---- START NEW MESSAGE --- Received: from cherry.ease.lsoft.com [209.119.0.109] by dpmail10.doteasy.com with ESMTP (SMTPD32-8.05) id AB2735D300D2; Thu, 29 Jan 2004 04:23:03 -0800 Received: from PEAR.EASE.LSOFT.COM (209.119.0.19) by cherry.ease.lsoft.com (LSMTP for Digital Unix v1.1b) with SMTP id <7.00CC299D@cherry.ease.lsoft.com>; Thu, 29 Jan 2004 7:22:54 -0500 Received: from MITVMA.MIT.EDU by MITVMA.MIT.EDU (LISTSERV-TCP/IP release 1.8e) with spool id 2420 for PICLIST@MITVMA.MIT.EDU; Thu, 29 Jan 2004 07:22:49 -0500 Received: from MITVMA (NJE origin SMTP@MITVMA) by MITVMA.MIT.EDU (LMail V1.2d/1.8d) with BSMTP id 8185; Thu, 29 Jan 2004 07:22:09 -0500 Received: from dwalin.rl.ac.uk [130.246.135.131] by mitvma.mit.edu (IBM VM SMTP Level 430) via TCP with ESMTP ; Thu, 29 Jan 2004 07:22:08 EST X-Comment: mitvma.mit.edu: Mail was sent by dwalin.rl.ac.uk X-RAL-MFrom: X-RAL-Connect: Received: from sstdwkiwi (sstdwkiwi.ag.rl.ac.uk [130.246.189.231]) by dwalin.rl.ac.uk (8.12.8/8.12.8) with SMTP id i0TCJpsj028258 for ; Thu, 29 Jan 2004 12:19:51 GMT References: <2193429B07D9914D97216EBBAA6AB8BD1A04DB@whitlam.corp.gli.com.au> <017d01c3e604$0ed1e440$7b01a8c0@Paradise> MIME-Version: 1.0 Content-Type: text/plain; charset="Windows-1252" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1106 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 X-CCLRC-SPAM-report: -4.9 : BAYES_00 X-Scanned-By: MIMEDefang 2.35 Message-ID: <151001c3e662$31b1df70$e7bdf682@space.rl.ac.uk> Date: Thu, 29 Jan 2004 12:19:51 -0000 Reply-To: pic microcontroller discussion list Sender: pic microcontroller discussion list From: "Alan B. Pearce" Subject: Re: [PIC:] Disassemblers To: PICLIST@MITVMA.MIT.EDU Precedence: list X-RCPT-TO: Status: U X-UIDL: 371856245 >- Amount of money requested "unusual" or reacts with PIN in some way. > This would be one of the easiest but hard to spot and unlikely to be >fluked by others. > > eg PIN = 3141 & amount = $79.69 = trapdoor on (can you see how) > Only one chance in 10,000 of this being a fluke. > Could be MUCH more subtle. > > eg PIN = 3141 & amount = $5.06 (almost uncrackable) > (ie $ = Subtract PIN digits from 10, dec/inc/dec/inc digits, shift >right once.) This would be easily entered, and identifiable as a trapdoor, as the decimal key is not used when entering the amount of money, as it needs to be an integer. Another trapdoor would be, say the smallest note is a $10, then entering anything other than a zero as the last digit starts the trapdoor code, and the last digit gets sent off as a 0 to the host machine. -- http://www.piclist.com hint: The PICList is archived three different ways. See http://www.piclist.com/#archives for details. .