LOD- An Introduction to Hacking TOPS-20s

From Area51 Archives

Jump to: navigation, search
Author: The Blue Archer
Date Released: 01/01/1987 - LOD/H Technical Journal 1


An Introduction to Hacking TOPS-20s

To begin with, I would like introduce this article and clarify a few things. Firstly, this article was written to familiarize interested hackers in DEC's TOPS-20 (Total OPerating System-20) and give them knowledge of how to properly utilize its resources. This article will generally be limited to the basics, with an advanced article forthcoming. Secondly, you may have seen other articles I have written on the Tops-20 a while back. Well this is simply a better organized and updated article with primarily the same information. And finally, I would like to say that I welcome any and all questions about the article or the operating system and would be glad to help out with any problems. I may be reached on certain boards or through the LOD/H TJ Staff Account on sponsor BBS's. Anyway, have a good time hacking your local TOPS!

Starting Notes

  • Capital letters in the beginning of a command indicate that those letters alone may be typed for the whole command.
  • <>: Brackets around any element(s) are required.
  • (): Parenthesis are not required unless otherwise stated.
  • D: This symbol refers to control (ex: DA= Control-A).
  • @: Is the general system prompt and is not considered to be typed by the user when shown in examples.
  • $: This is the enabled state system prompt (explained hereafter).



The commands for entering and leaving a Tops-20 are LOGin and LOGOut respectively. The correct usage of these command are as follows:


Where username is a variable for the account name. Account names may be virtually anything, depending upon the system. I employ two methods for attaining usernames. The first, and most commonly known and used is checking the system status. This is done thusly:


This will cause the computer to list out various information about the assorted users logged in and their status and the status of the system as a whole. This command does not work on all Tops-20 computers from a non-logged in state, namely versions 6.1 and higher. A second and immensely more effective method is superior use of the escape character. The complete use of this character will be discussed later. For use in logging, one types LOGin and then a letter or series of letters and then the escape key. Depending on the number of usernames beginning with the same letter(s), the computer will fill in the rest of the username. Once the letters are in such a way that if one continued typing, only one valid username could be gotten, the escape key will fill in the rest if pressed. Here is an example:

@LOGin S(escape)

(the computer responds with a beep because there is more than one username starting with the letter S, so I type another letter)

@LOGin SM(escape)

(beep once more)

@LOGin SMI(escape)

(The computer fills in the 'th' part of the username for me and asks for the password with the parenthesis and all). One note: If the computer fills in an account name and then when a password is tried it responds with a 'not valid account' message, it simply means that it is a non-loginable files-only account which will be discussed later. While trying to gain access to a system, it is wise to use all the pre-login resources avaiable. On versions 6.x these resources are virtualy nil but on the older versions, one may sometimes find an incredible amount of help. To see what actual help is available, type:

 @HELP ?

Look for certain things like SECURITY and LOGINHELP. If the system in use is on a net, or for some reason the dialup number is not known but wanted, it can sometimes be found in help files most commonly named DIAL, DIALUP(S), and PHONES. So, to view them, simply type:


Or the name of whatever help file that is desired to be seen. The Information command is also a useful command, more fully discussed later. The most useful Information commands are as follows:

@Information VERSion

This will display the banner. If the computer, for security reasons, did not display the banner upon connection, then this may prove useful in identifying the target computer

@Information DEC

lists the various Decnet nodes available. On 6.x versions


will tell if a path is open to the node or is the object node is currently up and running.


will tell the status of ARPANET with respect to this particular computer. Meaning whether or not the software is up and running and the status of connections. Networking will be explained in the advanced Tops hacking file.



Under normal circumstances, with the exception of currently running programs, the exec level (command level) prompt will be either �@' or �$' depending on certain options, which will be discussed later. For now we will assume the prompt is @. This is the place where commands given are executed immediately. Certain characters are also available for use here (and other places) which make life on a TOPS-20 easier. Here is a list of those characters:

1) DC: This gets the system's attention. It will break out of most programs and processes. It may be necessary to type 2 for it to work, though.

3) DO: Halts terminal output without interrupting the program. A second DO restarts output to terminal. Note: under this condition output is still being sent by the computer, it is just not printed on the terminal, as opposed to an actual ceasing of output by DS.

4) DS: Temporarily pauses current output.

5) DQ: Resumes output currently suspended by DS.

6) DR: Retypes current line discarding old line.

7) DT: Prints information including what the program in use is doing, CPU information, and load average (amount of users on system.)

8) (Escape): The Escape key causes a form of recognition for virtually anything being done on the TOPS. It will complete commands, filenames, and just about anything else being typed to the computer. For example I(escape) would result in the command INFORMATION. For further information on this command refer to the logging in procedure utilizing this feature.

9) ?: This is used to obtain information regarding what the system is expecting as input or what the current command options are. It may be used almost anywhere, including after single or multiple letters, filenames, etc. example: @C? would print a list of available exec level commands starting with the letter C.

Here is a list of commands used to obtain system information:

1) DAYtime: Prints current data and time of day.

2) HELP: Gives help on a wide variety of topics, depending on the system. For a complete list, type: HELP ?

3) Information: Provides information on a wide variety of topics. For a complete list, type: I ?

4) SYstat: Outputs a summary of system users and available computer resources.


The TOPS-20 users login and use the system via accounts which are variable with different privilege levels and access rights. Accounts are specified by usernames and most of the time the directory names are the same as the account names as is also common for VMS. So, logging in under the SMITH means that one is under the account (username) SMITH. To find out the privileges of an account, type:


This can always be done to the account logged in under, and sometimes to other accounts depending on access rights and the security of the other account. This command prints out information regarding the account specified. It will even show passwords on pre-6.x versions of TOPS if one has sufficient privs. In general the two major levels of privs are full and normal. Full privs are denoted by OPERATOR or WHEEL in the privilege information printed. This level gives the user complete authority over the system. The normal level of privs means anything else but OPERATOR or WHEEL. These forms of accounts have limited access with respect to system operations and other accounts. Access to certain programs, files, and information is restricted to whatever extent the system owners choose. Other minor privilege abilities enable the user to perform slightly more than completely normal users, and sometimes may be of importance depending on the circumstances. Creation and modification of accounts is done through the BUIld command. Example:


Where <USERNAME> is the account to be modified (already exists) or an account to be created (non-existant). Depending on the privs of the account attempting to build and system restrictions, one may have a great deal or virtually no power to create and modify. On most systems, only wheels and operators can create top level accounts (loginable non-subdirectory accounts). File storage sub-accounts can be created almost anywhere. These are simply accounts in which files are put, and these accounts cannot be logged into. To see what options have been chosen for the account being built, simply type:


Other options for the account being built are as follows:

1) WHEEL: This gives the account wheel (complete) privileges. If this option is chosen, then others may be excluded for it is all-encompassing, it overrides any and all protection.

2) OPERATOR: Same as wheel.

3) DECNET-ACCESS: This allows the account to use the decnet, assuming there is one available. DECNET and other nets will be explained in the advanced article.

4) ARPANET-ACCESS: Allows user to use the Arpanet.

5) ARPANET-WIZARD: This command allows the user ARPANET ACCESS and more. This account has the ability to turn the Arpanet software of the system on and off. The commands are as follows:


Use of DE will be discussed in the next article. The dollar sign for the system prompt is explained later.

6) IPCF: Allows Inter-Process Communication Facility capabilities.

7) DEFAULT-FILE-PROTECTION: Sets the protection of the files in the user's directory. The lower, the more secure.

8) PROTECTION-OF-DIRECTORY: Sets protection of the actual account itself. This means who can connect to it, modify it, etc. Once again, the lower the protection, the more secure it is against others.

9) PASSWORD: Sets the password for the account. Type PASSword with the actual password after it.

10) KILL: This destroys the account. This command removes the account from the system. To complete the creation/modification, type two carriage returns.

The system will not recognize the user as having its various privileges unless it is told that they are there. This is done thusly:


This enables all the user's privileges and changes the prompt to a '$'. All accounts, even wheels, are considered normal until enabled, so this must always be done before an action requiring privileges is performed. It is fine to do this immediately after logging in and leaving it like that, for it does not save any adverse effects. At all places in this article where there is a '@', if enabled would be a '$'.


Directories are storage places for files. Each account has a directory in its own name, and possibly one or more subdirectories. To see what files are in the directory connected to at the moment, type the command DIRectory:


This will list what files, if any, are accesable in this directory. At the time of login the computer sets the account's own directory as the one to be connected to unless otherwise specified by such things as login adjustment files (to be discussed at a later date.) Subdirectories of an account are denoted by a period between the account name and directory name. Example: <ACCOUNTNAME.SUBDIRECTORYNAME> Subdirectories are dealt with as normal directories for purposes of usage. Dealings with directories other than the current default directory require the use of brackets. For example, if one wanted to look in a directory titled <SMITH>, he would have to type:


And assuming his directory is not protected, a list of files in the <SMITH> directory will be produced. The current default directory (the one connected to) does not require brackets for usage. Most directory commands may be used on other directories by simply placing the object directory (one to be commanded) in brackets after the command. Here is a list of some of the more important directory related commands:

1) ACCESS: This command requires the password of the target directory and, if correctly given, transfers rights to that directory including creation/deletion of files, etc. The format for usage is:


2) CONNECT: This changes the current default directory to the specified one. It may be countered, though, by protection. If ACCESS to the object directory is on then connection may be established regardless of protection. The command is used like this:


3) COPY: This duplicates an already existing file in another directory to the current default directory or another specified directory. The format is:


to copy it to the default directory, or:


to copy it to another directory.

4) DELete: Deletes the file from the directory. It still exists and may be retrieved until it is completely removed.

5) EXPunge: Completely removes deleted files from the system forever.

6) FDIRectory: Lists all information about all files in directory.

7) RENAme: Rename a specified file. The format is:


8) UNDELete: Restores deleted files which have not been expunged yet.

9) VDIRectory: List all information about all files in directory specified, including protection, size, and date and time when they were last written.

Files in directories are in the form of: FILENAME.FILETYPE.# where filename is the name of the file, filetype is the kind of file, and # is the number of the file. If there is more than one file with the same name, multiple numbers will be shown. If a number is left out when a command dealing with a file is typed, then the file with the highest number will be used. Here is a list of filetypes and how to properly use them:

1) .BAS: These are files written in basic. To use these, type BASIC or BASIC20 and LOAD them in and RUN, LIST, or modify them in the basic language and SAVE.

2) .BIN: These are binary files containing program data and are generaly not directly used.

3) .CMD: These are command files. They are files of a series of commands to be executed. Commands will be carried out as if typed by the user from the exec level. To use them, type: @TAKE FILENAME.CMD They are very useful for performing long processes which must be done often.

4) .CTL: This is a control file for batch jobs. It tells the batch job what to do when it logs in. Batch jobs are jobs logged into the account which created it to carry out commands. Further discussion of batch jobs is in the next TOPS article. The format for usage of these files are:


5) .EXE: Files of this sort are executable from the exec level. They are assembled programs in machine language and the fastest sort of program on the TOPS. To use them, type:


6) .HLP: This is basically just a text file. Use the same command as the .TXT forms of files. If a file of this sort is placed within the actual <HELP> directory, it becomes available to the whole system by simply typing:


All information obtained through the HELP command is actually in the form of files in the <HELP> directory.

7) .INIT: These are initialization routines for various programs. They are not used directly.

8) .LOG: This is the output of batch jobs. It details the actions of the job and the responses of the computer. To view, do this: @TYpe FILENAME.LOG

9) .MEM: This is a memorandum. Often times being inter-office memos and the like. Use them as any normal text file.

10) .TEXT: This is the uncommon filetype name for a text file. See .TXT for proper usage.

11) .TXT: These are text files. They contain written information and data to be read. The command for using them is as follows:


To use files in other directories, type the directory name in brackets before the filename. Ex:


This applies for all filetypes and commands. Once again restrictions may apply with regard to protection.


Communication to other system users is done primarily two ways: direct and indirect. Direct includes chatting with another online user and such, while indirect is generally done through electronic mail and the like. Here are the common commands of direct communication:

1) ADVISE: When this is done, whatever is typed at one terminal is executed at another. For example:


Then, whatever is typed will be carried out as if typed from that terminal until the link is broken.

2) BReak: This breaks all links to the terminal typing BReak.

3) RECEIVE: This allows the terminal to receive either LINKS or ADVICE, as specified by the command. Ex: @RECEIVE ADVICE

4) REFUSE: This puts up a barrier keeping links or advice from reaching the terminal. REFUSE ADVICE is default when logging in, so in order receive advice, one would have to type the proper command.

5) REMark: Goes into a chat state in which textual information is sent to the computer and not interpreted as commands.

6) TALK: Establishes a link between two terminals. Ex:


would establish a link with SMITH. Whatever is typed is seen by both parties. REMark is useful here if a conversation is to ensue.

Electronic mail can be sent and read through various programs. The most common ones being MM, MAIL, MS, and RDMAIL. Users are informed when they have a message waiting upon logging in. Mail is stored in the file MAIL.TXT in the user's directory. MM and MS are the best mail programs and should be the ones used, so here is a very brief explanation of the major commands they both use (they are very similar).

1) SEND: This is the command used to send mail to another user. At the prompt of the respective mail program, type SEND and a carriage return, the computer will prompt for information such as the user for the message to be sent to, other users to receive a copy of the message, and the title of the piece of mail.

2) READ: This command, if typed with no argument, will start reading all currently unread mail. If used with the number of a piece of mail, it will read that one alone.

3) HEADERS ALL: This will give a list of all the titles of the various pieces of mail in the user's mailbox and the corresponding number of that mail. Sending mail over networks will be discussed in the next article. Look for it in the next issue of the Technical Journal.


Feel free to comment on this page using the form below.

Personal tools