Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Phreaking Cellular - Misc. :: celphrk4.txt

Cellular Phreaking 4 of 4




WHATS IN A NAM                by The Mad Phone-man
---------------------------------------------------------
Nam stands for "Number Assignment Module" or to the Teckies a PROM
(Programable Read-Only Memory) A blank Nam usualy costs between $1. to
$2.75. Sometimes its more expensive depending on the operating temperature
and packaging specifications. 
 Two flavors of NAM's are used for cellular. NEC uses the open colector
(Signetics p/n 82S32 or equivalent). All others use the tri-state (Signetics
82S123 or equivalent). Blank Nams are manufactured by Signetics,National 
Semiconductor, Monolithic Memorys, Fujitsu, Texas Instruments, and Advanced
Microdevices. Blank Nams can be purchased at your electronic distribuitor's
and many radios come with a blank included.
 
  The NAM contains the subscriber number and lock code, the home system 
identification and other system required information. You may wonder how this 
info is arranged.
The NAM is organized into 32 rows and 8 columns. It is 32 words of 8 bits 
each. (256 bits total) Starting from the top of the NAM (address 00)
you will find the abreviation SIDH, This means "system identification number
home" , a number starting at 0001 assigned by the FCC.
Each market allows two systems. Even for the wire-line and odd for
the non-wireline.
 At address 03 we find LU (Local use) on the left and MIN on the right these
are usualy set to 1. Locations with zeros are reserved. Going down the map, 
there's MIN1 and MIN2 the subscriber number and the area code respectivly
Dont try to read them from a raw printout of the NAM data, they are scrambled
beond recognition. The reason? The way they are arranged is the way they must 
be transmitted to the cellular systems receivers. The programmer does this to
make the radio's job easier.
 Next is the station class mark, which identifys the class and power capability
of the phone. The system will treat a handheld (low power) differently than
a standard 3 watt mobile.
 IPCH is the inital paging channel. The radio listens for a page on this 
channel. Wirelines use 334 and non-wirelines use 333.
 ACCOLC (ACCess Overload Class)  is designed in throwing off customers in
the event of an overload. Thru neglect this standard has been largely unused.
(A class 15 station is supposed to be police, fire, or military)
Usualy its set to 0 plus the last digit of the phone number to provide random
loading.
  PS- Prefered system. This is always 1 in non-wireline and 0 in wireline.
 
  The lock code is about the only thing you can read directly by studying
the NAM data. The "spare" bit must be a 0 if the radio contains a 3 digit code.
Because the number of clicks when you dial 0 on a (dial) phone equals 10
zeros in the lock code are represented by an "A" the hexadecimal equiv of 10.
 EE,REP,HA, and HF correspond to end-to-end signaling (DTMF tones possible 
you talk) REPeratory dialing (provision for 10 or more numbers in memory)
 Horn Alert and hands free. Like all options, they are 1, if turned on and
0 if (all these numbers are in hex) are supposed to be used
by radio mfgrs to store option switches. Usualy 13 is used, 14 sometimes and
 the rest less often.
 Last you will find checksum adjustment and checksum. These numbers are 
calculated automaticly after the data has been edited for the NAM. The sum
of all words in the nam plus these last two must equal a number with 0's
in the last two digits. The radio checks this sum and if it isnt correct
the radio assumes the NAM is bad or tampered with. In the case the radio 
refuses to operate until a legal NAM is installed.
 
 
 MARK            most        BIT SIGNIFICANCE       least        Hex
DEFINITION                                                      address  
----------------------------------------------------------------------------
             |    0         SIDH (14-8)                   |       00
----------------------------------------------------------------------------
             |              SIDH (7-0)                    |       01
----------------------------------------------------------------------------
LU=Local use |   LU  |    0  0  0  0  0  0          | MIN |       02
----------------------------------------------------------------------------
             | 0   0          MIN2 (33-28)                |       03
----------------------------------------------------------------------------
             |   MIN2 (27-24)        |     0  0  0  0     |       04
----------------------------------------------------------------------------
             |  0  0  0  0      |     MIN1 (23-20)        |       05
----------------------------------------------------------------------------
             |                MIN1  (19-12)               |       06
----------------------------------------------------------------------------
             |                MIN1  (11-4)                |       07
----------------------------------------------------------------------------
             |        MIN1 (3-0)  |   0   0   0   0       |       08
----------------------------------------------------------------------------
             |     0   0   0   0    |     SCM (3-0)       |       09
----------------------------------------------------------------------------
             |     0   0   0   0   0   |   IPCH  (10-8)   |       0A
----------------------------------------------------------------------------
             |          ICPH   (7-0)                      |       0B
----------------------------------------------------------------------------
             |     0   0   0  0    |   ACCOLC  (3-0)      |       0C
----------------------------------------------------------------------------
PS=Perf Syst |     0   0   0   0   0   0   0   |   PS     |       0D
----------------------------------------------------------------------------
             |    0   0   0   0   |     GIM (3-0)         |       0E
----------------------------------------------------------------------------
             |   LOCK DIGIT 1       |   LOCK DIGIT 2      |       0F
----------------------------------------------------------------------------
             |   LOCK DIGIT 3    LOCK SPARE BITS   |       10
----------------------------------------------------------------------------
EE=End/End   |   EE  |   0    0    0    0    0    0 | REP |       11
----------------------------------------------------------------------------
REP=Reprity  |   HA  |   0    0    0    0    0    0 | HF  |       12
----------------------------------------------------------------------------
HF=Handsfree |                                            |
HA=Horn Alt  |         Spare Locations (13-1D)            |
             |         contain all 0's                    |       13
             |                                            |       to
             |                                            |       1D
----------------------------------------------------------------------------
             |         NAM CHECKSUM ADJUSTMENT            |       1E
----------------------------------------------------------------------------
             |            NAM CHECKSUM                    |       1F
----------------------------------------------------------------------------
 
 
     
Downloaded from The Land of Fa-II [716]/773-7526


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH