TUCoPS :: Phreaking Caller ID :: ussr_cli.txt

Soviet ANI. The Russians don't have caller ID as such but the KGB's ANI system is widely hacked.

The following has been extracted from an email sent to me by Oleg Afonin, author of Advanced Call Center ( http://aoleg.hypermart.net ).  

It accompanies my Caller ID FAQ at http://www.ainslie.org.uk/callerid.htm or http://www.callerid.org.uk/

Alastair Ainslie

----------------

Russian Caller ID specifications (in Russian language):
http://www.cnt.ru/users/radio/phone/doc/index.htm

Really, we do not have Caller ID here. There is ANI (Automatic Number Identification) instead. It is not a service - it's a bug in telephone exchange hardware. There are several versions of Russian ANI history. First one (official) is that it was developed for telephone operators to make it easier to charge for long-distance calls. Second one (unofficial) says that there was no need for such a service for that purpose (there was another method to determine calling party, using exchange electrical protocols), and ANI was developed for KGB (it was a Soviet analog of U.S. CIA; "KGB" = "Committee of State Security" or like that). It sounds realistic. Anyway,the "service" was never aimed to be public... and some newer exchanges do not provide this feature. So some numbers can be detected here while some can not be. It's all Russia...

Below is a part of Advanced Call Center documentation:

---------doc begin----------
Russian Caller ID (RCID), available in Russia and some European countries.
Detecting RCID is much more complicated, because most of existing modems do not provide hardware support for RCID.

RCID signal is being sent after modem takes the call. So we have the following procedure:

1 - take the call (ANSWER)
2 - 200-250 milliseconds delay before requesting RCID
3 - RCID request (100-200 milliseconds, 500Hz tone)
4  - receive and decode RCID packet, if any
5 - if error, goto 2 (up to 3 requests)
6 - emulate 'ring back' tones to the line, so that caller won't know we already took the call

There are some problems. First, modem hardware is rather slow, and delay between answering and sending request tone can exceed the time ATE will wait for RCID request. In this case it is recommended to set up TWO request tones in the 'Caller ID Detection' section of 'Properties' dialog.

Then, some ATEs send RCID packet without request. This means that when we send RCID request, some time will pass and part of the signal will already be transmitted. Solution is to set 'Pre-detect time' parameter in the 'Caller ID Detection' section of 'Properties' dialog to non-zero value (numbers around 100-200 milliseconds suspected). It is recommended to set 100 ms when using TWO request tones and 200 ms when issuing only ONE request tone. Generally pre-detect time should be ZERO.

RCID reception and decoding is performed inside of the program, not the modem hardware (if not using 'Hardware XXX' Caller ID type). This process can be controlled from within 'Actions' section of 'Properties' dialog, but generally there is no need to adjust this stage.

Number of 'ring back' tones emulated to line can be set from within 'Action' section of 'Properties' dialog. You can also change default action that will be performed after going online and/or emulating N 'ring back' signals to the line. You may choose from options like 'drop immediately' or 'after N 'ring back' tones'; or it can 'answer', 'set caller on hold' and even switch on 'answering machine'.
---------doc end----------

Russian Caller ID consists of a packets like that:

1 - ID, calling category;
2 - 7-th digit
3 - 6-th digit
4 - 5-th digit
5 - 4-th digit
6 - 3-rd digit  \
7 - 2-nd digit  - phone station (exchange) index, 3 digits
8 - 1-st digit   /
9 - begin/end mark,
10 - ID, calling category.

Packets are cyclic; an exchange can transmit 2 or 3 packets in cycle, beginning from the middle of the packet. The number can be requested up to 3 times. Every digit in the packet consists of CCITT R1 standard, 2 frequencies (a kind of DTMF tone):

digit
  freq1, freq2

1
 700, 900

2
 700, 1100

3
 900,1100

4
 700, 1300

5
 900, 1300

6
 1100, 1300

7
 700, 1500

8
 900, 1500

9
 1100, 1500

0
 1300, 1500

"Begin/end mark"
 1100, 1700

"Repeat last digit"
 1300, 1700

Or, which is just the same:

1  f0 f1    6    f2 f4    11  f0 f11
2  f0 f2    7    f0 f7    12  f1 f11
3  f1 f2    8    f1 f7    13  f2 f11
4  f0 f4    9    f2 f7    14  f4 f11
5  f1 f4    10  f4 f7    15  f7 f11

f0=700 Hz
f1=900 Hz
f2=1100 Hz
f4=1300 Hz
f7=1500 Hz
f11=1700 Hz

13 = "Begin/end mark"
14 = "Repeat last digit"

ID, or calling category, is one of that:

1 - Standard subscriber. Long-distance calls permitted.
2 - Hotel subscriber.Long-distance calls permitted with immediate payment.
3 - Subscriber for local service only.
4 - Priority subscriber.
5 - Toll-free phone. Calls are not paid but being registered.
6 - Long-distance pay-phone.
7 - Subscriber with additional service. Long-distance calls permitted.
8 - Priority subscriber with additional service.
9 - Local pay-phone.
0 or 10 - Reserved.

For example, my category is 1. Some of my friends with newer exchanges have category = 7. Organisations usually have 3.


<B = begin/end mark (digit '13')
<R = repeat (digit '14')

Sample number:

221-45-47 (category 1)

Will be transmitted as:

1_7_4_5_4_1_14_2_1_13

Number: 1234556, category: 3

"...54321<B336<R54321<B336<R54321<B336..."

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH