|
#%#%#%#%#%#%#%#%#%#%#%#%#%#%#%#%#%#%#%#%#%#%#%#%#%#%#%#%#% #%# The Guide to Mostly Chirpy Phreaking - Part One. #%# #%# Written By: Cuebiz (Black Sheep Crew) #%# #%# On August 20th, 2000 - Revised Febuary 2nd, 2001 #%# #%#%#%#%#%#%#%#%#%#%#%#%#%#%#%#%#%#%#%#%#%#%#%%#%#%#%#%#%# - Introduction - After MANY hours of pondering, I've finally come up with a simple way to hop on the 'Carol Meinel Bashing train' and show her that I can type up half assed, non-thought-out files better than she can, who0 h0o! This file was originally written roughly about 6 months ago, and since then, I've dumped the MS-Word .doc, and redid this baby with VIM (some of it was done in PICO, but, does it matter?). Okay, First off, DONT think that this is the BEST beginners guide to phreaking in the world, because, well, its not. I originally had this up on Key Pulse (http://fonez.8k.com), but after I took Key Pulse down, it kinda found its way around IRC, this update was made because of all the emails (about 10) asking for it and stuff. I ditched the word doc and just kinda made it look a little better in .txt format. So, dont bitch because you cant use MSWORD.EXE anymore, okay?. Before I pretty much retyped this file, I mentioned that you should join NewsGroups to find out more things about the phreaking scene, and I still stick by that. Get out there and meet phreaker friends, setup a webpage somewhere, kick it on IRC and make friends that way, go to cons whenever you get the chance, just GET OUT! You can only learn so much from t-files and the rest is hands on experience, so, after reading this file, try something, ANYTHING, REALLY! -Table of Content - Chapter One : I - The essence of phones II - The Phreakers 10 Commandments III - Multi-Frequency Tones IV - Box List And their functions (And if they work or not) V - Phreaker Box Review - Putting the myths to rest VI - Construction of a Beige-Box VII - Construction of a Red-Box VIII - Beige-Boxing VIV - Red-Boxing and Payphone Mechanics X - Red, Green, Black, Yellow? - Basic Wire Colors explained Chapter Two : I - Manual War-Dialing and Automatic War-Dialing II - Text Telephones (TTY’s) III - Construcion a ghetto Blue-Box IV - Blue-Boxing for total newbies V - Voice-Mail Hacking VI - PBX’s and Extenders VII - Brief understanding of Switching VIII - Brief understanding of signalling Chapter Three : I - Conferencing and Voice BBS’s II - Prank Calling III - Brief understanding of Cel-Phones IV - Brief understanding of Pagers V - A brief understanding of everything else. VI - Vocabulary VII - Cool people, Webpages, And recommended reading VIII - Shout-Outs and Contact Information Chapter One - starting with the basics - The Essence of Phreaking - What is phreaking? Phreaking, The roots of the modern computer hacker. What is a hacker without a little phone phreaking? Phreaking goes back to the early 60’s, I really can’t say a year exactly because, Well, I really dont know. The word phreaking as you may know already is a mixture of two words, The word freak and the word phone. Why? Well, Some like to think that the word came about because it really freak’d out Ma-Bell when they found out their flaws have been exposed and well, You know where they got the phone part. . . You CANNOT phreak without a phone! Bernay , Joe Engressia and Captain Crunch are the earliest phreaks that I can think of, Though Iam positive there were an earlier generation that was proclaimed underground and had no exposure to the press like these three did. In 1971 Ron Rosenbaum, With Esquire magazine would print out an issue entitled Secrets Of The Little Blue Box which would later become a phreakers collectors item. You may read it by going to the Official GTMCP homepage. Sometime around 1954, Bell improved its rather lame switching systems to run on MF’s better known as Multi-Frequency tones. MF’s are tones sent through the line to be enterperated so your call can be placed. What Ma-Bell didn’t tell people for many obvious reasons is that there were some secret MF’s that noone except Bell-Labs were supposed to know about. In 1960 this would would all go crumbling down for Bell when Bell made an earth-shattering mistake by publishing these MF’s in a phone-tech. magazine. The rise of phreaking and a new gadget that was named by Ma-Bell, A BlueBox, An ugly sucker that was named that because of its cute little blue chassis that held this big ol’ machine up and kept it mobile (Yeah, Right.). In 1961, Just one year after Bell gave away their secrets, Bell would start investigating a public payphone at some college that has been having a large amount of WATS or 1-800 numbers being called with calls lasting over an hour, That would sound wierd, Huh? A two hour call to the directory assistance operator. This is what started it all, Soon after this bad-boy was wired up, Many other boxes would come about that had one purpose in general, To mess with the phone company. This is the essence of Phreaking. . . Corrections: I obviously was drunk when I wrote this part. Okay, this is the low down. Bell's switching, I'd be more 'politically correct' if I used the word 'signalling' instead of switching. Starting all over again, MaBell's shit wasn't controlled by 'MF tones' but rather, analog signalling was based on it. The average human only can hear a certain amount of decibles (duh), which is why we can't hear dog whistles (well, the majority of us anyways) when they are blown, but dogs can. Back on the subject, analog signalling went something like this, you make a call to your friend and start talking, what has happened was this, it (your voice) was converted into electrical impulses, sent, and then reconverted on the other end. You see, it wasn't literally the tones that were controlling the switches, but rather, it (the switch) thought that it was another switch sending electronic impulses over to it with instructions, but rather, a 2600hz tone was just converted over the lines to 'pretend' it was, and then when reaching the switch, the line 'broke'. Get it? The Phreakers 10 Commandments- Many magazines and files have published their own commandments that all use the words thy and words of that sort. But, This is not one of them, Its only what I think every phreaker should follow in order NOT to get busted or even be suspected by the telco. 1. Do NOT make over 10 toll-free phone calls from your house per week. (Per month is better!) 2. NEVER brag about any blueboxing or theft of service over your home phone or even on IRC. 3. Calling 800 numbers from home to get access to a dialtone NOT yours, is strongly prohibited. 4. NEVER bring anyone with you to someones junction-box when beige-boxing. 5. Scan at random. 5ESS DOES have alarms to notify them of sequencial war- dials. 6. Checking your VMB from your home is PROHIBITED. 7. Pay Phones are your friends. They allow you to be anonymous. DONT abuse that privledge. 8. Use Handles all the time when on conferences and phone conversations with other phreaks. 9. NEVER use someones handle or use your own handle on YOUR phone-line. 10. Be paranoid and suspicious of everyone. Dont even trust your best friend. Multi-Frequency Tones- Dual Tone Multi-Frequency Or DTMF 0 941hrz + 1336hrz 1 697hrz + 1209hrz 2 697hrz + 1336hrz 3 697hrz + 1477hrz 4 770hrz + 1209hrz 5 770hrz + 1336hrz 6 770hrz + 1477hrz 7 852hrz + 1209hrz 8 852hrz + 1336hrz 9 852hrz + 1477hrz * 941hrz + 1209hrz # 941hrz + 1447hrz former AUTOVON tones A 697hrz + 1633hrz B 770hrz + 1633hrz C 852hrz + 1633hrz D 941hrz + 1633hrz Other Frequencies -------------------------- Dialtone 350hrz + 400hrz Busy Signal 480hrz + 620hrz Toll Congestion 480hrz + 620hrz Ringback (normal) 440hrz + 480hrz Reorder (Fast Busy Tone) 480hrz + 620hrz Hang Up 2450hrz + 2600hrz All Trunks Busy 440hrz + 680hrz Note: The below signalling is full of it, excuse me, I was drunk C5 Signalling -------------------- KP1 697hrz / 1633hrz KP2 770hrz / 1633hrz ST 852hrz / 1633hrz KP2E 941hrz / 1633hrz C11 700hrz / 1700hrz C12 900hrz / 1700hrz KP1 1100hrz / 1700hrz KP2 1300hrz / 1700hrz ST 1500hrz / 1700hrz EO 2100hrz Update: What the FUCK was I thinking? I really dont know, here, I redid it below, I didn't erase it because, well, I just want you guys to know what I typed out before, and how stupid I can be. hehe. Boxes And Their Functions- I will first give you a list of some of the boxes that are supposed to exist and then I will give you the 411 on what is true and what is just truely shit written by idiot writters in the next section. ;) Acrylic Get three-way conference calling for free Aqua Stop the (erm..), FBI lock-in trace Beige A ghetto linemans handset Black Causes the telco to think your phones still ringing when you’ve picked up the phone. Blast Phone mic. Amp. Blotto Fake Box. Brings your telco to their knee’s Blue Siezes a telco trunk Brown Three-way conference phone Bud Phone tapping device Chartreuse Use the electric from your line to power things Cheese Diverter Chrome Change the traffice lights to green whenever you want Clear Make free calls from fortress phones Color Line activated bug Crimson A simple hold button Dark Diverter Dayglo Cute little box to steal a line connection, like a beige-box Gold Out-Dial Green Tool to use with Bluebox Infinity Phone tap device Jack DTMF keypad Light An In-Use Light Lunch AM transmitter bug Mauve Phone tap without cutting into a line Neon External mic. Noise Create alot of line interference Olive External ringer bell. (heh) Pandora Emits a loud noise that causes headaches Party Another 3 way conference box Pearl Multi-Tone generator. Pink Yet, Another one of them boxes. Rainbow Not a real box. Supposed to kill traces just like the aqua. Razz Phone tap device Red Emulate nickle, Quarter, Dime tones to trick operators/machines Rock Input jack for music. Scarlet Causes bad reception Silver Creates A, B, C, D tones (used by AutoVon back in the day) Static High voltage lines. heh, boost your power. Switch A nice little operator switch for your home. Tan Line activated telephone recorder Tron Save electricity TV Cable See sound on your television Violet Stop payphone from hanging up. White Tone-Dialer, DTMF Yellow Extension Phone. Please take into consideration that these are not ALL of them, I really thought that most of these were duplicates of others. So, I left them out. But, I left in some bull-shit ones just for my amusment.. . hehe. Phreaker Box Review, Putting the myths to rest- Here you will learn about how many times people claim to have invented a box and say its tried and true, yatta yatta yatta, Well, This is where it all boils down to. This is where YOU learn what is true and what is not. I see alot of people on USENet, Undernet, And Efnet claiming that some of these boxes work or "still" work. Believe me, I’ve done alot of research with some of these to find other ways to make these boxes possible and couldn’t. Okay, Here we go . . . Acrylic Box : Supposed to let you have free call waiting and three-way calling. Break-Down: This would be true if the person who you’re mooching from is subscribed to this service. Duh, Well, Now you can just use three way calling since now the telco has the new kind of pay as you use service. So, All in all, This box would work. Its pretty true. Aqua Box Defeats the FBI lock in trace. (heh) Break-Down This is totally full of shit. By draining your electric from your phoneline. You’re phone wont work. You need that electricity to keep your line up. Duh, The writter of the file said it himself that you need it, Heh. If you just drain a little, All you’ll probably get is some nice line noise. Beige-Box A handy dandy homemade Linemans handset. Break-Down This is 100% true. Its the simplest, Easiest and the most important tool you'll have as a phreak. Black-Box supposed to make the telco think you’re phone is still ringing when you’ve picked up the phone, And thus, You or your calling party not being billed. Sounds like a dream. Break-Down totally full of it. It did work back in the 60s but it went out with the dinosaurs. Noone in this day and age could possibly try use this box and make it work in the USA, Its totally impossible. Dont believe people that say that black-boxes still work. Note: There is a different type of "black-box" for all you people from the UK. Since I dont live in the UK, I really can't say. Blotto-Box Bring your local CO to their knees. May cause death or maybe slight buzzing in your ears. Break-Down This was ment as a joke anyways. King Blotto just was bored one day and made this up. Its a nice theory but, The telco does have alot of shit in there that could withstand any attempt to short out their lines. Claire and I have done some extensive research on this, Starting from scratch so that you can use a more complicated version of a "Blotto-Box". We have found a way to modify a telco box so it is possible to do something similar to the blotto purpose with a 1AESS but nothing as scary as portrayed in the "blotto-box" file. So, Be afraid, Be very afraid! heh, FjEar~! Blue-Box Seize long distace trunks *Break-Down* Totally true! This is what started everything. Beware the scary telco-agent! He hates blueboxes. Chrome-Box Changes traffic lights to green when its red. Heh, Nice little sucker. *Break-Down* Totally true. Ambulances need these to change the light green when in an emergancy. try watching an ambulance and look ontop of their van, See that light? Thats what you’re trying to imitate with a Chrome-Box, Its fairly simple and it really works. Closing Statement Okay, Thats about it for this part. I really can’t think of anything else at this moment. I’ve just had two whoppers from Burger King and Iam stuffed. I’ll be back after I smoke a ciggerette. Construction Of a Beige-Box This is by far the most easy to construct and the most treasured element in phreaking. Here I will teach you how to construct one and how to use it once you’ve made it. This was originally placed on the Key Pulse webpage. What is a Beige Box? A Beige-Box is a homemade version of a linemans handset. You can find many variations on the construction of this box widely on the internet But, Here I will teach you how to construct the model that I used during my high school years, Fully equipt with a ring-detector light, And a slot for your recorder so you can record some calls. How do I construct one? So, You wanna make your own linemans handset... Hmmm. Here you will find simply instructions on how to construct one. Its rather simple and doesn't take much skill, Probably just a seventh grade knowledge of electronics and some money to buy what you need. Going Shopping - Buying what you need You will first need to go to your nearest Radio Shack and WallMart to pick up the following items. 1) A cheap two or three dollar phone 2) Some large aligator clips 3) Some solder (You do need a soldering iron) 4) Any silicon diode 5) Drill (Or something to make a hole in your phone) 6) An RCA input jack 7) Any type of LED (Yes, Even a christmas light) 8) a 1/2-watt resister 9) a spdt switch 10)Line doubler (Also known as a line splitter) Making your handset Okay, Open up your line-doubler. See those red and green wires? Well, Those wont help you much the way it is, So, You will have to solder in more wire. Just make it at least a foot long (So you can have some room, Heh). Now Strip the other side of those wires and solder on one aligator clip to each wire. Now, You can plug in your handy dandy phone and you've got a fully functional Beige-Box. The reason why you dont just cut the raw wire from the phone itself is this, Who wants to ruin a good phone? I sure dont. And when you finally get a more expensive cellular-style phone which will cost you about $12.00, You can just plug in that phone without any harm done to the first phone or your new phone. Now test this out. Get some old phone wire, Splice it, Now hook on. Do you get a Dialtone? If so, You did it right, If not then you fucked up and have to do it over. Making the Ring-Detector Solder the yellow wire on your phone to the spdt switch. Now, Wire in your spdt switch to your Silicon diode which will light up your LED whenever theres a ring. Making your input jack for recording Open up your phone. Now try to trace back the wires that lead to the speaker. What you want to do is try to splice that wire without disconnecting it from its circuit board. If you do, Then you're fucked! Get your RCA Input jack, And solder it in to that wire. Now drill a hole big enough for it to stick out of the phone. Thats it, Whenever you want to record, Just jack it in and press record. Construction of a Red-Box There are many, Many, Ways to construct the box that Iam about to discuss. But, Iam going to only guide you on the construction of the most simple, I recommend this method to all newbies for the simple fact that it takes NO knowledge of electronics to construct. What is a Redbox? A redbox is any device that can emit MF tones that will attempt and sometimes successfully trick operators or telco equiptment to thinking you dropped in some change for your call. Please note in my NPA, Some payphones do not let you call 0 (it must be some kind of hazard to someone getting murdered who needs to call 0 to get help) Well, Most likely to test this out, Go to your nearest payphone and dial 0 or 00 or 411 and ask who is able to place a call for you. When you find out who the hell handles these sort of calls (10 to 1 its the 0 operator), Tell them you need to make a call and if they tell you to drop in your coins and you press some buttons on the key pad and they tell you go get a life, This is a small sign that that phone emits tones. This is a redboxable phone. Update: Please dont do that. I wrote that just to see if anyone would actually do it, and, well, lets just say two kids got busted. A better way to find out this is to call up a friend, and then drop a nickle down the payphone, if your friend here's the 'tone' then well, you're lucky, you found one. hehe. Is This Illegal? Yes, RedBoxing is considered theft of service and is not something that the telco takes sitting down. Many people have been put in jail for the simple fact of attempting to redbox a call. Telco secuirity agents are all around us. Remember that and think before you attempt to box in a crowded area. Step One Go out and get a small DAT card, I bought mine for about 8 dollars at my local Wall-Mart. It looks like a portable dialer that has only 3 buttons on it. one button for recording, One for shuffling (Rewind & FastForward), and One for playing whatever you recorded. Step Two Go to Http://www.Fonez.8k.Com/redb2.htm to download the tones you need to create Quarter, Nickel, And Dime tones. But what do I hear? Some of you dont have soundcards? Well, I've taken care of you folk too. You can call any of the following three Toll-Free Numbers to get the tones you need. Update: Tones are no longer at the URL above. Sorry. I'll leave you the tones UUEncoded at the end of the 3 files along with the UUDecode .asm source. Step Three Now all you have to do is record these tones on your DAT card, Since the smaller ones are able hold five seperate "Messages", You can have one for a Quarter Tone, One for a Nickel tone, One For a Dime tone , One for both the nickel and dime tones (since they boosted the price to 35 cents) , And the last one for like, Three dollars in quarters for long distance or International calls Beige-Boxing - Okay, This is it, Your first time hooking onto some strangers lines. Nervous? Well, You should be. I didn’t give you plans for the stealth box (I want you to find it on your own) and you can get cought. Okay, I want you to test it out first. Get a piece of old phone wire and strip one end. Now hook your two clips on. Red to red, Green to green and listen in. Do you hear a dialtone? If you do, Then you did it right and you can just do the same thing with a junction box, it goes the same way, Red to red, Green to green, And well, If it did not work, check your wires and check if you connected it right, If everything checks out and you still have problems, Then undo everything and start over until it works right. Beige-Boxing Tips 1. Dress casually. Dont dress like you’re up to no-good. Dress like you're a good kid. 2. Hook up the doubler first then plug in your phone, It helps decrease line noise 3. Try to find houses without dogs (Duh!), with Unlocked fence gates, And not much people. 4. take a leash with you. If you hear someone outside, Unhook, And say you’ve lost your dog. Red Boxing and Some PayPhone mechanics Here it is, The part alot of people were waiting for. The part to be discussed now is how a payphone works and the easiest way to make a free call from a payphone, Red-boxing. Automatic Coin Tolling Service, Is what makes this possible. Okay, Imagine your an operator. You dont want to be sitting by anytime some schmuck wants to make a simple phonecall from a payphone, Right? Well, This is exactly why ACTS was put into action. Its a simple computer that plays that somewhat friendly recording asking for you to throw some money into the coin slot then waits for tones that would signify that you dropped in some change and only then can the phone place your call. Iam simplifying this alot because ACTS can be used for way more that just placing calls and playing one message over and over again. I’ll talk about this later on in the file. Since ACTS waits for Tones and its only a computer, That means it can be tricked, Right? Exactly! This is the essence of Red-Boxing. So, Anything that can be used as a recording/playback device can be made into a fully functional redbox. A simple Redboxed call would go something like this, Joe calls up directory assistance and asks for the number for his friend sammy, The operator says she found it and then plays a recording that goes something like, "The number for your call is 555-1212 and can automatically be called for a deposit of 45 cents". This is when Joe plays some tones through the line and a recording says "Thank You", And Joes call is placed for free. This is a good example of what a casual redboxed call would sound like. Its just that simple. I really think that I don’t need to explain how to use a redbox since the example it the best way to teach you. Okay, Since we’re on the subject of payphones, Heres a brief on what makes a payphone tick (If you know what I mean..-Hint Hint). Okay, First things first. What happens when you drop in those coins? Well, First, It goes through the coin slot and collects on a counter that counts and makes sure that thats the right sort of change, Hence using slugs to get you some free calls, Then, It falls onto a small "plate" that holds your money until you’re finished with your call. This is in case your call cannot be completed and rings out, You get your money back. Get it? ACTS lets you make the call, But the only way you can get real money out of that payphone is making the phone think that you’re call ringed out and that whatever money is still on that plate is dropped right into your palm. I doubt that any phone will actually have money just stored up there for safe keeping, So, How do you get money from people? Well, The most well known way is to stuff up that payphone until ever coin will fall right through, And when they pull the coin return switch, Nothing comes out, Withing two days of letting people use this payphone over and over, You’ll make money pretty quick. Alot of people recommend that you use toilet paper since its the easiest to get out of the coin return slot once you want to get your money out. Another way to jack pot a payphone is to do it through the wiring. You can find information on how to do this on the net very easily, And so, I wont discuss how to do it here for obvious reasons. Okay, There are currently many types of payphones out in the US and it would take almost forever (metaphorically speaking, Of course) to discuss each and every one of them. So, I’ll just discuss Millennium phones and hope that you know what these things are. Okay, There are alot of different types of these phones and I’ll only talk about one type since Iam such a lazy-ass and by the way, They all work very similar if not exactly the same (They are all just millennium phones when you take off some small pieces and special features). Okay, All of these phones have card readers/writters (smart-cards, And Magnetic strip cards) on them (Heh, Iam yet to take one of them home), Two locks that have different keys for both of them, Some really thick-ass metal to withhold a sledge hammer, And alot of features oozing out of the guts of this thing. They look just like super-payphones (Nice analogy, Heh?) and well, They sort of ARE. If you dont know this already, When you first pick up its reciever, You’ll hear a dialtone just like normal, But, This is not a real dialtone (Its true, Its true). Millennium phones imitate COCOT phones and do NOT utilize ACTS at all. (Of course redboxing off operatrors is still posible). These phones do all the billing (Long-Distance, International, And yes, Local) and hence these things are heavily armored so noone can get into the wiring (Its true, Its true). Okay, When you make a call, You pick up the phone, Hear the fake dial-tone, You dial your number, The phone stores the numbers you just pressed in its temporary memory, If you dropped in your change, It releases its real dialtone and dials the number thats stored, Your call is now placed. This is practically how it all works. Iam still yet to meet up with another one of these phones (There are NO Millennium phones where I live, And the only times I’ve seen these things is when I took a quick stop in Toronto where a friend showed me the guts of this thing and gave me a little lesson on how they work)..... Red, Green, Black, Yellow? -Wire Colors explained Basically, What every phone needs to work is a basic Ring and Tip. 89% of the time, The Ring and Tip for a simple phone will be spotted by its coresponding Christmas colors (Red And Green). The best way to remember this is to think of it as two R’s as in Red-Ring, Green-Tip. Once you remember the two R’s, The tip is just what follows. You must be thinking, Okay, I spliced my phone cord and have more wires that what you explained, What does the rest do? Its rather simple, Most of the time, If you have no other features as in POTS (Plain Ol’ Telephone Service), They are just ground wires that help with electricity flow. But, If you have call waiting, Three way calling, Or anything else like, Two separate phonelines, These wires are put to use. Call waiting is just voltage shot up your yellow and black wires to trigger that little Beep sound that you hear to warn you that you have another incoming phonecall (Well, This is what I think happens, Iam sort of drunk right now). Anyways, Your yellow and black are also your ring and tip but are reserved for secondary phonelines that you have. This is what you have in your home. Now when it comes to outside around your neighborhood, You’ll encounter Violet, Grey (Slate), Brown, White, Blue, And of course, Red And Green. These are just variations of Ring and Tip wiring that acts exactly the same but in different combinations. Well, Thats it for this twenty min. I took to type out Chapter One. I’ll see you in the next Chapter where we’ll discuss Blueboxing and if it exists and other styles of phreaking. See Next Chapter . . . . CUEBIZ - Fonez@ca.tc Member of the Black Sheep Crew Editor of Rev0lt Magazine, The Key Pulse Newsletter, and PlayToy ePr0n Webmaster for www.TIS.8k.com -- Http://www.Fonez.8k.Com (URL taken down)