ADDS Mentor 2000 - A little more success/info

Dave Dunfield dave06a at
Sat Apr 15 14:01:44 CDT 2006

Hi Jim,

> On this variety of Pick, which was most compatable with the Microdata 
> Reality
> version, and Picks own R83, there are what are system privilege levels
> SYS0, SYS1 are user account levels, and cannot access system commands,
> or edit the SYSTEM account dictionary, which contains the account 
> definitions.
> SYS2 allows you to edit the system dictionary, and therefore change the
> system account privileges.  This is what you need to find access to to
> change the passwords, which are also there.
> The restart of the account at login state is what you are seeing when you
> type end at the ! (bang) sign, which is the debugger.  SYS2 is also required
> to do anything but G (go) or END (return to tcl, or restart at login), 
> or OFF
> (logoff) at this debugger. 

Thanks for the info - So I assume that getting to it from any of the accounts
I mentioned would be too low a privilege level to be useful - As noted in an
earlier message, I can also get to this debugger by hitting BREAK during
the system boot - is there any innocuous command I can try to determine if
entering it thusly results gives me better access?

> this pick systems file system is what you could call two level.  the system
> has one "system" dictionary, which is a databas file with account definition
> pointers, which point to dictionarys, which define the accounts.  The
> accounts contain pointers to more data sets, which are the file definitions.
> this is the only number of heirachies in Pick of this variety.  So your
> objective is to get into and modify the system dictionary and its control
> info without messing up your system completely.  The game you have
> to play is to find the places where you can get into the debugger and
> carefully  modify these items, since there are not usually any convenient
> places where you can do it with the normal editor.

I understand - I've learned from other reading that the password is "attribute
7" in the system file entries - I gather these are encrypted so that I can't
just "see what it is". There are commands in the ADDS monitor (Pick not
running at all) to read and write disk sectors - If I knew what to look for, I
could write a program to read and dump disk sectors until it finds the
SYSPROG entry in the system file ...

Do you know how sophisticated the password encryption is?  Is it the
same on all Pick systems?  Would it be feasable for someone with a
running system to assign the password 'PASSWORD' for example,
then give me the encrypted form which I could patch into the system
file - or is it tied to other factors to prevent such simple replacement
(I've read that Pick is not overly strong on security). If the encrypted
password field is variable length, then we might need a "list of known
encrypted passwords" of the various lengths, so it could be binary
patched into the file sector... ? Just musing here ?

> Having a list of the SYSPROG passwords from the original owner
> would be really plus.  Also a sysgen tape would be very good if
> you mess the system up.  These are going to be pretty rare, and
> most people who would have these systems now would not be able
> to copy it for you.  That was not a thing most ordinary pick sites
> could do.

I've asked him to try and recall the password, and to let me know if
he finds any tapes (sent him a photo so he will know what he is looking
for), however I am not overly hopeful that this will bring results.

Within the next day or two, I am going to try and make backups of the
hard drive, both with the low-level monitors backup command, and the
BACKUP user login which launches a backup menu.

Some of the docs I have outline a procedure to create a sysgen tape
from the running system - but I have to get access to SYSPROG


dave06a (at)    Dave Dunfield
dunfield (dot)  Firmware development services & tools:
com             Collector of vintage computing equipment:

More information about the cctalk mailing list