=======================================================================
C o d e T h i e f D e l u x e
R e v i s i o n 3 . 5 D o c u m e n t a t i o n
B y B r e w A s s o c i a t e s
A N O F F I C I A L P H O R T U N E 5 0 0 P R O D U C T
=======================================================================
-> Introduction To Code Thief Deluxe 3.5 <-
Well, here it finally is. Code Thief Deluxe 3.5. If you are new to
Code Thief, this is the file to read. If you are already familiar with
Code Thief, especially if you have Code Thief 3.0 already, you can
check out just the new additions and updates to Code Thief Deluxe by
reading DELUXE.DOC, included in your Code Thief Deluxe ZIPfile.
As an incentive to read the documentation, I have tried to lay out
all of the 'little things' about the program and its behavior. This
will help you understand more. Also notice that Code Thief does not
make any direct screen writes. All screen access is done through the
BIOS. Its fast enough as it is, and shouldn't a hacker be able to run
in the BACKGROUND so you can do something else? As I am writing this
documentation I am in DesqView, with Code Thief running concurrently in
another window.
-> Disclaimer <-
There is no disclaimer. Code Thief was written with the intent
purpose of committing the crime of 'theft of services'. Of course you
don't have to use it, but then again, do you have all of the money in
the world at your disposal to pay for calling out of state bulletin
boards plus the mainframes/mini computers that you are trying to hack?
-> From The Author <-
A LOT of work has gone into the Code Thief project, especially
revision 2.x/3.x of the program. If you support the program then be
sure to upload it to any and all of your favorite boards. It's a great
way to increase your file points and ratio while helping your fellow
long distance 'users'.
-> An Official Phortune 500 Product <-
My thanks to the Phortune 500 Board of Directors, and the Phortune
500 membership. The Phortune 500 Board of Directors as of now consists
of: Brew Associates (author of Code Thief), Renegade Chemist, Aahz,
Quinton J. Miranda, The Spiker, Striker, Red Knight, Major Havoc, and
Lord Lawless.
-> Starting The Program <-
To start the program normally, enter THIEF from DOS. You can also
enter THIEF xx:xx from DOS (substitute a valid time for xx:xx) and Code
Thief will automatically hack the flagged multiple extenders with
multiple targets until the time specified, then drop back out to DOS.
This is great for a BBS's batch file. For instance, you can have your
BBS invoke a batch file at a certain time. This batch file could say
something like THIEF 5:30. This will invoke multiple target/multiple
extender hacking until 5:30 am. Note that all times are in 24 hour
mode. Also, if no multiple targets are found the defaults are
automatically used. This modification is on the request of an Opus BBS
sysop. Hope it comes in handy.
IF THE PROGRAM IS STARTED NORMALLY
When you first start the program you will see the main option menu.
At this and any menu you can use the up and down arrow keys to move the
highlight over an option and press RETURN or the SPACEBAR to finally
choose the option. I will try to move you through the running of the
program to get it working on your machine so it is suggested that you
print this documentation out and work the actual program as you read
it.
-> Setting Your Modem Paramaters <-
The first thing you will probably want to do is set your modem
paramaters. Use the up and down arrow keys to move the highlight over
option "H" on the main option menu then hit CR or RETURN, or just hit
"H" then CR or RETURN. You will be greeted with three more options.
First choose "Modem Specifics". This is where you can set the
paramaters for your particular modem. If a default doesn't match your
configuration then use the up and down arrow keys to move the highlight
over the option then hit RETURN or SPACE. The highlight will disappear
and you can make an entry. If it is a number or some other field,
enter the new value to use. If it is some kind of a toggle, use your
left and right arrow keys until what you want comes into view. Press
RETURN when you are satisfied with your choice.
MODEM SPECIFICS
COM Port - This can be eighter COM1: COM2:, COM3: Or COM4:. Use
the left and right arrow keys to select Port 1, Port
2, Port 3, Port 4. Then hit RETURN.
Baud Rate - Enter the baud rate to open the modem at whenever
hacking or scanning is performed. Your choices are
300 Baud, 1200 Baud, and 2400 Baud. The left and
right arrow keys move you through the choices. Hit
RETURN when you are satisfied.
PBX Mode - Choices are Yes and No. The left and right arrow keys
moves you through the choices and RETURN selects. If
you are in a building with a PBX then you have to
enter Yes for this option.
PBX Digit - This is the PBX digit. When you are in a building
with a PBX installed a certain digit has to be dialed
to receive an outside line. If PBX mode is No, then
N/A will appear for Not Applicable. Trying to change
this with PBX mode to No will cause it to beep at you.
PBX Delay - This is the number of seconds after entering the PBX
digit to wait for the outside line. N/A if PBX Mode
is No.
Local Dialing - Not everyone has Touchtone (tm) dialing from their
home. If you don't change this to Pulse. Just select
it with the highlight, hit return, then use the left
or right arrow key to select the new option and
another return will make it permanent.
Speaker On - Choose Yes to keep the speaker on during hacking and
scanning or No to keep it off.
Dial Tone Wait - This is the number of seconds the modem is to wait
after picking up the line until starting to dial. It
does this through the Hayes (and compatibles) command
registers.
Carrier Detect - This is the number of 1/10 seconds that a carrier must
be present for the modem to detect it as valid. This
defeats some LD service's fake-carrier routines that
send a fake carrier for a short period of time.
Remember that REAL carriers are sent for a longer
period of time than fake carriers. Experiment with
this one.
Dialing Speed - This is the speed of the touchtone dialer. This is in
1/100 of a second. This number can range from 50-255
(at least with the modem I use).
User String - If there is something entered here then it is sent out
to the modem. If you have an advanced modem, then set
it to "ATX6" to enable your extended result codes for
such things as VOICE, etc. You can over-ride the
"Speaker On" setting by making this "ATM1". That
would be stupid, but it's just an example.
MODEM RESULT CODES
In this section you enter the result codes that your modem uses when
in non-verbose mode. Note that the defaults should suffice. If you
have a strange modem configuration you can change these. Numbers
aren't the only thing allowed here, you can enter symbols like ";" or
":", or etc. Someone had a strange "Hayes Compatible" modem and wanted
this capability. I aim to please.
-> Edit Extender Configurations <-
The next thing you will want to do is create configurations for the
different extenders you wish to hack. Choose "Edit Extender
Configurations" after you exit back to the main options menu. If no
EXTENDER.DAT file exists, one will be created for you with a dummy
initial record (you will want to change this of course, 1-800-000-0000
is not a valid extender). If you haven't screwed anything up, you
should now see the first record of the sample EXTENDER.DAT I included
in the Code Thief archive file. These are just some 800 extenders to
get you started. Note that you might want to change some delays, etc,
to work for you. As they are now they work for ME. Your case might be
different. Experiment. Hitting [A] will ADD AN EXTENDER to the file.
Hitting [E] will EDIT the current extender (there's that highlight
again!). Hitting [D] will prompt you to confirm the DELETE of the
extender record. Hitting [Q] will quit the extender editor. To
understand all of the fields for the individual extender, let's go
through the process of ADDING an extender. You will notice that Code
Thief is an extremely complex code hacker. But also note that there is
so much flexibility that you will be able to hack just about anything
that is out there, no matter what kind of format it is.
ADD AN EXTENDER
When you choose to ADD an extender you will be given the opportunity to
enter the complete configuration for the extender. The first
thing is the telephone number of the extender. After that is a short
note used to identify the extender. Note that throughout the
program in various sections extenders are refered to by this short
note, so make sure it is something you can easily recall. You can
make it the number of the extender if you wish. Anything goes here,
but the program will beep at you if you try to leave it blank. Next is
the length of the codes. For METRO it is 6, MCI calling cards it is
14, etc. No code lengths of 0 are allowed (it will beep). Next is
the code template. This idea is borrowed from Fuckin' Hacker from
2af because I think it is a very powerfull feature. If this is
used it completely over-rides the code length, hacking mode, starting
code, and sequential increment in your configuration. Anyway, here you
are to construct a "template" for your codes. For instance, entering
"444XXX" will make every code 6 digits and starting in 444. Entering
"0X1X2X" will make set the first, third, and fifth numbers in every
code to 0,1, and 2 respectively and the second, fourth, and sixth
number in each code will be totally random. Commas are also allowed in
the code template and will cause the modem to pause for 2 seconds. For
instance, XXXX,9 will cause a random 4 number code to be sent, a pause
for 2 seconds, then a 9 will be sent. This is good for hacking PBX's
that require a code be sent then need a number for an outside line.
Leave the code template blank if you don't wish to use it. Next you
will enter the code delay. This is the number of seconds to delay
before sending the code. Then you will enter the target delay. This
is the number of seconds to wait until entering the target number.
Notice that also in the config is an option to put the code first or
not. If the code is sent first then the Code Delay should be the
number of seconds to wait after dialing the extender until the code is
sent after the extender answers and provides a dial tone. If the code
is not sent first then the target number will be sent first. The
target delay should be the number of seconds to wait after dialing the
extender until the target is sent at the extender's dialtone. Then the
code delay is the number of seconds to wait until sending the code
AFTER the target number is sent. The timeout is next. This is the
number of seconds to wait for your TARGET number to answer. If it
doesn't answer within this time the code is considered invalid.
Basically, the target delay tells the modem how long to wait. When the
modem times out it tells Code Thief, and Code Thief moves on. Now enter
a default Target number. This is a number that always answers with a
modem (is never busy). Telenet is perfect for this (so enter your
local Telenet number). Note that Code Thief can also use random
multiple targets - this is covered in the MULTIPLE TARGET CONVERSION
UTILITIES that has been included as a Code Thief companion program in
your Code Thief ARChive. Read CONVERT.DOC for information about
targets and multiple targets at that. Next is the hacking mode. Use
your left and right arrow keys to move through the selections and hit
RETURN when you are satisfied. You can have Random codes, Sequential
codes, or Both - sequential codes with a random increment. If you
choose Sequential or Both you are now prompted for the starting code,
otherwise this value is set to N/A. Next you enter the sequential
increment only if Sequential hacking is chosen. If sequential hacking
is chosen then this is the number to increment each code by. If Both
is chosen, then this number is random in the range of 1-100 when
hacking. If Both or Random hacking is your chosen method then the
Sequential Increment is N/A. Note that the sequential increment is an
integer, therefore any value from 1 to 32767 is valid. If "Sequential"
hacking or "Both" hacking is chosen and the increment ever exceeds the
code length, only the length of the code up to the code length will be
used. For example, with a code length of 4 and an starting code of
9999, if an increment of 1 is made your next code will be 1000. Now
you will be prompted as to if the code should be entered first. Use
the left and right arrow keys to select Yes or No. If you choose Yes,
then the code will be sent first. Choose No and the target will be
sent first. Next is the target prefix digit. This is a number to add
to the beginning of the target number. For example, for the MCI
calling card service you enter the target first and prefix it with a
"0". ITT requires that the target be sent first and be prefixed by
a "1". Other services require that the CODE is sent first and the
target has NO prefix. Next is the multiple extender flag. If
Yes then the extender will be flagged immediately as one to be used
when Multiple Extender hacking is chosen. If you choose No, then this
extender will be put on reserve. More on this comes later. Next is
multiple port mode. Say the extender number is 950-1000 and the
extender has multiple port hunt groups from 950-1000 to 950-2000.
Choosing Yes to multiple port mode will prompt you for the ending hunt
number (in my example it's 2000). Now Code Thief will randomly pick
950-1000 to 950-2000 whenever it dials the extender. Ending Hunt
numbers MUST be four digits long (that should be self-explanatory).
Note that if your extender is 1-800-555-0000 and your Ending Hunt
Number is 0099 Code Thief won't screw up by dialing 1-800-555-99 or
whatever number is chosen. It will properly dial 1-800-555-0099 (or 1-
800-555-0050 or 1-800-555-0026, etc, etc, etc). Next you will enter
the filename to place valid codes in. Valid codes are logged with the
time and date for convienence. All valid code files end with the
".COD" extention. When finished entering all extender information
it is saved to the EXTENDER.DAT file.
OTHER EXTENDER EDITOR COMMANDS
To navigate through the configurations use the LEFT and RIGHT arrow
keys. To flag an extender for deletion enter "D". You will be
prompted to enter "Y" if you are sure or "N" if you are not. Once
an extender has been flagged for deletion it will be skipped over when
you use the left and right arrow keys. Hit "Q" to quit this
section. When you hit "Q" all extenders flagged for deletion are
physically deleted. Another nice feature in this section is the
ability to edit extenders. Hit "E" to choose edit. The highlight will
appear. You can use the left, right, up, and down arrow keys to
navigate the hightlight over the option you wish to change. Then hit
RETURN or SPACE to enter a new value. When finished entering a new
value (either by the keyboard or left and right arrow keys) hit RETURN
and the highlight will re-appear so that you may move it over new
things to edit. When finished editing hit "Q" when the highlight is
present. Note that everything in the configuration is described in
the previous paragraph. To choose a particular extender by record
number, just enter the number. You can't see extenders flagged for
deletion (it will not go to them).
One more thing on deletion extender configurations. If in the course
of using this section you delete ALL of your extender configurations,
the program will not have any configurations left to go to and it will
automatically quit this section deleting the entire EXTENDER.DAT file.
When choosing this section again, a new EXTENDER.DAT with a dummy
record will be created.
-> Edit The Multiple Target File <-
Navigate back to the main menu. Choose "Edit The Multiple Target
File". You will then be shown the current multiple target file. Now
you can either hit "1" to add to it, "2" to delete entries from it or
"3" to quit. Everything here is self-explanatory. A multiple target
file is provided with the program. It is kept in ASCII file format for
easy editing with your word processor, if you wish. Use the MULTIPLE
TARGET CONVERSION UTILITIES in your Code Thief ARChive to get quick and
painless updates of your multiple target MTARG.DAT file off Telenet or
even Tymnet at regular intervals. Code Thief is a complete
professional system that will solve all your hacking needs.
-> Flag Extenders For Hacking Mode <-
Exit to the main menu and choose "Flag Extenders For Hacking Mode".
This is the option to choose to change the flags on extenders. If it
is flagged then it will be one of the extenders used when multiple
extender hacking is chosen. The extenders will be shown, eight to a
page. A "+" in front of the extender means it will be included when
multiple extender hacking is chosen, otherwise it will not. This
option is included because some people don't want to hack all of the
extenders they have configurations for. Editing an extender and
changing the multiple extender flag does the same thing, but this is
easier. If there are more than eight extenders then they will take up
more than one page. You can flip through the pages by choosing "Jump
To Next Page" and "Jump To Previous Page". Hitting RETURN or SPACE
when the highlight is over an extener toggles the flag.
-> Deluxe Exchange Scanner <-
Navigate back to the main menu and choose "Deluxe Exchange
Scanner". The Code Thief Deluxe exchange scanner is a full screen
exchange scanner that can scan multiple exchanges from a database that
you can configure. When you choose this option if no exchanges are
defined, a dummy first record will be created for you. Now hit [R] to
replace this record and enter an exchange to scan, the starting number
in the exchange, then the ending number. To flag the exchange just hit
[+] next. Unflagging is done by hitting [-]. Note that to scan you
must have at lease one flagged exchange. You can't scan nothing can
you? The exchange editor is a lot like the "Edit Extender
Configurations" section. To jump to a particular exchange, just enter
the number. To move through the exchanges record by record use the
left and right arrow keys coresponding to the direction in the file you
wish to move. Use [A] to add an exchange. Use [D] to delete an
exchange from the database. Use the [SPACEBAR] to toggle weather or
not a particular exchange is in the toll free 1-800 area. Hitting [Q]
will quit the exchange scanner section, but to start scanning hit [G]
for Go. You will be asked the timeout (number of seconds a computer
should answer in). Then Code Thief will check to see how many
exchanges are flagged. When scanning and Code Thief reaches the ending
number in an exchange, the exchange will be unflagged. When all
flagged exchanges are changed to unflagged (all exchanges are done
being scanned in the limits you specified in the configuration) Code
Thief will quit the exchange scanner.
THE ACTUAL EXCHANGE SCANNER
This is a full screen exchange scanner ala the movie WarGames (the
movie sucked by the way) and it will show each of the numbers
dialed. Numbers where computers are detected are shown BLINKING. If
the modem does not detect a dial tone when trying to dial (receives
the no dial tone result code) it retrys the line. After 5 retries it
exits the exchange scanner. If the modem sends a BUSY result code that
is logged to the CARRIERS.TXT disk file along with numbers that
produced a CONNECT result code of any baud. It will specifically log
it as a BUSY number or a number that the modem CONNECTed to. You can
then consult the log and dial these numbers back manually if you wish
to ensure that the numbers listed as busy aren't important. When the
screen fills up, Code Thief goes back to the beginning.
-> View/Delete Code Files <-
When you choose this option from the main option menu the disk will
be searched for files with a .COD extention. If there are any they
will be displayed. If there are no files with a .COD extention that
will be displayed also. You have the option of viewing one of these
files or deleting one. If you view one it will be one screen at a time
so nothing scrolls past you. Note that the time and date the code was
found is logged for your convienence.
-> View/Delete Carrier File <-
This option is also on the main option menu. All carriers found
when using the exchange scanner are logged to a file called
CARRIERS.TXT, as well as BUSY numbers if the modem sends a BUSY result
code. When viewing the file it will be showed one screen at a time so
nothing scrolls past you. You can also delete the file. Note that the
time and date the number was found is logged for your convienence.
-> Start Hacking <-
After you choose this option you will be prompted as to weather you
want to do Single Extender/Single Target Hacking, Single
Extender/Multiple Target Hacking, Multiple Extender/Single Target
Hacking, Or Multiple Extender/Multiple Target Hacking. If you choose
multiple target hacking of any kind the targets will be read into
memory before hacking begins to cut down greatly on disk access time.
If single extender hacking is chosen you will be prompted for the
extender to hack. Use the arrow keys to highlight the extender you
want then press RETURN or SPACE. If there is more than one page of
extenders then highlight "Jump To Previous Page" and "Jump To Next
Page" to navigate around the list.
WHEN HACKING BEGINS
You will be shown the complete statistics for every extender. Also
shown is the number of codes found, the last code found as well as
the number of codes found for that extender plus other statistics
for the current hacking run for each extender. The number of extenders
you can have at any time is limited only to disk space, of course.
Multiple targets are limited to 500. This is, I think, more than
enough. If you chose to quit hacking at a certain time, that time will
be displayed on the screen as a reminder. Hit ESCape to quit hacking
at any time. If you forgot to configure your modem and it is connected
to COM2 (the default is COM1) then Code Thief will automatically
recognize that something is wrong and exit the exchange scanner. You
can also hit the SPACEBAR to skip to the next code. If you have a
picky modem like mine, only use the ESCape key or the SPACEbar when the
modem is not sending any DTMF to the line. But if you DO screw up the
modem Code Thief will know and will make the attempt to recover.
POSIBILITIES DURING HACKING
Many things can happen during hacking. For instance, if the modem
connects the code and extender is logged to it's respective disk file.
If the modem sends an ERROR result code the current attempt is retryed
again. If NO DIAL TONE is detected by the modem the current attempt is
retryed. If NO CARRIER or VOICE is detected by the modem the program
moves on. The maximum number of retrys that can ever be done in a
row is five. Oh, if the modem sends a RINGING result code that is
also shown to the user while the modem waits to timeout or connect.
Ringing does nothing but just display "Ringing...". If the modem
receives a busy signal it goes on to another attempt. I origionally
planned on making it retry the code but I remembered that some
extenders send a re-order which is a fast busy signal that can be
detected by the modem and send a BUSY result code.
-> Closing Notes <-
I hope you understood this new documentation. Im not really a good
writer, so if you have any questions leave me a note on any board I
happen to be on and I will try to answer it. I hope you like Code
Thief and find it usefull as I put a LOT of hours and hard work into it
until I was satisfied. If anything goes wrong with the program on your
machine, or anything else in general then leave me a note. I will try
to diagnose the problem and stamp it out.
COMMUNICATIONS ADDRESSES AND INTERRUPTS
Here are the communications address and interrupts that Code Thief
uses to access the communications ports. COM1: and COM2: are correct
for 100% of the applications. COM3: and COM4: as defined by the
program will be correct 99% of the time. If you have a COM3: modem and
Code Thief set at Port 3 doesn't work with it then change your modem to
COM1: or COM2: if possible. If you really need YOUR communications
addresses and interrupts for COM3: and COM4: leave me a note with the
correct information on any board I am on and I will try to get you a
new THIEF.COM and THIEF.000. But note that the addresses and
interrupts used for COM3: and COM4: are going to be correct more times
than not.
Address Interrupt Address Interrupt
------- --------- ------- ---------
COM1: 3F8 IRQ4 COM3: 3E8 IRQ4
COM2: 2F8 IRQ3 COM4: 2E8 IRQ3
F i l e s S u p p l i e d W i t h C o d e T h i e f 3 . 5
Make sure that these are the files you received in your ZIPfile of
Code Thief revision 3.5. If these are not the files then what you got
is something that someone else re-ZIPed and forgot to include
something in. I ask that you only distribute the origional ZIPfile
because people have confused themselves in the past.
THIEF35.DOC - Code Thief Deluxe v3.5 documentation
DELUXE.DOC - What's new since Code Thief 3.0?
THIEF.COM - Code Thief 3.5 - The actual program
THIEF.000 - Primary Code Thief overlay. Must be in the same
directory as THIEF.COM and you must be logged to that
directory
MTARG.DAT - Code Thief multiple target file - use Multiple Target
Conversion Utilities to make your own also
EXTENDER.DAT - Sample 1-800 extender file to get you started
MULTIPLE TARGET CONVERSION UTILITIES
A CODE THIEF 3.5 COMPANION PROGRAM
(be sure to read CONVERT.DOC to understand this)
CONVERT.COM - Multiple Target Conversion Utilities - The program
CONVERT.DOC - Multiple Target Conversion Utilities - The documentation
TELENET.LST - Sample file off Telenet to get you started
TYMNET.LST - Sample file off Tymnet to get you started
TYMFIX.COM - You must run TYMFIX to make TYMNET.LST into TYMNET.FIX.
Only TYMNET.FIX will work with the Multiple Target
Conversion Utilities. Also use TYMFIX.COM to fix the
listings you ascii-download off Tymnet.