💾 Archived View for gemini.spam.works › mirrors › textfiles › hacking › ph.txt captured on 2021-12-04 at 18:04:22.
-=-=-=-=-=-=-
P-Hack Documentation Page 1 --------------------------- | P-Hack 1.0 Documentation. | --------------------------- Hello everyone, and thanks for trying P-Hack. I think that all you SERIOUS phreaks out there will find this as usefull and great as I think it is (but then I AM the author!). Because I designed this for the serious "hobbyist", I won't go into a long string of bullshit describing what an extender is - I'll assume everyone who will be using this has a pretty good deal of knowledge related to phreaking. I'll go through each section of the program, describing just what all those options you see on the screen mean, what keys you can press, etc. I hope you enjoy P-Hack, and get many dollars worth of use out of it (I'm SURE you will). Peter King 2/15/87 NOTE: Starting the program for the first time ============================================== The first time you bring P-Hack up (by typing "PH", of course), you will be ask what type of monitor you have. P-Hack has nice colors if you have a color monitor - if not, install for B/W since on a monochrome system, colors tend to get translated to funny things like blinking-underline-boldface, etc. You only need to do this once - the configuration is written back to the .COM file itself and stored permanently. If for any reason you wish to "un-install" the program, typing "PH /U" will do it. Also, the first time you run the program, the file CARRIERS.PH will be created for you. This is the file which contains the numbers of all target computers to be used. The infamous list of telenet nodes compiled by Terminus is included INSIDE the .COM file, and when the CARRIERS.PH file is created these target numbers (over 350) will be written out to the file (which is just a standard text file). This should be MORE than enough for you, but facilities are provided from within the program to add/delete numbers from the list. THANKS TERMINUS!! When P-Hack is started ====================== When started up, P-Hack reads in the data from EXT_LIB.PH, M_PARMS.PH, and CARRIERS.PH. You then get a nice little screen telling you that this is INDEED P-Hack by Peter King. Then P-Hack will put the modem On-Hook if it is Off-Hook. This accounts for the fact that when running a PC Board EVENT, PCB leaves the modem Off-Hook. P-Hack Documentation Page 2 ------------------- | Main Menu Options | ------------------- Add/Edit/Delete Extender Definitions ===================================== P-Hack keeps records in a file named "EXT_LIB.PH" which define different parameters for each extender you wish to hack. By parameters, I mean things like NAME, NUMBER, CODE LENGTH, etc. Because of this, you don't have to re-enter these things everytime you want to hack an extender. P-Hack can keep data for up to 50 extenders in the file (I think that's more than enough). When you enter this section of the program, you will be presented with a blank record that you can fill out to enter a new record into the file. You may use the PgUp/PgDn keys to see other records in the file, which you may edit at will using the arrow keys, etc. Editing is VERY intuitive - just move to the option you want to change with the arrows and start typing. If you look up in the "Help Window", it will describe exactly what goes here. The left/right arrows move around within fields. Not all keys work in all fields due to the particular data type that P-Hack is expecting (you can't type a letter in the "Code Length" field, etc). Also, you may not be able to move to every field in the record due to the "Code Type" you have entered. For example, if you have chosen "SEQuential codes", then you can't move to the "Code Mask" field since it doesn't even apply to this record anyway. Don't worry, P-Hack won't keep you from moving to any fields that need to be filled in. If you wish to delete a record, use the PgUp/PgDn keys to move to that record, and hit F9. You will be ask if you are SURE you want to delete it. If you want to add an extender, just move to the blank record which is the last one and type in your info. Then press F10 to add it - if you accidentaly left out some info. that is necessary, you will be informed and the record will not be added. When you are finished with all your adding/editing/deleting, press F1 to save the file and return to the menu. Each field in an extender record is described below: Name ============ The name of the LD service (or really anything you want...just used for your reference). Number ============ Obviously the number of the extender Code Length ============ Length of codes used on this service P-Hack Documentation Page 3 Code Type ============ SPACE toggles between the different methods of code generation: RANDOM : Codes are generated completely randomly according to the code mask (if any). SEQuential : Completely sequential codes, starting with the value entered for "Start At" and incremented by the value you enter for "Increment". COMBO : This is a combination Random/Sequential mode. Codes are "sequential", but with a random increment. Codes start with "Start At" and the random increment is between 1 and the number you enter in the "Increment" Field. BLOCK : P-HACK takes the next X codes, where X is the number that you enter in the "Increment" field, and tries them randomly. This way, you're sure to have tried all the codes, but it does them in a random fashion. This "random block" type code generation continues until all X are tried, then moves on to the next X, etc..... BLOCK/STOP : Exactly the same as above, except that P-Hack stops hacking this extender after the FIRST block is completely through. This is nice for say hacking out 1000 sequential codes, but you don't have to do it sequentially. Again the block size is what you enter in the "Increment" field. Code Mask ============ If you chose RANDOM, this is the template which determines how codes are generated. Any digits are taken as constants, anything else means "generate a random digit here". I think everyone is familiar with "Code Mask" now since I introduced it in AIO and it's in Code Thief as well. Start At ============= If you choose SEQ,COMBO, BLOCK, or BLOCK/STOP, this is the code at which to start hacking. Increment ============= Varies according to Code Type: RANDOM : no effect whatsoever. SEQuential : Value by which to increment the codes. COMBO : Increment is a random number between 1 and this value. BLOCK : Size of block to randomly hack. BLOCK/STOP : Same as above, but since this method stops after the first block, this is really the total number of codes that you want to hack. P-Hack Documentation Page 4 NOTE: Say you want to hack XX0000 thru XX1000 - the block size would be 1001, not 1000 (don't forget to count the XX0000). Wait Time ============= Total time to wait for carrier detect. Code File ============= The file to which valid codes are logged. ".COD" is appended to this name. Busy Action ============= SPACE toggles between 5 options of what do if a busy signal is detected : 1. IGNORE - Ignores all together. 2. CYCLE - Aborts current try and moves on. 3. RECORD CODE - records code to Code File. 4. RECORD/MARK - similar to above, but a "<*>" is placed next to the code in the file to indicate that the code may or may not be valid. 5. RETRY - Retries code up to 3 times, if it's still busy after 3 retries, moves on. S9 Values ============= Value to set the S9 register to. This will thwart attempts by some LD services to "fool" hacker programs by putting carrier tones in thier recordings. If you use a higher value here, it should ignore these tones and recognize only real carriers. It just takes some trying to know what value to use for each particular service. The value given is in 10ths of a second - consult your modem manual for specifics on the S9 register. P-Hack Documentation Page 5 Dialing Order ============== This is a totally new concept to code finders so read it carefully and be sure you understand it before you attempt to use P-Hack. The "Dialing Order" is the actual string that is placed after the "ATDT" and sent out to the modem. This allows you to change the inner workings of the program to adapt to almost any dialing environment. Here you enter the characters you want to go out to the modem and in what order. Where you want the Extender # dialed, press Ctrl-E, where you want the current Access Code, press Ctrl-A, and where you want to current Carrier #, press Ctrl-C. A typical string would be: "<Ctrl-E>,,,<Ctrl-A>,<Ctrl-C>" ^ | `-----Of course I mean "press Ctrl-E" here, etc. which would be shown as: "E,,,A,C" ^ ^ ^ | | | | | | /----|---+-+ | | |-These would be in a different color to signify that they would be expanded. which would result in the following going out to the modem when a code was being tried: "ATDT<Extender Number>,,,<ThisCode>,<Carrier Number>" [------------------ Another Example ------------------] If you are hacking out codes on a PBX, the dialing order might be "<Ctrl-E>,,,9,<Ctrl-A>,<Ctrl-C>" which would be shown as: "E,,,9,A,C" ^ ^ ^ | | | | | | +-----+-+-----Different Color. which would result in the following going out to the modem when a code was being tried: "ATDT<Extender (PBX) Number>,,,9,<ThisCode>,<Carrier Number>" P-Hack Documentation Page 6 This is probably confusing so lets look at some SPECIFIC examples: ++ Sprint - 9500777 ---------------- Sprint requires you to dial in the following order : 1. Dial 9500777 2. Wait a few seconds (about 4 or 6) 3. Dial the Access Code 4. Wait just a second or two for good measure 5. Dial the target number So we would type the following in the "Dialing Order" field ----------------------------------------------------------- "<Ctrl-E>,,,<Ctrl-A>,<Ctrl-C>" ^ ^ ^ ^ ^ | | | | | Tells P-Hack to : | | | | | `----|-----|---|----|------> 1. Dial extender # (9500777) | | | | `-----|---|----|------> 2. Wait 6 seconds | | | `---|----|------> 3. Dial the Access Code | | `----|------> 4. Wait 2 seconds | `------> 5. Dial the Carrier (target) # ++ MCI Calling Card - 9501022 ----------------------------- This service requires you to dial in the following order: 1. Dial 9501022 2. Wait 6 seconds 3. Dial 0 4. Dial the target number 4. Wait 2 seconds for the tone 5. Dial the Access Code So we would type the following in the "Dialing Order" field ----------------------------------------------------------- "<Ctrl-E>,,,0<Ctrl-C>,<Ctrl-A>" ^ ^ ^ ^ ^ ^ | | | | | | Tells P-Hack to: | | | | | | `----|-|----|---|----|------>1. Dial extender # (9501022) | | | | | `-|----|---|----|------>2. Wait 6 seconds | | | | `----|---|----|------>3. Dial 0 | | | `---|----|------>4. Dial the Carrier (target) # | | `----|------>5. Wait 2 seconds | `------>6. Dial the Access Code P-Hack Documentation Page 7 By using the "Dialing Order", you can make P-Hack hack virtually ANY system that uses codes!! This includes extenders, PBX, and anything else you can think of. As you can see, anything but the three special Ctrl Characters (E,A,and C) is taken literally and actually inserted in the dialing string. UNLIMITED FLEXIBILITY - that's what it's all about! Add/Delete Carrier From List ============================= Here you can add or delete numbers from the CARRIERS.PH file. Of course you could do this with any text editor, but you should do it from here since when adding P-Hack checks to make sure you are not duplicating a number that is already in the file. This is a very self-explaining section so I won't waste mine or your time describing it. Tag/UnTag Extenders For Hacking ================================ For each extender record in the EXT_LIB.PH file, P-Hack maintains two "flags". These "flags" determine whether or not this extender is hacked at a certain time. The two flags are "Tag" and "AutoHack". All extenders with the "Tag" flag turned on will be hacked when the "Begin Hacking" option is chosen from the main menu. All extenders with the "AutoHack" tag turned on will be hacked when an AutoHack session is initiated (AutoHack is explained later). After choosing this option from the menu, you will be presented with a list of all the extenders in your EXT_LIB.PH file, and beside each will be the current status of the its flags. The symbol "*" beside an extender name means that the "Tag" flag is turned on, and the symbol "A" means that the "AutoHack" flag is turned on. You can have both, one, or none of the flags turned on at one time, and there is no limit to the number of extenders that can be hacked together (IE-you could turn on the flags for every extender in your file if you wanted to hack all of them). Use the arrows to move around in the listing. Pressing "T" will toggle the "Tag" flag for the extender that you are sitting on, and "A" will toggle the AutoHack flag. F1 saves your changes and returns to the Main Menu. Begin Hacking ============== Gee..wonder what that means?? Start hacking all the extenders with the "Tag" flag turned on. If there are less than 5 extenders "Tag"ed, then the extenders are hacked sequentialy, otherwise the extender to be hacked is chosen at random. The target number is of course chosen randomly. You are prompted for 2 things here: 1> A time at which to stop hacking (pressing RETURN here will cause P-Hack to just hack until ESC is pressed). 2> An optional number of minutes to delay between each attempt. Just leave this as 0 to hack without delaying between attempts. During hacking, you can press the SPACE bar to skip to the next attempt, "P" to skip and pause, and ESC to abort hacking. The data for the extender being hacked is displayed on the screen, as well as data for the entire hacking session (total attempts, total codes found, etc). Several things can happen during hacking: P-Hack Documentation Page 8 1. If a carrier is detected, the code is written out to the file specified by "Code File" in the extender record, and P-Hack skips to the next try. 2. If a busy signal is detected, the action taken depends on what you chose in the extender record (see above). 3. If "NO DIALTONE" or "NO DIAL TONE" is detected, the code is retried up to 3 times. 4. If "NO CARRIER" is detected, P-Hack skips to the next attempt. 5. If "ERROR" is detected, P-Hack skips to the next attempt. 6. If nothing happens during the time specified as "Wait Time", P-Hack just moves on to the next attempt. After hacking is over, the results for each extender (total tries, number of codes found, etc) are written to a text file "PH.LOG" which can be viewed from within P-Hack with a menu option or from DOS or whatever. Misc. Notes about the Hacking section -------------------------------------- 1> If you are using the SEQuential or COMBO code type for an extender, the last code that was tried is saved back to the extender record in the "Start At" field, so you can pick back up where you left off the next time you begin to hack - if you are using BLOCK or BLOCK/STOP, the number at the "top" of the last block is saved back to the "Start At" field, so you can start back at approximately the same location you stopped at : I mean if you have Block Size = 1000, then you could theoretically have 999 codes repeated (since P-Hack does not save which codes in that block have been tried), but if you use a smaller block size, you won't get much repetition. 2> When you see "(BK = NNNN)" shown next to the BLOCK or BLOCK/STOP code types, that means the block size is NNNN, when you see "Random 1<X<NN" next to the COMBO code type, that means that the increment is a random number between 1 and NN, and when you see "Step = NN" beside the SEQuential code type, that obviously means that the increment step = NN. 3> P-Hack will probably NEVER abort EXACTLY at the time you give it to stop (if any) - it recognizes that it has passed that time and aborts after the current try is finished. View/Delete A Code File ======================== You will be shown a list of all the files with the extention ".COD" that are in the current directory. You may then view or delete any of those. Pretty damn simple. View PH.LOG ============ Use this to view the "PH.LOG" file I spoke of in the section "Begin Hacking". P-Hack Documentation Page 9 Modify Modem Parameters ======================== Here you can configure the InitString for you modem, tell P-Hack how to detect carrier, hang up, etc/etc/etc. The options should be very familiar to you, and looking up in the "Help Window" should answer any questions you have. P-Hack can detect carrier in two different ways - 1) It can read the pin on the RS-232 port (in which case you should set your modem switches to NOT force CD), or it can 2) look for a string returned from the modem (like "CONNECT"). The pin read method is far superior, but both work just fine, so use the one most suited to your particular situation. Same goes for how to hang up - P-Hack can either 1) Drop DTR (in which case you should set your switches NOT to force DTR), or it can 2) Use the standard Escape Code technique (+++,,ATH0). Use whichever one you need to. I have also added an "Exit String" so you can reset any registers/options you need to when exiting P-Hack. BTW-The default values are those for the Hayes 2400, so if that's your modem, there is no need to mess with these. Program Info. ============== On this screen you will find some info. and bullshit about P-Hack and where I can be contacted if necessary. Exit ===== Leave P-Hack. The line is put On-Hook and the "Exit String" is sent out. ----------------------------------------- | AutoHack - What it is and how to use it | ----------------------------------------- AutoHack is one of the most powerful features of P-Hack and certainly the most usefull if you're a SysOp. AutoHack is simply a way by which hacking can take place automatically from the DOS command line without any user intervention whatsoever. To initiate an autohack session, simply type "PH /AXX:XX:XX /DYY" ^^^^^^^^ ^^ | | | | | | | | `-------|----> Where this is the time at which you wish to | stop hacking. This must be given in standard | 24hr format. | `----> This is OPTIONAL and allows you to give the number of minutes to delay between attempts if you want to. Note that if both parameters are given, they MUST be given in this order - time first, delay second. P-Hack Documentation Page 10 For Example : PH /A05:00:00 Hacks until 5am. \ The extenders hacked are the ones |---> with the AutoHack tag turned on PH /A17:00:00 /D2 Hacks until 5pm, / (see Tag/UnTag above). delaying 2 mins. between attempts. ^ ^ | IMPORTANT | | | `--==> READ THIS <==--' Note that you must supply ALL zeros in the string!! Otherwise you will just get a message saying that you have entered an invalid time and be kicked back out to the DOS prompt. After the AutoHack session is over, the file "PH.LOG" is written out (just like in a normal session) and control is returned to DOS (or the .BAT file which ran "PH /AXX:XX:XX"). This is GREAT for PC Board SysOps - imagine : set up an EVENT at 3am which contains "PH /A05:00:00" - the board would come down, hack codes for 2 hours, then bring itself back up - WITH NO EFFORT AT ALL ON YOUR PART!!!!!! NOTE: Basically anywhere you are in the program, ESC will take you back to the main menu. ================ | Special Thanks | ================ These are the people who helped me test P-Hack, and I am very grateful for their help and suggestions. Thanks a million, guys!! ---------------- | Matt Burleigh | | Rick Inaboks | | Kurt Schelin | ---------------- Well, that's about it - I hope you enjoy this program as much as I do every day! If you have any suggestions, leave me E-Mail on Burleigh's BBS, Serenity, The Escape Hatch, RipCo, or Slaughterhouse Five. I WELCOME suggestions - if they are resonable I will be happy to include them in the next revision. Keep in mind that I am a striving college student, so don't expect revisions every 2 weeks - I'll do it as soon as I can, but I won't leave you guys hanging. If there's a BUG, I'll fix it right away and get the new version up ASAP. I tried to make this .DOC as understandable as possible, but hell I'm a Chemistry major so communication may not be my strongest point - so if you have any questions don't hesitate to leave me mail on any of the systems mentioned above. I call each at least once a day (boy, my bill must be high, huh??). Cheers and be careful!! Pete P-Hack Documentation Page 11 Footnotes - What your Modem Initialazation String should do ------------------------------------------------------------ The Modem Init String that you give for your modem should accomplish the following (suggestions given are for standard Hayes): 1. Set "Wait for carrier after dial" to some ridiculously high value like 60 or even greater - P-Hack will handle the waiting and hanging up for you. (S7=60) 2. Enable result codes. (Q0) 3. Enable Long-Form result codes (STRINGS!!! NOT NUMBERS !!). (V1) 4. Set modem to return extended result codes if available (like BUSY, NO DIALTONE, VOICE, etc). (X4) 5. Inhibit Command Echo. (E0) 6. Turn speaker off or on depending on your preference. 7. If you are using ESCAPE CODE hangup, be sure to set the Escape Code Guard Time to 10. (S12=10) NOTE : The default strings for the Hayes 2400 also set the CD and DTR not to be forced, enabling you to use PIN carrier detection and DTR hangup. ANOTHER NOTE : You can check the ERRORLEVEL if running P-Hack from a .BAT file - ERRORLEVEL 1 means something went wrong, ERRORLEVEL 0 means everrything was A-OK. Explaination of Code Mask -------------------------- Well, at the last minute I decided that I SHOULD put something in about what the "Code Mask" is, since perhaps some of you have not used AIO or THIEF. So here it is....The code mask allows you to set any number of digits in a RANDOM code to constants. For instance, if you were hacking 6 digit RANDOM codes, a code mask of "45xx8x." would result in codes like 456289,451188,450080, etc. Any character in the mask which is not a numeral is taken to mean "generate a random number here". Note that if you just wanted to set the first three digits of a six digit code to 632, a mask of "632" would work just fine..... there's no need to fill out the remaining spaces with periods or whatever. If no code mask is specified, all digits are generated randomly. This mask allows for a great deal of flexibility in hacking access codes. P-Hack Documentation Page 12 Examples ========= RANDOM 9 digit codes, with a "Code Mask" of '901xxxxx1' ^^^ ^ ^ | | | What it means: | | | `---|--|------> "Always put '901' here". | | `--|------> "Generate 5 random digits". | `------> "Always put '1' here". could result in the following codes being produced: 901352351 901000001 901999991 ^^^ ^ ^ | | | | | | `---|--|-------> Constant - always '901' | | `--|-------> Random 5 digits | `-------> Constant - always '1' ------------------------------------------------------------------------------ RANDOM 6 digit codes, with a "Code Mask" of '521' ^^^ What it means: | `-------------> "Always put '521' here". * NOTE * ---> The remainder up to "Code Length" is assumed to be random digits. could result in the following codes being produced: 521354 \ First 3 digits are constant 521000 |-------> at '521', last 3 are randomly 521999 / generated. Have Fun....Pete