This stuff is totally unsupported. These are various excerpts from posts, text files, other magazines, etc. that I have found in my travels. I have tried to at least give the author credit, but the magazine or text file it originally appeared in is not always easy to find out. (These are unedited for the most part so my apologies for lack of spellng, grammar, etc)
 
Creating users on a Hotline server from an application:
In the absense of any Application Programming Interface for Hotline that doesn't use the dreaded AppleScript, programming third party utilities can be very difficult. In the development of a recent utility for my server I found the need for a function that created new users from membership requests in the news. The prospective member posts a request in the news in the form of,
USER:NewHotlineMember
PASS:MyPassword
Each week the new users are created by running the application which parses the Hotline Server 'News' file for membership requests.
At the moment, this code extract (which does the job of creating the new user) is fairly primitive. Essentially, it takes two parameters. These describe the id number and the type of a resource in which an appropriate 734 bytes of 'UserData' (as found in a UserData's Data Fork) can be found. Firstly, the code could be easily modified to create a new user in any server application on the machine. All this would really involve would be to edit the call to CreatorTypeFileSearch() to return an array of FSSpecs rather than only one. Also, special file areas for the new members can be added by simply creating an alias to the new files section and placing it in their folder.
To use the code, various extra functions are needed. Firstly, pstrcpy() is needed. If you don't have it, write it. All the function does is to copy the pascal string in the second parameter to the address in the first. Most importantly, Apple's developer package MoreFiles version 1.4.5 (or better) is needed. The package is freely available from Apple Devworld, you should be able to find it by searching on any of the Apple Developer web or ftp sites.
vRefNum = info.sysVRefNum; // Get vRefNum of main disk.
datahdl = GetResource(resType,resID); // Get data from rsrc
pstrcpy(login,(*datahdl)+665); // copy the pstring at 665 to login.
if (CreatorTypeFileSearch(nil,vRefNum,creator,type,&userdir,1,&count,true)==noErr)
{
// Found HL server application
// Select 'User' folder
if (FSMakeFSSpec(vRefNum,userdir.parID,"\pUsers",&userdir)==noErr);
// Get it's DirectoryID
if (FSpGetDirectoryID(&userdir,&theDirID,&isDirectory)==noErr);
// Specify a new folder called login
if (FSMakeFSSpec(vRefNum,theDirID,login,&userdir)==fnfErr);
// Create it.
if (FSpDirCreateCompat(&userdir,0,&theDirID)==noErr);
// Specify a file in folder called 'UserData'
if (FSMakeFSSpec(vRefNum,theDirID,"\pUserData",&userdir)==fnfErr);
// Create the new file
if (FSpCreateCompat(&userdir,creator,userdataType,1)==noErr);
if (FSpOpenDF(&userdir,dmRdWrDenyRdWr,&refNum)==noErr);
// Open it
{
size = GetResourceSizeOnDisk(datahdl); // How big is the data
FSWriteNoCache(refNum,&size,*datahdl); // Write data to open file
FSClose(refNum); // Close File
}
}
} // end Add Hotline User
- °Agam -X-
 
More on the UNIX History File:
An extention to the information in the last issue of HackAddict
regarding the history file in UNIX. Create a file called ".bash_profile"
using a text editor. I recomend the following line: "pico .bash_profile" because I like pico. Type "unset HISTFILE" and save the file. This will eliminate the ".bash_history" file from your account forever.
- Phreakout
 
Cracking Hotline UserData Files
You will need a datafork editor or my application: HLUserDataEditor (included)
Most of the information stored in the UserData files is easily read. The account name and login are visible at offsets (in decimal) 530 and 666 respectively. However, the password and the account privileges are somewhat encoded. The account password starts at offset 702 and is encoded. The encoding algorithm is like this:
For the example we will use the password “aaa”
The ascii code for the letter “a” is 97
so then you would do this:
255-97=158
and 158 is the acsii code for û
and that is what will show up in the UserData file.
Now the account privileges are a little harder. They are stored between offset 4 and 8. Each privilege has an ascii number at a one of the 4 offsets (or columns). At the end of this article are two charts that will help explain this. Example:
If the user was allowed to download, upload, and get user info then the UserData file would look like this:
hex-{60 00 00 80}
ascii-{` Ä}
If you look at my chart you will see that the privledge "Can Download Files" adds a 32 to the first column, Can Upload a 64 to the first column, and "Can Get User Info" a 128 to the fourth column. When Hotline puts the privs in a file it adds up everything in one column and then writes the ascii character for that number to the file. Knowing this you will see that the ascii character for 32+64 is ` and for 128 Ä. If you are smart you can figure out a way to take the ascii number for the character in the file and figure out which privs have been selected for that user by using only the chart, your brain, and a datafork editor. If you aren’t that smart or just lazy, use my application.
UserData Priv Charts by °Catalyst∆
1
{32}{0}{0}{0}
2
{64}{0}{0}{0}
3
{0}{0}{0}{64}
4
{128}{0}{0}{0}
5
{16}{0}{0}{0}
6
{8}{0}{0}{0}
7
{0}{0}{0}{8}
8
{4}{0}{0}{0}
9
{2}{0}{0}{0}
10
{1}{0}{0}{0}
11
{0}{128}{0}{0}
12
{0}{0}{0}{4}
13
{0}{0}{0}{2}
14
{0}{0}{0}{1}
15
{0}{2}{0}{0}
16
{0}{1}{0}{0}
17
{0}{0}{128}{0}
18
{0}{0}{64}{0}
19
{0}{0}{0}{128}
20
{0}{0}{2}{0}
21
{0}{0}{1}{0}
22
{0}{0}{8}{0}
23
{0}{0}{4}{0}
24
{0}{64}{0}{0}
25
{0}{32}{0}{0}
26
{0}{0}{0}{32}
27
{0}{0}{0}{16}
File System Maintenance
1,32 Can Download Files
1,64 Can Upload Files
4,64 Can Upload Anywhere
1,128 Can Delete Files
1,16 Can Rename Files
1,8 Can Move Files
4,8 Can Comment Files
1,4 Can Create Folders
1,2 Can Delete Folders
1,1 Can Rename Folders
2,128 Can Move Folders
4,4 Can Comment Folders
4,2 Can View Drop Boxes
4,1 Can Make Aliases
User Maintenance
2,2 Can Create Users
2,1 Can Delete Users
3,128 Can Read Users
3,64 Can Modify Users
4,128 Can Get User Info
3,2 Can Disconnect Users
3,1 Cannot be Disconnected
3,8 Can Read News
3,4 Can Post News
2,64 Can Read Chat
2,32 Can Send Chat
Miscellaneous
4,32 Can Use Any Name
4,16 Don't Show Agreement
- °Catalyst
 
Another Method of Defeating MacControl
If you hold down the control+apple keys and double click on any of the system folders they stay open instead of closing right away.
