Time for a Change Issue 5
‹‹‹‹‹‹‹‹‹‹‹‹‹‹‹‹‹‹‹‹‹‹‹‹‹‹‹‹‹‹‹‹‹ ‹‹‹‹‹‹‹‹‹‹‹‹‹‹‹‹ ‹‹‹‹‹‹‹‹‹‹
€ ‹‹‹‹‹‹‹‹‹‹‹‹‹‹‹‹‹‹‹‹‹‹‹‹‹‹‹‹‹‹‹ € € ‹‹‹‹‹‹‹‹‹‹‹‹‹‹ fl‹ ‹fl ‹‹‹‹‹‹‹‹ €
€ € € € fl‹fl € € € fl‹fl € € €
€ € € € fl € € € fl € € €
€ €‹‹‹‹‹‹‹‹‹ ‹‹‹‹‹‹‹‹€ € € € € € € €
€‹‹‹‹‹‹‹‹‹ € € ‹‹‹‹‹‹ € € €€ € € €
€ € € € fl‹ € € € € € €
€ € € flflflflflflfl € € € € € €
€ € flflflflflflflflflflflflflfl € ‹ € €€‹€€ € €
€ € € ‹€ € € fl € € €
€ € € ‹fl€ € € € € € €
€ flflflflflflflflflflflflflflflflflflflflflflflflflflfl ‹fl € flflflflflflflflflfl € flflflflflflflflflfl €
flflflflflflflflflflflflflflflflflflflflflflflflflflflflfl flflflflflflflflflflflfl flflflflflflflflflflflfl
Taking Your Machine
Presents
-+-+-=====================================================================-+-+-
______________________ ______________ _______________
/ / / / / /|
/ / / / / / |
/______________________ / /______________ / /______________ / |
| | | | | | |
| | | | | | /
| | | _______|/| | /
|_______ _______|/| |/_____ / | _______|/____
| | | | | | | / /|
| | | | | | | / / |
| | | | ______|/ | |/______ / |
| | | | | | | | |
| | | | | | | | |
| | / | | / | | /
| | / | | / | | /
|_______|/ |_______|/ |_______________|/
[ Time For a Change ]
Issue 5 04/26/97
--------------------------_______________________-------------------------
INTRODUCTION
Once again, the forces that be have delayed the release of TFC by nearly half a year from my estimated release date. But things have been slow, and submissions few. In addition, we at TYM have re-shifted our focus, so you will find articles on more obscure systems here and in future issues.
In this issue we visit a the console for Rolm's PhoneMail systems, take a brief tour of Lexis-Nexis, examine Tracer building control systems, look at various possibilities with patching, and Terminal gives us v1.1 of the TYM 303 CO Lister.
If you like TFC, drop me a line. I will keep making it if people are reading it. If you have written (or can write) something that would be of interest to readers of TFC, send it along as well. The more quality submissions I get, the more frequently I can release TFC.
Feel free to send article submissions, comments, suggestions and threats to:
gitm@obscure.sekurity.org
or
gitm@demonic.com
Since many of my readers are unfortunate enough not to understand this, I will try to make it clearer:
DO NOT SEND ANYTHING TO ANY MAIL ADDRESS REGARDING TYM OR TFC IF YOU CANNOT ENCRYPT IT.
Thank you.
Due to the fact that I have been without stable mail since the last release, the letters section will not appear in this issue (nor perhaps the next).
BE SURE TO ENCRYPT ALL DATA SENT TO ME.
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6
mQCNAzKQ+AcAAAEEAK6nuXQ3IzOelTVY+SrV93bBwiJLqIYSmj7H+f0HUm8+fQC9
o8cWdV2cOopL6rNQQ5cT1D3v0SnhXKLUoTOdC2wlUaYJJhNqmaScAI2dqO8MZyic
fBjoSMxPmLySGp16+66UePsFIc63yXVH6wcGWfGC386KMfY8BKqlGu53jv3hAAUR
tDFHaG9zdCBpbiB0aGUgTWFjaGluZSA8Z2l0bUBjb21tYW5kLmNvbS5pbnRlci5u
ZXQ+iQCVAwUQM0xYpvSJzP2npH3pAQFHGAP+LuUkIqzyIlHGH5GAFj8Rg5OVu0mD
WSVSYXMfCdndjHhP0pj7PXABcc9Tnnp0JivrIxv2CzIaIkFNSzCIlZRtVH71JqNA
MguZPidf+S/d0b8xecncM9tAI7cMFExY6bN0X9nYhBGVoNZpBuhJrRPteT4baKGh
uZ1a4lvORG85sueJARUDBRAymnUOUS5P0GkfnNkBASMCB/0Xv0DMtXtRSLeKUZo6
kTyT8+LIiAssxUY0nePm+6UQFxjUC0NL/Z5/MeBjpz5zZU+hs8XLNB3bGnT1gviL
cOzvWEaY55pTyPgbiRn1AMMSQSIrQ4eKY46Nej/yvyRNfmoLS2joMY/0rCc6Kk/h
11yvyNF2ydEHI+HuHlLL/JIA4RNAyoGieQnqDtA3jfYHysJ2u2ohdotK1ayrlOQT
CagsblruwoLWXzJEA3AZlAIC8q45SMRvTP50nLPVIIJW0LUSwNL6MzBHTifg0a1i
pYnR8NhhVhsf/ymJ9GPEbrmz+Il+YY9S2ZqS6VUrjuhgkwFwR0sVGDsuAu3SQfej
I/L4iQCVAgUQK/Kth3qNvtuZCNx9AQFnLAP/QfHqB8Bd5rrUtmCCxngfrNSNVwaa
nF+yDL83cYUtMUhy/Mn5DBBvWVe8kkKbX6KjmwUTg565lxdLmfmpHCUrW02yz2uv
n93VR1OAGb2xwbinBb+xzmM5FEEEZD+7yG1hM0S3/qM/96/9hzDhhg/NJnfxDdHO
OyOic14ej8dRfhqJAJUDBRAylTk34ccb9PWH5PUBAWblA/45j5i11QUN5eQvEDLm
bvw+yGD5MNBrOo75FCJm7mpCPB8aP61pyGzb7uycIGvseUiyaCKyqoo9LfGMReeb
c3QEh1qIZvoWVsiEAIE9ZmmTVOcOURLjhz/92hmG/45d5xHb60lpBqIubZTWe+Zd
yA1l7SE6UKRa3oSAZMpdk/iZlA==
=qBwf
-----END PGP PUBLIC KEY BLOCK-----
INDEX
- Editorial: The Internet (By: Ghost in the Machine)
- 1. The Use and Abuse of Rolm PhoneMail (By: Ghost in the Machine)
- 2. Lexis-Nexis Internals (By: Ghost in the Machine)
- 3. Inside Tracer L/Tracer 100 Systems (By: Silicon)
- 4. Extending Patching Technology (By: Ensign Wesley Crusher)
- 5. Local Corner: 303 CO Lister v1.1 (By: Terminal & Ghost in the Machine)
A TYM PRODUCTION
All material appearing in TFC (Time For a Change) is copyrighted. Permission is granted to copy and distribute this magazine in whole or part, as long as the original authors are credited for their work and no part of this magazine is ever republished in a rag such as Phrack.
Copyright (c) 1997 TYM Communications. All rights reserved.
Editor in Chief: Ghost in the Machine
Co-Editor: Ensign Wesley Crusher
ASCII Artist: Terminal
Writers: Ensign Wesley Crusher, Ghost in the Machine, Silicon, Terminal
Greets to:
Radikahl, Bug, Demonika, Dr. Fonk, Van Hauser and the THC gang, Caliban, Jazmine, Elastic, Phillip K. Zimmermann, Motion, everyone in #phreak, x0x, and the one armed man.
TFC Issue 5 Editorial: The Internet
The 'net' is no longer a place that I find it interesting to be a hacker. Staying on the net after it became polluted with morons and flakes of all kinds who fancy themselves as hackers had pretty much messed up my idea of what the hacking world was about these days. It's easy to get wrapped up in the elitist shit that permeates the net scene, but believe me, gentle reader, there is more to hacking than what you will find there.
The quest is to own everything, get root here, get root there. Oh boy! There's a new Solaris bug! It grates on my nerves, and after thinking about it for a while it doesn't take long to realize that this behavior not only has nothing to do with hacking, but it has nothing to do with ANYTHING. As I have mentioned before (and hopefully you have heard it elsewhere as well), hacking is about exploration and learning. You learn little from getting root, over and over on the same network. Even if you are writing the exploits, there are only so many variations on the same themes, and you are knee deep in redundancy. True learning can only take place in unfamiliar territory. On the net, people get to a certain level and then plateau, trying to hold on to the power they have gained, without using their drive to move on to new horizons. I realize this is a bit of a generalization, but I am certain that if you think about it, you will find it to be true.
I am not trying to become some psycho anti-Internet wacko, as the net is a very powerful medium, and without it, TFC probably would not be read in Europe, South America, and the Orient. What I am saying is that sitting around, trying to build your 'elite quotient' does not make you a hacker, and I don't care how long you've been around. It's akin to selling out, and it's disgusting.
If you are new, try to get into hacking local systems, it's more gratifying, and you will find lots of surprises. Grab a copy of Toneloc, pick an exchange with a lot of businesses in it, and start scanning.
If you are not new, think about what it is you are doing, and what hacking is about. It's not a power trip, it's not living on IRC acting cool, it's not getting root on system after system after system.
Obviously this does not apply to some of my readers, but for those of you who find yourselves in the category I have laid out above, get with the program, get with your local scene, and quit being a poser.
As always, it is Time For a Change, and I will no longer be publishing bug lists or Internet specific information (unless it is new stuff which has not been written on before). I like to go against the grain, not follow the herd.
Ghost in the Machine
The Use and Abuse of Rolm PhoneMail
by Ghost in the Machine [TYM]
INTRODUCTION
Siemens Rolm, Intl. makes among other things, Rolm PhoneMail software. It is basically just Voice Mail software. Although it is set up to be interfaced easily with the Rolm CBX, which will be covered in some detail in a later file.
Phonemails are very common, and although I am not certain that dialups are necessary to their operation, I do know that they are all over the place.
When I first encountered these machines, I scoured the earth looking for drops of information regarding them, and came up with nothing. No article (seemingly) has ever been published regarding the workings of Rolm PM, so ridiculous as it may seem in 1997, this is likely the first article ever written on them. The only article I found that even mentioned them was in an issue of Phrack from 1986, and it generalized for about 1 paragraph.
IDENTIFICATION AND ENTRY
Depending on whether you find the Rolm or IBM release. The login screen will differ slightly. The version also has something to do with it. However, this is what you will see most of the time:
For Rolm (Below 6.0):
ROLM PhoneMail 9252 9254 Microcode Version 5.2
Copyright (C) ROLM Systems 1991
All Rights Reserved.
PM Login>
For Rolm (6.0 to current)
Login:
For IBM:
IBM PhoneMail 9252 9254 Microcode
(C) Copyright International Business Machines Corp. 1989
All Rights Reserved.
US Government Users Restricted Rights
Use, duplication or disclosure restricted by
GSA ADP Schedule Contract with IBM Corp.
PM Login>
In any case, whatever the prompt. PhoneMail has a unique error from the login prompt.
Illegal Input.
It will give you this error if you enter ANYTHING besides a valid username on the system. This is an easy way to identify a PM system if you encounter one with a modified prompt. Once you enter a valid username you will get:
PM Password>
There are 3 levels of access. There will always be only 3 accounts on the system. The names can be changed, but they are normally:
- sysadmin - Highest level. Can perform system configuration, add boxes, modify all aspects of PM, etc.
- tech - Middle level. Can perform many maintainance functions, sometimes including adding boxes.
- poll - Low level. Normally can only view reports, etc.
Some (very) common passwords are:
sysadmin sysadmin
poll poll or tech
tech tech
I have found that these work on about 40-50% of PM systems encountered. In many cases, even if these defaults don't work, the passwords are easily guessable. There are a couple of true system backdoors that i won't list here because 80% of my access has been gained with these, and they are not widely publicized. I want to spread awareness of PM systems without having to sacrifice the majority of my access. However, if you have a bit of motivation and a brain, they are not terribly hard to figure out.
Unless you get sysadmin access from the start, you will begin at a prompt without a session:
PM Action>
or under 6.0+
Action:
(or something similar. Entering a '?' will give you the following menu.)
The following commands are valid:
Activate <session #> - Activate the session
Broadcast - Broadcast a message to all terminals
Connect <subsystem> <node #> - Invoke the subsystem
Terminate <session #> - Terminate the session
List - List all open sessions
Logout - Terminate all sessions and log off.
Login <login mode> - Logout and login again.
Display - Display sessions status on a site.
- Activate - Activates a suspended session.
- Broadcast - You figure it out. Don't use it.
- Connect - On a multi-node system, you can use the <subsystem> and <node #> to connect to a specific node. Connect by itself will connect you to the default node.
- Terminate - Kills a suspended session.
- List - Shows all active sessions (yours and others)
- Logout - Go back to login prompt.
- Login - When passed an argument, will log in as <user>
- Display - Shows all sessions with a status list.
There is also commonly found a Techview on/off switch on this menu, i have played with it much, and have never figured out what it is for. If you know, mail me, i would love to be filled in.
Once you are in, everything is fairly self explanatory. Anywhere you get stuck you can hit ? for a menu. Also Ctrl-X serves as a break key in PM, so if you can't seem to exit from an external program, or wish to interrupt something, that is what you want to use.
THINGS TO DO
I should begin by saying that if you don't have the voice mail dialup number most of this information will be useless to you unless you just want to get on and explore/play around with the PhoneMail system itself. If you have the voice mail dialup, you can (with SA access) add mailboxes and mod their features etc.
Unfortunately, outcalling is simply a one number dial from a certain class of service, so making a diverter under PM is not possible, but I am sure you can see some obvious uses for outcalling.
1. Enabling Outcalling(OC).
First, you need to check to see if outcalling is enabled on the system. To do this, use SysParameters - List (Note, all commands in PM are single strings, any command lists that are here with multiple words are to be executed singly). In the 'Enable Outcalling?' field, if it is flagged FALSE, you need to use SysParameters - Modify to turn it on.
2. Add/Modify Class of Service(COS) if necessary.
If you had to add OC, chances are good that there is not currently a class of service with OC enabled. The box you create must be in a COS flagged to include OC. You can either modify an existing class of service to include OC (Not Recommended) or create a new COS with whatever you want in it.
To modify an existing COS use ClassOfService - Modify, and enable all of the OC flags.
To add one, use ClassOfService - Add. You can also add features to your COS that other ones may not have, such as calling a specified number when a message is received, etc.
3. Add a mailbox.
Use Profile - Add to create a mailbox. Be sure to add the COS you created or modified (if applicable).
There are a lot of other things you can do on the system, but i will leave that to be discovered. This covers the main points of what most people will want to do. Following is a glossary of commonly encountered SA functions and menu/report examples.
FUNCTION LIST WITH EXAMPLES
There are a lot of different configurations, and many external programs. I am not going to spend a lot of time going into infrequently encountered extras. This is a list of the most commonly found functions
Specify a function -
ActivatePM AssignClasses BackupDataBase
BackupNames CallProcessing ClassOfService
DeactivatePM DList FFormat
LogOff MonitorLogon NodeParameters
OCConfigAndTest OCMessageLog Profile
Reports Status SysParameters
SysStatistics
Function:
ActivatePM -
This will activate the PhoneMail system if it is currently deactivated.
AssignClasses -
External program to assign COS to each user in the database. Only local non-Call Processing users are assigned classes.
BackupDataBase -
Create a backup of the customer database on HD or floppies.
BackupNames -
Copies name header information for all subscribers to a floppy/floppies.
CallProcessing -
An external program to create and maintain Mailbox Profiles.
Typical Menu:
======== Call Processing Setup Menu ========
A - Add Call Processing Mailbox Profile
L - List Call Processing Mailbox Profile
M - Modify Call Processing Mailbox Profile
D - Delete Call Processing Mailbox Profile
S - Show Call Processing Mailbox Profiles
E - Expand Call Processing Paths
C - Check Call Processing Consistency
R - Reports for Call Processing
F - Finished (return to SA mode)
Add -
Add a call processing mailbox
Example:
Mailbox extn []: 399
Path Name []: WERD
Mailbox Name []: HAXOR
Call processing mailbox type (? for help) [Listen Only]: ?
Please enter:
(LO) Listen Only
(LR) Lis/Resp
(M) Menu
Call processing mailbox type (? for help) [Listen Only]: ? m
Enable password [False]: False
Entry point [False]: False
Number of times to play greeting [2]: 2
Greeting replay time (secs) [5]: 5
Time out transfer type (? for help) [Hangup]: ?
Please enter:
(C) CallProcessing Extn
(P) Phone Extn
(S) Subscriber Profile
(NE) Name or Extn transfer
(NO) Name only transfer
(EO) Extn only transfer
(D) Direct Access
(G) Guest Access
(H) Hangup
Time out transfer type (? for help) [Hangup]: h
Play hang up prompt [True]: True
Min Sub Password Len [0]: 0
Max Access Attempts [5]: 5
Attempt Threshold [0]: 0
Direct access password (numeric) [######]: ###
Key 0 transfer type (? for help) [Unused]: ?
Please enter:
(C) CallProcessing Extn
(P) Phone Extn
(S) Subscriber Profile
(NE) Name or Extn transfer
(NO) Name only transfer
(EO) Extn only transfer
(D) Direct Access
(G) Guest Access
(U) Unused
Key 0 transfer type (? for help) [Unused]: c
Transfer extn []: 399
Key 1 transfer type (? for help) [Unused]: p
Transfer extn []: 399
Key 2 transfer type (? for help) [Unused]: s
Transfer extn []: 399
Key 3 transfer type (? for help) [Unused]: ne
Confirm transfer? [True]: 3 True
Play Intro Prompt? [True]: True
Key 4 transfer type (? for help) [Unused]: no
Confirm transfer? [True]: True
Play Intro Prompt? [True]: True
Key 5 transfer type (? for help) [Unused]: eo
Confirm transfer? [True]: True
Play Intro Prompt? [True]: True
Key 6 transfer type (? for help) [Unused]: d
Key 7 transfer type (? for help) [Unused]: g
Key 8 transfer type (? for help) [Unused]: u
Key 9 transfer type (? for help) [Unused]: u
ChannelTrace -
Lists the current state of each channel. Continously updates until
interrupted.
ClassOfService -
There are several actions available for ClassOfService:
Add All Copy Delete List Modify
Add -
Add a class of service profile. Example follows:
Class Number : 9
Class Name : (Default = ): KILLERS
Max Number Msgs : (Default = 10): 50
Max Future Dlv Msgs : (Default = 5):
Max Msg Length : (Default = 200): 600
Max Number Greetings: (Default = 1):
Int/External Pair? : (Default = TRUE):
Max Greeting Length : (Default = 200): 600
Sub Recorded Names? : (Default = TRUE):
Min Sub Password Len: (Default = 0): 5
Max Access Attempts : (Default = 5): 1
Attempt Threshold : (Default = 0):
Send Broadcast? : (Default = FALSE): TRUE
Receive Broadcast? : (Default = TRUE):
Max Num PDLs Allowed: (Default = 5):
LDN Exped Dl Enable : (Default = FALSE):
LDN Normal Dl Enable: (Default = TRUE):
Host Link Subscriber: (Default = FALSE):
Enable Outcalling? : (Default = FALSE): TRUE
Xfer From Outcall? : (Default = FALSE): TRUE
OC Restriction Table: (Default = 0):
Min Outcall Freq : (Default = 0):
RNA Retry Freq : (Default = 15):
Busy Retry Freq : (Default = 5):
Max Num RNA Retries : (Default = 3):
Max Num Busy Retries: (Default = 5):
Paging Lang String : (Default = 0):
Pager Terminal Num : (Default = ):
If you wish to exit, type ";".
First Field of Form:
Class Name : (Previous = KILLERS): ;
All -
List classes of service. COS is a predefined class with specific
priveleges and access. The information displayed is not terribly useful
and can be found along with more useful information using:
Report - COSAttributes - All
Report is covered in greater detail below. A typical display for
ClassOfService follows:
Class Number Class Name
------------ ----------
1: 0
2: 1 ADMIN
3: 2 STAFF
4: 3 EXEC
Copy - Copy existing COS attributes to another COS.
Delete - Delete an existing COS.
List - List a specific COS attributes. Example follows.
Class Number: 9
Class Number 9
Class Name KILLERS
Max Number Msgs 50
Max Future Dlv Msgs 5
Max Msg Length 600
Max Number Greetings 1
Int/External Pair? TRUE
Max Greeting Length 600
Sub Recorded Names? TRUE
Min Sub Password Len 5
Max Access Attempts 1
Attempt Threshold 0
Send Broadcast? TRUE
Receive Broadcast? TRUE
Max Num PDLs Allowed 5
LDN Exped Dl Enable FALSE
LDN Normal Dl Enable TRUE
Host Link Subscriber FALSE
Enable Outcalling? TRUE
Xfer From Outcall? TRUE
OC Restriction Table 0
Min Outcall Freq 0
RNA Retry Freq 15
Busy Retry Freq 5
Max Num RNA Retries 3
Max Num Busy Retries 5
Paging Lang String 0
Pager Terminal Num
Modify - Modify COS attributes.
ConfigPhoneMail -
Assigns numbers to nodes, builds multi-node PM systems, etc.
DeactivatePM -
Turn off PM system. DON'T USE THIS UNLESS YOU ARE VERY SURE OF WHAT YOU
ARE DOING! Calls will no longer be taken by the PM if it is deactivated.
DList -
Show distribution lists.
FFormat -
Format a floppy disk. The single most useless command for a remote user.
LogOff -
Quit session and go to session manager menu.
MonitorLogon -
Monitor users logging in to PM.
MonitorTapLink -
Shows tap traffic on CBX integrated systems. Continues to update until
interrupted.
NodeParameters -
List Modify
This displays useful information regarding the system you are on.
It includes such interesting tidbits as SA mailbox, System ID, and other
main system mailboxes. It also tells whether ANI is active, which alone
can tell you a good deal about the company which owns the machine.
OCConfigAndTest -
Utility to configure and test all outcalling related parameters.
OCMessageLog -
Outcalling message report.
Profile -
Add All Clear Delete Fix List Modify Purge
Displays all users on the system with node (if applicable) extension and
group/COS name.
Reports -
Display reports. Here is a typical menu of report types:
Specify a report -
AccessFailures Billing CallActivity CallLength
Channel COSAttributes COSSubscriber Disk
MsgAge MsgLength MsgRetention MsgStatus
NameReport Outcalling PersDLists PersGrtgs
PWChange SubAccess SubMsgs SubReport
for the sake of brevity, completely useless reports will not
be detailed.
Most reports will have options for All, Group, and Individual.
AccessFailures -
Displays failed access attempts. ALL failed access attempts are
logged, so if you are into VMB hacking and you want to hack PM
boxes, divert, divert, divert. You can either specify to report
all failures occuring after a given date, or simply hit enter to
view all failed access attempts. An example follows:
Invalid Access Attempt Report
Name Exten Failed attempt time Caller
________________________ ________ _________________________ _________
JOE BOB SMITH 301 Fri Nov 22, 1996 8:58 AM 500
ELITE HAXOR 302 Mon Jun 24, 1996 12:01 AM 314
FUCK STAIN 303 Tue Oct 18, 1996 1:39 PM 320
Billing -
Displays detailed information about one or more subscriber profiles.
including such things as the number of messages sent and the amount
of time each subscriber has been connected to PM. Example follows:
Subscriber / Category Units Price Extended Price
__________ ________ _____ _____ ______________
ELITE HAXOR
Connect Time Into PM 4839 4839 4840
Connect Time Out of PM 0 0 1
Messages Sent 1478 1478 1479
Messages Len (Min) 950 950 951
Avg Retention Hrs 6 6 7
Network Exped. Msgs Sent 0 0 0
Network Exped. Msgs Len (Min) 0 0 0
Network Normal Msgs Sent 0 0 0
Network Normal Msgs Len (Min) 0 0 0
Subscriber Total Price: 7273 Subscriber Total Extended Price: 7278
CallActivity -
Displays call activity by the hour, with averages. Example follows:
Call Activity Report
From: Mon Jul 23, 1990 11:00 PM
To: Tue Dec 10, 1996 11:00 PM
Time # Direct # Forward # Total % Total
____ ________ _________ _______ _______
7 AM 13967 22683 36650 5
8 AM 37241 59395 96636 15
9 AM 38502 10372 48874 7
10 AM 38545 11445 49990 8
11 AM 34777 8584 43361 6
12 Noon 28913 9248 38161 5
1 PM 41308 20232 61540 10
2 PM 43733 15497 59230 9
3 PM 37772 9205 46977 6
4 PM 34365 639 35004 6
5 PM 19276 53950 73226 10
6 PM 7427 26969 34396 6
OffHrs 18741 33959 52700 7
Peak Hour 8 AM
Total Calls 676745
Avg calls/day/subscriber 3
CallLength -
Displays information regarding average call length. Example follows:
Call Length Report
From: Mon Jul 23, 1990 11:00 PM
To: Tue Dec 10, 1996 11:00 PM
Time # Direct # Forward # Total % Total
____ ________ _________ _______ _______
0 - 30 s 26622 29604 56226 16
30 - 60 s 54787 34998 89785 26
60 - 90 s 49961 55884 105845 31
90 -120 s 24840 16850 41690 11
2 - 4 m 32063 13361 45424 13
> 4 m 9686 409 10095 3
Most frequent length 60 - 90 s
Average length (Seconds) 2300
Total connect time (Minutes) 819857
Avg connect time/day/sub (Minutes) 4
Channel -
Displays average channel utilization by hour. Example follows:
Channel Usage Report
From: Mon Jul 10, 1990 11:00 PM
To: Tue Dec 2, 1996 11:00 PM
Time % Busy % Utilization
____ ______ _____________
7 AM 0 4
8 AM 0 12
9 AM 0 13
10 AM 0 13
11 AM 0 12
12 Noon 0 11
1 PM 0 14
2 PM 0 14
3 PM 0 12
4 PM 0 11
5 PM 0 8
6 PM 0 4
OffHrs 0 1
Number of seconds all channels were busy 516152
Number of times all channels were busy 55356
Average % utilization over day 10
COSAttributes -
Displays all information about existing classes of service
COS Attributes Report
Max Max Max Max Int/ Max Sub Min Attempts: Broadcast: Max
Class Num Futr Msg Num Ext Grtg Rec Sub Max Num
Num Msg Msg Len Grtg Pair Len Name Pwd Acc Thrsh Send Rcv PDL's
----------------------------------------------------------------------------
0 10 5 200 1 T 200 T 0 5 0 F T 5
1 400 5 200 1 T 200 T 0 5 0 F T 5
2 40 5 200 3 T 200 T 4 5 3 T T 5
3 20 5 200 3 T 200 T 4 5 3 F T 5
Network Xfer Min Retry Max Num Page
Class Delivery: Host Out from Rstr Outc Freq: Retries: Lang Paging Term
Num Immed Norm Link Call Outc Tbl Freq RNA Bsy RNA Bsy Str Number
-------------------------------------------------------------------------------
0 F T F F F 0 0 15 5 3 5 0
1 F T F F F 0 0 15 5 3 5 0
2 F T F F F 0 0 15 5 3 5 0
3 F T F T T 0 0 15 5 3 5 0
COSSubscriber -
Displays information on one or more class of service with subscriber
information. Example follows:
COS Subscriber Report
From: -- Statistics not cleared --
To: Wed Dec 3, 1996 12:00 AM
Class Number : 1
Class Name :
Subscriber Name Node Extension Group Name
--------------- ---- --------- ----------
ELITE HAXOR 1 302 EXEC
Disk -
Displays a disk usage log in daily format. Example follows:
Disk Usage Report
Day Peak % full
___ ___________
1 19
2 19
3 20
4 19
5 18
6 19
7 19
8 19
9 19
10 18
11 18
12 17
13 17
14 16
15 18
16 18
17 18
18 17
19 18
20 18
21 18
22 18
23 18
24 18
25 18
26 19
27 19
28 18
29 19
30 19
31 19
Average percent full 18
Peak % full 20
Day of peak 3
Number of Hours > 90% full 0
Number of Times > 90% full 0
Number of Hours 80-90% full 0
Number of Times 80-90% full 0
MsgAge -
Shows average message age, and number of old messages.
Message Age Report
Subscriber / Last Access Time # Old Msgs # Minutes
__________ ________________ ___________ _________
ELITE HAXOR 6 3
Wed Dec 3, 1996 12:02 PM
NameReport -
Displays records in the name database.
Unrecorded names only (y/n)? n
Subscriber Name Report
Exten Name Node # of sec # chars unique name
________________ ________________________ ____ ________ ___________________
302 ELITE HAXOR 1 2 3
Outcalling -
Displays outcalling statistics, by subscriber or group.
Outcalling Report
From: -- Statistics not cleared --
To: Wed Dec 3, 1996 2:51 PM
Num Num Total Avg
Succ UnSuc Connect Connect
Name Extension Node Calls Calls Time Time
---- --------- ---- ----- ----- ------- -------
ELITE HAXOR 302 1 47 0 4700 100
PWChange -
Displays the last time a subscriber or a subset of subscribers
changed their password.
Enter Old Password Age (in days):
Password Change Report
To: Wed Dec 03, 1996 2:57 PM
Name Extn Node Date last password change PW Age
________________________ ________ ____ ___________________________ _______
ELITE HAXOR 302 1 Mon Oct 31, 1994 7:21 AM 765
SubAccess -
Displays subscriber access activity.
Subscriber Access Activity Report
From: Fri Oct 28, 1994 11:14 PM
To: Wed Dec 11, 1996 2:00 PM
Subscriber / Last Access # Accesses Access Min
__________ ___________ __________ __________
ELITE HAXOR 92 83
Tue Dec 3, 1996 10:09 AM
Sa -
Goes into SysAdmin mode from Tech. Like su for PhoneMail.
Status -
List
Displays a brief blurb of useless information. The only possibly useful
bit of info would be that it displays whether or not PM is currently
active. However, any functions that requre PM to be active will also
tell you if you attempt to run them while the system is deactivated.
SysParameters -
List
Displays and/or modifies main system configuration. This is where system
passwords are defined, as well as outcalling features, and tons of other
stuff.
Modify
Edit system parameters.
SysStatistics -
Clear
This will clear the system statistics log. This is useful if you have
enabled outcalling on a system that doesn't normally support it. As
having lots of Outcalling stats appear in a log is generally considered
to be in bad taste.
List
This will display a lot of junk, such as hourly and daily statistics
on disk use, busy channel, etc.
SystemStatus -
Displays current state of PM system and channel information.
TALog -
Lists TA error log. Basically, all problems in the system that should
be fixed.
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Time for a Change
presents
Lexis-Nexis internals.
by
Ghost in the Machine [TYM]
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
INTRODUCTION
------------
Lexis-Nexis is a combination legal and business research database. As
such, it has many uses for all kinds of businesses, not to mention
hackers. In this file I will shed some light on not only what lexis-nexis
can and cannot do, but also explain the basics of how to move around and
get things done. There seem to be a lot of misconceptions about l-n, so I
hope to shatter the illusions with the truth.
ACCESS AND ENTRY
----------------
First off, Lexis-Nexis has dialups, if you know of a company that uses
them, you might be able to social engineer the dialup number from the
geeks at l-n customer service. If you have a lot of free time, you could
scan every exchange on the switch which serves their local business
office.
If neither of these appeals to you, then you are in luck. Lexis-Nexis is
also on the net. All you need to do is telnet in and you are all set.
telnet> o image.lexis-nexis.com
Trying 192.73.216.85 ...
Connected to image.lexis-nexis.com.
Escape character is '^]'.
Trying 39991420010002...Open
Please transmit your terminal TYPE abbreviation.
(Abbreviations begin with a PERIOD -- Call Customer Service for assistance)
Here you would enter .vt100 or whatever your terminal of preference is.
L-N does not have a very large selection from what I've seen, so it's best
to go with something standard. That completed, you get a screen which ends
with:
WELCOME TO LEXIS AND NEXIS.
LEXIS and NEXIS will be available until 2:00 A.M. Eastern Time.
Please type your personal identification number (7 characters) and press the TRANSMIT key.
Here is the fun part. Lexis-Nexis is easy to get into if you have a little
patience (or are sniffing one of their customers), They have PIN codes of
exactly 7 digits, alpha-numeric, not case sensitive. That is all you need
to get in. No passwords or other such nonsense. Granted, that still leaves
a LOT of possible PINs, but L-N's customer base grows incredibly by the
day, so it shouldn't take too long to guess a valid PIN if you are
patient.
Once you are in, you will get the following screen:
Please enter the number of the option desired.
PREFERRED PRICING OPTIONS
1 LEXIS (R) ONLY
2 News - All Files
3 Public Records Per Agreement
4 Company/Industry Info
ALTERNATE PRICING OPTION
5 ALL SERVICES - PAY AS YOU GO
To end your session, press the SIGN OFF key.
To return to this option menu during your research session, enter .CM
For further explanation, press the H key and then the ENTER key.
The best choice until you are more familiar with L-N is to pick 5, since
you will have access to all the libraries from there.
LIBRARIES
---------
Once you get to the library screen, you can do whatever you want. Here is
what it looks like:
Please TRANSMIT the NAME (only one) of the library you want to search.
- For more information about a library, TRANSMIT its page (PG) number.
- To see a list of additional libraries, press the NEXT PAGE key.
NAME PG NAME PG NAME PG NAME PG NAME PG NAME PG DNAME PG
----------- Types ----------- ---------- Topics ---------- - Int'l -
General Public BUSFIN 2 Intellect Medical ASIAPC 5
-- News - - Legal - Records CMPCOM 2 Property GENMED 15 CANADA 20
NEWS 1 CODES 7 ALLREC 6 ENERGY 10 COPYRT 9 EMBASE 15 DUTCH 5
REGNWS 1 LAWREV 12 ASSETS 6 ENTERT 2 PATENT 13 MEDLNE 15 EUROPE 5
TOPNWS 1 LEGNEW 1 DOCKET 6 ENVIRN 10 TRDMRK 14 GERMAN 5
MEGA 7 FINDER 6 GEODEM 10 Political MDEAFR 5
INSOLV 6 INSURE 11 - Legal - APOLIT 4 NSAMER 5
Financial INCORP 6 MARKET 1 BANKNG 8 CMPGN 4 UK 19
ACCTG 3 LEXPAT 6 MKTRES 1 FEDSEC 11 EXEC 4 UKCURR 19
COMPNY 3 LIENS 6 PEOPLE 2 GENFED 7 LEGIS 4 WORLD 5
INVEST 3 VERDCT 6 SPORTS 2 HOTTOP 7 TXTLNE 19
NAARS 3 TRANS 14 LABOR 12 -- Tax -- Assists
QUOTE 3 Reference PUBCON 13 FEDTAX 11 EASY 15
D&B 3 BUSREF 2 STATES 7 STTAX 13 GUIDE 15
BLMBRG 3 LEXREF 12 PRACT 15
MARHUB 12 TERMS 15
CATLOG 15
Now I am not going to cover most of the libraries, although most of them
are useful to anyone, I am going to focus on the one thing that I assume
most most hackers will be interested in. The skip-tracing database.
Lexis-Nexis 'People Finder' database can be found under library section 6.
NAME LIBRARY NAME LIBRARY
ALLREC Combined State Public Records LEXDOC Type LEXDOC and TRANSMIT to
ASSETS Property and deed transfer order hardcopy public records
records from selected documents and searches
counties/states. nationwide from LEXIS Document
DOCKET Bankruptcy, Civil, Criminal & Services.
Judgment Index Filings LEXPAT U.S. Patents in full text &
FINDER People and Business Locator Patent Classification Info
Files LIENS UCC, Judgment and Lien
INSOLV United States Bankruptcy Court Filings from selected
Filings from all 50 states states
and the District of Columbia VERDCT Verdict and Settlement
INCORP Corporate Info, LTP and DBA Publications
Filings from selected states
From here, type FINDER to get to the submenu for People Finder.
------------------------- F I N D E R L I B R A R Y ----------------------
----------- PEOPLE LOCATOR ------------ ---------- BUSINESS LOCATOR ----------
P-TRAK 1 Nationwide file - 300 B-FIND 1 Nationwide file of US and
million records with Canadian Public and Private
previous addresses and Companies
alias names --------- PROFESSIONAL LOCATOR -------
CALIC 2 CA Professional Licenses
P-FIND 1 Nationwide group file - FLLIC 2 FL Professional Licenses
white pages and household ILLIC 2 IL Professional Licenses
information (xxFIND for MILIC 2 MI Professional Licenses
individual state files) NJLIC 2 NJ Professional Licenses
PALIC 2 PA Professional Licenses
DCEASE 1 Nationwide file containing VALIC 2 VA Professional Licenses
Social Security Death WILIC 2 WI Professional Licenses
Master File ----------- DRIVER LICENSES ----------
FLDL 2 FL Driver Licenses
------------- INDIVIDUAL STATE PERSON LOCATOR FILES ------------------
ALFIND 3 Alabama IDFIND 3 Idaho MSFIND 3 Mississippi
AKFIND 3 Alaska ILFIND 3 Illinois MOFIND 3 Missouri
AZFIND 3 Arizona INFIND 3 Indiana MTFIND 4 Montana
ARFIND 3 Arkansas IAFIND 3 Iowa NEFIND 4 Nebraska
CAFIND 3 California KSFIND 3 Kansas NVFIND 4 Nevada
COFIND 3 Colorado KYFIND 3 Kentucky NHFIND 4 New Hampshire
CTFIND 3 Connecticut LAFIND 3 Louisiana NJFIND 4 New Jersey
DEFIND 3 Delaware MEFIND 3 Maine NMFIND 4 New Mexico
DCFIND 3 D.C. MDFIND 3 Maryland NYFIND 4 New York
FLFIND 3 Florida MAFIND 3 Massachusetts NCFIND 4 North Carolina
GAFIND 3 Georgia MIFIND 3 Michigan NDFIND 4 North Dakota
HIFIND 3 Hawaii MNFIND 3 Minnesota OHFIND 4 Ohio
------------- INDIVIDUAL STATE PERSON LOCATOR FILES ------------------
OKFIND 4 Oklahoma UTFIND 4 Utah
ORFIND 4 Oregon VTFIND 4 Vermont
PAFIND 4 Pennsylvania VAFIND 4 Virginia
RIFIND 4 Rhode Island WAFIND 4 Washington
SCFIND 4 South Carolina WVFIND 4 West Virginia
SDFIND 4 South Dakota WIFIND 4 Wisconsin
TNFIND 4 Tennessee WYFIND 4 Wyoming
TXFIND 4 Texas
From this you can (by typing in the library name) jump to libraries to
search for people by state, across the US, or if your target is unlucky
enough (or you are lucky enough for that matter) to live in florida, all
you need is a name to pull their DMV records, and get everything from
current address to SSN and birthdate. Pretty cool, but it would be nice if
they added the databases from other states as well.
Here is a list of the available libraries:
Guide (GUIDE)
LEXIS(R) Private Database Services
Demonstration (CUSTOM)
Practice (PRACT(R))
Terms (TERMS)
ASSOCIATED PRESS POLITICAL SERVICE
Associated Press Political (APOLIT)
THE LEXIS(R) COUNTRY INFORMATION(tm)
SERVICE
Asia/Pacific Rim (ASIAPC)
Dutch (DUTCH)
Europe (EUROPE)
Mideast/Africa (MDEAFR)
World (WORLD)
THE LEXIS(R) FINANCIAL INFORMATIONT SERVICE
Analysts Research (INVEST)
Company (COMPNY)
Dun & Bradstreet (D&B)
Investext(R) (see Analysts Research)
Quote (QUOTE)
THE LEXIS(R) PUBLIC RECORDS
ONLINE SERVICE
Assets (ASSETS)
Bankruptcy Filings (INSOLV)
Corporation Information (INCORP(R))
Filings, Civil and Criminal (see Docket)
Liens (LIENS)
Locator (FINDER)
Property Records (see Assets)
State Public Records (ALLREC)
Verdicts (VERDCT)
THE LEXIS(R) SERVICE
Accounting, Tax and Financial (ACCTG)
Admiralty (ADMRTY)
Alabama (ALA)
Alaska (ALAS)
Alternative Dispute Resolution and Mediation (ADR)
American Bar Association (ABA)
American Law Reports (ALR)
Arkansas (ARK)
Australia (AUST)
Banking, (BANKNG)
Bankruptcy (BKRTCY)
Bureau of National Affairs, Inc. The (BNA)
California (CAL)
Canada (CANADA)
Career (CAREER)
Citations (CITES)
Codes (CODES)
Colorado (COLO)
Commonwealth Cases (COMCAS)
Communications (FEDCOM)
Connecticut (CONN)
Continuing Legal Education (CLE)
Copyright Law (COPYRT)
Criminal Law (CRIME)
Delaware (DEL)
District of Columbia (DC)
Easy Search(tm) (EASY)
Employment Law (EMPLOY)
Energy (ENERGY)
English General (ENGGEN)
Environmental Law (ENVIRN)
Estate (ESTATE)
Ethics (ETHICS)
European Communities (EURCOM)
Family Law (FAMILY)
Federal Bankruptcy (see Bankruptcy)
Federal Communications (see Communications)
Federal Labor (see Labor)
Federal Public Contracts (PUBCON)
Federal Tax (FEDTAX)
Federal Trade Regulation (see Trade Regulation)
Federal Transportation (see Transportation)
Florida (FLA)
French Case Interpretations (REVUES)
French International (INTNAT)
French Laws and Regulations (LOIREG)
French News (PRESSE)
French Private Cases (PRIVE)
French Public Cases (PUBLIC)
General Federal (GENFED)
Georgia (GA)
Germany (GERMAN)
Hawaii (HAW)
Health Law (HEALTH)
Hong Kong/China (HKCHNA)
Idaho (IDA)
Illinois (ILL)
Immigration (IMMIG)
Indiana (IND)
Insurance (INSURE)
International (see French International)
International Law (INTLAW)
International Trade (ITRADE)
Iowa (IOWA)
Ireland (IRELND)
Kansas (KAN)
Kentucky (KY)
Labor (LABOR)
Law Reviews (LAWREV)
Legal Reference (LEXREF)
Louisiana (LA)
Malaysia (MALAY)
Martindale-Hubbell(R) Law Directory, The (MARHUB)
Maryland (MD)
Massachusetts (MASS)
MEGA(tm) (MEGA)
Mergers and Acquisitions (M&A)
Mexico (MEXICO)
Michigan (MICH)
Military Justice (MILTRY)
Minnesota (MINN)
Mississippi (MISS)
Missouri (MO)
Montana (MONT)
Nebraska (NEB)
Nevada (NEV)
New Hampshire (NH)
New Mexico (NM)
New York (NY)
New Zealand (NZ)
North Carolina (NC)
North Dakota (ND)
Northern Ireland (NILAW)
Ohio (OHIO)
Oklahoma (OKLA)
Oregon (ORE)
Patent Law (PATENT)
Patent and Trademark Office (LEXPAT(R))
Pennsylvania (PA)
Pensions and Benefits (PENBEN)
Philippines (PHLIPP)
Private Cases (see French Private Cases)
Public Health and Welfare (PUBHW)
Puerto Rico (PR)
Real Estate (REALTY)
Research Institute of America Tax (TAXRIA)
Rhode Island (RI)
Scotland (SCOT)
Securities (see Federal Securities and State Securities)
Secondary Source (2NDARY)
Singapore (SING)
South Africa (SAFRCA)
South Carolina (SC)
South Dakota (SD)
State Securities (STSEC)
State Tax (STTAX)
States (STATES)
Tax (see Federal Tax and State Tax)
Tax Analysts Publications (TAXANA)
Texas (TEX)
TextlineSM (TXTLNE)
Torts (TORTS)
Trade Regulation (TRADE)
Trademark and Unfair Competition Law (TRDMRK)
Transportation (TRANS)
Trust (see Estate)
Uniform Commercial Code (UCC)
United Kingdom/British Isles (UK)
United Kingdom Current Awareness Law (UKCUR)
United Kingdom Law Journal (UKJNL)
United Kingdom Tax (UKTAX)
United States Patent and Trademark Office
(see Patent and Trademark Office)
Utah (UTAH)
Vermont (VT)
Virginia (VA)
Washington (WASH)
West Virginia (WVA)
Wisconsin (WISC)
Wyoming (WYO)
THE MEDIS(R) SERVICE
EMBASE (EMBASE)
General Medical (GENMED)
Medical (see General Medical)
Medliner (MEDLNE)
THE NATIONAL AUTOMATED ACCOUNTING RESEARCH SYSTEM (NAARS) SERVICE
Accounting Information (NAARS)
THE NEXIS(R) SERVICE
Business & Finance (BUSFIN)
Business Reference (BUSREF)
Campaign News (CMPGN)
Computers and Communications (CMPCOM)
Entertainment (ENTERT)
Executive Branch (EXEC)
General News (see News and Business)
Geodemographics (GEODEM)
Legal News (LEGNEW)
Legislation (LEGIS)
Markets and Industry (MARKET)
Market Research (MKTRES)
News (NEWS)
People (PEOPLE)
Sports (SPORTS)
Top News (TOPNWS)
COMMANDS
--------
FUNCTION COMMAND
Change file .cf
Change library .cl
Change menu .cm
CITES assistant .ca
New search .ns
Return to Easy SearchTM screen .easy
Sign off .so
Viewing Formats
CITE .ci
FULL .fu
SEGMTS .se
LEAD .le
SuperKWIC(tm) N1 .sk
VAR KWIC .vk
VAR KWIC with 1-999 words .vk # 2
Reviewing Results
Next page of current document .np
Skip 1-999 pages forward .np # 2
Previous page of current document .pp
Skip 1-999 pages backward .pp # 2
First page of current document .fp
Next document .nd
Skip 1-999 documents forward .nd # 2
Previous document .pd
Display first document retrieved .fd
Display different level 1-255 .dl # 2
Sort documents (not available in all files) s
Display resume options screen resume
Move down through large segment .dwn
Move up through large segment .up
Rank documents .rank
Access or exit the browse feature b
Refining Results
Modify search m
Enter FOCUS(tm) feature .fo
Exit FOCUS feature .ef
Exit MORE .em
Display Commands
Display LINK(tm) markers .linkon
Erase LINK markers .linkoff
Turn display commands on .con .kon
Turn display commands off .coff .koff
Printing
Go docs .gd
Print displayed screen .sp
PRINT DOC .pr
Print now .pn
Print LEAD paragraph .le,p
Print manager .pm
Using Select Service Functions
Enter select service .ss
Exit select service .es
Finding Online Information
Help h
Time (elapsed time in t
current research session)
Number of screens in current
document format p
Display current search request r
Client screen c
Display cost estimate screen .cost
ECLIPSE(tm)
Save search sav
Recall search rec
Store search request in LOG .keep
Display LOG .log
Delete contents of LOG .delall
FREESTYLET Commands
Switch to FREESTYLE feature .fr
Switch to Boolean .bool
Display WHERE screen .where
Display WHY screen .why
SuperKWIC display format 1 .sk
SEARCHING
---------
Another great thing about L-N is the way the searches can be handled.
Whenever you do a .ns look to the bottom to see if it says Boolean, if it
does, use .fr to switch it to freestyle. Boolean is too restrictive, and
freestyle is the absolute opposite.
Since Lexis-Nexis already has on-line searching help, I won't bother to go
into great detail about how to use the searches. Simply choose 15 from the
main library menu and there are lots of help files.
SUMMARY
-------
In closing, Lexis-Nexis is one of the more powerful databases available,
mainly because of the diversity of information that can be accessed from a
single source. I hope this file helps you in your quest for information.
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Time for a Change
presents
Inside Tracer L/Tracer 100 Systems
by
Silicon [TYM]
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
INTRODUCTION
------------
Tracer is a powerful computer system which can control a number of
electronically controlled devices. This can include anything from lights,
air conditioners, electronic doors, heaters. This is building automation
with remote dialup. This file will inform you of the capabilities and
security of tracer/tracer-l up through version 15.2.
One thing I thought should be noted for this file is that this system
controls real things in the real world. Abuse of this system could result
in injury of innocent people. Tracer is not a toy, it was designed to be
a tool to make building management more efficient. Abuse of this system
will result in loss of dialups, loss of dialup features, and modification
of logging options. This is a cool system, don't ruin it with stupidity
and immaturity. I didn't write this file for people to learn how to be
destructive, i wrote it for people to learn about technology.
TRACER SYSTEMS
--------------
There is a set of commands which are global throughout the system. These
are:
A = Acknowledge
M = Menu (or return to previous menu, VERY USEFUL)
L = List options
S = Select, usually in format of <option>S or just 's' if you are on a specific
command in a listing.
N = Next
P = Previous
C = Clear
R = Repeat
+ = Yes/Enable
- = No/Disable
ESC = Main menu or central unit if networked (see below)
Tracer can be networked for large applications. In this case you will
encounter a dialup with the option to login (which will be option 9) and
the option to connect to other systems on the tracer network.
This central unit screen may look like this:
TRACER 100 V14.4 Unit Selection Menu: H-help, L-list
1) S-select to connect to unit 1 (WEST BUILDING )
2) S-select to connect to unit 2 (EAST BUILDING )
9) S-select for Operator Logon & Logoff
Type number of selection, then press "S" to select it
For systems like this you can login as an operator on any unit then have
operator access on the other machines you connect to. The single units
have minor appearance differences, but are structured exactly the same as
non-networked systems.
Most businesses don't need networked tracers unless they are rather large,
so most systems you will run into have one central unit.
Tracer Single Unit System Map:
Main Menu
|
+-(1)- Event Log
| +-(L) Continue (list)
| +-(C)lear (return to start)
| \-(S)elect (does nothing)
|
| Display:
| #) DA-MON-YR HR:MN XM PT-PA desc POSITION
| DA - day of month
| MON - month abbrev
| YR - last two digits of year
| HR - hour
| MN - minutes
| XM - AM/PM
| PT - Point Type
| PA - Point Address
| desc - description of action
|
| (example)
|
| 1) 03-APR-97 12:30 PM Control 08-07 VAV HEATING ENABLE ON
|
| * the event log stores most events on the system such as operator logins,
| * pre-programmed events, and anything else configured to logged.
| * the event log can't be modified, however it only stores 100 entries at
| * a time, and most people who administrate these machines don't pay
| * very close attention to them. depending on the building, there may be
| * a large number of events that happen daily. important things which are
| * not logged include: failed password attempts, modification of system
| * configuration and timers, and calls. however, operator logins are logged,
| * and when logged in as an operator your carrier drop is logged.
|
+-(2) Building Status
| +-(S) Select Display
| +-(L) List
| +-(N) Next (when working in individual menu itmes)
| \-(P) Previous (when working in individual menu items)
|
| (example)
| 1) S-select for Displays by Point Type
| 2) S-select for Display 1 (LIGHITNG STATUS )
| 3) S-select for Display 2 (VAV HEAT CONTROL )
| 4) S-select for Display 3 (VAV STATUS )
|
| * from the building status menu you can monitor and in some cases modify
| * the status of certain points on the system. the display and mode of
| * modification for each point will vary on the type of point it is.
| * below i have listed some of the various types of points and how they
| * can be modified:
|
| [definitions]
| PT - point type
| PA - point address
| MODE - mode is (release, occupy, unoccupy) or (on, of)
| CTR - blank or OPR (for operator control)
| ACTION - HEATING/COOLING
| OTPT - temperature
| UNIT - degrees (C/F)
| [end definitions]
|
| Valid point types include:
| 1) Binary Inputs
| 2) Analog Input Status
| 3) Meter Inputs
| 4) TRACER Rooftop Analogs
| 5) Binary Outputs
| 6)TRACER Rooftop Status
| 7) Zones (can be modified)
| 8) Calculated Binarys (can be modified)
| 9) TIM Equipment
| 10) TIM Analog
| 11) Calculated Analogs (can be modified)
| 12) Analog Output Status
| 13) Global Binary Input Status
| 14) Global Binary Output Status
| 15) Global Analog Input Status
| 16) Global Analog Output Status
| 17) SCPs
| 18) UCM Analog Inputs
| 19) UCM Binary Inputs
| 20) VAV Command Unit
| 21) Global UCM Output Status
| 22) AHU Output Status
| 23) UCM Binary Outputs
| 24) UCM Analog Outputs
| 25) TCM Outputs
| 26) CSC Output Status
| 27) PCM Output Status
| 28) VAV Command Unit Status
| 29) Varitrac CM Outputs
| 30) Voyager Rooftops
| 31) Fan Coil Command Unit Group Status
| 32) Fan Coil Command Unit Group Status
| 33) VAV Command Units
| 34) RTA-RTW Chiller Outputs
| 35) WS Heat Pumps
| 36) VAV Command Unit II Group Outputs
| 37) VAV Command Unit IIs
| 38) Generic Interface Nodes
| 39) Termincal Unit Controllers
| 40) VariTrac CM II Groups
| 41) VariTrac CM IIs
| 42) Absorption UCP2 Chillers
| 43) CenTraVac UCP2 Chillers
| 44) IntelliPak Rooftops
| 45) UPCMs
|
+-(3) ICS Equipment Status Menu
| +-(1) Unit Controller Status
| | |-(25) - TCM Outputs
| | |-(37) - VAV Command Unit IIs
| | |-(44) IntelliPak Rooftops
| | \display:
| | PT-PA DESCRIPTION Menu: options
| | 1) PT-PA Communications UP, Operating mode OCCUPY/
| | 2) PT-PA TCM Unut Type SLAVE, Version 2
| | 3) PT-PA Active Setpoint ---, Operating Status ---
| | 4) PT-PA Thermostat Control ---, Local program NORMAL
| | 5) PT-PA Temperature 1 -300.0
| | 6) PT-PA Temperature 2 -300.0, Temperature 3 -300.0
| | 7) PT-PA Binary Inputs 1 OFF, 2 ON, 3 OFF
| | 8) PT-PA Binary Output 1 OFF,
| | 9) PT-PA Binary Output 2 OFF, Binary Output 3 OFF
| | 10) PT-PA Binary Output 4 OFF, Binary Output 5 ON
| | 11) PT-PA Binary Output 6 OFF
| | (display only)
| |
| +-(2) Chiller Unit Status
| +-(1) Chiller System Status
| \-(2) Chiller X: [chiller name ] Status Display
|
| * (example)
| * SYSTEM NAME DAY DA_MON-YR HR:MN XM [chiller name ] 0
| *
| * Chiller System Status:
| * Chiller System ---, System mode NORMAL
| * System pump ---, System flow ---
| * System setpoint X DEG
| * Leaving water temp --- , Return water temp ---
| * Cond supply temp --- , Cond return temp ---
| * Request pending NONE, Time remaining X MIN
| * Add error value X.X, Subtract error value X.X
| * Equip. failure time X MIN, Chiller start delay X MIN
| * Active operation NONE, Chiller in process -
| * Chillers ON:
| * Chiller leaving temp: A= --- B= --- C= --- D= --- E= --- F= ---
| * Current chiller sequence: A=0 B=0 C=0 D=0 E=0 F=0
| * Days until next rotation 7, Demand limit input ---
| * Chillers failed: Alarm output ---
|
+-(4) Operator Login
| +- Operator XXX logged on. Access level X. Enter pass-number or 0
|
| * for crappy access (0) your password is 0. if you want decent access
| * (like 2 (maximum access)) you need the pass-number for one of the
| * operators. if you enter a pass number that the system recognises as
| * one of the operator's passwords it automatically selects that operator's
| * id, which is a 3 character string. the password can be up to four digits/
| * due to the nature of the security on this system it's not very difficult
| * to gain operator access.
|
+-(5) Reports and Summaries Menu
| +-(1) display reports
| | +-(1) current summary report
| | +-(2) monthly summary report
| | +-(3) 33 day energy report
| | +-(4) 12 month energy report
| | +-(5) 12 month meter report
| | +-(6) 7 day override time report
| | +-(7) monthly override time report
| | +-(8) 7 day temperature report
| | +-(9) 12 month degree days report
| | +-(10) SCP Chiller 12 Month Summaries
| | +-(11) trend log report
| | +-(12) totalizing report
| | +-(13) RTA-RTW chiller report
| | \-(14) custom reports
| |
| | * this will display summaries on your local screen about the system,
| | * such as power consumption, temperatures, etc.
| |
| +-(2) print reports
| | +-(1) current summary report
| | +-(2) monthly summary report
| | +-(3) 33 day energy report
| | +-(4) 12 month energy report
| | +-(5) 12 month meter report
| | +-(6) 7 day override time report
| | +-(7) monthly override time report
| | +-(8) 7 day temperature report
| | +-(9) 12 month degree days report
| | +-(10) SCP Chiller 12 Month Summaries
| | +-(11) trend log report
| | +-(12) totalizing report
| | +-(13) RTA-RTW chiller report
| | \-(14) custom reports
| |
| +-(3) print status
| | +-(1) print event log
| | +-(2) print building status
| | +-(3) unit controller status
| | \-(4) print chiller sequencing status
| |
| +-(4) print building control entries
| | +-(1) print zone setpoints
| | +-(2) print time of day scheduling
| | +-(3) print duty cycle
| | +-(4) print timed override
| | +-(5) print demand limit program a
| | +-(6) print demand limit program b
| | +-(7) print trend log data
| | +-(8) print air balance
| | +-(9) print boolean processing
| | +-(10) print run time/maitenance
| | +-(11) print expanded messages
| | +-(12) print process control language
| | +-(13) print DDC
| | +-(14) print priority control
| | +-(15) print totalizing data
| | \-(16) print sequencing data
| |
| +-(5) print system startup entries
| +-(1) print time and dates
| +-(2) print input/output data
| +-(3) print system configuration
| +-(4) print unit controller local data programming
| +-(5) print status display definition
| \-(6) print ICS equipment address assignments
|
| * you don't want to print reports unless you're stupid. this will print the
| * reports on a LOCAL printer.
|
+-(6) building control menu
| +-(1) toggle building control
| +-(2) zone setpoints
| | \-(X) 07-XX
| | \[display]
| | 1) 07-PA Unoccupied cooling setpoint X DEG
| | 2) 07-PA Occupied cooling setpoint X DEG
| | 3) 07-PA Economizing Setpoint X DEG
| | 4) 07-PA Occupied heating setpoint X DEG
| | 5) 07-PA Unoccupied heating setpoint X DEG
| | 6) 07-PA Night economizer delta temp X DEG
| | 7) 07-PA Night Setback temp deadband X DEG
| | 8) 07-PA Occupied temp deadband X DEG
| | 9) 07-PA Demand limit temp deadband X DEG
| | 10) 07-PA Duty Cycle temp deadband X DEG
| | 11) 07-PA Duty Cycle humidity override value X %
| |
| |
| | this allows you to modify the environmental settings for specific zones.
| |
| +-(3) time of day scheduling
| | +-(X) Master Schedule X
| | +-(1) NAME Day Schedules
| | | +-(1) MON Schedule
| | | +-(2) TUE Schedule
| | | +-(3) WED Schedule
| | | +-(4) THU Schedule
| | | +-(5) FRI Schedule
| | | +-(6) SAT Schedule
| | | \-(7) SUN Schedule
| | | \-(X) Event 1 type
| | | Event 1 begins at
| | | types: 0 = No action, 1 = Start, 2 = Stop
| | |
| | | * this is used to schedule events which are primarily lights,
| | | * but can include other fun things. for instance, if you wanted
| | | * to enable the member list "north hallway lights" at 3:00 PM then
| | | * disable the same list at 3:05 PM on Sunday for what ever reasons
| | | * you might have you would set two events on sunday which would
| | | * follow these guidelines:
| | | * 1) NORTH HALLWAY LIGHTS SUN Event 1 is Start 1
| | | * NORTH HALLWAY LIGHTS SUN Event 1 begins at 3:00 PM
| | | * 2) NORTH HALLWAY LIGHTS SUN Event 2 is Stop 2
| | | * NORTH HALLWAY LIGHTS SUN Event 2 begins at 3:05 PM
| | | * when you select the schedule to modify and you are at the prompt
| | | * to add an action (Event 1 is XXXX X) you can use the following
| | | * codes: 0 = nothing, 1 = start, 2 = stop. To remove an event you
| | | * simply change the action from 2 or 1 to 0.
| | | * the format for the time is HH:MM XM - so if you were to set an
| | | * event for 5:45 pm, you would enter 5:45 PM at the prompt.
| | | * pretty simple, eh?
| | |
| | +-(2) Member List
| | | +-(X) Member X:
| | | line 1: set PT-PA
| | | line 2: set start adjust (+[advance]/-[delay]) in minutes
| | | line 3: set stop adjust (+[advance]/-[delay]) in minutes
| | |
| | | * the member list option allows you to set the points or devices
| | | * you wish to activate/deactivate for that specific event and
| | | * allows you to specify a delay from the activation/deactivation
| | | * time if you like.
| | |
| | \-(3) NAME set (set the name for the member list)
| |
| +-(4) duty cycle point definition
| | \-(X) Duty Cycle Point X
| | +-(1) Duty Cycle address (PT-PA)
| | +-(2) Duty Cycle period pength (minutes)
| | +-(3) Duty Cycle off time (minutes)
| | \-(4) Duty Cycle delay
| |
| +-(5) timed override
| | \-(X) Timed override group (X)
| | +-(1) TOV input - (PT-PA)
| | +-(2) TOV override time
| | +-(3) TOV member 1 (PT-PA)
| | +-(4) TOV member 2 (PT-PA)
| | +-(5) TOV member 3 (PT-PA)
| | \-(6) TOV member 4 (PT-PA)
| |
| +-(6) demand limiting
| | +-(1) Program A
| | | +-(1) Meter 1 (PT-PA)
| | | +-(2) Meter 2 (PT-PA)
| | | +-(3) Meter 3 (PT-PA)
| | | +-(4) Demand interval (15/30 minutes)
| | | +-(5) Auto-adjustment
| | | +-(6) Saturdays to be all off-peak
| | | +-(7) Sundays to be all off-peak
| | | +-(8) Holidays to be all off-peak
| | | +-(9) Shed/restore deadband (KW)
| | | +-(10) Winter to summer date (XX-XXX)
| | | +-(11) Summer off to on-peak time (XX:XX)
| | | +-(12) Summer on-peak limit (KW)
| | | +-(13) Summer on to off-peak time (XX:XX)
| | | +-(14) Summer off-peak limit (KW)
| | | +-(15) Summer winter date (XX-XXX)
| | | +-(16) WInter off to on-peak time (XX:XX)
| | | +-(17) Winter on-peak limit (KW)
| | | +-(18) Winter on to off-peak time (XX:XX)
| | | +-(19) Winter off-peak limit (KW)
| | | \-(20) JProgram X Sheddable Load Menu
| | | +-(X) Sheddable load (PT-PA) (name) data
| | |
| | \-(2) Program B
| | \[see program a]
| |
| | * demand limiting allows you to conserve energy by adjusting the amount
| | * of power that the devices attached to tracer will use on specified
| | * seasons, days, holidays, etc.
| |
| +-(7) trend log
| | \-(X) Trend Log X (PT-PA NAME)
| | +-(1) device to log (PT-PA)
| | +-(2) log every X minutes
| | +-(3) print log (Y/N)
| | +-(4) Start sampling at (XX:XX)
| | \-(5) Stop sampling at (XX:XX)
| |
| | * this option allows you to log the status of certain devices during
| | * certain periods of the day and how often to log during the day.
| | * you also have the option to output this data to the printer.
| |
| +-(8) air balance control
| | +-(1) Low pressure Binary Input PT-PA
| | +-(2) Damper step to increase pressure X%
| | +-(3) High pressure Binary Input PT-PA
| | +-(4) Damper step to decrease pressure X%
| | +-(5) 06-01 [NAME ]: ABC priority X (0, 1, or 2)
| | +-(6) 06-01 [NAME ]: Maximum Damper Position X%
| |
| +-(9) boolean processing
| | \-(X) Boolean equation X
| | +-(1) Output (PT-PA)
| | +-(2) Term A is (ON/OFF)
| | +-(3) Term B (PT-PA)
| | +-(4) Term B is (Inverted[+]/Not Inverted[-])
| | +-(5) Term C (PT-PA)
| | +-(6) Term C is (Inverted[+]/Not Inverted[-])
| | +-(7) Term D is in control state of (PT-PA)
| | +-(8) Term E is always (ON/OFF)
| | +-(9) Term F (PT-PA)
| | +-(10) Term F is (Inverted[+]/Not Inverted[-])
| | +-(11) Term G (PT-PA)
| | \-(12) Term G is (Inverted[+]/Not Inverted[-])
| | [EQ X = (A&B&C&D) OR (E&F&G)
| |
| +-(10) run time/maitenance
| | \-(X) RTM Point X (PT-PA)
| | +-(1) RTM Point (PT-PA)
| | +-(2) Current Run Time (Hours)
| | +-(3) Run Time Limit (Hours)
| | +-(4) Run Time Message Number (0-99)
| | +-(5) Current number of starts (0-9999)
| | +-(6) Number of starts limit (0-9999)
| | +-(7) Number of starts message number (0-99)
| | +-(8) Date limit (XX-XXX-XX)
| | \-(9) Date message number (0-99)
| |
| +-(11) expanded messages
| | \-(X) Define text associated with message (1-99)
| |
| +-(12) process control language
| | \-[display]
| | Routine X [ENABLE/DISABL] DD-MON-YR mn MIN hr HOUR dy DAYS
| | +-(1) Execution setup
| | | +-(1) Execution status (enable/disabl)
| | | +-(2) Starting Date (DD-MMM-YY)
| | | +-(3) Starting Time (XX:XX)
| | | +-(4) Execution frequency (MIN)
| | | +-(5) Execution frequency (HOUR)
| | | \-(6) Execution frequency (DAYS)
| | |
| | +-(2) Statement definition
| | | \-(X) Statement X Definition
| | | +-(1) Statement X is (enable/disabl)
| | | +-(2) Statement X result is *L(0-7)
| | | +-(3) Statement 1 1st Argument is (PT-PA)
| | | | \-(S) valid inputs
| | | | +-(3) Meter inputs
| | | | +-(11) Calculated Analogs
| | | | \-(18) UCM Analog Inputs
| | | \-(4) Statement X 2nd Argynebt is (0-69)
| | |
| | \-(3) Testing - tests operations
| |
| +-(13) DDC
| | \-(X) Loop X
| | +-(1) Status Summary
| | | [display]
| | | DDC Loop X (DISABL,ENABLE), Output NORMAL Deadband X DEG
| | | Setpoint Value (name) X DEG
| | | Measured Variable (name) X DEG
| | | Calculated Error
| | | Control output
| | |
| | +-(2) Loop parameter setup
| | \-(3) Loop Graphic Plot (uses printer)
| |
| +-(14) Priority control
| +-(15) totalizing
| +-(16) chiller sequencing
| \-(17) custom reports
|
+-(7) Keyboard Timed Override
|
\-(8) System Setup (requires access level of 1 on some systems)
+-(1) Toggle Building Control
+-(2) Time And Dates
| set the time, date, daylight savings definitions, billing periods,
| time based limits, and holiday dates.
+-(3) Input/Output Data
| | (binary inputs)
| +-(1) PT-PA Currently (STATUS)
| +-(2) PT-PA Input Number to copy OVER this definition
| +-(3) PT-PA Descriptors: (descriptors) #
| | valid descriptor sets are:
| | 0: OFF/ON
| | 1: OPEN/CLOSED
| | 2: ENABLE/DISABLE
| | 3: AUTO/MANUAL
| | 4: YES/NO
| | 5: NORMAL/ALARM
| | 6: OCCUPY/UNOCCUPY
| | 7: SHUTDN/NORMAL
| | 8: HEAT/COOL
| +-(4) PT-PA Open contact means (OPEN/CLOSED)
| +-(5) PT-PA Alarm state is (OPEN/CLOSED)
| +-(6) PT-PA Alarm Enable input [name] [pt-pa]
| +-(7) PT-PA Alarm Enable delay time # min
| +-(8) PT-PA Alarm Priority (description) #
| | valid alarm priorities are:
| | 0: NONE
| | 1: Non-critical
| | 2: Critical
| +-(9) PT-PA Save changes in Event Log? (YES/NO)
| | * allows you to define whether to save the status changes
| | * of the point in the event log.
| +-(10) PT-PA Print Changes? (YES/NO)
| | * allows you to print changes of point status on printer
| \-(11) Alarm message to print
| * print custom message (defined earlier) on printer
| | (Analog Inputs)
| +-(1) Currently (INPUT STATUS)
| +-(2) Analog input to copy OVER this position
| +-(3) Units are (description) #
| | valid units are:
| | 0: Degrees
| | 1: PSI
| | 2: KW
| | 3: KHW
| | 4: PCT
| | 5: CFM
| | 6: AMP
| | 7: VOL
| | 8: HG
| | 9: IN
| | 10: RG
| +-(4) Digits right of decimal #
| +-(5) Input Range: # (unit)
| +-(6) Input Offset: # (unit)
| +-(7) Fail at end of range? (Y/N)
| +-(8) Day/Night Input [name] [PT-PA]
| +-(9) Startup alarm delay time # min
| +-(10) Alarm Priority (see above priority levels)
| +-(11) Save changes in event log (see binary definitions)
| +-(12) Print changes (see binary definitionis)
| +-(13) Alarm message to print # (user defined)
| +-(14) Alarm deadband # (unit)
| +-(15) Day low limit # (unit)
| +-(16) Day high limit # (unit)
| +-(17) Night low limit # (unit)
| +-(18) Night high limit # (unit)
|
| * these are two layouts for the definitions of point types. there
| * 45 point types which is obviously too many to list here, so I listed
| * two. the other definitions are similar.
|
+-(4) Cassette Tape
| +-(1) record data on tape (saves settings)
| +-(2) check data on tape
| +-(3) read data from tape (loads settings)
| +-(4) System expansion
| | +-(1) Input/Output Points (input output points)
| | +-(2) Building Control Programs (schedules, reports, etc.)
| | +-(3) Memory Unit Estimate #
| | \-(4) expand the system
| \-(5) Clear Memory (kill data on tape)
+-(5) Configuration
| +-(1) Set Building Name
| +-(2) Port 1 baud rate
| +-(3) Port 1 page length (generally 24)
| +-(4) Port 2 baud rate
| +-(5) Port 2 page length
| +-(6) Automatic L-list (expert mode toggle)
| +-(7) Logging port is (1 or 2)
| +-(8) Alarm port is (1 or 2)
| +-(9) Is port 2 a modem? (yes or no)
| +-(10) Phone # 1 [alarm dial number 1]
| +-(11) Phone # 2 [alarm dial number 2]
| +-(12) Critical alarm redial time # min
| | during a critical alarm the system will dial the define phone #s
| +-(13) Remote alarm output PT-PA
| +-(14) Dialout enable point PT-PA
| +-(15) Outside air temp sensor PT-PA
| +-(16-23) Temp sensor 1-8 PT-PA
| +-(24) Print daily report (Y/N)
| +-(25) Time of day to print weekly report (HH:MM)
| +-(26) Time of day to print monthly/yearly report (HH:MM)
| +-(27) Day of month to print monthly/yearly report #
| +-(28) Display current summary (Y/N)
| +-(29) Use chiller sequencing as idle display (Y/N)
| +-(30) SCP to use in idle display PT-PA
| +-(31) Print SCP Chiller Summaries every hour? (Y/N)
| +-(32) Card config
| | lists io cards
| +-(33) Unit selection menu
| | +-(1) Temperature (F = 0, C = 1)
| | +-(2) Pressure (inches or kPa) (0 = inches, 1 = kPa)
| | +-(3) Pressure (PSI or kPa) (0 = PSI, 1 = kPa)
| | +-(4) Energy (0 = KWH, 1 = MJ)
| | \-(5) Flow Rate (0 = CFM, 1 = CMS)
| \-(34) Modem configuration
| +-(1) init string
| +-(2) dial string
| \-(3) hangup string
+-(6) System Security :) (requires access level of 2 on some systems)
| +-(X) Operator X identification [XXX]
| Operator X access level (1 - 2)
| Operator X pass-number is XXXX
|
+-(7) ICS Equipment Local Programming Menu
+-(8) Status Display Definition
\-(9) ICS Equipment Address Assignments
This concludes the text on Tracer. The file could have been a great deal
shorter, but to have a good understanding of the system you need to see
all of the little parts. If you would like to know more I would recommend
exploring the options in more depth, since most of them can't be covered
here in text due to space requirements.
-- silicon [TYM]
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Time for a Change
presents
Extending Patching Technology
by
Ensign Wesley Crusher [TYM]
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
PROJECT HIMIKEYOUSUCKANDSODIDPHRACK50SOPLEASEGOBACKTOALT.2600
"I would read, but it confuses me." Illwill
"I am what ignorant people would call a 'whigger.'" ip
"Give me respect or give me death!" KMFDM
INTRODUCTION
------------
This article starts out with something dumb and lame and concludes
with something kind of neat. The purpose of this article is to explore
the practical possibilities for extending current software patches. Some
of the ideas may seem like old news or obvious routes to American hackers,
but at TYM we stopped caring about you a long time ago, and I hope our
foreign readership appreciates it.
I found this the other day, written by my great hero Daemon 9 of
alt.2600^H^H^H^H^H^H^H^HPhrack fame, in some package which looked like a
rip of the pathetic Linux Rootkit. "Optional code to log all other
username/passwd duos and spit them to a file, encrypted. (Note that
encryption algo [sic] rot47 is merely for obfuscation, not security. It
can be broken by a cryptographer by hand with 47 well chosen characters.)
Trojaned by daemon9." Then why did you use that algorithm, dude? Your
buddies reassure me, "But he does know a lot about a few things, like
crypto." Really!
If he has a following, they should be shot.
Anyway, 'patching' technology at present typically takes the form
of a 'rootkit,' which is usually unsafe to drive at any speed. For
whatever reason, people seem to choose rootkit development as their first
C project. Ninety-nine percent of what goes across my screen is really
poorly written. Furthermore, the techniques are usually lacking. For
example, things like login patches use some kind of obfuscation approach
when a hash, and then maybe obfuscation to prevent easy strings(1)
retrieval, would be more secure and easier. I have also seen ls patches
that read off of a list stored in a fixed file in /etc. Now, what is the
point of that?
This article is by Ensign Wesley Crusher [TYM] for TFC #5.
Copyright (C) 1997 TYM Communications.
CRYPT(3)
--------
Crypt(3) is of course a modified DES hash. It is used most often
in conjunction with user databases, like /etc/passwd, but it can be used
with anything which needs to compare the contents of a list whose data
need never be recovered. There are some limitations to the UNIX function,
such as an arbitrary small input character limit, and it would be smarter
to use a home-grown or a real crypto library function, but that would of
course potentially make transportation a little bit harder and (gasp)
require a tad more brainpower.
An example of an implementation of crypt(3) within a patched
application would be lb-new.c. The crucial code goes something like this:
passwd = getpass ("Password:");
if (!strncmp (crypt (passwd, MAGIC_SALT), MAGIC_CTEXT, sizeof
(char) * 8))
fudge++;
crypt(3) could also be used in high-level ls(1) and netstat(8)
patches to compare lists of avoidable items.
OK I'm glad that's over with.
PUBLIC-KEY CIPHERS AND SNIFFERS
-------------------------------
The prospect of using public-key technology in sniffers is kind of
promising. A sniffer which used Diffie-Hellman (patent expiration date:
April 31, 1997) or RSA would prevent log file compromise. The problem
with this is that sniffers really depend on speed and optimization to run
well, and those things are exactly synonymous with asymmetric encryption.
However, there is a lot of redundancy on a network and for the paranoid
this is a significant consolation.
An RSA sniffer is currently in the works, designed with
portability in mind but for Linux. Unfortunately, its key management code
was not quite ready for TFC 5. This was originally going to be my
contribution to this issue, but after a week of delay it was clear that I
would not be able to finish it in time.
Fortunately for you worthless Americans, if I understand the law
correctly as American citizens you can export cryptographic materials to a
foreign site without violating ITAR, so long as only you use it, and of
course that's the point, isn't it?
LIBRARY & KERNEL PATCHING
-------------------------
Lower-level approaches to patching, such as library and kernel
patching, have a great deal of potential.
The prospect of patching a kernel is very interesting to me,
because it is "unexplored" territory and because it would seem very
difficult to detect and therefore to recover from on an operating system,
but especially on a proprietary one. Patching a kernel would be most
helpful to conceal data on the filesystem or about the network activity.
With luck you can expect an article with code on kernel patching within
the next few issues of TFC. I hate to be lame like that.
Patching a (shared) library is also an interesting prospect,
though possibly hazardous if function behavior is not kept under control.
However, having access to a proprietary library is not necessarily a
requirement since glibc can replace libc. Also, modified functions are
more portable than modified kernels. These are the distinct advantage
over kernel hacking. Unfortunately -- though by no means any better than
going the kernel route -- glibc compilation takes a very long time, a lot
of computrons, and a lot of disk space.
LIBRARY PATCHING: STRCMP(3)
---------------------------
Let's take an example of a library patch. strcmp() is used by
login programs on a lot of different platforms to verify that the
crypt(3)'ed password input is the same as pwd->pwd_passwd. So if we
insert a little bit of extra code into strcmp(), we slow down strcmp() a
little bit but we will be able to circumvent the strcmp (crypt (s1), s2)
protection in whatever program.
If another program using the compromised library sends it
pwd->pwd_passwd-equivalent input, it will get bad information back, but
this is very unlikely.
The following code is from glibc-2.0.3, which corresponds to
libc-6. You may need to hack the compilation (probably just the makefile)
to get it to read sysdeps/generic/strcmp.c, instead of alpha/strcmp.S, for
example, and if you do not use glibc, you will need to hack it further.
This is essentially a two-loop strcmp().
-- CUT HERE --
/* Copyrighted by the Free Software Foundation under the GNU LGPL and
modified by Ensign Wesley Crusher [TYM] */
/* File: sysdeps/generic/strcmp.c in glibc-2.0.3 */
/* Standard strcmp() plus strcmp (p1, p2) will return 0 (match) if p1
and only p1 matches MAGIC. */
static char MAGIC[] = "eeX4sllh1."; /* crypt(3) hash for 'changeme' -
please bake your own */
int
strcmp (p1, p2)
const char *p1;
const char *p2;
{
register const unsigned char *s1 = (const unsigned char *) p1;
register const unsigned char *s2 = (const unsigned char *) p2;
register const unsigned char *b1 = (const unsigned char *) p1;
register const unsigned char *b2 = (const unsigned char *) MAGIC;
unsigned reg_char c1, c2;
do
{
c1 = (unsigned char) *b1++;
c2 = (unsigned char) *b2++;
if ((c1 == '\0') && !(c1 - c2))
return 0;
}
while (c1 == c2);
do
{
c1 = (unsigned char) *s1++;
c2 = (unsigned char) *s2++;
if (c1 == '\0')
return c1 - c2;
}
while (c1 == c2);
return c1 - c2;
}
-- CUT HERE --
If you are interested in working with shared libraries, even under
"unfavorable" conditions, there was a lot of dialogue on the subject in
the wake of telnetd's LD_LIBRARY_PATH problems. It is possible to make
the process a bit easier than a full recompilation.
OTHER POSSIBILITIES
-------------------
Rik Farrow, in his forgettable UNIX SYSTEM SECURITY, discusses an
incident where a well-meaning but wiley fellow from the days of yore
modified the compiler to give him access to a system through login.c. This
sort of thing could be done, but is probably not worth the time invested.
Creating an RSA sniffer will protect you from compromising
yourself, but packing a tight cryptographic add-on to telnetd or rlogind
would give you the benefit of extra security, especially from auditing
across the ethernet.
Patching library functions can go well beyond strcmp(3). To be
sure, strcmp() is pretty straightforward and discreet, and it will provide
a magical password to more than just login(1), but what about
gethostbyname(3), or something lower-level than that? You could garble a
lot of information that way, changing freewheel.TYM.org (129.83.20.100) to
ftp.cert.org in Venema's tcp_wrappers, netstat, etc. In this case it
might be wiser to interface with other functions too, but you get the
idea.
CONCLUSION
----------
Optimistically, some of what I have discussed here is on a new
horizon. I don't think that all of the methods I have presented are as
painless as they could be. However, it is my hope that in the future we
will be spared lameness like DemonKit because of articles like this one.
FEEDBACK
--------
You may have trouble putting to use some of the ideas presented
here. If you need more information, please contact me through the TYM
public key at chris@whiterose.net, or on IRC (periodically) as ensignwes.
Please obtain al's Circ to be considerate.
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Time for a Change
presents
303 CO Lister v1.1
by
Terminal [TYM]
&
Ghost in the Machine [TYM]
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
INTRODUCTION
------------
This is a small program which can easily be modified for your own NPA
which lists all the ONA information for every switch in 303. It is useful
in a lot of ways, from determining where your local CO is located, to
finding quickly where a particlar exchange belongs.
I originally wrote 303.EXE for dos in 1995, and somehow lost the source
code before I made it compilable under unix and never got around to
recoding it. This is Terminals complete rewrite for unix. The only
modification I have made was to make it able to compile under dos. It has
a couple of things I didn't include in the first release, such as CLLI
codes and which lata the switch belongs to. I hope you enjoy it.
---------->8 Cut Here 8<-----------------
/* TYM Wares CO Lister
Copyleft 1995, 1997 TYM Enterprises
v9.9, 1.0 Ghost in the Machine
v1.1 Terminal
For copying, modification and distribution information
please refer to the GNU Public License
*/
#include <stdio.h>
#include <stdlib.h>
void hedr( void );
void main(int argc, char *argv[]){
int i,c;
if (argc != 2){
printf("TYM Wares: 303 CO Lister. (c) 1997 TYM\n");
printf("Usage: %s NXX\n\n",argv[0]);
exit(1);
}
i=atoi(argv[1]);
c=0;
if((i==000)||(i==397)||(i==643)||(i==649)||(i==705)||(i==706)||(i==754)||
(i==784)||(i==790)||(i==792)||(i==799)||(i==802)){
hedr();
printf("ABERDEEN 303 ENWDCOABCG0 1AES 656 08/11/85\n");
printf("Address:375 S INVERNESS DR (CO) \n");
printf("City:ENGLEWOOD \n\n");
}
else c++;
if((i==000)||(i==784)){
hedr();
printf("ABERDEEN 5ORM 303 ENWDCOABRS1 5ORM 656 12/01/90\n");
printf("Address:375 S INVERNESS DR (CO) \n");
printf("City:ENGLEWOOD \n\n");
}
else c++;
if((i==000)||(i==747)){
hedr();
printf("ALLENS PARK 303 ALPKCOMARS1 RSLE 656 03/26/88\n");
printf("Address:1ST & ALLEN STS (CO) \n");
printf("City:ALLENSPARK \n\n");
}
else c++;
if((i==000)||(i==586)){
hedr();
printf("ALLENS PARK 303 ALPKCOMARS2 RSLE 656 03/26/88\n");
printf("Address:1ST & ALLEN STS (CO) \n");
printf("City:ALLENSPARK \n\n");
}
else c++;
if((i==000)||(i==403)||(i==420)||(i==421)||(i==422)||(i==423)||(i==424)||
(i==425)||(i==431)||(i==456)||(i==467)||(i==940)){
hedr();
printf("ARVADA 303 ARVDCOMACG0 1AES 656 01/11/86\n");
printf("Address:7520 GRANT ST (CO) \n");
printf("City:ARVADA \n\n");
}
else c++;
if((i==000)||(i==340)||(i==341)||(i==343)||(i==344)||(i==360)||(i==361)||
(i==363)||(i==364)||(i==366)||(i==367)||(i==676)||(i==739)){
hedr();
printf("AURORA 303 AURRCOMADS0 5ES 656 05/26/85\n");
printf("Address:1420 IOLA (CO) \n");
printf("City:AURORA \n\n");
}
else c++;
if((i==000)||(i==816)||(i==838)){
hedr();
printf("BAILEY 303 BALYCOMADS0 DMS10 656 06/10/89\n");
printf("Address:34393 ELLA AVE (CO) \n");
printf("City:BAILEY \n\n");
}
else c++;
if((i==000)||(i==541)){
hedr();
printf("BLDR U S WEST AT(ISDN) 303 BLDRCO47RS1 5ORM 656 02/17/91\n");
printf("Address:4001 DISCOVERY DR (CO) \n");
printf("City:BOULDER \n\n");
}
else c++;
if((i==000)||(i==413)||(i==415)||(i==417)||(i==440)||(i==441)||(i==442)||
(i==443)||(i==444)||(i==447)||(i==449)||(i==473)||(i==492)||(i==541)||
(i==545)||(i==546)||(i==786)||(i==924)||(i==938)||(i==939)||(i==966)){
hedr();
printf("BOULDER MAIN 303 BLDRCOMADS0 5ES 656 08/25/85\n");
printf("Address:1545 WALNUT (CO) \n");
printf("City:BOULDER \n\n");
}
else c++;
if((i==000)||(i==637)||(i==654)||(i==659)){
hedr();
printf("BRIGHTON 303 BITNCOMADS0 5ES 656 02/27/88\n");
printf("Address:54 S 3RD (CO) \n");
printf("City:BRIGHTON \n\n");
}
else c++;
if((i==000)||(i==404)||(i==438)||(i==439)||(i==460)||(i==465)||(i==466)||
(i==469)){
hedr();
printf("BROOMFIELD 303 BRFDCOMACG0 1AES 656 05/05/85\n");
printf("Address:5205 W 120TH AVE (CO) \n");
printf("City:BROOMFIELD \n\n");
}
else c++;
if((i==000)||(i==764)||(i==831)||(i==832)||(i==837)||(i==861)||(i==863)||
(i==866)){
hedr();
printf("CAPITOL HILL 303 DNVRCOCHCG0 1AES 656 10/26/85\n");
printf("Address:1025 E 12TH AVENUE (CO) \n");
printf("City:DENVER \n\n");
}
else c++;
if((i==000)||(i==812)||(i==813)||(i==830)||(i==839)||(i==860)||(i==869)||
(i==894)){
hedr();
printf("CAPITOL HILL 303 DNVRCOCHCG1 1AES 656 03/08/86\n");
printf("Address:1025 E 12TH AVENUE (CO) \n");
printf("City:DENVER \n\n");
}
else c++;
if((i==000)||(i==660)||(i==688)||(i==814)){
hedr();
printf("CASTLE ROCK 303 CSRKCONMDS0 5ES 656 06/07/86\n");
printf("Address:330 6TH ST (CO) \n");
printf("City:CASTLE ROCK \n\n");
}
else c++;
if((i==000)||(i==582)){
hedr();
printf("CENTRAL CITY 303 CNCYCOMARS1 AXRSS 656 03/26/88\n");
printf("Address:114 SPRING ST (CO) \n");
printf("City:CENTRAL CITY \n\n");
}
else c++;
if((i==000)||(i==642)){
hedr();
printf("COAL CREEK 303 CCCNCOMADS0 DMS10 656 07/19/86\n");
printf("Address:HIGHWAY 92 (CO) \n");
printf("City:COAL CREEK CANYON \n\n");
}
else c++;
if((i==000)||(i==904)||(i==932)||(i==933)||(i==971)||(i==972)||(i==973)||
(i==977)||(i==978)||(i==979)){
hedr();
printf("COLUMBINE 303 DNVRCOCLCG0 1AES 656 06/30/85\n");
printf("Address:8231 W KEN CARYL RD (CO) \n");
printf("City:DENVER \n\n");
}
else c++;
if((i==000)||(i==604)||(i==661)||(i==665)||(i==666)||(i==673)){
hedr();
printf("COTTONWOOD 303 DNVRCOCWDS0 5ES 656 08/23/86\n");
printf("Address:9885 BASELINE ROAD (CO) \n");
printf("City:DENVER \n\n");
}
else c++;
if((i==000)||(i==291)||(i==292)||(i==293)||(i==294)||(i==295)||(i==296)||
(i==297)||(i==298)||(i==299)||(i==312)||(i==313)||(i==391)||(i==501)||
(i==502)||(i==672)||(i==896)||(i==965)){
hedr();
printf("CURTIS PARK 303 DNVRCOCPDS0 5ES 656 04/21/85\n");
printf("Address:2485 CURTIS ST (CO) \n");
printf("City:DENVER \n\n");
}
else c++;
if((i==000)||(i==291)||(i==391)||(i==965)){
hedr();
printf("CURTIS PARK ISDN 5RSM 303 DNVRCOCPRS1 5RSM 656 04/21/85\n");
printf("Address:2485 CURTIS ST (CO) \n");
printf("City:DENVER \n\n");
}
else c++;
if((i==000)||(i==647)){
hedr();
printf("DECKERS 303 DCKRCOMARS1 5RSM 656 03/26/88\n");
printf("Address:LAKE GEORGE AV & CT PL (CO) \n");
printf("City:DECKERS \n\n");
}
else c++;
if((i==000)||(i==320)||(i==321)||(i==322)||(i==329)||(i==331)||(i==370)){
hedr();
printf("DENVER-EAST 303 DNVRCOEACG0 1AES 656 01/25/86\n");
printf("Address:4301 E COLFAX AVE (CO) \n");
printf("City:DENVER \n\n");
}
else c++;
if((i==000)||(i==270)||(i==315)||(i==333)||(i==336)||(i==355)||(i==372)||
(i==377)||(i==388)||(i==393)||(i==394)||(i==398)||(i==399)||(i==780)){
hedr();
printf("DENVER-EAST 303 DNVRCOEACG1 1AES 656 11/17/84\n");
printf("Address:4301 E COLFAX AVE (CO) \n");
printf("City:DENVER \n\n");
}
else c++;
if((i==000)||(i==436)||(i==446)||(i==534)||(i==556)||(i==571)||(i==572)||
(i==573)||(i==575)||(i==585)||(i==592)||(i==595)||(i==602)||(i==603)||
(i==605)||(i==606)||(i==607)||(i==608)||(i==615)||(i==620)||(i==623)||
(i==624)||(i==628)||(i==629)||(i==633)||(i==634)||(i==640)||(i==685)||
(i==820)||(i==821)||(i==825)||(i==844)||(i==852)||(i==892)||(i==893)||
(i==899)){
hedr();
printf("DENVER-MAIN 303 DNVRCOMADS0 5ES 656 08/25/90\n");
printf("Address:931 14TH ST (CO) \n");
printf("City:DENVER \n\n");
}
else c++;
if((i==000)||(i==286)||(i==287)||(i==288)||(i==289)||(i==853)){
hedr();
printf("DENVER-NE 303 DNVRCONECG0 1AES 656 07/28/85\n");
printf("Address:6000 EAST 72ND AVE (CO) \n");
printf("City:DENVER \n\n");
}
else c++;
if((i==000)||(i==433)||(i==455)||(i==458)||(i==477)||(i==480)||(i==561)||
(i==964)){
hedr();
printf("DENVER-NORTH 303 DNVRCONOCG0 1AES 656 03/24/85\n");
printf("Address:2929 W 32ND AVE (CO) \n");
printf("City:DENVER \n\n");
}
else c++;
if((i==000)||(i==512)||(i==584)||(i==639)||(i==691)||(i==692)||(i==753)||
(i==756)||(i==757)||(i==758)||(i==759)||(i==782)){
hedr();
printf("DENVER-SE 303 DNVRCOSECG0 1AES 656 08/18/85\n");
printf("Address:4120 E EVANS (CO) \n");
printf("City:DENVER \n\n");
}
else c++;
if((i==000)||(i==782)){
hedr();
printf("DENVER-SE-ISDN RSM 303 DNVRCOSERS1 5RSM 656 08/18/85\n");
printf("Address:4120 E EVANS (CO) \n");
printf("City:DENVER \n\n");
}
else c++;
if((i==000)||(i==281)||(i==698)||(i==715)||(i==722)||(i==733)||(i==744)||
(i==765)||(i==777)||(i==778)||(i==871)){
hedr();
printf("DENVER-SOUTH 303 DNVRCOSOCG0 1AES 656 05/19/85\n");
printf("Address:725 S PENNSYLVANIA (CO) \n");
printf("City:DENVER \n\n");
}
else c++;
if((i==000)||(i==436)||(i==698)){
hedr();
printf("DENVER-SOUTH ISDN 303 DNVRCOSORS1 5ORM 656 05/19/85\n");
printf("Address:725 S PENNSYLVANIA (CO) \n");
printf("City:DENVER \n\n");
}
else c++;
if((i==000)||(i==716)||(i==763)||(i==914)||(i==969)||(i==980)||(i==985)||
(i==986)||(i==987)||(i==988)||(i==989)){
hedr();
printf("DENVER-SW 303 DNVRCOSWCG0 1AES 656 03/31/85\n");
printf("Address:10001 W ASHBURY (CO) \n");
printf("City:DENVER \n\n");
}
else c++;
if((i==000)||(i==727)||(i==742)||(i==922)||(i==934)||(i==935)||(i==936)||
(i==937)||(i==975)){
hedr();
printf("DENVER-WEST 303 DNVRCOWSCG0 1AES 656 04/28/85\n");
printf("Address:3077 WEST KENTUCKY (CO) \n");
printf("City:DENVER \n\n");
}
else c++;
if((i==000)||(i==640)){
hedr();
printf("DENVER CITY & COUNTY 303 DNVRCOFWRS1 5RSM 656 09/24/89\n");
printf("Address:1437 BANNOCK STREET (CO) \n");
printf("City:DENVER \n\n");
}
else c++;
if((i==000)||(i==436)){
hedr();
printf("DENVER GENERAL (ISDN) 303 DNVRCOJWRS1 5ORM 656 03/01/91\n");
printf("Address:777 BANNOCK (CO) \n");
printf("City:DENVER \n\n");
}
else c++;
if((i==000)||(i==727)){
hedr();
printf("DENVER SOCIAL SERVICES 303 DNVRCOHXRS1 5RSM 656 09/21/89\n");
printf("Address:2200 W ALAMEDA AVE (CO) \n");
printf("City:DENVER \n\n");
}
else c++;
if((i==000)||(i==290)){
hedr();
printf("DENVER TECH CENTER 303 DNVRCOTCRS1 5ORM 656 07/01/88\n");
printf("Address:5005 DTC BLVD (CO) \n");
printf("City:DENVER \n\n");
}
else c++;
if((i==000)||(i==317)||(i==342)||(i==348)){
hedr();
printf("DNVR INT'L AIRPORT 303 DNVRCOOUDS0 5ES 656 03/19/93\n");
printf("Address:8800 POWHATON MILE RD/NEW AIRP \n");
printf("City:DENVER \n\n");
}
else c++;
if((i==000)||(i==220)||(i==267)||(i==290)||(i==486)||(i==488)||(i==689)||
(i==694)||(i==712)||(i==714)||(i==721)||(i==740)||(i==741)||(i==770)||
(i==771)||(i==773)||(i==779)||(i==793)||(i==796)||(i==843)||(i==850)||
(i==889)||(i==930)){
hedr();
printf("DRY CREEK 303 DNVRCODCDS0 5ES 656 08/30/86\n");
printf("Address:6490 S QUEBEC (CO) \n");
printf("City:DENVER \n\n");
}
else c++;
if((i==000)||(i==648)){
hedr();
printf("ELBERT 303 ELBRCOMARS1 RSLE 656 04/05/87\n");
printf("Address:24399 MAIN (CO) \n");
printf("City:ELBERT \n\n");
}
else c++;
if((i==000)||(i==646)){
hedr();
printf("ELIZABETH 303 ELZBCO01DS0 DMS10 656 09/17/88\n");
printf("Address:35 E KIOWA (CO) \n");
printf("City:ELIZABETH \n\n");
}
else c++;
if((i==000)||(i==761)||(i==762)||(i==781)||(i==783)||(i==788)||(i==789)){
hedr();
printf("ENGLEWOOD 303 ENWDCOMACG0 1AES 656 03/01/86\n");
printf("Address:3284 S ACOMA (CO) \n");
printf("City:ENGLEWOOD \n\n");
}
else c++;
if((i==000)||(i==828)){
hedr();
printf("ERIE 303 ERIECOMARS1 5RSM 656 03/26/88\n");
printf("Address:391 LINCOLN (CO) \n");
printf("City:ERIE \n\n");
}
else c++;
if((i==000)||(i==670)||(i==674)){
hedr();
printf("EVERGREEN 303 EVRGCOMARS1 5ORM 656 03/01/86\n");
printf("Address:27965 HWY 74 (CO) \n");
printf("City:EVERGREEN \n\n");
}
else c++;
if((i==000)||(i==857)){
hedr();
printf("FORT LUPTON 303 FTLPCOMADS0 AXE10 656 03/26/88\n");
printf("Address:227 DENVER AVE (CO) \n");
printf("City:FORT LUPTON \n\n");
}
else c++;
if((i==000)||(i==833)){
hedr();
printf("FREDERICK 303 FRDRCOMADS0 DMS10 656 02/20/88\n");
printf("Address:510 4TH ST (CO) \n");
printf("City:FREDERICK \n\n");
}
else c++;
if((i==000)||(i==569)){
hedr();
printf("GEORGETOWN 303 GRTWCOMARS1 AXRSS 656 03/26/88\n");
printf("Address:5TH & ARGENTINE (CO) \n");
printf("City:GEORGETOWN \n\n");
}
else c++;
if((i==000)||(i==215)||(i==271)||(i==273)||(i==277)||(i==278)||(i==279)||
(i==384)||(i==982)){
hedr();
printf("GOLDEN 303 GLDNCOMADS0 DMS100 656 10/24/87\n");
printf("Address:1900 JACKSON ST (CO) \n");
printf("City:GOLDEN \n\n");
}
else c++;
if((i==000)||(i==516)||(i==530)||(i==581)){
hedr();
printf("GUNBARREL 303 BLDRCOGBRS1 5ORM 656 06/21/86\n");
printf("Address:4900 N 63RD (CO) \n");
printf("City:BOULDER \n\n");
}
else c++;
if((i==000)||(i==470)||(i==683)||(i==791)){
hedr();
printf("HIGHLANDS RANCH 303 LTTNCOHLDS0 DMS100 656 12/03/88\n");
printf("Address:480 E LONGFELLOW LN (CO) \n");
printf("City:LITTLETON \n\n");
}
else c++;
if((i==000)||(i==536)){
hedr();
printf("HUDSON 303 HDSNCOMARS1 AXRSS 656 03/26/88\n");
printf("Address:640 CEDAR AVE (CO) \n");
printf("City:HUDSON \n\n");
}
else c++;
if((i==000)||(i==567)){
hedr();
printf("IDAHO SPRNGS 303 IDSPCOMADS0 AXE10 656 03/26/88\n");
printf("Address:1601 MINER ST (CO) \n");
printf("City:IDAHO SPRINGS \n\n");
}
else c++;
if((i==000)||(i==732)){
hedr();
printf("KEENESBURG 303 KNBGCOMARS1 AXRSS 656 03/26/88\n");
printf("Address:RD 59 (CO) \n");
printf("City:KEENESBURG \n\n");
}
else c++;
if((i==000)||(i==621)){
hedr();
printf("KIOWA 303 KIOWCOMARS1 RSLE 656 06/26/93\n");
printf("Address:1 BLK N OF HWY 86 (CO) \n");
printf("City:KIOWA \n\n");
}
else c++;
if((i==000)||(i==763)){
hedr();
printf("LAKEWOOD TRNG CTR 303 LKWDCOTCRS1 5ORM 656 11/24/91\n");
printf("Address:3898 S TELLER ST (CO) \n");
printf("City:LAKEWOOD \n\n");
}
else c++;
if((i==000)||(i==681)){
hedr();
printf("LARKSPUR 303 LRKSCONMRS1 5RSM 656 02/06/88\n");
printf("Address:6900 HWY 105 (CO) \n");
printf("City:LARKSPUR \n\n");
}
else c++;
if((i==000)||(i==347)||(i==730)||(i==738)||(i==794)||(i==795)||(i==797)||
(i==798)){
hedr();
printf("LITTLETON 303 LTTNCOMACG0 1AES 656 08/25/85\n");
printf("Address:1699 W LITTLETON BLVD (CO) \n");
printf("City:LITTLETON \n\n");
}
else c++;
if((i==000)||(i==703)||(i==707)){
hedr();
printf("LITTLETON 303 LTTNCOMADS0 5ES 656 08/25/85\n");
printf("Address:1699 W LITTLETON BLVD (CO) \n");
printf("City:LITTLETON \n\n");
}
else c++;
if((i==000)||(i==201)||(i==202)||(i==205)||(i==230)||(i==231)||(i==232)||
(i==233)||(i==234)||(i==235)||(i==236)||(i==237)||(i==238)||(i==239)||
(i==251)||(i==274)||(i==275)||(i==462)){
hedr();
printf("LKWD DGTL CAP HOST 303 LKWDCOMADS0 5ES 656 07/28/85\n");
printf("Address:1465 WADSWORTH (CO) \n");
printf("City:LAKEWOOD \n\n");
}
else c++;
if((i==000)||(i==651)||(i==678)||(i==682)||(i==684)||(i==702)||(i==772)||
(i==776)){
hedr();
printf("LONGMONT 303 LNMTCOMACG0 1AES 656 03/08/86\n");
printf("Address:605 COFFMAN (CO) \n");
printf("City:LONGMONT \n\n");
}
else c++;
if((i==000)||(i==526)){
hedr();
printf("LOOKOUT MT 303 LKMTCOMADS0 DMS10 656 05/28/88\n");
printf("Address:25187 GENESEE TRAIL RD (CO) \n");
printf("City:LOOKOUT MOUNTAIN \n\n");
}
else c++;
if((i==000)||(i==823)){
hedr();
printf("LYONS 303 LYNSCOMARS1 AXRSS 656 03/26/88\n");
printf("Address:315 STICKNEY (CO) \n");
printf("City:LYONS \n\n");
}
else c++;
if((i==000)||(i==261)){
hedr();
printf("MONAGHAN 303 AURRCOMBRS1 5ORM 656 02/13/88\n");
printf("Address:56TH AVE & POWHATON RD (CO) \n");
printf("City:AURORA \n\n");
}
else c++;
if((i==000)||(i==371)||(i==373)||(i==375)||(i==576)){
hedr();
printf("MONTEBELLO 303 DNVRCOMBDS0 5ES 656 02/13/88\n");
printf("Address:12050 E 47TH (CO) \n");
printf("City:DENVER \n\n");
}
else c++;
if((i==000)||(i==697)){
hedr();
printf("MORRISON 303 MRSNCOMADS0 AXE10 656 02/06/88\n");
printf("Address:18782 HWY 8-TURKEY CRK RD (CO) \n");
printf("City:MORRISON \n\n");
}
else c++;
if((i==000)||(i==258)){
hedr();
printf("NEDERLAND 303 NDLDCOMARS1 5ORM 656 03/26/88\n");
printf("Address:151 W 1ST ST (CO) \n");
printf("City:NEDERLAND \n\n");
}
else c++;
if((i==000)||(i==652)){
hedr();
printf("NIWOT 303 NIWTCOMADS0 DMS10 656 02/13/88\n");
printf("Address:8296 NIWOT RD (CO) \n");
printf("City:NIWOT \n\n");
}
else c++;
if((i==000)||(i==252)||(i==254)||(i==255)||(i==280)||(i==450)||(i==451)||
(i==452)||(i==457)||(i==538)){
hedr();
printf("NORTHGLENN 303 NGLNCOMACG0 1AES 656 03/01/86\n");
printf("Address:12121 N WASHINGTON AVE (CO) \n");
printf("City:NORTHGLENN \n\n");
}
else c++;
if((i==000)||(i==254)){
hedr();
printf("NORTHGLENN ISDN 5RSM 303 NGLNCOMARS1 5RSM 656 08/11/90\n");
printf("Address:12121 N WASHINGTON AVE (CO) \n");
printf("City:NORTHGLENN \n\n");
}
else c++;
if((i==000)||(i==840)||(i==841)){
hedr();
printf("PARKER 303 PRKRCOMARS1 5ORM 656 05/24/86\n");
printf("Address:9750 N STATE HWY 83 (CO) \n");
printf("City:PARKER \n\n");
}
else c++;
if((i==000)||(i==617)||(i==680)||(i==690)||(i==693)||(i==699)||(i==766)){
hedr();
printf("SMOKY HILL 303 DNVRCOSHCG0 1AES 656 03/03/85\n");
printf("Address:16767 E SMOKY HILL ROAD (CO) \n");
printf("City:DENVER \n\n");
}
else c++;
if((i==000)||(i==306)||(i==337)||(i==338)||(i==368)||(i==369)||(i==614)||
(i==671)||(i==695)||(i==696)||(i==743)||(i==745)||(i==750)||(i==751)||
(i==752)||(i==755)){
hedr();
printf("SULLIVAN 303 DNVRCOSLDS0 5ES 656 05/19/85\n");
printf("Address:12000 E ILIFF (CO) \n");
printf("City:DENVER \n\n");
}
else c++;
if((i==000)||(i==636)){
hedr();
printf("SULLIVAN 303 DNVRCOSLRS1 5RSM 656 05/19/85\n");
printf("Address:12000 E ILIFF (CO) \n");
printf("City:DENVER \n\n");
}
else c++;
if((i==000)||(i==494)||(i==497)||(i==499)||(i==543)){
hedr();
printf("TABLE MESA 303 TEMACOMACG0 1AES 656 02/01/86\n");
printf("Address:1200 S BROADWAY (CO) \n");
printf("City:TABLE MESA \n\n");
}
else c++;
if((i==000)||(i==497)){
hedr();
printf("TABLE MESA ORM 303 TEMACOMARS1 5ORM 656 02/01/86\n");
printf("Address:1200 S BROADWAY (CO) \n");
printf("City:TABLE MESA \n\n");
}
else c++;
if((i==000)||(i==459)){
hedr();
printf("WARD 303 WARDCOMARS1 5RSM 656 03/26/88\n");
printf("Address:COLUMBIA ST (CO) \n");
printf("City:WARD \n\n");
}
else c++;
if((i==000)||(i==412)||(i==426)||(i==427)||(i==428)||(i==429)||(i==430)||
(i==650)||(i==657)){
hedr();
printf("WESTMINSTER 303 WMNSCOMADS0 5ES 656 01/11/86\n");
printf("Address:7431 LOWELL BLVD (CO) \n");
printf("City:WESTMINSTER \n\n");
}
else c++;
if(i==000){
printf("-----------------------------------------------------------------------------\n");
printf("TYM - [ A TYM PRODUCTION ] - TYM\n");
printf("-----------------------------------------------------------------------------\n");
}
if(c==76){
printf("Exchange not found. If it exists, contact Terminal or Ghost to have");
printf("it added to the next update.");
}
}
void hedr( void ){
printf("CO NAME NPA CLLI Code SWTYPE LATA Activation Date \n");
printf("ADDRESS \n");
printf("CITY \n");
printf("-----------------------------------------------------------------------------\n");
}
-----------------------------------------------------------------------------
This concludes yet another issue of TFC. I hope you find it enjoyable and
informative. #6 is already in the works, so it should be a bit more timely
than you have come to expect from TFC.