Celebrating Workarounds, Kludges, and Hacks

itwbennett writes: We all have some favorite workarounds that right a perceived wrong (like getting around the Wall Street Journal paywall) or make something work the way we think it ought to. From turning off annoying features in your Prius to getting around sanctions in Crimea and convincing your Android phone you're somewhere you're not, workarounds are a point of pride, showing off our ingenuity and resourcefulness. And sometimes artful workarounds can even keep businesses operating in times of crisis. Take, for example, the Sony employees, who, in the wake of the Great Hack of 2014 when the company's servers went down, dug out old company BlackBerrys that, while they had been abandoned, had never had their plans deactivated. Because BlackBerrys used RIM's email servers instead of Sony's, they could still communicate with one another, and employees with BlackBerrys became the company's lifeline as it slowly put itself back together. What hacks and workarounds keep your life sane?

Quantum HDD

[Lead+Butthead]

This I heard from a ex-Quantum coworker; purportedly the drive firmware was suffering from a memory corruption problem (several consecutive bytes keep getting overwritten in RAM.) The engineer tasked with fixing the problem shifts the code by the said number of bytes and declares victory. After that I never looked at HDD the same way again.

Abuse of sudo

[kramer2718]

At an old job, we were given sudoer privileges, but there was a blacklist of dangerous commands that we couldn't sudo (such as bash, su, etc), so I wrote a one line script to get around that called hijack:

$@

Then I could type

$sudo hijack

and sudo any command I wanted.

Undid an old game crack by brute force

I wanted to play an old abandonware game, but the only copy I could find had been cracked to bypass the "copy protection" questions, and the crack had some unfortunate side effects. An old text file showed which two bytes to change in DEBUG to crack it, so I knew which two bytes had been changed in which file, but I didn't know what the original values were. Fortunately, SCUMMVM's source code shows the hash of the file it's looking for. So I wrote a shell script to create 2^16 copies of the copy with all possible values for those 2 bytes, and looked for the one with the right hash.

decidedly low tech

decidedly low tech and it probably shows my age, but back the days of dialup my modem was ridiculously loud when dialling and was capable of waking up other people in the house when i would occasionally get disconnected at night. there was no switch for the speaker but there was a headphone jack. so i cut the 3.5mm jack off a useless pair of earphones and bam, silence.

Hardware Boot Sector Recovery

[Bing+Tsher+E]

Back when a 10 MB full-height 5-1/4" hard drive was still somewhat of a big deal, I acquired one that had boot sector damage. It could be low-level formatted just fine, but the first few cylinders were damaged so it couldn't be a bootable drive in a PC-XT clone.

It used an optical limit sensor to detect when the stepper motor moving the head in and out was at the outer end of travel. I epoxied a little bit of metal onto the end of the encoder to slightly extend the head inward. After a fresh low-level format, the new 'track zero' was defect free and the drive was bootable and could be deployed as the C: drive. I think I then put it to use as the C: drive in the PC-XT that I ran my BBS on (WWIV 3.2.1, 1200 baud, online 24/7)

Comment removed

[account_deleted]

Comment removed based on user account deletion

Become major of a place on foursquare

[unrtst]

I don't use foursquare, but a friend was bragging about being mayor at a couple places. I commented that I could be mayor in a month or two. He ended up betting me I couldn't. I warned him that it was super easy and he would be stupid for making that bet, but he still did it. That night, shortly after a few drunken minutes trying to type my password, the first cron job started running...

#!/usr/bin/perl
# call it from cron with:
# perl foursquare_checkin <location_id> <latitude> <longitude> <your_login_email> <password>
# Ex: perl foursquare_checkin 2021944 40.676141 -73.983452 foo@bar.baz 12345
my ($user,$pass) = @ARGV[3,4];
my $auth = MIME::Base64::encode("$user:$pass",'');
use MIME::Base64;
use IO::Socket;
sleep(rand()*600); # so checkins are slightly random
my $sock = IO::Socket::INET->new(PeerAddr=>'api.foursquare.com', PeerPort=>80,
                                                                  Proto =>'tcp', Type=>SOCK_STREAM) or die;
$ARGV[1] += rand() * 0.0001 - 0.00005; # wobble location
$ARGV[2] += rand() * 0.0001 - 0.00005;
my $str = "vid=$ARGV[0]&private=0&geolat=$ARGV[1]&geolong=$ARGV[2]";
print $sock "POST /v1/checkin HTTP/1.1\r\nHost: api.foursquare.com\r\nUser-Agent:" ." Mozilla/5.0 (iPhone; U; CPU like Mac OS X; en) AppleWebKit/420+ " ."(KHTML, like Gecko) Version/3.0 Mobile/1C10 Safari/419.3\r\nContent" ."-Type: application/x-www-form-urlencoded\r\nAuthorization: Basic " ."$auth\r\nContent-length: ", length($str)+2, "\r\n\r\n$str\r\n";
my $res = <$sock>;

And yes, I know that's ugly, and there's easier and cleaner ways, but it got the job done well enough to get me mayor of a few places and really pissed off the gambler before I turned it off for good. I have no idea if this still works (ie. lack of any form of message authenticity or handshake etc), but it wouldn't surprise me if it did... feel free becoming mayor of anywhere you want (you can even checkin to places across the country and back on a regular basis and they didn't catch it). But if it no longer works, don't ask me.

Software TDMA for WiFi

[aXis100]

Many years ago when WiFi first came out and internet was still really slow I was active in a community based wireless FreeNet. We had set up multiple 10+ km links between our houses and had a full dynamically routed system spanning most of a city.

Problem was, WiFi is renowned for the "hidden node" problem, where clients cant hear each other and fail to successfully perform collision avoidance. Packetloss goes through the roof and throughput suffers terribly.

So, I wrote a perl script that interacted with IPtables QUEUE feature to keep the wireless packets a buffer, and they would only be released then that client received a token from a master server. It was a massive hack, but worked a treat and gave huge improvements to our throughput and stability.

Years later companies like Mitronik and Ubiquity introduced similar functionality in their wireless station firmware, but we were well ahead of the curve.

live patching non-modular code in a running ircd..

[AndroSyn]

So there was a bug several years ago in ircd-ratbox that impacted the core code that wasn't a loadable module. There was a bug in cidr matching that really needed fixed. So..I wrote a loadable module that got the address of the C function that needed replaced. Then I used mprotect to set that page the function was in memory to be read/write.
Then..I scribbled over the start of the function with x86 opcodes to make it jump to a replacement function that was in the just loaded module.

Or in code.. match_cidr is the bad function, fixed_match_cidr is the replacement.

static int
modinit(void)
{
        char snag[7];
        snag[0] = 0xB8;
        *(int *) &snag[1] = (int) fixed_match_cidr;
        snag[5] = 0xFF;
        snag[6] = 0xE0;
 
    memcpy(saved, match_cidr, 7);
    mprotect(ALIGN(match_cidr-(PAGESIZE)), PAGESIZE*2, PROT_READ|PROT_WRITE|PROT_EXEC);
    memcpy(match_cidr, snag, 7);
    mprotect(ALIGN(match_cidr-(PAGESIZE)), PAGESIZE*2, PROT_READ|PROT_EXEC);
    return 0;
}

A bit of a hack

A few years ago, a coworker of mine wrote a tool to get around hotel WIFI restrictions. They found that usually everything outbound was blocked, except for DNS requests. They also found that they could use their own DNS server without issue.
They went home and wrote a small DNS server that served theirdomain.com. Requests would be encoded into base64 and submitted via a request for the subdomain of theirdomain.com, and responses were able to be sent back by offering different CNAME results.

They said it was fairly slow, and each "packet" could only be what fit into the subdomain of theirdomain.com, which also resulted in a lot of useless DNS records appearing on the server(s), but it was able to transmit at a few kilobytes per second - enough to get a basic web browsing session going over restricted hotel WIFI.

(Note: I may be forgetting some of the intricacies of how this worked. They showed the working code and the slow bitrate to me not long after writing it.)

Thank you for playing Wing Commander

[Chuck+Chunder]

As development for Wing Commander came to a close, the EMM386 memory manager the game used would give an exception when the user exited the game. It would print out a message similar to "EMM386 Memory manager error..." with additional information. The team could not isolate and fix the error and they needed to ship it as soon as possible. As a work-around, one of the game's programmers, Ken Demarest III, hex-edited the memory manager so it displayed a different message. Instead of the error message, it printed "Thank you for playing Wing Commander."

https://en.wikipedia.org/wiki/...

Wetware hack: Sardines as desert

[dotancohen]

I introduced sardines to my daughters as desert, and only give it to them as a treat. Now they enjoy an inexpensive, healthy snack when other kids demand ice cream and chocolate. If that's not a hack, then I don't know what is.