From Dejan Rogic on Mon, 20 Jan 1997 13:33:28 +0100 (MET)

telnet coffe machine or nowadays hackers (fwd)

/		In real life : Dejan Rogic		/
/	     Fakultet organizacije i informatike	/
/		    	  VARAZDIN 			/
/		    Phone:+385 51 812 278               /
/			e-mail:	/

---------- Forwarded message ----------
Date: Mon, 20 Jan 1997 10:55:44 GMT
From: Hrvoje Crvelin 
To: Dejan Rogic 
Cc: Dragan Popadic , Igor Varljen ,
    Marina Janko , Ratko Mladenic ,
Subject: telnet coffe machine or nowadays hackers


Originial advisory  released Feb  2 '96  to select  building hackers -
Re-released Jan 14th 97 to the general public.

   LLL         00000000      PPPPPPPP      HHH     HHH   TTTTTTTTTTTT
   LLL        00     000     PPP     PP    HHH     HHH        TTT
   LLL       000    0 000    PPP     PPP   HHH     HHH        TTT
   LLL       000   0  000    PPP     PPP   HHHHHHHHHHH        TTT
   LLL       000  0   000    PPPPPPPP      HHH     HHH        TTT
   LLLLLLL    0000   000     PPP           HHH     HHH        TTT
   LLLLLLLL    00000000      PPP           HHH     HHH        TTT

Who says we don't have a sense of humor!

First you were  given Monkey, the  MD4/MD5 s/key cracker  program that
works  with  either  sniffer  logs  or  /etc/skeykeys  data.  Next you
were told of a blatant flaw in the current implementation of  Security
Dynamics' SecurID card  where you can  trivially predict the  passcode
of a person about to log in  (oh so sorry, did we forget to  post that
one?).  Lotus  Domino was cakewalk  for Weld as  he cut-and-pasted his
way to spoofing  their server. Sendmail  8.7.5 stayed in  place pretty
long until we finally brought its demise. Kerberos 4 turned out to  be
the hackers friend. This month a  hack close to the heart of  computer
enthusiasts everywhere is unveiled (complete with ascii art!).

Inspired  by  the  lack  of  truly  K-RAD G-Philes floating around out
on the  net, following  in the  style of  such greats  as the Stoner's
Hymnal and the Countlegger files. We'd mention the influence of greats
such as cDc but that should go without saying! L0pht Heavy  Industries

How to scam coffee from  FILTER FRESH coffee vending machines.  [trust
us  about  this  fun  one  as  next  week  the  potato-head  hits  the
proverbial fan with a couple of big companies - besides we needed  the
caffeine to take on the upcoming giants]

    Before you go on, re-read that last paragraph - paying special
    attention to the last part!!!

The motivation:
- ---------------
Suppose you  don't work  at Microsoft,  Sun, or  any of  the companies
that provide free hot caffinated beverages to their employees. It's  a
sad day when you find  yourself at work (or scrounging  around someone
elses  place  of  employment...  I  dunno,  perhaps leaving a portable
sniffing laptop up in the  acoustic ceiling tiles) around 2am  and the
only coffee  available is  from a  FILTER FRESH  vending machine. It's
even sadder when you are being asked to deposit .55 cents for an  8oz.
cup of really poor java.

The culprit:
- ------------
The  particular  model  under  scrutiny  is relatively distinctive. It
stands about 2' tall and about 1.5' wide with a section on the  bottom
left to  insert your  cup for  the monstrosity  to spit  joe into. The
upper  left  corner  will  most  likely  have an emblem similar to the

|                           .......    |
|                           *******    |
|  FILTER FRESH              #####     |
|                             &&&      |
|      Coffee Excellence !             |
|                                      |

Beware! There  are two  main different  models of  these. One exhibits
the 'flaw' while the other doesn't. Both have LED/LCD displays in  the
upper left corner that spout  the following message in stand-by  mode.
Right next to it is a button labeled 'Start'.

 -------------------         -------
| For this choice   |       |       |
| Insert       $.55 |       | Start |
 -------------------         -------

Or some  similarly outlandish  price for  a cup  of coffee.  Remember,
above all else, coffee wants to be free!

Both models also have the standard selection of 'cell-membrane'  style
buttons to the right of the logo and under the LED/LCD.

|  cup size |   Coffee                                    Hot Water
|  -------  |   ------------------------------------    --------------
| | /     | |    --------    --------    --------          -------
| |/ sml  | |   | /      |  | /      |  | /      |        | /     |
| |       | |   |/       |  |/       |  |/       |        |/      |
|  -------  |   | Coffee |  |  Decaf |  |  50/50 |        | Water |
|  -------  |    --------    --------    --------          -------
| | /     | |    --------    --------    --------          -------
| |/ lrg  | |   | /      |  | /      |  | /      |        | /     |
| |       | |   |/       |  |/       |  |/       |        |/      |
|  -------  |   |  Mild  |  | Medium |  | Strong |        | Carafe|
 -----------     --------    --------    --------          -------

                                  ---------    ---------
                                 | /       |  | /       |
                                 |/  Hot   |  |/ Mocha  |
                                 |Chocolate|  |   Java  |
                                  ---------    ---------

One model will have the buttons 'Hot Chocolate' and 'Mocha Java' while
the other model does not. This scam has worked on most of the machines
that *do*  have the  extra buttons  (at least  that I've come across).
NOTE:  sometimes the pad connectors  are still there but the pads  are
not. On  the machines  that normally  do not  have these extra buttons
you will only see one hole for a led. On machines that would  normally
have these buttons you will find holes for two led's.

The Flaw:
- ---------

It seems it is a default  software setup (firmware?) as it comes  from
the distributor.

The exploit:
- ------------
The machine will undercharge you for the same selection if you specify
carafe. To wit:

1) press the "coffee" button.
2) press the  "strong" button (hey,  it's gonna taste  nasty no matter
   what  you  pick...  You  didn't  think  it  was  _really_ fresh did
   you?!?.  Might as well get a caffeine kick out of it).
3) press the "carafe" button.
   The LCD/LED will change it's display to:

       | Press 'carafe'   |
       | for each cup     |

4) deposit your .25 cents
5) press the 'start' button.

You just  saved your  scrawny little  ass .30.  If you  are a poor sod
who  is  unfortunate   enough  to  work   at  a  company   with  these
monstrosities and don't have other  means for coffee at odd  hours you
can save yourself a small bundle over the period of a single month.

Month X = 30 days
Weeks in month ~4
Work days in month 20.
Cups of shitty coffe consumed per day = 4
Normal price = 20 X 4 X .55 = $40
New Improved price = 20 X 4 X .25 = $20

Hey, that's a case of the  _good_ beer you just saved for!  Maybe that
will help you to forget you work in such a sweat house!

[note to our friends at Filter Fresh Co.:
Don't buy us!  We aren't very  thrilled with your  coffee. We also  do
_not_ want  you to  send us  scantilly clad  women as  we don't  think
you  would  do  a  much  better   job  choosing  them.  We  will   not
continue to drive you insane  by picking apart your coffee  kiosks and
posting  the  exploits  publicly  to  the  world.  You  can send money
if you  feel like  it. It  will be  used to  help switch various l0pht
members  over  to  decaf  corinthian  coffee. Actually, that last line
is a lie  as all we  drink is beer  and Coca-Cola... ahhh  we give up,
Scriptors of  Coffee we  ain't. This  one goes  out to  the SOD  guys:
come back from  vacation! We can't  stand the boring  nothingness that
each day brings without your p1mpin sk1llz.]

The guys and gals (hi Meg!) at L0pht Heavy Industries.

MOTD: "Careful now. Ya'll might tip over da trailer!" - Raven

Version: 2.6.3i
Charset: cp850
