We may have a problem here. My name is Larry Baker. I’m a seventeen year old high-school student and I think I’m losing my mind. Not in the “oh, this person is driving me crazy” kind of way. I mean in the “if I tell people about what I think is happening, I will be locked up and medicated” kind of way. I mean I’m losing my mind in the sense I’m not sure if reality is really real.
Let me start from the beginning. I am a computer nerd. I fancy myself a hacker. I submit patches to various open source projects and have a particular interest in security. I’ve made about year’s worth of college tuition through security bug bounties. A typical Friday night consists of me pen-testing interesting looking systems. Last Friday, I found such a system. Hindsight being what it is, I kind of regret it.
Last Friday I was poking around looking for a fun and interesting challenge. I found a machine running a lot of standard services, but not a web server. In my experience, these tend to be either infrastructure machines (routers or switches) or something more interesting, like something part of physical infrastructure. A powerplant or other public works. I started probing the services. They all seemed standards compliant--the service on port 22 was indeed ssh and the service on 21 was ftp. But I didn’t get software versions back. For anything. What weird-ass software is running on this system? It seems like it’s some variant of UNIX, but I’ve never seen anything like it. Geoip lookup says it’s a US system. Reverse DNS gives me nothing.
With nothing to really go on, but my interest piqued, I start throwing old exploits at it, hoping something sticks. A few hours in and I’ve exhausted my local supply of exploits and start researching more. While I do that, I fire up a password cracker. I have a normalized list of 10,000 of the most common English passwords and 10 of the most common usernames. It will literally take months to go through the whole list and each username, but I figure I might get lucky.
I’m about to give up but decide to take another look at running services. Everything is what it appears to be. Standard services on standard ports. Portmap’s running and I finally think, maybe they’re doing something silly, like auth-less NFSv3. I do a showmount and see the root filesystem is exported, but restricted by IP.
A few minutes with my packet generator and I’m seeing bits of the filesystem. I press my luck further and take a peek at /etc/passwd. Holy hashed passwords, Batman! Root! It’s hashed, with sha1 no less. A good chunk of my bounty money I spent on a high-performance cracking rig. I fire up ‘john the ripper.’ 16 cores and 2 GPUs with CUDA support shred that password in 45 minutes.
It was ‘ficus.’
Nice security, guys. Feeling deliriously triumphant, I attempt to ssh into this mystery machine as root and put in the password. Permission Denied. Crap. They probably disabled root from remote login. I have some other password hashes, so I try cracking them as well. It takes a few more hours. It’s 3am when I finally log into this SOB.
I was fully prepared to be disappointed--to find out this is just some forgotten file-store or incorrectly configured backup appliance. Something filled with data no one cares about, but is legally required to be retained.
What I got was more mystery. No sensible output from the uname command. No /proc/cpuinfo. It’s definitely not Linux. It’s not AIX or HP-UX.
Curious about the hardware, since none of the commands regarding hardware that I know seem to do anything, I go for a rough idea of the size of this thing with ‘free -h’. What was the total amount of RAM in this machine? I see under total: 1E99Y.
That’s gotta be a bug or error. Right?
I can’t find anything on the CPU. It doesn’t have the ‘file’ command, so I can’t see what the binaries are compiled against. And according to the free command, it’s essentially infinite RAM.
What the shit. I do not believe this. I switch to root (remember I had the password, just can’t login remotely). I don’t want to knock this system offline, but I’m a little bit rattled. I figure, I got the passwords, if it reboots I can just log back in. Just to be safe, I setup a new user as well as a little setuid shell so I can get back to root easily in the event someone changes the root password. Then I start writing directly to memory using dd. This will tell me how much RAM it actually has.
Holy shit this thing is fast. I blink and it says it’s written 3 Petabytes.
And then it happens.
I have a seizure or something, because my color vision goes away and I see--I’m not sure how to describe it--digital artifacts. But not on my computer screen. In my room. On my bed and the walls.
In what I can only describe as a Pavlovian response conditioned to all hell breaking loose, I mash Ctrl-C in my panic.
I blink again and everything’s back to normal.
Worried about my physical health, but not so inclined as to wake my parents and explain why I want to go to the hospital, I opt to just go to bed.
When I wake up, I check to see if I can still log in to mystery machine. All accounts are still accessible. I start digging around again, despite the gnawing sense of unease in my gut. I see a message show up on my terminal via the write command. “From root: Don’t cause problems. EOF.” And then my connection drops.
Crap. Busted. I always use a VPN to connect to a China-based VPS jump-box. So I’m not exactly worried about being tracked down. I try reconnecting. Connection times out. I ping the server. It’s gone. They took it offline?! Or Maybe just firewalled my IP. I try a different jump-box. Nothing.
Despondent, I throw in the towel and browse the web. The Internet is blowing up with news stories about “the glitch.” Last night, I wasn’t the only one who saw some strange stuff. Turns out everyone awake last night lost color vision and saw the world with corrupted textures. The religious people are acting like it’s a sign from God or gods or Satan. Scientists are trying to pin it on some sort of massive cosmic radiation burst that inexplicably stimulated our optic sensors all in the same exact way, but remained otherwise undetected.
It could just be a coincidence.
I don’t think it is.
Now, I have a theory. It’s fucking insane, but I feel it must be true as much as those religious people think God sneezed us into existence. I think I performed a virtual machine escape. Except the VM was not the server I hacked into; Hacking into that server was the VM escape.
I can’t even begin to process the ramifications of this. Overnight, I’ve developed a deep sense of paranoia. If my world is a simulation, does knowing the truth paint a marker on my head? If we’re in a simulation and my actions have disrupted whatever plans they have, will they rollback to an older snapshot and somehow remove me from the equation? Is the simulation deterministic or do they rely on some sort of randomization?
I could go on forever on what-if scenarios, but I’m honest to god scared of even thinking about this any more than I already am.
It seems like there’s something I should do, but I cannot tell anyone anything. I’ll just be one more unhinged voice in the cacophonous fallout of “the glitch.”
I need to find another one of those machines. There’s likely more than one, assuming they didn’t yank them all offline after figuring out what I did. They have to be in present in the presumed simulation for a reason, right? So it’s likely if there are more than one, they’re still accessible.
Time to go back to scanning the net.
