_____________________________________ How to Hack Codes Galore! With a Hayes Modem! _____________________________________ Almost as Fast as an Apple Cat! & No More False Carrier Problems! _____________________________________ Written by Dawn Treader Sept 1 '89 _____________________________________ I was sitting and thinking hard one day about how I could hack better with my Hayes modem instead of hooking up my 300 baud Apple Cat, since I didn't have the right plug <-> phone line connection for my Cat. Low and behold, an idea comes to me... Quickly jumping over tables and running through walls, I furiously type away in DOS 3.3 after booting my modded version of Smooth Hacker 2.2. When I was finished I sat back and watched it hack. I was done, and my Hayes Compat modem was flying through attempts like never before. Here's how you can do it, too. Have you ever heard of an Apple Cat modem? All the wonderous things it can do, like easily send a 2600 tone over the line, but more importantly, easily hack over 300 attempts on a port in ONE HOUR? Even if you don't have an Apple computer, I'm sure you wish you could have a modem capable of such feats. Well, while your Hayes Compatible modem might not be up to producing a 2600 tone, it CAN hack almost as well as an Apple Cat! Read on, my friend. Hackers that use the Apple Cat can detect a bad code almost as soon as dialing it because of a major loophole in every long distance service's hardware. When you dial a bad code, did you ever notice that it rings almost right away? And when you dial a good code, did you ever notice that there is at least one second of silence while the phone call is being connected? This is very important, because when the Apple Cat is used to hack access codes, it listens for this silence. If it hears it, it marks it as a good code, and it it doesn't get silence it hangs up immediately and goes on to the next code! If you can't understand why this method of hacking codes is so incredibly fast, let me give it to you in numbers. Your Hayes modem requires a carrier wait time (S7 register) of 20 to 30 seconds on each code. That's roughly 120 attempts per hour on a FAST day. The Apple Cat hangs up in less than 10 seconds, which means it can over 360 codes *per hour*! With my (new, improved, super-spiff) method of hayes hacking, a complete attempt (the time from dialing code #1 to dialing code #2, a complete cycle) is roughly 13-14 seconds, depening on your modem - that comes out to around 250 attempts per hour! And you can use the same modem you have sitting next to you right now, with NO modifications! [ Example times are for a 950... If you're using an 800, it will be slightly longer. ] How, you ask. Very Simple. When Mr. Hayes made his modem he thought it would be very useful for the modem to recognize dial tones and silence. You can use this silence detection - built right into your modem's command set - to hack codes more effectively. Normal Dial #1: ATDT 950-1234 W 9876543 xxx-xxx-xxxx Normal Dial #2: ATDT 950-1234,,,9876543 xxx-xxx-xxxx Improved! #3: ATDT 950-1234 W 9876543 zzz-zzz-zzzz @ / / / / / / / / / / / Wait for Dial / / / BBS Number Silence / / Code (Carrier) / Wait for Service Tone Normal hackers use either #1 or #2 and some pre-defined carrier number. Some hackers have large databases of carrier numbers, because using the same destination number on 600 attempts looks very suspicious to the owners of the 950. The Improved Dawn Treader Method (tm) allows total random destination numbers - TOTAL random! No more large databases or risks of getting caught here. The W command waits for a dial tone. You should use this instead of the ,,, wait, because W is faster. While ,,, waits for 6 seconds (depending on how long one , waits), W just waits for the dial tone, so there is no extra wait time involved. Every second counts when dialing 1000 times! The @ command is the heart of this hacking method. @ waits for silence, or in my modem's manual (Avatex 2400 - I *highly* recommend one!): @ - Commands the modem to wait for the time specified by the S7 register for 5 seconds of silence on the telephone line before continuing. No silence will give the message NO ANSWER (error #8). So, put simply, modify or rewrite your hacker to print a @ after the current dial string. Modify the part of the hacker that waits for a carrier to wait for NO ANSWER [error code 8]. If it doesn't get NO ANSWER, the code is good! Then in the hacker setup, specify carrier wait time = 8. (S7=8) A setting of 8 seems to work best for me. Adjust it yourself. That's it. Watch it fly. ___________ Some Tips ___________ Modify your hacker to use totally random numbers for the destination. Use a valid area code in the destination # so it doesn't look wierd when it shows up that someone is trying to dial 109-381-1938. [109 is not a valid area code, currently] PBX Hacking --- I haven't tried this on PBX's. But here is an idea for better PBX hacking - I noticed that with a High-Low tone, my modem responded BUSY [error code 7], so if you could modify your hacker to check for a BUSY - if it does find it, it's a bad code, if it's not BUSY, the call went through! False Carriers --- They don't exist with this method! Your modem is listening for silence, not a carrier. So go ahead and hack on carriers with a false carrier, since none of the c0de kidz can hack on it, you'll be safer! (I have also heard through the mysterious phreak grapevine that Sprint has hooked up some 300 baud modems to their 800 dialups, so when you get a bad code, you get an actual carrier! And if you happen to connect to this modem 600 times, I wouldn't be surprised if you get fried.) ________________ Known Problems ________________ Everything has problems. This method is hard to implement on some hackers and easier on others. Here's the reason. If your hacker sends an ATH after each code, the modem will send OK [error code 0] back to the program. If the program doesn't intercept this 0 or OK, it will get put in the buffer until the program does. So when the program waits for a response after dialing a code it will receive this OK and take it as a good code. You can usually take the ATH completely out... You aren't going to connect to a carrier! Some modems might not use @ the same way, because they aren't completely Hayes compatible. You can probably tweak your hacker and modem somehow to work, and even if you can only hack 100 attempts per hour like regular hacking, you're still avoiding the false carrier and messing with the S6 register! ____________ Disclaimer ____________ Screw 'em. I do want to hear about your problems, your success, your ideas, and anything you want to say. Call one or both of the systems below to e-mail me, or just call them. The End. _______________________________________________________________________ ``````````````````````````````````````````````````````````````````````` Thanks for reading. It works. Spread this around. Check out my Code Safety Files, soon to be out hopefully maybe. _______________________________________________________________________ ``````````````````````````````````````````````````````````````````````` Written by Dawn Treader cDc Rules! Call a `Moo' board today. Pure Nihilism 517-337-7319 Demon Roach Underground 806-794-4362 Login: THRASH _______________________________________________________________________ Bye! *** Restored from hardcopy by ANUS.com 11/11/08 ***