THC-SCAN v0.8�
(c) 1996 by van Hauser/THC of LORE BBS
* PUBLIC BETA RELEASE *
Part Title Line # Last Updated in Ver.
------------------------------------------------------------------------------
I. Introduction 50 v0.7a
II. Commandline Parameters 240 v0.8�
III. Online Scanning Keys 550 v0.7a
IV. How to configure Modem & TS-CFG 750 v0.7a
V. Tips & Tricks 855 v0.7a
Epilog: Update? How to contact? etc. 975 v0.8�
------------------------------------------------------------------------------
->> Please read HISTORY.DOC to see what's new, or get a general insight <<-
What does THC-SCAN
------------------
THC-SCAN scans a defined range of phone numbers.
It Reports : Carriers, Tones, VMBs, Fax etc. etc. depending on the mode
setted & configured. (You can do many more things with this piece, but get
a brain to find out ... ;-) [300 kb source code by the way ...]
Hey that looks like TONELOC !
-----------------------------
Yep. Toneloc is very good. But first it didn't work on my computer and
second it could be enhanced. So i wrote this one. And my personal
opinion is, that this one is better. Much more flexible and more functions.
(which programmer would say his one is not as good as? Why releasing it then?)
Take a look. Try it, test it. It's worth it's time !
Who's Who in this file package ?
--------------------------------
THC-SCAN.EXE The Scanner EXEcutable
TS-CFG.EXE The ConfigMaker EXEcutable
DAT-CONV.EXE DAT File Converter Toneloc <-> Thc-Scan
DAT-MANP.EXE DAT File Manipulator for Thc-Scan, exchange ID values.
DAT-STAT.EXE DAT File Statistical Analyzer.
EXTR-NO.EXE Extracts (phone-)numbers from a text file.
BETATEST.DOC IMPORTANT INFORMATION FOR BETATESTERS /* Only in BETA Releases */
DATFILE.DOC The Structure of the Thc-Scan DAT Files
ERRLEVEL.DOC Overview of the Errorlevels returned by Thc-Scan
HISTORY.DOC History File. What's new, what changed, bugs etc. READ IT !
THC-SCAN.DOC Small Documentation for the average Scanner Guy
TONELOC.DOC Differences between Thc-Scan & Toneloc. How to (ex-)change.
SIGS.ZIP PGP Signatures of all EXEcutable files in this package.
Please check to get a secure version of my public PGP key.
FILE_ID.DIZ File Description for BBS
LORE.COM Small demo of LORE BBS ;-)
THC.NFO Important. Our group infos ;-)
The different Modes
-------------------
There are two basic modes, THC-SCAN can be set.
CARRIER MODE - THC-SCAN searchs for carriers
TONE MODE - THC-SCAN searchs for tones/pbx. Those ones with a dialtone.
When in CARRIER MODE, THC-SCAN can also identify VMBs, Voice, Fax and more.
You may change the mode online by pressing "ALT-M"
The AUTONOM/MANUAL Mode
-----------------------
This is a special mode, never ever seen on a scanner before.
For this Mode ADD-ON you must sit in front of the computer while scanning.
(you should do this every time, unless you are so lazy to scan
for carriers only)
When turned on, you may continue dialing! This is useful for Tones/PBX, or
VMBs or Answering Machines, to test the code length etc.
Press ENTER when autonom/manual mode is turned on to continue dialing.
You may also enter "M" while online to redial and enter autonom/manual mode for
this call only. Or you may hit "Alt-M" to toggle this mode on/off
DIAL MODES
----------
You can choose to dial RANDOM, Sequentiell up & down (with step rates too)
or to Dial all numbers in a specified textfile. Read next Paragraph for
details on this.
DIALING NUMBER FROM A TEXT FILE
-------------------------------
This allows you to scan every number you put on a list.
DRAWBACKS :
NO Dat file is created (of course)
BACKSPACE key (redial last 20 dialed numbers) won't work here
If you want to continue such a scan type after aborting it, you must manually
delete everything until the line THC-SCAN should continue.
ADVANTAGES :
You can put any number on the list you want to.
The first scanner ever to offer this possiblity
How to use this :
Use EXTR-NO.EXE to extract the phonenumbers from any textfile (carrier
listings ;-) ... check the created file after that for mistakes etc.
Start THC-SCAN with : THC-SCAN.EXE @<textfilename> [any other options]
Note that /M, /X, /D and /R are disabled when using this option.
Guys, this one is REALLY cool! I collected EVERY textfile, message, Scanlist
TL & TS DAT File and extracted every modem carrier into the file.
Then I scanned ALL 700 numbers found, revealing me the list of 500 carriers
on german toll free numbers, the most complete list ever to be created ...
PRIMARY & SECONDARY Identifications
-----------------------------------
This is also a special thing first ever possible in a scanner.
Primary Identification is the main thing about the number.
Is it a carrier, tone, vmb, girl voice, fax etc.
You press the ID key (F for Fax f.e.) and THC-SCAN will stop and move to the
next number.
Secondary Identifications are other characteristica which are interesting.
For example if the phone system of the target is using CCiTT #4 or #5
which is interesting for blueboxers, or to determin if the number is in
an other country (better if you want to play with those numbers, depending on
the law of your country, you may only break the law in the country the phone
number is located. Check your lawyer.) on f.e. Toll Free Numbers.
When you press the ID key for a Secondary ID (5 for CCitt #5 for example)
THC-SCAN will not stop. You may type some more 2ndary IDs.
But when you press a Primary ID, THC-SCAN stops and moves to the next number.
SECONDARY Identifications are marked in Section III - Keys while online
as SECONDARY.
Carrier Hacking & Nudge
-----------------------
When mode enabled (TS-CFG : MODE HACKING), depending on mode set it will
0) wait for nudge delay timeout
1) send nudge string to system and wait for nudge delay timeout
2) beeps a few times to inform you that YOU can now enter the system.
NO nudge delay timeout. You can online hack the other system)
Don't unset the string variable for your Carrier Hack Log, or no log file
will be created.
Pressing ALT-T while 0) or 1) is in progress automatically enters 2)
See TS-CFG to see how to set up the NUDGE STRING.
NUDGE DELAY counts the time after the connect had been made. When exceeding
Nudge delay setting, THC-SCAN disconnects (only in 0) and 1) )
The DAT File & the LOGs
-----------------------
In the DAT file are many things things saved - all primary IDs and the no#
of rings detected on that number. Not the 2ndary IDs !
In the LOG files everything is written. In the main log file everything is
logged, in the specialized logs (VMB LOG f.e.) only those about this type are
written too. If you Delete the name entry in TS-CFG, that type won't be logged
in an own file anymore!
van Hauser says :
-----------------
Thanks to all Betatesters, especially to : The Analyst, Wilkins & Plasmoid !
Credits for the nice blinking Screen, and scrolling up/down go to Plasmoid ;-)
Credits too for the nice EXE file crypter got to Marquis. ;-)
Greetings to : � Omega (hi chummer! Thanks for your help! And make a BACKUP!)
� Tom (thanks for your betatesting too!)
� The Search, JFF (good work spreading the THC releases)
� Scavenger (thanks for the help! (& the best dialer, ya know)
� Skysegel (spoof'em! ;-)
� The Q (for being no where and absent all the time)
� Marquis / UCF (let's let our groups work together ;-)
� Muchos Maas, Minor Threat (for programming TONELOC, breaking
the limit at the art of scanning. Your program gave me GREAT
inspirations!) Hope ya get out of jail soon.
... and to Dr. Fraud, Karl Marx, Chotaire ... all on #bluebox
And two guys who are out at the moment ... the two most
dangerous things that may happen to a hacker :
� El Griton (Being busted by Police + Fbi ... good luck chummer!)
� Vaxxer (Being occupied by his girlfried ... Get up AGAIN!)
[@]<DatFile> The name of the DAT file to create/use/update.
This MUST be the first parameter to give to THC-SCAN !
If you specify the "@" in front of the filename,
that will be the specified DIALTEXTFILE ! (Read Sec. I)
Optional :
-----------
[/M:<dialmask>] The Dialmask to use for scanning. If you use f.e.
/M:1234-x-6-xxx the program will scan from
1234-0-6-000 to 1234-9-6-999. You may use any number
of X's between 1 and 4 - not more! If you don't
specify this option, the <DatFile> name will be
interprated as <dialmask>.
You may put the X's where ever you want like :
/M:x-1-x-2-x-4-x-5
The "-" character is NOT necessary.
[/X:<excludemask>] The Excludemask to use for scanning. The numbers
excluded WON'T be scanned! the excludemask must have got
the same length as X's are used in the <dialmask>
If you use f.e. /M:1234-xxxx and /X:00xx
then 1234-0000 to 1234-0099 WON'T be scanned, all others
will. You may specify up to 10 exclude masks.
[/R:<from>-<to>] A Special Range to scan. This is useful if you want f.e.
create a DATfile with a full range (XXXX) but want to
scan today/tonight only a special range from 0000 to
0250 ... /R:0-250 ... you may use up to 10 Ranges.
[/D:<from>-<to>] This is like /R but DROPS (doesn't scan) those numbers.
/D:500-999 f.e. won't scan 0500 to 0999
You may use up to 10 Drops
[/#:<no>] This is the maximum number of tries THC-SCAN will make
until it will exit. f.e. /#:100 will make 100 dials
and then exit. If not specified there won't be a limit.
[/H:<time>] This specifies a timerange. When exceeded THC-SCAN will
exit. if you just use /H:4 it will scan for 4 hours,
if you use /H:0:30 it will scan for 30 minutes.
[/S:<time>] This specifies the Starting Time for scanning. THC-SCAN
will wait until a key is pressed OR the time mentioned
is reached and will then begin scanning. You may either
use am/pm time or military time :
/S:3:50p will wait for 15:50 ...
/S:14:15 will wait for 2:15p ...
[/E:<time>] This specifies the Ending Time for scanning. When
reached, THC-SCAN will exit. Usage is like /S.
You must not use /S and /E together.
[/C] Starts THC-SCAN is carrier scan mode. Overrides what ever
was specified in the config file.
[/T] Starts THC-SCAN in tone scan mode. Overrides what ever
was specified in the config file.
[/A] Starts THC-SCAN with autonom/manual mode ON. Overrides
setting in the config file. This is an additional mode
to Carrier/Tone scanning. Read Section I. for more info.
[/B] Starts THC-SCAN with autonom/manual mode OFF. Overrides
setting in the config file. This is an additional mode
to Carrier/Tone scanning. Read Section I. for more info.
[/Q] Prevents any beeps made by THC-SCAN
[/!:<ConfigFile>] Specifies an other config file to use but THC-SCAN.CFG
[/*:<no>] Dial only numbers which were identified as a special
type. Consult the DATFILE.DOC to check the numbers to use
f.e. Timeout is 32 to 39 (depending on rings detected).
To scan Timeouts with NO rings again use /*:32
to scan Timeouts with 5 rings again use /*:35
to scan ALL Timeouts again use /*:32X
This X after the number tells THC-SCAN to scan all
members of a type, from 0 to 7 rings.
You may use this option up to 10 times.
[/&] Turns Debugging mode ON. All modem output will be saved
into MODEM.LOG
[/N] Turn Effects (Window Scoll up/down) off. In future this
will also turn assembler screen writes off to be
Desqview compactible.
Note : The "/" before the option is NOT necessary NOR the ":" after.
you may also use "-" instead of "/".
All these Examples are valid :
THC-SCAN scanit -M:1234xxxx /C h5
THC-SCAN scan1234xxxx -T S23:00
THC-SCAN 1234-xxxx -!alternat.cfg *72x /*:64X -Xx000 d7999-9999
THC-SCAM 1234xx -Q
All these Examples are NOT ! valid :
THC-SCAN scanit -m1234xxx a b Autonom/manual mode turned on & off
THC-SCAN scanit -m1234xxx c t same as above but with carrier & tone
THC-SCAN scanit c no dialmask specified, the datfilename
hasn't got a X in it!
THC-SCAN xrated NOTE : This would be valid! it would
simply dial the number 0, then 1 etc.
If the program doesn't behave like you want, some strange things happen like
numbers dialed again, some dialed not etc. Check your CFG File ! There are
numerous things to configure so check first if everythings correct.
(escpecially the options SAVE DATATYPES, REDIAL BUSY, AUTONOM/MANUAL MODE,
SCANNING MODE - all in the MODE Menu of TS-CFG.EXE, plus Modem Config
Options like WAIT BETWEEN CALLS, MODME HANGUP TYPE, CHARACTER DELAY)
<Datfile 1> DAT File to load.
<Datfile 2> Dat Filename to write.
Optional :
-----------
<ID_1> in TL->TS Mode : THC-SCAN DAT ID to write for NOTE
variable in TL Dat file.
in TS->TL Mode : THC-SCAN DAT ID to write as NOTE
variable into TL Dat File
<ID_2> same as above but for NO DIALTONE variable.
if you define the optional variables you must either only set ID_1 or both,
you can't only set ID_2.
<Datfile> DAT File to manipulate. .BAK file will be created.
<ID_1> ID Type to search for. Look up ID numbers in DATFILE.DOC
Appending an "X" after the ID will search for the whole
type (means with all ring counters).
<ID_2> ID Type to overwrite ID_1. Appending an "X" after the ID
will transfer the ring counters. Only Possible if also
on ID_1 an "X" is appended.
<ID> ID number of the phone numbers to write into <OutputFile>
As Usual you may search for all IDs of a type with "X"
This prints some statistics about the DAT File.
The Optional Parameters must be used together !
The Optional thing is very interesting : by specifing the outputfile and the
ID, it will search for the ID, and writes the WHOLE PHONENUMBER of the ID into
the outputfile! Practical to import this data into another program!
(for example Textfile Dial Option from THC-SCAN with @)
<TextfileOUTPUT> Textfile to write the found numbers to.
Optional :
-----------
<no-min-length> Minimum Length the number should be. (Std:6)
REMOVE This Keyword removes ALL seperator of found numbers.
F.e. 1-800-5555-444 would be 18005555444
ONLY This Keywords specifies that the numbers may NOT
have a seperator. Normally a number may have one
seperator between each other, like 1-800- etc.
so NORMALLY this is valid :
1-800-5555-444
1-8-0-0-5.5./5/5 4 4 4
but also 12/12/95 which is more likely a date.
With THIS keyword there are NO seperators allowed!
<ConvertType> Convert with which option :
7E1 - file is assumed to be captured with 8N1
but is really 7E1 and makes it readable.
Noise characters will be removed.
7O1 - file is assumed to be captured with 8N1
but is really 7O1 and makes it readable.
Noise characters will be removed.
REMOVE - Removes any character above 122 value.
Useful when you got a connection without
error correction and you want to filter out
the noise characters.
LF gimmick : converts to amiga/unix text format.
Any Carriage Return character will be removed.
CRLF Converts to MsDos Text format from both
amiga/unix and the rare OS type text format
automatically.
CR gimmick : converts to some rare OS text format.
Any Linefeed character will be removed.
While Online you can hit the following keys with the following results :
(print this section or press "?" while online)
SCAN MODE
=========
KEY DESCRIPTION
----- --------------------------------------------------------------------
B Identifies the current dialed number as BUSY
Will be saved into BUSY LOG
C Identifies the current dialed number as CARRIER
NOTE: when the CARRIER HACKING is ON (see TS-CFG.EXE) then THC-SCAN
will continue to try to connect. Press SPACE to abort connect
try and move to next number. It will still be saved as CARRIER
Will be saved into CARRIER LOG
When Hacking, the output will be saved into CARRIER HACK LOG
F Identifies the current dialed number as FAX
Will be saved into FAX LOG
G Identifies the current dialed number as GIRL (Female Voice response)
Will be saved into VOICE LOG
I Identifies the current dialed number as INTERESTING VOICE
Will be saved into VOICE LOG
M Redial+Manual, redials the current number and let's you enter MANUAL
DIAL MODE with ENTER for this call only. See Introduction for usage.
N Next Number WITHOUT setting an primary ID on that number.
(For closely examine later OR if you define a CUSTOM ID as 2ndary,
it would be overwritten whn pressing SPACE with the ID
UNINTERESTING) - the same as [TAB]
P Pops up PAUSE Window. You are still online. Press H for hangup,
R to Redial immedeantly, N for Hangup & Next Number or any
any other key to continue this numer and reset online timeout.
(Doing a continue after you hang up is not possible, you should
use Redial for that (logical, isn't it?))
Q QUIT after completed the call
R Redial current number
S Save a comment. When the call is completed it will ask you for a
comment. Your last comment made will be displayed. Use Control-X
to delete line. You can use also the Home, End, Insert, Delete,
Backspace, CursorLeft and CursurRight keys. ESC to abort, Enter
to save. SECONDARY ID
Will be saved into COMMENT LOG
T Identifies the current dialed number as TONE
NOTE: when the TONE HACKING is ON (see TS-CFG.EXE) then THC-SCAN
will enter TONE HACK MODE.
Will be saved into TONE LOG
U Identifies the current number as UNUSED
Will be saved into UNUSED LOG
V Identifies the current number as VMB
Will be saved into VMB LOG
X Extend the timeout for 5 seconds for this call only to a max of 255
plus the timeout value.
Y Identifies the current number as YELLING ASSHOLE (voice)
Will be saved into VOICE LOG
+ Extend the timeout for 5 seconds for this call only to a max of 255
plus the timeout value. (This is like "X" - "X" is for compactibilty
with Toneloc)
- Decrease the timeout for 5 seconds for this call only.
? When Online, one of the six help windows will be displayed in the
Statistic Window. Press "?" for the 6th time to see the stats again.
1-3 Identify current number as CUSTOM 1-3 ... You may specify their name
in TS-CFG. NOTE : Custom 1-3 may be assigned to be SECONDARY IDs.
Will be saved into CUSTOM LOG
4 Identify current line as CCiTT #4 (for blueboxers. SECONDARY ID
Will be saved into CCITT LOG
5 Identify current line as CCiTT #5 (for blueboxers. SECONDARY ID
Will be saved into CCITT LOG
6 Identify current number as foreign continent EUROPE. SECONDARY ID
Will be saved into COUNTRY LOG
7 Identify current number as foreign continent USA. SECONDARY ID
Will be saved into COUNTRY LOG
8 Identify current number as foreign continent ASIA. SECONDARY ID
Will be saved into COUNTRY LOG
9 Identify current number as foreign continent AFRICA. SECONDARY ID
Will be saved into COUNTRY LOG
0 Identify current number as an OTHER foreign continent. SECONDARY ID
Will be saved into COUNTRY LOG
SPACE Identify current number as UNINTERESTING. (NEXT)
TAB Next Number WITHOUT setting an primary ID on that number.
(For closely examine later OR if you define a CUSTOM ID as 2ndary,
it would be overwritten whn pressing SPACE with the ID
UNINTERESTING) - the same as N
ESC This aborts scanning immedeatly and quits.
ENTER When in AUTONOM/MANUAL mode, or activates Redial+Manual with M
you may press ENTER to continue dialing online !
Will be saved into MANUAL LOG
BACKSPACE Enters the DIAL_AGAIN Menu. You can select from the last 20
dialed numbers as many as you like to be dialed again.
Very useful if you identified a number wrong, or you were on the
toilett when this wonderful scanner detected a carrier and you want
to see what it was now.
NOTE : In Random Mode they won't be dialed again at once.
(it's random ;-)
F1-F8 Execute programs specified in TS-CFG
ALT-A ALARM! The screen will immedeantly show another picture, called
ALARM.BIN. The modem will abort at once and turn the modem speaker
OFF. The scanner will then continue. Press ALT-A again to see
the online scan screen. Note that that modem does not switch
the speaker on again. Do that with ALT-S.
ALT-B Activates BOSSKEY. Screen Blanks. Press Alt-B again to unblank.
The screen will be up to date with the online data.
Note: All other ALT Functions are disabled while Bosskey on,
Also Carrier Hacking in Mode 2 is disabled.
ALT-C Turn COMMENT ALL Mode on/off. When on it asks after EVERY number
for a comment.
ALT-D DIAL Menu. Enter a number to dial. (f.e. the number of your
girlfriend - and you don't want to stop the scanning process)
ALT-J Jump to DOS. Options will be displayed to Hangup, Continue, Redial
etc.
ALT-M MODE Menu. Change mode CARRIER <-> TONE and turn AUTONOM/MANUAL mode
on or off.
ALT-O OPTION Menu. Immedeantly runs TS-CFG while online. Changed options
will be loaded!
ALT-S Speaker Toggle : Turn Modem Speaker ON or OFF
ALT-T Enters TERMINAL MODE. When a log for carrier hacking is specified,
everything will be logged there.
Will be saved into CARRIER HACK LOG
TERMINAL MODE
=============
F1 Shows in the Status Line the other commands
ALT-B Send a Break
ALT-C Clear Screen
ALT-D Data Statistics
ALT-H Hangup
ALT-P Change Parameter -> Modem DATA Setting (8N1/7E1)
ALT-S Save Comment (now you can also set this ON from here)
ALT-T When in Carrier Hacking AUTO Mode, you can enter into manual mode
by pressing ALT-T.
I YOUR MODEM
First get all information about your modem.
You need to know which IRQ, BASEADRESS and BAUD SPEED is used.
For COM IRQ BASE are common, but may differ.
1 4 2E8
2 3 2F8
3 4 3E8
4 3 3F8
also important is the baud speed. Suggestions : If you got a modem
capable of 14400 Baud or more, try it with 14400 ... if you get the
error message "Can't initialize Port" then set it to 9600.
This is cause you use a 14.400+ Baud EXTERNAL Modem and your seriell port
is not fast enough. But this is not important. Real Carrier Scanner Guys
set their modem to 2400 Baud to get every carrier without problems.
II TS-CFG
Set Up TS-CFG. You must run TS-CFG before you can run THC-SCAN for the
first time, 'cause the CFG File will be created there. Change the defaults
to suit your modem. Everything you need to know about the options you may
change in TS-CFG are explained there. So here you'll only see those
options which need to be explained further and those with no help.
MODEM CONFIG MENU
-----------------
Modem Init : Configure your modem to wait for a carrier longer
then the timeout time defined (S7 Register to 60+)
The Carrier don't be lost easily (S10 Reg. to 50)
Check exact the time your modem needs to identify
the dialtone. Put this time into the S6 Register.
The modem should lower datarate when line quality
is bad, and it should try to connect on any
possiblity. Set Speaker On or Off as you like.
Use the factory settings and only change those
things, not more, that's the most securest way.
Also important is, that you set the REPORT level
to the highest (most time X set to 7)
(except you are a modem configure artist ;-)
Note: You can also change the S11 Reg to 50-65
to dial faster.
HANGUP TYPE Can either be FAST or SECURE.
Choose FAST and try this with a) normal scanning,
b) carrier hangup c) choose manual/autonom mode
and scan. If everything works fine use this mode,
it's much faster. It works great with Zyxels, but USRs
are much slower. Try it.
AUTO DETECT DATA If you want to autodetect databits, parity etc. used
by a system you're scanning, you must set your modem
data to 8N1. It will detect after the first 100
characters transmitted if it's really 8N1, or if it's
7E1 or 7O1. It will switch mode if 7x1 detected and
reprint them correctly and reset also the nudge string &
nudge timeout.
For all Modem configs : CONSULT YOUR MODEM HANDBOOK !
MODEM RESPONSE MENU
-------------------
Very important. If this isn't configured properly,
not everything will work correct.
For example, if no dialtone is detected, USR modems
responds with NO DIAL, Zyxel modems report NO DIALTONE,
and last but not least, Creatix reports NODIALTONE
All new modems report CONNECT when a carrier was found,
but old ones may report CARRIER ... and so on.
And not all modems can detect VOICE. Keep that in mind.
To make your life more easy you can do enhanced
identification. When you get a VOICE response, and your
modem didn't recognized a RINGING, then it's likely to be
a VMB ... so set for there FROM_RINGS to 0 and TO_RINGS
to 0 too for VMB detect (and set modem response to VOICE)
Make up your mind, you can do powerful things with that
but you need a brain to make that out! ;-) hehehehe
SCANNING MODE MENU
------------------
REDIAL BUSY Numbers dialed in this scan round will only be redialed
when busy when SCANNING RANDOM. Set the DIALING Option
to 0 for this. When Dialing Sequentiell, only busy
saved numbers from former tries will be done again.
OVERWRITE WITH BUSY If you scan for a special ID number (f.e. all carrier,
or tones with no ring) this defines if those Data will
be overwritten as BUSY when a BUSY is detected.
Of course you should turn them off, but you may set this
on to check which numbers you couldn't scan. Or do you
want to check all numbers in the log with your data file?
MODEM CONFIGS ?
Here's a good Modem config for the Zyxel 1496B :
AT &F *Q1 *P15 S11=60 S10=30 X5 N3 L6
if you want a quiet scanning, remove "N3 L6" and put "M0" there
If for normal use (BBS call), remove *Q1 and exchange S10=30 with S10=64
Here's a good Modem config for the USR Dual Standard 14.400
AT &F &A2 S11=60 S10=30 X7 Q0 E1
if you want a quiet scanning, add "M0"
Note : Get Infos about the undocumented commands for your USR.
There should be possibilities to even recognize CCiTT #5 clicks
when using the hidden Y command settings. Use the -& Option of
THC-SCAN to print all modem output into MODEM.LOG
Heres's good Modem config for the Creatix/Fax 14.400
AT &F S11=60 S10=30 X7 L3
if you want a quiet scanning, remove "L3" and put "M0" there.
Important with these configs is that you check that your modem dials
not too fast for your phone system. experiment a bit with it, ya can
save time with that ;-) (S11 Register)
HOW TO USE TOUCHTONE RECOGNITION WITH YOUR MODEM AND THC-SCAN
1) First Possility :
Put ",;%T" in your Dial Suffix string. (if you aren't using a USR for
DTMF Recognition, exchange the "%T" with the correct command)
Start THC-SCAN with the -& command to have all modem output printed
into MODEM.LOG. Set to SECURE HANGUP in TS-CFG - MODEM SETUP.
2) Second possiblity :
Set THC-SCAN to AUTONOM MODE or do a M (Redial+ Manual) while online.
Enter ALT-T for Terminal Mode immedeantly. When you see the "OK" Answer,
enter the modem command for Touchtone Recognition (AT %T).
To abort, press ESC. The output will be saved into your CARRIER HACK LOG
VOICE RECOGNITION RESPONSE WITHOUT EVEN FINISHED DIALING
Put a "," into DIAL SUFFIX in the MODEM CONFIG Menu in TS-CFG
SAME AS ABOVE BUT WITH TONE SCANNING !
also the same solve as above
THC-SCAN DIALS ONLY EVERY SECOND NUMBER
Raise the number for WAIT BETWEEN CALL in MODEM CONFIG Menu in TS-CFG
to 1000-1500
IDENTIFYING CARRIERS WHERE THERE AREN'T ANY
Set your S7 Register of your modem to +15 then the Timeout specification.
MY MODEM DOESN'T DIAL ALL NUMBERS - IN FACT SOME WEREN'T SEND TO THE MODEM
Raise the CHAR DELAY in the MODEM CONFIG Menu in TS-CFG to 5-25
This is only necessary for old and slow modems.
WHAT SHOULD I USE - RANDOM OR SEQUENTIELL SCANNING ?
It's up to you. If you do it random maybe your phone company won't notice
your extensive scanning. But good phone systems will. If you dial
sequentiell you can get an overview about a company f.e. you get
their Customer Service on -0000, a Special Bureau of the Company at
-0010 to -0050, a Fax at -0055 ... and you'll notice that fact. In random
you won't.
WHEN SHOULD I SCAN - DAY OR NIGHT ?
That's up to you too - at daytime your calls won't be noticed. (and in some
countries it's a illegal to scan!.) But many numbers will be busy.
Or Carriers will only be online in the night. Or a VMB etc.
At nightime then again your calls may be noticed.
But some guys don't have a choice, when to scan on their line.
WHAT DO YOU DO?
I scan random at daytime, sitting in front of the computer.
Sometimes a nightly carrier scanning while i'm sleeping. (random too)
At night, there are more carriers online then at daytime.
Some Tone-Types and the carriers can be checked automatically, but the
interesting things you can only find, when you are sitting in front of the
computer.
I FOUND A TONE - AND NOW ?
Get PBXHACK (from THC too ;-) and "analyze" it - if it's not illegal ;-)
I FOUND A CARRIER - AND NOW ?
Check it out - it might be interesting. If you get some annoying
"PASSWORD:" prompt then get LOGIN HACKER (from THC too ;-) to get in.
(but only if it's not illegal in your country ;-)
I'M IN THE USA - SO ?
Scanning is illegal in some countries. Check a lawyer.
But some phone companies make their own law, and close your line if
you do extensive scanning. So check & try & test ... & good luck
I'M IN GERMANY - SO ??????
Scanning is not illegal in Germany. But German Telekom has now installed
SS7 Monitoring Equipment from HP, where such scanning habits can be
analyzed (plus many more things ... this hardware is very flexible ...)
And Telekom trained a special team in darmstadt to locate those evil
scanners - thought it's not illegal - but you know it too - telekom doesn't
care about that! surveilling phone lines for their purpose!
Telekom already installed tools on the phone lines of two friends which
will let the line go busy after every second number dialed (no matter how
long you wait between the calls, no matter what numbers exactly you dial)
after you began scanning. Such tools are also already installed in some
areas on the public payphones to prevent scanning.
At the moment you are safe, but maybe from March to October '96 on
you should be careful.
If you are updating from an older version :
Run TS-CFG. It will recognize the old version of the config file and
write the new one.
Where to get new versions :
Call one of the THC Dist Sites.
How to become a Betatester of THC :
At the moment we got two Betatest Directories on LORE BBS & ARRESTED
DEVELOPMENT and soon on SHOCK NETWORK too ... LORE BBS is a closed
system for experienced users only, so maybe it's better for you to
call A.D. or S.N to become a beta tester. Look for the numbers in THC.NFO
Once you've gto applied and access is granted write a comment to the sysop
or directly to me (van Hauser) to get access to the Beta Directories.
How to contact you (me ;-)
If you need some features, found some bugs, got questions/information :
1) Call LORE BBS -> ++49-(0)69-823282 Login:THC Pw:THC
leave a message for van Hauser
2) Call Arrested Development -> ++31-77-3547477 apply for an account
leave a message for van Hauser
3) Leave a message on my VMB in Germany : 0130-817698 Box:6630 (Aspen)
I appreciate any comments! Flames, Bug Reports, Tips, Typing Errors, Wishes,
Excuses, Ideas for new Features - and of course your beautiful girlfriend ...
Thanks for taking all your precious time to read that shit ...
For all the typing errors - hey i'm german ... ;-)
!! REMEMBER !!! REMEMBER !!! REMEMBER !!! REMEMBER !!! REMEMBER !!! REMEMBER !!
This file is for informational purpose only!
The Sysop-Team is NOT RESPONSIBLE for anything you do after reading this text!
!! REMEMBER !!! REMEMBER !!! REMEMBER !!! REMEMBER !!! REMEMBER !!! REMEMBER !!
!!! ACHTUNG !!! ACHTUNG !!! ACHTUNG !!! ACHTUNG !!! ACHTUNG !!! ACHTUNG !!!
Dieses File dient nur zur Information und Aufklaerung!
Die Sysops erklaeren sich NICHT VERANTWORTLICH
f�r Rechtsverstoesse, die durch diese Informationen entstehen.
!!! ACHTUNG !!! ACHTUNG !!! ACHTUNG !!! ACHTUNG !!! ACHTUNG !!! ACHTUNG !!!
