The Challenge:

The trick was to figure out how to get certain “four letter words” past the chat app’s filter and into the main chat window without the word being munged by the system.  Most chat applications filter out obscene words through a string matching system and replaces it with something that is much less offensive, usually a series of asterisks.  The only thing I could use was straight ASCII characters, and I couldn’t use any “img src” HTML tags to do the dirty work (literally).

The Analysis:

All HTML code that is rendered is associated with something called a character set (or code page from the old MS-DOS days).  These character sets associate any character with a certain number (often called it’s ASCII value).  Although some characters are standard on all character sets, (like “a” = 97),  some control characters and characters above 256(decimal) change significantly.  In order to properly convey these control characters via the web, urlencoding was created and implemented as part of the HTML spec.  What this means is that every character in a character set can be represented in HTML through the use of the percent sign (%) modifier. The syntax for this was %(ASCII value in hexadecimal). The general idea was that if you typed in a russian name using symbols not found in the Latin alphabet, these symbols could be properly represented on the server side.

With that in mind, I examined the UTF-8 character set.  In this example, I’ll use the word “taco” to represent the offending word.

How it’s done:

The process for this is as follows:

1. Find the ASCII value for each character in the word
2. Find the hexadecimal value for the ASCII value
3. Add “%” in front of that number
4. Insert a “null” character somewhere.

For reference, you can use this chart which gives you the ASCII and the ASCII in hex values already

From the chart, we see the following information:

t = 116 (decimal) or 74(hex)

a=97(decimal) or 61(hex)

c= 99(decimal) or 63(hex)

o = 111(decimal) or 6f(hex)

Using this information, we can then create our string, inserting the % where needed.  %74 %61 %63 %6f

Only one item remains.  In order to spoof some of the more intelligent content filters, you need to put a null character in there somewhere. This throws off the content filter and makes it think that there are different characters represented.  For this, I used character 0B which does not have latin equivalent and is a control code that does not render in HTML.  I used 0B because 08 rendered as a tab in testing.

Knowing this, I inserted the null character between the urlencoded “a” and the urlencoded “c”: %74 %61 %0B %63 %6F

Testing it out:

All that is needed to test it is to copy and paste the above string into any chat application and hit send. You will need to remove the spaces from between the characters otherwise your application will treat them as renderable characters as well.  If it works, you’ll see the word “taco” in your window.  Now you know how to get past content filters.  If you are in the business of building content filters, now you have a new strategy for blocking people abusing them.

Don’t be a prick!

I posted this information with the hopes that people may find it useful, not so that script kiddies can run around and make asses of themselves.  Be smart about how you use this information and last but not least, DON’T BE A PRICK!

It has been a rough couple of months with the site migration to the new server, but I’m hapy to say that the migration was a success.  New tools have helped me completely overhaul the YWIV site into something that at least looks like it was coded in this century.  Read more to find out what all I have in store for this site.

I’ve been wanting to do this for a long time.  After purchasing this domain name, I figured that instead of hiding my hacks and mods on my other site Theratshack.net I would post them here as some of them are really nice and deserve a lot of attention, and some of them are quick and dirty “Git-R-Dun” hacks or mods.

This site isn’t all about me however, although I will be the one posting a lot here.  I want to make this a community site, so if you have something you want to post or an article or hack that you have performed and want me to show it, please let me know!  At this time I don’t have a contact form up, so just drop me a line as a comment to this post for now.

With that being said, in the next few months, I hope to be doing the following:

• Convert my existing hacks and mods to the new site, along with pictures and updated information
• Create forums for public discussion of new techniques, processes of modding and hacking, discussions of parts, equipment,  and all things hardware hacking related.
• Continue with my reviews, editorial posts and comments about hardware hacking, Linux modifications and like minded stuff
• Contiue my focus on being community driven in regards to new topics posted.

I apologize that I don’t have much in the means of content right away, but the site will be updated frequently until all modifications from TheRatShack.net have been converted, then I’ll determine a set update schedule for which to post updated hacks and howtos along with related news in the popular media, information about new suppliers and sources for parts and other such stuff.

Enjoy!

FIRESTORM_v1