Remembering AOL’s FDO91 Programming Language

Back in 1999 I cofounded AOL-Files.com, which eventually grew into the largest AOL hacking site of its kind.

One of the primary methods we used to discover exploits in the AOL software was by writing our own script’s using AOL’s Form Definition Order (FDO) programming language. From the AOL-Files FAQs on FDO:

FDO stands for Form Definition Operator. AOL communicates using this programming language. For example, after clicking any icon or button in AOL, FDO code is sent by the AOL system and interpreted by your AOL to create a window. So, the FDO language is the language used to describe forms on the AOL client. This site has focus on learning how to program in FDO and provides a surfeit of examples and tutorials for those who want to learn.

When BMB, Rob, and I started AOL-Files, FDO was all but unknown outside of the AOL development teams.

We did not have any official documentation, but through lots of experimentation we were able to figure out how FDO worked and eventually how to use it to discover holes in the AOL software and service.

Here, for example, are three tutorials I wrote back in the day as an introduction to FDO91 (the version of FDO in use at the time):

To give you an idea of how much we sought after an official manual, I wrote this in the first lesson:

FDO tutorials are unheard of. I have heard rumors that very few people at AOL have the FDO91 Manual. I will pay money for any professionally written, extensive, and full tutorial. Name your price.

A little dramatic maybe, but we really did want the official manuals. Rather than reverse engineer it through experimentation, an official manual would tell us exactly what did what and with that information we could discover exploits at a much faster rate than ever before. Alas, we never got ahold of one and had to make due with figuring it through trial and error.

Why mention all this now? A friend recently pointed me to this photo on Flikr by Joe Loong:

We have:

  • Building an Online Service
  • New Building User’s Guide
  • Editorial Plan
  • FDO91 Manual – Volume 1
  • FDO91 Manual – Volume 2
  • Information Provider’s Guide
  • Bringing Information Online Using Rainman (more info on Rainman here)
  • FDO88 Manual

Wow. Only 12 years too late :)

AOL-Files Head Nod

I love running into folks that remember AOL-Files:

To be honest, my Dad gets the nod for buying me a VB book that included VB5 back in 5th grade (1997). But, I’ll have to say that you (with that AOL-Files.com site) and this guy named “Oogle” inspired me with the “hacker” curiosity by about 6th grade. In this case it was all black-hat though =)

From a HacherNews post about how folks got started in programming.

Good times.

Adrian Lamo AOL-Files Profile

Adrian Lamo, the hacker who turned in Bradley Manning, a 22 year old Army Specialist who submitted classified documents to Wikileaks, used to be heavily involved in the AOL hacking scene many years ago.

Here’s his AOL-Files.com profile when he went by the name Magus:

Inverview taken on: 1/12/01

What is your primary handle? I’ve gone by Magus since I first started using online services – at the time, bulletin board systems – in the early 90’s.
What are your current AIM screen names? Line Trace
What is your e-mail address? adrian@adrian.org
Do you have a web site? inside-aol.com, terrorists.net, securid.org
What is your real name? Adrian Lamo. . if you want to be technical, its the Doctor Reverend Adrian A. Lamo, Ph.D . . Doctor of Divinity and minister through the Universal Life Church, the grandma of all diploma mills everywhere. . .i don’t take those seriously, and don’t expect anyone else to, but i put them on my resume and my business cards to make a point of my disdain for the certification and educational process.
Where do you live? i move around alot .. i like to travel, and have lived on both coasts, and spent a couple years in south america. . i’m in transit right now. . but am based out of San Francisco.
How old are you? 19
What are your hobbies? i like to break and explore. breaking things is integral to the progression of technology. . people accuse me of being directionless, but i think its important to drop dynamite into the pond sometimes, to see what floats up. in my copious free time, i like to explore abandoned buildings and sewer systems, as well as exploring occupied buildings – its amazing how many security guards will escort you up to the roof of a skyscraper if you only ask, or won’t even stop you if you look like you know where you’re going. . urban exploration is definitely a big passtime. one of the reasons i like to travel, too., i used to be involved in local activism and whatnot. . worked with the city government, stuff like that. . i’m massively disinterested in politics now though.
How would you describe your physical appearance? scrawny geek ; )
What do you hope to do as a profession? same as i do now. . short term, interesting contracts for worthwhile places. i’ve been working since i was 16, and have run through a pretty big variety of jobs and contracts. . most of them designed to be short term .. i did a 3 month security audit for a fortune 500 company once, that was probably the most interesting. . but i’ve worked for everything from nonprofits to law firms to private investigation firms. . i set up a Netzero account for one of kevin mitnick’s former attorneys at one of them, of all the ironic things. . thats the sort of thing i want to keep doing. i don’t want to be stuck behind the same desk all my life, working at the same place until i have too much invested in what i’m doing to be able to do anything to risk it.
How long have you been on AOL? used the service briefly when i was younger, when it was known as Quantum Link, and i was playing around with my commodore 64. . but i didn’t start to really use it til the mid-90’s. . i used AOL 1.6 for DOS/GeoWorks for the longest time, and actively resisted going over to the Windows version until they started disabling features one by one. .they eventually sunsetted it altogether in June of 1999. So. .something like 7 or 8 years now.
How much time do you think you spend online each day? it varies. . .depending on where i am and what i’m doing. sometimes, if i’m interested in something, i’ll spend days online nonstop. . sometimes i’ll spend days without touching a computer. on a really average day, anywhere between 4 and 12 hours ;x
What programming languages are you familiar with? i don’t really program. the only languages i’ve worked with are x86 assembler and OPL for the EPOC16 palmtop OS.
What do you spend most of your time online doing? breaking and exploring -=)
Who are your good friends online? They know who they are.

AOL-Files Fanfare on Digital Gangster

Ten years ago I helped cofound AOL-Files.com, a website devoted to finding and exploiting holes in the America Online service. Together, Rob, BMB, and I grew AOL-Files into one of the most respected community of amateur hackers on the net.

Recently I started Googling for information about the site, to see if anything other than the archive on this site was still online. To my great surprise, the site is still talked about regularly on hacker forums.

Digital Gangster, the most notable of the lot, appears to be where a lot of the former AOL-Files crew migrated after it was taken down.

Here are a few excerpts:

yes I do, you used to hang with the aol-files crew we used to chat on rob’s irc server and talk about hax0ring the world

O0O, April 2007

O0O was a major contributor to the site and eventually one of the staff. The word “brilliant” comes to mind when I remember his work.

i edited my aim 5.1 by learning the hex offsets via tauville from aol-files

mx, July 2007

I went by the alias Tau back in those days — never heard the term tauville before, but I think he’s referring to some of the articles I wrote. Glad to help!

There was a long discussion in 2007 about an article that appeared on Wired about a hacker named Smokey, the “self-professed ringleader in the AOL hax0ring scene”. There’s a lot of discussion in the thread about AOL-Files while they try to determine the accuracy of Smokey’s claims. O0O sums it up pretty well:

The only Smokey I remember from back in the day was a coat-tail rider of some of the old AOL-Files crew. The guy was a young newb that knew less than Cam0.

There are also several threads dedicated to people posting their old AOL-Files profiles:

In March 2008, omer downloads AOL-Files from Archive.org and posts a link to it:

thanks to webarchive.org ive been able to get a lot of documents from aol-files.com from 2001. most important thing is that ive recovered A LOT of the FDO documents/tokens/keywords/arguements/SOFTWARE (which is already on my site ) and including the People’s list, (which im sure a lot of you readers can find your names/handles on there.) I know a lot of you will look at it and be like what the fuck? Thats okay because i think i did an okay job with at least in some perspective bringing it back to life. and i made it for fun so <^> . Enjoy!

Later in the thread there’s some discussion about when AOL-Files.com launched in relation to Observers.net. O0O sets the record straight again:

In April `99, Moo/Brat and other ex-CLs filed their Department of Labor complaint asking the US GOVT to rule that CLs should be paid a wage, that they weren’t really volunteers, but workers in a sweat shop. I never really agreed with them and their interpretation of the law, but went with it cause it gave AOL bad press. This got Observers alot of mainstream media attention, etc. It was also Kelly’s shining moment in the spotlight, her 15 minutes of fame. Over the next year, Kelly took over more control of Observers, by the end of the year she owned the domain, paid for the webhosting and all the original staff had left. She brought in her own lapdogs and slowly ran the website into the ground with overt censoreship of the forums, not letting anyone ever criticize here or exercise an opinion opposite of hers. Around that time aol-files sprung up and all the real deal hax0rs moved over to those forums and eventually their IRC.

and

The Obs forums died once Kelly started censoring them in late `99. Newriot wasn’t even around until late `99 if I remember correctly. That website was pretty fuckin stupid and the forums there were filled with script kiddies who thought they were badass cause someone taught them one of the 6 methods to jack an AIM. AOL-Files was the best website/forums ever regarding AOL shit.

Newriot…wow… memories.

and

Good times while it lasted, AOL-Files was way better though, definately the best of all sites and the best msg board for the scene.

In June 2007, a2 posts another link to the archive.org version of AOL People, which people nostalgically browse through and post their old profiles.

i forgot who was in charge of that but i think you just had to email the template filled out to like people@aol-files.com

Rather than create a form that let people post their information, I had everyone email it to me and then I manually went formatted them and created pages for everyone. What a major pain in the ass.

From March 2009:

aol-files is still up if you guys didn’t know matt kept most of the archive up and the members and the database of aliases oh don’t we miss them days

And in October 2008, after I post the AOL-Files archive on this blog, people discover more profiles. The common response when people see their old profiles is “wow, I can’t believe I wrote this”. I wholeheartedly agree.

Good times.

AOL Modal Tool

I recently received this email:

I was sitting here yesterday talking with a friend and remembering our own good ole days when Modal Tools by Tau got brought up. We talked about what a great program it was, but how impossible it is find anymore. i stumbled across your archive site and got a small thrill thinking that aol-files.com was actually in existance still/again. i quickly realized it was archived but had to keep reading for nostalgia.

I eventually came to a part that said “if you remember aol-files.com send me an email”. So, heres that email and a shout. And, a small request i hope you might be able to help with. While we may have stopped the childish games, Modal Tool 2.0 still has simple uses and we have been hoping we could find a copy. If you happen to still posess that, it would be great if you could email it to me or just link me to it somewhere. I would greatly appreciate it. And hey, thanks for giving us (once upon a time) aspiring aol hackers neat stuff to play with back in the day.

There was a certain type of window on AOL called a Modal or specifically, “_AOL_Modal”. They looked like this:

Whenever an AOL Modal popped up you had to act on it before you could do anything else with the AOL client. Most windows in the AOL class hierarchy fell under the “AOL Frame25” class, which was basically the entire AOL client. Modal’s were a different breed. They were a separate entity and they could not be moved, resized, or hidden. This is from a tutorial I wrote back in the day on AOL Class Names:

AOL Class Hierarchy circa 2001

Over time people figured out that you could do some interesting things with some of the modal windows.

For example, AOL did not charge you for the time you spent creating a new screen name. They simply disabled the rest of the AOL features until you were out of the area designated for coming up with new names. For people who had unlimited usage billing plans, this didn’t really matter. But at the time (1998ish), a lot of people still paid per hour. Someone figured out that if you simply hid the AOL Modal that was open when you were creating a new screen name, AOL still through you were in the create screen name area but you could still use AOL like normal.

Clever, huh? I seem to recall that AOL sued the guy who popularized this method of avoiding charges, but that may have just been a rumor.

Modal Tool was a small program written in Visual Basic that made it easier for people to figure out how to do things like that. It let you explore the contents of AOL Modals (they often had hidden controls), disable them, hide them, etc. I think it was a fairly widespread tool within the AOL hacker community at the time.

Here’s what it looked like:

Not sure if it works on newer versions of AOL (the last time I used it was around 2001), but you’re welcome to download it if you want to play around with it: Download Now.

PS – If you’re looking for a generic program that lets you explore the contents of any window (not just AOL Modals), I highly recommend Winspector.

Exploits Online, AOL-Files.com’s Precursor

Exploits Online was created on February 5, 2000 and put on the web on April 20, 2000, in hopes of providing AOL members with the information they never knew they wanted to know. Exploits will bring you up to date information on AOL exploits and information about the ensuing America Online version 6.0. With so many people on AOL, new exploits are being discovered daily. The goal of Exploits Online is not to harm AOL in any way; just to make it more interesting to its members.

Over the next few months I’m going to work on documenting some of my programming projects. The work, which ranges from about 1998 to the present, will be a portfolio of sorts. It’s not all glamorous and and not all great, but it’s led me to where I am today and for that I’m thankful.

My first website, Exploits Online, was dedicated to hacking America Online. I began it in early 2000 and it eventually evolved into what became AOL-Files. The site was located at ieetfools.com/tau and I’ve uploaded what I have of it here:

Exploits Online Archive

At the time, I was 14, which is both frightening and amazing to me now.  It’s terrifying because that work danced on legal and ethical line. One of the main objectives of our work was to acquire, often by deception, quality screen names. Also, if you check under the Collections link, you’ll see a screenshot titled “Invalid credit card number by Fila”. The screenshot shows Fila, who I don’t remember now, getting an account rejected because the stolen credit card he used had been terminated. A common practice, though one I never participated in, was to steal credit card numbers using phishing techniques and use them to create AOL accounts. The prospect of stealing a credit card number or using a stolen number, thankfully, mortified me.

There’s lot of interesting lines from this site, which I recall now with nostalgia:

This Friday, June 2nd, I will be leave for my dad’s place up in Conneticut and I will be staying there for five weeks.

While at my dad’s place I’m going buy some books on Java, CGI, and the ilk and will learn from them. So, when I have a domain the interface will include menus and some more advanced features than I currently know.

I wish you all the best over the summer and my advice to you is to get out and live your life. I doubt anything will change much while I’m gone. A recent study found out that 34% of teens are on the computer five or more hours a day. Thats scary. All of you into AOL exploits: what is your goal? At first I got into this because I wanted a two character screen name or an indent. But then I thought about it and who cares? It’s a nice thing to brag about but if you think about it, its not that great. I’m cutting back on online time. I started running too. I run one and a half miles a day now. It feels great. So, all of you need to get out; have fun.

That post implies that living life is something entirely distinct from the work we were doing. I realize now that this is not the case. Despite the words, I never really “got out” in the way I meant it there. I vividly recall being at my father’s apartment that summer and writing in a notebook the words for the About section for what would later become AOL-Files.

In fact, on every vacation I’ve been on since then I can remember brainstorming in a notebook about whatever project I was working on at the time. For example, after I graduated in 2007 I went to Europe with some friends… I brought along a book on Two Person Game Theory and probability for a poker bot I was working on. On my honeymoon earlier this year I brought Simply Javascript and Founders at Work. In a week when I go home for Christmas I’m bringing Agile Web Development with Rails, Here Comes Everybody, and Quick LLC. Creation, I have found, is what drives me, but that’s a story for another post.

Looking back at the exploits I wrote about, they range from really, really stupid (see How to Instantly Close AOL) to pretty good (see Screen Name Cloning Tutorial and AOL Class Names Tutorial). And the Thoughts section is a misnomer, since everything there is basically a poorly worded rant.

BMB first contacted me after he saw Exploits Online being advertised in a chat one day. We had common interests and eventually decided to make AOL-Files. Ultimately, that partnership proved to be the most important result that came out of this site.

O0O, a really sharp guy I met through AOL-Files, made a comment in a May 2007 post on Wired regarding a guy I knew well named cam0, who never really grew out of the childish hacking phase (this is the same cam0 that hacked Paris Hilton’s cell phone and LexusNexus). This portion of the post is great, not only because O0O gives BMB and me a head nod six years later (brag), but because it’s the same thing I feel when I hear about people still trying to hack AOL:

Ri, Smokey and whoever else still in the scene that is reading this. This crap aint worth it. At the end of the day you may look back at these days as alot of fun, but that’s only until you get caught or you realize that you wasted time that could have been spent chasing women or drinking beer with buddies.

I left the scene in 2002, I was 20 years old, and I haven’t looked back since then.

Its fun to think about the “good ole” days, but in my time we weren’t fighting over screen names. It was about exploring, information sharing and discovering something no one else knew. You guys sit around all night suspending each other, cracking “3r33t” sns and arguing over who is leeter.

I will tell you right now authoritatively that if your name isn’t one of the people I mentioned in my last post, you are nothing. You won’t be remembered by anyone unless you get arrested. No one cares about AOL or what you can or can not do. You aren’t finding anything new with the service that wasn’t already figured out ten years ago. You’re wasting your time and your effort. If you’re somehow getting a high off having a cat and mouse game with opssec, then God Bless you buddy for having absolutely no life.

Smokey for the record is not out hax0ring the world with BMB/Tau, etc. Ri, I don’t know who you are, based on some of your bad facts you can’t be too old in the scene, but I would hope you dont make AOL your full time hobby. To every other 15 year old reading this, telling a girl you own a 3chr aint going to get you laid.

Hacking the world… gotta love it.

AOL-Files Fanfare

The site’s modest traffic spiked a few days ago. Using Google Analytics I tracked down the incoming traffic to a site called digitalgangster.com, a community of online misfits (not unlike AOL-Files once was). Someone posted a link to their AOL People profile and asked everyone else who had one to do the same. Surprisingly, a lot of people on the forum seem to have been involved in the AOL-Files movement.

One poster, wrote the following after checking out his profile:

god damn, i barely remember this shit…what teh fuck was i thinking when i did this…lol

Amen to that.

I’m happy to see others enjoying the trip down memory lane —