What to Do When You Break Into a BBS =================================== -=> Doctor Crunch <=- Ok, you probably have read t-files about how to break in a bbs. so, I will tell you what to do when you get into the bbs. Most sysops, if they have an IQ, will disable the INIT command. they usually do this by changing the INIT command to some other word you will never guess. Well, there is an easier way to crash the bbs than by searching for what the sysop changed it to. Get in the moniter (CALL-151), and type: A54FG This is the INIT command's entry point which DOS calls to initialize a disk. There are some bugs with this way of crashing a disk though: 1) It takes about 40 seconds to INIT a disk, and if a sysop is there, he can stop you at any time. 2) Many boards use a fast dos; and, most fast-DOSes had to take out the INIT command to make the mods to DOS. So, even if you do a A54FG, you won't be able to kill the disk. I prefer to kill the VTOC, instead of INITing the disk. Here are a couple of reasons why: 1) Very quick!!!!! 2) Very nasty!!!!! The trick is to rewrite the VTOC (Volume Table Of Contents) to say that the CATALOG track is 255. Now all of us know there is no track 255 on a disk, this can only mean.....(you guessed it) that the system will bomb when doing anything that involves looking at the CATALOG track. Since almost everything you can do in DOS involves reading the CATALOG track, this will crash the bbs quite well. And here is a nice little catch, you can reboot his disk (which will give him an I/O ERROR because when the hello file is run, DOS must look at the CATALOG track) and logoff at the same time. You should always logoff quickly so that the sysop can't lift up the phone, which sometimes will prevent you from hanging up. The way I logoff is the make the bbs I just crashed do a reset, causing me to be disconnected from the other end of the line. Since most terminal programs hang up if you loose the carrier (which will happen when his system resets), you will hang up the second you crash his system!!!! Well, here it is: (Be sure you're in the moniter) *B3BC:FF NAFFBG 3F4:00 NFA62G If you don't want to logoff, *B3BC:FF NAFFBG NOTE: Sometimes you may hear a beep, then all of your moniter commands will fail. This is because of a bug in DOS. When RWTS lets go of control, the moniter varible $48 is destroyed. To work properly, $48 must be restored to 0 before the moniter takes control again. I made a short routine that when called, writes the VTOC buffer to the disk, and sets $48 to 0. The routine is: 300- 20 FB AF JSR $AFFB 302- A9 00 LDA #$00 304- 85 48 STA $48 306- 60 RTS Sometimes it is desirable to crash the disks in drive 1 and drive 2. This can be done in 1 line, including the quick logoff: *300:20 FB AF A9 00 85 48 60 N B3BC:FF NB5F8:1 (drv1) N300G B5F8:2 N300G 3F4:FF N FA62G Well, that's all folks!!! Have lots of fun...... ============== {>Dr. Crunch<} ============== -=*> P.S. I was messing around with DOS a couple of days ago and I figured out a real, real, real, nasty one. You have probably heard of letting the drive spin for a couple of days to ruin it. This worx, but it takes a long time... I like this 1 better: *BDCC:EA EA NBDDA:EA EA This mods DOS to recalibrate the drive head forever (unless the sysop walks in). So, all you do now is use a DOS command that reads the disk, and the drive is going to make alot of funny sounds! CATALOG is the best one to use, since it is in almost every DOS unmodified. ===== NOTE: This should only be done when ===== there is a VERY, VERY, good reason to waste some dudes drive. Don't ever do this as a prank, because it works! Zatz it.. )>Dr. Cruch<( =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= by Dr. Crunch for the Assassin's Knot =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= =======================================