home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
Hacker Chronicles 1
/
HACKER1.ISO
/
miscpub3
/
094.doc
< prev
next >
Wrap
Text File
|
1992-10-03
|
19KB
|
357 lines
How Ma Bell Works by the Jolly Roger
In this article, I will first describe the termination,
wiring, and terminal hardware most commonly used in the Bell
system, and I will include section on methods of using them.
-------------
LOCAL NETWORK
-------------
The local telephone network between the central
office/exchange and the telephone subscribers can be briefly
described as follows:
From the central office (or local exchange) of a certain
prefix(es), underground area trunks go to each area that has that
prefix (Usually more than one prefix per area.) At every few
streets or tract areas, the underground cables surface. They then
go to the telephone pole (or back underground, depending on the
area) and then to the subsribers house (or in the case of an
apartment building or mutliline business, to a splitter or dis-
tribution box/panel).
Now that we have the basics, I'll try and go in-depth on the
subject.
------------------
UNDERGROUND CABLES
------------------
These are sometimes inter-office trunks, but usually in a
residential area they are trunk lines that go to bridging heads
or distribution cases. The cables are about 2-3 inches thick
(varies), and are either in a metal or pvc-type pipe (or
similiar). Rarely (maybe not in some remote rural areas) are the
cables just 'alone' in the ground. Instead they are usually in
an underground cement tunnel (resembles a small sewer or storm-
drain.) The manholes are >heavy< and will say 'Bell system' on
them. they can be opened with a 1/2 inch wide crowbar (Hookside)
inserted in the top rectangular hole. There are ladder rungs to
help you climb down. You will see the cable pipes on the wall,
with the blue and white striped one being the inter-office trunk
(at least in my area). The others are local lines, and are
usually marked or color coded. There is almost always a posted
color code chart on the wall, not to mention Telco manuals de-
scribing the cables and terminals, so I need not get into detail.
Also, there is usually some kind of test equipment, and often
Bell test sets are left in there.
--------------
BRIDGING HEADS
--------------
The innocent-looking grayish-green boxes. These can be
either trunk bridges or bridging for residences. The major trunk
bridging heads are usually larger, and they have the 'Western
Electric' logo at the bottom, whereas the normal bridging heads
(which may be different in some areas-depending on the company
you are served by. GTE B.H.'s look slightly different. Also, do
not be fooled by sprinkler boxes!) They can be found in just
about every city.
To open a bridging head: if it is locked (and you're feeling
destructive), put a hammer or crowbar (the same one you used on
the manhole) in the slot above the top hinge of the right door.
Pull hard, and the door will rip off. Very effective! If it isn't
locked (as usual), take a 7/8 inch hex socket and with it, turn
the bolt about 1/8 of a turn to the right (you should hear a
spring release inside). Holding the bolt, turn the handle all the
way to the left and pull out.
To Check for a test-set (which are often left by Bell employees),
go inside - First check for a test-set (which are often left
by Bell employees). There should be a panel of terminals and
wires. Push the panel back about an inch or so, and rotate the
top latch (round with a flat section) downward. Release the
panel and it will fall all the way forward. There is usually a
large amount of wire and extra terminals. The test-sets are
often hidden here, so don't overlook it (Manuals, as well, are
sometimes placed in the head). On the right door is a metal box
of alligator clips. Take a few (Compliments of Bell.). On each
door is a useful little round metal device. (Says 'insert gently'
or' clamp gently - do not overtighten' etc..) On the front of
the disc, you should find two terminals. These are for your test
set. (If you dont have one, dont despair -I'll show you ways to
make basic test sets later in this article).
Hook the ring (-) wire to the 'r' terminal; and the tip (+)
wire to the other. (By the way, an easy way to determine the
correct polarity is with a 1.5v LED. Tap it to the term. pair,
if it doesnt light, switch the poles until it does. When it
lights,find the longer of the two LED poles: This one will be on
the tip wire (+). Behind the disc is a coiled up cord. This
should have two alligator clips on it.. Its very useful, because
you dont have to keep connecting and disconnecting the fone (test
set) itself, and the clips work nicely.
On the terminal board, there should be about 10 screw
terminals per side. Follow the wires, and you can see which
cable pairs are active. Hook the clips to the terminal pair, and
you're set! Dial out if you want, or just listen (If someone's
on theline). Later, I'll show you a way to set up a true 'tap'
that will let the person dial out on his line and receive calls
as normal, and you can listen in the whole time. More about this
later...
On major prefix-area bridging heads, you can see 'local
loops' ,which are two cable pairs (cable pair = ring+tip, a fone
line) that are directly connected to each other on the terminal
board. These 'cheap loops' as they are called, do not work
nearLy as well as the existing ones set up in the switching
hardware at the exchange office. (Try scanning your prefixes'
00xx to 99xx #'s.) The tone sides will announce themselves with
the 1008 hz loop tone, and the hang side will give no response.
The first person should dial the 'hang' side, and the other
person dial the tone side, and the tone should stop if you have
got the right loop.)
If you want to find the number of the line that you're on,
you can either try to decipher the 'bridging log' (or whatever),
which is on the left door. If that doesnt work, you can use the
follwing:
---------------------------
ANI # (Automatic Number ID)
---------------------------
This is a Telco test number that reports to you the number
that youre calling from (It's the same, choppy 'Bell bitch' voice
that you get when you reach a disconnected #)
For the 213 NPA - Dial 1223
408 NPA - Dial 760
914 NPA - Dial 990
These are extremely useful when messing with any kind of line
terminals, house boxes, etc.
Now that we have bridging heads wired, we can go on... (don't
forget to close and latch the box after all... Wouldnt want GE
and Telco people mad, now, would we?)
-------------------------------------
"CANS" - Telephone Distribution Boxes
-------------------------------------
Basically, two types:
1> Large, rectangular silver box at the end of each street.
2> Black, round, or rectangular thing at every telephone pole.
Type 1 - This is the case that takes the underground cable from
the bridge and runs it to the telephone pole cable (The lowest,
largest one on the telephone pole.) The box is always on the
pole nearest the briging head, where the line comes up. Look for
the 'Call before you Dig - Underground cable' stickers..
The case box is hinged, so if you want to climb the pole,
you can open it with no problems. These usually have 2 rows of
terminal sets.
You could try to impersonate a Telco technician and report
the number as 'new active' (giving a fake name and fake report,
etc.) I dont recommend this, and it probably won't (almost
positively won't) work, but this is basically what Telco linemen
do).
Type 2 - This is the splitter box for the group of houses around
the pole (Usually 4 or 5 houses). Use it like I mentioned
before. The terminals (8 or so) will be in 2 horizontal rows of
sets. The extra wires that are just 'hanging there' are
provisions for extra lines to residences (1 extra line per house,
thats why the insane charge for line #3!) If its the box for
your house also, have fun and swap lines with your neighbor!
'Piggyback' them and wreak havoc on the neighborhood (It's
eavesdropping time...) Again, I don't recommend this, and its
difficult to do it correctly. Moving right along...
------------------------------
APARTMENT / BUSINESS MULTILINE
DISTRIBUTION BOXES
------------------------------
Found outside the buliding (most often on the right side,
but not always... Just follow the wire from the telephone pole)
or in the basement. It has a terminal for all the lines in the
building. Use it just like any other termination box as before.
Usually says 'Bell system' or similar. Has up to 20 terminals on
it (usually.) the middle ones are grounds (forget these). The
wires come from the cable to one row (usually the left one), with
the other row of terminals for the other row of terminals for the
building fone wire pairs. The ring (-) wire is usually the top
terminal if the set in the row (1 of 10 or more), and the tip is
in the clamp/screw below it. This can be reversed, but the cable
pair is always terminated one-on-top-of-each- other, not on the
one next to it. (I'm not sure why the other one is there,
probably as aprovision for extra lines) Don't use it though, it
is usually to close to the other terminals, and in my experiences
you get a noisy connection.
Final note: Almost every apartment, business, hotel, or anywhere
there is more than 2 lines this termination lines this
termination method is used. If you can master this type, you can
be in control of many things... Look around in your area for a
building that uses this type, and practice hooking up to the
line, etc.
As an added help,here is the basic 'standard' color-code for
multiline terminals/wiring/etc...
Single line: Red = Ring
Green = Tip
Yellow = Ground *
* (Connected to the ringer coil in individual and bridged
ringer phones (Bell only) Usually connected to the green
(Tip)
Ring (-) = Red
White/Red Stripe
Brown
White/Orange Stripe
Black/Yellow Stripe
Tip (+) = Green (Sometimes
yellow, see above.)
White/Green Stripe
White/Blue Stripe
Blue
Black/White Stripe
Ground = Black
Yellow
----------------------
RESIDENCE TERMINAL BOX
----------------------
Small, gray (can be either a rubber (Pacific Telephone) or hard
plastic (AT & T) housing deal that connects the cable pair from
the splitter box (See type 2, above) on the pole to your house
wiring. Only 2 (or 4, the 2 top terminals are hooked in parallel
with the same line) terminals, and is very easy to use. This can
be used to add more lines to your house or add an external line
outside the house.
---------
TEST SETS
---------
Well, now you can consider yourself a minor expert on the
terminals and wiring of the local telephone network. Now you can
apply it to whatever you want to do.. Here's another helpful
item:
How to make a Basic Test-Set and how to use it to dial out,
eavsdrop, or seriously tap and record line activity.
These are the (usually) orange hand set fones used by Telco
technicians to test lines. To make a very simple one, take any
Bell (or other, but I recommend a good Bell fone like a princess
or a trimline. gte flip fones work excllently, though..) fone and
follow the instructions below.
Note: A 'black box' type fone mod will let you tap into their
line, and with the box o, it's as if you werent there. they can
recieve calls and dial out, and you can be listening the whole
time! very useful. With the box off, you have a normal fone test
set.
Instructions:
A basic black box works well with good results. Take the cover
off the fone to expose the network box (Bell type fones only).
The <RR> terminal should have a green wire going to it (orange or
different if touch tone - doesnt matter, its the same thing).
Disconnect the wire and connect it to one pole of an SPST switch.
Connect a piece of wire to the other pole of the switch and
connect it to the <RR> terminal. Now take a 10k hm 1/2 watt 10%
resistor and put it between the <RR> terminal ad the <F>
terminal, which should have a blue and a white wire going to it
(different for touch tone). It should look like this:
-----Blue wire----------<F>
!
----White wire-----!
!
10k Resistor
!
!
--Green wire-- !----<RR>
! !
SPST
What this does in effect is keep the hookswitch / dial pulse
switch (F to RR loop) open while holding the line high with the
resistor. This gives the same voltage effect as if the fone was
'on-hook', while the 10k ohms holds the voltage right above the
'off hook' threshold (around 22 volts or so, as compared to 15-17
or normal off hook 48 volts for normal 'on-hook'), giving
Test Set Version 2.
Another design is similar to the 'type 1' test set (above),
but has some added features:
From >----------------Tip------<To Test
Alligator set
Clip >----------------Ring-----<phone
! !
x !
! !
o !
! x---RRRRR---!
! x !
!---x !
x----0------!
x = Spst Switch
o = Red LOD 0 = Green LED
RRRRR= 1.8k 1/2 watt xxxx= Dpst switch
resistor
When the SPST switch in on, the LED will light, and the fone
will become active. The green light should be on. If it isn't,
switch the dpst. If it still isnt, check the polarity of the
line and the LEDs. With both lights on, hang up the fone. They
should all be off now. Now flip the dpst and pick up the fone.
The red LED shold be on, but the green shouldnt. If it is,
something is wrong with the circuit. You wont get a dial tone if
all is correct.
When you hook up to the line with the alligator clips
(Assuming you have put this circuit inside our fona and have put
alligator clips on the ring and tip wires (As we did before)) you
should have the spst #1 in the off posistion. This will greatly
reduce the static noise involved in hooking up to a line. The red
LED can also be used to check if you have the correct polarity.
With this fone you will have the ability to listen in on
>all< audible line activity, and the people (the 'eavesdropees')
can use their fone as normal.
Note that test sets #1 and #2 have true 'black boxes', and can be
used for free calls (see an article about black boxes).
Test Set Version 3
To do test set 3:
Using a trimline (or similar) phone, remove the base and cut
all of the wire leads off except for the red (ring -) and the
green (tip +). Solder alligator clips to the lug. The wire
itself is 'tinsel' wrapped in rayon, and doesnt solder well.
Inside the one handset, remove the light socket (if it has one)
and install a small slide or toggle switch (Radio Shack's micro-
miniature spst works well). Locate the connection of the ring
and the tip wires on the pc board near where the jack is located
at the bottom of the handset. (The wires are sometimes black or
brow instead of red and green, respectively). Cut the foil and
run 2 pieces of wire to your switch. In parallel with the switch
add a .25 uf 200 VDC capacitor (mylar, silvered mica, ceramic,
not an electrolytic). When the switch is closed, the handset
functions normally. With the switch in the other position, you
can listen without being heard.
Note: To reduce the noise involved in connecting the clips to a
line, add a switch selectable 1000 ohm 1/2 watt resistor in
series with the tip wire. Flip it in circuit when connecting, and
once on the line, flip it off again. (or just use the 'line disc-
onect' type switch as in the type 2 test set (above)). Also
avoid touching the alligator clips to any metal parts or other
terminals, for i causes static on the line and raises poeple's
suspicions.
---------
RECORDING
---------
If you would like to record any activity, use test set 1 or
2 above (for unattended recording of >all< line activity), or
just any test set if you are going to be there to monitor when
they are dialing, talking, etc.
Place a telephone pickup coil (I recommend the Becoton T-5 TP
coil or equivalent) onto the test set, and put the TP plug into
the mic. jack of any standard tape recorder. Hit play, rec, and
pause. Alternate pause when you want to record (I dont think
anyone should have any difficulty with this at all...)
Well, if you still can't make a test set or you dont have the
parts, there's still hope. Alternate methods:
1> Find a bell test set in a manhole or a bridging head and
'Borrow it indefinately...
2> Test sets can be purchased from:
Techni-Tool
5 Apollo Road
Box 368
Plymouth Meeting PA., 19462
Ask for catalog #28
They are usually $300 - $600, and are supposed to have MF
dialing capability as well as TT dialing. They are also of much
higher quality than the standard bell test sets.
If you would like to learn more about the subjects covered here,
I suggest:
1> Follow Bell trucks and linemen or technicians and ask subtle
questions. also try 611 (repair service) and ask questions..
2> Explore your area for any Bell hardware, and experiment with
it. Don't try something if you are not sure what youre doing,
because you wouldnt want to cause problems, would you?
------------------Jolly Roger
Downloaded From P-80 International Information Systems 304-744-2253