home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
Hackers Underworld 2: Forbidden Knowledge
/
Hackers Underworld 2: Forbidden Knowledge.iso
/
PHREAK
/
PKMANUAL.1
< prev
next >
Wrap
Text File
|
1994-07-17
|
92KB
|
2,300 lines
The Official Phreaker's Manual
The Official Phreaker's Manual V1.1
Updated 2/14/87
Compiled, Wordprocessed, and Distributed by:
The Jammer
and
Jack the Ripper
Page 1
The Official Phreaker's Manual
Introduction
What precedes this introduction is what I have termed "The Official
Phreakers Manual", while it may not be. Many times I have been on a BBS, which
has files claiming to have summed up all the ways to phreak in the U.S. and
abroad, well those were pretty lame and a couple pages long. Now after many
relentless hours of work, I have done it. This is an informative file and the
authors of this and the authors from which I have gathered information, take
absolutely NO responsibility and are not liable for, under any circumstances
for damage, direct, indirect, incidental, or consequential.
Warning: Use of this material may shorten your life in the free world!
Ok enough of the bullshit, I readily admit that this is mainly a compilation
of available phreak material and public resources. What I have done is to
gather it all together and edit, compile, check for errors, put in a readable
form, and finally to write what I know without echoing what others have said.
I have set this up that it is good for all levels of phreaks, going from novice
to advanced, and references and tables for easy reference in the back.
This manual is constantly being updated! If you have any contributions or
corrections or comments, please leave messages to me (Jack the Ripper) on any
BBS's I am on (probably where you got it). Thanks!
Page 2
The Official Phreaker's Manual
**********************************************************************
Table of Contents
**********************************************************************
I....... 005 Chapter 1
I.1..... 006 Glossary of Phreaking terms
I.2..... 010 Glossary of Phreaking terms cont.
I.3..... 017 Boxes and Electronic Toll Fraud
I.4..... 020 How to be a Real Phreak
I.5..... 026 Basic Telecommunications I, A Phreaks guide
II...... 031 Chapter 2
II.1.... 033 Secrets of the Little Blue Box. Part 1
II.2.... 041 Secrets of the Little Blue Box. Part 2
II.3.... 050 Secrets of the Little Blue Box. Part 3
II.4.... 058 Secrets of the Little Blue Box. Part 4
II.5.... 062 The History of ESS
II.6.... 064 History of British Phreaking
II.7.... 067 Bad as Shit, an adventure story
III..... 069 Chapter 3
III.1... 070 Phreaking Cosmos
III.2... 072 Cosmos Revamped
III.3... 073 Telenet
III.4... 075 Phreaking AT&T Cards
III.5... 076 AT&T Forgery
III.6... 078 Dealing with Operators
III.7... 079 How to set up a Conference Call
III.8... 081 Fone tapping
III.9... 083 Fone tapping cont.
III.10.. 085 Tracing, how dangerous is it
III.11.. 086 How to avenge yourself
III.12.. 088 Interesting things to do on Step lines
III.13.. 089 Busted, An account of the Private Sector bust
IV...... 092 Chapter 4
IV.1.... 093 Basic Telecommunications II, Special #'s, Loops, Ani
IV.2.... 101 Basic Telecommunications III, Direct Dialing, International
IV.3.... 106 Basic Telecommunications IV, Telefone Hierarchy
IV.4.... 113 Basic Telecommunications V, Subscriber fone electronics
IV.5.... 120 Basic Telecommunications VI, Fortress fones
V....... 123 Chapter 5
V.1..... 124 Basic Telecommunications VII, Blue Boxing
V.2..... 132 Better Homes & Blue Boxing, Part 1
V.3..... 136 Better Homes & Blue Boxing, Part 2
V.4..... 141 Better Homes & Blue Boxing, Part 3
V.5..... 145 More on Blue Boxing by Fred Stienbeck
V.6..... 146 Verification, Remob, etc., Is it possible?
V.7..... 148 Equal Access and the American Dream, Another great article
V.8..... 160 Equal access and Autodialing Modems
V.9..... 161 ISDN, it will change telecommunications for ever
V.10.... 163 ISDN, an article from Proto
V.11.... 165 MCI Services what they are and how they are useful
Page 3
The Official Phreaker's Manual
**********************************************************************
Appendixes
**********************************************************************
Appendix I...... 170 Reference tables and access lists
Appendix I.1.... 171 Country Codes
Appendix I.2.... 173 Country Codes cont.
Appendix I.3.... 176 Country Codes cont.
Appendix I.4.... 181 Max Access ports (Dialups)
Appendix I.5.... 182 Metro Fone Access ports
Appendix I.6.... 183 Area Codes
Appendix I.7.... 185 Tac Dialups around the country
Appendix I.8.... 193 Test numbers around the country
Appendix I.9.... 196 What a TSPS operators console looks like
Appendix II..... 197 Box plans
Appendix II.1... 198 How to make an Infinity transmitter
Appendix II.2... 203 How to make a silver box
204 Protection Page
Page 4
The Official Phreaker's Manual
Chapter 1
Ok this chapter will cover the basic vocabulary of phreaking, it is a fairly
long list, though not totally complete. After the vocab, will be some of the
general rules for phreaking. Most of the rules are protection from the police
and AT&T, but others are grammatical rules. These are not as important to your
freedom, but many a phreak will think you are a twelve year old if you start
talking like, "Hey dudz!^$(&, just got the latest warez! trade u for some
soft/docs. Checkul8r". Well you get the point, here's your vocab list...
Page 5
The Official Phreaker's Manual
......................................................................
......................................................................
. The Bell Glossary - ..
. by ..
. /\<\ /\<\ ..
. </\>\>ad </\>\>arvin ..
......................................................................
......................................................................
ACD: Automatic Call Distributor - A system that automatically distributes calls
to operator pools (providing services such as intercept and directory
assistance), to airline ticket agents, etc.
Administration: The tasks of record-keeping, monitoring, rearranging,
prediction need for growth, etc.
AIS: Automatic Intercept System - A system employing an audio-response unit
under control of a processor to automatically provide pertinent info to callers
routed to intercept.
Alert: To indicate the existence of an incoming call, (ringing).
ANI: Automatic Number Identification - Often pronounced "Annie," a facility for
automatically identify the number of the calling party for charging purposes.
Appearance: A connection upon a network terminal, as in "the line has two
network appearances."
Attend: The operation of monitoring a line or an incoming trunk for off-hook or
seizure, respectively.
Audible: The subdued "image" of ringing transmitted to the calling party during
ringing; not derived from the actual ringing signal in later systems.
Backbone Route: The route made up of final-group trunks between end offices in
different regional center areas.
BHC: Busy Hour Calls - The number of calls placed in the busy hour.
Blocking: The ratio of unsuccessful to total attempts to use a facility;
expresses as a probability when computed a priority.
Blocking Network: A network that, under certain conditions, may be unable to
form a transmission path from one end of the network to the other. In general,
all networks used within the Bell Systems are of the blocking type.
Blue Box: Equipment used fraudulently to synthesize signals, gaining access to
the toll network for the placement of calls without charge.
BORSCHT Circuit: A name for the line circuit in the central office. It
functions as a mnemonic for the functions that must be performed by the
circuit: Battery, Overvoltage, Ringing, Supervision, Coding, Hybrid, and
Testing.
Busy Signal: (Called-line-busy) An audible signal which, in the Bell System,
comprises 480hz and 620hz interrupted at 60IPM.
Bylink: A special high-speed means used in crossbar equipment for routing calls
Page 6
The Official Phreaker's Manual
incoming from a step-by-step office. Trunks from such offices are often
referred to as "bylink" trunks even when incoming to noncrossbar offices; they
are more properly referred to as "dc incoming trunks." Such high-speed means
are necessary to assure that the first incoming pulse is not lost.
Cable Vault: The point which phone cable enters the Central Office building.
CAMA: Centralized Automatic Message Accounting - Pronounced like Alabama.
CCIS: Common Channel Interoffice Signaling - Signaling information for trunk
connections over a separate, nonspeech data link rather that over the trunks
themselves.
CCITT: International Telegraph and Telephone Consultative Committee- An
International committee that formulates plans and sets standards for
intercountry communication means.
CDO: Community Dial Office - A small usually rural office typically served by
step-by-step equipment.
CO: Central Office - Comprises a switching network and its control and support
equipment. Occasionally improperly used to mean "office code."
Centrex: A service comparable in features to PBX service but implemented with
some (Centrex CU) or all (Centrex CO) of the control in the central office. In
the later case, each station's loop connects to the central office.
Customer Loop: The wire pair connecting a customer's station to the central
office.
DDD: Direct Distance Dialing - Dialing without operator assistance over the
nationwide intertoll network.
Direct Trunk Group: A trunk group that is a direct connection between a given
originating and a given terminating office.
EOTT: End Office Toll Trunking - Trunking between end offices in different toll
center areas.
ESB: Emergency Service Bureau - A centralized agency to which 911 "universal"
emergency calls are routed.
ESS: Electronic Switching System - A generic term used to identify as a class,
stored-program switching systems such as the Bell System's No.1 No.2, No.3,
No.4, or No.5.
ETS: Electronic Translation Systems - An electronic replacement for the card
translator in 4A Crossbar systems. Makes use of the SPC 1A Processor.
False Start: An aborted dialing attempt.
Fast Busy: (often called reorder) - An audible busy signal interrupted at twice
the rate of the normal busy signal; sent to the originating station to indicate
that the call blocked due to busy equipment.
Final Trunk Group: The trunk group to which calls are routed when available
high-usage trunks overflow; these groups generally "home" on an office next
highest in the hierarchy.
Page 7
The Official Phreaker's Manual
Full Group: A trunk group that does not permit rerouting off-contingent foreign
traffic; there are seven such offices.
Glare: The situation that occurs when a two-way trunk is seized more or less
simultaneously at both ends.
High Usage Trunk Group: The appellation for a trunk group that has alternate
routes via other similar groups, and ultimately via a final trunk group to a
higher ranking office.
Intercept: The agency (usually an operator) to which calls are routed when made
to a line recently removed from a service, or in some other category requiring
explanation. Automated versions (ASI) with automatic voiceresponse units are
growing in use.
Interrupt: The interruption on a phone line to disconnect and connect with
another station, such as an Emergence Interrupt.
Junctor: A wire or circuit connection between networks in the same office. The
functional equivalent to an intraoffice trunk.
MF: Multifrequency - The method of signaling over a trunk making use of the
simultaneous application of two out of six possible frequencies.
NPA: Numbering Plan Area.
ONI: Operator Number Identification - The use of an operator in a CAMA office
to verbally obtain the calling number of a call originating in an office not
equipped with ANI.
PBX: Private Branch Exchange - (PABX: Private Automatic Branch Exchange) An
telephone office serving a private customer, Typically , access to the outside
telephone network is provided.
Permanent Signal: A sustained off-hook condition without activity (no dialing
or ringing or completed connection); such a condition tends to tie up
equipment, especially in earlier systems. Usually accidental, but sometimes
used intentionally by customers in high-crime-rate areas to thwart off
burglars.
POTS: Plain Old Telephone Service - Basic service with no extra "frills".
ROTL: Remote Office Test Line - A means for remotely testing trunks.
RTA: Remote Trunk Arrangement - An extension to the TSPS system permitting its
services to be provided up to 200 miles from the TSPS site.
SF: Single Frequency. A signaling method for trunks: 2600hz is impressed upon
idle trunks.
Supervise: To monitor the status of a call.
SxS: (Step-by-Step or Strowger switch) - An electromechanical office type
utilizing a gross-motion stepping switch as a combination network and
distributed control.
Talkoff: The phenomenon of accidental synthesis of a machine-intelligible
Page 8
The Official Phreaker's Manual
signal by human voice causing an unintended response. "whistling a tone".
Trunk: A path between central offices; in general 2-wire for interlocal, 4-wire
for intertoll.
TSPS: Traffic Service Position System - A system that provides, under stored-
program control, efficient operator assistance for toll calls. It does not
switch the customer, but provides a bridge connection to the operator.
X-bar: (Crossbar) - An electromechanical office type utilizing a "fine-motion"
coordinate switch and a multiplicity of central controls (called markers).
There are four varieties:
No.1 Crossbar: Used in large urban office application; (1938)
No 3 Crossbar: A small system started in (1974).
No.4A/4M Crossbar: A 4-wire toll machine; (1943).
No.5 Crossbar: A machine originally intended for relatively small
suburban applications; (1948)
Crossbar Tandem: A machine used for interlocal office switching.
Page 9
The Official Phreaker's Manual
============================================================
_ _ _______
| \/ | / _____/
|_||_|etal / /hop
__________/ /
/___________/
(314) 432-0756
Proudly Presents
The MCI Telecommunications Glossary
Part I Volume I (A - D)
Typed by Knight Lightning
============================================================
- A -
A & B LEADS: Designation of leads derived from the midpoints of the two 2-wire
pairs comprising a 4-wire circuit.
ABBREVIATED DIALING: The ability of a telephone user to reach frequently called
numbers by using less than seven digits. Synonym: Speed Dialing
ACCESS CHARGE: A fee paid for the use of local lines.
ACCESS CODE: A digit or number of digits required to be connected to a private
line arranged for dial access.
ACCESS LINE: A telephone circuit which connects a customer location to a
network switching center.
AIRLINE MILEAGE: Calculated point-to-point mileage between terminal
facilities.
ALL TRUNKS BUSY (ATB): A single tone interrupted at a 120 ipm (impulses per
minute) rate to indicate all lines or trunks in a routing group are busy.
ALTERNATE ROUTE: A secondary communications path used to reach a destination if
the primary path is unavailable.
ALTERNATE USE: The ability to switch communications facilities from one type of
service to another, i.e., voice to data, etc.
ALTERNATE VOICE DATA (AVD): A single transmission facility which can be used
for either voice or data.
AMERICAN STANDARD CODE
FOR INFORMATION INTERCHANGE
(ASCII): An 8 level code developed for the interchange of information between
data processing and communications systems.
ANALOG SIGNAL: A signal in the form of a continuous varying physical quantity,
e.g., voltage which reflects variations in some quantity, e.g., loudness in the
human voice.
Page 10
The Official Phreaker's Manual
ANNUNICATOR: An audible intercept device that states the condition or
restrictions associated with circuits or procedures.
ANSWER BACK: An electrical and/or visual indication to the calling or sending
end that the called or received station is on the line.
ANSWER SUPERVISION: An off-hook signal transmitted toward the calling end of a
switched connection when the called party answers.
AREA CODE: Synonym: Numbering Plan Area (NPA). A three digit number identifying
more than 150 geographic areas of the United States and Canada which permits
direct distance dialing on the telephone system. A similar global numbering
plan has been established for international subscriber dialing.
ATTENDANT POSITION: A telephone switchboard operator's position. It provides
either automatic (cordless) or manual (plug and jack) operator controls for
incoming and/or outgoing telephone calls.
ATTENUATION: A general term used to denote the decrease in power between that
transmitted and that received due to loss through equipment, lines, or other
transmission devices. It is usually expressed as a ration in db (decibel).
AUDIBLE RINGING TONE: An audible signal heard by the calling party during the
ringing-interval.
AUTHORIZATION CODE: An identification number that the caller enters when
placing a call which is used for billing purposes.
AUTHORIZED USER: A person, firm, organization, corporation or any other entity
authorized by the customer to send or receive communications over a specific
communications network.
AUTO ANSWER: A machine feature that allows a transmission control unit or
station to automatically respond to a call that it receives.
AUTOMATIC CALL
DISTRIBUTOR (ACD): A switching system designed to queue and/or distribute a
large volume of incoming calls to a group of attendants to the next available
"answering" position.
AUTOMATIC DIALING UNIT: A device which automatically generates a predetermined
set of dialing digits.
AUTOMATIC IDENTIFICATION
OF OUTWARD DIALING (AIOD): A computer generated report showing all long
distance calls placed over AT&T's toll network.
AUTOMATIC NUMBER
IDENTIFICATION (ANI): Automatic equipment at a local dial office used on
customer dialed calls to identify the calling-station.
AUTOMATIC ROUTE
SELECTION (ARS): Least cost routing via AT&T CENTREX system.
- B -
Page 11
The Official Phreaker's Manual
BAND: (1) The range of frequencies between two defined limits. (2) In reference
to WATS, one of the five specific geographic areas as defined by AT&T. Synonym:
BANDWIDTH.
BANDWIDTH: See BAND.
BASEBAND: The total frequency band occupied by the aggregate of all the voice
and data signals used to modulate a radio carrier.
BAUD: A unit of signaling speed. The speed in baud is the number of discrete
conditions conditions or signal elements per second. If each signal event
represents only one bit condition, then Baud is the same as bits per second.
When each signal event represents other than one bit, Baud does not equal bits
per second.
BELL OPERATING COMPANY
(BOC) /BELL SYSTEMS
OPERATING COMPANY (BSOC): Any of the 24 AT&T affiliated companies providing
local service.
BELL SYSTEM: The aggregate of AT&T's 24 associated telephone companies, Long
Lines, Western Electric, and Bell Labs.
BILLING NUMBER: The MCI term for the number which identifies a customer on a
billing location level, assigned to Network Service Customer (by COMS).
Assigned for each unique customer name and billing location. For internal use
only.
BINARY: A number system that uses only two characters ("0" and "1").
BIT: A binary digit. The smallest unit of coded information.
BITS PER SECOND (BPS): The rate at which data transmission is measured.
BLOCKED CALLS: Attempted calls that are not connected because (1) all lines to
the central offices are in use; or (2) all connecting connecting paths through
the PBX/switch are in use.
BLOCKED ANI: ANI prohibited from completing a call over the MCI network.
BREAK: A means of interrupting transmission, a momentary interruption of a
circuit.
BROADBAND: A transmission facility having a bandwidth of greater then 20 kHz.
BUS: A heavy conductor, or group of conductors, to which several units of the
same type of equipment may be connected.
BUSY: The condition in which facilities over which a call is to be connected
are already in use.
BUSY HOUR: The time of day when phone lines are most in demand.
BUSY TONE: A single that is interrupted at 60 ipm (impulses per minute) rate to
indicate that the terminal point of a call is already in use.
BYTE: A group of binary digits that are processed by a computer as a unit.
Page 12
The Official Phreaker's Manual
- C -
CARRIER: High frequency current that can be modulated with voice or digital
signals for bulk transmission via cable or radio circuits.
CARRIER SYSTEM: A system for providing several communications channels over a
single path.
CATHODE RAY TUBE (CRT): The "television-like" screen used to display the output
from a computer.
CELLULAR MOBILE RADIO: A system providing exchange telephone service to a
station located in an auto or other mobile vehicle, using radio circuits to a
base radio station which covers a specific geographical area and as the vehicle
moves from one area to another, different base radio stations handle the call.
CENTRAL OFFICE (CO): A telephone switching center that provides local access to
the public network. Sometimes referred to as: Class 5 office, end office, or
Local Dial Office.
CENTREX, CO: PBX Service provided by a switch located at the telephone company
central office.
CENTREX, CU: A variation on Centrex CO provided by a telephone company
maintained "Central Office" type switch located at the customer's premises.
CENTRAL PROCESSING UNIT
(CPU): The control unit within a computer which handles all the intelligent
functions of the systems. In a telephone switch, directs all potions of the
system to carry out their appropriate functions. Synonym: Common Control.
CHANNEL: A communication path via a carrier or microwave radio.
CHARACTER: Any letter, digit, or special symbol. In data transmission would be
represented by a specific code made up of a group of binary digits.
CIRCUIT: A path for the transmission of electromagnetic signals to include all
conditioning and signaling equipment. Synonym: Facility
CIRCUIT SWITCHING: A switching system that completes a dedicated transmission
path from sender to receiver at the time of transmission.
CLASS OF SERVICE/CLASS
MARK (COS): A subgrouping of telephone customers or users for the sake of rate
distinction or limitation of service.
COAXIAL CABLE: A cable having several coaxial lines under a single protective
sheath. Usually used as a high capacity carrier in urban areas between
interexchange and toll offices.
CODEC: Coder-Decoder. Used to convert analog signals to digital form for
transmission over a digital median and back again to the original analog form.
COMMON CARRIER: A government regulated private company that provides the
general public with telecommunications services and facilities.
Page 13
The Official Phreaker's Manual
COMMON CHANNEL INTEROFFICE
SIGNALING (CCIS): A digital technology used by AT&T to enhance their Integrated
Services Digital Network. It uses a separate data line to route interoffice
signals to provide faster call set-up and more efficient use of trunks.
COMMON CONTROL SWITCHING
ARRANGEMENT (CCSA): An arrangement for telecommunicationsnetworks in which
common controlled switching machines are used to route traffic over network
routes and access lines. The switching machine may be shared with other users
and is maintained by the telephone company.
COMPUTER PORT/TKI PORT: The interface through which the computer connects to
the communications circuit.
CONDITIONING EQUIPMENT: Equipment modifications or adjustments necessary to
match transmission levels and impedances and which equalizes transmission and
delay to bring circuit losses, levels, and distortion within established
standards.
CONFIGURATION: The combination of long-distance services and/or equipment that
make up a communications system.
CONTROL UNIT (CU): The central processor of a telephone switching device.
CORPORATE ID NUMBER: The MCI term for the number which identifies a customer on
a corporate level. (Not all MCI customers have this).
COST COMPONENT: The price of each type of long distance service and/or
equipment that constitutes a configuration.
COST PER HOUR (CPH): Total cost of different services divided by total holding
time (in minutes).
CROSS CONNECTION: The wire connections running between terminals on the two
sides of a distribution frame, or between binding posts in a terminal.
CROSS TALK: The unwanted energy (speech or tone) transferred from one circuit
to another circuit.
CUSTOMER OWNED AND
MAINTAINED (COAM): Customer provided communications apparatus, and their
associated wiring.
CUSTOMER
PREMISE EQUIPMENT (CPE): Telephone equipment, usually including wiring located
within the customer's part of a building.
CUT: To transfer a service from one facility to another.
CUT THROUGH: The establishment of a complete path for signaling and/or audio
communications.
- D -
DATA: Any representation, such as characters to which a meaning is assigned.
Page 14
The Official Phreaker's Manual
DATA COMMUNICATIONS: The movement of coded information by means of electronic
transmission systems.
DATA SET: A device which converts data into signals suitable for transmission
over communications lines.
DATA TERMINAL: A station in a system capable of sending and/or receiving data
signals.
DECIBEL (db): A unit of measurement represented as a ratio of two voltages,
currents or powers and is used to measure transmission loss or gain.
DELAY DIAL: A dialing configuration whereby local dial equipment will wait
until it receives the entire telephone number before seizing a circuit to
transmit the call.
DELTA MODULATION (DM): A variant of pulse code modulation whereby a code
representing the difference between the amplitude of a sample and t~he
amplitude of a previous one is sent. Operates well in the presence of noise,
but requires a wide frequency band.
DEMODULATION: The process of retrieving data from a modulated signal.
DIAL LEVEL: The selection of stations or services associated with a PBX using a
one to four digit code (e.g., dialing 9 for access to outside dial tone).
DIAL PULSING: The transmitting of telephone address signals by momentarily
opening a DC circuit a number of times corresponding to the decimal digit which
is dialed.
DIAL REPEATING TIE LINE/
DIAL REPEATING TIE TRUNK: A tie line which permits direct station to station
calling without use of the attendant.
DIAL SELECTIVE SIGNALING: A multipoint network in which the called party is
selected by a prearranged dialing code.
DIAL TONE: A tone indicating that automatic switching equipment is ready to
receive dial signals.
DIALING PLAN: A description of the dialing arrangements for customer use on a
networks.
DIGITAL: Referring to the use of digits to formulate and solve problems, or to
encode information.
DIMENSION CUSTOM
TELEPHONE SERVICE (DCTS): AT&T's electronically programmable telephone station
sets which use special buttons to access PBX features.
DIRECT
DISTANCE DIALING (DDD): A toll service that permits customers to dial their own
long distance call without the aid of an operator.
DIRECT
INWARD DIALING (DID): A PBX or CENTREX feature that allows a customer outside
the system to directly dial a station within the system.
Page 15
The Official Phreaker's Manual
DIRECT OUTWARD DIALING: A PBX or CENTREX feature that allows a station user to
gain direct access to an exchange network.
DROP: That direction of a circuit which looks towards the local operator.
DRY CIRCUIT: A circuit which transmits voice signals and carries no direct
current.
DUAL TONE
MULTI-FREQUENCY (DTMF): Also know as Touch Tone. A type of signaling which
emits two distinct frequencies for each indicated digit.
DUPLEX: Simultaneous two-way independent transmission.
DX SIGNALING: A long-range bidirectional signaling method using paths derived
from transmission cable pairs. It is based on a balanced and symmetrical
circuit that is identical at both ends. This circuit presents an E&M lead
interface to connecting circuits.
============================================================
This concludes Part 1 Volume I of the MCI Telecommunications Glossary. Look for
more G-philes from The MCI School of Telecommunications Management Reference
Guide coming soon.
This has been a 2600 Club production
Thanx to Taran King
============================================================
Page 16
The Official Phreaker's Manual
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
$ _______________________________ $
$ | | $
$ | ELECTRONIC TOLL FRAUD DEVICES | $
$ |_______________________________| $
$ $
$ $
$ TYPED AND UPLOADED BY: $
$ $
$$$$$$$$$$$$-=>LEX LUTHOR<=-$$$$$$$$$$$
$ $
$ $
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
THIS PHILE IS DESIGNED TO IDENTIFY VARIOUS KINDS OF ETF (ELECTRONIC TOLL
FRAUD) DEVICES AND TO DESCRIBE THEIR OPERATION, ACCORDING TO A BOOKLET PUT OUT
BY BELL ENTITLED: THE INVESTIGATION AND PROSECUTION OF ELECTRONIC TOLL FRAUD
DEVICES. (FOR OFFICIAL USE ONLY).
THERE ARE SEVERAL DIFFERENT TYPES OF ELECTRONIC EQUIPMENT WHICH MAY BE
GENERALLY CLASSIFIED AS ETF DEVICES. THE MOST SIGNIFICANT IS THE "BLUE BOX".
THE CHARACTERISTICS OF EACH TYPE OF DEVICE ARE DISCUSSED BELOW.
*BLUE BOX*
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
THE "BLUE BOX" WAS SO NAMED BECAUSE OF THE COLOR OF THE FIRST ONE FOUND. THE
DESIGN AND HARDWARE USED IN THE BLUE BOX IS FAIRLY SOPHISTICATED, AND ITS SIZE
VARIES FROM A LARGE PIECE OF APPARATUS TO A MINIATURIZED UNIT THAT IS
APPROXIMATELY THE SIZE OF A "KING SIZE" PACKAGE OF CIGARETTES. THE BLUE BOX
CONTAINS 12 OR 13 BUTTONS OR SWITCHES THAT EMIT MULTI-FREQUENCY TONES
CHARACTERISTIC OF THE TONES USED IN THE NORMAL OPERATION OF THE TELEPHONE TOLL
(LONG DISTANCE) SWITCHING NETWORK. THE BLUE BOX ENABLES ITS USER TO ORIGINATE
FRAUDULENT ("FREE") TOLL CALLS BY CIRCUMVENTING TOLL BILLING EQUIPMENT. THE
BLUE BOX MAY BE DIRECTLY CONNECTED TO A PHONE LINE, OR IT MAY BE ACOUSTICALLY
COUPLED TO A TELEPHONE HANDSET BY PLACING THE BLUE BOX'S SPEAKER NEXT TO THE
TRANSMITTER OR THE TELEPHONE HANDSET. THE OPERATION OF A BLUE BOX WILL BE
DISCUSSED IN MORE DETAIL BELOW.
TO UNDERSTAND THE NATURE OF A FRAUDULENT BLUE BOX CALL, IT IS NECESSARY TO
UNDERSTAND THE BASIC OPERATION OF THE DIRECT DISTANCE DIALING (DDD) TELEPHONE
NETWORK. WHEN A DDD CALL IS PROPERLY ORIGINATED, THE CALLING NUMBER IS
IDENTIFIED AS AN INTEGRAL PART OF ESTABLISHING THE CONNECTION. THIS MAY BE DONE
EITHER AUTOMATICALLY OR, IN SOME CASES, BY AN OPERATOR ASKING THE CALLING PARTY
FOR HIS TELEPHONE NUMBER.
THIS INFORMATION IS ENTERED ON A TAPE IN THE AUTOMATIC MESSAGE ACCOUNTING
(AMA) OFFICE. THIS TAPE ALSO CONTAINS THE NUMBER ASSIGNED TO THE TRUNK LINE
OVER WHICH THE CALL IS TO BE SENT. THE INFORMATION RELATING TO THE CALL
CONTAINED ON THE TAPE INCLUDES: CALLED NUMBER, CALLING NUMBER, TIME OF CALL.
THE TIME OF DISCONNECT AT THE END OF THE CALL IS ALSO RECORDED.
ALTHOUGH THE TAPE CONTAINS INFO WITH RESPECT TO MANY DIFFERENT CALLS, THE
VARIOUS DATA ENTRIES WITH RESPECT TO A SINGLE CALL ARE EVENTUALLY CORRELATED TO
PROVIDE BILLING INFO FOR USE BY YOUR BELL'S ACCOUNTING DEPARTMENT.
THE TYPICAL BLUE BOX USER USUALLY DIALS A NUMBER THAT WILL ROUTE THE CALL
INTO THE TELEPHONE NETWORK WITHOUT CHARGE. FOR EXAMPLE, THE USER WILL VERY
Page 17
The Official Phreaker's Manual
OFTEN CALL A WELL-KNOWN INWATS (TOLL-FREE) CUSTOMER'S NUMBER. THE BLUE BOX
USER, AFTER GAINING THIS ACCESS TO THE NETWORK AND, IN EFFECT, "SEIZING"
CONTROL AND COMPLETE DOMINION OVER THE LINE, OPERATES A KEY ON THE BLUE BOX
WHICH EMITS A 2600 HERTZ (CYCLES PER SECOND) TONE. THIS TONE CAUSES THE
SWITCHING EQUIPMENT TO RELEASE THE CONNECTION TO THE INWATS CUSTOMER'S LINE.
THE 2600HZ TONE IS A SIGNAL THAT THE CALLING PARTY HAS HUNG UP. THE BLUE BOX
SIMULATES THIS CONDITION. HOWEVER, IN FACT THE LOCAL TRUNK ON THE CALLING
PARTY'S END IS STILL CONNECTED TO THE TOLL NETWORK. THE BLUE BOX USER NOW
OPERATES THE "KP" (KEY PULSE) KEY ON THE BLUE BOX TO NOTIFY THE TOLL SWITCHING
EQUIPMENT THAT SWITCHING SIGNALS ARE ABOUT TO BE EMITTED. THE USER THEN PUSHES
THE "NUMBER" BUTTONS ON THE BLUE BOX CORRESPONDING TO THE TELEPHONE # BEING
CALLED. AFTER DOING SO HE/SHE OPERATES THE "ST" (START) KEY TO INDICATE TO THE
SWITCHING EQUIPMENT THAT SIGNALLING IS COMPLETE. IF THE CALL IS COMPLETED, ONLY
THE PORTION OF THE ORIGINAL CALL PRIOR TO THE EMISSION OF 2600HZ TONE IS
RECORDED ON THE AMA TAPE. THE TONES EMITTED BY THE BLUE BOX ARE NOT RECORDED ON
THE AMA TAPE. THEREFORE, BECAUSE THE ORIGINAL CALL TO THE INWATS # IS
TOLL-FREE, NO BILLING IS RENDERED IN CONNECTION WITH THE CALL.
ALTHOUGH THE ABOVE IS A DESCRIPTION OF A TYPICAL BLUE BOX OPERATION USING A
COMMON METHOD OF ENTRY INTO THE NETWORK, THE OPERATION OF A BLUE BOX MAY VARY
IN ANY ONE OR ALL OF THE FOLLOWING RESPECTS:
(A) THE BLUE BOX MAY INCLUDE A ROTARY DIAL TO APPLY THE 2600HZ TONE AND THE
SWITCHING SIGNALS. THIS TYPE OF BLUE BOX IS CALLED A "DIAL PULSER" OR "ROTARY
SF" BLUE BOX.
(B) ENTRANCE INTO THE DDD TOLL NETWORK MAY BE EFFECTED BY A PRETEXT CALL TO ANY
OTHER TOLL-FREE # SUCH AS UNIVERSAL DIRECTORY ASSISTANCE (555-1212) OR ANY # IN
THE INWATS NETWORK, EITHER INTER-STATE OR INTRA-STATE, WORKING OR NON-WORKING.
(C) ENTRANCE INTO THE DDD TOLL NETWORK MAY ALSO BE IN THE FORM OF "SHORT HAUL"
CALLING. A "SHORT HAUL" CALL IS A CALL TO ANY # WHICH WILL RESULT IN A LESSER
AMOUNT OF TOLL CHARGES THAN THE CHARGES FOR THE CALL TO BE COMPLETED BY THE
BLUE BOX. FOR EXAMPLE, A CALL TO BIRMINGHAM FROM ATLANTA MAY COST $.80 FOR THE
FIRST 3 MINUTES WHILE A CALL FROM ATLANTA TO LOS ANGELES IS $1.85 FOR 3
MINUTES. THUS, A SHORT HAUL, 3-MINUTE CALL TO BIRMINGHAM FROM ATLANTA, SWITCHED
BY USE OF A BLUE BOX TO LOS ANGELES, WOULD RESULT IN A NET FRAUD OF $2.65 FOR A
3 MINUTE CALL.
(D) A BLUE BOX MAY BE WIRED INTO THE TELEPHONE LINE OR ACOUSTICALLY CONNECTED
TO THE HANDSET. THE BLUE BOX MAY EVEN BE BUILT INSIDE A REGULAR TOUCH-TONE
PHONE, USING THE PHONE'S PUSH BUTTONS FOR THE BLUE BOX'S SIGNALLING TONES.
(E) A MAGNETIC TAPE RECORDING MAY BE USED TO RECORD THE BLUE BOX TONES
REPRESENTATIVE OF SPECIFIC PHONE #'S. SUCH A TAPE RECORDING COULD BE USED IN
LIEU OF
A BLUE BOX TO FRAUDULENTLY PLACE CALLS TO THE PHONE #'S RECORDED ON THE
MAGNETIC TAPE.
ALL BLUE BOXES, EXCEPT "DIAL PULSE" OR "ROTARY SF" BLUE BOXES, MUST HAVE
THE FOLLOWING 4 COMMON OPERATING CAPABILITIES:
(A) IT MUST HAVE SIGNALLING CAPABILITY IN THE FORM OF A 2600HZ TONE. THE TONE
IS USED BY THE TOLL NETWORK TO INDICATE, EITHER BY ITS PRESENCE OR ITS ABSENCE,
AN "ON HOOK" (IDLE) OR "OFF HOOK" (BUSY) CONDITION OF THE TRUNK.
(B) THE BLUE BOX MUST HAVE A "KP" TONES THAT UNLOCKS OR READIES THE
MULTI-FREQUENCY RECEIVER AT THE CALLED END TO RECEIVE THE TONES CORRESPONDING
TO THE CALLED PHONE #.
Page 18
The Official Phreaker's Manual
(C) THE TYPICAL BLUE BOX MUST BE ABLE TO EMIT MF TONES WHICH ARE USED TO
TRANSMIT PHONE #'S OVER THE TOLL NETWORK. EACH DIGIT OF A PHONE # IS
REPRESENTED BY A COMBINATION OF 2 TONES. FOR EXAMPLE, THE DIGIT 2 IS X-MITTED
BY A COMBINATION OF 700HZ AND 1100HZ.
(D) THE BLUE BOX MUST HAVE AN "ST" KEY WHICH CONSISTS OF A COMBINATION OF 2
TONES THAT TELL THE EQUIPMENT AT THE CALLED END THAT ALL DIGITS HAVE BEEN SENT
AND THAT THE EQUIPMENT SHOULD START SWITCHING THE CALL TO THE CALLED NUMBER.
THE "DIAL PULSER" OR "ROTARY SF" BLUE BOX REQUIRES ONLY A DIAL WITH A
SIGNALLING CAPABILITY TO PRODUCE A 2600HZ TONE.
*BLACK BOX*
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
THIS ETF DEVICE IS SO-NAMED BECAUSE OF THE COLOR OF THE FIRST ONE FOUND.
IT VARIES IN SIZE AND USUALLY HAS ONE OR TWO SWITCHES OR BUTTONS. ATTACHED TO
THE TELEPHONE LINE OF A CALLED PARTY, THE BLACK BOX PROVIDES TOLL-FREE CALLING
*TO* THAT PARTY'S LINE. A BLACK BOX USER INFORMS OTHER PERSONS BEFOREHAND THAT
THEY WILL NOT BE CHARGED FOR ANY CALL PLACED TO HIM. THE USER THEN OPERATES THE
DEVICE CAUSING A "NON-CHARGE" CONDITION ("NO ANSWER" OR "DISCONNECT") TO BE
RECORDED ON THE TELEPHONE COMPANY'S BILLING EQUIPMENT. A BLACK BOX IS
RELATIVELY SIMPLE TO CONSTRUCT AND IS MUCH LESS SOPHISTICATED THAN A BLUE BOX.
*CHEESE BOX*
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
ITS DESIGN MAY BE CRUDE OR VERY SOPHISTICATED. ITS SIZE VARIES; ONE WAS FOUND
THE SIZE OF A HALF-DOLLAR. A CHEESE BOX IS USED MOST OFTEN BY BOOKMAKERS OR
BETTERS TO PLACE WAGERS WITHOUT DETECTION FROM A REMOTE LOCATION. THE DEVICE
INTER-CONNECTS 2 PHONE LINES, EACH HAVING DIFFERENT #'S BUT EACH TERMINATING AT
THE SAME LOCATION. IN EFFECT, THERE ARE 2 PHONES AT THE SAME LOCATION WHICH ARE
LINKED TOGETHER THROUGH A CHEESE BOX. IT IS USUALLY FOUND IN AN UNOCCUPIED
APARTMENT CONNECTED TO A PHONE JACK OR CONNECTING BLOCK. THE BOOKMAKER, AT SOME
REMOTE LOCATION, DIALS ONE OF THE NUMBERS AND STAYS ON THE LINE. VARIOUS
BETTORS DIAL THE OTHER NUMBER BUT ARE AUTOMATICALLY CONNECTED WITH THE
BOOKMAKER BY MEANS OF THE CHEESE BOX INTER-CONNECTION. IF, IN ADDITION TO A
CHEESE BOX, A BLACK BOX IS INCLUDED IN THE ARRANGEMENT, THE COMBINED EQUIPMENT
WOULD PERMIT TOLL-FREE CALLING ON EITHER LINE TO THE OTHER LINE. IF A POLICE
RAID WERE CONDUCTED AT THE TERMINATING POINT OF THE CONVERSATIONS -THE LOCATION
OF THE CHEESE BOX- THERE WOULD BE NO EVIDENCE OF GAMBLING ACTIVITY. THIS DEVICE
IS SOMETIMES DIFFICULT TO IDENTIFY. LAW ENFORCEMENT OFFICIALS HAVE BEEN ADVISED
THAT WHEN UNUSUAL DEVICES ARE FOUND ASSOCIATED WITH TELEPHONE CONNECTIONS THE
PHONE COMPANY SECURITY REPRESENTATIVES SHOULD BE CONTACTED TO ASSIST IN
IDENTIFICATION. (THIS PROBABLY WOULD BE GOOD FOR A BBS , ESPECIALLY WITH THE
BLACK BOX SET UP. AND IF YOU EVER DECIDED TO TAKE THE BOARD DOWN, YOU WOULDN'T
HAVE TO CHANGE YOUR PHONE #. IT ALSO MAKES IT SO YOU YOURSELF CANNOT BE TRACED.
I AM NOT SURE ABOUT CALLING OUT FROM ONE THOUGH)
*RED BOX*
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
THIS DEVICE IT COUPLED ACOUSTICALLY TO THE HANDSET TRANSMITTER OF A
SINGLE-SLOT COIN TELEPHONE. THE DEVICE EMITS SIGNALS IDENTICAL TO THOSE TONES
EMITTED WHEN COINS ARE DEPOSITED. THUS, LOCAL OR TOLL CALLS MAY BE PLACED
WITHOUT THE ACTUAL DEPOSIT OF COINS.
Page 19
The Official Phreaker's Manual
/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/
/-/ /-/
/-/ Phreaker's /-/
/-/ PhunHouse /-/
/-/ /-/
/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/
/-/ By: /-/
/-/ The Traveler /-/
/-/ /-/
/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/
/-/ /-/
/-/ Call: /-/
/-/ Brainstorm BBS /-/
/-/ 612/345-2815 (300/1200) /-/
/-/ /-/
/-/ Little America /-/
/-/ 507/289-8211 (300) /-/
/-/ /-/
/-/ Tell 'em Traveler sent ya /-/
/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/
The long awaited prequil to Phreaker's Guide has finally arrived. Conceived
from the boredom and loneliness that could only be derived from: The Traveler!
But now, he has returned in full strength (after a small vacation) and is here
to 'World Premiere' the new files everywhere.
Stay cool. This is the prequil to the first one, so just relax. This is not
made to be an exclusive ultra elite file, so kinda calm down and watch in the
background if you are too cool for it...
/-/ Phreak Dictionary /-/
Here you will find some of the basic but necessary terms that should be known
by any phreak who wants to be respected at all...
Phreak [fr'eek]:1. The action of using mischevious and mostly illegal ways
in order to not pay for some sort of telecommunications bill, order, transfer,
or other service. It often involves usage of highly illegal boxes and machines
in order to defeat the security that is set up to avoid this sort of
happening.
[fr'eaking]. v. 2. A person who uses the above methods of destruction and
chaos in order to make a better life for all. A true phreaker will not not go
against his fellows or narc on people who have ragged on him or do anything
termed to be dishonorable to phreaks.
[fr'eek]. n. 3. A certain code or dialup useful in the action of being a
phreak. (Example: "I hacked a new metro phreak last night.")
Switching System
[Swich'ing sis'tem]: 1. There are 3 main switching systems currently employed
in the US, and a few other systems will be mentioned as background.
A) SxS: This system was invented in 1918 and was employed in over half of the
country until 1978. It is a very basic system that is a general waste of energy
and hard work on the linesman. A good way to identify this is that it requires
a coin in the phone booth before it will give you a dial tone, or that no call
waiting, call forwarding, or any other such service is available. Stands for:
Step by Step
B) XB: This switching system was first employed in 1978 in order to take care
of most of the faults of SxS switching. Not only is it more efficient, but it
Page 20
The Official Phreaker's Manual
also can support different services in various forms. XB1 is Crossbar Version
1. That is very limited and is hard to distinguish from SxS except by direct
view of the wiring involved. Next up was XB4, Crossbar Version 4. With this
system, some of the basic things like DTMF that were not available with SxS can
be accomplished. For the final stroke of XB, XB5 was created. This is a service
that can allow DTMF plus most 800 type services (which were not always
available...) Stands for: Crossbar.
C) ESS: A nightmare in telecom. In vivid color, ESS is a pretty bad thing to
have to stand up to. It is quite simple to identify. Dialing 911 for
emergencies, and ANI [see ANI below] are the most common facets of the dread
system. ESS has the capability to list in a person's caller log what number was
called, how long the call took, and even the status of the conversation (modem
or otherwise.) Since ESS has been employed, which has been very recently, it
has gone through many kinds of revisions. The latest system to date is ESS 11a,
that is employed in Washington D.C. for security reasons. ESS is truly trouble
for any phreak, because it is 'smarter' than the other systems. For instance,
if on your caller log they saw 50 calls to 1-800-421-9438, they would be able
to do a CN/A [see Loopholes below] on your number and determine whether you are
subscribed to that service or not. This makes most calls a hazard, because
although 800 numbers appear to be free, they are recorded on your caller log
and then right before you receive your bill it deletes the billings for them.
But before that they are open to inspection, which is one reason why extended
use of any code is dangerous under ESS. Some of the boxes [see Boxing below]
are unable to function in ESS. It is generally a menace to the true phreak.
Stands For: Electronic Switching System. because they could appear on a filter
somewhere or maybe it is just nice to know them any ways.
A) SSS: Strowger Switching System. First non-operator system
available.
B) WES: Western Electronics Switching. Used about 40 years ago
with some minor places out west.
Boxing [Boks'-ing]: 1) The use of personally designed boxes that emit or
cancel electronical impulses that allow simpler acting while phreaking. Through
the use of separate boxes, you can accomplish most feats possible with or
without the control of an operator.
2) Some boxes and their functions are listed below. Ones
marked with '*' indicate that they are not operatable in ESS.
*Black Box: Makes it seem to the phone company that the phone was never
picked up.
Blue Box: Emits a 2600hz tone that allows you to do such things as stack
a trunk line, kick the operator off line, and others.
Red Box: Simulates the noise of a quarter, nickel, or dime being
dropped into a payphone.
Cheese Box: Turns your home phone into a pay phone to throw off traces (a
red box is usually needed in order to call out.)
*Clear Box: Gives you a dial tone on some of the old SxS payphones without
putting in a coin.
Beige Box: A simpler produced linesman's handset that allows you to tap
into phone lines and extract by eavesdropping, or crossing wires, etc.
Purple Box: Makes all calls made out from your house seem to be local
calls.
ANI [ANI]: 1) Automatic Number Identification. A service available on ESS
that allows a phone service [see Dialups below] to record the number that any
certain code was dialed from along with the number that was called and print
Page 21
The Official Phreaker's Manual
both of these on the customer bill. 950 dialups [see Dialups below] are all
designed just to use ANI. Some of the services do not have the proper equipment
to read the ANI impulses yet, but it is impossible to see which is which
without being busted or not busted first.
Dialups
[dy'l'ups]: 1) Any local or 800 extended outlet that allows instant access to
any service such as MCI, Sprint, or AT&T that from there can be used by
handpicking or using a program to reveal other peoples codes which can then be
used moderately until they find out about it and you must switch to another
code (preferably before they find out about it.)
2) Dialups are extremely common on both senses. Some dialups
reveal the company that operates them as soon as you hear the tone. Others are
much harder and some you may never be able to identify. A small list of
dialups:
1-800-421-9438 (5 digit codes)
1-800-547-6754 (6 digit codes)
1-800-345-0008 (6 digit codes)
1-800-734-3478 (6 digit codes)
1-800-222-2255 (5 digit codes)
3) Codes: Codes are very easily accessed procedures when you call
a dialup. They will give you some sort of tone. If the tone does not end in 3
seconds, then punch in the code and immediately following the code, the number
you are dialing but strike the '1' in the beginning out first. If the tone does
end, then punch in the code when the tone ends. Then, it will give you another
tone. Punch in the number you are dialing, or a '9'. If you punch in a '9' and
the tone stops, then you messed up a little. If you punch in a tone and the
tone continues, then simply dial then number you are calling without the '1'.
4) All codes are not universal. The only type that I know of that
is truly universal is Metrophone. Almost every major city has a local Metro
dialup (for Philadelphia, (215)351-0100/0126) and since the codes are
universal, almost every phreak has used them once or twice. They do not employ
ANI in any outlets that I know of, so feel free to check through your books and
call 555-1212 or, as a more devious manor, subscribe yourself. Then, never use
your own code. That way, if they check up on you due to your caller log, they
can usually find out that you are subscribed. Not only that but you could set a
phreak hacker around that area and just let it hack away, since they usually
group them, and, as a bonus, you will have their local dialup.
5) 950's. They seem like a perfectly cool phreakers dream. They
are free from your house, from payphones, from everywhere, and they host all of
the major long distance companies (950-1044 <MCI>, 950-1077 <Sprint>, 950-1088
<Skylines>, 950-1033 <Us Telecom>.) Well, they aren't. They were designed for
ANI. That is the point, end of discussion.
A phreak dictionary. If you remember all of the things contained on that file
up there, you may have a better chance of doing whatever it is you do. This
next section is maybe a little more interesting...
Blue Box Plans:
---------------
These are some blue box plans, but first, be warned, there have been 2600hz
tone detectors out on operator trunk lines since XB4. The idea behind it is to
use a 2600hz tone for a few very naughty functions that can really make your
day lighten up. But first, here are the plans, or the heart of the file:
==============================================
700 : 1 : 2 : 4 : 7 : 11 :
900 : + : 3 : 5 : 8 : 12 :
Page 22
The Official Phreaker's Manual
1100 : + : + : 6 : 9 : KP :
1300 : + : + : + : 10 : KP2 :
1500 : + : + : + : + : ST :
: 700 : 900 :1100 :1300 :1500 :
==============================================
Stop! Before you diehard users start piecing those little tone tidbits
together, there is a simpler method. If you have an Apple-Cat with a program
like Cat's Meow IV, then you can generate the necessary tones, the 2600hz tone,
the KP tone, the KP2 tone, and the ST tone through the dial section. So if you
have that I will assume you can boot it up and it works, and I'll do you the
favor of telling you and the other users what to do with the blue box now that
you have somehow constructed it.
The connection to an operator is one of the most well known and used ways of
having fun with your blue box. You simply dial a TSPS (Traffic Service
Positioning Station, or the operator you get when you dial '0') and blow a
2600hz tone through the line. Watch out! Do not dial this direct! After you
have done that, it is quite simple to have fun with it. Blow a KP tone to start
a call, a ST tone to stop it, and a 2600hz tone to hang up. Once you have
connected to it, here are some fun numbers to call with it:
0-700-456-1000 Teleconference (free, because you are the operator!)
(Area code)-101 Toll Switching
(Area code)-121 Local Operator (hehe)
(Area code)-131 Information
(Area code)-141 Rate & Route
(Area code)-181 Coin Refund Operator
(Area code)-11511 Conference operator (when you dial 800-544-6363)
Well, those were the tone matrix controllers for the blue box and some other
helpful stuff to help you to start out with. But those are only the functions
with the operator. There are other k-fun things you can do with it...
More advanced Blue Box Stuff:
Oops. Small mistake up there. I forgot tone lengths. Um, you blow a tone
pair out for up to 1/10 of a second with another 1/10 second for silence
between the digits. KP tones should be sent for 2/10 of a second. One way to
confuse the 2600hz traps is to send pink noise over the channel (for all of you
that have decent BSR equalizers, there is major pink noise in there...)
Using the operator functions is the use of the 'inward' trunk line. That is
working it from the inside. From the 'outward' trunk, you can do such things as
make emergency breakthrough calls, tap into lines, busy all of the lines in any
trunk (called 'stacking'), enable or disable the TSPS's, and for some 4a
systems you can even re-route calls to anywhere.
All right. The one thing that every complete phreak guide should not be
without is blue box plans, since they were once a vital part of phreaking.
Another thing that every complete file needs is a complete listing of all of
the 800 numbers around so you can have some more fun.
/-/ 800 Dialup Listings /-/
1-800-345-0008 (6) 1-800-547-6754 (6)
1-800-245-4890 (4) 1-800-327-9136 (4)
1-800-526-5305 (8) 1-800-858-9000 (3)
1-800-437-9895 (7) 1-800-245-7508 (5)
1-800-343-1844 (4) 1-800-322-1415 (6)
1-800-437-3478 (6) 1-800-325-7222 (6)
Page 23
The Official Phreaker's Manual
All right, set Cat Hacker 1.0 on those numbers and have a fuck of a day. That
is enough with 800 codes, by the time this gets around to you I dunno what
state those codes will be in, but try them all out anyways and see what you
get. On some 800 services now, they have an operator who will answer and ask
you for your code, and then your name. Some will switch back and forth between
voice and tone verification, you can never be quite sure which you will be up
against.
Armed with this knowledge you should be having a pretty good time phreaking
now. But class isn't over yet, there are still a couple important rules that
you should know. If you hear continual clicking on the line, then you should
assume that an operator is messing with something, maybe even listening in on
you. It is a good idea to call someone back when the phone starts doing that.
If you were using a code, use a different code and/or service to call him
back.
A good way to detect if a code has gone bad or not is to listen when the
number has been dialed. If the code is bad you will probably hear the phone
ringing more clearly and more quickly than if you were using a different code.
If someone answers voice to it then you can immediately assume that it is an
operative for whatever company you are using. The famed '311311' code for Metro
is one of those. You would have to be quite stupid to actually respond, because
whoever you ask for the operator will always say 'He's not in right now, can I
have him call you back?' and then they will ask for your name and phone number.
Some of the more sophisticated companies will actually give you a carrier on a
line that is supposed to give you a carrier and then just have garbage flow
across the screen like it would with a bad connection. That is a feeble effort
to make you think that the code is still working and maybe get you to dial
someone's voice... a good test for the carrier trick is to dial a number that
will give you a carrier that you have never dialed with that code before, that
will allow you to determine whether the code is good or not.
For our next section, a lighter look at some of the things that a phreak
should not be without. A vocabulary. A few months ago, it was a quite strange
world for the modem people out there. But now, a phreaker's vocabulary is
essential if you wanna make a good impression on people when you post what you
know about certain subjects.
/-/ Vocabulary /-/
- Do not misspell except certain exceptions:
phone -> fone
freak -> phreak
- Never substitute 'z's for 's's. (i.e. codez -> codes)
- Never leave many characters after a post (i.e. Hey Dudes!#!@#@!#!@)
- NEVER use the 'k' prefix (k-kool, k-rad, k-whatever)
- Do not abbreviate. (I got lotsa wares w/ docs)
- Never substitute '0' for 'o' (r0dent, l0zer).
- Forget about ye old upper case, it looks ruggyish.
All right, that was to relieve the tension of what is being drilled into your
minds at the moment.. now, however, back to the teaching course. Here are some
things you should know about phones and billings for phones, etc.
LATA: Local Access Transference Area. Some people who live in large cities or
areas may be plagued by this problem. For instance, let's say you live in the
215 area code under the 542 prefix (Ambler, Fort Washington). If you went to
dial in a basic Metro code from that area, for instance, 351-0100, that might
not be counted under unlimited local calling because it is out of your LATA.
For some LATA's, you have to dial a '1' without the area code before you can
dial the phone number. That could prove a hassle for us all if you didn't
Page 24
The Official Phreaker's Manual
realize you would be billed for that sort of call. In that way, sometimes, it
is better to be safe than sorry and phreak.
The Caller Log: In ESS regions, for every household around, the phone company
has something on you called a Caller Log. This shows every single number that
you dialed, and things can be arranged so it showed every number that was
calling to you. That's one main disadvantage of ESS, it is mostly computerized
so a number scan could be done like that quite easily. Using a dialup is an
easy way to screw that, and is something worth remembering. Anyways, with the
caller log, they check up and see what you dialed. Hmm... you dialed 15
different 800 numbers that month. Soon they find that you are subscribed to
none of those companies. But that is not the only thing. Most people would
imagine "But wait! 800 numbers don't show up on my phone bill!". To those
people, it is a nice thought, but 800 numbers are picked up on the caller log
until right before they are sent off to you. So they can check right up on you
before they send it away and can note the fact that you fucked up slightly and
called one too many 800 lines.
Right now, after all of that, you should have a pretty good idea of how to grow
up as a good phreak. Follow these guidelines, don't show off, and don't take
unnecessary risks when phreaking or hacking.
File Level:5
/-/ Credits /-/
To The Videosmith- for setting me straight on some shit.
To The Linesman- for telling me to upload it to his AE line.
To Modern Mutant- for making me into a phreaking freak.
To Jack the Nibbler- for the basis of the blue box plans.
By using your new k-koool (hehe) phreaking knowledge, call a couple of these
BBS's around the country:
/---------------------------------\
| Bulletin Board List |
| --------------------- |
| 215/844-8836 |
| 7 Cities of Gold (3/12) 10megs |
| 307/382-4006 |
| Brainstorm BBS (3/12) |
| 612/345-2815 |
| Metal Shop (3/12) |
| 314/432-0756 |
\---------------------------------/
Stay free! And watch out soon for Deep Thought, somewhere in 215, that will be
a nice BBS that Ace of Spades and I will run. You will be the first to find out
about it, trust me...
Later,
The Traveler
Zer0-g
Page 25
The Official Phreaker's Manual
************ << BIOC AGENT 003'S COURSE IN >> ************
* *
* $%$%$%$%$%$%$%$%$%$%$%$%$%$%$%$%$ *
* %$ BASIC TELECOMMUNICATIONS $% *
* $%$%$%$%$%$%$%$%$%$%$%$%$%$%$%$%$ *
* PART I *
* *
**********************************************************
HOW TO BE A REAL PHREAK
<><><><><><><><><><><><><><><><><><><><><><><><><><><><><>
IN THE PHONE PHREAK SOCIETY THERE ARE CERTAIN VALUES THAT EXIST IN ORDER TO
BE A TRUE PHREAK, THESE ARE BEST SUMMED UP BY THE MAGICIAN:
"MANY PEOPLE THINK OF PHONE PHREAKS AS SLIME, OUT TO RIP OFF BELL FOR
ALL SHE IS WORTH. NOTHING COULD BE FURTHER FROM THE TRUTH! GRANTED, THERE ARE
SOME WHO GET THEIR KICKS BY MAKING FREE CALLS; HOWEVER, THEY ARE NOT TRUE PHONE
PHREAKS. REAL PHONE PHREAKS ARE 'TELECOMMUNICATIONS HOBBYISTS' WHO EXPERIMENT,
PLAY WITH AND LEARN FROM THE PHONE SYSTEM. OCCASIONALLY THIS EXPERIMENTING, AND
A NEED TO COMMUNICATE WITH OTHER PHREAKS ( WITH-OUT GOING BROKE), LEADS TO FREE
CALLS. THE FREE CALLS ARE BUT A SMALL SUBSET OF A TRUE PHONE PHREAKS
ACTIVITIES."
THE PHONE PHREAK'S TEN COMMANDMENTS
<><><><><><><><><><><><><><><><><><><><><><><><><><><><><><>
REPRINTED FROM TAP ISSUE #86. (TAP, ROOM 603, 147 W 42 STREET, NEW YORK, NY
10036) SEND A SASE FOR THEIR INFO SHEET AND TELL THEM THAT BIOC AGENT 003 TOLD
YOU ABOUT IT.)
I. BOX THOU NOT OVER THINE HOME TELEPHONE WIRES, FOR THOSE WHO DOEST MUST
SURELY BRING THE WRATH OF THE CHIEF SPECIAL AGENT DOWN UPON THY HEADS.
II. SPEAKEST THOU NOT OF IMPORTANT MATTERS OVER THINE HOME TELEPHONE WIRES,
FOR TO DO SO IS TO RISK THINE RIGHT OF FREEDOM.
III. USE NOT THINE OWN NAME WHEN SPEAKING TO OTHER PHREAKS, FOR THAT EVERY
THIRD PHREAK IS AN FBI AGENT IS WELL KNOWN.
IV. LET NOT OVERLY MANY PEOPLE KNOW THAT THY BE A PHREAK, AS TO DO SO IS TO
USE THINE OWN SELF AS A SACRIFICIAL LAMB.
V. IF THOU BE IN SCHOOL, STRIVE TO GET THIN SELF GOOD GRADES, FOR THE
AUTHORITIES WELL KNOW THAT SCHOLARS NEVER BREAK THE LAW.
VI. IF THOU WORKEST, TRY TO BE A EMPLOYEE, AND IMPRESSEST THINE BOSS WITH
THINE ENTHUSIASM, FOR IMPORTANT EMPLOYEES ARE OFTEN SAVED BY THEIR OWN BOSSES.
VII. STOREST THOU NOT THINE STOLEN GOODS IN THINE OWN HOME, FOR THOSE WHO DO
ARE SURELY NON-BELIEVERS IN THE BELL SYSTEM SECURITY FORCES, AND ARE NOT LONG
FOR THIS WORLD.
VIII. ATTRACTEST THOU NOT THE ATTENTION OF THE AUTHORITIES, AS THE LESS
NOTICEABLE THOU ART, THE BETTER.
Page 26
The Official Phreaker's Manual
IX. MAKEST SURE THINE FRIENDS ARE INSTANT AMNESIACS AND WILL NOT REMEMBER
THAT THOU HAVE CALLED ILLEGALLY, FOR THEIR COOPERATION WITH THE AUTHORITIES
WILL SURELY LESSEN THINE TIME FOR FREEDOM ON THIS EARTH.
X. SUPPORTEST THOU TAP, AS IT IS THINE NEWSLETTER, AND WITHOUT IT, THY WORK
WILL BE FAR MORE LIMITED.
CN/A NUMBERS
<><><><><><><><><><><><><><><><><><><><><><><><><><><><><><>
CUSTOMER NAME & ADDRESS BUREAUS EXIST SO THAT AUTHORIZED BELL EMPLOYEES MAY
OBTAIN THE NAME & ADDRESS OF ANY CUSTOMER IN THE BELL SYSTEM BY GIVING THE CN/A
OPERATOR THE CUSTOMER'S TEL-#. ALL CUSTOMERS ARE MAINTAINED ON FILE INCLUDING
UNLISTED #'S. THESE BUREAUS HAVE MANY USES FOR PHREAKS.
HERE IS HOW AN EMPLOYEE MIGHT GO ABOUT CALLING CN/A:
"HI, THIS IS JOHN DOE FROM THE MIAMI RESIDENTIAL SERVICE CENTER, CAN I HAVE THE
CUSTOMERS NAME AT (123) 555-1212."
THE EMPLOYEES USUALLY USE THESE FOR CHECKING WHO BELONGS TO A # THAT
SOMEONE CLAIMED THEY DIDN'T CALL.IF YOU SOUND CHEERY AND NATURAL THE OPERATOR
WILL NEVER ASK ANY QUESTIONS. IF YOU DON'T SOUND LIKE A MATURE ADULT, DON'T USE
IT! ALWAYS PRACTICE FIRST & SO YOU DON'T SCREW UP AND MAKE THE OPERATOR
SUSPICIOUS. USE NAME THAT SOUNDS REAL, NOT YOUR PIRATE NAME EITHER! ALSO SAY
THAT YOU ARE FRO A CITY THAT IS FAR AWAY FROM THE ONE THAT YOU ARE CALLING.
THE CN/A NUMBER FOR THE NY AREA & VICINITY (212, 315, 516, 518, 607, 716, &
914), IS 518/471-8111, AND IS OPEN DURING BUSINESS HOURS. DON'T ABUSE
IT!!!!!!!
AT&T NEWSLINES
<><><><><><><><><><><><><><><><><><><><><><><><><><><><><><>
AT&T NEWSLINES ARE NUMBERS AT AREA PHONE OFFICES THAT TELCO EMPLOYEES CALL
TO FIND OUT THE LATEST INFO ON NEW TECHNOLOGY, STOCKS, ETC. THE RECORDED
REPORTS RANGE FROM VERY BORING TO VERY INTERESTING.
HERE ARE A FEW OF THE NUMBERS:
*(201) 483-3800 NJ (518) 471-2272 NY
(203) 771-4920 CN (717) 255-5555 PA
(212) 393-2151 NY (717) 787-1031 PA
(516) 234-9941 NY *(914) 948-8100 NY
SOME OF THESE NUMBERS ARE TOLL-FREE, BUT YOU CAN'T ALWAYS COUNT ON IT.
* THESE NUMBERS ARE NOT ALWAYS UP!
NUMBERS FROM OTHER AREAS ARE AVAILABLE BY REQUEST FROM F)BIOC L)AGENT 003.
ANI NUMBERS
<><><><><><><><><><><><><><><><><><><><><><><><><><><><><><>
ANI NUMBERS IDENTIFY THE PHONE NUMBER THAT YOU ARE CALLING FROM. IT IS
USEFUL WHEN PLAYING IN CANS (THOSE BIG SILVER BOXES ON TELEPHONE POLES) TO FIND
OUT THE # OF THE LINE. IT IS ALSO GOOD TO FIND OUT THE # OF A PHONE THAT
DOESN'T HAVE IT PRINTED ON IT. IN THE 914 AREA CODE THE ANI # IS 990. IF YOU
JUST HAVE TO DIAL THE LAST 4 DIGITS FOR A LOCAL #, IE CONGERS (268), DIAL
1-990-1111, WHERE 1111 ARE DUMMY DIGITS THERE IS ALSO A LESS USEFUL TYPE OF
Page 27
The Official Phreaker's Manual
ANI# WHICH WILL IDENTIFY THE AREA CODE & EXCHANGE. IT IS NXX-9901, WHERE 'NXX'
IS THE EXCHANGE. IN THE 212 & 516 AREA CODES THE ANI # IS 958.
PHREAK NEWSLETTER
<><><><><><><><><><><><><><><><><><><><><><><><><><><><><><>
TAP IS THE "OFFICIAL" PHONE PHREAK NEWSLETTER, AND HAS EXISTED SINCE 1971.
EACH 4 PAGE ISSUE IS CRAMMED FULL OF INFORMATION ON PHONE PHREAKING, COMPUTER
PHREAKING, FREE GAS, FREE ELECTRICITY, FREE POSTAGE, BREAKING & ENTERING INFO,
ETC. IT IS LARGELY PHONE PHREAK ORIENTED, HOWEVER.
A 10 ISSUE SUBSCRIPTION COSTS $8.00, IF YOU GET A BULK RATE SEALED ENVELOPE
SUBSCRIPTION. I WOULD RECOMMEND THE FIRST CLASS SUBSCRIPTION, WHICH IS $10.
AS OF THIS WRITING (7-16-83), THE CURRENT ISSUE IS #86, AND ISSUE #50 IS 8
PAGES INSTEAD OF THE USUAL 4. BACK ISSUES ARE $0.75 EACH, AND ISSUE #50 IS
$1.50. A BRIEF INDEX TO THE FIRST 80 ISSUES IS AVAILABLE FOR A SASE, OR FREE
WITH A SUBSCRIPTION ORDER. TAP IS NON-PROFIT, AND IN DESPERATE NEED OF MATERIAL
(ARTICLES), MONEY, AND VOLUNTEERS.
TAP
ROOM 603
147 WEST 42ND STREET
NEW YORK, NY 10036
BELIEVE ME: IT WILL BE THE BEST $10 YOU WILL EVER SPEND...
BLACK BOX
<><><><><><><><><><><><><><><><><><><><><><><><><><><><><><>
THE BLACK BOX IS A DEVICE THAT ATTACHED TO A CALLED PARTIES PHONE
THAT ALLOWS HIM/HER TO RECEIVE FREE LONG DISTANCE CALLS FROM FRIENDS WHO
CALL.
YOU ONLY NEED 2 PARTS: A SPST TOGGLE SWITCH AND A 10,000 OHM (10 K),
1/2 WATT, 10% RESISTOR. ANY ELECTRONICS PLACE SHOULD HAVE THESE.
NOW, CUT TWO PIECES OF WIRE, ABOUT 6 INCHES, AND ATTACH THESE TO THE TWO
SCREWS ON THE SWITCH. TURN YOUR NORMAL DDSIDE DOWN AND UNSCREW THE 2 SCREWS.
LOCATE THE "F" AND "RR" SCREWS ON THE NETWORK BOX. WRAP THE RESISTOR BETWEEN
THESE 2 SCREWS AND MAKE SURE THAT THE WIRES TOUCH ONLY THE PROPER TERMINALS!
NOW CONNECT ONE WIRE FROM THE SWITCH TO THE RR TERMINAL. FINALLY, ATTACH THE
REMAINING WIRE TO THE GREEN WIRE (DISCONNECT IT FROM ITS TERMINAL). NOW BRING
THE SWITCH OUT THE REAR OF THE PHONE AND CLOSE IT UP. PUT THE SWITCH IN A
POSITION WHERE YOU GET A DIAL TONE, MARK THIS NORMAL. MARK THE OTHER SIDE
FREE.
WHEN YOUR FRIENDS CALL (AT A PREARRANGED TIME), QUICKLY LIFT & DROP THE
RECEIVER AS FAST AS POSSIBLE. THIS WILL STOP THE RINGING, IF NOT TRY AGAIN. IT
IS VERY IMPORTANT THAT YOU DO IT FAST! NOW PUT THE SWITCH IN THE FREE POSITION
AND PICK UP THE PHONE. KEEP ALL CALLS SHORT & UNDER 15 MINUTES.
WHEN SOMEONE CALLS YOU LONG-DISTANCE, THEY ARE BILLED FROM THE MOMENT YOU
ANSWER. THE TELCO KNOWS WHEN YOU ANSWER DUE TO A CERTAIN AMOUNT OF VOLTAGE THAT
FLOWS WHEN YOU PICK UP THE PHONE. HOWEVER, THE RESISTOR CUTS DOWN ON THE
VOLTAGE SO IT IS BELOW THE BILLING RANGE BUT SUFFICIENT ENOUGH TO OPERATE THE
MOUTHPIECE. ANSWERING THE PHONE FOR A FRACTION OF A SECOND STOPS THE RING BUT
IT IS NOT ENOUGH FOR BILLING TO START. IF THE PHONE IS ANSWERED FOR EVEN ONE
Page 28
The Official Phreaker's Manual
FULL SECOND, BILLING WILL START AND YOU WILL BE CUT OFF WHEN YOU HANG UP AND
SWITCH TO FREE.
WARNING: BELL CAN RANDOMLY LOOK FOR BLACK BOXES SO BE CAREFUL!
_____________________________________
| |
---BLUE WIRE-->>F< |
| | | |
--WHITE WIRE---/ | |
| | |
| RESISTOR |
| | |
| | |
| >RR<-------SWITCH--\ |
| | |
----GREEN WIRE--------------------/ |
| |
|_____________________________________|
DIAL LOCKS
<><><><><><><><><><><><><><><><><><><><><><><><><><><><><><>
HAVE YOU EVER BEEN IN AN OFFICE OR SOMEWHERE AND WANTED TO MAKE A FREE FONE
CALL BUT SOME ASSHOLE PUT A LOCK ON THE FONE TO PREVENT OUT-GOING CALLS? FRET
NO MORE PHELLOW PHREAKS, FOR EVERY SYSTEM CAN BE BEATEN WITH A LITTLE
KNOWLEDGE!
THERE ARE TWO WAYS TO BEAT THIS OBSTACLE, FIRST PICK THE LOCK, I DON'T HAVE
THE TIME TO TEACH LOCKSMITHING SO WE GO TO THE SECOND METHOD WHICH TAKES
ADVANTAGE OF TELEPHONE ELECTRONICS.
TO BE AS SIMPLE AS POSSIBLE, WHEN YOU PICK UP THE FONE YOU COMPLETE A
CIRCUIT KNOW AS A LOCAL LOOP. WHEN YOU HANG-UP YOU BREAK THE CIRCUIT. WHEN
YOU DIAL (PULSE) IT ALSO BREAKS THE CIRCUIT BUT NOT LONG ENOUGH TO HANG UP! SO
YOU CAN "PUSH-DIAL." TO DO THIS YOU >>> RAPIDLY <<< DEPRESS THE SWITCHHOOK.
FOR EXAMPLE, TO DIAL AN OPERATOR (AND THEN GIVE HER THE NUMBER YOU WANT CALLED)
>>> RAPIDLY <<< & >>> EVENLY <<< DEPRESS THE SWITCHHOOK 10 TIMES. TO DIAL
634-1268, DEPRESS 6 X'S PAUSE, THEN 3 X'S, PAUSE, THEN 4X'S, ETC. IT TAKES A
LITTLE PRACTICE BUT YOU'LL GET THE HANG OF IT. TRY PRACTICING WITH YOUR OWN #
SO YOU'LL GET A BUSY TONE WHEN RIGHT. IT'LL ALSO WORK ON TOUCH-TONE(TM) SINCE
A DTMF LINE WILL ALSO ACCEPT PULSE. ALSO, NEVER DEPRESS THE SWITCHHOOK FOR
MORE THAN A SECOND OR IT'LL HANG-UP!
FINALLY, REMEMBER THAT YOU HAVE JUST AS MUCH RIGHT TO THAT FONE AS THE
ASSHOLE WHO PUT THE LOCK ON IT!
EXCHANGE SCANNING
<><><><><><><><><><><><><><><><><><><><><><><><><><><><><><>
ALMOST EVERY EXCHANGE IN THE BELL SYSTEM HAS TEST #'S AND OTHER "GOODIES"
SUCH AS LOOPS WITH DIAL-UPS. THESE "GOODIES" ARE USUALLY FOUND BETWEEN 9900 AND
9999 IN YOUR LOCAL EXCHANGE. IF YOU HAVE THE TIME AND INITIATIVE, SCAN YOUR
EXCHANGE AND YOU MAY BECOME LUCKY!
HERE ARE MY FINDINGS IN THE 914-268 EXCHANGE:
Page 29
The Official Phreaker's Manual
9900 - ANI (SEE SEPARATE BULLETIN)
9901 - ANI (SEE SEPARATE BULLETIN)
9927 - OSC. TONE (POSSIBLE TONE SIDE OF A LOOP)
9936 - VOICE # TO THE TELCO CENTRAL OFFICE
9937 - VOICE # TO THE TELCO CENTRAL OFFICE
9941 - COMPUTER (DIGITAL VOICE TRANSMISSION?)
9960 - OSC. TONE (TONE SIDE LOOP) MAY ALSO BE A COMPUTER IN SOME EXCHANGES
9961 - NO RESPONSE (OTHER END OF LOOP?)
9962 - NO RESPONSE (OTHER END OF LOOP?)
9963 - NO RESPONSE (OTHER END OF LOOP?)
9966 - COMPUTER (SEE 9941)
9968 - TONE THAT DISAPPEARS--RESPONDS TO CERTAIN TOUCH-TONE KEYS
MOST OF THE NUMBERS BETWEEN 9900 & 9999 WILL RING OR GO TO A "WHAT #,
PLEASE?" OPERATOR.
HAVE PHUN AND REMEMBER IT'S ONLY A LOCAL CALL!
TOUCH-TONE & FREE CALLS
<><><><><><><><><><><><><><><><><><><><><><><><><><><><><><>
THERE ARE SEVERAL WAYS TO MAKE FREE CALLS (SPRINT, MCI, ETC.) USING A ROTARY
PHONE. THEY ARE:
1. USE A NUMBER THAT ACCEPTS VOICE AS WELL AS DTMF. SUCH A # IS (800)
521-8400. AS OF WRITING THIS, A CODE WAS 00717865.
A) IF USING VOICE, WAIT FOR THE COMPUTER TO SAY, "AUTHORIZATION #, PLEASE."
THEN SAY EACH DIGIT SLOWLY, IT WILL BEEP AFTER EACH DIGIT IS SAID. AFTER EVERY
GROUP OF DIGITS, IT WILL REPEAT WHAT YOU HAVE SAID, THEN SAY YES IF IT IS
CORRECT, OTHERWISE SAY NO. IF THE ACCESS CODE IS CORRECT, IT WILL THANK YOU AND
ASK FOR THE DESTINATION #, THEN SAY THE AREA CODE + NUMBER AS ABOVE. ANOTHER
SUCH # IS (800) 245-8173, WHICH HAS A 6 DIGIT ACCESS CODE. (NOTE: IF USING
TOUCH-TONE ON THIS #, ENTER THE CODE IMMEDIATELY AFTER THE TONE STOPS.)
2. HOOK UP A TOUCH-TONE FONE INTO YOUR ROTARY FONE. ATTACH THE RED WIRE FROM
THE TOUCH-TONE FONE TO THE "R" TERMINAL INSIDE THE FONE ON THE NETWORK BOX.
THEN HOOK THE GREEN WIRE TO THE "B" TERMINAL. TO USE THIS DIAL THE # USING
ROTARY & THEN USE THE TOUCH-TONE FOR THE CODES. (DON'T HANG UP THE ROTARY FONE
WHILE DOING THIS THOUGH!) IF THIS DOESN'T WORK THEN REVERSE THE 2 WIRES.
(NOTE:IF YOUR LINE CAN ACCEPT TOUCH-TONE BUT YOU HAVE A ROTARY FONE THEN YOU
CAN HOOK UP A TONE FONE DIRECTLY FOR ALL CALLS BUT THIS USUALLY ISN'T THE
CASE.) SUCH AS RADIO SHACK'S 43-138.
OTHER ALTERNATIVES
<><><><><><><><><><><><><><><><><><><><><><><><><><><><><><>
4. USE A CHARGE-A-CALL FONE. (THESE ALSO MAKE GREAT EXTENSIONS IF YOU REMOVE
IT USING A HEX WRENCH WITH A HOLE IN THE MIDDLE ON THE CENTER SCREW!)--(THESE
FONES, FOR THE BENEFIT OF THOSE WHO DON'T KNOW, ARE BLUE WITH NO COIN SLOTS).
5. USE A PAY FONE THAT WANTS YOUR MONEY BEFORE THE DIAL TONE. PUT IN YOUR
DIME, DIAL THE #; IF IT'S AN 800 # THEN YOUR DIME WILL COME BACK, IMMEDIATELY
PUT A DIME BACK IN (IT'LL COME BACK WHEN YOU HANG UP!) IF IT IS A TONE FIRST
FONE AND IT DISCONNECTS THE KEYPAD (SOME DON'T) THEN FIND ANOTHER FONE.
Page 30
The Official Phreaker's Manual
Chapter 2
Well now we know a little vocabulary, and now its into history, Phreak
history. Back at MIT in 1964 arrived a student by the name of Stewart Nelson,
who was extremely interested in the telephone. Before entering MIT, he had
built autodialers, cheese boxes, and many more gadgets. But when he came to
MIT he became even more interested in "fone-hacking" as they called it. After
a little while he naturally started using the PDP-1, the schools computer at
that time, and from there he decided that it would be interesting to see
whether the computer could generate the frequencies required for blue boxing.
The hackers at MIT were not interested in ripping off Ma Bell, but just
exploring the telephone network. Stew (as he was called) wrote a program to
generate all the tones and set off into the vast network.
Now there were more people phreaking than the ones at MIT. Most people have
heard of Captain Crunch (No not the cereal), he also discovered how to take
rides through the fone system, with the aid of a small whistle found in a
cereal box (can we guess which one?). By blowing this whistle, he generated
the magical 2600hz and into the mouthpiece it sailed, giving him complete
control over the system. I have heard rumors that at one time he made about
1/4 of the calls coming out of San Francisco. He got famous fast. He made the
cover of people magazine and was interviewed several times (as you'll soon
see). Well he finally got caught after a long adventurous career. After he
was caught he was put in jail and was beaten up quite badly because he would
not teach other inmates how to box calls. After getting out, he joined Apple
computer and is still out there somewhere.
Then there was Joe the Whistler, blind form the day he was born. He could
whistle a perfect 2600hz tone. It was rumored phreaks used to call him to tune
their boxes.
Well that was up to about 1970, then from 1970 to 1979, phreaking was mainly
done by college students, businessmen and anyone who knew enough about
electronics and the fone company to make a 555 Ic to generate those magic
tones. Businessmen and a few college students mainly just blue box to get free
calls. The others were still there, exploring 800#'s and the new ESS systems.
ESS posed a big problem for phreaks then and even a bigger one now. ESS was
not widespread, but where it was, blue boxing was next to impossible except for
the most experienced phreak. Today ESS is installed in almost all major cities
and blue boxing is getting harder and harder.
1978 marked a change in phreaking, the Apple ][, now a computer that was
affordable, could be programmed, and could save all that precious work on a
cassette. Then just a short while later came the Apple Cat modem. With this
modem, generating all blue box tones was easy as writing a program to count
form one to ten (a little exaggerated). Pretty soon programs that could
imitate an operator just as good as the real thing were hitting the community,
TSPS and Cat's Meow, are the standard now and are the best.
1982-1986: LD services were starting to appear in mass numbers. People now
had programs to hack LD services, telephone exchanges, and even passwords. By
now many phreaks were getting extremely good and BBS's started to spring up
everywhere, each having many documentations on phreaking for the novice. Then
it happened, the movie War Games was released and mass numbers of sixth grade
to all ages flocked to see it. The problem wasn't that the movie was bad, it
was that now EVERYONE wanted to be a hacker/phreak. Novices came out in such
mass numbers, that bulletin boards started to be busy 24 hours a day. To this
day, they still have not recovered. Other problems started to occur, novices
guessed easy passwords on large government computers and started to play
around... Well it wasn't long before they were caught, I think that many
people remember the 414-hackers. They were so stupid as to say "yes" when the
computer asked them whether they'd like to play games. Well at least it takes
the heat off the real phreaks/hacker/krackers.
Page 31
The Official Phreaker's Manual
After a little history, how about a little thrill? I don't know if this
story is true but it sure is as bad as shit!
Page 32
The Official Phreaker's Manual
***** The AAG Proudly Presents The AAG Proudly Presents *****
* *
* +----------------------------------------------+ *
* *
* Secrets of the Little Blue Box *
* *
* by Ron Rosenbaum *
* Typed by One Farad Cap/AAG *
* *
* -A story so incredible it may even make you *
* feel sorry for the phone company- *
* *
* (First of four files) *
* *
* +----------------------------------------------+ *
* *
***** The AAG Proudly Presents The AAG Proudly Presents *****
Dudes... These four files contain the story, "Secrets of the Little Blue Box",
by Ron Rosenbaum.
-A story so incredible it may even make you feel sorry for the phone company-
Printed in the October 1971 issue of Esquire Magazine. If you happen to be in
a library and come across a collection of Esquire magazines, the October 1971
issue is the first issue printed in the smaller format. The story begins on
page 116 with a picture of a blue box.
--One Farad Cap, Atlantic Anarchist Guild
The Blue Box Is Introduced: Its Qualities Are Remarked
I am in the expensively furnished living room of Al Gilbertson (His real name
has been changed.), the creator of the "blue box." Gilbertson is holding one of
his shiny black-and-silver "blue boxes" comfortably in the palm of his hand,
pointing out the thirteen little red push buttons sticking up from the console.
He is dancing his fingers over the buttons, tapping out discordant beeping
electronic jingles. He is trying to explain to me how his little blue box does
nothing less than place the entire telephone system of the world, satellites,
cables and all, at the service of the blue-box operator, free of charge.
"That's what it does. Essentially it gives you the power of a super operator.
You seize a tandem with this top button," he presses the top button with his
index finger and the blue box emits a high-pitched cheep, "and like that" --
cheep goes the blue box again -- "you control the phone company's long-distance
switching systems from your cute little Princes phone or any old pay phone.
And you've got anonymity. An operator has to operate from a definite location:
the phone company knows where she is and what she's doing. But with your
beeper box, once you hop onto a trunk, say from a Holiday Inn 800 (toll-free)
number, they don't know where you are, or where you're coming from, they don't
know how you slipped into their lines and popped up in that 800 number. They
don't even know anything illegal is going on. And you can obscure your origins
through as many levels as you like. You can call next door by way of White
Plains, then over to Liverpool by cable, and then back here by satellite. You
can call yourself from one pay phone all the way around the world to a pay
phone next to you. And you get your dime back too."
"And they can't trace the calls? They can't charge you?"
Page 33
The Official Phreaker's Manual
"Not if you do it the right way. But you'll find that the free-call thing
isn't really as exciting at first as the feeling of power you get from having
one of these babies in your hand. I've watched people when they first get hold
of one of these things and start using it, and discover they can make
connections, set up crisscross and zigzag switching patterns back and forth
across the world. They hardly talk to the people they finally reach. They say
hello and start thinking of what kind of call to make next. They go a little
crazy." He looks down at the neat little package in his palm. His fingers are
still dancing, tapping out beeper patterns.
"I think it's something to do with how small my models are. There are lots of
blue boxes around, but mine are the smallest and most sophisticated
electronically. I wish I could show you the prototype we made for our big
syndicate order."
He sighs. "We had this order for a thousand beeper boxes from a syndicate
front man in Las Vegas. They use them to place bets coast to coast, keep lines
open for hours, all of which can get expensive if you have to pay. The deal
was a thousand blue boxes for $300 apiece. Before then we retailed them for
$1500 apiece, but $300,000 in one lump was hard to turn down. We had a
manufacturing deal worked out in the Philippines. Everything ready to go.
Anyway, the model I had ready for limited mass production was small enough to
fit inside a flip-top Marlboro box. It had flush touch panels for a keyboard,
rather than these unsightly buttons, sticking out. Looked just like a tiny
portable radio. In fact, I had designed it with a tiny transistor receiver to
get one AM channel, so in case the law became suspicious the owner could switch
on the radio part, start snapping his fingers, and no one could tell anything
illegal was going on. I thought of everything for this model -- I had it lined
with a band of thermite which could be ignited by radio signal from a tiny
button transmitter on your belt, so it could be burned to ashes instantly in
case of a bust. It was beautiful. A beautiful little machine. You should
have seen the faces on these syndicate guys when they came back after trying it
out. They'd hold it in their palm like they never wanted to let it go, and
they'd say, 'I can't believe it. I can't believe it.' You probably won't
believe it until you try it."
The Blue Box Is Tested: Certain Connections Are Made
About eleven o'clock two nights later Fraser Lucey has a blue box in the palm
of his left hand and a phone in the palm of his right. He is standing inside a
phone booth next to an isolated shut-down motel off Highway 1. I am standing
outside the phone booth.
Fraser likes to show off his blue box for people. Until a few weeks ago when
Pacific Telephone made a few arrests in his city, Fraser Lucey liked to bring
his blue box (This particular blue box, like most blue boxes, is not blue.
Blue boxes have come to be called "blue boxes" either because 1) The first blue
box ever confiscated by phone-company security men happened to be blue, or 2)
To distinguish them from "black boxes." Black boxes are devices, usually a
resistor in series, which, when attached to home phones, allow all incoming
calls to be made without charge to one's caller.) to parties. It never failed:
a few cheeps from his device and Fraser became the center of attention at the
very hippest of gatherings, playing phone tricks and doing request numbers for
hours. He began to take orders for his manufacturer in Mexico. He became a
dealer.
Fraser is cautious now about where he shows off his blue box. But he never
Page 34
The Official Phreaker's Manual
gets tired of playing with it. "It's like the first time every time," he tells
me.
Fraser puts a dime in the slot. He listens for a tone and holds the receiver
up to my ear. I hear the tone. Fraser begins describing, with a certain
practiced air, what he does while he does it. "I'm dialing an 800 number now.
Any 800 number will do. It's toll free. Tonight I think I'll use the ----- (he
names a well-know rent-a-car company) 800 number. Listen, It's ringing. Here,
you hear it? Now watch." He places the blue box over the mouthpiece of the
phone so that the one silver and twelve black push buttons are facing up toward
me. He presses the silver button -- the one at the top -- and I hear that
high-pitched beep. "That's 2600 cycles per second to be exact," says Lucey.
"Now, quick. listen." He shoves the earpiece at me. The ringing has vanished.
The line gives a slight hiccough, there is a sharp buzz, and then nothing but
soft white noise.
"We're home free now," Lucey tells me, taking back the phone and applying the
blue box to its mouthpiece once again. "We're up on a tandem, into a
long-lines trunk. Once you're up on a tandem, you can send yourself anywhere
you want to go." He decides to check out London first. He chooses a certain
pay phone located in Waterloo Station. This particular pay phone is popular
with the phone-phreaks network because there are usually people walking by at
all hours who will pick it up and talk for a while.
He presses the lower left-hand corner button which is marked "KP" on the face
of the box. "That's Key Pulse. It tells the tandem we're ready to give it
instructions. First I'll punch out KP 182 START, which will slide us into the
overseas sender in White Plains." I hear a neat clunk-cheep. "I think we'll
head over to England by satellite. Cable is actually faster and the connection
is somewhat better, but I like going by satellite. So I just punch out KP Zero
44. The Zero is supposed to guarantee a satellite connection and 44 is the
country code for England. Okay... we're there. In Liverpool actually. Now
all I have to do is punch out the London area code which is 1, and dial up the
pay phone. Here, listen, I've got a ring now."
I hear the soft quick purr-purr of a London ring. Then someone picks up the
phone.
"Hello," says the London voice.
"Hello. Who's this?" Fraser asks.
"Hello. There's actually nobody here. I just picked this up while I was
passing by. This is a public phone. There's no one here to answer actually."
"Hello. Don't hang up. I'm calling from the United States."
"Oh. What is the purpose of the call? This is a public phone you know."
Downloaded From P-80 International Information Systems 304-744-2253
