����������������������������������������������������������������������� PC Pursuit Thief Version 1.0 By Brew Associates An Official Phortune 500 Product ����������������������������������������������������������������������� INTRODUCTION Greetings, �again.

As with any new program or software package it is always a pain to have to go through and read the documentation, �and this will be no exception (that was a joke). Anyway, these docs should be �a little more detailed in nature due to the fact that I am �writing this �up on processor #1 �on the TMCS network and have PC Pursuit Thief running �on processor #2. �Finally, �true �distributed �multi-tasking! Enough of that. PC �Pursuit �Thief �ushers �in �a �new �era �of �hacking �utility. Currently �we have Code Thief, �Fuckin' �Hacker and others for extender hacking, �and before PC Pursuit Thief we only had a program called Phry Code Pro written by the Exciter. �Well, �being that competition proves advantageous �to �the �community (of course the Code Thief vs. �Fuckin' Hacker "feature wars" can attest to that), PC Pursuit Thief was born to break somewhat of a monopoly. �And besides, �Phry Code Pro plans on an extender hacker in future versions, �according to the documentation for version 4.0, so to each his own. STARTING PC PURSUIT THIEF There �are two ways of starting PC Pursuit Thief from �DOS. ��The first is by just typing PCPTHIEF<return>. If you see it in yourself to type "PCPTHIEF<return>" �instead of typing "PCPTHIEF" �and then hitting the �return key, �you have my permission to put your head through �your monitor. The �second �method is by adding some command line �paramaters �to tell PC Pursuit Thief to start hacking in automatic mode at a �specific time, and then to stop at a specific time, or after a certain number of valid PC Pursuit ID's and passwords are found: C>PCPTHIEF 1:00 2:00 The above command entered at the command line will have PC Pursuit Thief wait until 1:00 �am to hack (all times are in 24 hour format) and then hack until 2:00 �am, or until 1 valid code is found. �What? �You don't want to stop after 1 valid code, �but think you can snag 2 before 2:00? Well, enter this at the command line: C>PCPTHIEF 1:00 2:00 2 The �2 above is an optional paramater that tells PC Pursuit �Thief to quit after 2 valid codes (or before 2:00 �am, of course) - �whatever comes first. If you want to strictly quit at 2:00 no matter how many codes are found, enter something like:

C>PCPTHIEF 1:00 2:00 9999 Of course you're not going to get 9999 codes in 1 hour, and that's the �point. ��Remember �that this number MUST be an integer, ��so �the highest it can go is 32767, �so "PCPTHIEF 1:00 2:00 �32767" �would have the �same effect as "PCPTHIEF 1:00 �2:00 �9999" �because if you're �not going �to get 9999 �codes in an hour you certainty aren't going to �get 32767. By the way, �everything in automatic mode is for FLAGGED templates only. ��If there are no flagged templates, �then once it starts up �at 1:00 it will drop right back to the operating system after it tells you that there are none flagged (if you are there of course). �You get the DOS �prompt after PC Pursuit Thief quits, �or if you started PC Pursuit Thief from a batch file, then the batch file resumes processing. IF PC PURSUIT THIEF IS RUN IN NORMAL MODE Ok, ��here's the title screen (yes, �I'm looking at it now on �the other monitor). �I added a little disclaimer, �being that this utility has the sole function of going after one company only (GTE). �Again, I stress that the use or misuse of this program is totally up to you. If you get caught, �that's your responsibility, etc, etc. When I wrote it, I myself didn't break any laws, but then again is there a legal theaory for "kenetic energy", or... forget it. Hit any key to get rid of the title/disclaimer screen. Now you'll see �my own little "added touch" �to the title as the window bounces in and �out/rotates (depending on how you view it) �and puts �the �program title in it. THE MENU Here �we go. �Kind of looks like Code Thief, �doesn't it? �Well, although �it only took me three days (with sleep deprevation) �to write PC �Pursuit Thief, �no code from Code Thief was used. �I �started from scratch �on everything. �Oh, �and we're in Turbo Pascal 5.0 �now, ��so things are going to be a little bit faster (I especially like what they did to the screen display speed). We'll �go �over all of the things off the main menu one by �one... as a matter of fact, �it would be best if this documentation is printed out FIRST, �then you follow the following sections along as the program executes. >modem/city configuration Select �this. ��Just use the up and down arrow keys to �move �the highlight �bar �and space or return to choose the option of �D) ��Modem Configuration. You could also hit "D" �then return or space as a quick way of getting the highlight bar there. Ok, ��here �we have all of the neat things that PC �Pursuit �Thief needs �to �know �about talking to the outside world, ��and �Telenet �in particular. ��In �this �section the up and down arrow �keys �move �the highlight, ��and return or space chooses the option. �The letters �"A" through �"J" �will take you right to an option with the highlight �bar, but �note that it still takes the pressing of return or space to select

it. First �thing we want to do is tell PC Pursuit Thief �what �ComPort our modem is connected to at. �Well, �if you have just a COM1: ��modem then �leave �it �alone, �because as you can see the �default �is �COM1: (ComPort 1). �If your modem is on COM2: �or COM3: �or COM4: �then �hit space �or �return when Communications Port is highlighted and then �use the left and right arrow keys to select your ComPort. �Hit return when you have the correct one showing on your screen. Now we need the enter the baud rate. Note that the baud rate will be �the �baud rate of the Telenet Number that we will enter �in �option "E", ��so keep this in mind and don't screw it up. �If your baud �rate doesn't match the baud rate of the modem that answers when you dial the number as choosen in option "E", then you screwed up. The baud rate is choosen �just �like �ComPort. �Hit space or return when Baud �Rate �is highlighted, ��then use the left and right arrow keys to cycle �through the available baud rates. �Use return when your selection is what �you want (and don't screw up, by the way). The �modem �setup string is used for just that -- �to set �up �the modem. ��This �entry in your configuration has two special �characters that have special meanings and are interpreted by PC Pursuit Thief �and not �sent �as �entered to the modem. �They are the "|" ��and �the �"~" characters. �The "|" signifies ascii character 13 (return) and the "~" signifies �a 1/4 �second pause. �Note that in the default a �V1 ��code (verbose �on) ��is specified. �Make sure that your modem is always �in VERBOSE �mode and to keep this V1 �here to make sure it is �initialized into verbose mode. Dial command is the command we will use to dial the modem. ��When PC �Pursuit �Thief needs to dial Telenet it will send the following �to the �modem: �<dialcommand><telenet_number><RETURN>. Connect Response is what the modem sends to signal that we are now connected �to �a �remote computer (Telenet). ��This �all �defaults �to "CONNECT" ��with verbose response codes, �as defaulted to in �C) ��Dial Command. You shouldn't need to change any of this, �it works fine (for me) as is. We already went over what Telenet Number is, �so just enter it �in and hit return when you're done. Terminal type. �Just leave this at the default of "D1". �This is what to respond to Telenet with when it prompts for "TERMINAL=". ��You shouldn't need to change this, �I added this because something inspired me. Telenet �City. �PC Pursuit Thief checks the validity of �password and �user id guesses by trying to use them to log into a city. ��Enter here �the default city to try to log into. �This should be one with �a lot of outdial modems available, or is the least congested. City Baud Rate. �This option is here because there may be more of some groups of modems (by baud rate) �in the city you specified. �This value is changed between 300 Baud, 1200 Baud, and 2400 Baud by pressing return �or space when I is highlighted and then choosing with the �left and �right �arrow keys, �then pressing return to �make �your �selection

permanent. Highlight J) Quit This Section and hit space or return to exit the modem �Configuration and save your newly entered values (if you changed anything... well, �you should have changed at least the Telenet number, I �doubt you'll find Telenet at 000-0000 �(the default value) �in �your exchange. ��Note �that �the �ESCape �key �also �quits �the �Modem/City configuration section when the highlight is being displayed. >id/password template definition This is option B) �off the main menu, �so highlight it and �choose it. �Here is where you can change ID and Password templates �(remember CODE �TEMPLATES?). �For our purposes the SAMPLE RECORD is ok now �(and we'll hack on it in a minute) but just a word on what all those strange looking Template characters mean: 0 ! @ # $ % ^ & * ( ) The All All All All All All All All All All All number 0 numbers from numbers from numbers from numbers from numbers from numbers from numbers from numbers from numbers from letters from letters from 0 0 0 0 0 0 0 0 0 A A to to to to to to to to to to to 1 2 3 4 5 6 7 8 9 Z Z and all numbers from 0 to 9

The �reason �for these strange template characters is �because �it coresponds to the number that is below the character (unshifted) on the keyboard. For instance, % is all numbers 0 to 5. And the key is: +---+ | % | <- You get this when you press SHIFT. | 5 | +---+ It �should be this way on your keyboard as well (it is for all �of mine). Short �note is just something to identify the template with. ��If you �choose the C) �Flag/Unflag IDs By Short Note option off �the �main menu you will flag/unflag by looking only at the short notes. (a)dd - hit "A" to append to the template collection and add your own (e)dit �- hit "E" �to edit the current template. �Just use the up �and down �arrow �keys to move and hit return or space to edit �what �you're currently pointing to. �For the Flagged option, to change it you point to �it �and then hit space or return, �then you use the left and �right arrow �keys �to �change �it. �Then you hit return �again �to �get �the highlight �back. ��When the highlight is displayed you �can �hit �your ESCape key to exit editing mode. (d)elete �- �hit �"D" �to delete the current template. ��You �will �be prompted �as to weather you are sure or not. �If you choose "Y", �then

the current template is deleted and the template file is "fixed up" �to reflect �the �changes. �Note that if there is only one record �in �the template file that "D" will have no effect. (f)lag - hit "F" to toggle the flag on the template you are now looking at. ��This is just a quick way to flag templates when looking �at �the entire �template. ��To flag templates by short note choose �option �C) Flag/Unflag ID's By Short Note off the main menu. When you're at the "Number or Cmd ->" �prompt you can also use the left �and right arrow keys to page through the template file. �If �you press the right arrow key at the end of the file you will be brought to the beginning, �and if you press the left arrow key at the beginning of the �file �you �will be brought to the end. �To jump to �an �immediate record �number, ��just enter that record number at the prompt �and �hit return. If that record exists you will jump to it. The ESCape key gets you out of the ID/Password Template Definition section. >flag/unflag ids by short note This section is pretty self-explanatory. You highlight entries on the �current �page and hit return or space to toggle the flag on �them. Each �page holds 10 �records from the template file and you can use the Jump �To Next Page or Jump To Previous Page to get around in the �file. If �you choose Jump To Next Page or Jump To Previous Page and there �is no next or previous page then nothing will happen. You can choose Quit Flagging mode to get out of this and get rid of the window, or just hit ESCape at any time. >view valid password file All ��valid ��passwords �that �PC �Pursuit �Thief �finds ��go ��to PCPVALID.LST. �This is how you can display the file without exiting PC Pursuit Thief. �If the file is not found, then it will tell you. �You can �press "D" �to delete the file and quit viewing at any time. ��Use ESCape to quit viewing the file without deleting it, �and the �SPACEbar to continue viewing the file at pauses. >package credits This �pops up a window that explains about PC Pursuit Thief, ��and other neat stuff. �Hit ESCape to get rid of it, �or hit "B" �to see �a list �of some good boards to call. �If you are a sysop and �want �your board on this list for any future releases, �then drop me a line. �The ESCape key gets rid of the list of boards, then hit ESCape again to get back to the main screen of PC Pursuit Thief. >commence hacking procedure Finally, �this is it... �where we actually do the actual �hacking, actually. �Choose it and we'll hack the SAMPLE RECORD (make sure �it's flagged first... �choose C) Flag/Unflag IDs By Short Note and make sure it's flagged - if not, flag it). Two �screens �pop �up in front of you. �The upper screen �is �the "Information �Window" ��- �information about what PC Pursuit �Thief �is

doing, �etc. The lower screen is the "Communications Window"... �input and output to and from the modem. The �first �thing �that �will happen is it will ask �you �for �the starting time to begin hacking at (you will be shown the current system time for reference). Enter any times in 24 hour format. For instance, 23:00 ��is 11pm. �If you want to start hacking immediately, �then �hit return, thus entering nothing. Next �it will ask you for the time to stop the hacking. �This �is also in 24 �hour format, of course. �If you want to keep hacking until the �ESCape �key is pressed then just hit return here, ��thus �entering nothing. ��If you choose a quit time then you are given the option �of dropping �to �the �operating �system (DOS) �after this �time �has �been reached. ���If �you �are �hacking �from �the �command �line �then �you automatically are dropped to DOS after this time. Next �it �will want to know how many valids to quit �after. ��The default is one. �This is because all you may ever want or need is just one valid PC Pursuit code. Hit return if you agree with 1. Now hacking begins. �If you told PC Pursuit Thief to wait until a certain �time then the program will pause and wait for that time. �You will be shown the current time and the time it is waiting for. To quit all-together �you can hit the ESCape key at any time here and this will take you back to the main program menu. Now �it �will �scan for flagged entries and tell you how �many �it found. ��If there are no entries flagged then it will tell you, ��then abort �back to the menu screen. �The initialization of the modem �with your modem setup string �comes next. ��After that it will dial Telenet and wait for the string �you specified for PC Pursuit Thief to wait for (usually "CONNECT") that signals that PC Pursuit Thief is now connected to �Telenet. �If PC Pursuit Thief gets NO CARRIER (because all Telenet hunt group modem numbers were busy, �possibly -- �or some other reason) then it will re-dial automatically. After �a couple of seconds PC Pursuit thief will send <CR><CR> �if you're on at 300 �or 1200 baud or @<CR> �if you are on at 2400 �baud to Telenet. ��Then Telenet will "wake up" �and log you in and prompt �for "TERMINAL=" ��which �will cause PC Pursuit Thief to �respond �with �the Terminal Type you entered in the modem configuration (usually "D1" �for dumb �terminal... �this is fastest because I think the other term types actually have nulls in them on Telenet). Hacking �begins at the "@" �prompt, �of course. �PC Pursuit Thief will �guess a ID and Password based on the current template and try �to log into the city you selected in �the modem/city configuration section with �the baud rate have choosen. �Note that Telenet doesn't echo �the password part, �so PC Pursuit Thief does this for you -- so you can see what the guess is. Now here's how PC Pursuit Thief works. �If it gets a �CONNECT �to �the �city, �then it will log the �ID �and �password �to PCPVALID.LST and hang up on Telenet. The screen values will be updated in the Information Window to reflect the found ID and password that was valid �in the count. �If it gets INVALID from Telenet then the ID �and Password pair was invalid -- �and PC Pursuit Thief moves on to �another guess. ��If the @ prompt comes back after PC Pursuit Thief �tells �you that something was in the improper format, �then PC Pursuit Thief makes

another attempt. If �the ID and Password pair was valid and you have �just �reached the maximum number of valids that you want, �then PC Pursuit Thief will quit �hacking (and quit to DOS if you started hacking from the �command line). ��PC Pursuit Thief will also quit hacking if you entered a stop time �and �it �is �now �past that time. �If you �choose �Quit �To �DOS (automatically �choosen �if �hacking from the command �line) ��then �PC Pursuit �Thief will now quit to the operating system and throw you �the DOS prompt or resume batch file processing (this could be a timed event from your bulletin board system, for example). Remember, ��while �hacking �is �happening �you �can �look �at �the "Information �Window" ��to see what the current template �is �(it �will choose a template randomly out of the templates that are flagged). �If Telenet �ever hangs up on PC Pursuit Thief, �then PC Pursuit Thief will call �back, �log back in again, �and resume hacking. �Nothing could be easier. CONCLUSION That's about it. �Everything else is now up to you, as to how you configure �your �templates, �etc. �Like all Thief utilities �I �didn't include information on the service (PC Pursuit) for a reason... �if you don't �know what it is or how to use it then you have no reason to hack on it. �If you do know what it is, �you can find the information on it quickly and easily enough. Hacking �PC Pursuit, �as I have heard, �is a lot harder than �just extender hacking. �But it is safer. �PC Pursuit Thief might take �all night to find a code... then again, no other program could do better or worse. ��You �take �all responsibility for your use �and/or �abuse �of Telenet. ��PC �Pursuit �Thief was tested on the author's �end �with �a "Telenet �Simulator" ��running on another processor, �as well �as �with extensive outside party beta testing. The author does not use or abuse the Telenet packet switching data network. Enjoy, and if you know where to reach me, well, �you know where to reach me . . . FILES FOUND IN PCPTHF10.ZIP ZIPFILE PCPTHIEF.EXE - Executable Binary Code Of PC Pursuit Thief Version 1.0 PCPTHIEF.DOC - This Documentation To PC Pursuit Thief Version 1.0 README.NOW - Quick Introduction By Brew Associates please, when uploading this package include all of the files as specified in the list above ======================================================================= (r) Released 1989 === PC Pursuit Thief == Official Phortune 500 Product =======================================================================