SOFTDOCS: UNP 3.31 by Ben Castricum (April 15, 1994)

Ú¿  ÚÂÄ¿  ÂÂÄÄ¿ ÚÄÄ¿ ÚÄÄ¿ Ú¿
³³ ³ ³³ ³ ³ ³³ ³ ³³ ³³ Ä´³
³³ ³ ³³ ³ ³ ³ÃÄÄÙ ÄÄ´³ ÄÄ´³ ³³
³³ ³ ³³ ³ ³ ³³ ³³ Ú¿ ³³ ³³
ÀÁÄÄÙ ÀÙ ÀÄÙ ÀÙ ÀÄÄÁÙ ÀÙ ÀÄÄÁÙ ÄÁÁÄ
ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ

Written by Ben Castricum

April 15, 1994

This is the documentation belonging to and explaining the use of:

UNP V3.31
Compressed executable file expander

TOPICS covered in this document:

DISCLAIMER
PURPOSE OF UNP
REQUIREMENTS
GENERAL INFO
HOW TO USE UNP
UNP IN ACTION
MESSAGES
WHAT UNP CAN HANDLE
NOTES ON COMPRESSORS
ERRORLEVEL VALUES
WHERE TO FIND UNP
HOW TO REGISTER
CONTACTING ME

DISCLAIMER:
———–
Although UNP has been tested on several systems, I cannot guarantee that
UNP will be without bugs. Therefore, I do not take responsibility for any
damage directly or indirectly caused by UNP as a result of known or
unknown errors in it.

PURPOSE OF UNP:
—————
UNP tries to reverse the action which programs like PKLITE and LZEXE
perform. In case you don’t know, those programs use data compression on
executable files. Yet they leave these compressed files in a state such
that they can still be normally executed. This is great if you want to
save disk space, but it has its disadvantages. Anyone can now spread a
virus; just compress an infected file and the virus is invisible!
Debugging also becomes a lot more difficult since the code has become
unreadable. These are the primary reasons behind my writing UNP. I
could make up some story about loading/decompressing time, but we are
probably talking about a few 100ths of a second. Well, at least I don’t
notice any delay on my 66Mhz…

Not only can UNP expand compressed executable files, it is also able to
remove other kinds of routines from such programs. For instance,
Central Point’s Anti-virus ™ Immunize codes can be safely removed.
Though this removal is currently limited to only a few routines, in the
future this ability might be greatly expanded.

REQUIREMENTS:
————-
To run UNP you need at least a 8086 microprocessor. However if you want
to take full advantage of UNP, MS-DOS 5.0 (or higher) is recommended since
UNP tries to allocate UMBs. Lower versions of DOS will work without much
difference since UNP only uses base memory and UMBs. It requires about
15k of memory, with the additional amount of memory required depending on
the program being processed.

GENERAL INFO:
————-
Before you start using UNP, I would like to point out a few things which
you might take into consideration.

Compressed EXE files containing an overlay may not work correctly after
they have been decompressed. Decompression expands the code size of the
EXE file which also means that the overlay moves up. Some programs do not
check where the overlay currently is but just use a constant to get the
overlay. If this is the case, most anything can happen.

When you use UNP to convert a file to another structure, please take
into consideration that the converted program never runs under the exact
same conditions as it did before. Though these differences are likely
not to cause any problems with most programs, there are always programs
which expect just that what is changed by conversion.

One way to protect yourself against problems caused by such problems is
to use UNP’s -b which is .BAK backup file creation option to create a
copy of the original compressed file. If, after running the
uncompressed program you find an error, you can simply delete the bad
copy and rename the .BAK file.

HOW TO USE UNP:
—————
To get help type UNP on the command line without parameters or use the
‘-?’ switch. The first line of the help screen is a short line
describing how to pass information to UNP. Let’s analyze this step by
step.

usage: UNP command [options] [d:][/path]Infile [[d:][/path]Outfile]

* commands:
e = expand compressed file (default)
This command expands the compressed file. If you do not specify a
command, UNP will use this by default. Using this command without a
wildcard will result in unpacking all files in the current directory.

c = convert to COM file
Some .EXE files can be converted to .COM files. You can do this by
using this command. You should only convert a file when you know
exactly what you are doing (see general info section).

i = info only
If you just want some information about the file, this is the command
to use. UNP will show all information like the E command but will
will not decompress or write the file back.

l = load and save, no decompressing (only for EXE files).
This command loads an .EXE file but does not expand it. It will be
written back just like a decompressed file would be written back. This
is useful in case you want to remove an overlay or remove irrelevant
header data.

s = search for compressed files
When you use this command, only a small list of compressed files
matching the Infile wildcard will be generated. The list created will
be in the form of “filename.ext (compressor)”.

x = convert to EXE file
Some compressors can only compress .EXE files (like LZEXE). With this
command you can convert a .COM file to an .EXE file. The resulting
file will be written back with an .EXE extension by default.

* options:
-? = help (this screen)
For a list of UNP commands or options use this switch. Any other
switch or command used on the same line will be ignored.

-a = automatic retry
Some files have been altered more than once. This switch will make
UNP to process the file again when it was changed. Useful when you
want to uncompress a file which also has been Immunized by CPAV.

-b = make backup .BAK file of original
If you want to keep a backup of your original file (very wise) use this
switch. The original file will be renamed to a file with a .BAK
extension.

-c = ask for confirmation before decompressing
This will force UNP to ask you if you want to decompress the file each
time it has found a new compressed file.

-h = remove irrelevant header data
Most linkers add useless data to the .EXE header. This switch removes
all such useless information, thus shrinking the header size.

-i = do not intercept INT 21h calls
By default UNP watches the DOS interrupt (21h) to check if the program
is running as expected. Any unexpected call to INT 21h will make UNP
abort the process. If you have any weird TSRs resident you might have
to use this switch. I had to use it while debugging with Turbo
Debugger.

-k = pklite signature; – = don’t add, + = add always, ? = ask
With this switch you can handle the pklite signature. There are 3
possibilities :
-k- = the pklite signature will not be added, this will also be the
case if you only use -k (to stay dislite compatible)
-k+ = always add the pklite signature, this is the default of UNP so
you can just as well leave the -k switch away if you want this
-k? = when you use this, UNP will ask you each time it has found a
signature (like UNP V3.01 or earlier did)

-l = allways use loadfix
Starting with V3.12, UNP will not fill the first 64k of base memory.
(this allows larger files to be processed) When UNP detects a file
which does requires such a loadfix, it will reload the program with the
first 64k allocated. If you are planning to unpack several EXEPACKed
files you might want to use this switch to avoid reloading. This
switch can only improve UNP’s processing speed, it does not add
anything new.

-o = overwrite output file if it exists
If you want to have the destination file overwritten, you can avoid
the question for permission by specifying this switch on the command
line.

-p = align header data on a page
It is said that .EXE files with a header size that is a multiple of
512 bytes load faster (this could make sense since a sector is also
512 bytes). This switch will expand the header to the nearest
multiple of 512 bytes.

-r = remove overlay data
If something is appended to an .EXE it is called an overlay. This
switch will let the file size of the outfile be the same as the load
image. So anything that was appended to the file will be thrown away.
An overlay can be used for all kinds of data, so removing this can
result in throwing away something useful.

-u = update file time/date to current time/date
By default UNP sets the time/date of the destination file to the same
time/date as the original source file. If you want to have it updated
to the current time/date use this switch

-v = verbose
When you use this switch UNP will give you some additional information.
I added this switch for debugging purposes.

*[d:][/path]Infile
The wildcard UNP uses for selecting the files it will process can be
found as follows:
if you have specified a command but no Infile the wildcard ‘*.*’ will
be used. If you have specified an Infile ofcourse this will be used
except for wildcards without an extension; those will get ‘.*’ appended
and a flag will be set to select only .COM and .EXE files. If your
Infile ends with a ‘\’, ‘*.*’ will be appended.

*[[d:][/path]Outfile]
The destination file is optional. If you don’t specify one, the source
file will be overwritten. You cannot use wildcards in this. Also, you
should not specify a destination file when you want to decompress more
than one file.

UNP IN ACTION:
————–
When you execute UNP you can get several lines of information. Following
is an explanation of what those lines mean:

processing file : [D:][PATH\]FILENAME.EXT

This shows the name of the file being processed as specified on the
command line.

file size : X

The file size reported by DOS will be shown here.

file structure :

UNP recognizes 4 file structures:
– executable (EXE)
If the file starts with the ‘MZ’ or ‘ZM’ signature and does not
contain the ‘NE’ signature then this structure is assumed. With EXE
files there are two options UNP recognizes:
– convertible
The file can be converted to a COM file structure.
– loads into high memory
The program is loaded as high as possible in the allocated memory
block (this requires some other loading routines).

– Windows or OS/2 1.x new executable
The file starts with the ‘MZ’ or ‘ZM’ signature and contains the
‘NE’ signature.

– data file
The file does not contain the ‘MZ’ or ‘ZM’ signature but is too
large to be a COM file.

– binary (COM)
This is shown in all other cases.

EXE part sizes : header X bytes, code Y bytes, overlay Z bytes

Of course you will only get this line if you are processing an EXE file.
This shows how the file is built up. If you add X Y and Z you should
get the file size reported by DOS.

processed with :

If UNP recognizes some program’s work in the file, it will try to tell
you what program it recognizes and when possible what version of that
program. If UNP does not really know what program has changed your
file but recognizes some programs work then that programs name will be
displayed between brackets (e.g. [EXEPACK]). If you have got such a
file then there are two possibilities, UNP knows about this program but
it is just unsure about the name/version or UNP doesn’t know about it
at all. To find out if UNP knows about it, use the -v switch on this
program. If you got a message about breakpoints (see MESSAGES) then
UNP doesn’t know this routine, I appreciate it if you would send me
that program or tell me where to find it.

action :
UNP not only decompress files it has the ability to do other
things as well. There can only be one action performed at a time.
This is a list of actions UNP reports:

– decompressing… done
This is the decompression action, probably the most used action.

– removing immunize code… done
When a file has been immunized with Central Point Anti-Virus, a
piece of code is added to the file. UNP has the ability to remove
this code.

– removing scrambling… done
UNP recognizes a few scrambling routines. When you see this message
you have got a program which contains one.

– removing ‘XX’ signature
Starting with UNP V3.02, the PKLITE signature added to fake PKLITE
decompression can be removed. This message will be shown if UNP has
found a removable signature and is trying to remove it.

– converting to EXE file structure
The file will be converted to one with an .EXE file structure

– converting to COM file structure
The file will be converted to one with an .COM file structure

new size : X

When the file has been written back UNP reports the new file size to
you in this line.

All other messages are explained in the section below.

MESSAGES:
———
UNP has 6 kinds of messages other than the usual information it can display:

* Questions. Although I tried to make this program as smart as possible,
it still can’t read minds and things like that. So sometimes it will
ask you for something it wants to know.

Add ‘pk’/’PK’ signature to fake PKLITE decompression (y/n)?
This question will only appear if you use -k? on the command line.
Answering ‘Y’ to this question will add 14 bytes of code that fakes
PKLITE decompression. The correct signature will be displayed and used
automatically (‘pk’ for V1.20 and others ‘PK’).

File FILENAME.EXT already exists. Overwrite (y/n)?
The filename that UNP wants to write the resulting file to already
exists. If you haven’t specified the -o switch it will ask if it can
overwrite it. Answering ‘N’ will proceed to the next file.

Program is protected, please enter password:
This question will appear when you are trying to decompress a program
which is compressed with TINYPROG with the password option. You are
asked to type the password used. This is not to verify whether you are
the rightful owner or not, but I just couldn’t find a way around it.

Remove this routine from file (y/n)?
You have specified the -c switch and UNP has found a file it
recognizes as being processed with something. Now it wants to know
if you like to remove the routine it has found.

* INFO messages, these messages are only displayed when you have specified
the -V switch. I’ve added them for debugging purposes.

INFO- Attempting to increase available memory for decompression.
This only shows up if you are trying to decompress PKLITE V1.00á (2).
When this happens, UNP uses some other strategy to calculate the memory
it allocates for decompressing. By default UNP only allocates as less
memory as possible. This strategy allocates 15/16 of the memory block
the program is currently loaded in.

INFO – command line = ” … ”
This message shows how UNP has interpreted the things you typed on the
command line. Great for debugging purposes!

INFO – First 64K of base memory has been fully allocated.
Some compressors use the segment below their own code. Since it is
possible to load the operating system in upper/high memory there might
not be a complete segment available. This message tells you there has
been memory allocated to ensure there is a complete segment below.
Note that this is the same thing that the program LOADFIX.COM supplied
with MS-DOS 5 does.

INFO – Overlay copy overruled, overlay not copied to destination file.
Normally UNP copies any overlay found on the original program to the
destination. This is one of the exceptions. CRUNCHER and SEA-AXE use
the overlay to store the compressed data for the file. Copying the
overlay would result in a program containing twice its code, once in
compressed and once in the decompressed form. This message indicates
that UNP has removed the overlay to avoid this problem.

INFO – Program loaded at XXXXh, largest free memory block: X bytes.
Pretty obvious. The address where UNP is loaded is displayed along
with the largest block it can allocate.

INFO – Unknown program, breakpoints are : GS-XXXX, GI-XXXX, QT-XXXX.
Some routines that I am using are a bit better than the rest because
they try to determine offsets rather than comparing signatures. If
such a smart routine has found breakpoints but can not find any
identification string belonging to these, this message is shown with
the breakpoints it has found.

INFO – Using FILENAME.EXT as temp file.
UNP tells you what it will be using as temporary file. This name is
composed of the TEMP variable and the default temporary name.

INFO – Wildcard matches X filename(s), stored at XXXXh.
This tells you how many filenames UNP has found that match the wildcard
and where it has stored the names found.

* WARNING messages. UNP sometimes takes actions the user should be
notified of. In those cases a warning message is displayed.

WARNING – Adding ‘XX’ signature to fake PKLITE decompression.
The program you are decompressing was compressed by PKLITE V1.14 or
higher with extra compression. By default UNP adds 14 bytes of code
that will let the program think it is still compressed. To remove
this piece of code you can use UNP E on it.

WARNING – File adds ‘XX’ signature (added by UNP V3.01 or earlier).
WARNING – File adds ‘XX’ signature (added by DISLITE V1.15 or higher).
Your file has already been decompressed and has the signature to fake
PKLITE decompression appended. This signature is ignored to continue
the search for more decompression routines.
All signatures added by UNP V3.02 or higher and the DISLITE signatures
which do not use a relocation item will act as a decompression routine,
so UNP E will remove them.

WARNING – File already has .BAK extension, no backup created.
UNP has just unpacked a .BAK file and you have specified the -B switch.
Creating a .BAK file of a file which already has a .BAK extension is
impossible so the source file will be overwritten and there will be no
backup created.

WARNING – File loaded too low in memory to decompress, reloading.
Files compressed with EXEPACK require one segment (64k) below their own
code to successfully decompress. When there is no complete segment
available, UNP displays this message and reloads the file higher in
memory. (also see msg. ‘INFO – First 64K…’ and -L switch)

WARNING – Infile and Outfile are same, Outfile ignored.
You have specified the file twice on the command line, meaning that the
destination file is the same as the source file. Since this is the
default situation the second name is ignored.

WARNING – Invalid or missing stored header information.
Normally the compressor used on the program you are trying to
decompress stores a part of the original header. UNP has compared
this information with the data it thinks it should be and has come to
the conclusion that these mismatch. If this happens the default UNP
header will be used.

WARNING – Missing last byte, unable to completely restore file.
The SHRINK compressor does not correctly compresses files containing
all 256 characters. When this has happened the last byte of the
program is thrown away. It’s not possible to get that byte back so the
decompressed file is mismatching in 1 or more bytes at the end with the
original file.

WARNING – Outfile specified, -B option ignored.
You have specified a destination file and the -B switch. Because I see
no sense in this, the -B option will then be ignored.

* ERROR messages. In some cases the desired action cannot be performed or
has failed. These messages tell you why this is so and what has
happened. UNP will continue with the next file.

ERROR – Cannot handle this decompression routine.
UNP has recognized the way your program has been compressed but is not
(yet) able to decompress it.

ERROR – File already is a .COM file.
You are trying to convert a .COM file to a .COM file.

ERROR – File already is an .EXE file.
You are trying to convert a .EXE file to a .EXE file.

ERROR – File contains overlay.
One thing you can’t have with .COM files is overlays. If you want to
convert anyway first remove the overlay.

ERROR – File has invalid entrypoint (CS:IP <> FFF0h:0100h)
To have a converted .EXE file start at the right place, the programs
initial CS:IP should point to FFF0:0100h. If this is not true you get
this error message.

ERROR – File has relocation items.
You tried to convert an .EXE file with relocation items to a .COM file.
A .COM file cannot handle relocation items.

ERROR – File is too large for .COM file.
The maximum size for a .COM file is much shorter than the one for an
.EXE file. So it can happen that the .EXE file is too large to be
converted to a .COM file.

ERROR – Unexpected call to INT 21h, decompression failed.
When decompressing, UNP passes control to the program. When it does
not get control back it is very likely that an interrupt 21h will take
place sooner or later (INT 21h is the most important interrupt). UNP
checks for unexpected calls to this interrupt to ensure it’s still in
control. To disable this checking use the -i switch.

* DOS ERROR messages, these errors are things UNP tried to do but for some
reason your Operating System didn’t allowed it. UNP will quit and will
have the I/O ERROR exit code. If you find any use for UNP you are
probably an experienced DOS user and know how to solve the problem so I
will only give you the messages.

DOS ERROR – unable to create file

DOS ERROR – unable to open file

DOS ERROR – unable to read from file

DOS ERROR – unable to write to file

* FATAL ERROR messages. When one of those messages appear something is
really wrong and UNP cannot continue its work. It will quit and
probably have an exitcode for the situation occurred.

FATAL ERROR – Decompressing many files into one.
You have specified a destination file, but there is more than one
source file.

FATAL ERROR – Divide overflow (INT 00h) generated by CPU.
This means that an invalid DIV instruction has been executed.
Normally this will cause DOS to terminate the program. UNP hooks this
so it can set the interrupt’s pointers back before the program quits.

FATAL ERROR – No files found matching FILENAME.EXT
UNP could not find any files to decompress.

FATAL ERROR – Not enough memory …
UNP tried to allocated some memory but it got an error back. This
message tells you what it needed the memory for.

FATAL ERROR – Output path/file must not contain ‘*’ or ‘?’.
You have used wildcards in the destination file. This is not allowed.

FATAL ERROR – User abort, ^C/^Break pressed (INT 23h).
Interrupt 23h is called when DOS detects that Ctrl-C or Ctrl-Break is
pressed. UNP hooks this to be able to restore the interrupts it uses.

WHAT UNP CAN HANDLE:
——————–
Of course you would like to know what programs UNP can currently handle.

Well, here is a list of routines that UNP V3.15 is known to remove:

* routines found in .COM files
CENTRAL POINT ANTI-VIRUS V1 ; immunize code
COMPACK V4.4
COMPACK V4.5
DIET V1.00
DIET V1.02b or V1.10a
DIET V1.20
ICE V1.00
PKLITE V1.00á
PKLITE V1.03
PKLITE V1.05
PKLITE V1.12
PKLITE V1.13
PKLITE V1.14
PKLITE V1.15
PROTECT! COM/EXE V1.0 or V1.1
PROTECT! COM/EXE V2.0
PROTECT! COM/EXE V3.0
PROTECT! COM/EXE V3.1
PRO-PACK V2.08, emphasis on packed size
PRO-PACK V2.08, emphasis on packed size, locked
PRO-PACK V2.08, emphasis on unpacking speed
PRO-PACK V2.08, emphasis on unpacking speed, locked
SCRNCH V1.00
SHRINK V1.00

* routines found in .EXE files
CENTRAL POINT ANTI-VIRUS V1 ; immunize code
COMPACK V4.4
COMPACK V4.5
CRUNCHER V1.0 ; +.COM files
DIET V1.01
DIET V1.00d ; small & large, with & without items
DIET V1.02b, V1.10a or V1.20 ; small & large, with & without items
DIET V1.44 ; small, large + .COM files
DIET V1.44, choose great SFX routine ; small, large + .COM files
DIET V1.45f ; small, large + .COM files
DIET V1.45f choose great SFX routine ; small, large + .COM files
DISLITE V1.15 or higher ; small signatures (no items in sig)
EXEPACK V4.00
EXEPACK V4.05 or V4.06
EXEPACK patched with EXPAKFIX V1.0
LINK /EXEPACK V3.60 or V3.64
LINK /EXEPACK V5.31.009
KVETCH V1.02á
LZEXE V0.90
LZEXE V0.91 or V1.00a
PGMPAK V0.14
PKLITE V1.00á 0,1,2
PKLITE V1.03 0,1,2,3
PKLITE V1.05 0,1,2
PKLITE V1.10 3
PKLITE V1.12 0,1,2,3
PKLITE V1.13 0,1,2,3
PKLITE V1.14 0,1,2,3
PKLITE V1.15 0,1,2,3
PKLITE V1.20 1
PKLITE V1.20 1,3
PRO-PACK V2.08, emphasis on packed size
PRO-PACK V2.08, emphasis on packed size, locked
PRO-PACK V2.08, emphasis on unpacking speed
PRO-PACK V2.08, emphasis on unpacking speed, locked
PROTECT! COM/EXE V1.0
PROTECT! COM/EXE V1.1
PROTECT! COM/EXE V2.0
PROTECT! COM/EXE V3.0
PROTECT! COM/EXE V3.1
SEA-AXE
TINYPROG V1.0
TINYPROG V3.3
TINYPROG V3.6
TINYPROG V3.8
TINYPROG V3.9
UNP V3.02 or higher ; fake PKLITE signature

(Sorry, I lost count. Who cares about statistics anyway?)

NOTES ON COMPRESSORS:
———————
LZEXE V1.00a:
Several people have contacted me about this one. This utility is the
same as LZEXE V0.91, except for some minor options. It is offered
to the readers of INFO PC by IS2 France Diffusion (at least that’s what
I think the text says). Unfortunately I don’t know where it’s
available.

PGMPAK V0.14:
When you compress a file with this compressor, an overlay of 12 bytes
will be added. To be exactly, the name and version number is added.
In this case: “PGMPAK V0.14”. This overlay is not automatically removed
when you decompress it. To remove it, use the -R switch.

PKLITE:
PKLITE V1.00á seems to have a bug in it. While testing it, I found
that with some files an overlay of 512 bytes was added. Needless to
say that when this happened the compressed file did not run correctly.
Since UNP writes the file back as it would be run in memory the file
decompressed with UNP wouldn’t run either. However extracting with
PKLITE -X resulted in the original file! Since this version of pklite
is hardly used and even more unlikely is that someone wants to
decompress such a file I didn’t bother to write a new routine that
fixes that bug.

PKLITE V1.14 and up (according to the documentation) add the ‘PK’
signature with extra compressed files to let the program check if it is
still compressed with PKLITE. To avoid that the program detects it has
been decompressed UNP adds by default 14 bytes of code that places the
signature in the PSP like PKLITE does.

SCRUNCH:
In most cases, UNPs decompression routines are created when using
test files. Unfortunately I don’t have a copy of scrunch so this is
a bit difficult to ensure it works. Of course there are other
decompression routines built the same way but the file I received
compressed with this compressor looked like it was converted to a
.COM file before it was compressed (it contained relocation items),
but this conversion could just as well be a part of the scrunch
compression. If I receive more files compressed with this one I will
improve and adjust the routine when needed.

SHRINK V1.00:
This compressor is a bad implementation of Run Length compression. It
contains two bugs one of which is in the decompression routine. The
bugs are triggered when the file to be compressed contains all 256
bytes. I have written my own decompression routine for this compressor
that is able to avoid one bug. The other bug is that the last byte of
the compressed file is thrown away making it impossible to fully
rebuild the file. If this is the case, UNP will display a warning. It
is always better to decompress it, even if the last byte is missing.

ERRORLEVEL VALUES:
——————
0 no error occurred
1 help text is displayed
2 no files found to process
3 decompressing many files into 1 / Outfile contains wildcards
4 some I/O error occurred
5 could not allocate enough memory
6 CPU generated divide overflow
7 user pressed ^C or ^Break

WHERE TO FIND UNP:
——————
Latest version of unp will be uploaded to Garbo (garbo.uwasa.fi) as long
as I have access to Internet. Also this BBS below will have the latest
version.

MegaVolt BBS (support site of unp)
tel. +31-30-211143
speeds up to 14k4

HOW TO REGISTER:
—————-
I have decided to release UNP as freewhere (cardware). You are allowed to
test this program freely for a period of two weeks. If you decide to
continue using UNP you are expected to let me (the author) know where you
are using my program. To do this, send a postcard with some picture of
your city or something in the neighbourhood to the adress found at the end
of the document. I would appreciate if you would mention your full name
and version you are using. Ofcourse if you have got any suggestions you
can put them on it as well!

Please don’t feel offended by all of this, I just want to how much people
find any use for UNP. And hey, it beats sending money!

CONTACTING ME:
————–

My address: E-Mail (atleast valid till June-95):
Ben Castricum benc@solist.htsa.aha.nl
Van Loenenlaan 10
1945 TX Beverwijk
The Netherlands

*** end of UNP V3.31 documentation ***

Rumors of Worms and Trojan Horses by Mike Guffey

RUMORS OF WORMS AND TROJAN HORSES
Danger Lurking in the Public Domain
introduced and edited by Mike Guffey

-INTRODUCTION
There are literally thousands of free (or nearly free) programs
available in computerdom’s Public Domain. Those who use them save
hundreds of dollars and thousands of hours. But many sneer at the
idea of anything worthwhile being “free”. Thus personal computing
becomes divided into two camps: those who believe there are two
camps and the rest who use Public Domain software (but sport
no sense of moral superiority). For several years now rumors
have circulated about dangerous programs which, when run,
infest the innards of personal computers like parasites.
And unlike most software, these insideous programs don’t go
away when the power is shut off. The story is they invade
ROMs and “eat” memory away each time hardware is powered up.
The legends have a basis in fact. For such horrors =do= exist
in the world of mainframes. Probably first created by a bored
or disgruntled programmer, such programs have been unleashed
inside some of this country’s largest computers. Generally,
they are not outwardly visible, but begin the attack like a
low grade fever. And these horrible little strings of code do
damage a little at a time, slowly building in intensity. At
first, things start going slightly awry. Ultimately, the
system crashes or must be shut down. One recent magazine
article called these creations “computer viruses”. Just =how=
damaging such programs can be (or have been) has not been
fully publicized. But the facts lie on a razor’s edge
between science fiction and tomorrow’s headlines. They are
believed to pose a serious potential threat to national
security. Some say the first of such monsters appeared on
computer bulletin boards (BBS’s) named “WORM.COM”. [Remember
that it is only recently that any online descriptions began to
be posted next to program names. Some BBS’s, notably CP/M
based systems, still do not offer any explanation beyond the
program name or notes in the associated message base part of the
system.] And almost every computer user group has at least
one experienced member who can tell the horrible tales of
what these programs do. Actual witnesses to the destruction or
victims of the atrocities seem to be =very= rare. Related to
the twisted thinking behind such criminal mischief is the
so-called “TWIT” phenomenon. Twits are computer vandals who
glory in breaking into and “crashing” or seriously damaging
remote computer systems. The targets range from neighborhood
BBS’s to any large computers which can be accessed via phone
lines. And while such mental midgets have been glorified in the
media and mis-labeled as “hackers”, their very existence causes
hysteria in and amongst the non-computing public at large.
Computer security for large and small remote computer systems is
getting better at screening out or scaring off “twits”. But they
still exist. There are indications that some have graduated from
incessant attempts to break into BBS’s. Instead they bring forth
Trojan horses: damaging programs disguised as utilities and
mis-labled or misdocumented as new treasures of the Public
Domain.
==]#[=== The following data was recently retreived from a
California BBS: WARNING! DANGEROUS PROGRAMS 1) Warning: Someone
is [or may be] trying to destroy your data. Beware of a SUDDEN
upsurge of [spurious] programs on Bulletin Boards and in the Public
Domain. These programs purport to be useful utilities, but, in
reality, are designed to sack your system. One has shown up as EGABTR,
a program that claims to show you how to maximize the features of
IBM’S Enhanced Graphics Adapter. It has also been spotted
renamed as a new super-directory program. It actually erases
the (F)ile (A)llocation (T)ables on your hard disk, [thereby
rendering all data useless and inaccessible]. For good measure,
it asks you to put a disk in Drive A:, then another in Drive B:.
After it has erased those FATs too, it displays,
” Got You! Arf! Arf! ” Don’t [casually] run any
public-domain program that is not a known quantity. Have
someone you know and trust vouch for it. ALWAYS examine it
FIRST with DEBUG [or DDT or a similar utility]. Look at
all the ASCII strings and data. If there is anything even
slightly suspicious about it, [either] do a cursory disassembly
[or discard it]. [For MSDOS programs] be wary of disk calls
(INTERRUPT 13H), especially if the program has no business
writing to the disk. Run your system in Floppy only mode
with write protect tabs on the disk or junk disks in the
drives. Speaking of Greeks bearing gifts, Aristotle said
that the unexamined life is not worth living. The unexamined
program [may not be] worth running. – from The Editors of PC
July 23, 1985 Volume 4, Number 15 2) Making the rounds of the
REMOTE BULLETIN BOARDS [is] a program called VDIR.COM. It is a
little hard to tell what the program is suppose to do. What it
actually does is TRASH your system. It writes garbage onto
ANY disk it can find, including hard disks, and flashes up
various messages telling you what it is doing. It’s a TIME BOMB:
once run, you can’t be sure what will happen next because it
doesn’t always do anything immediately. At a later time, though,
it can CRASH your system. Anyway, you’d do well to avoid
VDIR.COM. I expect there are a couple of harmless, perhaps even
useful, Public Domain programs floating about with the name VDIR;
and, of course, anyone warped enough to launch this kind of trap
once, can do it again. Be careful about untested “free”
software. [paraphrased from Computing at Chaos Manor From the
living Room By Jerry Pournelle BYTE Magazine, The small systems
Journal] Two other examples of this type of program: 1.
STAR.EXE presents a screen of stars then copies RBBS-PC.DEF
and renames it. The caller then calls back later and d/l the
innocently named file, and he then has the SYSOP’S and all the
Users passwords. 2. SECRET.BAS This file was left on an RBBS
with a message saying that the caller got the file from a
mainframe, and could not get the file to run on his PC, and asked
someone to try it out. When it was executed, it formatted all
disks on the system. We must remember, that there are a few
idiots out there who get great pleasure from destroying
other peoples’ equipment. Perverted I know, but we, the
serious computer users, must take an active part in fighting
against this type of stuff, to protect what we have. Be sure to
spread this [message] to other BBS’s across the country so that
as many people as possible will be aware of what is going on.
[from The Flint Board Flint, Mich (313) 736-8031]
===]#[=== -EPILOGUE Got your attention? There is
no need to hatchet your modem and erase your communications
software. While such programs can do tremendous damage, they
are, fortunately, very rare. The following is an
expansion of the countermeasures suggested above. A)
More?
Never, NEVER, N>E>V>E>R>! download and run Public Domain
software (the first time) on a hard disk. While many programs
are well known, it is a logical presumption that Trojan
horse-type programs may have been uploaded with the name of a
well-known utility. Or as a new version of one of your old
favorites. Download them to a blank floppy or to a disk you have
a current backup copy of. B) Get in the habit of examining
unknown software with HEX/ASCII utilities that will reveal
copyright data, documentation, program error and prompt messages.
A good choice in MSDOS is called PATCH.COM and in CP/M there
is DUMPX.COM. Even if a program is written in protected BASIC,
you may still be able to find some useful data this way.
[This is also a way to find documentation for good programs
without .DOC files or descriptions.] C) Be wary of text files
suggesting patches with DEBUG or DDT that you do not
understand. ALWAYS make such modifications to a backup copy of
your .COM, .EXE, .OVR files. There are no known examples of
Trojan horses appearing this way, but… D) Make those BBS’s
which screen programs before making them available your
first (but not your only) choice for acquiring new PD software.
If you cannot figure out what a program does, =don’t= upload
it to some other BBS. E) Be wary but not paranoid. Be careful
but not overcautious. Do not fan the fires of hysteria by
More?
passing along rumors of worms and Trojan horses. Speak of what
you =know=. There are alot of good programs out there in the

Hacking the TI-85 Calculator, by David Boozer (September 1, 1994)

Path: linear!mv!news.sprintlink.net!howland.reston.ans.net!spool.mu.edu!uwm.edu!caen!linux.reshall.uich.edu!not-for-mail
From: john@linux.reshall.umich.edu (John Gotts)
Newsgroups: alt.2600
Subject: My TI-85 Calculator Hack (LONG)
Message-ID: <3a9o91$eav@srvr1.engin.umich.edu>
Date: 15 Nov 1994 07:33:53 GMT
Organization: Linux in the Baits Residence Hall at the University of Michigan
Lines: 695
NNTP-Posting-Host: linux.reshall.umich.edu
X-Newsreader: TIN [UNIX 1.3 941109BETA PL0]

I thought you guys would be interested in this.

[ Article reposted from alt.hackers ]
[ Author was David Boozer ]
[ Posted on Sat, 12 Nov 1994 18:45:15 GMT ]

Several people have been asking for the document I was referring to in my
previous message, so I decided to post the whole thing to alt.hackers.

– David Boozer (adb2y@virginia.edu)

ObHack:

The following document:

+============================================================================
|
| Hacking the TI-85 Calculator
| by
| David Boozer (adb2y@virginia.edu)
|
| September 1, 1994
|
+============================================================================

This document explains how to do various spiffy things with your TI-85, such
as dumping the TI-85’s ROM and programming the TI-85 in machine language. I
have included several programs I wrote which are useful for TI hacking, and
an .85B file containing the first (to my knowledge) machine language program
ever written for the TI-85 (well, except for the ROM, of course :)). The
information provided here has been obtained by diddling around with .85B
produced using the LINK85 package – the basic method is to:

(1) Make a backup of the calculator

(2) Study the backup

(3) Patch the backup

(4) Send it back to the calculator

Much of the information I have learned about the TI-85 has not made it into
this document, but I have tried to include the essentials. I am working on a
more comprehensive version which should be ready in a few weeks. Classes
have just started, and I figured I should write something up while I still
have lots of free time on my hands :). Well, have fun tinkering around and
send questions/comments to adb2y@virginia.edu.

* All numbers are in hexadecimal, unless otherwise stated

** The procedures outlined here could cause your TI to crash. If this
happens, remove one of the batteries, hold down the ON key for a few
seconds, and replace the battery. Also, remember to turn up the contrast
by doing 2nd up-arrow a few times after you turn the calculator on. If
you are at all squeamish about crashing your TI, then don’t try these
procedures (but you still might like to read about them).

+—————————————————————————-
| The Structure of a .85B File
+—————————————————————————-

An .85B file has the following format:

File Offset Contents

0000 – 0034 Header
0035 – 0036 Size word (Number of data bytes)
0037 – XXXX-2 Data bytes (obtained from TI-85)
XXXX-1 – XXXX Checksum word

The header contains the string “**TI85**”, and the file comment that you see
when using LINK85. The size word at offset 0035 is the number of bytes that
contain data obtained from the TI-85, and is equal to:

(Size of .85B file in bytes)
– (35 bytes for the header)
– (2 bytes for the size word)
– (2 bytes for the checksum)
——————————
(# of data bytes)

Thus:

(# of data bytes) = (Size of .85B file in bytes) – 39

The checksum word is calculated by adding together all the data bytes (but NOT
bytes from the header, size word, or checksum word) MOD 10000. I wrote a
little assembly program called FIX.COM to automagically adjust the checksum
word of a .85B file to the correct value:

begin 644 fix.com
MOX“[email protected]*R#+M@_D`=’E)1XH%/”!T\T&+][^2`?.DN`(]NI(!S2&+V’)4M#^Y
M`(“Z,0+-(:.0`7)%OV8″BPTSP#/2B_F!QV@”3XH5`\+B^8L^D`&!QR\”B06X
M`$(SR3/2S2%R&K1`BPZ0`;HQ`LTA<@VT";H4`LTAM#[-(OQ
MNO0!M`G-(Foo
5->Bletch

Notice how these variables appear in the RAM image – each variable has an
entry in a symbol table. This is what the entry for the “Foo” variable means:

+— The number of characters in the variable name (3)
|
| +–+— The address of the variable in memory (8C14)
| | |
6F 6F 46 03-8C 14 00
| | | |
| | | +— The type of the variable (00 => REAL)
| | |
+–+–+— The name of the variable, backwards (Foo)

Note that the address of the variable in memory is stored high order byte
first!

Thus, the symbol table from the above hex dump gives us the following
information:

Variable Name Address of Variable Type of Variable

xStat 8BF7 04 => LIST
yStat 8BF9 04 => LIST
Ans 8BFB 00 => REAL
Foo 8C14 00 => REAL
Bletch 8C1E 00 => REAL

Variables “xStat”, “yStat”, and “Ans” were created automatically by the
calculator.

The bytes for different types of variables are given below:

Type Byte Variable Type

00 REAL
01 CMPLX
02 VECTR
03 VECTR
04 LIST
05 LIST
06 MATRX
07 MATRX
08 CONS
09 CONS
0A EQU
0B
0C STRNG
0D GDB
0E GDB
0F GDB
10 GDB
11 PIC
12 PRGM

Now, remember that a byte at offset XXXX in the .85B file corresponds to
a byte at address 8C00 + (XXXX – 0900) in the TI-85’s RAM. Thus, since
the variable “Foo” is located at address 8C14 in RAM, it must be located
at offset

(8C14 – 8C00) + 0900 = 0914

in our .85B file. If we look at the ten bytes at 0914 in the above hex dump,
we see the following:

00 02 FC 12 30 00 00 00 00 00

What it means is this:

+— (one byte)
|
| +–+–+–+–+–+–+— (in BCD, 7 bytes)
| | | | | | | |
00 02 FC 12 30 00 00 00 00 00
| |
+–+— (in hex, 2 bytes)

Thus, for the variable “Foo”:

= FC
= 2
= 1.23

The value of the variable is given by:

Value = E[ + (100)( – FC)]

So for “Foo”:

Value = (1.23)E[2 – (100)(FC – FC)]
= (1.23)E(2)
= 123

Note that numbers which are less than one may be represented by using a
which is less than FC.

We have seen how data in the .85B file corresponds to data in the TI-85. The
key points are:

– We can edit the .85B file

– Data in the .85B file is put into RAM when the .85B file is loaded

– Hence, by editing the .85B file, we can diddle around with bytes in
the TI-85’s RAM

– In particular, we can edit the memory address of a variable – make it
point to something OTHER than the data it was given when it was
created. This brings us to…

+—————————————————————————-
| Dumping the TI-85’s ROM
+—————————————————————————-

The method I developed to dump the TI’s ROM is the following:

(1) Clear the calculator, then use STPIC to make a PIC file – lets call it
“PIC1”

(2) Back up the calculator – we then get a file “BACKUP.85B”

(3) Edit “BACKUP.85B” – change the memory address of “PIC1” to point to a
ROM location

(4) Fix up the checksum of “BACKUP.85B”

(5) Transfer the hacked version of “BACKUP.85B” to the TI-85

(6) Use RCPIC to load “PIC1” into the graphics screen – the stuff you see
on the screen is ROM data

(7) Use STPIC to store this ROM data in a new PIC file – lets call it “Dump”

(8) Transfer “Dump” from the TI-85 to your computer

(9) Strip of header & other junk from “Dump”

You now have a 3F0 byte core dump of the TI-85’s ROM. I wrote an assembly
program called DUMP.COM to automate most of this:

begin 644 dump.com
MM`FZ”0+-(3/;OX“[email protected][8/Y`’0Z24>*!3P@=/-!,N2#^0!T*DD\87P&/’I_
[email protected]@+#`\”GP”+`<*P'P3/`]_#]'CT>/1X]’C`]A’[email protected]>Z@&+P^B’`+0)
MNDT”S2&_%A”AZ@%(2(;@B06_/P.+#3/`,]*+^8”00-/BA4#PN+YOSD-@<<( M`XD%M#PSR;KL`+L0@“!“(““`P(“`P$@““`%““““““““(#\@/V.$;81W
MA(&$BX25A!4“(`!_!“““““`/P““““`@@“`/P“““““`#\
M8H,84P<8``#_^Q,(F6DXF5<``/P```````````#\````````````_&*#&%,' M&```__L3")EI.)E7@`'\$``````````!_!```````````/P0````````@`'\ M$``````````!_!```````````/P0`````````/W[$`````````#[^Q`````` M`````/Q```````````#\0`````````#_^Q6',!6',!8`__LR)8!D46$I``#\ M8P``````````_#$```````!1``#``?P0````````0`'\$````````$``_!`` M``````#``?P0````````0`'\$````````$``_!````````"``?P0```````` M``'\[email protected]!Q@``/_[$PB9:3B95X`! M_!```````````?P0``````````#\$````````(`!_!```````````?P0```` M``````#\[email protected]!Q@``/_[$PB9:3B9 M5X`!_!```````````?P0``````````#\$````````(`!_!```````````?P0 M``````````#\$````````'$```#]^Q```````````/P```````````#\```` M````````_&*#&%,'&```__L3")EI.)E7@`'\$``````````!_!`````````` M`/P0````````@`'\$``````````!_!```````````/P0`````````!``]_\` M`$SZ"8SW_P`````````````````````````````````````````````````` M```````````````````````````````````````````````````````````` M```````````````````````````````````````````````````````````` M```````````````````````````````````````````````````````````` M```````````````````````````````````````````````````````````` M```````````````````````````````````````````````````````````` M```````````````````````````````````````````````````````````` M```````````````````````````````````````````````````````````` M```````````````````````````````````````````````````````````` M```````````````````````````````````````````````````````````` M```````````````````````````````````````````````````````````` M```````````````````````````````````````````````````````````` M```````````````````````````````````````````````````````````` M```````````````````````````````````````````````````````````` M```````````````````````````````````````````````````````````` M```````````````````````````````````````````````````````````` M```````````````````````````````````````````````````````````` M```````````````````````````````````````````````````````````` M```````````````````````````````````````````````````````````` M```````````````````````````````````````````````````````````` M```````````````````````````````````````````````````````````` M```````````````````````````````````````````````````````````` M```````````````````````````````````````````````````````````` M```````````````````````````````````````````````````````````` M```````````````````````````````````````````````````$_!(T4``` M````!/QGB0````````````````````````````4"`````"`@("`@("`@("`@ M("`@("`@("`@("`@("`@("`@("`@("`@("`@("`@("`@("`@("`@("`@("`@ M("`@("`@("`@("`@("`@("`@("`@("`@("`@("`@("`@("`@("`@("`@("`@ M("`@("`@("`@("`@("`@("`@("`@("`@("`@("`@("`@("`@("`@("`@("`@ M("`@("`@("`@("`@("`@("`@("`@(`````````F,"8Q"]D+V`````/?_``#F M9PX+H6@`!P```````````/\````````````````````````````````````` M```````````````````````````````````````````````````````````` M`````````````````````/?_```%D``````````````````````````````` M"0\`````````````````````````````````````````.VH`]__W_T?Z]_\% MD`60!9`_^C_Z`````#_Z``````````````X$````````_``````````````` M``#\`````````/`#```````````````````````````````````````````` M```````````````````````````````````````````````````````````` M```````````````````````````````````````````````````````````` M```````````````````````````````````````````````````````````` M```````````````````````````````````````````````````````````` M```````````````````````````````````````````````````````````` M```````````````````````````````````````````````````````````` M```````````````````````````````````````````````````````````` M```````````````````````````````````````````````````````````` M```````````````````````````````````````````````````````````` M```````````````````````````````````````````````````````````` M```````````````````````````````````````````````````````````` M```````````````````````````````````````````````````````````` M```````````````````````````````````````````````````````````` M```````````````````````````````````````````````````````````` M```````````````````````````````````````````````````````````` M```````````````````````````````````````````````````````````` M```````````````````````````````````````````````````````````` M```````````````````````````````````````````````````````````` M```````````````````````````````````````````````````````````` M```````````````````````````````````````````````````````````` M```````````````````````````````````````````````````````````` M````````````````````````````````````````,``Q0TE0!)Q9$7D!C`D` E(0&,!Q(C`8P%$G-N00.+^P!T8713>06+^01T8713>`6+]P3FNP“
`
end

To use the program, type:

DUMP [address, in hex]

This will create a file called “BACKUP.85B” with all the necessary
modifications already made (ie. in effect, it performs steps 1 to 4). Just
send this to your TI as outlined in steps 5 to 9 in the above list, and you
will end up with a file called DUMP.85I. Bytes 0000 to 0044 of DUMP.85I are
the header & can be ignored; bytes from 0045 onward contain the ROM data.
Here is a dump I made of memory address 33D9:

33D0 E3 F5 D5 5E 23 56 23 …^#V#
33E0 7E D3 05 EB D1 F1 E3 C9-CD AC 33 38 7D 06 CD AC ~………38}…
33F0 33 7B 7D 06 CD AC 33 81-43 07 CD AC 33 12 49 07 3{}…3.C…3.I.
3400 CD AC 33 65 67 06 CD AC-33 12 69 06 CD AC 33 5C ..3eg…3.i…3\
3410 69 06 CD AC 33 26 6D 06-CD AC 33 D6 41 07 CD AC i…3&m…3.A…
3420 33 8B 68 07 CD AC 33 6F-7D 06 CD AC 33 16 52 07 3.h…3o}…3.R.
3430 CD AC 33 54 54 07 CD AC-33 59 77 06 CD AC 33 1F ..3TT…3Yw…3.
3440 4B 07 CD AC 33 D6 5D 06-CD AC 33 09 55 06 CD AC K…3.]…3.U…
3450 33 F9 56 06 CD AC 33 D3-57 3.V…3.W

I ran this through a Z80 disassembler to get the following code:

33D9: E3 EX (SP),HL
33DA: F5 PUSH AF
33DB: D5 PUSH DE
33DC: 5E LD E,(HL)
33DD: 23 INC HL
33DE: 56 LD D,(HL)
33DF: 23 INC HL
33E0: 7E LD A,(HL)
33E1: D3 05 OUT (PORT05H),A
33E3: EB EX DE,HL
33E4: D1 POP DE
33E5: F1 POP AF
33E6: E3 EX (SP),HL
33E7: C9 RET
33E8: CD AC 33 CALL L33AC
33EB: 38 7D JR C,L346A
33ED: 06 CD LD B,205
33EF: AC XOR H
33F0: 33 INC SP
33F1: 7B LD A,E
33F2: 7D LD A,L
33F3: 06 CD LD B,205
33F5: AC XOR H
33F6: 33 INC SP
33F7: 81 ADD A,C
33F8: 43 LD B,E
etc.

+—————————————————————————-
| A Few Technical Tidbits about the TI-85
+—————————————————————————-

In the next section I will discuss how to write your own machine language
programs, but before I do, we will need a few facts about the TI-85. First
of all, we need some information about the video display:

Mode Address Dimensions Size (in bytes)

Text 80DD 8 x 21 8*21 = 168 bytes
Graphics 8641 63 x 128 (63*128)/8 = 1008 bytes

Next, we need to understand the CUSTOM menu. At offset 08B1 in a .85B file,
you will see a sequence of 1C bytes, as shown:

08B0 9C 59 00 00 A1 59 00-00 00 00 00 00 00 00 00
08C0 00 00 00 00 00 00 00 00-00 00 00 00 00

Each pair of bytes (word) corresponds to menu item in the CUSTOM menu. In the
above example, we have

Item # Name Word

Item #1 “abs” 599C
Item #2 0000
Item #3 “and” 59A1
Items #4 0000
: :
: :
Item #15 0000

The word associated with a menu item is a memory address – it points to a
data structure, such as:

41 00 07 C3 40 3F 45 44 49 54 00

There are actually several possible data structures, but this is the most
useful.

This data structure means the following:

+–+–+–+——- ??? (I have some ideas, but no time to explain…)
| | | |
| | | | +–+–+–+— Name of menu item (EDIT)
| | | | | | | |
41 00 07 C3 40 3F 45 44 49 54 00
| | |
| | +– Zero termination byte
| |
+–+— Memory address (3F40)

When you select a menu item, the code at “Memory address” is executed – in
this case, the code ad 3F40 is executed. Using my DUMP program, I was able
to dump this memory location to find:

3F40 C3 D9 33

Or, in Z80-speak:

C3 D9 33 CALL 33D9

With this information, we can move on to…

+—————————————————————————-
| Writing Machine Language Programs
+—————————————————————————-

The basic idea is this:

(1) Edit the BACKUP.85B file so that the item #1 of the custom menu
points to 8641 (the first byte of the graphics display)

(2) By editing PIC files (or drawing the bits in manually :)), we can
diddle around with bytes in the video memory.

(3) Put the following bytes in the video memory:

41 00 07 C3 50 86 45 00

Note that the memory address 8650 is also in the video memory.

(4) Put your machine language program at address 8650.

Now, when you select item #1 of the custom menu, your program will be
executed! Just as a demonstration, I created the following .85I file, to
be loaded into video memory:

0000 2A 2A 54 49 38 35 2A 2A-1A 0C 00 50 69 63 74 75 **TI85**…Pictu
0010 72 65 20 66 69 6C 65 20-64 61 74 65 64 20 30 39 re file dated 09
0020 2F 30 31 2F 39 34 2C 20-32 31 3A 30 38 00 00 55 /01/94, 21:08..U
0030 27 F5 5D AE 92 FE 03 08-00 F2 03 11 04 44 75 6D ‘.]……….Dum
0040 70 F2 03 F0 03 41 00 07-C3 50 86 45 00 00 00 00 p….A…P.E….
0050 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 …………….
0060 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 …………….
0070 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 …………….
0080 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 …………….
0090 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 …………….
00A0 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 …………….
00B0 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 …………….
00C0 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 …………….
00D0 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 …………….
00E0 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 …………….
00F0 C3 40 3F 00 00 00 00 00-00 00 00 00 00 00 00 00 .F?………….

The first 44 bytes are just header info – ignore them. The stuff at offset
0045 is our menu data structure:

41 00 07-C3 50 86 45 00
| |
+–+— Points to 8650

The three bytes at 00F0 represent a JP (jump) instruction on the Z80:

C3 46 3F JP 3F40

Address 3F40 is the code for the “Edit Matrix” menu item. What about all
the zeros between 004C and 00F0? Well, 00 is a NOP on the Z80, so they do
nothing.

The sequence of events is as follows:

(1) The user selects item #1 from the CUSTOM menu

(2) The TI looks at memory location 8641, which is the first byte of
video memory (remember, we changed the CUSTOM menu so that item #1
would point here)

(3) The TI finds the bytes:

41 00 07 C3 50 86 45 00

which we cleverly placed in the graphics display (and hence at memory
address 8641)

(4) Thus, the calculator executes the instruction at 8650

(5) At 8650, it encounters a string of NOPs (zeros), leading up to

C3 46 3F JP 3F40

The TI takes the jump, which leads to the matrix editor

Here is a backup of the TI-85 all set up to demonstrate the above program:

begin 644 backup.85b
[email protected]*BH:#`!”[email protected]!D871E9″`P.2\P,2\Y-“P@,3DZ,3D`
M+@!5)_5=KI(*$0D`L0@[email protected]`/>+L0@@`!“(“!`0P(“`R$@““`%`0“
M““““““(#\@/V.$;81WA(&$BX25A!4“,`!_!“““““`/P““`
M““@@“`/P“““““`#\8H,84P<8``#_^Q,(F6DXF5<``/P````````` M``#\````````````_&*#&%,'&```__L3")EI.)E7@`'\$``````````!_!`` M`````````/P0````````@`'\$``````````!_!```````````/P0```````` M`/W[$`````````#[^Q```````````/Q```````````#\0`````````#_^Q6' M,!6',!8`__LR)8!D46$I``#\8P``````````_#$```````!1``#``?P0```` M````0`'\$````````$``_!````````#``?P0````````0`'\$````````$`` M_!````````"``?P0``````````'\$````````%L`````_````````````/QB [email protected]!Q@``/_[$PB9:3B95X`!_!```````````?P0``````````#\$``````` M`(`!_!```````````?P0``````````#\$````````%L`````_``````````` [email protected]!Q@``/_[$PB9:3B95X`!_!```````````?P0``````````#\$``` M`````(`!_!```````````?P0``````````#\$````````'$```#]^Q`````` M`````/P```````````#\````````````_&*#&%,'&```__L3")EI.)E7@`'\ M$``````````!_!```````````/P0````````@`'\$``````````!_!`````` M`````/P0`````````!``]_\``$SZ&8SW_P`````````````````````````` M```````````````````````````````````````````````````````````` M````````````````````````````00`'PU"&10`````````````````````` M```````````````````````````````````````````````````````````` M```````````````````````````````````````````````````````````` M```````````````````````````````````````````````````````````` M````````````````PT`_```````````````````````````````````````` M```````````````````````````````````````````````````````````` M```````````````````````````````````````````````````````````` M```````````````````````````````````````````````````````````` M```````````````````````````````````````````````````````````` M```````````````````````````````````````````````````````````` M```````````````````````````````````````````````````````````` M```````````````````````````````````````````````````````````` M```````````````````````````````````````````````````````````` M```````````````````````````````````````````````````````````` M```````````````````````````````````````````````````````````` M```````````````````````````````````````````````````````````` M```````````````````````````````````````````````````````````` M```````````````````````````````````````````````````````````` M```````````````````````````````````````````````````````````` M```````````````````````````````````````````````````````````` M```````````````````````````````````````````````````````````` M```````````````````````````````````````````````````````````` M```````````````````````````````````````````````````````````` M```````````````$_!(T4```````!/QGB0``````$@`C,Y4```````>,&(P6
MC`$“““”`@(“`@(“`@(“`@(“`@(“`@(“`@(“`@(“`@(“`@(“`@(“`@(“`@
M(“`@(“`@(“`@(“`@(“`@(“`@(“`@(“`@(“`@(“`@(“`@(“`@(“`@(“`@(“`@
M(“`@(“`@(“`@(“`@(“`@(“`@(“`@(“`@(“`@(“`@(“`@(“`@(“`@(“`@(“`@
M(“`@(“`@(“`@(“`@(“`@(“`@(“`@(“`@(“`@(“`@(“`@(“`@(“`@(“““`
M`!F,&8Q(\DCR““`/?_“#F9PX+H6@`!P#[____““`/\““““““`
M““““““““““““““““““““““““““““““
M““““““““““““““““““““““`/?_“`’E“““`
M““““““““““““”0]!A@“““““““““““““““
M““““,68`]__W_UWZ]_\’E`>4!Y0W^C?Z““`#?Z““““““`!`(
M“““`#_#.#“““`0`$0-,#`$`&!$,@[email protected]#,U!“““`_““““`#P
M`P“““““““““““““““““““““““““““““
M““““““““““““““““““““““““““““““
M““““““““““““““““““““““““““““““
M““““““““““““““““““““““““““““““
M““““““““““““““““““““““““““““““
M““““““““““““““““““““““““““““““
M““““““““““““““““““““““““““““““
M““““““““““““““““““““““““““““““
M““““““““““““““““““““““““““““““
M““““““““““““““““““““““““““““““
M““““““““““““““““““““““““““““““
M““““““““““““““““““““““““““““““
M““““““““““““““““““““““““““““““
M““““““““““““““““““““““““““““““
M““““““““““““““““““““““““““““““
M““““““““““““““““““““““““““““““
M““““““““““““““““““““““““““““““
M““““““““““““““““““““““““““““““
M““““““““““““““““““““““““““““““
M““““““““““““““““““““““““““““““
M““““““““““““““““““““““““““““““
M““““““““““““““““““““““““““““““
M““““““““““““`/`#00`’PU”&10“““““““““““
M““““““““““““““““““““““““““““““
M““““““““““““““““““““““““““““““
M““““““““““““““““““““““““““““““
M““““““““PT`_““““““““““““““““““““
M““““““““““““““““““““““““““““““
M““““““““““““““““““““““““““““““
M““““““““““““““““““““““““““““““
M““““““““““““““““““““““““““““““
M““““““““““““““““““““““““““““““
M““““““““““““““““““““““““““““““
M““““““““““““““““““““““““““““““
M““““““““““““““““““““““““““““““
M““““““““““““““““““““““““““““““
M““““““““““““““““““““““““““““““
M““““““““““““““““““““““““““““““
M““““““““““““““““““““““““““““““
M““““““““““““““““““““““““““““““
M““““““““““““““““““““““““““““““
M““““““““““““““““““““““““““““““
M““““““““““““““““““““““““““““““
M““““““““““““““““““““““““““““““
M““““““““““““““““““““““““““.`!P;75$
M!)`5$3%#25`$:CD1>0&,&0`A`8P7$B,!C`42++ L++ 3- E— N+++ K- !W M–
V– -po+(—) Y+ t+ 5 j+ R- G? tv b+ D B- e+ u— h f+ r n- y?

X-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-X
Another file downloaded from: NIRVANAnet(tm)

&TOTSE 510/935-5845 Walnut Creek, CA Taipan Enigma
Burn This Flag 408/363-9766 San Jose, CA Zardoz
realitycheck 415/648-9489 San Francisco, CA Poindexter Fortran
Phallicide 408/899-0235 Monterey, CA Reclinerhead
Governed Anarchy 510/226-6656 Fremont, CA Eightball
New Dork Sublime 805/823-1346 Tehachapi, CA Biffnix
The Ether Room 510/228-1146 Martinez, CA Tiny Little Super Guy
Lies Unlimited 801/278-2699 Salt Lake City, UT Mick Freen
The Shrine 206/793-3465 Monroe, WA Rif Raf
Atomic Books 410/669-4179 Baltimore, MD Baywolf
Sea of Noise 203/886-1441 Norwich, CT Mr. Noise
The Floating Pancreas 305/424-0266 Ft. Lauderdale, FL Majestic Cockster
The Dojo 713/436-1795 Pearland, TX Yojimbo
Frayed Ends of Sanity 503/965-6747 Cloverdale, OR Flatline

“Raw Data for Raw Nerves”
X-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-X

The Hacker’s Choice NFO: RA-BBS Hack Tools Hardware Support (May 18, 1996)

▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
█ █
▀▀▀▀▀▀▀█ █▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
█ █ ▄▄▄▄▄ ▄▄▄▄▄ ▄▄▄▄▄▄▄▄▄▄▄▄▄
█ █ █ █ █ █ █ █
█ █ █ █▄▄▄█ █ █ █▀▀▀▀▀▀▀▀
█ █ █ █ █ █
█ █ █ █ █ █
█ █ █ █▀▀▀█ █ █ █▄▄▄▄▄▄▄▄
█ █ █ █ █ █ █ █
▀▀▀▀▀▀ ▀▀▀▀▀ ▀▀▀▀▀ ▀▀▀▀▀▀▀▀▀▀▀▀▀
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
█ The Hacker’s Choice █
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀

░░░░░▒▒▒▒▒▓▓▓▓▓████ FUSiON OF DTi AND LORE ████▓▓▓▓▓▒▒▒▒▒░░░░░

▄▄▄▄▄▄▄▄▄▄▄▄
██▓▓███████████████████████████████▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄ ▄ ■
█▓██▀▀ ▀▀▀ ▀ ▀
▐██ 18-05-96 \/\/\/\ RELEASE iNFORMATiON: /\/\/\/ 06:00 CET
██ ░
██ (X) PC ( ) AMiGA ( ) UNiX ( ) TEXT ( ) OTHER ░
█▓ ▒▒
▓▒ SOFTWARE∙∙∙∙∙∙∙∙RA-BBS HACK TOOLS HARDWARE SUPPORT:286+ ▓▓
▒░ CODER/AUTHOR∙∙∙∙SKYWALKER ██
░ SUPPLiER∙∙∙∙∙∙∙∙ DiSPLAY∙∙∙∙∙∙∙∙∙text ██
░ LANGUAGE∙∙∙∙∙∙∙∙english █▓█
▄▄▄▄▄█▓█
■ ▄ ▀ ▄ ██████████████████████████████▄▄▄▄▄▄▄▄▄▄▄▄▄▄███████████▓▓▓█
▀▀▀▀▀▀▀▀▀
▄▄▄▄▄▄▄▄▄▄▄▄
██▓▓███████████████████████████████▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄ ▄ ■
█▓██▀▀ ▀▀▀ ▀ ▀
▐██ /\/ RELEASE NOTES \/\
██ ░
██ TAKE A LOOK AT THE NEW “FUTURE” iNFO BOX AT THE BOTTOM ! ░
█▓ ▒▒
▓▒ /\/ GROUP NEWS! \/\ ▓▓
▒░ ██
SKYWALKER JOiNED AS PC-CODER ██
WE WORK ON CONSTRUCTING OUR OWN iNET SITE : THC.ORG – SO WATCH OUT! ██
░ █▓█
▄▄▄▄▄█▓█
■ ▄ ▀ ▄ ██████████████████████████████▄▄▄▄▄▄▄▄▄▄▄▄▄▄███████████▓▓▓█
▀▀▀▀▀▀▀▀▀
▄▄▄▄▄▄▄▄▄▄▄▄ ▄▄▄▄▄▄▄▄▄▄▄▄
██▓▓██████████████████████▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄██████████████████▓▓██
█▓██▀▀ ▄▄ ▀▀██▓█
▐██ ▀██ ██▌
██ ▄ ▄ ▄ ▄ ▄▄ ▄ ▄ ▄ ██ ▄ ▄ ▄▄ ▄ ▄ ▄ ▄ ██
██ ▀██▄▀███▄▀███▀██▀▀██▄▀██▄▀███▄▀███▀ ██▄▀███▀██▀▀██▄▀██▀█████▀▀▀█▀ ██
██ ██ ██ ███ ██▄▄▀▀ ██ ██ ███ ██ ██ ██▄▄▀▀ ██ ██▄▄█▄ ██
██ ██ ██ ███ ██ ██ ██ ███ ██ ██ ██ ██ ▄▀ ██ ██
██ ▀███ ▀██▀ ▀██▀▀██▀ ▀███ ▀██▀ ▀██▀▀▀██▄▄▀▀ ▀██▀ ▀███▀ ████▄█▀ ██
██ ██
██ ██
██ [THC MEMBERS AND WHAT THEY DO TO KEEP UP OUR GOOD STANDARD] ██
██ ██
██ KARL MARX∙∙∙∙∙∙∙∙∙ PC CODER ██
██ MiNDMANiAC∙∙∙∙∙∙∙∙ PC CODER ██
██ PLASMOiD∙∙∙∙∙∙∙∙∙∙ PC CODER ██
██ SiRiUS∙∙∙∙∙∙∙∙∙∙∙∙ PC CODER ██
██ SKYWALKER∙∙∙∙∙∙∙∙∙ PC CODER ██
██ ██
██ GEMFiRE∙∙∙∙∙∙∙∙∙∙∙ PC CODER / WRiTER ██
██ MORCC∙∙∙∙∙∙∙∙∙∙∙∙∙ PC CODER / WRiTER ██
██ WALKER∙∙∙∙∙∙∙∙∙∙∙∙ PC CODER / WRiTER ██
██ ██
██ van HAUSER∙∙∙∙∙∙∙∙ PC CODER / UNiX CODER / WRiTER ██
██ ██
██ JAMMER∙∙∙∙∙∙∙∙∙∙∙∙ AMiGA CODER ██
██ THE iNTRUDER∙∙∙∙∙∙ ATARi ST CODER ██
██ ██
██ CRUNCH∙∙∙∙∙∙∙∙∙∙∙∙ WRiTER ██
██ CYBORG∙∙∙∙∙∙∙∙∙∙∙∙ WRiTER ██
██ DATA∙∙∙∙∙∙∙∙∙∙∙∙∙∙ WRiTER ██
██ DR. FRAUD∙∙∙∙∙∙∙∙∙ WRiTER ██
██ ██
██ CELTiC∙∙∙∙∙∙∙∙∙∙∙∙ SPREADiNG TEAM ██
██ JFF∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙ SPREADiNG TEAM ██
██ DiALUP∙∙∙∙∙∙∙∙∙∙∙∙ SPREADiNG TEAM ██
██ THE SEARCH∙∙∙∙∙∙∙∙ SPREADiNG TEAM ██
██ ??????????∙∙∙∙∙∙∙∙ SPREADiNG TEAM ██
██ ██
██▄▄▄▄▄▄▄▄▄▄▄▄ ▄▄▄▄▄▄▄▄▄▄▄▄██
██████████████████████████▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄██████████████████████
██ ▄▄ ▄ ██
██ ███ ▀██▀ ██
██ ▄ ▄ ▄ ▄ ▄▄ ▄ ▄▄ ▄███▄ ▄ ▄ ▄ ▄ ▄ ▄ ██
██ ██▀▀███▀▀██▀█████▀▀██▄██▀▀██▄ ███ ▀██▀▀██▄▀███▀ ██▀▀███▀██▀▀▀█▀ ██
██ ██ ██ ██ ██▄▄▀▀ ██▄▄▀▀ ███ ██ ██ ██ ██ ██ ██▄▄█▄ ██
██ ██ ██ ██ ██ ██ ███ ██ ██ ██ ██ ██ ▄▀ ██ ██
██ ▀███▀▀██ ▀███▀ ▀██▀ ▀██▀ ▀▀██▀ ▀█▀▀███ ▀█▀▀███▀▀██ ████▄█▀ ██
██ ▄▄ █ ▄▄ █ ██
██ ▀▀▀█▀ ▀▀▀█▀ ██
██ ■ GROUP GREETiNGS ■ ██
██ ██
██ UPG – VLAD – UCF – NUKE – UMF – MTC ██
██ ██
██ ■ PERSONAL GREETiNGS ■ ██
██ ██
██ OMEGA – VAXXER – SCAVENGER – SKYSEGEL – THE ANALYST – THE SEARCH ██
██ EL GRiTON – DR FRAUD – JFF – MARQUiS – PLASMOiD – WiLKiNS ██
██ 7UP – MONSTER – TRiP – WiCKED – SKiNFATHER – LUKE – THE Q ██
██ ██
██ ██
██▄▄▄▄▄▄▄▄▄▄▄▄ ▄▄▄▄▄▄▄▄▄▄▄▄██
██████████████████████████▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄██████████████████████
██ ██
██ ▄██ ▄██ ██
██ ██ ▀█▄ ██
██ ██ ▄▄█▄▄ ▄▄▄▄█▄▄▄▄█▄▄▄█▄ ▄█▄▄█▄▄▄▄▄▄▀██▄ ▄▄▄█▄▄█ ██
██ ██▀ ▀██ ██ ▀██ ▀██ ███ ██ ▀▀▀ ██ ██ ██ ▄▀ ██
██ ██ ██ ██ ██ █ ▀███ ██ ██ ██ ▀▀█▀▀█▄ ██
██ ▄██▄ ██ ▄██▄ ██ ██▄▄███▄▄██▄▄ ▄██▄ ██ ▄█▄▄ ██ ██
██ ▀▀▀▀ ▀▀▀▀ ▀▀▀ ▀▀ ▀▀▀ ▀▀▀▀ ▀▀▀▀▀▀ ██
██ ██
██ ■ THC DiSTRiBUTiON SiTES ■ ██
██ ────────────────────────────────────────────────────────────────── ██
██ BOARD NAME │ AC/NUMBER │ COUNTRY │ SYSOP ██
██ ──────────────────────│────────────────│────────────│───────────── ██
██ L.o.r.E BBS [HQ] │ +49-69-823282 │ GERMANY │ van Hauser ██
██ │ │ Login:THC │ Passwd:THC ██
██ iNFORMATiON EXCHANGE │ +49-6074-68390 │ GERMANY │ MiNDMANiAC ██
██ ARRESTED DEVELOPMENT │ +31-77-3547477 │ HOLLAND │ OMEGA ██
██ ViRUS POLYTECHNiQUES │ +27-1-1953-5414│ S. AFRiCA │ RADiX ██
██ BOiXOS NOiS │ +54-1-730-0294 │ ARGENTiNiA │ NEKROMANCER ██
██ TEMPLE OF LiGHT │ +598-27-74191 │ URUGUAY │ ██
██ RUNESTONE │ +1-203-585-9638│ USA │ MERCENARY ██
██ HACKER’S HEAVEN │ +1-303-343-4053│ USA │ VOYAGER ██
██ UNDERWORLD_1996.COM │ +1-514-683-1894│ USA │ RATPACK ██
██ PHREAK ASYLUM │ +1-905-823-5532│ CANADA │ NETHAKD ██
██ ────────────────────────────────────────────────────────────────── ██
██ ██
██ ■ THC iNTERNET SiTES ■ ██
██ ────────────────────────────────────────────────────────────────── ██
██ SiTE TYPE │ iNET ADDRESS │ COMMENT ██
██ ───────────────│──────────────────────────────────────│─────────── ██
██ WORLD WiDE WEB│ http://134.60.17.20/THC │by:Celtic ██
██ WORLD WiDE WEB│ http://129.187.209.62:2600 │by:Skysegel ██
██ WORLD WiDE WEB│ http://www.paranoia.com/pub/zines/THC│not up2date!██
██ WORLD WiDE WEB│ http://www.muc.de/~drmint │ DOWN ██
██ ───────────────│──────────────────────────────────────│─────────── ██
██ FTP SiTE │ ftp://ftp.paranoia.com /pub/zines/THC│not up2date!██
██ FTP SiTE │ ftp:// [COMiNG VERY SOON – WE HOPE] │ UCF & THC ██
██ FTP SiTE │ ftp:// [COMiNG VERY SOON] │ n/a ██
██ ────────────────────────────────────────────────────────────────── ██
██ ██
██▄▄▄▄▄▄▄▄▄▄▄▄ ▄▄▄▄▄▄▄▄▄▄▄▄██
██████████████████████████▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄██████████████████████
██ ██
██ ▄ ▄ ▄ ▄ ▄ ▄ ▄ ▄ ▄ ▄ ▄ ██
██ ▐█▌ ▐█▌ ▀██▄ ▄▀███▄ ▄██▀▄█▀██▄ ▄██▀ ▀██▄ ▄█ ▀██▄ ██▌ ▐██ ██
██ ▓██▄██░ ▀ ██▄▀▀ ▐██ ▓█▌ ██▌▐▓█▌ ▐█░▌ ▓█▌ ██▌▐██▄ ▐░█ ██
██ ▒██▀██▒ ▒▄ ▀█▀▄▄ ▀ ▒█▌ ▀ █▒█ █▒█ ▒█ ▀█▄▀ ███▀▐▒█ ██
██ ▐░█▌ ▐█▓▌ ▐▓█▌ ▄ ▐█▓▌ ▐░█▌ ▐░█▌ ▐█▓▌▐░█▌ ▄█▓ ▀ ▐▓█▌ ██
██ ▀█▀ ▄██▀ ▀█▀ ▀██▄▀█▀ ▀█▀ ▀██▄ ▄██▀ ▀█▀ ▐██▀ ▀█▀ ██
██ ▀ ▀ ▀ ▀ ▀ ██
██ ██
██ ██
██ ■ THC HISTORY ■ ██
██ ────────────────────────────────────────────────────────────────── ██
██ FILENAME │ DESCRIPTION │ PROGRAMMER │ DATE ██
██ ─────────────│─────────────────────────│────────────────│───────── ██
██ TCRED130.ZIP │ CREDIT CARD CALC. v1.3 │ GEMFiRE │ 01-10-95 ██
██ │ The *best* available ! │ │ ██
██ THC-GV12.ZIP │ GET-VIP v1.2thc │ van HAUSER │ 01-10-95 ██
██ │ Unix Passwd Analyzer │ │ ██
██ THC-PD11.ZIP │ PRINT DATES v1.1 │ van HAUSER │ 01-10-95 ██
██ │ Date Dictionary Creator │ │ ██
██ THC-DG10.ZIP │ DICTIONARY GENERATOR v1 │ van HAUSER │ 06-10-95 ██
██ │ Brute&Sensitive Generat.│ │ ██
██ THC-SECP.ZIP │ SECURITY PACKAGE 4 PC │ ————– │ 09-10-95 ██
██ │ The *best* crypters ! │ │ ██
██ THC-GD10.ZIP │ GENERAL DIAL v1.0 BETA │ KARL MARX │ 15-10-95 ██
██ │ The BB Dialer for PC/GUS│ │ ██
██ THC-GV15.ZIP │ GET-VIP v1.5+ │ van HAUSER │ 26-10-95 ██
██ │ Unix Passwd Analyzer ! │ │ ██
██ THC-PH09.ZIP │ PBX HACKER v0.9 gamma │ van HAUSER │ 06-11-95 ██
██ │ The *best* PBX Hacker ! │ │ ██
██ THC-TC14.ZIP │ CREDIT CARD CALC. v1.4 │ GEMFiRE │ 13-11-95 ██
██ │ The *BEST* available ! │ │ ██
██ THC-PH10.ZIP │ PBX HACKER v1.0 FINAL │ van HAUSER │ 18-11-95 ██
██ │ The *BEST* PBX Hacker ! │ │ ██
██ THC-PH11.ZIP │ PBX HACKER v1.1 BUGFIX │ van HAUSER │ 24-11-95 ██
██ │ The *BEST* PBX Hacker ! │ │ ██
██ THC-TC15.ZIP │ CREDIT CARD CALC. v1.5 │ GEMFiRE │ 25-11-95 ██
██ │ BUGFIX Release – GetIt !│ │ ██
██ THC-PD12.ZIP │ PRINT DATES v1.2 PC+ST !│ van HAUSER │ 26-11-95 ██
██ │ Date Dictionary Creator │ THE iNTRUDER │ ██
██ THC-TC16.ZIP │ CREDIT CARD CALC. v1.6 │ GEMFiRE │ 04-01-96 ██
██ │ even more enhanced! │ │ ██
██ THC-TS07.ZIP │ THC-SCAN 0.7 PUBLIC BETA│ van HAUSER │ 06-01-96 ██
██ │ BETTER then Toneloc ! │ │ ██
██ THC-LH09.ZIP │ LOGIN HACKER v0.9 BETA │ van HAUSER │ 10-01-96 ██
██ │ The first Login Hacker │ │ ██
██ THC-TS08.ZIP │ THC-SCAN 0.8 PUBLIC BETA│ van HAUSER │ 19-01-96 ██
██ │ …and again enhanced! │ │ ██
██ THC-MAG1.ZIP │ THC’s first magazine! │ Ed.: GEMFiRE │ 12-02-96 ██
██ │ C00l infos for c00l guys│ │ ██
██ THC-TS09.ZIP │ THC-SCAN 0.9 PUBLIC BETA│ van HAUSER │ 14-02-96 ██
██ │ … and again enhanced! │ │ ██
██ DIC-GEN,TCRED│ 3 special CEBIT Releases│ van HAUSER │ 16-03-96 ██
██ THC-SCAN │ !NON PUBLIC! │ GEMFiRE │ ██
██ THC-AT&T.ZIP │ AT&T booklett: DON’T BE-│ scanned by │ 24-03-96 ██
██ │ COME A TOLL FRAUD VICTIM│ PLASMOiD │ ██
██ THC-LH10.ZIP │ LOGIN HACKER v1.0 FINAL │ van HAUSER │ 15-04-96 ██
██ │ The first Login Hacker! │ │ ██
██ THC-TS10.ZIP │ THC-SCAN v1.0 ! FINAL ! │ van HAUSER │ 05-05-96 ██
██ │ *BEST* Wardialer/Scanner│ │ ██
██ THC-RAHK.ZIP │ RA-BBS Hacking Tools! │ SKYWALKER │ 18-05-96 ██
██ │ 4 cool programs … │ │ ██
██ ────────────────────────────────────────────────────────────────── ██
██ ██
██▄▄▄▄▄▄▄▄▄▄▄▄ ▄▄▄▄▄▄▄▄▄▄▄▄██
██████████████████████████▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄██████████████████████
██ ██
██ ▄▄ ▄ ▄ ▄ ▄ ██
██ ▄█ ▀██▄ ▄█ ▄█ ▄██▀▄█▀██▄ ▄█ ▄█ ▄█▀▀██▄ ▄█▀▀██▄ ██
██ ▓█▌▄ ▀▀ ▓█▌ █░▌▐██ ▓█▌ ██▌ ▓█▌ █░▌ ▓█▌ ██▌ ▓█▌▄ ▀█ ██
██ ▒█▌▀██▄ ▒█▌ █▒▌ ▀ ▒█▌ ▀ ▒█▌ █▒▌ ▒█ ▀█▄ ▒█▌▀██▄ ██
██ ▐░█▌ ▀ ▐░█▌ █▄▓ ░█▌ ▐░█▌ █▄▓ ▐░█▌ ▄█▓ ▐░█▄ ▀█▀ ██
██ ▀█▀ ▀▀▀▀▀▀█▄ ▀█▀ ▀▀▀▀▀█▄ ▀█▀ ▀▀ ▀█▀▀██▄ ██
██ ▀ ██
██ ██
██ Yeah what’s coming up from THC ? ██
██ ██
██ ██
██ ■ Definitly there’ll be a BIG & GOOD magazine in june(No.2!) ██
██ ■ The GENERAL DIALER v1.1 will be released … aehm soon … ██
██ ■ the special program called LOGIN HACKER is completed ██
██ I’ll only continue programming this project ON DEMAND ! ██
██ ■ The THC-SCANNER is now release but will bet more & more ██
██ functions. It’s already much better then Toneloc… ██
██ But we’ll enhance it much further ! v1.1 : july ██
██ ■ VMB-BASIC like LOGIN HACKER, but especially for VMBs ██
██ If Plasmoid will continue this project – who knows. ██
██ ■ SPH – Smart PBX Hacker – a new tool coming up from ██
██ Plasmoid. Watch out for it, it will be something new! ██
██ ■ A Unix Passwd Cracker for the Amiga. The release date was ██
██ October but the programmer had a car accident and needs ██
██ some time get back on his feet again … bless ya JaMMeR! ██
██ It IS already 6 times faster then the KillerCracker! ██
██ And if we don’t release it in June – then never! ARGH! ██
██ ■ Unix Passwd Update Checker (Check which accounts were ██
██ removed and which are new and which got a new password) ██
██ ■ A luxury Dictionary Generator + Dictionary Database ██
██ ■ a MAYBE release is also a crypter for COM Ports (modems) ██
██ don’t know if we can get it work 😉 ██
██ ■ Another MAYBE release is a hostdatabase for YPX and ██
██ similar programs (that’s for unix guys) ██
██ ██
██ … and of course the projects ██
██ THCCRED, PBXHACK, THC-SCAN and GENERAL DIALER ██
██ will be continued! ██
██ The other programs should now be final. ██
██ ██
██ ██
██▄▄▄▄▄▄▄▄▄▄▄▄ ▄▄▄▄▄▄▄▄▄▄▄▄██
██████████████████████████▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄██████████████████████
██ ██
██ WE ARE ALWAYS iNTERESTED iN NEW MEMBERS (EXPERTS ONLY) ! ██
██ iF YOU WANT US TO DiSTRiBUTE YOUR GREAT H/P PROGRAM OR ARTiCLE ██
██ CONTACT US AT : LORE BBS ++49-(0)69-823282 Login:THC Pw:THC ██
██ [email protected] : vh@campus.de or gemfire@drmland.muc.de ██
██ ██
█▓█ iF U WANT TO BE A SiTE WiTH OUR FULL SUPPORT █▓█
█▓█▄▄▄▄▄ TRY 2 CONTACT US, TOO! ▄▄▄▄▄█▓█
█▓▓▓████▄▄▄▄▄▄▄▄▄ ▄▄▄▄▄▄▄▄▄████▓▓▓█
▀▀▀███████████████████████▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄███████████████████████▀▀▀

THC 1996 – DESiGN BY GEMFiRE (NFO-009)

If you send [email protected] to VH@CAMPUS.DE, then ENCRYPT your message with this
PUBLIC PGP KEY ! Or you don’t get any response !
(if you do, you’ll get a response – promised 😉

van Hauser/THC of L.o.r.E. BBS
—–BEGIN PGP PUBLIC KEY BLOCK—–
Version: 2.6.1

mQCNAzB6PNQAAAEEALx5p2jI/2rNF9tYandxctI6jP+ZJUcGPTs7QTFtF2c+zK9H
ElFfvsC0QkaaUJjyTq7TyII18Na1IuGj2duIHTtG1DTDOnbnZzIRsXndfjCIz5p+
Dt6UYhotbJhCQKkxuIT5F8EZpLTAL88WqaMZJ155uvSTb9uk58pv3AI7GIx9AAUT
tBp2YW4gSGF1c2VyL1RIQyBvZiBMT1JFIEJCUw==
=6UhL
—–END PGP PUBLIC KEY BLOCK—–


Telenet Codes, Hacked Out by ZORON (May 1, 1988)

TELENET CODES
5/01/88

HACKED OUT BY
!ZORON!

ABBREVIATION LIST
———————————————————-
^ = CNTRL UNK = UNKNOWN
C.B. = CITIBANK C/C/M = CITICORP MANAGER
REF = REFUSED COLLECT CALL

@ CONNECTION | CONNECTION ENDING | SERVICE AND HELPFUL HINTS
————————————————————–
21211 | 212 11 | UNK, ENTER SERVICE TO LOGON
21212 | 212 12 | PART OF ABOVE SYSTEM
21211 | 212 21 | PRIMENET 20.2.2 SYSA
212130 | 212 130 | MORGAN STANLEY NETWORK
212131 | 212 131 | VM/370 ONLINE VM/HP042
212137 | 212 137 | PRIMENET 20.2.3.R18.S14 NY60
212141 | 909 406 | UNK, THERE IS A GUEST ACCOUNT!
212142 | | DITTO
212145 | 212 145 | OFFICE INFORMATION SYSTEMS
212146 | 212 146 | DITTO
212150 | 212 150 | UNK
212152 | 212 152A | UNK
212159 | 212 159 | UNK
212200 | 212 200A | UNK
212201 | 212 201A | UNK
212203A | 212 203A | UNK, TELENET IN NY??
212203B | 212 203B | UNK, TELENET IN NY??
212203C | 212 203C | UNK, TELENET IN NY??
212203D | 212 203D | UNK, TELENET IN NY??
212203E | 212 203E | UNK, TELENET IN NY??
212203F | 212 203F | UNK, TELENET IN NY??
212219 | 212 219 | NEO, ACCOUNT ID : AA012A
212226 | 212 226 | VM370/ONLINE
212246 | 212 246 | UTC SYSTEM
212248 | 212 248 | PRIMENET 20.2.4 RYE
212258 | 212 258 | OFFICE INFORMATION SYSTEM (NYOISE)
212260 | 212 260 | BANKERS TRUST ONLINE
212263 | 212 263 | BANKERS TRUST ONLINE
212269 | 212 269 | DECSERVER200 TERM SERVER 1.0 BL20-LAT V5.1
212276 | 212 276 | UNKNOWN
212281 | 212 281A | CITICASH MANAGER
212282 | 212 282A | CITICASH MANAGER
212315 | 212 315 | BUSY
212316 | 212 316 | BUSY
212320 | 212 320 : UNK
212321 | 212 321 | PART OF ABOVE SYSTEM
212328 | 212 200A | UNK
212369 | 212 369 | UNK
212370 | 212 370 | PART OF ABOVE SYSTEM
212374 | 212 374 | BUSINESS SYSTEM NODE (CORP04)
213121 | 212 121 | PRIMENET 20.2.4 SWWE1
213230 | 213 230 | UNK
2143A | 214 3A | BUSY
2148A | 214 8A | BUSY
2148B | 214 8B | BUSY
2148C | 214 8C | BUSY
21412A | 214 12A | BUSY
21412B | 214 12B | BUSY
21421 | 214 21 | US SPRINT APPLICATION, PHOENIX
21442 | 214 42 | DNA ONLINE
21444 | 214 44 | UNK, ACCESS FOR CODE BUT MASKS “FAST-TAX”
21456 | 214 56 | PRIMENET 20.1.1A BOWSER
21460 | 214 60 | UNK, ‘:’ CIEER
21471 | 214 71 | PRIMENET FB.3.3 UCCA,
FASBAC 11/30/87
(C) 1986 POWER COMPUTING CO.
(214)-655-8676
21472 | 214 72 | POWER COMPUTING CO, CDC ONLINE
21476 | 214 76 | POWER COMPUTING CO. CYBER ONLINE
21477 | 214 77 | PRIMENET FB.3.3 UCCA,
FASBAC 11/30/87
(C) 1986 POWER COMPUTING CO.
(214)-655-8676
21554 | 215 54 | REF
21560 | 215 60 | REF
21566 | 215 66 | NEWSNET
21574 | 215 74 | UNK
22300 | 223 901378 | C.B. VTAM
22304 | 223 4 | UNK
22306 | 223 6 | IBM SYSTEM 88
22307 | 223 7 | CITICORP TEST MESSAGES
22310 | 223 10 | PRIMENET
22311 | 223 92460 | C/C/M
22326 | 223 26 | IBISM ELECTRONIC VILLAGE
22331 | 223 31 | ASTRA APPLICATION? , ENTER ‘A’
22332 | 223 32 | DITTO
22335 | 223 35 | CITI TREASURY PRODUCTS, *EXIT*
22340 | 223 40 | GLOBAL REPORT CITICORP
22343 | | UNK
22349 | 223 50.77 | HELP – CITIBANK
22350 | 223 50 | PRIMENET
22352 | 223 52 | CITI TREASURY PRODUCTS
22353 | 223 53 | DITTO
22355 | 223 55 | PRIMENET
22357 | 223 90095O | UNK
22358 | 223 90582K | C.B. VENEZUELA CBC1
22359 | 223 90590A | UNK
22360 | 223 60 | GLOBAL REPORT CITICORP
22361 | 223 61 | DITTO
22362 | 223 61 | DITTO
22366 | 223 66 | DITTO
22367 | 223 67 | DITTO
22368 | 223 68 | CITIMAIL II
22369 | 223 69 | CITIMAIL II
22370 | 223 70 | F.I.G. SYSTEM PARSIPANNY – MIS
22371 | 223 71 | ELECTRONIC CHECK MANAGER
22379 | 223 79 | UNK
22380 | 223 80 | RSTS V7.2 CFIB, ^J TO ENTER
22381 | 223 90249B | C.B. TOKYO CBT1
22383 | | C.B. NEW YORK
22385 | | C.B. HONG KONG
22386 | 223 90068H | C.B. PORT 3
22387 | | FINANCIAL CONTROL
22388 | 223 90863 | ELECTRONIC BANKING CENTER
22389 | 223 91952A | C.B. INTERNATIONAL CORPORATE CENTER
22390 | | WANG VS LOGON
22391 | | UNK
22392 | 223 92A | CITINET
22393 | 223 93 | UNK
22395 | | UNK
22397 | | ELECTRONIC BANKING CENTER, 1-800-624-9522
22398 | 223 98 | CITICORP NAIB, CAPITAL MARKET ANALYSIS
223102 | 223 90042K | CITISWITCH, HK
223105 | 223 90187D | UNK, ‘TYPE.’
223106 | 223 90504D | C.B. PANAMA
223108 | 223 924601 | C/C/M, CYBOS
223109 | 223 9121 | BAHRAIN BOOK
223121 | 223 91876K | ***** C.B. ITG TEST BOX 2 *****
223122 | 223 90824H | GLOBAL REPORT FROM CITICORP
223123 | 223 906615 | UNK, ONE SHOT!
223124 | 223 90869 | C.B. ELECTRONIC BANK SYSTEM
223125 | 223 90117R | CITICASH
223127 | 223 91017D | C.B. CBJ1 PORT 3
223128 | 223 90156A | UNK
223129 | 223 90821 | CITI TREASURY PRODUCTS
223130 | 223 90828A | CITI TREASURY
223131 | 223 90115F | C.B. NY CBNN
223132 | 223 90821F | VTAM,
CMD: X
CICS APPLID: TPX
HOST SYS: MVS/XA
PURPOSE: TAPS
DESC: TPX

TPX V1.5.1 – TRADER ANALYSIS PROC. SYS
(THE CONCURRENT SYSTEM MANAGEMENT)
BY DUQUESNE SYS, INC.

CITICORP INFORMATION SYS RESEARCH
PARSIPANNY, NJ

223145 | 223 90238Q | UNK, (LOGO$CP)
223148 | 223 90387 | C.B. PORT1
223149 | 223 90291T | C.B. CBBD, PORT 0
223150 | 223 90829H | CITICORP INFORMATION SYS RESEARCH INC.
223151 | 223 90833E | UNK, .TYPE
223153 | 223 90012A | N.I.M. VER 2 BAHRAIN BRANCH C.B. VDS1
223154 | 223 91463T | UNK, (LOGO$CP)
223158 | 223 90218C | CITIMAIL EURO/MEAD V8.40
223159 | 223 90118I | UNK, NO RESPONSE
223160 | 223 92460 | UNK, ‘COM /CR CLR PAD,0’
223161 | 223 92460 | F.I.G. SYSTEMS – PARISPANNY- MIS
223162 | 223 92460 | COM/ PRIMENET 18.3 TLNT TP SYS CITIBK
^E RESPONSE- 31103170031001
223163 | 223 92460 | DITTO
223164 | 223 92460 | PRIMENET
223165 | 223 92460 | IBISM ELECTRONIC VILLAGE
SOME SYSTEMS:
BOXA3D1 CTRACKS
CM5 CSWITCH
CM2 CLUES
CM7 APPLE
CM8
223166 | 223 92460 | CITI TREASURY PRODUCTS
223167 | 223 92460 | DITTO
223168 | 223 92460 | GLOBAL REPORT FROM C.C.
223170 | 223 92460 | ELECTRONIC CHECK MANAGER,
ASS. (212)-363-3333
223172 | 223 92460 | UNK
223173 | 223 92460 | HELP, STAFF PASSWORD
CALL OR CITIMAIL
PETER SIDORENKO IN N.Y.
(212)-558-0077
223174 | 223 92460 | PERSONNEL TECHNOLOGY MANAGEMENT
OTHER DIAL-UPS:
(516)-420-4930
(212)-319-5911
SOME SYSTEMS:
VM/370
3274 CONTROLLER EMULATOR
????
223175 | 223 175 | UNK, ‘ENTER A FOR ASTRA’
223176 | 223 92460 | UNK, ‘ENTER USERNAME’
223177 | 223 92460 | UNK, ‘FIELDS?’
223179 | 223 92460 | CITINET
223185 | 223 90912 | UNK
223187 | 223 187A | DEC SERVER 200 TERM SERVER 1.0
223189 | 223 189A | DITTO
223190 | 223 92460 | UNK, ‘:’ OPERATOR.SYS
223191 | 223 191A | UNK, CSWITCH? IBISM????
223192 | 223 92460 | UNK
223200 | 223 200 | C/C/M
223201 | 223 201 | C/C/M
223202 | 223 202 | C/C/M
223203 | 223 203 | C/C/M
223204 | 223 204 | C/C/M
22400 | | NORTH AMERICAN FINANCIAL GROUP
22401 | | C.B. PORT 7
22402 | 223 90825H | GLOBAL REPORT
22407 | | CITICORP INFORMATION SYSTEMS RESEARCH
22410 | 223 90111J | CORVUS CONSTELLATION
22414 | | C/C/M
22417 | | C.B., REQUIRES CITIPC KEYBOARD
22419 | 223 90002C | UNK, TRY ^U, ^T, ^O
22420 | 223 90913K | DEC SYS 20 TOPS MONITOR
22421 | 223 9008N | SIGNAPORE VAX – 11 / 750
22422 | 223 90227A | C.B. ABIDJAN CBAF2
22423 | 223 90025 | C.B. BAHRAIN BOOK UD52
22425 | 223 90645B | C.B. NAIROBI CBAF2
22426 | 223 90009P | UNK
22427 | 223 90271E | C.B. JOHANNESBURG CB51
22428 | 223 9010IM | DIGITAL ETHERNET TERMINAL SERVICE
22429 | 223 90025F | C.B. DUBAI
22430 | 223 90301E | C.B. PIRAUES CBG2
22431 | 223 90281Q | C.B. AMSTERDAM CBA1
22432 | 223 90321E | C.B. BRUSSELS CBB2
22433 | | C.B. PARIS
22434 | 223 9034E | C.B. MADRID
22435 | 223 91101V | C.B. CBBA
22436 | 223 90528M | C.B. MEXICO
22437 | 223 92460 | EMEA CORPORATE AND GOVERMENT SERVICES
22438 | | C.B. BRUSSELS
22439 | 223 90391E | C.B. MILAN
22440 | 223 91474A | UNK
22441 | 223 91737B | C.B. ZURICH
22442 | 223 91739C | C.B. ZURICH
22443 | 223 90281O | UNK
22444 | 223 90446 | C.B. LONDON
22445 | 223 90661M | UNK
22446 | 223 90661N | UNK
22447 | | PPD COMMUNICATION NETWORK
22448 | 223 91238 | UNK
22449 | 223 90493K | C.B. FRANKFURT
22450 | 223 90679 | C.B. LUXEMBOURG CBQ1
22451 | 223 90123Q | BUFFALO NY REMITTANCE SERVICE
22452 | 223 90009N | C.B. MEXICO CBC6
22453 | 223 90281R | C.B. NEW JERSEY
22454 | | UNK
22455 | 223 90005F | C.B. BRAZIL
22457 | 223 90105O | UNK
22458 | 223 90002K | C.B. VENEZUELA CBC1
22459 | 223 90000A | C.B. ECUADOR
22460 | 223 910637 | C.B. KUALA LUMPUR CBK4
22461 | 223 90636B | C.B. SYDNEY CBS5
22462 | 223 91014D | C.B. JAKARTA (COSMOS)
22463 | 223 91495B | MANILA CBU3
22464 | 223 90263A | CITICORP C.B.
22465 | 223 91461F | C.B. SINGAPORE
22466 | 223 90073 | UNK, ^E ‘1%3457|90’
22467 | 223 90034 | UNK
22469 | 223 90250K | CITIMAIL EURO/MEAD
22470 | 223 90254G | DITTO
22476 | 223 90685H | UNK
22490 | | WANG VS LOGON
22493 | | BANCO INTERNATIONAL COLUMBIA
22498 | 223 9000 | C/C/M
224100 | 223 90103R | CITISWITCH NJ
224101 | 223 90458C | BMS
224102 | 223 90042K | CITISWITCH HK
224105 | 223 90007D | UNK, TYPE .
224106 | 223 90003D | C.B. PANAMA
224108 | 223 90000 | C/C/M
224109 | 223 91211 | N.I.M. V.2 BAHRAIN BOOK
224110 | 223 90003A | UNK, TYPE .
224111 | 223 90119V | FAME’S ETHERNET
SOME SYSTEMS:
CS1 FAMEB
S1 MODEM
HSM CS100A
GS3 GS3D
CS100B FAMEA
MVAX IBISM
224114 | 223 91745B | UNK
224115 | 223 90115Q | UNK
224117 | 223 90000 | UNK
224120 | 223 90003E | UNK, ESPANOLO
224121 | 223 90002 | ITG TEST BOX 2, PORT 9
224122 | 223 90824H | GLOBAL REPORT CC
224123 | 223 906615 | UNK, ‘LINE CURRENTLY DISABLED’
224125 | 223 90117R | C/C/M
224127 | 223 91016D | C.B. CBJ1
224128 | 223 90006G | UNK, LOGIN PLEASE
224129 | 223 90821 | CITI TREASURY PRODUCTS
224130 | 223 90828A | CITI TREASURY PRODUCTS
224131 | 223 90115F | C.B. NY NAIB ASTI
30120 | 301 20 | ELHILL MEDICAL LIBRARY
30124 | 301 24 | THE SOURCE
30126 | 301 26 | DNAMD1
30128 | 301 28 | THE SOURCE
30131 | 301 31 | PRIMENET NUSA
30133 | 301 33 | UNITED COMMUNICATION COMPUTER SERVICE
30135 | 301 35 | MORE / BSD 4.3
30138 | 301 38 | THE SOURCE
30145 | 301 45A | UNK ‘|’
30147 | 301 47 | THE SOURCE
30148 | 301 48 | THE SOURCE
30149 | 301 49 | THE SOURCE
30154 | 301 54 | TELENET
30157 | 301 57A | UNK
30158 | 301 58 | CDA ONLINE SERVICES
30174 | 301 74 | UNK
301100 | 301 100 | UNITED COMMUNICATIONS COMPUTER SERVICES
GROUP. SYSTEM/32, RLEASE 6.3
MODULE %ucg#ml
301140 | 301 140 | SCSTI, GUEST ACCOUNT : GUEST
301156 | 301 156 | THE SOURCE
301157 | 301 157 | THE SOURCE
301158 | 301 158 | THE SOURCE
301159 | 301 159 | THE SOURCE
301160 | 301 160 | NAVY ELECTRONIC MAIL SERVICES (NEMS)
ULTRIX – 32V1.1
USER SUPPORT -> 202-227-4030
301162 | 301 156 | THE SOURCE
301170 | 301 170 | SAME AS 301100
3037 | 303 7 | NCAR— US GOVERNMENT
MANY MAINFRAMES AVAILABLE!!!!
3038 | 303 8 | SAME AS ABOVE
3039A | 303 9A | NCAR
3039B | 303 9B | NCAR
3039C | 303 9C | NCAR
3039D | 303 9D | NCAR
3039E | 303 9E | NCAR
3039F | 303 9F | NCAR
3039G | 303 9G | NCAR
3039H | 303 9H | NCAR
3039I | 303 9I | NCAR
3039J | 303 9J | NCAR
3039K | 303 9K | NCAR
3039L | 303 9L | NCAR
3039M | 303 9M | NCAR
3039N | 303 9N | NCAR
3039O | 303 9O | NCAR
3039P | 303 9P | NCAR
3039Q | 303 9Q | NCAR
3039R | 303 9R | NCAR
30310 | 303 10 | SERVER FOR ABOVE???
30323 | 303 23 | UNK, (LOGO$CP) PROBABLY A PRIMENET
30338 | 303 38 | PRIMENET 20.2.1 SL
30358 | 303 58 | INTERACTIVE SYSTEMS PAD (V1.3),
ICO : LOGIN PORT 12
30365 | 303 65 | UNK, #NETWORK SESSION 2778
#B7900:400 CANDE 36.170 AT MARATHONB79;
YOU ARE NETCANDE00 (2A)
303100 | 303 100 | SWITCH CHAR ‘L’- LSTC2VM, LOGON VMTEST
PASS = LIGHTMAN
‘V’- CCSVM, LOGON OPERATOR
PASS = ???
303131 | 303 131 | PETROLEUM INFORMATION NETWORK
303134 | 303 134 | SOFTSEARCH NETWORK A
303140 | 303 140 | NETWORK, PASSWORD LOCKED
30504 | 305 4 | MARTIN MARIETTA SIM 3278 NETWORK
30520 | 305 20B | UNK, HELLO ACCOUNT XXXXXXXX.XXXXXXXX
30522 | 305 22 | DITTO
30534 | 305 34A | MARTIN MARIETTA
31230 | 312 30 | UNK, ‘ENTER SERVICE ID’
31234 | 312 34I | UNK, ‘ENTRY INCORRECT, TRY AGAIN’
31236 | 312 36 | U OF C COMPUTATION CENTER
GANDALF PARX 2000
31241 | 312 41A | UNK, SAME AS 31234
31242 | 312 42 | UNK, PROMPT ‘#’
31243 | 312 43 | UNK, PROMPT ‘#’
31246 | 312 46 | UNK, ‘CONNECTED’
31249 | 312 605A | AMERICAN HOSPITAL SUPPLY CORP. (ASAP)
HOTLINE –> 1-800-323-3830
31250 | 312 605A | AMERICAN HOSPITAL SUPPLY CORP. (ASAP)
HOTLINE –> 1-800-323-3830
31253 | 312 53 | UNK
31256 | 312 56 | CISCO DATABASE HARRIS-700
31259 | 312 59 | UNK
31263 | 312 63 | PEOPLE/LINK
31270 | 312 70 | PEOPLE/LINK
312120 | 312 120 | TIME INC., 1-312-329-6970
312121 | 312 121 | TIME INC., 1-312-329-6970
312131 | 312 131A | VM/370
312135 | 312 135 | PEOPLE LINK, 1-800-524-0100
SAMPLE ACCOUNT : OFS112
312142 | 312 142 | UNK
312159G | 312 159G | OFFICIAL AIRLINES GUIDE, ATT17526; NETSYS
312162 | 312 162 | UNK
312163 | 312 163 | UNK
312181 | 312 181 | UNK
312375 | 312 375 | MARKETING FACT BOOK
312570B | 312 570B | UNK
312570C | 312 570C | UNK
312571 | 312 571A | UNK, $$
312572A | 312 572A | UNK, SS
312233 | 312 233 | UNK, PASSWORD?,PORT =\HDQ.$X25K00.#VC04
312252A | 312 252A | BUSY
312252B | 312 252B | BUSY
312253 | 312 253 | UNK, CIERR
312256 | 612 442 | UNK
312259 | 312 259 | UNK, CIERR
312263 | 312 263 | REF
312269 | 312 269 | UNK, ID?, PASSWORD?
31520B | 315 20B | BRS, PASSWORD = 4PD607; SECURITY= AMC579
40255 | 402 55 | UTELL INTERNATIONAL HOTEL RESERVATION SYS
40219A | 402 19A | BUSY
40219B | 402 19B | BUSY
4045 | 404 5 | UNK
4047 | 404 7 | UNK
41530 | 415 27A | STANDFORD DATA CENTER SYSA FORSYTHE HALL
ACCOUNT IN FORM : AX.AXX
41537 | | CASTOR, ‘HELLO OPERATOR.SYS’
CALL KEITH TURNER FOR SECUIRTY 544-7608
41538 | | POLLUX, ‘HELLO OPERATOR.SYS’
CALL KEITH TURNER FOR SECUIRTY 544-7608
41548 | 415 48 | DIALOG
41549 | 415 49 | DITTO
41553 | 415 535B | UNK
41586D | 415 86D | BUSY
41590A | 415 90A | BUSY
41590B | 415 90B | BUSY
415260 | 415 260 | PRIMENET 20
415271 | 415 271A | UNK
415273 | 415 273 | PRIMNET 20.1.1A SUSHI
51312A | 513 12A | BUSY
51316A | 513 16A | BUSY
51330 | 513 30 | TELEMAIL?
51331 | 513 31 | MEADNET, SWITCH TO MANY COMPUTERS
6021 | 602 1 | USSWR1
61223 | 612 23 | WESTLAW
61234 | 612 34 | WESTLAW
61236 | 612 36 | UNK
61237 | 612 37 | WESTLAW
61240 | 612 40 | GANDALF PACX 200
61244 | 612 44 | REF
61246 | 612 46 | REF
61252 | 612 52 | REF
61253 | 612 53 | REF
61256 | 612 56 | WESTLAW
61257 | 612 57 | WESTLAW
61421 | 614 21 | STN INTERNATIONAL
61431 | 614 31 | STN INTERNATIONAL
61444 | 614 48 | UNK, ‘GOOD MORNING’
61445 | 614 48 | DITTO
61447 | 614 48 | DITTO
61448 | 614 48 | DITTO
61712A | 617 12A | BUSY, CHECK OUT NODES B-Z
61718A | 617 18A | BUSY, CHECK OUT NODES B-K
61720 | 617 20 | PRIMENET 20.2.3VR9.A PBN27
61722 | 617 22 | PRIMENET 20.2.3VR9.A BDSD
61727B | 617 27B | BUSY
61736 | 617 36 | ULTRIX PAD (V1.3.1.0) POR
HADDOCK.IMA.ISC.COM
61737 | 617 37 | PRIMENET 20.2.3VR9.A BDSH
80844 | 808 44 | UNK, ID:
80845 | 808 45 | REM PROC ERR 11 E2
80846 | 808 46 | UNK, ID:
80847 | 808 47 | UNK, ID:

THAT IS ALL I’VE HACKED OUT SO FAR. SEVERAL OF THE SYSTEMS HAVE VERY
SIMPLE ACCOUNTS OR DEMOS. TRY WHAT YOU CAN AND LEAVE ME A MESSAGE ON
ANY OF THESE BOARDS….

OBLIVION ————> (214)-221-4638
THE VEILED SOCIETY –> (214)-424-7234

ZORON

Data Snooping the Right Way by Lee Day

ÕÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍ͸
( )
) Abstruse Authors of Merca (
( )
ÔÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍ;

Presents

Data Snooping : the Right Way
—————————–

by
Lee Day

Data snooping is a popular passtime among personal computer users in North
Merca. A data snooper may be defined as one who examines friends’ personal,
private data while they are not looking. Most users could probably be labeled
data snoopers at one time or another. The problem is, many friends are made
aware of data snooping activities on their system, either by catching the
snooper in the act, or by finding traces of an invasion. Therefore, some
public education is necessary to ensure the continuation of this enriching
activity.

During a “local” snoop, one must be on the alert for the return of the data’s
owner. If the snooper hears the return of the owner, he should act quickly to
appear innocent. Here are several methods :

1) Set up a multi-tasker, and switch to an innocent partition. Caution : The
owner may notice a lack of memory, or may switch to the incriminating
partition.

2) Call a memory-resident pop-up screen. Programs such as BOSS-SW.COM zip a
bogus spreadsheet on the screen. Problem : you may have a hard time
explaining your activity, particularly if you are using the owner’s computer
and he does not have a spreadsheet program.

3) Turn the screen off. Not very effective if the owner turns the screen on
again.

4) Reboot. This may be accomplished by “accidentally” tripping the power
switch, or making an excuse for rebooting, such as a need for “fresh RAM”.

If the owner has keen eyes, he may thwart a snooper with a time/date stamp.
Some programs automatically create or update files during execution without the
user’s permission. The snooper’s best bet is to avoid these programs, or
write-protect the disk. A hard disk may even be write-protected with the use
of a trojan horse detector called “BOMBSQAD”, which prompts the user for
instructions every time a disk-writing attempt is made.

If a time-date stamp is actually updated, and looks suspicious, the snooper may
change it using Norton’s utilities, or a special date-changing utility. He may
also delete any newly created files. Of course, a data snooper should NEVER
modify the owner’s files. This would be the equivalent of cutting the balls
off the gander that laid the goose that laid the golden egg. Surely the
snooper would gain much more from repeated instances of data snooping than a
few moments of revenge or tease. Remember : Data snooping can be an
enriching, exciting activity, if approached with an attitude of maturity.

ÖÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ·
) Written by Lee Day for Abstruse Authors of Merca (
ÓÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄĽ

X-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-X

Another file downloaded from: NIRVANAnet(tm)

& the Temple of the Screaming Electron Jeff Hunter 510-935-5845
Rat Head Ratsnatcher 510-524-3649
Burn This Flag Zardoz 408-363-9766
realitycheck Poindexter Fortran 415-567-7043
Lies Unlimited Mick Freen 415-583-4102

Specializing in conversations, obscure information, high explosives,
arcane knowledge, political extremism, diversive sexuality,
insane speculation, and wild rumours. ALL-TEXT BBS SYSTEMS.

Full access for first-time callers. We don’t want to know who you are,
where you live, or what your phone number is. We are not Big Brother.

“Raw Data for Raw Nerves”

X-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-X

Data Snooping the Right Way by Lee Day of Abstruce Authors of Merca

ÕÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍ͸
( )
) Abstruse Authors of Merca (
( )
ÔÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍ;

Presents

Data Snooping : the Right Way
—————————–

by
Lee Day

Data snooping is a popular passtime among personal computer users in North
Merca. A data snooper may be defined as one who examines friends’ personal,
private data while they are not looking. Most users could probably be labeled
data snoopers at one time or another. The problem is, many friends are made
aware of data snooping activities on their system, either by catching the
snooper in the act, or by finding traces of an invasion. Therefore, some
public education is necessary to ensure the continuation of this enriching
activity.

During a “local” snoop, one must be on the alert for the return of the data’s
owner. If the snooper hears the return of the owner, he should act quickly to
appear innocent. Here are several methods :

1) Set up a multi-tasker, and switch to an innocent partition. Caution : The
owner may notice a lack of memory, or may switch to the incriminating
partition.

2) Call a memory-resident pop-up screen. Programs such as BOSS-SW.COM zip a
bogus spreadsheet on the screen. Problem : you may have a hard time
explaining your activity, particularly if you are using the owner’s computer
and he does not have a spreadsheet program.

3) Turn the screen off. Not very effective if the owner turns the screen on
again.

4) Reboot. This may be accomplished by “accidentally” tripping the power
switch, or making an excuse for rebooting, such as a need for “fresh RAM”.

If the owner has keen eyes, he may thwart a snooper with a time/date stamp.
Some programs automatically create or update files during execution without the
user’s permission. The snooper’s best bet is to avoid these programs, or
write-protect the disk. A hard disk may even be write-protected with the use
of a trojan horse detector called “BOMBSQAD”, which prompts the user for
instructions every time a disk-writing attempt is made.

If a time-date stamp is actually updated, and looks suspicious, the snooper may
change it using Norton’s utilities, or a special date-changing utility. He may
also delete any newly created files. Of course, a data snooper should NEVER
modify the owner’s files. This would be the equivalent of cutting the balls
off the gander that laid the goose that laid the golden egg. Surely the
snooper would gain much more from repeated instances of data snooping than a
few moments of revenge or tease. Remember : Data snooping can be an
enriching, exciting activity, if approached with an attitude of maturity.

ÖÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ·
) Written by Lee Day for Abstruse Authors of Merca (
ÓÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄĽ