This is in reply to a thread that was going on a while back, and here is the
basic meat of the thing:

> Silver boxes produce extended DTMF tones, A,B,C,D etc. You can do this
> with a modem. That why they're safe?
> Blue boxes don't work any more. And anyways, the phone company switching
> tone will no longer be 2600 eventually.
> Red boxes work. At the moment. There are easy, cheap, ways to filter them
> out. (The tones they produce) Basically, when the telco fix a phone, they
> add a filter.
> Yeah, i think it's the cyberden guys, they sell that kind of stuff.
> Easier and cheaper to make/obtain it yourself though.


Just to add a few random thoughts?:

1) Silver Boxes revisited:

As the message above points out, the "Silver Box" allows the user to
generate the extended DTMF keytones, these are also called by some:
"The Autovon tones", since you all know they were originally developed
and used on the military Autovon network, allowing Autovon users
various levels of "precedence" for a given call on that network. They
were as follows:

Flash Overide
Flash
Interrupt
Priority

Those of you who are interested, can find any number of old "G-Files"
written on the use and abuse of Autovon. In my opinion let us suffice
to say that utilization of the Autovon network was limited by most
phone Phreaks, since it really didn't allow you to access much of
anything. Sure you could prioritize yourself all along the trunk
network and in the process maybe raise a few eyebrows, but not much
else. I played with it a bit, got bored and moved on to more
interesting things.

We come now to the second (more useful & fun) use of the "silver box",
which relied on the fact that a particular brand of Automatic Call
Distributor (ACD), once used quite frequently by AT&T Directory
Assistance (DA) positions, just happened to utilize the same set of
keytones (ABCD) to place the ACD into a maintenance mode. Knowledge of
this allowed us to manipulate said ACD from a remote location (home).
Once the ACD was placed into its maintenance mode, the phone Phreak
could,  by use of various DTMF key combinations, access many
interesting features, one in particular was quite useful, this was the
ACD Loop feature, by pressing a DTMF 7 one would be placed on one side
of a testing loop incorporated into the ACD itself, Another "Silver
Boxer" calling the Same DA position, could enter maintenance mode and
Send a DTMF 6, and be placed on the other side of the same loop. Since
Pre-divestiture calls to DA positions were for the most part free,
this enabled silver boxers essentially "free" calls to each other,
especially since (800) DA would for a long time allow this. Another
interesting feature was the ability to place ones self in a position
to Intercept, and thus "Answer" incoming calls to that DA position, It
essentially let you become a DA operator!, you can imagine the hours
of fun one could have here. Unfortunately, this method of "Silver
Boxing" was long ago "corrected" by the various BOCS/RBOCS/etc.,  and
the last "Silver Boxable" DA position I knew of was Alaska's (907)
NPA.


2) Red Boxing:

In my opinion, Redboxing should simply be called toll fraud, since
doing it requires little, or no understanding of the phone system
whatsoever. I place it on about the same level as using a Sprint, or
MCI code to make a free call. There are a few ways to go about getting
yourself a red box, the first and easiest is to make yourself a "Poor
man's Redbox" ("King Blotto" - was the first I saw use this term),
which is to simply have someone call you from a fortress fone and
deposit 5 or 6 quarters whilst you record them, and then playing them
back when you want to "box" a coin call. The second method involves
building yourself one either from scratch, or by modifying some other
piece of hardware, again plans for this abound all over the place.
Lastly, you can get yourself a fortress fone and disassemble it, and
grab the "Redbox" built into it. (It's interesting to note that on
"Northern Telecom" Coinstations (which are by far the best made), the
"Redbox" is an actual "Mechanical Device", which consists of a tone
producing circuit, and a mechanical "interrupter wheel" to space the
tonepair bursts.) This method is generally more trouble than it's
worth, but it does produce the most reliable source tones. A little
bit on the "workings" of a Coin call, and why a Redbox works. When one
places a toll call from a coin station the system buffers the dialed
digits, and forwards them to ACTS (Automated Coin Toll System). ACTS,
Using the calling number and the called number, Consults a Toll
database, computes the amounts of money required to place the call,
and Prompts the caller to deposit the required amount.  ACTS then
listens for the "Coin Deposit" tones, tallies them until the initial
deposit amount has been reached, and then releases the buffered digits
and allows the call to progress as normal. an OSPS/TOPS operator can
also provide you with the same service, however ACTS was developed to
relieve the TSPS (predecessor to todays OSPS position) of exactly
this. This is the reason a Redbox does not "simply" work for a local
call. ACTS is not required for a local call since all calls within the
coin stations calling area are a flat 25 cents, there is no reason to
even utilize ACTS, and the coin station/CO utilize a ground test to
determine if a coin has been deposited. (ala David Lightman in
wargames). In effect, on local coin originated calls the system is
"Not listening" for the coin deposit tones to determine coin entry
(even though the coin station dutifully produces them). Lastly the
second party vendor coin stations (called by some: COCOTS), use an
entirely different (internal) method for handling toll billing, and
generally a red box would be useless against them.


3) Blue Boxing, 1993:

Contrary to popular belief, blue boxing is still possible. Most surely
it is not the easy game it once was, however the enterprising Phreak
can still sniff out a few holes in the network that would allow
him/her to utilize inband (MF) call signalling procedures. The reason
90% of would be blue boxers are done in, is due a feature of Common
Channel Interoffice Signalling (CCIS), or "out of band" signaling.
Briefly; CCIS is a system in which the call routing information is
sent on a separate "data channel", than the voice (or Audio) portion
of the call. The pre CCIS or "old" method, had both voice/audio AND
call routing information being sent on the same pair. Not only does
CCIS totally ignore any "MF" tones sent down an associated Voice
circuit, it has the "VICIOUS" habit of muting Forward audio on the
Voice circuit when it detects a loss of supervision at the destination
end. (however it allows the distant end to continue to pass audio to
you, so you can hear the various "call progress" tones, such as busy,
Intercepts, etc..) This  "little" feature is (mainly) what spells
disaster for todays Blueboxer, and the reason is this: There are
plenty of non-CCIS exchanges left in the United States, and thus will
respond nicely to MF signalling, however when you dial directly to one
of these, you are 99% assured of crossing some portion of the TOLL
network that is CCIS equipped, and in doing so you are faced with the
"problem" of the audio muting. I'm sure several of you have met with:
Placing a call to a rural exchange, blowing the "infamous" 2600hz to
be rewarded with the reassuring "kerchink!", "oh man, TRUNK! you say
to yourself", and then, no matter what you send at it, you end up with
a reorder, damn!  - why?  As soon as you applied 2600hz, supervision
at some point "PAST" the CCIS link was lost, CCIS "sees" this, and
Mutes further audio from your end. So your trunk is sitting there
nicely awaiting "KP+all kinds 'o fun stuff+ST", but you, unfortunately
can not get them to it. This by no means is the ONLY problem that
todays boxers are faced with, just one of the bigger ones. There is
also the _DEADLY_ "BLUE BOX REPORT", ( of which my old friend "Phantom
Phreaker", first pointed out to me). This report is generated
regularly by SCCS, and forwarded to the Corporate Security Center for
evaluation. This "system" is constantly looking for strange behavior,
odd tones, strange supervisory conditions, etc.. They WILL catch you
eventually, in fact "they" are pretty good at catching boxers in
general.


Things have changed greatly since the days that I, and my friends
explored the telephone system, and discovered some of its many
wonders. Security is downright _MEAN_, laws have been written,
programs are better, etc. I would not trade for anything, the memories
I have, nor the friends I have made over the years pursuing my
"hobby". Today though, things are changing so rapidly that I sadly,
cannot even hope to keep up with it all. To me at least, the telephone
system will always remain a most interesting beast.

April 21, 1993

The Marauder
Legion of Doom!


V��R��T.813