|
|
Last Updated: 2015/02/28 by TUCoPS staff
The Fixer(*)
Presents
Coloured Boxes
a 1998 Review, revised 2003.
Intro
There are a lot of text files and pictures of various boxes making the
rounds today, but most of them are now really old. Some never worked at
all, some are obsolete, and a dwindling few still do work - but they are
abused or misused by a majority of those who try them. Most disturbing of
all is the amount of discussion that still takes place on boxes that should
rightfully have been forgotten many years ago.
But not all phreak boxes are old. There are still refinements being
made to existing boxes to make them operable under today's systems, and
once in a blue moon a new boxing idea is introduced, even today!
Since a lot of these new and pseudo-new boxes are well deserving of
scrutiny, they're all here too.
The purpose of this series is to debunk most of the boxes mentioned in
newsgroups and text files, and to clear the air on the true usefulness of
those that remain.
Without regurgitating any of the textfiles that describe these boxes, I
will briefly describe how each one is supposed to work, how or even if it
actually does, and why or why not. If I can prevent even ONE person from
blowing money at Radio Shack when he doesn't have to, if I can convince
even ONE person to spend a few bucks at Radio Shack instead of wasting
hours out of his lifetime building a legal line gadget, if I can prevent
ONE would-be phreaker from getting needlessly arrested, then this series
will have served its purpose.
Note: Although there is a section for "boxes" that are nothing more than
jokes or parodies, there are a good deal more boxes out there that present
themselves as the real thing but are so stupidly implausible that they
might as well be hoaxes. I have included these frauds in the proper
sections for what they claim to do.
(*) This list has not been updated by The Fixer since 2003, and is
now being maintained by TUCoPS staff.
Families of Boxes
* Line Voltage Tricks
* Wiretaps, Bugs, and Lineman's Handsets
* Legal Line Gadgets
* Tone Generators
* Bridges, Cheese and Gold Box
* Cellular & Other Wireless
* Others, Non-Phreak Boxes
* Jokes and Parodies
------------------------------------------------------------------------
------------------------------------------------------------------------
Line Voltage Tricks
------------------------------------------------------------------------
------------------------------------------------------------------------
Aqua Box
aka Gray Box, aka DIFT Box
(Cancels line voltage to defeat so-called "lock-in trace")
The Aqua/Gray box is supposed to defeat the "FBI Lock-in Trace" by
canceling the voltage that the FBI device is supposed to put on the line to
keep it open.
There are a few things wrong with the concept of the "lock in trace" right
off the bat. For starters, if the FBI can keep the voltage up on your line,
they already have your number, so why continue? And if their purpose is to
trace a call made to you (and to prevent you from hanging up before they
can complete the trace) then it's not you who the Aqua box would save.
Second, the files which describe the process say that if you hang up while
the lock in trace is in effect, your phone will ring due to the voltage the
tracing device places on the line. But, a line is held open with a DC
voltage, and ringing uses AC. So this is obviously wrong.
Third, with digital switches pretty much the norm everywhere, this kind of
analog "trace" is no longer necessary. If you should ever figure out that
the FBI has had you traced, it's already done no matter what you do to your
line. If the Aqua Box ever worked, it is now a thing of the past.
The Gray Box is an Aqua Box with a 2-line selector switch added. The Gray
Box text file is considerably more technically detailed than the Aqua Box
file but it plagiarizes a large piece of it verbatim.
The Silver Box (DTMF Generator) has sometimes been called a Gray Box, but
it has nothing to do with the Aqua Box or the Lock In Trace.
Plausibility: I find this only marginally plausible. If the Lock In Trace
was ever really used, then the number of people who have
sucessfully beaten it with a box and escaped capture longer
than a day could probably be counted on one hand.
Obsolescence: Completely obsolete. Phone switches are digital. People have
Caller ID. Traces use the same core technology now. Even
older ESS switches use ANI to trace.
Skill: Advanced electronics skills needed. If this box is real, you
will need to be well aware of normal line voltages to even
tell if there's a trace in progress, let alone do something
about it.
Risks: There is probably a low risk of getting in trouble for using
the Aqua Box, but if you need it you're already caught for
something way bigger anyway.
------------------------------------------------------------------------
Black Box
aka Mute or Mute Box, ages ago also called a Red Box
(Defeats old-fashioned toll billing on incoming calls)
The Black Box was once quite common. It used a line voltage manipulation
trick to allow people to call you toll-free. The way it worked was that
when someone called you through an old-fashioned toll switch, the
connection was already set up right to your phone. The box let you pick up
the phone and talk through this connection while fooling the system into
believing that the phone is still ringing.
Black Boxing became obsolete when electronic switching - not even digital
mind you, but ESS, EAX and hybrid switches - were introduced on a wide
scale. It actually died in a lot of places well before that as telephone
companies wised up to Black Boxing in the 1960s and 1970s and started
checking logs and setting up exception flags (2 hours of ringing is NOT a
normal occurrence...).
In a toll network, if the receiving end switch is electromechanical AND
there are no countermeasures, AND the toll network passes audio before
billing starts, black boxing will work. There are virtually no such
switches left in North America, and the toll network doesn't pass audio
until the called party picks up, so Black Boxing is long dead here. I have,
however, heard tell of some rural European and third-world phone systems
where all the conditions are right for black boxes even today, but because
of the North American toll system, we couldn't call such a number for free
from here. At least not usefully anyway.
Recently, however, it has come to light that this ancient phreaking circuit
does still have one use, one probably not imagined by its designers.
There are some who claim to have used a circuit very similar to the
Black Box to defeat in-use lights while using extension phones (legal or
otherwise). It could not be a true Black Box, of course, because the
job of the Black Box was to fool the phone company into believing that
the line was on-hook - if that were to happen during a call, let's just
say that the in-use light (being off) would be telling the truth. The
call would terminate. See the Invisible Box for
more about defeating in-use lights.
Plausibility: 100 percent real.
Obsolescence: In its original use, totally obsolete in North America,
varies in other parts of the world. Sometimes a
variation is used to facilitate stealth when beige
boxing.
Skill: A little electronics knowledge was needed to build one,
operation was a matter of throwing a "Free/Norm" switch.
Risks: If you CAN black box, you probably live in a banana republic
somewhere where the penalty is publicly having your hand
chopped off. On the other hand, those same countries are not
exactly famous for the efficiency of their telecom fraud
investigators. Welcome to Elbonia.
------------------------------------------------------------------------
Flow Box
(Fool Nortel Millenium BOCOTs into giving you free calls)
OK, this device probably works. Although the concept is presented well,
and appears very feasible, I have not tried to duplicate the efforts of
the file's authors, and I'm not going to try, and here's why.
The Flow Box works using a full-wave rectifier to prevent the phone
company from sending the phone a brief line polarity reversal which
tells the phone to collect coins from its temporary holding chamber into its
main revenue box. It's a simple, electronically sound concept. But you
have to install it on the physical phone line of the payphone. Now,
every payphone I have ever seen, especially Milleniums, has had its line
either completely buried behind a wall, or protected by an armored steel
conduit. So getting access is very difficult in the first place. But
the authors explain how they did it, and OK, it's still very hard to do
but not impossible. But once you have gone to all that trouble, why
wouldn't you just connect a Beige Box and enjoy unrestricted free
calling? After all, since the phone itself has all the billing
intelligence, it's on a regular POTS line, and of course that is why
the phone company protects the open line so well.
The answer, the authors imply, is that once you install the bridge
rectifier, the phone operates in this free mode indefinitely. That, of
course, explains why the phone they used as their proof-of-concept was
uninstalled by the phone company. With no coin revenue the telco likely
first ran diagnostics on the phone, and then seeing that the phone was
working properly, assumed that the location was just not lucrative, and
removed the phone. A much better way to use the exposed line would be
to run an extension of the line down to a convenient location, probably
in the phone booth or enclosure itself. This could be done covertly
with little chance of notice by the phone company if the line was
carefully connected to certain insulated "clip points" on the phone
enclosure where one who knew could attach a beige box and get dial tone.
Then, regular sheep users would continue feeding the phone money and the
scam would last as long as the discrepancy between long-distance records
and the phone's own call records is not noticed.
This idea should work on any payphone that uses a polarity flash to know
when to collect the coins - not just the Millenium but most BOCOTs and
COCOTs.
Plausibility: Very plausible - even somewhat practical. But not
free of problems.
Obsolescence: This won't be obsolete any time soon.
Skill: It actually takes more luck than skill to find a
Millenium in a location vulnerable enough to do this.
Once you have found one, however, the device involves
very basic electronics that anyone who's passed a high
school course in electronics should have no trouble with.
Risks: You risk being observed installing the device, of course,
and if you do it my way, you also risk being seen talking
at a payphone using a phone that is not the payphone,
which is kind of suspicious. So know your environment,
keep your eyes peeled, and have at least two escape
routes planned.
------------------------------------------------------------------------
Invisible Box
(Prevent In-Use Lights From Lighting)
Surprisingly, this is a fairly recent entry into the Phreak Box field.
The reason this is surprising is that it is a very simple line
resistance trick that achieves this goal. The box's inventor, Lucky225,
has done experimentation with this box and verified that it works. What
it does is let you connect to a phone line and make calls without
activating any in-use lights that may be on the line. Generally, in-use
lights require more current to operate than modern electronic phones do,
so a simple, well-chosen resistor is enough to keep enough current
available for a phone but not enough for an in-use light.
Plausibility: This box is real.
Obsolescence: It takes advantage of existing technology that won't be
phased out for decades. It's still current, although
it's a relative of the ancient black box.
Skill: One or two resistors, depending on which version of the
box you are making. Very easy.
Risks: This box's illicit purpose is to reduce the risks
associated with beige boxing. While it will prevent you
from being discovered by monitoring the in-use light,
there are other ways to catch beige boxers red-handed,
and one would be foolish to feel a false sense of
security just from having this in their beige box...
------------------------------------------------------------------------
Magenta Box
including the Vermilion Box
(Portable Ringing Voltage Generator)
The original Magenta Box is a British design, but easily adapted for the
U.S. electronic parts market.
It basically uses a relay as a vibrator (get your mind out of the gutter)
to generate pulsed DC, which can then be fed into a transformer and stepped
up to approximate the AC ringing voltage, making any phones attached to it
ring.
The plans are technically sound and the device WILL work if properly
constructed, but the authors don't tell you what it's useful for. Most
people, reading the Magenta Box file, will think, "Wow, I can prank someone
with that." and then forget about the Magenta Box forever. But if you want
to hack into a system and never be traced, not even to a payphone, the only
way to do it is to Beige Box a direct connection to one of its dialup
lines. The phone company would then have no record of a call. You would
need to trigger the modem's answer circuit to connect this way though, and
for that you would get the best results with a Magenta Box (ringback
numbers can have unwanted tones, recordings, connections to a logging
system, etc). So not only do I consider this box plausible, it's woefully
underrated!
If there's one thing that should be mentioned about this box, it's that it
won't physically last very long. Relays can be made to vibrate by wiring
them to open their own coil line, but after a few hours of this the contact
lifespan will be reached, so use it judiciously!
A Vermilion Box is a portable Caller ID generator coupled with a Magenta
Box to spoof an entire call, including ringing and Caller ID, from the
target line. See the Orange Box for more information.
Plausibility: Real, but underrated.
Obsolescence: Still current.
Skill: Not a difficult project but it shouldn't be your first.
Risks: In every practical use there is for this device, you would
have to be clipped to your target's phone line, usually from
outside at the junction box. This is prowling and
trespassing and looks damn suspicious.
------------------------------------------------------------------------
Static Box
(Remove line noise, make your own Lock-In Trace)
This box claims that line noise is the result of poorly regulated DC
voltage on the line. The problem with that, of course, is that any effort
you make to regulate the phone company's DC voltage is going to severely
distort the audio.
But that's not the worst of it. The file claims you can eliminate the noise
by connecting a 9 volt battery. All this will do, of course, is make the
battery get very hot as the phone line, whose DC voltage is higher than 9
volts, tries to charge the battery. It may even catch fire or explode! And
you won't notice any sound quality improvement.
But it gets even lamer still! The file then goes on to suggest that you can
just raise the voltage to the same voltage as the line, and boom, you have
an instant lock-in, where the person on the other end cannot hang up, just
like the FBI! Even under crossbar or step by step, this is bullshit. And
besides, have you ever hung up on someone who called you, and then picked
up and found they were still there? That's how the system works anyway, so
of course the authors of the textfile claim their box works!
Plausibility: Very infeasible and implausible.
Obsolescence: N/A.
Skill: N/A.
Risks: Playing with directly connecting batteries to your phone
line will only get the phone company pissed off at you.
------------------------------------------------------------------------
Violet Box
(prevents payphones from cutting you off when your time is up)
The Violet Box apparently works in the UK. The file is a bit vague, but
what I can decipher from it is this: In the UK, when your three minutes
or whatever on a payphone are up, the phone itself cuts you off, unless
you first put in more money.
The Violet Box is a 470 ohm resistor across the payphone's line - I
guess payphones in the UK don't have much physical security for their
lines. Anyway the resistor holds open the connection after the phone
cuts off. After a few seconds, the phone comes back to life and you can
talk for a few more minutes.
Plausibility: If that's how payphones work in the UK, then this is a
perfectly believable box.
Obsolescence: I imagine that BT will sooner than later phase out these
phones, which seem to be pretty lame (security wise) to
me.
Skill: Depends on how secure, how high up, etc the physical access
point to the line is.
Risks: The text file says that sure, you could just bud/beige box
from the access point, but the point of the Violet Box is to
avoid the risk of being caught bud boxing. However there's
still a risk of being spotted installing the resistor, and
of removing it again when you're done.
------------------------------------------------------------------------
Stop Box
(Defeat terminal alarms)
This is an easy idea to understand if you have seen the movie "Executive
Decision" where they have to stop the bomb from going off by hooking up a
bypass before cutting the wires.
Some terminal boxes that you may want to beige box from have a device
called a Terminal Alarm which is a silent alarm that alerts the telco when
a terminal box has been opened. The Stop Box is simply a jumper wire for
each wire of the terminal alarm. Clip on each alarm line where it enters
the box and again where it exits, and in theory when you open the box the
alarm circuit is still closed. Of course there is a lot that can go wrong,
like if an alligator clip falls off or if you mistakenly cross bypass
wires. But when it works, it will give you access to some really juicy
phone lines - why else would they go to such effort to protect them?
A word of warning that the file's authors forgot, make sure you know which
lines are the bypass lines and which aren't. Make sure you know where each
line enters and exits - a nasty trick they could pull to defeat the Stop
Box is to reverse the colours of the wires as they enter and exit. Seeing
inside a box similar to the one you want to attack (shoulder surfing a
tech?) or possibly trashing may give you the answers you need.
Plausibility: Very high, but I wonder if anyone's really done this yet.
Obsolescence: I can think of numerous easy-to-implement countermeasures
that could be put in place to really screw Stop Boxers up.
Skill: This is definitely not for the beginner.
Risks: This is DEFINITELY not for the faint hearted!
------------------------------------------------------------------------
------------------------------------------------------------------------
Wiretaps, Bugs, and Lineman's Handsets
------------------------------------------------------------------------
------------------------------------------------------------------------
Beige Box
aka Acrylic Box aka Ditto Box aka Razz Box aka Aerobox aka Dayglo Box
aka Beagan Box aka Modu Box aka Aquamarine Box aka DLOC Box aka Bud Box
aka Lego Box aka Peell Box aka DX Box aka Soda Can Box aka Bob Box
aka Bungee Box aka Maroon Box aka Dumb Ass Box aka DeLiar Box aka Pill Box (pic)
aka Boronda Box aka Sonik Box aka Conversion Box aka Emergency Box (pic)
aka The Phone Thing With No Goddamn xxxx-box Name
Plus the Coffee Box Variation
and the It's Too Fucking Cold To Beige Box Box
(Lineman's Handset)
The [Acrylic] [Beige] [Bud] [Aquamarine] [Razz] [Beagan] [Lego] [Peell] Box
and the "The Phone Thing With No Goddamn xxxx-box Name" are all the same
thing: a home-made lineman's handset, usually a one-piece "flip fone"
unit, with the modular plug removed and replaced with a pair of
alligator clips. The idea is that you attach the alligator clips to any
exposed outdoor or indoor phone connection terminals you can find, to
make calls that will be billed to whoever owns the line, and so on. The
[Pill] box is named for the TNI box the beige box connects to (called a
Pill Box by some British phreaks).
The most amazing thing about the Beige Box is the number of times this
device has been reworked in text files, written by individuals without the
technical background to understand anything more complicated. Very seldom
is anything original ever added to the basic idea, but more often than not,
text files about the Beige Box are accompanied with flashy banners,
dramatic pretext, and self-important postscripts.
The "The Phone Thing With No Goddamn xxxx-box Name" text file refers to it
a Beige Box, but the author all but claims to have invented the thing.
Nevertheless, if you substitute "$20 Radio Shack Phone" with "$2 Garage
Sale Phone" you have a project that actually gives you what the text file
claims: a nearly-no-cost alternative to a $400-500 professional test
set.
The Ditto Box is a Beige box with a mute switch, intended for eavesdropping
on long calls. The author claims that the switch will prevent line noise
caused by the box but fails to explain how to get rid of the inevitable
noise that is created when you first clip onto the line... muted or not.
The Aerobox is a Beige box used on a payphone line. It assumes that you
have physical access to the payphone's line itself, which is exceedingly
rare due to armor, concealment, and shielding. At least it's rare in
Canada and most of the USA. The Aerobox article was written in Malaysia so
who knows what kind of bamboo conduits their payphones use?
The Beagan Box is a Beige box featuring a 1000' spool of wire. Just clip
one end of the spool onto the line, tie the wire around a drain pipe for
strain relief, and reel your victim's phone line all the way home. The
downside, of course, is that if your tap is discovered, you won't know
until they've followed the line all the way to your location, when it's too
late to run.
The DX Box is a Wireless Phone Jack system used as a beige box. The idea
is that you are not physically located at the terminal box to be caught in
the act. The bad news is that the vast majority of these things work by
modulating the phone signal on the power line, which ends at the victim's
transformer, so you would actually have to be in the victim's house for
this to work. I've heard of wireless phone jacks that use RF and work more
or less like a cordless phone but they are scarce at best. It would make
far more sense to modify a used cordless phone that you got for $5 at Value
Village to be a cordless beige box. That, by the way, is also known as a
Maroon Box.
The Boronda Box is the same as the DX box except that it is truly
wireless and specially designed for the purpose of boxing, from the
ground up, rather than adapting off the shelf technology as the DX box
does. The result is a more compact, line-powered cordless beige box
with the range of a 900 MHz phone that can be left in place for extended
periods of time. If you can find a good corporate line where a few
extra long distance calls a month won't be noticed you could
theoretically beige the line on a regular basis nearly forever.
The Soda Can Box is a listen-only beige box, better known as a wiretap. So
is the De-Liar Box, the idea being that you would use it to catch people in
lies.
The Dumb Ass Box is badly misnamed - it makes a lot more sense to attach
alligator clips to a modular jack and then plug a regular phone into that,
than to hack up a phone. The former is called (by one textfile author) a
Dumb Ass Box. I just call it the right way to make a Beige Box.
The Sonik Box is a straight wiretap to headphones. The textfile shows
where to put a resistor etc., but forgets to mention that headphones
usually work with a small AC audio signal only. Depending on the phone
system, how tough the headphones are, and whether or not the line is
allowed to ring when the headphones are connected, they could be
damaged by the DC or ringing voltage of the line. The solution, of
course, is a series capacitor.
Generally, the lineman's handset is one of the easiest ways to phreak, one
of the few that works everywhere universally even today, and is considered
quite lame because no real skill is involved. It's literally just theft of
service, and not from the phone company but from their customers. The
easiest targets are homes because most houses have grey terminal boxes
somewhere on the exterior. The most politically correct targets are big
corporations with the kind of physical security that would make Beige
Boxing unacceptably risky.
If I were to Beige Box, I wouldn't hack up a perfectly good phone to do it.
Instead, I would buy a short phone extension cord (5 feet or less) and cut
off the plug end, replacing it with the alligator clips. Then I would plug
a regular phone into that, which could later be used in the normal way.
Weigh the cost of a $2.95 phone cord extension against the cost of a $35
phone. This is the idea behind the [Modu Box], aka the [Dayglo Box]. The
[Bungee Box] appeared in 2600 magazine in 2002, and is the same thing
except with a "retractable" handset plug for fast getaways. You'd think
2600 would get tired of printing beige box articles, wouldn't you? The
author of the Bungee Box also came up with the [Conversion Box] which is
the same thing as the Modu Box. The [Emergency Box (pic)] places an RCA phono
jack/pair in line with the line cord of the Modu Box, for fast getaway.
On the other hand, if for whatever reason I -were- compelled to slice &
dice a phone for such use, I'd go the whole nine yards and install: a
capacitive contact de-bouncer to minimize contact click; a mute switch (not
button); a hook switch (again, not button) and a ringer OFF switch (not
just hi/lo). Better yet, a ring light only. Beige Boxing does have to be
done with some stealth and all these features are mentioned individually as
"the best mod yet" but really only contribute to a better device.
A special note about the "Acrylic Box": that textfile describes the
construction of a Beige Box but also claims to get you 3-Way Calling, Call
Forwarding, etc. Well, it will - if your victim happens to subscribe to
these services. So will your victim's own phone. This is just typical of
the egregious lameness that went on in textfile writing back in the 1980s.
The Coffee Box was first described in the Spring 2000 issue of 2600. It
is a 2-line beige box designed to sieze two lines at once to set up a
bridge, or conference call. So named because it combines the beige
and brown boxes to get a colour like creamed coffee. Anyway the
conference capability of this box is nothing more than splicing the two
lines together. No auto-answer, no hangup supervision, all manual, in
fact the conference is limited to calls that the boxer places himself.
And of course no proper isolation between the lines, just a hard hookup.
Ouch. On the positive side, the 2600 article does specify (and includes
a photo of) the Voice 2000S Mini Headset Phone as the basic beige box
platform. That little gem is just a tiny headset and a pocket-dialer
sized dial pad, nothing more. Absolutely the optimum phone for regular
beige boxing in my opinion, because you can run away still wearing the
thing and not have to worry about ditching it with your fingerprints on
or hanging onto it as you hop fences.
Lastly, wintertime phreaking has been made possible again by the
inventor of the It's Too Fucking Cold to Beige Box Box. It's a beige
box with a line long enough reach back to your car, where you bask in
warmth and carbon monoxide, kawling the world on someone else's nickel.
Of course, if you're discovered, you've got a quick getaway, as long as
they don't get your licence plate number (or you stole someone else's
car)...
Plausibility: 100 Percent real.
Obsolescence: Old but still useful most places. Some locations have better
security than others. Secure digital telephony will kill the
beige box as we know it, but its widespread deployment is
years away.
Skill: A no-brainer. Clip & talk.
Risks: Varies depending on location - you ARE prowling, after all.
------------------------------------------------------------------------
Bypass Box
(Bypasses muted payphone handsets, allowing red boxing)
On the surface this sounds like a really good idea. Bypass muted handsets,
mic filters, street noise and the like by hooking the audio output of your
Red Box directly to a payphone's phone line! And on COCOTS which don't
require ACTS signaling to complete calls, it's even better, just beige box
your way to free calls!
Unfortunately, life's not that simple. In 20 years I have never met a
payphone or COCOT in which the phone line was not completely enclosed in a
heavy armored pipe. If you're lucky enough to live in a place where the
payphones have less physical protection than ours here in 250, then the
Bypass Box is probably useful to you (see the Aerobox for some
more insight as to what's wrong with this). If you don't mind using a
hacksaw on the line conduit, out in public where anyone can see you,
this will still probably work for you until the police arrive. For the
rest of us, it's a waste of bytes.
Plausibility: Once you have access to a payphone's line you can do all
kinds of wonderful things to it. Unfortunately phone
companies already know this.
Obsolescence: Every time a phone company upgrades the physical security of
a payphone, whether it be by armor plated conduits or
surveillance cameras or whatever, this technique becomes
obsolete for that phone.
Skill: The same as for beige boxing if you've got easy access to the
line, much higher if you encounter security obstacles...
Risks: This is a higher risk venture than simple beige boxing
because, by definition, public phones are located in public
places.
------------------------------------------------------------------------
Infinity Transmitter
(Turns a phone into a bug on ancient switches)
The fabled Infinity Transmitter used the same principle as the Black Box -
that the Phone Company connected the audio from your phone to the called
party's phone even before ringing began. The caller would send a tone down
the line, the Infinity Transmitter would "hear" the tone and pick up the
line before the phone could ring. It would turn on the handset microphone,
and foom, instant room bug. You could listen to whatever was going on in
the room for as long as you wanted, from as far away as you wanted, hence
the name "Infinity Transmitter."
The Infinity Transmitter's coverage in text files smacks of Urban Legend,
although a name - Manny Mittleman - is sometimes mentioned, giving it
credibility. I would love it if Manny would get in touch and clear the
air on this device. Be that as it may, it was certainly possible to
build such a device, as it took advantage of a well known property of
the phone systems of its time. However, to construct something that did
what it did and to miniaturize it so that it could fit inside a standard
phone with the technology of the 1960s and early 1970s would have been a
highly advanced project, and that is probably why all the text files you
read which mention it never actually have any plans.
If you are determined to see a circuit diagram for an Infinity Transmitter,
"The Big Brother Game" by Scott French has a couple of circuits - you
should be able to get this from Loompanics, Paladin Press, etc.
Since the Infinity Transmitter depends on older phone systems where the
audio is connected before ringing, it is pretty much completely obsolete
today.
Plausibility: Real but again, more legend exists on this device than
actual case history.
Obsolescence: Obsolete, like the Black Box, for the same reason. You may
find that you can still use a black box in calls from Chinga
los Gatos, Ecuador to Manboyopolos, Greece and the like, but
that's it.
Skill: Very Esoteric. Not for the beginner. Requires installation
in the target's phone.
Risks: Minimal once successfully installed. In any place where it
works, your victim will not exactly be able to *69 you.
------------------------------------------------------------------------
Lunch Box or NIN Box or Fish Box
(Covert Transmitter, a.k.a. Bug)
The Lunch Box is a small AM Broadcast-band transmitter. It can be used in
any way you want. It's really only a loosely related concept to this
series, since eavesdropping predates phreaking by a long time. Numerous
versions of the Lunch Box exist; the ones in text files generally assume
that the "box" is to be wired into a phone and use its own microphone as
the audio source.
Many years ago I proposed the "Fish Box" which was an FM version used in
conjunction with a tone decoder and placed on payphones in airports,
convention centers, and other areas where business people would be
likely to use calling cards, extenders, and so on. This was in the
mid-80's, years before everyone and their dog had a cellphone, of
course. On the receiving end was a voice-activated tape recorder that
would capture all dialed tones, conversation etc. including the personal
information given for verification on verbal credit card transactions!
An endless stream of zero-day codes and credit cards without shoulder
surfing or other persistent suspicious activities...
Unfortunately the heavy armouring employed in all the payphones in my
area prevented further development of this idea.
The usefulness of the Lunch Box to a phone phreak, even as a Fish
Box, is limited, however private investigators, stalkers, paparazzi, and
other spook types should find all kinds of neato ways to use it.
Installing a Lunch Box would require committing B&E or posing as a telco
technician, "here to inspect the phone wiring."
The NIN (Nine Inch Nails) box is a reverse Lunch Box, intended to sieze
control of a school P.A. system. It involves connecting a radio receiver to
the P.A. and using a Lunch Box or other transmitter to make "unscheduled"
announcements or play music, like (for example) Nine Inch Nails. The NiN
Box text (part of the Beneath the Remains series) fails to explain how you
are to key the microphone (kind of a biggy to miss) and is technically
vague, to be kind.
Plausibility: The Lunch Box itself is 100% real, but used more in
Hollywood than real life. Note that I never actually built
the Fish Box (it was only a proposal), and I am damn sure
the NIN box is nothing more than a teenaged loser's fantasy.
Obsolescence: Pointless against anyone with a bug sweeper, otherwise radio
bugs will probably never be obsolete.
Skill: A well constructed bug is a work of art and best left to
professionals. Deploying the bug is at least as tricky as
building it.
Risks: 100% illegal unless you happen to be working under a court
order. As hackers we value our own privacy but this device
strips its target of his. Think about that.
------------------------------------------------------------------------
Mega Box
(Reroute someone else's line to your spare pair)
This isn't really a box at all, but simple instructions on how to connect
your spare pair (the yellow and black wires, if you have only one phone
line) to a pair that is in service somewhere else, or to bridge it to a
line across town, etc. In theory you could string your spare pair down
several miles of cable if you were meticulous and careful enough, but the
further you do this, the greater your risk of detection. And when your
illegal reroute is discovered, it comes right back to your house, where the
police and a very smug telco security chief will want to have a word with
you.
A better way to do this would be to run the line to a secluded public
location (like in the bushes in a park, or a back alley or something)
with more than one escape route and a view to the approaches so that if
you are discovered you will be able to get away. Or better still use it
in conjunction with a DX box (that's the cordless beige box described
earlier in this article) so that your exact physical location cannot be
immediately determined.
A countermeasure to detection: In order to trace the Mega Box, they have
to put a tracing signal, which is usually a 1000 Hz tone, on the line.
They then listen for this tone at various points down the line - a
technician will have to drive along your route and climb many telephone
poles - until they have you. A tone detector circuit on your end of the
rerouted line could be wired to trigger an alarm when this tracing
signal is present, so that you will have a short time (maybe a few
minutes in the worst case) to disconnect it.
Although I really don't think the kids who wrote the text file ever tried
it (I mean come on, teenage kids up a phone pole looks mighty suspicious)
the idea of temporarily siezing someone else's pair is not without merit,
and is certainly more elegant and technical than the crude Beige Box.
Plausibility: Low. I think it's possible, I don't think it's been done.
Obsolescence: As less and less of the outside plant uses copper,
obsolescence increases. When we all have fiber direct to our
houses, this will be obsolete.
Skill: Considerable skill would be needed to do an advanced Mega
Box job, and even a simple bridge to a neighbor's line would
require careful work. This is not a simple beige box!
Risks: You have to climb phone poles, open bridging heads, etc.
Once installed, the illegal bridge can be traced back to
your house. This is an extremely risky method!
------------------------------------------------------------------------
Tan Box
aka Slug Box aka Rec Box aka Rock Box aka Tangerine Box
aka NeonRock Box aka Sound Blaster Box aka Sperm Box
(recording tap)
These "boxes" are very straightforward - their purpose is simply to provide
a generic audio output from a phone line, to connect to a tape recorder,
sound card, what have you. Radio Shack sells these for under 20 bucks.
The Rock Box is bidirectional. You can output music from your stereo to the
line, so that you can "clear r0dent bridges." Uh-huh. Unlike most tan box
types the Rock Box has a parts count numbering greater than 2, but the
author knows little of electronics - he describes resistors by their colour
codes (and incorrectly) rather than their value, and calls capacitors
"condensators." This is also called the "NeonRock" box by an imitator
who basically describes only a direct hard connection, which as I've
said many times in this article, is a very stupid idea.
The Sperm Box is the same thing only it's attached like a beige box, to the
terminal box on the side of your mark's house.
Of these, only the Slug Box is anything more than a direct connection to
the microphone input of your sound card or tape recorder. Without a Part 68
Interface (which can be constructed from a few cheap parts) the line
voltages will probably fry your recording equipment.
Plausibility: Real but why build a crappy one when you can buy a nice one
cheap?
Obsolescence: Will still be useful as long as we have analog voice lines.
Fully digital secure telephony will mostly kill it.
Skill: The ability to attach a couple of wires.
Risks: Illegal to use for wiretapping, that's about it. The
NeonRock box might fry whatever is attached to it if the
phone rings.
------------------------------------------------------------------------
Walkman Box
(Wiretap disguised as a Walkman)
This enormously boneheaded idea has one major flaw. First a
description: it's a wiretap that you listen to through your Walkman
headphones. The idea is that you look like all you're doing is
loitering and listening to music, and not illegally wiretapping. OK, no
problem there but here's the main thing: How do you hide the telephone
cord that's running from your belt to an open box on the wall? Wouldn't
that look like a pretty dead giveaway that there's more to your
activities than slacking and listening to heavy metal?
Besides, there is a much better way to do this: Install a wireless wiretap
(no, it's not an oxymoron, it's a transmitter...) and tune it to an unused
channel on the FM band. Hang out somewhere in range of the thing and
listen to it on... surprise surprise... an FM walkman! No smoking gun,
greatly reduced cloak and dagger shit, and immeasurably more convenient.
Plausibility: If I were Mr. Cranky I'd give this thing a "BOOM!" rating
times 10 for plausibilty. Whoever wrote the Walkman Box
file obviously either never tried it, or did and was never
in a position of being observed in the first place.
Obsolescence: I don't consider a box this implausible to have a life
cycle, so I will not comment on its obsolescence factor.
Skill: If you were dumb enough to try this you'd have no skills.
Risks: Very high risk of drawing more attention to yourself than
with conventional means of wiretapping.
------------------------------------------------------------------------
Noise Box
(Generate line noise)
(See also Scarlet Box)
This device supposedly generates line noise. In fact it will decrease the
sound quality on the line, and might make modems fall back to lower speeds,
etc., but it does NOT generate noise.
Plausibility: Very little. The Noise Box file author doesn't understand
some pretty basic stuff.
Obsolescence: N/A
Skill: Construction is simple.
Risks: The plans call for you to break into the green bridging head
down the road from your victim. This would look VERY
suspicious - chances are you'd be arrested before you even
got the device installed.
------------------------------------------------------------------------
------------------------------------------------------------------------
Legal Line Gadgets
------------------------------------------------------------------------
------------------------------------------------------------------------
1.BOX
(Reduces line voltage so that extensions/taps/beige boxes will not work)
This device is a potentiometer which reduces the off-hook line voltage to
the bare minimum needed to run your phone. If someone else picks up an
extension, neither it nor your phone will work. The purpose, of course, is
to defend against eavesdropping by nosy family members.
I don't see anything wrong with the device itself but the file author says
it will cause massive line noise due to the insufficient line voltage - in
experiments, I found it only intermittently worked and when it did, the
phone just cut right out.
Note that this device requires some adjustment depending on the normal line
voltage in your area and on the current requirements of your phone. It's
definitely not a plug & play device.
Plausibility: It seems plausible but I would think that secretly
installing "fax cutoff" switches on the other phones in your
house would work better, as it would prevent eavesdropping
and have the added bonus of allowing you to continue your
conversation, which 1.BOX really doesn't.
Obsolescence: This device will work as long as subscriber loops continue
to work the way they do now.
Skill: Not difficult to construct, use is automatic!
Risks: Completely legal.
------------------------------------------------------------------------
Charging Box
(Lights red if British Telecom is charging you)
This is a British device, and I really have no idea if it works. It
basically lights one light (green) if your line has a DC voltage of one
polarity, and another (red) if the polarity is reversed. Apparently in the
British phone system, when they begin charging for a call, they reverse the
line bias polarity, allowing the box to indicate a free or charge call.
Plausibility: Unknown to me, but the plans look more or less sound.
Obsolescence: According to one source in the U.K., their phone system no
longer uses polarity reversal for billing purposes, so it no
longer works.
Skill: Simple to build, self-explanatory to use.
Risks: Probably completely legal.
------------------------------------------------------------------------
Demerit Box
(Half Speakerphone)
This device simply attaches a speaker to your line so that others in the
room with you can listen in on the conversation. It doesn't have the
ability to let those other people join in on the conversation, so it's sort
of half of a speakerphone.
The plans outlined in the Demerit Box text file have no means of audio
amplification, so there is a limit to how loud it can get, and that's not
very loud. Since you're attaching an 8 ohm speaker to an earpiece "speaker"
that might have an impedance of 3,000 ohms or more, you risk burning out
the audio circuit of your phone!
A cheap speakerphone would serve you better...
Plausibility: When I first read this, I thought it was such an obvious
legal line gadget that I looked for a commercial equivalent
in the Radio Shack catalog. To my surprise, Radio Shack
doesn't sell Demerit Boxes! But one certainly could be made
economically enough for mass production, if it were useful
enough to sell.
Obsolescence: It will work as long as subscriber loops are analog.
Skill: Not difficult.
Risks: Completely legal.
------------------------------------------------------------------------
D.U.O. Box
(Visual Line Tester)
This is another incredibly lame idea. All it is is a Radio Shack visual
line tester with alligator clips attached, as an aid to Beige Boxing. With
it you can tell which lines are active in a bridging head or demarcation
can.
Plausibility: Sure, it'll work but why do you need a text file?
Obsolescence: Still current.
Skill: Microscopic.
Risks: 100% legal until you go beige boxing with it.
------------------------------------------------------------------------
Insomniac Box
aka Insomniak Box
(Solar Line Cutoff)
This is potentially a useful gadget for those who work (or play) at
night and sleep during the day. It is simply a photoresistor connected
across the line, so that during the day when light falls on it, its
resistance is low and the line is shorted, thus disabling it until it
gets dark. Then the resistance rises into the megohm range and the
line can operate. Credits to The 1 for inventing this.
Plausibility: The basic idea is sound, although I haven't tried it
myself (and I'm not about to).
Obsolescence: Current.
Skill: Very little required. Strip the leads of a phone cord,
attach each to a lead on the photoresistor, plug phone
cord into the wall, place the photoresistor where it will
receive sunlight. Believe it or not, there are some
people for whom this is a difficult thing.
Risks: As you may have noticed, this device is in the Legal Line
Gadgets area because the inventor assumes that you are
going to use it on your own line. However, leaving your
line shorted all day might attract the attention of a
repair crew. And, of course, it would not be a very
legal line gadget if you connected it to someone else's
line without their knowledge.
------------------------------------------------------------------------
Inter Box
Meeko Box
(Multi-purpose Line Interface)
This box gets very high marks from this reviewer.
It is a fully-isolated interface to the line that will let you play or hear
audio on the line whether it is on or off hook and makes the ring signal
actuate a switch you can use to operate devices. It's unique among "phreak"
boxes in that it claims to be - and apparently is - FCC Part 68 Compliant!
What this means is that not only is it technically legal, but it is pretty
much guaranteed not to blow up your audio devices when the phone rings.
The FCC Part 68 Interface has been documented in electronics magazines such
as Radio-Electronics, and in many books and public sources. Why it isn't a
staple of phreak box philes should be a mystery but it's not. Most text
file authors never actually build the boxes they're describing, or write
about things they did to their phone lines that were completely
ill-advised. Pure intellectual laziness.
When just about any of the other boxes in this file are interfaced to the
line through the Inter Box, chances are they will start to work when they
didn't before!
Hats off to Sovereigns of Bell for putting out a refreshingly real file!
The Meeko Box is similar, but it doesn't claim to be, and isn't, a Part
68 interface. It is, however, more or less properly isolated from the
line and simpler to build.
Plausibility: 100 percent plausible.
Obsolescence: 100 percent current.
Skill: Construction is a little more difficult than a lot of
"boxes" but the result is well worth it, as other
line-gadget boxes are often sure to disappoint.
Risks: Not only completely legal, but FCC approved!
------------------------------------------------------------------------
Light Box
(In-Use Light)
The Light Box is just a phreakish moniker given to the ordinary In-Use
Light, a line gadget I have seen in dollar stores for half the cost of a
pack of cigarettes.
As an introduction to telephone electronics, the Light Box is a great
construction project. But if the main purpose of constructing one is
something other than education, just go buy an in-use light. You can do
better things with your time.
Plausibility: Real
Obsolescence: Will be around as long as we have analog local loops.
Skill: An easy-to-moderate construction project. More of a
skill-builder than a challenge.
Risks: Only the usual warnings about connecting homemade things
to the phone line: the voltages can hurt you and if you
break something on the telco side, they'll make you pay
for it. Other than that this device is perfectly legal
and safe.
------------------------------------------------------------------------
Olive Box
(External Ringer)
All an Olive Box does is add an external electronic ringer to your phone
line. It's not really a phreak box because devices are commercially
available which do the same thing.
Plausibility: Real.
Obsolescence: Will last as long as AC ringing voltages.
Skill: A medium level construction project; any idiot can install
one though.
Risks: None; it's perfectly legal.
------------------------------------------------------------------------
Pink Box
(3-way calling; Hold Button)
There are two different Pink Boxes. One is just a way of tying two lines
together to give cheap three-way calling (see Brown Box in this chapter).
The other is a hold button - nicely done, with a Hold light and everything.
Both devices can be bought commercially for very little money.
Plausibility: Real but somewhat pointless.
Obsolescence: Still current.
Skill: Both require some skilled assembly.
Risks: Errors in construction may damage your line or otherwise
affect your service, but these are perfectly legal devices.
------------------------------------------------------------------------
Purple Box
aka Crimson Box
(Hold Switch)
The Purple Box is a hold button for your phone. Since you can buy a
separate hold button for about the cost of the parts in the Purple Box
file, and since most phones these days have hold anyway, there's really no
point in a do-it-yourself hold button, but if you must try it, the purple
box plans should work fine. If nothing else, it's worthwhile as a beginner
project for someone wanting to later build more complicated boxes.
Plausibility: Real but quite pointless.
Obsolescence: Still current.
Skill: An uncomplicated project to build, a no-brainer to use.
Risks: No legal risks as the device is 100% legal, but mistakes
could cause damage to your line or your phone.
------------------------------------------------------------------------
Yellow Box
(How to install a phone jack)
The "Yellow Box" is just another example of the lame attempts at humour that
went around the underground BBS and AE circuit in the 1980s. All the text
file tells you how to do is install a wall jack, and it doesn't even do
that very well.
Plausibility: Oh sure, phone jacks exist.
Obsolescence: Technically not at all.
Skill: Read the instructions from Radio Shack.
Risks: Only if you put your tongue on the wires.
------------------------------------------------------------------------
------------------------------------------------------------------------
Tone Generators
------------------------------------------------------------------------
------------------------------------------------------------------------
Blue Box (diagram)
Bleeper Box
(Generates MF signaling tones)
Since its invention in the early 1960's, more has been written, and more
programs have been released, on the Blue Box than any other box.
And no wonder; the Blue Box got spectacular press when it came to light in
the early 1970's. There are still a LOT of new text files and tone
generators being written on the Blue Box, even though it is almost
completely obsolete in North America and rapidly falling into obsolescence
everywhere else. In its heyday, Blue Boxing was like playing a guitar: easy
to learn, difficult to master. The masters of Blue Boxing had control of
the toll network that the phone company's brightest engineers and security
personnel could not understand. The Joe-Average boxer (likely a college kid
impressing friends and chicks or a mafioso who bought a box to avoid
showing up on phone records) could make all the free calls he wanted, with
no downside.
The Blue Box, of course, is that box which siezes control of a toll trunk,
giving the user the same abilities as a long-distance operator. There are
now two problems with the Blue Box. First, the system's technology has
advanced so that most toll trunks no longer use the inband signaling
(meaning: signaling is no longer done with audible tones) that Blue Boxes
rely on. There are still a precious few left in North America but they will
be gone soon. Second, every telco security person knows about Blue Boxes
very well, and as a result, most local exchanges have tone detectors that
will either cut off the call or sound an alarm or write an entry to a fraud
log if you attempt to box.
If you can box from an exchange that has no such detectors, and if you can
find an inband toll trunk that you can get onto for free (1-800 number,
etc), and if you don't do it from a line where fraudulent calls can be
traced back to you, THEN you can still blue box and do it safely.
Otherwise, you'll find that its day is long gone.
The Bleeper Box is a British 2280 Hz tone generator. Apparently once you
could send 2280 from a British phone during a long distance call and then
pulse out your dialing sequence, but I happen to know that the British had
their own MF signaling system like the Blue Box tones for that purpose, so
I question the truth of that report. You could call a Bleeper Box an
incomplete British Blue Box in much the same way as a 2600 generator alone
would be an incomplete American Blue Box.
Plausibility: 100% real. These boxes were as real as the system they
cheated.
Obsolescence: Almost total - Inband trunks exist but try and find one!
The same goes in Britain for the Bleeper Box.
Skill: Difficult. Somewhat complex to construct and use. Usage is
not as simple as dialing a phone.
Risks: Very High. You will be caught if you use your own line.
------------------------------------------------------------------------
Green Box
(Generates Payphone Control Tones)
The Green Box generates three tones, which are suspiciously the same as
three particular Blue Box Tones. The function of these tones were to
command a payphone to return the caller's money, collect the money from a
holding chamber into the main coin box, or to have the switch call the
phone back. The idea was that an operator would have some powers when
dealing with payphone callers.
These are described by text files as part of ACTS but really they are just
selected MF blue box tones. Every blue box is also a green box.
Although the files written about the green box are credible, the whole ACTS
system is on its way out and the green box tones themselves were scrapped
with inband signaling anyway (operators today DO NOT have blue boxes at
their fingertips). So green box tones no longer work.
There is one possible exception: Certain models of Protel COCOT are said
to respond to a certain SF (single frequency) tone by returning the
deposited coins. Although the tone can probably be determined from
experimentation (hint: it was discovered by accident within the
electronic melody played to the called by the General Electric "Cordless
Answering System" while the tape is seeking...) the discoverer of this
New Green Box has not divulged its exact frequency. To my knowledge no
one has duplicated this.
Plausibility: It was a real box but it was far more talked about than
actually used, so it's really now more the stuff of legend
than anything else.
Obsolescence: Totally obsolete. Correct me on this one if I'm wrong. I
have heard from many different sources that it doesn't work,
and I have never heard of anyone using one with success.
Skill: To build the tone generator would have taken some doing, but
taped or PC-Generated tones are a total no-brainer.
Risks: Don't try it. The phone company may have MF detectors set up
and think you're trying to blue box.
------------------------------------------------------------------------
Jew Box
(Multi-tone box for Unix)
This isn't really a box as such, just a Unix program that generates Blue
and other box tones. Since there is a version of Unix for just about
any hardware platform, this may be the first ever truly universal
computer Phreak Tones generator!
Isn't it too bad, then, that every single tone generated by JewBox and
its cousins is obsolete due to common channel signaling, BOCOTs, etc.
Plausibility: It exists.
Obsolescence: Sadly, this sort of software program reached the peak of
its evolution years after the hardware boxes they emulate
became obsolete.
Skill: JewBox and all its relatives are generally simple and
self explanatory, or at least they are to someone who
would know what to do with such tones.
Risks: Although the phone switch will likely not respond to the
unsupported beeps created by box tone software, there may
still be security devices set up to trigger alarms when
certain tones that used to be a problem are heard. Which
can't be a good thing if you are playing with such a
thing from home.
------------------------------------------------------------------------
Jolly Box
(Programmable Intelligent MF/SF Tone Sequencer)
This was a great idea that never was developed to its full potential. It
was a microprocessor-based Blue/White box with a host of other tones. It
was originally invented by Jolly Roger (the cool one in Germany, not the
notorious plagiar in Alberta) and then fleshed out considerably by Kingpin
of The L0pht. The device has been constructed at least to the prototype
stage, and Kingpin has photos on his l0pht.com website.
Basically, despite claims to the contrary, it's a souped-up Euro Blue Box.
It actually does a great deal more than that, as its sequencing capability
allows for the simplification of extremely complicated functions. Its
German origin suggests where it would be most useful - in Europe and
elsewhere in the world where inband toll signalling is (or at least was, in
1993) still used widely.
The Jolly Box project was officially abandoned in 1996 by Kingpin, but he
has graciously left all the original Jolly Roger work online for the
benefit of anyone who wants to pick up the torch.
Plausibility: 100% Fact. Here is an URL where you can get photos of the
prototypes and highly detailed construction plans:
http://www.l0pht.com/~kingpin/jolly.html
Obsolescence: This box has limited utility to most North American phreaks,
but it could be powerfully useful to someone in an area
served mainly by inband toll signaling. There is still, of
course, a microscopic sliver of Blue Boxing availability
left in North America, and if you are deep enough into
old-school phreaking to still be doing it here, then the
Jolly Box would make your life easier. For the rest of us,
it's as useful as a Blue Box, which isn't much anymore.
Skill: This is probably the most advanced construction project
mentioned in this file. Don't even think of wasting your
time on this box unless you are already both an experienced
hardware hacker and a phone phreak.
Risks: Since its use is limited to Blue Boxing, risks are the same
as for Blue Boxing. Probably higher since its purpose is to
simplify flashy and glamourous phone system hacks...
------------------------------------------------------------------------
Pearl Box
aka Smurf Box
aka Morgue Box
(Variable SF Tone Generator)
The Pearl Box just generates SF (Single Frequency) tones. It features the
ability to "dial up" a tone with a series of knobs, a scheme that does
offer some precision once the settings for a particular frequency are
known.
The usefulness of a Pearl box is very limited, at least to a phreak. It can
generate 2600 and 1850 cps, as well as other SF trunk control tones (2280
comes to mind). But since Blue Boxing is dead anyway, and since a Blue Box
already has the SF tones you need, a working phreak really wouldn't need a
box like this.
The Smurf Box is VAS's twist on the Pearl Box. VAS correctly understands
that an IBM-compatible PC can generate SF tones through its speaker, but
they incorrectly assume that (a) you can connect it to a phone line
directly without frying anything, (b) that the PC will generate SF tones to
32767 Hz, (c) that any phone system anywhere even uses SF tones outside the
300-3000 Hz voice band on inband signaling systems, (d) that the phone
system will properly interpret your PC's square wave output when most phone
tones use sine waves, and (e) that the human ear can only hear tones to
5010 Hz. All of these things are wrong. Anyway, a novice programmer can
write a Pearl/Smurf Box program in GWBasic or Turbo Pascal in about 30
seconds, and you didn't need VAS to tell you that.
The Morgue Box textfile makes the most ridiculous claims about the range of
tones and duration precision available. It claims you can make tones
shorter than the length of a clock cycle on the PCs of its day (1993). It
claims you can make tones up to 65535 Hz, forgetting that the PC speaker
can't output tones that high in frequency, that the phone system doesn't
use tones over about 3700 Hz, or that recording tones from a PC speaker onto something portable
enough to take to a payphone is challenging at best if you are looking for
the tones to actually do something.
Plausibility: Not much. YES you can build a variable tone generator but
there's a reason why Esquire hasn't published any articles
called "Secrets Of The Little Pearl Box".
Obsolescence: If you're checking the frequency response of your stereo,
it's not obsolete. If you're blue boxing, then the Pearl Box
and the Blue Box and you for that matter are all relics from
the 1960's. Watch Austin Powers a few million times for a
clue.
Skill: It's not a very complicated construction project but it
shouldn't be your first.
Risks: Since its use is limited to Blue Boxing, risks are the same
as for Blue Boxing.
------------------------------------------------------------------------
Privacy Box
(Block Caller ID on all outgoing calls)
This gadget is a replacement for those $20 boxes you can buy at Radio Shack
that automatically dial *67 every time you pick up the phone. Considering
that you have to dedicate a voice note taker to this task and that those
things cost almost as much as the $20 box mentioned above, and considering
that this box doesn't work as well, and considering that in most places
permanent Caller ID blocking is available and free, one has to wonder what
the point would be of building this thing.
The textfile author doesn't explain how to stop the thing from annoying
incoming callers with the *67 tones every time you answer.
Plausibility: Semi-workable but not economically feasible for what it
does.
Obsolescence: Will last as long as *67 does.
Skill: Some electronics skills required.
Risks: None, it's legal.
------------------------------------------------------------------------
Prog Box
Rio Box aka Raven Box
(Take computer-generated phreak tones on the road with you)
This is an extension of the "Hallmark Card Red Box" idea.
Basically, it proposes that you can record whatever phreak tones you need
from your computer onto a digital voice notepad and then play them back
later.
Ignoring for the moment that these devices usually have terrible sound
quality, the most obvious problem is that almost all of them have only a
few slots, or have enough slots for a complex toneset but they are accessed
via up/down keys rather than a keypad. For this idea to be truly practical,
you'd need at least 12 hotkeys, enough to make your notepad into a portable
touch-tone dialer or blue box (0-9 plus KP/ST). With most of the notepads
on the market, its true usefulness is limited to just another flavor of Red
Box.
The Rio Box is the same thing, except that your cheap little voice notepad
is now an expensive MP3 Player (such as the Diamond Rio, hence the
name). The Raven Box is identical to the Rio Box.
Both flavours of this box share the basic red boxing problems of signal to
noise ratio in an acoustic setting, and countermeasures installed by the
telephone company.
Plausibility: Marginal. There are some significant technical hurdles
involved in making this work, and it may still not be
practical.
Obsolescence: I suppose it will be obsolete when there is no more inband
signaling of any kind, including ACTS and DTMF.
Skill: You need only the skill to operate the notepad, plus
whatever skills the box you're trying to emulate require.
Risks: You still have to deal with the various countermeasures the
phone company has in place for the box you wish to emulate.
------------------------------------------------------------------------
Rad Box
(Red and Green box in the same package)
The Rad Box takes the well-known Red Box technique of replacing a
crystal in a Radio Shack dialer to change the frequencies of one of its
keys to that of an ACTS coin tone, one step further.
The Rad Box proposes installing two different crystals (in addition to
the original one) to make it switchable between being a normal tone
dialer, a Red Box, and a Green Box.
Doing the math, one finds that the substitutions of 6.5536 MHz and 4.101
MHz crystals respectively do in fact give the dialer a few tones that
come within about 2 percent of the frequencies of red and green boxes.
So this is a very plausible box.
The problem is that the Green Box is completely obsolete today, and
the Red Box is well on its way out too! The Green Box uses signaling
technology that you won't find used anywhere in North America anymore,
and the Red Box is now only useful for local calling, as AT&T has
discontinued using ACTS for toll billing from payphones!
Plausibility: Very good. The author of the Rad Box textfile did a bit
of homework and came out with a technically sound file.
The only thing that might cause a problem is that the
tones generated by modified pocket dialers are usually
only approximations of the "real" ones they are meant to
emulate. For example the Green Box "release" signal dual
tones emulated by this mod are about 1.9 percent flat on
the low tone and 2.1 percent sharp on the high tone. The
human ear can detect this discrepancy and, depending on
the telco equipment, this tolerance may not be good
enough. This statement is of course academic, as I
explain in "Obsolescence."
Obsolescence: Almost useless today. I wonder if the Radio Shack dialer
mentioned in the text file even existed yet when MF coin
control signaling was still in use? See the Red Box
description to learn about the many problems now faced by
users of that box.
Skill: You will have to find a way to get two more components
inside a small and already very cramped casing, plus a
switch to select which you want to use. Although the
circuit modifications themselves are not hard for someone
familiar with a soldering iron, the physical restrictions
of the case make this a bit of a challenge. Once
constructed, however, the skills required match those of
the red box and green box.
Risks: You don't really risk being caught doing something that
hasn't worked in decades, and if you are, the fact that
green boxing died ages ago might help you with an
insanity defense...
------------------------------------------------------------------------
Red Box
including the Disc Box variation
(Generates ACTS coin tones)
As much as the Blue Box was talked about in the 1970s and 1980s, the Red
Box is the topic of discussion in the 1990s. The Red Box makes the same
tones that ACTS payphones use to signal the phone company that coins have
been deposited.
If you saw the movie Hackers you saw a crude approximation of how red box
tones could once have been gathered straight from a payphone. This really
doesn't work; you'll find the tones are muted if you try it. The best way
is to make them yourself with one of zillions of computer box tone
generator programs out there.
In order for red box tones to work, the payphone you are calling from has
to be an ACTS payphone - it has to use Red Box tones itself. The audio
quality of the tones has to be good, not because of any anti-fraud devices
the telco has set up but simply because the coin tone detectors have a
narrow tolerance to avoid false detection of speech and background noise as
coin tones.
If an operator comes on and accuses you of boxing, it's because she was
already listening. The phone mutes the mic while playing its red box tones,
she knows this and knows that there shouldn't be any street noise, bumping
of a tape recorder into the handset, breathing, and other sounds while the
tones play. She also knows that the tones should be loud, clear and
undistorted. The system doesn't make those judgments; a human does and she
does so only when the boxer's other messing around with the phone has
triggered an exception alarm. Or if you were calling long distance and your
three minutes are up...
The red box does still work and is still widely used; those who say it
doesn't either don't have access to ACTS phones or played really bad tones.
It won't work at all on any phone where the party you're calling complains
about really bad speech quality - those phones are likely to be marked
"modified to prevent fraud" and the distortion from the mouthpiece is the
means used to prevent red boxing on those phones.
There are many, many text files on red box tones; the best method involves
the use of a tape recorder and an acoustically-sealed (like an acoustic
coupler modem) speaker for best sound quality and elimination of suspicious
noise. The worst methods involve "ingenious" means - whistles, recordable
hallmark cards, modified pocket dialers, yada yada. None of those things
really work well and all involve the phreak spending extra money on junk,
when the whole idea behind phreaking is to not spend money.
Most of those who have written about the Red Box and different ways of
generating the ACTS tones have stuck to the name "Red Box" faithfully, but
the one exception that I have encountered is Napalmoliv's variation, called
the Disc Box. The Disc Box is simply the tones of a Red Box recorded to a
recordable audio CD and played back through a Discman CD player. As
Napalmoliv claims, this will undoubtedly give the best quality red box
tones possible as its output is high-fidelity digital audio, but once those tones
leave the CD player and travel through the air and into the phone's
mouthpiece, all the problems that complicate redboxing are still there.
Background noise, suspicious operators, electronic countermeasures,
physical bumps, and the like will still foil red boxers no matter how
crystal clear the tone source is. But at least it does remove one
bottleneck, where so many other pea-brained red box schemes add them.
Plausibility: 100 percent fact, and well documented.
Obsolescence: Doesn't work everywhere, and rapidly decreasing in
availability. Forget it on COCOTs, cardphones, Nortel
Millennium Payphones and any payphone not using the ACTS
system. In November, 2002, AT&T has discontinued coin-op
long distance altogether!
Skill: Very little. It's almost as easy as Razor and Blade
demonstrated in Hackers. That's probably why it gets so much
discussion.
Risks: Few if you are careful. Don't mess with the phone and no
operators will come on. Play good tones and it will work.
And remember, any kind of payphone phreaking that involves
gadgets looks suspicious, so there is always the risk that
someone might see you and call the police.
------------------------------------------------------------------------
Telezapper Box
(Defeat Predictive Dialers)
This is a replacement for the $50 Telezapper. Working very similarly to
the Privacy Box above, it plays one of the SIT tones - that is the
bee-bee-BEEP tones you hear before a US not-in-service recording. The
telemarketing dialer hears the tone, assumes the line is out of service,
and your number gets taken off their list.
Great, now there are only 9,999 telemarketers lined up to interrupt you
screwing your girlfriend.
The Telezapper Box is not really a box, it's just the idea of putting that
same tone in the outgoing message of your answering machine. That might
actually work, as long as your answering machine isn't such total crap
that it actually distorts the tone to the point where the dialer cannot
hear it. Some answering machines really do suck that badly.
Early in 2003, a new predictive dialer called DirectQuest was introduced
that gets its call progress information from a separate digital channel
that you, as the telemarketer's mark, don't have access to. As
DirectQuest and its inevitable imitators gain a foothold in the
telemarketing industry, the Telezapper will gradually become less and
less useful. In addition, some telemarketers are aware of the
Telezapper and have disabled the call progress detection in their
dialers. Why they would do this is baffling as the presence of a fake
SIT tone should be a dead giveaway that no matter what the telemarketer
is selling, you don't want it. Even minimum-wage telemarketing droids
aren't free, and that affects the bottom line which is the only thing
telemarketers give a hump about.
Plausibility: Very feasible, in fact I'm amazed the Telezapper device
is still being sold when people can get the tones for
free on the web.
Obsolescence: On its way out, thanks to modified practices by telemarketers,
and predictive dialers such as DirectQuest(tm) that get
call progress information from a separate, digital line
provided by the telco instead of from tones you can spoof.
Eventually the company that makes Telezappers may find
itself forced to resort to telemarketing to sell them...
Skill: Very little, but best results involve hacking some kind
of direct connection to the microphone of the answering
machine, so skill needed varies depending on how good you
want the tone to sound.
Risks: None, it's legal (althought the DMA would certainly like
to make you a criminal for trying to avoid them...)
------------------------------------------------------------------------
White Box
(Generates DTMF Tones - portable)
Silver Box
(Generates DTMF Tones including A,B,C,D)
The White Box and Silver Box are almost the same thing - both boxes produce
the DTMF tones that every pushbutton phone uses. The difference is that the
White Box produces the 12 tones we are all familiar with, and the Silver
Box produces an additional "column" of tones, normally placed to the right
of the others, marked A, B, C, and D.
The usefulness of both these boxes is quite limited today.
For starters, you can buy a proper white box at Radio Shack. It's just a
portable tone dialer. Amazing, then, that people have been arrested just
for possessing this commonly available, perfectly legal device. Hell, I
have even seen wristwatches with white boxes built in. A white box is
nothing more than a tone dialer.
Second, the extra tones on the silver box are only useful on the Autovon
military network - they are used for prioritizing calls.
With that said, I find it inconceivable that no phone system anywhere out
there aside from the military one has fourth-column tones in use somewhere
- for internal testing, and so on. A, B, C, and D will break dial tone on
most digital switches. It's just that no one has published any inside
information on this yet.
If a way to take advantage of silver box tones ever surfaces, then building
a hardware silver box may be worthwhile. Until then, the tones themselves
are a technical curiosity best left to computer tone generators.
The Silver Box is sometimes also called a Gray Box.
Plausibility: 100% real
Obsolescence: Of little use to most phreaks. The US Military no longer
uses Silver Box tones. It's interesting to note, though,
that the A, B, C, and D tones have come back in the form of
DTMF Caller ID as used certain places, notably Finland.
Skill: Construction is average difficulty; single chip DTMF
generators are easy to find. Usage is straightforward.
Risks: You want to phreak a military network? Are you nuts?
------------------------------------------------------------------------
------------------------------------------------------------------------
Bridges, Cheese and Gold Box
------------------------------------------------------------------------
------------------------------------------------------------------------
Brown Box
aka Conference Box aka Con Box aka Party Box aka Switch Box
aka Hoz Box aka Fuchsia Box aka Cross Box aka Shit Box
(Joins 2 lines to effectively give 3 way calling)
The [Conference] [Party] [Switch] [Hoz] [Brown] [Fuchsia] [Cross] [Shit] Box
(hereinafter just called the Brown Box) joins together two lines to
effectively give a 3-way conversation. If you already have two phone lines
(for a BBS, fax, whatever) you can save the 50 cents per use charge on
three-way calling by either building this box OR buy a 2-Line phone at
Office Depot or Radio Shack that has a 3-way feature. Last weekend I bought
such a phone at a garage sale for $3, no shit! Since you're not really
stealing the three-way custom calling service, Brown Boxing is not fraud.
That's why you can buy 3-way 2-line phones on the open market.
Of these boxes, the plans and description for the Conference Box is the
only one worth paying any attention to. Its ASCII diagram is easy to follow
and it isolates the two lines with a 1:1 transformer, as they should be.
It's also the only text file which mentions that if you have 3-way calling
on both lines, you can effectively get a 5-way conversation going without
anyone else in the conference having 3-way calling.
Note: Some text files have described a Brown Box as simply a homemade
lineman's handset, or a Beige Box (see above).
Plausibility: 100 percent real.
Obsolescence: More pointless than obsolete. Get a 2-line phone!
Skill: Some electronics skills useful.
Risks: Zero - perfectly legal. The only way you could get in
trouble is if you screw up and damage your phone line.
------------------------------------------------------------------------
Cheese Box
(creates an anonymous loop, purported to turn your phone into a payphone)
There are two types of cheese box out there, and one seems to be getting
much more coverage than the other, which is unfortunate because the first
kind (more commonly seen) is bullshit. The textfile explains that the box
is so named for the "kind of the box the first one was found in" but then
goes on to describe something that isn't a box at all!
The gist of the first cheese box type is that it effectively turns your
phone into a payphone, untraceable and unreachable by law enforcement. This
is accomplished by forwarding calls to an operator.
The problem here is that no matter who or what you forward calls to, your
own ANI and Caller ID data still get passed. Traces still come back to you.
And incoming calls go to the operator. It seems to me that it would make
more sense to find a way to forward calls dialed to a payphone to your home
number, if payphones had call forwarding.
The second type of cheese box is a lot more believable. It's an electronic
device which connects two lines, much like a Gold Box, and makes them an
anonymous loop. Two people could call either line of this loop and not know
the other's real phone number, which would have some privacy advantages. If
installed between two payphones, even a reverse directory lookup of the
loop numbers would reveal nothing. It is likely because payphones were used
for this that the idea got perverted into the first type of box - after
all, what use would it be to turn your line into a payphone? Payphones in
groups of two or more are common in public places, so there was an abundant
supply - especially in big cities where bookies and organized crime
families operate.
Plausibility: Most of the textfiles you read on the Cheese Box aren't
worth the photons to read them. Read the IIRG Cheese/Gold
Box file for the best description of the cheese box.
Obsolescence: IIRG claims that the cheese box is obsolete but I see no
reason why even under ESS and DMS you couldn't still
cheesebox today. Their rationale is that the old cheese
boxes included black boxes, which of course only work on
older Step by Step switches. But with other ways of calling
for free, the black box part isn't necessary! One other
note: you won't be able to use payphones marked "Outgoing
Calls Only". These are getting more and more common every
day, which means that the obsolescence of this box is
increasing.
Skill: Construction of the device is comparable in difficulty to
the Gold Box, and installation would require stealth or a
good ruse. Pose as a phone company technician with a fake
company ID tag (And look the part - 30+ years old, clean
shaven, short hair, work clothes & tool belt) and no one
will hassle you for messing with the payphones.
Risks: If the device were used too much, or if you were unlucky,
there's a chance someone trying to legitimately use one of
your payphones might report a problem to repair service,
who'd discover the box and likely alert telco security or
the police, who'd likely stake out the phones for a while
after.
------------------------------------------------------------------------
Gold Box aka Divertor Box
sometimes called Magenta Box or Slush Box or Dark Box
(Joins two lines; call the first and get the second's dialtone)
The Gold Box is a great idea that unfortunately is lost in the terrible
quality of text files that have been written about it.
The Gold Box joins together two phone lines. You phone one, and immediately
are connected to the other one's dial tone. This, of course, has a few
problems of its own. For starters, if your victim expects calls to come in,
all his normal callers will get his other line's dial tone. They will then
get a hold of him some other way and let him know of the problem. Second,
he's sure to hear at least an abortive mini-ring before the Gold Box picks
up. Some phones with electronic ringers will give a full-length ring even
if it receives only a fractional pulse of ring voltage. That would be
suspicious to say the least. Third, the Box's original design doesn't
really have a way to terminate the call; your victim would be left with a
phone line that does nothing but reorder shortly after your first call.
Some of the newer designs (after 1985 or so) will respond to the drop in
line voltage that occurs after the person on the other end hangs up, and
can terminate & reset that way.
The Slush Box is an idea by Dispater (of Phrack fame). It joins two
business lines in a multi-line business phone system. Call line 1, enter a
password, get line 2.
The solution, of course, is intelligent control of the Gold/Slush box by
the phreak, and that is what Dispater was getting at (although I have never
seen anything on the slush box beyond his proposal).
Here's how I would design and implement something like this (although I am
getting at the point of giving this box a low plausibility rating): First,
I would select at least one line that is not normally answered by a human.
A fax line, modem line, what have you. That would be the "hot" line which
is called OUT from. Call the "Hot" line and sound a tone. The box I would
use would be designed to listen for this tone with a PLL tone detector or
something and when it hears it, would "activate" the box. When the box is
not active, both the "hot" and "cool" lines would function normally. When
the box IS active, a call to the "cool" line causes the box to immediately
"pick up" the phone and yield the "hot" line's dialtone. This would be best
implemented against a business, a BBS or ISP, a person with a fax or modem
line, etc. The point is that the "hot" line has to be one where it is
acceptable to the victim to receive calls that don't connect on a fairly
regular basis, i.e. as often as you use the box.
The Gold Box plans most people have read have none of these features and
would therefore present a significant risk of detection - in which case a
quick *69 would compromise you.
Note that a properly designed Gold/Slush box would not allow the Telco to
deliver your Caller ID data to the "cool" line, as pickup would normally
occur instantly, before the signal could be transmitted. Note also that the
Caller ID data for the "Hot" line would be transmitted to the final dialing
destination. A devastating reality for blackmail/framing purposes.
In 1988, someone named "Street Fighter" wrote a text file with a totally
different design, that does the same thing as a Gold Box, and called it a
"Magenta Box." Note that this is different from the Magenta Box
which is a portable ringing voltage generator.
And in 1991, some plans emerged for a "Divertor Box" which
specifically explain and handle the problem of call termination. I have not
verified either devices' functionality.
Plausibility:The early plans don't work. The IIRG plans are still
promoted by their authors, I don't know how well they really
work. The basic concept, with development, could work
exceptionally well. But be aware of teenaged lamers who
claim to be able to gold box you - most teenaged hackers are
NOT hardware hackers and would never be able to make this
box work.
Obsolescence:As long as we have analog telephony, this is a potentially
effective method.
Skill: Design and construction of a box which would work to this
author's high standards would be an advanced construction
project requiring optimization of space and power. This is
not for the beginner.
Risks: Installation involves some sort of prowling or false
pretense to gain initial physical access to the victim's
phone lines. This is inherently somewhat risky, depending on
the skills of the installer.
------------------------------------------------------------------------
------------------------------------------------------------------------
Cellular and Other Wireless
------------------------------------------------------------------------
------------------------------------------------------------------------
Infinity Box
aka Furious Box aka Furious Gold Box aka Red Box II aka Box II Plus
aka Blazer Box aka Delok Multi Box aka JAF Box aka SAG Box
aka NS Pro Box aka Universal Box aka Cruiser Box
These are cell phone unlockers/flashers/reprogrammers that typically
plug into a PC's USB port on one end and a cell phone on the other,
and use software on the host PC to hack the phone. Although by their
manufacturers' admission they are not really "boxes", they are promoted
as such on cell phone hacking websites. Unlike classic phreaking boxes,
construction plans for these devices are not available in the
cybersphere. The devices differ mainly in the makes and models of
cell phones on which they work, and the range of reprogramming
capabilities each one has. They typically cost between $200 and $400
each.
I'm not going to help these guys sell their stuff for nothing, so there
is no link here, but you can easily find them with a very small amount
of googling.
Plausibility: These devices are all too real, and their promoters apparently
have quite a nice little business going selling them.
Obsolescence: Varies. Generally, these boxes will work over the lifetime of
the phones they are designed to molest. If the manufacturer
updates a phone's firmware such that these boxes are no longer
compatible, the manufacturer of the boxes can compensate by
updating the software that controls the box.
Skill: These devices are "supposed" to be used only by trained service
professionals. Indeed, a novice will likely find them confusing
no matter how well written the software is, because the user
needs to understand GSM technology and something of the internals
of the target telephone in order to understand the options
the software presents.
Risks: You probably wouldn't get caught actually using a cell phone
reprogrammer unless you were in the business of reprogramming
cell phones for money (and were thus doing it often enough to
risk being stung). Since the legitimate service representatives
of cell phone manufacturers have their own official equipment,
these aftermarket devices are left to the domain of the grey and
black markets. Using a modified phone is also potentially
problematic. Even if you are using a phone that has been
modified illegally so as to let you make calls for which someone
else will be billed, you could get away with using it for quite
a while if you stay mobile (avoiding setups and triangulation)
or confine your use to areas where there are many other
cellphones nearby (like a busy mall) to act as decoys. But if
you got caught, you'd be facing hard time, as history shows that
victimized corporations (like cell phone providers) tend to get
more criminal justice than victimized victims do. Look at what
happened to Kevin Mitnick.
------------------------------------------------------------------------
DNA Box
(Cellphone Hacking)
The "DNA Box" is not a box. In the early '90s, a group called DNA released
some cell hacking files and called the series "The DNA Box". Cellphone
Hacking is a pretty big subject in itself, and with new technologies
emerging, it's still a developing set of methods, and beyond the scope of
this series.
Plausibility: Quite. DNA's files are pretty credible but quite basic.
Obsolescence: The files are now very old. A lot of the phones from those days are
no longer in service, none are still sold new today. Even thrift stores
are starting to turn away these phones as donations.
Skill: Varies with technique. Generally high.
Risks: Note that the kinds of phones (early analog) that these
techniques work with are now visibly obsolete; you will draw
stares if you are seen using a phone that is so big it requires
a shoulder strap to be portable. Not good for the low profile.
------------------------------------------------------------------------
------------------------------------------------------------------------
Others
------------------------------------------------------------------------
------------------------------------------------------------------------
Blast Box and Loud Box
(Phone mic amplifier)
The "Blast Box" and "Loud Box" are mouthpiece amplifiers. The Blast Box is
intended to make the called party's receiver so loud that it's more like a
loudspeaker. I was called by a few telemarketers using a device like this
back in the early 1980's, so I know it existed once. Also, my local phone
company once experimented with extremely loud "You left your phone off the
hook, please hang up now" recordings.
The Loud Box is the same thing, only less obnoxious - its function is
simply to make your voice more audible to the other party on analog
conference calls, long distance calls, and other times when your signal
might otherwise come through poorly.
These devices were invented back in the old days when a phone call created
a direct analog connection between the caller and callee, giving almost
unlimited dynamic range and thus happily passing extremely loud signals
when desired.
With today's digital switches, the voice is digitized, which limits not
only the frequencies but the volume levels that can be passed through the
phone system. Below a certain level, the switch will pass no signal at all,
and above, it will "clip". "Normal" speech levels fall between the
extremes. On the upside, digital switching also eliminates a lot of the
problems that would have made a legitimate mic amplifier desirable - today,
long distance and conference calls are loud and clear.
Plausibility: Largely real with a significant bullshit factor. The concept
has been put to commercial use on an experimental basis.
Obsolescence: Nearly 100 percent obsolete now.
Skill: Not much. You could likely use an off-the-shelf amplifier to
boost the mic signal.
Risks: You could only get in trouble if you damaged your line or
pissed off the wrong person.
------------------------------------------------------------------------
Busy Box
(Makes a line busy all the time)
If you short a phone line, anyone who calls it will get a busy signal. This
is a basic truth and is the only thing the Busy Box text file has to offer
you. It's yet another example of an adolescent effort to get recognition in
the virtual underworld by writing a text file about something.
Plausibility: Real but VERY pointless. The busy condition will last only
as long as it takes to call repair service.
Obsolescence: Still current.
Skill: Zero skill needed.
Risks: Only of being caught in the act.
------------------------------------------------------------------------
Chartreuse Box
Cerulean Box
(Steals DC power from the phone line)
The Chartreuse Box is another exercise in lameness. It purports to give
free electric power from the phone line, but the phone line's DC power can
only supply a small current, above which you'll trip circuit breakers.
Never mind that as soon as the phone rings, whatever you happen to be
powering will be fried.
The Cerulean Box variation simply calls for the uninsulated phone wires to
be dipped in salted water, so that the DC voltage causes the water to
electrolyze into its component elements, hydrogen and oxygen. This will
probably draw little enough current but the resulting hydrogen and oxygen
are mixed and therefore highly volatile, and what are you going to do with
it when you get it? Spend a large amount of money on a compressor and a
tank to store it? And just how much gas can you produce this way anyway?
Not mucking fuch.
The Cerulean box of course gets its name from two episodes of The X-Files
in which the colour "Cerulean Blue" figures prominently. But it's no Blue
Box.
Plausibility: None at all.
Obsolescence: N/A.
Skill: You need more skill than the textfile author, that's
certain.
Risks: You are certain to draw the phone company's attention with
this thing. There is an additional risk of fire with the
Cerulean Box.
------------------------------------------------------------------------
Chrome Box
(Change traffic lights)
This is not a phreak box. It claims to be able to change traffic lights by
emulating those flashing strobe lights you sometimes see on fire engines. A
lot of cities aren't using that system anymore, and I don't think that the
timing needed is as critical as the textfile claims.
There IS such a thing as a Chrome Box, however. I once rode in a taxicab
that used to be a police car, and the cabbie showed off a button under the
dash that flashed the headlights. INSTANTLY the lights at the intersection
we were at changed. If the sensor that changes the lights can be tripped by
flashing headlights, then there's probably no need to build an elaborate
box.
Plausibility: Real but with a significant bullshit factor.
Obsolescence: Increasing as the optical system is phased out. There
are some real safety problems with the idea of traffic
lights changing at unexpected times, and the risk of
liability if this system should cause an accident is
enough for most towns to abandon it. Besides, anyone who
needs to see a red traffic light before he will pull over
and let a convoy of speeding fire engines go by needs to
have his driver's licence shoved up his ass in many
small, sharp pieces.
Skill: Depending on how critical the system in your area is with
respect to timing, this could be an easy headlight flasher
or an elaborate hidden strobe lamp arrangement.
Risks: If you are spotted manipulating the traffic lights by
police, you can count on being arrested and treated poorly.
After all, you're stepping on their toes, squatting on their
turf. And, the device carries with it a risk of causing an
accident, possibly involving you.
------------------------------------------------------------------------
Clear Box
(defeats audio muting on postpay payphones)
Opaque Box
(also defeats keypad muting)
The Clear Box takes advantage of pay phones where you are supposed to dial
first and pay when your party answers. The phone mutes the mouthpiece until
you put in the quarter (or whatever the call costs). However, the earpiece
is still active, and while you are fishing in your pocket for that quarter,
you can hear your called party going "Hello? Hello?".
The Clear Box is basically an amplifier and an induction coil that lets you
speak into a microphone, amplifies your voice, and feeds it into the coil,
which then transfers the voice signal directly into the phone line by
electromagnetic induction, bypassing the muted microphone.
The concept is sound, but if you can even find the phone line itself, it is
very well shielded with metal piping that will beautifully (and
inconveniently) absorb any magnetic induction signal you try to impart
through it. And if you had easy enough access to the line to successfully
do this, you would likely do better just to bud box your calls in the first
place.
A version of this file suggests putting the induction coil near the
earpiece, and your voice would then enter the phone line that way,
presumably by way of crosstalk. The problem with this is that if you used a
strong enough induction signal to be heard, you would also oscillate the
earpiece's cone, resulting in loud feedback and the deafening sound of your
own voice. I don't think so.
I strongly suspect that clear boxes really did exist, but the text files
most of us see about them are based on conjecture and second hand reports.
Perhaps the original clear boxers found an electromagnetic weak spot in the
phone or some point on the line where they could inject an electromagnetic
signal. Perhaps the mouthpiece cutoff relay was near the outside of the
phone, in which case a strong magnet would have defeated it.
Postpay phones have one more problem that the clear box files never
mentioned. Not all phone calls require you to speak. On a postpay phone you
can call up the local sports scores line or whatever and just listen - the
phone might even let you use its keypad! If you live near a postpay phone,
try it some time. Try local, long distance, even 900 numbers. Try
everything till you find a weakness, that's what real phone hackers do!
Addendum 02/09/27: Fone Ranger reports that postpay COCOTs are
commonplace in the UK, which means that (a) there is still a large
market where some form of the Clear Box can be used, and (b) British
COCOT operators are stupid (see problems above). The Opaque Box is a
concept that includes a tone dialer (white box) for those phones that
also cut off the keypad until you pay...
Plausibility: Not terribly likely. As I said, the concept is sound, but I
doubt the file authors actually did it.
Obsolescence: Moderately high, increasing. Postpay Phones were widespread
in Canada and the rural U.S. in the 1980s but here in Canada
they are disappearing.
Skill: Expert. You'd have to build an amplifier and an induction
coil, and probe for the best EM weak spot on the phone, an
artful venture.
Risks: Low if there's no one around to see it, which is likely in
the kinds of out-of-the-way places these phones were used
in. Any kind of payphone phreaking that involves gadgets
carries the risk that someone will see you acting
suspiciously.
------------------------------------------------------------------------
Click Box
(Make a line outgoing-only)
This device is a simple relay that intercepts incoming calls and hangs
up on the caller. This basically makes the line incoming-only, although
a device that triggers a digital recording saying "The number you have
reached..." etc would be more effective.
The design given in the text file is of questionable soundness, and I
think anyone who is actually skilled in electronics could come up with a
better one, but the idea is sound. And although the author of the text
file sees only revenge applications for it (ie. put it on an
unsuspecting mark's line), it could also be used to automatically handle
all incoming calls when you are being harassed by telemarketers, bill
collectors, ex-girlfriends etc., and most especially so with the fake
recording mod I suggested.
Fortunately, another text writer did redesign the circuit to be smaller,
quieter, and generally work better. Look for the [Advanced Click Box]
on the web for that one.
Plausibility: Very plausible but your brain-damaged goldfish could
probably design a better circuit than the original.
Obsolescence: Not really an issue.
Skill: Minimal understanding of electronics needed.
Risks: Use it on someone else's line and you can be caught in the
act.
------------------------------------------------------------------------
Copper Box
(Creates a loop in the long distance system, crashing it)
This isn't a phreak box but it once may have worked. Everything about this
idea reeks of urban legend, so I'm giving it a low plausibility rating.
What it is, is you call an 800 number with an extender. From that, you get
dialtone and call the same 800 number again. Repeat a few dozen times until
the toll network is filled up with your calls and crashes.
I really don't think this could ever have worked simply because the toll
free system as a whole will not run out of trunks before the 800 number you
are using runs out of extenders. The 800 number may even have only one!
Plausibility: Very implausible. You'd have to show me a newspaper clipping
or something before I'd believe it ever happened.
Obsolescence: Almost certainly, if it was ever done it happened decades
ago when the toll free network was far less capacious than
it is today. As implausible as it was back then, it is a
virtual impossibility today. The worst you can do is tie up
the extender owner's switchboard temporarily.
Skill: You'd have needed an extender and to know how to use it.
Risks: If you did it from home and succeeded, you'd have some very
angry telco security dudes at your doorstep toot suite.
Remember, 800 subscribers have ANI.
------------------------------------------------------------------------
Grab Box
(Radio Antenna Extension)
The Grab Box is frequently found among phreak box files but it's not a box
at all. All it is is a long wire antenna for an AM radio. Everyone who
owned a shortwave receiver back in radio's golden age knew that for long
distance reception, longer is better when it comes to wire antennas. And
now, someone has come along and called the wire antenna a box.
Plausibility: Nothing more than an ego trip.
Obsolescence,
Skill,
Risks: All N/A.
------------------------------------------------------------------------
Logic Box
(Crash Caller ID)
I (along with a few other long time regulars) have been trying for over
five years now to educate the many ignorant newbies who post the most
ridiculous things in alt.phreaking about Caller ID. Now, this file is
not about Caller ID and I have already written one that is, which
addresses almost all of the newbie garbage about CID that has been
spewed forth into the Usenet, but it seems now to have been inevitable
that a "phreak box" based on really idiotic assumptions about CID would
surface. What amazes me is that it took so long.
The Logic Box is supposed to cause the Caller ID box on the other end of
the call to display an error message. OK, now some experts (myself
included) think that there may indeed be a way to hack into a local CO
and modify or spoof the interoffice data stream so as to falsify Caller
ID. But the Logic Box makes no attempt to do anything so challenging.
Instead, it claims that by adding a 9 volt DC component to the local
loop (did you ever notice how many stupid box ideas involve attaching
the ubiquitous 9 volt battery directly to a phone line?), JUST after you
dial, the Caller ID box at the other end will only display an error
message.
But the inventor of this inane idea doesn't know that in a call
supporting Caller ID, the caller's line doesn't connect to the other end
until after the call is answered! Caller ID, of course, is transmitted
to the receiving end before the call is answered. Until the receiving
end picks up, there are really two, non-connected circuits - one from
the caller to the central office (of the receiving end), and one from
that office to the receiving end. They are completely separate circuits
until the other end answers so NO signal, NO voltage, NO noise generated
on the calling end can interfere with the receiving end before the call
is answered.
I have a better idea based on the same idea: You CAN defeat a caller ID
Box by attaching a battery to a phone line by following this
exact procedure: (1) take the battery out of the Caller ID box you want
to defeat. (2) Either attach the battery to the phone line
positive-to-ring or positive-to-tip, or throw the battery in the garbage
(it makes no difference which). (3) Presto! The Caller ID box has been
successfully defeated, as with no battery it won't work!
Think that's weak? At least that idea works. The Logic Box won't.
Your best bet for technological defeat of Caller ID is the Orange Box.
Plausibility: About as plausible as a Harry Potter novel. In other
words, it's just pure fantasy.
Obsolescence: Since this is based on the idea that a phone call is
connected all the way to the receiving line prior to
answer, this idea was obsolete 20 years ago when the
switches supporting that kind of call started
disappearing rapidly. Of course, Caller ID cannot be
transmitted to or from such antique switches, so the idea
never even got to be obsolete.
Skill: Most of the too-good-to-be-true "boxes" are written for
someone with just enough technical skills to ride the bus
to Radio Shack without soiling himself, and the Logic Box
file is no exception.
Risks: You risk possibly annoying your local phone company, and
you may possibly experience lower sound quality while the
battery is hooked up. And, of course, you risk being
thought a fool.
------------------------------------------------------------------------
Mirror Box
(Caller ID Box)
The Mirror Box is, in today's terms, basically a garden variety Caller
ID box. When it was originally conceived, however, it was something else
entirely. In earlier versions of this document, I had lumped it in with
the Lame (Consumertronics) Orange Box because the text file I had on
this suggested that it operated much the same way.
However, recently the original inventor of the Mirror Box contacted my
colleague Death Me0w and and told him a couple of interesting things.
First, his text file had been woefully misquoted in the proto-cyberspace
that was the BBS underground where I originally got wind of its
existence.
Unfortunately the misquotes changed enough details about the Mirror Box
that it seemed really unlikely - since the purpose of this document is to
cut through the bullshit and lameness of the 80's textfile scene, the
record needs to be set straight on the Mirror Box.
Second, as early as 1983, Ma Bell was experimenting with an early form
of today's Caller ID service in two market areas, and the Caller ID
signal was present in those areas on every subscriber's line for some
time, unbeknownst to the public.
That means that someone with the correct hardware, living in the correct
market area, really COULD get free Caller ID at one time, if he knew it
was there and how to exploit it. And now, Fatal Error has shown that he
did just that.
Plausibility: Very. It may never be known how many local exchanges
temporarily had free Caller ID without the public being
aware of its existence, and I am sure that the
tantalizing question of who, besides phone companies and
Fatal Error, DID know about and exploit Caller ID, will
make an excellent future text file.
Obsolescence: Both totally obsolete and not at all, depending on how
you look at it - FE's original Mirror Box would likely
need little or no modification to work as a regular
Caller ID, but now that Caller ID is both widespread and
profitable, don't count on it going free any time soon.
Skill: To reverse engineer the Caller ID stream in the absence
of any published data is a notable accomplishment.
Building the combination of hardware and software
necessary to decode the stream would have been far beyond
the author's wider audience, but may have been understood
and even possibly duplicated by some members of the inner
circle of hackers FE originally wrote for.
Risks: Assuming construction was competent, there would have
been very little risk of being detected using the device,
and if caught, the worst liability one would have faced
would be a tariff violation - connecting an unauthorized
device to the pre-divestiture phone network. It seems
unlikely that Bell, wanting to keep quiet about this
technology, would have exposed it by prosecuting someone
for using it without authorization...
------------------------------------------------------------------------
Neon Box
(Direct Audio to phone line)
The Neon Box text file is just instructions for how to connect an audio
source, for example a sound card, directly to the phone line. You risk
frying your audio source if you do it, because most tape recorders/sound
cards are not designed to cope with the 90 VAC ringing voltage on the line.
Get an FCC Part 68 interface if you're serious about sending direct audio
into the line from an arbitrary source. Or hack up an old phone and use the
mic line as your audio input.
Plausibility: Perfectly plausible until someone phones you, then your tape
recorder starts smoking and stops working and the whole idea
fades into fantasy.
Obsolescence: N/A
Skill: Very basic.
Risks: You're likely to wreck your equipment, and probably your
phone line.
------------------------------------------------------------------------
Orange Box (Lame One)
(Get ANI for free???)
This box has only ever been mentioned in Consumertronics' "Beyond Color
Boxes", which is suprising since that book was compiled from the same
public domain sources as this file's reference materials. It's possible
that the Orange Box chapter was added by the publisher (along with who
knows what else?) in order to be able to say that the book wasn't 100
percent plagiarized from TAP and text files. Since I don't have the book,
and can't read John Williams' mind, I won't say.
The Orange box is alleged to provide a Caller ID service, without
subscribing to Caller ID, without the phone company even needing to offer
it. Now this is very fishy indeed because the terminating switch generates
the Bell 202 data stream that Caller ID is transmitted on, so if your local
switch is too old to support Caller ID, then this box - as described - is
just plain impossible.
But there are some clues given as to where the idea may have come from.
First, the article mentions a "special Sony answering machine" that has an
Orange Box built in. Then it mentions that many fax machines can be
programmed to respond only to other fax machines that it has been
programmed to respond to - without the use of Caller ID to determine which
machines are "on the list" then they call.
A little digging turned up a nifty device that basically acted as a
password front end for your phone line - someone calls your number, and
gets a voice prompt asking them to key in their phone number. You would
then see the number they keyed on a display and could choose to pick up and
talk, hit a "reject" button that hangs up on them, or let them eat silence.
This sounds incredibly lame on the surface but it's useful in that you
could have friends and family enter fictitious numbers that act as
passwords - as long as the password holders don't talk to each other, you'd
be relatively sure which password holder was on the other end when they
called.
Protected fax networks work much the same way - most faxes allow the
originating phone number to be programmed into the header and transmitted
in the initial handshake. I suspect that the "special Sony answering
machine" might have simply been a password protected model, nothing more.
Caller ID data can only be transmitted when both the originating and
terminating switch support it, and to the best of anyone's knowledge, can
only be extracted if the receiving party already subscribes to Caller ID,
or used *69 after the fact. ANI can be provided if you are a large WATS
subscriber, a telco service provider, or a 911 emergency call center. ANI
uses a separate line and special telco-supplied hardware(*), and is quite
costly. It will, additionally, work where Caller ID won't, because it's an
older service, and one not meant for the mass market as Caller ID is.
Plausibility: The Lame Orange Box is absolutely implausible. You can't
get blood from a stone and you can't get Caller ID before
pickup without the service. I'd point out that no plans
or even a functional diagram are ever given.
Obsolescence: This field is irrelevant because the box never existed.
Skill: This field is irrelevant because the box never existed.
Risks: This field is irrelevant because the box never existed!
(*) 2002/09/27 Update: Recently, some local telcos have announced the
availability of ANI-via-Internet for certain enterprise customers...
this could make for an interesting combination hacking/phreaking
venture to intercept that data and possibly even do what the Lame
Orange Box claimed to do - get free ANI for any line! But if
anyone's doing this now, they're not talking.
------------------------------------------------------------------------
Orange Box (Not Lame One)
including the Vermilion Box variation
(Spoof CID data against certain Caller ID Boxes)
This Orange Box has been confused with the other Orange Box but this one
does something different - it spoofs Caller ID while the other is alleged
to give Caller ID service where none exists.
The "Not Lame" Orange Box exploits the "Call Waiting" Caller ID feature by
spoofing the tones that activate the feature and then the Caller ID stream
itself. It's an advanced construction project and I'm sure that the
textfile's author hasn't built it. But, if you were to trigger the spoofed
stream immediately after the called party picks up (remember you can't do
it before then) then you can make his display box say whatever you want it
to. Give it the number of Bill Gates' personal assistant's personal
assistant. Make it say "Free Kevin". Whatever. The problem with this,
though, is that all Caller ID boxes have memory, and so does the person who
looked at the box *before* he picked up. So not only does your victim have
to have a Call Waiting Caller ID but also be either monumentally lazy,
stupid, or both, for this to be effective. Not that there's any shortage
of stupid and lazy people in this world.
One addition to this that has been discussed in alt.phreaking is the
possibility of getting around the memory problem by flooding the box with
dozens of fake Caller ID streams, so that its memory is emptied. Perhaps
certain boxes respond to a control code that does this instantly but the
rest of them will require some time - enough for the victim to notice that
something really weird is going on - for all that data to come through at
1200 baud...
The Vermilion Box, for the stout of heart, allows you to get around the
Orange Box's major limiting factor: the fact that fake caller ID can
only be sent after the called party has answered. This requires
physical access to the target's phone line from an extension or the
demarcation point, and involves creating a fake ring signal to alert the
On-Hook Caller ID terminal, followed by a spoofed On-Hook Caller ID
stream. Visit www.artofhacking.com for the original Vermilion Box plan.
2002/07/31 Update: Some time last year I noticed a lot of members of
alt.phreaking asking after a software orange box - but none
existed. So I wrote one. S.O.B. or the Software Orange Box
closely emulates most flavours of North American Caller ID and
has been used to prove the Orange Box concept both by myself and by
the Caller ID panelists at H2K2 this year. And the yelp made
by a (somewhat dimwitted) friend of mine made when his Caller
ID box started saying "UR FIXERS BITCH" in mid-conversation -
priceless! -=( TF )=-
Plausibility: I used to think this was a marginal idea that makes some
pretty big assumptions about the intended victim. But I
have much less faith in human intellect now and actually
believe this box may work against a lot of people. Just
don't lose sight of the fact that the Orange Box is, in
large part, a Wetware hack.
Obsolescence: This will last as long as inband Caller ID.
Skill: Since the author of the textfile didn't include any plans or
even specific signal information, you would have to do a
considerable amount of research and design before you even
begin to build it. Or you could download S.O.B. and be a 1337
0range b0xer right now!
Risks: Your real phone number (or the fact that your Caller ID data
is blocked) will still be in the Caller ID box's memory just
before your spoofed data.
------------------------------------------------------------------------
Pandora's Box
("Pain Field Generator")
This is a stupid idea from some twit who probably saw an ad for a "Phazor
Pain Field Generator" in the Consumertronics catalog. It's supposed to
cause terrible pain to everyone in its range through specially tuned
ultrasonic bombardment, but in fact it's just a 555 oscillator circuit that
drives a speaker barely loud enough to hear across the street with an
audible signal.
Plausibility: The real thing is strictly Area-51 spook stuff. The text
file version will totally not work.
Obsolescence: Irrelevant.
Skill: You need to be able to read a schematic diagram and build
the basic 555 oscillator, which every electronic hobbyist
has done at some point.
Risks: You risk being thought a fool, or perhaps beaten to death by
whatever it was you were trying to fend off with it.
------------------------------------------------------------------------
Phuck Box
(Uses call forwarding to exploit overlapping toll free zones)
This isn't really a box.
Most areas have overlapping toll-free calling zones (A and C), where two
areas that may be a long distance call between them have, in common, a
geographical area that is not long distance to either point (B).
So, (A) must pay LD to call (C) and (C) must pay LD to call (A) but (A) and
(C) can both call (B) for free, and (B) can call (A) and (C) for free.
Sometimes there are one-way exceptions, check your local calling rate
sheet.
Anyway, if someone in (B) forwards their calls to someone in (C) then
anyone in (A) could call (B) for free and get forwarded, toll free, to the
person in (C). This is the idea behind the Forwarding Phuck Box.
BBS Operators have used this trick for years to allow more people to call
them toll-free without the high cost of a regional 800 number, but the
textfile authors suggest having Call Forwarding turned on for an unwitting
mark and then beige boxing the mark's house to set the forwarding
destination. Only thing is, if you can spend the gas money to drive to (B)
everytime you want to call (C) from (A), you'll probably find it cheaper
just to pay Ma Bell for the call instead.
I think a Gold Box would be a better solution, especially one installed in
a business where the phone is never used after hours. As long as only local
(to the box) calls are made, it should last a very long time. You could do
this at work, and call BBSes and ISPs downtown from the suburbs without
having to pay for optional extended local service or LD! And it's only when
you start charging LD calls that eyebrows would get raised in Accounting.
Plausibility: The BBS version of this is real, but I think the textfile is
full of shit.
Obsolescence: Only works where the forwarding party pays for forwarded
toll calls and the forwarded does not pay for forwarded toll
calls. This is the norm and is actually getting more common,
not less.
Skill: Very little skill involved.
Risks: If you do as the text file suggests, you're beige boxing and
therefore prowling and therefore at risk of being seen. Not
good.
------------------------------------------------------------------------
Plaid Box
(Enable Touch Tones on a rotary line)
The "Plaid Box" is simply the reversal of the Ring and Tip lines on your
tone phone. The idea here was that Touch Tone phones only worked in a
certain polarity, and on rotary lines, the polarity was the reverse of that
needed to run a tone phone. When you ordered tone service, all the telco
did was reverse the polarity of the line. By reversing the wires, you
reverse the polarity yourself.
Since there are no rotary lines anywhere near where I live, and since tone
dialing no longer costs extra, I have no way of testing this "box."
Overall, it's obsolete.
Plausibility: It has the "ring" of truth but until someone who Plaid Boxed
back in the old days emails me, I won't really believe it.
Obsolescence: Since most telcos don't charge for tone service anymore
anyway (well really they do, most raised the rates for a
"basic" line at the same time they made tone dialing a
standard feature) this really is a pointless idea today.
Skill: Almost none required.
Risks: I imagine that the phone company would have creamed its
jeans over the possibility of making an example out of
someone caught stealing a 90 cent per month service that
actually costs the telco less to provide than the free
alternative, but I've never heard of this happening.
------------------------------------------------------------------------
Poor Man's Electro-Bastard Box
(Annoy the hell out of someone)
This basically is a blinking christmas light (the kind where if you plug
it into a string of them, they all blink) in series with a phone line.
With a suitable resistor, this may work - the light would blink, the
line would be cut off when the light is off, back on when the light is
on, and it would be impossible to use the line.
However, the file tells you to hook the flashing bulb directly in series
with the line, which goes between 12 and 48 volts just hanging up, and
of course has 90+ VAC when ringing. The filament of the bulb is meant
to operate at 6 volts or so. It would take a voltage regulator and a
clever resistor network to make this idea survive one typical voltage
change!
Plausibility: I have my doubts as to whether this was actually tried as
described in the text file.
Obsolescence: Will last as long as phones do.
Skill: As described, very little skill is needed but to actually
make it happen, you need to have a strong electronics
background.
Risks: If you're adding this to an unsuspecting mark's line, all
the usual beige boxing/prowling risks are there.
------------------------------------------------------------------------
Ringback "Box"
(Use *66 Callback to simulate a ringback service)
This is a little line gadget that depends on the *66 call return service to
simulate a Ringback. Unfortunately it requires that you have physical
access to both the line you're calling from and the line you want to
provide the ringback, and if those lines are both yours then you have to
pay the 50/75 cents for the *66 service each time.
With these requirements I have to wonder why you couldn't just call one
line from the other? I mean, you're bud boxing two lines and you need a
ringback and you don't have a number for a telco ringback, so why didn't
you just bring two bud boxes?
It's a cute idea, but really not very useful in the real world.
Plausibility: This device will work. No problem there. But the real
question is why?
Obsolescence: *66 is not a very old service. This will be around for
a while.
Skill: A simple electronic construction project, not for someone who
is deathly afraid of gadgets but not seriously difficult for
anyone else.
Risks: Only the usual risks associated with bud/beige boxing, plus
the risk that if you do happen to be doing this illegally on
someone else's line, the ring back will almost certainly ring
another phone on the premises too, possibly compromising your
secrecy.
------------------------------------------------------------------------
Scarlet Box
Satan Box
Tone Box
(Creates very bad connection)
(See also Noise Box)
The Scarlet Box was written by someone who never tried it. All it does is
short out the victim's phone line, when its purpose is supposed to be to
create line noise. If you use a direct piece of wire the phone company will
be around shortly to fix the problem as a dead short is very undesirable to
them. If you use a resistor the line will just stay open all the time.
Whoop-de-doo.
The Tone Box is not much different from the Scarlet box.
The Satan Box is similar but its purpose is to cause interference on
cordless phones. Which can be overcome by changing the channel. The plans
say to use a 49 MHz remote controlled car remote but they don't explain how
that's supposed to work on 900 MHz and 2.4 GHz phones...
Plausibility: None.
Obsolescence: N/A
Skill: None to speak of required.
Risks: You still have to prowl around the victim's house to install
it.
------------------------------------------------------------------------
Snow Box
(micropower UHF television transmitter)
The Snow Box is not a phreak box, it's a TV transmitter. It belongs in the
Pirate Radio file section of underground boards, and is only mentioned here
because (a) it's called a Box, and (b) it appears so often among phreak
boxes.
Unless you are planning on doing your own version of the Razor and Blade
show, and have been turned down by your cable community access channel, the
Snow Box is of very little use to you as a phreak.
Plausibility: 100% real, pirate TV is a well documented phenomenon.
Obsolescence: Works wherever there are UHF TVs to receive your signal.
Skill: Successful pirate TV requires advanced skills. You
don't just hook up your camcorder to a Mr. Microphone
and start making Ted Turner quake in his boots.
Risks: Pirate TV and Radio stations are busted all the time.
------------------------------------------------------------------------
Talkie Box
(Eavesdrop on cordless conversations with a 49 Mhz Walkie Talkie)
It's no accident that you can't just buy a 49 MHz walkie-talkie at Radio
Shack and start listening to 49 MHz phones, because 49 Mhz is just a
general band description that covers dozens of channels in many
applications. Baby monitors, walkie talkies, cordless phones, remote
control toy cars, etc., all operate on different channels in the 49 MHz
range.
What the Talkie Box does is take one of those walkie talkies, or baby
monitors, and re-tunes it to a channel used by cordless phones. In this
way, you can eavesdrop on phone calls where a cordless phone is used. This
seems fairly simple but in fact those products don't just come with tuning
dials like radios that let you start using unauthorized channels.
Normally, the way to retune the walkie talkie is careful adjustment of the
alignment coils, which is a lot trickier than it seems, and even more so to
get it back where it was.
And you can still do the same thing with any cheap scanner.
Plausibility: Quite plausible but not worth the effort.
Obsolescence: 900 Mhz phones, digital spread spectrum phones, 2.4 GHz
phones and the like are pushing the older 49 Mhz phones out
of the market. Eventually there won't be any left.
Skill: The skill needed to do this properly is considerable.
Risks: Signal interception is one of the few illegal pursuits of
interest to phreaks where there is very little risk and the
risk actually is lowest if you stay at home!
------------------------------------------------------------------------
Time Box
(Cut off a line at a specified time)
The author of the Time Box file doesn't really explain what the practical
use of this "box" is, only what it does. Which is, cut off a phone line
at a specific time, using a dime-store electrical timer.
I suppose one could use this to prevent roommates from using one's private
line when one is at work. Or you could attach the thing to someone's phone
line at the outside grey box, phone them up and say "Hi, this is the phone
company. We did not receive your payment of $4,672 for long distance calls
and we sent you four notices, so we are going to cut off your service at
1pm today." And then the box makes good on it. Quite a prank.
Plausibility: Sure, it can be done. But like so many boxes covered in
this file, "why?"
Obsolescence: Not really an issue.
Skill: Minimal understanding of electronics needed.
Risks: Use it on someone else's line and you can be caught in the
act.
------------------------------------------------------------------------
Power Box and Tron Box
(Free Power)
The Power Box is nothing more than stealing electric power by bypassing the
meter. The power company WILL notice this, if you don't kill yourself in
the attempt. Remember, the voltage through the meter is 220 volts, not 110.
It will kill you twice as dead.
The Tron Box is a series of capacitors which supposedly slow the meter
using the reactance of the box's circuit. The claim is that the more power
you use, the slower the meter will run. If constructed and plugged in, in
fact a Tron Box will explode. No shit - the capacitors are rated at 50
volts, your line is 120. And they are electrolytic, meaning polarized,
meaning unsuitable for use in an A.C. circuit. Ever see a big filter cap go
foom? I have. It's ugly, smelly, messy, unpleasant and LOUD.
Since I wrote the first version of this report, I have received mail from
two different sources claiming that something like the Tron Box does exist,
and that there's a video or news expose which explicitly shows how it's
used, but I have yet to see it. If anyone has this video I'd appreciate a
copy for review in the next revision. With that said, however, the one in
the text file will not work.
Plausibility: Zero. Both were written by idiots who knew not what they
were talking about. The Tron Box probably came from The
Anarchist Cookbook or some similar publication which is
widely suspected of being produced by the U.S. Government
with deliberate misinformation so that would-be American
neo-Revolutionaries kill themselves in the attempt to
overthrow The Man. Certainly no one in the boardroom of Con
Ed would be upset at the news of a college communist who
electrocutes himself frying... err... trying to get some
free juice.
Obsolescence: N/A.
Skill: The Man is counting on your lack of skill...
Risks: Electrocution, fire, arrest for attempted theft of service.
On the upside, you risk being nominated for the coveted
Darwin award.
------------------------------------------------------------------------
Blaze Box
(Set off fire alarms by remote)
I'm not going to give this one a lengthy review, as its usefulness is
severely limited to the very stupidest high school kids.
Basically it lets you set off a fire alarm (like, duh, in school) by remote
so that you avoid (a) being spotted pulling the lever and (b) getting
sprayed by those fire alarm levers that spray the puller with indelible ink
to foil pranksters.
The text file goes into lengthy detail about a servo motor actuator to be
installed carefully behind the lever (which has to be removed first); a
procedure too lengthy to not be noticed by the wrong people and far beyond
the attention span of most individuals who would be inclined to do
something as pedestrian as start a false fire alarm in the first place.
Plausibility: Actually there are quite detailed instructions, enough that
someone with way too much time on his hands could do this,
provided that the fire alarm levers at the school in
question are *exactly* the type mentioned in the file.
Obsolescence: I don't think this one really has a life cycle.
Skill: Successfully doing this would be a waste of talent.
Risks: Great chance of accidentally setting off the alarm at
installation, and a long procedure makes it likely that
you'll be caught.
------------------------------------------------------------------------
Pewter Box
Make a Speaker out of a Hard Drive
I might not have even included this "box" in the Review if it had not
been published in the Fall 2002 issue of 2600. I might have put this in
the jokes section if it weren't for the fact that a hard drive's heads
are positioned by a device called a Voice Coil, which also happens to be
what drives a speaker. So yes, you can make a speaker out of a dead
hard drive.
I can only surmise that 2600 had run out of useful articles when they
decided to print this.
Plausibility: Oh yeah, pump up da volume on your 1337 Seagate speakers.
Obsolescence: See Below.
Skill: See Below.
Risks: All these are rated about the same as any of the "hoax"
boxes in the next section.
------------------------------------------------------------------------
------------------------------------------------------------------------
Jokes and Parodies
------------------------------------------------------------------------
------------------------------------------------------------------------
Assassin Box
(Zap your enemies by phone)
This is along the same general lines as the Spike Box, but with some
adaptation might actually do something. Unlike the Spike Box, this is
connected directly to your victim's phone line. The victim picks up the
phone and gets electrocuted. The plans given in text files tell you to
connect a battery but the problem is that phone lines actually operate on a
higher voltage than the battery they prescribe. Now, if you changed this to
a power source that kicked out a few dozen kilovolts, you'd have something
useful.
Plausibility: None to speak of.
Obsolescence: N/A.
Skill: You need better electrical skills than the guy who wrote the
text file, that's for sure.
Risks: You have to prowl around outside your victim's house for a
prolonged period, your chances of not being caught aren't
good.
------------------------------------------------------------------------
Blotto Box, Spike Box
and
Bottle-Nosed Grey Dolphin Box
(A bad joke that went too far, supposed to shut down an area code with
overvoltage)
It amazes me that even today, from time to time, someone still posts a
serious question as to whether the Blotto Box works. This started out as a
parody years ago, and has been worked into serious textfiles by several
writers who mostly just want to "see their name in lights".
The Blotto Box purports to cause such grievous damage to the phone company
that an entire area code would be taken out. This is done by sending high
voltage down the line.
There are lots of things wrong with this, not the least of which is that
the outside plant (i.e. all that copper overhead) is riddled with circuit
breakers, fuses, gas discharge devices, etcetera. And this makes sense,
because if a 220 volt Honda generator could bring an area code to its knees
as the Blotto Boxers claim, then the first lightning strike would destroy
the whole system.
Second, the file suggests using a Honda portable generator. Depending on
the model you'll either get 110 volts or 220, which you can get from
household outlets anyway. Why waste the money to rent a generator?
And it amazes me that the authors never thought of instead hooking up a
Tesla coil, which typically would produce over 100 kilovolts - and due to its
high frequency, might actually jump a blown breaker and cause damage a
little further down the line than your local loop! HellO!!! The kicker is,
someone else did think of this. They called it the "Spike Box". The claim
there is that you can electrocute a dialled victim, burn their house down
by phone, etc. Suuuuuure.
If you want to get the phone company's attention, a parcel full of manure
sent to their security department would be more effective than blowing out
one subscriber loop.
Then there's the Bottle-Nosed Grey Dolphin Box, which is supposed to be
more of a revenge tool against a specific line than a way to k-phuck the
phone system. It claims you can generate 500 volts by attaching eight
capacitors (it doesn't give the values of those capacitors) in series to a
9 volt battery. It's also claimed that this box doubles as a Taser. Gimmie
a break!
Plausibility: Zero. Just writing this was a waste of my time.
Obsolescence: N/A - it never worked anyway.
Skill: Duh, two jumper wires, it's too compelcated fur me, George.
Risks: You'll just get in shit for nothing.
------------------------------------------------------------------------
Mauve Box
(No-contact tap)
Let me start by saying that the Mauve Box is pure unfiltered bullshit. It
claims to be able to tap distant phone lines by using a "magnetic field"
which you generate by running your phone line through a bucket of mixed
soil and iron filings. No way is given as to how to direct it to tap a
particular line.
Anyone who's taken Grade 7 science knows the Mauve Box is a joke file, and
I think a lot of people who would have flunked elementary school would also
hold a pretty big suspicion about it. It's that obvious.
Of course, no-contact taps *are* possible, you just have to wrap a
pickup coil around an insulated phone line, amplify the incredibly weak
signal and you're a phreak. But the Mauve Box claims to be able to do
this from a distance - that's even beyond the capability of TEMPEST.
Plausibility: Zero. The file tries really hard to make itself look
plausible but the total disregard for scientific reality
gives it away anyway.
Obsolescence: N/A
Skill: You'd have to have a skill level below zero and an IQ to
match to think of following the Mauve Box instructions.
Risks: You might hurt your back shoveling the soil, otherwise none.
------------------------------------------------------------------------
Paisley Box
(Bad joke, supposed to sieze a TSPS operator's console)
The "Paisley Box" is just a parody file. Its file description on BBSes
implied that you could sieze a TSPS operator's console, but what you
actually get is a file which will get you drunk and electrocuted (and it
says so).
This parody is mentioned only because even to this day, the Paisley Box is
still described in file lists everywhere as a serious phreak box.
Plausibility: None. It was a joke. Enough already!
Obsolescence: N/A.
Skill: How much skill does it take to drink a keg of beer?
Risks: Electrocution, alcohol poisoning, possibly getting
STDs from equally drunk scene sluts after you're
done.
------------------------------------------------------------------------
Rainbow Box
Idiotic Box
Executioner Box
Toast Box
(Destroy enemy's phone line)
This is another joke file. It's supposed to take out your enemy's phone
line and everything around it by simply plugging 120 Volts AC into it. In
fact, the worst that can happen is you'll set off a circuit breaker. The
Idiotic box is a more recent rewording (and more accurate title) of the
Rainbow Box. The Executioner Box is the same thing as the Rainbox Box
(and gives that textfile major props) but with all the tongue-in-cheek
stuff about needing to be stupid to do it removed. I guess he's made it
so simple you can Executioner Box with an IQ of 1 or less now.
The Toast Box expects you to do this with the flash circuit in a
disposable camera. Yes, the 600 or 700 volts used to fire the flash
tube is higher than the 120 volts of the line but the flash is very
brief and will really not damage any telephone devices on the line that
have any surge protection at all. Now, if you have a computer connected
directly to the line via its sound card using one of the stupider
direct-connection schemes I have well-debunked in other parts of this
file, then you can expect some problems, but normal phone equipment
should survive Toast boxing. I'm not even going to go into the fact
that the author's understanding of electronics is almost zero and that
the capacitors he tells you to add will more likely lessen the effect
than anything else.
Plausibility: None. The original Rainbow box file actually says you
have to have an IQ of 2 or less to use it.
Obsolescence: N/A.
Skill: Almost none.
Risks: Electrocution. Getting to know most phreakers' final
box: the Plain Pine Box.
------------------------------------------------------------------------
Urine Box
aka Zap Box
(Kill/Maim Enemies by phone)
The text file for this box starts off seeming pretty normal, until you get
to the part where it tells you what it does. That's where the file takes a
sharp left turn into the Horseshit Zone.
It claims to create a "capacitive disturbance" in the victim's phone line.
By remote, from your line. Turn up the "disturbance" enough and you can
melt the victim's phone or make his body explode. They don't explain
why the army is still trained to fight wars with bullets like a bunch of
chumps when they could be using high-tech capacitive disturbances...
Probably the most glaring error with this is that even if this were
possible, the same conditions would have to exist on your line too, meaning
you'd be lying there dead and/or gibbed while your intended victim is still
going "Hello? Hello?".
But even that isn't going to happen. The Urine Box is just another
adolescent grab at notoriety and nothing else.
Note that recently another version of the Urine box has been making the
rounds. The "Zap Box" is the same text file as the Urine box with the
credits re-typed. Not that anyone could think of anything lamer than
STEALING credit for this "idea".
Plausibility: None whatsoever.
Obsolescence: N/A.
Skills: Irrelevant.
Risks: If you're dumb enough to believe it works, you will probably
screw up the construction and damage your phone line.
------------------------------------------------------------------------
Puce Box
Ultra G-9000 Box
(Who knows???)
These "boxes" are pure joke files and don't really claim to do anything.
It's kind of a waste of bytes to write anything at all about files like
that but if by doing so I can prevent them from contaminating legitimate
H/P archives, then it's worth it.
------------------------------------------------------------------------
Zip Box
(Add/Remove account features on a line, become an operator, change
your phone number, etc)
I'm convinced that the Zip Box is a hoax. Allow me to explain.
The box starts off with some very large promises - it claims to be able
to exploit a brand new service for line technicians called "ONCO". This
is supposedly a high speed data service that lets technicians connect a
portable terminal to a line and perform all kinds of maintenance and
account management functions from the customer's line. It can also make
you an operator, disable the line completely, change its phone number,
and so on. In other words, polymorphic TSPS operator capability.
The Zip Box is claimed to be able to emulate the functionality of this
terminal with a USB Zip Disk drive - the USB signals from the drive are
supposed to be compatible with the ONCO system. And all you have to
have on the disk is some DTMF tones. But it doesn't say in what digital
format the tones should be - MP3, WAV, AU, IFF, whatever, or even what
OS format the ZIP disk should be compatible with. So right away you
have an unusable text file.
Being well acquainted with the adage that "if something seems too good
to be true it probably is", I took note that ONCO is supposed to be a
product of Bell Labs and did a search at www.lucent.com for ONCO,
CotTalk, ONCOCT and other permutations of ONCO mentioned in the
textfile. What did I find? Diddly squat. The same with wider searches
on Excite, goto.com, and Lycos. If you can't find a Bell Labs/Lucent
product at Lucent, it's probably an "imaginary" Bell Labs product.
I should point out something important here: For the phone company to
offer this kind of control directly from a subscriber line would be a
huge step backwards (security-wise) to the days when Blue Boxes worked.
I would think they've learned their lesson.
Plausibility: None whatsoever. It's a hoax.
Obsolescence: Not applicable.
Skills: Irrelevant.
Risks: You'll probably fry the USB interfacing chip in your Zip
drive, especially if the phone rings while it's connected.
------------------------------------------------------------------------
------------------------------------------------------------------------
------------------------------------------------------------------------
|
