💾 Archived View for gemini.spam.works › mirrors › textfiles › phreak › thc-scan.txt captured on 2023-01-29 at 10:49:48.

View Raw

More Information

⬅️ Previous capture (2020-10-31)

-=-=-=-=-=-=-


-----------------------------------------------------------------------------
                ??????????????????????????????????????????????
                ?                                            ?
                ????????    ??????????????????????????????????
                       ?    ?  ?????   ?????  ?????????????
                       ?    ?  ?   ?   ?   ?  ?           ?
                       ?    ?  ?   ?????   ?  ?   ?????????
                       ?    ?  ?           ?  ?   ?
                       ?    ?  ?           ?  ?   ?
                       ?    ?  ?   ?????   ?  ?   ?????????
                       ?    ?  ?   ?   ?   ?  ?           ?
                       ??????  ?????   ?????  ?????????????
                ??????????????????????????????????????????????
                ?             The Hacker's Choice            ?
                ??????????????????????????????????????????????
--------------------------------------------------------------------------------


                              THC-SCAN v0.8?
                   (c) 1996 by van Hauser/THC of LORE BBS

                          * PUBLIC BETA RELEASE *







  Part  Title                              Line #         Last Updated in Ver.
 ------------------------------------------------------------------------------
     I. Introduction                         50             v0.7a
    II. Commandline Parameters              240             v0.8?
   III. Online Scanning Keys                550             v0.7a
    IV. How to configure Modem & TS-CFG     750             v0.7a
     V. Tips & Tricks                       855             v0.7a
Epilog: Update? How to contact?  etc.       975             v0.8?
 ------------------------------------------------------------------------------










 ==============================================================================

                              I. Introduction






  ->> Please read HISTORY.DOC to see what's new, or get a general insight <<-



 What does THC-SCAN
 ------------------
 THC-SCAN scans a defined range of phone numbers.
 It Reports : Carriers, Tones, VMBs, Fax etc. etc. depending on the mode
 setted & configured. (You can do many more things with this piece, but get
 a brain to find out ... ;-)      [300 kb source code by the way ...]

 
 Hey that looks like TONELOC !
 -----------------------------
 Yep. Toneloc is very good. But first it didn't work on my computer and 
 second it could be enhanced. So i wrote this one. And my personal
 opinion is, that this one is better. Much more flexible and more functions.
 (which programmer would say his one is not as good as? Why releasing it then?)
 Take a look. Try it, test it. It's worth it's time !


 Who's Who in this file package ?
 --------------------------------
 THC-SCAN.EXE   The Scanner EXEcutable
 TS-CFG.EXE     The ConfigMaker EXEcutable
 DAT-CONV.EXE   DAT File Converter Toneloc <-> Thc-Scan
 DAT-MANP.EXE   DAT File Manipulator for Thc-Scan, exchange ID values.
 DAT-STAT.EXE   DAT File Statistical Analyzer.
 EXTR-NO.EXE    Extracts (phone-)numbers from a text file.

 BETATEST.DOC   IMPORTANT INFORMATION FOR BETATESTERS /* Only in BETA Releases */
 DATFILE.DOC    The Structure of the Thc-Scan DAT Files
 ERRLEVEL.DOC   Overview of the Errorlevels returned by Thc-Scan
 HISTORY.DOC    History File. What's new, what changed, bugs etc. READ IT !
 THC-SCAN.DOC   Small Documentation for the average Scanner Guy
 TONELOC.DOC    Differences between Thc-Scan & Toneloc. How to (ex-)change.
 SIGS.ZIP       PGP Signatures of all EXEcutable files in this package.
                Please check to get a secure version of my public PGP key.
 FILE_ID.DIZ    File Description for BBS
 LORE.COM       Small demo of LORE BBS ;-)
 THC.NFO        Important. Our group infos ;-)




 The different Modes
 -------------------
 There are two basic modes, THC-SCAN can be set.
 CARRIER MODE - THC-SCAN searchs for carriers
 TONE MODE    - THC-SCAN searchs for tones/pbx. Those ones with a dialtone.
 When in CARRIER MODE, THC-SCAN can also identify VMBs, Voice, Fax and more.
 You may change the mode online by pressing "ALT-M"


 The AUTONOM/MANUAL Mode
 -----------------------
 This is a special mode, never ever seen on a scanner before.
 For this Mode ADD-ON you must sit in front of the computer while scanning.
    (you should do this every time, unless you are so lazy to scan
     for carriers only)
 When turned on, you may continue dialing! This is useful for Tones/PBX, or
 VMBs or Answering Machines, to test the code length etc.
 Press ENTER when autonom/manual mode is turned on to continue dialing.
 You may also enter "M" while online to redial and enter autonom/manual mode for
 this call only. Or you may hit "Alt-M" to toggle this mode on/off



 DIAL MODES
 ----------
 You can choose to dial RANDOM, Sequentiell up & down (with step rates too)
 or to Dial all numbers in a specified textfile. Read next Paragraph for
 details on this.



 DIALING NUMBER FROM A TEXT FILE
 -------------------------------
 This allows you to scan every number you put on a list.
 DRAWBACKS :
 NO Dat file is created (of course)
 BACKSPACE key (redial last 20 dialed numbers) won't work here
 If you want to continue such a scan type after aborting it, you must manually
 delete everything until the line THC-SCAN should continue.
 ADVANTAGES :
 You can put any number on the list you want to.
 The first scanner ever to offer this possiblity
 How to use this :
 Use EXTR-NO.EXE to extract the phonenumbers from any textfile (carrier
 listings ;-) ... check the created file after that for mistakes etc.
 Start THC-SCAN with : THC-SCAN.EXE @<textfilename> [any other options]
 Note that /M, /X, /D and /R are disabled when using this option.
 Guys, this one is REALLY cool! I collected EVERY textfile, message, Scanlist
 TL & TS DAT File and extracted every modem carrier into the file.
 Then I scanned ALL 700 numbers found, revealing me the list of 500 carriers
 on german toll free numbers, the most complete list ever to be created ...
 


 PRIMARY & SECONDARY Identifications
 -----------------------------------
 This is also a special thing first ever possible in a scanner.

 Primary Identification is the main thing about the number.
 Is it a carrier, tone, vmb, girl voice, fax etc.
 You press the ID key (F for Fax f.e.) and THC-SCAN will stop and move to the 
 next number.

 Secondary Identifications are other characteristica which are interesting.
 For example if the phone system of the target is using CCiTT #4 or #5
 which is interesting for blueboxers, or to determin if the number is in
 an other country (better if you want to play with those numbers, depending on
 the law of your country, you may only break the law in the country the phone
 number is located. Check your lawyer.) on f.e. Toll Free Numbers.
 When you press the ID key for a Secondary ID (5 for CCitt #5 for example)
 THC-SCAN will not stop. You may type some more 2ndary IDs.
 But when you press a Primary ID, THC-SCAN stops and moves to the next number.

 SECONDARY Identifications are marked in Section III - Keys while online
 as SECONDARY. 



 Carrier Hacking & Nudge
 -----------------------
 When mode enabled (TS-CFG : MODE HACKING), depending on mode set it will
     0) wait for nudge delay timeout
     1) send nudge string to system and wait for nudge delay timeout
     2) beeps a few times to inform you that YOU can now enter the system.
        NO nudge delay timeout. You can online hack the other system)
 Don't unset the string variable for your Carrier Hack Log, or no log file
 will be created.
 Pressing ALT-T while 0) or 1) is in progress automatically enters 2)
 See TS-CFG to see how to set up the NUDGE STRING.
 NUDGE DELAY counts the time after the connect had been made. When exceeding
 Nudge delay setting, THC-SCAN disconnects (only in 0) and 1) )



 The DAT File & the LOGs
 -----------------------
 In the DAT file are many things things saved - all primary IDs and the no#
 of rings detected on that number. Not the 2ndary IDs ! 
 In the LOG files everything is written. In the main log file everything is
 logged, in the specialized logs (VMB LOG f.e.) only those about this type are
 written too. If you Delete the name entry in TS-CFG, that type won't be logged
 in an own file anymore!


 van Hauser says :
 -----------------
 Thanks to all Betatesters, especially to : The Analyst, Wilkins & Plasmoid !
 Credits for the nice blinking Screen, and scrolling up/down go to Plasmoid ;-)
 Credits too for the nice EXE file crypter got to Marquis. ;-)
 Greetings to :  ? Omega (hi chummer! Thanks for your help! And make a BACKUP!)
                 ? Tom (thanks for your betatesting too!)
                 ? The Search, JFF (good work spreading the THC releases)
                 ? Scavenger (thanks for the help! (& the best dialer, ya know)
                 ? Skysegel (spoof'em! ;-)
                 ? The Q (for being no where and absent all the time)
                 ? Marquis / UCF (let's let our groups work together ;-) 
                 ? Muchos Maas, Minor Threat (for programming TONELOC, breaking
                   the limit at the art of scanning. Your program gave me GREAT
                   inspirations!) Hope ya get out of jail soon.
                 ... and to Dr. Fraud, Karl Marx, Chotaire ... all on #bluebox

                 And two guys who are out at the moment ... the two most 
                 dangerous things that may happen to a hacker :
                 ? El Griton (Being busted by Police + Fbi ... good luck chummer!)
                 ? Vaxxer (Being occupied by his girlfried ... Get up AGAIN!)

 With those guys, the sky is the limit ...









 ==============================================================================

                          II. Commandline Parameters






---------------------------------------------------------------------------
THC-SCAN.EXE [@]<DatFile>  [/M:<dialmask>] [/X:<excludemask>] [/R:<from>-<to>]
             [/D:<from>-<to>] [/#:<no>] [/H:<time>] [/S:<time>] [/E:<time>]
             [/C] [/T]  [/A] [/B]  [/Q] [/!:<ConfigFile>] [/*:<no>]  [/&] [/N]


Parameter :
-----------

   [@]<DatFile>       The name of the DAT file to create/use/update.
                      This MUST be the first parameter to give to THC-SCAN !
                      If you specify the "@" in front of the filename, 
                      that will be the specified DIALTEXTFILE ! (Read Sec. I)


Optional  :
-----------

   [/M:<dialmask>]    The Dialmask to use for scanning. If you use f.e.
                      /M:1234-x-6-xxx  the program will scan from
                      1234-0-6-000 to 1234-9-6-999. You may use any number
                      of X's between 1 and 4 - not more! If you don't
                      specify this option, the <DatFile> name will be
                      interprated as <dialmask>.
                      You may put the X's where ever you want like :
                      /M:x-1-x-2-x-4-x-5
                      The "-" character is NOT necessary.


   [/X:<excludemask>] The Excludemask to use for scanning. The numbers
                      excluded WON'T be scanned! the excludemask must have got
                      the same length as X's are used in the <dialmask>
                      If you use f.e.  /M:1234-xxxx and /X:00xx
                      then 1234-0000 to 1234-0099 WON'T be scanned, all others
                      will. You may specify up to 10 exclude masks.


   [/R:<from>-<to>]   A Special Range to scan. This is useful if you want f.e.
                      create a DATfile with a full range (XXXX) but want to
                      scan today/tonight only a special range from 0000 to
                      0250 ... /R:0-250 ... you may use up to 10 Ranges.


   [/D:<from>-<to>]   This is like /R but DROPS (doesn't scan) those numbers.
                      /D:500-999 f.e. won't scan 0500 to 0999
                      You may use up to 10 Drops



   [/#:<no>]          This is the maximum number of tries THC-SCAN will make
                      until it will exit.  f.e. /#:100  will make 100 dials
                      and then exit. If not specified there won't be a limit.


   [/H:<time>]        This specifies a timerange. When exceeded THC-SCAN will
                      exit. if you just use  /H:4  it will scan for 4 hours,
                      if you use  /H:0:30 it will scan for 30 minutes.



   [/S:<time>]        This specifies the Starting Time for scanning. THC-SCAN
                      will wait until a key is pressed OR the time mentioned
                      is reached and will then begin scanning. You may either
                      use am/pm time or military time :
                      /S:3:50p  will wait for 15:50 ...
                      /S:14:15  will wait for 2:15p ...


   [/E:<time>]        This specifies the Ending Time for scanning. When
                      reached, THC-SCAN will exit. Usage is like /S.
                      You must not use /S and /E together.


   [/C]               Starts THC-SCAN is carrier scan mode. Overrides what ever
                      was specified in the config file.


   [/T]               Starts THC-SCAN in tone scan mode. Overrides what ever
                      was specified in the config file.


   [/A]               Starts THC-SCAN with autonom/manual mode ON. Overrides
                      setting in the config file. This is an additional mode
                      to Carrier/Tone scanning. Read Section I. for more info.


   [/B]               Starts THC-SCAN with autonom/manual mode OFF. Overrides
                      setting in the config file. This is an additional mode
                      to Carrier/Tone scanning. Read Section I. for more info.


   [/Q]               Prevents any beeps made by THC-SCAN


   [/!:<ConfigFile>]  Specifies an other config file to use but THC-SCAN.CFG


   [/*:<no>]          Dial only numbers which were identified as a special
                      type. Consult the DATFILE.DOC to check the numbers to use
                      f.e. Timeout is 32 to 39 (depending on rings detected).
                      To scan Timeouts with NO rings again use  /*:32
                      to scan Timeouts with 5  rings again use  /*:35
                      to scan ALL Timeouts           again use  /*:32X
                      This X after the number tells THC-SCAN to scan all
                      members of a type, from 0 to 7 rings.
                      You may use this option up to 10 times.


   [/&]               Turns Debugging mode ON. All modem output will be saved
                      into MODEM.LOG


   [/N]               Turn Effects (Window Scoll up/down) off. In future this
                      will also turn assembler screen writes off to be
                      Desqview compactible.



Note : The "/" before the option is NOT necessary NOR the ":" after.
       you may also use "-" instead of "/".


All these Examples are valid :
       THC-SCAN scanit -M:1234xxxx /C h5
       THC-SCAN scan1234xxxx -T S23:00
       THC-SCAN 1234-xxxx -!alternat.cfg *72x /*:64X -Xx000 d7999-9999
       THC-SCAM 1234xx -Q

All these Examples are NOT ! valid :
       THC-SCAN scanit -m1234xxx a b    Autonom/manual mode turned on & off
       THC-SCAN scanit -m1234xxx c t    same as above but with carrier & tone
       THC-SCAN scanit c                no dialmask specified, the datfilename
                                        hasn't got a X in it!
       THC-SCAN xrated                  NOTE : This would be valid! it would
                                        simply dial the number 0, then 1 etc.

If the program doesn't behave like you want, some strange things happen like
numbers dialed again, some dialed not etc. Check your CFG File ! There are
numerous things to configure so check first if everythings correct.
(escpecially the options SAVE DATATYPES, REDIAL BUSY, AUTONOM/MANUAL MODE,
 SCANNING MODE - all in the MODE Menu of TS-CFG.EXE, plus Modem Config
 Options like WAIT BETWEEN CALLS, MODME HANGUP TYPE, CHARACTER DELAY)




-------------------------
TS-CFG.EXE [<ConfigFile>]

Optional  :
-----------

   <ConfigFile>       If not specified, THC-SCAN.CFG will be loaded/created.
                      TS-CFG will convert all configfile version from v0.6a
                      up automatically.





----------------------------------------------------
DAT-CONV.EXE <Datfile 1> <Datfile 2> [<ID_1> <ID_2>]

Parameters:
-----------

   <Datfile 1>        DAT File to load.
   <Datfile 2>        Dat Filename to write.
  

Optional  :
-----------

   <ID_1>             in TL->TS Mode : THC-SCAN DAT ID to write for NOTE 
                                       variable in TL Dat file.
                      in TS->TL Mode : THC-SCAN DAT ID to write as NOTE
                                       variable into TL Dat File

   <ID_2>             same as above but for NO DIALTONE variable.

if you define the optional variables you must either only set ID_1 or both,
you can't only set ID_2.




------------------------------------
DAT-MANP.EXE <Datfile> <ID_1> <ID_2>

Parameters:
-----------

   <Datfile>          DAT File to manipulate. .BAK file will be created.

   <ID_1>             ID Type to search for. Look up ID numbers in DATFILE.DOC
                      Appending an "X" after the ID will search for the whole
                      type (means with all ring counters).

   <ID_2>             ID Type to overwrite ID_1. Appending an "X" after the ID
                      will transfer the ring counters. Only Possible if also
                      on ID_1 an "X" is appended.




----------------------------------------------------
DAT-STAT.EXE <Datfile> [<Outputfile> <ID>]

Parameter :
-----------

   <Datfile>          DAT File to analyze.
  

Optional  :
-----------

   <OutputFile>       File to write the data to.

   <ID>               ID number of the phone numbers to write into <OutputFile>
                      As Usual you may search for all IDs of a type with "X"

This prints some statistics about the DAT File.
The Optional Parameters must be used together !
The Optional thing is very interesting : by specifing the outputfile and the
ID, it will search for the ID, and writes the WHOLE PHONENUMBER of the ID into
the outputfile! Practical to import this data into another program!
(for example Textfile Dial Option from THC-SCAN with @)




----------------------------------------------------
EXTR-NO.EXE <TextfileINPUT> <TextfileOUTPUT> [[<no-min-length>] [[REMOVE] [ONLY]]]

Parameter :
-----------

   <TextfileINPUT>          Textfile to examine for numbers

   <TextfileOUTPUT>         Textfile to write the found numbers to.
  

Optional  :
-----------

   <no-min-length>          Minimum Length the number should be. (Std:6)

   REMOVE                   This Keyword removes ALL seperator of found numbers.
                            F.e. 1-800-5555-444 would be 18005555444

   ONLY                     This Keywords specifies that the numbers may NOT
                            have a seperator. Normally a number may have one
                            seperator between each other, like 1-800- etc.
                            so NORMALLY this is valid : 
                               1-800-5555-444
                               1-8-0-0-5.5./5/5 4 4 4
                            but also 12/12/95 which is more likely a date.
                            With THIS keyword there are NO seperators allowed!





----------------------------------------------------
TXT-CONV.EXE <InputFile> <OutputFile> <ConvertType>

Parameter :
-----------

   <InputFile>        File to read the data from

   <OutputFile>       File to write the data to

   <ConvertType>      Convert with which option :
                         7E1 - file is assumed to be captured with 8N1
                               but is really 7E1 and makes it readable.
                               Noise characters will be removed.
                         7O1 - file is assumed to be captured with 8N1
                               but is really 7O1 and makes it readable.
                               Noise characters will be removed.
                         REMOVE - Removes any character above 122 value.
                               Useful when you got a connection without
                               error correction and you want to filter out
                               the noise characters.
                         LF    gimmick : converts to amiga/unix text format.
                               Any Carriage Return character will be removed.
                         CRLF  Converts to MsDos Text format from both 
                               amiga/unix and the rare OS type text format
                               automatically.
                         CR    gimmick : converts to some rare OS text format.
                               Any Linefeed character will be removed.









 ==============================================================================

                           III. Online Scanning Keys



     While Online you can hit the following keys with the following results :
     (print this section or press "?" while online)


SCAN MODE
=========

     KEY   DESCRIPTION
     ----- --------------------------------------------------------------------
     B     Identifies the current dialed number as BUSY
           Will be saved into BUSY LOG

     C     Identifies the current dialed number as CARRIER
           NOTE: when the CARRIER HACKING is ON (see TS-CFG.EXE) then THC-SCAN
                 will continue to try to connect. Press SPACE to abort connect
                 try and move to next number. It will still be saved as CARRIER
           Will be saved into CARRIER LOG
           When Hacking, the output will be saved into CARRIER HACK LOG

     F     Identifies the current dialed number as FAX
           Will be saved into FAX LOG

     G     Identifies the current dialed number as GIRL (Female Voice response)
           Will be saved into VOICE LOG

     I     Identifies the current dialed number as INTERESTING VOICE
           Will be saved into VOICE LOG

     M     Redial+Manual, redials the current number and let's you enter MANUAL
           DIAL MODE with ENTER for this call only. See Introduction for usage.

     N     Next Number WITHOUT setting an primary ID on that number.
           (For closely examine later OR if you define a CUSTOM ID as 2ndary,
            it would be overwritten whn pressing SPACE with the ID
            UNINTERESTING) - the same as [TAB]

     P     Pops up PAUSE Window. You are still online. Press H for hangup,
           R to Redial immedeantly, N for Hangup & Next Number or any
           any other key to continue this numer and reset online timeout.
           (Doing a continue after you hang up is not possible, you should
            use Redial for that (logical, isn't it?))

     Q     QUIT after completed the call

     R     Redial current number

     S     Save a comment. When the call is completed it will ask you for a 
           comment. Your last comment made will be displayed. Use Control-X
           to delete line. You can use also the Home, End, Insert, Delete,
           Backspace, CursorLeft and CursurRight keys. ESC to abort, Enter
           to save. SECONDARY ID
           Will be saved into COMMENT LOG

     T     Identifies the current dialed number as TONE
           NOTE: when the TONE HACKING is ON (see TS-CFG.EXE) then THC-SCAN
                 will enter TONE HACK MODE.
           Will be saved into TONE LOG

     U     Identifies the current number as UNUSED
           Will be saved into UNUSED LOG

     V     Identifies the current number as VMB
           Will be saved into VMB LOG

     X     Extend the timeout for 5 seconds for this call only to a max of 255
           plus the timeout value.

     Y     Identifies the current number as YELLING ASSHOLE (voice)
           Will be saved into VOICE LOG

     +     Extend the timeout for 5 seconds for this call only to a max of 255
           plus the timeout value. (This is like "X" - "X" is for compactibilty
           with Toneloc)

     -     Decrease the timeout for 5 seconds for this call only.

     ?     When Online, one of the six help windows will be displayed in the
           Statistic Window. Press "?" for the 6th time to see the stats again.

     1-3   Identify current number as CUSTOM 1-3 ... You may specify their name
           in TS-CFG. NOTE : Custom 1-3 may be assigned to be SECONDARY IDs.
           Will be saved into CUSTOM LOG

     4     Identify current line as CCiTT #4 (for blueboxers. SECONDARY ID
           Will be saved into CCITT LOG

     5     Identify current line as CCiTT #5 (for blueboxers. SECONDARY ID
           Will be saved into CCITT LOG

     6     Identify current number as foreign continent EUROPE. SECONDARY ID
           Will be saved into COUNTRY LOG

     7     Identify current number as foreign continent USA. SECONDARY ID
           Will be saved into COUNTRY LOG

     8     Identify current number as foreign continent ASIA. SECONDARY ID
           Will be saved into COUNTRY LOG

     9     Identify current number as foreign continent AFRICA. SECONDARY ID
           Will be saved into COUNTRY LOG

     0     Identify current number as an OTHER foreign continent. SECONDARY ID
           Will be saved into COUNTRY LOG

     SPACE Identify current number as UNINTERESTING. (NEXT)

     TAB   Next Number WITHOUT setting an primary ID on that number.
           (For closely examine later OR if you define a CUSTOM ID as 2ndary,
            it would be overwritten whn pressing SPACE with the ID
            UNINTERESTING) - the same as N

     ESC   This aborts scanning immedeatly and quits.

     ENTER When in AUTONOM/MANUAL mode, or activates Redial+Manual with M
           you may press ENTER to continue dialing online !
           Will be saved into MANUAL LOG

     BACKSPACE Enters the DIAL_AGAIN Menu. You can select from the last 20
           dialed numbers as many as you like to be dialed again.
           Very useful if you identified a number wrong, or you were on the
           toilett when this wonderful scanner detected a carrier and you want
           to see what it was now.
           NOTE : In Random Mode they won't be dialed again at once. 
                  (it's random ;-)

     F1-F8 Execute programs specified in TS-CFG

     ALT-A ALARM! The screen will immedeantly show another picture, called
           ALARM.BIN. The modem will abort at once and turn the modem speaker
           OFF. The scanner will then continue. Press ALT-A again to see
           the online scan screen. Note that that modem does not switch
           the speaker on again. Do that with ALT-S.

     ALT-B Activates BOSSKEY. Screen Blanks. Press Alt-B again to unblank.
           The screen will be up to date with the online data.
           Note: All other ALT Functions are disabled while Bosskey on,
                 Also Carrier Hacking in Mode 2 is disabled.

     ALT-C Turn COMMENT ALL Mode on/off. When on it asks after EVERY number
           for a comment.

     ALT-D DIAL Menu. Enter a number to dial. (f.e. the number of your
           girlfriend - and you don't want to stop the scanning process)

     ALT-J Jump to DOS. Options will be displayed to Hangup, Continue, Redial
           etc.

     ALT-M MODE Menu. Change mode CARRIER <-> TONE and turn AUTONOM/MANUAL mode
           on or off.

     ALT-O OPTION Menu. Immedeantly runs TS-CFG while online. Changed options
           will be loaded!

     ALT-S Speaker Toggle : Turn Modem Speaker ON or OFF

     ALT-T Enters TERMINAL MODE. When a log for carrier hacking is specified,
           everything will be logged there.
           Will be saved into CARRIER HACK LOG




TERMINAL MODE
=============

     F1    Shows in the Status Line the other commands

     ALT-B Send a Break

     ALT-C Clear Screen

     ALT-D Data Statistics

     ALT-H Hangup

     ALT-P Change Parameter -> Modem DATA Setting (8N1/7E1)

     ALT-S Save Comment (now you can also set this ON from here)

     ALT-T When in Carrier Hacking AUTO Mode, you can enter into manual mode
           by pressing ALT-T.

     ALT-X Exit (+ Hangup)











 ==============================================================================

                     IV. How to configure Modem & TS-CFG



   I YOUR MODEM
     First get all information about your modem.
     You need to know which IRQ, BASEADRESS and BAUD SPEED is used.
     For COM    IRQ   BASE   are common, but may differ.
          1      4     2E8
          2      3     2F8   
          3      4     3E8
          4      3     3F8

     also important is the baud speed. Suggestions : If you got a modem
     capable of 14400 Baud or more, try it with 14400 ... if you get the
     error message "Can't initialize Port" then set it to 9600.
     This is cause you use a 14.400+ Baud EXTERNAL Modem and your seriell port
     is not fast enough. But this is not important. Real Carrier Scanner Guys
     set their modem to 2400 Baud to get every carrier without problems.
  
  II TS-CFG
     Set Up TS-CFG. You must run TS-CFG before you can run THC-SCAN for the
     first time, 'cause the CFG File will be created there. Change the defaults
     to suit your modem. Everything you need to know about the options you may
     change in TS-CFG are explained there. So here you'll only see those
     options which need to be explained further and those with no help.

     MODEM CONFIG MENU
     -----------------
     Modem Init     : Configure your modem to wait for a carrier longer
                      then the timeout time defined (S7 Register to 60+)
                      The Carrier don't be lost easily (S10 Reg. to 50)
                      Check exact the time your modem needs to identify
                      the dialtone. Put this time into the S6 Register.
                      The modem should lower datarate when line quality
                      is bad, and it should try to connect on any 
                      possiblity. Set Speaker On or Off as you like.
                      Use the factory settings and only change those
                      things, not more, that's the most securest way.
                      Also important is, that you set the REPORT level
                      to the highest (most time X set to 7)
                      (except you are a modem configure artist ;-)
                      Note: You can also change the S11 Reg to 50-65
                      to dial faster.


     HANGUP TYPE      Can either be FAST or SECURE.
                      Choose FAST and try this with a) normal scanning, 
                      b) carrier hangup  c) choose manual/autonom mode 
                      and scan. If everything works fine use this mode, 
                      it's much faster. It works great with Zyxels, but USRs 
                      are much slower. Try it.

     AUTO DETECT DATA If you want to autodetect databits, parity etc. used
                      by a system you're scanning, you must set your modem
                      data to 8N1. It will detect after the first 100 
                      characters transmitted if it's really 8N1, or if it's
                      7E1 or 7O1. It will switch mode if 7x1 detected and
                      reprint them correctly and reset also the nudge string &
                      nudge timeout.

                      For all Modem configs : CONSULT YOUR MODEM HANDBOOK !



     MODEM RESPONSE MENU
     -------------------
                      Very important. If this isn't configured properly,
                      not everything will work correct.
                      For example, if no dialtone is detected, USR modems
                      responds with NO DIAL, Zyxel modems report NO DIALTONE,
                      and last but not least, Creatix reports NODIALTONE
                      All new modems report CONNECT when a carrier was found,
                      but old ones may report CARRIER ... and so on.
                      And not all modems can detect VOICE. Keep that in mind.
                      To make your life more easy you can do enhanced
                      identification. When you get a VOICE response, and your
                      modem didn't recognized a RINGING, then it's likely to be
                      a VMB ... so set for there FROM_RINGS to 0 and TO_RINGS
                      to 0 too for VMB detect (and set modem response to VOICE)
                      Make up your mind, you can do powerful things with that
                      but you need a brain to make that out! ;-) hehehehe


     SCANNING MODE MENU
     ------------------
     REDIAL BUSY      Numbers dialed in this scan round will only be redialed
                      when busy when SCANNING RANDOM. Set the DIALING Option
                      to 0 for this. When Dialing Sequentiell, only busy 
                      saved numbers from former tries will be done again.

     OVERWRITE WITH BUSY  If you scan for a special ID number (f.e. all carrier,
                      or tones with no ring) this defines if those Data will
                      be overwritten as BUSY when a BUSY is detected.
                      Of course you should turn them off, but you may set this
                      on to check which numbers you couldn't scan. Or do you
                      want to check all numbers in the log with your data file?






 ==============================================================================


                               V. Tips & Tricks



MODEM CONFIGS ?
     Here's a good Modem config for the Zyxel 1496B :
     AT &F *Q1 *P15 S11=60 S10=30 X5 N3 L6 
     if you want a quiet scanning, remove "N3 L6" and put "M0" there
     If for normal use (BBS call), remove *Q1 and exchange  S10=30 with S10=64

     Here's a good Modem config for the USR Dual Standard 14.400
     AT &F &A2 S11=60 S10=30 X7 Q0 E1
     if you want a quiet scanning, add "M0" 
     Note : Get Infos about the undocumented commands for your USR.
            There should be possibilities to even recognize CCiTT #5 clicks
            when using the hidden Y command settings. Use the -& Option of
            THC-SCAN to print all modem output into MODEM.LOG

     Heres's good Modem config for the Creatix/Fax 14.400
     AT &F S11=60 S10=30 X7 L3
     if you want a quiet scanning, remove "L3" and put "M0" there.

     Important with these configs is that you check that your modem dials
     not too fast for your phone system. experiment a bit with it, ya can
     save time with that ;-) (S11 Register)


HOW TO USE TOUCHTONE RECOGNITION WITH YOUR MODEM AND THC-SCAN
     1) First Possility :
        Put ",;%T" in your Dial Suffix string. (if you aren't using a USR for
        DTMF Recognition, exchange the "%T" with the correct command)
        Start THC-SCAN with the -& command to have all modem output printed
        into MODEM.LOG. Set to SECURE HANGUP in TS-CFG - MODEM SETUP.
     2) Second possiblity : 
        Set THC-SCAN to AUTONOM MODE or do a M (Redial+ Manual) while online. 
        Enter ALT-T for Terminal Mode immedeantly. When you see the "OK" Answer,
        enter the modem command for Touchtone Recognition (AT %T).
        To abort, press ESC. The output will be saved into your CARRIER HACK LOG

VOICE RECOGNITION RESPONSE WITHOUT EVEN FINISHED DIALING
     Put a "," into DIAL SUFFIX in the MODEM CONFIG Menu in TS-CFG

SAME AS ABOVE BUT WITH TONE SCANNING !
     also the same solve as above

THC-SCAN DIALS ONLY EVERY SECOND NUMBER
     Raise the number for WAIT BETWEEN CALL in MODEM CONFIG Menu in TS-CFG
     to 1000-1500

IDENTIFYING CARRIERS WHERE THERE AREN'T ANY
     Set your S7 Register of your modem to +15 then the Timeout specification.

MY MODEM DOESN'T DIAL ALL NUMBERS - IN FACT SOME WEREN'T SEND TO THE MODEM
     Raise the CHAR DELAY in the MODEM CONFIG Menu in TS-CFG to 5-25
     This is only necessary for old and slow modems.

WHAT SHOULD I USE - RANDOM OR SEQUENTIELL SCANNING ?
     It's up to you. If you do it random maybe your phone company won't notice
     your extensive scanning. But good phone systems will. If you dial 
     sequentiell you can get an overview about a company f.e. you get
     their Customer Service on -0000, a Special Bureau of the Company at 
     -0010 to -0050, a Fax at -0055 ... and you'll notice that fact. In random
     you won't.

WHEN SHOULD I SCAN - DAY OR NIGHT ?
     That's up to you too - at daytime your calls won't be noticed. (and in some
     countries it's a illegal to scan!.) But many numbers will be busy.
     Or Carriers will only be online in the night. Or a VMB etc.
     At nightime then again your calls may be noticed.
     But some guys don't have a choice, when to scan on their line.

WHAT DO YOU DO?
     I scan random at daytime, sitting in front of the computer.
     Sometimes a nightly carrier scanning while i'm sleeping. (random too)
     At night, there are more carriers online then at daytime.
     Some Tone-Types and the carriers can be checked automatically, but the
     interesting things you can only find, when you are sitting in front of the
     computer. 

I FOUND A TONE - AND NOW ?
     Get PBXHACK (from THC too ;-)  and "analyze" it - if it's not illegal ;-)

I FOUND A CARRIER - AND NOW ?
     Check it out - it might be interesting. If you get some annoying
     "PASSWORD:" prompt then get LOGIN HACKER (from THC too ;-) to get in.
     (but only if it's not illegal in your country ;-)

I'M IN THE USA - SO ?
     Scanning is illegal in some countries. Check a lawyer.
     But some phone companies make their own law, and close your line if
     you do extensive scanning. So check & try & test ... & good luck

I'M IN GERMANY - SO ??????
     Scanning is not illegal in Germany. But German Telekom has now installed
     SS7 Monitoring Equipment from HP, where such scanning habits can be
     analyzed (plus many more things ... this hardware is very flexible ...)
     And Telekom trained a special team in darmstadt to locate those evil 
     scanners - thought it's not illegal - but you know it too - telekom doesn't
     care about that! surveilling phone lines for their purpose!
     Telekom already installed tools on the phone lines of two friends which
     will let the line go busy after every second number dialed (no matter how
     long you wait between the calls, no matter what numbers exactly you dial)
     after you began scanning. Such tools are also already installed in some
     areas on the public payphones to prevent scanning.
     At the moment you are safe, but maybe from March to October '96 on 
     you should be careful.











 ==============================================================================

                      Epilog: Updates? How to contact? etc.


     If you are updating from an older version : 
     Run TS-CFG. It will recognize the old version of the config file and
     write the new one.

     Where to get new versions :
     Call one of the THC Dist Sites.

     How to become a Betatester of THC :
     At the moment we got two Betatest Directories on LORE BBS & ARRESTED
     DEVELOPMENT and soon on SHOCK NETWORK too ... LORE BBS is a closed
     system for experienced users only, so maybe it's better for you to
     call A.D. or S.N to become a beta tester. Look for the numbers in THC.NFO
     Once you've gto applied and access is granted write a comment to the sysop
     or directly to me (van Hauser) to get access to the Beta Directories.

     How to contact you (me ;-)
     If you need some features, found some bugs, got questions/information :

     1) Call LORE BBS -> ++49-(0)69-823282   Login:THC  Pw:THC
                                             leave a message for  van Hauser
     2) Call Arrested Development -> ++31-77-3547477    apply for an account
                                             leave a message for  van Hauser
     3) Leave a message on my VMB in Germany : 0130-817698  Box:6630  (Aspen)

     4) Write an email to -> vh@campus.de


I appreciate any comments! Flames, Bug Reports, Tips, Typing Errors, Wishes,
Excuses, Ideas for new Features - and of course your beautiful girlfriend ...


Thanks for taking all your precious time to read that shit ...
For all the typing errors - hey i'm german ... ;-)

Ciao...
                    van Hauser




==============================================================================

                                      END







































































-------------------------------------------------------------------------------

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.1

mQCNAzB6PNQAAAEEALx5p2jI/2rNF9tYandxctI6jP+ZJUcGPTs7QTFtF2c+zK9H
ElFfvsC0QkaaUJjyTq7TyII18Na1IuGj2duIHTtG1DTDOnbnZzIRsXndfjCIz5p+
Dt6UYhotbJhCQKkxuIT5F8EZpLTAL88WqaMZJ155uvSTb9uk58pv3AI7GIx9AAUT
tBp2YW4gSGF1c2VyL1RIQyBvZiBMT1JFIEJCUw==
=6UhL
-----END PGP PUBLIC KEY BLOCK-----

--------------------------------------------------------------------------------

                ??????????????????????????????????????????????
                ?                                            ?
                ????????    ??????????????????????????????????
                       ?    ?  ?????   ?????  ?????????????
                       ?    ?  ?   ?   ?   ?  ?           ?
                       ?    ?  ?   ?????   ?  ?   ?????????
                       ?    ?  ?           ?  ?   ?
                       ?    ?  ?           ?  ?   ?
                       ?    ?  ?   ?????   ?  ?   ?????????
                       ?    ?  ?   ?   ?   ?  ?           ?
                       ??????  ?????   ?????  ?????????????
                ??????????????????????????????????????????????
                ?             The Hacker's Choice            ?
                ??????????????????????????????????????????????


!! REMEMBER !!! REMEMBER !!! REMEMBER !!! REMEMBER !!! REMEMBER !!! REMEMBER !!
         This file is for informational purpose only!
 The Sysop-Team is NOT RESPONSIBLE for anything you do after reading this text!
!! REMEMBER !!! REMEMBER !!! REMEMBER !!! REMEMBER !!! REMEMBER !!! REMEMBER !!

         ?????????????????[Sysop : van Hauser]?????????????????
         ?                                                    ?
         ?                   ?   ?        ?        ?          ?
         ?         ??      ?????????  ???????  ???????        ?
         ?         ???    ????   ???? ???  ??? ???? ??        ?
         ?         ???    ???     ??? ?? ????  ???????        ?
         ?        ??????  ????   ???????? ??? ????  ?         ?
         ?        ??? ???? ????????? ??? ???? ??? ????        ?
         ?              ?    ?   ?       ?         ?          ?
         ?                                                    ?
         ?        3000 H/P/A/V/C/M Files                      ?
         ?        Biggest Hpavcm Board In Germany             ?
         ?        BIG Message Base !                          ?
         ?        Experts Only! Lamer Protection!             ?
         ?                                                    ?
         ?               ??[ ++49-69-823282 ]??               ?
         ?????????????????  NUP : <ask4it!>   ?????????????????
                         ??[ ++49-69-PRIVAT ]??

!!! ACHTUNG !!! ACHTUNG !!! ACHTUNG !!! ACHTUNG !!! ACHTUNG !!! ACHTUNG !!!
            Dieses File dient nur zur Information und Aufklaerung!
                Die Sysops erklaeren sich NICHT VERANTWORTLICH
        f?r Rechtsverstoesse, die durch diese Informationen entstehen.
!!! ACHTUNG !!! ACHTUNG !!! ACHTUNG !!! ACHTUNG !!! ACHTUNG !!! ACHTUNG !!!

                        H/P/A/V/M/C/I/D/P/!/L/F/O/!
--------------------------------------------------------------------------------