What's new in AOL4Free2.6 v4
v4 is AOL4Free Stealth! AOL found a way to detect users of AOL4Free by
exploiting the fact that it generates certain kinds of error messages in
Stratus Logs. However, with only a few lines of additional code AOL4Free
is again undetectable! Read all about it in 'Can I get caught?'
Bug Guides! AOL seems to be bugging us hackers more and more, so I've
decided to bug them back. In the Hell menu you will find an additional
choice, 'Secret Guide Room'. Selecting this choice will take you to the
secret Guide conference room 'Center of the Earth', where you will be
bombarded with heretofore unseen variations of the ubiqutorious smiley
face. But be warned, piss off Scott Clothier and who knows what will
I cancelled my anon account, so you can't contact me any more. Bummer, I
What is AOL4Free anyway?
By: Happy Hardcore
It duz what it sez, mon petit chou. (That's about the sum result of four
years of French; useful, ain't it?) Technically put, it allows you to
access the AOL commercial online service without paying the standard
hourly charge. Pretty cool, huh? Better yet, it actually works, which is
even cooler. All you do is install the files and your job (and your bill)
is done; all of the time that you spend online from then on will be shown
as time spent in the free area, regardless of what you were actually
doing. And AOL4Free does allow you to do anything at all that you would
normally do on AOL, with absolutely no restrictions.
This means you can chat4free, IM4free, download4free, and jack off while
reading Steve Case's monthly letter 4free (just kidding). It also lets you
send those cool extended characters in chat rooms.
Unfortunately, you will still incure the $10 monthly charge. There is
shite I can do about that. And you will be charged for a few minutes a
session, but no more.
BTW, the sending of extended characters over IMs is impossible, 'cuz the
IM ASCII high-bits are filtered out at the host, not the client, end.
C'est la vie.
How do I install it?
AOL4Free2.6 is a 'patcher' application. This means that to install
AOL4Free2.6, you run the 'Install 4Free2.6 v4' application and it will ask
you to locate the appropriate files and will alter them for you. It alters
your main AOL application, and three Online Tools, 'Chat', 'File
Transfer', and 'Mail'. PLEASE only distribute the patcher, and not the
patched files, and make sure you include these docs as well. So keep your
original AOL4Free stuffit archive, and give that to people when they ask
you if you've got AOL4Free.
Since your Online Database isn't affected, your account information will
still be there.
The files that you are patching MUST be unaltered 2.6 files, not 2.5. If
you are upgrading from AOL4Free2.6 v3, then just run the v3 de-installer
to return your files to pristine condition. Included in this archive is an
'AOL4Free2.6 v4' de-installer. Using it will return all your AOL 2.6
files back to virgin status, which will speed up the installation of
AOL4Free2.6 v5 when it comes out.
Why should I trust you?
No, I'm not angry, you have every right to ask a question like that. After
all, by installing my software you would are, by implication, entrusting
the security of your hard drive and your account information to my good
will. I also understand that there have been many people over the years
who have been burned by those assholes who get a rise out of loading up a
file with viruses, trojan horses, and then passing it off as a game or a
utility. Unfortunately, since we all are operating within the computer
underground, and are therefore anonymous, there's no place we can go for
(Unless you wanna send EMAIL to TOSAdvisor complaining about that nVIR'd
copy of Autocad you just downloaded ;)
Fortunately, I'm not the only one who can vouch for my integrity; many
people have installed and enjoyed AOL4Free before you recieved this
archive, and they will tell you that it works as advertised, nothing less,
nothing more. The more perceptive among you may worry that I've secretly
written in some malicious backdoor that will somehow allow me to find out
your password by sending an IM. I have to admit that I have the technical
skill to do that, and it was a tempting thing to consider. But in the end
I refuse to poison the scene any more than it already is by betraying your
trust and your privacy. You out there who would and have done differently
(and you know who you are), shame on you.
Besides, even assuming that AOL4Free is trojanned like that, sooner or
later some smart cracker who knows assembly and who's curious about how I
did what I did would find out, and soil my reputation from here to kingdom
come. I would never be able to show my face in the underground again, and
all those people who would stop using AOL4Free would be forced to
rediscover the benefits of helping to pay for Steve Case's infamous
Memorial Day Vegas orgies.
(Just joking, Steve.)
What's your secret?
My good looks. Oh, you're talking about AOL4Free? In that case...
All too often these days, hackers tend to be like packrats; obsessed with
status, they'll hoard every bit of information they find, useless or not,
in an effort to impress their peers with how little they choose to reveal
of how much they claim to know. They dispense their knowledge drop by
drop, and enjoy forcing newcomers to beg and grovel in front of dozens in
exchange for almost no effort on their part. The real lamerz aren't the
newbies, eager to learn more about the scene, they are those who won't
even trade KMAOHELL without at least three or four warez in exchange.
Needless to say, this kind of behavior is what's destroyed the
underground, and I will take no part in it. Any hacker who's worth his
weight in nybbles needs no secrets to make a reputation, he needs not to
insult, to beg, or to steal other's work. His efforts speak for
Therefore I will make no secret of the techniques I used to create
AOL4Free. It takes advantage of a fundamental flaw in America Online's
design, of the simple fact that a huge percentage of the actual work done
in presenting the AOL experience is done not by the 'host' computer, the
ones in Vienna, Virginia, but by the client AOL application you're running
on your home Mac/PC. There's nothing you can do about the host, but you
can, with enough skill, make the client do whatever you want.
The hole that I took advantage of is the fact that it is the client, not
the host, that does much of the 'Free Area' work. To go to the free area,
you select 'Member Services', and the client sends a 'token' to the host
telling it to stop billing, and telling it to send the client the
information for the 'Free Area' window.
The catch is that it's the client's job to close all of the other windows.
It's the client's job to tell you you can't IM and read EMAIL. The host
couldn't give a shit, if you're client didn't prevent it, it would still
send you chat information, let you read messages, all that stuff.
So what I did was simple. I wrote a patch that stops the client from
thinking you're in the free area, and thus from preventing you do all the
cool stuff that you can normally do on AOL (heh). There was one catch,
though. It turned out then whenever you go somewhere, or send a chat
message or an IM, the host resumes billing. So I made it so that every
time you send certain tokens to the host, a 'free area' token is send
right afterwards. It works like this: you go to keyword 'Rockline', but as
soon as you get there, AOL4Free tells the host to go the free area.
AOL4Free conveniently intercepts the Free Area window information (so you
don't get the damn window constantly being re-displayed) and stops your
'Rockline' window from being closed.
It works the same way when you chat, download, anything at all.
Can I get caught?
A better question would be 'would they want to prosecute me if I'm
caught?' The answer depends on how easy it is to catch and trace you. A
little more than a week ago, certain persons in the underground community
found a security hole which allowed them to sign on any AOL account
without needing a password. While browsing around some TOS accounts, they
found EMAIL concerning AOL4Free. The letter you've all been massmailed in
the hack rooms explains how AOL can detect usage of AOL4Free. However, I
have managed to get my hands on a fuller version of the letter within
which AOL Staff admits plans to take legal action against AOL4Free users.
Check it out:
Date: Mon, Sep 4, 1995 1:52 PM EDT
Subj: Fwd: AOL4FREE detector
Posted on: America Online (using WAOL 2.5)
Please supply her with the list of screen names. This will get interesting.
Date: Thu, Aug 31, 1995 4:32 PM EDT
Subj: Fwd: AOL4FREE detector
cc: Dphillips, JMCHURCH
Posted on: America Online (using WAOL 2.5)
This is great! I talked to Jane and what we need is a list of screen
names only (no member names or addresses--those need to be subpoenaed) of
the aol4free people. We then should get verification from TOS and then
hand them over to the Secret Service, but those are things you don't have
to worry about. So you may start whenever you're ready!
P.S. How's the patent application looking? :)
Date: Thu, Aug 31, 1995 12:26 PM EDT
Subj: Fwd: AOL4FREE detector
Posted on: America Online (using WAOL 2.5)
These people are idable as stealing time. I think we have enough? to go
forward with legal action. We are ready whenever you are.
Date: Thu, Aug 31, 1995 10:11 AM EDT
Subj: AOL4FREE detector
To: KHuntsman, Steiny, JHunter
cc: Appelman, X066TR
Posted on: America Online (using WAOL 2.5)
Heh heh heh .. looks like we've got a reliable AOL4FREE detector. If
you filter the log for "CMis" you'll come up with what seems to be a
reliable list of AOL4FREE users. The CMis message is being output by the
terminal handler when it gets a holding area update carried in by a
q_context that doesn't have the same UID as the stored q_context. These
updates are all coming in from Library with the last token being set to
Knowing that AOL4FREE sends in constant K1s and that K1 is marked
pre-login, I hypothesized that the thing must start sending in the swarms
of K1 tokens BEFORE the user is fully logged in --- and, sure enough, when
you look at the billing history of these folks, they pretty much all look
normal until June (when AOL4FREE came out) and then they started racking
up 1000s of minutes of free time and almost no paid time.
With this bit of knowledge, we should be able to comb through the old
logs and come up with a fairly comprehensive hit list which could then be
verified by TOS (although it looks like a positive lock!). Others can
decide what to do with them, but I have visions of all AOL4FREE hackers
getting simultaneously whacked. The prevention code still needs to go
into the TIH, but that'd sure send a shot over their bow! :-)
Looks pretty bad, doesn't it, with the Secret Service and everything. But
not to worry... with v4 of AOL4Free, you are much harder to detect!
You see, what AOL4Free does is send the free token after every real token.
When you are signing on, you send the 'Dd' token with you screen name and
password, and a free 'K1' token is sent afterward. However, because you
aren't really signed on yet, AOL sees the K1 token as a bug and records it
in a log. All the Network Ops people had to do is search their logs for
this bug and viola, they had their AOL4Free users.
v4 is modified so that it doesn't send the free token after 'Dd'. Users of
v4 are totally Stealth... they 'look' just like normal AOL users. The ONLY
way for AOL to identify them as AOL4Free users would be to record their
entire sessions... but with hundreds of thousands of mac users, how would
they pick out suspects? They could comb through billing records looking
for inordinate amounts of free time, but for privacy and technical reasons
this isn't feasible.
NOTE: If you're calling from the 800 number, logging in over TCP, or have
not disabled caller ID with *67 AOL CAN TRACE YOU WITH THE PRESS OF A
BUTTON. PLEASE, if you're on a fake account or doing anything highly
illegal, sign onto AOL only through your local number. They'll need a
court order to find you there.
How long will the party last?
You wonder when will AOL finally plug up this nice little hole I've found
in its software. I will venture to guess at least eight months, probably
longer, IF they put tons of resources into it. Why? Because it's not
something they can correct easily, it derives from a fundamental weakness
of the AOL system, the one which is ironically its very strength: the
ability to be in more than one place at once. You're working with a
graphical interface here. There's no way the guys in Virginia can come
over and 'force' your Macintosh to close that chat window or close that
EMAIL window when you go into the free area, they must trust your client
to do so.
To stop AOL4Free, they would have to make fundamental changes in the way
their system runs. The problem is, making these changes would instantly
obsolete all previous versions of AOL. AOL has pursued a policy of
allowing all the old versions, even back to vesion 1.0, to still work;
imagine the hassle of somehow getting a new 2-megabyte archive to all 2
OK, let's assume they choose to do so. What can they do? They can prevent
the host from responding to any 'tokens' other than those dealing with
free area activities (like Techlive, billing, etc.) while one is not being
billed. But this would be no solution, as all that's needed to do to so
something would be: #1. Send the host a 'get out of Free Area' token. #2.
Tell the host to do something. #3 Send the host 'I'm going back the free
area' token and prevent the client from closing windows. In fact, this is
what AOL4Free already does in order to send an IM and to go to the EMAIL
area; it seems these are the only two activities that AOL as chosen to
'protect' so far. And as you can see, such protection is futile.
We see that that's no real solution. The thing is that it is not in the
sending of information from the host, but in the sending of tokens to the
host that resumes billing, thus making it easy to turn off billing by
sending a free token after every normal one. AOL could make life difficult
by turning on billing every time it sends information to you. This would
make chatting, downloading extremely difficult to do for free, if not
impossible. But it would have negligible effect on message or EMAIL
reading, as one again would just send the free token after recieving all
information. It would affect chatting and DLing bad because when you're
recieving information constantly, thus would be sending free token
constantly, which would slow your session down to %1 of its speed.
But this is all hypothetical. At the moment, things look really grody for
Steve Case, and really good for you. Enjoy the party while it lasts!
How can I become a cracker?
Notice how I phrased it. It's not 'How do I crack?', it's 'How can I
become a cracker?' Cracking isn't a one-shot deal like Internet mail
faking that can be taught in a single phile, nor is it the only skill a
hacker needs to learn. But it's the most powerful tool he has at his
disposal when it comes to seeing and changing how programs work.
Cracking is, basically, the use of one's knowledge of assembly language to
alter the instructions of a compiled program. You know, of course, that to
make a program, a programmer first writes it in a 'high-level' language
such as C++, and then compiles it into assembly language; the compiled
version is what you are running whenever you open an application. There
are two kinds of assembly language used by the Macintosh; the first is 68k
assembly, which is used by all macs that run on (you guessed it) the 68k
processor family. The second is PowerPC assembler, which is used by Power
Macs. Power Macs can read 68k assembly, but not vice-versa.
For now, you can get away with knowing only 68k, since almost all programs
are either written in 68k or are FAT, which means they have identical 68k
and PowerPC code. I suggest you learn PowerPC, though, since more and more
programs are written only in that (like SoftWindows); you also need to
know PowerPC if you want to modify the PowerPC side of a FAT application.
It is MUCH harder to phuck with PowerPC code, though, because of the lack
of and poor quality of PowerPC assembler programming tools.
Now I will tell you what you need to do to become a competant cracker. It
will take a good deal of money and a lot of hard work, but anyone can do
1. Purchase a book on 68k assembly, a book on PowerPC assembly, and a
complete set of Inside Macintosh. Read all three from cover to cover. Any
large bookstore, like Borders, will have the two assembly books, which
will run about $40 each. Inside Macintosh can be bought on CD-ROM for
about $100; you MUST buy Inside Macintosh or you will get NOWHERE in your
cracking endeavors. Don't ask me to upload it, it's a FULL CD-ROM.
2. There are several shareware programming tools that you will need. You
should be able to find any of them on well-stocked online services, or on
good FTP sites like Info-Mac (ftp to mirrors.aol.com and go to directory
/pub/info-mac). I will list them:
Resedit plus Resedit CODE editor extension. This lets
you read and edit 68k assembler.
Macsbug 6.5d. This allows you to view and alter the
running of a program in real-time. 68k code for now.
Bitwise. This cool little utility lets you easily convert
between binary and hex numbers, it will be needed if
you plan on making your own assembly instructions.
PowerPC Disassembler 2.0. This badly-written tool (by
a bunch of Frenchmen, typically) is the only
disassembler for PowerPC code that currently exists.
Janus. This extremely useful tool lets you easily
determine how to convert a patch for 68k into a patch
for PPC code in a FAT application. Also has general
PPC code analysis options.
Serial of Champions. This is necessary if you're
planning on phooling with any communications
programs like AOL, it lets you see the serial port.
Available through ZIFF-NET on Compu$erve or eWorld.
3. Now you're ready for your first crack. (Please don't crack any of
Ambrosia's games, we don't want to piss off AndrewWelc now, do we?) Go
easy at first, then work up to bigger projects. It takes much practice to
become a good cracker; after a few months, cracks that would have taken
days at frist can be done in only a few minutes by an experienced cracker.
Your first few projects should be the simple removal of registration on
shareware games, like Realmz and Gopher Golf. (You can try Prince of
Destruction too, though it was one of the hardest cracks I ever did.)
These will mainly require just removing (NOPping out) or changing one or
two instructions. The bigger projects, such as eliminating dongle
protection or phucking with AOL, will actually require you to write your
own assembly code and insert it into the program.
4. Good luck and happy cracking from the happiest cracker of all.
Why are you doing this?
I could write a long, detailed tract on my philosophy, if I wanted to.
However, I doubt I could do any better at communicating the spirit of our
culture than did The Mentor with his classic 1986 piece in the magazine
%/%The Conscience of a Hacker/%/
Written on January 8, 1986
Another one got caught today, it's all over the papers. "Teenager
Arrested in Computer Crime Scandal", "Hacker Arrested after Bank
Damn kids. They're all alike.
But did you, in your three-piece psychology and 1950's
technobrain, ever take a look behind the eyes of the hacker? Did you ever
wonder what made him tick, what forces shaped him, what may have molded
I am a hacker, enter my world...
Mine is a world that begins with school... I'm smarter than most
of the other kids, this crap they teach us bores me...
Damn underachiever. They're all alike.
I'm in junior high or high school. I've listened to teachers
explain forthe fifteenth time how to reduce a fraction. I understand it.
"No, Ms. Smith, I didn't show my work. I did it in my head..."
Damn kid. Probably copied it. They're all alike.
I made a discovery today. I found a computer. Wait a second,
this is cool. It does what I want it to. If it makes a mistake, it's
because I screwed it up. Not because it doesn't like me...
Or feels threatened by me...
Or thinks I'm a smart ass...
Or doesn't like teaching and shouldn't be here...
Damn kid. All he does is play games. They're all alike.
And then it happened... a door opened to a world... rushing through the phone line like heroin through an addict's veins, an electronic pulse is sent out, a refuge from the day-to-day incompetencies is sought... a board is found.
"This is it... this is where I belong..."
I know everyone here... even if I've never met them, never talked to them, may never hear from them again... I know you all...
Damn kid. Tying up the phone line again. They're all alike...
You bet your ass we're all alike... we've been spoon-fed baby food
at school when we hungered for steak... the bits of meat that you did let
slip through were pre-chewed and tasteless. We've been dominated by
sadists, or ignored by the apathetic.
The few that had something to teach found us willing pupils, but those
few are like drops of water in the desert.
This is our world now... the world of the electron and the switch,
the beauty of the baud. We make use of a service already existing without
paying for what could be dirt-cheap if it wasn't run by profiteering
gluttons, and you callus criminals.
We explore... and you call us criminals. We seek after knowledge... and
you call us criminals. We exist without skin color, without nationality,
without religious bias... and you call us criminals. You build atomic
bombs, you wage wars, you murder, cheat, and lie to us and try to make us
believe it's for our own good, yet we're the criminals.
Yes, I am a criminal. My crime is that of curiosity. My crime is
that of judging people by what they say and think, not what they look
like. My crime is that of outsmarting you, something that you will never
forgive me for.
I am a hacker, and this is my manifesto. You may stop this
individual, but you can't stop us all... after all, we're all alike.
Contacting Happy Hardcore
Too bad, you can't, for security reasons, I've cancelled my anon account
(at least I submitted a cancel request, that idiot Julf is taking fucking
forever to cancel it).
NOTE: There has a been a recent spate of Happy Hardcore 'imposters',
people running around claiming to be me with VERY convincing screen names
and acts, distributing viruses disguised as the 'next' version of
AOL4Free. There's not much I can do about them, though I'm working on a
Happy Hardcore 'verifier' for the next release. All I can do is advise you
to be careful and use your common sense; scan everything you DL with a
virus detector. Also, by now you know how I talk, and you know I announce
new versions of AOL4Free well in advance. If some døød pops up out of
nowhere and forwards 'AOL4Free 3.0 Beta234' to the whole room and the
description reads 'heRe iz da NU Vershun of AOL4fre, it';S SOOO COOOL',
you should probably stay away from it :).
If you find any bugs, anything, then PLEASE contact me at my anon address.
I will be eternally grateful. Here I will address some of the questions
and complaints I have recieved regarding the operation of AOL4Free.
Q: "I was doing (x, y, or z) and I was charged!"
A: Don't panic; there is probably a very easy explanation as to why you
were charged or why you think you were charged.
Thankfully, AOL has greatly improved the speed at which it updates its
Current Billing Summary window, so if you do a one hour session, log off,
and log back on five minutes later, the charge for that session should be
reflected in that summary. However, there can be delays, and if you want
to be really sure when and what you were charged for, I suggest you ask
for a Detailed Billing Summary. Ask for one at least 12 hours after you
did something for that something to appear on the summary mailed to you.
If you've done this, and have verified that you were in fact billed, the
next thing to check is if you installed AOL4Free correctly. you moved or
replaced the three patched online tools, you could be billed for either
downloading, IMing, chatting, or all three. Another thing I've seen happen
is sometimes people make a copy of their old AOL 2.6 app, and when they
open mail from the desktop, it opened their old AOL 2.6 app and not
One thing: During the sending of long Emails or during the posting of
USENET messages, no free tokens are sent (this is necessary as the host
goes balls-up if too much shit is thrown at it at once). I suppose if you
spend an entire hour just posting one 50k USENET message after another,
you will charged for most of that hour. But normally this shouldn't be a
After all this, if you're SURE you were billed for doing something while
using AOL4Free, you've found a bug. Write me about it. Tell me EXACTLY
what you were doing before and during the time you were billed, in as much
detail as you can remember, such as
if you sent an IM, ignored somebody, read mail, whatever, and in what
Q: AOL4Free is too slow! It takes me fucking years to do x, y, or z.
A: Before I discuss this, remember the entire AOL service slows down
considerably at night from about 9 pm to 1 am becuase of the number of
users. I've had my node so swamped one evening that I couldn't spend more
than five minutes online without getting booted.
Yes, AOL4Free is slower than normal AOL. But it's now faster than previous
versions because much less information is being sent from the host to the
client. Even so, AOL4Free needs to send the free token frequently, so some
slowdown is unavoidable. You're lucky in that this doesn't slow down
downloads; they are as fast as before. HOWEVER, if you're downloading
while you're doing something else, both will slow down considerably. Doing
stuff while downloading is much more stable in AOL4Free2.6 v1 than in
previous versions, however.
Q: "AOL4Free can't find the Web Browser!"
A: This isn't an AOL4Free problem. AOL's Web Browser is, shall we say,
buggy, and sometimes the AOL app 'forgets' where it is. To fix this, you
gotta chuck the Web Browser and reinstaller.
Q: AOL4Free has stopped working! Now whenever I try to chat, evil green
gremlins jump out of the screen and try to rip my balls off!
A: I make no guarantees about AOL4Free's ability to continue to function
as planned in the face of unknowable future changes by AOL. All that I do
guarantee is that it works now, as advertised, something that I have
personally verified many times with my bill. If and when such changes
occur, I will try to compensate for them with a new version of AOL4Free,
so keep updated.
6/12/95: Beta 1, first public release.
6/21/95: Beta 2 released. Fixes bug with the IM available button. I
also had to tweak some routines as a result of AOL
changing the output pattern of their 'Free Help' window.
7/1/95: Beta 3 released. Changes the way the free area is invoked
for better performance. Timing routines written to
ameliorate the 'beach-ball IM' and 'lost chat' problems.
7/1/95: Beta 4 released. Fixes a satanic bug with Beta 3 that
prevented the user from creating or deleting screen
7/10/95: Final version of AOL4Free 2.5 released. The first one to
be beta-tested. The root source of all of those 'lost
activity' bugs, such as invisible chats and places not
opening, are certified squashed. This was a bug in AOL's
memory management that I had to work around.
8/4/95: AOL4Free2.6 v1 released. It's simply AOL4Free for the
version 2.6 AOL software. It provides free web. It fixed
bugs that cause misdirected text and chopping of some
text files. It extends the free area technique to cover all
tokens, so those nasty charges that some people have
been incurring in some places are gone.
8/8/95: AOL4Free2.6 v2 released. I was an idiot and let a hole
creep into the IM code of v1 which forgot to tell AOL to
turn off billing after an IM was sent. This happened
because I was testing the code by sending IMs to myself,
which had different effects that sending them to other
8/26/95: AOL4Free2.6 v3 released. Gets around AOL's pitiful
attempt to counter AOL4Free by sending a cool new free
token. Code is tightened so the Members Tool isn't
altered. Mail Tool is altered so that the 'Send Now' button
never dims' Mailbomber and de-installer included.
9/13/95: AOL4Free2.6 v4 released. A Stealth version that cleans
up some code that made it easily detectable to NOC. Also,
includes Guide Room Bugger.
??/??/99: This future release of AOL4Free will let you log on as
any account on the system. Oops, I guess someone
already did that. You see what we trailblazers have to
put up with?
My deepest thanks go out to whoever it was that stole that private staff
EMAIL regarding AOL4Free, you may have just saved many peoples' buts from
some serious court time.
Return to Main Page