TUCoPS :: Phreaking Cellular - Misc. :: celphrk3.txt

Cellular Phreaking 3 of 4

Now that you have become familiar with the technology of cellular phones
its time to discuss what you can do with a phone right now.
Not every system pays attention to a "Roamer" from outside the system as
closely as they do a local suscriber. In their mad rush to offer cellular as
"universal" service, meaning you can place a call in any cellular city any-
where in North America, they fucked up.
OK, heres the poop...I access say..Cleveland Ohio Cellular 1's Ericcson switch
and tell them by my "NAM" info that im a roamer from NYNEX in New York City.
Cleveland will let me make the call, cause it bills back to NYC  my number
of minutes used. If the NYC number is bogus, the call goes thru, and the bill
doesn't go anywhere. They do know the exchange data for NYC, thats on a chart
so ya cant tell em yer...555-1212 or must tell em yer a valid roamer
and the System number (two digits) must match NYC's. This is not too hard to
figgure out, (call some of their stupid sales idiots some time and see what 
they will let out of the bag) now lets see what else you should know.
OK, the system number for the foreign exchange....Nynex in Buffalo is 56,
Chicago nonwireline is 01, Buffalo Nonwireline is 03, All wirelines are even
numbers all non-wirelines are odd.
OK, first three digits of the mobile number....Nynex Buffalo- 863 xxxx
   Buffalo Non-wire 861 xxxx, 690 xxxx.
I am sure it wont take much to figgure out the local numbers for your area
like I said the sales people are fucks and will tell ya anything to
make a sale.
Until the companys get a cellular clearinghouse to validate roamers in real
time this will work out fine. The prospects of such a clearinghouse are
good after the companys get done with their bitching at each other.
But it may be a while before it becomes routine to look up a roamer. There's
simply too many to look up every time service is wanted.
So, steal a cellphone and his antenna, re-nam it as a roamer and when ya get
it setup, make copies of the info with different suscriber numbers (the
last 4 digits) and make free calls till whenever.
                  More to come...."The NOVATEL series phones "
                           Uncracking the Maintenance code
                     This is probibaly the best radio to use to shut down
                     a cell site completely, it has secret codes in the ctrl
                     head that allow you to bypass conventional switching

