💾 Archived View for gemini.spam.works › mirrors › textfiles › phreak › thc-scan.txt captured on 2023-01-29 at 10:49:48.
⬅️ Previous capture (2020-10-31)
-=-=-=-=-=-=-
----------------------------------------------------------------------------- ?????????????????????????????????????????????? ? ? ???????? ?????????????????????????????????? ? ? ????? ????? ????????????? ? ? ? ? ? ? ? ? ? ? ? ????? ? ? ????????? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ????? ? ? ????????? ? ? ? ? ? ? ? ? ?????? ????? ????? ????????????? ?????????????????????????????????????????????? ? The Hacker's Choice ? ?????????????????????????????????????????????? -------------------------------------------------------------------------------- THC-SCAN v0.8? (c) 1996 by van Hauser/THC of LORE BBS * PUBLIC BETA RELEASE * Part Title Line # Last Updated in Ver. ------------------------------------------------------------------------------ I. Introduction 50 v0.7a II. Commandline Parameters 240 v0.8? III. Online Scanning Keys 550 v0.7a IV. How to configure Modem & TS-CFG 750 v0.7a V. Tips & Tricks 855 v0.7a Epilog: Update? How to contact? etc. 975 v0.8? ------------------------------------------------------------------------------ ============================================================================== I. Introduction ->> Please read HISTORY.DOC to see what's new, or get a general insight <<- What does THC-SCAN ------------------ THC-SCAN scans a defined range of phone numbers. It Reports : Carriers, Tones, VMBs, Fax etc. etc. depending on the mode setted & configured. (You can do many more things with this piece, but get a brain to find out ... ;-) [300 kb source code by the way ...] Hey that looks like TONELOC ! ----------------------------- Yep. Toneloc is very good. But first it didn't work on my computer and second it could be enhanced. So i wrote this one. And my personal opinion is, that this one is better. Much more flexible and more functions. (which programmer would say his one is not as good as? Why releasing it then?) Take a look. Try it, test it. It's worth it's time ! Who's Who in this file package ? -------------------------------- THC-SCAN.EXE The Scanner EXEcutable TS-CFG.EXE The ConfigMaker EXEcutable DAT-CONV.EXE DAT File Converter Toneloc <-> Thc-Scan DAT-MANP.EXE DAT File Manipulator for Thc-Scan, exchange ID values. DAT-STAT.EXE DAT File Statistical Analyzer. EXTR-NO.EXE Extracts (phone-)numbers from a text file. BETATEST.DOC IMPORTANT INFORMATION FOR BETATESTERS /* Only in BETA Releases */ DATFILE.DOC The Structure of the Thc-Scan DAT Files ERRLEVEL.DOC Overview of the Errorlevels returned by Thc-Scan HISTORY.DOC History File. What's new, what changed, bugs etc. READ IT ! THC-SCAN.DOC Small Documentation for the average Scanner Guy TONELOC.DOC Differences between Thc-Scan & Toneloc. How to (ex-)change. SIGS.ZIP PGP Signatures of all EXEcutable files in this package. Please check to get a secure version of my public PGP key. FILE_ID.DIZ File Description for BBS LORE.COM Small demo of LORE BBS ;-) THC.NFO Important. Our group infos ;-) The different Modes ------------------- There are two basic modes, THC-SCAN can be set. CARRIER MODE - THC-SCAN searchs for carriers TONE MODE - THC-SCAN searchs for tones/pbx. Those ones with a dialtone. When in CARRIER MODE, THC-SCAN can also identify VMBs, Voice, Fax and more. You may change the mode online by pressing "ALT-M" The AUTONOM/MANUAL Mode ----------------------- This is a special mode, never ever seen on a scanner before. For this Mode ADD-ON you must sit in front of the computer while scanning. (you should do this every time, unless you are so lazy to scan for carriers only) When turned on, you may continue dialing! This is useful for Tones/PBX, or VMBs or Answering Machines, to test the code length etc. Press ENTER when autonom/manual mode is turned on to continue dialing. You may also enter "M" while online to redial and enter autonom/manual mode for this call only. Or you may hit "Alt-M" to toggle this mode on/off DIAL MODES ---------- You can choose to dial RANDOM, Sequentiell up & down (with step rates too) or to Dial all numbers in a specified textfile. Read next Paragraph for details on this. DIALING NUMBER FROM A TEXT FILE ------------------------------- This allows you to scan every number you put on a list. DRAWBACKS : NO Dat file is created (of course) BACKSPACE key (redial last 20 dialed numbers) won't work here If you want to continue such a scan type after aborting it, you must manually delete everything until the line THC-SCAN should continue. ADVANTAGES : You can put any number on the list you want to. The first scanner ever to offer this possiblity How to use this : Use EXTR-NO.EXE to extract the phonenumbers from any textfile (carrier listings ;-) ... check the created file after that for mistakes etc. Start THC-SCAN with : THC-SCAN.EXE @<textfilename> [any other options] Note that /M, /X, /D and /R are disabled when using this option. Guys, this one is REALLY cool! I collected EVERY textfile, message, Scanlist TL & TS DAT File and extracted every modem carrier into the file. Then I scanned ALL 700 numbers found, revealing me the list of 500 carriers on german toll free numbers, the most complete list ever to be created ... PRIMARY & SECONDARY Identifications ----------------------------------- This is also a special thing first ever possible in a scanner. Primary Identification is the main thing about the number. Is it a carrier, tone, vmb, girl voice, fax etc. You press the ID key (F for Fax f.e.) and THC-SCAN will stop and move to the next number. Secondary Identifications are other characteristica which are interesting. For example if the phone system of the target is using CCiTT #4 or #5 which is interesting for blueboxers, or to determin if the number is in an other country (better if you want to play with those numbers, depending on the law of your country, you may only break the law in the country the phone number is located. Check your lawyer.) on f.e. Toll Free Numbers. When you press the ID key for a Secondary ID (5 for CCitt #5 for example) THC-SCAN will not stop. You may type some more 2ndary IDs. But when you press a Primary ID, THC-SCAN stops and moves to the next number. SECONDARY Identifications are marked in Section III - Keys while online as SECONDARY. Carrier Hacking & Nudge ----------------------- When mode enabled (TS-CFG : MODE HACKING), depending on mode set it will 0) wait for nudge delay timeout 1) send nudge string to system and wait for nudge delay timeout 2) beeps a few times to inform you that YOU can now enter the system. NO nudge delay timeout. You can online hack the other system) Don't unset the string variable for your Carrier Hack Log, or no log file will be created. Pressing ALT-T while 0) or 1) is in progress automatically enters 2) See TS-CFG to see how to set up the NUDGE STRING. NUDGE DELAY counts the time after the connect had been made. When exceeding Nudge delay setting, THC-SCAN disconnects (only in 0) and 1) ) The DAT File & the LOGs ----------------------- In the DAT file are many things things saved - all primary IDs and the no# of rings detected on that number. Not the 2ndary IDs ! In the LOG files everything is written. In the main log file everything is logged, in the specialized logs (VMB LOG f.e.) only those about this type are written too. If you Delete the name entry in TS-CFG, that type won't be logged in an own file anymore! van Hauser says : ----------------- Thanks to all Betatesters, especially to : The Analyst, Wilkins & Plasmoid ! Credits for the nice blinking Screen, and scrolling up/down go to Plasmoid ;-) Credits too for the nice EXE file crypter got to Marquis. ;-) Greetings to : ? Omega (hi chummer! Thanks for your help! And make a BACKUP!) ? Tom (thanks for your betatesting too!) ? The Search, JFF (good work spreading the THC releases) ? Scavenger (thanks for the help! (& the best dialer, ya know) ? Skysegel (spoof'em! ;-) ? The Q (for being no where and absent all the time) ? Marquis / UCF (let's let our groups work together ;-) ? Muchos Maas, Minor Threat (for programming TONELOC, breaking the limit at the art of scanning. Your program gave me GREAT inspirations!) Hope ya get out of jail soon. ... and to Dr. Fraud, Karl Marx, Chotaire ... all on #bluebox And two guys who are out at the moment ... the two most dangerous things that may happen to a hacker : ? El Griton (Being busted by Police + Fbi ... good luck chummer!) ? Vaxxer (Being occupied by his girlfried ... Get up AGAIN!) With those guys, the sky is the limit ... ============================================================================== II. Commandline Parameters --------------------------------------------------------------------------- THC-SCAN.EXE [@]<DatFile> [/M:<dialmask>] [/X:<excludemask>] [/R:<from>-<to>] [/D:<from>-<to>] [/#:<no>] [/H:<time>] [/S:<time>] [/E:<time>] [/C] [/T] [/A] [/B] [/Q] [/!:<ConfigFile>] [/*:<no>] [/&] [/N] Parameter : ----------- [@]<DatFile> The name of the DAT file to create/use/update. This MUST be the first parameter to give to THC-SCAN ! If you specify the "@" in front of the filename, that will be the specified DIALTEXTFILE ! (Read Sec. I) Optional : ----------- [/M:<dialmask>] The Dialmask to use for scanning. If you use f.e. /M:1234-x-6-xxx the program will scan from 1234-0-6-000 to 1234-9-6-999. You may use any number of X's between 1 and 4 - not more! If you don't specify this option, the <DatFile> name will be interprated as <dialmask>. You may put the X's where ever you want like : /M:x-1-x-2-x-4-x-5 The "-" character is NOT necessary. [/X:<excludemask>] The Excludemask to use for scanning. The numbers excluded WON'T be scanned! the excludemask must have got the same length as X's are used in the <dialmask> If you use f.e. /M:1234-xxxx and /X:00xx then 1234-0000 to 1234-0099 WON'T be scanned, all others will. You may specify up to 10 exclude masks. [/R:<from>-<to>] A Special Range to scan. This is useful if you want f.e. create a DATfile with a full range (XXXX) but want to scan today/tonight only a special range from 0000 to 0250 ... /R:0-250 ... you may use up to 10 Ranges. [/D:<from>-<to>] This is like /R but DROPS (doesn't scan) those numbers. /D:500-999 f.e. won't scan 0500 to 0999 You may use up to 10 Drops [/#:<no>] This is the maximum number of tries THC-SCAN will make until it will exit. f.e. /#:100 will make 100 dials and then exit. If not specified there won't be a limit. [/H:<time>] This specifies a timerange. When exceeded THC-SCAN will exit. if you just use /H:4 it will scan for 4 hours, if you use /H:0:30 it will scan for 30 minutes. [/S:<time>] This specifies the Starting Time for scanning. THC-SCAN will wait until a key is pressed OR the time mentioned is reached and will then begin scanning. You may either use am/pm time or military time : /S:3:50p will wait for 15:50 ... /S:14:15 will wait for 2:15p ... [/E:<time>] This specifies the Ending Time for scanning. When reached, THC-SCAN will exit. Usage is like /S. You must not use /S and /E together. [/C] Starts THC-SCAN is carrier scan mode. Overrides what ever was specified in the config file. [/T] Starts THC-SCAN in tone scan mode. Overrides what ever was specified in the config file. [/A] Starts THC-SCAN with autonom/manual mode ON. Overrides setting in the config file. This is an additional mode to Carrier/Tone scanning. Read Section I. for more info. [/B] Starts THC-SCAN with autonom/manual mode OFF. Overrides setting in the config file. This is an additional mode to Carrier/Tone scanning. Read Section I. for more info. [/Q] Prevents any beeps made by THC-SCAN [/!:<ConfigFile>] Specifies an other config file to use but THC-SCAN.CFG [/*:<no>] Dial only numbers which were identified as a special type. Consult the DATFILE.DOC to check the numbers to use f.e. Timeout is 32 to 39 (depending on rings detected). To scan Timeouts with NO rings again use /*:32 to scan Timeouts with 5 rings again use /*:35 to scan ALL Timeouts again use /*:32X This X after the number tells THC-SCAN to scan all members of a type, from 0 to 7 rings. You may use this option up to 10 times. [/&] Turns Debugging mode ON. All modem output will be saved into MODEM.LOG [/N] Turn Effects (Window Scoll up/down) off. In future this will also turn assembler screen writes off to be Desqview compactible. Note : The "/" before the option is NOT necessary NOR the ":" after. you may also use "-" instead of "/". All these Examples are valid : THC-SCAN scanit -M:1234xxxx /C h5 THC-SCAN scan1234xxxx -T S23:00 THC-SCAN 1234-xxxx -!alternat.cfg *72x /*:64X -Xx000 d7999-9999 THC-SCAM 1234xx -Q All these Examples are NOT ! valid : THC-SCAN scanit -m1234xxx a b Autonom/manual mode turned on & off THC-SCAN scanit -m1234xxx c t same as above but with carrier & tone THC-SCAN scanit c no dialmask specified, the datfilename hasn't got a X in it! THC-SCAN xrated NOTE : This would be valid! it would simply dial the number 0, then 1 etc. If the program doesn't behave like you want, some strange things happen like numbers dialed again, some dialed not etc. Check your CFG File ! There are numerous things to configure so check first if everythings correct. (escpecially the options SAVE DATATYPES, REDIAL BUSY, AUTONOM/MANUAL MODE, SCANNING MODE - all in the MODE Menu of TS-CFG.EXE, plus Modem Config Options like WAIT BETWEEN CALLS, MODME HANGUP TYPE, CHARACTER DELAY) ------------------------- TS-CFG.EXE [<ConfigFile>] Optional : ----------- <ConfigFile> If not specified, THC-SCAN.CFG will be loaded/created. TS-CFG will convert all configfile version from v0.6a up automatically. ---------------------------------------------------- DAT-CONV.EXE <Datfile 1> <Datfile 2> [<ID_1> <ID_2>] Parameters: ----------- <Datfile 1> DAT File to load. <Datfile 2> Dat Filename to write. Optional : ----------- <ID_1> in TL->TS Mode : THC-SCAN DAT ID to write for NOTE variable in TL Dat file. in TS->TL Mode : THC-SCAN DAT ID to write as NOTE variable into TL Dat File <ID_2> same as above but for NO DIALTONE variable. if you define the optional variables you must either only set ID_1 or both, you can't only set ID_2. ------------------------------------ DAT-MANP.EXE <Datfile> <ID_1> <ID_2> Parameters: ----------- <Datfile> DAT File to manipulate. .BAK file will be created. <ID_1> ID Type to search for. Look up ID numbers in DATFILE.DOC Appending an "X" after the ID will search for the whole type (means with all ring counters). <ID_2> ID Type to overwrite ID_1. Appending an "X" after the ID will transfer the ring counters. Only Possible if also on ID_1 an "X" is appended. ---------------------------------------------------- DAT-STAT.EXE <Datfile> [<Outputfile> <ID>] Parameter : ----------- <Datfile> DAT File to analyze. Optional : ----------- <OutputFile> File to write the data to. <ID> ID number of the phone numbers to write into <OutputFile> As Usual you may search for all IDs of a type with "X" This prints some statistics about the DAT File. The Optional Parameters must be used together ! The Optional thing is very interesting : by specifing the outputfile and the ID, it will search for the ID, and writes the WHOLE PHONENUMBER of the ID into the outputfile! Practical to import this data into another program! (for example Textfile Dial Option from THC-SCAN with @) ---------------------------------------------------- EXTR-NO.EXE <TextfileINPUT> <TextfileOUTPUT> [[<no-min-length>] [[REMOVE] [ONLY]]] Parameter : ----------- <TextfileINPUT> Textfile to examine for numbers <TextfileOUTPUT> Textfile to write the found numbers to. Optional : ----------- <no-min-length> Minimum Length the number should be. (Std:6) REMOVE This Keyword removes ALL seperator of found numbers. F.e. 1-800-5555-444 would be 18005555444 ONLY This Keywords specifies that the numbers may NOT have a seperator. Normally a number may have one seperator between each other, like 1-800- etc. so NORMALLY this is valid : 1-800-5555-444 1-8-0-0-5.5./5/5 4 4 4 but also 12/12/95 which is more likely a date. With THIS keyword there are NO seperators allowed! ---------------------------------------------------- TXT-CONV.EXE <InputFile> <OutputFile> <ConvertType> Parameter : ----------- <InputFile> File to read the data from <OutputFile> File to write the data to <ConvertType> Convert with which option : 7E1 - file is assumed to be captured with 8N1 but is really 7E1 and makes it readable. Noise characters will be removed. 7O1 - file is assumed to be captured with 8N1 but is really 7O1 and makes it readable. Noise characters will be removed. REMOVE - Removes any character above 122 value. Useful when you got a connection without error correction and you want to filter out the noise characters. LF gimmick : converts to amiga/unix text format. Any Carriage Return character will be removed. CRLF Converts to MsDos Text format from both amiga/unix and the rare OS type text format automatically. CR gimmick : converts to some rare OS text format. Any Linefeed character will be removed. ============================================================================== III. Online Scanning Keys While Online you can hit the following keys with the following results : (print this section or press "?" while online) SCAN MODE ========= KEY DESCRIPTION ----- -------------------------------------------------------------------- B Identifies the current dialed number as BUSY Will be saved into BUSY LOG C Identifies the current dialed number as CARRIER NOTE: when the CARRIER HACKING is ON (see TS-CFG.EXE) then THC-SCAN will continue to try to connect. Press SPACE to abort connect try and move to next number. It will still be saved as CARRIER Will be saved into CARRIER LOG When Hacking, the output will be saved into CARRIER HACK LOG F Identifies the current dialed number as FAX Will be saved into FAX LOG G Identifies the current dialed number as GIRL (Female Voice response) Will be saved into VOICE LOG I Identifies the current dialed number as INTERESTING VOICE Will be saved into VOICE LOG M Redial+Manual, redials the current number and let's you enter MANUAL DIAL MODE with ENTER for this call only. See Introduction for usage. N Next Number WITHOUT setting an primary ID on that number. (For closely examine later OR if you define a CUSTOM ID as 2ndary, it would be overwritten whn pressing SPACE with the ID UNINTERESTING) - the same as [TAB] P Pops up PAUSE Window. You are still online. Press H for hangup, R to Redial immedeantly, N for Hangup & Next Number or any any other key to continue this numer and reset online timeout. (Doing a continue after you hang up is not possible, you should use Redial for that (logical, isn't it?)) Q QUIT after completed the call R Redial current number S Save a comment. When the call is completed it will ask you for a comment. Your last comment made will be displayed. Use Control-X to delete line. You can use also the Home, End, Insert, Delete, Backspace, CursorLeft and CursurRight keys. ESC to abort, Enter to save. SECONDARY ID Will be saved into COMMENT LOG T Identifies the current dialed number as TONE NOTE: when the TONE HACKING is ON (see TS-CFG.EXE) then THC-SCAN will enter TONE HACK MODE. Will be saved into TONE LOG U Identifies the current number as UNUSED Will be saved into UNUSED LOG V Identifies the current number as VMB Will be saved into VMB LOG X Extend the timeout for 5 seconds for this call only to a max of 255 plus the timeout value. Y Identifies the current number as YELLING ASSHOLE (voice) Will be saved into VOICE LOG + Extend the timeout for 5 seconds for this call only to a max of 255 plus the timeout value. (This is like "X" - "X" is for compactibilty with Toneloc) - Decrease the timeout for 5 seconds for this call only. ? When Online, one of the six help windows will be displayed in the Statistic Window. Press "?" for the 6th time to see the stats again. 1-3 Identify current number as CUSTOM 1-3 ... You may specify their name in TS-CFG. NOTE : Custom 1-3 may be assigned to be SECONDARY IDs. Will be saved into CUSTOM LOG 4 Identify current line as CCiTT #4 (for blueboxers. SECONDARY ID Will be saved into CCITT LOG 5 Identify current line as CCiTT #5 (for blueboxers. SECONDARY ID Will be saved into CCITT LOG 6 Identify current number as foreign continent EUROPE. SECONDARY ID Will be saved into COUNTRY LOG 7 Identify current number as foreign continent USA. SECONDARY ID Will be saved into COUNTRY LOG 8 Identify current number as foreign continent ASIA. SECONDARY ID Will be saved into COUNTRY LOG 9 Identify current number as foreign continent AFRICA. SECONDARY ID Will be saved into COUNTRY LOG 0 Identify current number as an OTHER foreign continent. SECONDARY ID Will be saved into COUNTRY LOG SPACE Identify current number as UNINTERESTING. (NEXT) TAB Next Number WITHOUT setting an primary ID on that number. (For closely examine later OR if you define a CUSTOM ID as 2ndary, it would be overwritten whn pressing SPACE with the ID UNINTERESTING) - the same as N ESC This aborts scanning immedeatly and quits. ENTER When in AUTONOM/MANUAL mode, or activates Redial+Manual with M you may press ENTER to continue dialing online ! Will be saved into MANUAL LOG BACKSPACE Enters the DIAL_AGAIN Menu. You can select from the last 20 dialed numbers as many as you like to be dialed again. Very useful if you identified a number wrong, or you were on the toilett when this wonderful scanner detected a carrier and you want to see what it was now. NOTE : In Random Mode they won't be dialed again at once. (it's random ;-) F1-F8 Execute programs specified in TS-CFG ALT-A ALARM! The screen will immedeantly show another picture, called ALARM.BIN. The modem will abort at once and turn the modem speaker OFF. The scanner will then continue. Press ALT-A again to see the online scan screen. Note that that modem does not switch the speaker on again. Do that with ALT-S. ALT-B Activates BOSSKEY. Screen Blanks. Press Alt-B again to unblank. The screen will be up to date with the online data. Note: All other ALT Functions are disabled while Bosskey on, Also Carrier Hacking in Mode 2 is disabled. ALT-C Turn COMMENT ALL Mode on/off. When on it asks after EVERY number for a comment. ALT-D DIAL Menu. Enter a number to dial. (f.e. the number of your girlfriend - and you don't want to stop the scanning process) ALT-J Jump to DOS. Options will be displayed to Hangup, Continue, Redial etc. ALT-M MODE Menu. Change mode CARRIER <-> TONE and turn AUTONOM/MANUAL mode on or off. ALT-O OPTION Menu. Immedeantly runs TS-CFG while online. Changed options will be loaded! ALT-S Speaker Toggle : Turn Modem Speaker ON or OFF ALT-T Enters TERMINAL MODE. When a log for carrier hacking is specified, everything will be logged there. Will be saved into CARRIER HACK LOG TERMINAL MODE ============= F1 Shows in the Status Line the other commands ALT-B Send a Break ALT-C Clear Screen ALT-D Data Statistics ALT-H Hangup ALT-P Change Parameter -> Modem DATA Setting (8N1/7E1) ALT-S Save Comment (now you can also set this ON from here) ALT-T When in Carrier Hacking AUTO Mode, you can enter into manual mode by pressing ALT-T. ALT-X Exit (+ Hangup) ============================================================================== IV. How to configure Modem & TS-CFG I YOUR MODEM First get all information about your modem. You need to know which IRQ, BASEADRESS and BAUD SPEED is used. For COM IRQ BASE are common, but may differ. 1 4 2E8 2 3 2F8 3 4 3E8 4 3 3F8 also important is the baud speed. Suggestions : If you got a modem capable of 14400 Baud or more, try it with 14400 ... if you get the error message "Can't initialize Port" then set it to 9600. This is cause you use a 14.400+ Baud EXTERNAL Modem and your seriell port is not fast enough. But this is not important. Real Carrier Scanner Guys set their modem to 2400 Baud to get every carrier without problems. II TS-CFG Set Up TS-CFG. You must run TS-CFG before you can run THC-SCAN for the first time, 'cause the CFG File will be created there. Change the defaults to suit your modem. Everything you need to know about the options you may change in TS-CFG are explained there. So here you'll only see those options which need to be explained further and those with no help. MODEM CONFIG MENU ----------------- Modem Init : Configure your modem to wait for a carrier longer then the timeout time defined (S7 Register to 60+) The Carrier don't be lost easily (S10 Reg. to 50) Check exact the time your modem needs to identify the dialtone. Put this time into the S6 Register. The modem should lower datarate when line quality is bad, and it should try to connect on any possiblity. Set Speaker On or Off as you like. Use the factory settings and only change those things, not more, that's the most securest way. Also important is, that you set the REPORT level to the highest (most time X set to 7) (except you are a modem configure artist ;-) Note: You can also change the S11 Reg to 50-65 to dial faster. HANGUP TYPE Can either be FAST or SECURE. Choose FAST and try this with a) normal scanning, b) carrier hangup c) choose manual/autonom mode and scan. If everything works fine use this mode, it's much faster. It works great with Zyxels, but USRs are much slower. Try it. AUTO DETECT DATA If you want to autodetect databits, parity etc. used by a system you're scanning, you must set your modem data to 8N1. It will detect after the first 100 characters transmitted if it's really 8N1, or if it's 7E1 or 7O1. It will switch mode if 7x1 detected and reprint them correctly and reset also the nudge string & nudge timeout. For all Modem configs : CONSULT YOUR MODEM HANDBOOK ! MODEM RESPONSE MENU ------------------- Very important. If this isn't configured properly, not everything will work correct. For example, if no dialtone is detected, USR modems responds with NO DIAL, Zyxel modems report NO DIALTONE, and last but not least, Creatix reports NODIALTONE All new modems report CONNECT when a carrier was found, but old ones may report CARRIER ... and so on. And not all modems can detect VOICE. Keep that in mind. To make your life more easy you can do enhanced identification. When you get a VOICE response, and your modem didn't recognized a RINGING, then it's likely to be a VMB ... so set for there FROM_RINGS to 0 and TO_RINGS to 0 too for VMB detect (and set modem response to VOICE) Make up your mind, you can do powerful things with that but you need a brain to make that out! ;-) hehehehe SCANNING MODE MENU ------------------ REDIAL BUSY Numbers dialed in this scan round will only be redialed when busy when SCANNING RANDOM. Set the DIALING Option to 0 for this. When Dialing Sequentiell, only busy saved numbers from former tries will be done again. OVERWRITE WITH BUSY If you scan for a special ID number (f.e. all carrier, or tones with no ring) this defines if those Data will be overwritten as BUSY when a BUSY is detected. Of course you should turn them off, but you may set this on to check which numbers you couldn't scan. Or do you want to check all numbers in the log with your data file? ============================================================================== V. Tips & Tricks MODEM CONFIGS ? Here's a good Modem config for the Zyxel 1496B : AT &F *Q1 *P15 S11=60 S10=30 X5 N3 L6 if you want a quiet scanning, remove "N3 L6" and put "M0" there If for normal use (BBS call), remove *Q1 and exchange S10=30 with S10=64 Here's a good Modem config for the USR Dual Standard 14.400 AT &F &A2 S11=60 S10=30 X7 Q0 E1 if you want a quiet scanning, add "M0" Note : Get Infos about the undocumented commands for your USR. There should be possibilities to even recognize CCiTT #5 clicks when using the hidden Y command settings. Use the -& Option of THC-SCAN to print all modem output into MODEM.LOG Heres's good Modem config for the Creatix/Fax 14.400 AT &F S11=60 S10=30 X7 L3 if you want a quiet scanning, remove "L3" and put "M0" there. Important with these configs is that you check that your modem dials not too fast for your phone system. experiment a bit with it, ya can save time with that ;-) (S11 Register) HOW TO USE TOUCHTONE RECOGNITION WITH YOUR MODEM AND THC-SCAN 1) First Possility : Put ",;%T" in your Dial Suffix string. (if you aren't using a USR for DTMF Recognition, exchange the "%T" with the correct command) Start THC-SCAN with the -& command to have all modem output printed into MODEM.LOG. Set to SECURE HANGUP in TS-CFG - MODEM SETUP. 2) Second possiblity : Set THC-SCAN to AUTONOM MODE or do a M (Redial+ Manual) while online. Enter ALT-T for Terminal Mode immedeantly. When you see the "OK" Answer, enter the modem command for Touchtone Recognition (AT %T). To abort, press ESC. The output will be saved into your CARRIER HACK LOG VOICE RECOGNITION RESPONSE WITHOUT EVEN FINISHED DIALING Put a "," into DIAL SUFFIX in the MODEM CONFIG Menu in TS-CFG SAME AS ABOVE BUT WITH TONE SCANNING ! also the same solve as above THC-SCAN DIALS ONLY EVERY SECOND NUMBER Raise the number for WAIT BETWEEN CALL in MODEM CONFIG Menu in TS-CFG to 1000-1500 IDENTIFYING CARRIERS WHERE THERE AREN'T ANY Set your S7 Register of your modem to +15 then the Timeout specification. MY MODEM DOESN'T DIAL ALL NUMBERS - IN FACT SOME WEREN'T SEND TO THE MODEM Raise the CHAR DELAY in the MODEM CONFIG Menu in TS-CFG to 5-25 This is only necessary for old and slow modems. WHAT SHOULD I USE - RANDOM OR SEQUENTIELL SCANNING ? It's up to you. If you do it random maybe your phone company won't notice your extensive scanning. But good phone systems will. If you dial sequentiell you can get an overview about a company f.e. you get their Customer Service on -0000, a Special Bureau of the Company at -0010 to -0050, a Fax at -0055 ... and you'll notice that fact. In random you won't. WHEN SHOULD I SCAN - DAY OR NIGHT ? That's up to you too - at daytime your calls won't be noticed. (and in some countries it's a illegal to scan!.) But many numbers will be busy. Or Carriers will only be online in the night. Or a VMB etc. At nightime then again your calls may be noticed. But some guys don't have a choice, when to scan on their line. WHAT DO YOU DO? I scan random at daytime, sitting in front of the computer. Sometimes a nightly carrier scanning while i'm sleeping. (random too) At night, there are more carriers online then at daytime. Some Tone-Types and the carriers can be checked automatically, but the interesting things you can only find, when you are sitting in front of the computer. I FOUND A TONE - AND NOW ? Get PBXHACK (from THC too ;-) and "analyze" it - if it's not illegal ;-) I FOUND A CARRIER - AND NOW ? Check it out - it might be interesting. If you get some annoying "PASSWORD:" prompt then get LOGIN HACKER (from THC too ;-) to get in. (but only if it's not illegal in your country ;-) I'M IN THE USA - SO ? Scanning is illegal in some countries. Check a lawyer. But some phone companies make their own law, and close your line if you do extensive scanning. So check & try & test ... & good luck I'M IN GERMANY - SO ?????? Scanning is not illegal in Germany. But German Telekom has now installed SS7 Monitoring Equipment from HP, where such scanning habits can be analyzed (plus many more things ... this hardware is very flexible ...) And Telekom trained a special team in darmstadt to locate those evil scanners - thought it's not illegal - but you know it too - telekom doesn't care about that! surveilling phone lines for their purpose! Telekom already installed tools on the phone lines of two friends which will let the line go busy after every second number dialed (no matter how long you wait between the calls, no matter what numbers exactly you dial) after you began scanning. Such tools are also already installed in some areas on the public payphones to prevent scanning. At the moment you are safe, but maybe from March to October '96 on you should be careful. ============================================================================== Epilog: Updates? How to contact? etc. If you are updating from an older version : Run TS-CFG. It will recognize the old version of the config file and write the new one. Where to get new versions : Call one of the THC Dist Sites. How to become a Betatester of THC : At the moment we got two Betatest Directories on LORE BBS & ARRESTED DEVELOPMENT and soon on SHOCK NETWORK too ... LORE BBS is a closed system for experienced users only, so maybe it's better for you to call A.D. or S.N to become a beta tester. Look for the numbers in THC.NFO Once you've gto applied and access is granted write a comment to the sysop or directly to me (van Hauser) to get access to the Beta Directories. How to contact you (me ;-) If you need some features, found some bugs, got questions/information : 1) Call LORE BBS -> ++49-(0)69-823282 Login:THC Pw:THC leave a message for van Hauser 2) Call Arrested Development -> ++31-77-3547477 apply for an account leave a message for van Hauser 3) Leave a message on my VMB in Germany : 0130-817698 Box:6630 (Aspen) 4) Write an email to -> vh@campus.de I appreciate any comments! Flames, Bug Reports, Tips, Typing Errors, Wishes, Excuses, Ideas for new Features - and of course your beautiful girlfriend ... Thanks for taking all your precious time to read that shit ... For all the typing errors - hey i'm german ... ;-) Ciao... van Hauser ============================================================================== END ------------------------------------------------------------------------------- -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.6.1 mQCNAzB6PNQAAAEEALx5p2jI/2rNF9tYandxctI6jP+ZJUcGPTs7QTFtF2c+zK9H ElFfvsC0QkaaUJjyTq7TyII18Na1IuGj2duIHTtG1DTDOnbnZzIRsXndfjCIz5p+ Dt6UYhotbJhCQKkxuIT5F8EZpLTAL88WqaMZJ155uvSTb9uk58pv3AI7GIx9AAUT tBp2YW4gSGF1c2VyL1RIQyBvZiBMT1JFIEJCUw== =6UhL -----END PGP PUBLIC KEY BLOCK----- -------------------------------------------------------------------------------- ?????????????????????????????????????????????? ? ? ???????? ?????????????????????????????????? ? ? ????? ????? ????????????? ? ? ? ? ? ? ? ? ? ? ? ????? ? ? ????????? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ????? ? ? ????????? ? ? ? ? ? ? ? ? ?????? ????? ????? ????????????? ?????????????????????????????????????????????? ? The Hacker's Choice ? ?????????????????????????????????????????????? !! REMEMBER !!! REMEMBER !!! REMEMBER !!! REMEMBER !!! REMEMBER !!! REMEMBER !! This file is for informational purpose only! The Sysop-Team is NOT RESPONSIBLE for anything you do after reading this text! !! REMEMBER !!! REMEMBER !!! REMEMBER !!! REMEMBER !!! REMEMBER !!! REMEMBER !! ?????????????????[Sysop : van Hauser]????????????????? ? ? ? ? ? ? ? ? ? ?? ????????? ??????? ??????? ? ? ??? ???? ???? ??? ??? ???? ?? ? ? ??? ??? ??? ?? ???? ??????? ? ? ?????? ???? ???????? ??? ???? ? ? ? ??? ???? ????????? ??? ???? ??? ???? ? ? ? ? ? ? ? ? ? ? ? 3000 H/P/A/V/C/M Files ? ? Biggest Hpavcm Board In Germany ? ? BIG Message Base ! ? ? Experts Only! Lamer Protection! ? ? ? ? ??[ ++49-69-823282 ]?? ? ????????????????? NUP : <ask4it!> ????????????????? ??[ ++49-69-PRIVAT ]?? !!! ACHTUNG !!! ACHTUNG !!! ACHTUNG !!! ACHTUNG !!! ACHTUNG !!! ACHTUNG !!! Dieses File dient nur zur Information und Aufklaerung! Die Sysops erklaeren sich NICHT VERANTWORTLICH f?r Rechtsverstoesse, die durch diese Informationen entstehen. !!! ACHTUNG !!! ACHTUNG !!! ACHTUNG !!! ACHTUNG !!! ACHTUNG !!! ACHTUNG !!! H/P/A/V/M/C/I/D/P/!/L/F/O/! --------------------------------------------------------------------------------