
--------------------------------------------------------------------------------
                
                                                            
                    
                                  
                                                   
                                        
                                             
                                             
                                        
                                                   
                              
                
                             The Hacker's Choice            
                

                                   THC-SCAN
                      (c) 1996,97 by van Hauser/ [THC]

--------------------------------------------------------------------------------


                                 THC-QUIK.DOC

                            Reference/Quick manual

                                      by

                                 The Analyst

                                Rev. 10-Apr-96




This is the reference and quick start manual for THC-SCAN.

The manual is designed for experienced guys who don't like reading long
manuals like me and want to start immediately or if you a still familiar
with TONELOC from Minor Threat & Mucho Maas.


First run TS-CFG.EXE. Define your modem settings.
Online help is available by pressing "?".
Then run THC-SCAN with this format for example:

   THC-SCAN 0130812XXX     (a datfile - last 8 digits of the dialmask are
                            used - 30812XXX.DAT will be created)
   THC-SCAN 1-800-555-XXXX (a datfile 555-XXXX.DAT will be created)

This is (like ToneLoc) both filename and dialmask.

In THC-SCAN you can press '?' for help. If your configuration is not good
then press ALT-O and reconfigure your scan and modem settings.


----------------------
  CONFIGURATION FILE
----------------------

TS-CFG.EXE  [<ConfigFile>]  [/LCD]
   (Default: THC-SCAN.CFG)

Before running THC-SCAN start this program before. The configuration program
offers online help. So no further explication is needed.


------------------------
  COMMAND LINE OPTIONS
------------------------

THC-SCAN.EXE   <DatFile>
              @<NumberFile>

   optional:  /M<dialmask> /X<excludemask> /R<from>-<to> /D<from>-<to> /#<no>
              /S<starttime> /E<endtime>  /H<time>  /Q /=  /& /N
              /C /T /A /B /O /!<cfgfile> /*<no>  /W<no> /LCD /P[:<path>]

Parameter :

   <DatFile>   Name of datafile to store numbers.
               NOTE: NECESSARY AND FIRST parameter.

  @<NumberFile>Name of textfile with numbers to dial.
               NOTE: You can use EXTR-NO.EXE to create such a list.


Optional :

  /M<dialmask> The dialmask to use for scanning.
               E.g.: /M950-X12X to scan from 950-0120 to 950-9129.
               FOUR X's are the maximum.
               NOTE: If you don't specify this option the <DatFile> name will
                     be interprated as <dialmask>.

               Examples: M013081XXXX or /M:0130-81XXXX or -M013081XXXX are equal

  /X<exclmask> The excludemask to use for scanning.
               E.g.: /M:950-xxxx /X:0xxx  for NO scanning from 950-0000
                     to 950-0999.
               You may specify up to 10 exclude masks.
               NOTE: The excludemask must have got the same length as X's are
                     used in the <dialmask>.

  /R<from-to>  Scan only a special range within the dialmask.
               E.g.: /M:950-1xxx /R:0-250  to scan for today only from 950-1000
                     to 950-1250.
               You may use up to 10 ranges.

  /D<from-to>  Do not scan a special range within the dialmask.
               E.g.: /M:950-1xxx /D:500-750  to scan NOT from 950-1500
                     to 950-1750.
               You may use up to 10 drops.

  /#<no>       Maximum number of dials.
               E.g.: /#:100  will do 100 dials and exiting THC-SCAN.

  /H<time>     Maximum time to dial (in hours).
               E.g.: /H:4 to scan for 4 hours, /H:0:30 to scan for 30 minutes.

  /S<time>     Starttime to begin scanning.
               E.g.: /S:3:50p  will wait for 15:50 ...
                     /S:15:50  will wait for  3:50pm ...

  /E<time>     Ending time for scanning.
               E.g.: see structure of /S

  /C           Start in carrier scan mode.

  /T           Start in tone scan mode.

  /A           Start with autonom/manual mode ON.
               This is an additional mode for carrier/tone scanning.
               Read THC-SCAN.DOC for details.

  /B           Start with autonom/manual mode OFF.
               This is an additional mode for carrier/tone scanning.
               Read THC-SCAN.DOC for details.

  /O           Scan through an internet outdial modem.
               Connect first to the outdial modem with your normal terminal
               program. Then run THC-SCAN with that option.
               NOTE: Set OUTDIAL FLEE CHARACTER in TS-CFG to something else
                     then "+++"!

  /!<Cfgfile>  Config file to use instead of THC-SCAN.CFG.

  /*<no>       Dial only numbers with a special identification.
               Consult the DATFILE.DOC to check the kind of Idcode to use.
               E.g.: /*:32 to redial timeouts with no rings.
                     /*:35 to redial timeouts with 5 rings.
                     /*:32X to redial ALL timeouts.
               You may use this option up to 10 times.

  /&           Turns debugging mode ON.
               All modem output will be saved into DEBUG.LOG.

  /N           Turn effects (window scroll up/down) OFF.

  /Q           Quiet mode. Prevent any beeps made by THC-SCAN.

  /=           Blank screen on startup.

  /W<no>       Check for Windows-Desqview-OS/2 environment and do a time
               slicing when encountered.
               E.g.: /W  doing 16 timeslices (default).
                     /W:75 for 75 timeslices.
               Number has to be between 1-255.

  /LCD         runs in LCD/Hercules screen mode

  /P[:<path>]  creates the directory and writes all LOGs and DATs into it.
               If <path> is not defined, the name of the .DAT file is used.

  /J[:<no>]    Jamming Detection trigger, read the documentation, Section II.:
               "How to prevent scanning detection from phone companies"


General VALID examples :

  THC-SCAN scanit -M:1234xxxx /C h5
  THC-SCAN scan1234xxxx -T S23:00
  THC-SCAN 1234-xxxx -!alternat.cfg *72x /*:64X -Xx000 d7999-9999
  THC-SCAM 1234xx -Q




------------------
  WHILE SCANNING
------------------

     Small online help is available with '?'.

     Key   Description
     ----- --------------------------------------------------------------------
     B     Busy
           Log number to BUSY.LOG.

     C     Carrier
           Log carrier to CARRIER.LOG. Log output to CARRIERS.LOG.
           NOTE: If CARRIER HACKING is ON (see TS-CFG) THC-SCAN will
                 continue to connect. Press SPACE to abort.

     D     Drop-X
           Drops all 10 (X) numbers around the current one.

     F     Fax
           Log number to FAX.LOG.

     G     Girls's voice
           Log number to VOICE.LOG.

     I     Interesting voice
           Log number to VOICE.LOG.

     M     Redial+Manual
           Redials current number and go to manual dial mode.

     N,TAB Next number and don't save current number
           NOTE: Current number will not be saved with any data

     SPACE Next number and save as uninteresting
           NOTE: it will be saved as UNINTERSTING (byte 24).

     O     Voice
           Log number to VOICE.LOG.

     P     Pause

     Q     Quit after scanning/ID the current number

     ESC   Quit NOW and don't save current number

     R     Redial number

     S     Comment number
           Log comment to COMMENT.LOG.

     T     Tone
           Log number to TONE.LOG.

     U     Unused (Number is not assigned)
           Log number to UNUSED.LOG.

     V     VMB
           Log number to VMB.LOG.

     Y     Yelling asshole
           Log number to VOICE.LOG

     +,X   Increase timeout for 5 seconds for this call.

     -     Decrease timeout for 5 seconds for this call.

   Ctrl-+  Increase ringout by 1 for this call

   Ctrl--  Decrease ringout by 1 for this call

     ?     Help screen

     1-3   Custom 1-3. Optional SECONDARY ID.
           NOTE: You may specify their name in TS-CFG.EXE.
                 Custom 1-3 may be assigned to be SECONDARY IDs.

     4     CCiTT #4 line. SECONDARY ID.
     5     CCiTT #5 line. SECONDARY ID.

     6     Number goes to EUROPE. SECONDARY ID.
     7     Number goes to USA.    SECONDARY ID.
     8     Number goes to ASIA.   SECONDARY ID.
     9     Number goes to AFRICA. SECONDARY ID.
     0     Number goes to OTHER.  SECONDARY ID.

     DEL   Reset current number to UNDIALED.

     ENTER AUTONOM/MANUAL mode
           Log all data entered to MANUAL.LOG.
           See THC-SCAN.DOC for further information.

     BCKSP Select and redial numbers
           In sequentiel mode you can select up to 20 dialed numbers
           as undialed so it will be dialed again.
           NOTE: In random mode the number(s) selected will only be redialed
                 as once if you select only ONE number.
                 in textfile-scan mode the last number will be redialed.

     F1-F8 Execute programs specified in TS-CFG.

     ALT-6 Auto-country notation
      ...  note all numbers as of this country type until turned off.
     ALT-0 (6=Europe, 7=USA, 8=Asia, 9=Africa, 0=Other)

     ALT-A ALARM - Bosskey
           The screen will immediately show another picture (THC-SCAN.BIN).
           Press [SPACE], [ENTER], [ESC] or ALT-A again to continue.
           NOTE: In normal scan mode the modem will hangup

     ALT-B Blank Screen. Alt-B to unblank.
           NOTE: All other ALT functions are disabled while screen blank is on,
                 also carrier hacking in mode 2 is disabled.

     ALT-C Turn comment mode on/off.
           If ON you will be prompted after each number to enter a comment.

     ALT-J Jump to DOS

     ALT-M Mode menu
           Change scan mode to CARRIER/TONE and turn on/off AUTONOM/MANUAL mode.

     ALT-N No more busy
           Set the redialing busy flag to off (see TS-CFG).
           NOTE: Not useable in sequentiel and /*: mode.

     ALT-O Option menu
           Runs TS-CFG.EXE while online. Changed options will be loaded.

     ALT-P Extended pause menu
           More options to do while pausing.

     ALT-S Speaker toggle
           Turns modem speaker on/off.

     ALT-U Update datfile
           Save the dialed numbers in your datfile now.

     ALT-T Terminal mode
           Will run a miniterminal program.



     -----------------
       TERMINAL MODE
     -----------------

       F1    Show other commands in the status line

       ALT-B Send break
       ALT-C Clear screen
       ALT-D Data statistics
       ALT-H Hangup
       ALT-P Change modem parameters (8N1/7E1/7O1)
       ALT-S Comment system
       ALT-T Change to manual mode if you are in auto hacking mode.
       ALT-X Exit and hangup



------------
  PROBLEMS
------------

If your modem does not react like you want, e.g. dials the number again or
dials some not or does generally strange things, check following settings
in your CONFIG FILE. Try the recommended settings for BAD modems!


  MODEM CONFIG menu
  -----------------
  Command delay      = 500 ms
  Wait between calls = 1300 ms
  Modem Controlling  = Secure/Check/Dumb
  Init string 1      = "ATZ"
  Init string 2      = "AT S6=3 S7=255 S11=70 X4"
                  (S6=wait_for_dialtone;S7=nocarrier_timeout;S11=length_of_dtmftones)
  Use fossil         = Yes
  Baud speed         = 9600

  MODEM RESPONSE menu
  -------------------
  Refer to the manual of your modem. Check the result codes table for X1-X4
  settings. Correct it in TS-CFG.

  SCAN MODE menu
  --------------
  Scan mode     = Carrier
  Autonom mode  = Off
  Timeout       = 30-90
  Ringout       = 3-8


These settings are SECURE settings that will slow down your modem. But it
should work with every modem.





----------------
  GREETINGS TO
----------------

  van Hauser  :  Many greets to you. For your good utilities of THC and your
                 good nerves for my new ideas and bugreports.

  Plasmoid    :  I wonder why i am still alive of your deadly funny VMB messages
                 Yo man i love your shit! Go on.

  Wilkins     :  Yeah. I appreciate really your kewl team work. Let's go on...
                 and reprogram together the Meridien VMB switching system.

  The Q       :  Oh man, it's sometimes really hard to catch you. But you are
                 the only one with the best knowhow about the GERMAN TELEKOM.

  Dr.Fraud    :  Hey man, you are the best elektriker on world. Thank you very
                 much for your help and detailed explanations.

  Marquis/UCF :  Your cracking group is great.

  
  Greets to Derrow,Phosgex,Trax,Gemfire,Euronymous,Rahid,Ralf,
  Sevenup,Mark Diamond,Scavenger...

  A big greet to all who know me and i forget to remember.


If you have any suggestions please contact me at vh@campus.de
