$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
$$ $$
$$ A Guide to DataPAC $$
$$ $$
$$ A Technical Information File for the Canadian Hacker $$
$$ $$
$$ (C) 1989,1990 The Fixer - A Free Press Publication $$
$$ $$
$$ Edition 1.1 - April 18, 1990 $$
$$ $$
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
Foreword
--------
Welcome to the exciting world of Packet Switched Data Communications. Your
position as an outside hacker makes Telecom Canada's Packet Switched
Network -- DATAPAC -- an even more magical place for you and all those close
to you. Isn't life grand...
What is DataPac?
----------------
DataPac is the Packet Switched Network of Telecom Canada, a consortium of
major telephone companies across Canada. Originally brought into being in the
late 1970's, Datapac's main purpose is to provide effective, reliable, high-
speed data transfer to the business computing community nationwide. Several
different levels of service are available on Datapac, from public-access PACX
access that resembles a digital telephone system, to dedicated high-speed
point-to-point leased lines. Since most hackers aren't likely to have a
leased line in their homes, this file will be mainly concerned with Datapac's
Public Network.
Logging on:
-----------
Firstly, find the phone number of the DataPac public dial port in your locale.
DataPac has provided dial ports in almost every town with a population higher
than the average IQ, and has WATS access ports for the rest of Canada. You
will find the phone number for the appropriate modem speed in the white pages
under DATAPAC PUBLIC DIAL PORT 3101 (at least that is where it is in BC Tel's
phonebooks.) The WATS numbers are available in Telecom Canada's annual 800
service directory, or to this 800 scanner, The Bible. Tommy's Canadian WATS
phonebook also carries a set of WATS DataPac dial ports.
Once you have connected, raise DataPac's attention by typing a period (.)
followed by a carriage return.
You should now have a prompt resembling this:
DATAPAC: 6470 0138
You have entered a whole new world.
Basic addressing:
-----------------
To the remote user (YOU), DataPac works pretty much like a normal phone system
would, except that communications are data, not voice, and to connect to a
system, you type an ADDRESS rather than a phone number.
Perhaps the first system a hacker new to DataPac should connect to is
DataPac's own information service. Its address is 92100086. This service
provides documentation and information relative to DataPac, and is invaluable
to all DataPac users. This file will (attempt to) avoid duplicating the DIS
and simply explain the basics of hacking it.
As you see, 92100086 is eight digits (nice base-2 number...). On DataPac,
addresses are commonly shown in two parts, i.e. 9210 0086. This clarifies the
TRUE MEANING of the address and shows its similarity to a phone number: the
first four digits are the "prefix" and the last four are the "suffix." The
prefix is unique to a given location in Canada, for example all DataPac
addresses staring with 6470 are located in Victoria, British Columbia. A
given location may have one or several prefices, depending on the "population
density" of subscribing systems in each area. So, as you might imagine,
Ottawa is far from being our largest city but has the second highest number of
subscribing systems, thanks to our Beloved leadership (the Loony Mulroney).
Toronto, Montreal, Vancouver, Edmonton and Ottawa all have several DataPac
prefices. This will become important to you later in this file.
The last four digits, the suffix, is as arbitrary as a phone number suffix
would be. Although the range is 0000 to 9999, it is very rare to find a
DataPac subscriber system with a suffix higher than 2000. This too will be
explained later.
DataPac Outdial and the NUI
---------------------------
DataPac offers users of the public switched network NUIs, or Network User
Identifications. These are identification codes for a monthly charge that
entitle the DataPac user to greater access to the system. DataPac charges by
the month, by the minute, and by the KiloPacket (256,000 bytes) for access.
If you have a NUI, these charges are billed to you (or the owner of the NUI,
heh heh heh). If you don't, all your connections on DataPac are treated as
"collect", or billed to the system you connect to. Obviously, a great number
of systems will not accept your collect "call" and you will find this a common
message from DataPac as your exploits on the system wear on. Needless to say,
this makes NUIs a cherished asset among DataPac hackers.
DataPac offers a service to NUI subscribers called DataPac Outdial. DataPac
currently has dial-out modems in 18 major centres (NOT VICTORIA! ARGH!
WICKEY-WAH!) through which calls within the local area of these modems can be
placed at 300 or 1200 baud. Needless to say, you M U S T have a NUI to use
DataPac Outdial, or be calling from a system with a dedicated line into
DataPac (some systems on DataPac let you "shell" back into the network; these
are real gems because you get NUI privileges). The restrictions are that
bauds can only be 300 or 1200, and many off-network systems will cause DataPac
to drop the connection and give a "Remote Procedure Error." Caveat Emptor.
Scanning DataPac
----------------
This is what you are reading this file for...
To scan DataPac, you pick a target city and prefix to scan. Say Toronto,
3910 XXXX. For now, XXXX represents the suffix. So, you want to start with
zero. The proper syntax would be 3910 0000 (or just 39100000). ALWAYS PAD
THE SUFFIX WITH ZEROES. The address must be eight digits long. Type this
address in. If you connect, you will be informed so. If not, try the next
one: 39100001 and then the next...
39100002
39100003
39100004
39100005
39100006
39100007
and so on.
You are likely to get several messages during the course of scanning DataPac,
including Call Connected (the one you really want), Destination Busy (try
later), Address Not In Service (no system there), Access Barred (either you
need an NUI or it is originate only), Collect Call Refused (You need an NUI).
If you really screw up, you might get one of these:
Invalid Address: You typed less than 8 digits.
Comma required before Data Characters: Usually seen when the hacker makes a
"typo". DataPac allows you to pass parameters to the host system by following
the address with a comma and one or more data characters. This is
infrequently used so nothing more will be said.
Now, DataPac has some anti-scanning mechanisms in place, which can be defeated
readily. If you get more than 9 error messages in a row, DataPac will hang up
on you. Also if you are connected to DataPac for a certain period of time (it
almost seems random but it averages about a minute) without successfully
connecting to a system, you will also be dumped. So robotically scanning one
number after the next will result in many re-dials, as DataPac is not densely
populated enough to guarantee a connection for every nine or fewer scan
attempts, even if you are using an NUI. So, what you need to do is insure
that you DO successfully connect often enough to avoid having to redial often.
You are much more visible to the phone comapny when you scan than you are to
DataPac, so minimising your redial "profile" is to your benefit. You can
assure minimal redial if you connect, say, every 5 dial attempts, to a KNOWN-
GOOD address, and then disconnect from it. Disconnecting is not difficult,
just type CTRL-P followed by the letters CLR or CLEAR. The ^P CLR string will
result in the message: Call Cleared - Local Directive, and more importantly,
will reset that hack-counter and hack-timer so you can continue scanning
without actually phoning DataPac multiple times.
In the course of testing my own scanner programs, I have come across a few
addresses which I connect to normally, then immediately clear the connection,
giving the messages:
DATAPAC: Call connected to 5550 0039
(001) remote charging,n,128
DATAPAC: Call Cleared - Remote Request
This is a good number if you use an automatic scanner because you just call
that address say every 8 calls and continue scanning. At this writing,
55500039 is no longer a "working" address, so you'll have to find one on your
own.
To save time, you will probably want to end your scan of a given prefix at
XXXX2000. It has been my own experience that little or nothing lies ABOVE
2000.
Once You Connect
----------------
After you have performed a scan of a DataPac and you have a list of addresses,
you're halfway finished. Now yo want to manually dial each of these systems
to find out what they hold. Many will just freeze, some will have computers
such as VAXes and System/370s running a wide variety of operating systems.
Truly DataPac is an Eden for hackers.
Some systems will have PACXs of their own; these always have more than one
computer connected and many have dialout ports. DIALOUT ports, although
usually password protected, are the elusive Fata Morgana of the DataPac
scanner. Private dialouts are usually free of the kludges and restrictions of
DataPac's dialout and can call anywhere in the world. No wonder most of them
have passwords. If you find an unprotected private dialout, or the password
and address of a protected one, you Sir have hit the proverbial jackpot.
The Gandalf PACX has DIALOUT as a DEFAULT, and few PACXs have removed it, but
almost all have protected it.
Now I am about to tell you something that may seem to contradict my earlier
writing: A datapac address with a system on it MAY have sub-addresses. The
syntax is thus:
3910 0156 XX
or
3910 0156 X
You can place a ninth or even tenth digit on a known-valid address and you
will usually connect with something that is often quite different from the
prime address. This is for systems without PACXs that want to have several
machines on DataPac at the same address. So much for only eight digits...
One final thing to try on a PACX is PAD or PAC. Many PACX's allow you to re-
enter DataPac through the host system. In most cases this gives you all the
privileges of an NUI because DataPac has someone to bill now. Your
connections are no longer "collect" and the REAL fun, including DataPac
Outdial, begins.
Other Networks
--------------
Yes, there is life beyond DataPac. There are many Packet Switched Networks in
existence around the globe, most of which can communicate with most of the
rest. In the United States, two major ones are Tymnet and Telenet (damned
foreigners...).
Now, you will find that even FEWER addresses from other networks will be
available to Canadian hackers due to the fact that inter-network collect
charges can be astronomical. But since the US has a higher density in its
networks than Canada, you will also find your scans of other networks can
easily be as rich or better than DataPac scans.
The syntax for connecting to an address on a foreign network via DataPac is
thus:
1 XXXX YYYYYYYY
1 indicates an "OtherNet" call. XXXX is the DNIC, Data Network ID Code.
There is a text file on Tommy's Holiday Camp and other hacking BBSes listing
the names and DNICs of the major networks worldwide; the number of them may
surprise you. YYYYYYYY can vary in length; different networks have different
addressing syntaxes. Telenet, like DataPac, uses an eight-digit address with
possible extensions and data characters. Tymnet uses a six digit address,
also allowing extensions. Finding the syntaxes for other networks may require
a little ingenuity on your part; but you're a hacker, AREN'T YOU.
Here is an example of a call into Telenet:
1 3110 31200061
1 was the Othernet indicator; it is the only circumstance in which a DataPac
address may be LESS than eight digits (try 13106; you WILL connect).
3110 was the DNIC for Telenet.
31200061 was the Telenet address. It works like DataPac, except that the
Prefix is based on the area code in which the remote system resides. Very,
VERY helpful to scanners, and this makes Telenet a joy to scan.
When scanning a foreign network (and foreign can mean Canadian too; CNCP has a
network with its own DNIC separate from DataPac) you will often get the
following message:
DATAPAC: Call cleared - temporary network problem
This is usually an error message generated by the foreign network that DataPac
doesn't support. With 200 networks all claiming to be "THE Data
Communications Authority", it's not surprising that their messages are not
always compatible.
DataPac's DNIC is 3020. Tymnets's is 3106. Telenet's is 3110.
Legal Implications of DataPac
-----------------------------
At this point, it is not at all illegal merely to be ON DataPac. It is
uncertain at this time whether SCANNING DataPac is a crime, or if the
network's keepers know what is going on. It is DEFINITELY an offence to try
to hack a password on a system on DataPac just as on any other computer, but
the question remains as to whether or not DataPac knows where you are. Thus
far no DataPac-related busts have been reported but there have been some major
crackdowns on American networks. The same advice can be given to DataPac
hacking as to regular telephone hacking: (1) Scan randomly. (2) Scan with
friends; this confounds investigations. (3) Hack passes at your own risk.
(4) Remember the first law of bragging: Your friends turn you in
Conclusion
----------
What you get out of this file will depend entirely on what you do with it. As
with all forms of hacking, a great deal of effort is required on your part to
have a truly satisfying hacking experience, and you must be prepared to take
certain risks, even to the jeopardy of your freedom. If you have more than a
rodent-level understanding of telecomputing you should now be able to hack any
network in the world through DataPac, and with the right amount of initiative
and ingenuity, the world is yours.....
Excelsior,
[][] The Fixer [][]
-----------------------------------------------------------------------------
This file is copyrighted and wholly owned by The Fixer of The Free Press.
You are licensed to distribute this file on bulletin boards as long as the
bylines and copyright notices remain intact. All rights reserved.
-----------------------------------------------------------------------------
Tommy's Holiday Camp............................ +1 (604) 598-4259 <3-2400>
Dark Side of the Moon........................... +1 (408) 245-7726 <3-2400>
X-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-X
Another file downloaded from: NIRVANAnet(tm)
& the Temple of the Screaming Electron Jeff Hunter 510-935-5845
Rat Head Ratsnatcher 510-524-3649
Burn This Flag Zardoz 408-363-9766
realitycheck Poindexter Fortran 415-567-7043
Lies Unlimited Mick Freen 415-583-4102
Specializing in conversations, obscure information, high explosives,
arcane knowledge, political extremism, diversive sexuality,
insane speculation, and wild rumours. ALL-TEXT BBS SYSTEMS.
Full access for first-time callers. We don't want to know who you are,
where you live, or what your phone number is. We are not Big Brother.
"Raw Data for Raw Nerves"
X-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-X