At this point, a lot of people have probably seen the Cthulhu-style dread horror series Stranger Things. If not, that is Lemon Grab unacceptable but I’ll let it slide for now. You will still be able to follow the gist of this blog post.
As I was catching up on the second season of Stranger Things, there was a brief scene involving Sean Astin’s character, who as an actor is probably one of the most quintessentially 80’s people still in existence . Astin needed to regain control of the security system of a building in order to unlock the entrances. To do so, he had to brute force a four-digit PIN password… by writing a computer program in BASIC.
For readers unfamiliar with BASIC, it was effectively a high-level programming language that was ported in various degrees of standardization to almost every possible computer system imaginable, from Commodores to IBMs to Apples. Like Prince of Persia, you could find BASIC everywhere – my personal favorite version was BBQ-BASIC, which is what George Foremen grill’s firmware was written in. The idea was that you could *theoretically* write a single BASIC program with a high level of cross-platform support.
Naturally, I paused the show and immediately took a screenshot with what looked like the finished BASIC program.
By TV and film standards, this is relatively legit BASIC code simulating a brute-force attack, though there’s a bit of handwaving going on here. You can see it checks the password against a subroutine called checkPasswordMatch but it’s not really defined anywhere. Additionally, since FourDigitPassword has been dimensioned as an integer it won’t be padded correctly, aka, getFourDigits (0, 0, 0, 1) would cast to 1.
Here’s a recreation of the code with some minor modifications to allow it to run reasonably correctly.
Astute observers will note the dollar sign suffixed to the variable A. The Microsoft variants of BASIC used a dollar sign to indicate that a variable’s data class was a string, otherwise, it would default to numerical.
There’s also a delay placed in the innermost loop since on any halfway modern machine this code is going to execute instantaneously. We can’t really use the sleep command, since it only takes an integer representing the number of seconds. The solution is either to add an arbitrarily long waiting for-loop, or build the program as an Electron app. (BURN BURN BURN TO THE GROUND)
And finally, this is what the program looks like when executed:
Now normally, you might question BASIC as a practical language for purposes of pen-testing, but as can be seen from this short CSI clip, I think it’s fairly evident that BASIC has always had a rich history of being employed by hackers.
How did you learn BASIC?
Like most people, I learned how to program in BASIC from a mustachioed machete-wielding British gentleman whilst on safari. If I remember my history correctly, it was Livingston that first sighted a copy of QBasic in the wild during his expeditions through the dark continent of Africa.
And I don’t want to brag, but I had a copy of Microsoft BASIC PDS 7.1 (Professional Development System) and that was major nerd bling with its OS/2 compatibility. I still list it on my CV under skills alongside my D&D character level and my high score in Galaga.
How do I get started?
The fastest way to get setup is to download QB64 available for Windows, Linux, and Mac. Be aware that it’s not entirely faithful to the original, since QB64 produces compiled executables and does not (to my knowledge) support the ability to run line-by-line in an interpretative fashion – which is what made QB seem so incredibly magical; it was an editor, compiler, documentation and sandboxed environment all at once. Worry not however, all your favorite command statements are still there (I’m looking at you BEEP). Alternatively, if you’re willing to do a little more legwork, you could also install QuickBasic 4.5 using DosBox.
 With the exception of RGB2 from Regular Show who could only survive by breathing cans of air from the 1980s.