$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$

$$                                                                          $$

$$                            A Guide to DataPAC                            $$

$$                                                                          $$

$$           A Technical Information File for the Canadian Hacker           $$

$$                                                                          $$

$$            (C) 1989,1990 The Fixer - A Free Press Publication            $$

$$                                                                          $$

$$                       Edition 1.1 - April 18, 1990                       $$

$$                                                                          $$

$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$



Foreword

--------



Welcome to the exciting world of Packet Switched Data Communications.  Your 

position as an outside hacker makes Telecom Canada's Packet Switched

Network -- DATAPAC -- an even more magical place for you and all those close 

to you.  Isn't life grand...



What is DataPac?

----------------



DataPac is the Packet Switched Network of Telecom Canada, a consortium of 

major telephone companies across Canada.  Originally brought into being in the 

late 1970's, Datapac's main purpose is to provide effective, reliable, high-

speed data transfer to the business computing community nationwide.  Several 

different levels of service are available on Datapac, from public-access PACX 

access that resembles a digital telephone system, to dedicated high-speed 

point-to-point leased lines.  Since most hackers aren't likely to have a 

leased line in their homes, this file will be mainly concerned with Datapac's

Public Network.



Logging on:

-----------



Firstly, find the phone number of the DataPac public dial port in your locale.  

DataPac has provided dial ports in almost every town with a population higher 

than the average IQ, and has WATS access ports for the rest of Canada.  You 

will find the phone number for the appropriate modem speed in the white pages 

under DATAPAC PUBLIC DIAL PORT 3101 (at least that is where it is in BC Tel's 

phonebooks.)  The WATS numbers are available in Telecom Canada's annual 800 

service directory, or to this 800 scanner, The Bible.  Tommy's Canadian WATS 

phonebook also carries a set of WATS DataPac dial ports.



Once you have connected, raise DataPac's attention by typing a period (.) 

followed by a carriage return.



You should now have a prompt resembling this:



DATAPAC: 6470 0138



You have entered a whole new world.





Basic addressing:

-----------------



To the remote user (YOU), DataPac works pretty much like a normal phone system 

would, except that communications are data, not voice, and to connect to a 

system, you type an ADDRESS rather than a phone number.  



Perhaps the first system a hacker new to DataPac should connect to is 

DataPac's own information service.  Its address is 92100086.  This service 

provides documentation and information relative to DataPac, and is invaluable 

to all DataPac users.  This file will (attempt to) avoid duplicating the DIS 

and simply explain the basics of hacking it.



As you see, 92100086 is eight digits (nice base-2 number...).  On DataPac, 

addresses are commonly shown in two parts, i.e. 9210 0086.  This clarifies the 

TRUE MEANING of the address and shows its similarity to a phone number: the 

first four digits are the "prefix" and the last four are the "suffix."  The 

prefix is unique to a given location in Canada, for example all DataPac 

addresses staring with 6470 are located in Victoria, British Columbia.  A 

given location may have one or several prefices, depending on the "population 

density" of subscribing systems in each area.  So, as you might imagine, 

Ottawa is far from being our largest city but has the second highest number of 

subscribing systems, thanks to our Beloved leadership (the Loony Mulroney).  

Toronto, Montreal, Vancouver, Edmonton and Ottawa all have several DataPac 

prefices.  This will become important to you later in this file.



The last four digits, the suffix, is as arbitrary as a phone number suffix 

would be.  Although the range is 0000 to 9999, it is very rare to find a 

DataPac subscriber system with a suffix higher than 2000.  This too will be 

explained later.





DataPac Outdial and the NUI

---------------------------



DataPac offers users of the public switched network NUIs, or Network User 

Identifications.  These are identification codes for a monthly charge that 

entitle the DataPac user to greater access to the system.  DataPac charges by 

the month, by the minute, and by the KiloPacket (256,000 bytes) for access.  

If you have a NUI, these charges are billed to you (or the owner of the NUI, 

heh heh heh).  If you don't, all your connections on DataPac are treated as 

"collect", or billed to the system you connect to.  Obviously, a great number 

of systems will not accept your collect "call" and you will find this a common 

message from DataPac as your exploits on the system wear on.  Needless to say, 

this makes NUIs a cherished asset among DataPac hackers.



DataPac offers a service to NUI subscribers called DataPac Outdial.  DataPac 

currently has dial-out modems in 18 major centres (NOT VICTORIA!  ARGH!  

WICKEY-WAH!) through which calls within the local area of these modems can be 

placed at 300 or 1200 baud.  Needless to say, you M U S T have a NUI to use 

DataPac Outdial, or be calling from a system with a dedicated line into 

DataPac (some systems on DataPac let you "shell" back into the network; these 

are real gems because you get NUI privileges).  The restrictions are that 

bauds can only be 300 or 1200, and many off-network systems will cause DataPac 

to drop the connection and give a "Remote Procedure Error."  Caveat Emptor.



Scanning DataPac

----------------



This is what you are reading this file for...



To scan DataPac, you pick a target city and prefix to scan.  Say Toronto, 

3910 XXXX.  For now, XXXX represents the suffix.  So, you want to start with 

zero.  The proper syntax would be 3910 0000 (or just 39100000).  ALWAYS PAD 

THE SUFFIX WITH ZEROES.  The address must be eight digits long.  Type this 

address in.  If you connect, you will be informed so.  If not, try the next 

one: 39100001 and then the next...

39100002

39100003

39100004

39100005

39100006

39100007

and so on.



You are likely to get several messages during the course of scanning DataPac, 

including Call Connected (the one you really want), Destination Busy (try 

later), Address Not In Service (no system there), Access Barred (either you 

need an NUI or it is originate only), Collect Call Refused (You need an NUI).

 

If you really screw up, you might get one of these:



Invalid Address: You typed less than 8 digits.



Comma required before Data Characters: Usually seen when the hacker makes a 

"typo".  DataPac allows you to pass parameters to the host system by following 

the address with a comma and one or more data characters.  This is 

infrequently used so nothing more will be said.



Now, DataPac has some anti-scanning mechanisms in place, which can be defeated 

readily.  If you get more than 9 error messages in a row, DataPac will hang up 

on you.  Also if you are connected to DataPac for a certain period of time (it 

almost seems random but it averages about a minute) without successfully 

connecting to a system, you will also be dumped.  So robotically scanning one 

number after the next will result in many re-dials, as DataPac is not densely 

populated enough to guarantee a connection for every nine or fewer scan 

attempts, even if you are using an NUI.  So, what you need to do is insure 

that you DO successfully connect often enough to avoid having to redial often.  

You are much more visible to the phone comapny when you scan than you are to 

DataPac, so minimising your redial "profile" is to your benefit.  You can 

assure minimal redial if you connect, say, every 5 dial attempts, to a KNOWN-

GOOD address, and then disconnect from it.  Disconnecting is not difficult, 

just type CTRL-P followed by the letters CLR or CLEAR.  The ^P CLR string will 

result in the message: Call Cleared - Local Directive, and more importantly, 

will reset that hack-counter and hack-timer so you can continue scanning 

without actually phoning DataPac multiple times.  



In the course of testing my own scanner programs, I have come across a few 

addresses which I connect to normally, then immediately clear the connection, 

giving the messages:

 

DATAPAC: Call connected to 5550 0039

         (001) remote charging,n,128



DATAPAC: Call Cleared - Remote Request



This is a good number if you use an automatic scanner because you just call 

that address say every 8 calls and continue scanning.  At this writing, 

55500039 is no longer a "working" address, so you'll have to find one on your 

own.



To save time, you will probably want to end your scan of a given prefix at 

XXXX2000.  It has been my own experience that little or nothing lies ABOVE 

2000.



Once You Connect

----------------



After you have performed a scan of a DataPac and you have a list of addresses, 

you're halfway finished.  Now yo want to manually dial each of these systems 

to find out what they hold.  Many will just freeze, some will have computers 

such as VAXes and System/370s running a wide variety of operating systems.  

Truly DataPac is an Eden for hackers.  



Some systems will have PACXs of their own; these always have more than one 

computer connected and many have dialout ports.  DIALOUT ports, although 

usually password protected, are the elusive Fata Morgana of the DataPac 

scanner.  Private dialouts are usually free of the kludges and restrictions of 

DataPac's dialout and can call anywhere in the world.  No wonder most of them 

have passwords.  If you find an unprotected private dialout, or the password 

and address of a protected one, you Sir have hit the proverbial jackpot.

The Gandalf PACX has DIALOUT as a DEFAULT, and few PACXs have removed it, but 

almost all have protected it.



Now I am about to tell you something that may seem to contradict my earlier 

writing: A datapac address with a system on it MAY have sub-addresses.  The 

syntax is thus:

 

3910 0156 XX

    or

3910 0156 X

 

You can place a ninth or even tenth digit on a known-valid address and you 

will usually connect with something that is often quite different from the 

prime address.  This is for systems without PACXs that want to have several 

machines on DataPac at the same address.  So much for only eight digits...



One final thing to try on a PACX is PAD or PAC.  Many PACX's allow you to re-

enter DataPac through the host system.  In most cases this gives you all the 

privileges of an NUI because DataPac has someone to bill now.  Your 

connections are no longer "collect" and the REAL fun, including DataPac 

Outdial, begins.



Other Networks

--------------



Yes, there is life beyond DataPac.  There are many Packet Switched Networks in 

existence around the globe, most of which can communicate with most of the 

rest.  In the United States, two major ones are Tymnet and Telenet (damned 

foreigners...).  



Now, you will find that even FEWER addresses from other networks will be 

available to Canadian hackers due to the fact that inter-network collect 

charges can be astronomical.  But since the US has a higher density in its 

networks than Canada, you will also find your scans of other networks can 

easily be as rich or better than DataPac scans.



The syntax for connecting to an address on a foreign network via DataPac is 

thus: 

 

1 XXXX YYYYYYYY

 

1 indicates an "OtherNet" call.  XXXX is the DNIC, Data Network ID Code.  

There is a text file on Tommy's Holiday Camp and other hacking BBSes listing 

the names and DNICs of the major networks worldwide; the number of them may 

surprise you.  YYYYYYYY can vary in length; different networks have different 

addressing syntaxes.  Telenet, like DataPac, uses an eight-digit address with 

possible extensions and data characters.  Tymnet uses a six digit address, 

also allowing extensions.  Finding the syntaxes for other networks may require 

a little ingenuity on your part; but you're a hacker, AREN'T YOU. 



Here is an example of a call into Telenet:

 

1 3110 31200061



1 was the Othernet indicator; it is the only circumstance in which a DataPac 

address may be LESS than eight digits (try 13106; you WILL connect).

 

3110 was the DNIC for Telenet.



31200061 was the Telenet address.  It works like DataPac, except that the 

Prefix is based on the area code in which the remote system resides.  Very, 

VERY helpful to scanners, and this makes Telenet a joy to scan.

 

When scanning a foreign network (and foreign can mean Canadian too; CNCP has a 

network with its own DNIC separate from DataPac) you will often get the 

following message:

 

DATAPAC: Call cleared - temporary network problem

 

This is usually an error message generated by the foreign network that DataPac 

doesn't support.  With 200 networks all claiming to be "THE Data 

Communications Authority", it's not surprising that their messages are not 

always compatible.



DataPac's DNIC is 3020.  Tymnets's is 3106.  Telenet's is 3110.



Legal Implications of DataPac

-----------------------------



At this point, it is not at all illegal merely to be ON DataPac.  It is 

uncertain at this time whether SCANNING DataPac is a crime, or if the 

network's keepers know what is going on.  It is DEFINITELY an offence to try 

to hack a password on a system on DataPac just as on any other computer, but 

the question remains as to whether or not DataPac knows where you are.  Thus 

far no DataPac-related busts have been reported but there have been some major 

crackdowns on American networks.  The same advice can be given to DataPac 

hacking as to regular telephone hacking: (1) Scan randomly. (2) Scan with 

friends; this confounds investigations. (3) Hack passes at your own risk. 

(4) Remember the first law of bragging: Your friends turn you in



Conclusion

----------



What you get out of this file will depend entirely on what you do with it.  As 

with all forms of hacking, a great deal of effort is required on your part to 

have a truly satisfying hacking experience, and you must be prepared to take 

certain risks, even to the jeopardy of your freedom.  If you have more than a 

rodent-level understanding of telecomputing you should now be able to hack any 

network in the world through DataPac, and with the right amount of initiative 

and ingenuity, the world is yours.....

 

 

Excelsior,

 

 [][] The Fixer [][]



-----------------------------------------------------------------------------

This file is copyrighted and wholly owned by The Fixer of The Free Press.

You are licensed to distribute this file on bulletin boards as long as the

bylines and copyright notices remain intact.  All rights reserved.

-----------------------------------------------------------------------------



Tommy's Holiday Camp............................ +1 (604) 598-4259 <3-2400>

Dark Side of the Moon........................... +1 (408) 245-7726 <3-2400>







X-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-X



 Another file downloaded from:                               NIRVANAnet(tm)



 & the Temple of the Screaming Electron   Jeff Hunter          510-935-5845

 Rat Head                                 Ratsnatcher          510-524-3649

 Burn This Flag                           Zardoz               408-363-9766

 realitycheck                             Poindexter Fortran   415-567-7043

 Lies Unlimited                           Mick Freen           415-583-4102



   Specializing in conversations, obscure information, high explosives,

       arcane knowledge, political extremism, diversive sexuality,

       insane speculation, and wild rumours. ALL-TEXT BBS SYSTEMS.



  Full access for first-time callers.  We don't want to know who you are,

   where you live, or what your phone number is. We are not Big Brother.



                          "Raw Data for Raw Nerves"



X-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-X