Welcome, Guest. Please login or register.

Login with username, password and session length

The old underground...

The old underground...
November 10, 2008, 04:49:17 PM
Of hacking:

Code: [Select]


                          How to Hack Codes Galore!
                             With a Hayes Modem!

                      Almost as Fast as an Apple Cat!
                      No More False Carrier Problems!

                          Written by Dawn Treader

                               Sept 1 '89

     I was sitting and thinking hard one day about how I could hack
better with my Hayes modem instead of hooking up my 300 baud Apple
Cat, since I didn't have the right plug <-> phone line connection for
my Cat.  Low and behold, an idea comes to me... Quickly jumping over
tables and running through walls, I furiously type away in DOS 3.3
after booting my modded version of Smooth Hacker 2.2.  When I was
finished I sat back and watched it hack.  I was done, and my Hayes
Compat modem was flying through attempts like never before.  Here's
how you can do it, too.

     Have you ever heard of an Apple Cat modem?  All the wonderous
things it can do, like easily send a 2600 tone over the line, but more
importantly, easily hack over 300 attempts on a port in ONE HOUR?

     Even if you don't have an Apple computer, I'm sure you wish you
could have a modem capable of such feats.  Well, while your Hayes
Compatible modem might not be up to producing a 2600 tone, it CAN hack
almost as well as an Apple Cat!  Read on, my friend.

     Hackers that use the Apple Cat can detect a bad code almost as
soon as dialing it because of a major loophole in every long distance
service's hardware.  When you dial a bad code, did you ever notice
that it rings almost right away?  And when you dial a good code, did
you ever notice that there is at least one second of silence while the
phone call is being connected?  This is very important, because when
the Apple Cat is used to hack access codes, it listens for this
silence.  If it hears it, it marks it as a good code, and it it
doesn't get silence it hangs up immediately and goes on to the next

     If you can't understand why this method of hacking codes is so
incredibly fast, let me give it to you in numbers.  Your Hayes modem
requires a carrier wait time (S7 register) of 20 to 30 seconds on each
code.  That's roughly 120 attempts per hour on a FAST day.  The Apple
Cat hangs up in less than 10 seconds, which means it can over 360
codes *per hour*!  With my (new, improved, super-spiff) method of
hayes hacking, a complete attempt (the time from dialing code #1 to
dialing code #2, a complete cycle) is roughly 13-14 seconds, depening
on your modem - that comes out to around 250 attempts per hour!  And
you can use the same modem you have sitting next to you right now,
with NO modifications! [ Example times are for a 950... If you're
using an 800, it will be slightly longer. ]

     How, you ask.  Very Simple.  When Mr. Hayes made his modem he
thought it would be very useful for the modem to recognize dial tones
and silence.  You can use this silence detection - built right into
your modem's command set - to hack codes more effectively.

  Normal Dial #1:  ATDT 950-1234 W 9876543 xxx-xxx-xxxx
  Normal Dial #2:  ATDT 950-1234,,,9876543 xxx-xxx-xxxx

  Improved!   #3:  ATDT 950-1234 W 9876543 zzz-zzz-zzzz @
                   /    /        /    /    /           /
                  /    /        /    /    /           Wait for
              Dial    /        /    /    BBS Number   Silence
                     /        /  Code    (Carrier)
                    /  Wait for
             Service       Tone

     Normal hackers use either #1 or #2 and some pre-defined carrier
number.  Some hackers have large databases of carrier numbers, because
using the same destination number on 600 attempts looks very
suspicious to the owners of the 950.  The Improved Dawn Treader Method
(tm) allows total random destination numbers - TOTAL random! No more
large databases or risks of getting caught here.

     The W command waits for a dial tone.  You should use this instead
of the ,,, wait, because W is faster.  While ,,, waits for 6 seconds
(depending on how long one , waits), W just waits for the dial tone,
so there is no extra wait time involved.  Every second counts when
dialing 1000 times!

     The @ command is the heart of this hacking method.  @ waits for
silence, or in my modem's manual (Avatex 2400 - I *highly* recommend

    @ - Commands the modem to wait for the time
                specified by the S7 register for 5 seconds
                of silence on the telephone line before continuing.
                No silence will give the message NO ANSWER (error #8).

     So, put simply, modify or rewrite your hacker to print a @ after
the current dial string.  Modify the part of the hacker that waits for
a carrier to wait for NO ANSWER [error code 8].  If it doesn't get
NO ANSWER, the code is good!  Then in the hacker setup, specify
carrier wait time = 8.  (S7=8)  A setting of 8 seems to work best for
me.  Adjust it yourself.

     That's it.  Watch it fly.


                                 Some Tips

     Modify your hacker to use totally random numbers for the

     Use a valid area code in the destination # so it doesn't look
wierd when it shows up that someone is trying to dial 109-381-1938.
[109 is not a valid area code, currently]

     PBX Hacking --- I haven't tried this on PBX's.  But here is an
idea for better PBX hacking - I noticed that with a High-Low tone, my
modem responded BUSY [error code 7], so if you could modify your hacker
to check for a BUSY - if it does find it, it's a bad code, if it's not
BUSY, the call went through!

     False Carriers --- They don't exist with this method!  Your modem
is listening for silence, not a carrier.  So go ahead and hack on
carriers with a false carrier, since none of the c0de kidz can hack on
it, you'll be safer! (I have also heard through the mysterious phreak
grapevine that Sprint has hooked up some 300 baud modems to their 800
dialups, so when you get a bad code, you get an actual carrier!  And if
you happen to connect to this modem 600 times, I wouldn't be surprised
if you get fried.)


                          Known Problems

     Everything has problems.  This method is hard to implement on
some hackers and easier on others.  Here's the reason.

     If your hacker sends an ATH after each code, the modem will send
OK [error code 0] back to the program.  If the program doesn't
intercept this 0 or OK, it will get put in the buffer until the
program does.  So when the program waits for a response after dialing
a code it will receive this OK and take it as a good code.  You can
usually take the ATH completely out... You aren't going to connect
to a carrier!

     Some modems might not use @ the same way, because they aren't
completely Hayes compatible.  You can probably tweak your hacker and
modem somehow to work, and even if you can only hack 100 attempts per
hour like regular hacking, you're still avoiding the false carrier
and messing with the S6 register!



     Screw 'em.  I do want to hear about your problems, your
success, your ideas, and anything you want to say.  Call one
or both of the systems below to e-mail me, or just call them.

  The End.

        Thanks for reading.  It works.  Spread this around.
   Check out my Code Safety Files, soon to be out hopefully maybe.

                       Written by Dawn Treader

               cDc Rules!  Call a `Moo' board today.

   Pure Nihilism                517-337-7319
   Demon Roach Underground      806-794-4362    Login: THRASH

*** Restored from hardcopy by ANUS.com 11/11/08 ***


Re: The old underground...
November 11, 2008, 02:48:52 PM
i understood very little of this. Where does one go about finding resources for hacking modern networks?

http://www.phonelosers.org  <-- I discovered this a few months ago, mostly a bunch of washed up phone phreaks