The telephone network
But by that time all sorts of changes in datacomms were taking
place. The telex and telegraphy network, originally so important, had
long been overtaken by voice-grade telephone circuits (Bell's
invention dates from 1876). For computer communication, mark and
space could be indicated by different audio tones, rather than by
different voltage conditions. Data traffic on a telex line can
operate in only one direction at a time, but, by selecting different
pairs of tones, both 'transmitter' and 'receiver' could speak
simultaneously--so that in fact, one has to talk about 'originate'
and 'answer' instead.
Improved electrical circuit design meant that higher speeds than
50 or 75 baud became possible; there was a move to 110 baud, then 300
and, so far as ordinary telephone circuits are concerned, 1200 baud
is now regarded as the top limit.
The 'start' and 'stop' method of synchronising the near and far
end of a communications circuit at the beginning of each individual
letter has been retained, but the common use of the 5-bit Baudot code
has been replaced by a 7-bit extended code which allows for many more
characters, 128 in fact.
Lastly, to reduce errors in transmission due to noise in the
telephone line and circuitry, each letter can be checked by the use
of a further bit (the parity bit), which adds up all the bits in the
main character and then, depending on whether the result is odd or
even, adds a binary 0 or binary 1.
The full modern transmission of a letter in this system, in this
case, K, therefore, looks like this:
START-STOP TRANSMISSION OF A DATA CHARACTER
TIME
INTERVAL_____________9___0___1___2___3___4___5___6___7___8___9___
NUMBER
1 1 1 1 1 1
Mark +---+ +---+ +---+ +---+---+ +---+
LINE | | 0 | | 0 0 | | 0 | | 0 | |
CONDITION Space-+ +---+ +---+---+ +---+ +---+ +-
^ ^
| |
BINARY STOP-+ START 1 0 0 1 0 1 1 0
DIGIT
The first 0 is the start bit; then follows 7 bits of the actual
letter code (1001011); then the parity bit; then the final 1 is the
stop code.
This system, asynchronous start-stop ASCII (the common name for
the alphabetic code), is the basis for nearly all micro-based
communications. The key variations relate to:
bit-length; you can have 7 or 8 databits (*) parity; (it can be even or odd, or
entirely absent),
Tones - The tones used to signify binary 0 and binary 1, and which
computer is in 'originate' and which in 'answer', can vary according
to the speed of the transmission and also to whether the service is
used in North America or the rest of the world. (Briefly, most of
the world uses tones and standards laid down by the Geneva-based
organisation, CCITT, a specialised agency of the International
Telecommunications Union; whereas in the United States and most parts
of Canada, tones determined by the telephone utility, colloquially
known as Ma Bell, are adopted.) The following table gives the
standards and tones in common use.
(*) There are no 'obvious explanations' for the variations commonly
found: most electronic mail services and viewdata transmit 7 data
bits, even parity and I stop Bit; Telecom Gold and most hobbyist
bulletin boards transmit 8 data bits, odd parity and 1 stop bit.
Terminal emulator software--see chapter 3--allows users to adjust for
these differing requirements.
Service Speed Duplex Transmit Receive Answer
Designator 0 1 0 1
V21 orig 300(*) full 1180 980 1850 1650 -
V21 ans 300(*) full 1850 1650 1180 980 2100
V23 (1) 600 half 1700 1300 1700 1300 2100
V23 (2) 1200 f/h(**) 2100 1300 2100 1300 2100
V23 back 75 f/h(**) 450 390 450 390 -
Bell 103 orig 300(*) full 1070 1270 2025 2225 -
Bell 103 ans 300(*) full 2025 2225 1070 1270 2225
Bell 202 1200 half 2200 1200 2200 1200 2025
(*)any speed up to 300 baud, can also include 75 and 110 baud
services
(**)service can either be half-duplex at 1200 baud or asymmetrical
full duplex, with 75 baud originate and 1200 baud receive (commonly
used as viewdata user) or 1200 transmit and 75 receive (viewdata
host)
Higher Speeds
1200 baud is usually regarded as the fastest speed possible on an
ordinary voice-grade telephone line. Beyond this, noise on the line
due to the switching circuits at the various telephone exchanges,
poor cabling, etc. make accurate transmission difficult. Indeed, at
higher speeds it becomes increasingly important to use transmission
protocols that include error correction.
Error correction techniques usually consist of dividing the
transmission stream into a series of blocks which can be checked, one
at a time, by the receiving computer. The 'parity' system mentioned
above is one example, but obviously a crude one. The difficulty is
that the more secure an error-correction protocol becomes, the
greater becomes the overhead in terms of numbers of bits transmitted
to send just one character from one computer to another. Thus, in the
typical 300 bit situation, the actual letter is defined by 7 bits,
'start' and 'stop' account for another two, and the check takes a
further one--ten in all. After a while, what you gain in the speed
with which each actual bit is transmitted, you lose, because so many
bits have to be sent to ensure that a single character is accurately
received!
Although some people risk using 2400 baud on ordinary telephone
lines--the jargon is the PTSN (Public Telephone Switched
Network)--this means using expensive modems. Where higher speeds are
essential, leased circuits, not available via dial-up. become
essential. The leased circuit is paid for on a fixed charge, not a
charge based on time-connected. Such circuits can be conditioned',
for example by using special amplifiers, to support the higher data
rate.
For really high speed transmissions, however, pairs of copper
cable are inadequate. Medium speed is obtainable by the use of
coaxial cable (a little like that used for tv antenna hook-ups) which
have a very broad bandwidth. Imposing several different channels on
one cable-length is called multiplexing and, depending on the
application, the various channels can either carry several different
computer conversations simultaneously or can send several bits of one
computer conversation in parallel, just as though there were a ribbon
cable between the two participating computers. Either way, what
happens is that each binary 0 or binary 1 is given, not an audio
tone, but a radio frequency tone.
Synchronous Protocols
In the asynchronous protocols so far described, transmitting and
receiving computers are kept in step with each other every time a
character is sent, via the 'start' and 'stop' bits. In synchronous
comms, the locking together is done merely at the start of each block
of transmission by the sending of a special code (often SYN). The SYN
code starts a clock (a timed train of pulses) in the receiver and it
is this that ensures that binary 0s and 1s originating at the
transmitter are correctly interpreted by the receiver; clearly, the
displacement of even one binary digit can cause havoc.
A variety of synchronous protocols exist, such as the length of
block sent each time, the form of checking that takes place, the form
of acknowledgement, and so on. A synchronous protocol is not only a
function of the modem, which has to have a suitable clock, but also
of the software and firmware in the computers. Because asynchronous
protocols transmit so many 'extra' bits in order to avoid error,
savings in transmission time under synchronous systems often exceed
20-30%. The disadvantage of synchronous protocols lie in increased
hardware costs.
One other complication exists: most asynchronous protocols use the
ASCII code to define characters. IBM ('Big Blue'), the biggest
enthusiast of synchronous comms, has its own binary code to define
characters. In Appendix IV, you will find an explanation and a
comparison with ASCII.
The hacker, wishing to come to terms with synchronous comms, has
two choices: the more expensive is to purchase a protocol convertor
board. These are principally available for the IBM PC, which has been
increasingly marketed for the 'executive workstation' audience, where
the ability to interface to a company's existing (IBM) mainframe is a
key feature. The alternative is to see whether the target mainframe
has a port on to a packet- switched service; in that event, the
hacker can use ordinary asynchronous equipment and protocols--the
local PAD (Packet Assembler/Disassembler) will carry out the
necessary transformations.
Networks
Which brings us neatly to the world of high-speed digital networks
using packet-switching. All the computer communications so far
described have taken place either on the phone (voice-grade) network
or on the telex network.
In Chapter 7 we will look at packet-switching and the
opportunities offered by international data networks. We must now
specify hackers' equipment in more detail.
CHAPTER 3
Hackers' Equipment
You can hack with almost any microcomputer capable of talking to
the outside world via a serial port and a modem. In fact, you don't
even need a micro; my first hack was with a perfectly ordinary
viewdata terminal.
hat follows in this chapter, therefore, is a description of the
elements of a system I like to think of as optimum for
straight-forward asynchronous ASCII and Baudot communications. What
is at issue is convenience as much as anything. With kit like this,
you will be able to get through most dial-up ports and into
packet-switching through a PAD -- a packet assembler/ disassembler
port. (It will not get you into IBM networks, because these use
different and incompatible protocols; we will return to the matter of
the IBM world in chapter 10.) In other words, given a bit of money, a
bit of knowledge, a bit of help from friends and a bit of luck, what
is described here is the sort of equipment most hackers have at their
command.
ou will find few products on the market labelled 'for hackers';
you must select those items that appear to have 'legitimate' but
interesting functions and see if they can be bent to the hacker's
purposes. The various sections within this chapter highlight the sort
of facilities you need; before lashing out on some new software or
hardware, try to get hold of as much publicity and documentation
material as possible to see how adaptable the products are. In a few
cases, it is worth looking at the second-hand market, particularly
for modems, cables and test equipment.
lthough it is by no means essential, an ability to solder a few
connections and scrabble among the circuit diagrams of 'official'
products often yield unexpectedly rewarding results.
The Cmputer
lmost any popular microcomputer will do; hacking does not call
upon enormous reserves of computer power. Nearly everything you hack
will come to you in alphanumeric form, not graphics. The computer
you already have will almost certainly have the essential qualities.
However the very cheapest micros, like the ZX81, whilst usable,
require much more work on the part of the operator/hacker, and give
him far less in the way of instant facilities.
(In fact, as the ZX81 doesn't use ASCII internally, but a
Sinclair-developed variant; you will need a software or firmware fix
for that, before you even think of hooking it up to a modem.)
ost professional data services assume the user is viewing on an
80-column screen; ideally the hacker's computer should be capable of
doing that as well, otherwise the display will be full of awkward
line breaks. Terminal emulator software (see below) can some- times
provide a 'fix'.
ne or two disc drives are pretty helpful, because you will want
to be able to save the results of your network adventures as quickly
and efficiently as possible. Most terminal emulators use the
computer's free memory (i.e. all that is not required to support the
operating system and the emulator software itself) as store for the
received data, but once the buffer is full, you will begin to lose
the earliest items. You can, of course, try to save to cassette, but
normally that is a slow and tedious process.
n alternative storage method is to save to a printer, printing
the received data stream not only to the computer screen, but also on
dot matrix printer. However, most of the more popular (and cheaper)
printers do not work sufficiently fast. You may find you lose
characters at the beginning of each line. Moreover, if you print
everything in real-time, you'll include all your mistakes, false
starts etc., and in the process use masses of paper. So, if you can
save to disc regularly, you can review each hack afterwards at your
leisure and, using a screen editor or word processor, save or print
out only those items of real interest.
Serial Ports
The computer must have a serial port, either called that or marked
RS232C (or its slight variant RS423), or V24, which is the official
designator of RS232C used outside the USA, though not often seen on
micros.
The very cheapest micros, like the ZX81, Spectrum, VIC20, do not
have RS232C ports, though add-on boards are available. Some of the
older personal computers, like the Apple or the original Pet, were
also originally sold without serial ports, though standard boards are
available for all of these.
You are probably aware that the RS232C standard has a large number
of variants, and that not all computers (or add-on boards) that claim
to have a RS232C port can actually talk into a modem.
Historically, RS232C/V24 is supposed to cover all aspects of
serial communication, including printers and dumb terminals as well
as computers. The RS232C standard specifies electrical and physical
requirements.
Everything is pumped through a 25-pin D-shaped connector, each pin
of which has some function in some implementation. But in most cases,
nearly all the pins are not used. In practice, only three connections
are essential for computer to modem communication:
Pin 7 signal ground
Pin 2 characters leaving the computer
Pin 3 characters arriving at the computer
The remaining connections are for such purposes as feeding power
to an external device, switching the external advice on or off,
exchanging status and timing signals, monitoring the state of the
line, and so forth. Some computers and their associated firmware
require one or other of these status signals to go 'high' or 'low' in
particular circumstances, or the program hangs. Check your
documentation if you have trouble.
Some RS232C implementations on microcomputers or add-on boards are
there simply to support printers with serial interfaces, but they can
often be modified to talk into modems. The critical two lines are
those serving Pins 2 and 3.
A computer serving a modem needs a cable in which Pin 2 on the
computer is linked to Pin 2 on the modem.
A computer serving a printer, etc, needs a cable in which Pin 3 on
the: computer is linked to Pin 2 on the printer and Pin 3 on the
printer is linked to Pin 2 on the computer.
If two computers are linked together directly, without a modem,
then Pin 2 on computer A must be linked to Pin 3 on computer B and
Pin 3 on computer B linked to Pin 2 on computer A: this arrangement
is sometimes called a 'null modem' or a 'null modem cable'.
There are historic explanations for these arrangements, depending
on who you think is sending and who is receiving--forget about them,
they are confusing. The above three cases are all you need to know
about in practice.
One difficulty that frequently arises with newer or portable
computers is that some manufacturers have abandoned the traditional
25-way D-connector, largely on the grounds of bulk, cost and
redundancy. Some European computer and peripheral companies favour
connectors based on the DIN series (invented in Germany), while
others use D-connectors with fewer pin-outs.
There is no standardisation. Even if you see two physically
similar connectors on two devices, regard them with suspicion. In
each case, you must determine the equivalents of:
Characters leaving computer (Pin 2)
Characters arriving at computer (Pin 3)
Signal ground (Pin 7)
ou can usually set the speed of the port from the computer's
operating system and/or from Basic. There is no standard way of doing
this; you must check your handbook and manuals. Most RS232C ports can
handle the following speeds:
75, 110, 300, 600, 1200, 2400, 4800, 9600
and sometimes 50 and 19200 baud as well. These speeds are selectable
in hardware by appropriate wiring of a chip called a baud-rate
generator. Many modern computers let you select speed in hardware by
means of a DIL switch. The higher speeds are used either for driving
printers or for direct computer-to-computer or computer-to-peripheral
connections. The normal maximum speed for transmitting along phone
lines is 1200 baud.
epending on how your computer has been set up, you may be able to
control the speed from the keyboard--a bit of firmware in the
computer will accept micro-instructions to flip transistor switches
controlling the wiring of the baud-rate generator. Alternatively,
the speeds may be set in pure software, the micro deciding at what
speed to feed information into the serial port.
n most popular micro implementations the RS232C cannot support
split-speed working (different speeds for receive and transmit). If
you set the port up for 1200 baud, it has to be 1200 receive and
transmit. This is a nuisance in Europe, where 75/1200 is in common
use both for viewdata systems and for some on-line services. The
usual way round is to have special terminal emulator software, which
requires the RS232C hardware to operate at 1200 /1200 and then slows
down (usually the micro's transmit path) to 75 baud in software by
means of a timing loop. An alternative method relies on a special
modem, which accepts data from the computer at 1200/1200 and then
performs the slowing-down to 75 baud in its own internal firmware.
Terminal emulators
We all need a quest in life. Sometimes I think mine is to search
for the perfect software package to make micros talk to the outside
world.
As in all such quests, the goal is occasionally approached but
never reached, if only because the process of the quest causes one to
redefine what one is looking for.
These items of software are sometimes called communications
packages, or asynchronous comms packages, and sometimes terminal
emulators, on the grounds that the software can make the micro appear
to be a variety of different computer terminals. Until recently, most
on-line computer services assumed that they were being examined
through 'dumb' terminals--simply a keyboard and a screen, with no
attendant processing or storage power (except perhaps a printer).
With the arrival of PCs all this is slowly changing, so that the
remote computer has to do no more than provide relatively raw data
and all the formatting and on-screen presentation is done by the
user's own computer. Terminal emulator software is a sort of
half-way house between 'dumb' terminals and PCs with considerable
local processing power.
Given the habit of manufacturers of mainframe and mini- computers
to make their products as incompatible with those of their
competitors as possible (to maximise their profits), many slight
variants on the 'dumb' computer terminal exist--hence the
availability of terminal emulators to provide, in one software
package, a way of mimicking all the popular types.
Basic software to get a computer to talk through its RS232C port,
and to take in data sent to it, is trivial. What the hacker needs is
software that will make his computer assume a number of different
personalities upon command, store data as it is collected, and print
it out.
Two philosophies of presenting such software to the user exist:
first, one which gives the naive user a simple menu which says, in
effect, 'press a key to connect to database' and then performs
everything smoothly, without distracting menus. Such programs need an
'install' procedure, which requires some knowledge, but most
'ordinary' users never see this. Normally, this is a philosophy of
software writing I very much admire: however, as a hacker you will
want the precise opposite. The second approach to terminal emulator
software allows you to re configure your computer as you go on--there
is plenty of on-screen help in the form of menus allowing you to turn
on and off local echo, set parity bits, show non-visible control
codes and so on. In a typical hack, you may have only vague
information about the target computer, and much of the fun is seeing
how quickly you can work out what the remote computer wants to 'see'
- and how to make your machine respond.
Given the numbers of popular computers on the market, and the
numbers of terminal emulators for each one, it is difficult to make a
series of specific recommendations. What follows there- fore, is a
list of the sort of facilities you should look for:
On-line help You must be able to change the software
characteristics while on-line--no separate 'install' routine. You
should be able to call up 'help' menus instantly, with simple
commands --while holding on to the line.
Text buffer - The received data should be capable of going into the
computer's free memory automatically so that you can view it later
off-line. The size of the buffer will depend on the amount of memory
left after the computer has used up the space required for its
operating system and the terminal software. If the terminal software
includes special graphics, as in Apple Visiterm or some of the ROM
packs used with the BBC, the buffer space may be relatively small.
The software should tell you how much buffer space you have used and
how much is left, at any time. A useful adjunct is an auto-save
facility which, when the buffer becomes full, stops the stream of
text from the host computer and automatically saves the buffer text
to disc. A number of associated software commands should let you turn
on and off the buffer store, clear it or, when off-line, view the
buffer. You should also be able to print the buffer to a 'line'
printer (dot-matrix or daisy wheel or thermal image). Some terminal
emulators even include a simple line editor, so that you can delete
or adjust the buffer before printing. (I use a terminal emulator
which saves text files in a form which can be accessed by my
word-processor and use that before printing out.)
Half/full Duplex (Echo On/Off) - Most remote services use an echoing
protocol: this means that when the user sends a character to the host
computer, the host immediately sends back the same character to the
user's computer, by way of confirmation. What the user sees on his
computer screen, therefore, has been generated, not locally by his
direct action on the keyboard, but remotely by the host computer.
(One effect of this is that there may sometimes be a perceptible
delay between keystroke and display of a letter, particularly if you
are using a packet-switched connection--if the telephone line is
noisy, the display may appear corrupt). This echoing protocol is
known as full duplex, because both the user's computer and the host
are in communication simultaneously.
However, use of full duplex/echo is not universal, and all
terminal emulators allow you to switch on and off the facility. If,
for example, you are talking into a half-duplex system (i.e. no
echo), your screen would appear totally blank. In these
circumstances, it is best if your software reproduces on the screen
your keystrokes.
However, if you have your computer set for half-duplex and the host
computer is actually operating in full duplex. each letter will
appear twice--once from the keyboard and once, echoing from the host,
ggiiwiinngg tthhiiss ssoorrtt ooff eeffffeecctt. Your terminal
emulator needs to able to toggle between the two states.
Data Format/Parity Setting - In a typical asynchronous protocol, each
character is surrounded by bits to show when it starts, when it ends,
and to signify whether a checksum performed on its binary equivalent
comes out even or odd. The character itself is described, typically,
in 7 bits and the other bits, start, stop and parity, bringing the
number up to 10. (See chapter 2.) However, this is merely one very
common form, and many systems use subtle variants -- the ideal
terminal emulator software will let you try out these variants while
you are still on line. Typical variants should include:
Word length Parity No stop bits
7 Even 2
7 Odd 2
7 Even 1
7 Odd 1
8 None 2
8 None 1
8 Even 1
8 Odd 1
(NB although the ASCII character set is 7 bit, 8 bits are sometimes
transmitted with a ~padding~ bit; machine code instructions for 8-bit
and 16-bit machines obviously need 8-bit transmissions.)
Show Control Characters - This is a software switch to display
characters not normally part of the text that is meant to be read but
which nevertheless are sent by the host computer to carry out display
functions, operate protocols, etc. With the switch on, you will see
line feeds displayed as ^J, a back-space as ^H and so on; see
Appendix IV for the usual equivalents.
Using this device properly you will be able, if you are unable to
get the text stream to display properly on your screen, to work out
what exactly is being sent from the host, and modify your local
software accordingly.
Control-Show is also useful for spotting 'funnies' in passwords and
log-on procedures--a common trick is to include ^H (backspace) in the
middle of a log-on so that part of the full password is overwritten.
(For normal reading of text, you have Control-Show switched off, as
it makes normal reading difficult.)
Macros - This is the US term, now rapidly being adopted in the UK,
for the preformatting of a log-on procedure, passwords etc. Typical
connecting procedures to US services like The Source, CompuServe, Dow
Jones etc are relatively complicated, compared with using a local
hobbyist bulletin board or calling up Prestel. Typically, the user
must first connect to a packet- switched service like Telenet or
Tymnet (the US commercial equivalents of BT's PSS), specify an
'address' for the host required (a long string of letters and
numbers) and then, when the desired service or 'host' is on line,
enter password(s) to be fully admitted. The password itself may be in
several parts.
The value of the 'macro' is that you can type all this junk in
once and then send off the entire stream any time you wish by means
of a simple command. Most terminal emulators that have this feature
allow you to preformat several such macros.
From the hacker's point of view, the best type of macro facility
is one that can be itself addressed and altered in software:
supposing you have only part of a password: write a little routine
which successively tries all the unknowns; you can then let the
computer attempt penetration automatically. (You'll have to read the
emulator's manual carefully to see if it has software-addressable
macros: the only people who need them are hackers, and, as we have
often observed, very few out-and-out hacker products exist!)
Auto-dial - Some modems contain programmable auto-diallers so that
frequently-called services can be dialled from a single keyboard
command.