SETI@Home Cheaters
from the get-a-life dept
Apparently, a lot of people who use SETI@Home cheat to bring their rankings up on the leader board. Who are these people and why are they doing this? What a waste of time for absolutely nothing. A lot of SETI@Home's resources are now focused on preventing cheating and on security. If people are really interested in helping the SETI project, then they should help. If they want to be a fake "leader" somewhere, why don't they go try to be "first posters" over at Slashdot. That'll show people how cool you really are.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Reader Comments
Subscribe: RSS
View by: Time | Thread
FIRST POST
[ link to this | view in thread ]
Re: FIRST POST
[ link to this | view in thread ]
Re: FIRST POST
[ link to this | view in thread ]
No Subject Given
[ link to this | view in thread ]
Re: this article
way around SETI@HOME. Its been proven over and
over. SETI@HOME YOU LOSE HACKERS WIN!
[ link to this | view in thread ]
Re: this article
I need to have any possibly logged Information about the previous posting "Anonymous Coward".
This subject is CONFIRMED to be a member of the above mentioned group. This subject is WANTED by all means!
I have had mail contact and followed its trace since the beginning of all this.
If you have logged information, being it only for statistical purposes, please Contact me, or one of the SETI@Home officials!
Even if hardly useful, it is a piece of the puzzle to narrow down the search, and put together the path of destruction these people try to leave behind!
With the help of international ISP's and Routers, there WILL BE a chance of tracing down its origin one day !!
Thanks in advance.
FalconFly
Team Erster Kontakt, Germany
www.ersterkontakt.de
[ link to this | view in thread ]
Re: this article
Heres how the exploit was done.
SETI@HOME EXPLOIT/Hack (c) Copyright 2oO1
All rights reserved UFCF Team 2oO1 Trademark UFCF
Team 2oO1, UFCF, UFCF Crew
Exploit Date ............ May 31, 2001
Released by ............. UFCF Team 2001 (Canada)
WARNING! WE NOT HELD RESPONSIBLE! USE AT OWN RISK
Exploit Seti@home user information....... 1
Cheating work units ..................... 2
1
SETI@HOME EXPLOIT:
------------------
- Explains how exploit works. NOTE: EXPLOIT ONLY
WORKS UNDER UNIX.
- Change line 2 (any number 1 thru 3 million),
the software will fill in the rest.
You have full information about the user.
- Do not change Line 1, 3 Thru 18.
key.sah - contains the encryption key.
Changes all the time.
lock.sah - nothing just lock file.
outfile.sah - contains results (final product)
userinfo.sah - contains user information
(about user)
- line 1:
- line 2: change id=
- line 3: key=
- line 4: email_addr=
- line 5: name=
- line 6: Url=
- line 7: country=
- line 8: postal code=
- line 9: show_name=
- line 10: show_email=
- line 11: venue=
- line 12: register_time=
- line 13: last_wu_time=
- line 14: last_result_time=
- line 15: nwus=
- line 16: nresults=
- line 17: total_cpu=
- line 18: params_index=
Temp.sah - line 2, 3
2
CHEATING WORK UNITS.
--------------------
- EXPLOIT ONLY WORKS UNDER UNIX.
- This explain how cheat work units.
STEP 1:
- Download seti@home software
http://www.setiathome.ssl.berkeley.edu
- unzip & un-tar setiathome software
- rename setiathome directory "seti"
- make temp directory
- Run seti@home software using switch:
./setiathome -verbose -stop_after_process
Stop after current WU - do not send work unit.
- After work unit is complete:
copy all *.sah files to temp directory
STEP 2:
This sections explains how exploit the hole:
in your temp directory will contain the
following files:
key.sah - Security key. Changes all the time
lock.sah - Lock file (check seti@home
running)
outfile.sah -
pid.sah - Pid/Process id seti@home software
running
result.sah - Results - sends back to server
result.header Result_headers - send back to
server
state.sah - user_info.sah - Contatins "User
Id, Key, Email address, Full name,
URL, City/Provice, Postal code,
Show name (Yes/No), Show email
(Yes/No), venue, Registered time
Last work unit (Last work unit you
return), Last result time (Time
took to complete), nwus (Country
code), nresults (number result you
return), total_cpu Total cpu
calc.), params_index (unknown)
work_unit.sah Work unit
wtemp.sah Work unit (output version)
STEP 3:
- Cut&Pase User ID & User Key (user_info.sah)
change following files:
Filename: Header: Lines Change:
Result.sah: user_id 2
user_key 3, 17
Result_header.sah: user_id 5
Temp.sah: id 2
key 3
Wtemp.sah: user_id 5
STEP 4:
Change the following files:
Filename: Header: Line change:
result.sah name= 16
*READ Technical notes, more information*
1-8
Contains date (day, month, year, 2 letter)
*Do not change*
10-14
Contains work unit id (add+1)
16-20
Contains work unit id *Do not change*
22-27
Contains work unit id *Do not change*
29-31 *Do not change*
result_header.sah name= 4 *See result.sah*
work_unit.sah name= 4 *See result.sah*
Technical Notes:
----------------
NOTE: Software will report (attempt send dup)
to trick the software you must change
work_unit.sah line 4:
(#1) ie. name=01jan01aa.12715.33457.636084.195
^ add +1 = 12716 and keep adding +1
name=01jan01aa.12716.33457.636084.195
If you run out numbers in field 3
ie. name=01jan01.12716.00000.636084.195
^ ^^^^^ ^^^^^^ ^^^
add+1 | | |
|- reset using 00000
| |- leave
|- leave alone
name=01jan01.12717.00000..636084.195
if you run out of numbers in field 2&3 change
01jan01 02jan01 and so on.
ie. name=02jan01.12716.12715.636084.195
Technical:
ie. name=01jan01 .12716.12716.636084.195 *SEE TABLE BELOW*
^ ^^ ^^ ^^^^^ ^^^^^ ^^^^^^ ^^^
1 2 3 4 5 6 7
Table:
1=Day
2=Month
3=Year
4=Add +1 work unit number
5=Do not change (unknown)
6=Do not change (unknown)
7=Do not change (unknown)
STEP 5:
Copy following files /seti directory:
key.sah
lock.sah
outfile.sah
pid.sah
result.sah
result_header.sah
state.sah
temp.sah
user_info.sah
version.sah
work_unit.sah
wtemp.sah
YOUR ALL DONE. KEEP ADDING +1 IN STEP 4...
---------------------------------------------
[ link to this | view in thread ]