Didier Stevens

Thursday 19 April 2007

How did you get your start?

Filed under: Personal — Didier Stevens @ 13:15

In response to Ron Woerner’s “tag”, here is an out-of-cycle blog post on how I got into computers.

I must have been around 10 years old when I started to play with tape decks, radios, speakers, microphones, telephones, … I would connect them together in various ways and observe the results. This lead to my first hack: I discovered that I could use a speaker as a microphone! Thrilled that I could discover things on my own, and that it’s possible to use electronic appliances for other purposes than designed, I started to experiment and have ever been busy since.

I was 12 when I programmed my first computer. My parents bought our first game console, the Philips Videopac G7000. It used cartridges to play games, and I had asked for a computer programming cartridge. This cartridge used a virtual assembly language, and I started to write small programs with simple animations and sounds, but I soon ran into the limits of this platform (memory and no way to save the programs).

Next computer was a ZX81 that I programmed in Basic, but again, I was soon limited by this platform.

Then came my Apple IIe with floppy disks drives. My parents had to take out a loan to buy it, and I’ve always been grateful that they went to such a length, because my Apple has been instrumental in my development as a programmer, electronic engineer and hacker. I started in Basic, and then in machine language (6502) for performance. And it really was machine language, not assembly language (I had no assembler when I started). I wrote my programs on paper sheets in opcodes, and then manually translated this program to hexadecimal code. That’s when I really began to understand how computers worked, and I also started to reverse the monitor, the Apple DOS and other programs and started to hack. I was a big Ultima player, but I found the levelling of characters boring. So I discovered how to change the saved data and patch the program to become invincible.
The Apple IIe was also a dream machine for hardware hacking. It had a bus with slots to plugin IC cards I soldered together. I made several I/O cards (TTL input/output, and A/D and D/A converters).

I obtained an account on a Unix HP9000 machine when I started my electronic engineering studies. That’s when I was first introduced to computer security. A multi-user/multi-tasking operating system that upholds the CIA tenet, requires user accounts, passwords, file permissions, … I needed to understand how this worked, how they pulled it of to implement these security mechanisms on a computer. And after I started to really understand this, I soon discovered ways to work around it.
This is also the time when I learned about the human aspect of security. Our Unix computer also ran the local school BBS. I found out that the BBS passwords were less protected than the Unix passwords, and, most importantly, that students often used the same password for both systems.

Then, in 1991, I started working for the Belgian Telco (called RTT back then, now it’s Belgacom). It was a very interesting job: I had to program AutoCAD in Lisp to make drawing programs for telephony cable schematics. We used high-end PCs with DOS as CAD stations. They were not networked together. The only security issue we had was the occasional virus on a floppy.

It’s from 2000 on, when I left Belgacom and joined Contraste Europe, that I started to get involved in IT security. I started with technical aspects of security, for example I’ve worked on a back-end system developed with Microsoft technology: VB, ASP and MS-SQL, which had its own authentication and authorization mechanism. And later I became more involved with non-technical elements of the security process, like policies.

Thanks Ron for this opportunity to take a walk down memory lane. I hope that the following people, that I challenge to write a blog post on how they got started, also enjoy writing about their start:

Blog at WordPress.com.