home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
Group 42-Sells Out! - The Information Archive
/
Group 42 Sells Out (Group 42) (1996).iso
/
anarchy
/
mfraud.txt
< prev
next >
Wrap
Text File
|
1995-11-30
|
34KB
|
633 lines
Mobile Fraud
DEDICATION
~~~~~~~~~~
I would like to dedicate this to the memory of Scantronics, which as the
logon said, was definantly 'The last of a dying breed'. In early May /<ludge
got a visit from authorities who took all his gear, except his printer (oh,
how thoughtful). You see, our enemies have finally realized one of the weaker
links in the H/P society... The distribution of information. By hitting all of
the worthwhile boards, they can make it harder and harder to learn and swap
ideas. Well, there isn't too much we can do about it, except start talking
with people one-on-one, and get a 'verbal network' going. This is pretty much
all we can do. Our Enemy is taking steps towards eradication of our chosen
hobby, and we must take steps to prevent it's distruction. Well, enough with
the lecture, on with the file, and keep good thoughts for /<ludge...
INTRODUCTION
~~~~~~~~~~~~
Ah yes, here I am again, writing like there's no tommorow, but even if there
was, who the hell would want it? Anyways... I've been just doing my own thing
for the past couple months, let tax time go by, and decided I needed to give
some more of my helpful insight to the world. Ok, this file is about the
closest thing to a hacking file as you'll probably see me write (especially
since hacking isn't my forte and I know many people out there who are better
at it than me (See Digital Hitler, I admitted that you're better, and in public
no less!)). Ah well, this covers those wonderful UHF Mobile telephones that
are out and about... Not Cellular mind you, but UHF Mobile. I will go into
detail on the Zetron series of Repeater Computers, which seem to be the most
common.
ME, YOU, AND THE REPEATER
~~~~~~~~~~~~~~~~~~~~~~~~~
What you will be accessing is the repeaters in your local area. Most large
cities have at very least 5, and some have upwards of 15. Now each repeater
usually is accessable throughout the city, although they get better reception
in certain areas. Soo, once you estabish the region that works best for you,
that will be the target repeater. Now, when you dial the repeater, you will
get another tone, much like a PBX, where you are supposed to enter the extension
of the mobile phone you wish to reach. Remember that each repeater is
independant, so you will need to program yourself on all the ones you wish to
use. Also, choose one as your base channel, usually the one that is in the
region you will be around the most, and program this one for ringing capab-
ilities. One of the real benifits of this is you can set up multiple extentions
on each repeater, and have tons of phone numbers and extensions.
You can also access the voice paging feature, and capture a voice mail box.
This is accomplished by simply assigning yourself a 5-tone pager id, and then
finding the phone number of the VMB that corresponds to it. This is especially
nice when you don't necessarily want people to realize where you are, or when
you want to call screen losers.
HACKING THE ZETRON
~~~~~~~~~~~~~~~~~~
Here's the big joke of this... The 'hacking' process. The admin extension
is usually 7 digits, and usually starts with 000. Now that's still quite a
few possibilities, right? Nope, the shitty designers of this system made it
so when you enter a incorrect number it gives you that wrong tone. So say
the password is 0004311, when you call up, you enter 0, no tone? Enter 0 again.
Still no tone? Enter 0 a third time. No tone again. Now enter 0 a fourth
time. Ding-dong... Wrong tone. Now just repeat the first three, and try 1
for the fourth, and so on. Basic. And once you're in, there are no other
passwords... Boy these people sure are security concious.
THE SUPREME MENU
~~~~~~~~~~~~~~~~
Here's a 'flow-chart' of the menu structure for most Zetron-series repeaters.
I include the main and sub-menus, and also all the possible selections for each
command. Now remember, the system is hot-key, and you can type '!' anywhere
in it to get back to the main menu. It's formatted a little past 80 columns
since it is more useful printed and I wanted it even-looking. Here we go...
[S]YSTEM --+--- [C]OR -------+-------0P. Polarity active high Yes/No
| +-------0H. Hold time (*100ms) 0-50
| +-------0Q. Quiet time (*100ms) 0-100
| +-------0M. Mob Tx-to-Rx time (*100ms) 0-20
| +-------0A. Mob act time (*sec) 15-255
| +-------0V. COR validation active high Yes/No
| +-------0B. Channel busy active high Yes/No
|
+--- [A]CCESS ------+----- S. Sign-on mode 0-2
| +----- D. DTMF timeout (*100ms) 30-250
| +----- R. Min. regenerated digits 1-15
| +----- U. Phone-to-mobile use ANI Yes/No
| +----- M. Mobile-to-mobile use ANI Yes/No
| +----- P. #+ANI disconnect Yes/No
| +----- C. Dial click decode mode 0-3
|
+--- [H] DISPATCH ---+---- H. Repeater Hold Time (*100ms) 0-250
| +----0S. CTCSS Hold Time (*100ms) 1-30
| +----0T. Timeout (*min) 1-10
| +----0I. Hog Idle Time (*sec) 1-25
| +----0L. Hog Limit Time (*min) 1-99
| +----0P. Hog Penalty Time (*10sec) 1-250
| +----0R. Dispatch ID Rate (*min) 1-99
| +----0D. CTCSS for dispatch Yes/No
| +----0O. Courtesy tone Yes/No
| +----0M. Stuck Mic ID Yes/No
|
+--- [P]AGING ----+-------0D. Keyup delay (*25ms) 0-200
| +-------0T. Talk time (*sec) 5-25
| +-------0V. Vox hold time (*100ms) 0-50
|
+--- STATION [I]D ----+---0M. Mode 0-3
| +---0I. Interval (*min) 1-99
| +---0S. Call sign (chrs) CCCC###
|
+--- AUTO[D]IALS ---+-----01. (chrs) 0-16 chars
| +-----02. (chrs) 0-16 chars
| +-----03. (chrs) 0-16 chars
| +-----04. (chrs) 0-16 chars
| +-----05. (chrs) 0-16 chars
| +-----06. (chrs) 0-16 chars
| +-----07. (chrs) 0-16 chars
| +-----08. (chrs) 0-16 chars
| +-----09. (chrs) 0-16 chars
|
+--- [V] TOLL RESTRICT -+-01. Max toll digits 1 1-30
| +-02. 1st digit restrict 1 (chrs) 0-4 chars
| +-03. 2nd digit restrict 1 (chrs) 0-4 chars
| +-04. Max toll digits 2 1-30
| +-05. 1st digit restrict 2 (chrs) 0-4 chars
| +-06. 2nd digit restrict 2 (chrs) 0-4 chars
|
+--- [T]ELCO CONTROL --+--01. Call limit timer-1 (*min) 1-60
| +--02. Call limit timer-2 (*min) 1-60
| +--03. Channel ringouts-1 1-25
| +--04. Channel ringouts-2 1-25
| +--0O. Delay before dialout (*100ms) 5-100
| +--0D. Disconnect on 2nd dialtone Yes/No
| +--0M. Dialout mode 0-3
| +--0V. Override dispatch Yes/No
|
+--- LINE [1] SETTING --+-0A. Rings until answer 1-20
| +-0D. Channel busy rings 1-25
| +-0M. Answer mode 0-2
| +-0U. Auto call user 0-99
|
+--- LINE [2] SETTING --+-0A. Rings until answer 1-20
| +-0D. Channel busy rings 1-25
| +-0M. Answer mode 0-2
| +-0U. Auto call user 0-99
| +-0P. Priority override Yes/No
|
+--- [L]OCAL PHONE ---+---0D. Channel busy rings 1-25
| +---0M. Answer mode 0-1
| +---0U. Auto call user 0-99
|
+--- [M]ISCELLANEOUS --+--0D. Courtesy tone duration (*25ms) 1-10
+--0F. Courtesy tone frequency (*10Hz) 35-100
+--0A. Automatic gain (AGC) on Yes/No
+--0H. High pass filter on Yes/No
+--0S. CTCSS add-in Yes/No
+--0R. ANI for system relays (chrs) 1-8 chars
+--01. User relay 1 mode 0-4
+--02. User relay 2 mode 0-4
+--0B. Run modem at 300 baud Yes/No
[U]SERS ---+---0[A]CCESS -------+----0U. User range 1-325
| +----0E. User enabled Yes/No
| +----0M. Mobile-to-phone Yes/No
| +----0P. Phone-to-mobile Yes/No
| +----0B. Mobile-to-mobile Yes/No
| +----0H. Dispatch Yes/No
| +----0C. COR to answer Yes/No
| +----0S. * to answer Yes/No
| +----0D. # to disconnect Yes/No
| +----0F. Fast ANI required Yes/No
| +----0L. Line select Yes/No
| +----02. Line 2 default Yes/No
| +----0A. Autodial mode 0-15
|
+--- [O]PERATION -----+---0U. User range 1-325
| +---0E. User enabled Yes/No
| +---0Q. Equipment type 0-4
| +---0N. Number of ringouts mode 1-2
| +---0S. Ringout style 0-7
| +---0O. Courtesy tone Yes/No
| +---0X. Full-duplex mobile Yes/No
| +---0P. Privacy Yes/No
| +---0M. Call timer mode 0-2
| +---0T. Toll mode 0-2
| +---0D. DTMF thru Yes/No
| +---0F. Page format 0-5
| +---0C. Tone/code drop mode 0-2
| +---01. Enable relay 1 Yes/No
| +---02. Enable relay 2 Yes/No
|
00 +--- [S]PECIFIC ----+-----0U. Current user 1-325
| +-----0E. User enabled Yes/No
| +-----0A. ANI code (chrs) 0-8 chars
| +-----0F. Page format 0-5
| +-----0P. Page code (chrs) (Above #)
| +-----0X. Tx tone/code 0-38
| +-----0R. Rx tone/code 0-38
|
+--- [T]ONE DISPATCH -+--- U. Current user 1-325
| +---0E. Enabled Yes/No
| +---0R. Reserved Yes/No
| +---0X. Tx tone/code 0-38
| +---0T. Tone in tail Yes/No
| +---0V. Privacy Yes/No
| +---0O. Courtesy tone Yes/No
| +---0H. Hog Mode Yes/No
| +---0M. Morse ID (chrs)
|
00 +--- [L]IST ------+-------0U. User range 1-325
+-------0A. List ANI users Yes/No
+-------0T. List tone dispatch users Yes/No
SUPER[V]ISOR +- A. Program mode ANI (chrs) 1-7 chars
00 +- N. Supervisor user number 0-99
00 +- S. Reset system programming Yes/No
00 +- D. Reset dispatch programming Yes/No
00 +- U. Reset ANI user programming Yes/No
00 +- M. Logon message 0-34 chars
00 +- L. List system programming Yes/No
[A]CCOUNTING +-0M. Minimum call time (*sec) 0-180
00 +- U. User range 1-325
00 +- 2. List ANI accumulated Yes/No
00 +- 1. Clear ANI accumulated Yes/No
00 +- 4. List tone dispatch accumulated Yes/No
00 +- 3. Clear tone dispatch accumulated Yes/No
[T]EST ----+---0A. Tone 1 frequency (*10Hz) 35-100
00 +--- B. Tone 2 frequency (*10Hz) 35-100
00 +--- 1. Single tone (=Telco:1,Tx:2) 0-2
00 +--- 2. Dual tone (=Telco:1,Tx:2) 0-2
00 +--- 3. CTCSS tone (=Tone) 0-38
00 +--- 4. Emphasis (=Off,On) Yes/No
00 +--- H. Hybrid adjust (=Off,On) Yes/No
00 +--- D. DTMF/Click detect (=Telco:1,Rx:2) 0-2
00 +--- C. COR detect Yes/No
00 +--- K. Click calibrate Yes/No
00 +--- S. Sense line states Yes/No
00 +--- T. CTCSS Decode Yes/No
00 +--- M. Memory Yes/No
[O]PTIONS --------- Lists the Tone and Normal Users
[E]XIT ------------ Hangs up the modem
PROGRAMMING THE SYSTEM
~~~~~~~~~~~~~~~~~~~~~~
Ok, Here's a default settings buffer for the system, and I will explain what
each thing means in the next section, so read and absorbe...
SYSTEM PROGRAMMING FOR phone # (repeater name) AS OF date
COR MENU
P. Polarity active high = Yes
H. Hold time (*100ms) = 1
Q. Quiet time (*100ms) = 50
M. Mob Tx-to-Rx time (*100ms) = 2
A. Mob act time (*sec) = 32
V. COR validation active high = Yes
B. Channel busy active high = No
ACCESS MENU
S. Sign-on mode = 0
D. DTMF timeout (*100ms) = 50
R. Min. regenerated digits = 7
U. Phone-to-mobile use ANI = Yes
M. Mobile-to-mobile use ANI = Yes
P. #+ANI disconnect = Yes
C. Dial click decode mode = 0
DISPATCH MENU
H. Repeater Hold Time (*100ms) = 30
S. CTCSS Hold Time (*100ms) = 8
T. Timeout (*min) = 3
I. Hog Idle Time (*sec) = 5
L. Hog Limit Time (*min) = 5
P. Hog Penalty Time (*10sec) = 30
R. Dispatch ID Rate (*min) = 15
D. CTCSS for dispatch = Yes
O. Courtesy tone = No
M. Stuck Mic ID = Yes
PAGING MENU
D. Keyup delay (*25ms) = 40
T. Talk time (*sec) = 10
V. Vox hold time (*100ms) = 1
STATION ID MENU
M. Mode = 2
I. Interval (*min) = 15
S. Call sign (chrs) = xxxxxxx
AUTODIALS MENU
1. (chrs) =
2. (chrs) =
3. (chrs) =
4. (chrs) =
5. (chrs) =
6. (chrs) =
7. (chrs) =
8. (chrs) =
9. (chrs) =
TOLL RESTRICT MENU
1. Max toll digits 1 = 15
2. 1st digit restrict 1 (chrs) = 1111
3. 2nd digit restrict 1 (chrs) = 0000
4. Max toll digits 2 = 7
5. 1st digit restrict 2 (chrs) = 00
6. 2nd digit restrict 2 (chrs) = 00
TELCO CONTROL MENU
1. Call limit timer-1 (*min) = 3
2. Call limit timer-2 (*min) = 3
3. Channel ringouts-1 = 4
4. Channel ringouts-2 = 4
O. Delay before dialout (*100ms) = 20
D. Disconnect on 2nd dialtone = Yes
M. Dialout mode = 1
V. Override dispatch = No
LINE 1 MENU
A. Rings until answer = 2
D. Channel busy rings = 6
M. Answer mode = 1
U. Auto call user = 0
LINE 2 MENU
A. Rings until answer = 2
D. Channel busy rings = 6
M. Answer mode = 1
U. Auto call user = 1
P. Priority override = No
LOCAL PHONE MENU
D. Channel busy rings = 6
M. Answer mode = 1
U. Auto call user = 0
MISCELLANEOUS MENU
D. Courtesy tone duration (*25ms) = 3
F. Courtesy tone frequency (*10Hz) = 54
A. Automatic gain (AGC) on = No
H. High pass filter on = Yes
S. CTCSS add-in = No
R. ANI for system relays (chrs) = *1
1. User relay 1 mode = 0
2. User relay 2 mode = 0
B. Run modem at 300 baud = Yes
** End of list **
IMPORTANT COMMANDS TO KNOW
~~~~~~~~~~~~~~~~~~~~~~~~~~
Ok, Now I'll discuss some of the more necessary commands, and what they do.
Most of the others are pretty easy to figure out, or are not necessary. The
only really useful area is in the TOLL RESTRICT, TELCO CONTROL, and menus.
The system is usually split into two different systems, although on MOST they
only use one of them. So, what you want to do is configure the [2] settings
for you, and leave the [1] settings untouched (so they are not aware of the
usage.
You will want to change the following in the TOLL RESTRICT menu:
4. Max toll digits 2 = 20 (Amount of numbers)
5. 1st digit restrict 2 (chrs) = (Non-allowed first digit)
6. 2nd digit restrict 2 (chrs) = (Non-allowed second digit)
This will allow you to call oversears or special numbers with no hassle.
Next in the TELCO CONTROL menu:
2. Call limit timer-2 (*min) = 99 (The Maximum call time)
4. Channel ringouts-2 = 9 (Number of rings before
giving up)
This will configure your phone to allow 99 minutes per call, and let you
ring someone nine times.
Make sure not to edit anything within the STATION ID menu, since this will
bring the FCC down on the operators head, and we don't want the repeater to
get shut down.
Also, if you were wondering what they do if they find out that you're in the
system, well, that's easy. They disable the phone modem and enable the packet
one, so only people with HAM setups are able to call up and alter information.
This is a little extreme, but most of the time it will happen if you're billing
an enormous amount of calls to it, or taking up a massive amount of airtime
(and neglecting to cover it up).
VIEWING USER INFORMATION
~~~~~~~~~~~~~~~~~~~~~~~~
This is one of the nicer and more useful functions of the system, this way
you can get a complete listing of all the repeater users, and what services
they have available.
Here's a list of the most common (and most important abbreviations used in
the user list...
A = Privacy B = User enabled C = * to Answer
D = # to disconnect E = DTMF thru F = Number of ringouts mode
K = Call timer mode P = Mobile-to-phone Q = Phone-to-mobile
R = Mobile-to-Mobile U = Toll mode
PRIVACY means whenever you speak, the repeater will transmit a beeping sound,
so anyone listening will only be able to hear the person you call. USER ENABLED
is self explanitory, * TO ANSWER means you will only need to dial '*' to answer
calls, instead of '*' plus your ANI. # to disconnect is the same an answer, but
to cancel a call. DTMF thru means the repeater will allow DTMF tones to be
transmitted. NUMBER OF RINGOUTS MODE is which phone callout mode you have (set
this to [2], your custom callout setting). P,Q,and R all pretty much are the
same, allowing users to call from on to the other. TOLL MODE is another you
set to [2], altering from the default toll settings.
Ok, and now here's what the user printout looks like. USR is the actual user
number, the letters A-X correspond to the above list, ANI is the extension
number, RX is the recieve tone, TX is the transmit tone, TYPE is the type of
paging service, and PAGE is their 5 tone sub-audible...
Model xx (xxxxxxx)
Usr Programming ANI Rx Tx Type Page
--- ABCDEFGHIJKLMNOPQRSTUVWX -------- ---- ---- ------ --------
1 nYYnY100nn1nnnnYYYnn200n D 0 0 *None*
2 nYYnY100nn1nnnnYYYnn200n 1000 2 2 *None*
3 nYYnY100nn1nnnnYYYnn200n D 3 3 *None*
4 YYYnY100nn1nnnnYYYnn200n 1001 4 4 *None*
5 nYnnY100nn1nnnnYYYnn200n 1002 5 5 *None*
6 nYYYY100nn1nnnnYYYnn200n 1003 6 6 *None*
7 nnYnY100nn1nnnnYYYnn200n D 7 7 *None*
8 nYYnY200nn1nnnnYYYnn200n 1004 8 8 *None*
9 nYYYY100nn1nnnnYYYnn200n 1005 9 9 *None*
10 nYYYY100nn1nnnnYYYnn200n 1006 10 10 *None*
11 nnYYY100nn1nnnnYYYnn200n D 0 0 *None*
12 nYYYY100nn1nnnnYYYnn200n 1007 12 12 *None*
13 YYYnY100nn1nnnnYYYnn200n 1008 13 13 *None*
14 nnYYY100nn1nnnnYYYnn200n D 14 14 *None*
15 nnYYY100nn1nnnnYYYnn200n D 0 0 *None*
16 nYYYY100nn1nnnnYYYnn200n 1009 16 0 2 Tone 12345
17 nnYYY100nn1nnnnYYYnn200n D 17 17 *None*
18 nnYYY100nn1nnnnYYYnn200n D 18 0 *None*
19 nYYYY100nn1nnnnYYYnn200n 1010 19 19 *None*
20 nYYYY100nn1nnnnYYYnn200n D 20 20 *None*
21 nnYYY100nn1nnnnYYYnn200n D 0 0 *None*
** End of list **
The ANI is what people calling you need to dial (i.e. your extension), and
the number you need to dial in order to make calls out. The best way to use
this is to just piggy-back someones existing account. They definantly won't
complain when they get all the wonderful features, and then that also leaves
a very obvious (and innocent) scapegoat... My favorite kind.
The tone userlist is a little different than the mobile users... This is
mainly for pagers that happen to be using the same repeater, although that is
highly uncommon. Here it is...
TONE DISPATCH LIST FOR xxx-xxxx (xxxxxxxxx)
Model xx (xxxxxxx)
Usr Programming Out Tone ID
------ ABCDEFG -------------------------
1 nnnnnnn 1
2 nnnnnnn 2
3 nnnnnnn 3
4 nnnnnnn 4
5 nnnnnnn 5
6 nnnnnnn 6
7 nnnnnnn 7
8 nnnnnnn 8
9 nnnnnnn 9
10 nnnnnnn 10
11 nnnnnnn 11
12 nnnnnnn 12
13 nnnnnnn 13
14 nnnnnnn 14
15 nnnnnnn 15
16 nnnnnnn 16
17 nnnnnnn 17
18 nnnnnnn 18
19 nnnnnnn 19
20 nnnnnnn 20
21 nnnnnnn 21
** End of list **
There has never been any configured on any of the systems I've been on, so
I can't really tell you too much about the configuration information, although
that would lead me to believe that the feature isn't very exciting.
THE CALLER LOG... THE ENEMY
~~~~~~~~~~~~~~~~~~~~~~~~~~~
Unfortunantly, as with everything in life, there's always a snag... The
caller log, although in this case it just takes a little extra effort to trick
the ever present enemy. Every space means there were some accounts inbetween
the used accounts that are deactivated. Here's what the log looks like...
CALLER LOG FOR xxx-xxxx (xxxxxxxxx)
User 6 01:22:30 87 Access(es)
User 12 00:37:02 48 Access(es)
User 13 00:27:01 40 Access(es)
User 16 00:23:56 49 Access(es)
User 19 00:28:26 33 Access(es)
User 21 00:11:18 14 Access(es)
** End of list **
On the surface this may appear to be fairly useless, but there is something
to be feared here. Many of the companies take it upon themselves to total the
time used, and then divide by the number of accesses. Now what this tells them
is the average call length... And if you're making 45 minute calls, this is
going to boost the call time just a LITTLE past 3 minutes, then all they do is
the same thing on a user by user basis and wala, they know whose account you're
on.
It only takes a little bit of extra effort to cancel this out though. Just
place a shitload of small calls, like 10 secs, and one of those for every 2 or
3 minutes you've used on your long call. This safely masks your using of the
system, as long as you aren't calling Alliance or making LD calls.
It is true that you can zero this list in the accounting menu, and that's
another way you can get around it, although this alerts them as to there is
either someone else on the system (and they're trying to hid something), or that
there is some sort of problem with the system, and they either try to fix what
is not wrong, or give up and write off the problem (and this is what you hope).
For those who wish to have all the reference, here's the Tone Dispatch Log...
TONE DISPATCH LOG FOR xxx-xxxx (xxxxxxxxxxxxx)
User 1 00:07:53
User 2 00:13:53
User 3 00:23:14
User 4 00:01:23
User 5 00:13:09
User 6 00:02:04
User 7 00:05:14
User 8 00:01:00
User 10 00:03:43
User 11 00:00:02
User 12 00:42:40
User 13 00:02:07
User 15 00:00:03
User 16 00:15:46
User 17 00:01:22
User 18 00:14:22
User 19 00:01:34
User 20 00:01:55
User 21 00:00:33
** End of list **
FREQUENCIES
~~~~~~~~~~~
Here's the technical description of the frequencies they use:
405-425, 440-460, 450-470 (in 12.5kHz steps)
Now since this even though this isn't dual-synchronis, is does use two
freqencies per channel. Now, is the first frequency was 405.000kHz, the sister
frequency would be 405.900kHz. Pretty basic, eh? The second frequency (your
transmit one) is always 0.900 kHz above the recieve. Usually you can call up
your local mobile phone company and find out their repeater frequencies... Hell,
several have faxed me complete listings and their effective range, I sure do
love companies with great customer service!
The tones which are used by the repeaters (both audible and subaudible) are
FCC regulated, so they are a standard... Meaning the repeaters tone 13 will
be the same as the Yaesu's tone 13. For more information on the tones, simply
go to your local library and see what the government has regulated for your
area.
CAN YOU SAY... YAESU?
~~~~~~~~~~~~~~~~~~~~~
Now there are many different manufactures of UHF phones out there, but the
one I would recommend over Motorola and Maxon would be Yaesu. They started
out as a pro equiptment dealer only, selling some of the best HAM radio gear
around, then about 2 years ago they entered into the commercial market. Now
they heave several handheld units available, but I would recommend above all
the others the FTH-7008. It sells for around $500 (but who's paying? (Refer to
Carding, My Way series)), and has a Priority Channel, Scan, Hi/Lo Power settings,
Auto-Squelch, and 15 channels (not crystals, but synthesis). Now, you will also
need the FTT-4DT (make SURE it's the 4DT not just the 4, because otherwise it
won't work). Now the FTT-4DT is a DTMF pad which goes on the unit between the
battery and the body, you can easily do the instilation yourself, and the unit
runs around $280.
Now what this gives you above and beyond the keypad is a squelch which will
only turn off when it recieves a certain 2-tone combination or a 5-tone sub-
audible. These are used to make the unit either ring for an incoming call, or
to respond when a page comes through.
Now here's the beauty of Yaesu. Your dealer can AND WILL sell you the
software and hardware necessary to program it yourself. It runs around $80
and is for the IBM XT or better. This drives the FCC CRAZY and gives you TOTAL
power... Now all you need to do is hack into the repeater and wala... Phone
service.
USES AND ABUSES
~~~~~~~~~~~~~~~
Now here's the payoff... Not only can you make calls out, long distance or
otherwise, and not have to worry about being billed or located, but you can
recieve calls in an almost totally secure way. Now you must keep in mind that
this is only half duplex, so the modem is out of the picture, but for voice
communication, from anywhere in you city and most likely ajacent cities, this
is the best thing since sliced bread! Now you can assign yourself as many
different extensions as you want, and I would recommmend changing them fairly
frequently. Also try to be away from home and/or on the move when calling,
since this will reduce the chances of being located if they should somehow
become suspicious. About the only way they will is if you do bill long distance
numbers to the Repeater, or if you dominate the airtime on it.
Once a month the owner of the repeater goes out on sight and gets a usage
log. Usually calls are limited to 3 minutes, so the average call is 2 minutes.
Now, if you're dominating the system, the average call is going to be quite
alot more than 3 mins, and he's going to know something strange is going on.
Of course, all he can do is change the password, and we all know how 'secure'
that is... hehe.
Now there are also companies (real bastard ones, who deserve to be fucked)
that run mobile like it was cellular, and charge minutely. Now these guys are
EASY to fuck with, since you can create yourself an account, take it off the
minutely billing cycle, and just don't make LD calls, only recieve calls... Wala
now you have a RADICAL phone, which will most likely never be discovered (mine
hasn't been for close to 4 months, and boy is it nice!).
Now one note on this... Usually it isn't the cops who deal with this, it's
the FCC, and believe it or not, they actually do get the job done fairly well.
But this by no means says it's dangerous... On the offical Vindicator Danger
scale this only rates a 3... And even lower if you're cautious.