Steve Stonebraker

In 1995, a teenager called Happy Hardcore wrote AOL4Free, a binary patcher that let Mac users access AOL without paying hourly charges. We just disassembled both his patcher and the AOL 2.7 client it targets. Here is exactly how it worked. AOL’s Mac client is a 68k application where every byte of code lives in the resource fork as CODE segments. 57 segments, 721KB of Motorola 68000 assembly. The client renders UI using a proprietary language called FDO88, Form Definition Opcodes, the 1988 dialect. Every window, button, text field, and chat room is an FDO88 binary stream interpreted by the client. Happy Hardcore’s patcher contains no FDO88 data whatsoever. It is pure 68k machine code patches stored as ZAP resources, applied to the AOL executable and three Online Tools: Chat, File Transfer, and Mail. But here is what made it invaluable to us. His ZAP# resources name every CODE segment he patches: InitUnit, Libs, Events, P3, FormModifiers, Menus, MOPs. The AOL binary itself has no symbols. His labels gave us the map. The exploit targets a fundamental design flaw he describes perfectly: “It is the client’s job to close all of the other windows. It’s the client’s job to tell you you can’t IM and read EMAIL. The host couldn’t care less.” When you click Member Services, the client sends a P3 token to the Stratus servers saying “stop billing me.” Then the client’s FormModifiers segment, CODE 12, 28KB of 68k assembly, processes the FDO88 form for the free area and closes your other windows. The host trusts the client to enforce this. The FormModifiers patch is 2 bytes: 60 10. That is BRA.S $0012, an unconditional branch that jumps over 16 bytes of the original enforcement code. The code it skips is what closes your chat windows, disables your IM, and restricts you to free area content. With those 2 bytes bypassed, the client sends the billing stop token but never closes anything. The P3 patch is bigger, 460 bytes of injected code in the protocol handler. It intercepts the P3 data stream and periodically re injects “enter free area” tokens to keep billing suppressed. There is a CMPI.B #$15 instruction that checks for fdo$start (opcode $15) in the stream. It watches for new forms and re sends the billing stop token before each one renders. The Events patch injects two JSR calls into the main event loop, periodic callbacks that fire on every idle cycle to maintain the billing suppression state. Without these, the free area would time out and billing would resume. The Menus patch adds the “Hell” menu to the menu bar, 190 bytes that create a new MENU resource with two items: “Enable Ultrabomb” and “Secret Guide Room,” which navigates to a hidden AOL staff chat room called Center of the Earth. The Chat Tool patch is 3 bytes: 4E 71 60. NOP followed by BRA, skipping chat billing verification entirely. The Mail RSRC patch is 3 bytes: 3C 00 00. It modifies the Mail tool so the Send Now button does not dim after sending, enabling the UltraBomb macro to rapid fire mail at about one message per second. Each patched file also gets a vers resource stamp: “2.6Free v4 AOL4Free2.6 v4 by Happy Hardcore.” He signed his work. v4 added stealth after AOL found a detection method. From leaked internal AOL staff email: “These people are identifiable as stealing time. I think we have enough to go forward with legal action.” The response: “hand them over to the Secret Service.” His fix was only a few lines of additional code that eliminated the error patterns the Stratus logs were using. The irony is his patcher helped more than official documentation. The 1994 FDO88 manual gave us the spec, but his named code segments gave us the architecture. We used both to build a complete FDO88 compiler, disassemble the 68k client, extract 44 P3 tokens, and map the full connection flow toward getting Dialtone to serve real AOL 2.7 clients. A teenager’s weekend project from 1995 turned out to be the best reverse engineering documentation we had. https://t.co/feai5Ge1Ti

We built a desktop-in-a-browser that runs autonomous AI tax agents. The UI is a full window manager -- draggable, resizable windows with a taskbar, folder system, and real-time agent terminals. React 19 + Zustand, no Electron. Everything runs in the browser tab. Under the hood: Go backend, chi router, PostgreSQL, SSE streaming for live agent activity. https://t.co/vYRBlHfgQ8

Warcraft 2 multiplayer running in Edge and Safari, connected via emulated IPX networking. No plugins, just browsers. New in Dialtone: Network zones with shareable auto-join links. Hardware cursor rendering that reads the same memory addresses a real Mac uses - System 7 RST vectors, 16x16 bitmaps, masks, hotspots - rendered as CSS cursors with 1:1 fidelity. The cursor was broken since launch. Now it finally feels like using a Mac, not watching one.