--------------------------------------------------------------------------------
                ����������������������������������������������
                �                                            �
                ��������    ����������������������������������
                       �    �  �����   �����  �������������
                       �    �  �   �   �   �  �           �
                       �    �  �   �����   �  �   ���������
                       �    �  �           �  �   �
                       �    �  �           �  �   �
                       �    �  �   �����   �  �   ���������
                       �    �  �   �   �   �  �           �
                       ������  �����   �����  �������������
                ����������������������������������������������
                �             The Hacker's Choice            �
                ����������������������������������������������
--------------------------------------------------------------------------------


                            THC-SCAN v1.50 *PUBLIC*
                      (c) 1996,97 by van Hauser / [THC]







 Part    Title                                      Line           Last Update
 ------------------------------------------------------------------------------
      I. Introduction                                 50           v1.3
     II. Features                                    140           v1.4
    III. How to configure TS-CFG & modem             485           v1.3
     IV. Commandline parameters                      615           v1.4
      V. Online scanning keys                        780           v1.5
     VI. Service programs                           1050           v1.5
    VII. Tips & tricks                              1333           v1.5
 Epilog: Update? How to contact? Etc.               1480           v1.5
 ------------------------------------------------------------------------------


 !NOTE! : A quickstart/reference manual is now available: THC-QUIK.DOC

 ->> Please read HISTORY.DOC to see what's new. <<-
 ->> Read HISTORY.DOC too to get to know what will be in v1.1! <<-





 ==============================================================================



                              I. INTRODUCTION


 *     Overview : What does THC-SCAN ?
 *     --------   Hey this looks like TONELOC !
 *                Who's who in this ZIP archive ?




 What does THC-SCAN ?
 --------------------
 THC-SCAN scans a defined range of phone numbers.
 It Reports : Carriers, Tones, VMBs, Fax etc. depending on the mode
 set & configuration. (You can do many more things with this piece, but get
 a brain to find out ... ;-)      [>400 kb source code by the way ...]

 It supports : all flavors of XX-Dos (MS-, DR-, PC- etc.)
               win95 when rebooted in DOS mode
               Linux & BSD in the DOSEMU
               Normal Color Monitors + LCD/Hercules Monitors
 Plus timeslicing for multitaskers like Desqview, Windows etc.

 You want to run multitaskers with THC-SCAN? No Problem, read Section II.



 Hey this looks like TONELOC !
 -----------------------------
 Yep. Toneloc is very good. But first it didn't work on my computer and 
 second it could be enhanced. So i wrote this one. And my personal
 opinion is, that this one is better. Much more flexible and more functions.
 Which programmer would say his one is not as good as? Why releasing it then?
 Take a look. Try it, test it. It's worth it's time !



 Who's Who in this ZIP archive ?
 --------------------------------
 FILE_ID.DIZ    File Description for BBS
 README.DOC     (english) Short Introduction, How 2 Install, etc.
 DEUTSCH.DOC    (german)  Short Introduction, How 2 Install, etc.
 THC.NFO        Important. Our group infos ;-)
 THCINTRO.EXE   A small nice intro-demo showing THC-SCAN and more ;-)
 TS-BIN.ZIP     All packed .EXE files
 TS-DOC.ZIP     All packed .DOC files
 TS-MISC.ZIP    All packed files which are not .EXE or .DOC

 -> TS-BIN.ZIP includes
 THC-SCAN.EXE   The Scanner EXEcutable        (MAIN Executable)
 TS-CFG.EXE     The ConfigMaker EXEcutable    (Config Executable)
 DAT-CONV.EXE   DAT File converter TONELOC <-> THC-SCAN.
 DAT-MANP.EXE   DAT File manipulator for THC-SCAN, exchange ID values.
 DAT-MERG.EXE   Merges two Dat files together to a new one.
 DAT-STAT.EXE   DAT File statistical analyzer.
 EXTR-NO.EXE    Extracts (phone-)numbers from a text file.
 TXT-CONV.EXE   Converts a file : 8n1->7e1, 8n1->7o1, unix/amiga<->msdos<->st.
 MOD-DET.EXE    Detects connected modems and prints out their datas
 THC-SCAN.BIN   BIN File to load when AlarmKey (Alt-A) is pressed.
 SIGS.ZIP       PGP Signatures of all EXEcutable files in this package.
                Please check to get a secure version of my public PGP key.

 -> TS-DOC.ZIP includes
 THC-SCAN.DOC   Detailed documentation for the novice(?) Scanner Guy.
 THC-QUIK.DOC   Reference/Short documentation for the experienced user.
 HISTORY.DOC    History File. What's new, what changed, bugs etc. READ IT !
 THC-FAQ.DOC    Common problems & solutions for THC-SCAN.
 TONELOC.DOC    Differences between Thc-Scan & Toneloc. How to (ex-)change.
 KEYBOARD.DOC   Online keys. Print out and lay beside you while scanning.
 DATFILE.DOC    The Structure of the Thc-Scan DAT Files
 ERRLEVEL.DOC   Overview of the Errorlevels returned by Thc-Scan

 -> TS-MISC.ZIP includes
 THC&SCAV.SCR   Script for the SCAVENGER DIALER >=v0.80 to use as external dialer! 
 NETSCAN.BAT    Batchfiles for guys scanning with a network of 3+ scan clients
 CARRIER.CFG    config file for carrier scanning with a Zyxel
 FIRSTSCN.CFG   config file for online  scanning 1st sweep
 OTHERSCN.CFG   config file for online  scanning after 1st sweep








 ==============================================================================


                             II. FEATURES


 *     Overview : Modem support (Fossil or not Fossil - and problems)
 *     --------   The different modes
 *                The Autonom/Manual mode
 *                Dial modes
 *                Dialing numbers from a textfile
 *                Dialing through a modem outdial
 *                Using 2+ Modems and/or an ethernet network for scanning
 *                Using an external program to dial the numbers
 *                Primary & secondary identifications
 *                Carrier hacking & nudge
 *                The DAT file and the LOGs
 *                How to prevent scanning detection from phone companies
 *                van Hauser says ...



 Modem Support  (Fossil or not Fossil - and problems)
 ----------------------------------------------------
 Since v0.9b THC-SCAN supports direct port AND the Fossil Driver to communicate
 with your Modem. For those with an ISDN card, old modem or an old seriell port
 THC-SCAN does not support in direct mode, use the Fossil Driver.
 Using a Fossil Driver is more secure.
 Check your local Shareware BBS, Shareware CD-ROM or the Inet for a Fossil
 Driver ... you should use X00-202.ZIP - it's the best.
 Note that X00 was included in the THC-SCAN v1.0 release, but it was too big
 and of no great use because the direct mode is best for most cases.

 Note: If you want to execute programs out of THC-SCAN then run the X00 driver
       before running THC-SCAN!



 The different modes
 -------------------
 There are two basic modes THC-SCAN can be set to.
 CARRIER MODE - THC-SCAN searchs for carriers.
 TONE MODE    - THC-SCAN searchs for tones/pbx. Those ones with a dialtone.
 When in CARRIER MODE, THC-SCAN can also identify VMBs, Voice, Fax and more.
 You may change the mode online by pressing "ALT-M".



 The AUTONOM/MANUAL Mode
 -----------------------
 This is a special mode never ever seen on a scanner before.
 For this Mode ADD-ON you have to sit in front of the computer while scanning.
 (You should do this every time, unless you are so lazy to scan for carriers
 only.)
 When turned on you may continue dialing with your modem! This is useful for
 Tones/PBX, or VMBs or Answering Machines to test the code length etc.
 Press ENTER when autonom/manual mode is turned on to continue dialing.
 You may also enter "M" while online to redial and enter autonom/manual mode
 for this call only. Or you may hit "Alt-M" to toggle this mode on/off.
 Note that after a specified time called Autonom_Timeout (can be set in TS-CFG)
 THC-SCAN will try to autodetect. Disable this feature by setting the 
 Autonom_Timeout to 0 if you wish.



 DIAL MODES
 ----------
 You can choose to dial random, sequentiel up & down (with step rates too)
 or to dial all numbers in a specified textfile. Read next paragraph for
 details on this. (It's the option DIALING in TS-CFG in menu SCAN MODE)



 DIALING NUMBERS FROM A TEXT FILE
 --------------------------------
 This allows you to scan numbers from a textfile.
 THC-SCAN reads in the text file line-by-line and dials every read-in line.
 When you abort a textfile scanning, a .DAT file is created which will be
 auto-loaded if you continue the scan at another time and will continue on
 your last dialed number.
 DRAWBACKS :
  NO real Dat file is created (of course)
 ADVANTAGES :
  You can put any number on the list you want to.
  The first scanner ever to offer this possiblity.
 How to use this :
 Use EXTR-NO.EXE to extract the phonenumbers from any textfile (carrier
 listings ;-) ... check the created file after that for mistakes etc.
 Start THC-SCAN with : THC-SCAN.EXE @<textfilename> [any other options]
 Note that /M, /X, /D and /R are disabled when using this option.
 Guys, this one is REALLY cool! I collected EVERY textfile, message, scanlist
 TL & TS DAT File and extracted every modem carrier into the file.
 Then I scanned ALL 800 numbers found, revealing me the list of 600 carriers
 on german toll free numbers, the most complete list ever to be created ...
 


 SCANNING THROUGH AN MODEM OUTDIAL
 ---------------------------------
 The option to use a modem outdial (of a university f.e.) is now included
 but STILL BETA. Please TEST !
 To use this option, do this :
     1) run TS-CFG and set in MODEM-SETUP the "Outdial Flee Char" to that char
        you'll set the outdial modem's flee char to. Use '#' for example.
     2) connect to the server with a normal terminal program.
        The Terminal Program must have been set on the same seriel speed
        as THC-SCAN (COM Speed - not modem connect speed!)
     3) When in command mode of the oudial modem, type 'AT S2=35' (for '#')
     4) Quit the terminal program but don't hang up!
     3) Run THC-SCAN with the normal options PLUS  '-O'  for outdial scanning
 Then it should do it's work. Please report if anything goes wrong or not.
 If it does NOT work, try again with a FOSSIL Driver. If it goes wrong, tell
 me when and why.

 If everything still fails or you want to have it simpler, do that : 
 Do step 1) and then run THC-SCAN with the option -o ... a screen will pop
 up and ask you if you want to connect to the outdial modem. Choose Yes
 and use the terminal to do step 2) and 3), instead of step 4) you just
 exit the terminal screen with ALT-X ... and you don't need step 5 ;-)
 This new possiblity was introduced in v1.1




 Using 2+ Modems and/or an ethernet network for scanning
 -------------------------------------------------------
 First I thought about implementing network scanning into THC-SCAN but then
 decided that it's easier to do it via a good batch file ... and here it goes :
 Take a look at the file NETSCAN.BAT included in this archive.
 On every client in your network you want to scan with, put a 
 SET CLIENT=[number]  in their autoexec.bat. This specifies the CLIENT number.
 So SET CLIENT=1 for the first client, SET CLIENT=2 for the second etc.
 Edit NETSCAN.BAT and modify section [2] and [3].
 Now just run NETSCAN.BAT with the dialmask (scan-area).
 One DAT file for every CLIENT will be created. Use DAT-MERG.EXE afterwards
 to merge them together.

 Currently the Batchfile supports either 3, 5 or 10 scan clients.
   If you want to scan with 2, 4, 6, 7, 8, 9 or 11+ clients : No problem, 
   just reprogram NETSCAN.BAT (if you can't program batchfiles ... learn it!)
 Currently the Batchfile support only network clients and not a computer
 equiped with 2+ modem.
   If your computer has got 2 modems or more then just change the following
   in NETSCAN.BAT :
      CHANGE -> if a%3==a goto OK (in line 30)
      ADD    -> SET CLIENT=%2     (in line 18)
   that should be all you need ... run netscan with the syntax
   NETSCAN [scan-area] [client]
   where [client] is 1 or 2 etc. see SET CLIENT above ...
   Remeber that if you want ot scan with 2, 4 or 6 etc. modems you must
   reprogram NETSCAN.BAT as described above.



 Using an external program to dial the numbers
 ---------------------------------------------
 Useful for what? If you are a blueboxer or got some other possibilites
 like a hardware to place calls for free and/or into other countries maybe
 you would like to do a bit scanning there too, right?
 So set EXTERNAL DIALER in TS-CFG/Misc to YES and specify the external program.
 Remember to put the ^D for the phonenumber to dial into the parameter string.
 You need to add the  X3  config to your modem init string for this to turn
 dialtone detection off.
 To use with the SCAVENGER Dialer (from v0.80 on) :
   PROGRAM   : SCAVENGE.EXE 
   PARAMETER : /NOOUTPUT /DIALVAR ^D /S THC&SCAVE.SCR
   REACTION  : 3
 One more thing about REACTION : valid is either 1 or 2 (and 3 or 4, read below)
 0  dials the phone number with THC-SCAN  AFTER the external program, 
 1  does only a AT<dialprefix><dialsuffix>
 ... and add +2 if you need THC-SCAN to do a modem hook up BEFORE executing.



 PRIMARY & SECONDARY Identifications
 -----------------------------------
 This is also a special thing never ever possible in a scanner.

 Primary Identification is the main thing about the number.
 It is a carrier, tone, vmb, girl voice, fax etc.
 You press the ID key (F for Fax f.e.) and THC-SCAN will stop and move to the
 next number.

 Secondary Identifications are other characteristica which are interesting.
 For example if the phone system of the target is using CCiTT #4 or #5
 which is interesting for blueboxers, or to determine if the number is in
 an other country (better if you want to play with those numbers, depending on
 the law of your country, you may only break the law in the country the phone
 number is located. Check your lawyer.).
 When you press the ID key for a Secondary ID (5 for CCitt #5 for example)
 THC-SCAN will not stop. You may type some more 2ndary IDs.
 But when you press a Primary ID, THC-SCAN stops and moves to the next number.

 Read Section V. for the available SECONDARY Keys while online.



 Carrier Hacking & Nudge
 -----------------------
 When mode enabled (TS-CFG : MODE HACKING), depending on mode set it will
     0) wait for nudge delay timeout
     1) send nudge string to system and wait for nudge delay timeout
     2) beeps a few times to inform you that YOU can now enter the system.
        NO nudge delay timeout. You can online hack the system.)
 Don't unset the string variable for your Carrier Hack Log, or no log file
 will be created.
 Pressing ALT-T while 0) or 1) is in progress automatically enters 2)/
 Try TS-CFG to see how to set up the NUDGE STRING.
 NUDGE DELAY counts the time after the connect had been made. When exceeding
 Nudge delay setting, THC-SCAN disconnects (only in 0) and 1) ) and continues.



 The DAT File & the LOGs
 -----------------------
 In the DAT file are many things saved - all primary IDs and the no# of rings
 detected on that number. Not the 2ndary IDs !
 The main log file loggs everything.
 All primary IDs have a LOG file defined in TS-CFG.
 To remove a special ID LOG file, clear it's name entry in TS-CFG / LOG.



 How to prevent scanning detection from phone companies
 ------------------------------------------------------
 * General Preface:
 As you can read in in our first magazine (THC-MAG1.ZIP) the article about
 CCiTT #7 Line Monitoring, and an updated and more comprehensive one in the
 TFC #4 Magazine, there are now powerful monitoring computers running.

 First: All the tips together does help preventing the detection from the
        monitoring systems, they do NOT disable it at all ...
        So here what to do :
 The system does a pattern matching. So do look as normal as possible with your
 calls. If you got 2 or more phone lines (those of your parents, sisters, 
 friends etc. count!) available in your house, try to scan from all lines
 available..
 That reduces the chance to be detected by "repeated calls from the same origin"
 & "dialing many toll free numbers".
 Then you can deceive the monitoring option looking for automated dialings
 with these 3 possibilites : Scan sometimes with Pulse and sometimes with
 Tone if thats possible for your area. Use the THC-SCAN option to dial
 every number with a different speed. And the 3rd, waiting between every
 digit of the number being dialed randomly between 1-2 seconds.
 Dial random, not sequentiel - also if this doesn't make a big difference
 to the today's technology it does to the eyes of the operator who must analyse
 each alarm triggered.
 Last one : Best to scan either between 6:00 to 9:00 or 16:00 to 20:00 where
 are the main telecommunication traffic but operators don't like to work ;-)

 * How to set this up with THC-SCAN :

   An intelligent monitoring system can identify if a call, phonenumber or
   digit is placed in an equal manner (e.g. by a computer/modem) or by
   hand. These two options help to deceive this :

     � DIAL SPEED DELAY - dials every phone number with a different speed.
       Fast and useful. You can find it in the MISC Menu of TS-CFG.
       Note that you should not set the number for the minimum dialspeed
       setting too low, because then your modem will dial to fast for your
       telekom phone system.

     � SEND SPEED DELAY - dials every number of the phone number with a
       different speed. Slows down the scanning speed very much but is more
       secure. You can find it too in the MISC Menu of TS-CFG.
       Note that you should not set the number for the minimum sendspeed
       setting too low, because your moedm needs enough time to complete
       dialing one number. Test ... if you get a "NO CARRIER" while dialing,
       it's too low.

   Once they detected your scanning (by computer or operator) they can
   decide to do one of the two possibilities immedeantely : 
   do nothing or jam the line. The last possiblity is favored by the german
   telekom. After dialing 1-3 digits of the number, the phoneline gets a busy
   signal ... this is done approx. every or down to every 3rd call. Also
   they can disable the line altogether or just slow you down by giving you
   the dialtone very late. To detect this, you can use this feature :

     � JAMMING DETECTION - If a BUSY signal is received within a defined time,
       then the counter of possible detected jams will be increased by one.
       If it hits the margin of the defined number of max. NO DIALTONE
       responses (this can be defined in TS-CFG, SCANNING Menu), Thc-Scan
       exits with a special error level.
       It is important that you set the time for the jamming detection limit
       wisly, otherwise either it'll never detect a real jam, or will abort
       all your scans with false alarms. So here's how to set it right :
       Let's say you want to scan 111-800-555-xxxx, and you own phone number is
       444-4444 you simply : 111800555xxxx
                             4444444
                             -----------
                             444444455xxxx
       and start it this way : thc-scan.exe jam-test.dat -m:444444455xxxx
       you take a look at the first 5 results and note the elapsed time
       between them a BUSY response is detected from your modem. You then use
       the highest average found like this (let's say the highest average was
       7 seconds) : you just add this parameter to all your scannings ->  -J:7


 Annotation from The Analyst:
   The systems creates a profile of your phonenumber with your dialing habits
   so if you dial standardly a lot of toll free numbers since months then you
   should have no problems with scanning.
   Last but not least use a limit of maximum calls. I think that is the main
   point of the monitoring system to react. I don't think it's mainly the kind
   of dialing. So 200-400 dials per day is enough. And dial them over one day.
   In the traffic hours or at night start at 10:00pm and end the dialing
   at 4:00am (TELEKOM workers are sleeping meanwhile). Do some tests. Check
   your lines if the go busy. There's a option in TS-CFG ;-).
   And the TELEKOM won't make trouble if you dial to many numbers but it's very
   annoying if you just typed in 0130 in your phone to get a busy. And the
   problem is if you call your "Entstoerungstelle 1171" then you can get
   some troubles. So be wise and do not overdo.






 van Hauser says :
 -----------------
 Thanks to all Betatesters, especially to : The Analyst, Wilkins & Plasmoid !
 Credits for the nice blinking Screen, and scrolling up/down go to Plasmoid ;-)
 Credits for the basic setup routines go to Scythe!
 Credits too for the nice EXE file crypter got to Marquis. ;-)
 Greetings to :  � Omega (hi chummer! Thanks for your help! And make a BACKUP!)
                 � JFF (good work spreading the THC releases)
                 � Mindmaniac (linux is great eh :)
                 � Scavenger (thanks for the help! (& the best dialer, ya know)
                 � El Griton (Where are you?)
                 � The Q (Telekom is fun ...)
                 � Muchos Maas, Minor Threat (for programming TONELOC, breaking
                   the limit at the art of scanning. Your program gave me GREAT
                   inspirations!) I hope you get out of jail soon.
 ... and to Dr. Fraud, Dr. Fonk, Chotaire, Coder, Giemor ... all on #bluebox

 With those guys, the sky is the limit ...









 ==============================================================================


                     III. HOW TO CONFIGURE TS-CFG & MODEM


 *     Overview :  1. Your modem
 *     --------    2. TS-CFG


   1.YOUR MODEM

     First get all information about your modem.
     You need to know which COM Port, IRQ, BASEADRESS and BAUD SPEED is used.

     For COM    IRQ   BASE   are common, but may differ.
          1      4     3F8
          2      3     2F8
          3      4     3E8
          4      3     2E8

     HINT: run MOD-DET.EXE to do get the data easily.

     Also important is the baud speed. Suggestions : If you have a modem
     capable of 14400 Baud or more, try it with 14400 ... if you get the
     error message "Can't initialize Port" then set it to 9600.
     This is cause you use a 14.400+ Baud EXTERNAL Modem and your seriel port
     is not fast enough. But this is not important. Real scanning freaks
     set their modem to 2400 Baud to get every carrier without problems.
     NOTE : This limitation of the baud speed does NOT happen using
            the FOSSIL Driver support in TS-CFG.


   2.TS-CFG

     Set Up TS-CFG. You have to run TS-CFG for the first time creating the
     configfile for THC-SCAN (Def:THC-SCAN.CFG). Change the defaults to suit
     your modem. Everything about the options in TS-CFG are explained there.
     So here you'll only see those options which need to be explained further
     and those with no help.

     MODEM CONFIG MENU
     -----------------
     Modem Init     : Configure your modem to wait for a carrier longer
                      then the timeout time defined (S7 register to 60+)
                      The carrier won't be lost easily (S10 reg. to 50)
                      Check exact the time your modem needs to identify
                      the dialtone. Put this time into the S6 Register.
                      The modem should lower datarate when line quality
                      is bad, and it should try to connect on any 
                      possiblity. Set speaker on or off as you like.
                      Use the factory settings and only change those
                      things, not more, that's the most securest way.
                      Also important is, that you set the REPORT level
                      to the highest (most time X set to 7)
                      (except you are a modem configuration artist ;-)
                      Note: You can also change the S11 reg to 50-65
                            to dial faster.

     MODEM CONTROL  - Can either be FAST or SECURE.
                      Choose FAST and try this with a) normal scanning, 
                      b) carrier hangup  c) choose manual/autonom mode 
                      and scan. If everything works fine using this mode,
                      it's much faster. It works great with Zyxels, but USRs
                      are much slower. Try FAST
                    - Can either be CHECK or DUMB
                      Check for an OK after modem init commands. Make stuff
                      a bit faster but for very unusual modems or strange
                      scan settings you must use dumb. Try CHECK
                    - Can either be SMART or WAIT
                      Smart doesn't send the hangupstring after every call.
                      Because you don't need it to do after a BUSY, NO CARRIER
                      etc. But if you set the thc-scan config in a strange
                      way it can be necessary to use wait. Try SMART
     

     MODEM COMMAND DELAY  Time to wait between modem commands. A Zyxel only
                      needs about 250ms, a USR about 300-350 and a Creatix
                      about 400+.

     AUTO DETECT DATA If you want to autodetect databits, parity etc. used
                      by a system you're scanning, you must set your modem
                      data to 8N1. It will detect after the first 100 
                      characters transmitted if it's really 8N1, or if it's
                      7E1 or 7O1. It will switch mode if 7x1 detected and
                      reprint them correctly and reset also the nudge string &
                      nudge timeout.




     MODEM RESPONSE MENU
     -------------------
                      Very important. If this isn't configured properly,
                      not all will work correctly.
                      For example, if a 'no dialtone' is detected, USR modem
                      responds with NO DIAL, Zyxel modem reports NO DIALTONE,
                      and last but not least, Creatix reports NODIALTONE.
                      All new modems report CONNECT when a carrier was found,
                      but old ones may report CARRIER ... and so on.
                      And not all modems can detect VOICE. Keep that in mind.
                      To make your life more easy you can do enhanced
                      identification. When you get a VOICE response, and your
                      modem didn't recognized a RINGING, then it's likely to be
                      a VMB ... so set for there FROM_RINGS to 0 and TO_RINGS
                      to 0 too for VMB detect (and set modem response to VOICE)
                      Make up your mind, you can do powerful things with that
                      but you need a brain to make that out! ;-) hehehehe


     SCANNING MODE MENU
     ------------------
     REDIAL BUSY      In RANDOM SCANNING MODE busy numbers will be redialed.
                      In SEQUENTIEL SCANNING MODE only busy saved numbers from
                      former tries will be dialed again.

     OVERWRITE WITH BUSY  If you scan special ID numbers (f.e. all carrier,
                      or tones - /*:  option) this will define if existing data
                      IDs will be overwritten as BUSY when a BUSY is detected.











 ==============================================================================


                           IV. COMMANDLINE PARAMETERS



THC-SCAN.EXE [@]<DatFile>  [/M:<dialmask>] [/X:<excludemask>] [/R:<from>-<to>]
      [/D:<from>-<to>] [/#:<no>] [/H:<time>] [/S:<time>] [/E:<time>] [/&] [/N] 
      [/C] [/T] [/A] [/B] [/O] [/!:<ConfigFile>] [/*:<no>] [/Q] [/=] [/W:<no>]
      [/LCD] [/P[:<Path>]] [/J[:<no]]


Parameter :
-----------

   [@]<DatFile>       The name of the DAT file to create/use/update.
                      This MUST be the first parameter for THC-SCAN !
                      If you specify the "@" in front of the filename,
                      a DIALTEXTFILE will be the specified ! (Read Sec. II)


Optional  :
-----------

   [/M:<dialmask>]    The dialmask to use for scanning. If you use f.e.
                      /M:1234-x-6-xxx  the program will scan from
                      1234-0-6-000 to 1234-9-6-999. You may use any number
                      of X's between 1 and 4 - not more! If you don't
                      specify this option, the <DatFile> name will be
                      interprated as <dialmask>.
                      You may put the X's where ever you want :
                      /M:0-x-1-x-2-x-4-x-5
                      The "-" character is NOT necessary.


   [/X:<excludemask>] The excludemask to use for scanning. The numbers
                      excluded WON'T be scanned! The excludemask must have
                      the same length as X's are used in the <dialmask>
                      If you use f.e.  /M:1234-xxxx and /X:00xx
                      then 1234-0000 to 1234-0099 WON'T be scanned, all others
                      will. You may specify up to 10 exclude masks.


   [/R:<from>-<to>]   A special range to scan. This is useful if you want f.e.
                      create a DATfile with a full range (XXXX) but want to
                      scan today/tonight only a special range from 0000 to
                      0250 ... /R:0-250 ... you may use up to 10 ranges.


   [/D:<from>-<to>]   This is like /R but DROPS (doesn't scan) those numbers.
                      /D:500-999 f.e. won't scan 0500 to 0999
                      You may use up to 10 drops.



   [/#:<no>]          This is the maximum number of dials THC-SCAN will make
                      until it will exit. F.e. /#:100  will make 100 dials
                      and then exit. If not specified there won't be a limit.


   [/H:<time>]        This specifies a timerange. When exceeded THC-SCAN will
                      exit. If you just use  /H:4  it will scan for 4 hours,
                      if you use  /H:0:30 it will scan for 30 minutes.


   [/S:<time>]        This specifies the starting time for scanning. THC-SCAN
                      will wait until a key is pressed OR the time mentioned
                      is reached and will then begin scanning. You may either
                      use am/pm time or military time :
                      /S:3:50p  will wait for 15:50 ...
                      /S:14:15  will wait for 2:15p ...


   [/E:<time>]        This specifies the ending time for scanning. When
                      reached, THC-SCAN will exit. Usage is like /S.


   [/C]               Starts THC-SCAN is carrier scan mode. Overrides mode that
                      was specified in the config file.


   [/T]               Starts THC-SCAN in tone scan mode. Overrides mode that
                      was specified in the config file.


   [/A]               Starts THC-SCAN with autonom/manual mode ON. Overrides
                      mode in the config file. This is an additional mode for
                      Carrier/Tone scanning. (Read Sec.II)


   [/B]               Starts THC-SCAN with autonom/manual mode OFF. Overrides
                      mode in the config file. This is an additional mode
                      to Carrier/Tone scanning. (Read Sec.II)


   [/O]               Scanning through an outdial modem.
                      You must first connect to the outdial modem with a
                      terminal program. Then run THC-SCAN with this option.
                      Remember to set OUTDIAL FLEE CHARACTER in TS-CFG !


   [/!:<ConfigFile>]  Specifies the name of another config file to use.


   [/*:<no>]          Dial only numbers which were identified as a special
                      type. Consult the DATFILE.DOC to check the Idcodes to use
                      f.e. timeout is 32 to 39 (depending on rings detected).
                      To scan Timeouts with NO rings again use  /*:32
                      to scan Timeouts with 5  rings again use  /*:35
                      to scan ALL Timeouts           again use  /*:32X
                      This X after the number tells THC-SCAN to scan all
                      members of a type, from 0 to 7 rings.
                      You may use this option up to 10 times.


   [/&]               Turns debugging mode ON. All modem output will be saved
                      into DEBUG.LOG.


   [/N]               Turn effects (Window Scoll up/down) off. In future this
                      will also turn assembler screen writes off to be
                      Desqview compactible.


   [/Q]               Quiet mode. Prevents any beeps made by THC-SCAN.


   [/=]               Blanks Screen automatically on startup.
                      Excellent for starting the scanner from remote or
                      on time event (/S Option). Read TIPS & TRICKS for this!
                      btw. to unblank later while scanning use ALT-B of course.


   [/W:<no>]          Checks for Windows-Desqview-OS/2 environment and does a
                      time slicing when encountered. This is beta so please test.
                      Expanded Option : /W does 16 timeslices. If a number is
                                        specified, this timeslices will be
                                        given away, f.e. /W:75 for 75.
                      Option has to be between 1-255.


   [/LCD]             Runs in LCD/Hercules Mode


   [/P[:<Path>]]      Creates a subdirectory and writes the .DAT and .LOG
                      into it. If you do NOT define a Path, a directory with
                      the name of the .DAT file.
                      Note that you MUST specify this option every time you
                      wish to continue a scan with the data from this dir!
                      Example :   /P:SIEMENS  creates the directory siemens
                                              and writes the data into it.


   [/J[:<no>]]        No. of seconds a BUSY response will be seen as a
                      possible jamming. Standard is 6 seconds.
                      This option is only activated when at least /J is set.



NOTE : The "/" before the option is NOT necessary NOR the ":" after the switch.
       You may also use "-" instead of "/".


All these Examples are valid :
       THC-SCAN scanit -M:1234xxxx /C h5
       THC-SCAN scan1234xxxx -T S23:00
       THC-SCAN 1234-xxxx -!alternat.cfg *72x /*:64X -Xx000 d7999-9999
       THC-SCAM 1234xx -Q Lcd


If the program doesn't behave like you want, some strange things happen like
numbers dialed again, some dialed not etc. Check your CFG File ! There are
numerous things to configure so check first if everythings correct.
(Escpecially the options SAVE DATATYPES, REDIAL BUSY, AUTONOM/MANUAL MODE,
 SCANNING MODE - all in the MODE Menu of TS-CFG.EXE, plus Modem Config
 Options like WAIT BETWEEN CALLS, MODEM HANGUP TYPE, CHARACTER DELAY
 MODEM COMMAND DELAY etc.)







 ==============================================================================


                             V. Online Scanning Keys



     While online you can hit the following keys with the following results :
     (print this section or press "?" while online)


SCAN MODE
=========

     KEY   DESCRIPTION
     ----- --------------------------------------------------------------------
     B     Identifies the current dialed number as BUSY
           Number will be saved into BUSY LOG.

     C     Identifies the current dialed number as CARRIER
           NOTE: If CARRIER HACKING is ON (see TS-CFG) then THC-SCAN will still
                 continue to connect. Press SPACE to abort connect and go to
                 next number. It will still be saved as CARRIER ID.
           Number will be saved into CARRIER LOG.
           In CARRIER HACKING MODE the output will be saved into CARRIER HACK
           LOG.

     D     Drop-X. Drops all 10 numbers around the current one from dialing.
           E.g. if you scan 555-430, 555-431 or 555-439 (from the mask 555-XXX)
           then they will all result to the same, dropping 555-43X.
           So 555-430 to 555-439 won't be dialed anymore, without changing
           their IDs. 

     F     Identifies the current dialed number as FAX
           Number will be saved into FAX LOG.

     G     Identifies the current dialed number as GIRL (Female Voice response)
           Number will be saved into VOICE LOG.

     I     Identifies the current dialed number as INTERESTING VOICE
           Number will be saved into VOICE LOG.

     M     Redial+Manual, redials the current number and let's you enter MANUAL
           DIAL MODE with ENTER for this call only. See Introduction for usage.

     N     Next Number WITHOUT saveing/changing the ID
           (For closely examination later OR if you just wanted to check it out.
           It would be overwritten when pressing SPACE with the ID UNINTERESTING)
           - the same as [TAB].

     O     Identifies the current dialed number as VOICE (normal)
           Number will be saved into VOICE LOG.

     P     Pause
           Modem hangs up and waits for any key to begin redialing.
           To use the Extended Pause Menu use ALT-P.

     Q     QUIT after completing this call

     R     Redial current number

     S     Save a comment
           When the call is completed it will ask you for a comment. Your last
           comment made will be displayed. Use Control-X to delete line. You
           can use also the Home, End, Insert, Delete, Backspace, CursorLeft
           and CursorRight keys. ESC to abort, Enter to save. SECONDARY ID
           Number will be saved into COMMENT LOG.

     T     Identifies the current dialed number as TONE
           Number will be saved into TONE LOG.

     U     Identifies the current number as UNUSED (Not in service)
           Number will be saved into UNUSED LOG.

     V     Identifies the current number as VMB
           Number will be saved into VMB LOG.

     X     Extend the timeout for 5 seconds for this call only to a max of 255
           plus the timeout value.

     Y     Identifies the current number as YELLING ASSHOLE (voice)
           Number will be saved into VOICE LOG.

     +     Extend the timeout for 5 seconds for this call only to a max of 255
           plus timeout value. (This is like "X" - to be compatible with Toneloc)

     -     Decrease the timeout for 5 seconds for this call only.

 CTRL-+    Increase the ringout counter by one.

 CTRL--    Decrease the ringout counter by one.

     ?     When Online, one of the seven help windows will be displayed in the
           Statistic Window. Press "?" for the 8th time to see the stats again.

     1-3   Identify current number as CUSTOM 1-3 ... You may specify their name
           in TS-CFG. NOTE : Custom 1-3 may be assigned to be SECONDARY IDs.
           Number will be saved into CUSTOM LOG.

     4     Identify current line as CCiTT #4 (for blueboxers. SECONDARY ID
           Number will be saved into CCITT LOG.

     5     Identify current line as CCiTT #5 (for blueboxers. SECONDARY ID
           Number will be saved into CCITT LOG.

     6     Identify current number as foreign continent EUROPE. SECONDARY ID
           Number will be saved into COUNTRY LOG.

     7     Identify current number as foreign continent USA. SECONDARY ID
           Number will be saved into COUNTRY LOG.

     8     Identify current number as foreign continent ASIA. SECONDARY ID
           Number will be saved into COUNTRY LOG.

     9     Identify current number as foreign continent AFRICA. SECONDARY ID
           Number will be saved into COUNTRY LOG.

     0     Identify current number as an OTHER foreign continent. SECONDARY ID
           Number will be saved into COUNTRY LOG.

     SPACE Identify current number as UNINTERESTING

     TAB   Next Number WITHOUT saveing/changing the ID
           (For closely examination later OR if you just wanted to check it out.
           It would be overwritten when pressing SPACE with the ID UNINTERESTING)
           - the same as [N].

     DEL   Resets the current dialed number to UNDIALED.

     ESC   This aborts scanning immediately and quits.

     ENTER When being in AUTONOM/MANUAL mode or activated Redial+Manual mode
           you may press ENTER to do manual dialing online !
           All inputs will be saved into MANUAL LOG.
           After that another window will pop up and asks you to save this
           number as Manual, VMB, Tone, Custom1-3, Unchange or UnDailed.
           VMB & Tone IDs will be saved with Manually Flag set.
           (See DATFILE.DOC) (ID:=ID+8)

     BCKSP Enters a DIAL AGAIN Menu
           You can select from the last 20 dialed numbers to be dialed again.
           Very useful if you identified a number wrong, or you were on the
           toilett when this wonderful scanner detected a carrier and you want
           to see what it was now. This works in sequentiel mode.
           NOTE : In random and @textscan mode only one number will can be redialed.

     F1-F8 Execute programs specified in TS-CFG

     ALT-6 Auto-Country Option. If turned on every number scanned gets
      ...  automaticallay the corresponding country flag (6 Europe, 7 USA,
      to   8 Asia, 9 Africa, 0 Other). Press the keycombination again to
      ...  turn Auto-Country Mode off for this country type.
     ALT-0 (good if scanning an area where all numbers are f.e. in Japan etc.)

     ALT-A ALARM!
           All processes are stopped and the screen will immediately
           show another picture, called THC-SCAN.BIN. In normal scan mode
           the modem will hangup, in carrier hack mode the modem will just
           pause. Press [SPACE], [ENTER], [ESC] or ALT-A again to continue.
           The scanner will continue and redial the last number.
           If you want to change the .BIN picture, make a BIN file
           which must have 4000 bytes (80x25 screen with Char+Attrib)
           and rename it to THC-SCAN.BIN.
           The current BIN File shows a Norton Commander Screen.

     ALT-B Blanks screen. Press Alt-B again to unblank.
           NOTE : All other ALT Functions are disabled while Screenblank on,
                  also Carrier Hacking in mode 2 is disabled.

     ALT-C Turn COMMENT ALL Mode on/off.
           When on it asks after EVERY number for a comment.

     ALT-D DIAL Menu
           Enter a number to dial. (f.e. the number of your
           girlfriend - and you don't want to stop the scanning process)

     ALT-J Jump to DOS
           Options will be displayed to hangup, continue, redial etc.
           The DatFile will be actualized.

     ALT-M MODE Menu
           Change mode CARRIER <-> TONE and turn AUTONOM/MANUAL mode on or off.

     ALT-N NO MORE BUSY
           Stops redialing on busy numbers immediately. Only useable in random
           mode, the redialing_busy flag set to on (TS-CFG) and the special scan
           mode  /*:  is not used.
           F.e. after 10 hours when THC-SCAN is still redialing a lot of busy
           numbers (max. 7 tries for one busy number), so use this option
           avoiding always-busy-numbers and get to those not scanned.

     ALT-O OPTION Menu
           Runs TS-CFG while online. Changed options will be loaded!

     ALT-P Extended PAUSE Menu
           You are still online. Press H for hangup, R to redial immediately,
           N for hangup & next Number or <any other key> to continue and reset
           online timeout for the actual number.
           (Doing a continue after you hang up is not possible, you should
            use redial for that (logical, isn't it?))

     ALT-S Speaker Toggle
           Turn modem speaker on or off.
           Option will be activated for the next number to dial.

     ALT-T TERMINAL Mode
           When a logfile for carrier hacking is specified, everything will be
           logged there.
           Will be saved into CARRIER HACK LOG.

     ALT-U Update Datfile
           This will actualize the Datfile with the current data.
           Do this if you want to run a critical program which may hangup
           your computer.




TERMINAL MODE
=============

     F1    Shows other commands in the status line

     ALT-B Send a break

     ALT-C Clear screen

     ALT-D Data statistics

     ALT-H Hangup

     ALT-P Change parameter -> Modem DATA setting (8N1/7E1/7O1)

     ALT-S Save comment (flag will be set and after hangup it will ask you)

     ALT-T When in Carrier Hacking AUTO Mode you can enter into manual mode

     ALT-X Hangup and exit












 ==============================================================================


                         VI. SERVICE PROGRAMS


 *     Overview : TS-CFG.EXE     THC-SCAN configuration program
 *     --------   DAT-CONV.EXE   DAT file converter TONELOC <-> THC-SCAN
 *                DAT-MANP.EXE   DAT file manipulator for THC-SCAN, change IDs
 *                DAT-MERG.EXE   Merge two DATfiles to a new one
 *                DAT-STAT.EXE   DATfile statistic analyzer.
 *                EXTR-NO.EXE    Extract (phone-)numbers of a textfile
 *                TXT-CONV.EXE   Capture convertation utility: 8N1 -> 7E1/7O1
 *                               or unix/amiga <-> msdos <-> atari st
 *                MOD-DET.EXE    Modem Detector, identifies com port settings



----------------------------------
Program: TS-CFG.EXE [<ConfigFile>] [/LCD]

Configuration program you have to start for THC-SCAN.


Optional  :
-----------

   <ConfigFile>       If not specified, THC-SCAN.CFG will be loaded/created.
                      TS-CFG will convert all previous configfile versions
                      from v0.6a up automatically.

   /LCD               runs TS-CFG in LCD/EGA mode.



-------------------------------------------------------------------------
Program: DAT-CONV.EXE <Datfile 1> <Datfile 2> [<ID_4_Note> <ID_4_NoDial>]

DAT Converter for TONELOC <-> THC-SCAN

Parameters:
-----------

   <Datfile 1>        DAT File to load.
   <Datfile 2>        Dat Filename to write.

Optional  :
-----------

   <ID_4_Note>        Standard is 224 (Custom 1)
   <ID_4_NoDial>      Standard is   0 (Undialed)

You can only change <ID_4_Note> alone, but not <ID_4_NoDial>.




---------------------------------------------
Program: DAT-MANP.EXE <Datfile> <ID_1> <ID_2>
             or
         DAT-MANP.EXE <Datfile> DIRECT <Number> <ID>

DAT Manipulator for THC-SCAN Datfiles


Parameters:
-----------

   <Datfile>          DAT File to manipulate. .BAK file will be created.

     and

   <ID_1>             ID Type to search for. Look up ID numbers in DATFILE.DOC.
                      Appending an "X" after the ID will search for the whole
                      type (means with all ring counters).

   <ID_2>             ID Type to overwrite ID_1. Appending an "X" after the ID
                      will transfer the ring counters. Only Possible if also
                      on ID_1 an "X" is appended.

     or

   DIRECT             If this Keyword is specified, a Number and an ID have to
                      follow it. This mode is different from the ID_1 and ID_2
                      mode ! With this option you can set one special number
                      in your dat file to an ID.

   <Number>           The special one number you want to change the ID of.

   <ID>               The new ID you want to set the number to.




---------------------------------------------------------------
Program: DAT-MERG.EXE <MainDatFile> <Datfile1> <Datfile2> [ASK]

THC-SCAN DAT File Merger : Merge 2 DAT files together.


Parameters:
-----------

   <MainDatFile>      The Datfile to create with the Data of Datfile 1 & 2.
                      If it exists it asks you to overwrite.

   <Datfile1>         The first of the two Datfiles to merge. The Data of this
                      Datfile has got PRIORITY above Datfile2.

   <Datfile2>         The second of the two Datfiles to merge.

Optional:
---------

   ASK                If this optional keyword is specified, it will ask you
                      for every equal number which ID to take.


PRIORITY means, that if both Datfiles have the same number and both wants
to write an important ID (Carrier, Tone, VMB etc.) the first Datfile
writes his ID Data, the second doesn't. If the ASK Keyword is specified, then
it will ask you which of the both IDs to write.

DAT-MERGE does also an intelligent Dialmask Check. If both Datfiles got a
dialmask saved in the Datfile Header (only fresh converted Tonloc Dat files
haven't got one) they will be checked if they fit together.
Examples :

   Datfile1Mask     Datfile2Mask      NewDatfileMask
   800-123-1xxx     800-123-1xxx   -> 800-123-1xxx (makes a 1000  entry file)
   800-123-1xxx     800-123-2xxx   -> 800-123-xxxx (makes a 10000 entry file)
   800-123-1xx0     800-123-xx11   -> 800-123-xxxx (makes a 10000 entry file)
   800-121-xxxx     800-122-xxxx   -> not possible. (would need 100000 entries)

If it's not possible to autodetect the correct merge mask (either one or both
hasn't got a dialmask in the Datfile or it's not possible from autodetect),
it will ask you to input a mask for both files.
Attention: Numbers out of the dialmask won't be written.




---------------------------------------------------
Program: DAT-STAT.EXE <Datfile> [<Outputfile> <ID>]


DATFile Statistics

Parameter :
-----------

   <Datfile>          DAT File to analyze.
  

Optional  :
-----------

   <OutputFile>       File to write the data to.

   <ID>               ID number of the phone numbers to write into <OutputFile>
                      As usual you may search for all IDs of a type with "X"
                      You may also specify an "X" only to create a THC-SCAN.LOG
                      like outputfile

This prints some statistics about the DAT File.
The Optional Parameters must be used together !
The Optional thing is very interesting : by specifing the outputfile and the
ID, it will search for the ID, and writes the WHOLE PHONENUMBER of the ID into
the outputfile! Practical to import this data into another program!
For example: The textfile dial option from THC-SCAN with '@'.




-------------------------------------------------------------
Program: EXTR-NO.EXE <TextfileINPUT> <TextfileOUTPUT>
                     [<no-min-length>] [<prefix>] [REMOVE] [ONLY]

Extract numbers of a textfile

Parameter :
-----------

   <TextfileINPUT>          Textfile to examine for numbers

   <TextfileOUTPUT>         Textfile to write the found numbers to.
  

Optional  :
-----------

   <no-min-length>          Minimum Length the number should have. (Def:8)

   <prefix>                 A prefix will be put before each valid number.

   REMOVE                   This Keyword removes ALL seperator of found numbers.
                            F.e. 1-800-5555-444 would be 18005555444

   ONLY                     NO numbers containig seperators will be written.
                            A number may have following seperators "+/-.,() ".

                            So NORMALLY this is valid :
                               1-800-5555-444
                               1-8-0-0-5.5./5/5 4 4 4
                            but also 12/12/95 which is more likely a date.


If you want to specify <prefix>, REMOVE and/or ONLY you MUST set <no-min-length>
as third parameter.




------------------------------------------------------------
Program: TXT-CONV.EXE <InputFile> <OutputFile> <ConvertType>

Text Converter

Parameter :
-----------

   <InputFile>        File to read the data from

   <OutputFile>       File to write the data to

   <ConvertType>      Convert with following option :
                         7E1 - file is assumed to be captured with 8N1
                               but is really 7E1 and makes it readable.
                               Noise characters will be removed.
                         7O1 - file is assumed to be captured with 8N1
                               but is really 7O1 and makes it readable.
                               Noise characters will be removed.
                         REMOVE - Removes any character above 122 value.
                               Useful when you got a connection without
                               error correction and you want to filter out
                               the noise characters.
                         LF    gimmick : converts to amiga/unix text format (LF).
                               Any Carriage Return character will be removed.
                         CRLF  Converts to MsDos Text format from both
                               amiga/unix and the rare OS type text format
                               automatically.
                         CR    gimmick : converts to some rare OS text format (CR).
                               Any Linefeed character will be removed.




----------------------------------------------------
Program: MOD-DET.EXE [-e] [-n] [-t] [-u] [-f <file>]

Detects modems currently turned on and attacht to the computer.
Prints out the com port configuration for each found.

Parameter :
-----------

   [-e]             extended scanning, tries also unusual com port settings.
                    (scans from irq 1 to 6 with baseadresses 2e8, 3e8, 2f8, 3f8)

   [-h]             hard scanning. includes -e but scanning from irq 1 to 14.
                    You computer may freeze!

   [-n]             no output to screen. Only useful with the -f option

   [-s]             try to detect slow response modems (like old us robotics)

   [-t]             connect to the found modem after the scan is complete.
                    This is a miniterminal ;-)

   [-u]             Use the Fossil Driver if present

   [-f <file>]      prints the found modem settings to <file>











 ==============================================================================


                               VII. Tips & Tricks



MODEM CONFIGS ?

     Here are good modem configs ...

     Zyxel 1496B,E,E+ :
     AT &F *Q1 *P15 S11=60 S10=30 X5 L6
     For normal use (BBS call), remove *Q1 and change S10=30 to S10=64.

     USR Courier Dual Standard 14.400 :
     AT &F &A2 S11=60 S10=30 X7 Q0 E1
     Note : Get infos about undocumented commands for your USR.
            There should be possibilities to even recognize CCiTT #5 clicks
            when using the hidden Y command settings. Use the -& Option of
            THC-SCAN to print all modem output into MODEM.LOG.

     Creatix 14.400/28.800 :
     AT &F S11=60 S10=30 X7 L3
     Note : Put in TS-CFG as dialprefix 'AT%TCBDT' to disable the "Wahlsperre".

     If you want a quiet scanning add "M0".
     Important is that you ensure that your modem dials the DTMF tones
     not too fast for your phone system. Do some experiments, ya can
     save time with that ;-) (S11 Register).



WHICH MODEM TYPE SHOULD I USE ?
     For simple carrier scanning you can use any modem.
     But in my experiences the Zyxel does best on connects and seldom
     false identifications.
     The USR Dual Standard does not always recognize old CCiTT protocol
     standards and is a bit more easily disturbed by noise so it responds
     a busy or voice, but has great possibilities for voice & tone recognition
     which are out of possiblity of a Zyxel. For bad lines they got also a
     connect where the Zyxel gives up.
     If you do automated scanning for carriers you should use a modem which
     supports the VOICE response -> that doubles the scanning speed!
     So it's up to you, depending on what you want to scan.
     But get both ;-)


I WANT TO SCAN FOR BOTH - TONES AND CARRIERS - BUT HOW?
     Easy. Just scan for Tones. Carriers also produce a long tone which will
     be detected as a tone! Rescan your found Tones with the "*" parameter,
     option from thc-scan and switching to carrier scan mode. Sit in
     front and identify all stuff correctly, which will be done fast.


HOW TO USE TOUCHTONE RECOGNITION WITH YOUR MODEM AND THC-SCAN
     1) First possibility :
        Put ",;%T" in your dial suffix string (if you aren't using a USR for
        DTMF Recognition, change the "%T" with the corresponding command).
        Start THC-SCAN with the -& command to have all modem output printed
        into MODEM.LOG. Set to SECURE HANGUP in TS-CFG - MODEM SETUP.
     2) Second possibility :
        Set THC-SCAN to AUTONOM MODE or do a M (Redial+ Manual) while online. 
        Enter ALT-T for Terminal Mode immediately. When you see the "OK" answer,
        enter the modem command for touchtone recognition (AT %T).
        To abort, press ESC. The output will be saved in CARRIERS HACK LOG.


WHAT SHOULD I USE - RANDOM OR SEQUENTIEL SCANNING ?
     It's up to you. If you do a random scan maybe your phone company won't
     notice your scanning. But good phone systems will. If you dial
     sequentiel you can get an overview about a company f.e. you get
     their customer service on -0000, a special bureau of the company at
     -0010 to -0050, a fax at -0055 ... and you'll notice that fact - but it
     might be suspicous if one phone rings after another in an office ...

WHEN SHOULD I SCAN - DAY OR NIGHT ?
     That's up to you too - at daytime your calls won't be noticed so easily
     (and in some countries it's a illegal to scan!.) But many numbers will be
     busy. Or carriers will only be online in the night, or a VMB etc.
     At nightime then again your calls may be noticed.
     But some guys don't have the choice so scan and get happy :-).

WHAT DO *YOU* DO?
     I scan random at daytime, sitting in front of the computer.
     Sometimes a nightly carrier scanning while i'm sleeping (random too).
     At night, there are more carriers and VMBs online then at daytime.
     Some tone types and carriers can be checked automatically, but the really
     interesting things you will only find, if you are sitting in front of the
     computer.

HOW TO START THC-SCAN IN REMOTE MODE OR WITH AUTO-STARTTIME ?
     Use the normal THC-SCAN options plus   /Q /=   but without   /N.
     Use a .CFG file which turns the modem speaker off! (M0 in the init string)
     Put this in a batchfile. Put in the next batchline a  CLS  to clear the
     screen.
     If you want to run it from a specific time on, use the  /S:<time>
     commandline option or if just from remote start the batchfile.

I FOUND A TONE - AND NOW ?
     Get PBXHACK (from THC ! ;-)  and "analyze" it - if it's not illegal ;-).

I FOUND A CARRIER - AND NOW ?
     Check it out - it might be interesting. If you get some annoying
     "PASSWORD:" prompts then get the LOGIN HACKER (from THC too ;-) to get in
     (but only if it's not illegal in your country ;-).

I'M IN THE USA - SO ?
     Scanning is illegal in some countries. Check a lawyer.
     But some phone companies make their own law, and close your line if
     you do extensive scanning. So check & try & test ... good luck.

I'M IN GERMANY - SO ??????
     Scanning is not illegal in Germany. But German Telekom has installed on
     January 1996 a SS7 Monitoring Equipment from HP, where such scanning habits
     can be analyzed (plus many more things ... this hardware is very flexible )
     And Telekom trained a special team in darmstadt to locate those evil
     scanners - thought it's not illegal - but you know it too - Telekom doesn't
     care about that and is surveilling phone lines for their purpose (official:
     for statistical reasons)!
     Telekom already installed tools on the phone lines of two friends which
     will let the line go busy after every second number dialed (no matter how
     long you wait between the calls, no matter what numbers exactly you dial)
     after you began scanning. Such tools are also already installed in some
     areas for public payphones to prevent scanning.
     At the moment you are safe, but maybe from March to October '96 on 
     you should be careful.
     Read the article in the THC-Magazine No. 1 about CCiTT#7 Monitoring.
     I rewrote the article and added new data. You can read it in the 
     Time for a Change Magazine #4 (TFC)


REMEMBER ...
You can do nearly everything with THC-SCAN which has to do with DTMF ...
Even PBX or VMB Hacking using BlueBoxing with recording the results into
a VOC file is possible ... just get a brain and some ideas how to use it ;)











 ==============================================================================

                      Epilog: Updates? How to contact? etc.


     If you are updating from an older version : 
     Run TS-CFG. It will recognize the old version of the config file and
     write the new one.

     Where to get new versions :
     Call one of the THC Dist Sites.

     How to become a betatester of THC :
     contact me.

     How to contact me ?
     If you need some features, found some bugs, got questions/information :

     Write an email to -> vh@campus.de


I appreciate any comments! Flames, Bug Reports, Tips, Typing Errors, Wishes,
Excuses, Ideas for new Features - and of course your beautiful girlfriend ...


Thanks for taking all your precious time to read that shit ...
For all the typing errors - hey i'm german ... ;-)


Ciao...
                    van Hauser





==============================================================================

                                      END

-------------------------------------------------------------------------------


van Hauser -> vh@campus.de
Type Bits/KeyID    Date       User ID
pub  1024/3B188C7D 1995/10/10 van Hauser/THC of LORE BBS

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.3i

mQCNAzB6PNQAAAEEALx5p2jI/2rNF9tYandxctI6jP+ZJUcGPTs7QTFtF2c+zK9H
ElFfvsC0QkaaUJjyTq7TyII18Na1IuGj2duIHTtG1DTDOnbnZzIRsXndfjCIz5p+
Dt6UYhotbJhCQKkxuIT5F8EZpLTAL88WqaMZJ155uvSTb9uk58pv3AI7GIx9AAUT
tBp2YW4gSGF1c2VyL1RIQyBvZiBMT1JFIEJCU4kAlQMFEDJ2gzNAf3b9d/IP1QEB
5DwD+gJRh6m4h0fVgpQJkOiuQD68lV5w8C0F5R3jk/o6Pollaf7gtVhG8BGGo5/7
/yiH40gujc82rJdmihwcKuZQtwt8X28VN8uy56SCpXD5wjjOZpq0t0qSXmhgunZ0
m7xv7R4mWRzFclsgQCMwXNgp4sXgw64bVm8FhEdkrVSO8iTyiQCVAwUQMkMhCspv
3AI7GIx9AQFstAP+Jrg7V06FGV/sTzegFNoaSyOItkvXjctzFsXuBfta2M7EzPX3
UR3kM4/W4xE70H4XmMOJ9RmTzs+MuhSq8BtGQtYaJqGjxe/ldbvGOXRxR1rBJAKS
yDQYu0VJ/Ae8yuJcMS312jqwg8OLgYnQaqEoaRM4HEiB+hgDRqnFKpDxkhSJAJUD
BRAyQx8E5y7IvlL6xvEBAQ+bA/9baK7f3M9F5n4aASy04WHOreUNpGQ8DXgtMVq7
KVdXMIWjURsboR+wt5eJTPeL00lHS5eqmZlNzGV9hWtzAr20qrKLmvE20Ke4VPB0
a/tWXNUdvLnk4ENbTBFfMMdnlDo3hSThSMQ7yZ9UEYgighKu6l2fG5UG6D+kXFLy
iIvvlA==
=nX2w
-----END PGP PUBLIC KEY BLOCK-----


--------------------------------------------------------------------------------

                ����������������������������������������������
                �                                            �
                ��������    ����������������������������������
                       �    �  �����   �����  �������������
                       �    �  �   �   �   �  �           �
                       �    �  �   �����   �  �   ���������
                       �    �  �           �  �   �
                       �    �  �           �  �   �
                       �    �  �   �����   �  �   ���������
                       �    �  �   �   �   �  �           �
                       ������  �����   �����  �������������
                ����������������������������������������������
                �             The Hacker's Choice            �
                ����������������������������������������������


!! REMEMBER !!! REMEMBER !!! REMEMBER !!! REMEMBER !!! REMEMBER !!! REMEMBER !!
         This file is for informational purpose only!
 The Sysop-Team is NOT RESPONSIBLE for anything you do after reading this text!
!! REMEMBER !!! REMEMBER !!! REMEMBER !!! REMEMBER !!! REMEMBER !!! REMEMBER !!



!!! ACHTUNG !!! ACHTUNG !!! ACHTUNG !!! ACHTUNG !!! ACHTUNG !!! ACHTUNG !!!
            Dieses File dient nur zur Information und Aufklaerung!
                Die Sysops erklaeren sich NICHT VERANTWORTLICH
        f�r Rechtsverstoesse, die durch diese Informationen entstehen.
!!! ACHTUNG !!! ACHTUNG !!! ACHTUNG !!! ACHTUNG !!! ACHTUNG !!! ACHTUNG !!!

--------------------------------------------------------------------------------