WTV &CODES:
The first of these WTV-specific codes were discovered by Idiotic in August '98 as he began to explore the WebTV Viewer: a WebTV simulation for PCs. To the best my knowledge, Idiotic was the first to download the Viewer with the intent of dissecting it. He was also the first to get source codes for WTV pages. Since then additional &codes have been found... and it was eventually discovered what each did.
Since the codes seemed harmless, I consulted with Idiotic and the first batch of these codes were released in early September '98. They were an immediate hit... appearing in sigs everywhere. What a mistake it was. It was soon clear that some of these codes posed a security risk and WTV's FALL '99 Client upgrade has disabled these codes on regular webpages and in mail.
So, what are these &Codes?
If you have ever used the 411 PowerOff code, you know it taks your to your box's TechInfo Screen. That URL is file://rom/htmls/TechInfo.html. It displays information such as your current Client Build version, you Silicon ID #, system configuration, etc. Unlike the WTV-SETUP:/GET codes, this page is NOT generated at WNI but within your box... afterall, if you are using a PO Code you are off-line. These &codes also appear in several other WTV pages like WTV-TRICKS:/INFO. It should be noted that many of these codes are related to the WTV-SETUP code. For more information please visit here or here.
If you were to see the actual TechInfo's page source code you'd only see &codes like &ssid and &vers. These &codes are able to display current information about your Browser's configuration and settings as well as some personal information.
All too many users have been taken aback seeing their personal information... like their zip code or phone number, in someone else's letter or post. They were unaware only they could see this information. The perp had merely included &Codes in his sig or web page.
If that's all these codes could do, they would not be a problem... except for the countless calls WNI got from Users dissatisfied about their modem speed. But, in late November '98 MasterDon figured out a method to use "forms" to grab this information from others... that is if they clicked on a button in a post or web site. Soon, the hacking NGs were filled with posts trying to con readers into pressing one button or another.
Even more insidious, in January of '99 Nonymous found a way to use a web site referrer service to grab these codes... including the potentially private information. All a user had to do was read a post or open a letter. The referrer was sent back to the service which in turn automatically e-mailed perp! The victim was totally unaware anything had happened!
But it gets worse: In February '99 ECWFRK and MirrororriM discovered they could use this referrer service to get both a user's BYOISP phone number and password! It was a haphazard process... and more than likely the BYOISP dialup was a toll call. In all cases above WNI was notified and it's no wonder WNI's fall '99 Client upgrade has disabled these codes! The referrer service was also notified how it could be abused.
Actually, there are hundreds of these &codes used in HTML. The first list here is restricted only to those specifically used to provide technical information about the WTV Browser and it's doubtful they'll work with a PC. Below are the HTML special enity codes.
USING &CODES:To use the &Codes they must be used within an HTML tag and they must end with a semi-colon. For example
&CODE: | ACTIVATED | DESCRIPTION |
&vers | &vers; | Client Version |
&wtv-bootvers | &wtv-bootvers; | Boot Version |
&wtv-syscfg | &wtv-syscfg; | System Configuration |
&wtv-chipvers | &wtv-chipvers; | Chip Version |
&wtv-ssn | &wtv-ssn; | Silicon Serial ID # |
&rate | &rate; | Modem Speed |
&wtv-appvers | &wtv-appvers; | Client Build |
&cpu | &cpu; | CPU Speed |
&wtv-vidinfo | &wtv-vidinfo; | Video Decoder |
&wtv-scrres | &wtv-scrres; | Screen Resolution. Can this be changed? |
&wtv-1800addr | &wtv-1800addr; | WNI Server IP |
&CODE: | ACTIVATED | DESCRIPTION |
&thumb | &thumb; | Thumbnail URL |
&find | &find; | Contents of your "FIND" box |
&wtv-adv-opt | &wtv-adv-opt; | Advanced Options. Classics have this option. Plus boxes do not. |
&url | &url; | URL of current page |
&exurl | &exurl; | Last URL visited |
&title | &title; | Title of current page |
&date | &date; | Current Date |
&fsize | &fsize; | font size: small, medium or large |
&kbd | &kbd; | On-screen keyboard config: alphabetical or standard |
&brdrs | &brdrs; | Shade of screen border |
&wtv-muzac-on | &wtv-music-on; | ? |
&tempo | &tempo; | Music Tempo |
&connpw | &connpw; | Connect to web when powering on |
&vol | &vol; | background music volume: setup-bgm-volume |
&CODE: | ACTIVATED | DESCRIPTION |
&audio | &audio; | Audible dialing |
&pulse | &pulse; | Pulse dialing on/off |
&tone | &tone; | Tone dialing on/off |
&dtone | &dtone; | Wait for dial tone |
&hack | &hack; | Call waiting on/off |
&nowait | &nowait; | No callwaiting |
&wtv-sens1 | &sens1; | call waiting sensitivity |
&wtv-sens2 | &sens2; | call waiting sensitivity |
&wtv-sens3 | &sens3; | call waiting sensitivity |
&wtv-sens4 | &sens4; | call waiting sensitivity |
&slow | &slow; | Dialing Speed |
&med | &med; | Dialing Speed |
&fast | &fast; | Dialing Speed |
&outstr | &outstr; | Dialing prefix from wtv-setup:/phone-basic |
&wstr | &wstr; | Call waiting block prefix from wtv-setup:/phone-call-waiting |
&phone | ☎ | Your phone #. This has worked periodically |
&ldp | &ldp; | Long distance dialing prefix |
&free | &free; | 1-800 number override |
&anum | &anum; | Special Dialup # from file://rom/htmls/AccessNumber.html |
&hasit | &hasit; | ? |
&dout | &dout; | ? |
&broke | &broke; | ? |
&CODE: | ACTIVATED | DESCRIPTION |
pname | &pname; | BYOISP provider name |
&lname | &lname; | ISP user login name |
&banum | &banum; | BYOISP Dialup 1 |
&banum2 | &banum2; | BYOISP Backup Dialup. May be blocked. |
&bpass | &bpass; | BYOISP password. May be blocked. |
&byoisp | &byoisp; | BYOISP |
&CODE: | ACTIVATED | DESCRIPTION |
&tv-zip | &tv-zipcode; | ZIP for TV listings. Set at TV Home |
&tv-download | &tv-download; | AutoRetrieve of TV listings. Set at TV Home |
&tv-dl-time | &tv-dl-time; | AutoRetrieve time of TV listings. Set at TV Home |
&tv-cable | &tv-cable; | Using cable TV? Set at TV Home |
&tv-antenna | &tv-antenna; | Using TV antenna? Set at TV Home |
&tv-satellite | &tv-satellite; | Using satellite system? Set at TV Home |
&CODE: | ACTIVATED | DESCRIPTION |
&sat-nfo-rid | &sat-nfo-rid; | reveiver ID |
&sat-nfo-cid | &sat-nfo-cid; | smartcard ID |
&CODE: | ACTIVATED | DESCRIPTION |
&brdre | &brdre; | ? |
&mod | &mod; | This is supposed to be Last Modified Date, but always says 1969 |
&legalese | &legalese; | Either "invisible" or left blank. Have no idea what this does. |
&ext-videoin | &ext-videoin; | Extension video inputs? |
&size | &size; | ? |