[HN Gopher] AOL 3.0 reverse engineered
___________________________________________________________________
AOL 3.0 reverse engineered
Author : pbear2k21
Score : 233 points
Date : 2022-06-05 12:03 UTC (10 hours ago)
(HTM) web link (g.livejournal.com)
(TXT) w3m dump (g.livejournal.com)
| techwiz137 wrote:
| The website hijacked my mobile Firefox browser and did not allow
| me to go back no matter how many times I pressed back.
| jeroenhd wrote:
| Hold the back button, you'll get a list of previous URLs to
| jump back to. Works similar to right-clicking the back button
| on desktop. Still pretty annoying, though.
| karaterobot wrote:
| "I can't press the back button... hmm, might as well register
| for an account and become a loyal user."
| [deleted]
| erickhill wrote:
| I was not an AOL user. In the 90s my colleagues and friends used
| "AOL User" as a slight on folks who didn't understand tech. My
| dad was an AOL user and I had to show him how to use it. Often. I
| _raged_ at its expensive walled garden (especially when I needed
| to show him how to access an actual website) but he liked it.
| Regardless, I love this project.
| TedDoesntTalk wrote:
| Similar experiences and attitudes for me. Looking back, we were
| harsh on them. I'm sorry for my disdain especially after
| reading how many children went into programming or an IT career
| because of various AOL hacks.
| tyingq wrote:
| I distinctly remember "AOL Keywords" as a signal that
| corporations were going to find a way to ruin the internet with
| their walled gardens.
|
| And while that idea didn't pan out, the general idea seems to be
| roughly what happened. The internet is now mostly a grouping of
| separate spaces like Facebook, Apple's store, TikTok, IG, etc.
| puglr wrote:
| As a former AOL user, it was truly a walled garden. For hordes
| of less tech-savvy users like myself, AOL _was_ the internet.
| Many of us had little concept of an internet "beyond" AOL.
|
| The current situation might be referred to as "windowed
| gardens". We get to look around and choose the fiefdom we hate
| the least.
|
| ...progress?
| exabrial wrote:
| AOL was like "The Matrix". The system was full of casual,
| blissfully ignorant users... meanwhile there was an underground
| set of hackers and script kiddies having a blast while being
| chased down by moderators.
|
| Ah yes, I remember the first time I got my family's account
| shutdown for "punting" a moderator and crashing a bunch of
| servers. My dad was like "what?" when AOL _called us_.
| [deleted]
| karlshea wrote:
| Yep! I downloaded my first copy of Photoshop, along with the
| MacOS 8 beta from #macwarez/#macfilez. Around that time they
| got busted up and had to change to #zelifcam.
|
| It was amazing. You'd just subscribe to some bot in the chat
| room and after that all the pirated software you could imagine
| would just continuously appear in your inbox.
| cyanydeez wrote:
| I remember making 2500$ spamming porn links
| nickstinemates wrote:
| i just wrote about this. https://keeb.dev/2022/05/28/The-
| beginning/
| bredren wrote:
| Thank you for sharing your story.
| TedDoesntTalk wrote:
| I'm sorry for your loss. I enjoyed reading this even though I
| am probably 15 years older, I have a similar story with the
| predecessors to AOL (BBS systems).
| TedDoesntTalk wrote:
| I had the privilege of dining with an ex-CEO of AOL around
| 2017 or so (long after his retirement). I was prepared to
| rail him for taking advantage of Americans, but he was such
| a humble and fascinating guy... no.
| nickstinemates wrote:
| TY for the kind words. The end of this post took place in
| 1997 and while the effect still lingers, I can only be
| grateful that my outlet was productive.
|
| Funny enough, AOL was the gateway drug. I found things like
| usenet, irc, and bbs's and graduated to these things. My
| early teens were spent in those neighborhoods before moving
| on to LAMP stacks and more productive programming.
| efreak wrote:
| see also http://mazur-archives.s3.amazonaws.com/aol-
| files/index.html
| funshed wrote:
| Nothing as elaborate as yours but my parents got that call too.
| I can't imagine an ISP calling anyone in 2022. Good guys, AOL
| scroot wrote:
| Dude, we got banned from AOL for life after I popped into a mod
| chat room and started pretending I was one of them. Stupid! But
| I wanted to play a dangerous game...
| pbear2k21 wrote:
| If anyone wants to check it out or take a deeper technical dive
| our discord is https://discord.gg/reaol
| DanAtC wrote:
| Can't even open that link on iOS without being redirected to
| download Discord. Pass
| imwillofficial wrote:
| Sesse__ wrote:
| Strictly speaking, it's because Discord goes out of their
| way to block mobile browsers.
| imwillofficial wrote:
| I've noticed this trend more and more with apps, reddit
| starting doing it too recently.
|
| There are times when walled gardens work, when they make
| sense. This is not that time.
| 0daystock wrote:
| Why can't you just publish the open source on Github or
| something?
| pbear2k21 wrote:
| That's planned. Would be blasphemy not to.
| elpocko wrote:
| I'm interested, but not interested enough to join Discord.
| DJBunnies wrote:
| You could join their AOL chat rooms instead.
| samstave wrote:
| PCLink has entered the chat
| cube00 wrote:
| I would except they've also put the setup instructions
| inside their Discord server as well.
| layer8 wrote:
| Never used AOL, but I wish "the internet" had such a structured
| 90's user interface.
| wolpoli wrote:
| I agree. This was the era when buttons look like button instead
| of plaintext or text on rectangle, contents are shown in grids
| instead of cards, and different areas of the interface are
| separated by visual dividers rather than white margins.
| layer8 wrote:
| That's correct, but what I was getting at besides the UI
| style is that I wish most of the UI was in the client
| (browser) rather than in the content (web site).
| silisili wrote:
| Did use AOL, and think it was way ahead of its time. One portal
| where you could access email, chat, IM, news, stocks, etc.
| Worked fast and rather seemlessly, especially for dialup.
|
| Portals today are still not as slick or functional. See MS or
| Google's attempts.
|
| Really wish someone would create something similar in Electron
| or something.
| TedDoesntTalk wrote:
| And no obtrusive ads, especially video!
| vehemenz wrote:
| This is great. Now I can finally pursue my true life's calling:
| making AOL proggies.
| shortformblog wrote:
| Maybe this is a silly question, but: Does this support the
| GeoWorks version of AOL?
| 101008 wrote:
| Good for those nostalgics like me. My experience with something
| similar was Escargot, a similar project but for MSN Messenger[1]:
|
| I created a new account (old accounts do not work), I made my
| friends to do the same and we used it for a few hours (sharing
| emoticons, nudges, etc) but then the novely went away. Software
| alone cannot capture/reproduce the old days, unfortunately.
|
| [1]https://escargot.chat/
| jbay808 wrote:
| MSN Messenger was the best chat software I ever used. Its
| abandonment was a huge loss. Thanks for sharing!
| Bilal_io wrote:
| https://youtu.be/nqGJUKaaLU4
| frostwarrior wrote:
| That's the thing about nostalgia. We don't miss a thing by
| itself, but the whole context in that given time.
|
| I don't miss Windows 98. I miss being a child using that,
| browsing the old internet, the old terrible "web design" and
| having my friends on the same page
| TedDoesntTalk wrote:
| You can never really go home.
| accrual wrote:
| For those interested in doing something similar but with AIM
| (the messaging client bundled alongside AOL):
|
| 1. "Phoenix" a closed-source server reimplementation:
|
| http://iwarg.ddns.net/phoenix/index.php
|
| 2. AIM OSCAR protocol project in TypeScript, incomplete but
| partially working:
|
| https://github.com/DrewML/aim-server
| a-dub wrote:
| i once worked on a team that was working closely with aol to
| develop an aol set top box. as an integration engineer i
| interfaced with aol quite a bit and on occasion, i'd get sent
| fascinating threads from their ops teams. all sorts of weird and
| scary sounding things like "access rotors" that were probably
| developed custom in the early 90s.
| accrual wrote:
| I would love to read more about your experiences. I grew up
| with AOL and learning about its internals years later is
| fascinating.
| svnpenn wrote:
| pbear2k21 wrote:
| Yeah livejournal is pretty bad. I only use it because of the 1
| character username "g" I cracked 20+ years ago. It's an ad
| trap.
| hoppyhoppy2 wrote:
| > _Please don 't complain about tangential annoyances--things
| like article or website formats, name collisions, or back-
| button breakage. They're too common to be interesting._
|
| https://news.ycombinator.com/newsguidelines.html
| [deleted]
| InvaderFizz wrote:
| I never used AOL, but as a kid, receiving the 3.5" floppy in the
| mail was really nice. Saved me having to buy one!
| asveikau wrote:
| I forget. Did they remove the little plastic square thing to
| make it read-only?
|
| For youngins, 3.5" floppies had a "write protect" switch. If it
| was a solid plastic bit, you could write, but if the switch
| showed a hole, it would be treated as read only. Here's the
| first Google result I found:
| https://electronicstechnician.tpub.com/14091/css/Write-Prote...
| InvaderFizz wrote:
| I'm not 100% sure I remember correctly, but I believe the AOL
| disks were standard in every way except that they never
| inserted the plastic slider. A bit of tape fixed that
| problem. Scotch tape worked fine, as pointed out by another
| poster. I typically just used a portion on an unused floppy
| label and wrapped it around the edge. I wasn't much concerned
| with write protection usually, so keeping it permanently
| writable was fine by me.
| notadev wrote:
| You could just cover the hole with a piece of scotch tape and
| voila, writeable!
| asveikau wrote:
| Scotch tape, huh? I would have figured electrical tape, for
| opacity. I don't think I ever had to do this though.
| command_tab wrote:
| All the floppy drives I've ever seen had a little
| mechanical arm attached to a microswitch that detected
| the presence or absence of the write protect notch. VHS
| cassettes worked similarly.
| SoftTalker wrote:
| Audio cassettes had this also. A little tab you could
| break off that would prevent recording. If you later
| changed your mind and wanted to record over the tape, you
| would just tape over the hole.
| dizhn wrote:
| No need. It was just pushing something inside the drive.
| A little piece of paper jammed in the hole worked fine
| too.
|
| You also drilled a hole on the other side to make the
| disk double density.
| classichasclass wrote:
| None of the ones I got ever did. They were immediately
| repurposed (along with all those free Computer City
| floppies).
|
| Reusing the CDs was a little harder. ;)
| tablespoon wrote:
| > I never used AOL, but as a kid, receiving the 3.5" floppy in
| the mail was really nice. Saved me having to buy one!
|
| Those were _sooo_ ubiquitous. But I never saved any, and now I
| wish I had some.
|
| Luckily, the Smithsonian is on the job:
| https://www.si.edu/object/nmah_1395721
| edf13 wrote:
| Killer back button hijack!
| [deleted]
| tibbydudeza wrote:
| I recall the backend ran on some odd hardware for the time ???.
| classichasclass wrote:
| At least for awhile, it was Stratus VOS. This was true for its
| ancestors QuantumLink and PlayNET as well.
| tibbydudeza wrote:
| Oh I remember that - they were in competition with Tandem Non
| Stop systems using MIPS processors.
|
| I used to program for those machines for a bank using TAL
| (Tandem Application Language) running their Guardian OS.
| sys_64738 wrote:
| Back when AOL was what the cool kids used. I never did and was
| stuck with the internet during the 90s.
| tibbydudeza wrote:
| And Microsoft's answer - Project Blackbird - fortunately sanity
| prevailed and Microsoft "embraced" the WWW
| tibbydudeza wrote:
| https://en.wikipedia.org/wiki/Blackbird_(online_platform)
| TedDoesntTalk wrote:
| Yeah, and they gave us IE6.
| tibbydudeza wrote:
| Now now and also XMLHttpRequest no thanks to the OWA (Outlook
| Web) team.
| atlgator wrote:
| Can you make it simulate the modem handshake sounds on sign on?
| pbear2k21 wrote:
| Yes. That was done with an internal test build.
| Dwedit wrote:
| I wouldn't want to mess with outdated software that communicates
| over a network, especially not from AOL given their record with
| AOL Instant Messenger.
|
| Did you know that the original way that AOL checked that you were
| using a genuine version of AIM was to send a buffer overflow
| attack to you? It would then execute some code that checked
| process memory for signs that it was the genuine AIM executable.
| thebeardisred wrote:
| Every time I listen to "The Chronic" by Dr Dre I'm reminded of
| how impressed I was by the "AOHell" installer. It was the perfect
| mix of BBS/demoscene culture and an introduction to larger online
| communities of hackers.
|
| edit: Also, I'm very pleased to hear _someone_ else talking about
| "rainman" ;)
| rootw0rm wrote:
| And here I only remember AOHell's Nine Inch Nails references...
| je_bailey wrote:
| I miss clients like this. It reminds me of a better time when the
| internet was young and fresh to me.
|
| It does amuse me that this written up on livejournal.
| reaperducer wrote:
| _It reminds me of a better time when the internet was young and
| fresh to me._
|
| I remember when AOL was seen as evil that was going to kill the
| open internet.
|
| It was the original "walled garden."
| imglorp wrote:
| One might argue before that was CompuServ. Text only, dialup,
| massive BBS basically. Messaging, shopping, airline
| reservations and other connections.
|
| I wish someone could rescue the whole thing from tape and
| host it.
| guessbest wrote:
| It wasn't really a walled garden, though. I remember using
| the AOL client software to connect to the internet and then
| opening IE to browse internet sites like yahoo, geocities and
| slashdot. When the computer owner who let me borrow his
| computer saw me do this he was stunned. He didn't realize he
| was connected to the internet this whole time.
| zemo wrote:
| right but that wasn't what AOL was trying to build; it's
| what happened in spite of their efforts, not because of
| them. Notice the prominent "channels" and "what's hot"
| buttons in the second screen shot? They're given a higher
| position in the ui hierarchy than "internet" for a reason.
| They were trying to create an experience where all of the
| content came from AOL itself. "Channels" were their content
| pipelines, they were hypermedia but everything within the
| content network of channels was created by AOL itself. It
| would be like someone hearing about the web and thinking
| that the way to "win" the web would be to "own all of the
| web pages".
| [deleted]
| TedDoesntTalk wrote:
| > It wasn't really a walled garden, though
|
| It effectively was for millions of users who did not
| venture outside the AOL client.
| tablespoon wrote:
| > It wasn't really a walled garden, though. I remember
| using the AOL client software to connect to the internet
| and then opening IE to browse internet sites like yahoo,
| geocities and slashdot.
|
| That wasn't always true. At some point internet access was
| a "feature" that was added to the walled-garden AOL. They
| famously added Usenet in September 1993. I can't find a
| date for web access, but I'd guess 1995.
| smitty1e wrote:
| I liked the Three Line Novel thing on AOL.
| _the_inflator wrote:
| > P.S. My Screen Name is "God" so don't forget to add me to your
| Buddy List and send me an IM
|
| So if you ever wanted to talk to god via AOL, here is the chance.
| ;)
| sejje wrote:
| Well, people used to use me for the same thing.
|
| I had "Christ"
| Chazprime wrote:
| A Livejournal link? Feels like the 90s in here today!
| [deleted]
| [deleted]
| legalcorrection wrote:
| Not to be a negative nancy, but in all likelihood there's serious
| vulnerabilities in the AOL client. If you connect to this, anyone
| else connected to it can probably pwn you. So maybe run it in a
| VM or something.
| jeroenhd wrote:
| The official AOL client at one point relied on an RCE
| vulnerability in the client <-> server communication to thwart
| MSN's compatibility [1]. The client would be exploited by the
| server and sent new code to execute, making it impossible for
| most competing clients to be compatible with its protocol.
|
| If that's the programming style that was deemed acceptable for
| release, I can almost guarantee you that the old, unmaintained
| client will definitely have some other vulnerabilities left
| over in its protocol.
|
| [1]: https://www.geoffchappell.com/notes/security/aim/index.htm
| ElectricTurkey wrote:
| You are confused, AOL and AIM are two totally different
| pieces of software, which use different protocols and serve
| different purposes. The exploit in question has literally
| nothing to do with AOL, it's for AOL Instant Messenger. MSN
| never tried to access AOL's service network, but certainly
| AIM's.
| Dwedit wrote:
| I think it's pretty likely that the AOL client and AIM
| could have shared some code for instant messages.
| dontbenebby wrote:
| marcus0x62 wrote:
| Which part of the GP are you saying falls under the CFAA?
| dontbenebby wrote:
| Someone hacking someone who installed the software in the
| OP.
|
| Was that part not clear?
| franga2000 wrote:
| Maybe the parent post was edited since, but your response
| seems entirely disproportionate here. Running old proprietary
| software which connects to untrusted servers in a secure
| environment like a VM is very good advice.
|
| Saying you shouldn't do it because hacking is a crime is even
| worse than saying you shouldn't lock your doors because
| stealing is a crime. I say worse because in that case at
| least your point about deadly force could possibly apply -
| you can physically stop a robber if you happen to be home.
| Good luck beating up a 12 year old script kiddie stealing
| your e-banking creds through a Tor reverse shell you aren't
| even aware is installed on your computer because you ran what
| is essentially a web browser from before sandboxing was
| invented on your primary computer.
| dontbenebby wrote:
| >Maybe the parent post was edited since, but your response
| seems entirely disproportionate here.
|
| Maybe it was, I don't know. What law in PA requires a
| proportionate response?
|
| If you don't like the laws of PA, register to vote and work
| to change them.
|
| >Running old proprietary software which connects to
| untrusted servers in a secure environment like a VM is very
| good advice.
|
| Yes, but the problem is most people don't know how to do
| that, so it's not useful to the types of people who have
| the freedom and time to experiment... the newbies... who
| are often quite young.
|
| >Saying you shouldn't do it because hacking is a crime is
| even worse than saying you shouldn't lock your doors
| because stealing is a crime.
|
| There's a difference between "lock your doors" and "lock
| your doors, get bars on your windows, set up an alarm, live
| on the third floor with no elevator, and keep a phone and a
| weapon next to a bed behindn a locked door" (which seems to
| be the level of "reasonable" security some folks here seem
| to want, to draw analogies from the physical world.
|
| >Good luck beating up a 12 year old script kiddie stealing
| your e-banking creds through a Tor reverse shell you aren't
| even aware is installed on your computer because you ran
| what is essentially a web browser from before sandboxing
| was invented on your primary computer.
|
| I'll just get a new credit card number or report the ach as
| fraudulent. I have MFA on my bank accounts plus code words.
| (I changed to a different one for each entity after a tour
| Dachau.)
|
| It sounds like in the scenario you describe, we should give
| that 12 year old a job, rather than invent ever creative
| ways to punish them for not wanting to be a low level
| minimum wage customer service representative because from
| ages 12 to 18ish they responded to adults like an adult
| would, while they weren't thankful the kid only acted out
| electronically in cheeky, playful ways.
| hvdijk wrote:
| > Maybe it was, I don't know. What law in PA requires a
| proportionate response?
|
| Nobody said it was illegal, but a disproportionate
| response is not likely to go over well with other people
| here. Whether that is a problem depends on whether you
| are trying to get along with other people, so will leave
| that for you to decide.
| dontbenebby wrote:
| somehnguy wrote:
| I take it you must be aware that the threat of a felony means
| next to nothing when it comes to computer hacking, right? If
| it did people and companies wouldn't be getting owned left
| and right, and the security industry wouldn't be so huge.
| It's very good and realistic advice. Ignore it at your own
| risk I suppose, just don't be surprised when the obvious
| happens.
| dontbenebby wrote:
| >I take it you must be aware that the threat of a felony
| means next to nothing when it comes to computer hacking,
| right?
|
| I literally just warned you that's not the case. Even if
| the FBI doesn't prosecute, you can respond physically[0],
| but I was more speaking in the context of someone hacking
| wifi, where they're in close physical proximity, not the
| other parent's example of a remote attack.
|
| (That's why you hack... because you can do it remotely.)
|
| For context, I had a neighbor literally hack a speaker I
| was using to do personal, private calls, protected by PA's
| 2 party consent state.
|
| I don't like when people invade my privacy, repeatedly,
| then do a shocked Pikachu[1] when the result is to respond
| like an Appalachian with multiple degrees and ten years of
| policy experience paired with the skills of a woodsman
| trained by the Boy Scouts just before they went bankrupt.
|
| [0] https://www.ft.com/content/307ece16-38cb-11e4-9526-0014
| 4feab...
|
| [1] https://knowyourmeme.com/memes/surprised-pikachu
| h2odragon wrote:
| There were rumors that AOL ran scanners looking for mailing
| addresses to send disks to. I think its possible but perhaps it
| wouldn't have been an "official" effort: they had some
| employees that would pay for address lists without concern for
| their provenance or suitability.
| notadev wrote:
| Pad keeping AOL and apparently LJ alive, nice! This has been a
| dream side project of mine for a long time just to bring back the
| golden years of the Internet so happy to see it's been done.
| b8 wrote:
| I wonder if any legal difficulties will arise from this. Since
| Yahoo owns AOL/AIM, and this violates their IP/copyright I
| presume. Though I'm very happy that this was created.
| IntelMiner wrote:
| Since none of the server software exists anymore, this is
| effectively all clean-room reverse engineering. Writing the
| entire backend from scratch and guesswork based on what the
| client software wants
| bitshiffed wrote:
| Too bad the journal entry doesn't have more details (and I'm too
| lazy to do further digging on my own).
|
| Is this a RE based on actual server binaries that somebody
| managed to get copies of? Or is it a RE of the client end of the
| protocol, just being fed new data?
| havblue wrote:
| After all these years we can finally hack aol to get unlimited
| hours.
| samstave wrote:
| Whats your mailing address, I have a bunch of KiloBytes I'd
| like to send you FREE on CD-Roms. [Microplastics]
| throw457 wrote:
| Faking AOL is what started my interest in hacking with the absurd
| pricing of internet access in germany at the time.
| egypturnash wrote:
| "Please allow ads on our site or create an account. Looks like
| you're using an ad blocker. We rely on advertising to help fund
| our site."
|
| Ah, LJ, how far you've fallen. My lifetime membership lies fallow
| after you ended up sold to a Russian company that eventually made
| any mention of The Gay illegal. Once you promised you'd never
| have ads. But here we are with a pop up begging me to turn off my
| and blocker.
|
| I miss what LJ was. Perhaps I mostly just miss all my friends
| having the time in their lives to create longer, thoughtful
| posts.
| theyeenzbeanz wrote:
| There's a back button hijacker too, I couldn't get back out of
| the link.
| [deleted]
___________________________________________________________________
(page generated 2022-06-05 23:00 UTC)