THC-Shagg
A modular application to bruteforce check digit algorithms
shagg-0.2.0.tar.gz
Last update 2003-08-31
[0x01] Introduction
Welcome to the mini website of the THC Shagg project. THC-Shagg is a
modular application to bruteforce check digit algorithms. It can be
used to gain information about serial numbers that use check digit
algorithms. Once THC-Shagg has analysed a set of serial numbers and
found matching check digit algorithms, it is able to generate
complete new serial numbers using a saved file containg the matched
states.
This page demonstrates the use of THC-Shagg in "daily" life and lists
some serial numbers, that have been successfully analysed using Shagg
[0x02] Documentation
THC-Shagg comes with a rather long README file that describes the
details about the analysis and generation of serial numbers with
check digits. Before you continue, read this file. The README file
also lists all available command line options and how to use them.
[0x03] Development & Contributions
You've found some serial numbers and were able to analyse the check
digit algorithms using Shagg. You've some new ideas, you know
something about fresh or still un-implemented check digit
algorithms. Contribute! And help us making THC Shagg more powerful.
Feel free to drop an email to Plasmoid, plasmoid@thc.org.
If you are interested in joining THC, why not write some new classes
for THC-Shagg or extend the current version to analyse Web session
IDs or other serial numbers? The source code for THC-Shagg is
bundled with the current release, so that you can compile it
yourself, if you want to.
[0x04] Examples
Following are examples that are bundled with releases of THC-Shagg.
If you haven't unjar'ed the java archive, those examples might be
new to you. All examples are artificial and have not been take from
the real world. It is necessary to note that especially the fake
VISA numbers are artificial and unusable.
Serial numbers | Found setup | Matched States File
------------------+-----------------------------+--------------------
Fake VISAs | XXXXXXXXXXXXXXXXXX Mod10 CC | fake-visa.mst
MOD10-7 Numbers | XXXXXXXXXXXXXC Mod10 | mod10-7.mst
| XXXXXXCXXXXXXC Mod7 |
If you like to play with the above examples, you can use the
provided files of matched state to generate new numbers from the
same type and re-run THC-Shagg over the new numbers:
Generating new serial numbers from a matched state file
$ java -jar shagg.jar -g mod10-7.mst > new.lst
Analysing the new list and store a new file of matched states
$ java -jar shagg.jar -s new.mst new.lst
Displaying old and new files of matched state
$ java -jar shagg.jar -g -L mod10-8.mst
$ java -jar shagg.jar -g -L new.mst
Usually the states of both files should match, but it is possible
that the new file "new.mst" contains even more states.
[0x05] Screenshots
(1) THC-Shagg displaying analysed check digit configurations for
a set of german Personal ID Card numbers.
(2) THC-Shagg at work crunching over a set of sample serial numbers.
[0x06] Real World Serials
The table below shows a list of serial numbers that were success-
fully analysed using THC-Shagg.
All serial numbers have been found within the web, no persons have
been robbed or cheated to give out these numbers. People have put
these numbers on private homepages, ebay auctions, etc...
We at THC are relatively sure that presenting some of these serial
numbers, the check digit algorithm they use and a file for the
generation of new serial number is not illegal. However we will
remove those serial numbers immediatly, if this turns out to be not
lawful.
Don't ask for serial numbers such as credit or calling cards as you
already know that generating fake credit cards is definitely illegal
in _YOUR_ country, wherever you live.
Serial numbers | Matched States File
----------------------------------------------+----------------------
IMEI numbers for Nokia mobile phones | nokia-imei.mst
EAN UCC numbers for some software products | ean-ucc.mst
ISBN numbers for some unix books | isbn.mst
Personal ID Card numbers from Germany | perso.mst
Keep it shaggin'.
Comments and suggestions are welcome.
Yours sincerly,
The Hackers Choice
http://www.thc.org
(1) THC-Shagg displaying analysed check digit configurations for
a set of german Personal ID Card numbers.
(2) THC-Shagg at work crunching over a set of sample serial numbers.
[0x06] Real World Serials
The table below shows a list of serial numbers that were success-
fully analysed using THC-Shagg.
All serial numbers have been found within the web, no persons have
been robbed or cheated to give out these numbers. People have put
these numbers on private homepages, ebay auctions, etc...
We at THC are relatively sure that presenting some of these serial
numbers, the check digit algorithm they use and a file for the
generation of new serial number is not illegal. However we will
remove those serial numbers immediatly, if this turns out to be not
lawful.
Don't ask for serial numbers such as credit or calling cards as you
already know that generating fake credit cards is definitely illegal
in _YOUR_ country, wherever you live.
Serial numbers | Matched States File
----------------------------------------------+----------------------
IMEI numbers for Nokia mobile phones | nokia-imei.mst
EAN UCC numbers for some software products | ean-ucc.mst
ISBN numbers for some unix books | isbn.mst
Personal ID Card numbers from Germany | perso.mst
Keep it shaggin'.
Comments and suggestions are welcome.
Yours sincerly,
The Hackers Choice
http://www.thc.org