

Morris Worm Decompiled (1988) - paran
http://www.foo.be/docs-free/morris-worm/worm/

======
jluxenberg
Excerpt from the Wikipeida article about the worm's author:

 _Morris is an American professor at Massachusetts Institute of Technology. He
co-founded the online store Viaweb, one of the first web-based applications,
with Paul Graham._

<http://en.wikipedia.org/wiki/Robert_Tappan_Morris>

~~~
pg
He also wrote a good chunk of the code you used to post this comment.

~~~
brfox
<http://news.ycombinator.com/user?id=rtm>

------
jey
This looks like it's not the original source code and was just reconstructed
by hand from a disassembly/"decompile" of the worm.

~~~
gnosis
Just out of curiosity, what makes you think that?

~~~
sparky
The comments, mostly. For example:

    
    
        object objects[69];				/* Don't know how many... */
        
        /* This report a sucessful breakin by sending a single byte to "128.32.137.13"
         * (whoever that is). */
    
        /* This appears to be a structure unique to this program.  It doesn't seem that
         * the blank slots are really an array of characters for the hostname, but
         * maybe they are.
         */
    
        /* There are pieces of "stub" code, presumably from something like this to
           get rid of error messages */

~~~
percept
>>(whoever that is)

Berkeley, apparently.

------
RodgerTheGreat
If anybody's curious: <http://en.wikipedia.org/wiki/Morris_Worm>

~~~
wdaher
More hilarious, though, is the local news coverage of the event:
<http://www.youtube.com/watch?v=G2i_6j55bS0>

~~~
percept
I love the taglines (somebody make this movie!):

"The students were safe. Their computers weren't."

"The suspect, somewhere, a dark genius."

"I suspect it's an 'A' student. A good 'A' student."

------
bluesmoon
Don't forget his father Robert T. Morris Sr., who wrote the passwd program for
Unix and worked at the NSA when the worm got loose.

------
bediger
This isn't the actual source code. As far as I know, only a small piece of the
real worm's code ever got published, and that was in the Cornell Report,
Cornell University's post mortem. This isn't the code in the Cornell Report.

Someone in 1989 or 1990 ran an ad in the back of "2600" magazine, selling the
source code on paper. I bought a copy back then, I can remember the date
because of the apartment I was in when I read the code. I think the "2600"
version is the same as this one, but with someone different header comments.

I have a copy of this code from a tar archive with date of 1991-06-05 on it,
so it's been floating around the Internet for almost 20 years at this point.

------
tylernol
@gnosis and sparky,

text offsets are also put in comments next to the function declarations. For
example: "h_clean() /* 0x31f0 */"

~~~
generalk
@tylernol: you know this is a threaded conversation forum, right? Click
"reply" (right under the comment you want to discuss) next time, and your
comment will be nested properly.

------
cloudwalking
I wonder how he devised (or found) the list of potential passwords
(cracksome.c.txt)

------
allenbrunson
according to legend, this was supposed to be merely a proof of concept, but a
bug in the code caused it to replicate uncontrollably. does anybody know what
that bug was?

~~~
jackowayed
> _The worm could have determined whether to invade a new computer by asking
> if there was already a copy running. But just doing this would have made it
> trivially easy to kill; everyone could just run a process that would answer
> "yes" when asked if there was already a copy, and the worm would stay away.
> The defense against this was inspired by Michael Rabin's mantra,
> "Randomization." To compensate for this possibility, Morris directed the
> worm to copy itself even if the response is "yes", 1 out of 7 times.[2] This
> level of replication proved excessive and the worm spread rapidly, infecting
> some computers multiple times. Morris remarked, when he heard of the
> mistake, that he "should have tried it on a simulator first."_

-<http://en.wikipedia.org/wiki/Morris_worm>

~~~
m-photonic
"One in seven?! rtm, you jerk! Why seven?"

Excerpted from the book _Cyberpunk: Outlaws and Hackers on the Computer
Frontier_ (published 1991). The quoted speaker is Paul Graham.

------
siegler
tar ball <http://www.foo.be/docs-free/morris-worm/worm-src.tar.gz>

