💾 Archived View for gemini.spam.works › mirrors › textfiles › hacking › ph.txt captured on 2021-12-04 at 18:04:22.

View Raw

More Information

-=-=-=-=-=-=-

                                                P-Hack Documentation Page 1
 ---------------------------
| P-Hack 1.0 Documentation. |
 ---------------------------

Hello everyone, and thanks for trying P-Hack.  I think that all you SERIOUS
phreaks out there will find this as usefull and great as I think it is (but 
then I AM the author!).  Because I designed this for the serious "hobbyist", I
won't go into a long string of bullshit describing what an extender is - I'll
assume everyone who will be using this has a pretty good deal of knowledge
related to phreaking.  I'll go through each section of the program, describing
just what all those options you see on the screen mean, what keys you can 
press, etc.  I hope you enjoy P-Hack, and get many dollars worth of use out of
it (I'm SURE you will).

                                Peter King
                                2/15/87


NOTE: Starting the program for the first time
==============================================
The first time you bring P-Hack up (by typing "PH", of course), you will be
ask what type of monitor you have.  P-Hack has nice colors if you have a color
monitor - if not, install for B/W since on a monochrome system, colors tend
to get translated to funny things like blinking-underline-boldface, etc.  You
only need to do this once - the configuration is written back to the .COM file
itself and stored permanently.  If for any reason you wish to "un-install" the
program, typing "PH /U" will do it.  Also, the first time you run the program,
the file CARRIERS.PH will be created for you.  This is the file which contains
the numbers of all target computers to be used.  The infamous list of telenet 
nodes compiled by Terminus is included INSIDE the .COM file, and when the 
CARRIERS.PH file is created these target numbers (over 350) will be written out 
to the file (which is just a standard text file).  This should be MORE than
enough for you, but facilities are provided from within the program to
add/delete numbers from the list.  THANKS TERMINUS!!



When P-Hack is started
======================
When started up, P-Hack reads in the data from EXT_LIB.PH, M_PARMS.PH, and
CARRIERS.PH.  You then get a nice little screen telling you that this is
INDEED P-Hack by Peter King.  Then P-Hack will put the modem On-Hook if it is 
Off-Hook.  This accounts for the fact that when running a PC Board EVENT, 
PCB leaves the modem Off-Hook.



                                                P-Hack Documentation Page 2

 -------------------
| Main Menu Options |
 -------------------


Add/Edit/Delete Extender Definitions
=====================================
P-Hack keeps records in a file named "EXT_LIB.PH" which define different 
parameters for each extender you wish to hack.  By parameters, I mean things
like NAME, NUMBER, CODE LENGTH, etc.  Because of this, you don't have to 
re-enter these things everytime you want to hack an extender.  P-Hack can keep
data for up to 50 extenders in the file (I think that's more than enough).
When you enter this section of the program, you will be presented with a blank
record that you can fill out to enter a new record into the file.  You may
use the PgUp/PgDn keys to see other records in the file, which you may edit
at will using the arrow keys, etc.  Editing is VERY intuitive - just move to
the option you want to change with the arrows and start typing.  If you look up
in the "Help Window", it will describe exactly what goes here.  The left/right
arrows move around within fields.  Not all keys work in all fields due to the
particular data type that P-Hack is expecting (you can't type a letter in the
"Code Length" field, etc).  Also, you may not be able to move to every field in
the record due to the "Code Type" you have entered.  For example, if you have
chosen "SEQuential codes", then you can't move to the "Code Mask" field
since it doesn't even apply to this record anyway.  Don't worry, P-Hack won't
keep you from moving to any fields that need to be filled in.  If you wish to
delete a record, use the PgUp/PgDn keys to move to that record, and hit F9.  
You will be ask if you are SURE you want to delete it.  If you want to add an 
extender, just move to the blank record which is the last one and type in your 
info.  Then press F10 to add it - if you accidentaly left out some info. that 
is necessary, you will be informed and the record will not be added.  When you 
are finished with all your adding/editing/deleting, press F1 to save the file 
and return to the menu.  Each field in an extender record is described below:


        Name
        ============
        The name of the LD service (or really anything you want...just used
        for your reference).

        Number
        ============
        Obviously the number of the extender

        Code Length
        ============
        Length of codes used on this service

                                                P-Hack Documentation Page 3

        Code Type
        ============
        SPACE toggles between the different methods of code generation:

                RANDOM : Codes are generated completely randomly according to
                         the code mask (if any).
            SEQuential : Completely sequential codes, starting with the value
                         entered for "Start At" and incremented by the value
                         you enter for "Increment".
                 COMBO : This is a combination Random/Sequential mode.  Codes
                         are "sequential", but with a random increment.  Codes
                         start with "Start At" and the random increment is 
                         between 1 and the number you enter in the "Increment" 
                         Field.
                 BLOCK : P-HACK takes the next X codes, where X is the number 
                         that you enter in the "Increment" field, and tries
                         them randomly.  This way, you're sure to have tried 
                         all the codes, but it does them in a random fashion.  
                         This "random block" type code generation continues 
                         until all X are tried, then moves on to the next X, 
                         etc.....
            BLOCK/STOP : Exactly the same as above, except that P-Hack stops
                         hacking this extender after the FIRST block is
                         completely through.  This is nice for say hacking out
                         1000 sequential codes, but you don't have to do it
                         sequentially.  Again the block size is what you enter
                         in the "Increment" field.




        Code Mask
        ============
        If you chose RANDOM, this is the template which determines how codes
        are generated.  Any digits are taken as constants, anything else means
        "generate a random digit here".  I think everyone is familiar with
        "Code Mask" now since I introduced it in AIO and it's in Code Thief as
        well.

        Start At
        =============
        If you choose SEQ,COMBO, BLOCK, or BLOCK/STOP, this is the code at 
        which to start hacking.

        Increment
        =============
        Varies according to Code Type:

                RANDOM     : no effect whatsoever.
                SEQuential : Value by which to increment the codes.
                COMBO      : Increment is a random number between 1 and
                             this value.
                BLOCK      : Size of block to randomly hack.
                BLOCK/STOP : Same as above, but since this method stops after
                             the first block, this is really the total number
                             of codes that you want to hack.

                                                P-Hack Documentation Page 4

        NOTE:  Say you want to hack XX0000 thru XX1000 - the block size would
        be 1001, not 1000 (don't forget to count the XX0000).
 

        Wait Time
        =============
        Total time to wait for carrier detect.

        Code File
        =============
        The file to which valid codes are logged. ".COD" is appended to this
        name.

        Busy Action
        =============
        SPACE toggles between 5 options of what do if a busy signal is 
        detected :


                1.  IGNORE - Ignores all together.
                2.  CYCLE - Aborts current try and moves on.
                3.  RECORD CODE - records code to Code File.
                4.  RECORD/MARK - similar to above, but a "<*>" is placed next
                    to the code in the file to indicate that the code may or 
                    may not be valid.
                5.  RETRY - Retries code up to 3 times, if it's still busy
                    after 3 retries, moves on.


        S9 Values
        =============
        Value to set the S9 register to.  This will thwart attempts by some
        LD services to "fool" hacker programs by putting carrier tones in
        thier recordings.  If you use a higher value here, it should ignore
        these tones and recognize only real carriers.  It just takes some
        trying to know what value to use for each particular service.  The 
        value given is in 10ths of a second - consult your modem manual for
        specifics on the S9 register.

                                                P-Hack Documentation Page 5
 
        Dialing Order
        ==============
        This is a totally new concept to code finders so read it carefully
        and be sure you understand it before you attempt to use P-Hack.

        The "Dialing Order" is the actual string that is placed after the "ATDT"
        and sent out to the modem.  This allows you to change the inner 
        workings of the program to adapt to almost any dialing environment.  
        Here you enter the characters you want to go out to the modem and in 
        what order.  Where you want the Extender # dialed, press Ctrl-E, where 
        you want the current Access Code, press Ctrl-A, and where you want to 
        current Carrier #, press Ctrl-C.  A typical string would be:

        "<Ctrl-E>,,,<Ctrl-A>,<Ctrl-C>"
            ^
            |
            `-----Of course I mean "press Ctrl-E" here, etc.

        which would be shown as:

                               "E,,,A,C"
                                ^   ^ ^
                                |   | |
                                |   | |
                           /----|---+-+
                           |
                           |
                           |-These would be in a different color to
                             signify that they would be expanded.

        which would result in the following going out to the modem when
        a code was being tried:

               "ATDT<Extender Number>,,,<ThisCode>,<Carrier Number>"



        [------------------ Another Example ------------------]
        If you are hacking out codes on a PBX, the dialing order might be

        "<Ctrl-E>,,,9,<Ctrl-A>,<Ctrl-C>"

        which would be shown as:


                               "E,,,9,A,C"
                                ^     ^ ^
                                |     | |
                                |     | |
                                +-----+-+-----Different Color.


        which would result in the following going out to the modem when
        a code was being tried:

               "ATDT<Extender (PBX) Number>,,,9,<ThisCode>,<Carrier Number>"

                                                P-Hack Documentation Page 6

        This is probably confusing so lets look at some SPECIFIC examples:

    ++  Sprint - 9500777
        ----------------
        Sprint requires you to dial in the following order :

                1. Dial 9500777
                2. Wait a few seconds (about 4 or 6)
                3. Dial the Access Code
                4. Wait just a second or two for good measure
                5. Dial the target number

        So we would type the following in the "Dialing Order" field
        -----------------------------------------------------------

               "<Ctrl-E>,,,<Ctrl-A>,<Ctrl-C>"
                    ^    ^     ^   ^    ^
                    |    |     |   |    |        Tells P-Hack to :
                    |    |     |   |    |
                    `----|-----|---|----|------> 1. Dial extender # (9500777)
                         |     |   |    |
                         `-----|---|----|------> 2. Wait 6 seconds
                               |   |    |
                               `---|----|------> 3. Dial the Access Code
                                   |    |
                                   `----|------> 4. Wait 2 seconds
                                        |
                                        `------> 5. Dial the Carrier (target) #


    ++ MCI Calling Card - 9501022
    -----------------------------
    This service requires you to dial in the following order:

                1. Dial 9501022
                2. Wait 6 seconds
                3. Dial 0
                4. Dial the target number
                4. Wait 2 seconds for the tone
                5. Dial the Access Code

        So we would type the following in the "Dialing Order" field
        -----------------------------------------------------------

               "<Ctrl-E>,,,0<Ctrl-C>,<Ctrl-A>"
                    ^    ^ ^    ^   ^    ^
                    |    | |    |   |    |       Tells P-Hack to:
                    |    | |    |   |    |
                    `----|-|----|---|----|------>1. Dial extender # (9501022)
                         | |    |   |    |
                         `-|----|---|----|------>2. Wait 6 seconds
                           |    |   |    |
                           `----|---|----|------>3. Dial 0
                                |   |    |
                                `---|----|------>4. Dial the Carrier (target) #
                                    |    |
                                    `----|------>5. Wait 2 seconds
                                         |
                                         `------>6. Dial the Access Code

                                                P-Hack Documentation Page 7

        By using the "Dialing Order", you can make P-Hack hack virtually ANY
        system that uses codes!!  This includes extenders, PBX, and anything
        else you can think of.  As you can see, anything but the three special
        Ctrl Characters (E,A,and C) is taken literally and actually inserted in
        the dialing string.  UNLIMITED FLEXIBILITY - that's what it's all 
        about!



Add/Delete Carrier From List
=============================
Here you can add or delete numbers from the CARRIERS.PH file.  Of course you
could do this with any text editor, but you should do it from here since when
adding P-Hack checks to make sure you are not duplicating a number that is 
already in the file.  This is a very self-explaining section so I won't waste
mine or your time describing it.


Tag/UnTag Extenders For Hacking
================================
For each extender record in the EXT_LIB.PH file, P-Hack maintains two "flags".
These "flags" determine whether or not this extender is hacked at a certain
time.  The two flags are "Tag" and "AutoHack".  All extenders with the "Tag"
flag turned on will be hacked when the "Begin Hacking" option is chosen from
the main menu.  All extenders with the "AutoHack" tag turned on will be hacked
when an AutoHack session is initiated (AutoHack is explained later).  After
choosing this option from the menu, you will be presented with a list of all
the extenders in your EXT_LIB.PH file, and beside each will be the current
status of the its flags.  The symbol "*" beside an extender name means that
the "Tag" flag is turned on, and the symbol "A" means that the "AutoHack"
flag is turned on.  You can have both, one, or none of the flags turned on at
one time, and there is no limit to the number of extenders that can be hacked
together (IE-you could turn on the flags for every extender in your file if
you wanted to hack all of them).  Use the arrows to move around in the listing.
Pressing "T" will toggle the "Tag" flag for the extender that you are sitting 
on, and "A" will toggle the AutoHack flag.  F1 saves your changes and returns
to the Main Menu.


Begin Hacking
==============
Gee..wonder what that means??  Start hacking all the extenders with the "Tag"
flag turned on.  If there are less than 5 extenders "Tag"ed, then the
extenders are hacked sequentialy, otherwise the extender to be hacked is chosen
at random.  The target number is of course chosen randomly.  You are prompted
for 2 things here:

        1>  A time at which to stop hacking (pressing RETURN here will cause
            P-Hack to just hack until ESC is pressed).
        2>  An optional number of minutes to delay between each attempt. Just
            leave this as 0 to hack without delaying between attempts.

During hacking, you can press the SPACE bar to skip to the next attempt, "P" to
skip and pause, and ESC to abort hacking.  The data for the extender being 
hacked is displayed on the screen, as well as data for the entire hacking 
session (total attempts, total codes found, etc).  Several things can happen 
during hacking:

                                                P-Hack Documentation Page 8

        1.  If a carrier is detected, the code is written out to the file
            specified by "Code File" in the extender record, and P-Hack
            skips to the next try.
        2.  If a busy signal is detected, the action taken depends on what
            you chose in the extender record (see above).
        3.  If "NO DIALTONE" or "NO DIAL TONE" is detected, the code is retried
            up to 3 times.
        4.  If "NO CARRIER" is detected, P-Hack skips to the next attempt.
        5.  If "ERROR" is detected, P-Hack skips to the next attempt.
        6.  If nothing happens during the time specified as "Wait Time", P-Hack
            just moves on to the next attempt.


After hacking is over, the results for each extender (total tries, number of
codes found, etc) are written to a text file "PH.LOG" which can be viewed
from within P-Hack with a menu option or from DOS or whatever.


Misc. Notes about the Hacking section
--------------------------------------
1>  If you are using the SEQuential or COMBO code type for an extender, the 
    last code that was tried is saved back to the extender record in the 
    "Start At" field, so you can pick back up where you left off the next time 
    you begin to hack - if you are using BLOCK or BLOCK/STOP, the number at the 
    "top" of the last block is saved back to the "Start At" field, so you can 
    start back at approximately the same location you stopped at : I mean if 
    you have Block Size = 1000, then you could theoretically have 999 codes 
    repeated (since P-Hack does not save which codes in that block have been 
    tried), but if you use a smaller block size, you won't get much repetition.
2>  When you see "(BK = NNNN)" shown next to the BLOCK or BLOCK/STOP code types,
    that means the block size is NNNN, when you see "Random 1<X<NN" next to the
    COMBO code type, that means that the increment is a random number between 
    1 and NN, and when you see "Step = NN" beside the SEQuential code type,
    that obviously means that the increment step = NN.
3>  P-Hack will probably NEVER abort EXACTLY at the time you give it to stop 
    (if any) - it recognizes that it has passed that time and aborts after the 
    current try is finished.



View/Delete A Code File
========================
You will be shown a list of all the files with the extention ".COD" that are
in the current directory.  You may then view or delete any of those.  Pretty
damn simple.


View PH.LOG
============
Use this to view the "PH.LOG" file I spoke of in the section "Begin Hacking".

 
                                                P-Hack Documentation Page 9

Modify Modem Parameters
========================
Here you can configure the InitString for you modem, tell P-Hack how to detect
carrier, hang up, etc/etc/etc.  The options should be very familiar to you, and
looking up in the "Help Window" should answer any questions you have.  P-Hack
can detect carrier in two different ways - 1) It can read the pin on the RS-232
port (in which case you should set your modem switches to NOT force CD), or it
can 2) look for a string returned from the modem (like "CONNECT").  The pin 
read method is far superior, but both work just fine, so use the one most
suited to your particular situation.  Same goes for how to hang up - P-Hack
can either 1) Drop DTR (in which case you should set your switches NOT to force
DTR), or it can 2) Use the standard Escape Code technique (+++,,ATH0).  Use
whichever one you need to.  I have also added an "Exit String" so you can
reset any registers/options you need to when exiting P-Hack.  BTW-The default
values are those for the Hayes 2400, so if that's your modem, there is no need
to mess with these.

 

Program Info.
==============
On this screen you will find some info. and bullshit about P-Hack and where I
can be contacted if necessary.


Exit
=====
Leave P-Hack.  The line is put On-Hook and the "Exit String" is sent out.




 -----------------------------------------
| AutoHack - What it is and how to use it |
 -----------------------------------------
AutoHack is one of the most powerful features of P-Hack and certainly the most
usefull if you're a SysOp.  AutoHack is simply a way by which hacking can take
place automatically from the DOS command line without any user intervention
whatsoever.  To initiate an autohack session, simply type

"PH /AXX:XX:XX /DYY"
      ^^^^^^^^   ^^
         |       |
         |       |
         |       |
         |       |
         `-------|---->   Where this is the time at which you wish to
                 |        stop hacking.  This must be given in standard
                 |        24hr format.
                 |
                 `---->   This is OPTIONAL and allows you to give the number of
                          minutes to delay between attempts if you want to. 
                          Note that if both parameters are given, they MUST be
                          given in this order - time first, delay second.

                                                P-Hack Documentation Page 10

For Example :

PH /A05:00:00      Hacks until 5am. \      The extenders hacked are the ones
                                     |---> with the AutoHack tag turned on
PH /A17:00:00 /D2  Hacks until 5pm, /      (see Tag/UnTag above).
                   delaying 2 mins.
                   between attempts.            ^                     ^
                                                |      IMPORTANT      |
                                                |                     |
                                                `--==> READ THIS <==--'


Note that you must supply ALL zeros in the string!! Otherwise you will just
get a message saying that you have entered an invalid time and be kicked
back out to the DOS prompt.  After the AutoHack session is over, the file
"PH.LOG" is written out (just like in a normal session) and control is
returned to DOS (or the .BAT file which ran "PH /AXX:XX:XX").  This is GREAT
for PC Board SysOps - imagine : set up an EVENT at 3am which contains
"PH /A05:00:00" - the board would come down, hack codes for 2 hours, then
bring itself back up - WITH NO EFFORT AT ALL ON YOUR PART!!!!!!

NOTE:  Basically anywhere you are in the program, ESC will take you back
       to the main menu.
 
 ================
| Special Thanks |
 ================
These are the people who helped me test P-Hack, and I am very grateful for
their help and suggestions.  Thanks a million, guys!!

                       ----------------
                      |  Matt Burleigh |
                      |  Rick Inaboks  |
                      |  Kurt Schelin  |
                       ----------------



Well, that's about it - I hope you enjoy this program as much as I do every
day!  If you have any suggestions, leave me E-Mail on Burleigh's BBS, Serenity,
The Escape Hatch, RipCo, or Slaughterhouse Five.  I WELCOME suggestions - if 
they are resonable I will be happy to include them in the next revision.  Keep 
in mind that I am a striving college student, so don't expect revisions every
2 weeks - I'll do it as soon as I can, but I won't leave you guys hanging.  
If there's a BUG, I'll fix it right away and get the new version up ASAP.
I tried to make this .DOC as understandable as possible, but hell I'm a
Chemistry major so communication may not be my strongest point - so if you have
any questions don't hesitate to leave me mail on any of the systems mentioned
above.  I call each at least once a day (boy, my bill must be high, huh??).


Cheers and be careful!!

Pete

                                                P-Hack Documentation Page 11

Footnotes - What your Modem Initialazation String should do
------------------------------------------------------------
The Modem Init String that you give for your modem should accomplish the 
following (suggestions given are for standard Hayes):

        1.  Set "Wait for carrier after dial" to some ridiculously high value
            like 60 or even greater - P-Hack will handle the waiting and
            hanging up for you.  (S7=60)
        2.  Enable result codes.  (Q0)
        3.  Enable Long-Form result codes (STRINGS!!! NOT NUMBERS !!).  (V1)
        4.  Set modem to return extended result codes if available
            (like BUSY, NO DIALTONE, VOICE, etc).  (X4)
        5.  Inhibit Command Echo.  (E0)
        6.  Turn speaker off or on depending on your preference.
        7.  If you are using ESCAPE CODE hangup, be sure to set the
            Escape Code Guard Time to 10.  (S12=10)

        NOTE :  The default strings for the Hayes 2400 also set the CD and DTR 
                not to be forced, enabling you to use PIN carrier detection and
                DTR hangup.

        ANOTHER NOTE : You can check the ERRORLEVEL if running P-Hack from a
                       .BAT file - ERRORLEVEL 1 means something went wrong,
                       ERRORLEVEL 0 means everrything was A-OK.


Explaination of Code Mask
--------------------------
Well, at the last minute I decided that I SHOULD put something in about what
the "Code Mask" is, since perhaps some of you have not used AIO or THIEF.  So
here it is....The code mask allows you to set any number of digits in a RANDOM
code to constants.  For instance, if you were hacking 6 digit RANDOM codes, a 
code mask of "45xx8x." would result in codes like 456289,451188,450080, etc.  
Any character in the mask which is not a numeral is taken to mean "generate 
a random number here".  Note that if you just wanted to set the first three
digits of a six digit code to 632, a mask of "632" would work just fine.....
there's no need to fill out the remaining spaces with periods or whatever.  
If no code mask is specified, all digits are generated randomly.  This mask 
allows for a great deal of flexibility in hacking access codes.

                                                P-Hack Documentation Page 12

Examples
=========
RANDOM 9 digit codes, with a "Code Mask" of 

                                '901xxxxx1'
                                 ^^^  ^  ^
                                  |   |  |            What it means:
                                  |   |  |
                                  `---|--|------> "Always put '901' here".
                                      |  |
                                      `--|------> "Generate 5 random digits".
                                         |
                                         `------> "Always put '1' here".

could result in the following codes being produced:

                                901352351
                                901000001
                                901999991
                                ^^^  ^  ^
                                 |   |  |
                                 |   |  |
                                 `---|--|-------> Constant - always '901'
                                     |  |
                                     `--|-------> Random 5 digits
                                        |
                                        `-------> Constant - always '1'
------------------------------------------------------------------------------
RANDOM 6 digit codes, with a "Code Mask" of

                                '521'
                                 ^^^                    What it means:
                                  |
                                  `-------------> "Always put '521' here".

                                   * NOTE *  ---> The remainder up to 
                                                  "Code Length" is assumed to
                                                  be random digits.

could result in the following codes being produced:

                                521354 \          First 3 digits are constant
                                521000  |-------> at '521', last 3 are randomly
                                521999 /          generated.


Have Fun....Pete