Copy Link
Add to Bookmark
Report

k-1ine_43

eZine's profile picture
Published in 
K1INE
 · 26 Apr 2019

  


\Com"mu*nism\, n. [F. communisme, fr. commun common.] A scheme of equa1izing
the socia1 conditions of 1ife; specifica11y, a scheme which contemp1ates the
abo1ition of inequa1ities in the possession of property, as by distributing
a11 wea1th equa11y to a11, or by ho1ding a11 wea1th in common for the equa1
use and advantage of a11.

,,,,,,,,
. ,,:;jiii"''''''"iiii;;,. .
,it;' ':;ji;.
,i;: ':;i,
;i;: ';ti,
,,, ,,,, :j' ,,,,,,, ,,,, ,,;;iEj;, ,,,,,,,,,
j###j :###Y t; ,######K j###; ,d########&, ,d#########b
j###j K##K' ,t #######K j###; j###GK#KK###, j###G###W###
j###j j###' ;i ###K j###; j###j `####i; j###i K###
j###t,###' ,i ,,,,,,,,,,. ###K j###; j###j K### i,j###t K###
j###;K##F .j ##########; ###K j###; j###j K### jj######KW###
j###K##K i, E#########: ###K j###; j###j K### :j##########P
j###;K##k t. : ###K j###; j###j K### j###j
j###t'###t; :: ###K j###; j###j K### ;j###j K#W#
j###j i###t .; ###K j###; j###j K### ;j###i K###
j###j K### ;. 1WWW####WW#I j###; j###j K### tj####WWW####
i###i :###k ; 1##########i 1###i 1###i W### ,j,##########"
i i ji
t: .i . ,ji:.
.j t. . jkWT0$NSA;.
i:,j ,t `, &, ,% .fD0D#HC#DND&,
;f: ,##f t#, tEb dEP :j: `fNW0k,
C t,; j###L, K# X#XX#X ji `tA$k,
;; . `" "#&,W# ' ,fTEMPESt, ;f, 'WAR;
C j j#%, "y#&, jt, .GLLfE##EfLLG. f; IRSi
.f j#f"f#j#9"##; ;t t YY fi ;NSA
C :f jWF "ji .ti;j:, ii :ji iKGB
jt ,: jti tj. ,jj' CIA#
P .tji,:. .,if, j;t.,j:t, ;;. .,;jj; j$R#
.,jtjttji, t;it:.i;j, :;jjtttj;i; ;CYB
ii:tji ,tjt'tti;. :ttt..t #OSS
f: tt ,j t ,#FBI
:f f f. i: j#WB'
,,. ;t ;i t, ,i #$#W
.jEKKWEi, j: j. ;n,e t t w e: r k, e :d :j j' ,NSA;
.tWDEEEKKWKj, f..t : o :w n. z u: , f t' ,#IMF
:WWDDEEEKKEKW#L: ;j ,, ., , . t: ;; dEA#'
t#GGGGDEEKKEEEEWi ti i: t: .j #CIA
f#KDLLLLGEEDDDDEf f, t, :j, j' IR$#
t#KKKDLLLLGKEGGW f; .,: .;; j' .#G#E
`#WKKKKEGLGW#EWP 'i;. . . ,;j ;KGBi
`WWKKKEEE##KWf 't; . ,;i;' #HC#'
`KWKKEW##KEWG;. ';i;i;;i;iji;;ii;' ,#D0J
`fW#ECHELON#WGt, #NW0'
`tE#CARNIVORE#Dt. .ttti;,. fBI#'
`"fK#ECHELON#EKKf;, iEGGEEEEEEDa, ,#G$W
`"jW#CARNIVORE#KKt;, :GDLGGGDDDEGGGGK, #DND'
`"tGWK#ECHELON#EDK#KGGDDGDDGGGLGGD; #NSA
. `"fK#CARNIVORE#LLLLLLLLGGE#WGD .KGB'
`"fj#KWWKKWKKEEDGGGffE##f ;WTC'
2004-04 . `"tfEWWWKKKKKKKKWWK' #GWB
``"iFjEWWWWfj##, #CIA
N0. F0RTY-THR33 . ``"""' "#j&, ,. ,KGB;
.Wifi$&, ,#G$M
C0MMUNI5M 15 N0T D3AD . ":#WT0&;,. ,;KGBS'
":#W#CSIS$D0D#A'
1T 15 AL1V3 1N TH3 PH0N3 L1N35 . '"!Cyb0rG"' .


_________________________________________________________________________________

; .- Random Words -. + |

*: [-] Introduction ............................................ The Clone :*
*: (-) Inspirational Music ..................................... The Clone :*
*: (-) Contact Information ..................................... The Clone :*
*: (-) Link of the Quarter ..................................... The Clone :*
*: (-) K-1ine Magazine Mirrors ................................. The Clone :*
*: (-) Nettwerked Meetings ..................................... Nettwerked :*
*: (-) Nettwerked BBS .......................................... Nettwerked :*
*: (-) Nettwerked Stickers for Sale ............................ Nettwerked :*
*: (+) An e-mail from Steve Wozniak ............................ The Clone :*
*: [!] Honourable Mention; H1D30U5 for 780-958-XXXX ............ The Clone :*
_________________________________________________________________________________

; .- Documents -. + |

*: (x) 'The Comprehensive Guide to AWAS' ........................ The Clone :*
*: (x) 'Millennium Hardware Modification' ....................... H1D30U5 :*
*: (x) 'Alberta CLLI's and other stuff' ......................... Tr00per :*
*: (x) 'Telus Physical Key Systems; an internal memo' ........... A.P.H. :*
*: (x) 'Disabling Deep Freeze' .................................. Aftermath :*
*: (x) 'No Sleep Magazine Interviews The Clone' ................. Jackel :*
*: (x) 'Internet Psychology' .................................... Aestetix :*
*: (x) 'Why AI is Possible' ..................................... Aestetix :*
*: (x) 'Number Systems' ......................................... Ice :*
*: (x) 'Cheap And Effective WireTapping' ........................ Jackel :*
*: (x) 'Crafting Symlinks for Fun and Profit' ................... Shaun2k2 :*
*: (x) 'Phun with the Audiovox 8900 and Telus Mobility' ......... TeK-g :*
*: (x) 'MORE CODES FOR AUDIOVOX 8900' ........................... TeK-g :*
*: (x) 'The Codec War: Operation Zipem' ......................... Jedkiwi :*
_________________________________________________________________________________

; .- K-1ine News -. + |

*: (x) Nettwerked Lays off 4500 from Red Deer factory ........... Wizbone :*
*: (x) New York City E911 Crashes (no fault of my own!) ......... Nyxojaele :*
_________________________________________________________________________________

; .- Conclusion -. + |

*: [-] Credits ................................................. The Clone :*
*: [-] Shouts .................................................. The Clone :*
_________________________________________________________________________________



[ Introduction ]


Welcome to the Spring season issue of K-1ine #43! Boy do you ever have a bunch of
great articles lined up for you kids this time 'round. Everything from artificial
intelligence to phreaking Telus (as per usual), to interviews, to CDMA phreaking.

Again, thank you to Cyb0rg/asm for his wicked ASCII art, and thanks to everyone
who contributed their time and full fledged effort to help make this one of the
best releases in the (nearly) 5 years of K-1ine history. It's beautiful to see
this kind of dedication to something that was created as a simple hobby when I
was but a wee lad in the 20th century in good ol' nineteen hundred and ninety nine.

Lets get this rolling. Here we go with the latest installment of K-1ine goodness...

... *splooge* ...




--->



This issue of K-1ine was inspired by the song:

'Black Steel' by Tricky



--



Contact Information;

|*> Comments/Questions/Submissions: theclone@hackcanada.com

|*> Check out my site: (Nettwerked) http://www.nettwerked.net

|*> Check out the Web-forum: http://nettwerked.mg2.org/phpBB2/


--


--=[ LINK OF THE QUARTER ]=--

Every quarter I post one really great "link of the quarter" on each issue
of K-1ine magazine. The link can be anything in the technology industry,
music scene, rave scene, punk scene, or even a good article you read on
a news site. I'll be taking submissions via e-mail or IRC right away; so
get your links in and maybe you'll see it in the next issue of K-1ine!

For the Spring, the link of the quarter is:

http://www.bahga.com/gallery/bell_canada

Bell Canada images within the Central Office. Need I say more? :-)

[submitted by: The Clone]



-->



K-1ine Magazine Mirrors:


http://www.mirrors.wiretapped.net/security/info/textfiles/k1ine/

(Now mirrored in two places, one in Belgium and another in Sydney)

"Wiretapped.net is an archive of open source software, informational
textfiles and radio/conference broadcasts covering the areas of network
and information security, network operations, host integrity, cryptography
and privacy, among others. We believe we are now the largest archive of
this type of software & information, hosting in excess of 20 gigabytes of
information mirrored from around the world."

--

http://www.hackcanada.com/canadian/zines/index.html#K-1ine

Hack Canada - Canadian H/P - E-Zines

--

http://www.bawks.net/geek/k-1ine/

Bawks.net - Wizbone's web-site.

--

http://archive.undergroundnews.com/index.php?&direction=0&order=&directory=Zines/K-1ine

Undergroundnews.com - Gizmo's web-site


--->



[ Nettwerked Meetings ]


As promised in the last issue of K-1ine, Nettwerked Meetings are now a reality,
and so far have been highly successful in turnout and measurement of the fun
factor. So far we've had meetings in January, February, and March.


For all three meetings we have had an amazing turn out. January brought us about
20 people, February brought us 24, and March brought us an ass kicking 25 people!


We have contests, prizes, and great conversation. Best of all, the food at Boston
Pizza is simply awesome! If you live in the Edmonton Alberta area, or are planning
on visiting the Edmonton area on the last Friday of the month, be sure and stop
by a Nettwerked Meeting. You'll be happy you did.

For more information visit: http://www.nettwerked.net/meetings/


--->





[ Nettwerked BBS ]

On Tuesday, February 17th, 2004

The Nettwerked BBS was born...


.ed"""" """$$$$be.
-" ^""**$$$e.
." '$$$c
/ "4$$b
d 3 $$$$
$ * .$$$$$$
.$ ^c $$$$$e$$$$$$$$.
d$L 4. 4$$$$$$$$$$$$$$b
$$$$b ^ceeeee. 4$$ECL.F*$$$$$$$
e$""=. $$$$P d$$$$F $ $$$$$$$$$- $$$$$$
z$$b. ^c 3$$$F "$$$$b $"$$$$$$$ $$$$*" .=""$c
4$$$$L \ $$P" "$$b .$ $$$$$...e$$ .= e$$$.
^*$$$$$c %.. *c .. $$ 3$$$$$$$$$$eF zP d$$$$$
"**$$$ec "\ %ce"" $$$ $$$$$$$$$$* .r" =$$$$P""
"*$b. "c *$e. *** d$$$$$"L$$ .d" e$$***"
^*$$c ^$c $$$ 4J$$$$$% $$$ .e*".eeP"
"$$$$$$"'$=e....$*$$**$cz$$" "..d$*"
"*$$$ *=%4.$ L L$ P3$$$F $$$P"
"$ "%*ebJLzb$e$$$$$b $P"
%.. 4$$$$$$$$$$ "
$$$e z$$$$$$$$$$%
"*$c "$$$$$$$P"
."""*$$$$$$$$bc
.-" .$***$$$"""*e.
.-" .e$" "*$c ^*b.
.=*"""" .e$*" "*bc "*$e..
.$" .z*" ^*$e. "*****e.
$$ee$c .d" "*$. 3.
^*$E")$..$" * .ee==d%
$.d$$$* * J$$$e*
""""" "$$$" Gilo95'


<< N E T T W E R K E D . N E T >>


telnet://nettwerked.bawks.net

STATUS: ONLINE

Please direct all login / BBS problems to: theclone@hackcanada.com.



--->




[ Nettwerked Stickers for Sale ]

Nettwerked Stickers here. 3 for $5.00 (CDN). Credit Card, Money Order,
and Cheque Accepted. Nexus XI & Paypal Processing available. Buy your-
self into our bad ass rebel world, silly wankers!

SIZE: 1 X 3. High quality, Glossy Stickers. Nettwerked web-site address:
"WWW.NETTWERKED.NET", with Nettwerked's official witty slogan below:
"Fuck the system? Nah, you might catch something." Indeed.

GET THEM NOW: http://www.nettwerked.net/store/stickers/



--->



[ An e-mail from Steve Wozniak ]


I hope this makes your guys' day. I know it made mine. I e-mailed Steve Wozniak
congratulating him on Apple Macintosh's 20th anniversary, and thanking him for
the contributions he made to the phreak scene and he replied and offered me an
interesting caller ID spoofer (requires payment) that a friend of his runs!

I figured an e-mail from Steve Wozniak, the inventor of the first computer
for regular people and the designer of the first electronics blue box. Here's
to you Mr.Wozniak... you changed the world of phreaking and hacking forever!



At 4:23 AM -0700 1/24/04, Steve Wozniak wrote:

Thanks.

Cool that there are still active phone phreaks.

One of my friends set up a [billing] caller ID spoofer - 1-800-658-6716. He also has
access to a lot of line test/disable capabilities. That's all I know of modern phone
phreaking though.

--

Regards,

Steve (is tv wake zone?)


At 2:28 AM -0700 1/24/04, The Clone wrote:

"On January 24th Apple will introduce Macintosh. And you'll see why 1984 won't be like
'1984'". That was 20 years ago today. Congratulations, Steve. You made it happen. You
are my personal hero. Thank you for everything you have done. From the personal computer
for regular people to the blue box which you helped develop. As an active phone phreak
and computer nut, I wanted to just show my appreciation.


-->


[Honourable Mention; H1D30U5 for 780-958-XXXX]


H1D30U5 was too lazy to give me his 780-958-XXXX hand scan, simply because he found
absolutely nothing. Zero. Ziltch. Why? The answer is easy; Telus blocks any non-CO
calls to that prefix from any non-test system, such as a residential phone line.

Bummer.

Still, great job on the hand scan. At least now we know it's not possible to find
anything unless you're calling from within a central office. *evil thoughts*...

- The Clone




-->



<theclone> goodman2 you're hetero aren't you
<goodman2> Thank you very much for calling me that!
<theclone> Admit it! you are
<theclone> Are you or are you not?
<goodman2> i dont wanna argue like a kid
<theclone> Are you a heterosexual?
<theclone> Please yes or no
<theclone> If you tell me I'll stop bugging
<goodman2> NO,if that's what you're asking
<theclone> HAHAAHAHAHAAH
<theclone> So what, you're gay then?
<goodman2> :(

-->




[> The Comprehensive Guide to AWAS <]



"No amount of effort and intellect is being
withheld in the drive to augment your overall
experience as a valued customer."

- Darren Entwistle, Telus Corporation.

We beg to differ, spanky.



* Author: The Clone
* Written: Sunday March 28, 2004

* Web-site: http://www.nettwerked.net
* Contact: theclone@hackcanada.com

* Credits: Tr00per. Thanks for your enormous contribution of information.
Nyxojaele for the additional documentation you found.

* Shouts: Hack Canada, Nettwerked, K-1ine 'zine, GHU.CA, 2600 magazine.
Also to H1d30u5 and Kankraka for inspiring me to get off my ass
and actually get this guide finished for public release. heh.


Disclaimer > This information was aquired through legal means. Please do
not use the information contained in this file for illegal
purposes. You are completely responsible for what you do.

Notes > The Comprehensive Guide to AWAS is one of the most fascinating
western telecommunications systems that I have had the sincere
pleasure of studying and learning about. This entire document will
give you insight into the Automated Work Administration System, a
system used by two of the largest telecom carriers in North America;
Telus and Verizon. This document however, will focus mainly on Telus'
implementation of AWAS rather than the original AWAS system that was
first created and used by GTE (now Verizon) in the early to mid 1990's.
->


----------------------
The Table of Contents:
----------------------

* An Introduction to AWAS

* eNetwork Wireless Gateway

* AWAS Identification ID's

* AWAS Driver Codes

* AWAS Clearing Codes

* SAP Region Codes

* Terminal Equipment Codes

* Attendance / Absence Codes

* Premiums / Hourly Differentials

* SAP Internal Orders and AWAS

* Network Functional Locations

* AWAS Related Telephone #'s

* Online AWAS Resources

* Conclusion to Document

<->



[> An Introduction to AWAS <]


AWAS which stands for 'Automated Work Administration System' is an efficient, low maintenance,
customer billing, employee performance monitoring, trouble ticket tracking and creation system
utilized by every field-technician within Telus Communications. AWAS includes subsiduary companies,
independent entities within the company (Telus Mobility), as well as outside 3rd party contractors.

AWAS was adopted by Telus in the late 1990's and fully implemented on August 18 1999 through
an industry shaking a merger with BC TEL after it experienced some major billing problems with
its existing 6099 customer billing processing system. The 6099 customer billing processing system
was used by service technicians both on the landline and wireless side of the Telus corporate
spectrum. 6099's customer billing process handled all billable activities, including remote admin-
istration of business, government, and residential telephone / data lines, service tickets, etc.

Several problems soon began with the use of AWAS's dial up by Telus field-technicians. With dial-up
AWAS, service technicians found the system to be slow, inconvenient and unreliable, and generally
not up to the standard that they required to do their important jobs with the utmost efficiency.

At the completion of each job, field technicians would dial into the dispatch system and listen to
details on next job and bulletin announcements. A problem encountered was the inconvenience of
finding a POTS phone line and then the added inconvenience of having to get through to dispatch.
A lot of their time was spent on locating a landline and accessing the Telus dispatch system.

To add to the problem, "dial up AWAS" did not even give Telus field-technicians access to the
company's remote intranet, meaning they wouldn't have the added convenience of getting company
memos in real-time, or be able to learn about the CEO's latest hooker n coke party for executive
staff until the news and gossip was considered "old". Think about how something like this could
affect the self-esteem and morale of an employee! Telus just didn't seem to care one little bit.

It got so bad that dial-up AWAS brought in a lot of unfortunate built-in delays such as the re-
assignment of technicians' schedules to handle changing customers, workload requirements, and
updates on possible network problems that could affect the field-technician's job for the day.

And another thing that lacked with Telus' dial-up version of AWAS; its security. According to
a case study on Telus' AWAS by IBM (see: 'Online AWAS Resources' section for the url), any
technician at Telus had the ability to tap on to work orders of co-workers and modify them
because old AWAS lacked strict authentication. You basically logged onto the network using
the same Username and Password as everyone else. Talk about a pain in the big proverbial ass!

Something needed to be done, and quick!

Soon the power that be, IBM, stepped up to help out poor Telus. With IBM's half-a century strangle
hold on business/government/consumers, convinced Telus that they could help resolve the problems
associated with the Automated Work Administration System. But how? The answer was; better data
management, faster and more reliable backend servers, and the most innovative approach; wireless.

Through the efforts of IBM and business partner GE Capital IT Solutions, 'eNetwork Wireless Gateway',
'eNetwork Wireless Software' became the world's first wireless deployment of GTE's AWAS application.

eNetwork Wireless hasn't replaced the dial-up side to AWAS (see phone number list at the end of this
document) completely, however it has been adopted as the best way to use Telus' field tech system.

Read below for some specifics on eNetwork Wireless Gateway.


->



[> IBM's eNetwork Wireless Gateway <]


Definition:

"The IBM eNetwork Wireless family of middleware products extends the reach of the network by providing
mobile users secure access to existing IP-based applications over wireless and dial-up networks, with-
out complex reprogramming. This software can reduce the cost, complexity and time required to deploy
mobile computing solutions. These products continue to deliver on the IBM eNetwork Software promise of
providing customers with access anytime, anywhere to their mission critical information, whether host
or Web based."


Hardware: IBM Thinkpad 380 laptops, later upgraded to the 'Itronix' ruggedized laptop featuring a
Sierra Wireless GPS module (MP200/210 CDPD GPS). The AWAS server backbone: IBM RS/6000.


Software: 'IBM eNetwork Wireless Gateway' middleware for AIX (Operating System), controlling the IBM
eNetwork Web Express used by Telus employees for road to office wireless communication.
The SB 220 software by Sierra Wireless offers multi-mode access - wireline, Circuit-Switched
Cellular (CSC) and Cellular Digital Packet Data (CDPD). CZT Gateway for dial up AWAS access.


Application: Wireless Access for Telus Field Technicians.


Depending on the jobs required, the Sierra SB 200 modem allows the Telus technician to select any of the
three options (wireline, Circuit-Switch Cellular and Cellular Digital Packet Data) for wireless data tran-
smissions to the Telus Intranet / Dispatch Centre. The main advantage is the convenience of contacting the
dispatch system to download information on new jobs and file completed assignments - all wirelessly without
the need of a landline. A typical situation now occurs when a Telus employee completes the order and time-
sheet on the laptop with the built-in Sierra modem, sends wirelessly through the selected cellular network,
downloads the job completion information to the host system, which then sends the next job back to their
wireless laptop.

Ultimately, this convenience has given the staff more time to spend with their customers. Telus also accesses
the database for information services, like inventory, customer records and purchase order status. The field
technicians now have the added ability of giving customers pricing information on telephone rates, monthly
billings and schedules for service.

--


Configuring Itronix Laptop for AWAS Access:


1. Add Sierra 220 wireline modem. Go to start, control panel, modems, add, install new modem,
other, select 'don't detect', find Sierra Wireless under manufacturer, find Sierra wireless
sb220wireline, next select com1, next. Windows will install modem. Finish.


2. Drag icons from shortcut bar and rename with 1,2, and 3 after name.


3. Set address for temp server for training. Open Daswin 2, open gateway 3, login as admin,
password [8 digit #. Stupidly obvious. Take a guess]. select OK, cancel out of employee data,
go to admin, change host name from *.edtel.ab.ca (or host of your city) over to the *.agt.ab.ca
address and then 'Exit Gateway'.


4. Open client 1 and log in via cdpd modem with passwords.


5. To add default number 423-**** (Scan for it, you lazy bloke) under Gateway. Open Daswin 2, open
Gateway 3, login as admin, password [8 digit #. Stupidly obvious. Take a guess], select OK, enter
student's clearing number (see 'AWAS Clearing Codes' section) enter company AGT, enter dac as cal,
press add, close. Sign off as ADMIN and then connect to Gateway as yourself. It will bring up a box
with student ID, select, it will ask for new password three times, enter test12, then it comes to
connect to gateway screen - place cursor in telephone number box and enter [LOCAL EDMONTON #], tab
to description, enter DEFAULT NUMBER. Click add. DO NOT CONNECT AT THIS POINT!

6. Change windows desktop theme to Window Default.

7. Check that CPDP IP address is 172.29.*.*.

8. Check dial-up number is [TOLL FREE # NOT LISTED IN THIS FILE]

9. Secure ID number [TOLL FREE # NOT LISTED IN THIS FILE]

10. Set address for active server for training. Open Daswin 2, open Gateway 3, login as yourself,
select OK, cancel out of employee data, go to admin, change host name from *.ent.agt.ab.ca
to *.edtel.ab.ca as last thing you do before ending course.

11. To set up on Outlook go to control panel, mail and fax, show profiles, add, select manually configure,
select next, type in your username as in abriggs1, select next, select services, select add, select
exchange server, input exchange2 in exchange server box, input your actual name in mailbox. Select
check name - if it underlines, you are successful. It may ask you for a username as in abriggs1, a
domain which is telus, and a password which will be your current outlook password. It will also
update the server to correct exchange server. You must be online via CDPD or wireline modem
preferably wireline to perform this.


-->

Gaining access to AWAS through the field laptops, and connecting to the AWAS network using
the CZT Gateway to connect to the dial up AWAS and/or the AWAS (IBM Corp) e-wireless gateway:



1. Logging into AWAS.


[General Login Instructions]


To add new ID to account:


1. Get to the AWAS sign on screen (on field laptop).

2. Sign on with AWAS Clearing Number of ADMIN.

3. Password is [8 digit #. Stupidly obvious. Take a guess].

(If you go to the Employee Date screen that indicates clearing number go to point 11)

4. On the "Your Password Has Expired" Message Box press space bar or click OK.

5. The user ID field is Blue. Press the letter A on the keyboard. Admin goes into "User ID"

6. Enter Current password of [8 digit #. Stupidly obvious. Take a guess]

7. Enter new password of [8 digit #. Stupidly obvious. Take a guess. Same password as step 6]

8. Click update. Message says "Please Re-enter the password for validation" (type same password).

9. Click on Update.

10. Press spacebar to close "Password updated successfully" box.

11. With the cursor blinking in clearing number, enter the last 5 numbers of your employee number.

12. Press Tab.

13. With the cursor on Company enter AGT.

14. Press Tab.

15. With the cursor blining on DAC enter CAL.

16. Click on the Add button. Your ID will change color.

17. Click on Cancel button.

18. In the upper left hand corner of the screen, click on a picture of a hand.

19. On the AWAS sign on screen, enter your new ID.

20. The system will prompt you for a new password. You can use your old one if you want. (heh!)


--


AWAS Sign On and Administration:


OBJECTIVES:

At the end of this section, you will be able to successfully:


* Access the CZT Gateway Application using CDPD.

* Identify options on the CZT Gateway Menu Bar.

* Use the Job Selection Window.

* Change Administration settings.


GETTING the L/PC ready for use:


Before you can communicate to AWAS through L/PC, the AWAS Laptop Configuration window must be
setup. AWAS downloads information for all access types. (NOTE: The information on this window
is extremely important. Supervisors are the only employees making changes to this window. If
you want to login as a supervisor, please refer to the Telus employee list and choose one of
the managers accounts. Make sure to take note of the employer ID #, and name.)

--

Sign On:

Your coach is responsible for setting up your user ID before you sign on to AWAS. Your ID
populates the CLEARING NUMBER field in the L/PC EMP (employee) record. This allows the L/PC
to retrieve important employee data from the AWAS application when you dial in for the first
time. Your user ID must be unique within the AWAS L/PC.

The process of signing on to AWAS consists of two basic steps. The first is to connect to CDPD
using ARTour, and the second is to log in to Gateway.


* Remember four incorrect attemps to sign on causes the CZT Gateway application to lock you out.
If this occurs, you must contact your coach for assistance. This is case sensitive as well.
Verify that Caps Locks or NukLk are not enabled.

Four common reasons for connecting to Gateway are:

* To select work to being your day.

* Your laptop has a job that is complete and you need to upload it and have a new job downloaded
to you.

* A job has remarks that must be sent to the host to provide a current status before completing
the job. (Remarks Only)

* You need to readjust your time. (FTR Only)



ARTour - Gateway Sign on
------------------------

Locate the ARTour or Client icon on your desktop and "double click" the icon. You may find this
icon in the system tray just right of the "Start" button. The icon in the system tray only requ-
ires a "single click" of the mouse.

Clicking on the ARTour or Client icon opens the eNetwork Wireless - Connect window. This window
connects us to the ARTour server, which gives us secure, password-protected access to the AWAS
server. The drop down connection window gives you two connection choices:

* Telus - CDPD for digital cellular connection

* Telus - Dialup for modem connection


Once you have chosen your connection type, "single click" your mouse in the Password field and key
in the required password. Due to security requirements, this password must be changed every 45 days.
Do Not click on the save Password check box because of security concerns if the laptop is lost or
stolen. The latest release of Gateway does not show the save password option.

Once the password is entered, point and click on the "Connect" button. The "Connecting - Telus -
Dialup" or "Connecting - Telus - CDPD" window opens giving you a visual picture of the connection
process. During this process ARTour validates your password and unique laptop "IP" address. The
same password will work for ARTour authentication whether for Dialup or CDPD.

If validation is successful, the eNetwork Wireless - Connect window reduces to a small window with
a Disconnect button and a digital clock showing your connect time.

If validation is not successful you may have entered a wrong password or the ARTour server may not
recognize you as a valid user. This is usually relayed to you through an "ERROR" pop-up window.
This could be caused by Cap locks or Num locks being on. Log in ID's are case sensitive.

Assuming you have received a successful ARTour connection, the next step is to locate and "double
click" on the DASWin icon on your desktop. If you have a DASWin icon in the system tray to the right
of the "Start" button, you can "Single Click" on it to attain the same results.

DASWin is a required program, which acts as an "interpreter" between ARTour and CZT Gateway. Once the
DASWin Main window opens you can locate the CZT Gateway icon.

"Double clicking" on the CZT Gateway icon on your desktop opens CZT Gateway, which gives you access to
the AWAS server. If you have a CZT Gateway icon in the system tray to the right of the "Start" button,
you can "single click" on it to attain the same results.

The CZT Gateway application opens with the "Welcome to the CZT Gateway Network" window in the center of
the screen. You must enter your User ID and Password then click on "OK". The first time you access CZT
Gateway you must enter an alphanumeric password of 6 - 8 characters. You will then be asked to re-enter
and confirm this password on this initial entry into CZT Gateway. You may also use this window to change
your CZT Gateway password, which should be changed every 45 days, as is the ARTour password.

Once you are validated by CZT Gateway, the "Connect to Gateway" window appears. You must change the Comm-
unication Type to NETWORK by selecting it from the drop-down list. Once NETWORK has been selected you must
Tab to the Network User ID field and enter an "X". Pressing Tab again takes you to the Network Password
field where you enter another "X". Pointing and clicking on the Connect button connects you to the AWAS
server which gives you the Job Selection window or a new job depending on your settings in the AWAS Empl-
oyee Tables.

* Note: The Time field shows how much time remains to select a job.

Another important field is the Ovr indicator field. If the job is overridden to you, an asterisk [*]
appears in the Ovr field.

There are two methods used to select a Job:

* Point and click on a Job box

* Press the Up & Down arrow keys so the cursor highlights a job, then press the Enter key.

After selecting a job, the empty job box to the left of each job contains a number. The jobs are downloaded
in the order they are selected. You can deselect a job if you change your mind before you download a job
using one of the following methods:

* Point and click on a Job Box

* Press the Up & Down arrow key so the cursor highlights a job, then press the Enter key.


Job Selection Summary

The Job Selection Summary window provides additional information that you may need to select a job. Before
selecting your job, review the Job Select Summary window for additional information.

The Job Select Summary window displays detailed information regarding the following:

* Job Request Information

* Job - allows you to select each job from the Job Select window, thus eliminating the need to go back and
forth between the Job Select and Job Select Summary windows.

* Customer Information

* Key Indicators

* Facility Information

* Time Left


To return to the Job Selection window you can point and click on the OK button.

* Note: The Quit button discontinues the connection proces. If you click on the Quit button and jobs reside
on the laptop, the Review Jobs window appears. If you click the Quit button and no jobs reside on the
laptop, the sign on window appears.


You can choose to have a job downloaded to your laptop in one of three ways:

* You can select and view a job within 3 minutes then point and click on the Download button.

* You can point and click on the Download button without selecting a job to automatically download the
optimal job [job 1].

* If you do not select a job within 3 minutes AWAS automatically downloads the optimal job to the laptop.


When you download a job, the Review Jobs window and Memo window appears.


Using the ADMIN Menu
--------------------

The ADMIN Menu is an option on the Gateway Menu Bar. You use the ADMIN Menu to modify the
system parameters within your L/PC. The ADMIN Menu allows you to perform all the following:

* Change Job Class Code (Employee Data)

* Laptop Communication Config

* Change Password

* Unlock a Password



Change Job Class Code (Employee Data)
-------------------------------------

The Employee Data window allows the user to add, delete or update users on an individual laptop.
This information is validated with the host AWAS system to insure only authorized users will AWAS.


Laptop Communication Config
---------------------------

The Laptop Communication Configuration window allows the user to change communication parameters,
as new or updated communication devices are required.


Change Password
---------------

The Change Password window allows you to change your existing password which should be done at least
every 180 days or every 6 months. Click on the Current Password: field and key in your current password,
then press Tab to move to the New password: field.

Key your new password in the New Password: field, then press the Update button.

You will be asked to Re-enter the password for validation, then press the Update button.


Unlock a Password
-----------------

If you key a password incorrectly four times in a row, CZT Gateway will "Lock" you out of the application
and notify you that your User ID is locked.

To unlock the technican's password, the coach must sign-on to the CZT Gateway application using the techn-
ician's laptop and the administrative ID [8 digit #. Stupidly obvious. Take a guess]. Next, the coach pres-
ses the Cancel button on the Employee Data window so he/she can select the Change Password option from the
ADMIN menu.

When the Change Password window opens, the coach selects the technician's user ID from the User ID list box
then Tabs to New Password field and enters a new password. Once the new password has been entered, the coach
points and clicks on the Update button, re-enters the password, then clicks on Update again. A message box
confirms that the password is updated. The coach can now exist the application and have the Technician sign
on using the new password supplied by the coach.


--->



[> AWAS Identification ID's <]



AWAS JOB IDENTIFICATION JOB ID'S:


A - OOS/Customer Trouble

B - NOS/Customer Trouble

C - Change Service Order

F - From Service Order

G - OOS/Company Trouble

H - NOS/Company Trouble

I - In Service Order

J - Optional Job Report

K - OOS/ISC Circuit Trouble

L - NOS/ISC Circuit Trouble

M - Mandatory Job Report

N - Exceptions

O - Out Service Order

P - Plant Service Order

Q - Special Assignment

R - OOS/Customer Circuit Trouble

S - NOS/Customer Circuit Trouble

T - To Service Order

U - OOS/Company circuit Trouble

V - NOS/Company Circuit Trouble

W - Prewire Service Order

X - OOS/Other Telco Circuit Trouble

Y - NOS/Other Telco Circuit Trouble


Acronym Definition:

(OOS - Out of Service, ISC - Impedence Short Circuit)

(NOS - Not in Service)


->



[> AWAS Driver Codes <]


-----------------
AWAS Driver Codes
-----------------

Driver Used For Description

11 TCI Used for all work done for TCI. This is used for all TELUS Communications
as of 01/01/99.

13 MOB Used for all work done for TELUS Mobility. This code became effective
01/01/99.

16 TAC Enhancement Used for all work done for TELUS Advanced Communications.

20 Multimedia Used for all work done for TELUS Multimedia.

36 TAC Main Stream Used for all work done for TELUS Advanced Communications.



------------------- --------------
AWAS Product Worked AWAS BID CODES
------------------- --------------

Product Used For BID Used For

1000 Res. Single Line - ---

R Repair Work
2000 Bus. Single Line

P Preventive Maintenance
3000 Bus. Multi Line

M Modification & Improvement

4000 VLOB Centrex

S Service

5000 Coin Telephones

K Maintenance Contract

6000 DLOB (Including
Centrex Data)

O Operational

7000 VLOB Special
Services
C Capital

8000 Cable Locates
L Cable Locates

9000 Take Outs

A Absence/Administration

9900 Absence / Admin




->



-------------------------
A W A S Clearing Codes
-------------------------




[ Type ] [ Sub Codes ] [ Cause and Sub ]


---- [ SET ] ----

---- [ LEASED SETS-All ] ----

Plant/Equipment - DIRT/POOR HOUSEKEEPING n/a 1 01

Plant/Equipment - AGE/DETERIORATION n/a 1 02

Plant/Equipment - OUT OF ADJUSTMENT n/a 1 03

Plant/Equipment - OVERLOADED EQUIPMENT n/a 1 04

Plant/Equipment - BLOWN FUSE/BREAKER n/a 1 05

Plant/Equipment - CORROSION/ELECTROLYSIS n/a 1 06

Plant/Equipment - CRACKED/DAMAGED/DEFECTIVE n/a 1 07

Customer - PHYSICAL DAMAGE n/a 4 01

Customer - ILLEGAL EQUIPMENT CONNECTION n/a 4 02

Customer - INTEREXCHANGE CARRIER n/a 4 03


---- [ NETWORK SERVICE WIRE ] ----

DROP/ERV WIRE (INCL BONDING) 01 n/a n/a

PROT/NID/CCB (INCL GROUND) 02 n/a n/a

Weather - LIGHTNING n/a 2 01

Weather - FLOOD n/a 2 02

Weather - WIND n/a 2 03

Weather - ICE, SLEET AND SNOW n/a 2 04

Weather - MOISTURE/RAIN/CONDENSATION n/a 2 05

Weather - TEMPERATURE n/a 2 06

Weather - EARTHQUAKE n/a 2 07

Employee - FIELD TECHNICIAN n/a 3 01

Employee - OSP CONSTRUCTION n/a 3 02

Employee - ASSIGNMENT PERSON n/a 3 14

Employee - OSP CABLE REPAIR/MAINTENANCE n/a 3 06

Employee - TELUS CONTRACTOR n/a 3 16

Employee - CO CONVERSION RELATED-RECORDS n/a 3 17

Employee - CO CONVERSION RELATED-SW SVC n/a 3 18

Employee - CO CONVERSION RELATED-OSP n/a 3 19

Foreign Workman - GAS n/a 5 01

Foreign Workman - ELECTRIC n/a 5 02

Foreign Workman - CATV n/a 5 03

Foreign Workman - SEWER n/a 5 04

Foreign Workman - WATER n/a 5 05

Foreign Workman - BUILDING CONSTRUCTION n/a 5 06

Foreign Workman - DEPT OF HIGHWAYS (ROAD CONST) n/a 5 07

Foreign Workman - TREE TRIMMING-MOWING n/a 5 08

Foreign Workman - GOVERNMENT AGENCIES n/a 5 09
(POLICE, FIRE, ETC)

Foreign Workman - CONTRACTORS (NON TELUS PERSONNEL) n/a 5 10

Foreign Workman - FOREIGN WORK PERSON n/a 5 11

Foreign Workman - IXC/CLEC (CAUSING TROUBLE ON n/a 5 12
THE TELUS NETWORK)

Miscellaneous - FIRE n/a 6 01

Miscellaneous - INSECTS/BIRDS/ANIMALS n/a 6 02

Miscellaneous - VEHICLE ACCIDENTS n/a 6 03

Miscellaneous - POWER BURN/INFLUENCE n/a 6 04

Miscellaneous - COMMERCIAL/POWER FAILURE n/a 6 05

Miscellaneous - TREES n/a 6 06

Vandalism - MALICIOUS DAMAGE n/a 7 05


---- [ COIN ] ----

HANDSET 01 n/a n/a

COIN ACCEPTER/SCANNER/VALIDATOR 02 n/a n/a

COIN RELAY/ESCROW 03 n/a n/a

CIRCUIT CARD - ALL TYPES 04 n/a n/a

DISPLAY SCREEN 05 n/a n/a

DIALPAD/KEYPAD 06 n/a n/a

CARD READER 07 n/a n/a

HOOKSWITCH 08 n/a n/a

COIN RETURN 09 n/a n/a

REPLACE UPPER HOUSING 10 n/a n/a

REPLACE SET 11 n/a n/a

PROGRAM SET 12 n/a n/a

PROGRAM HOST 13 n/a n/a

COIN BOX FULL/COIN BOX COLLECTION 14 n/a n/a

INSTRUCT, CARD/SIGNS/BINDER/BOOKS 15 n/a n/a

SHELF/BOOTH/POWER 16 n/a n/a

LIGHTING (NON SERVICE AFFECTING) 17 n/a n/a

TDD (TELEPHONE DEVICE FOR THE DEAF) 18 n/a n/a

PAYPHONE-OTHER 19 n/a n/a


---- [ OUTSIDE PLANT ] ----

CHANGE PAIR 01

CABLE SHEATH 02

SPLICE CLOSURE 03

TRANSMISSION (BOND, GRD, PROT) 04

EQPT (COIL, BOL, BOC, RPTR, XFMR, ETC.) 05

CONNECTOR 06

CLEAR CAP 07

TERMINAL (INCLUDING JUMPERS) 08

CABLE CUT/DIGUP 09

CUT SHEET/WORK ORDER 10

PUG UNECONOMICAL TO REPAIR 11

LATS/ALIT - REFERRED TO PMO 12


---- [ ENHANCED ] ----

ADSL - Modem Replaced 52

ADSL - Power Supply Repalced 53

ADSL - Software (Modem Software) 54

ADSL - Software (Installation Kit) 55

ADSL - Software (PC) 56

ADSL - Hardware (PC) 57

ADSL - NIC Replaced 58

ADSL - NIC Reinstalled 59

ADSL - Tweak/Provisioning 60

ADSL - CO - Hardware Card 61

ADSL - CO - Hardware Port 62

TOPS SOFTWARE 63

TOPS HARDWARE 64

TOPS/POSITION SOFTWARE 65

TOPS/PLATFORM SOFTWARE 66

TOPS/PLATFORM SOFTWARE 67

TOPS/PLATFORM HARDWARE 68


---- [ PABX (Private Automatic Branch Exchange ] ----

MULTILINE ELECTRONIC LEASED 01



---- [ AUXILIARY EQUIPMENT ] ----

ENTERPHONE (LEASE ONLY) 01

AUXILITARY SIGNALING EQUIPMENT 02



---- [ RECORDS ] ----

ASSIGNMENT/FACILITIES 01

DISCONNECT/RECONNECT ERROR 02

CARRIER CHANNEL/DESIGN ASSIGNMENT 03

IXC ASSIGNMENT 04

CUSTOM CALLING FEATURE 05

RECENT UPDATE - SWITCH CHANGES 06

TES COMPUTER NETWORK FAILURES 07

RECENT UPDATE - LSMS CHANGES (LNP) 08



---- [ SUBSCRIBER CARRIER SYSTEMS ] ----

FILTER - ALL 01

POWER UNITS - ALL TYPES 02

ANALOG CHANNEL UNIT - FIELD 03

ANALOG CHANNEL UNIT - C.O. 04

ANALOG REPEATER - ALL 05

DIGITAL CHANNEL - FIELD 06

DIGITAL CHANNEL - C.O. 07

DIGITAL REPEATER - ALL 08

CONCENTRATOR CARDS - ALL TYPES 09

CONCENTRATOR LINES - ALL TYPES 10


---- [ CENTRAL OFFICE ] ----

SWITCHING HARDWARE - LINE 01

SWITCHING HARDWARE - PERIPHERAL 02

SWITCHING HARDWARE - FRONT END 03

SWITCHING SOFTWARE - PERIPHERAL 04

SWITCHING SOFTWARE - FRONT END 05

SWITCHING SOFTWARE - PATCHES 06

SWITCHING POWER 07

TRANSPORT HARDWARE 11

TRANSPORT SOFTWARE 12

TRANSPORT CROSSCONNECT FRAME 13

TRANSPORT POWER 14

CUSTOMER COAM/CPE 21

SITE DC POWER AND SIGNAL 22

MOBILE RADIO 23

SITE MASTER CLOCK 24

LOOP ENHANCEMENT EQUIPMENT 25

ENGINEERING WORK IN PROGRESS 26

AUTOMATIC MESSAGE ACCTG 27

I/O EQUIPMENT 28

FRAME-JUMPER/TERMINATION 61

FRAME-PROTECTION 62


(EXCLUDE CODES)


---- [ TEST OK ] ----

PRIM TEST CLR - NO ANSWER / VERIFICATION OK W/SUBS 01



---- [ FOUND OK ] ----

FOUND OK 01


---- [ CUSTOMER ] ----


RECEIVER OFF HOOK 01

INCORRECT DIALING 02

CUSTOM CALLING PROGRAMMING 03

NUISANCE CALLS 04

EQUIPMENT MISUSE 05

DISCONNECT POWER 06

SERVICE ORDER IN PROGRESS 07

IMPROPER CUSTOMER INSTALLATION 08

CUSTOMER TRAINING/EDUCATION/ENQUIRY 09

PPU USAGE 10

PERSONAL VOICE MAIL USAGE 11

CUSTOMER REFUSES CHARGES 12

CUSTOMER REFUSES ACCESS 13

CUSTOMER CANCELLED 14


---- [ EXCLUDE ] ----


NO ACCESS - CUSTOMER (FIELDED) 01

NO ACCESS - TELCO (NON-FIELDED) 02

2ND PARTY REPORT 03

DISCONNECTED NUMBER 04

WRONG RPTS OR CREATE SCREEN USED 05



---- [ REFERRED OUT ] ----


OTHER TELCOS 01

INTEREXCHANGE CARRIERS 02

VENDORS 03

ALARM COMPANIES 04

COMPETITIVE LOCAL EXCHANGE CARRIER (CLEC) 05

OTHER TELUS DEPARTMENTS 06

TELUS MOBILITY 07

REFERRED TO SECURITY / POLICE 08

INTERNATIONAL CARRIERS 09



---- [ CPE / COAM ] ----


CPE/COAM NOT REPAIRED BY TELUS 01

CPE/COAM REPAIRED BY TELUS 02

ISW DIAGNOSTIC CHARGE ONLY 03

ISW DIAGNOSTIC & REPAIR CHARGE 04

ENTERPHONE REPAIRED - MAINTENANCE CONTROLR APPLIES 05

CPE/COAM REP'D-MAINTENANCE CONTROLLER APPLIES 06



---- [ NSA NATIONAL BROADCAST ] ----


Audio/Video - Cameras 01

Audio/Video - Audio Local Loop 02

Audio/Video - Analog Switch 03

Audio/Video - Analog Patch 04

Audio/Video - Program Equipment 05

Audio/Video - Carrier Equipment 06

Audio/Video - Audio Sub Carrier 07

Audio/Video - Customer Action 08

Video Conf - COAM Equipment Config 09

Video Conf - COAM Equipment Failure 10

Video Conf - Customer Wiring 11

Video Conf - TELUS Network 12

Video Conf - Telco Wiring (Non TELUS) 13

Video Conf - Telco Network (Non TELUS) 14



--->


------------------------------------------
S A P Region Codes for Terminal Equipment
------------------------------------------


[ Function Location ] [ FL Description ]

SAP Region (rrrr)
CLGR CLGR - Calgary and Fringe Area
EDTN EDTN - Edmonton and Fringe Area
NTHR NTHR - Northern Alberta Region
STHR STHR - Southern Alberta Region


->



-----------------------------------------
Terminal Equipment Codes for AWAS and SAP
-----------------------------------------

Definitions:

AWAS = Automated Workforce Administration System

SAP = Nortel Networks' Norstar Applications

_____________________________________________________________________________________________________________

AWAS AWAS AWAS A W A S
Driver Supplies Function B I D
wwww Code
Level 3 Level 3 Level 4 Level 4
Description Asset Description Prod/Tech CO Region Code AWAS Code Type of Work

Business Sys. BUS --- --- 2000 ----

Business Sys. BUS AUXILLARY AUX c rrrr AUX 2001 SRK

Business Sys. BUS Enh - Others ENHC c rrrr ENHC 2002 sRK

Business Sys. BUS Enh - Call ENHCALL c rrrr CALL 2003 SRK
Sequences

Business Sys. BUS Enh - CDR ENHCDR c rrrr CDR 2004 SRK

Business Sys. BUS Enh - Companion/ ENHCOMP c rrrr COMP 2005 SRK
Lucent Wireless

Business Sys. BUS Enh - CTI PBX ENHCTIP c rrrr CTIP 2006 SRK

Business Sys. BUS Enh - Lucent ENHLUVM c rrrr LUVM 2007 SRK
Voice Mail

Business Sys. BUS Enh - M1 ENHM1VM c rrrr M1VM 2008 SRK
Voice Mail

Business Sys. BUS Enh - M1 IVR ENHM1VR c rrrr M1VR 2009 SRK

Business Sys. BUS Enh - NORSTAR ENHNSAP c rrrr NSAP 2010 SRK
applications

Business Sys. BUS Enh - Norstar VM ENHNSVM c rrrr NSVM 2011 SRK

Business Sys. BUS Enh - Octel Mail ENHOCVM c rrrr OCVM 2012 SRK

Business Sys. BUS Enh - VISIT ENHVISP c rrrr VISP 2013 SRK
Products

Business Sys. BUS KEY - All Others KEY c rrrr OKEY 2014 SRK

Business Sys. BUS KEY - Norstar KEYNRTR c rrrr NRTR 2015 SRK

Business Sys. BUS KEY - Partner KEYPTNR c rrrr PTNR 2016 SRK

Business Sys. BUS PBX - Discontinued PBX c rrrr OPBX 2017 SRK

Business Sys. BUS PBX - Lucent PBXLUCE c rrrr LUCE 2018 SRK

Business Sys. BUS PBX - M1 option PBXMMOD c rrrr MMOD 2019 SRK
21 - 81

Business Sys. BUS PBX - MI Option II PBXOP11 c rrrr OP11 2020 SRK

Business Sys. BUS PBX - SL1 sets PBXSL1S c rrrr SL1S 2021 SRK

Business Sys. BUS Desk Top Products DESKTOP c rrrr DSKT 2022 SRK

--

Existing Drop Facilities:

Customer CDF CDF BUSINESS CDFBUS/COIN c rrrr CDFB 2101 CSRMK

Customer CDF CDF DATA CDFDATA c rrrr CDFD 2102 CSRMK

Customer CDF CDF RESIDENCE CDFRES c rrrr CDFR 2103 CSRMK

--

New Drop Facilities:

Customer CDF CDF BUSINESS CDFBUS/COIN c rrrr CDFB 2104 CSRMK

Customer CDF CDF DATA CDFDATA c rrrr CDFD 2105 CSRMK

Customer CDF CDF RESIDENCE CDFRES c rrrr CDFR 2106 CSRMK

--

Customer Site DTM c --- --- 2200 ---
Data Termination

Data networking DTM Modems: Ascend MASCEND c rrrr MASC 2201 SRPMK
products

Data networking DTM Modems: Other MDIAL c rrrr MDMD 2202 SRPMK
products Dial Up

Data networking DTM Modems: GDC MGDC c rrrr MGDC 2203 SRPMK
products

Data networking DTM Modems: Motorola MMOTR c rrrr MOTR 2204 SRPMK
products

Data networking DTM Modems: Nortel MNRTL c rrrr MNR 2205 SRPMK
products

Data networking DTM Modems: Paradyne MPDYN c rrrr PDYN 2206 SRPMK
products

Data networking DTM Modems: Other MPRIV c rrrr MDMP 2207 SRPMK
products Private

Data networking DTM Modems: U.S.R. MUSR c rrrr MUSR 2208 SRPMK
products (US Robitics)

--

Inside Wiring INW --- --- 2300 ---

Inside Wiring INW INSIDE WIRE BUS INWBUS c rrrr INWB 2301 SRK

Inside Wiring INW INSIDE WIRE DATA INWDATA c rrrr INWD 2302 SRK

Inside Wiring INW INSIDE WIRE RES INWRES c rrrr INWR 2303 SRK

--

Internet NET --- --- 2400 ---

Internet NET NIC and Software PLANET

  
c rrrr NICP 2401 SRK

--

Payphones PAY c rrrr 2500 OSRMK

Enclosures PAY Pay: Enclosures ENCIN c rrrr ENCI 2501 OSRMK
Indoor Indoor

Enclosues PAY Pay: Enclosures ENCOUT c rrrr ENCO 2502 OSRMK
Outdoor Outdoor

Centurion PAY Pay: Centurion CENTUR c rrrr CENR 2503 OSRMK

Protel PAY Pay: Protel PROTEL c rrrr PROT 2504 OSRMK

Charge a Call PAY Pay: Charge a Call CHGCALL c rrrr CHGC 2505 OSRMK

Millennium PAY Pay: Millennium MILLEN c rrrr MILN 2506 OSRMK

--

Customer Site PSW c --- --- 2600 ---
Packet Switching

Data networking PSW HUBS: 3COM HUB3COM c rrrr 3COM 2601 SRPMK
products

Data networking PSW HUBS: Ascend HUBASND c rrrr HASC 2602 SRPMK
products

Data networking PSW HUBS: Bay Networks HUBBAY c rrrr BAY 2603 SRPMK
products

Data networking PSW HUBS: Cisco Systems HUBCSCO c rrrr CSCO 2604 SRPMK
products

Data networking PSW HUBS: Newbridge HUBNEWB c rrrr NEWB 2605 SRPMK
products

Data networking PSW HUBS: Other HUBS c rrrr HUBS 2606 SRPMK
products

--

Telephone sets SET c --- --- 2900 ---

Telephone sets SET Cordless CRDL c rrrr CRDL 2901 SRK

Telephone sets SET Discontinued or DSET c rrrr DSET 2902 SRK
Old Technology

Telephone sets SET hotel/motel HOTL c rrrr HOTL 2903 SRK

Telephone sets SET Harmony HRMY c rrrr HRMY 2904 SRK

Telephone sets SET Meridian 9216 M216 c rrrr M216 2905 SRK

Telephone sets SET M8000 M8K c rrrr M8K 2906 SRK

Telephone sets SET M9000 series M9K c rrrr M9K 2907 SRK

Telephone sets SET MBS MBS c rrrr MBS 2908 SRK

Telephone sets SET Others(single line, OSET c rrrr OSET 2909 SRK
Centrex consoles,
unity, etc.)

Telephone sets SET Others(Residential) ORES c rrrr ORES 2910 SRK

Telephone SET Signature SIGN c rrrr SIGN 2911 SRK

Telephone SET Solo SOLO c rrrr SOLO 2912 SRK

Telephone SET Vista 100 V100 c rrrr V100 2913 SRK

Telephone SET Vista 200 V200 c rrrr V200 2914 SRK

Telephone SET Vista 2000 V2K c rrrr V2K 2915 SRK

Telephone SET Vista 350 Base V350B c rrrr V35B 2916 SRK

Telephone SET Vista 350 Module V350M c rrrr V35M 2917 SRK

--

Vid-conf'ing VID c --- --- 2700 ---

Vid-conf'ing VID Tanberg Video TAND c rrrr TAND 2701 SRK
conferencing

Wireless term WTD c rrrr WTD 2800 SRPMK
device

Circuit Swtchg CSW c wwww --- 1000 ---

Circuit Swtchg CSW Other CSW OTHCSW c wwww OCSW 1001 SRPMK

Circuit Swtchg CSW DMS100 DMS100 c wwww S100 1002 SRPMK

Circuit Swtchg CSW STP DMS100S c wwww STP 1003 SRPMK

Circuit Swtchg CSW DMS200 DMS200 c wwww S200 1004 SRPMK

Circuit Swtchg CSW TOPS DMS200T c wwww TOPS 1005 SRPMK

Circuit Swtchg CSW DMS250 DMS250 c wwww S250 1006 SRPMK

Circuit Swtchg CSW GTD 5 GTD 5 c wwww GTD5 1007 SRPMK

Circuit Swtchg CSW 5 ESS 5ESS c wwww 5ESS 1008 SRPMK

--

Subscrbr Carrier CXR c wwww --- 1100 ---

Subscrbr Carrier CXR S6A, S6B, ANALOG c wwww ANLG 1101 SRPMK
Lenkurt 84A

Subscrbr Carrier CXR UMC 1000 UMC c wwww --- 1102 SRPMK

Subscrbr Carrier CXR Lynch 300S 300S c wwww 300S 1103 SRPMK

Subscrbr Carrier CXR Time Span TMSP c wwww TMSP 1104 SRPMK

Subscrbr Carrier CXR Nortel DMS-1 Urban DMSU c wwww DMSU 1105 SRPMK

Subscrbr Carrier CXR Nortel DMS-1 Rural DMSR c wwww DMSR 1106 SRPMK

Subscrbr Carrier CXR Nortel Access Node ACN c wwww ACN 1107 SRPMK

Subscrb Carrier CXR Pair Gain PRGN c wwww PRGN 1108 SRPMK

Subscrb Carrier CXR Tadiran Multi Gain TADN c wwww TADN 1109 SRPMK

Subscrb Carrier CXR Fiber Loop Carrier FITL c wwww FITL 1110 SRPMK

Subscrb Carrier CXR Other Subs Carrier OCXR c wwww OCXR 1111 SRPMK

--

Digital Access DAC c wwww --- 1200 ---
Cross Connects

DACS DAC Alcatel 1633 AL33 c wwww AL33 1201 SRPMK

DACS DAC Alcatel 1630 AL30 c wwww AL30 1202 SRPMK

DACS DAC Tadiran T:Dax TD31 c wwww TD31 1203 SRPMK

DACS DACS Tellabs Titan 5500 TL31 c wwww TL31 1204 SRPMK

DACS DACS Lucent 1:0 LU10 c wwww LU10 1205 SRPMK

DACS DACS Other DACS ODAC c wwww ODAC 1206 SRPMK

--

Network Data DTM c wwww --- 1300 ---
Termination

ADSL MODEM DTM Netspeed ADSLMDM c wwww ADSL 1301 SRPMK

Data Termination DTM General NETDTM c wwww DTM 1302 SRPMK

--

Fibre optic FOT c wwww --- 1400 SRPMK
Terminals

Fibre optic FOT Asynchronous ASYT c wwww ASYT 1401 SRPMK
Terminals Transport

Fibre optic FOT Asynchronous ASYM c wwww ASYM 1402 SRPMK
Terminals Multiplex

Fibre optic FOT Nortel OC 3 NO3 c wwww N03 1403 SRPMK
Terminals

Fibre optic FOT Nortel OC 12 N12 c wwww N12 1404 SRPMK
Terminals

Fibre optic FOT Nortel OC 48 N48 c wwww N48 1405 SRPMK
Terminals

Fibre optic FOT Fujitsu OC 1 F01 c wwww F01 1406 SRPMK
Terminals

Fibre optic FOT Fujitsu OC 3 F03 c wwww F03 1407 SRPMK
Terminals

Fibre optic FOT Fujitsu OC 12 F12 c wwww F12 1408 SRPMK
Terminals

Fibre optic FOT Lucent OC 3 L03 c wwww L03 1409 SRPMK
Terminals

Fibre optic FOT Lucent OC 48 L48 c wwww L48 1410 SRPMK
Terminals

Fibre optic FOT Other FOTS OFOT c wwww OFOT 1411 SRPMK
Terminals

--

Multiplex MUX c wwww --- 1500 ---

Multiplex MUX Network Analog NETA c wwww MXNA 1501 SRPMK

Multiplex MUX Network Digital NETD c wwww MXND 1502 SRPMK
Subscriber

Multiplex MUX Subscriber Analog SUBA c wwww MXSA 1503 SRPMK

Multiplex MUX Subscriber Digital SUBD c wwww MXSD 1504 SRPMK

Multiplex MUX Channel Banks CHNL c wwww MXCB 1505 SRPMK

Multiplex MUX DS-1 Cross- DS1X c wwww DS1X 1506 SRPMK
connect

Multiplex MUX DS-3 Cross- DS3X c wwww DS3X 1507 SRPMK
connect

Multiplex MUX STS-1 Cross- STSX c wwww STSX 1508 SRPMK
connect

Multiplex MUX Optical Cross- OPTX c wwww OPTX 1509 SRPMK
connect

Multiplex MUX Synchronization SYCH c wwww MXSY 1510 SRPMK

Multiplex MUX ADSL Multiplexer ADSLMUX c wwww ADSM 1511 SRPMK

--

PCM PCM c wwww --- 1600 ---

PCM PCM Transport TRNP c wwww PCMT 1601 SRPMK

PCM PCM Access ACS c wwww PCMA 1602 SRPMK

--

Power PWR c wwww --- 1700 SRPMK

Power PWR Battery BATT c wwww BATT 1701 SRPMK

Power PWR Plant PLNT c wwww PLNT 1702 SRPMK

Power PWR Auxiliary UPS c wwww UPS 1703 SRPMK

Power PWR Other OPWR c wwww OPWR 1704 SRPMK

--

Radio RAD c wwww --- 1800 ---

Radio RAD Mobile Radio MOB c wwww MOB 1801 SRPMK

Radio RAD Subscriber Radio SUB c wwww SUB 1802 SRPMK

Radio RAD General Radio ORAD c wwww ORAD 1803 SRPMK

Radio RAD Nortel RD3 NORRD3 c wwww RD3 1804 SRPMK

Radio RAD Nortel RD6 NORRD6 c wwww RD6 1805 SRPMK

Radio RAD Farinon DM-2A DM-2A c wwww DM2A 1806 SRPMK

Radio RAD Farinon DVM-6 DVM-6 c wwww DVM6 1807 SRPMK

Radio RAD Quadralink T1 QUADLNK c wwww QUAD 1808 SRPMK

Radio RAD Alcatel 4000 4000 c wwww 4000 1809 SRPMK

Radio RAD Alcatel 6000 6000 c wwww 6000 1810 SRPMK

Radio RAD Outside Wave Guide WAVEGYD c wwww WAVE 1811 SRPMK

--

Supplementary SCS c wwww --- 1900 SRPMK
Circuit Swtchg

Supplementary SCS 800 Service 800S c wwww 800S 1901 SRPMK
Circuit Swtchg

Supplementary SCS 900 Brite 900B c wwww 900S 1902 SRPMK
Circuit Swtchg

Supplementary SCS IBM Voice IVMM c wwww IVMM 1903 SRPMK
Circuit Swtchg Msg Machine

Supplementary SCS Boston Voice BVMM c wwww BVMM 1904 SRPMK
Circuit Swtchg Msg Machine

Supplementary SCS Octel Voice OVMM c wwww OVMM 1905 SRPMK
Circuit Swtchg Messaging

Supplementary SCS AIN AIN c wwww AIN 1906 SRPMK
Circuit Swtchg

Supplementary SCS VNET SVCS VNET c wwww VNET 1907 SRPMK
Circuit Swtchg

Supplementary SCS E911 E911 c wwww E911 1908 SRPMK
Circuit Swtchg

--

Aerial Copper AC c wwww AC 3000 LSRPM
cable & wire

Aerial Fibre AFC c wwww AFC 3001 LSRPM
optic cable

Aerial Coaxial AXC c wwww AXC 3002 LSRPM
cable

Buried Copper BC c wwww BC 3003 LSRPM
cable

Buried Fibre BFC c wwww BFC 3004 LSRPM
optic cable

Buried Coaxial BXC c wwww BXC 3005 LSRPM
cable

Cable closures CT c wwww CT 3006 LSRPM
& terminals

In-Conduit IC c wwww IC 3007 LSRPM
Copper cable

In-Conduit Fibre IFC c wwww IFC 3008 LSRPM
optic cable

In-Conduit Coax- IXC c wwww IXC 3009 LSRPM
ial cable

Conduit CON c wwww CON 3010 LSRPM

Poles POL c wwww POL 3011 SRPMK

Framework & FRM c wwww FRM 3012 SRPMK
Support

Application APS c wwww APS 3013 SRPMK
Software

Broadcast Equip- BRD c wwww BRD 3014 SRPMK
ment

Network Manage- NWM c wwww NWM 3015 SRPMK
ment

Traffic Operator TOW c wwww TOW 3016 SRPMK
Workstations

Towers TWR c wwww TWR 3017 SRPMK

Packet Switching PSW See Terminal Equipment c wwww PSW 2600 SRPMK



--


-------------------------------
AWAS Attendance / Absence Codes
-------------------------------

_____________________________________________________________________________________________________________


SAP Description SAP Old AWAS Old UDS Code New AWAS
Codes Function Code Function Code


Approved Furlough AF 9918, 9919, 9920, 9921 AWO, D/O, LOU, LWO 9918

Apprenticeship Training AT 9925 ATL 9925

Formal Training FT 9926, 9927 IST 9926

Bereavement Leave BL 9913 BRV 9913

Pallbearer Leave PL 9914 9914

Compensation Absence CA 9909 WCF, WCO, WCR 9909

Compensation Doctor CADM WCS 9910
Appointment

Doctor Medical DM 9906 MDL 9906

Serious Distress DS 9907 9907

Funeral Leave FL 9915 9915

Holiday in Lieu HL 9937 SHL 9937

Holiday Unpaid HU 9938

Working Scheduled HW 9939 SHW 9939
Stat Holiday

Northern Vacation NW 9904 9904

Sick Absence SICK 9908 LSP, S7, S8, S9, 9908
SI, SIE, SWO

Union Leave UL 9916 LNG, LWS 9916

Vacation VA 9902, 9901 VAC 9902

Vacation Bank Taken VB 9903 9903

Vacation Leave Without Pay VF VWO 9901

VACATION OVERTIME PAYOUT VP 9912 9912

Jury Duty JD 9920

Military Leave ML 9905

Paid Absence XP 9929 LWP 9929

Regular Time RG 9917, 9930, 9931, REG, ST, STE 9917
9932, 9933, 9934,
9935, 9936, 9937,
9938

Banked Time Off BTO 9911 BU 9911

FWAP Straight Time Banked FTO 9912

Worked up leave Weekend DNP 9940, 9924 9940

Personal Family Day Off KS PLD 9930

Limited Sick Pay (Part Time LSP LKA 9938
Employee)

Suspension Without Pay SO 9921 SSO 9921

PREGNANCY FURLOUGH PF 9922 9922

ADMIN SUPPORT YA 9035 9035

INTERNAL SUPPORT YI 9036 9036

OUTSIDE SUPPORT YO 9037 9037

ACTING SUPERVISOR AS 9038 9038


--


-----------------------------------
SAP Premiums / Hourly Differentials
-----------------------------------

_____________________________________________________________________________________________________________


SAP Description SAP Old AWAS Old UDS Code New AWAS
Codes OTH EHC OTH EHC


Standby Pay SB SB

FWAP Straight Time Banked STOT ST

Overtime OT DT, TH, SV, BOT, BOTR, DB, OT
VH, VO, TV, DBR, DT, DT94,
VS, ST, VT DTR, OT, TT

Overtime Non Continuous OTB OB

Premium Call Out PC PC

Tower Climb TC TC

Tower Time TT TT

Charge Hand CH CH CH

Training TR TR TR

Class Instructor 7002 CI CI

Plant to Management 7004 PM PM

Equipment Servicing 7005 ES ES

Heavy Equipment Operator 7006 HE HE

Mechanic Field Worker 7007 ME ME

Truck Driver 7008 TD TD

Partial Assignment of P6 PAM6 P6
Management Duties

Partial Assignment of PM PAM PM
Management Duties

Partial Assignment of PR PAMR PR
Management Duties

Responsibility Pay R1 RP1 R1

Responsibility Pay R2 RP2 R2

Responsibility Pay R3 RP3 R3

Responsibility Pay R4 RP4 R4


--

----------------------------
SAP Internal Orders and AWAS
----------------------------

_____________________________________________________________________________________________________________


Description SAP Internal AWAS AWAS Product AWAS Function AWAS Product/Account
Order Number Driver Worked Code BID code Entered


MULTIMEDIA SUPPORT 5001886 20 1000 4000 S,R 5001886
(RESIDENTIAL)

PUBLIC PAYPHONE 5009309 TCI 5000 4000 M 5009309
Change to ($0.35)


--

----------------------------
Network Functional Locations
----------------------------

_____________________________________________________________________________________________________________


Functional
Location FL Description AWAS C.O. Codes

Wire
Centre
(WWWW)


ACVY Acadia Valley Area 0603

ACME Acme Area 0146

ARDR Airdrie Area 0118

ATBH Alberta Beach Area 0372

ADFL Alder Flats Area 0339

ALIX Alix Area 0172

ALNC Alliance Area 0315

ALRO Altario Area 0170

ANDR Andrew Area 0512

ANZC Anzac Area 0428

ADSN Ardrossan Area 0366

AWWD Arrowwood Area 0138

ASMT Ashmont Area 0543

ASMP Assumption Area 0495

ATBC Athabasca Area 0433

BNFF Banff Area 0127

BRNS Barons Area 0277

BRHD Barrhead Area 0381

BSHW Bashaw Area 0305

BSSN Bassano Area 0625

BWLF Bawlf Area 0306

BRCN Bear Canyon Area 0485

BUMT Beaumont Area 0365

BRLG Beaverlodge Area 0452

BSKR Beiseker Area 0147

BLLV Bellevue Area 0260

BNTL Bentley Area 0179

BWYN Berwyn Area 0483

BGVY Big Valley Area 0168

BDLS Bindloss Area 0606

BLFD Blackfalds Area 0174

BLKE Blackie Area 0137

BLRM Blairmore Area 0258

BLRG Blue Ridge Area 0385

BACD Bon Accord Area 0350

BNNZ Bonanza Area 0451

BNVL Bonnyville Area 0550

BWIS Bow Island Area 0607

BWDN Bowden Area 0189

BOYL Boyle Area 0435

BGCK Bragg Creek Area 0114

BRTN Breton Area 0331

BRCK Brocket Area 0255

BRKS Brooks Area 0622

BNVA Brownvale Area 0487

BRHE Bruderheim Area 0360

BRDT Burdett Area 0609

BYMR Byemoor Area 0167

CDMN Cadomin Area 0401

CLLK Calling Lake Area 0431

CLMR Calmar Area 0320

CMRS Camrose Area 0301

CNMR Canmore Area 0128

CRBN Carbon Area 0196

CMGY Carmangay Area 0278

CRLN Caroline Area 0191

CRST Carstairs Area 0143

CAST Castor Area 0164

CYLY Cayley Area 0136

CREL Cereal Area 0602

CSFR Cessford Area 0627

CHMP Champion Area 0141

CHVN Chauvin Area 0534

CWLK Chipewyan Lake Area 0430

CHMN Chipman Area 0363

CRMT Clairmont Area 0455

CRHO Claresholm Area 0256

ARWY CLGR - Airways Area in Calgary 0061

BNVT CLGR - Bonavista Area in Calgary 0014

BWNS CLGR - Bowness Area in Calgary 0009

CPHL CLGR - Capital Hill Area in Calgary 0004

CHTS CLGR - Cres Heights Area in Calgary 0046

CRCD CLGR - Crowchild Area in Calgary 0033

ELPK CLGR - Elbow Park Area in Calgary 0007

FSLN CLGR - Forest Lawn Area in Calgary 0010

HLHT CLGR - Hillhurst Area in Calgary 0031

HNHL CLGR - Huntington Hills in Calgary 0013

KLRN CLGR - Killarney Area in Calgary 0002

KGLD CLGR - Kingsland Area in Calgary 0012

MAIN CLGR - Main Area in Calgary 0001

MCKZ CLGR - Mckenzie Area in Calgary 0051

MTRY CLGR - Mount Royal Area in Calgary 0006

OKRG CLGR - Oakridge Area in Calgary 0015

OGDN CLGR - Ogden Area in Calgary 0038

SNSY CLGR - Shawnessy Area in Calgary 0049

TMPL CLGR - Temple Area in Calgary 0022

CLIV Clive Area 0173

CLYD Clyde 0375

CODL Coaldale Area 0274

CCHR Cochrane Area 0113

CDLK Cold Lake Area 0549

CLMN Coleman Area 0259

CNKL Conklin Area 0427

CNST Consort Area 0166

CRNT Coronation Area 0165

CTHL Country Hill Area Calgary 0054

COTS Coutts Area 0269

CWLY Cowley Area 0261

CGMY Craigmyle Area 0629

CMNA Cremona Area 0144

CSFD Crossfield Area 0119

CSTN CSTN - Cardston Area 0254

CZAR Czar Area 0533

DYLD Daysland Area 0307

DBLT Debolt Area 0462

DLBR Delburne Area 0187

DELI Delia Area 0631

DRWT Derwent Area 0524

DEVN Devon Area 0319

DSBY Didsbury Area 0145

DXVL Dixonville Area 0492

DNLD Donalda Area 0161

DNLY Donnelly Area 0471

DRVY Drayton Valley Area 0334

DMHL Drumheller Area 0197

DCHS Duchess Area 0623

EGHM Eaglesham Area 0454

ECLE East Coulee Area 0198

ECVL Eckville Area 0181

EGTN Edgerton Area 0528

EDSO Edson Area 0395

BVLY EDTN - Beverly Area Edmonton 0752

BNDN EDTN - Bonnie Doon Area Edmonton 0711

CTDW EDTN - Castle Downs Edmonton 0742

CLBR EDTN - Clover Bar Area Edmonton 0743

ESGT EDTN - East Gate Area Edmonton 0712

EDIA EDTN - Edmonton International Airport 0346

EMAN EDTN - EDTN Main Area Edmonton 0701

ELSL EDTN - Ellerslie Area Edmonton 0732

EVGR EDTN - Evergreen Area Edmnoton 0744

JSPL EDTN - Jasper Place Area Edmonton 0721

KASK EDTN - Kaskitayo Area Edmonton 0733

LNDM EDTN - Lendrum Area Edmonton 0731

LWIS EDTN - Lewis Farms Area Edmonton 0722

LDDY EDTN - Londonderry Area Edmonton 0741

MDWS EDTN - Meadows Area Edmonton 0713

MLWD EDTN - Mill Woods Area Edmonton 0714

NRST EDTN - North East Area Edmonton 0745

NRWD EDTN - Norwood Area Edmonton 0751

OLVR EDTN - Oliver Area Edmonton 0763

PLSD EDTN - Pilot Sound Area Edmonton 0746

ROPR EDTN - Roper Area Edmonton 0715

SEIP EDTN - South East Industrial Area Edmonton 0716

STON EDTN - Stone Area Edmonton 0764

STRC EDTN - Strathcona Area Edmonton 0734

TWGR EDTN - Terwillegar Area Edmonton 0735

TWBK EDTN - Twin Brooks Area Edmonton 0736

WJPL EDTN - West Jasper Place Edmonton 0724

WEML EDTN - West Edmonton Mall Edmonton 0723

WSMT EDTN - Westmount Area Edmonton 0761

WRBN EDTN - Winterburn Area Edmonton 0765

CNNL EDTN - Cannell Area Edmonton 0762

ELPN Elk Point Area 0542

EKWR Elkwater Area 0615

ELNR Elnora Area 0201

EMPR Empress Area 0605

ENCH Enchant Area 0268

ETZK Etzikom Area 0620

EVBG Evansburg Area 0335

EXSW Exshaw Area 0129

FRVW Fairview Area 0490

FLHR Falher Area 0470

FAST Faust Area 0472

FRNT Ferintosh Area 0303

FLTB Flatbush Area 0376

FRMS Foremost Area 0618

FSBG Forestburg Area 0313

FTAS Fort Assiniboine Area 0380

FTCP Fort Chipewyan Area 0426

FTMK Fort Mackay Area 0429

FTML Fort Macleod Area 0251

FTSK Fort Saskatchewan Area 0351

FTVM Form Vermilion Area 0497

FXCK Fox Creek Area 0386

FXLK Fox Lake Area 0501

FTMM Ft McMurray Area 0425

GDSB Gadsby Area 0163

GLHD Galahad Area 0314

GIBN Gibbons Area 0353

GFLK Gift Lake Area 0468

GXVL Girouxville Area 0464

GLCH Gleichen Area 0126

GLND Glendon Area 0537

GLWD Glenwood Area 0252

GDCT Grand Centre/Cold Lake Area 0547

GDCH Grand Cache Area 0404

GDPR Grand Prairie Area 0450

GRNM Granum Area 0257

GRLD Grassland Area 0436

GYLK Grassy Lake Area 0266

GMSW Grimshaw Area 0482

GRAD Grouard Area 0467

HRHL Hairy Hill Area 0520

HLKR Halkirk Area 0162

HANN Hanna Area 0628

HRTY Hardisty Area 0317

HYLK Hay Lakes Area 0299

HAYS Hays Area 0267

HSBG Heinsburg Area 0544

HSLR Heisler Area 0309

HILV High Level Area 0496

HIPR High Prairie Area 0465

HIRV High River Area 0132

HILD Hilda Area 0613

HNCK Hines Creek Area 0484

HITN Hinton Area 0399

HBMA Hobbema Area 0326

HLDN Holden Area 0518

HGDN Hughenden Area 0532

HUSR Hussar Area 0205

HYTH Hythe Area 0453

INFL Innisfail Area 0188

INFR Innisfree Area 0514

IRMA Irma Area 0527

IRSP Iron Springs Area 0276

IRCN Irricana Area 0120

IRVN Irvine Area 0612

ISLY Islay Area 0525

JRVE Jarvie Area 0377

JSPR Jasper Area 0403

JSRE Jasper East Area 0402

JENR Jenner Area 0610

JDPR John D'Or Prairie Area 0502

JSRD Joussard Area 0469

KNKS Kananaskis Area 0148

KPHL Keephills Area 0337

KGRV Keg River Area 0500

KILM Killam Area 0311

KNSO Kinuso Area 0475

KTCY Kitscoty Area 0555

LCRT La Crete Area 0498

LBCH Lac La Biche Area 0437

LCMB Lacombe Area 0176

LKLS Lake Louise Area 0130

LAMT Lamont Area 0361

LNGD Langdon Area 0122

LAVY Lavoy Area 0515

LEDC Leduc Area 0318

LEGL Legal Area 0374

LSVL Leslieville Area 0182

LTBR Lethbridge Area 0250

LTBF Little Buffalo Area 0493

LLYD Lloydminister Area 0553

LDGP Lodgepole Area 0338

LMND Lomond Area 0140

LGVW Longview Area 0133

LGHD Lougheed Area 0316

MGRT Magrath Area 0283

MMOB Ma-Me-O Beach Area 0328

MNNG Manning Area 0491

NMVL Mannville Area 0529

MYBR Manyberries Area 0619

MRBO Marlboro Area 0398

MRWN Marwayne Area 0554

MYTP Mayerthorpe Area 0384

MLNN Mclennan Area 0473

MNRV Meander River Area 0503

MDHT Medicine Hat Area 0621

MKRV Milk River Area 0273

MILT Millet Area 0327

MILO Milo Area 0139

MNBN Minburn Area 0523

MIRR Mirror Area 0171

MRVL Morinville Area 0368

MRLY Morley Area 0131

MORN Morrin Area 0200

MLHT Mulhurst Bay Area 0329

MNDR Mundare Area 0519

MRNM Myrnam Area 0522

NAMO Namao Area 0352

NMPA Nampa Area 0481

NATN Nanton Area 0134

NDTN New Dayton Area 0282

NNRY New Norway Area 0302

NSPA New Sarepta Area 0304

NBRK Newbrook Area 0432

NSKU Nisku Area 0323

NTJT Niton Junction Area 0397

NBFD Nobleford Area 0279

NRDG Nordegg Area 0184

OKTK Okotoks Area 0115

OLDS Olds Area 0192

ONWY Onoway Area 0373

OYEN Oyen Area 0601

PRVY Paradise Valley Area 0556

PCRV Peace River Area 0488

PLLK Peerless Lake Area 0479

PERS Peers Area 0396

PNHL Penhold Area 0186

PCBT Picture Butte Area 0275

PNCK Pincher Creek Area 0262

PLDN Plamondon Area 0439

PNKA Ponoka Area 0177

PRDS Priddis Area 0116

PRVT Provost Area 0526

RDWY Radway Area 0355

RNLK Rainbow Lake Area 0499

RLTN Ralston Area 0611

RYMN Raymond Area 0280

RDDR Red Deer Area 0194

RDER Red Earth Area 0480

RDWR Redwater Area 0354

RMBY Rimbey Area 0178

ROBB Robb Area 0400

ROCH Rochester Area 0434

RMTH Rocky Mountain House Area 0183

RKFD Rockyford Area 0123

RLHL Rolling Hills Area 0626

RSLD Rosalind Area 0308

RSBD Rosebud Area 0199

RMSY Rumsey Area 0195

RYCF Rycroft Area 0458

RYLY Ryley Area 0517

SNGD Sangudo Area 0383

SKCS Saskatchewan River Crossing Area 0175

SCHL Schuler Area 0614

SBBH Seba Beach Area 0333

SDWK Sedgewick Area 0312

SVPR Seven Persons Area 0608

SXSM Sexsmith Area 0456

SWPK Sherwood Park Area 0364

SBLD Sibbald Area 0604

SLVY Silver Valley Area 0463

SELK Slave Lake Area 0477

SMTH Smith Area 0476

SMLK Smoky Lake Area 0358

SPRV Spirit River Area 0461

SPGV Spruce Grove Area 0369

SPVW Spruce View Area 0190

STAL St Albert Area 0367

STMC St Michael Area 0362

STPL St Paul Area 0535

STOF Stand Off Area 0253

STDD Standard Area 0125

STVY Stavely Area 0135

STLR Stettler Area 0160

STNG Stirling Area 0281

SYPL Stony Plain Area 0370

STMR Strathmore Area 0121

STRM Strome Area 0310

SCOC Sunchild O'Chiese Area 0185

SNDR Sundre Area 0193

SNHL Swan Hills Area 0379

SYLK Sylvan Lake Area 0180

TABR Taber Area 0264

TRHL Thorhild Area 0359

THRS Thorsby Area 0322

THHL Three Hill Area 0204

TLLY Tilley Area 0624

TOFD Tofield Area 0516

TMHK Tomahawk Area 0336

TRTN Torrington Area 0203

TRCH Trochu Area 0202

TRVY Turner Valley Area 0117

TWHL Two Hills Area 0511

VYVW Valleyview Area 0466

VXHL Vauxhall Area 0265

VGVL Vegreville Area 0510

VRML Vermilion Area 0531

VTRN Veteran Area 0169

VKNG Viking Area 0521

VILN Vilna Area 0538

VLCN Vulcan Area 0142

WBMN Wabamun Area 0371

WBSC Wabasca Area 0478

WNWR Wainwright Area 0530

WLSH Walsh Area 0617

WNRV Wandering River Area 0438

WNHM Wanham Area 0457

WRBG Warburg Area 0321

WRNR Warner Area 0270

WSPT Warspite Area 0357

WKTN Waskatenau Area 0356

WRTP Waterton Park Area 0263

WMBY Wembley Area 0459

WLOC Westlock Area 0378

WTKW Wetaskiwin Area 0325

WTCO Whitecourt Area 0382

WHLW Whitelaw Area 0486

WDWR Widewater Area 0474

WLWD Wildwood Area 0332

WLDN Willingdon Area 0513

WNFD Winfield Area 0330

WOKG Woking Area 0460

WRSY

  
Worsley Area 0489

WRHM Wrentham Area 0272

YNTW Youngstown Area 0630

ZAMA Zama Area 0494


---



AWAS Related Telephone #'s / IP's:


'DISPATCH / ANALYSIS CENTERS'

LOWER MAINLAND:

Bus DAC - CPE (604) 453-2212
BUS DAC - NET (604) 453-2213

I/R DAC - (604) 453-2330 or 1-800-665-2927
Network DAC - (604) 453-2900 or 1-877-828-8812

TNO CSD Support Line - 1-800-665-2927

--

KELOWNA:

Bus DAC - (250) 470-5455 or 1-800-665-4249

I/R DAC - (250) 470-5455 or 1-800-665-2927

--

VICTORIA:

Bus DAC - (250) 388-8021

I/R DAC - (250) 388-8877 or 1-800-665-2927

-->

LAPTOP SUPPORT NUMBERS:

'TELUS OPERATIONS LAPTOP SUPPORT'

7035 Greenwood Street
Burnaby, B.C. V5A 1X7
(604) 432-5559 or 1-888-999-2927
Fax (604) 415-9067

--

SPOC (PASSWORD TROUBLES) - 1-800-606-7762

--

FIELD SUPPORT NUMBERS:

'CUSTOMER SERVICE REPS'

Residential - 1-888-483-4777
Business - 1-888-388-3302

--

ASSIGNMENT AND PROGRAMMING:

Assignment - 310-3344 -6 -1

Local # Portability - 310-3344 -6 -2

Activations (CDA) 310-3344 -6 -3

--

TEST DESK:

1-800-665-1774
(250) 861-2280
(604) 430-7333

--

(PLANT) TEST NUMBERS:

Line Opener - 958-4111
ANI (ANAC) - 958-6111

ADSL Provisioning - (604) 878-3101 or 1-877-519-9292


--

LAPTOP (MODEM) DIAL-UP NUMBERS:

AWAS local: 205-5923
AWAS long dis: 1-888-665-2100
Secure ID local: 205-5263
Secure ID long dis. 1-888-886-7877

-->




'Online AWAS Resources'
---------------------

The following are some links for additional information on AWAS:

http://www-1.ibm.com/industries/wireless/doc/content/bin/telusappbrief.pdf

http://www.crtc.gc.ca/ENG/publications/reports/8660/TCBC/Aug98a2.doc

http://www.hackcanada.com/canadian/phreaking/gc_dima.txt

http://www.e-voliucija.lt/2001presentations/evoliucijaIBM.pdf

--




[ 'Conclusion to Document' ]


There you have it, folks; The Comprehensive Guide to AWAS. I hope it was worth it.

The Automated Work Administration System, a network of love, hate, and chaos.

Can you sit around and let this system control your lives, or are you going to stand
up and fight against the new world order? Fear not, for we are here to protect you.

This guide represents part of my effort to widen the audience of the latest and great
est groundbreaking technologies from the incumbent telecommunication powers that be.

Phreaking has had an enormous influence on my life and my view of the universe. My
only regret is that the limits of the current technologies we're involved with today
fail to capture the full fidelity of the bigger picture. The bigger picture is that
you are a slave! A slave to POTS copper, a slave to the proprietary. Wake up, sleepy!

AWAS' wireless side... to die?

In other news, the CDPD side of AWAS is said to be in the works of "deconstruction".

Is AWAS too expensive, too complex, too resource intensive to keep alive? Is AWAS
going to be replaced with an advanced Teradyne engineered 4TEL (VRS) system? A telus
technician from Edmonton who spoke with my associate H1D30U5 said this may happen, or
are these foolish rumours in a failed attempt to TRICK local phreaks into leaving the
"system" alone? Only time will tell because, of course... the future is friendly(tm)!




--->

<senorita> buy me an ice cweam?

--->





Millennium Hardware Modification for the purpose of Redboxing


By: H1D30U5

03/29/04



Shouts to Hackcanada, Nettwerked, The Clone, Wizbone, Kankraka,
Cyb0rg/Asm, Question, Tr00per, H410G3N, and of course Nortel (for
giving us a laugh or 2)

Thanks to Joe Clark for taking the time to send me some information.
And thanks to Jackel for writing the first document regarding this idea.




Equipment required to pull this 'sploit

1. Propane torch + Lighter

2. Wire cutters

3. Electrical Tape

4. Super Glue

5. Balls of Solid Rock.



For Reference, the tones for NACTS are as follows

Quarter 2200hz 33ms on 33ms off 5 times repeated

Dime 2200hz 66ms on 66ms off 2 times repeated

Nickel 2200hz 66ms on 66ms off once



3900hz can also be substituted because Telus' switching equipment will also
accept this as a valid frequency. If it's easier to produce, go for it. Also
see the redboxing file on Hackcanada.com written by Cyb0rg/Asm for more details
on how to build your redbox.




***Millennium Info/History***



MILLEN MTR 2.0--Millennium Payphone (A0748017)


The Millennium Payphone was once called the "Un-Phreakable Phone" simply because
it has many fraud deterrants such as the false dial tone, the remote DTMF dialling,
and the microphone muting. It was manufactured by Quortech and licenced for use and
distribution to Nortel. The birth of the Millennium happened in 1993, according to
Doug Matatall, director of Millennium marketing at Northern Telecom. Ordinary people
on the street and marketing designers wanted to produce the "Perfect" pay-telephone.
Consumers asked that the buttons on the dialing pad not be hidden under the handset
as they are on the older Centurion model, so the Millennium's handset was placed next
to the buttons. People with tremors, cerebral palsy, and other motor impairments had
difficulty inserting coins and dialing numbers, so the Millennium's buttons are farther
apart and the coin slot is surrounded by a tapered bezel to guide a coin in. It has an
alpha-numeric display, and an internal computer that will set off alarms in case of
vandalism / abuse, a full coin box, or when the coin slot is jammed (so don't say it's
jammed to a live op, THEY KNOW.)



Matatall states that there are just over 167 000 payphones in Canada, and over 60,000 of
them are Millenniums. There are over 150,000 Millenniums in North America alone. They are
also found in Singapore, Australia, and Thailand. This phone has been engineered, and re-
engineered to weather anything. The LCD was even engineered with a special substance that
has a freezing point of -60 Celcius so that the display will not freeze even in the harshest
of Canadian winters.


The Millennium doesn't merely display information, it also talks to you in a synthesized voice.
Though this redundancy should make the phone accessible to people with vision or hearing impair-
ments, what you hear doesn't always match what is displayed. Place a long-distance call via a
credit card, for example, and the display will read "Card verification in progress" while the
synthesized voice simply says "Please wait." These features draw electrical power, using a
TA10750 Transformer and only draw up to 8.6 watts a month, at a cost which Matatall estimates
at 30 cents.


(The Centurion draws no separate electrical power.) Converting all 167,000 payphones in Canada
to Millenia will incur a power bill of over $50,000 a month; presumably telephone utilities
will try to recoup this overhead through higher rates.



***Millennium Stats***



Height : 533mm (21")
Width : 194mm (7 13/16")
Depth : 155mm (6 3/16")
Weight : 19.05kg (42lbs) *EMPTY*


It has an enhanced G type handset with armored cabling, and an Electret Microphone with
a dynamic receiver. It's operating temperature range is from -40'C to +60'C, and it's
Non operating but still physically undamaged temperature range is from 10'C in either
direction from it's operating range. It uses supplemental power (110v DC) and can
function without the use of it's LCD to call emergency numbers, and operator assisted
calls in case of a power outage. It uses a Vaccuum Fluorescent Display (but for all
intents and purposes we'll just call it LCD in this article.) And it's "LCD" is able to
function using English, French, Spanish, and Japanese letters and symbols. The display
can also be independantly configured to display any message that the owner wants. If it
were used as a COCOT, then the owner could program an advertisment into the LCD.



***THE SPLOIT***


The only method of redboxing from a Millennium before Jackel's findings was to cut the power,
which is not only in-efficient, but it also automatically signals the telco. Then they'll come
and repair it, etc. There is another method... we earlier discussed the "microphone muting".

There is a way around this feature, for they were not smart enough to have the local switching
station initiate the muting, because there are many makes and types of switches, and the older
ones would not have to resources to initiate this feature. Quortech, in their infinite wisdom,
then decided to use electrical grounding on a computer controlled switch to mute the microphone.

They did this by sending an electrical current from the phone's power supply to the mouthpiece.
This current is equal to the voltage required to power the microphone, therefore completing the
circuit without passing through the microphone. That means that when the phone is kicked over
into NACTS, (when the coin are to be inserted) that the microphone is bypassed. Now that we
know WHY it happens, we can make it fail. The only mildly dangerous part of this exploit, is
that you have to take a little bit of time to do it. This means that concerned citizen/police
officer could see you doing it.


I recommend night-time for this, and that you try to pick a Millennium that is semi-secluded.
Not the one that's beside the door of your local 7-11... The "Bloated Gas-Bag" could see you.
To stop the phone from bypassing the microphone, we have to open the handset. There are a few
methods of doing this, either by breaking it, or otherwise. I prefer to bring a propane torch
along with me and heat the microphone cap on the handset. This will melt the glue, and at the
same time, expand the cap making it easier to remove. Okay, so we got the cap off. Pull the
microphone out and take a look at how the microphone is wired.

Study it, and learn something.

You'll see 3 wires there; Hot, Neutral, and a strange, out of place looking wire with a clear
coating on it. That's the one we're looking for. It's the wire that completes the microphone
bypass. All you have to do is cut that wire, and then the phone will send current down the line
as per usual, but nothing will happen. The important part though, is to tape the loose ends of
the wires with electrical tape. If you go to all of this trouble to modify a payphone, then it'd
better damn well work. If you do not tape the wires, and the hot loose end touches something metal,
it will either fry the wiring, (it is 110v DC, same voltage as your household plugs) or mute the
mouthpiece as normal... therefore undoing all your hard work!


What a kick in the pants eh?


So tape those wire ends up, and then glue the cap back on the mouthpiece. Done, now you can try
to redbox it. I find that op's will fail to notice redboxing from millenniums because it's the
"unphreakable fone." When you call from a Millennium, the op knows that you're calling from a
Millennium. It will display it on their console, so you have a better success rate. I have had
about 95% success when using this technique. The best reason for modifying a Millennium instead
of just using a Centurion, or Fortress, is that you can learn something while doing it, and the
success rate will dramatically increase.

Also, you won't have telco personnel coming around to fix the phone like you'd have if you use the
power out exploit. There you have it, The "Unphreakable Phone" has been phreaked. On a side note,
I'd suggest that you mark the payphone after you've modified it, to let other phreakers know that
it has been rigged. A Nettwerked sticker would be perfect, and that's the way that I marked the
one I took apart to research this article.


Have Phun, and come back safe.




--->

<wizbone> -bush-2.05b$ rm -r /usr/local/bin/laden
<son4r> Are you guys having fun? :D
<wizbone> not anymore :(
<theclone> you ruined it
<wizbone> thanks alot
<theclone> rm -rf /usr/local/bush/cia/drugs/cocaine/white.txt
<theclone> ^- cover up
<wizbone> haha
<wizbone> you're a coverup
<theclone> thanks

--->



------------------------------
Alberta CLLI's and other stuff
------------------------------

By: tr00per


Shouts: Question, The Clone, steelethan, kankraka, port9,
hades, Jackel, Treephrog, tek and everyone else from
#hackcanada


If you've read k-1ine 41, you probably already know about CLLI's. The CLLI
format is the same all over Canada. Ive typed out this chart to show how
the CLLI format works. For more detail read 'The Complete (TELUS) British
Columbia CLLI Compilation' from k-1ine 41.


Here's a little review:



COMMON LANGUAGE LOCATION IDENTIFICATION FORMAT CHART


-----------------------------------------------------------------------------------
ITEM | CHARACTER TYPE
|

|-------------------------------------------------|
CHARACTER POSITION | 1 2 3 4 5 6 7 8 9
10 11 |
---------------------------------|-------------------------------------------------|
PLACE NAME | A A A A| | |
|
PROVINCE OR STATE | | A A | |
|
---------------------------------| | | |
|
BUILDING | | | A A |
|
---------------------------------| | | N N |
|
ENTITY | | | |
|
-SWITCHING ENTITIES| | | | X
X X |
-NON-SWITCHING | | | | A
x X |
---------------------------------| |
|---------------------|
NON-BUILDING | | |
|
-cUSTOMER | | | N A N
N N |
-OTHER | | | A N N
N N |
-----------------------------------------------------------------------------------

A= ALPHA CHARACTER N= NUMERIC CHARACTER X= ALPHA OR NUMERIC CHARACTER



This Chart might seem counfusing at first, but it's really quite simple.
Here's an example of your standard CLLI : FTSKAB01CG1

F T S K A B 0 1 C G 1
^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^
| | | | | | | | | | |
The First 6 Characters These two numbers
will most likely will usually represent The last 3
characters
always be letters. the building site, identify the
equipment/ although there are
service used by the
exeptions. It can have place.
numerical or Alpha
characters




Now... to the good stuff. Here's a list of digital switches,
and their CLLI's for the major cities of Alberta:

SWITCH (DMS100) CLLI
------------ -----------

Airdrie ARDRAB02DSO
Banff BNFFAB01CG2
Bonnyville BNVLAB03CG1
Calgary Main CLGRAB01CG2
CLGRAB01CG3
CLGRAB21DS1
Camrose CMRSAB06DSO
Drumheller DMHLAB01CGO
Ft McMurray FTMMAB03DSO
Ft Saskatchewan FTSKAB01CG1
Grande Prairie GDPRAB01DSO
High Level HILVAB01CGO
Hinton HNTNAB02DSO
Lethbridge LTBRAB01CG1
LTBRAB01DSO
Lloydminister LLYDAB01CG1
Medicine Hat MDHTAB02CG1
Peace River PCRVAB01CGO
Red Deer RDDRAB01CG1
RDDRAB01CG2
Sherwood Park SWPKAB01DSO
Slave Lake SELKAB01CG2
St Albert STALAB01DSO
Stettler STRLAB01CGO
Vegreville VGVLAB01DSO
Wainwright WNWRAB01CGO
Wetaskiwin WTKWAB02CGO


These are seperate areas within Calgary:

AREA'S in Calgary CLLI
-------------- -----------------
Airways CLGRAB61CGO
Bonavista CLGRAB14DSO
Bowness CLGRAB09DSO
Crescent Heights CLGRAB46DSO
Crowchild CLGRAB33DSO
Elbow Park CLGRAB07DSO
Forest Lawn CLGRAB10DSO
Hillhurst CLGRAB31DSO
Huntington Hills CLGRAB13DSO
Killarney CLGRAB02DSO
Kingsland CLGRAB12DSO
Main CG2 CLGRAB01CG2
Main CG3 CLGRAB01CG3
Main DSO CLGRAB21DSO
Main DS1 CLGRAB21DS1
Mount Royal CLGRAB06DSO
Oakridge CLGRAB15DSO
Ogden CLGRAB38DSO
Shawnessy CLGRAB49DSO
Temple CLGRAB22DSO

I hope to have a complete list soon.

Since this file is pretty damn short, I've compiled a list of telus/telco
acronyms and their definitions that I thought might be useful to make it longer.
If you dumpster dive or other shit, you have probably come accross e-mails, or
papers or even manuals that make no sense because they are full of weirdo acronyms
(silly telus where do they come up with this shit) and terms, hope this helps :)


-------

..............................................................................
ANA - Automatic Number Announcement
ANI - Automatic Number Identifier
BERT - Bit Error Rale Test
BOP - Bit Oriented Protocol
BRI - Basic Rate Interface (2B+D) ISDN 128 Kbps (2 x 64 Kbps plus 1x16 Kbps
channels)
CIC - Carrier Identification Code
CIR - Committed Information Rate
CLCI - Common Language Circuit Identifier (the circuit number)
CLLI - Common Language Location Identifier
CPE - Customer Premises Equipment, Customer Provided Equipment
DCC - Digital Access Cross-Connect
DCE - Data Communication Equipment
DDS - Digital Data Service
DLCI - Data Link Connection Identifier
DS-0 - Digital Signaling - Level 0 - ( 64.0 Kbps)
DS-1 - Digital Signaling - Level 1 - (1.544 Mbps)
DS-3 - Digital Signaling - Level 3 - (44.7 Mbps)
DSU/CSU - Data Service Unit / Channel Service Unit
DTE - Data Terminal Equipment
DVACS - Digital / Voice Access and Control System
FOX - Message Pattern
FT1 - Fractional T1 (The Customer uses only a portion of the available
bandwidth - ie: 128 KBPS)
HBM - High Speed Bert Mode
ILS - Individual Line Service
ISDN - Integrated Service Digital Network
ITU - International Telecommunications Union
LAN/WAN - Local Area Network / Wide Area Network
LCRV - Low Capacity Remoting Vehicle
LMI - Local Management Interface
MAO - Maintenance Administration Office
MAP - Maintenance Administration Position
NETCAP - Network Capabilities Database
NID - Network Interface Device
NIDP - Network Interface Device Point
PIC - Preferred Inter-Exchange Carrier
PR I - Primary Rate Interface (23B+D)
PAD - Packet Assembler Device
PAO - Plant Administration Office
POC - Program Operating Center
POS - Point Of Sale
POTS - Plain Old (ordinary) Telephone Service
PRO - Plant Provisioning Office
PSTN - Public Switched Telephone Network
PVC - Permanent Virtual Circuit
RILS - Rural Individual Line Service
S4T4 - Schedule 4, Type 4 Transmission Tests
SND - Switch Network Data
SPID - Service Point Identification Number (ISDN circuit number)
SSOSS - Special Services Operational Support System (a provisioning and
testing database and tool)
STS - Synchronous Transport System
SV# - Switched Virtual Circuit
TDM - Time Division Multiplexing
TIMS - Transmission Impairment Measurement Set
TLA - Three Letter Acronym (The Surgeon General recommends these be avoided)
TLp - Test Level Point or STLP (Standard Test Level Point)
TOC - Television Operating Center
USO - Universal Service Order
USSO - Universal Special Services Order

-tr00per

--end--



-->


Gizmo [IntricateP@dialup-67.75.231.95.Dial1.Seattle.Level3.net] has joined #hackcanada
<theclone> GIZMO CACA!!
<nach0> i love gremlins
<theclone> me too
<nach0> You're a sheep. Baaaah.. baaaaaah..
<theclone> haha


-->




Telus Physical Key Systems; an internal memo


By: Anonymous Phone Hero

03/04

This is an e-mail I aquired from a much respected member of our community. This regards Telus' new
use of override keys on Telus CO's and other buildings used by lineman and switchman. Hopefully this
is useful for everyone in one way or another. Again, this is not to be used for malicious purposes,
but rather to educate you on Telus' Physical Security.



From: Dennis Senio
Sent: Friday, June 20, 2003 8:02am
To: Barry Iverson; Brian Andrews; Brian Mckelvey; Brian Richardson; Dave O'donahue; Eric Hannem;
Gary MacKinnon; Jim Ellis; Lynn Mattoon; Mark Hebert; Mike COllins; Reigh Hughes; Rick Domes;
Shawn Cardinal; Vern Tremblay; Verne Forsberg

Subject: FW: AB New keys


Just a heads up that new gate and building locks are going to be installed in AB and BC that
will reduce the number of different keys required for access. The recommended keys for us are
the Edm.ABA2.1 and the North ABA4.1. I am trying to order them now so we may actually have
them once the rollout starts.

---- Original Message ----

From: Ginger Surgeon
Sent: Thursday, June 12, 2003 8:21 AM
To: Garry Zannet; Louise Beattie
Cc: Paul Lord; Roger Burak; Scott Wellicome; Louis Lafortune; Doug Urichuk; Rick Castonguay;
Don Hamaliuk; David Beaudette
Subject: AB New keys

Please distribute this as necessary. There has been much discussion and e-mails regarding locks
in Alberta, below are the details of what is happening.

Alberta Lock Upgrades / Re-keying

GENERAL SCOPE

There is a project in progress to upgrade all the external locks in TELUS buildings. This project
is already underway in BC, and will be starting this year in Alberta. The new locks are 'Abloy'.
They will replace 'Medeco' locks on the external doors.

KEY STRATEGY

In an effort to reduce the current amount of keys in use, the province has been divided into 4 sections:

CALGARY - all buildings in / around Calgary (must have CLLI codes starting CLGR)
EDMONTON - all buildings in / around Edmonton (must have CLLI codes starting EDTN)
SOUTH - all other buildings in Southern part of the province (must have area code 403)
NORTH - all other buildings in Northern part of the province (must have area code 780)

The new keys required for these areas are as follows:

CALGARY - gates only ABA1.G - buildings & gates ABA1.1 - card access override CAC1.40
EDMONTON - gates only ABA2.G - buildings & gates ABA2.1 - card access override CAC2.40
SOUTH - gates only ABA3.G - buildings & gates ABA3.1 - card access override CAC3.1
NORTH - gates only ABA4.G - buildings & gates ABA4.1 - card access override CAC4.1

ROLL OUT PLANS

1. Sites being converted to card access wil be changed to 'Abloy' when the card access system is installed.

2. Materials for the remaining lock changes are on order.

3. Once most of the materials are on site, a communication will be sent out advising all AB employees of
the lock changes and to request new keys.

4. Once the majority of the key requests have been filled, the rest of the lock changes will begin.

DO I NEED TO ORDER KEYS NOW?

There is an urgency to order card access override keys, if your sites are being changed to card readers.
All other requests should wait until the communication is sent out to all AB employees. That will ensure
that there are sufficient keys in stock to process the requests.

HOW DO I ORDER KEYS?

To simplify the process, a "bulk" key request form has been developed. A copy is attached. Once the form
is complete, it should be mailed to "teluslock.key@telus.com" with a cc to the authorizing manager.

Additional questions or concerns should be directed to me at the contact information below.

Regards,

Ginger Spurgeon
Physical Security Specialist
10 TPS 10020 100 Street
Edmonton AB T5J 0N5

tel. (780) 493-3699
fax. (780) 493-3998




-->

<cyb0rg_asm> i heard there's a new drug that gives men multiple orgasms.. they're still debating
whether or not to release it publicly
<eidolon|DnD> cyb0rg_asm: sweet
<theclone> crazy
<cyb0rg_asm> yeah, instead of pearl necklaces we could be giving the ladies pearl turtlenecks!


-->



Disabling Deep Freeze

The author of this text takes no responsibility for your actions.


In this text, I will discribe how to disable deep freeze 2000xp 4.10. The
methods discribed in here are relevent to this version of deep freeze and
possibly others as well.

Deep Freeze is a computer program that works like an etcha sketch. You bring
out the etcha sketch, you start doodling it, and when your done, all you
need to do is give it a shake and it all goes away.

Deep Freeze loads up your operating system, and your operating system is all
on top of deep freeze. You go to porn sites, get infected with worms,
accidentaly delete command.com and on restart everything comes back to the
way it was.

Registry settings will go back to the way they were, and all programs will
go back to the way they were.

Once deep freeze has loaded up on a computer, you cant simply disable it and
be able to write to the hard disks. No sir. If deep freeze is loaded,
nothing will be changed after a reboot.

Deep freeze is good like that. It's great for schools where students like to
play with system files and in offices where people like to view e-mail
attachments and accidentaly get infected with worms.

So, being the person that I am, I found that the way my computer was frozen
wasn't exacltly the way I wanted it to be frozen. I wanted some things on it
different when it boots up. For example, the refresh rate of the monitor was
set too low. I wanted it at 85hrz, but every time I booted it would be at
60hrz and I had to change it EVERY TIME I BOOTED UP! It got to suck. First I
found that if you held down shift and double clicked the deep freeze icon
you get the deep freeze login screen. Theoreticly you could brute force it,
but who knows how long that might take.

So I started researching on how to disable deep freeze. It is so very easy,
and here's how you do it in three easy steps.

1) Create a DOS boot disk and boot from it.

2) get into c:\progra~1\hypert~1\deepfr~1

3) Copy DFSERVEX.EXE to another folder (I like C:\progra~1\ but put it
wherever you want, just aslong as it's not in this folder)

Now deep freeze is disabled! To re-enable deep freeze, just copy that file
back into the folder and your computer will be totaly frozen again.


Why this works.

This works because DFSERVEX.EXE is a file that deep freeze needs to freeze a
machine. Without this file, deep freeze can't freeze anything.

I have been told that on older versions of deep freeze that the actual file
is called PERSIO.SYS, a driver or something in the same folder, but I can't
comment on this myself.

How can sysadmins prevent this? Making the hypertechnologys folder hidden
wouldnt hurt, but the real big one is to have a password to get into the
bios setup and disalow booting from anything but the hard disk.


Recommended Reading:

http://www.elitehackers.com/ubb/ultimatebb.php?ubb=get_topic;f=1;t=004522
http://www.deepfreezeusa.com/index.htm

Have fun :)



-Aftermath

03/04



--->


<nach0> How's the wife? Is she at home enjoying capitalism?


--->




No Sleep Magazine Interviews The Clone

By: Jackel

03/04

Inspired By The Epic Interview I Have Decided To Do One About The Man
Behind Canada's Longest Running Online Zine; K-1ine. Thats Right, The Clone!

The Canadian scene is often over looked, the media tends to focus more on the
American Hacking/Phreaking side of things (although it often paints us as evil
doers and nerds with no life). Hopefully in this article the people who are not
familiar with the Canadian H/P scene will notice we have the same problems as
everyone else.

I have noticed most of the attention in the Nosleep community going toward H3C
so inspired by the Epic interview, I have decided to concentrate on Hack Canada
and Nettwerked.



NoSleep: How Long Has it Been Since You Started Up Nettwerked?

The Clone: I started Nettwerked on May 22nd 1999. So about 4 years and 8 months.
Nettwerked was originally a site I started on Hypermart.net as a place to publish
my writings, specifically articles surrounding phone phreaking.

NoSleep: What Is Your Relation To Hack Canada?

TheClone: My relation to Hack Canada? Good question. I first learned about Hack Canada
from my friend Wizbone back in December of 1998. We were both into phreaking quite a bit,
and we had even started a not-so-serious group we liked to call "Telus Watchers". Telus
Watchers was also hosted on a crappy freehost known as Hypermart, and like Nettwerked
contained phreak files, and the like. Eventually Wizbone e-mailed the webmaster of Hack
Canada, Cyb0rg/asm, congratulating him on the great site, mentioning our group, and
getting to know him and the rest of the members a bit better. After a few months of
building up the friendship with Hack Canada, I was asked to join the ranks. And the
rest my friends is history.


NoSleep: What was your first H/P experience?

The Clone: My first phreaking experience was when I was 11 years old. I did a dialing
of numbers... hand-scanning or "skanning" as some of us call it. Found a lot of inter-
esting systems, tinkered a lot, broke into some things that I probably shouldn't of
broken into it. Found a lot of interesting systems. Learned a lot about Nortel PBX's
as a kid, and that "need-to-learn-about-everything-telecom" has truly stuck with me
to this day... allowing me to meet great people and learn a hell of a lot more than I
could have ever imagined.


NoSleep: In Your Eyes, What Makes The Hack Canada/Nettwerked Scene So Special?

The Clone: We contribute... a lot. We contribute more articles and projects than an other
so-called hacker / phreak groups do today. We've always respected what L0pht / LOD did,
and in a way, we're keeping that h/p candle burning with our own stuff. One thing that
makes Hack Canada and Nettwerked so special is that we allow anyone to get involved and
write for K-1ine, and our sites. We have that open door policy that a lot of people tend
to respect about us.


NoSleep: What Major Projects is Nettwerked/HC taking on?

The Clone: Hack Canada is involved in a couple of projects that I was forced to sign non-
disclosure agreements over, so at this time I cannot say what those are. However I am
happy to announce that Nettwerked is involved in an outstanding project it calls the
"Anti-Tempest Computer Project." The Anti-Tempest project is a collaborated effort by
associates of the Nettwerked.net collective to create a fully functional / operational,
"secure" anti-emanation computer using Canadian Government-certified / CSE (Communications
Security Establishment) and Ontario Hydro-approved tempest equipment. Originally this
machine (with a 386SX processor, and custom-made and well labelled parts) was picked up
from Government Surplus Sales in Edmonton Alberta in the mid-1990's by Cyb0rg/asm. After
years of dragging this extremely heavy and fairly large computer around, he got sick of
it and gave it to The Clone as a present for his 20th birthday in hopes he might have more
use for it. Well, it's been a couple of years and after sitting on this project for too long,
The Clone is finally getting the proverbial ball rolling with the help of the official
building team (H1D30u5, Kankraka, Wizbone) and making this Anti-Tempest computer into more
than a glorified paper-weight.


NoSleep: How Does Nettwerked/HC cope with the people who are just there to Bring the scene down?

The Clone: We ignore them and they usually just go away. Or if that fails, we pay off a certain
italian organization, and they are happy to make "those people" disappear for a minimal fee.
Joking of course... or am I? :-)


NoSleep: I Know Hc/Nettwerked has had some problems with
people "selling out" what's your take on that?

The Clone: It has? You mean making a living? If attempting to make a living while being a member
of Hack Canada, and running Nettwerked, then I guess I'm a sell out. A corporate machine and
without a soul. Zing. Selling is out when the un-corporate ideals you once held so dear are
thrown out the window in place of a comfortable suit-job, where you suck the executive's cock
for job security. Ask the "people" who joined @Stake. They'd be happy to endulge you.


NoSleep: How Much Porn Is Too Much?

The Clone: You're asking the wrong guy. I worked at a porn company as a writer, beta tester and
online support for nearly 2 1/2 years. I've seen more porn in that timespan than most average
Joe's see in a lifetime. To answer your question; too much porn is when you start neglecting
your friends, family, and work for it.


NoSleep: K-1ine has been Canada's longest running H/P zine, how many readers do you have and
after 42 issues are you concerned that is it becomming a little "stale"?

The Clone: I don't know how many readers K-1ine has since it's archived across the Internet on
sites like textfiles.com, wiretapped.net, and Hackcanada.com. I'd say I've had thousands of
people read the 'zine. But if you're wondering how many people are on my mailing list, I have
about 300+. Stale? Of course not. One thing that will never happen with K-1ine (at least I hope),
is that the contributing writers will stop coming up with phresh new articles. But since technology
is contantly changing and the creative juices of hackers are always flowing, my answer is no. So
here's a suggestion to everyone; don't want K-1ine to become stale? Then sit down and start writing.
Thanks.


Nosleep: Would You Care to give us a brief history lession about HC/Nettwerked?

The Clone: I think I summed it up quickly in answer #2.


Nosleep: Got Any Shouts or props you would like to send out to anyone?

The Clone: Yeah, I'd like to give props to Hack Canada, Nettwerked, and NoSleep Magazine. No names
in particular, as I'm sure I'll forget someone and I'll have them whining obsessively, biting my
ankles, wondering why I didn't mention their name in this interview. heh.



-->


<Pokeon> well back to my THG vids
<theclone> what's that, underage anime pron for juniors?

-->




Internet Psychology
Now he was getting somewhere.


By: aestetix

Joe scanned the screen for certain serial numbers he'd recognize, dates of copyright, version
numbers. Anything to help him to identify where it was he'd just got himself into. He was
looking at a daemon scroller, but not a typical Apache or Redhat configuration like he was
used to. This one was cryptic, not hidden like the one in WarGames but jargled to where it
seemed like there was something important that someone not important wasn't supposed to read.

Naturally, Joe wanted in.

In a day where 99.999% of the world was used to seeing cute flash advertisements in a standard
web page format using the latest W3C XML technologies, he'd managed to find this bizarre server.
Nobody used telnet anymore if they had something important to share; SSH had taken over the net.

Where the hell did he even find this server? It definately wasn't in a routine slashdot comment,
or a tracert of some spam email. Maybe he'd picked it up sniffing AIM packets or something.
Actually, it was more likely he'd found it in IRC somewhere. But it didn't work right away, like
a normal server. Then he ran a trace of the server, found it was in Russia... probably only
accepts Russian computers, something this secure. Step one, look up class numbers for Russian
ISPs... step two, change IP address. Very rarely would a server running ip authority checks look
at your MAC address too, so he was clear.

Change the IP address, log into the server and BLIP! it connected, only to display that junk.
Hmmm, gotta figure it out. He copied the jargon into Google, to no avail. Ok, maybe ROT-13,
just for kicks. Nothing. Pop over to neworder, run a search.... three results, two crap, this
one looks like it might work. Strange name for a server, but what is this? It's almost like a
buffer overflow, but those are carefully fixed now. Couple RFC references, browse through,
here's some interesting syntax... looks like a wierd cross between HTTP and SSH. So maybe
the server doesn't actually use telnet, but it performs a node translation.... bizarre.

This is the dead time, like writer's block, when you thought you'd gotten somewhere but realized
you've only scraped some sand off this massive steel door. None of the pieces really fit anywhere,
it's like one of those LucasArts games where you wander around repeating the same thing 50 times
because you have no idea what to use. Ninety percent of the time, when you get here it's over.
Either there's some insane Netscape plugin you need to listen to the sound that's really not all
that important, or you realize you haven't even looked up the cake recipe for your mom yet.

But a few relentless devotees won't let it go. They're the hardcore. Some call them idiotic,
others call them elite. These are the people who show up at school or work looking like a
train hit them, mad at the sun and the annoying test they didn't study for. They live off
caffeine like a badger needs garbage, and while they seem completely socially inept occas-
ionally they become the life of the party. They don't really need a party though, if they
have a good book, a computer, or someone to prove wrong.

Joe logs into IRC, server irc.0062.net, pops into his normal channel. "Hey, everyone, look
at this!" he says. He mentions the basic nature, private messages the specifics to the three
or four users he's known for over a year. Let's see if they can help. Half the channel is
debating ideas Joe's already considered, the other half goes into a stupid flamewar. The
trusted users, like v3nus and y7ta, are the only ones he really makes progress with. Each
of them log into the server, same conclusion.

Is it corporate? No, too secure. Could it be a university testing a new protocol? Possibly.
Maybe it's government. That sounds way too much like a movie though. Joe imagines the secret
service busting down the door any minute, even though he knows it's completely legal to dial
into a system, provided he doesn't access anything. Or at least that's what the logs say.
It feels strange in one sense, but silly in another. He knows it's most likely some kid who
configured his daemon to output jargon so he could show off to his kid friends ("Look, I know
how to change the config files!").

At this point, maybe the only thing left stimulating him is the insane techno music streaming
from a 24/7 server, though he has no idea who's playing or how long it's been. Something to
sink into, a trancey beat, yet with enough bass to propell him into the hunt. With the music
everything he does seems a little bit cooler, even if he has nobody else to show off his skills
to. He doesn't need to, anyways, because anyone who needs to know already does.

Suddenly y7ta messages him, sends him a really obscure web address. But it's dot cx, which he
recognizes immediately as Christmas Island. Figures, it's probably some asshole's sick idea
of a joke, But y7ta wouldn't do that to him. He loads up the site. Odd, it's a short story
about a new internet protocol, something that combines HTTP and SSH to form a new language,
one that allows a terminal window to display graphics. That's really fucked up.

He picks up the RFC of the protocol, looks it up. Absorbs it. All this new syntax. Amazing.
He knows what he wants, a directory list. So he figures it out. Logs back into that server,
gets the empty prompt, pastes his request. There's a dot stp file, which works with this new
protocol. Fucking sweet! He's rocking, he's rolling, screw that dead type, he's gonna get it.
The beats play in the background, but he doesn't need that anymore. He's almost beat the
challenge! Back to the RFC, needs to load up that file. Puts in the proper request syntax,
waits five seconds.... and his terminal screen fills up with the ass of goatse.


--->


<port9> I want to meet cyborg..
<port9> I'd be like, "Hello cyborg." And he'd be like, "Uh, hi.. who are you^" and I'd be like,
"I'm port!" and he'd be like, "Port who^" and I'd be like, "port nine!" and he'd be like, "Umm,
right" and I'd be like "Yeah!" and he'd be like, "So, when's your mom coming to pick you up" and
I'd be like "7!" and it'd be cool...

--->



Why AI is Possible

By: aestetix

"A strange game. The only winning move is not to play. How about a nice game of chess?" One
of the greatest challenges in modern technology is creating a program we can recognize as a
sentient being. Although the topic has been explored in dozens of movies and hundreds of
stories and novels, we still seem to be stumped. A common stipend is that the "consciousness"
which humans seem to have cannot be recreated in logic-- there are many impeding factors like
emotion. This has been a real roadblock, especially in the last two decades: MIT AI Lab founder
Marvin Minsky has been on record numerous times attacking research, accusing students of wasting
their time with ideas they don't understand. Despite this roadblock, there are still evolving
theories as to how one can create consciousness.

A common criticism is that humans have an uncanny ability to "think", which is impossible to
duplicate in a machine because we simply don't understand it. While theories are proposed left
and right, they all fall into the same trap of assuming that with logic complex enough, consci-
ousness will eventually create itself. This is almost equivalent to a child thinking that he has
created a computer system because he has compiled assorted hardware and installed an operating
system; even though he has no real conception of how the system works together, the logic all
fell into place, made the appropriate connections, and his computer works. In fact, many people
unknowingly view computers as conscious beings because they -do- work. However, they immediately
disavow any notion of this because, for example, the computer doesn't know how to find a floppy
that's next to the drive but not in it. Of course, this falls more into the fault of the human
who doesn't know the proper language and etiquette necessary to converse with the system.

Let's approach this from another angle: a common laborer doesn't need to know the physics of
how a bookshelf works to assemble one, provided he has the instructions. In fact, most of the
time he doesn't even need instructions, because he is given input (boards, screws, etc) and
with basic logic (match screw 1 to hole 1) he can assemble the board. The question is, can
this thought process be represented entirely with logic? It's the same problem a child
encounters when she is given a board with holes of shapes in it, blocks of shapes, and
told to match them up. She puts the triangle to the square, and because it doesn't go in,
she moves it to the triangle with success. The key is that she eventually -remembers- this,
so that perhaps in another dozen attempts, she won't make the error. It seems easy enough to
imagine creating logic that will mimick this: imagine a robotic arm that's programmed to insert
the triangle in the triangle block, repeating the exact trial-and-error process. If a program
is capable of learning on this level, then theoretically it can learn on -any- level. This
concept extends to the movie WarGames, in which the computer account "Joshua", after repeated
attempts at playing a game, is able to learn how to "win."

Perhaps we view "consciousness" as being extremely complex because we just don't understand it yet.
A good mathematician knows that the simplest answer is always the best one, and likewise, it seems
that consciousness should be easy to describe, once understood. An example of this, albeit dealing
with animal instincts rather than human thought, is Craig Reynold's "boids" experiment. Essentially,
he went out to a park every day for months, making hundreds of observations, trying to understand
how the flocking patterns of birds is achieved. Eventually he managed to narrow it down to three
simple rules, which, when he wrote into a computer program, imitated the flocking far better than
he had predicted.

Here's an interesting scenario: is it possible to create a program that can analyse source code
and tell you what language it's written in? At first, this seems really rudimentary, and something
even the most primitive compiler/parser in capable of. But take it to the next step. What if you
deliberately insert semantic errors in your code (ie "printg()")? Even the most idiotic human can
probably glance at this and see the error, but can the computer? Moreover, what if you're using
one of the newer language systems like PHP, where you can mix two or three languages into the
same page? Your "analyser" will be registering all kinds of HTML source, then it gets hit by
Javascript, then PHP! Or what if you've written a program that outputs itself in a different
language? (ie "printf("PRINT \'HELLO\'"). Finally, what is the program is trying to analyse itself?

Your chances of creating this program seem kind of hopeless at this point: however, there is one
thing to keep in mind. While there are still an infinitude of possible challenges that can come up
in practice, there is still a single axis on which the biological eye rotates. Your scenarios may
change, but you do not. The key difference is that you can remember the thought pattern you used
to tackle these problems: you can learn. The human mind has a sort of "database" of memory it can
analyse to attempt to recall certain skill sets, and we are coming closer to finding out how this
database is built. Of course, once we've created the database, we still need to construct tools
that can read it. But reconsider the previous challenge: say you come across a language and want
to figure out what it is. You take in different pieces of your object, and your brain looks through
your memory to find a matching thought or skill. If we can get a program to run "the last time I
saw an instruction like this, I used the fuction to output text to the monitor" instead of "IF
INSTRUCTION THEN PRINT", we've tackled one of the biggest obstacles in AI.

There's a lot of work with AI related pattern recognition going on these days: voice recognition,
ad blocking software, etc. But a key problem is that sometimes the algorithms recognize a pattern,
but not the pattern we want it to find. For example, a picture of a person's face might be blocked
from a web browser because the placement of peach pixels in the photo matches a pattern for porno-
graphy. From a fundamentalist AI viewpoint, these ideas still suffer from following instructions,
rather than thinking on their own. However, a more liberal voice may point out that almost all
human decision can ultimately be mapped out in logic, implying that a program could eventually
be written, similar to Joshua, which would, after processing multiple images, learn to distinguish.

Ultimately, there are two large barriers keeping AI from advancing: our limited understand of our
own consciousness, and the presumption that AI cannot exist. Of course, 150 years ago we knew that
humans could never fly, and 25 years ago Bill Gates knew that a computer would never need more than
640K of memory. AI has progressed from primitive forms like an electronic chess game to extremely
advanced ideas like Will Wright's "SimCity" and "The Sims". There are so many advances it's silly
to even try to list them all, but each one of them reflects a move closer, in some cases a pivotal
discovery, to creating AI.


--->


<port9> GIBS ME SHIT WOMAN! *sniff* I miss the old to2600...
<kankraka> right there, i like that
<port9> Such a great group in its day..
<theclone> what is it now...
<theclone> :x
<kankraka> a gay bar


--->



0x01
<====================>
<== Number Systems ==>
<== By: Ice ==>
<====================>

0x02

This article is just a simple introduction into number systems including the Decimal Number system,
The Binary System, The Octal and Hexadecimal number system. The article will look into some simple
conversions and basics of these Number systems.

0x03

The Decimal Number System
------------------------->

The most popular number system is ofcourse the decimal system (Base 10). This system includes ten
different symbols, they are (0, 1, 2, 3, 4, 5, 6, 7, 8, 9). This system has been used for thousands
of years, but it's not well suited for modern computers. Therefor, we have three other systems that
are used by computers, they are Binary, Octal, and Hexadecimal.

Each Number has a Face Value and a Place Value, Lets look at this by using the number 666.

Face Value Place Value
---------- -----------
6 100 = 10 ^ 2
6 10 = 10 ^ 1
6 1 = 10 ^ 0

Lets look at a example that has a decimal in the number like 1884.36

Face Value Place Value
---------- -----------
1 1000 = 10 ^ 3
8 100 = 10 ^ 2
8 10 = 10 ^ 1
4 1 = 10 ^ 0
3 .1 = 10 ^ -1
6 .01 = 10 ^ -2



As you can see, this is pretty simple, not very complicated at all. You can also write this in an
expanded form.

666 = (6*10^2) + (6*10^1) + (6*10^0)
= (6*100) + (6*10) + (6*1)


1884.36 = (1*10^3) + (8*10^2) + (8*10^1) + (4*10^0) + (3+10^-1) + (6*10^-2)
= (1*1000) + (8 *100) + (8*10) + (4*1) + (3*.1) + (6*.01)

This is pretty much the same thing as the Face and Place value method.

As you can see, the Decimal Number system is very easy to understand and use. Lets look at Binary
System know.

0x04

The Binary Number System
------------------------>

The Binary Number System (Base 2) has two symbols, they are 1 and 0. This system is appropriate
for electronic computers becuase its either a 1 (on) or a 0 (off). This system is very easy to
understand just like the Decimal Number System is.

Like Before, each number has a Face Value and Place Value. Lets look at two examples like we did
in the Decimal Number System.


Face Value Place Value
---------- -----------
1 8 = 2 ^ 3
1 4 = 2 ^ 2
1 2 = 2 ^ 1
0 1 = 2 ^ 0

Lets look at a example that has a decimal in the number.

Face Value Place Value
---------- -----------
1 8 = 2 ^ 3
0 4 = 2 ^ 2
1 2 = 2 ^ 1
0 1 = 2 ^ 0
0 .5 = 2 ^ -1
1 .25 = 2 ^ -2
0 .125 = 2 ^ -3
1 .0625 = 2 ^ -4

As you can see, the binary number system isnt very difficult to learn either. Lets write these in
expanded form as we did in the Decimal System.

1110 = (1*2^3) + (1*2^2) + (1*2^1) + (0*2^0)
= (1*8) + (1*4) + (1*2) + (1*0)

1010.0101 = (1*2^3) + (0*2^2) + (1*2^1) + (0*2^0) + (0*2^-1) + (1*2^-2) + (0*2^-3) + (1*2^-4)
= (1*8) + (0*4) + (1*2) + (0*1) + (0*.5) + (1*.25) + (0*.125) + (1*.0625)

Not very hard to understand, and is just as simple as the Decimal System. Lets look at Octal System.

0x05

The Octal Number System
----------------------->

The Octal Number system (Base 8) is just as simple as Decimal and Binary Number System. The Octal
system contains eight symbols, they are (0, 1, 2, 3, 4, 5, 6, 7). Lets look at some examples using
the Face value and Place value as we did before. (I will just show one example, including the decimal
point).

Face Value Place Value
---------- -----------
5 64 = 8 ^ 2
0 8 = 8 ^ 1
7 1 = 8 ^ 0
3 .125 = 8 ^ -1
4 .015625 = 8 ^ -2

Lets write it in Expanded form just like we did with the other examples.

507.34 = (5*8^2) + (0*8^1) + (7*8^0) + (3*8^-1) + (4*8^-2)
= (5*64) = (0*8) + (7*1) + (3*.125) + (4*.015625)

Just as the other systems, very simple.

0x06

The Hexadecimal System
---------------------->

The Last number system is the Hexadecimal System (Base 16). The Hexadecimal system contains 16 symbols,
they are:

0, 1, 2, 3, 4, 5, 6, 7, 8, 9, A (10), B (11), C (12), D (13), E (14), F (15)

Dont let the Letters confuse you, its very simple once you remember them and get some practice with
the Hexadecimal System.

Lets look at some Examples:

Face Value Place Value
---------- -----------
2 256 = 16 ^ 2
F (15) 16 = 16 ^ 1
7 1 = 16 ^ 0
4 .0625 = 16 ^ -1
A (10) .00390625 = 16 ^ -2

Lets see this example written in Expanded form:

2F7.4A = (2*16^2) + (F*16^1) + (7*16^0) + (4*16^-1) + (A*16^-2)
= (2*256) + (15*16) + (7*1) + (4*.0625) + (10*.00390625)

Same as before, not very difficult.

0x07

Converting Any Base to the Decimal System
----------------------------------------->

There are many more ways then doing this, i am going to show you the expanded form way.
Lets look at some examples:

Binary Example
-------------->

1.011 = (1*2^0) + (0*2^-1) + (1*2^-2) + (1*2^-3)
= (1*1) + (0*.5) + (1*.25) + (1*.125)
= 1 + 0 + .25 + 1.25
= 1.375

So 1.011 (Base 2) is 1.375 (Base 10)

Because we are using the Base 2 system, we uses 2^x.

Lets look at this Example in the Face and Place Value method.

Face Value Place Value
---------- -----------
1 1 = 2 ^ 0
0 .5 = 2 ^ -1
1 .25 = 2 ^ -2
1 .125 = 2 ^ -3

Octal Example
------------->

616.7 = (6*8^2) + (1*8^1) + (6*8^0) + (7*8^-1)
= (6*64) + (1*8) + (6*1) + (7*.125)
= 384 + 8 + 6 + .875
= 398.875

So 616.7 (Base 8) is 398.875 (Base 10)

Because we are using Octal System in this example. We use 8^x.

Lets look at this Example in the Face and Place Value method.


Face Value Place Value
---------- -----------
6 64 = 8 ^ 2
1 8 = 8 ^ 1
6 1 = 8 ^ 0
7 .125 = 8 ^ -1

Hexadecimal Example
------------------->

D39 = (D*16^2) + (3*16^1) + (9*16^0)
= (13*256) + (3*16) + (9*1)
= 3328 + 48 + 9
= 3385

So D39 (Base 16) is 3385 (Base 10)

Because we are using Hexadecimal System in this example. We use 16^x.

Lets look at this Example in the Face and Place Value method.

Face Value Place Value
---------- -----------
D (12) 256 = 16 ^ 2
3 (13) 16 = 16 ^ 1
9 1 = 16 ^ 0

0x08

Converting from Decimal to Any base
----------------------------------->

Binary Example
-------------->

Know that you have a basic understanding of how the number system works.
You will be looking at diffrent types of conversions.

Lets start with a Binary Example. This example will convert 52 (Base 10) into Base 2.

2^5 = 32 = 1
2^4 = 16 = 1
2^3 = 8 = 0 Our answer is 52 Base 10 is 110100 in Base 2.
2^2 = 4 = 1
2^1 = 2 = 0
2^0 = 1 = 0

Lets have a closer look on how we did this converstion.

The first rule is that the place value number cant be bigger then the number we are trying
to convert. (So if we did 2^6 is 64. We can't use this because its greater then 52. So the
highest we can go is 2^5).

Know, 32 fits into 52 once. So we put a one besides it. We then go to 16, we add it to 32 = 48.
We go down to the 8 and try adding it to 48. We cant do this because it will be higher then 52.
So we place a zero. We go down to 4. We add 48+4 = 52. Bingo.. We got it, We place a 1 and place
a zero on the other numbers that we dont need.

So we got one 32 + one 16 + zero 8 + one 4 + zero 2 + zero 1 = 52

So our Answer is 110100 Base 2

Octal Example
------------->

Same rules apply as they did above, the only diffrences is that we are in the Octal number
system and use 8^x.

Lets look at a example. In this example will convert 112 (Base 10) into a Base 8 Number.

8^2 = 64 = 1
8^1 = 8 = 6 Our answer is 112 Base 10 is 160 in Base 8.
8^0 = 1 = 0

Lets have a closer look on how we did his converstion.

Because the Octal Number System has 8 digits, we dont need to use 1's and 0's like in the
Binary example.

Know, 64 fits into 112 once. If we used two 64's, it would be 128, you cant do this because
its bigger then your number. Know we use six 8's.

One 8 (64 + 8) = 72 (To Low, We can go higher)
Two 8 (64 + 8 + 8) = 80 (To Low, We can go higher)
Three 8 (64 + 8 + 8 + 8 ) = 88 (To Low, We can go higher)
Four 8 (64 + 8 + 8 + 8 + 8) = 96 (To Low, We can go higher)

Well you get the idea...

So six 8 = (64 + 8 + 8 + 8 + 8 + 8 + 8) = 112 (Thats our Original Number)

And we dont need any 1's because we hit 112.

So the answer is 160 in Base 8. This isnt very difficult once you get the hang of it.

Hexadecimal Example
------------------->

Lets look at the Hexadecimal Number system using this method. We will convert 220 (Base 16)
to Base 10.

16^1 = 16 = D (13)
16^0 = 1 = C (12)

We cant go 16^2 because that is 256 and its higher then our number.

We can fit 16 thirteen times into 220. This will give use 208 (16*13).
Know we need 12 one's, this will give use 220 (208+12).

So the Answer is DC in Base 16. As you can see, Hexadecimal isnt very difficult to do.

0x09

Converting Decimal Fractions to Any Number System
-------------------------------------------------->

Binary Example
-------------->

Lets start with a Binary Example. Will convert 0.3 (Base 10) to a Base 2 number

0.3*2 = 0.6
0.6*2 = 1.2
0.2*2 = 0.4
0.4*2 = 0.8
0.8*2 = 1.6

= -----
.01001 (Base 2).

Lets get a closer look on how we did this. You first multiplied 0.3 by 2 (Base 2) and we
received 0.6. Know you take the last digit witch is .6 and multiply it by 2 and you get 1.2.
Then you take the .2 and multiply it by 2 and you get 0.4. You take .4 and multiply it by 2
and you get 0.8. You take .8 and then multiply it by 2 and we get 1.6.

You may ask, why are we stoping here, well, its simple. We cant take the .6 and multiply it
by 2 because we all ready did this. Meaning the numbers will be in a infinite loop. So know
we take the left site digits (0, 1, 0, 0, 1) and thats our answer. We put a line above the
numbers representing the infinite loop.

-----
So our answer would be .01001 in Base 2

Octal Example
------------->

Lets look at a Octal Example know. We will convert 0.1 (Base 10) to a Base 8 number

0.1*8 = 0.8
0.8*8 = 6.4
0.4*8 = 3.2
0.2*8 = 1.6
0.6*8 = 4.8

------
= 0.06314 (Base 8)

The same rule applies, and the same method is used. Lets see how we did this in the Octal System.

So, we multiply by 8 because we are converting to the Octal System. Know we multiply 0.1 by 8 and
get 0.8. We take the last number .8 and multiply it by 8 and get 6.4. We take .4 and multiply it
by 8 and get 3.2. We take .2 and multiply it by 8 and get 1.6. We take the .6 and multiply it by
8 and get 4.8. We stop here because .8*8 will be repeated again. This means the same patter will
go on and on and on... you get the point

------
So our answer would be 0.06314 in Base 8.

Hexadecimal System
------------------>

Lets try a Hexadecimal System example. We will convert .2 (Base 10) Into base 16.

.2*16 = 3.2

-
= 0.3 (Base 16)

Hehe, Looks like this one is pretty short and simple. I dont think i need to explain.
It's simple enough = )

I will explain it, just in case if anyone needs one.

We multiply .2 by 16 (Because we are converting to Hexadecimal) and we get 3.2. We cant use .2
because it will be infinite loop of so .3 is our answer.

0x0A

Conclusion
---------->

Well I hope you enjoyed reading this article as much as I enjoyed writing it (My First Article I
have written). There might me some spelling mistakes (Not the best Speller). I will be making
another part to follow this one. It will include some other conversions and Number System Arith-
metic such as Addition, Subtraction, Multiplication and Division.

I would like to give a shout out to

UndergroundNews ==> www.undergroundnews.com
Iced Reviews ==> http://ice.promodtecnologies.com (come review some stuff if you have time =] )
Everyone at HackCanada and Nettwerked

EOF




--->



<theclone> fruedian slit^h^h^h^hslip


--->




Cheap And Effective WireTapping


By Jackel

Disclaimer

**********************************************************************

The information contained in this document is for educational purposes

only and I take no responsibility for any actions you may take with use

of knowledge. So it's not my fault if you get put behind bars.

**********************************************************************



1.Intro

Anyone who can beige box can easily do this, and for those who don't know
how to beige box this article will teach you how to do this. Before we start
you need to know that wiretapping is a gross violation of privacy and is
highly illegal (the cops need permits to do wiretaps) this means possible
jail time if you are caught doing this and i am in now way to be held
responsible if you fuck up or are spotted doing this.

2. Time

Time is the most important factor when doing wire taps. Most likely you either
know the victim or its some one you have put a great deal of time and effort
into researching and stalking. This means you know their daily schedule, when
they get up, when they sleep and when they go to take a piss. If you have no
idea of their daily schedule then this is best preformed around 2-3am on a week
day when everyone is safely tucked away in their beds and have no clue what is
about to happen to them.

Now another easy way to get this done but a little more risky is to dig out
that old Telus Tech uniform you swiped from the clothes line a few months
back and has been collection dust in your closet and put it on. This is where
your Social Engineering skills really shine, what? you have never even social
engineered a operator? Then turn around right now because you need these type
of skills if you are ever going to do any work in the field. Working in the
field is unpredictable, you have to be aware of your target area and what goes
on in a regular day in that area. I have spent hours on end just sitting in my
car watching the same area day after day just to get a good grasp of what goes
on and so I'm not supprised when I carry out my dirty deed. So Unless you want
to end up next to "Bubba" take my advice. Now after you get all dressed up, and
have all your accessories on... its time to head to the house. Keep in mind your
target is the telecom box outside the house it will usually be near the gas/water
meters, but I will get into that later.

After you finally work up the balls to go and lie your ass off to the poor house
wife or kid

  
of the person you are targeting you will need to come up with a cover
story like "There are been some surges in the phone lines in the past couple days
and we need to intall a surge protector to safeguard your lines" remember 99% of
people dont know how their phone line works or the components that it needs to work
or keep working so if you look like a telus tech and sound like you know what you're
talking about 99% of the time they will let you in and just ask simple questions like
"how did this happen" or "why did this happen" so be prepared to answer all of these,
as I stated before the field is unpredictable. Once you are able to gain entrance to
the residence of the victim and get access to the telecom box its all down hill from
there.


3. The Bug

These things are just beautiful, they aren't the 200 dollar bugs the RCMP uses and
there are downs to using them but realistically some of us can't afford those (and
you have to special order them in from Japan, also technically they will only sell
to Law Enforcement or other related purposes). You can find these "bugs" at your
local Radio Shack or the Radio Shack will order them in for you, they are simply
Wireless Microphones that work on a FM frequency (yes these will fit into a telcom
box and aren't those big stage mics you find people using at a concert). They usually
cost around 20-25 dollars. The instructions on how to set the FM frequency are on the
back of the box.


**TIP**

I usually set the bug on a high end FM frequency, as you don't want to hear a radio
station when trying to listen to your victim.

Upsides To This Bug:


1. Cheap

2. Expendable


Downsides:


1. If a tech opens the box its the first thing he sees

2. If the poor bastard you're tapping happens to be radio surfing and comes across the
frequency you have the bug on and just happens to be talking on the phone he will hear
himself (but what are the chances of that?)

3. The Exploit

Okay after you have social engineered you're way to the telecom box (please don't say
you don't know what a telecom box looks like), if you can't find it then your cover
is blown and your life as a phreaker will be short lived indeed.

Now once you have located the telcomm box you will need to open it, easy enough, there
are usually 2 bolts, it would be wise to bring a wide range of screw drivers and ratchet
heads with you because the bolts the dominate telecom company in your area uses may not
be the same ones that they use in my area.

After you have opened up the box you will see 4 medium sized metal bolts there are for
lines 1 and 2 in the house I assume you know what line you want to tap. Now at this point
unless the person is paranoid or has nothing better to do they should have left by now
and if they have'nt my advice is to poke around a little bit, mumble something about
crossed wires to your self then tell them that this may take a while and you're not sure
if you have the tools required to finish the job. After that hopefully the target will
leave now after that little annoyance is taken care of you will need to get the bug out,
there will be a mic attached to a wire. Cut the wire right at the base of the mic.

**IMPOTANT YOU WANT AS MUCH OF THE WIRE LEFT ATTACHED THE THE AM/FM TRANSMITTER AS POSSIBLE**

... because the more wire you have, the more you get to wrap around the line bolts. Now to
expose the wire of the mic all you need to do is strip it, but what if you find yourself
asking "But Jackel, all I do is whack off and I don't have the dexterity necessary to strip
the wires and I always cut right through it!" Well then I can't help ya, sorry. Get a girl
and leave phreaking behind :)

It's time to do the actual wire tap now. Inside the rubber insulation you melted or stripped
off there should be 2 wires, attach these with alligator clips or you can just wrap them
around the 2 bolts (attach the wires to the bolts that are located horizontally beside each
other, not vertically. While attaching the wires, for the well being of your hand for the love
of god do not get your finger or hand to complete the connection between the two bolts. The
shock won't kill ya but it fucking hurts like hell. I know, I've done it many times.

After you're all done close the box up and make up some bullshit story about how it is all
fixed and the victim shouldn't be having anymore problems. If they do just call (insert fake
number here).


**TIP**

Line 1 is usually the house line while Line 2 is usually used for the comp if the target still
uses a dial up modem. In that case you can just have more fun with them. Or the line could be
used by the teenage son/daughter that never gets off the phone if they happen to have one of
those.


5. Conclusion

After it's all said and done, just walk back to your car, turn the radio on to the frequency you
put the bug on and wait to get some dirt on your victim. But remember that the bug has a very
short range so don't go more than a block away.


Shouts: NoSleep Crew, All Of Nettwerked, Theclone, Kankraka, Port9, Hades, Tek, tr00per,
Treephr0g, Papa Kybo ;), H1D30U5, and all the others I forgot. I'm very sorry my friends.


<Kankraka> its like im retarded

Forgive Me My Friend For I Have Sinned >:)



--->


<deadprez> straight up dawgs. mah name iz deadprez n shyyte.
<deadprez> im the biggest poseur thsi syde of da calgary trax
<merker> oh yeah eh
<merker> which side of the tracks again ?
<deadprez> the wrong siiiiide
<merker> ha ha ha sure
<deadprez> I lied. I live in my parents basement and I act tough on IRC.
I really have a small bent wiener and I look funny.


--->



####################################
Crafting Symlinks for Fun and Profit
####################################

by shaun2k2 <shaunige@yahoo.co.uk>



--[ 0 - Introduction

Due to the recent hype of the more in-your-face class of program insecurities,
other, slightly more subtle vulnerabilities are often overlooked during the
auditing of source code. One of these classes of vulnerabilities is the "sym
link bug", which can indeed be *just* as dangerous as buffer overflow bugs,
format string vulnerabilities and heap overflows. Although often misconcepted
as "not critical", or "not that serious", it is my belief that symlink bugs can
be very serious in nature, and deserve just as much attention as buffer
overflow vulnerabilities have received - yet the array of papers regarding this
class of security holes is slim.

In this paper, I attempt to demonstrate and analyze the risks of sym
link bugs at large, providing interesting case-studies where necessary to
demonstrate my points. Information on preventing these sorts of attacks is
also provided, with general safe-guards against preventing them.

A knowledge of UNIX-like Operating Systems is assumed, and whilst not necessary
it would be helpful to have a working knowledge of C, C++, Perl or BASH
scripting.



--[ 1 - Symlink bugs: An Overview

So, you might ask, what exactly is a symlink vulnerability? In general, sym
link bugs are vulnerabilities which may allow an attacker to overwrite certain
or even arbitrary files with the permissions of the invoking user of the
vulnerable application or script. Typically, symlink bugs present themselves
due to lack of checks on a file, before writing to it. So, to put it simply,
symlink bugs exist primarily due to sloppy file handling in an application or
script. To make matters even worse, an application or script could be SUID
or SGID, thus eliminating the need for a legimate user to invoke the program -
the attacker can instead run the application or script herself, because of the
privileges the vulnerable application has due to the SUID/SGID pre-set on it.
In quite a fair number of cases, a symlink vulnerability exists due to the
application writing to tmpfiles, which contain data they may need to use at
a later time. Programmers, often enough, may forget to, or not feel the need
to perform checks when writing to tmpfiles - this is a common recipe for
trouble.

What sort of possibilities for an attacker can symlink bugs actually provide?
Well, this usually depends on the type of functionality the vulnerable program
was designed to provide. As stated above, the typical symlink bug allows one
to overwrite or corrupt files not usually accessible to themselves. At first,
this may not seem like a great window of possibility. But, when reconsidered,
this could prove promising; what if an attacker could control what was written
to an arbitrary file, or could otherwise trick the vulnerable application or
script to write to a *critical* system file which could possibly leave the
host OS inoperable? In certain circumstances, this possibility *does* present
itself, and in others, the attack has less impact.

So, how are symlink vulnerabilities exploited? In most respects, the leverage
of symlink attack is actually quite generic across most vulnerable scripts or
programs. As touched on above, such bugs usually occur due to poor or lack of
file checks before data is written, so a little bit of thinking provides us
with the answer: if a vulnerable application or script attempts to write to a
file (often tmpfiles, to store data to be used later) without sufficient checks
(i.e is the file a symlink? does the file already exist?), an attacker can
quickly create a symlink with the *same* name as the file which the application
is intending to write to - if the file handling routines are written insecurely
enough, the program will obliviously write to the file - *causing the data to
be written to where the symlink is pointing*. An attack like this can be
demonstrated as below:


---
root# vulnprog myfile

[...program does some processing...]

k1d$ ln -s /etc/nologin myfile

[...program writes to 'myfile', which points to /etc/nologin...]
---

In the above example attack scenario, the superuser ran a program with poorly
written file handling routines, providing the filename 'myfile' to vulnprog
for the relevant data to be written to. However, k1d happened to be looking
over the shoulder of 'root' at the time, and created a link from myfile to
/etc/nologin.

Although the chances of finding a program written poorly is not at all great,
the above scenario is useful for example purposes, and at least illustrates
how vulnerable applications are sometimes attacked. Though more critical
files could've been overwritten/appended with semi-useless data, the above
sample scenario does demonstrate the possibility of attack - if this had been
a real life attack, no users would've been able to login, due to the new found
existance of /etc/nologin. Thus, one can see why it is important to reveal
symlink bugs, and begin to write more secure code.

Although I have only discussed file writing routines being vulnerable to sym
link vulnerabilities, other possibilities do arise, such as routines which are
written to set privileges. An example scenario would be a SUID root binary
which at some point, changes the permissions of a file named 'test' or else
to 666. However, the routine does not sufficiently check the state of the file
'test', resulting in a potentially vulnerability. With this, an attacker could
create a link from 'test' to /etc/shadow.

A very common occurance of symlink vulnerabilities, perhaps the most common is
when applications create tmpfiles insecurely. Not only are the tmpfiles
created with predicable names, permissions are not correctly attributed, and
the program or script often does not even check if the file is a symlink.
This sort of problem is quite a common occurance - this is evident by the
vast number of 'symlink bugs' and 'tmpfile bugs' in the bugtraq archive.

In the example discussed above, the attacker could not control what was written
to the file, and the program did not have any special privileges (i.e SUID or
SGID), so exploitation of the vulnerability required a legimate user to run
the application. However, in some cases, the data written *can* be controlled,
and, often enough, the application is SUID root. It is obvious to anyone with
a minimal amount of security knowledge that this is not good - let us now
explore an discuss a classic example of such a vulnerability.



--[ 2 - Case Study: Sendmail 8.8.4 Vulnerability

This vulnerability is a classic example, though versions of sendmail vulnerable
to this attack are now pretty obsolete. The vulnerability presents itself when
the sendmail daemon cannot deliver an email, and thus stores it in the file
/var/tmp/dead.letter, incase the email was important to the sender. The
sendmail daemon stores the exact email in /var/tmp/dead.letter, exactly how
it was written, but what if /var/tmp/dead.letter pointed somewhere? Wouldn't
the exact email get written to the file /var/tmp/dead.letter was linked to?
Bingo! And since the attacker can write to an arbitrary file (a file of her
choice), and also chooses what will be written, this vulnerability is perfect
for example purposes. Although /var/tmp/dead.letter must be created as a hard
link, rather than a symlink, this is still a link vulnerability, and is of the
same class of vulnerabilities, in my opinion.

Example exploit techniques were provided during the discussion of the bug, when
it was discovered:


---
k1d$ ln /etc/passwd /var/tmp/dead.letter
k1d$ nc -v localhost 25
HELO localhost
MAIL FROM: this@host.doesn't.exist
RCPT TO: this@host.doesn't.exist
DATA
r00t::0:0:0wned:/root:/bin/sh
.
QUIT
---

Sendmail would then attempt to deliver the mail to 'this@host.doesn't.exist',
but soon determines that such a recipient does not exist. Due to the design
of sendmail, it drops the email message body into /var/tmp/dead.letter. It is
due to poor file handling routines that sendmail does not complete sufficient
checks on 'dead.letter' in /var/tmp, for possible pitfalls: the possibility of
/var/tmp/dead.letter existing as a hard link ('man ln' for more info) to an
arbitrary file of interest to an attacker. Instead, sendmail, assumably, just
sloppily writes the undelivered email to /var/tmp/dead.letter - this is the
manifestation of the vulnerability itself. And since the attacker can exploit
this sinister vulnerability to write arbitrary data, privilege escalation is
possible - the ultimate goal of an attacker.

Assuming the exploit worked, a new account with the name 'r00t' should exist,
with a blank password field, and root privileges. Migiting factors exist
which may prevent this vulnerability from existing, such as the account
'postmaster' existing, or /var/tmp being on a different partition, but we shall
assume the exploit worked, for example purposes.

---
kid$ grep "r00t" /etc/passwd
r00t::0:0:0wned:/root:/bin/sh
kid$
---

The vulnerability was indeed exploited successfully, let us now look at why
sendmail was vulnerable to such an attack in the first place. Several more
specific reasons might be given, such as where in the actual code the poorly
coded
file writing routine exists, and why it is insecure, but the two more general
reasons for the issue are outlined below:


- Sendmail is SUID root, thus giving it permission to do most anything.
- Sendmail did not check for the existance of /var/tmp/dead.letter being a
hard link - this is due to poor, insecure programming.


Although this provides an excellent example of the possible impacts of sym/hard
link vulnerabilities, it still does not provide much of an example of how they
manifest in program code. Below we will explore another case study in which
we will explore and exploit a sample 'vulnerable script', which is particuarly
sloppily written, and in it manifest an obvious symlink vulnerability.



--[ 3 - Exploitation: A Vulnerable Script

Below is a sample vulnerable script:

--- vulnscr.sh ---
#!/bin/sh

if [ -z "$1" ]; then
echo "Usage: vulnscr <file>"
exit
fi

echo "vulnscr - vulnerable to a symlink bug."
echo "writing 'Hello World' to" $1
sleep 3
echo "Hello World" >> $1
sleep 1
echo "Setting perms."
chmod 666 $1
echo "Done!"
---- EOF ----

Just by studying the commands in the script, it should be quite obvious that
this script is vulnerable to a fairly bad symlink vulnerability. 'vulnscr.sh'
first checks for the existance of $1 (argument 1), and prints an error message
accordingly. A simple information message is printed to the user's terminal,
the script sleeps for 3 seconds, and the string 'Hello World' is appended to
the file specified at the shell. Then, the permissions of the file are set
to 666 (world-writable), and a simple 'Done' message is printed to stdout.

This is simple enough, but as you have most probably noticed, we see no code
performing checks on the file given at the command line. Rather, a simple
'echo' command is implemented by our vulnerable script to do its file writing,
and what's more, a 'sleep 3' command is ran by our script, heightening even
more the possibility of exploitation. On the second from last line of the
script, the permissions of the file is set to world-writable, and again, no
check is made for a symlink pointing elsewhere.

Below is the offending vulnerable code found in vulnscr.sh:

---vulnscr.sh fragment
sleep 3
echo "Hello World" >> $1

[...]

chmod 666 $1
---

By taking a quick glimpse at the above commands, it is soon apparent that no
file checks take place - just a blind 'echo' command appending our Hello World
string, and a quick 'chmod' invokation.
Thus, vulnscr.sh is definately an avenue for exploitation, and
frankly, a recipe for trouble on a corporate or production machine, but in
reality, scripts with code as sloppy as this *do* get packaged with major and
popular Linux distributions.

Now that we know why it is vulnerable to a classic symlink bug, how could the
script be exploited? You can exploit this script by simply creating a symlink
to a file writable by the invoking user of vulnscr.sh. Obviously, we would
need to know the name of the filename the targetted user specified on the
command line, but in a busy workplace environment, this might not be so hard,
simply by peering over the shoulder of the person. Another possibility is
that the script is to be run as a cronjob, so we know the filename which will
be specified. Either way, let's assume we *know* for a fact that a user is
about to invoke 'vulnscr.sh', specifying the filename 'test' as the output
file.

A simple attack scenario is shown below, illustrating the potential impact
of exploitation of this symlink-vulnerable script:


---
k1d$ ln -s /etc/passwd test

[...]

root# vulnscr.sh test
vulnscr - vulnerable to a symlink bug.
writing 'Hello World' to test
Setting perms.
Done!

[...]

k1d$ grep -n "Hello World" /etc/passwd
32:Hello World
k1d$ ls -al /etc/passwd
-rw-rw-rw- 1 root root 1460 2004-03-15 16:00 /etc/passwd
---

So, as you can see, k1d's exploitation of 'vulnscr.sh' worked, and worked
extremely well, as illustrated by k1d's checks. "Hello World" is now present
in the password file, and to make matters even worse, /etc/passwd is now even
world-writable, due to the 'chmod' command written in 'vulnscr.sh'. Chmod
followed the symlink 'test', and since the invoking user of vulnscr.sh was
root, the chmod call inevitably succeeded.

So, at this point, k1d has effectively owned the system, and is free to do as
he pleases; add root accounts, access mounted devices, corrupt important files
and so on. Although it is doubtful that an actual script of this type would
appear on a system for real, scripts vulnerable to almost an identical attack
do exist in the default install of popular Linux distributions - such as
'extcompose', for example. Extcompose is a small script, packaged with
the metamail package. It is designed for allowing a user to make external
reference to a
file not included in an email. After auditing it for a few short minutes,
I realised it was vulnerable to a classic symlink attack, very much similar to
the one discussed above. Though it is not SUID root, if an attacker knew what
filename a user was going to choose as the output file, she could create a
symlink to a file writable by that user - /etc/passwd would be a good choice
if the invoking user was root. Due to this vulnerability, important files can
be truncated or corrupted, and in theory, privileges could be elevated.

Although you will most likely already have extcompose installed
(/usr/bin/extcompose), here is extcompose's code:


--- /usr/bin/extcompose ---
#!/bin/csh -fb
# (The "-fb" might need to be changed to "-f" on some systems)
#

if ($#argv < 1) then
echo "Usage: extcompose output-file-name"
exit 1
endif
set OUTFNAME="$1"

chooseaccesstype:
echo ""
echo "Where is the external data that you want this mail message to reference?"
echo " 1 -- In a local file"
echo " 2 -- In an AFS file"
echo " 3 -- In an anonymous FTP directory on the Internet"
echo " 4 -- In an Internet FTP directory that requires a valid login"
echo " 5 -- Under the control of a mail server that will send the data on
request"
echo ""
echo -n "Please enter a number from 1 to 5: "
set ans=$<
if ("$ans" == 1) then
set accesstype=local-file
else if ("$ans" == 2) then
set accesstype=afs
else if ("$ans" == 3) then
set accesstype=anon-ftp
else if ("$ans" == 4) then
set accesstype=ftp
else if ("$ans" == 5) then
set accesstype=mail-server
else
echo "That is NOT one of your choices."
goto chooseaccesstype
endif
if ("$accesstype" == "ftp" || "$accesstype" == "anon-ftp") then
echo -n "Enter the full Internet domain name of the FTP site: "
set site=$<
echo -n "Enter the name of the directory containing the file (RETURN for
top-level): "
set directory=$<
echo -n "Enter the name of the file itself: "
set name = $<
echo -n "Enter the transfer mode (type 'image' for binary data, RETURN
otherwise): "
set mode = $<
if ("$mode" == "") set mode=ascii
echo "Content-type: message/external-body; access-type=$accesstype;
name="\"$name\"\; > "$OUTFNAME"
echo -n " site="\"$site\" >> "$OUTFNAME"
if ("$directory" != "") echo -n "; directory="\"$directory\">> "$OUTFNAME"
if ("$mode" != "") echo -n "; mode="\"$mode\">> "$OUTFNAME"
echo "">> "$OUTFNAME"
else if ("$accesstype" == "local-file" || "$accesstype" == "afs") then
fname:
echo -n "Enter the full path name for the file: "
set name = $<
if (! -e "$name") then
echo "The file $name does not seem to exist."
goto fname
endif
echo "Content-type: message/external-body; access-type=$accesstype;
name="\"$name\"> "$OUTFNAME"
else if ("$accesstype" == "mail-server") then
echo -n "Enter the full email address for the mailserver: "
set server=$<
echo "Content-type: message/external-body; access-type=$accesstype;
server="\"$server\"> "$OUTFNAME"
else
echo accesstype "$accesstype" not yet implemented
goto chooseaccesstype
endif

echo -n "Please enter the MIME content-type for the externally referenced data:
"
set ctype = $<
getcenc:
echo "Is this data already encoded for email transport?"
echo " 1 -- No, it is not encoded"
echo " 2 -- Yes, it is encoded in base64"
echo " 3 -- Yes, it is encoded in quoted-printable"
echo " 4 -- Yes, it is encoded using uuencode"
set encode=$<
switch ("$encode")
case 1:
set cenc=""
breaksw
case 2:
set cenc="base64"
breaksw
case 3:
set cenc="quoted-printable"
breaksw
case 4:
set cenc="x-uue"
breaksw
default:
echo "That is not one of your choices."
goto getcenc
endsw
echo "" >> "$OUTFNAME"
echo "Content-type: " "$ctype" >> "$OUTFNAME"
if ("$cenc" != "") echo "Content-transfer-encoding: " "$cenc" >> "$OUTFNAME"
echo "" >> "$OUTFNAME"
if ("$accesstype" == "mail-server") then
echo "Please enter all the data to be sent to the mailserver in the message
body, "
echo "ending with ^D or your usual end-of-data character:"
cat >> "$OUTFNAME"
endif
---EOF


I'd like to leave this as an exercise to the reader - figure out why the script
is vulnerable, and how it can be exploited.



--[ 4 - Additional Thoughts

Although in our examples, exploitation seems ridiculously easy, there are
practical considerations to take into account, where theory and practicality are
two different things entirely:

- Timing
- Guesswork
- Permission issues

These issues are factors which can effect the likely-hood of exploitation of
even gaping symlink vulnerabilities, like the example discussed above.


Timing
#######

Depending on where and why the bug manifests in the application's code, timing
can be an issue. For example, if an attacker physically spots a work collegue
invoking an application with symlink bugs, even if she can find out what
filename the application will deal with, will she be fast enough? In an ideal
world, this wouldn't be a problem, but in reality, an attacker would've had to
have planed for an attack, to a certain extent, because by the time the attacker
had created a symlink from the appropriate file name, the vulnerable program
could've already terminated execution.

However, this is often not an issue; many applications include various
invokations of 'sleep(2)' and 'usleep()'. As noted in the example we discussed
previously, delay operations can often greatly increase the attacker's
likely-hood of success - during the time a vulnerable application slept, the
appropriate conditions could be prepared (i.e creation of a suitable symlink).



Guesswork
##########

Depending on the nature of the program, oftentimes a little guesswork is
required by the attacker. A good example of my point is when a file is
specified at the shell, upon which file operations are to be performed by a
poorly written vulnerable program. Unsurprisingly, many folks prefer filenames
which are easy to remember, but not necessarily relevant to what material is
stored in the file in question. Many people may just choose a simple filename
like 'test'.

In other applications, this is not so much of an issue, due to the fact that
filenames are hardcoded into the source code, or are hardcoded to a certain
extent - this is often the case for tmpfiles used by many mainstream
applications. In this scenario, all an attacker need do is create a symlink
bearing the name of the tmpfile which the vulnerable program will operate on
(i.e write to, set permissions on it, etc...) to a desirable location (system
files, password files, config files etc...).



Permission issues
##################

On an average system, with a small-to-medium user load, system administrators
and users in general are not usually over cautious. However, if an attacker
does not have write access to either the directory in which files handled by the
vulnerable application are created, or the actual file itself, this can become a
significant problem for a would-be attacker, as they do not have sufficient
privileges to cannot craft a symlink. Coinciding with points stated above, this
is often not an issue if an exploitable application writes temporary files in
/tmp, but
if a user may specify a file, an attack can be thwarted by specifying a path to
which attackers do not have sufficient access.


Despite discussions of symlink bugs have been primarily focused towards regular
files, tmp directories are vulnerable in almost an identical way. I'll leave it
to the reader to delve into the references at the end of the paper.



--[ 5 - Prevention & Safe programming

The prevention of symlink bugs, as with all programming, is achieved via good
programming standards. In general, symlink vulnerabilities can be avoided in
part by employing some of the following techniques.

- Perform checks on files to be handled.
a) Check for existance of file.
b) Check for symlinks
c) Check for hardlinks
d) etc.

This can be done by optionally generating a semi-random filename, and adding
the 'O_CREAT|O_EXCL' flags to any 'open()' calls made.

- Implement safe tmpfile creation.

- Give the files restrictive permissions


My aim is not to reinvent the wheel, so instead, references and areas of
further reading are given, including measures worth taking to avoid the
symlink class of vulnerabilities.



--[ 6 - References

I have attempted to provide papers and material for further reading, which I
think may be useful to the reader.

<http://www.securityfocus.com/archive/1/12389>
<http://www.securityfocus.com/archive/1/357221>
<http://www.securityfocus.com/archive/1/209687>
<http://www.sfu.ca/~siegert/linux-security/msg00199.html>
<http://clip.dia.fi.upm.es/~alopez/bugs/bugtraq7/0080.html> - "not-so-dangerous
symlink bugs" - a better look.
<http://www.linux.com/howtos/Secure-Programs-HOWTO/avoid-race.shtml> -
Preventing Race Conditions.

Large archives such as Bugtraq have quite a big collection of symlink
vulnerabilities, checking it out would be interesting.



--[ 7 - Conclusion

Thanks for reading. If you have any constructive critisism or comments, I
would appreciate your feedback <shaunige@yahoo.co.uk>.





--->



KankGAME/#hackcanada wishes he had a hot bf like clone to buy him fone minutes


--->




Phun with the Audiovox 8900 and Telus Mobility


by TeK-g

All codes are entered at main menu. At the conclusion of
the code, press the END key (hangup) Some have been reported
to work on the 8500 also.

THIS IS THE ONLY EXCEPTION:
PRESS: 2539**
menu says: Input A-Key
puts phone into service mode, requires a reboot

CODEZ:

##1111 - Fades out screen

##1122 - Test menu (test the phone's features)

##2222 - Blank Menu

##2769737 (##BROWSER)- Internet options (EDITABLE!!)

Of Note here is 3 links to 2 proxies each, each with an IP
and PORT On mine all are the same (216.198.139.113:80) using
a web browser we get:

You have reached the Openwave NSM 1.0 Proxy Server. This server
does not serve any web content. Use this server only for routing
proxy requests.

##242743 (##CHARGE) - Battery info displayed, nothing editable

##27732726 (DEBUG MODE)

SW and UI (User Interface versions) Debug screen gives you realtime
signal strength, in absolute terms. Some battery values and thermal
values listed aswell. LNA state (don't know what that is!)


TEST CALL: Allows one call in a variety of modes, no idea if you get
billed for this call

##27752345 - MISC. TEST (EDITABLE)

Change battery values and other values (Some make your phone freeze
and require reboot)

Change Channel (dunno what that is!)

Change other stuff that doesnt seem to work

##33284 (##DEBUG) Direct link to DEBUG SCREEN IN DEBUG MODE

##2250 RFNV CONTENTS (editable)

CDMA/PCS/FM/GPS options all editable USE AT OWN RISK possibly a way
to disable GPS tracking of the phone RF AND FACTORY test mode is also
available, don't seem to do much

##83587 (##TELUS) ASKS FOR PASSWORD

That is all I have found so far, if anyone can figure out which settings
to manipulate for free calls, disabling GPS tracking or enabling GPS
display, the telus menu codes or other updates please write to:

fawkyou420@hotmail.com


** PROPS TO HOWARDFORUMS COMMUNITY FOR MUCH OF THIS INFO!!!!!

-ez


---



MORE CODES FOR AUDIOVOX 8900

By: TeK-g

#5625* DISPLAYS PHONE's LOCK CODE

##4771 (##GPS1) SOME GPS OPTIONS PRESUMEABLY, PASSWORD PROTECTED

##7738 CHANGE P_REV (no idea what this does 3 different modes for it, all
changeable)

##2222 Displays phone's Channel

##1133 reset (USE AT OWN RISK doesnt seem to reset much though, perhaps use
if you fuck with these menus and can't get back, hehe!!!)

##1144 KEY TONE TIME


A-KEY is: a number given to a cell phone that is used in conjunction with a
users SSD info for authentication.


UPDATE ON GPS IN AUDIOVOX 8900/8500:

Back in the beginning, the good'ol gov decided that there should be a method
for locating a cell phone... actually, it was the NENA group, created to
serve the goals of the 9-1-1 people. There were a lot of methods suggested
but it boiled-down to two systems. One was called the "Tower Solution" and
the other is known as the "Chip Solution". Most cell phones use the Chip
Solution. What's going on in your phone is this... (by the way, your phone
can not, does not, and never will, receive any signals from any satellites
in orbit) There is an IC in your phone that compares a timing signal received
from the local cell towers and derives a value from the data. That value is
included with the data portion of any cell call you make and in some special
conditions, calls and data messages sent to your phone. When that information
is processed at the "head-in", your location (the location of the phone when
the data was generated) can be "detected" and then sent to the party who needs
it (usually your local 9-1-1 site). The information is known as "Phase 2 ALI
data". Unless you use "social engineering" on your local 9-1-1 Call Taker, you
will not get any use from your phone's "GPS" feature.

Personal comment: The use of the term GPS by the cell phone industry is pure
hype. It should have never been allowed. There is no GPS system involved in
the phone. The only relationship GPS has to all this location stuff is that
the cell sites use the Time Mark data from the GPS to synchronize the cell
system. The location of the cell site is known and does not move.


-->



The Codec War: Operation Zipem
by jedkiwi

Because I will be getting a Tungsten E ( joy^happiness ) soon, obviously
I am gonna use the built-in music player. Even though I am getting a
256mb SD card, I don't really want to waste all that. So naturally, I
looked at alternates to MP3. I downloaded a copy of dbPower AMP, got a
bunch of codecs, and wasted an hour doing all this.

Original
Linkin Park - Faint
2470kb
128kbit 44100Hz Stereo


ogg1
1870kb
80kbit 44100Hz Stereo
5/5: completely lossless quality.
Conversion time 0:32

ogg2
1070kb
48kbit 44100Hz Stereo
4.5/5: almost lossless, the untrained ear shouldn't be able to pick up
the difference.
Conversion time 0:28

real audio1
898kb
ISDN (68kbit) 44100Hz Stereo
4/5: excellent quality for the size, just a few bits metallic sounding.
Conversion time unknown

real audio2
657kb
56kbit 32000Hz Stereo
4/5: excellent quality for the size, just a few bits metallic sounding
and a few bits overstretched.
Conversion time 1:03

wma1
2800kb
VBR 90 44100Hz Stereo
2/5: pauses after beat, horrid quality, the size is way off.
Conversion time 0:11

wma2
1230kb
VBR 50 44100Hz Stereo
3/5: pauses after beat, horrid quality.
Conversion time 0:13

aac1
2470kb
128kbit 44100Hz Stereo
4.5/5: Just a few clips that I could detect, but not everybody should
hear them.
Conversion time unknown

aac2
1540kb
80kbit 44100Hz Stereo
4.5/5: Just a few clips that I could detect, but not everybody should
hear them.
Conversion time 0:35

In the end, I think that I will either be using either ogg2 or real
audio1 if I compress my tunes. However, I will never

ever use wma9, as the quality they have shown me is horrible. M$ should
stay out of the music business, those

who are 100% devoted to A/V and the open source camps will always prevail.



-->


<theclone> Ice - Life is like a box of well lubed dildos... it's painful at
first when it's inserted into your ass but then you eventually get used to it
and enjoy the ride.


-->




[ K-1ine News ]



Nettwerked Lays off 4500 from Red Deer factory

Frank "Paradichlorobenzene" Wizbone, February 16, 2004


In a surprising move, President and CEO of Nettwerked Communinications
Inc. (LMNOP/TSX) has announced it will be shutting down its Red Deer,
Alberta manufacturing plant and outsourcing the jobs to factories run by
independent labour contractors in Import/Export zones in China.

At a public press meeting this morning, Mr. Clone stated "This is a
positive move for Nettwerked, our Brand must stay competitive. Others
such as Nike and IBM have reaped the benefits of more cost-effective
labour practices available in other countries. It's our turn for a piece
of the globalization pie!"

After the announcement, the Nettwerked shares skyrocketed closing at a
record $108.40, ten times that of arch-rival Nortel Networks Corp. (NT)



-->


New York City E911 Crashes (no fault of my own!)

(Source: New York Times)

Verizon began taking steps yesterday to better protect New York City's 911 emergency line
after a data error by an employee brought down the system in Brooklyn, Queens and Staten
Island for about two hours on Friday night, city and Verizon officials said.

The emergency system broke down about 7:20 p.m. after a Verizon engineer who was making
service changes to a bank's telephone numbers in Brooklyn inadvertently included numbers
that are used to carry 911 calls, city and telephone company officials said. The numbers
were close in sequence, the officials said.

The 911 calls then ended up being rerouted to the bank's phone system, and callers heard
a busy signal. City and Verizon officials said that while the backup system in place for
911 was functioning properly, it failed to pick up the calls because it was designed to
catch a technical error, not a human error that would be interpreted as simply a change
of instruction.

Daniel Diaz Zapata, a Verizon spokesman, said the telephone company would now require a
second person to double-check any entry of data that could affect the 911 system, and
said the company planned a thorough review of its procedures that would be documented
in a report to the city within a few days.

"We determined that a human error resulted in the accidental rerouting of phone calls
during a procedure to upgrade service for a corporate client," Mr. Zapata said. "We have
immediately altered our processes to ensure this type of situation does not reoccur. We
have assured the city that we took immediate steps to make sure this doesn't happen again."

Citing privacy concerns, Mr. Zapata declined to identify the Verizon engineer, except to
say that he was a veteran of the company. Mr. Zapata said it was unlikely that disciplinary
action would be taken against him.

Police and fire officials said yesterday that they had no reports of injuries during the 911
failure. Fire officials said that about 60 firefighters responded to a major fire, at 3301
Foster Avenue in Brooklyn, which was called in at 8:49 p.m. by someone using a fire alarm
box on the street. There were no injuries in the fire.

Paul J. Browne, the Police Department's deputy commissioner for public information, said the
department immediately adopted emergency procedures, like requiring e officers on patrol to
turn on their flashing lights so people could find them easily and increasing staffing at
precinct station houses to answer phone calls. But he said there was no reported increase
in crime.

"This didn't present an opportunity for the criminally minded - like the blackout did -
because probably most people were unaware that it was out of service," he said.

However, several City Council members expressed anger that the 911 system could have been
so easily disabled, and called for creating a more effective backup procedure.

"It's an emergency wakeup call," said Councilman Peter F. Vallone Jr., the chairman of the
Public Safety Committee, who plans to hold a hearing about the incident. "We don't have an
adequate backup system for 911, which is more important than ever as we fight the war against
terrorism."

Gino P. Menchini, the commissioner of the Department of Information Technology and Telecomm-
unications, said city officials were working with Verizon to ensure that the emergency system's
numbers were clearly identified, and that its software and equipment were protected from similar
human errors.

But Mr. Menchini emphasized that the emergency system already had many built-in safeguards, such
as the ability to route 911 calls through either of two central offices and their 911 answering
centers. "The bottom line is, 911 works very well, and it's worked very well for a long time,"
Mr. Menchini said.

Several emergency services experts agreed yesterday with Mr. Menchini, saying that New York 911
system compared favorably with those in other large cities and that an error like the one made
by Verizon could not necessarily have been prevented because it was not a flaw in the 911 system
itself.

It's very unusual for that to happen, but it's understandable," said Robert C. Krause, executive
director of Emergency Services Consultants in Toledo, Ohio, who is familiar with the New York
system. "I don't know if anyone would anticipate this because it's a highly technical thing. I
think most public safety administrators would assume that their numbers are safeguarded."

Mayor Michael R. Bloomberg did not have any public events scheduled yesterday, and it was unclear
whether he was in the city at the time of the 911 failure. "We don't comment on the mayor's where-
abouts," said Jordan Barowitz, a spokesman for the mayor. His office referred questions on the
disruption to Mr. Menchini.


- submitted by: Nyxojaele

03/29/04



-->


-- Credits

Without the following contributions, this zine issue would be
fairly delayed or not released. So thank you to the following people:

Aestetix, Aftermath, Anonymous Phone Hero, Cyb0rg/ASM, H1D30U5,
Ice, Jackel, Nyxojaele, Shaun2k2, TeK-g, The Clone, Tr00per, Wizbone


-- Shouts:

Cyb0rg/ASM, Wildman, H410g3n, The Question, Phlux, Magma, Hack Canada,
The Grasshopper Unit, Flippersmack, soapie, H1D30U5, Nyxojaele, Ms.O,
Tr00per, Flopik, dec0de, caesium, jimmiejaz, oz0n3, *Senorita Chandelier*,
Kris, port9, kankraka, hades, Azriel J Knight, coercion, tek, #hackcanada,
The Nettwerked Meeting Crew, and the entire (active) Canadian H/P scene.



;. .;.. ; ;. ;..
;.. .;..; .;.; .;; ;..
.;..;. .;..; .;.;...; ;..;..
.;. A .;. .;.
;.. N E T T W E R K E D ;..
;..;.. P R O D U C T ;..;..
.;..; ;..;..
; .;..;.;.. .; . .;. ..;..
.;.. . .; ..;..;..;.. .;
;..;. .;.. . .;.. .;.;.
..;. ..;.. .;. ;.;..;;..;.;
;.;;..;.. ;.;.; .; .
;.;..;. .;. ;.;:.;.
,;....;.
.;.;. .;.;
.;.;.;
.;.;
;..;.
.;.;;.; .;. ..; ;. > > >\/
< < < < < < < < < < < < < < <\_|
\/

http://www.eesh.net/angryflower/telus.gif

← previous
next →
loading
sending ...
New to Neperos ? Sign Up for free
download Neperos from Google Play

Recent Articles

Recent Comments

Neperos cookies
This website uses cookies to store your preferences and improve the service. Cookies authorization will allow me and / or my partners to process personal data such as browsing behaviour.

By pressing OK you agree to the Terms of Service and acknowledge the Privacy Policy

By pressing REJECT you will be able to continue to use Neperos (like read articles or write comments) but some important cookies will not be set. This may affect certain features and functions of the platform.
OK
REJECT