My Life As a Hacker

Many of you probably know by now that a pet peeve of mine is books that get the computer stuff wrong at a fundamental level. For some reason I was thinking lately about an incident at a previous day job. I’ll tell you guys about it because it was kind of funny in a Dilbert sort of way.

The company I worked for used a third party application that was a POS (by POS I do NOT mean Point of Sale I mean something else). The back end of the app was SQL Server ( a very expensive database). Oh my god this app was a nightmare. Poorly designed, and worse, designed with obfuscation in mind. There is a saying Security By Obscurity which any reasonably adept techie knows is a completely stupid way to design anything. You won’t stop the people with the skills to do you damage…

Anyway, one of the things this application did was assign documents an identity — like ZZ578490894 except every single document began with the same 2 character alpha prefix and there was (supposedly) no way to change that prefix (because, as I discovered, it was hard coded in the application software layer, not in the database where it belonged.)

We had a production version and a test version because, doh, you don’t want to train people or test new things against your production database. The problem was that there was an overly complex and error prone method for connecting to the test version which we could do nothing about because of the way the app was designed. Sad. Users would open up the test version of the software, but the series of stupid and complex steps that switched the users’ database connection from production to test often failed and they remained, unknowingly, connected to prod.

One thing that happened all too often was that people THOUGHT they were connected to test when, in fact, they were connected to prod, and production documents would get overwritten by test documents. ACK!!! We complained bitterly to the application developers and met with scorn. Seriously. It was not their fault, the vendor said, if our users were inattentive and perhaps not very smart and besides, their process never failed anyway. Why, it always worked if you followed all the steps! They also did not understand why we would ever want to have a different document prefix.

Sidebar: If you are generating an ID that always contains some bit of information that is always the same no matter what, then why waste the processing cycles to generate the identical bits? Why waste the database storage space? (For database geeks only: the field was defined as CHAR 12 or 14, I can’t recall which). Why do this at all? The information is, by definition, meaningless.

Anyway, I had the brilliant idea that we would find a way to change the letter prefix of the document ids such that when someone was connected to the test application, no test document could ever be generated with the same ID as one in production because the prefix would be different. Genius!! Research revealed the above mentioned hard-coded values in the software layer.

But I am not so easily deterred in the face of idiot rules and results.

I did a SQL profiler until I found the SQL code that executed during the generation of a document ID, then looked at the SQL code and derived the likely candidates for this software layer bit. I then searched through the application dlls, downloaded a hex editor and opened up all the likely candidates until I found the one that contained the hard coded values. Then I changed the values and, with the assistance of someone who knew more about dlls than I did, recompiled the file and copied it into the test application directory, replacing the original dll. This took all of 15 minutes, not including the research time.

Voila! In our test application, documents were now generated with a different prefix ID. Of course, we were unable to admit we’d done this as it was (ahem) not exactly legal in the eyes of the application vendor. But we were now preventing serious production errors and saving the time to attempt to recover or recreate the original documents.

Sometime later, in meetings with the application vendor, the subject of generating different document prefixes came up. The vendor stressed how useful this feature would be (which they had previously scorned) and that it would be worth it for us to pay them thousands of dollars to write the upgrade to their code. There were many zeroes attached to their proposal. We declined.


Oh, and the ironic beauty of this is that no one ever suspected the girl of having done this.


Tags: , ,

Comments are closed.