You know you weren't suppose to do it. It was a immoral and sinful hack or tweak, but you did it anyways. A goto? A linked list of function pointers? Even committed it? What nasty hacks have you do lately?
...:: Hacking World Cup Tickets for Germany 06 ::...<p>Australia was a late qualifier for the tournament. The ticket submission was via email. Tickets were allocated on a first email received basis after 09:00. There was a countdown webpage which advertised the time.<p>--- Preparation<p>* I telneted to port 25 of the destination and saw via EHLO that the mail server clock was 1 minute faster than advertised on the webpage, giving a start time advantage<p>* I pre crafted the SMTP message into a text file. This had the sending time as 09:00:01<p>* Before the day I checked out how long the mail server would keep open any connections without any input (10 minutes)<p>---<p>Cometh the day:<p>* I opened up several telnet sessions to port 25 , 10 minutes before.<p>* when the time came, I did several EHLO messages to check my session was alive<p>* I cut'n'pasted my SMTP message into the server<p>* I closed all my connections (other people were bouncing at this point as the server connection pool was exhausted)<p>---<p>I got my tickets.
#1<p>Using a negative index on an array in order to get around a signed 16 bit limitation. Just stuck another blank array of the same size in front of it in the memory map and kept going.<p>For all I know that code is still running :)<p>It was quite hard to convince the compiler that I wanted to keep the never referenced/read array.<p>Stupid mainframes and their limits...<p>#2<p>In the 386 days you could get a separate co-processor, the 387 for float work (or a weitek if you had the money). The clock line between the two of them was shared but I found out that you could disconnect the clock pin of the 387 and connect it to its own oscillator to overclock it. That way even if the rest of the board could not be overclocked at least the float processor was. By carefully interleaving float and co processor opcodes you could then run a lot faster than you would have been able to otherwise.
This is not a very impressive hack compared to the other submissions here. But still here is my 'hack', if you want to call it that way.<p>When I was doing my graduate course in Computer Engineering, we had to submit loads of assignments each semester for each paper. "Assignment" means something that we should write by hand (print-outs not allowed) on any arbitrary topic provided by the lecturers. There was no problem solving ability required here, it was just answering questions like "What are the features of Java?", "Explain the layers in the TCP/IP model" etc.<p>As you can assume, this was a rather boring and useless exercise. In the first two years I made some girls from my class to write the assignments (which I am not interested in) for me in exchange for helping them in the computer lab and projects (which they were not much interested in).<p>By the end of second year, I found out another way to do this. I wrote a program that wrote the assignment for me. Here is how it worked: I will fetch the data from websites like Wikipedia etc and paste it in the program and the program will make it look like my handwriting. I click <i>print</i> and it will print the result to A4 sized papers and I submitted those.<p>I scanned my handwriting and separated each character and made it look like natural when paragraphs etc were constructed with this program.<p>The results were so impressive that later when I told this story and showed an assignment to one of my lecturers, he thought that I was just joking!<p>This hack even though trivial, saved me a lot of time in college.
Well, here's one that, erhm a friend of mine, did.<p>dating has moved online, and the key to getting laid is basically to get as many contacts going as you can. It's like a funnel: The more you put in at the top the more comes out at the bottom. The problem of course is that all that initial contact and writing back and forth with potential subjects is somewhat timeconsuming.<p>Enter the magic of webscraping and hacking.<p>It's not hard to make a program that will send a standard message to a chosen group of profiles on a dating site based on search criteria. It's not hard to make an interface that let's you do the initial round of communication with the people that respond in an interface that's somewhat more optimised for communicating with a lot of users at the same time. Once you get past the first three or four messages it's time to move on to the more personal aspects of communication. It saves a lot of time, and you only spend time on girls that have actually shown some interest.
Damnit, most of my best hacks could be considered proprietary, though I seriously doubt any of the companies involved would care. One that I can share:<p>I architected a game-creation platform so that all the game runtime code was both legal Flash <i>and</i> legal JavaScript, such that the same code could be inserted verbatim in both the JavaScript editor and the Flash compiled version.
I hacked my son. He was four at the time. My wife sent me off one Saturday purportedly for a "father/son" bonding expedition to buy her Christmas present.<p>Well, I had seen what my mother-in-law did to kids: set them on her lap and pumped them so dry they squeaked for a week. I figured daughter == mother...<p>So, little Jeremy and I went shopping. All the way to the store I told Jeremy to not tell Mom what we bought (the hook ;-). At the store, I picked up a CD/alarm clock for Mom's present. Of course, Jeremy couldn't read, so he really didn't know what it was. I asked him if he thought Mom would like a thingamajig, and he thought it was a fine idea (baiting the hook ;-).<p>All the way home, I emphasized to little Jeremy that he was <i>not</i> to tell Mom that we bought her a thingamajig (setting the hook ;-).<p>When we got home, I disappeared into another room, but stayed within earshot. Sure enough, Mom got little Jeremy on her lap and started pumping him. He resisted valiantly, but he was only four and cracked after a couple of minutes. "It was a thingamajig!" he said.<p>CAUGHT! :-D
Back in 2000 or so I ran an AOL hacking website called AOL-Files.com. One day, BMB, my confounder, successfully tricked a high level AOL employee into divulging his SecurID pin, which was required in addition to the user's password in order to sign on to their AOL accounts. SecurIDs, FYI, are a keychain-like device that you carry around that displays a six digit number which changes every 60 seconds seconds. AOL used it as an extra layer of security for important accounts.<p>Anyway, BMB gets this information and signs on to the account. Usually by this time the employee has figured out that you stole his information and is in the process of reporting it, so you don't have much time. BMB immediately attempts to go to the AOL Keyword Manager, which lets certain employees manage where specific AOL keywords take you. As it so happens, this employee had that access (it was very rare).<p>BMB redirected keyword "Welcome", which normally takes you to the AOL welcome screen, to our site, AOL-Files.com. Every person that signs on AOL, you see, gets automatically sent to keyword "Welcome" when they sign on.<p>For 20 minutes, every person that signed on AOL got sent to our site. We got 75,000 hits before AOL finally fixed it.<p>For anyone interested, I've got an archive of AOL-Files up on my site, which has a security breaches section that lists a lot of exploits like this one, including one where we stole every three character AIM name: <a href="http://www.mattmazur.com/archive/aol-files/index.html" rel="nofollow">http://www.mattmazur.com/archive/aol-files/index.html</a><p>I no longer support stealing people's stuff, but I still think the keyword Welcome exploit was badass.
I am writing PHP in Common Lisp, and my codebase is litered with the following:<p><pre><code> (defun make-record (&rest args) ; insert &allow-other-keys ;-)
(let ((*db-auto-sync* t))
(object (make-instance 'record args)))
(when object
(update-records-from-instance object))))
</code></pre>
Both the LET binding of <i>db-auto-sync</i> and the update-records call do the EXACT same thing. However, due to weirdness I don't grok quite yet, the calls to the db driver get in only half the time, even with query caching disabled.<p>That's for record insertion.<p>For record <i>update</i>, I have something far more sinster. Every accessor has an :after method with explicit SQL inside. Allow me to explain this: Imagine if you had to write a function that does something as a side-effect <i>everytime</i> an assignment is made! E.g. I have a macro that generates explicit slot serializer for ever accessor; I managed this by wrapping defclass twice and now I program in a weird, session-oriented php-like dialect that's just too fucking brittle.<p>We will go over it after our first demo :-P<p>[Edit:<p>I wrote the following database agnostic routines and I deal with the db strictly through them.<p>LIST-OBJECTS type<p>LIST-OBJECTS-WHERE type slot value<p>FIND-OBJECT type slot value<p>FIND-OBJECT-WHERE type slot value<p>UPDATE-OBJECT-WHERE type slot value new-value<p>DELETE-OBJECT-WHERE type slot value<p>type is both a Lisp class and SQL table name. Slot and value are used in WHERE clauses, e.g. (select [*] type :where [= slot value])<p>]
I used a bash script to query a mySQL database because we weren't allowed to use "unapproved" libraries and the last time I tried to get permission to use a CPAN module, it took 8 weeks.<p><i>I am ashamed.</i>
I wanted to adapt someone's command-line-based program into a library, but it wasn't designed as such. The program was strewn with calls to exit(), and on encountering one of these I would just want to return to the function that called into the library rather than exiting the whole program. So I did a setjmp() prior to calling into it, and used the preprocessor to turn exit() into longjmp().
<p><pre><code> // we don't even pretend to work on anything but i386 and LE arm
const unsigned char c[] = { 0x78, 0x56, 0x34, 0x12 };
assert(sizeof(int) == 4 && *((int*)c) == 0x12345678);</code></pre>
I used ctypes to change the base class of Python's GeneratorExit from Exception to BaseException because the official patch didn't make it in until 2.6.<p>import __builtin__, ctypes<p>class ImvuGeneratorExit(BaseException):
pass<p>__builtins__['GeneratorExit'] = ImvuGeneratorExit<p>__builtin__.GeneratorExit = ImvuGeneratorExit<p>ctypes.c_void_p.in_dll(ctypes.pythonapi, 'PyExc_GeneratorExit').value = id(ImvuGeneratorExit)
Signing up for classes at FSU was always a huge pain. The session started at 8am and good classes filled up quickly. If a class was full you had to continually type in the registration number and submit the form to see if anyone had dropped it (there was a lot of turnover as people loaded up their schedule and then called their friends to see what timeslots they were in.)<p>I had just taught myself php and wrote a curl script with the classes I wanted, and the few timeslots I wanted, in order. After a brief struggle I finally realized I needed to hit port 443 instead of 80 and, voila, my initial class registration was complete. A few were full but it kept hammering the site every 10 seconds and over the next few hours I got emails whenever it successfully registered me with a class.<p>I actually thought about charging $5 to handle other students' registrations because they hated dragging out of bed at 8am and refreshing their browser for an hour. Somehow I decided the university wouldn't approve....
Getting into the neighbor's WEP. There wasn't even much to it in the end. My desktop didn't have a wireless card so I had to pipe the connection from a half dead laptop I had lying around.
A year ago I wrote a half-assed map/reduce in PHP. I partitioned a day's worth of logs across hundreds of gzipped CSV files by key hash, so I could run four reducers (the box has four cores) and each could suck a partition into 1/4 of physical memory.<p>After about six months of pathological random access (and what I assume to be epic fragmentation), the disk failed. I hope to migrate to our shiny new Hadoop cluster while the replacement disk lasts.
This is a lame hack, but I used to play lots of Red Faction on the LAN with my buddies. They where all better than me and I got tired of it so I hacked the config file and changed the power of most of the common weapons and gave myself a homing rocket launcher that you could basically fire and forget. On the open maps you cold fire it up in the air and maybe 30-40 seconds later it would see somebody and you'd get a kill.
I didn't have very many permissions from my sysadmin to do inserts (I'm a BI guy) but I had create temporary table permissions. I needed to take about 5000 system ids with corresponding region identifiers from one system that I could only access via screen. So I wrote an auto hotkey script to screen scrap them all and place them into a notepad file. I then opened the notepad file with excel and added a column of<p>"union select " 233455 ", " "usa"<p>"union select " 233455 ", " "canada"<p>Then puttied into my linux shell, opened emacs and added "create temporary table select 23456 as 'systemid', 'usa' as 'region'<p>Then pasted the entire csv of union selects. Did my joins, etc... Got the report out on time. I know now that I could have done it with an emacs macro, but just didn't have time to figure it out.<p><i>shudder</i>
I wanted to use a certain drawing program (better than xfig but proprietary) for some of my studies. Since I was too cheap to pay the $10 registration fee I decided to try and crack it. It took an afternoon with OllyDbg to crack the program (from its trail version). This is significant because I haven’t looked at x86 assembly in 10 years.<p>I don’t know if I should be ashamed or proud.
I created a callback from PowerBuilder to C++ by using some PBNI (like JNI, but for PowerBuilder) trickery. Basically, the PowerBuilder application ran and loaded the external C++ library to handle expensive calculations. From the C++ DLL, I hooked into the PowerBuilder virtual machine, looked up a particular custom object and method, and then used the method as a callback. This wasn't the evil or immoral part though.<p>The hack was cool, but utterly stupid and pointless (the C++ was used for speed - calling back into PowerBuilder defeated the purpose). The only reason I did it was because the consultant who originally created the C++ DLL managed to convince my boss that the application would run much faster if PowerBuilder supported callbacks. So naturally my boss instructed me to do the impossible. I didn't complain because it seemed like a fun challenge at the time. I didn't tell him that it actually slowed the app down a bit though >:)
HTML in a DB Stored Procedure...<p>Select '<a href="/tickets/ticket/'||i.ticket_id||'">'||lvar_title||'</a><br />'
from tickets
where ...<p>because I was to lazy to do it in the proper layer...
I used a boot to download twitter following pages because it was not allowed to a "non browser" and "non logged user"; it's so bad and some kind of spamming, but i did it any way! :'( :'(
The cleaner script was written in python working along side the C fastcgi app running atop Apache. I made the C fcgid app spawn the python script as a child. :(
Some years ago, doing high performance dense matrix code in C, I replaced a bunch of modulo calls with a bunch of bit operations. You had to work with matrices that were a power of 2 in rows and columns, but you could pad it out and stuff worked.<p>A year later I looked at the code and couldn't figure out how it ever worked in the first place . . .
my ISP sent me a mail, offering an exclusive deal to get a credit card that was without extra charges for life, plus a huge number of freebies, cash backs, discounts and stuff. i clicked the link to the sign up form. i clicked on the sign up button. nothing happened.<p>i checked the source code. apparently the submit button was supposed to call a javascript function, but the function name was misspelled. so i entered javascript:doFormSubmit or whatever the function was called, in the address bar.<p>the application was accepted.<p>i checked the day before the offer expired. the form code still had the typo.<p>i'd like to believe i'm the only guy who got the 40% discount on a new microwave over and a new tv and 2 years of 25% discount on movie tickets :)