When the media talk about hacking, they usually mean some kind of terrible incident of the likes of the iCloud hack that actress Jennifer Lawrence described as «a sex crime» or the theft of all kinds of login data. However, this kind of news is far from new. The media have been accusing the IT world of death and destruction from as far back as the early days of home computing.
Admittedly, the article is from the satire newspaper Weekly World News and so it isn’t necessarily accurate
When it comes down to it, hacking is essentially just «persuading systems to do things they really shouldn’t do» or something «done by someone that no one would expect.» Of course, now and again bad things happen. The information security industry have some kind of drama every week that they vent about at length on Twitter. But in general, the InfoSec world is just a funny bunch of people who like to discover, research and play.
I’d like to show you a type of hacking you can try at home. It’s just a small hack, but it’s pretty fun. It ties in with what I was saying earlier about MSPaint. Very few people can get much more than a few toddler-like scribbles out of it. In reality, though, this naff drawing program is actually pretty nifty.
Another reason I want to show you this hack is MSPaint deserves more love than it gets. In the past week, Microsoft even announced they were removing the program from Windows. When the Internet reacted with «Are you crazy?», Microsoft came up with a solution. In future, Paint won’t come with Windows but it will at least be available in the Windows App Store.
So here’s our project: drawing a picture that can open a program.
In this example, we will be opening Command Prompt, the thing that most non-techies call «the window with the white text on a black background that looks like something hackers use». With enough messing around, you can pretty much open all programs from Paint. This is a hack I saw recently in an episode of the Hak5 YouTube series.
Before we can get cracking in MSPaint, we have to configure a setting in Windows – assuming you haven’t already done so. In the second step, we need to get file name extensions. These are the letters after the dot in every file name. Images on the Internet are mostly .jpg. A Word document is .docx, a video is .mp4, and so on. However, there came a point when Microsoft thought these just confused inexperienced users, so they decided to hide file name extensions by default.
But we need them in a folder.
You can find file extensions in the ‘View’ menu.
Right, that’s the first part done. Now it’s time to get your art supplies out and start drawing.
This is where you get to funnel your artistic talents into six pixels. When you open Paint, you’ll see a blank, virtual piece of paper that’s all ready for doodling on. Before you roll up your sleeves, we need to first make the paper a bit smaller.
Image size in MSPaint
Make sure the ‘Main aspect ratio’ option underneath is not selected.
It’s finally time to draw. MSPaint does give you some colour options, but we need special ones. We can implement these using the colour editor.
MSPaint recognises millions of colours
We need specific colour values created by mixing the values for red (R), green (G) and blue (B). From left to right we draw one pixel in these colours.
As your masterpiece will look rather small right now, I made this version bigger so you could see what was going on. Yours should look similar, just on a smaller scale.
Put it like this, it’s not going to win any art prizes
Now we want to save the image as a 24-bit bmp file in our hack_the_planet folder.
Make sure to save it as 24-bit
The name of the file is irrelevant. I called mine ‘mspaint_hack_6x1.bmp’.
It’s time to reap the fruits of our labour. Don’t worry, it’s quite straightforward.
Double click on ‘mspaint_hack_6x1.bat’
And there you have it. Command Prompt pops up.
Yip, it works
Before I explain what you’ve done, I need to give a quick word of warning. If you get a bat file from the Internet, do not open it. These files can be compromised. No matter how nice the sender asks you to open it, don’t do it! The reason we’re so relaxed about opening our six-pixel bat is we made ours from scratch.
So how exactly did we open Command Prompt? Let’s take a look at the file to find out. Close Command Prompt, also known as CMD, and go back to the hack_the_planet folder. Right click on ‘mspaint_hack_6x1.bat’ and select Edit. The bat file is two lines long.
The second line is simply:
This is what opens Command Prompt. It also opens when you go through Start → Run ‘cmd.exe’.
What you see in Notepad is the file’s ASCII output, which happens to be ‘cmd.exe’. The colours we used are hex-encoded, the way Paint intended. As hex can be converted into ASCII and back again, there is always an equivalent ASCII value for a hex value. For our hack, we intentionally used hex values that would give a particular character string in ASCII.
And that brings us to the end of today’s hack lesson. You’ve made it without leaving a trail of destroyed computers in your wake or finding law enforcement officers standing on your doorstep. But you’ve still made something work that shouldn’t work. You see, it can be fun after all.
Theoretically, you can now use this new-found knowledge to create the most complicated shortcuts. If you ever manage to write ‘notepad.exe’ in a bit using ASCII via HEX, please send me an email and tell me how on earth you did it.
You have to be logged in to create a new comment.
You're not connected to the Internet. Please check that your connection is enabled to keep browsing the site.