Copy Link
Add to Bookmark
Report
Dissident 02
a penguin palace publication [lineshift studios]
$$$$$$$$$
$d:::::::::b#$$ ....werd....
,F$::::::::::::::m$$$ ...::d#############b.
.%@::::::;``:::::::::$###$..:::##################n,
t::::::V'`#$#`$::::::####$.:::r######'^``^\#######.
`;$::::$##$$##q:::::p###$$..:::####:`'.:..:`:#####:
Y::::$##$$##`$::::####$$..:::####:::':..:::#####:
$::::p###$$##$::::####$$..:::####$:::..:..:#####:
$::::###$$$##@::::###$$$..:::####$:::..:::####:
$::::b##$$$##$::::###$$$..:::####&:::..:::*#####:
$::::#$$$##&::::###$$$..:::####$:::..:::*#####:
$::::$##$$$##$::::###$$$..:::####$:::..:::####:
..fjear...$::::@##$$$#!:::::::###$.:::####:b;:::..::$#####:
f:::::Q##$$$##q:::::::##$.::#######::::..:$#####.'
t:::::y##$$$###o:::::::::########$:':::..::$#####$
d!:::!b##$$$$###'Q:::::::#######%!`:::...:: $#####:
`:$:$%' ^~^~~~^^~~~^~^~' @$$!b;
$:|:; q$&P
#$"' { Dissident } `q;
| [08/99] :
.
,
ÕÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍ͸
³ Disclaimer ³
ÃÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ´
³ "Congress shall make no law respecting an establishment of religion, or ³
³ prohibitting the free excercise thereof; or abbridging the freedom of ³
³ speech or of the press; or of the right of the people peaceably to ³
³ assemble, and to petition the Goverment for a redress of grievances" ³
³ ³
³ Under the above Law set forth in the First Amendment To The Constution ³
³ Of The United States Of America, The Author releases this work into the ³
³ pubic domain for INFORMATIONAL PURPOSES ONLY. ³
³ ³
³ Some of the things mentioned in this issue may be illegal/immoral/dumb. ³
³ So don't do anything or something. If you do something that you read ³
³ in this 'zine, and you get caught/hurt/maimed/killed/pissed off/raped, ³
³ it isn't our fault. We're not responsible for your stupidity. ³
³ ³
³ Any similarities to persons living, dead, or living now but soon to be ³
³ dead are totally intentional and are included with extreme malice and ³
³ prejudice! We bloody hate you! ³
³ ³
³ Dissident is written for educational purposes only. Kids, don't try ³
³ this at home. This publication is protected by international copyright ³
³ law. (c) 1999 Penguin Palace ³
³ ³
³ ³
³ With that said, we're not fucking responsible. Fnord. ³
ÀÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÙ
ÕÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍ͸
³ Staff and Friends of DPP ³
ÃÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ´
³ Staff: ³ ³
³ Editor-In-Cheif: Hatredonalog [hoal@penguinpalace.com] ³
³ Co-Editor: Pinguino [pinguino@penguinpalace.com] ³
³ Co-Editor: Secret Squirrel [ssq@penguinpalace.com] ³
³ Head Writer: MMX_Killa [mmx@unibiz.net] ³ ³
³ Staff Writer: Widge [nanlokd@yahoo.com] ³
³ Staff Writer :: The ThinkTank [thinktank@penguinpalace.com] ³
³ Staff Writer :: weev [weev@penguinpalace.com] ³
³ ³
ÀÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÙ
ÕÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍ͸
³ Table of Contents ³
ÃÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ´
³ ³
³ Introduction.......................................................hoal ³
³ Kill Virginia Congressmen..........................................weev ³
³ Cracking Yahoo! Messenger Passwords...............................Widge ³
³ TELUS Mobility; Panasonic EN-POWR Pager Exploit...............The Clone ³
³ Coilguns!..........................................................hoal ³
³ Defcon VII review. blurred edition...............................zhixel ³
³ LASERs - Theory and Safty...............................Secret Squirrel ³
³ LASER Spirograph........................................Secret Squirrel ³
³ ³
ÀÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÙ
ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ
Introduction
Hoal [hatredonalog@hotmail.com]
Ok, This is the last issue of Dissident. I don't know if someone else
will continue it, but others have shown interest in taking my place, and
they are welcome to. What is this about you ask? Well, i'm resigning.
I have come to a point that I am unable to do this anymore. First, school
is coming up again, and I can't really spend the time to Solicite for
articles constantly, fight with the other staff members, Proof-Read, Edit,
and have to fix weev's articles every month. However, i am not completely
out of the scene, as i am taking a position as a staff writer at the Phone
Punx Magazine (http://fly.to/ppn) which seems to be more of what i've been
looking for. Hasta.
ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ
ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ
Kill Virginia Congressmen
weev [auer@vaix.net]
I'm sad to say, but the congressman from Virginia, my state,
are pushing bills that will degrade internet quality. These
bills are extremely likely to become law. The government
says it doesn't pick winners, it just monitors business
actions, but in the end, the congressmen sitting on their
money laundering asses in Washington are filling their pockets
at the expense of the overall quality of the internet.
The FCC has been extremely cautious in defining the bandwidth
limits of the word "broadband". They started the definition at
200kbits/sec. Now, bandwidth demand has pushed that definition up
to a few megabits per second. It really has been perfectly
defined by user needs.
But Bob Goodlatte(r), and Rick Boucher(d), are pushing two new
bills, HR 1685, the "Internet Growth and Development Act of 1999,"
and HR 1686, the "Internet Freedom Act", will redefine the FCC's
carefully planned definition of broadband.
For once, I'm with the FCC. What this will do is take the
definition of broadband back down to 200kbits/sec. And that's
actually worse than the original definition. The FCC's old standard
was 200kbits/sec dual stream, up and downstream. This definition
only requires that one channel be above 200kbits/sec. That means your
friendly local telco can force in some asymmetric HDSL stuff
that's 200kbits a second upstream, but the speed of a 9600 modem
downstream, and call it broadband. And, oh yes, once they make the
bill law, that will solidify that definition, and nothing can change
it back except the implementation of a new law.
This makes me sick. The government is giving a monopoly to DSL
providers, like GTE and USWest, and cursing alternatives. The bill
will take years to change if it becomes law. DSL will probably need
to be replaced by fiber in five years anyway. So bribing two
Virginia congressman is their way of ensuring victory for DSL, and
being able to push second rate crap on people, and not have to install
a new network of fiber, which saves the telcos a couple billion.
Let's run through Boucher's description of the bill: "Telephone
companies will be required to file plans with state public service
commissions for the deployment of DSL services in all local exchanges
where the deployment is both technologically feasible and
economically reasonable. Today, only 50,000 subscribers nationwide
have DSL service. Our legislation will result in those numbers
increasing dramatically.... We also seek to encourage competition in
the provision of DSL services by reducing the regulatory burden of
DSL for telephone companies which agree to make reconditioned loops
for the provision of DSL services available in a timely fashion with
competitors."
Sadly, this description is quite true. Here's what's going to happen.
They aren't going to make any more backbones. There won't be any more
economic incentive to, since they've got the government keeping the
FCC of their backs. They're going to trick thousands of small communities
into wasting their tax money on this brand new shiny broadband, and
then not give it to them, because it's going to be a one channel
200kbit/sec speed and then the other side is going to be as slow as a
fucking 28.8 modem. Any new backbones they need to keep themselves from
overloading, or dropping below the required 200kbit/sec limit are going
to be 40% vdsl. And they're going to divide it into clusters, having a
bunch of VDSL networks chained together.
Server-to-server load time will explode. And for all you IRC kiddies,
networks will be split into clusters because of the load times.
What can YOU do to stop this from happening? Write your local
congressman. If you're near DC, you can attempt to get a speaking spot
at the hearing of the bills, like I am. If you can think of any other
ways to do it, then carry them out. Whatever you can do, keep these
bills from becoming law.
ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ
ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ
Cracking Yahoo! Messenger Passwords
Widge [nanlokd@yahoo.com]
(introduction)
For some reason or another, instant messaging has become very popular
recently, with the likes of AOL, Microsoft, and Yahoo! releasing all of
their own crappy versions. There is, of course, a lot of arguing over the
messaging protocols right now, but that is not important. All we care
about is that Yahoo! has a fairly simple passwording scheme to crack. So
simple, that any common man (or woman) who walks upright, could easily
crack it in his or her head. But for the sake of the people who don't
care to use their brain every once in a while, I have coded a neat little
( actually it is big and clumsy - just look at the code ) program that
will crack a Yahoo! Messenger password that you throw at it.
(the scheme)
When some loser signs on to Yahoo! Messenger and toggles the "remember
password" box, an encrypted value is stored in the registry. Just go to
HKEY_CURRENT_USER/Software/Yahoo/Messenger/YahooPassword! and you will see
it. When a password is stored in the registry, it is broken up into
chunks of three characters which are then encrypted into four character
chunks. So, if "abcdefgh" is our password, it would be broken down into
"abc", "def", and "gh" which would then be encrypted. In the registry, it
would look like this, "YWJjZGVmZ2h=". YWJj == abc, ZGVm == def, and Z2h
== gh. A single character will look like this "Yw==" in the registry.
Don't worry about the equal signs, they are just padding. The first two
characters of an encrypted chunk correspond to the first cleartext
character, the third encrypted to the second clear, and the fourth
encrypted to the third clear. The encryption algorithm (if it can be
called that) contains nothing mathematical. It is at best, a semi-complex
puzzle. Anyway, if you really care to figure out just how this encryption
is implemented, look at the source code. But, you'll have to know C to
understand it. But I'm not guaranteeing that you will be able to
understand my code, bear in mind, I am not a very good programmer.
(what the hell is it good for?)
To most people, probably nothing. But maybe to those types that use Back
Orifice or NetBus or whatever else is out there, you just might find a use
for this. Say for instance, you "hax0red" your way onto some computer
using some stupid Trojan horse. If they have yahoo! messenger, you can
open up their registry and steal their username and password. Using
yahoo! messenger, I believe you can read their e-mail or you can just be
'l33t and masquerade as them. But, if that is too juvenile for you, you
can check out their stock portfolios and take advantage of our bull
market. Regardless of how you use it, you're being a little bastard.
(compiling and running)
To compile the code, simply type: gcc yahoo.c or use whatever damn
compiler you have got. It should compile on just about everything as long
as it is ANSI compliant. However, when I tried to compile it on Microsoft
Developer Studio Standard (ver 4.0) and Borland Turbo C (1988 version I
believe - might be 2.something), it didn't quite compile. But you will be
safe if you use gcc, just don't use any Microsoft or Borland products.
To run the program, type: a.out <password> where <password> is obviously
an encrypted password, and a.out is whatever the program name is.
Here is a sample run of the program included here to take up space:
hackme:~% a.out YWJjZGVmZ2hpamtsbW5v
abcdefghijklmno
Now let's look at what happens when this runs. First, it will take the
first block of four characters, "YWJj". "YWJj" is an encrypted "abc".
"YW", will go through first and put "YQ" in fst[]. de_f() will then be
called which will look for "YQ" in one of the f_* arrays. When (if) it
finds "YQ", it will display the cleartext. Then "J" goes through
second(). Here, "J" is turned into "I" and the program looks through
s_letter[]. If it finds a match, it displays the cleartext. Finally, "j"
goes through third(). All it does is go through the l_* arrays looking
for a match. If it finds one, it displays the cleartext. This process
repeats until the decryption is finished.
(disclaimer)
I really do not care how you use this program. If you want to steal my
code and put your name on it, feel free to do so, I don't even care
anymore.
/* yahoo.c - coded sometime at the end of july and into august a bit
coded by widge - nanlokd@yahoo.com - please note that all of these
variable names are fucked up and the code could be written much more
clearly, i apologize to anyone trying to read the code */
#include <stdio.h>
#include <ctype.h>
/* f_lcase contains encrypted characters for the first lowercase character
of a password */
char *f_lcase[] = { "YQ", "Yg", "Yw", "ZA", "ZQ", "Zg", "Zw", "aA", "aQ",
"ag", "aw", "bA", "bQ", "bg", "bw", "cA", "cQ", "cg", "cw", "dA", "dQ",
"dg", "dw", "eA", "eQ", "eg" };
/* f_ucase contains encrypted characters for the first uppercase character
of a password */
char *f_ucase[] = { "QQ", "Qg", "Qw", "RA", "RQ", "Rg", "Rw", "SA", "SQ",
"Sg", "Sw", "TA", "TQ", "Tg", "Tw", "UA", "UQ", "Ug", "Uw", "VA", "VQ",
"Vg", "Vw", "WA", "WQ", "Wg" };
/* f_num contains encrypted characters for the first numeral of a password */
char *f_num[] = { "MA", "MQ", "Mg", "Mw", "NA", "NQ", "Ng", "Nw", "OA",
"OQ" };
/* s_letter contains the encrypted characters for the second character of a
password */
char s_letter[] = "AEIMQUYcgkows048AEIMQUYcgko";
/* l_lcase contains the encrypted characters for the third lowercase
character of a password */
char l_lcase[] = "hijklmnopqrstuvwxyz012345";
/* l_ucase contains the encrypted characters for the third uppercase
character of a password */
char l_ucase[] = "BCDEFGHIJKLMNOPQRSTUVWXYZ";
/* l_num contains the encrypted characters for the third numeral of a
password */
char l_num[] = "wxyz012345";
/* crypt is the encrypted password, l_al is the lowercase letters of the
english alphabet, u_al is the lowercase letters of the english alphabet,
fst holds the characters for the first character of a chunk, mov holds how
much spaces were moved( explained later ), len is the length of the
password, sec holds the second character of the password, ctl does
something, so do x and y, ck is explained later. */
char *crypt, l_al[26], u_al[26], fst[2];
int mov, len, sec, ctl, x, y, ck = 0, num[10];
void first( void ); /* fills up fst[] to be decrypted */
void f_de( void ); /* decrypted fst[] to get the first character */
void second( void ); /* decrypts the second character */
void third( void ); /* decrypts the third character */
main(int argc, char **argv)
{
if( argc < 2 ) {
printf("Usage: %s <password>\n", argv[0]);
exit(1);
}
/* pretty obvious */
crypt = (char *)malloc(sizeof(argv[1]));
strcpy(crypt, argv[1]);
len = strlen(crypt);
/* filling up the alphabet and numerals */
for(y = 0, ctl = 97; ctl < 123; ctl++)
l_al[y++] = ctl;
for(y = 0, ctl = 65; ctl < 91; ctl++)
u_al[y++] = ctl;
for(ctl = 0; ctl < 10; ctl++)
num[ctl] = ctl;
/* this is for passwords that are into neat little chunks. that is, when
you look in the registry, there will be no equal signs */
if( len % 4 == 0 ) {
for(x = 1; x < len; x += 4) {
first();
second();
third();
}
printf("\n");
}
/* this is for passwords with two equal signs */
if( len % 4 == 2 ) {
for(x = 1; x < len - 1; x += 4) {
first();
second();
third();
}
x = len - 1;
/* we can't just call first() because it is stored differently
when it is single. it will be stored as it appears in the f_*
arrays */
fst[0] = crypt[len-2];
fst[1] = crypt[len-1];
f_de();
printf("\n");
}
/* and one equal sign */
if( len % 4 == 3 ) {
for(x = 1; x < len - 2; x += 4) {
first();
second();
third();
}
first();
second();
printf("\n");
}
}
void first( void )
{
int b = 0, pos = 7;
bzero(fst, sizeof(fst));
/* this takes care of numerals. for instance, if we have b2, we have to
take it back towards the lowercase end of the alphabet. so we add an
amount to take it to 'z' on the ascii chart. */
if( isdigit(crypt[x]) )
switch( crypt[x] ) {
case '0': {
crypt[x] += 74;
b = 1;
break;
}
case '1': {
crypt[x] += 73;
b = 2;
break;
}
case '2': {
crypt[x] += 72;
b = 3;
break;
}
case '3': {
crypt[x] += 71;
b = 4;
break;
}
}
/* this sees how much we have to move our character backwards to get to an
'A', 'Q', 'g', or 'w'. if you look at the f_* arrays of characters, you
will see that they all end in one of those letters. we need to know how
much mov is for the second character */
for(mov = pos; mov > 2; mov--) {
switch(crypt[x] - mov) {
case 'A': {
fst[1] = 'A';
break;
}
case 'Q': {
fst[1] = 'Q';
break;
}
case 'g': {
fst[1] = 'g';
break;
}
case 'w': {
fst[1] = 'w';
break;
}
default: continue;
}
if( fst[1] )
break;
}
/* looking back up to the numerals, we add b to mov so we know how much we
moved back a numeral */
if( b )
mov += b;
fst[0] = crypt[x-1];
f_de();
}
void f_de( void ) {
int a;
/* this big, ugly switch statement figures out the cleartext character.
Y,Z,z,b,c,d, and e are for lowercase, Q,R,S,T,U,V, and W are for
uppercase, and M,N, and O are for numerals. you can see that in the
variable declarations. i had to make it a big switch statement, because
any other way would make everything go crazy. */
switch( fst[0] ) {
case 'Y':
case 'Z':
case 'a':
case 'b':
case 'c':
case 'd':
case 'e': {
for(a = 0; a < 27; a++)
if( (strcmp(fst, f_lcase[a])) == 0)
printf("%c", l_al[a]);
break;
}
case 'Q':
case 'R':
case 'S':
case 'T':
case 'U':
case 'V':
case 'W': {
for(a = 0; a < 27; a++)
if( (strcmp(fst, f_ucase[a])) == 0 )
printf("%c", u_al[a]);
break;
}
case 'M':
case 'N':
case 'O': {
for(a = 0; a < 10; a++)
if( (strcmp(fst, f_num[a])) == 0 )
printf("%d", num[a]);
break;
}
default: break;
}
bzero(fst, sizeof(fst));
}
void second( void )
{
int b;
sec = 0, ck = 0;
/* if we moved back 4 or 6 spaces, we only want to look at the first 17
characters. what we do is take the encrypted character and move it down
one letter, and compare it to the characters in s_letter[]. if it
matches, we take the b from the for loop and subtract it one or two and
make that number sec. from this we just plop it in a_* or num and get our
cleartext character */
if( mov == 4 || mov == 6 ) {
for(b = 0; b < 17; b++)
if( crypt[x+1] - 1 == s_letter[b] ) {
/* this thing is just fucked up */
if( b > 10 && b < 13 )
sec = b - 2;
else
sec = b - 1;
}
/* this is used if the third character is a numeral or for some
other odd occasions */
if( !sec )
for(b = 0; b < 17; b++)
if( crypt[x+1] == s_letter[b] ) {
if( b > 10 && b < 13 )
sec = b;
else
sec = b - 1;
ck = 1;
}
}
/* if we moved back 5 or 7 spaces, we only want to look at the last
characters from 17 up. the same crap applies here as did above */
if( mov == 5 || mov == 7 ) {
for(b = 17; b < sizeof(s_letter); b++)
if( crypt[x+1] - 1 == s_letter[b] )
sec = b - 1;
if( !sec )
for(b = 17; b < sizeof(s_letter); b++)
if( crypt[x+1] == s_letter[b] ) {
ck = 1;
sec = b - 1;
}
}
/* if we moved back 3 spaces, it is a numeral */
if( mov == 3 ) {
for(b = 0; b < 10; b++) {
if( crypt[x+1] - 1 == s_letter[b] ) {
sec = b;
printf("%d", num[sec]);
}
}
if( !sec )
for(b = 0; b < 10; b++)
if( crypt[x+1] == s_letter[b] ) {
ck = 1;
sec = b;
printf("%d", num[sec]);
}
}
/* if we moved back over 5 spaces, we have a lowercase character */
if( mov > 5 )
printf("%c", l_al[sec]);
/* if we moved back 4 or 5 spaces, we have an uppercase character */
if( mov == 4 || mov == 5 )
printf("%c", u_al[sec]);
}
void third( void )
{
int b;
/* here, we are taking the last encrypted character and comparing it with
the l_* arrays without mucking around with anything. i think this section
is pretty self explanatory */
if( !ck ) {
for(b = 0; b < 27; b++) {
if( crypt[x+2] == l_lcase[b] ) {
printf("%c", l_al[b]);
return;
}
if( crypt[x+2] == l_ucase[b] ) {
printf("%c", u_al[b]);
return;
}
}
}
/* this is for numbers or other odd things */
if( ck ) {
for(b = 0; b < 10; b++)
if( crypt[x+2] == l_num[b] ) {
printf("%d", num[b]);
return;
}
for(b = 0; b < 27; b++) {
if( crypt[x+2] == l_lcase[b] ) {
printf("%c", l_al[b]);
return;
}
if( crypt[x+2] == l_ucase[b] ) {
printf("%c", u_al[b]);
return;
}
}
}
}
ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ
ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ
TELUS Mobility; Panasonic EN-POWR numeric pager exploit
The Clone [theclone@edmc.net]
Telus Mobility offers to its customers,
few types of paging services. One type is called 'EN-POWR numeric pager'.
With the EN-POWR numeric pager, you get total FLEX coverage.
In other words, you get coverage all across Alberta.
The Panasonic EN-POWR pre-paid numeric pager is only $99.95, and it comes
with 6 months of enhanced service with a limited but nifty selection
of assorted colors to choose from.
"But Clone, I have three kids to feed.
I can't afford this type of service!"
It's completely understandable. That is why I wrote this file.
To show you how to get service that *should* be dirt cheap for
absolutely free.
Lets say that one day you were walking down the street minding your
own business, picking flowers, waving to Telus employees as they drive
past in their goodie-vans, when you trip over a pager that has the
word 'Panasonic' labeled on the top.
This semi-transparent device, with its groovy design is the only thing
stopping you from suing Telus for leaving its property laying around.
Then you remember that it's an EN-POWR pre-paid numeric pager and it
has to be property of someone.
"Hmm..." you think. At this point you can do one of two things;
you can call Telus reporting a missing pager, or you can try to
use your wits to find a way to exploit this.
First lets take a look at the pager features:
Pager features
--------------
· saves 23 messages
· message time stamp
· built in alarm clock
· silent vibration or audible alert
· low battery alert
· shows date and time of day
· selective erase/erase all
· locks important messages
· uses only one AAA battery
· FLEX technology gives you up to
four months battery life
· duplicate message indicator
· reminder alert
· back-lit display
· automatic on/off
'Saves 23 messages', thought of anything yet? ;)
Sure you have my analytical friend. Along with numeric paging option,
you also get a voice-mail paging option which requires you to dial the
number the pager is subscribed to.
So you think "How am I going to get this pager number?"
------------------------------------------
One easy way is to wait for someone to page you.
Usually friends of the pager customer, don't know the pager is in the
wrong hands so they unknowingly send them a voice-message. Bad idea.
The minute they send that message, the data is sent to the Telus Mobility
switch, and straight to the pager itself. What is displayed?
The pager number, silly!
(note: if a numeric page is sent, the numbers
displayed on the screen are whatever the person who sent it typed.)
The next step is easy, you call the number. The next thing you'll hear
is one of two things; 1. the customers message, 2. Telus' default message.
By simply pressing '0' on the keypad, you'll next be prompted by an
automated voice saying: "Please enter your access code".
"How do I acquire the access code?"
--------------------------------
If the customer was stupid enough to set the default access code,
all you do is look on the back of the EN-POWR numeric pager,
and search for the "capcode".
The capcode is the series of numbers at the bottom of the label,
below the Model, Serial Number, Country Code, and ISC code.
It's easily distinguishable by the letter E and a 7 digit code
after it. An example of a capcode is 'E1230948'.
The default access code is the last 4 digits of the capcode.
0948 would be the access code for this pager. Now enter 0948.
If you're lucky you'll get the main menu. My suggestion to you
is to change the access code as soon as possible.
If you're not so lucky, try guessing defaults. 1234, 1111, 1999, 2000, etc.
Until you come across the correct access code. If you're still having
trouble, try selling the pager to some moronic 14 year old who just wants
to look cool in front of his sleazy 14 year old girlfriends'.
Final words
-----------
Now that I've given you step by step instructions on how to
exploit the EN-POWR pre-paid pager, I hope that you've
learned a little bit about how it works.
In the next few months I can see the news talking about
hundreds/thousands of Telus pagers going missing and then used for
the thieves' evil purposes. I'll sleep well at night knowing I was
the one responsible.
THE END
written by: The Clone
June 22, 1999
`Contact info
----
E-mail: theclone@edmc.net
URL: Nettwerked - http://nettwerk.hypermart.net
Voice Mail: So-Soft Corporation - 1-800-494-9831; box 407
ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ
ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ
Coilguns!
hoal [hatredonalog@hotmail.com]
"A Coilgun is a tube surrounded by Super conducting electromagnetic coils.
It can be used to launch (SHOCK HARDENED CARGO) to LEO at extremely high
accelerations. Coilguns with barrel lengths of less than 1,000 miles are
impractical for live or fragile cargo due to accelerations of extreme
magnitude (100s-1,000s of times the force of earth normal gravity)."
- The Electro-Magnetic Propulsion Homepage;
http://www.sover.net/~geoffk/railgun.html
Ok.. well, this article won't cover building anything that fantastic
or large or powerful. It will go over the ideas behind an EMP device,
and how to possibly build one (which I am currently in the process
thereof.)
Part One: Barrel
Ok, the barrel is THE most important part of the device itself. You
have many choices when it comes to this part: How many coils, how many
turns per coil, barrel length, materials, etc.
Now, how many coils is your gun going to use... I would go with
three. The first 3-4 coils provide the most acceleration, the rest
are slightly incremental afterwards, although that does not mean
that they don't help. Consider this: YOU are going to have to wrap
these coils by hand, so you may want to keep the number of coils
down. So, you'll want 4-5 coils in total, which may still be a bit
of work, but not a big deal.
How many turns should you make it? The more the better, but there is
a limit at which the resistance will be too high, and the wires will
melt after one shot. A quick fix for this is using thicker wire,
and/or try to use Class H wire which can sustain up to 365F. Check out
http://www.wiretron.com/magnet.html to figure out what wire is the
right one for your application. The higher the amount of current
that is going to be flowing through the coils, the higher class of
insulation you need. Ok, now that you spent the time reading all of
that buy the highest rated stuff you can at your local electronics
distributor. Make some nice fat coils, but read on to find out how
fat to make them.
The EMP homepage recommends that the barrel be evacuated,
or made into a complete vacuum. Ok, so that's not too realistic...
scratch it. You won't be getting enough acceleration to make air
drag a REAL problem. One source says to use a regular barrel, with a
.258in. bore with 18in. for length. Now, remember, 18 inches is
1 1/2 feet, so the coils will want to be mounted at the rear.
18 in. barrel.
xxx xxx xxxx xxx xxx xxxx
----------------------------------------------
*
----------------------------------------------
xxx xxx xxxx xxx xxx xxxx
Ok, now you have the barrel designed, and there is one more thing you
may want to think of: External Metal. By Sliding the barrel with the
coils around it into an iron pipe, you can add to the magnetic flux,
and thus more power. Figure out the diameter of the inside of the iron
pipe, and that's how fat your coils should be. The accompanied action
is to add iron to the ends (not covering the barrel end.) The only
problem with this is that it could cause your coils to overheat and
melt.
||==============================================||
||xxx xxx xxxx xxx xxx xxxx ||
||----------------------------------------------||
|| *
||----------------------------------------------||
||xxx xxx xxxx xxx xxx xxxx ||
||==============================================||
Ok, That is it for the barrel design.. you should have an idea of
how to play with it a bit. Use the one that is within your price
range and/or capabilities. A schematic for such things is available
at:
http://www.geocities.com/Heartland/Prairie/7745/Images/JPEG/RailGunCoils.jpg
Part Three: Power Source
Next, your going to need a power supply of some sort.
Here are some rough specifications for what you need.. it's got to
be high voltage, high amperage, and quick. How will you accomplish
that? The First way would be to have a timer circuit (you'll need
one anyway.) You'll need something that won't melt your coils, and
will provide the most power.
You'll need to know what ohm your coils are rated at, along with the
maximum voltage of any other components that are on that side of the
electronics. Now, you should figure out how many AMPS you'll be
consuming by firing one coil.. this is found by using ohm's law.
I = V/R : Output Amperage = Voltage Supplied/Coil Resistance.
After that, you'll have to know how often you'll be need a pulse to
fire a coil, and so on.
Some good specs on power supplies for this job can be found at
http://www.oz.net/~jjhansen/coilgun/mark1/powersupply.htm
Another way to power your Coilgun, would be to use a fantastically
dangerous capacitor bank that could kill you, your family, and
most of your neighborhood's wildlife in one good shock. Anyway,
to say the least, you'll need to use higher AWG wire for it, so
the coils won't melt, but the plus side is, you can make the projectile
shoot, a HELL OF A LOT FASTER. To do this, you would probably need
to use a wall socket, which carries about 115vAC. 115 is not a good
number, so you'll probably need to lower it down to a reasonable
voltage using a variac, and then raise it up with a transformer of some
sort. Throw a Bridge rectifier in to filter out the AC (wouldn't be
good for your Capacitor bank.) Follow the bridge rectifier with a
resistor of appropriate value, and your set. Oh, it should all be put
in a serial fashion, as so:
----|variac|---|trans-|---| bridge |---|cap.|----|coil
----| |---|former|---|rectifier|---|bank|-\ -|gun
resistor-^ switch-^
That should get you all fuzzy, and supply you with a bit of juice, but
you should probably keep it low (around 30-40v) as you may need several
pulses.
Timing:
You will need a 555 timer to get a base time for another crucial part,
the coil timer, which will is configured to fire each coil at a specified
time (each projectile will need to be similar in size/weight.) You'll
also need a coil driver, mostly to protect the rest of your equipment.
Such designs and ideas can be found at:
http://www.oz.net/~jjhansen/coilgun/mark1/oscillator.htm
http://www.oz.net/~jjhansen/coilgun/mark1/coiltimer.htm
http://www.oz.net/~jjhansen/coilgun/mark1/coildriver.htm
http://www.oz.net/~jjhansen/coilgun/mark1/coiltimer.htm
http://www.geocities.com/Heartland/Prairie/7745/Images/JPEG/RailGunMainCircuit.jpg
This is all for open-loop design, which expects the projectile to be the
same every time (no detection,) as it fires each coil at a specified time
whether their is a projectile near or not.
http://www.oz.net/~jjhansen/coilgun/mark1/spread1.htm
http://www.oz.net/~jjhansen/coilgun/mark1/spread2.htm
http://www.oz.net/~jjhansen/coilgun/mark1/spread3.htm
Conclusion:
They're big. They're bad. They're expensive. They are really
cool. They can be dangerous, expensive and take a lot of time to make,
but the upside is, you can make them look like large penii. Heh, but
if you made a large enough one, with good aiming, you may be able to
annihilate small animals in your backyard with high speed drywall screws.
Oh, the endless possibilities. Anyway, here, at the end is all the
links mentioned in the article again, for good measures, along with a
few others.
http://www.sover.net/~geoffk/railgun.html
http://www.geocities.com/Heartland/Prairie/7745/Images/JPEG/RailGunCoils.jpg
http://www.oz.net/~jjhansen/coilgun/mark1/powersupply.htm
http://www.oz.net/~jjhansen/coilgun/mark1/oscillator.htm
http://www.oz.net/~jjhansen/coilgun/mark1/coiltimer.htm
http://www.oz.net/~jjhansen/coilgun/mark1/coildriver.htm
http://www.oz.net/~jjhansen/coilgun/mark1/coiltimer.htm
http://www.geocities.com/Heartland/Prairie/7745/Images/JPEG/RailGunMainCircuit.jpg
http://www.oz.net/~jjhansen/coilgun/mark1/spread1.htm
http://www.oz.net/~jjhansen/coilgun/mark1/spread2.htm
http://www.oz.net/~jjhansen/coilgun/mark1/spread3.htm
http://www.intap.net/~j/coilgun/index.shtml
And, if all of this confuses you, just go here:
http://www.iinc.com/~obwan/htc/technogy/s_craft/nailsh.htm
ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ
ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ
Defcon VII review. blurred edition.
zhixel [no-email provided]
after arriving at the Las Vegas airport, I generally stood around and
waiting for my ride to pick me up.. thirty minutes later I got tired
of waiting and manage to take a shuttle to the Alexis park.. and within
five minutes ran directly into teklord (who's kind of hard NOT to run
into, in the first place. :D ) I followed teklord around for part of
the night, along with some green braided girl who went by "illuminati"
or something. (I'd continue to bump into and greet her for the rest
of the con)
I ended up running back to the hotel lobby, buying an overpriced jolt
and happening onto barkode (my ride) and some redheaded guy called
"Erik" (which took five seconds for me to realize THAT was Felix.) I
yelled at barkode and shoved my backpack at him, which promptly
identified myself as "zhixel", and listened to his story about trying
to find me at the airport. From there on we ended up going back to his
room, and spending the rest of the early morning partying at some other
room. It wasn't until 5 something that I ended up trying to sleep on
the couch back at our room.
Friday.
wake up, prepare for the day and run off with Barkode to get our badges
& etc. We manage to track down pinguino (who takes a whole five minutes
to realize who I am and tackle me) and who I find out later to be secret
squirrel.
I follow pinguino around, talk to the goons about setting up the penguin
palace table and end up helping drag stuff in as well. We also went
back to pinguino's room where I borrowed my design consulting skills
to the penguin palace sign, along with running from ping.
the rest of the day was pretty much a blur. later afternoon I caught
Barkode & skrike and went back to our room, meeting logicbox & monkeygrl
at the 3rd pool along the way. I went up and "introduced" myself to both
logic and monkey (which mostly involved my smacking them in the head with
my new T-shirt). We went back to our room and talked it up. I showed
off my cow as well. later a lot various people showed up at the room and
we ordered Chinese food.. and many proceeded to get rather drunk. some
guy by 'runt' showed up later.. and continued to get amazingly fucked
up, spew all over barkode's bed, and pass out and get dragged out and
later taken to the hospital .. fun. I followed several people around,
including Felix, before returning to the room, watching TV, talking to
the cleanup service. barkode & prophet & signine showed back up at various
times and we all slept. I don't quite remember how I slept, but needless
to say it was uncomfortable. I think I gave up and took barkode's bed
before he came back and I stole his sheet and took the floor. unsure.
perhaps that was Saturday night.
Saturday.
more blurriness. I hung out with some kid by 'kp2' carrying around his
sparc & etc. bought more shirts. I also really wanted to go with pinguino
and gang to the star trek experience, but my feet really hurt by that time..
so I hung around someplace. Probably with the tananda 804 girl that I met
the first day (which was a surprise), and painting her nails. I also
recall talking to psykocat & various people back at the room, which was a
total blast. logic, signine, prophet, barkode, & I slept back at the room.
I think...
Sunday.
more blur. I recall hanging with penguin palace some more. getting a
tori-do CD from ping, sitting at the table with pesto offering to sell
various things for three dollars. I wandered around, hung out with skully,
sloth, asphyxia, and some others in their room, resisted peer pressure..
ended up following tananda for most of the night, we joined some hack
Canada people at the AmeriSuites hotel.. before going back to the pool
party at the Alexis park.. I left and went back to tanda's room, and got
some sleep before we had to leave around six in the morning.. we took a
taxi to the airport and had to run to catch our flight..
The details of Saturday and Sunday are somewhat blurry, mostly cause
I can't remember the details or when what happened.. I didn't even get
drunk either. heh. I do remember sitting up front and center when Carolyn
Meinel & Some other guy got into an argument over capture the flag, and
both ended up getting kicked out. Most awesome.
ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ
ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ
LASERs - Theory and Safety
Secret Squirrel [ssq@penguinpalace.com]
-=[ INTRODUCTION ]=-
This document wasn't written to provide every bit of knowledge that exists
on LASERs, but rather to give a general overview of how they work, and some
safety issues that you should be aware of when working with LASERs. There
is a more complete (but not totally complete :) document that I wrote which
appears in System Failure Issue #9, which is archived at
http://www.penguinpalace.com/
A LASER is a light beam. This beam has 2 properties that other light
sources don't have. LASER beams are both monochromatic (a single color) and
coherent (all the light waves are the same, going the same direction, and
the same phase). The difference between LASER light and a regular light
bulb is like the difference between a single tone and static on your TV.
Here is a short list of some of the larger moments in LASER history:
1917 Einstein first comes up with the theory of a LASER
1954 The first Microwave LASER (termed MASER)
1960 First optical LASER
1966 First gas dynamic LASER
1984 First X-RAY LASER
1993 Gas contact plasma LASER
As you can see it has been nearly 100 years that the idea of a LASER has
been around. Now, to a large degree we are very dependent on the LASER.
>From CD players, to Fiber Optic communications (both voice and data),
to LASER light shows, to industrial cutting and welding, to medical and
surgical procedures, the list goes on. The unique characteristics of
LASER light - monochromicity (the light is all the same color or wavelength)
coherence (all the waves are in the same phase), and directionality (the
beam is either well collimated at the beginning or can be easily collimated)
make this all possible.
But what is a LASER really? Well the word LASER is an acronym for
Light Amplification by Stimulated Emission of Radiation. Light Amplification
is pretty easy to figure out what it means. To take a light source and
make it stronger. Stimulated Emission of Radiation is a little trickier.
This is what Einstein first came up with back in 1917. He theorized (and it
was later proven) that if you take a molecule and stimulate it to an excited
state and then hit it with a photon, it would release a photon of the same
wavelength, phase and direction. When this photon is released the molecule
will return to its unexcited state. As more and more molecules release photons
more and more photons get released as they bounce around in the lasing medium,
and finally they come out and the LASER beam is there.
The output of a LASER can be pulsed or a continuous beam. It can be visible,
Infrared, or Ultraviolet. Its power can be less than 1 milliwatt, or millions
of watts. With all these differences, there are a few things that all LASERs
have in common:
1. A lasing medium. This can be a solid, liquid, gas or semiconductor
which can by pumped into a higher state.
It must be possible to boost the majority of the lasing medium
to an upper energy state called a population inversion.
There must be a downward transition triggerable by stimulated emission
2. A means of pumping energy into the lasing medium.
A flash on a ruby rod for instance
AC or DC charge on a gas LASER
3. A resonator. In most cases this is a pair of mirrors, one at each
end of the LASER, which allows stimulated light to bounce back
and forth through the lasing medium. This is called a Fabry-Perot
cavity.
Nitrogen LASERs have a mirror only at one end.
-=[ SAFETY ]=-
I am sure that most of you have heard that you shouldn't shine a LASER into
your eye (or anyone else's for that matter), and some of you have probably tried
to see if you can. While you may have noticed that there is a momentary
blindness created when you do that, the risk of more permanent damage is
high.
A coliamted beam represents the rays from an object at infinity. If you
eye is focused for distance and you shine it in your eye, you eye will focus
it onto a very tiny spot on your retina, which can burn your retina, causing
permanent damage. The action of the focusing is much like taking a flash
light with an adjustable beam. If you spread it out you can see a lot
of stuff, but none of it is very bright. If you adjust the beam so that
it falls onto a small spot (this works well with maglites) then that spot
is bright, and you can see it more easily. Well the output of the flashlight
is the same, its because its all focused onto a small spot that it appears more
powerful. So even a weak laser pointer can cause damage depending on your
eye, and how its focused.
Now, lets talk about power output. Most laser pens are under 5mW. That
may seem like a small amount, especially since you have 100W light bulbs
in your house. But what you may not be aware of is that 100W light bulb
refers more to the current pull than the brightness of it. Only about
5-10W are output in the visible spectrum (most of the rest is given off
in the IR portion of the spectrum).
This light is spread out in all directions (remember the maglite above?)
and the power density is very small. At 10cm from a 100W light bulb (assuming
the visible portion is 6W) the power density would be about .05mW/sq. mm. At
1m (3.3 feet) it would be about .0005mW/sq mm. A 5mW LASER (like most pen
LASERs are) would actually be brighter at 1m, and closer it may be more intense
(because the beam will spread out in a cone, when you are closer the beam hits
a smaller spot, and so it could be 10,000 times more intense if its only 1mm
in diameter).
At mid-day the sun at the Earth's equator on a clear day has a power density
of about 1mW/sq mm. Very low power LASERs can be as damaging to your eye as
the sun can.
With that said, I will now like to point out some good practices when
working with LASERs.
Always wear goggles.
There are certain types that work better for certain
LASER power outputs as well as the color of the beam.
You want to prevent the beam from hitting your eye
although preventing other stuff from hitting your eyes
when you are making a LASER (or other project) is also
a good idea.
Never point a LASER at anyone.
This is actually a law in many states now. It is
considered assault if you shine a LASER onto someone
and a lot of police officers really do not like it because
it looks like a LASER sight that may be a on a gun.
If you have a LASER show, keep the LASER above everyone else.
It is a law (at least in most US states) where if you
do a LASER light show, you must have the LASER itself
at least 15' about the ground, and must shine it onto
a target at least 15' above the crowd. This is to prevent
accidental exposure to the beam. This is also a good idea
since you never know where the beam is going next (when you
are watching the show :) and you never know when the person
next to you is going to bump into you pushing you in front of
the beam.
Accidents happen when you aren't watching for them.
If you knew when an accident was going to happen, you would
be able to prevent them. By their nature you don't know when
they are going to happen, and as such cannot prevent them
from happening (all the time). Because of this, if you are
going to make a quick change to something, follow common
sense. If you are working on a LASER unplug it. It may be
that you spill your soda onto the power switch, which causes
the LASER to fire, and it hits a mirror and ... Or any
number of other things.
ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ
ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ
LASER Spirograph
Secret Squirrel [ssq@penguinpalace.com]
You should have some familiarity with a LASER by this point, so I wont explain
here basic safety, or much about how a LASER works (and for the most part
that is irrelevant to this article). All that you need to know is that
a LASER shoots a beam of light in 1 direction, and how to make it do that
(by hooking it up to the correct power source).
Because power supplies vary from LASER to LASER, I will not cover that here,
that information should be included in your LASER, or should be available from
the manufacturer of the LASER.
What I will cover is how to make a cheap LASER light show system. While this
system wont draw text on a wall, it will create a neat pattern, which is
somewhat configurable. This is a good first LASER project as well, because its
cheap, and easy to make.
First lets cover some basic facts. When you power up the LASER a beam
goes in 1 direction. That beam doesn't bend, or curve under normal conditions.
If a LASER beam hits a mirror, it will bounce off at the inverse of the
angle of incidence. What this means is that if you hit a mirror at 45 degrees,
it will bounce off at 45 degrees, but instead of coming straight back, it will
continue on just bending slightly. See illustration below:
LASER origin Reflected path
\ /
\ /
\ Z /
\ /
X \ / Y
-------------------
mirror
Another way to proof this, is that angle X + Y + Z == 180. This is even true if
the beam is straight at the mirror, because X=90 Y=90 Z=0.
Armed with this knowledge, you can see how its easy to draw a circle. Move
the mirror so that the LASER is reflected onto a wall, and the spot where
it hits is a circle. If you move the mirror fast enough, it will appear to
be a solid line, and not a dot.
Now, one circle alone doesn't make a Spirograph. A Spirograph is really a small
circle moving around in a large circle. So to do that we need to add another
mirror. This mirror needs to get the reflected path from the first mirror. This
will cause the Spirograph to appear on the wall.
If you are playing with lasers and mirrors already, you may notice that its
easier to get the reflected beam into a smaller mirror if the mirrors are close
together. Using this knowledge you can purchase smaller mirrors when you go to
assemble the project.
Now, to make the mirrors move in a way favorable to cause the beam to go in a
circle, you should epoxy them onto the shaft of the motor at a slight angle.
Too much angle and they will make a really big circle, and you may have problems
getting the beam to stay on the other mirror. Too small of an angle and it wont
make a large circle, and it wont be that impressive. I suggest between 2-5 degrees
for most applications.
Supplies needed:
1 LASER (can be a LASER pen, much like Target sells for $5-$10)
2 Mirrors (front surface mirrors are best, but for this, it doesn't
matter that much)
2 Motors (these must be variable speed motors - should work off 9v)
2 100k potentiometers
1 9v Battery connector
1 Case (optional, and you may want to get this after you assemble
everything so you know exactly what size to get for your
final project)
Some epoxy
Some wire to connect the battery, motors and potentiometers
Because it would be very difficult to express this in an ASCII drawing I am not
even going to try. Instead I have included a .GIF image of the schematics. This
is a really simple project, and shouldn't take that long to build. For the mirrors
you can try a local art & craft store, or get good ones for LASER projects (and
some other goodies) at places like http://www.mi-lasers.com/ They typically have
mirrors, scanners, etc to make some neat effects if you want to play a little.
They also have fog-in-a-can, which makes the beam more visible. Radio Shack
should have everything else that is needed for this project.
ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ
-EOF