The Ultimate Beginner’s Guide to Hacking and Phreaking by Revelation (August 4, 1996)

$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
######################################################################
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
**********************************************************************
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+ +
+ THE ULTIMATE BEGINNER’S GUIDE TO HACKING AND PHREAKING +
+ +
+ +
+ +
+ +
+ BY +
+ REVELATION +
+ LOA–ASH +
+ +
+ +
+ +
+ +
+ +
+ Written: 08/4/96 Volume: 1 +
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
**********************************************************************
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
######################################################################
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$

This document was written in Windows 95 Word Pad. The title
above, and some of the text looks a little screwed up when read in
anything else, so read it in Word Pad.
Anyway, for those of you who are wondering “what do the letters
“LOA” under his handle stand for?” Well, LOA stands for Legion Of the
Apocalypse, which is a group of elite hackers and phreakers in my area.
The current members of LOA are:

Revelation, Phreaked Out, Phreak Show, Logik Bomb, Silicon Toad,

I started LOA when I discovered that there were many good
hackers and phreakers in my area. I thought that an organized group of
hackers and phreakers would accomplish much more than an individual
could by himself. Thus the Legion Of the Apocalypse was formed and has
been around for a while since. Our main goal is to show the public
what hacking and phreaking is all about and to reveal confidential
information to the hacking/phreaking community so that we can learn
more about computers, telephones, electronics, etc. We are hoping to
get our own World Wide Web page soon, so keep an eye out for it. It
will contain all of the hacking, phreaking, computer, telephone,
security, electronics, virus, and carding information that you could
possibly want.
Also, if some of you are wondering why I chose the word
Revelation as my handle, well, Revelation means revealing or
unveiling, which is exactly what I intend to do as a hacker/phreaker.
I intend to reveal all the information that I can gather while
hacking and phreaking.
Anyway, I wrote this document because I have read all the files
that I could get my hands on and noticed that there has never been a
really good file written that guided beginning hackers and phreakers
step by step.
When I began hacking and started reading all of the beginner
files, I still had many un-answered questions. My questions were
eventually answered, but only through LOTS of reading and practice.
In this file, I hope to give basic step by step instructions that will
help beginning hackers and phreakers get started. But, DO NOT think
that this will save you from having to read alot. If you want to be a
hacker/phreaker, reading is the most important thing you can do. You
will have to do ALOT of reading no matter what.
This document was intended for beginners, but it can also be used
as a reference tool for advanced hackers and phreakers.
Please distribute this document freely. Give it to anyone that
you know who is interested in hacking and/or phreaking. Post it on your
World Wide Web page, Ftp sites, and BBS’s. Do whatever you want with it
as long as it stays UNCHANGED.
As far as I know, this is the most complete and in depth beginners
guide available, that is why I wrote it. Also, I plan to have new
volumes come out whenever there has been a significant change in the
material provided, so keep an eye out for them. LOA is planning on
starting an on-line magazine, so look for that too. And we are also starting a hacking business. Owners of businesses can hire us to hack into their systems to find the security faults. The name of this company is A.S.H. (American Security Hackers), and it is run by LOA. If you have any questions about this company, or would like to hire us, or just want security advice, please E-Mail A.S.H. at: “revelationmail@usa.pipeline.com”. Readers can also send comments and questions to this address.
This document is divided into three main sections with many
different sub-sections in them. The Table Of Contents is below:

Table Of Contents:

I. HACKING

A. What is hacking?
B. Why hack?
C. Hacking rules
D. Getting started
E. Where and how to start hacking
F. Telenet commands
G. Telenet dialups
H. Telenet DNIC’s
I. Telenet NUA’s
J. Basic UNIX hacking
K. Basic VAX/VMS hacking
L. Basic PRIME hacking
M. Password list
N. Connecting modems to different phone lines
O. Viruses, Trojans, and Worms

II. PHREAKING

A. What is phreaking?
B. Why phreak?
C. Phreaking rules
D. Where and how to start phreaking
E. Boxes and what they do
F. Red Box plans
G. Free calling from COCOT’s
H. ANAC numbers

III. REFERENCE

A. Hacking and phreaking W.W.W. pages
B. Good hacking and phreaking text files
C. Hacking and phreaking Newsgroups
D. Rainbow Books
E. Hacking and phreaking magazines
F. Hacking and phreaking movies
G. Hacking and phreaking Gopher sites
H. Hacking and phreaking Ftp sites
I. Hacking and phreaking BBS’s
J. Cool hackers and phreakers
K. Hacker’s Manifesto
L. Happy hacking!

* DISCLAIMER *

“Use this information at your own risk. I Revelation, nor any
other member of LOA, nor the persons providing this file, will NOT
assume ANY responsibility for the use, misuse, or abuse, of the
information provided herein. The following information is provided for
educational purposes ONLY. The informaion is NOT to be used for illegal
purposes. By reading this file you ARE AGREEING to the following terms:
I understand that using this information is illegal. I agree to, and
understand, that I am responsible for my own actions. If I get into
trouble using this information for the wrong reasons, I promise not
to place the blame on Revelation, LOA, or anyone that provided this
file. I understand that this information is for educational purposes only. This file may be used to check your security systems and if you would like a thorough check contact A.S.H.
This file is basically a compilation of known hacking and
phreaking information and some information gathered from my own
experience as a hacker/phreaker. I have tried to make sure that
everything excerpted from other documents was put in quotes and labeled
with the documents name, and if known, who wrote it. I am sorry if any
mistakes were made with quoted information.”

-=Revelation=-
LOA

I. HACKING

A. What is hacking?

Hacking is the act of penetrating computer systems to gain
knowledge about the system and how it works.
Hacking is illegal because we demand free access to ALL data, and
we get it. This pisses people off and we are outcasted from society, and
in order to stay out of prison, we must keep our status of being a
hacker/phreaker a secret. We can’t discuss our findings with anyone but
other members of the hacking/phreaking community for fear of being
punished. We are punished for wanting to learn. Why is the government
spending huge amounts of time and money to arrest hackers when there are
other much more dangerous people out there. It is the murderers,
rapists, terrorists, kidnappers, and burglers who should be punished for what they have done, not hackers. We do NOT pose a threat to anyone. We are NOT out to hurt people or there computers. I admit that there are some people out there who call themselves hackers and who deliberately damage computers. But these people are criminals, NOT hackers. I don’t care what the government says, we are NOT criminals. We are NOT trying to alter or damage any system. This is widely misunderstood. Maybe one day people will believe us when we say that all we want is to learn.
There are only two ways to get rid of hackers and phreakers.
One is to get rid of computers and telephones, in which case we would
find other means of getting what we want.(Like that is really going to
happen.) The other way is to give us what we want, which is free access
to ALL information. Until one of those two things happen, we are not
going anywhere.

B. Why hack?

As said above, we hack to gain knowledge about systems and the
way they work. We do NOT want to damage systems in any way. If you do
damage a system, you WILL get caught. But, if you don’t damage
anything, it is very unlikely that you will be noticed, let alone be
tracked down and arrested, which costs a considerable amount of time
and money.
Beginners should read all the files that they can get their
hands on about anything even remotely related to hacking and phreaking,
BEFORE they start hacking. I know it sounds stupid and boring but it
will definetly pay off in the future. The more you read about hacking
and phreaking, the more unlikely it is that you will get caught. Some
of the most useless pieces of information that you read could turn out
to be the most helpful. That is why you need to read everything
possible.

C. Hacking rules

1. Never damage any system. This will only get you into trouble.

2. Never alter any of the systems files, except for those needed to
insure that you are not detected, and those to insure that you have
access into that computer in the future.

3. Do not share any information about your hacking projects with
anyone but those you’d trust with your life.

4. When posting on BBS’s (Bulletin Board Systems) be as vague as
possible when describing your current hacking projects. BBS’s CAN
be monitered by law enforcement.

5. Never use anyone’s real name or real phone number when posting
on a BBS.

6. Never leave your handle on any systems that you hack in to.

7. DO NOT hack government computers.

8. Never speak about hacking projects over your home telephone line.

9. Be paranoid. Keep all of your hacking materials in a safe place.

10. To become a real hacker, you have to hack. You can’t just sit
around reading text files and hanging out on BBS’s. This is not what
hacking is all about.

D. Getting started

The very first thing you need to do is get a copy of PKZIP
or some other file unzipping utility. Nearly everything that you
download from the Internet or from a BBS will be zipped. A zipped file is a file that has been compressed. Zipped files end with the extension “.zip”.
Then you need to get yourself a good prefix scanner.(also known
as a War Dialer) This is a program that automatically dials phone
numbers beginning with the three numbers (prefix) that you specify. It
checks to see if the number dialed has a carrier.(series of beeps that
tells you that you have dialed a computer) Try and find a large
business area prefix to scan. It is these businesses that have
interesting computers. There are many good scanners out there, but I
would recommend Autoscan or A-Dial. These are very easy to use and get
the job done quickly and efficiently.

E. Where and how to start hacking

After you get yourself a good scanner, scan some prefixes and
find some cool dialups, then do the following: From your terminal,
dial the number you found. Then you should hear a series of beeps
(carrier) which tells you that you are connecting to a remote computer.
It should then say something like “CONNECT 9600” and then identify the
system that you are on. If nothing happens after it says “CONNECT 9600”
try hitting enter a few times. If you get a bunch of garbage adjust your
parity, data bits, stop bits, baud rate, etc., until it becomes clear.
That is one way of connecting to a remote computer. Another way is
through Telenet or some other large network.
Telenet is a very large network that has many other networks and
remote computers connected to it.
Ok, here is how you would connect to a remote computer through
Telenet:
First, you get your local dialup(phone number) from the list that
I have provided in Section G. Then you dial the number from your
terminal and connect.(If you get a bunch of garbage try changing your
parity to odd and your data bits to 7, this should clear it up.) If
it just sits there hit enter and wait a few seconds, then hit enter
again. Then it will say “TERMINAL=” and you type in your terminal
emulation. If you don’t know what it is just hit enter. Then it will
give you a prompt that looks like “@”. From there you type “c” and then
the NUA (Network User Address) that you want to connect to. After you
connect to the NUA, the first thing you need to do is find out what type
of system you are on.(i.e. UNIX, VAX/VMS, PRIME, etc.)
There are other things that you can do on Telenet besides
connecting to an NUA. Some of these commands and functions are listed in
the next section.
You can only connect to computers which accept reverse charging.
The only way you can connect to computers that don’t accept reverse charging is if you have a Telenet account. You can try hacking these. To do this, at the “@” prompt type “access”. It will then ask you for your Telenet ID and password.
Telenet is probably the safest place to start hacking because of
the large numbers of calls that they get. Make sure you call during
business hours (late morning or early afternoon) so there are many
other people on-line.

F. Telenet commands

Here is a list of some Telenet commands and their functions. This
is only a partial list. Beginners probably won’t use these commands,
but I put them here for reference anyway.

COMMAND FUNCTION

c Connect to a host.
stat Shows network port.
full Network echo.
half Terminal echo.
telemail Mail.(need ID and password)
mail Mail.(need ID and password)
set Select PAD parameters
cont Continue.
d Disconnect.
hangup Hangs up.
access Telenet account.(ID and password)

G. Telenet dialups

Here is the list of all the Telenet dialups that I know of in
the U.S.A., including the city, state, and area code:

STATE,CITY: AREA CODE: NUMBER:

AL, Anniston 205 236-9711
AL, Birmingham 205 328-2310
AL, Decatur 205 355-0206
AL, Dothan 205 793-5034
AL, Florence 205 767-7960
AL, Huntsville 205 539-2281
AL, Mobile 205 432-1680
AL, Montgomery 205 269-0090
AL, Tuscaloosa 205 752-1472
AZ, Phoenix 602 254-0244
AZ, Tucson 602 747-0107
AR, Ft.Smith 501 782-2852
AR, Little Rock 501 327-4616
CA, Bakersfield 805 327-8146
CA, Chico 916 894-6882
CA, Colton 714 824-9000
CA, Compton 213 516-1007
CA, Concord 415 827-3960
CA, Escondido 619 741-7756
CA, Eureka 707 444-3091
CA, Fresno 209 233-0961
CA, Garden Grove 714 898-9820
CA, Glendale 818 507-0909
CA, Hayward 415 881-1382
CA, Los Angeles 213 624-2251
CA, Marina Del Rey 213 306-2984
CA, Merced 209 383-2557
CA, Modesto 209 576-2852
CA, Montery 408 646-9092
CA, Norwalk 213 404-2237
CA, Oakland 415 836-4911
CA, Oceanside 619 430-0613
CA, Palo Alto 415 856-9995
CA, Pomona 714 626-1284
CA, Sacramento 916 448-6262
CA, Salinas 408 443-4940
CA, San Carlos 415 591-0726
CA, San Diego 619 233-0233
CA, San Francisco 415 956-5777
CA, San Jose 408 294-9119
CA, San Pedro 213 548-6141
CA, San Rafael 415 472-5360
CA, San Ramon 415 829-6705
CA, Santa Ana 714 558-7078
CA, Santa Barbara 805 682-5361
CA, Santa Cruz 408 429-6937
CA, Santa Rosa 707 656-6760
CA, Stockton 209 957-7610
CA, Thousand Oaks 805 495-3588
CA, Vallejo 415 724-4200
CA, Ventura 805 656-6760
CA, Visalia 209 627-1201
CA, West Covina 818 915-5151
CA, Woodland Hills 818 887-3160
C0, Colorado 719 635-5361
CO, Denver 303 337-6060
CO, Ft. Collins 303 493-9131
CO, Grand Junction 303 241-3004
CO, Greeley 303 352-8563
CO, Pueblo 719 542-4053
CT, Bridgeport 203 335-5055
CT, Danbury 203 794-9075
CT, Hartford 203 247-9479
CT, Middletown 203 344-8217
CT, New Britain 203 225-7027
CT, New Haven 203 624-5954
CT, New London 203 447-8455
CT, Norwalk 203 866-7404
CT, Stamford 203 348-0787
CT, Waterbury 203 753-4512
DE, Dover 302 678-8328
DE, Newark 302 454-7710
DC, Washington 202 429-7896
DC, Washington 202 429-7800
FL, Boca Raton 407 338-3701
FL, Cape Coral 813 275-7924
FL, Cocoa Beach 407 267-0800
FL, Daytona Beach 904 255-2629
FL, Ft. Lauderdale 305 764-4505
FL, Gainsville 904 338-0220
FL, Jacksonville 904 353-1818
FL, Lakeland 813 683-5461
FL, Melbourne 407 242-8247
FL, Miami 305 372-0230
FL, Naples 813 263-3033
FL, Ocala 904 351-3790
FL, Orlando 407 422-4099
FL, Pensacola 904 432-1335
FL, Pompano Beach 305 941-5445
FL, St. Petersburg 813 323-4026
FL, Sarasota 813 923-4563
FL, Tallahassee 904 681-1902
FL, Tampa 813 224-9920
FL, West Palm Beach 407 833-6691
GA, Albany 912 888-3011
GA, Athens 404 548-5590
GA, Atlanta 404 523-0834
GA, Augusta 404 724-2752
GA, Colombus 404 571-0556
GA, Macon 912 743-8844
GA, Rome 404 234-1428
GA, Savannah 912 236-2605
HI, Oahu 808 528-0200
ID, Boise 208 343-0611
ID, Idaho Falls 208 529-0406
ID, Lewiston 208 743-0099
ID, Pocatella 208 232-1764
IL, Aurora 312 896-0620
IL, Bloomington 309 827-7000
IL, Chicago 312 938-0600
IL, Decatur 217 429-0235
IL, Dekalb 815 758-2623
IL, Joliet 815 726-0070
IL, Peoria 309 637-8570
IL, Rockford 815 965-0400
IL, Springfield 217 753-1373
IL, Urbana 217 384-6428
IN, Bloomington 812 332-1344
IN, Evansville 812 424-7693
IN, Ft. Wayne 219 426-2268
IN, Gary 219 882-8800
IN, Indianapolis 317 299-0024
IN, Kokomo 317 455-2460
IN, Lafayette 317 742-6000
IN, Muncie 317 282-6418
IN, South Bend 219 233-7104
IN, Terre Haute 812 232-5329
IA, Ames 515 233-6300
IA, Cedar Rapids 319 364-0911
IA, Davenport 319 324-2445
IA, Des Moines 515 288-4403
IA, Dubuque 319 556-0783
IA, Iowa City 319 351-1421
IA, Sioux City 712 255-1545
IA, Waterloo 319 232-5441
KS, Lawrence 913 843-8124
KS, Manhattan 913 537-0948
KS, Salina 913 825-7900
KS, Topeka 913 233-9880
KS, Wichita 316 262-5669
KY, Bowling Green 502 782-7941
KY, Frankfort 502 875-4654
KY, Lexington 606 233-0312
KY, Louisville 502 589-5580
KY, Owensboro 502 686-8107
LA, Alexandria 318 445-1053
LA, Baton Rouge 504 343-0753
LA, Lafayette 318 233-0002
LA, Lake Charles 318 436-0518
LA, Monroe 318 387-6330
LA, New Orleans 504 524-4094
LA, Shreveport 318 221-5833
ME, Augusta 207 622-3123
ME, Brewer 207 989-3081
ME, Lewiston 207 784-0105
ME, Portland 207 761-4000
MD, Annapolis 301 224-8550
MD, Baltimore 301 727-6060
MD, Frederick 301 293-9596
MA, Boston 617 292-0662
MA, Brockton 508 580-0721
MA, Fall River 508 677-4477
MA, Framingham 508 879-6798
MA, Lawrence 508 975-2273
MA, Lexington 617 863-1550
MA, Lowell 508 937-5214
MA, New Bedford 508 999-2915
MA, Northampton 413 586-0510
MA, Pittsfield 413 499-7741
MA, Salem 508 744-1559
MA, Springfield 413 781-3811
MA, Woods Hole 508 540-7500
MA, Worcester 508 755-4740
MI, Ann Arbor 313 996-5995
MI, Battle Creek 616 968-0929
MI, Detroit 313 964-2988
MI, Flint 313 235-8517
MI, Grand Rapids 616 774-0966
MI, Jackson 517 782-8111
MI, Kalamazoo 616 345-3088
MI, Lansing 517 484-0062
MI, Midland 517 832-7068
MI, Muskegon 616 726-5723
MI, Pontiac 313 332-5120
MI, Port Huron 313 982-8364
MI, Saginaw 517 790-5166
MI, Southfield 313 827-4710
MI, Traverse City 616 946-2121
MI, Warren 313 575-9152
MN, Duluth 218 722-1719
MN, Mankato 517 388-3780
MN, Minneapolis 612 341-2459
MN, Rochester 507 282-5917
MN, St. Cloud 612 253-2064
MS, Gulfport 601 863-0024
MS, Jackson 601 969-0036
MS, Meridian 601 482-2210
MS, Starkville 601 324-2155
MO, Columbia 314 449-4404
MO, Jefferson City 314 634-5178
MO, Kansas City 816 221-9900
MO, St. Joseph 816 279-4797
MO, St. Louis 314 421-4990
MO, Springfield 417 864-4814
MT, Billings 406 245-7649
MT, Great Falls 406 771-0067
MT, Helena 406 443-0000
MT, Missoula 406 721-5900
NE, Lincoln 402 475-4964
NE, Omaha 402 341-7733
NV, Las Vegas 702 737-6861
NV, Reno 702 827-6900
NH, Concord 603 224-1024
NH, Durham 603 868-2924
NH, Manchester 603 627-8725
NH, Nashua 603 880-6241
NH, Portsmouth 603 431-2302
NJ, Atlantic City 609 348-0561
NJ, Freehold 201 780-5030
NJ, Hackensack 201 488-6567
NJ, Marlton 609 596-1500
NJ, Merchantville 609 663-9297
NJ, Morristown 201 455-0275
NJ, New Brunswick 201 745-2900
NJ, Newark 201 623-0469
NJ, Passaic 201 778-5600
NJ, Paterson 201 684-7560
NJ, Princeton 609 799-5587
NJ, Rahway 201 815-1885
NJ, Redbank 201 571-0003
NJ, Roseland 201 227-5277
NJ, Sayreville 201 525-9507
NJ, Trenton 609 989-8847
NM, Albuquerque 505 243-4479
NM, Las Cruces 505 526-9191
NM, Santa Fe 505 473-3403
NY, Albany 518 465-8444
NY, Binghampton 607 772-6642
NY, Buffalo 716 847-1440
NY, Dear Park 516 667-5566
NY, Hempstead 516 292-3800
NY, Ithaca 607 277-2142
NY, New York City 212 741-8100
NY, New York City 212 620-6000
NY, Plattsburgh 518 562-1890
NY, Poughkeepsie 914 473-2240
NY, Rochester 716 454-1020
NY, Syracuse 315 472-5583
NY, Utica 315 797-0920
NY, Whit Plains 914 328-9199
NC, Asheville 704 252-9134
NC, Charlotte 704 332-3131
NC, Fayetteville 919 323-8165
NC, Gastonia 704 865-4708
NC, Greensboro 919 273-2851
NC, High Point 919 889-7494
NC, North Wilkesboro 919 838-9034
NC, Raleigh 919 834-8254
NC, Res Tri Park 919 549-8139
NC, Tarboro 919 823-0579
NC, Wilmington 919 763-8313
NC, Winston-Salem 919 725-2126
ND, Fargo 701 235-7717
ND, Grand Forks 701 775-7813
ND, Mandan 701 663-2256
OH, Canton 216 452-0903
OH, Cincinnati 513 579-0390
OH, Cleveland 216 575-1658
OH, Colombus 614 463-9340
OH, Dayton 513 461-5254
OH, Elyria 216 323-5059
OH, Hamilton 513 863-4116
OH, Kent 216 678-5115
OH, Lorain 216 960-1170
OH, Mansfield 419 526-0686
OH, Sandusky 419 627-0050
OH, Springfield 513 324-1520
OH, Toledo 419 255-7881
OH, Warren 216 394-0041
OH, Wooster 216 264-8920
OH, Youngstown 216 743-1296
OK, Bartlesville 918 336-3675
OK, Lawton 405 353-0333
OK, Oklahoma City 405 232-4546
OK, Stillwater 405 624-1113
OK, Tulsa 918 584-3247
OR, Corvallis 503 754-9273
OR, Eugena 503 683-1460
OR, Hood River 503 386-4405
OR, Klamath Falls 503 882-6282
OR, Medford 503 779-6343
OR, Portland 503 295-3028
OR, Salem 503 378-7712
PA, Allentown 215 435-3330
PA, Altoona 814 949-0310
PA, Carlisle 717 249-9311
PA, Danville 717 271-0102
PA, Erie 814 899-2241
PA, Harrisburg 717 236-6882
PA, Johnstown 814 535-7576
PA, King Of Prussia 215 337-4300
PA, Lancaster 717 295-5405
PA, Philadelphia 215 574-9462
PA, Pittsburgh 412 288-9950
PA, Reading 215 376-8750
PA, Scranton 717 961-5321
PA, State College 814 231-1510
PA, Wilkes-Barre 717 829-3108
PA, Williamsport 717 494-1796
PA, York 717 846-6550
RI, Providence 401 751-7910
SC, Charleston 803 722-4303
SC, Columbia 803 254-0695
SC, Greenville 803 233-3486
SC, Spartenburg 803 585-1637
SC, Pierre 605 224-0481
SC, Rapid City 605 348-2621
SC, Sioux Falls 605 336-8593
TN, Bristol 615 968-1130
TN, Chattanooga 615 756-1161
TN, Clarksville 615 552-0032
TN, Johnson City 615 282-6645
TN, Knoxville 615 525-5500
TN, Memphis 901 521-0215
TN, Nashville 615 244-3702
TN, Oak Ridge 615 481-3590
TX, Abilene 915 676-9151
TX, Amarillo 806 373-0458
TX, Athens 214 677-1712
TX, Austin 512 928-1130
TX, Brownsville 512 542-0367
TX, Bryan 409 822-0159
TX, Corpus Christi 512 884-9030
TX, Dallas 214 748-6371
TX, El Paso 915 532-7907
TX, Ft. Worth 817 332-4307
TX, Galveston 409 762-4382
TX, Houston 713 227-1018
TX, Laredo 512 724-1791
TX, Longview 214 236-4205
TX, Lubbock 806 747-4121
TX, Mcallen 512 686-5360
TX, Midland 915 561-9811
TX, Nederland 409 722-3720
TX, San Angelo 915 944-7612
TX, San Antonio 512 225-8004
TX, Sherman 214 893-4995
TX, Temple 817 773-9723
TX, Tyler 214 597-8925
TX, Waco 817 752-9743
TX, Wichita Falls 817 322-3774
UT, Ogden 801 627-1630
UT, Provo 801 373-0542
UT, Salt Lake City 801 359-0149
VT, Burlington 802 864-0808
VT, Montpelier 802 229-4966
VT, Rutland 802 775-1676
VT, White River Jct. 802 295-7631
VA, Blacksburg 703 552-9181
VA, Charlottesville 804 977-5330
VA, Covington 703 962-2217
VA, Fredericksburg 703 371-0188
VA, Harrisonburg 703 434-7121
VA, Herndon 703 435-1800
VA, Lynchburg 804 845-0010
VA, Newport News 804 596-6600
VA, Norfolk 804 625-1186
VA, Richmond 804 788-9902
VA, Roanoke 703 344-2036
WA, Auburn 206 939-9982
WA, Bellingham 206 733-2720
WA, Everett 206 775-9929
WA, Longview 206 577-5835
WA, Olympia 206 754-0460
WA, Richland 509 943-0649
WA, Seattle 206 625-9612
WA, Spokane 509 455-4071
WA, Tacoma 206 627-1791
WA, Vancouver 206 693-6914
WA, Wenatchee 509 663-6227
WA, Yakima 509 575-1060
WV, Charleston 304 343-6471
WV, Huntington 304 523-2802
WV, Morgantown 304 292-0104
WV, Wheeling 304 233-7732
WI, Beloit 608 362-5287
WI, Eau Claire 715 836-9295
WI, Green Bay 414 432-2815
WI, Kenosha 414 552-9242
WI, La Crosse 608 784-0560
WI, Madison 608 257-5010
WI, Milwaukee 414 271-3914
WI, Neenah 414 722-7636
WI, Racine 414 632-6166
WI, Sheboygan 414 452-3995
WI, Wausau 715 845-9584
WI, West Bend 414 334-2206
WY, Casper 307 265-5167
WY, Cheyenne 307 638-4421
WY, Laramie 307 721-5878
H. Telenet DNIC’s

Here is the list of all the Telenet DNIC’s. These
will be defined and explained in the next section:

DNIC: NETWORK:

02041 Datanet-1
02062 DCS
02080 Transpac
02284 Telepac (Switzerland)
02322 Datex-P (Austria)
02392 Radaus
02342 PSS
02382 Datapak (Denmark)
02402 Datapak (Sweden)
02405 Telepak
02442 Finpak
02624 Datex-P (West Germany)
02704 Luxpac
02724 Eirpak
03020 Datapac
03028 Infogram
03103 ITT/UDTS (U.S.A.)
03106 Tymnet
03110 Telenet
03340 Telepac (Mexico)
03400 UDTS (Curacau)
04251 Isranet
04401 DDX-P
04408 Venus-P
04501 Dacom-Net
04542 Intelpak
05052 Austpac
05053 Midas
05252 Telepac (Hong Kong)
05301 Pacnet
06550 Saponet
07240 Interdata
07241 Renpac
07421 Dompac
09000 Dialnet

I. Telenet NUA’s

Here is a list of a few Telenet NUA’s and what type of system
they are. But first, this is how an NUA is put together:

031106170023700
\ /\ / \ /
| | |
DNIC Area NUA
Code

The DNIC says which network connected to Telenet you are using.
The area code is the area code for the area that the NUA is in. And
the NUA is the address of the computer on Telenet. Please note that
an NUA does NOT have to be in your area code for you to connect to it.
There are two ways of finding useful NUA’s. The first way is to
get or write an NUA scanning program. The second way is to get a copy
of the Legion Of Doom’s Telenet Directory.( Volume 4 of the LOD
Technical Journals)
Now, here is the list. Remember that these are only a few NUA’s.
These are NOT all of the Telenet NUA’s. All of these NUA’s DO accept
reverse charging. Also, please note that all of these may not be
working by the time you read this and that network congestion
frequently makes an NUA inaccessible for a short period of time.

NUA: SYSTEM TYPE:

031102010022500 VAX
031102010015600 UNIX
031102010022000 VAX
031102010025900 UNIX
031102010046100 VAX
031102010025200 PRIME
031102010046100 VAX
031102010052200 VAX
031102020001000 PRIME
031102020013200 VAX
031102020014100 PRIME
031102020014200 PRIME
031102020015000 VAX
031102020016100 UNIX
031102020021400 PRIME
031102020024500 AOS
031102020030800 PRIME
031102020030900 PRIME
031102020031200 PRIME
031102020033600 VAX
031102020033700 VAX
031102020034300 PRIME
031102020036000 HP-3000
031102030007500 VAX
031102030002200 VM/370
031102030013600 PRIME
031102060003200 HP-3000
031102060044000 VAX
031102060044900 NOS
031102060044700 VM/370
031102120003900 NOS
031102120015200 PRIME
031102120026600 VAX
031102120026300 VAX
031102120026700 UNIX
031102120044900 UNIX
031102120053900 VOS
031102140024000 VAX

J. Basic UNIX hacking

UNIX is probably the most commonly used operating system on Telenet, and is the easiest to hack since it doesn’t record bad login attempts. You know you’ve found a UNIX system when it gives you a “Login” prompt, and then a “Password” prompt. To get in you should first try the default logins.(Listed below.) If these don’t work try some of the passwords listed in Section M. If these don’t work try to find backdoors. These are passwords that may have been put in to allow the programmer (or someone else who could be in a position to make a backdoor) to get access into the system. These are usually not known about by anyone but the individual who made it. Try doing some research on the programmer and other people who helped to make the system. And, if these don’t work, just try guessing them. The Login (usually the account holders name) has 1-8 characters and the Password is 6-8 characters. Both can be either letters or numbers, or a combination of the two.
Once you get in, you should get a “$” prompt, or some other special character like it. You should only use lower case letters when hacking UNIX, this seems to be standard format. If you type “man [command]” at the prompt, it should list all of the commands for that system. Anyway, here are the default Logins and Passwords:

Login: Password:

root root
root system
sys sys
sys system
daemon daemon
uucp uucp
tty tty
test test
unix unix
unix test
bin bin
adm adm
adm admin
admin adm
admin admin
sysman sysman
sysman sys
sysman system
sysadmin sysadmin
sysadmin sys
sysadmin system
sysadmin admin
sysadmin adm
who who
learn learn
uuhost uuhost
guest guest
host host
nuucp nuucp
rje rje
games games
games player
sysop sysop
root sysop
demo demo

Once you are in, the first thing that you need to do is save the password file to your hard drive or to a disk. The password file contains the Logins and Passwords. The passwords are encoded. To get the UNIX password file, depending on what type of UNIX you are in, you can type one of the following things:

/etc/passwd
or
cat /etc/passwd

The first one is the standard command, but there are other commands as well, like the second one. Once you get the password file, it should look like this:

john:234abc56:9999:13:John Johnson:/home/dir/john:/bin/john

Broken down, this is what the above password file states:

Username: john
Encrypted Password: 234abc56
User Number: 9999
Group Number: 13
Other Information: John Johnson
Home Directory: /home/dir/john
Shell: /bin/john

If the password file does not show up under one of the above two commands, then it is probably shadowed.
The following definition of password shadowing was taken from the alt.2600 hack faq:
“Password shadowing is a security system where the encrypted password field is replaced with a special token and the encrypted password is stored in a seperate file which is not readable by normal system users.”
If the password file is shadowed, you can find it in one of the following places, depending on the type of UNIX you are using:

UNIX System Type: Path: Token:

AIX 3 /etc/security/passwd !
or /tcb/auth/files//

A/UX 3.Os /tcb/files/auth/*

BSD4.3-Reno /etc/master.passwd *

ConvexOS 10 /etc/shadpw *

Convex0S 11 /etc/shadow *

DG/UX /etc/tcb/aa/user *

EP/IX /etc/shadow x

HP-UX /.secure/etc/passwd *

IRIX 5 /etc/shadow x

Linux 1.1 /etc/shadow *

OSF/1 /etc/passwd[.dir|.pag] *

SCO UNIX #.2.x /tcb/auth/files//

SunOS 4.1+c2 /etc/security/passwd.adjunct ##

SunOS 5.0 /etc/shadow

System V 4.0 /etc/shadow x

System V 4.2 /etc/security/* database

Ultrix 4 /etc/auth[.dir|.pag] *

UNICOS /etc/udb *

Some passwords can only be used for a certain amount of time without having to be changed, this is called password aging. In the password file example below, the “C.a4” is the password aging data:

bob:123456,C.a4:6348:45:Bob Wilson:/home/dir/bob:/bin/bob

The characters in the password aging data stand for the following:

1. Maximum number of weeks a password can be used without changing.
2. Minimum number of weeks a password must be used before being changed.
3&4. Last time password was changed, in number of weeks since 1970.

The password aging data can be decoded using the chart below:

Character: Number:

. 0
/ 1
0 2
1 3
2 4
3 5
4 6
5 7
6 8
7 9
8 10
9 11
A 12
B 13
C 14
D 15
E 16
F 17
G 18
H 19
I 20
J 21
K 22
L 23
M 24
N 25
O 26
P 27
Q 28
R 29
S 30
T 31
U 32
V 33
W 34
X 35
Y 36
Z 37
a 38
b 39
c 40
d 41
e 42
f 43
g 44
h 45
i 46
j 47
k 48
l 49
m 50
n 51
o 52
p 53
q 54
r 55
s 56
t 57
u 58
v 59
w 60
x 61
y 62
z 63

Now, explore the system freely, be careful, and have fun!

K. Basic VAX/VMS hacking

The VAX system runs the VMS (Virtual Memory System) operating system. You know that you have a VAX system when you get a “username” prompt. Type in capital letters, this seems to be standard on VAX’s. Type “HELP” and it gives you all of the help that you could possibly want. Here are the default usernames and passwords for VAX’s:

Username: Password:

SYSTEM OPERATOR
SYSTEM MANAGER
SYSTEM SYSTEM
SYSTEM SYSLIB
OPERATOR OPERATOR
SYSTEST UETP
SYSTEST SYSTEST
SYSTEST TEST
SYSMAINT SYSMAINT
SYSMAINT SERVICE
SYSMAINT DIGITAL
FIELD FIELD
FIELD SERVICE
GUEST GUEST
GUEST unpassworded
DEMO DEMO
DEMO unpassworded
TEST TEST
DECNET DECNET

Here are some of the VAX/VMS commands:

Command: Function:

HELP (H) Gives help and list of commands.
TYPE (T) View contents of a file.
RENAME (REN) Change name of a file.
PURGE (PU) Deletes old versions of a file.
PRINT (PR) Prints a file.
DIRECTORY (DIR) Shows list of files.
DIFFERENCES (DIF) Shows differences between files.
CREATE (CR) Creates a file.
DELETE (DEL) Deletes a file.
COPY (COP) Copy a file to another.
CONTINUE (C) Continues session.

The password file on VAX’s are available when you type in the command:

SYS$SYSTEM:SYSUAF.DAT

The password file on most VAX’s are usually not available to normal system users, but try it anyway. If the default logins don’t work, use the same means of finding one as stated in Section J.
Be VERY careful when hacking VAX’s becuase they record every bad login attempt. They are sometimes considered one of the most secure systems. Because of this, I advise not to try hacking these until you are more advanced.
But, when you are an advanced hacker, or if you are already an advanced hacker, I advise that you try a few passwords at a time and then wait and try a few more the next day and so on, because when the real user logs on it displays all of the bad login attempts.

L. Basic PRIME hacking

PRIME computer systems greet you with “Primecon 18.23.05”, or something like it, when you connect. You should type in capital letters on this system, too. Once you connect, it will usually just sit there. If this happens, type “LOGIN “. It should then ask you for your username and password. The default usernames and passwords are listed below:

Username: Password:

PRIME PRIME
PRIME PRIMOS
PRIMOS PRIMOS
PRIMOS PRIME
PRIMOS_CS PRIME
PRIMOS_CS PRIMOS
PRIMENET PRIMENET
SYSTEM SYSTEM
SYSTEM PRIME
SYSTEM PRIMOS
NETLINK NETLINK
TEST TEST
GUEST GUEST
GUEST1 GUEST

When you are inside the system, type “NETLINK” and it ahould give you alot of help. This system uses NUA’s, too. I might print these in the next volume.

M. Password List

The password list was taken from A Novice’s Guide To Hacking, by The Legion Of Doom, and from some of my own discoveries. Here is the list of commonly used passwords:

Password:

aaa
academia
ada
adrian
aerobics
airplane
albany
albatross
albert
alex
alexander
algebra
alias
alisa
alpha
alphabet
ama
amy
analog
anchor
andy
andrea
animal
answer
anything
arrow
arthur
ass
asshole
athena
atmosphere
bacchus
badass
bailey
banana
bandit
banks
bass
batman
beautiful
beauty
beaver
daniel
danny
dave
deb
debbie
deborah
december
desire
desperate
develop
diet
digital
discovery
disney
dog
drought
duncan
easy
eatme
edges
edwin
egghead
eileen
einstein
elephant
elizabeth
ellen
emerald
engine
engineer
enterprise
enzyme
euclid
evelyn
extension
fairway
felicia
fender
finite
format
god
hello
idiot
jester
john
johnny
joseph
joshua
judith
juggle
julia
kathleen
kermit
kernel
knight
lambda
larry
lazarus
lee
leroy
lewis
light
lisa
louis
love
lynne
mac
macintosh
mack
maggot
magic
malcolm
mark
markus
martin
marty
marvin
matt
master
maurice
maximum
merlin
mets
michael
michelle
mike
minimum
nicki
nicole
rascal
really
rebecca
remote
rick
reagan
robot
robotics
rolex
ronald
rose
rosebud
rosemary
roses
ruben
rules
ruth
sal
saxon
scheme
scott
secret
sensor
serenity
sex
shark
sharon
shit
shiva
shuttle
simon
simple
singer
single
singing
smile
smooch
smother
snatch
snoopy
soap
socrates
spit
spring
subway
success
summer
super
support
surfer
suzanne
tangerine
tape
target
taylor
telephone
temptation
tiger
tigger
toggle
tomato
toyota
trivial
unhappy
unicorn
unknown
urchin
utility
vicki
virgin
virginia
warren
water
weenie
whatnot
whitney
will
william
winston
willie
wizard
wonbat
yosemite
zap

N. Connecting modems to different phone lines

Ok, if you are really paranoid (or smart) and you don’t want to hack from your house for fear of getting caught, you can hook up your modem to other peoples phone lines or to payphones.
If you want to hook your modem to a payphone, do it late at night and at a very secluded payphone. Look along either side of the phone. You should see a small metal tube (which contains the telephone wires) running along the wall. Somewhere along the tube it should widen out into a small box. Pop off the boxes lid and there is a nice little phone jack for ya’. Taking off the lid may be difficult because they are usually pretty secure, but nothing is impossible, so keep trying. Of course, you can only do this with a lap-top computer.
Now, if you want to hook up the modem to someone’s house or appartment phone line, you need to get a pair of red and green alligator clips, and an extra modem cord for your lap-top.
After you get those parts, cut the plastic end off of your modem cord and you will see a red wire, a green wire, and two other wires, but you can ignore those. Attach the red alligator clip to the red wire, and attach the green alligator clip to the green wire and you’re all set. Now all you need to do is go find a telephone pole or one of those small green boxes that stick out of the ground.(They should have a Bell Systems logo on them.)
On a telephone pole open the little box that has a bunch of wires going to and from it. On the right side of the box you should see what look like two large screws.(These are called “terminals”.) One should have a red wire wrapped around it and the other should have a green wire wrapped around it. Attach the red alligator clip the the red wire and the green alligator clip to the green wire, and you’re all set. This should get you a dial tone. If it doesn’t, make sure that the alligator clips are not touching each other, and that the alligator clips are attached to the exposed end of the wire.
Now, on those green boxes you need to undo all of the screws and shit holding the lid on, and open it up. Then you should find basically the same setup as in the telephone pole. Attach the appropriate wires to the appropriate terminals and you are all set.
This process can also be used to hook up a Beige Box (Lineman’s Handset.) when phreaking.

O. Viruses, Trojans, and Worms

Just in case some of you are interested, here are the definitions for Viruses, Trojans, and Worms. These definitions were taken from the alt.2600 hack faq.

Trojan:

“Remember the Trojan Horse? Bad guys hid inside it until they could get into the city to do their evil deed. A Trojan computer program is similiar. It is a program which does an unauthorized function, hidden inside an authorized program. It does something other than it claims to do, usually something malicious (although not necessarily!), and it is intended by the author to do whatever it does. If it is not intentional, it is called a bug or, in some cases, a feature 🙂 Some Virus scanning programs detect some Trojans. Some scanning programs don’t detect any Trojans. No Virus scanners detect all Trojans.”

Virus:

“A Virus is an independent program which reproduces itself. It may attach itself to other programs, it may create copies of itself (as in companion Viruses). It may damage or corrupt data, change data, or degrade the performance of your system by utilizing resources such as memory or disk space. Some Viruse scanners detect some Viruses. No Virus scanners detect all Viruses. No Virus scanner can protect against any and all Viruses, known and unknown, now and forevermore.”

Worm:

“Made famous by Robert Morris, Jr., Worms are programs which reproduce by copying themselves over and over, system to system, using up resources and sometimes slowing down the system. They are self contained and use the networks to spread, in much the same way that Viruses use files to spread. Some people say the solution to Viruses and worms is to just not have any files or networks. They are probably correct. We could include computers.”

II. PHREAKING

A. What is phreaking

Phreaking is basically hacking with a telephone. Using different “boxes” and “tricks” to manipulate the phone companies and their phones, you gain many things, two of which are: knowledge about telephones and how they work, and free local and long distance phone calls. In the following sections, you will learn some about boxes, what they are, and how they work. You will also learn about the other forms of phreaking.

B. Why phreak?

Phreaking, like hacking, is used to gather information about telephones, telephone companies, and how they work. There are other benefits as well. As stated above, you also get free phone calls. But, these are used mainly to gather more information about the phones, and to allow us free access to all information.

C. Phreaking rules

Most of the same rules apply for hacking and phreaking, so I will only list a few here.

1. Never box over your home phone line.
2. You should never talk about phreaking projects over your home phone line.
3. Never use your real name when phreaking.
4. Be careful who you tell about your phreaking projects.
5. Never leave phreaking materials out in the open. Keep them in a safe place.
6. Don’t get caught.

D. Where and how to start phreaking

Well, you can phreak on any telephone, but as stated above, it is very stupid to do so on your home phone line.
First you need you need to construct the boxes needed for what you want to do. All of the boxes and their descriptions are listed in the next section. Most of the boxes are very easy to make, but if your not into making shit, there are usually alternative ways of making them.

E. Boxes and what they do

Box: Description:

Red Box generates tones for free phone calls

Black Box when called, caller pays nothing

Beige Box lineman’s handset

Green Box generates coin return tones

Cheese Box turns your phone into a payphone

Acrylic Box steal 3-way calling and other services

Aqua Box stops F.B.I. lock-in-trace

Blast Box phone microphone amplifier

Blotto Box shorts out all phones in your area

Blue Box generates 2600hz tone

Brown Box creates party line

Bud Box tap neighbors phone

Chatreuse Box use electricity from phone

Chrome Box manipulates traffic signals

Clear Box free calls

Color Box phone conversation recorder

Copper Box causes crosstalk interference

Crimson Box hold button

Dark Box re-route calls

Dayglo Box connect to neighbors phone line

Divertor Box re-route calls

DLOC Box create party line

Gold Box dialout router

Infinity Box remote activated phone tap

Jack Box touch-tone key pad

Light Box in-use light

Lunch Box AM transmitter

Magenta Box connect remote phone line to another

Mauve Box phone tap without cutting into the line

Neon Box external microphone

Noise Box creates line noise

Olive Box external ringer

Party Box creates party line

Pearl Box tone generator

Pink Box creates party line

Purple Box hold button

Rainbow Box kill trace

Razz Box tap neighbors phone

Rock Box add music to phone line

Scarlet Box causes interference

Silver Box create DTMF tones for A,B,C, and D

Static Box raises voltage on phone line

Switch Box add services

Tan Box phone conversation recorder

TV Cable Box see sound waves on TV

Urine Box create disturbance on phone headset

Violet Box stop payphone from hanging up

White Box DTMF key pad

Yellow Box add line extension

F. Box Plans

The Red Box is the main tool that you will use so I have included the Red Box plans. The other box plans can be downloaded from the Internet.

Red Box:

There are two ways that you can make a Red Box:

One is to go to Radio Shack and buy a tone dialer and a 6.5536Mhz crystal.(If Radio Shack doesn’t have the crystal, you can order them from the electronics companies that I have listed at the end of this section.) Open up the tone dialer and replace the existing crystal (big, shiny, metal thing labeled “3.579545Mhz”) with the 6.5536Mhz crystal. Now, close it up. You have a red box.
To use it for long distance calls play the tones that add up to the amount of money that the operator requests. For a 25 cents tone press 5 *’s. For a 10 cents tone press 3 *’s. For a 5 cents tone press 1 *.
And, the second way, which is a much easier method, is to get the Red Box tones from a phreaking program, such as: Omnibox, or Fear’s Phreaker Tools. Play the tones as you hold a microcassette recorder about 1-inch away from your computer speakers, and record the tones.
The Red Box only works on public telephones, it does not work on COCOT’s.(Defined in next section.) It makes the telephone think that you have put money in. Red Boxes do not work on local calls because the phone is not using ACTS (Automated Coin Toll System), unless you call the operator and have her place the call for you. You tell her the number that you want to dial and then when she asks you to put in your money, play the tones. If she asks you why you need her to place the call tell her that one of the buttons is smashed in or something like that. You now have and know how to use a Red Box!

Electronics Companies:

Alltronics
2300 Zanker Road
San Jose, CA 95131
(408)943-9774 -Voice-
(408)943-9776 -Fax-

Blue Saguaro
P.O. Box 37061
Tucson, AZ 85740

Mouser
(800)346-6873

Unicorn Electronics
10000 Canoga Ave. Unit C-2
Chatsworth, CA 91311
1-800-824-3432

G. Free calling from COCOT’s

First of all, COCOT stands for “Customer Owned Customer Operated Telephone”. These are most likely to be found at resteraunts, amusement parks, etc.
All you have to do to make a free call from a COCOT is dial a 1-800 number (they let you do this for free), say some bullshit and get them to hang up on you. Stay on the line after they hang up, then dial the number that you want to call.
This may not work by the time you read this because COCOT owners are becoming more aware of us every day.

H. ANAC numbers

ANAC stands for “Automated Number Announcment Circuit”. In other words, you call the ANAC number in your area and it tells you the number that you are calling from. This is useful when Beige Boxing, or hooking your modem up to other phone lines, to find out what number you are using. The “?” are substituted for unknown numbers. Do some scanning to find them out. Here are the ANAC numbers for the U.S.A. with their area code, and the only one I knew of in the U.K.:

U.S.A.:

Area Code: ANAC Number:

201 958
202 811
203 970
205 300-222-2222
205 300-555-5555
205 300-648-1111
205 300-765-4321
205 300-798-1111
205 300-833-3333
205 557-2311
205 811
205 841-1111
205 908-222-2222
206 411
207 958
209 830-2121
209 211-9779
210 830
212 958
213 114
213 1223
213 211-2345
213 211-2346
213 760-2???
213 61056
214 570
214 790
214 970-222-2222
214 970-611-1111
215 410-????
215 511
215 958
216 200-????
216 331
216 959-9968
217 200-???-????
219 550
219 559
301 958-9968
310 114
310 1223
310 211-2345
310 211-2346
312 200
312 290
312 1-200-8825
312 1-200-555-1212
313 200-200-2002
313 200-222-2222
313 200-???-????
313 200200200200200
314 410-????
315 953
315 958
315 998
317 310-222-2222
317 559-222-2222
317 743-1218
334 5572411
334 5572311
401 200-200-4444
401 222-2222
402 311
404 311
404 940-???-????
404 940
405 890-7777777
405 897
407 200-222-2222
408 300-???-????
408 760
408 940
409 951
409 970-????
410 200-6969
410 200-555-1212
410 811
412 711-6633
412 711-4411
412 999-????
413 958
413 200-555-5555
414 330-2234
415 200-555-1212
415 211-2111
415 2222
415 640
415 760-2878
415 7600-2222
419 311
502 200-2222222
502 997-555-1212
503 611
503 999
504 99882233
504 201-269-1111
504 998
504 99851-0000000000
508 958
508 200-222-1234
508 200-222-2222
508 26011
509 560
510 760-1111
512 830
512 970-????
515 5463
515 811
516 958
516 968
517 200-222-2222
517 200200200200200
518 511
518 997
518 998
603 200-222-2222
606 997-555-1212
606 711
607 993
609 958
610 958
610 958-4100
612 511
614 200
614 517
615 200200200200200
615 2002222222
615 830
616 200-222-2222
617 200-222-1234
617 200-222-2222
617 200-444-4444
617 220-2622
617 958
618 200-???-????
618 930
619 211-2001
619 211-2121
703 811
704 311
707 211-2222
708 1-200-555-1212
708 1-200-8825
708 200-6153
708 724-9951
708 356-9646
713 380
713 970-????
713 811
714 114
714 211-2121
714 211-2222
716 511
716 990
717 958
718 958
802 2-222-222-2222
802 200-222-2222
802 1-700-222-2222
802 111-2222
805 114
805 211-2345
805 211-2346
805 830
806 970-????
810 200200200200200
812 410-555-1212
813 311
815 200-???-????
817 290
817 211
818 970-611-1111
818 1223
818 211-2345
903 211-2346
904 970-611-1111
906 200-222-222
907 1-200-222-2222
907 811
908 958
910 200
910 311
910 988
914 990-1111
915 970-????
916 211-2222
916 461
919 200
919 711

U.K.:

175

AUSTRALIA:

19123
1800801234

III. REFERENCE

A. Hacking and phreaking WWW. sites

Here is a list of some World Wide Web sites that contain hacking, phreaking, computer, virus, carding, security, etc. material:

Site Address:

http://www.outerlimits.net/lordsome/index.html (Hacker’s Layer)
http://web2.airmail.net/km/hfiles/free.htm (Hacker’s Hideout)
http://resudox.net/bio/novell.html
http://www.louisville.edu/wrbake01/hack2.html
http://www.intersurf.com/~materva/files.html
http://hightop.nrl.navy.mil/rainbow.html
http://www.rit.edu/~jmb8902/hacking.html
http://www.spatz.com/pecos/index.html
http://pages.prodigy.com/FL/dtgz94a/files2.html
http://www.2600.com (alt.2600)
http://att.net/dir800
http://draco.centerline.com:8080/~franl/crypto.html
http://everest.cs.ucdavis.edu/Security.html
http://ice-www.larc.nasa.gov/WWW/security.html
http://lOpht.com (lOpht)
http://lOpht.com/~oblivion/IIRG.html
http://underground.org
http://www.alw.nih.gov/WWW/security.html
http://www.aspentec.com/~frzmtdb/fun/hacker.html
http://www.cis.ohi-state.edu/hypertext/faq/usenet/alt-2600-faq/faq.html
http://www.cs.tufts.ed/~mcable/cypher/alerts/alerts.html
http://www.engin.umich.edu/~jgotts/underground/boxes.html
http://www.etext.org/Zines
http://www.inderect.com/www/johnk/
http://www.mgmua.com/hackers/index.html
http://www.paranoia.com/mthreat
http://www.paranoia.com/astrostar/fringe.html
http://www.umcc.umich.edu/~doug/virus-faq.html
http://www.wired.com

B. Good hacking and phreaking text files

All of these files are available by download from the Internet.

File Name:

A Novice’s Guide To Hacking

Alt.2600 Hack Faq

The Hacker’s Handbook

The Official Phreaker’s Manual

Rainbow Books (Listed in Section D.)

The Hacker Crackdown

Computer Hackers: Rebels With A Cause

The Legion Of Doom Technical Journals

The Ultimate Beginner’s Guide To Hacking And Phreaking (Of course!)

C. Hacking and phreaking Newsgroups

alt.2600
alt.2600.hope.tech
alt.cellular
alt.cellular-phone-tech
alt.comp.virus
alt.cracks
alt.cyberpunk
alt.cyberspace
alt.dcom.telecom
alt.fan.lewiz
alt.hackers
alt.hackintosh
alt.hackers.malicious
alt.security

D. Rainbow Books

The Rainbow Books are a series of government evaluations on various things related to computer system security. You can get all of the existing Rainbow Books free and if you ask to be put on their mailing list you will get each new one as it comes out. Just write to the address or call the number below:

Infosec Awareness Division
ATTN: x711/IAOC
Fort George G. Meade, MD 20755-6000

or call:
(410)766-8729

Here is the list of all the Rainbow Books and their descriptions:

Color: Description:

Orange 1 D.O.D. Trusted Computer Systems

Green D.O.D. Password Management

Yellow Computer Security Requirements

Yellow 2 Computer Security Requirements

Tan Understanding Audit In Trusted Systems

Bright Blue Trusted Product Evaluation

Neon Orange Understanding Discretionary Access

Teal Green Glossary Of Computer Terms

Orange 2 Understanding Configurations

Red Interpretation Of Evaluation

Burgundy Understanding Design Documentation

Dark Lavender Understanding Trusted Distrobution

Venice Blue Computer Security Sub-Systems

Aqua Understanding Security Modeling

Dark Red Interpretations Of Environments

Pink Rating Maintenence Phase

Purple Formal Verification Systems

Brown Understanding Trusted Facilities

Yellow-Green Writing Trusted Facility Manuals

Light Blue Understanding Identification And Authentication In Trusted Systems

Blue Product Evaluation Questionaire

Gray Selecting Access Control List

Lavander Data Base Management Interpretation

Yellow 3 Understanding Trusted Recovery

Bright Orange Understanding Security Testing

Purple 1 Guide To System Procurement

Purple 2 Guide To System Procurement

Purple 3 Guide To System Procurement

Purple 4 Guide To System Procurement

Green Understanding Data Remanence

Hot Peach Writing Security Features

Turquiose Understanding Information Security

Violet Controlled Access Protection

Light Pink Understanding Covert Channels

E. Cool hacking and phreaking magazines

Phrack Magazine

2600 Magazine

Tap Magazine

Phantasy Magazine

F. Hacking and phreaking movies

Movie:

Hackers

War Games

G. Hacking and phreaking Gopher sites

Address:

ba.com
csrc.ncsl.nist.gov
gopher.acm.org
gopher.cpsr.org
gopher.cs.uwm
gopher.eff.org
oss.net
spy.org
wiretap.spies.com

H. Hacking and phreaking Ftp sites

Address:

2600.com
agl.gatech.edu/pub
asylum.sf.ca.us
clark.net/pub/jcase
ftp.armory.com/pub/user/kmartind
ftp.armory.com/pub/user/swallow
ftp.fc.net/pub/defcon/BBEEP
ftp.fc.net/pub/phrack
ftp.giga.or.at/pub/hacker
ftp.lava.net/users/oracle
ftp.microserve.net/ppp-pop/strata/mac
ftp.near.net/security/archives/phrack
ftp.netcom.com/pub/br/bradelym
ftp.netcom.com/pub/daemon9
ftp.netcom.com/pub/zz/zzyzx
ftp.primenet.com/users/k/kludge

I. Hacking and phreaking BBS’s

BBS’s are Bulletin Board Systems on which hackers and phreakers can post messages to each other.
Here is a list of some BBS’s that I know of. If you know of any other BBS’s, please E-Mail me via the A.S.H. E-Mail address. Also, Please note that some of these may be old and not running.

Area Code: Phone Number: Name:

203 832-8441 Rune Stone
210 493-9975 The Truth Sayer’s Domain
303 516-9969 Hacker’s Haven
315 656-5135 Independent Nation
315 656-5135 UtOPiA 617 855-2923 Maas-Neotek
708 676-9855 Apocalypse 2000
713 579-2276 KOdE AbOdE
806 747-0802 Static Line
908 526-4384 Area 51
502 499-8933 Blitzkrieg
510 935-5845 …Screaming Electron
408 747-0778 The Shrine
708 459-7267 The Hell Pit
415 345-2134 Castle Brass
415 697-1320 7 Gates Of Hell

J. Cool hackers and phreakers

Yes there are many, many, cool hackers and phreakers out there, but these are some that helped me to get this file out on the Internet. I did not list a few people because I only knew their real name, and I don’t want to use their real name without their permission.

Handle:

Silicon Toad

Logik Bomb/Net Assasin

oleBuzzard

Lord Somer

Weezel

Thanks for your help guys.

K. Hacker’s Manifesto

“This is our world now…the world of the electron and the switch, the beauty of the baud. We make use of a service already existing without paying for what could be dirt cheep if it wasn’t run by profiteering gluttons, and you call us criminals. We explore…and you call us criminals. We exist without skin color, without nationality, without religious bias…and you call us criminals. You build atomic bombs, wage wars, murder, cheat, and lie to us and try to make us believe it is for our own good, yet we’re the criminals.
Yes, I am a criminal. My crime is that of curiosity. My crime is that of judging people by what they say and think, not what they look like. My crime is that of outsmarting you, something that you will never forgive me for. I am a hacker and this is my manifesto. You may stop this individual, but you can’t stop us all…after all, we’re all alike.”

+++The Mentor+++

K. Happy hacking!

Be careful and have fun. Remember to keep your eye out for the next volume of The Ultimate Beginner’s Guide To Hacking And Phreaking and be sure to check out the LOA Home Page at:
http://www.hackers.com/hacking. Oh, and keep looking for our on-line magazine, too, it should be coming out soon.
Well, I hope you enjoyed the file and found it informative. I also hope that I helped get you started in hacking and phreaking.

“The Revelation is here.”

-=Revelation=-
LOA–ASH

EOF

Hacking Tymnet by Byte Brain

The THC Hack/Phreak Archives: TIMENET.TXT (170 lines)
Note: I did not write any of these textfiles. They are being posted from
the archive as a public service only – any copyrights belong to the
authors. See the footer for important information.
==========================================================================

+————————————-+
! BYTE BRAIN PRESENTS: !
! 1ST ARTICLE IN THE !
! !
! ]=-> HOW-TO-SERIES <-=[ ! ! ! ! [ HACKING TYMNET ] ! +-------------------------------------+ AS MOST OF YOU ALREADY KNOW, TYMNET IS AN INFORMATION SYSTEM ACCESSABLE BY COMPUTERS WITH MODEMS FROM ALMOST ANYWHERE IN THE COUNTRY. TYMNET INCLUDES MANY SUB-SYSTEMS OF INFORMATION WHICH CAN BE USEFUL FOR BUSINESSES OR JUST PHUN. ONE SUB-SYSTEM WHICH I WILL WRITE A SEPARATE ARTICLE ON IS THE ATP CO'S ELECTRONIC TARIFF SYSTEM. BUT FOR NOW, I'LL MAKE ALL OF YOU EXPERTS IN TYMNET SO YOU CAN HAVE AS MUCH PHUN AS YOURS TRUELY. ACCESS NUMBERS -------------- FOR YOUR LOCAL ACCESS NUMBER YOU COULD CALL THE NICE PERSON AT 800-336-0149 AND REQUEST IT FOR YOUR AREA. IF YOU LIVE NEAR A METROPOLITAN AREA ASK FOR THAT AREA CODE SINCE THEY RARELY HAVE ACCESS NUMBERS FOR OUT-OF-CITY AREAS. FOR THOSE OF YOU IN THE 914 AREA YOU CAN USE: POUGHKEEPSIE : 914-473-0401 WHITE PLAINS : 914-684-6075 LOGGING IN TO TYMNET -------------------- 1. WHEN YOU HAVE CONNECTED WITH THE NETWORK, THE FOLLOWING REQUEST WILL BE DISPLAYED: PLEASE TYPE YOUR TERMINAL IDENTIFIER ENTER YOUR TERM. IDENTIFIER ACCORDING TO THE FOLLOWING CHART: KEY: IDENT = IDENTIFIER . ASC = ASCII . EBCD = EBCD CORRESPONDENCE . = CARRIAGE RETURN

SPEEDS ARE GIVEN IN CPS (CHARACTERS PER-SECOND). TO TRANSLATE TO BAUD
RATE JUST MULTIPLY BY 10.
– More (Y/N/NS)?

IDENT CODE SPEED TERMINAL TYPE
—– —- —– ————-
. A ASC 30,120 PERSONAL COMP.
WITH CRT

[MOST EVERYBODY AT HOME WILL USE THIS OPTION SO IF YOU AREN’T SURE USE A]

. B ASC 15 ALL TERMINALS

. C ASC 30 IMPACT PRINTERS

. D ASC 10 ALL TERMINALS

. E ASC 30 THERMAL PRINTERS

. F ASC 15 IN BETA TERMINALS
30 OUT

. G ASC 30,120 BELT PRINTERS
. G.E. TERMINET

– More (Y/N/NS)?
. I ASC 120 MATRIX PRINTERS

. P EBCD 14.8 SELECTRIC-TYPE
. TERMINALS
. (E.G., 2741)

IF THE MESSAGE DOES NOT APPEAR JUST WAIT A FEW SECONDS THEN ENTER IT.
NOTE THAT ONLY P IDENTIFIERS NEED A THEM BUT SINCE MOST OF YOU WON’T BE
USING P FORGET IT.

2. TYMNET WILL THEN DISPLAY THE NUMBER OF THE REMOTE ACCESS NODE TO WHICH
YOU ARE CONNECTED, FOLLOWED BY THE NUMBER OF YOUR PORT ON THE NODE, AND
WILL DISPLAY THIS REQUEST:

. -NNNN-PPP-
. PLEASE LOG IN:

3. TYPE YOUR USER NAME AND THIS USER NAME SEEMS TO BE THE ABBREVIATION
FOR THE COMPANY WHO OWNS THE SUB-SYSTEM. FOR EXAMPLE, FOR ELECTRONIC
TARIFF THE USER NAME IS ATP WHICH STANDS FOR AIRLINE TARIFF PUBLISHING,
THE COMPANY THAT RUNS THE ELECTRONIC TARIFF.
– More (Y/N/NS)?

4. TYMNET WILL THEN REQUEST:

. PASSWORD:

TYPE YOUR PASSWORD AND . THE PASSWORD MAY NOT BE DISPLAYED ON YOUR
SCREEN.

5. TYMNET WILL THEN DISPLAY SOME CHARACTER OR MESSAGE INDICATING THAT YOU
HAVE LOGGED ON.

SINCE BUSINESSES DON’T REALLY GET COMPLICATED WITH PASSWORDS AND THE
SUCH, JUST ENTER VALID USER NAMES AND FOR PASSWORDS YOU CAN FORGET
CTRL-CHARACTERS. PASSWORDS HAVE A LENGTH OF 8 CHARACTERS (AS FAR AS I KNOW).

TYMNET CONTROL CHARACTERS
————————-

CTRL-CHAR OPERATION
——– ———
. H HALF-DUPLEX

– More (Y/N/NS)?
. P EVEN PARITY

. R ALLOWS THE TERMINAL TO
. CONTROL THE INCOMING FLOW
. OF DATA WITH X-ON/OFF
. CHARACTERS (SEE BELOW)

. S X-OFF CHARACTER

. Q X-ON CHARACTER

ACCESSING DATAPAC
—————–

THE STANDARD PROCEDURE FOR ACCESSING A HOST ON THE DATAPAC NETWORK IS
DESCRIBED BELOW. TYMNET’S INFORMATION DIRECTORY INCLUDES FILES OF MATERIAL
ABOUT DATAPAC AND TYMNET’S INTERNATIONAL SERVICES.

LOGGING IN TO DATAPAC
———————

1. DIAL-UP TYMNET (SEE ABOVE)
– More (Y/N/NS)?

2. ENTER YOUR TERMINAL IDENTIFIER

3. AT THE “PLEASE LOG IN:” PROMPT, ENTER THE LOG-IN COMMAND, SPECIFYING:
THE DATAPAC NETWORK (DPAC), A SEMICOLON (A SECOND SEMICOLON WILL ECHO AT
YOUR END) , THE DATAPAC NETWORK IDENTIFICATION CODE (3020), THE 8-DIGIT
HOST ADDRESS AND .

E.G., DPAC;;3020HOST ADDRESS

IF YOU NEED TO ENTER FUTHER USER DATA ENTER A COLON AFTER THE HOST
ADDRESS THEN A .

E.G., DPAC;;3020HOST ADDRESS:USER DATA
.

5. DATAPAC WILL THEN DISPLAY A MESSAGE OR CHARACTER TO SHOW THAT YOU ARE
ON-LINE.

THIS LITTLE BIT OF INFORMATION SHOULD GET SOME OF YOU GOING. MY
EXPERIENCES WITH TYMNET HAVE BEEN MAINLY RESTRICTED TO THE ATP CO SYSTEM SO
COMMANDS MAVI
– More (Y/N/NS)?

OF COURSE IF YOU HAVE ANY QUESTIONS LEAVE ME MAIL:

F] BYTE
L] BRAIN

DOWNLOADED FROM P-80 SYSTEMS…..

Syndicated Hack Watch (October 1993) Piracy Covered by Mainstream Press

******************************************************************
*—————- Syndicated Hack Watch – 10:1993 —————*
******************************************************************
*————– Special Projects BBS +353-51-50143 ————–*
*————– SysOp: John McCormac ————–*
******************************************************************
*————- (c) 1993 MC2 (Publications Division) ————-*
*————— 22 Viewmount, Waterford Ireland —————-*
******************************************************************
******************************************************************

Syndicated Hack Watch is copyrighted material. All unauthorised
reproduction whether in whole or in part, in any language will be
suitably dealt with.

******************************************************************
Contact Numbers:

Voice: +353-51-73640
Fax: +353-51-73640
BBS: +353-51-50143 HST – Special Projects BBS
E-mail: mc2@cix.compulink.com.uk
FidoNet: 2:263/402
******************************************************************

Piracy Covered By Mainstream Press

It would appear that the mainstream press has finally copped on to
the fact that piracy is happening. The Financial Times, the
English eqivalent of the Wall Street Journal, has covered the
matter though the topic had a curiously Anglo-Australian flavour.

Apparently there is a dealer in Offaly, Ireland selling pirate
smart cards into the UK. The initial Finacial Times article
featured a photograph of Mr David Lyons of Satellite Decoding
Systems (Offaly and Warrington) with a a legitimate card and a
pirate card. The day after, the Financial Times had a small piece
on how they received a pirate smart card with a Cheshire, UK,
postmark.

Basically what Satellite Decoding Systems is doing is marketing
the pirate card into the UK from Ireland. The card is not illegal
in Ireland but it is illegal in the UK. But the problem was that
the cards were being shipped into the UK from Ireland and then
distributed in the UK. The UK side of the operation was slightly
illegal. Sky’s lawyers have served a writ on the UK operation but
Mr Lyons is fighting it.

Sky are faced with a tricker problem in Ireland. The hacking of
non-Irish satellite channels is not illegal under the Irish
Broadcast Act 1990. The only option sky would have is to take
Satellite Decoding Systems to court for copyright infringement.

EC Legislation On Piracy?

The Motion Picture Experts Group has drafted an anti-piracy
proposal with which to lobby the EC. They want to make piracy
illegal in all the states of the European Community. They may be
movie experts but their knowledge of piracy is appears to be in
the realm of the fictional.

The draft proposal would make piracy of satellite and cable
signals illegal throughout the EC. The most likely implementation
would be as a Directive which would be law throughout the EC.

The approach is American and the thinking on appears to be
federalist. Except in this case the federalist approach is not the
correct one. Each country in the EC has its own particular
framework and problems. To try to implement a standard catch-all
piece of legislation will cause more problems than it solves.

There is legislation extant in various EC countries to protect the
signals. Though the downside is that the legislation is inward
looking. The laws of each country protect that country’s channels.

In most states in the EC, the legislation protecting satellite and
cable channels is a compromise. Protecting cable signals with
legislation is a fairly straightforward matter. Protecting
satellite signals is a trickier proposition. Normally the
legislation covers the channels uplinked from that country but
does not extend to satellite channels that originate outside the
country. The legislation in some countries have provisions that
extend protection on a reciprocal basis.

Of course the problem with piracy is that it rarely respects
legality. It can operate underground when necessary. Where it has
been forced underground it has prospered.

General Instruments Sues Magazine

General Instruments, the maker of that greatly hacked system,
VideoCipher II, are to sue a magazine over adverts. The adverts in
question were for third party cable decoders.

The action is being taken because GI believe that the adverts
contravene the 1984 US Cable Act which makes it a criminal offence
to assist piracy. The magazine, “Nuts And Volts” has a circulation
of 80,000.

The US constitution protects the right to free speech. Commercial
and editorial speech is also protected to a lesser degree. The US
Supreme Court upheld a decision that the US magazine “Soldier Of
Fortune” could be liable for criminal acts committed by
mercenaries who advertise in its pages.

Some in the industry see the lawsuit as a form of harassment by
GI. However the situation will be watched closely here in Europe
by Sky.

A Faster Update For Pirate Cards

According to some sources, Sky are about to face a more versatile
and lethal threat. Some of the newer designs for pirate smart
cards will be updated by telephone. In this respect are becoming
more like Sky. Except in this case the pirate cards will be
updated to cope with Sky’s countermeasures.

The technology involved is similar to that used in the USA for the
VideoCipher key updates. The basic dealer equipment will be a
modem, a computer and a chip programmer. The update codes will be
delivered via modem to dealers throughout Europe. They will then
have to program the pirate cards using the delivered codes. This
essentially involves plugging the pirate card into a socket on the
programmer and downloading the updated set of codes.

Of course the full chip program will not be sent. The newer
versions of the cards will have two chips. One chip will hold the
main card program. This chip will be protected. The second chip
will be unprotected. This chip will hold the alterable
information.

Such a change in operation will give the Blackbox industry an edge
on Sky as they will be able to bring the update time down to a few
hours. Whereas before it was a question of returning the card and
waiting perhaps a few days, pirate users will now be able to walk
in to a dealers and have the card updated on the spot.

FilmNet and VideoCrypt 2

The system used by FilmNet on the low Astra transponder is
VideoCrypt. It is not the same type of VideoCrypt as that
currently in operation on the Sky Multichannels.

The new type of VideoCrypt has been given a working title of
VideoCrypt 2. Others have called it VideoCrypt Europe. Some
hackers have pointed out the ominous similarity of its acronym –
VC2.

The need for VideoCrypt- 2 has become evident over the last few
months. Some of the more European channels in the Sky
Multichannels package have sizable European potential. The Ireland
– UK constriction of the Sky Multichannels package tends to limit
their financial outlook somewhat. The European market is far more
lucrative in terms of cablenet deals.

According to a source, FilmNet have already ordered 100,000
VideoCrypt-2 IRDs from Thomson. The use of the system by FilmNet
is not particularly unusual. However it is an indication of a
clever strategy on FilmNet’s part. It is a case of
compartmentalised operations. A separate system for each area of
operation. The strategy would tend to limit the effects of a hack
on any of the systems. As things stand, FilmNet on Astra is hacked
and VideoCrypt is hacked. Unless there is some major upgrade in
VideoCrypt-2 then the system will also be hacked.

The use of a separate transponder by some of the channels that use
VideoCrypt-2 to access the European market is out of the question.
Therefore VideoCrypt-2 must be able to coexist with VideoCrypt-1
on the same channel.

There may be some evidence for the VideoCrypt-2 being in operation
on channels other than FilmNet. Some official card users have been
reporting slow lock-up times on various channels. Other problems
such as intermittent drop-out have been observed.

These are exactly the kind of symptoms to be expected if
VideoCrypt-1 and VideoCrypt-2 are sharing a channel’s datastream.
The VideoCrypt datastream is robust in that it has a very slow
data rate. The 1 kilobit per second rate gives it a good
resistance to sparklies. The disadvantage is that the slow data
rate makes updates and addressing tedious.

Normally the VideoCrypt system requires a new seed key every 3.5
seconds or so. To multiplex VideoCrypt-1 and VideoCrypt-2
datastreams would be possible. The problem would be that some
areas of the datastream would double in size and take as long to
transmit.

Other areas of the datastream would have to be expanded as well.
As some of the Sky Multichannels package are not yet cleared for
European rights they would have to transmit a secondary channel
identifier. This would ensure that a European Discovery smart card
would decode only Discovery and not the rest of the Sky
Multichannels package. This would mean that the channel identifier
bytes would be transmitted on an alternating basis hence the
delayed lock-up.

At this stage it is only possible to speculate on the circuitry
used on the VideoCrypt-2 decoder. Most of the VideoCrypt designs
on the market at the moment are based on the 1989 design. The
8052, 6805, custom logic chip have made this particular decoder
design vulnerable. The 8052 was not even protected. Over the last
few years there has been a tendency to go for surface mount
componentry but the main chipset appears the same.

The most logical areas for updating would be the 8052 and the
6805. In the VideoCrypt-2 decoder the functions of these chips
would probably be taken care of by one chip. This would give a
higher security to the decoder as the compromised programs could
be rewritten and perhaps given a few new twists and turns.

The question at this point relates to FilmNet’s risk. Are they
walking into another ambush? VideoCrypt-1 is already totally
hacked. VideoCrypt-2 may not last very long unless there has been
some intense re-engineering of the software and the card-decoder
protocols.


The Complete Introductory Guide to Sprintnet and Similar Packet-Switched Networks by Doctor Dissector (April 22, 1990)

The THC Hack/Phreak Archives: PSNINTRO.DOC (842 lines)
Note: I did not write any of these textfiles. They are being posted from
the archive as a public service only – any copyrights belong to the
authors. See the footer for important information.
==========================================================================
% X % X % X % X % X % X % X % X % X % X % X % X % X % X % X % X % X % X % X %
X**=======================================================================**X
%!! Phreakers/Hackers/Anarchists !!%
X!! -++–++–++–++–++–++–++- !!X
%!! !!%
X!! THE COMPLETE INTRODUCTORY GUIDE TO SPRINTNET AND !!X
%!! SIMILAR PACKET SWITCHED NETWORKS !!%
X**=======================================================================**X
% X % X % X % X % X % X % X % X % X % X % X % X % X % X % X % X % X % X % X %
X**=======================================================================**X
%!! P/H/A – Written By Doctor Dissector On Sunday, April 22, 1990 – P/H/A !!%
X**=======================================================================**X
% X % X % X % X % X % X % X % X % X % X % X % X % X % X % X % X % X % X % X %

Part I: Disclaimer
——————
The sole purpose of this document is to educate. Neither the author nor
the sponsor group (Phreakers/Hackers/Anarchists) will be held responsible
for the reader’s actions before, during, and following exposure to this
document as well as the validity or accuracy of the information contained
within this document.

Part II: Introduction
———————
Packet switching networks can be said to be the most useful tool for both
the inexperienced and the experienced hack. When I first learned about
PSNs (SprintNet/Telenet in general), I discovered that there were not any
good “full length” introductions or guides to the use of these systems. In
effect, scrounging around for a small file here and another there was not
very productive in any sense. So, I decided to compile a “complete”
introduction and guide, as I know it, to the “world” of the packet switched
network. Enjoy!
Doctor Dissector – PHA

Part III: Table Of Contents
—————————
Part Description
—– ————————————————————-
I Disclaimer
II Introduction
III Table Of Contents
IV What Is A Packet Switched Network?
V Network Protocols
VI PAD Security
VII Connection To The SprintNet PAD
VIII X.121 International Address Format
IX Network User Identification
X Setting PAD ITI/X.3 Parameters
XI Disconnect Code Sequence
XII Misc Network Notes
XIII Appendix
XIV Conclusion And Closing Notes
XV Greets, Hellos, Etc….

Appendix Description
——– ———————————————————–
A Hunt/Confirm Sequence Codes
B PAD Command Summary
C ITI/X.3 Parameter Summaries
D International DNIC/PSN List
E Overseas PSNs Which Accept Collect Calls
F Network Protocol List
G Glossary

Part IV: What Is A Packet Switched Network?
——————————————-
A packet switched network can be accessed through any local POTS
dialup/port. Systems known as “hosts” on the PSN pay for connection to
the PSN depending on transmission speed and protocol type. PSNs offer
more efficient data transfer and less rates as compared to the typical
circuit switched call. Thus, to anyone who would be interested in
transferring large amounts of data over either the PSN or the circuit
system, the PSN would result in an increase of convenience due to the
reduction of data transmission error and cost.
Another feature of the PSN is the speed and data translation which
takes place between the PSN’s PAD (Packet Assembler/Disassembler) and
the host. For example, one could connect to the PSN’s PAD at 1200 bps
and the PAD could connect to the host system at 9600 bps and still
allow the user to receive error free transmission. This “flow control”
is done by the actual increase or decrease of the data packet between
the PAD and the user or the PAD and the host.
PSNs also have the ability to interconnect through special gateways
which might allow one user who dialed one PSN’s PAD and then connected
to another PSN’s PAD through a system which was accessible by the first.
Almost every PSN in the world can be accessed through gateways on one
PSN to another PSN, through subsequent gateways until the target PSN
is achived; of course, there are always exceptions, some private or
small data networks may not be reachable through gateways, these systems
can only be reached, usually, through direct dialins.
Some PSNs allow the caller to execute “collect calls” to host
systems which accept them, although the majority of the hosts on any
given PSN do not accept collect calls. To connect to a host system which
does not accept collect calls, one must possess a network user identifier
(NUI) or access to a private system on the PSN which accepts collect
calls and has the ability to access another PSN with its own identifier.
These will be discussed further into this document.

Part V: Network Protocols
————————-
The PSN utilizes several communications protocols similar to the
communications protocols used by typical asynchronous modems. However,
MOST PSNs utilize synchronous communications and the X type protocols
versus the typical modem’s asynchronous V protocols. As a result, the
PAD of any PSN also serves as a synchronous/asynchronous translator
between the synchronous netowrk and the asynchronous modem.
Most PSNs offer network speeds from snail’s pace baud rates of
300 bps (asynchronous) to the lightning of 48,000 bps (synchronous).
The most common data protocol used by PSNs today is the X.25 protocol,
thus if one were able to access a private PAD which offered support for
the X.25 protocol, one could access virtually any network user address
(NUA) from that PAD. SprintNet PADs support the X.25 protocol, so if
one had an NUI of sorts, one also could access any NUA from the SprintNet
PAD. See appendix F for a list of network protocols.

Part VI: PAD Security
———————
SprintNet PADs and most dialin PADs in general have no “immediate”
form of telephone security common within their systems. Plainly, SprintNet
and most PSN dialin PADs cannot trace on the fly, as they do not have
their own equiptment to trace incomming calls. HOWEVER, this does not
mean that they CANNOT trace; SprintNet can, and will, upon probable
cause, cooperate with the telco to trace calls. Notice that tracing
usually is premeditated and one-time abusers have a very slim chance
of being caught. Also note that most PAD activities are logged and if
abuse is suspected, the PSN owners would most likely suspect the abuser
as originating from the local area, since the POTS dialin/port is also
located in the same area.
Once online, security from “calling” hosts which do not accept collect
calls is enforced by the presence of the NUI. Without an NUI, one would
usually be stuck, only able to call systems accepting collect calls, sans
the use of another system’s NUI.
There is one more aspect of seucurity worth mentioning. Whenever a
packet of data is sent to a host system, a header of data is sent stating
where the originating “call” is being placed by. Thus, if you were
connecting to “312312” from your local POTS dialin/port that owned an
address of “20231H,” the system at 312312 would know the call was being
originated from 20231H. Once again, if someone were abusing any system on
the PSN and that system saved a log of the originating addresses accessing
that system, the owners of the abused system could easily determine which
POTS dialin/port number the abuser was using, and then inform the PSN
security of possible abuse in that dialin’s local area. Because of this
ability to “trace” the originating address, there is one way to foil this.
One could connect to another PAD, and then, from that PAD connect to
the target system. Thus, the POTS dialin/port address will be sent to
the connected PAD, and the connected PAD would intercept the POTS address
and send the connected PAD’s address to the target system instead of
the POTS address. SO, if the target system was abused and the owners
attempted to “trace” the originating address, they would receive the
address of the connected PAD. For example: you dial your local POTS
dialin/port which had an address of “71516G,” log into another PAD at
“415100,” connect from 415100 to “213213.” The system at 213213 if
“traced” would find that you were originating from 415100, not 71516G.
See how it works? Good… Notice that the system 213213 would still
know that you were originating from 71516G, but the folks you were
genuinely abusing wouldn’t know that!

Part VII: Connection To The SprintNet PAD
—————————————–
The following procedure outlines the methods used to connect to
and through the SprintNet PAD.

Step Procedures Network/Operator Response
—- ———- ————————-
1 Turn on your terminal. Make sure
it’s Online.

2 Dial your local SprintNet access
number.

3 For data sets Bell 103 & 113 type,
depress the DATA button.

4 Enter the hunt/confirm sequence
for your baud/parity type. For
E,7,1 1200/2400, type twice.
For hunt/confirm sequences, see
appendix A.

5 SprintNet will identify itself, TELENET
its port address, and then send 909 14B
a TERMINAL= prompt for terminal
identification. “D1” specifies TERMINAL=D1
dumb terminal.

6 NUI Input: After SprintNet gives
the “@” prompt, type “ID ;” and @ID ;ABCD
then your ID code, follwed by a PASSWORD=123456
. Then enter your password
followed by another . If you
don’t have an NUI, you can always
access systems which allow collect
calls.

7 At the “@” prompt, you can enter @02341123456790
the network user address (NUA) of
the desired host. If, during the
connection attempt wish to abort
the attempt, a BREAK signal will
bring you back to the “@” prompt.

8 SprintNet will respond with a (address) CONNECTED
connection message, or an error
message.

9 To disconnect from your computer, (address) DISCONNECTED
log off as usual. SprintNet will
send a disconnect message. To
disconnect off of a system without
logging off, typing “@” will
bring you back to the “@” prompt.

Part VIII: X.121 International Address Format
———————————————
Most PSNs around the world follow the X.121 format for access to both
domestic and international hosts. SprintNet does not require some parts
of the format for domestic connection, which will be discussed below.

+—————————————– Zero Handler For SprintNet
| (Formats The X.121 Address)
|
|
|
| +——————————— Data Network Identifier
| | Code (DNIC)
| |
| |
| | +————————- Area Code of Host
| | |
| | |
| | | +————— DTE Address of Host
| | | |
| | | |
| | | | +——– Port Address
| | | | |
| | | | |

|0| |DDDD| |AAA| |HHHHH| |PP|

|
+——- Optional ‘Subaddress’
Field for Packet Mode
DTE

For a complete list of DNICs/PSNs according to country, please see
appendix D.
On SprintNet, a “0” MUST lead the NUA, although on other PSNs, this
may not be necessary.
On SprintNet, the DNIC is defaulted to 3110. Any host entered at the
“@” prompt, if domestic to Telenet/USA, will not require the input of
zero handler or the 3110 DNIC. For example:

Domestic X.121 SprintNet Int’l
———- ————– —————
2129966622 31102129966622 031102129966622
212869 311021200869 0311021200869
21244 311021200044 0311021200044

Part IX: Network User Identification
————————————
Network user identifiers (NUIs) offer full SprintNet PAD use for
any distance or amount of time for any host accessible by the PAD in
question. Think of the NUI as a /<-/<00l Kode for calling long distance. Any systems that you call are logged, and each call is charged. At the end of the month, the owner of the NUI is billed. So, it is possible to hack out NUIs and use them, but like k0dez, abuse kills. NUIs can be entered into SprintNet in two ways. The first method is to type "ID ;xxxx" where xxxx can be from 4-? charachters in length, both alphabetic and numeric. Then, at the password prompt, enter a password. The second method for entering an NUI is in conjunction to the NUA you are accessing. The format is ",,” where at the “@”
prompt you would type the desired NUA, followed by a comma, then your
ID followed by a comma, and then your password. Your password will not
be echoed.

Part X: Setting PAD ITI/X.3 Parameters
————————————–
Online PAD parameter modification may be desired for certain
applications, connections, or data transfers. See appendix C for brief
summaries of these parameters. Modification of these parameters can be
done by the following procedure at the “@” prompt:

X.3 Parameters
————–
To display current parameters: “PAR?
The PAD will respond with: “PAR1:,2:,…”

To modify parameter(s): “SET? :,:,…”
The PAD will respond with: “PAR:,…”

ITI Parameters
————–
To display current parameters: “PAR? 0,,,…”
The PAD will respond with: “PAR:,:,…”

To modify parameter(s): “SET? 0:33,:,:,…”
The PAD will respond with: “PAR0:33,:,…”

Part XI: Disconnect Code Sequence
———————————
When disconnected off of any host on SprintNet, a disconnect coding
sequence with a string of data will be sent to your terminal. The
following is a translation format for the disconnect coding.

DISCONNECTED AA BB TT:TT:TT:TT CCC DD

Where:
is the NUA of the given host system.
AA is the clearing code.
BB is the diagnositc code.
TT:TT:TT:TT is the time spent on the host.
CCC is the number of frames received.
DD is the number of frames sent.

Part XII: Misc Network Notes
—————————-
Just a few things one might want to know when using PSNs:

1) When using/abusing a private PAD, try to use it after business
hours, as the operators will not tend to discover your presence
as quickly.

2) When hacking or abusing ANY system on ANY PSN, if anything seems
different or suspicious, logoff, disconnect, or HANG-UP
IMMEDIATELY! Much better SAFE than SORRY!

3) For a complete and updated list of POTS dialin/ports, dial the
IN-WATS number at 1-800-546-1000 or 1-800-546-2000, type “MAIL,”
and for user name and password, enter “PHONES.” You will be
diverted to the SprintNet dialing directory & a menu. From then on
you will have plenty of info about POTS dialins and port numbers.

4) For international information concerning SprintNet and other PSNs,
get to a SprintNet “@” prompt and type “MAIL.” Then, for the user
name, enter “INTL/ASSOCIATES.” For the password, type “INTL,” and
you will be diverted to the international information menu.

5) For even more info on SprintNet and PCP, the NUA for the PCP
support BBS is 311090900631 (909631 domestic).

6) Some 2400 bps and 2400+ bps PADs have problems recognizing 8,N,1
connections. Sometimes they only allow E,7,1 transmissions.
Experimentation or inquiry may yeild results. SprintNet’s customer
information line is at 1-800-336-0437, overseas is 1-703-689-6400.

7) PCP outdials and other outdial systems are abundant on the PSNs
throughout the world. If you have any NUAs to these or find any,
they utilize the typical Hayes AT command set, so they should be
easy to figure out. MOST of the time, they ONLY allow dialing of
local (to the oudial’s area code) numbers, but some have been known
to allow interstate and even international calls. Experimentation,
again, is always necessary.

8) Domestically, the “AAA” (Area Code) portion of the NUA is usually
the same as the area code (NPA) of the same calling area. However,
some area codes are shared on the network and some non-existant
area codes such as 909, 223, 224 and others contain hosts.

9) On any PAD, the data transmission rates may be slowed, due to the
assembley/disassembley time, called packet delay. Depending on which
system, baud, and transfer protocol used, pad delay can differ from
almost none to noticable fractions of seconds. PCP oudials are
notorious for LLOONNGG pad delays….

Part XIII: Appendix
——————-
Appendix A: Hunt/Confirm Sequence Codes
=======================================
Bits Stop Parity Modem Baud Duplex Sequence
—- —- —— ———- —— ——–
7 1 EVEN 300-1200 FULL
7 1 EVEN 300-1200 HALF ;
7 1 EVEN 2400 FULL @
7 1 EVEN 2400 HALF @;
8 1 NONE 300-1200 FULL D
8 1 NONE 300-1200 HALF H
8 1 NONE 2400 FULL @D
8 1 NONE 2400 HALF @H

At BPS speeds 2400+, wait 1/2 a second BEFORE and AFTER the
“@” sign in the sequence above.

Appendix B: PAD Command Summary
===============================
The following is a list of commands usable from the “@” prompt on the
SprintNet PSN.

Command Description
———– ————————————————————-
Connects to the host specified by that NUA.
C Connects to the host specified by that NUA.
STAT Displays the network port address (NUA of the port).
FULL Sets duplex to full.
HALF Sets duplex to half.
DTAPE Prepares the PSN for bulk file transfers.
CONT Continues the current connected session/connect attempt.
BYE Aborts connect attempt/disconnects from current session.
D Aborts connect attempt/disconnects from current session.
HANGUP Logs you off from the SprintNet PAD.
TERM Changes the terminal specification to that of .
MAIL Request connection to SprintNet Telemail.
TELEMAIL Request connection to SprintNet Telemail.
ID ; Enter NUI, is your ID. This is followed by a PASSWORD
prompt. Password will not be echoed.
TEST CHAR Test if you are receiving garbled output. If so, adjust
parity or data bits, and then try again. If errors persist,
be sure to complain to SprintNet customer service!
TEST ECHO Test if your input is being garbled by Telenet. Similar
otherwise as TEST CHAR.

Appendix C: ITI/X.3 Parameter Summaries
=======================================
Para- Para-
meter Description (Default Value) meter Description (Default Value)
—– ————————— —– —————————
1 Line feed Insertion (0) 31+ Interrupt Character (0)
2 Network Message Display (0) 32 Automatic Hang-up (0)
3 Echo (1) 33+ Flush Output (0)
4 Echo Mask (163) 34 Transmit on Timers (1)
5 Transmit Mask (2) 35 Idle Timer (80)
6* Buffer Size (0) 36 Interval Timer (0)
7* Command Mask (127) 37 Network Usage Display (0)
8* Command Mask (3) 38 Carriage Return PAD (Variable)
9 Carriage Return PAD (Fixed) 39 Padding Options (1)
10 Linefeed Padding 40 Insert on Break (0)

11 Tab Padding 41 PAD-Terminal Flow Control (0)
12 Line Width 42 PAD-Terminal XON Character (17)
13 Page Length (0) 43 PAD-Terminal XOFF Character (19)
14 Line Folding (1) 44* Generate Break (INV)
15 Page Wait (0) 45* APP on Break (0)
16 Interrupt on Break (0) 46 Input Unlock Option (0)
17 Break Code (0) 47 Input Unlock Timer (0)
18 NVT Options (0) 48 Input Unlock Character (0)
19 Initial Keyboard State (0) 49 Output Lock Option (2)
20 Half/Full Duplex 50 Output Lock Timer (10)

21 Real Character Code 51 Output Lock Option (0)
22 Printer Style 53* Break Options (0)
23 Terminal Type 54 Terminal-PAD Flow Control (0)
24 Permanent Terminal (0) 55 Terminal-PAD XON Character (17)
25 Manual or Auto Connect (0) 56 Terminal-PAD XOFF Character (19)
26 Rate 57 Connection Mode (2)
27 Delete Character (127) 58 Escape to Command Mode (1)
28 Cancel Character (24) 59* Flush Output on Break (0)
29 Display Character (18) 60 Delayed Echo
30+ Abort Output Character (0) 63 Eight-bit Transparency (1)
64+ Early ACK (0)
65 More-Data Bit Generation (3)
66 Defer Processing of User (0)
67 ESP Packetizing Option (0)
68 Escape Sequence Timer (0)
69 Escape Sequence Maximum Length (0)
70 Escape Sequence Initiator (0)
71 Parameter Reset on Disconnect (0)

Note: – All Telenet Parameters must follow the National Option Marker
(Parameter 0, value ’21’ Hex) in PAD Messages.
– Parameters marked with “*” should not be used.
– Parameters marked with “+” should be used with caution.

Appendix D: International DNIC/PSN List
=======================================
Note: This is not a complete list!

COUNTRY NETWORK DNIC
——- ——- —-
ALASKA ALASCOM 3135
ANTIGUA ANTIGUA 3443
ARGENTINA ARPAC 7220
ARGENTINA ARPAC 7222
AUSTRIA DATEX-P 2322
AUSTRIA RA 2329
AUSTRALIA AUSPAC 5052
AUSTRALIA MIDAS 5053
BAHAMAS BATELCO 3640
BAHRAIN IDAS 4263
BARBADOS IDAS 3423
BELGIUM DCS 2062
BELGIUM DCS-TELEX 2068
BELGIUM DCS-PSTN 2069
BERMUDA IPSD 3503
BRAZIL INTERDATA 7240
BRAZIL RENPAC 7241
BRAZIL RENPAC 7249
BRAZIL RENPAC 7248
CAMEROON CAMPAC 6242
CANADA DATAPAC 3020
CANADA GLOBEDAT 3025
CANADA CNCP 3028
CANADA TYMNET CANADA 3106
CAYMAN ISLANDS IDAS 3463
CHILE ENTEL 7302
CHILE ENTEL 3104
CHINA PTELCOM 4600
COLUMBIA DAPAQ 3107
COSTA RICA RACSADATOS 7120
COSTA RICA RACSAPAC 7122
COSTA RICA RACSAPAC 7128
COSTA RICA RACSAPAC 7129
COTE D’IVOIRE SYTRANPAC 6122
DENMARK DATAPAK 2382
DEMMARK DATAPAK 2383
DOMINICAN REPUBLIC UDTS 3700
EGYPT ARENTO 6020
FINLAND FINNPAK 2442
FRANCE TRANSPAC 2080
FRANCE N.T.I. 2081
FRANCE TRANSPAC 9330
FRANCE TRANSPAC 9331
FRANCE TRANSPAC 9332
FRANCE TRANSPAC 9333
FRANCE TRANSPAC 9334
FRANCE TRANSPAC 9335
FRANCE TRANSPAC 9336
FRANCE TRANSPAC 9337
FRANCE TRANSPAC 9338
FRANCE TRANSPAC 9339
FRENCH ANTILLES DOMPAC 3400
FRENCH GUYANA DOMPAC 7420
GABON GABONPAC 6282
GERMANY DATEX-P 2624
GREECE HELPAK 2022
GREENLAND DATAPAK 2901
GUAM LSDS-RCA 5350
GUATEMALA GUATEL 7040
HONDURAS HONDUTEL 7080
HONG KONG IDAS 4542
HONG KONG DATAPAK 4545
HUNGARY DATEXL 2160
HUNGARY DATEXL 2161
ICELAND ICEPAC 2740
INDONESIA SKDP 5101
IRELAND IPSS (EIRE) 2721
IRELAND EIREPAC 2724
ISRAEL ISRANET 4251
ITALY DARDO 2222
ITALY ITAPAC 2227
IVORY COAST SYTRANPAC 6122
JAMAICA JAMINTEL 3380
JAPAN DDX-P 4401
JAPAN VENUS-P 4408
JAPAN NISNET 4406
JAPAN NI+CI 4410
KUWAIT 4263
LEBANON SODETEL 4155
LUXEMBOURG LUXPAC 2704
LUXEMBOURG PSTN 2709
MALAYSIA MAYPAC 5021
MAURITIUS MAURIDATA 6170
MEXICO TELEPAC 3340
NETHERLANDS DATANET-1 2040
NETHERLANDS DATANET-1 2041
NETHERLANDS DABAS 2044
NETHERLANDS DATANET 2049
NETHERLANDS/ANTILLES UDTS ITT 3620
NETHERLANDS/MARIANAS PCINET 5351
NEW CALEDONIA TOMPAC NC 5460
NEW ZEALAND PACNET 5301
NORWAY DATAPAK 2422
PANAMA INTELPAQ 7141
PANAMA INTELPAQ 7142
PHILIPPINES CAPWIRE 5151
PHILIPPINES PHILCOM RCA 5152
PHILIPPINES GMCR 5154
PHILIPPINES ETPI-2 5156
POLYNESIA TOMPAC 5470
PORTUGAL TELEPAC 2680
PORTUGAL SABD 2682
PUERTO RICO UDTS- PDIA 3301
PUERTO RICO UDTS- I 3300
QATAR DOHPAC 4271
REUNION ISLAND DOMPAC 6470
SAN MARINO X-NET 2922
SAUDI ARABIA BAHNET 4263
SINGAPORE TELEPAC 5252
SINGAPORE TELEPAC 5258
SOUTH AFRICA SAPONET 6550
SOUTH AFRICA SAPONET 6559
SOUTH KOREA DACOM-NET 4501
SOUTH KOREA DNS 4503
SPAIN TIDA 2141
SPAIN IBERPAK 2145
SWEDEN TELEPAK 2405
SWEDEN DATAPAK 2402
SWITZERLAND TELEPAC 2284
SWITZERLAND DATALINK 2289
TAHITI TOMPAC 5470
TAIWAN UDAS 4877
TAIWAN PACNET 4872
THAILAND IDAR 5200
TORTOLA 3483
TRINIDAD TEXTET 3740
TRINIDAD DATANETT 3745
TUNISIA RED25 6050
TURKEY TURPAC 2862
TURKS BWI 3763
UNITED ARAB EMIRATES EMDAN 4241
UNITED ARAB EMIRATES TELEX 4243
UNITED ARAB EMIRATES TEDAS 4310
UNITED KINGDOM IPSS 2341
UNITED KINGDOM PSS 2342
UNITED KINGDOM MPDS MERCURY 2350
UNITED KINGDOM PSS MERCURY 2352
U.S.S.R. IASNET 2502
UNITED STATES OF AMERICA TELENET 3110
UNITED STATES OF AMERICA TYMNET 3106
U.S. VIRGIN ISLANDS

Constitution for the Open Computing Facility at UC Berkeley

[Note: OCF is the Open Computing Facility at UC Berkeley.]

The OCF Constitution

As ratified or amended by votes of the OCF membership: 3 February
1989

Preamble

We, the computer using community of the Berkeley campus of the
University of California, provide by this Constitution an
organization dedicated to the pursuit of obtaining and managing
open computing resources. The intent of this organization is to
provide an environment where no member of Berkeley’s campus
community is denied the computer resources he or she seeks. This
group’s spirit can be traced directly to the former Undergraduate
Computing Facility, however this organization’s membership is
much more widely open. It is also the intent of this group to
appeal to all members of the Berkeley campus community with
unsatisfied computing needs and to provide a place for those
interested in computing to fully explore that interest. It is
the intention of this group that no small number of people ever
control the accessibility of any OCF sponsored computing
facility.

Articles

1. Name
This organization shall be called the Open Computing Facility and
may also be referred to as the OCF.

2. Members

2.1. General Membership
Any UC Berkeley student, faculty or staff member may be an
OCF Member.

2.2. Active Members

2.2.1. Eligibility
Active Membership status is restricted to U.C. Berkeley
Faculty and Staff and Registered Students.

2.2.2. During General Meetings
Any member of the OCF shall be an Active Member by
physical presence at an OCF General Meeting.

May 28, 1991

2

2.2.3. Between General Meetings
Any OCF Member who has attended an OCF General Meeting in
either this semester or the one preceding shall be an
active member.

2.3. Inactive Members
Any OCF Member who is not an Active Member shall be
considered an Inactive Member.

3. Officers

3.1. Elected Officers

3.1.1. Offices
The only elected offices are General Manager and Site
Manager(s).

3.1.2. Eligibility
All elected officers must be Active Members.

3.1.3. When Elected
The officers shall be elected at each OCF Elections
Meeting.

3.1.4. Term Of Office
The officers’ terms shall begin immediately after
election and last until the next election.

3.1.5. Removal From Office
An officer shall be removed from office if, at a General
Meeting, the members vote to remove him or her.

3.1.6. Succession
If any elected position becomes vacant, a General Meeting
will be called to elect a replacement.

3.1.7. General Manager Duties
The General Manager is the chief political and executive
officer of the OCF and shall chair all meetings.

3.1.8. Site Manager Duties
The Site Manager is the chief system manager of a
particular installation of computing equipment. In the
absence of the General Manager, a Site Manager shall
chair meetings.

3.2. Board of Directors

3.2.1. Membership

3.2.1.1. General Manager and Site Manager(s)
The General Manager and Site Manager are ex officio
members of the Board and shall have no more and no
less power than any other member of the Board.

May 28, 1991

3

3.2.1.2. Other Directors
Other Directors shall be appointed and removed
through the OCF Decision Making Process.

3.2.2. Term Of Office
The term shall expire at the next Elections Meeting.

3.2.3. Duties
Directors shall normally be responsible for the creation,
implementation and discussion of the majority of OCF
actions. Also the Board shall review all of the actions
of the General Manager and Site Manager at its
discretion.

3.3. Interim Manager
When the OCF is not formally in session, or any other time
when there is a temporary vacancy in an elected office, the
OCF Decision Making Process shall designate a member or
members to see to it that the OCF functions properly.

4. Meetings
The OCF is formally in session during the Fall Semester and the
Spring Semester. This is the only time General Meetings can take
place. The OCF is informally in session between the semesters.
During this time the Faculty Sponsors and the Interim Managers
are responsible for the functioning of the OCF.

4.1. General Meetings
The OCF Decision Making Process can call a General Meeting at
any time. When possible, one weeks notice shall be given.

4.1.1. Election Meetings
The Elections Meeting shall, in this order, approve the
Faculty Sponsors, elect the General Manager, elect the
Site Managers, appoint Directors and then consider new
business.

4.1.1.1. Fall Meeting
The OCF shall meet during the week immediately
preceding Thanksgiving.

4.1.1.2. Spring Meeting
The OCF shall meet during the second week following
Spring Break.

4.1.2. Special General Meetings

4.1.2.1. How Called
Ten OCF members can call a Special General Meeting
when the normal process for calling a General Meeting
is not feasible.

May 28, 1991

4

4.1.2.2. Procedure
These ten members must notify the General Manager if
possible, provide prominent public notice of the
meeting at least one week beforehand and must try to
contact all members of the OCF.

4.2. Voting

4.2.1. Elections and General Meetings Quorum
By definition a quorum exists at these meetings.

4.2.1.1. Special General Meetings
Quorum consists of 25% of all Active Members prior to
the meeting.

4.2.2. Board Meetings
Quorum consists of 3/4 of the Board of Directors or five
Board members, whichever is greater.

4.2.3. Procedure

4.2.3.1. Election of Officers
The election of officers shall be by secret ballot.
A simple majority of those casting votes (including
abstaining votes) is required. If on the first ballot
no candidate receives a simple majority, then there
will be a runoff between the top two candidates. The
voting will continue until one candidate receives a
simple majority.

4.2.3.2. Other Votes
All other votes require a simple majority to pass.

4.2.3.3. Proxy
An OCF Member must be present at a meeting to vote.

5. Faculty Sponsors
The OCF Faculty Sponsors shall consist of a faculty member or
faculty members who are dedicated to the functioning of the OCF.
These Faculty Sponsors shall be selected by the OCF Board of
Directors and shall be subject to selection by the OCF at the
Elections Meeting.

6. The OCF Decision Making Process

6.1. Faculty Sponsors
The Faculty Sponsor or Faculty Sponsors shall have ultimate
authority over any OCF actions except for constitutional
amendments and the approval of the Faculty Sponsors.

6.2. OCF Membership
The OCF Active Membership shall have authority over any OCF
actions except where such action conflicts with Article 6.1.

May 28, 1991

5

6.3. OCF Board of Directors
The OCF Board of Directors shall have authority over any OCF
actions except where such action conflicts with Articles 6.1
and 6.2.

6.4. OCF General Manager
The OCF General Manager shall have authority over any OCF
actions except where such action conflicts with Articles 6.1,
6.2 and 6.3.

6.5. OCF Site Managers
OCF Site Managers shall have authority over any OCF actions
except where such action conflicts with Articles 6.1, 6.2,
6.3 and 6.4.

7. Bill of Rights

7.1. Nondiscrimination
The OCF shall not discriminate in any way against any person
by race, color, religion, marital status, national origin,
sex, age, sexual orientation, handicap, college major or
political activity.

7.2. Hazing
The OCF shall not haze, in accordance with California state
law.

7.3. Grievance
Any individual who has a grievance with the OCF shall first
contact the General Manager. He or she may then appeal to
the Faculty Sponsors and then finally to the University of
California through established channels.

7.4. Conduct
All users of OCF managed facilities shall comply with
University of California regulations, including the UC
Berkeley Student Conduct Code and any OCF regulations.

7.5. Freedom of Information
All official OCF documents must be provided to interested
parties without undue delay and the OCF may not charge above
cost to do so.

7.6. Privacy
Individuals’ rights of privacy shall not be violated without
reasonable cause.

7.7. Rights Not Enumerated
The enumeration in this Constitution of certain rights shall
not be construed to deny or disparage other rights retained
by individuals.

May 28, 1991

6

8. Amendments and Bylaws

8.1. Amendments

8.1.1. Process
A proposed amendment to the Constitution must be
presented for consideration at a General Meeting. If the
Membership votes to further consider the amendment, it
shall be open for voting for a review period, of not less
than two weeks. Voting in this case may be through
electronic or physical means. A 2/3 majority of all
Active Members is required for approval.

8.1.2. Annotation
Whenever this Constitution is amended, an annotation of
the date of ratification shall be added to the beginning
of this document and shall be further noted immediately
following the new amendment.

8.1.3. ASUC Records
All amendments, additions, or deletions must be filed
with the ASUC Student Affairs Office within one week of
adoption, and must be in consonance with University of
California and ASUC regulations and policies.

8.2. Bylaws
Bylaws may be created or modified as needed, through the OCF
Decision Making Process.

9. Dissolution
The assets of the OCF constitute a continuing trust for the
benefit of all members of the Berkeley campus community
interested in open computing facilities. In the event of the
dissolution of the OCF for whatever reason, the assets, after
payment or adequate provision for payment of all outstanding
debts and obligations of the OCF shall be transferred to a non-
profit fund, foundation or corporation which is organized and
operated exclusively for the purposes for which the OCF was
founded. All unspent ASUC funds shall remain the property of the
ASUC.

May 28, 1991

Hacker Morality: A Lesson

File: HACKER MORALITY
Read 33 times

A lesson in phreaking and hacking morality:

I find it truly discouraging when people, intelligent people seeking
intellectual challenges, must revert to becoming common criminals. The
fine arts of hacking and boxing have all but died out. Though you newcomers,
you who have appeared on the scene in the last year or two, may not realize it,
we had it much better. People didn’t recognize our potential for destruction
and damage because we never flaunted it, nor did we exercise it.

For hacking, it was the intellectual challenge which drove us to do it.
The thrill of bypassing or breaking through someone’s computer security was
tremendous. It wasn’t a case of getting a password from a friend, logging on,
and destroying an entire database. We broke in for the challenge of getting in
and snooping around WITHOUT detection. We loved the potential for destruction
that we gave ourselves, but never used.

Today, after so much publicity, the fun has turned to true criminality.
Publicity we have received is abhorring. From WarGames to the headlined October
Raids, to the 414’s, the Inner Circle, Fargo 4a, and the recent NASA
breakins–not to mention all the local incidents that never made the big
newspapers, like breakins at school computers or newspaper computers. TRW
credit information services claims hackers used the three stolen accounts to
aid them in abusing stolen credit cards. The thrill of entering and looking
around has shifted to criminal practicality–how can I make my bank account
fatter–how may I use this stolen credit card to its fullest–how could I take
revenge upon my enemies.

And then there is the world of Phone Phreaking. The number of phreaks has
grown from an elite few, perhaps ten or twenty, to well over a thousand.
Still, there remain only about 10 or 20 good, longlasting phreaks. The rest
receive information and abuse its uses until the information is no longer valid
.
Even worse, they seek publicity! They WANT to be caught! Many even use their
real names on bulletin board systems to promote publicity. Meanwhile, the REAL
phone phreaks have been resting in the shadow of the rest, waiting for
phreaking to become so dangerous as to become a challenge once again. Once
security tightens and only the strong survive (phreak Darwinism?), phreaking
will be restored as a way to ‘beat the system’ without costing anyone anything.

Hacking may soon be dead, but may phone phreaking live on!

Big Brother

Call The Works BBS – 1600+ Textfiles! – [914]/238-8195 – 300/1200 – Always Open


LCA #5: Phone Patching Made Easy, by Pinball Wizard of Lemon Curry Alliance

ÜÜÜ
ÜÜßßßßÛÛÛÛÜ
Ü Üß eptßßÛÛßÛÛÜ
ÜÛÛÛÜ ß ncÜÛÛÛÞÛ ÛÛÜ
ÛßÛÛÛÝþ o ÛÛß Þ ßÞÜÛÛÛÛ
ß ÞÛÛ úcÜÝÛÛÜ ÜÛ ß ÞÛÝ
ß ÛÛÛÛÛÛÛÛÜÞÛÛÛÛÝ ÜÛÛ
þ ÜÛßßßß Ü ßßßÜÜÛÛÛß
ú ßß ßßÛÛÛÛÛÛßß
ú þ ß ³ Ú Õ¸
ÔemonÀurry³³lliance ÄÄÄÄ—-úúúú

-Thozz-pfuncky-chikenz———————————–znekihc-ykcnufp-zzohT-
Dis-pfuckin’-claimer!————————————–
Don’t do anything described in the pfollowing text pfile.
It’s illegal. It’s here so that you can do nipfty little
school reportz on hacking/pfreaking/etc. We don’t do this,
so you shouldn’t either.
———————————————————–
Thiz pfile was pfucked up by: Pinball Wizard.

——
Phone Patching made EASY!
——

You may ask, “What is phone patching?” Well, my friend, it is a neat
little thing to write a too-short LcA t-file on when you haven’t put a thing
out in over a month. Actually, it is where you either sneak up to your
neighbor’s house when the are asleep or not there, open the little gray box on
the side of their house, stick a phone line/cord in and either sit there and
call phone sex numbers, or run a line to your house from there and phrack on
their line. The latter being both stupid and dangerous.
Now. Ma Bell has done some pretty stupid things in the past, but making
little gray “customer service” boxes on the sides of people’s homes is about as
stupid as I’ve seen her get. The only thing seperating these boxes from the
outside world is a screw or latch. They do have little holes in them so that
people can put big, nasty locks trough them (which is what I suggest you do
RIGHT NOW), even though they are plastic and can be melted quite easily.
What you do to get inside of these things, is take a screwdriver (if it is
one of the newer ones, which it probably is), stick it in the corresponding
screw, turn a coupla times, and voila! It is opened!

Diagram:

______________________
| | _ \
| | / \ \
| Ma Bell | | ———lockhole
| Customer Service| \_/ /
| Box | _ /
| | /|\|
| | \|/——–screw
| | /
| |__/
| |
| |
| |
|_________________|

when opened, it looks like this:

|\/\/\/\/\/\/\/\/\| @=terminals .=red wire ,=green wire
| @ @ |
| ___ | ==phone jack
| @… | | …@ |
| . .| |. . |
| @,.,,| |,,.,@ |
| ., | | ,. |
| @ ., |= =| ,. @ |
| ., | | ,. |
| | | | | | | |
|__| |_|___|_| |__|
|/| |\|
+–wires–+

What you can do here is either take a portable phone and plug it into the
phone jack, if a phone jack is installed. On a normal, 1-line house, the only
phone line will be installed on the right. In a two-line house, there will be
two sets of red and green wires. You can take a phone line, strip it, attach
two alligator clips to the red and green wires, and hook them directly onto the
terminals, so they will fly off when you take off running instead of having to
sit there and unplug that clumzy telephone wire. If you feel especially
malicious, you can completely sever the wires, indefinitely disconnecting their
line, destroy the box, and/or put a 12-ohm resistor on the red and green wires
(making their conversations faint and decidedly short-lived). If you are
feeling especially malicious and have lots of time and wire, you can hook all of
the neighbor’s phone lines together, thus, every time someone picks up the
phone and dials, all of the lines will dial at once, and everyone will be able
to hear the conversation when they pick up their phone.

Ok, my pfingers are getting tired, so I had better stop.

——————————————
This has been one of the first LcA files written completely from experience
instead of cut-and pasted from some ancient phrack!

——————————————————————————
This has been a WHOOPIE GRANOLA MELLOWNESS instigated by the guys at the LCA!
_ ___ __ ============———–If You
/ | / _ \ \ \ ============———– Like
\ || / \/ / \ ============———– Cold Shit, call
[|| \____/ /\ \ ============———– -=-Starving Artist @ 91o.722.o514-=-
/ |_\_____| [_\ \ ============———– One and only distribution site for
|_________| ____ \ ============———– The LCA and their phunky rhymes.
———–\/—-\_\———————————————————-