������������������������������������������������� � � � SCAVENGER-DIALER V0.80 � � *PUBLIC* release � � written by Scavenger � � � ������������������������������������������������� DISCLAIMER: ----------- Use this program at your own risk. The author is NOT responsible for any crime commited by using this program. ������������������������General Introduction���������������������������� Shortly after the [nameless] telecom installed various 'preventative' devices I wrote a loader that allowed TLO to play five frequencies at once (in order to escape the watchful ear of [nameless]'s devices). However, that loader was basically a kludge, considering TLO doesn't have a decent frequency scanner. Consequently, I decided to embarc upon developing my own dialer, which has now evolved into what many call the 'best in the industry'. As a matter of fact, feature-wise it IS the best. It supports five frequency trunks, advanced frequency/volume and automatic/manual route scanning, a reasonable script language and much more. It is written in Borland Pascal and Assembler. �������������������Introduction to this release������������������������� About 3 month have been gone now since the last public release. In version 0.72 were some major bugs. I hope that all the bugs are fixed now. Thanks to the guys that reported it to me. You might also have been recognized that the design changed a bit. I think all the stuff got a bit more handy now. A lot of Argentine guys told me their toll free numbers have more digits as they can enter into the toll free number box. I have fixed the problem now. Heyty(a kewl friend of mine) made a nice suggestion. He needed more toll free number entries.You get get more entries via CTRL-CURSOR UP/DOWN now. Simpson wanted a 25 lines version of this dialer for his laptop. You can get this mode using the starting parameter /25 (btw: 25 lines sucks like hell). While scanning some trunk, I got some clue and added a nice feature to the frequency scanner. You can define to play a trunk before(T_PRE) and after(T_SUF) each scan. Fill the values with zero and no trunk will be played. The routing scanned got a logging function & and an own timer. I just hated to write the the notes down to a paper. Press the L key to log the last dialer number. The timer is useful to see how much time you have left until the timeout. While watching TV and scanning some routes I got the idea to set the dialing on the left mouse button and the trunking on the right button. The mouse is more handy when you do other thing while scanning. The link between Scavenger Dialer and the THC programs might be the greatest feature of this version. Your are now able to scan comfortable carriers/tones or to brute force hack an system using this blue boxing program and van Hauser's great hacking programs. Oh, heheh.. there is a best of irc included to this version too. Only the best & fruitiest stuff is included. �����������������������������Windows 85��������������������������������� Deactivate the screen saver to get the dialer working without any error message. ��������������������What is this program good for?���������������������� You know - fine. You don't know - (no?) - you shouldn't know. �������������How to get your old data to this version������������������ If you want to use your phone numbers, trunks, [...] from SCAVENGER-DIALER V0.51 and below - delete SCAVENEW.DAT & copy the old SCAVENGE.DAT to this directory. The program will convert it. ��������������What to do if the GUS support doesn't work���������������� Make sure that you started the dialer with option /G. If the ULTRASND environment variable exists it will be used. If it doesn't exist the program tries to detect the correct settings. So you still have any trouble with it? - Write me an email. ��������������You want to send me an email? Crypt it!������������������� Send it to: sca@advantage.co.za -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.3a mQCNAi+kPL0AAAEEAMahCwd68e33QgSNx4VvOOOqRykwjREQnUDixXXaMNhc53fm MUfRSzU8p3TlPo3O27H44DcIvtlB9NIcVOFjC/sRNW1ZcFwnoIiYLQGfewdIWazc 27y+WLr+uyZgYJ/rmO/pQ+1IV/1R42sOcjIwTWeNtxE79VGcRvKC4sVXUOs5AAUR tB1TY2F2ZW5nZXIgPHNjYUB1bmxtdGVkLnBjLm15Pg== =s6vk -----END PGP PUBLIC KEY BLOCK----- ��������������How to get the user defined GUS samples work�������������� Start the dialer with /GSAM and make sure that gus_sam.ini containts a maximum of 255 sample datas. Each line containts one integer value. That means the range of each value is from -32767 to 32767. You can edit the file by your own and create useful waveforms. It is useful to write a program to get a waveform. This example program creates a normal sine wave. Run it to create the sample data file gus_sam.ini: 'sinewave.exe >gus_sam.ini' { sinewave.pas } const gussamplelen:byte=16; var i:byte; begin For i:=0 To gusSampleLen-1 Do writeln(Round(Sin((i/gussamplelen)*Pi*2) *maxint)); end. ��������������������������������Usage����������������������������������� Main Screen: ------------ Enter or A-Z Dial number CTRL-E, CTRL-Enter, ALT A-Z Edit number DEL Delete entry INS Insert entry CTRL DEL Delete entry & copy entry into clipboard CTRL INS Insert entry from clipboard HOME Move to begin END Move to end GRAY 0-9 Dial digits manually GRAY x/�/- Dial KP1, KP2, ST manually CTRL GRAY x/� Dial C11, C12 manually 1-9 Dial toll number ALT 1-9 Edit toll numbers CTRL-UP/DOWN Change toll free number page CTRL-D, 0 Toggle C5/DTMF/R2F/R2B/C4/PULSE CTRL-B Bosskey, press again to continue CTRL-K CCITT #4 & PULSE configuration CTRL-L Official ITU country code list SPACE, + Play trunk ^ Play the first line of the active trunk continious CTRL-T, BACKSPACE Edit trunk F1-F12 Select trunk 1-12 CTRL F1-F12 Select trunk 13-24 ALT F1-F12 Select trunk 25-36 SHIFT F1-F12 Select trunk 37-48 CTRL-Q Decrease delay offset (-99%..0..+99%) CTRL-A Increase delay offset (-99%..0..+99%) <, CTRL-W Decrease volume offset (-63..0..+63) >, CTRL-S Increase volume offset (-63..0..+63) SCROLL LOCK Toggle Breakfirst on/off CTRL-F, TAB Frequency/Volume scanner CTRL-TAB Run script use also SCAVENGE.EXE /S script.scr CTRL-R Routing scanner CTRL-Z World time PAGE-UP/DOWN Change dial volume CTRL PAGE-UP/DOWN Change dial speed Edit trunk: ----------- Enter Edit trunk name F1-F12 Select trunk 1-12 CTRL F1-F12 Select trunk 13-24 ALT F1-F12 Select trunk 25-36 SHIFT F1-F12 Select trunk 37-48 PAGE-UP/DOWN Change trunk DEL Delete current trunk INS Insert trunk ALT-INS Insert line ALT-DEL Delete line HOME Move to begin END Move to end SPACE, + Play trunk TAB Frequency/Volume scanner Frequency/Volume scanner: ------------------------- PAGE-UP/DOWN Change value Enter Start frequency scanning + Start volume scanning S Save values to current trunk R Reset scanner = From freq=to freq SPACE Toggle frequency play F1-F12 Select trunk 1-12 CTRL F1-F12 Select trunk 13-24 ALT F1-F12 Select trunk 25-36 SHIFT F1-F12 Select trunk 37-48 The following example shows how the volume scanner works: �����������������frequency/volume scanner��������������Ŀ � F1 V1� F2 V2� F3 V3� F4 V4� F5 V5 � � from freq : 100 40� 200 40�1100 0�1200 0�1300 45 � � to freq : 100 50� 200 40�1100 50�1200 0�1300 63 � � add value : 1 1� 1 0� 1 99� 222 99� 0 1 � � len/pause : 200 � 20 � � scannerfreq: 100 40� 200 40�1100 45�1200 45�1300 45 � This example scans the volumes of the frequencies 100, 200, 1100, 1200, 1300 Hz. The frequencies 1100, 1200 & 1300 Hz will be scanned from a volume of 45 to a volume of 63. So it begins with: 100 40 200 40 1100 45 1200 45 1300 45 100 40 200 40 1100 46 1200 46 1300 46 100 40 200 40 1100 47 1200 47 1300 47 . . . . . . . . . . 100 40 200 40 1100 63 1200 63 1300 63 Then it goes on to 200 Hz. The volume of 200 Hz is constant from 40 to 40 so the volume of 100 Hz is scanned. 100 41 200 40 1100 45 1200 45 1300 45 100 41 200 40 1100 46 1200 46 1300 46 100 41 200 40 1100 47 1200 47 1300 47 . . . . . 100 41 200 40 1100 63 1200 63 1300 63 100 42 200 40 1100 45 1200 45 1300 45 100 42 200 40 1100 46 1200 46 1300 46 100 42 200 40 1100 47 1200 47 1300 47 . . . . . 100 42 200 40 1100 63 1200 63 1300 63 . . . . . . . . . 100 50 200 40 1100 63 1200 63 1300 63 Got it! The volume is very important because... Scripts: -------- Avaible script commands: DIAL x Dial number x PLAYTRUNK x Play trunk number x WAIT x Wait x ms (0..60000) SET_DTMF Set DTMF dialset SET_C4 Set CCITT #4 dialset SET_C5 Set CCITT #5 dialset SET_R2F Set R2 forward dialset SET_R2O Set R2 backward dialset SET_PULSE Set Dial pulse dialset LPTON Set all LPT port bits LPTOFF Clear all LPT port bits SENDPORT x y Send value y (0..255) to port x (0..255) WRANDOM x y Wait time x seconds and y random seconds PAUSE Pause, wait for any key RUNAGAIN x Run script again in x ms or press ESC RUNSCRIPT filename Start another script file DIAL_VAR Dials the in /DIALVAR defined number Routing scanner: ---------------- Enter Dial number F1-F12 Select trunk 1-12 CTRL F1-F12 Select trunk 13-24 ALT F1-F12 Select trunk 25-36 SHIFT F1-F12 Select trunk 37-48 SPACE Play trunk CTRL-E, CTRL-Enter Edit prefix, suffix, scan CURSOR-LEFT,- Decrease scan CURSOR-RIGHT,+ Increase scan 0 Toggle zero including on/off (toggle off if you dont know how many digits the routing has) CTRL-S Toggle Script after on/off (useful when scanning automaticly and you just listen to it) TAB Start automatic scanning S run ROUTSPEC.SCR < > Decrease/Increase max-counter R reset counter L log current entry to SCA-ROUT.LOG The routing scanner is a very powerful part of the dialer. With it you are able to scan routings/numbers either manually or automatically. In automatic scanning mode you just sit back and listen to the connection. If you want to scan routings automatically, first you have to create a script file named ROUTSCAN.SCR that contains instructions to make the line ready to dial like PLAYTRUNK, WAIT, [...] Optimize your break to 100% and enjoy the automatic scanner. An example: -------ROUTSCAN.SCR------- WAIT 2000 PLAYTRUNK 29 WAIT 1000 -------------------------- A nice feature of Version 0.61 is the scan counter. You can change the maximum counter with the keys < >. When the max-counter is reached the script file ROUTSPEC.SCR is called. With this function, you are able to scan for hours without a hangup, since establishing a connection every once and a while bypasses the on-hook timeout implemented by many carriers. In your ROUTSPEC.SCR, simply include instructions that dial a number that goes OFF-HOOK. An example: -------ROUTSPEC.SCR------- WAIT 2000 PLAYTRUNK 29 WAIT 1000 DIAL A09999999999C WAIT 5000 -------------------------- Options: -------- Run SCAVENGE.EXE with options /? to get help /A to use more compatible sound routines (use when you have problem... when emulating Adlib or soundcard is not 100% compatible) /P to use analog pulse dialing via LPT1 port /C to use Win/OS2 compatible timing routines /D filename user defined data-file(default SCAVENGE.DAT) /G to use GUS instead of Adlib/Soundblaster /GSAM to use user defined sample data from gus_sam.ini (GUS only) /K to reset the keyboard buffer after playing a trunk /N to use DOS timer routines (used as default) /S filename to start a script /NOOUTPUT to disable the screen output; /DIAL num to dial a number /TRUNK num to play a trunk'); /DIALVAR num to set via a parameter a number that is dialed using the script function DIAL_VAR /SIGNALSYS num set the active signalling system 1-C5, 2-DTMF, 3-R2-FO, 4-R2-BA, 5-C4, 6-PULSE, 7-'ANALOG' ������������������������������CCITT #4���������������������������������� Some notes to standard CCITT #4 -------------------------------- If you don't know what to do with C4 - don't use it (huh). If you know where you can use it be happy & enjoy it! Freq A 2040 Hz for 35 ms Freq B 2400 Hz for 35 ms Freq P Freq A & Freq B together for 150 ms Freq X Freq A for 100 ms Freq Y Freq B for 100 ms ������������������������������Ŀ � Encoded � Digit � Info � ������������������������������ij � BBBA � 1 � 1 � � BBAB � 2 � 2 � � BBAA � 3 � 3 � � BABB � 4 � 4 � � BABA � 5 � 5 � � BAAB � 6 � 6 � � BAAA � 7 � 7 � � ABBB � 8 � 8 � � ABBA � 9 � 9 � � ABAB � 0 � 0 � � PX � A � KP1 � � PY � B � KP2 � � AAAA � C � ST � � ABAA � F � C11 � � AABB � G � C12 � � AABA � H � C13 � � AAAB � I � C14 � � BBBB � J � C15 � �������������������������������� ����������������������������DIAL PULSE������������������������������� Dial Pulse is an very old signalling system. It is rarely used for toll signalling, but is used by many independent Booniesville telcos to signal SxSs. It is relatively hard to find an exchange that uses it. The standard pulse frequency is 2600 hz. Each digit consists of several pulses: 1 - 1 pulse, 2 - 2 pulses, 3 - 3 pulses,...,9 - 9 pulses, 0 - 10 pulses A - 11 pulses, B - 12 pulses, C - 13 pulses, D - 14 pulses, E - 15 pulses. NOTE: VARIOUS IMPLEMENTATIONS WILL VARY IN THEIR USAGES OF A-E, and most SxSs only take FOUR digits to directly control its selectors. In this instance no KP-ST is used. Please note also, that most SxSs that use DP do not wink back after seize (2600). They may simply make a click, which is interpreted as a 'start-dial' signal. You can configure the frequencies/guard frequencies/volumes, length/pause of each pulse via the PULSE configuration(CTRL K). The pause between each digit is specified by the dial speed. Remember, in most cases the dial pulses DIRECTLY control selectors, so you must not dial too fast. A good nominal rate is 10 pulses per second, using the make/break ratio of the country the switch is in. (US: 60ms on, 40ms off). ��������������������������Waveform selection���������������������������� The normal selection should be (0). Use (1)-(3) to bypass some devices. Note! The waveform selection does not work with a GUS. On GUS cards use user-defineable samples to get different wave forms. If you want to use it, get an oldskool Adlib card for 10$. Normal (0) half (1) absolute (2) cut absolute (3) ___ ___ ___ ___ _ _ / \ / \ / \ / \ / | / | /_____\_______ /_____\_____ /_____\/_____\ /__|___/__|___ \ / \___/ ��������������������������Volume shifting������������������������������� This is another very powerful method to bypass some devices. Note! Volume shifting only works in DOS mode currectly. +----------------------------edit trunk----------------------------+ | xx/50 | | V1 F1 V2 F2 V3 F3 V4 F4 V5 F5 Len Delay | | Tone 1 63 1000 0 2000 25 3000 40 1500 0 0 1000 0 | | Tone 2 0 0 63 0 45 0 40 0 0 0 9999 0 | This will play a tone of 1000,2000,3000,1500 hz for 1000 ms. The volume will be changed during the trunk. 1000 hz has an initial volume of 63 and an ending volume of 0 2000 hz has an initial volume of 0 and an ending volume of 63 3000 hz has an initial volume of 25 and an ending volume of 45 1500 hz is played at volume 40 the whole time. The length of 9999 enables the volume shifting. I first wanted to keep the volume shifting secret option... well here you are. �����������������������Scavenger-Dialer history������������������������� V0.01 XX.12.94 � First steps... . . � Trunks, C5 dialing, DTMF dialing, phonebook etc. . V0.73 18.02.96 � Fixed trunk edit bug - deleting/inserting of noise values did not (thx go to powerbyter.. reporting me this bug) � Fixed toll free number size problem (the argentina guys needed more digits) � More toll free numbers - to scroll use CTRL-CURSOR UP/DOWN (suggestion of HeyTy) � Added Pulse dialing for the oldskool german analog exchanges (requested by Simpson) � Added up2date coutry code list(+more info) � The active trunk is now showed permanently � Fixed: some soundcards produced noises at low volume after playing a trunk V0.80 16.03.96 � *CeBit 96 RELEASE* � Added timer window � Added 25 lines mode (Simpson mode, for his lap) � Changes design a bit � Fixed the GUS routines.. now 16 bit & hopefully correct frqs � Added 2 new entry to the scanner.. you can play a trunk before(T_PRE) and after(T_SUF) the scan � Added logging function in the routing scanner use L key to log the last dialed number to the file SCA-ROUT.LOG � Added timer to the routing scanner.. I found it useful to see how much time is left until the timeout � You now can dial the free numbers also from the routing scanner � Added simple terminal on CTRL-X � The dialer now only inits the screen mode if it is not needed � Added mouse button check on routing scanner.. press left button to dial and right button to trunk.. I got that idea when I scanning some stuff while watching TV..the mouse is more handy � Support of the great tools by Van Hauser: Login Hacker & THC-SCAN (needs V0.9c or greater) � Added parmeters /DIAL and /TRUNK to call it from other programs..like van Hauser's THC-SCAN or THC-Login haxor � Added /NOOUTPUT option to disable all output (useful when you call it from THC proggies) � Added /DIALVAR to set via a parameter a number that is dialed with the script function DIAL_VAR � Added /SIGNALSYS to set the active signalling system (check docs) - removed carrier scanner.. the THC tools are more powerful.. so check to use them combined with Scavenger Dialer ����������Where can I get the latest version of this dialer������������� ������������������������������������������������������������������������ � Name � Location � Number/Directory � ������������������������������������������������������������������������ � HOME PAGE � Inet/WWW �http://connectnet.net.au/~sca� ������������������������������������������������������������������������ � BLUEBOSS � Inet/IRC-BOT � dcc chat/.files � ������������������������������������������������������������������������ � FTP.FC.NET � Inet/FTP � /pub/defcon/SCAVENGER/ � ������������������������������������������������������������������������ � wanted good h/p board � USA � +1-REALPHREAK � � NO us-kiddi shit please � � � ������������������������������������������������������������������������ � TROPICAL BBS � Mozambique � +258-1425745 � ������������������������������������������������������������������������ � BIG MATHATA'S BOARD � Botswana � +267-373461 � ������������������������������������������������������������������������ � VIRUS POLYTECHNIC � South Africa � +27-119535414 � ������������������������������������������������������������������������ � ARRESTED DEVELOPMENT � Netherlands � +31-77547477 � ������������������������������������������������������������������������ � RADIO SCAVENGER (h0h0) � Iceland � +354-8006001 TELCO KILLED IT� � � � NEW NUMBER: +354-8006012 � ������������������������������������������������������������������������ � DOCKMASTER � Uk � +44-141SCAN � ������������������������������������������������������������������������ � RESTRICTED ACCESS � Denmark � +45-36703060 � ������������������������������������������������������������������������ � BOIXOS NOIS � Argentina � +54-17300294 � ������������������������������������������������������������������������ � LORE BBS leech account: � Germany � +49-69823282 � � LOGIN : LORE PW: LORE � � � ������������������������������������������������������������������������ � TEMPLE OF LIGHT � Uruguay � +598-2774191 � � NUP: DOWNSET � � +598-2773714 � ������������������������������������������������������������������������ � DESTINY STONE ][ � Australia � +61-92463491 � ������������������������������������������������������������������������ If you are a sysop and want to become a SCAVENGER-DIALER support site write me an email. ���������������������������greetings������������������������������������ Ganja Man - Ich m�chte ein E+ kaufen..hehe Zerial - Got inactive dewd? Omega - your bbs is the world's best H/P board Tuf - fr33.0rg sux0r! Bads - Come to HEU2 dewd... if there is one..:) Eck - your board ist UK's best Countz, Underflow, Sloppy, AlikeB - greets Dking - Thx for the web stuff! Fisch - Your way: Get into live, do not call via bb, do not have 4 lines, never use computers again... Soundtracer - Holland's best phreaker Vaxxer - come back.. Sphixe - you are the master in hacking dude! Marquis - thx for your protection tips..:) Dr.Fonk - simply UK's best phreak.... stay phreaky dude! van Hauser - THC is rewlz! Bspline - Boxing in USA is fucking kewl Digitone - greets El Griton - Enjoy your job.. Neophyte - greets Heyty - breakbeat suxx... harthouse rewlz. Kokey - good luck with your job as security administor 7up - get sectec kickin again dude! Updike - got ya into calling global.. enjoy the phreedom Chotaire - you are kewl dude!.. I luv ya bot dude!...good work Seen - NEVER check out http://www.escape.com/~seen please..h00h Trax - greets Simpson - greets Urmel - email me.... are you in your new home country now? ... and all #bluebox people ������������������������������������������������������������������������ Have phun with this dialer. -Scavenger 1996