_____________________________________________________________________________ | | | THE PHANTOM VIPER | | | | PRESENTS | | | | P C P H A C K E R | | | | The First PCP Hacker Available For The Apple! | | | |_____________________________________________________________________________| Pcp Hacker Beta, Prelude Contents: One Pcp Hacker, Beta One Pcp Scanner, Beta The sheer size of these docs require that they should be printed out. Several portions of the program may get to be confusing, so it is wise to have a copy of the documentation ready in case you have an problems. Notice to all programmers : Feel free to improve upon and release future versions of this program. If you do release future versions, please keep credit to me for the original version. I. Introduction For awhile now the Apple users who use PCP have been living like parasites on the IBM world. IBMers have had the technology, and the patience to get PCP codes much longer than Apple users ever thought of the idea. A HACKER THAT HACKS THEM OUT FOR YOU? Gee whiz boz, what a thought there. Well, I decided enough was enough. I mean, sure I can hack on Sprint, Mid-America, ITT or whatever. But I can sure get busted too. Yeah, yeah, Extender Bender will help me cover myself, and lessen the chance of getting caught, but the danger STILL exists of getting caught every second you USE THE CODE! So, I designed a PCP hacker for the Apple // series. Fully capable of changing with the (seemingly constant changing) new PCP formats. It's got it all. (And for only $19.99! That's right, the TI-99, the COMMODORE-64, the...). Seriously. This is the second file release in the "HAYES HACAMATIC ][: THE NEXT GENERATION" series production. This program is compatable with Novation Apple Cats, Hayes Smartmodems, "OTHER"s, and the Multimodem 224. EXTENDER BENDER 1.0 -- RELEASED 2.0 -- RELEASED AND AVAILABLE AT A BBS NEAR YOU 3.0 -- SOON TO BE RELEASED CREDIT CARD NUMBER GENERATOR 1.0 -- RELEASED 2.0 -- RELEASED II. Documentation BOOT UP Stick the disk in the drive. Flip the power switch into the "ON" postion. DATE If you don't have a clock, you will be asked for the date. Enter it in the following fomrat: mm/dd/yy (mm=month, dd=day, yy=year). If the date shown on the screen is already correct, you need not enter it again. Just press return. The program automatically saves the date to disk so you need not type it in next time. CONFIGURATION If it is the first time you have booted, you will need to configure. You will be asked several questions, and they will be saved to the disk, so you need not enter them again. MODEM TYPE [1] Novation Apple Cat [2] Hayes Smartmodem [3] Other Enter the correct modem type by pressing the number indicating it on the left hand side of the correct modem type. GS USERS ONLY: GS users many need to change DCD and DTR settings on their modems to provide for true carrier detect ability and support (as opposed to ignore). DCD and DTR handshakes should also be set in the control panel to 'NO'. GS USERS ONLY: USE GS MODEM PORT? If your modem is in the gs modem port, not in a slot, select this option. SLOT OF MODEM Simply enter which slot your modem is in. If you own an Apple //c, it is slot 2. SLOT OF PRINTER Enter the slot your printer is in. If you don't have one, simply press '0'. On the Apple //c, the slot is slot 1. Then the program will save your setup, and continue on. USING THIS PROGRAM ON A HARD DRIVE OR UNIDISK There is no need to specify a prefix within the Pcp Hacker. All you must do is copy ALL the files and ALL the DIRECTORIES to your 3.5" disk or Hard Drive. Then make a program that does PREFIX /your.directory/ and then runs STARTUP. Example: You copy ALL the files to /hard.drive/pcp.hacker/ You then make a program called /hard.drive/pcp.run ]NEW ]10 D$ = CHR$(4) ]20 PRINT D$"PREFIX/HARD.DRIVE/PCP.HACKER/" ]30 PRINT D$"-STARTUP" ]SAVE /HARD.DRIVE/PCP.RUN and then you just "RUN PCP.RUN" anytime you want to use the PCP hacker. TITLE PAGE The title page will be shown on the screen. Press any key to continue once you have viewed it. MAIN MENU From the main menu you have six options. View good codes. Delete good codes. Start hacking. View these docs. Reconfigure. And a hidden option, the credit screen. VIEW GOOD CODES First you must enter the correct prefix. Use the correct ProDOS format. Example: /proterm/pcp.codes At the input prompt, where you are asked to enter the prefix, press 'esc'ape to return to the main menu. This allows you to view a list of saved PCP codes you have, and if you wish, print the list out. Use the arrow keys, and when the file you want is higlighted, press return. DELETE GOOD CODES First enter the correct prefix. Use the correct ProDOS format. Example: /proterm/pcp.codes At the input prompt, where you are asked to enter the prefix, press 'esc'ape to return to the main menu. This allows you to delete a list of saved PCP codes you have. Use the arrow keys, and when the file you want is higlighted, press return. CREDIT SCREEN Press ? to access this. It is a simple explanation of the program and a quick credit for me, the author of the program. Also you may choose CREDITS. START HACKING VIEW THESE DOCS Hell, you got here, you should remember! When it asks if you wish to print the docs out, you may press 'esc'ape to abort to the main menu. RECONFIGURE This takes you back, and allows you to change your modem type, modem slot and printer slot. PCP SCANNER Final addition to the program. Scans out pcp addresses. No documentation, pretty simple to use. III. Hacking Procedures First the program will load in Modemworks, the correct driver, and Amperworks. Then it will run the PCP Hacker. You must again answer a couple more questions. PCP NUMBER [xxx-xxxx] Enter the number of your local PCP port in the format shown. If you wish to call a port that is not local. Enter it in as 1-(xxx)-xxx-xxxx (you'll overun the brackets - but that doesn't matter). STATE AND CITY DESTINATION This is the abbreviation of the state and city put together you use to connect. You can get a list of these from your local PCP port by entering at the @ prompt, C PURSUIT - at username and password type guest - then go to the main menu, then go to the downloads. Look through the downloads, and you should stumble accross a list. Some popular examples: MNMIN, CALAN, NJNEW, TXDAL, TXHOU, etc. It's usually best to pick a less popular state - for sometimes the PCP ports can get congested and that would ruin your hacking efforts because an error message would be sent back, and the program would be unable to connect. SPECIFIED PCP FORMAT This next question will allow you to choose whether you wish to hack with a specified pcp format (this is very selective, and allows by far the best accuracy when hacking) or what I call the controlled chaos format. The controlled chaos format basically allows the user to add a suffix and prefix to the id and password, and it allows you to control the length of the id and password, by allowing you to set limits for randomizing the lengths. Comparision between formats: CONTROLLED CHAOS SPECIFIED PCP FORMAT Will allow the randomization of length of One specified length. the password and id. Will allow a suffix and prefix to be added Allows the pinpointing of exactly to both the password and id. what should be a number, letter, copying of other characters, selection from a preassigned list format, and an unkown mark. SPECIFIED PCP FORMAT If you choose the specified pcp format option, a row of numbers will appear. 0000000001111 etc. 1234567890123 x The numbers are to be read from top to bottom. Example: See where the x is? Notice it is under a 2. And notice above the two is a 1. So reading it from top to bottom you get 12. The x is in space 12. This will be used later with the copy function. ENTERING THE FORMAT You can use any of the following commands. CONTROL-L or } = Limited Set. CONTROL-C or { = Copy. ? = Unknown. # = Number. $ = Letter. , = Seperation of Id and Password. any # or letter = Preassigned Specified Characters. CONTROL-L or } (LIMITED SET) This basically allows a random choice from a list that you enter. Let's say you know the first character is always either an A a 6 or a Z. The first thing you would press is CONTROL-L or }. Down the screen the following will appear: [Set]: at this you would enter the set. A;6;Z - making sure to seperate each character with a SEMI-COLON. (;). Example 000000 etc. 123456 } [Set]: A;6;Z Now you will be returned to space 02. Now when hacking, the first characters will either be an A a 6 or a Z, depending on how the randomization turns out. Example: C D/MNMIN/12,A < that first character will either be an A, a 6 or a Z. NOTE! You can only have one character inbetween the seperating markers. In other words, you can't have "16;20;30" because they would each take up too many spaces, and these are only good for ONE space. CHANGING THE RANDOM PROBABILTIES IN A LIMITED SET The way the set command works is, let's say you entered [Set]: A;6;Z - okay, so then you finish entering everything, and the program calls up Pcp and starts a nice little hacking job. It goes through, printing the characters to the screen, then it comes to the set command. It says "Hmmm, I see there are three characters that aren't semi-colons in that set. So, I'll pick a random number 1-3. Then I'll compare it to the set to come up with a number. Okay, here goes. **** 3 - so we'll use the Z". - get it? Pretty simple. What you can do to offset the outcome some, is enter more of the desired character. Let's say you know the second character of the id is either a 0 or a 1. You also know the 0 is used more frequently. You would go like this: [Set]: 0;0;0;1 or [Set]: 0;0;1 or [Set]: 0;0;0;0;1 - or however much you want to offset the balace. In the first set [0;0;0;1] there would be a 3 in 4 chance the 0 would be picked, and a 1 in 4 chance the 1 would get picked. So in the [0;0;1] set, there would be a 2 in 3 chance the 0 would get picked, and a 1 in 3 chance the 1 would get picked. It is very simple. CONTROL-C or { (COPY) This fuction allows you to duplicate another character. Here's an example. 00000000 etc. 12345678 #$#$#$# As later you will learn, # picks a random number, $ a random letter. So, let's say you know the pcp format is number,letter,number,letter,number,letter, number, and then the next character (the 08 character) is the same as the first character (01). So let's say a 9 comes up in 01, then a 9 should be in 08. So all you do is go to 08 and hit { or CONTROL-C. 00000000011 12345678901 #$#$#$#{ [Copy]: Now, at the [Copy]: prompt, you should enter the space you wish to copy. Since you want the (08) space to be the same as the (01) space, you should enter 01, or just 1. [Copy]: 1 Now, when the program hacks the 08 space will be the same as the 01 space. 00000000 12345678 Example: C D/MNMIN/12,9Z2C4Z79 Notice the 08 space and 01 space are the same. (Note, when copying, you must use a number BEFORE the number you are copying. In other words you CAN COPY 01 if you were at 08, but you CAN'T COPY 13. If you wanted 08 and 13 to be the same, you would put the correct sign at 08 (like are 08 and 13 always numbers? then put a #, or letters? put a $) and then when you get to 13 you would do a COPY and then [Copy]: 08.) ? (UNKNOWN) The unknown marker is basically for if you don't know if it's a letter or a number. Example: 00000 12345 #$#$? Number, letter, number, letter, then either a number or a letter. # (NUMBER) You would use this to signify a number in the format. For example, if you knew the format was always number, letter, number, you would put #$# (the # represents a number). $ (LETTER) You would use this to signify letter in the format. For example, if you knew the format was always number, letter, number, you would put #$# (the $ represents a letter). , (Seperating the id and password) As you know, when you enter the id and password when connect to pcp, you enter the id,password. Example: PLL000000L,L0000L - Notice the comma seperates the id and password. Well, when entering the format, you will use the comma to seperate the id and password also. Example: #$#$#$#,$#$#$# would mean the id consists of number, letter, number, letter, number, letter, number and the password consists of letter, number, letter, number, letter, number. PREASSIGNED SPECIFIED CHARACTERS You would use this if you knew a character was ALWAYS THE SAME. Example: Let's say you knew the format ALWAYS STARTED WITH PCP then had a number. You would go: PCP# - not too hard. PUTTING IT ALL TOGETHER Let's pretend (boys and girls) that after studying 80 old Pcp id's, you suddenly discovered a pattern. The pattern goes like this: The id always starts with the letters PLL. The next character is either a 0 or a 1 followed by three numbers, a L and then two more numbers. The password starts with a letter, followed by a number, then a 3, followed by two more numbers, and then the last character is always the same as the first in the password. 00000000011111111 12345678901234567 PLL}###L##,$#3##{ That is what you would enter (PLL}###L##,$#3##{). Here's why: The id always starts with PLL, so you simply type PLL. Then next character is either a 0 or a 1, so you would use the LIMITED SET command. You would hit CONTROL-L (or the } character) and at the [Set]: prompt, you would enter 0 and 1 like this: [Set]: 0;1 NOTE! YOU MUST REMEMBER TO USE A SEMI-COLON (;) TO SEPERATE THE ITEMS. IF EXTRA IGNORED? APPEARS - THAT MEANS YOU FORGOT, AND EITHER USED A COMMA OR A COLON (:) TO SEPERATE THE ITEMS WHICH IS A * NO-NO *. The next three characters are numbers. So you enter a # for each of them. Then there is always a L, so you press L. Then there are always two more numbers, so press a # for each of them. The password starts with a letter, so enter $. The next character is always a number, so enter #. The next character is always a 3, so enter a 3. The next two characters are always numbers, so enter a # for each. The last character is always the same as the first in the password. So you would use the { or CONTROL-C, the copy command. At the [Copy]: prompt you would enter 12, since you want the character to be the same as the 12th character. (Haha! Lost? Did the example roll off into the twilight zone? Should have printed the docs out!). (Hmm, where have I heard that before?). CONTROLLED CHAOS FORMAT This applys only if you chose not to use the specified pcp format option. PCP ID TO USE OR RETURN If you want to hack a specific PCP Id you, lets say, accidently saw after accidently reading someone's email or something, at this point you would enter the id (like if you only found the id, and not the password). EXAMPLE: PLL000000L or PCP1234LLL If you don't have a specific ID you want to hack, simply press return. PCP PASSWORD TO USE OR RETURN Similar to the PCP ID TO USE input, except in this case, lets say you stumbled accross a PCP password, but not the ID, then you enter the password at this prompt. If you don't wish to hack a specific password, press return. RANGE OF NUMBER OF DIGITS NOT INCLUDING PREFIXES AND SUFFIXES Lets say you know that the ID's always have 8 digits, and the passwords always have between 3 and 6 digits. But the ID'S always begin with PCP. Here is how you would enter that. NUMBER OF DIGITS IN PCP ID From [5] (since you don't include the PCP, since that is a prefix - it's always the same). To [5] (There are only 5 random digits in the ID, so you type the same number in the TO box that is in the FROM box). NUMBER OF DIGITS IN PCP PASSWORD From [3] To [6] - not too tough. TOTAL NUMBER OF CHARACTERS Let's say you only know that the passwords have at least 6 digits, and that there are always a total of 16 digits if you add both the digits of the password and id together. Here's how you would enter that. NUMBER OF DIGITS IN PCP ID From [1] > Remember, you know at least 6 digits are in the To [10] > password, so that means there is always anwhere between one and 10 digits (16-6=10) in the ID. NUMBER OF DIGITS IN PCP PASSWORD From [1] To [6] TOTAL NUMBERS OF CHARACTERS IN BOTH THE ID AND PASSWORD [16] Not *too hard. Now, it will ask you if you wish to add a prefix to the ID. See up before, in the first example where we said that all the ID's began in PCP (what, did that scroll off into the twilight zone you say? * you should have printed this sucker out!) (Hmmm? Where did I hear that before?) well, this is where that comes in. When it asks if you want a prefix to the ID, you enter "PCP" - (prefixes come before, suffixes are attached to the end). When it asks if you want a suffix, if we were using the above example, we would hit RETURN. We would hit return when it asks if we wanted a prefix or suffix for the password too, since there was none. But lets say you think all codes end with the letter Z. You would enter Z instead of return when it asked you SUFFIX FOR THE PASSWORD? DOCUMENTATION THAT APPLYS FOR BOTH FORMATS Okay, back to the documentation that applys to both formats. BAUD RATE Use the arrow keys, and when you have your selection highlighted, press return. Remember, you can only use 2400 baud in pcp ports that are made for 2400 baud. NOT ALL PORTS WILL WORK WITH 2400 baud. Sorry, modemworks doesn't support 4800 or 9600, so therefore this program cannot. SPEAKER ON/OFF This will either turn the speaker on or off when it dials the PCP port. NUMBER OF CODES TO FIND This allows you to set how many codes to be found before the program shuts down. NUMBER OF TRIES This allows you to set, lets say 100 tries, and after the program attempts 100 tries, it will automatically turn itself off. OUTPUT OF VALID CODES You can either select PRINTER, DISK or BOTH. PRINTER Prints a found code onto the printer, using the printer slot given when you configured. DISK Appends the code onto a file. If you choose this you must choose the prefix and filename to store the file at. Use the correct prodos format. Example: /PROTERM/PCP.CODES - the program will print the code and the date. BOTH Puts it to both the PRINTER and DISK. Press a key to start or escape to abort. Your final desicion. Go for it, or not? While it hacks... PRESS CONTROL RESET for an instant abort. This is the only way the modem will shut off immediately. OTHER How do you know you have the wrong driver? The program will say "Beginning Hack Procedure..." and freeze up on you. I personally use the "OTHER" driver with my //c, Apple Modem 1200. (Fully hayes compatable). At the top of the screen, across from my credit line, it says FOUND: there it will print how many codes have been found. How the program works - the program enters a code in the correct format. Then it searches for the @ prompt. IF it finds the @ prompt, it assumes it is a bad code. If it does not get the @ prompt, it will continue and wait for the prompt for 60 seconds, and if the prompt is still not given, assume that it is a good code. This is based on how Pcp works. Example run: @C D/MNMIN/12,PLL000000L,L0000L INVALID ID OR BAD PASSWORD here the program will wait for the @ prompt, and get it, so it will continue to hack. @C D/MNMIN/12,PLL000001L,L0000L CONNECTED /MNMIN/ here, the program will wait 60 seconds, and since no @ prompt appears, it will assume it is a good code, and same the code. IV. HOW TO USE THIS PROGRAM (AND WHEN) No one I've ever heard of has gotten busted using PCP. So, let it hack all night. Set it up at about 8pm, and go away, do whatever. And let it hack until 8pm or 10pm the next morning. Remember, the only drawback to hacking PCP accounts is ---- THEY TAKE A LONG TIME TO GET!! Basic estimates into how much time it does take was given to me by an IBM user as one day per code. V. CREDITS Thanks to... Ar Zimrathon for techincal support, ideas, and some IBM information. The author of modemworks, for whether he knows it or not, he's helping the apple phreaking world more and more everyday. The users who use this program. We need PCP CODES and NOW. That's my motto. _______________________________________________________________________________ __ __ _ ______ ______ _____ This has been a \ \ / / | | | ____ | | ____| | ___ \ \ \ / / | | | ____| | |____ | | \ \/ / | | | | | |____ | |\ \ \__/ |_| |_| |______| |_| \___| Ltd. Production _______________________________________________________________________________