Home
Dave

Blog
Archives
By Subject

Recent:

Abstract Arcs
Election Night
RCS Photos
Space Stamps
Fireworks
Long Black Curly Eyes
Nixie Tubes
Memory
Scavengers
Nightshade
Cobras
Magical Feedback of Oz
Harp Case
Reading List 2023
Moonrise
Local Wildlife
Centipede
Recent Photos
Mouse Teeth
Reading List 2022

BSD Hunt

I started programming in C in the mid 80s, teaching myself from K&R 1st edition. I was using an original 128k Mac with dual floppies. (The C compiler would use screen memory when it ran out of ram, which was a cool trick, I thought.) I knew from everything I read about C that the environment I really wanted to be using was Unix, but that was not available to me at the time.

Then I went to college, and there was a VAX-11/750 running VMS. I loved the big central machine with text terminals, but I knew VMS was not the system for me. At the end of my first semester, the college aquired a second 11/750, and decided to run Unix on it. Sepcifically, the brand-new 4.3BSD.

HEAVEN. Absolute heaven. Playing around with pipelines and shell scripts, writing little filter utilities, etc. I felt like a magician.

There were two things I did to learn how Unix worked under the covers.

The first was to write a shell. My first shell was TERRIBLE (flakey, crashed a lot, really shitty parser), although some of the things I added were cool, and live on in my current shell. (My fourth shell!) It did teach me a HUGE amount about how Unix worked though, and that was the main point.

The second thing was pretty trivial, but a cool hack.

+-----+---------+-----+-------------+-------+-----+         Ammo:        1002
|                                   |       |     |         Gun:           ok
|                                   +---+ | | +   |         Damage:        0/10
|                                       | | | |   |         Kills:          0
+                                     | + + | |   |
|                                     |   |   |   |         Player:
|                                   +-+-+ | +-+   |           0.00*dave
|                                   |   | | |     |           0.00+Vic
|                                   | | | | +-- | |
|                                   | |   |     | |
|                                   | +---+---+-+ |
|                                   | |           |
+                               + +-+ |           |
|                               |    <|           |
|                               +-----+           |
|                                                 |
+                                                 |
|                                                 |
|                                                 |
|                                                 |
|                                                 |         Monitor:
|                                                 |
+-----------------+-------+---------------+-+-----+

There was a multi-user game called "hunt" that was popular with me & my friends. I think it still exists in most BSD distributions. Top-down ascii-graphic style maze thing, with the various users running around trying to kill each other. Users & objects are shown by single characters, and other users are only visible if they're actually in your line of sight.

Since I'm TERRIBLE at video games, the obvious way to beat my friends was to cheat. My first trick wasn't exactly cheating, but I read through the source and found some tricks in the game mechanics that gave me an advantage. Not enough of an advantage to overcome my incredibly low skill level however, so some real sneakiness was in order.

The way hunt worked was that you started the client program, and if it couldn't find a daemon process to connect to, it spawned one, which was SUID. I dug a bit (we had an academic source license - which was a really big deal in the pre-Linux Unix days) and found that the port hunt was using to communicate with its daemon process wasn't prived.

So I took a copy of the daemon source, modified it a bit to give user "dfischer" some special capabilites, compiled, and then if I started my version when a proper hunt daemon wasn't already running, it would trick the ligit client processes into connecting to my version.

Ha!

The first time I used it when there were a bunch of people in the terminal room at the library, everyone was playing along as normal and then I used one of my special features, and I heard someone say from across the room, "What's an 'N'?". A few seconds later the entire maze was completely vaporized and everyone's screen went blank.

(Hunt has four ways to attack other players: stab them (no ammo required), shoot them (one ammo unit), throw a grenade (9 ammo units), throw a "satchel charge" (25 ammo units), throw a bomb (49 ammo units). User dfischer however, also had nukes. Bullets, grenades, and bombs are represented by single ASCII characters. There was nothing represented by an 'N', prior to my addition of nuclear weapons.)

I took it as a great compliment that everyone immediately blamed me.