No pattern. Sorting algorithm seems undecidable from the software interface. - Output example { surreal kernel: ###################################################### surreal kernel: [do_page_fault] : Program : Hello [3218] surreal kernel: [do_page_fault] : CP0_BADVADDR : 2aac3004 surreal kernel: [do_page_fault] : EPC : 2ab90928 surreal kernel: ---> TLBS Exception (1000ffdb) surreal kernel: surreal kernel: ------------------------[BEFORE]--------------------- surreal kernel: [__update_tlb] : Program : Hello [3218] surreal kernel: [__update_tlb] : CP0_BADVADDR : 2aac3004 surreal kernel: [__update_tlb] : ASID : 00000062 surreal kernel: [__update_tlb] : EntryHi : 2aac2062 surreal kernel: [__update_tlb] : EntryLo0 : 32565e surreal kernel: [__update_tlb] : EntryLo1 : 0 surreal kernel: [__update_tlb] : Index : 45 surreal kernel: surreal kernel: ---- TLB Entries ---- ............................................................. surreal kernel: Index: 45 pgmask=4kb va=2aac2000 asid=62 surreal kernel: EntryLo0 : [pa=0c959000 c=3 d=1 v=1 g=0] surreal kernel: EntryLo1 : [pa=00000000 c=0 d=0 v=0 g=0] surreal kernel: surreal kernel: ------------------------[AFTER]---------------------- surreal kernel: [__update_tlb] : Program : Hello [3218] surreal kernel: [__update_tlb] : CP0_BADVADDR : 2aac3004 [00000000] surreal kernel: [__update_tlb] : ASID : 00000062 surreal kernel: [__update_tlb] : EntryHi : 2aac2062 surreal kernel: [__update_tlb] : EntryLo0 : 32565c surreal kernel: [__update_tlb] : EntryLo1 : 3297dc surreal kernel: [__update_tlb] : Index : 47 surreal kernel: surreal kernel: ---- TLB Entries ---- ............................................................. surreal kernel: Index: 45 pgmask=4kb va=2aac2000 asid=62 surreal kernel: EntryLo0 : [pa=0c959000 c=3 d=1 v=1 g=0] surreal kernel: EntryLo1 : [pa=0ca5f000 c=3 d=1 v=1 g=0] surreal kernel: surreal kernel: Index: 47 pgmask=4kb va=2aac2000 asid=62 surreal kernel: EntryLo0 : [pa=0c959000 c=3 d=1 v=0 g=0] surreal kernel: EntryLo1 : [pa=0ca5f000 c=3 d=1 v=0 g=0] } - Working example { tiago@surreal(~)$ ./Hello Payload @ 2aac3008 CP0_BADVADDR : 2aac3008 [VPN = 2aac2000] Killed tiago@surreal(~)$ uname -a Linux surreal 2.6.9-rc2 #125 Thu Oct 28 05:38:27 BRT 2004 mips unknown tiago@surreal(~)$ ............................................................. surreal kernel: ################## EXECUTION ATTEMPT ################# surreal kernel: [do_page_fault] : Program : Hello [3218] surreal kernel: [do_page_fault] : CP0_BADVADDR : 2aac3008 surreal kernel: [do_page_fault] : EPC : 2aac3008 } - Possible reasons { * timing; * stupidity; * ...; } So? Looking at some opencores.org's projects and checking their MMU circuit implementations that might get me some ideas. Ah! Yes, BTW, if you have the HDL project of the Stanford MIPS, or any of its children, please hook me up -- warez. kthx. [1] http://www.securityfocus.com/archive/1/333303/2003-08-09/2003-08-15/2 [2] http://cvs.openbsd.org/papers/auug04/mgp00009.html [3] MIPS R4000 Microprocessor's User Manual, 2nd Ed. (p.62). |=---=[ Open Interview - The real cool questions Q: Is the true you still entertain relation with the KIQ team? what kind of missions did you realised for them? A: I hate soccer. Q: How close is your personal relation with the scene whore halfdead? tell us about .ro/.br gangbangs... A: The hawk that is big? Q: We heard mayhem is moving to your country escaping french fascist laws, have you never tried ELFsh? A: Hrmmm, in fact it's just a genius play from big local beuh dealers. Guinness? Q: You said 4times by the past after posting bullshit in dailydave, you'll never do it again, but you are still posting. How do you live that addiction? Any idea why noone reading that mailing list can't understand a word of your philosofical ideas? A: 4? I've said it 82 times. I simply don't think of the subject, it's like having aids and being concerned about it. Are you nuts? I know for sure I'm the only retarded capable to understand my symbolism ;P Q: Coxinhaaaaa? A: Bico Q: About philosophy, why you ended in ITS world? There are rumors about you talking to your computers about your philosophy and asking them to comment before you post in dailydave? A: See 'Life'. False! That's why they suck so much. Q: Absynthe? A: Sharks! Q: Did you try to put some sense to your philosofical ideas _without_ any absynthe effect? A: Bohèmes, Dan Frank. <3 Q: Does the number of 'hu' has a signification for you? A: Huhuhuhuhuhu hu huhuhu Q: Is there any kind of relation between 'hu' and 'uh'? A: Uh? Hu! Q: Absynthe? A: Spain Q: Rumor has it that pax team strong-armed you into being his MIPS bitch, any comments? A: :< Not fair. I almost cried because of petite pip. Q: How did your transition from inline skating to inline assembly come about? A: Sliding... Q: Which would you say has bigger scenewhores, the hacking scene or the X-games scene? A: 540 into True-spin kind grind, fake 360 out. Q: What does 'hu' actually mean? A: Mean? :/ Q: What are your opinions on finger(1) ? A: HUHUHUHUHU q:D Q: Free [RaFa] ? A: Sit on your feet Q: Do you have anything to say to all the people scuttling around trying to figure out who the fuck you are right now? A: If they're really worried about that they should stop scuttling and start blubbering instead. Q: We would like to congratulate you on a succesful Phrack Prophile defacement, and actually managing to get it distributed. How _did_ you pull it off? A: I didn't :D Q: Can you answer a question with a paragraph less than 20 lines long? A: No. Q: Is your love of MIPS related at all to the 'Coyote & Road Runner' cartoon? A: "See MIPS Run"? Q: I heard you're the funder of huhushmail ? Can you give us some light about why Security through Obscurity actually works? A: One of them, yes. I have to agree, though if I give you any enlightenment I would be breaking the conecpt. Q: Can you guess what will be your next answer? A: No, but I know the question. Q: Any idea why Phrack shouldn't be renamed Phcrack? A: Because of current price of the blue mosquitos from Tanzania. Q: CRUZEIROOOOOOO A: Chupame la pija, boludo maricon! Q: Which is the better backdoor? PaX or grsecurity? A: To be honest, I prefer the iGOBLIN backdooring technique. Q: What percentage of this interview is inside humor, that the reading audience will never understand? A: 95.46008097%. I might get the graphical analysis soon, from the widely known LRL -- Lance Research Laboratory. ;) Q: How does it feel to be famous now? How will this Prophile change your life for the better? For the worse? Where can job recruiters contact you? A: I already got 83 phone calls, 68 fax messages, and 3 e-mails. Invitations from all the fancy elite hacker groups. I might as well apply to the NSA -- National Symposium of Albatri. I expect to be capable of decreasing brazilian poverty and DDoS attacks with this, by increasing the number of defacers that will bow down towards my fancyness. I am also looking forward to becoming friends with all the elite hackers and to be recognized as such. I will be beautiful, famous, loved -- a super hero! I'm welcome. Q: DURA? A: Hooray for Danny! *\o/* Q: What are your thoughts on Richard Johnson of iDEFENSE? A: Secure: never being a petit theft, he wears condoms! Q: Do you have any idea why Richard Johnson of iDEFENSE has not killed himself yet? A: Lack of fancyness. Q: Who is your favorite "hot shot hacker from Texas"? A: The KoolKrazyKlantastic -- fluffi leona \o/ =---=[ One word comments [give a 1-word comment to each of the words on the left] WORD? : WORD! |=---=[ Any suggestions/comments/flames to the scene and/or specific people? This bunch of bullshit spat above meant something when done. Fuck its political meanings and implications, even though I cannot avoid them. Carry on. |=---=[ Shoutouts & Greetings I don't believe in merit. To do is as arbitrary as to not do. However, I want to HUG some people; my family, my stag, my limey brother, my tukey, my albatross, my creyss, my frogs, my dutchies, my hungarian, the only guy who's hotter than the old apartment, my dot-pa-marine, my waismo, my joto, faggy, my fancy blackhat white american, my kurdish, my corcho, my sweedish, my boss, my tempest individuals, my metrosexual linguistic analystic K-master giant, my iGOBLIN defender grin, my tibu, and AAALLLL my fancy collection of fancy individuals! |=[ EOF ]=---------------------------------------------------------------=|