Sunday, July 31, 2005



Friday, July 22, 2005

EASY STEP-BY-STEP INSTRUCTIONS!-------------------------------How to make a backup/larger Xbox drive with DiskPro Lite?1. CABLE SWITCH TRICK:a.Plug a power plug from your pc into your xbox hd and fire up your computer. b.Right when it starts booting up, start pressing the Pause Break key and do not let it detect your drives. c.Make sure the IDE cable is going from the xbox to the HD and turn on the xbox. d.Wait for the Xbox to get to the dashboard (fully booted)e.Unplug the ribbon cable that is going from the Xbox HD and replace it with one that is connected to your computer. f.Now, press a key (some times CTRL-Q is needed) to allow your computer to continue booting.2. COPY THE DRIVE TO ANOTHER DRIVE (SAME SIZE OR LARGER)!a.Download DiskPro Lite from "". You want to download the DPCR.EXE file. b.Execute the DPCR.EXE file to extract the files from it. c.Format a BOOTABLE DOS floppy. Copy the diskpro.exe file to the floppy. d.Boot your PC with the newly made floppy in the drive. e.At the DOS prompt type ``diskpro'' and hit enter (no quotes) f.Use the Quick Copy option g.Select your source drive h.Select your destination drive i.Make sure the above choices are correct before starting the copy j.Relax while the drive is copied to a new drive.k.If you need to use DiskPro again delete the hidden file it creates on your A and C drive named DOSFIT.DSK3. FIX THE PARTITIONS UP (ONLY DO THIS IF YOU ADDED A LARGER HD):a.You need to flash your BIOS to EvolutionX v2.2 or If your using a Homebrew chip such as a 29F040B split in to 512k chunks. The EvolutionX v2.2 BIOS is on the EvolutionX ISO floating around. To split the BIOS use Windows Commander or a program like that. Now Flash the 512k BIOS flash your Homebrew chip. More info on flashing and splitting can be found at don't know how people with other mods are going to do this. b.Put the new HD in the XBox as MASTERc.Bootup using EvolutionX (on HD or DVD-R doesn't matter)d.FTP to your Xbox (use EvolutionX to get your IP if you don't know it)e.format just partition 6:ie: FTP COMMAND: Formatpath \Device\Harddisk0\Partition6You will receive a key. Use this key to type:FTP COMMAND: Formatdrive keyYOUR ALL DONE. YOU SHOULD HAVE A CLEAN, BACKED UP (AND MAYBE LARGER DEPENDING ON YOUR DRIVE) XBOX!!!!NOTES:* You might want to look at your drive space using EvolutionX before you start so you can see the difference.* This is risky. If you do anything wrong (and sometimes just because) you could lose your HD or Xbox MB making your XBox worthless.* You will need to know the basics of PC's to do this. How to setup new HD's (master/slave), how to FTP, how to follow instructions.* You will need the EvolutionX BIOS to format the partition.* This has been tested a few times on my system.
Burn copy protected discs at your own risk!!!

You must have dvd decrypter and dvd shrink you should be able to find a copy on the net.
to burn protected dvd's -
dvd decrypter
1- open dvd derypter and put the copy protected dvd in the drive.
2- make sure your source drive is selected ass your dvd drive.
3- click on decrypt and wait for it to finish decrypting.
4- now you are finished. take the dvd out of the drive
if your blank dvd is smaller in size than the
dvd you are copying, open up dvd shrink.
dvd shrink is used to shrink the size of the dvd, basicly saying it will
compress the files to fit a smaller disk than the ariginal.
(ie) 7.56gb to 4.7gb.

dvd shrink
1- open dvd shrink
2- click on open files, find the file called VIDEO_TS witch will be in the dir of a folder with the
same name as the movie you are copying, this folder was created by dvd decrypter and in
defoult location can be found in Local Disk (c:)
3- now click on backup, choose choose your dvd burner, then click on the burn settings tab
and name the Volume Label the name of the movie you are burning, then click OK at the
bottom of the window. after encoding is complete the burning process will start. when done
your dvd will eject from the drive. then click ok.
4- your done, you have now created a very close to perfact copy of a copy protected dvd. Drizzt
  • XBOX cracked !!!

First you need to make sure that the game does not automatically load up from your evolutionx menu. (You cant copy a game while you play it)** :
1. Turn on your xbox WITHOUT a DVD in the drive.2. Highlight "system utilities" and press "a"(the green button)3. Highlight "settings" and press "a" 4. Scroll down the option until you find "auto launch games" and press "a" 5. Select "no" and press "a"6. Scroll down to "save and exit" and press "a"7. Reset your xbox WITHOUT a DVD in the drive (turn it off and then on again).
You should now be looking at the main evolutionx menu again; you should not notice anything different, now we can prepare a space to put the game in :
1. Put the game in the DVD drive and wait for the green light on the front of the xbox to stop flashing (you may also notice some writing on the screen change to "game" to acknowledge that there is indeed a game in the drive)2. Highlight "launch menu" and press "a"3. Highlight "apps" and press "a"4. Highlight "boxplorer" and press "a"5. Press Right trigger on control pad (you will notice the "A" change to "B" in the top right corner)6. Press the white button on the controller (this brings up the menu options)7. Highlight "select drive" and press "a"8. Highlight "e:\device\harddisk0\partition1" and press "a"9. Highlight "games" and press "a"10. Press the white button (menu options)11. Highlight "new folder" and press "a"12. Follow the onscreen instructions and "new folder" to whatever your game is called (this is only for reference and does not have to be exact)
You should now be looking at a screen with yellow writing: "new folder" (in) e:\games :
1. Follow the onscreen instructions to accept the new folder2. Press "a"3. Highlight your new folder and press "a" (the writing a the top of the screen should read "e:\games\nameofyourgame\"4. Press the left trigger (you will notice the letter in the top right hand corner turn from "B" to "A")5. Press the white button6. Highlight "select drive" and press "a"7. Select "d:\device\cdrom0" and press "a"8. Press the white button9. Highlight "mark all" and press "a"10. Press the white button11. Highlight "Copy" and press "a"12. Follow the onscreen instructions
Your xbox will now be busy for the next 15-40 min or so depending on your drive speed and the size of the game, so don’t switch it off until its finished, it WILL tell you its finished within the hour.Congratulations you’re done! You can now reset your xbox and launch the game from the evolution x dashboard without the DVD in the drive!*Deleting a game and switching on auto load is an exact reversal of these instructions (remember if you delete the wrong thing you will bugger up your xbox and someone will have to fix it for you**Some evolutionx menu settings may vary, so use your judgment.***Use these instructions at your own risk
This is a very large doc. please Try to read it all, if you want to hack you have to pay very close attention to the details !!
Personaly I love the details. This is where I live.
From: TELECOM Digest (Patrick Townson) <>Message-Id: <>To: telecom@delta.eecs.nwu.eduSubject: Motorola Cell Phone Programming
Special mailing to the list; some good stuff about cell phones.
Date: Fri, 09 Jun 95 18:07:12 PDT From: (Ken Levitt) Subject: Motorola Cell Programming
In response to my request on which pins on the 25 pin connector need to be shorted to get into programming mode on my Motorola Tote Phone, I received several responses. The answer is 20 & 21.
However, I also received a massive document from Dave Mathews( This appears to be the most comprehensivedocument in existance on Motorola cell phone programming.
I have made some formatting changes, added a few lines regarding myexperiences, and fixed a few typos. I think this document should beplaced in the Telecom Archives for future reference by anyone needingthis information.
Document follows:
From: (Dave Mathews)
Some minor changes added by Ken Levitt (
NOTES: Some units have dual NAM's. The ESN prefix is 130 decimal, 82 hex. Motorola: 1-800-331-6456
There are MANY different models of Motorola phones sold under variousbrand names, if you think it's a Motorola, it probably is.
Determine which access sequence to use:
If the phone has a FCN button and no MENU button use sequence 1.If the phone has no FCN button use sequence 2.If the phone has a MENU button and a FCN button use sequence 4.
If the phone has no FCN button and no RCL button use sequence 3.If the phone has a FCN button use sequence 4.If the phone has a MEM button use sequence 5.If the phone has a RCL button and no FCN button use sequence 6.
The default security code is 000000. The CTL (control) button is thesingle black button on the side of the handset.
NAM programing:
1. Turn the power on.
2. Within ten seconds enter the access sequence as determined above.
3. The phone should now show "01" in the left of the display, this is the first programing entry step number. If it does not the security code is incorrect, or the programing lock-out counter has been exceeded. In either case you can still program the unit by following the steps under TEST MODE PROGRAMING below.
4. The * key is used to increment each step:
Each time you press * the display will increment from the step number, displayed on the left, to the data stored in that step, displayed on the right. When the data is displayed make any necessary changes and press * to increment to the next step number.
5. The SND key is used to complete and exit programing when any STEP NUMBER is displayed.
If you have enabled the second phone number bit in step 10 below then pressing SND will switch to NAM 2. Steps 01 thru 06, 09 and 10 will repeat for NAM 2, the step number will be followed by a "2" to indicate NAM two.
5. The CLR key will revert the display to the previously stored data.
6. The # key will abort programing at any time.
Take care with Motorola's use of "0" and "1". Some options use "0" toenable, some use "1".
1. This is a 6 digit binary field used to select the following options:
Digit 1: Internal handset speaker, 0 to enable. Digit 2: Local Use Mark, 0 or 1. Digit 3: MIN Mark, 0 or 1. Digit 4: Auto Recall, always set to 1 (enabled). Digit 5: Second phone number (not all phones), 1 to enable. Digit 6: Diversity (Two antennas, not all phones), 1 to enable.
2. This is a 3 digit binary field used to select the following options:
Digit 1: Continuous DTMF, 1 to enable. Digit 2: Transportable Ringer/Speaker, 0=Transducer, 1=Handset. Digit 3: 8 hour time out in transportable mode, 0 to enable.
On newer models, they have added and changed some numbers. The numbersas of the 3/27/92 manual are as follows:
1. The 6 digit binary field is still the same.
2. The 3 digit binary field has become a 5 digit binary field.
Digit 1: Failed Page Indicator 1=Disabled;0=Enabled Digit 2: Motorola Enhanced Scan 1=Enabled; 0=Disabled Digit 3: Long Tone DTMF 1=Enabled; 0=Disabled Digit 4: Transportable Internal Ringer Speaker 1=Handset; 0=Transdcr Digit 5: Eight Hour Timeout 1=Disabled;0=Enabled
To enter test mode on units with software version 85 and higher you mustshort pins 20 and 21 of the 25 pin (DB-25) transceiver data connector. AnRS-232 break out box is useful for this, or construct a test mode adaptorfrom standard Radio Shack parts.
Notes added by Ken Levitt (levitt@zorro9, regarding Motorola Tote Phone model 52770A The Battery is connected to pins 16 (+) and 3 (-), so pins 3, 16, 20, and 21 should be all you need to get into test mode. When the phone is powered up, "Loc'd" displays on the handset. Enter the unlock to see the alternating status display listed below under #02, or press # to directly enter programming mode. ("US" will display)
For MINI TR or Silver Mini Tac transceivers (smaller data connector) youcan either short pins 9 and 14 or simply use a paper clip to short thehands free microphone connector.
There are two basic types of Motorola portable phones, the Micro-Tac series"Flip" phones, and the larger 8000 and Ultra Classic phones. Certain newerMotorola and Pioneer badged Micro-Tac phones do not have a "flip", butfollow the same procedure as the Micro-Tac.
If you have an 8000 series phone determine the "type" before trying toenter test mode. On the back of the phone, or on the bottom in certainolder models, locate the F09... number this is the series number. If theFOURTH digit of this number is a "D" you CAN NOT program the unit throughtest mode, a Motorola RTL4154/RTL4153 programer is required to make anychanges to this unit.
Having determined that you do not have a "D" series phone the followingprocedure is used to access test mode:
Remove the battery from the phone and locate the 12 contacts at the topnear the antenna connector. These contacts are numbered 1 through 12 fromtop left through bottom right. Pin 6, top right, is the Manual Test ModePin. You must ground this pin while powering up the phone. Pin 7 (lowerleft) or the antenna connector should be used for ground. Follow one ofthese procedures to gain access to pin 6:
1. The top section of the battery that covers the contacts containsnothing but air. By careful measuring you can drill a small hole in thebattery to gain access to pin 6, alternately simply cut the top off thebattery with a hack saw. Having gained access use a paper clip to shortpin six to the antenna connector ground while powering up the phone.
2. If you do not want to "destroy" a battery you can apply an external 7.5volts to the + and - connectors at the bottom of the phone, ground pin 6while powering up the phone as above.
3. You can also try soldering or jamming a small jumper between pins 6 and7 (top right to lower left), or between pin 6 and the antenna connectorhousing ground. Carefully replace the battery and power up the phone. Usecaution with this method not to short out any other pin.
4. A cigarette lighter adaptor, if you have one, also makes a great testmode adaptor as it can be disassembled to give you easier access to pin 6.Many are pre marked, or even have holes in the right location. This isbecause they are often stamped from the same mold that the manufactureruses for making hands free adaptor kits and these kits require access tothe phone's connectors.
/ Antenna Housing ZDD? ZDDDDDEDDEDDDDD? 3* 3 3 *3 CDDDDDABBADDDDD4 To enter test mode, ground pin 6 to either pin 7 3H H HZY@?H H H3 or the antenna housing. I personally wrapped a 3H H H@DDYH H H3 paper clip around the antenna housing and bent it CDDDDDDDDDDDDDD4 so it *ALMOST* touched the test pin. All I had 3 Back of phone3 to do was push the paper clip a little when I 3 with battery 3 turned the phone on. 3 removed. The3 3 H is a pin. 3 3 3 3 Counting at 3 3 the top left 3 3 to right. 3 3 3 31 2 3 4 5 63 37 8 9 1011123 3 3 3 3 3* ZD? ZD? *3 @DDADADDD-ADADDY

This phone follows similar methods as outlined for the 8000 series above.
Remove the battery and locate the three contacts at the bottom of thephone, the two outer contacts are raised and connect with the battery. Thecenter contact is recessed, this is the Manual Test Mode connector.
Now look at the battery contacts, the two outer ones supply power to thephone, the center contact is an "extra" ground. This ground needs to beshorted to the test mode connector on the phone. The easiest way to dothis is to put a small piece of solder wick, wire, aluminum foil or anyother conductive material into the recess on the phone. Having done thiscarefully replace the battery and turn on the power, if you have beensuccessful the phone will wake up in test mode.
ZDDD? 3 3 ZDADDDADDDDDDDDDDDDDDDDD? 3 3 3DDDDDDDD? ZDDDDDDDD3 3 @DDDDDY 3 3 3 3 Flip phone with 3 3 battery removed. The 3 3 H's are pins. Pin 3 3 2 is the test pin and 3 3 is recessed. Put 3 3 something in the 3 3 recess so it touches 3 3 the battery. 3 3 1 2 3 3 3 3 3 H H H 3 @DDDDDDDDDDDDDDDDDDDDDDDY
HANDSETS: Most Motorola handsets are interchangeable, when a handset isused with a transceiver other than the one it was designed for the displaywill show "LOANER". Some features and buttons may not work, for instanceif the original handset did not have a RCL or STO button, and thereplacement does, you will have to use the control * or control # sequenceto access memory and A/B system select procedures.

Phones with "LOCK" buttons: Press lock for at least 1/2 a second.
Phones with a "FCN" button: Press FCN 5, note that 5 has the letter's "J,K, and L" for lock.
Phones with no FCN or LOCK button: Press Control 5, control is the black volume button on the side of the handset.
Phones with a RCL button: Press RCL *, then * to select, STO to store.
Phones with no RCL button: Press Control * then * to select, # to store.
Options are: CSCAn: Preferred/Non preferred with system lockout. Std A/b, or Std b/A: Preferred/Non preferred. SCAn Ab, or SCAn bA: Non preferred/Preferred SCAn A: "A" ONLY SCAn b: "B" ONLY HOME: Home only
(these are typical options, some phone's vary. C-Scan is only available on newer models and does not appear unless programmed, see below.)
TEST MODE Taken from the July 1993 Cellular Subscriber Technical Training Manual Item# 68P09300A60-C and the Curtis Namfax vol.4. I believe this is a complete listing of all the commands that were ever possible. This includes old phones and the new ones. If there are two entries for a particular number, the first one is the current command and the second is for older models.
NOTE: Not all commands work on all telephones. If a command is not valid the display will show "ErrOr." Not all numbers have been assigned. Not all numbers have been listed here. Some commands were intended only for Motorola factory applications. (This is the disclaimer in the technical training manual. I have included all of the other commands I have discovered one way or another. I do believe this is a complete list of the commands.)
Three test commands are significant for programming and registering thethe telephone for service: see full descriptions under TEST MODE COMMANDS.
32# Clears the telephone. (Older Motorola allowed either three or fifteen changes in the MIN. After that, the phone had to be sent to Motorola toreset the counter. This is the command they use.)
38# Displays the ESN
55# This is the TEST MODE PROGRAMMING (as described below).
# Enter Test Command Mode
00# no function
01# Restart (Re-enter DC power start-up routine.) On TDMA telephones, this command has the same effect as pressing the PWR button.
02# Display Current Telephone Status (This is a non-alternating version of the STATUS DISPLAY. On a 14 character display, all the information is shown. On a 7 character display only the information on the second line of a 14 character display is shown. On a 10 character display, all the information on the second line of a 14 charcter display plus the last three characters of the first line are shown.)
STATUS DISPLAY, ALTERNATES BETWEEN: AAA BBB AAA = Channel Number (decimal) BBB = RSSI reading for channel CDEFGHI are as follows:
C = SAT frequency (0=5970, 1=6000, 2=6030, 3=no channel lock) D = Carrier (0=off, 1=on) E = Signalling tone (0=off, 1=on) F = Power attenuation level (0 through 7) G = Channel mode (0=voice channel, 1=control channel) H = Receive audio mute (0=unmuted, 1=muted) I = Transmit audio mute (0=unmuted, 1=muted)
Press * to hold display and # to end.
03# Reset Autonomous Timer. This command results in the reset of the autonomous timer but does not provide any test function on these models.
04# Initializes Telephone to Standard Default Conditions: Carrier Off, Power Level 0, Receiver Audio Muted, Transmit Audio Muted, Signalling Tone Off, SAT Off, Resetting of Watch-Dog Timer Enabled, DTMF and Audio Tones Off, Audio Path Set to Speaker
05# TX Carrier On (Key Transmitter)
06# TX Carrier Off
07# RX Audio Off (Mute Receiver Audio)
08# RX Audio On (Unmute Receiver Audio)
09# TX Audio Off
10# TX Audio On
11(Ch.No.)# Set Tranceiver to Channel xxxx (Receive and Transmit in Decimal; accepts 1, 2, 3, or 4 digits)
12x# Set Power Step to x; (0,1-7) 0=Maximum Power (3 Watts) 7=Minimum Power Out
13# Power Off (Shuts off the radio)
14# 10 kHz Signalling Tone On
15# 10 kHz Signalling Tone Off
16# Setup (Transmits a five word RECC message; each of the five words will be "FF00AA55CC33." Transmitter de-keys at the end of the message.)
17# Voice (Transmits a two word REVC message; each of the two words will be "FF00AA55CC33." Transmitter de-keys at the end of the message.)
18# C-Scan (Allows for entry of as many as 5 negative SID's for each NAM.)
Newer Motorola phones are equipped with a feature called C-Scan, this is an option along with the standard A/B system selections. C-Scan allows the phone to be programed with up to five inhibited system ID's per NAM. This is designed to prevent the phone from roaming onto specified non-home systems and therefore reduce "accidental" roaming fees.
1. C-Scan can only be programed from test mode, power phone up with the relevant test mode contact grounded (see above).
2. Press # to access test mode.
3. Press 18#, the phone will display "0 40000".
4. Enter the first inhibited system ID and press *.
Continue to enter additional system ID's if required. After the 5th entry the phone will display "N2". Press * to continue and add system ID's for NAM 2 as required.
5. If an incorrect entry is made (outside the range of 00000-32767) the display will not advance, press CLR and re-enter. Use a setting of 40000 for any un-needed locations.
6. When the last entry has been made press * to store and press # to exit, turn off power. or [**Phones without the C-Scan option used this command to SEND NAM.**]
18# SEND NAM. Display shows AA BB. Where AA=Address and BB=Data. Displays the contents of the NAM, one address at a time, advanced by pressing the * key. The following data is contained in NAM. The test is exited by depressing the # key. SIDH Sec. Code OPT. (1,2,&3) MIN MIN1, MIN2 FCHNA SCM FCHNB IPCH NDED ACCOLC CHKSUM GIM
19# Display Software Version Number (4 digits displayed as year and week)
NOTE: Entering commands 20# through 23# or 27# causes the tranceiver to begin a counting sequence or continous transmission as described below. In order to exit from the commands to enter another test command, the # key must be depressed; all other key depressions are ignored.
20# Receive control channel messages counting correctable and uncorrectable errors. When the command starts, the number of the command will be displayed in the upper-right corner of the display. Entering a # key will terminate the command and display two three-digit numbers in the display. The first number is the number of correctable errors and the second is the uncorrectable errors.
21# Received voice channel messages counting correctable and uncorrectable errors. When the command starts, the number of the command will be displayed in the upper right-hand corner of the display. Entering a # key terminates the command and will display two three-digit numbers in display. The first is the number of correctable errors and the second is the uncorrectable errors.
22# Receive control channel messages counting word sync sequence. When the command starts, the number of the command will be displayed in the upper right-hand corner of the display. Entering a # key will terminate the command and display the number of word sync sequences in the display.
23# Receive voice channel messages counting word sync sequences. When the command starts, the number of the command will be displayed in the upper right-hand corner of the display. Entering a # key will terminate the command and display the number of word sync sequences in the display.
24# Receive control channel data and display the majority voted busy/idle bit. 0=idle 1=busy
25x# SAT On When x=0, SAT=5970HZ x=1, SAT=6000HZ x=2, SAT=6030HZ
26# SAT Off
27# Transmit Data (Transmits continuous control channel data. All words will be "FF00AA55CC33." When the command starts, '27' will be displayed in the right side of the display. Entering a # key will terminate the command. The transmitter de-keys when finished.)
28# Activate the high tone (1150 Hz +/- 55 Hz)
29# De-activate the high tone
30# Activate the low tone (770 Hz +/- 40 Hz)
31# De-activate the low tone
32# Clear (Sets non-volatile memory to zeroes or factory default. This command will affect all counters, all repertory memory including the last number called stack, and all user programmable features including the setting of System Registration. It does not affect the ESN, NAM, phasing data, or lock code. This takes a minute or so. DO NOT TURN OFF THE TELEPHONE WHILE THIS IS SHOWING '32' ON THE DISPLAY. WAIT UNTIL THE NORMAL SERVICE LEVEL DISPLAY RESUMES!)
33x# Turn on DTMF for x (1-9, *, 0, #, plus the single tones) Where x=1 697 Hz + 1209 Hz 10 697 Hz 2 697 Hz + 1336 Hz 11 770 Hz 3 697 Hz + 1477 Hz 12 852 Hz 4 770 Hz + 1209 Hz 13 941 Hz 5 770 Hz + 1336 Hz 14 1150 Hz (not used in cellular) 6 770 Hz + 1477 Hz 15 1209 Hz 7 852 Hz + 1209 Hz 16 1336 Hz 8 852 Hz + 1336 Hz 17 1477 Hz 9 852 Hz + 1477 Hz 18 1633 Hz (not used in cellular) * 941 Hz + 1209 Hz 0 941 Hz + 1336 Hz # 941 Hz + 1477 Hz
34# Turn DTMF Off
35# Display RSSI ("D" Series Portable Only)
35x# Set Audio Path to x x=0, V.S.P Microphone (Applies to mobiles only.) x=1, Speaker x=2, Alert x=3, Handset x=4, Mute x=5, External Telephone (Applies to Portables Only) x=6, External Handset (Applies to NEWER Portables)
36nnn# Scan (TDMA Telephones only. Scans the primary control channels and attempts to decipher the forward data stream. The display will show PASS1 if the strongest control channel was accessed, PASS2 if the second strongest was accessed, and FAIL if no control channel could be accessed.) (nnn=Scan speed in milliseconds). Tunes from channel 1 to 666 in order. Entering a * pauses the scan and displays current Channel Number and RSSI reading (AAA=Channel Number and BBB=RSSI Reading). When scan speed is 300 milliseconds or greater, the current status is displayed during the scan; when less than 300 milliseconds the status is displayed only during pause. Entering * during a pause causes the scan to resume. Entering # aborts the scan and leaves the mobile tuned to the current channel. During this command only the * and # keys are recognized.
37# no function
38# Display ESN (Displays ESN in four steps, two hexadecimal digits at a time in a for digit display. The decimal shows the address, 00 through 03 as the first two digits, and two digits of the ESN as the last two digits. Use the 'G' to step through the entire hexadecimal ESN.)
Compander OFF ("D" Series Portables)
38# SND-SNM. Display shows AA BB. Where AA=Address;BB=Data. Send the SNM to the display. All 32 bytes of the SNM will be displayed, one byte at a time. The byte address will be displayed in the upper right-hand corner and the contents of that address will be displayed in the hex. The * key is used to step through the address similar to the SEND-NAM (18#) command.
39# Compander ON ("D" Series Portables)
39# RCVSU. Receive one control channel word. When the word is received it is displayed in hex. This command will be complete when a control channel word is received or when the # key is entered to abort the command.
40# RCVVC. Receive one voice channel word. When the word is received it is displayed in hex. This command will be complete when a voice channel word is received or when the # key is entered to abort the command.
41# Enables Diversity (On F19CTA... Series only.)
42# Disables Diversity (On F19CTA... Series only.)
43# Disable Diversity USE T/R ANTENNA (On F19CTA... Series only.) USE R ANTENNA (On D.M.T./ Mini TAC)
44# Disable Diversity USE R ANTENNA (On F19CTA... Series only.) USE T/R ANTENNA (On D.M.T./ Mini TAC)
45# Display Current RSSI (Displayed as a three-digit decimal number)
46# Display Cumulative Call Timer
47x# Set RX Audio level to X (For F19CTA ...Series Tranceivers) X=0, Lowest Volume X=6, Highest Volume X=7, mute Normal setting is 4. (For D.M.T./ Mini TAC Tranceivers) X=0, Lowest Volume X=7, Highest Volume Normal setting is 4. (For TDMA Tranceivers and F09F... Series and Higher Portables) X=0, Lowest Volume X=15, Highest Volume Normal setting is 2 to 4. (On TDMA Tranceivers and Micro TAC portables, settings 8 through 15 are for DTMF applications only.)
48# Side Tone On. Use this command in conjunction with 350# to test the entire audio path in hands-free applications.
49# Side Tone Off
50# Maintenance data is transmitted and test results displayed: PASS=received data is correct FAIL 1=2second timeout, no data rec. FAIL 2=received data is incorrect
51# Test of mobile where maintenance data is transmitted and looped back. Display is as follows: PASS=looped-back data is correct FAIL 1=2 second timeout, no looped-back data FAIL 2=looped-back data is incorrect
52x# SAT Phase Adjustment. A decimal value that corresponds to phase shift compensation in 4.5 degree increments. Compensation added to inherent phase shift in tranceiver to achieve a total of 0 degrees phase shift.
Do NOT enter any values except those shown below.
0 degrees = 0 121.5 degrees = 59 243.0 degrees = 86 4.5 = 1 126.0 = 60 247.5 = 87 9.0 = 2 130.5 = 61 252.0 = 112 13.5 = 3 135.0 = 62 256.5 = 113 18.0 = 4 139.5 = 63 261.0 = 114 22.5 = 5 144.0 = 40 265.5 = 115 27.0 = 6 148.5 = 41 270.0 = 116 31.5 = 7 153.0 = 42 274.5 = 117 36.0 = 16 157.5 = 43 279.0 = 118 40.5 = 17 162.0 = 44 283.5 = 119 45.0 = 18 166.5 = 45 288.0 = 120 49.5 = 19 171.0 = 46 292.5 = 121 54.0 = 20 175.5 = 47 297.0 = 122 58.5 = 21 180.0 = 64 301.5 = 123 63.0 = 22 184.5 = 65 306.0 = 124 67.5 = 23 189.0 = 66 310.5 = 125 72.0 = 48 193.5 = 67 315.0 = 126 76.5 = 49 198.0 = 68 319.5 = 127 81.0 = 50 202.5 = 69 324.0 = 104 85.5 = 51 207.0 = 70 328.5 = 105 90.0 = 52 211.5 = 71 333.0 = 106 94.5 = 53 216.0 = 80 337.5 = 107 99.0 = 54 220.5 = 81 342.0 = 108 103.5 = 55 225.0 = 82 346.5 = 109 108.0 = 56 229.5 = 83 351.0 = 110 112.5 = 57 234.0 = 84 355.5 = 111 117.0 = 58 238.5 = 85 360.0 = 70 53# Enable scrambler option, when equipped.
54# Disable scrambler option, when equipped.
55# Display/Program N.A.M. (Test Mode Programming)
Assuming you have completed one of the above steps correctly the phone will wake up in test mode when you turn the power on. When you first access test mode the phone's display will alternate between various status information that includes the received signal strength and channel number.
Note - On some models, the display will show "Loc'd" when powered up. to disply alternating status, enter the unlock code, or to enter programming mode, press # and "US" will display.
The phone will operate normally in this mode. You can now access Service Mode by pressing the # key, the display will clear and a ' will appear. Use the following procedure to program the phone:
1. Enter 55# to access programing mode.
2. The * key advances to the next step. (NOTE that test mode programing does NOT have step numbers, each time you press the * key the phone will display the next data entry).
3. The CLR key will revert the display to the previously stored data.
4. The # key aborts programing at any time.
5. To complete programing you must scroll through ALL entries until a ' appears in the display.
6. Note that some entries contain more digits than can be displayed by the phone, in this case only the last part of the data can be seen.
Steps 01 through 06 and 12 will repeat for NAM 2 if the second phone number bit has been enabled in step 11.
Take care with Motorola's use of "0" and "1". Some options use "0" to enable, some use "1".
These are eight digit binary fields used to select the following options:
1. (step 02 above, suggested entry is: 11101001 for "A" system, 10101001 for "B" sys)
Digit 1: Local use mark, 0 or 1. Digit 2: Preferred system, 0 or 1. Digit 3: End to end (DTMF) dialing, 1 to enable. Digit 4: Not used, enter 0. Digit 5: Repertory (speed) dialing, 1 to enable. Digit 6: Auxiliary (horn) alert, 1 to enable. Digit 7: Hands free (VSP) auto mute, 1 to enable (mutes outgoing hands free audio until the MUTE key is pressed). Digit 8: Min mark, 0 or 1.
2. (step 10 above, suggested entry is: 00000100)
Digits 1 - 4: Not used in USA, enter 0. Digit 5: Single system scan, 1 to enable (scan A or B system only, determined by bit 2 of step 02. Set to "0" to allow user the option). Digit 6: Super speed dial, 1 to enable (pressing N, or NN SND will dial the number stored in memory location NN). Digit 7: User selectable service level, 0 to enable (allows user to set long distance/memory access dialing restrictions). Digit 8: Lock function, 0 to enable (allows user to lock/un-lock the phone, if this is set to 1 the phone can not be locked).
3. (step 11 above, suggested entry is: 00000000)
Digit 1: Handset programing, 0 to enable (allows access to programing mode without having to enter test mode). Digit 2: Second phone number (not all phones), 1 to enable. Digit 3: Call timer access, 0 to enable. Digit 4: Auto system busy redial, 0 to enable. Digit 5: Speaker disable, 1 to enable (use with select VSP units only, do not use with 2000 series mobiles). Digit 6: IMTS/Cellular, 1 to enable (rarely used). Digit 7: User selectable system registration, 0 to enable. Digit 8: Dual antennae (diversity), 1 to enable.
4. (step 16 above, suggested entry is: 0011010 for portable and 0011011 for mobile units)
Digit 1: Not used, 0 only. Digit 2: Not used, 0 only Digit 3: Continuous DTMF, 1 to enable (software version 8735 and later) Digit 4: 8 hour time-out, 0 to enable (software version 8735 and later) Digit 5: Not used, 0 only. Digit 6: Failed page indicator, 0 to enable (phone beeps when an incoming call is detected but signal conditions prevent completion of the call). Digit 7: Portable scan, 0 for portable, 1 for mobile units.
56# no function
57x# Call Processing Mode x=0, AMPS x=1, NAMPS x=2-4, RESERVED x=5, TDMA signalling x=6, TDMA signalling with loopback before decoding x=7, TDMA signalling with loopback voice after decoding x=8, TDMA signalling with loopback FACCH after decoding x=9, TDMA forced synchronization
58# Compander On (Audio compressor and expander) (See 39#)
59# Compander Off (Audio compressor and expander) (See 38#)
60# no function
61# ESN Transfer (For Series I D.M.T./Mini TAC only)
62# Turn On Ringer Audio Path
63# Turn Off Ringer Audio Path
64#-65# no function
66# Identity Transfer (Series II Tranceivers and some Current Shipping Portables)
67# no function
68# Diaplay FLEX and Model Information
69# Used with Identity Transfer
70# Abbreviated field transmitter audio deviation command, for tranceivers with FCC ID ABZ89FT5668.
71# Abbreviated field power adjustment command, for tranceivers with FCC ID ABZ89FT5668.
72# Field audio phasing commands.
73# Field power adjustment command.
74#-99# no function
Notes: There are several numbers that say "no function" next to their entry. In the technical manual, those numbers APPEAR to have no function. It is very possible that they DO IN FACT have a function. As far as I know, using the information provided by the technical manual, I know of no functions for these numbers. But at the top you'll notice in the disclaimer that NOT ALL FUNCTIONS ARE LISTED HERE. That leaves open the possibility of others. Try these numbers and you may get lucky (or you may wipe some vital information...who knows?). I am in fact almost certain that it is possible to change the ESN via the handset. It is just a matter of finding the correct combination of commands. You can bet that won't be easy, but it can't stay a secret forever though!
For more information, call Motorola and order part# 68-093-00a60. This is a cellular service manual that's used in their cellular service classes that sells for $30. Ask for the Order Fulfillment department when ordering. This manual tells it all! An absolute must have for Motorola users.
I think this might help. There are some that say no function, they MIGHT.Case in point: 37# does something but we don't know yet...:)
Ken Levitt - On FidoNet gateway node 1:16/390 UUCP: zorro9!levittINTERNET: or
[TELECOM Digest Editor's Note: My experience has been that when you examineone of the steps for which there is supposedly 'no function' it is best to*carefully* make notes *before* starting anything.
For example, step through one of those and write down on paper the datayou see there. If there is indeed 'no function' for that step, thenwhatever you see there may be just random garbage. But if you don't knowwhat was there, you can't replace it if you need to!
So write it all down first. Then experiment with different values andsee what you find out. Bear in mind some of those 'no functions' may infact cause the data elsewhere to be erased or altered, thus I cannotstress enough to write down every bit of data from every single step*before* you start messing around with anything.

Saturday, July 16, 2005

You know I really try to learn as much as I can and as fast as I can but I don't
think a 9 or 10 year old kid should be the programmer that I wish I could be . Its like every other day you here about some kid from bumvill, that has the IQ of a genius. I think GOD
has a plan but I just wish that I could have been the kid whos 10 and graduating college.

today is a yang day for me ,
Password100% Find Any Password, Access Your Own Computer!
Lost Word Password?Guaranteed decryption service. 3 minutes per file. Free
Fix All Windows Errors2005 Most-Advanced Error Remover. Fix Your Computer - Free Download!
Password ManagementComprehensive Solutions for Enterprise Security
Windows Password UtilityReset/Remove Admin Password Only $9.99 With Free Ship/
Free SoftwareDownload this software for free. Alternative software also
VBA Password BypasserBypass VBA code password protection Any VBA-featured documents. Now 29$
Help Desk Password ResetWeb Based NT, 2000, 2003 Account Password Reset for SOX, HIPAA
Password Finder $39.95Secretly record instant messages & record their email
Active@ Password ChangerBoot disk to reset passwords for Windows XP 2000 2003 NT. Free
Windows systems allow a convenient storage of frequently used passwords, such as the password inside Outlook Express. However, since you no longer enter the saved passwords manually, you tend to forget them. And the system will only display such stored passwords as a row of asterisks ("*****").
ActMon Password Recovery XP by iOpusWindows 95/98/NT/2000/XP, shareware, free trial, 30 day money-back guarantee, $29.95 (purchase)
This program allows you to decrypt and display passwords hidden behind asterisks. It works automatically on Web pages and applications on Windows 9x and Windows NT/2000/XP systems. Activate the utility, drag the mouse cursor onto the password field and your password is revealed instantly.
Behind Asterisks XP by Sontrex SoftwareWindows 95/98/NT/2000/XP, shareware, $24.95Purchase the full registered version
An equivalent program from Sontrex Software
Pluggable password strength checking for your servers
pam_passwdqc is a simple password strength checking module for PAM-aware password changing programs, such as passwd(1). In addition to checking regular passwords, it offers support for passphrases and can provide randomly generated ones. All features are optional and can be (re-)configured without rebuilding.
You may view the latest README and PLATFORMS files (both are also included in the archive below).
pam_passwdqc 1.0.2 and its signature
These files are also available via FTP.
Follow this link for information on verifying the signatures.
We may help you integrate pam_passwdqc into your OS installs, please check out our services.
pam_passwdqc has been integrated into FreeBSD 5.
pam_passwdqc is used on Owl, distributions by ALT Linux team, and ASPLinux. Additionally, it is a part of Debian GNU/Linux, SuSE Linux, and very recent versions of Red Hat Linux.
You may want to check out these other PAM modules.
Support further work on this software with donations.
Hosted by DataForce ISP - Powered by Openwall GNU/*/Linux
Want to learn how to read write HTML go to

This site will help you if you want to learn

For all HACKING tools please visit

For the novice to the elite the HACKING EXPOSED books are the shizz
Check them out if you are a serious web designer or a sneaky hack .
These books will teach anybody alot and I mean alot about security holes and

With a little bit of technical acumen and a few hundred dollars, enterprising thieves can walk away with some late-model cars and gas them up for free to boot, according to research published by computer security experts at the Johns Hopkins University in Baltimore and RSA Security Inc.'s RSA Laboratories in Bedford, Mass. In January, the researchers published the results of a technical analysis of a kind of secure radio frequency identification (RFID) technology called Digital Signature Transponder (DST) from Texas Instruments Inc., which is widely used to secure newer-generation automobiles and electronic payment systems like Exxon Mobil Corp.'s Speedpass. The work revealed serious weaknesses in the cryptographic security used to protect data sent back and forth, and shines a light on the problem of security systems that rely on aging or inadequate cryptography, according to experts. The team of researchers included staff from Johns Hopkins' Information Security Institute such as Avi Rubin, the computer security expert who gained fame for his analysis of flawed electronic voting technology from Diebold Inc. Rubin and a team of three graduate students, along with cryptography experts from RSA, used reverse-engineering techniques and custom-designed tools to crack the cryptographic keys used to secure the systems and simulate both the RFID DST tags and readers. The hack allowed researchers to disable a vehicle immobilizer in a 2005 Ford automobile using a specially equipped laptop computer, and purchase gas at a number of Exxon Mobil locations with a homemade Speedpass device, according to a copy of their findings posted online.
law enforcement officials charged with busting sophisticated financial crime and hacker rings, making arrests and seizing computers used in the criminal activity is often the easy part. More difficult can be making the case in court, where getting a conviction often hinges on whether investigators can glean evidence off of the seized computer equipment and connect that information to specific crimes. The wide availability of powerful encryption software has made evidence gathering a significant challenge for investigators. Criminals can use the software to scramble evidence of their activities so thoroughly that even the most powerful supercomputers in the world would never be able to break into their codes. But the U.S. Secret Service believes that combining computing power with gumshoe detective skills can help crack criminals' encrypted data caches. Taking a cue from scientists searching for signs of extraterrestrial life and mathematicians trying to identify very large prime numbers, the agency best known for protecting presidents and other high officials is tying together its employees' desktop computers in a network designed to crack passwords that alleged criminals have used to scramble evidence of their crimes -- everything from lists of stolen credit card numbers and Social Security numbers to records of bank transfers and e-mail communications with victims and accomplices.
New research on several commonly used hash algorithms has revealed security weaknesses in e-commerce systems and the internet, according to experts. Hash algorithms are used by computers to compare data, and are a cornerstone of encryption and IT security systems. However, experts have warned that hackers now require only 15 minutes to create two email messages that produce the same digital signatures when checked by the most commonly used hash algorithms.
A double-edged threat that attempts to hijack PCs has surfaced in at least three variants, security companies warned on Friday.The new pest, Lebreat, is a combined network worm and mass-mailing worm, F-Secure said. Once run on a PC, it installs a backdoor for hackers, downloads the mass-mailer code and attempts to launch a denial-of-service attack that targets security giant Symantec's Web site, the Finnish antivirus specialist said. The malicious code is also known as Breatle and Reatle at other antivirus companies."This virus claims to be 'Breatle AntiVirus v1.0,' and it spreads over both e-mail and network vulnerabilities," F-Secure said.The network-worm part of Lebreat exploits a known Windows flaw in a component called the Local Security Authority Subsystem Service, the security company said. The LSASS vulnerability was also used by the Sasser worm, F-Secure said in its advisory. Microsoft issued a patch for the LSASS flaw last year.

A campaign of 'hacktivism' aimed at improving the quality of local television news has left reporters fearing on-air ambushes from a giant tiger or a cheese-flinging martial arts expert. Shock tactics have been employed by a New York-based group that says it has had enough of TV stations feeding viewers an insipid diet of minor car accidents, petty crime and house fires in which nobody gets hurt. In an attempt to get 'real news' back on the agenda, the Newsbreakers group has hijacked live reports in several states with an array of characters including Cheese Ninja, an alcoholic religious correspondent called Dizzy Monk and the Reverend Utah Snakewater, who delivers on-air exorcisms. The activists - a team of technicians, actors and a former journalist - post footage of their successful 'busts' spliced with their own campaign messages on their website,
( )
A Web site created by federal mandate last year to help consumers spot identity theft is opening up new avenues for fraud, according to a privacy watchdog group. The site,, offers consumers free copies of their own credit reports. It was launched in December by Equifax, Experian and TransUnion, the three major credit reporting agencies in the United States, in accordance with the Fair and Accurate Credit Transactions Act of 2003. The federal law aims to quell growing concerns over privacy and disclosure of sensitive financial data. However, the online service has quickly fallen prey to imposter sites, which are designed to lure traffic from a legitimate Web site by adopting a similar domain name. Imposters targeting the site now number 112, according World Privacy Forum, a nonprofit based in San Diego that's studying the problem. Another 120 registered domains that aren't currently active employ the words annual credit report in some combination or are close misspellings of the official site, the group said. Many of the imposter sites serve as "ad farms," referring visitors to credit bureaus that charge for the reports, World Privacy Forum said. The imposters then collect referral, or "pay per click" advertising, fees from for-pay bureaus
An unemployed North Londoner has been accused of committing the "biggest military computer hack of all time" by the U.S. government while authorities in Britain chose to release him without charge. Gary McKinnon has a lot to worry about. His job prospects are bleak. He will shortly have to leave his home in North London and could be facing up to 70 years in a U.S. federal prison--a prospect that terrifies him. His actions have been well-recorded. Over a period of years he managed to bypass the security of what should be the most sophisticated IT systems on the planet, many of which belong to the U.S. Department of Defense and NASA. That was back in 2002. McKinnon has already been investigated thoroughly by the legal authorities in the United Kingdom and released without charge.
$1,000,000 for yours truly!

On receipt of an e-mail from an Internet scam outfit, the Editor of Expatica Netherlands wasted no time in ringing up to collect the promised $1 million jackpot prize. "Yes, it is amazing isn't it," the voice on the line from Germany replied as I expressed surprise at winning a lottery that I had never heard of before. (I didn't bother to mention that I had regularly consigned dozens of similar e-mails to the recycle bin). "You are all just very lucky," the man with an accent replied undaunted when told that two other colleagues have also received e-mails the same day telling them how to collect their winnings. So, if this isn't a scam, how does it work? "Absolutely, we are genuine. It is an Internet lottery, special software picks out the numbers of the winning computers active on the Internet," the man said. Really, how does that work? "The software picks the computer numbers... I don't know... I only work here." Don't worry about it. Can I have my money now? "Sure. Which e-mail did you receive and what is your name?" At this stage I begin to feel the guy on the other end of the phone isn't even trying.

Friday, July 15, 2005

This picture is my mind pretty much . I'm

Either pissed or laughing . I think Im bi-polar

well at least my girlfriend does.


WEB sites for the hacking inclined


Normally it should not be possible to access the password file. But in some cases , like the ones below , access is possible

The password data is in the public _HTML area of the server . i.e. in the folders where HTML documents are accessible via WWW.

Many users have a personal virtual web server on the main web server

The second situation arises when the website provider rents through a larger web space provider , which manages many other smaller web servers on his system
( e.g. ect. )
It then becomes possible to access the password data in caes one has an account on the same
computer system and the password data is publicly available. Using FTP or TELNET it is
possible to get into the folder with the password data , and to read these. Using Brute Force
Password crackers like " racrk v5.0" the password can be decoded . This can take a few hours
I have spent days on this a web master should not manage his pay site on a web server
shared by other web sites .

The devil is in the details ...

Thursday, July 14, 2005

he who fails to obtain the object of his desires is disappointed , and he who incures the object of his aversion wretched
thus ,hating sickness,death,and poverty willdo no good but will lead to disappointment

5:13 But all things that are reproved are made manifest by the light : for whosoever make manifest is light
The Epistle of Paul the Apostle

6:12 For we wrestle not with flesh and blood,but against principalities, against powers, against the rulers of the darkness of this world, against spiritual wickedness in high places .
The Epistle of Paul the Apostle
The admin tools
Many pay site webmasters have admin areas , to which only they have access. There, they can manage accounts,such as create new and delete old passwords ect.
Very often these admin areas are not within a password protected area . The webmasters think no-one would know the url of their admin tools. However the url is sometimes easy to crack becouse it often has titles such as
these are just examples , one could try out ither possible combonations. Anyone accessing the admin site has complete control to add as many passwords as one would like

Anonymous surfing
Several hackers surf anonymously in the internet,and order for items or use pay services useing fake credit card info. but the thing to remember is the ip address should not be classifiable. You manage this by connecting an anonymous proxy within your system . This is applied as any normal proxy that offers ISP. The only difference is that the proxy used is overseas , and the hackers are aware that the owners of such a proxy do not keep log files on the user.

The enemy is ignorance!
I am very new to hacking but I have learned a few small but important steps to begining the never ending road of hacking .

Footprinting-The systematic footprinting of organizations enables attackers to create a complete profile of an organization's security posture.
First you should determine the scope of your activities , corporate or subsidiaries.
It can be a large task to determine all the entities associated with a target organization.
The internet provides a vast pool of resourses you can use to help narrow your scope of activities and can provide info on organizations and thier employees.
first start with the organization's web page if it has one. Many times an organization's web site will provide a rrediculous ammount of info that WILL aid attackers. Some corporations will list thier security configuration options on thier web server.
Other items of intrest are locations , related companies, merger or acquisition news , phone numbers, contact names, e-mail addresses, privacy or security policies indicating the types of security mechanisms in place,links to other related organizations
this is just a small part of my knowledge of hacking I will continue to post info if I have any response
" Control thy passion lest they take vengence on thee"
Epictetus , Greek stoic philosopher