Phone Color Box Addendum Version 2.0
By
Cyber Thief
Introduction
Battery Boxes
Beige Boxes
Black Boxes
Blue Boxes
Clear Boxes
Clockwork Orange Boxes
Conference Boxes
Diverter Boxes
Green Boxes
Red Boxes
Silver Boxes
Tape Boxes
White Boxes
Conclusion
----------------------------------------------------------------------------
Introduction
Welcome to Phone Color Box Addendum Version 2.0! The purpose of this series
is to discuss some of the popular (and not so popular) phone color boxes.
Over the years, hundreds of box files have been written. Most of these boxes
perform illegal functions and many of them still work today! Therefore I
must warn you that I will not be held responsible for your actions if you
decide to put your knowledge to use. This manual was compiled for
informational and educational purposes only and the author does not condone
illegal activities. By downloading and reading this text you agree to be
bound by the terms of this disclaimer.
Also, let me take this moment to say that I will not tolerate the
unauthorized copying or editing of this manuscript. You may quote from the
book as long as credit is given to me. Feel free to distribute this on
web pages, ftp, bulletin board systems etc. as long as the file is in it's
original unedited form. Please do not make any edits without my explicit
written permission. If I find that this file is being distributed in an
incomplete form I will stop writing updates. We will cover a lot of ground
in this book and if you want to see more in the future you'll heed this
warning. Now with that behind us, we'll proceed....
Enjoy,
Cyber Thief '98
-----------------------------------------------------------------------------
Battery Boxes
The Battery Box is any device that is used to circumvent the muted
mouthpiece on Bell pay phones. Construction is fairly simple and the usage
is straightforward.
First take a little trip to your local Radio Shack and pick up the
following items...
(1) 9 volt Battery (Rat Shack Cat # 23-583)
(1) 9 volt Connector (Rat Shack Cat # 270-324)
(2) Alligator Clips Preferably Red and Black.
All totaled the Battery Box costs around $5.30 (excluding tax).
Schematic
9 volt Connector ------- \\\\\\\\\\\\\\\\\\\\\------{
/ / \\\\\\\\\\\\\\\\\\\\\-----{ Gator Clips
------ Wires
\/ \/
_/\__/\__
| |
| |
| BATTERY |
| |
|_________|
First, you'll have to strip the free ends of the 9 volt connector. Now,
carefully solder the two alligator clips onto the wires and you are
finished.
You'll have to find a pay phone that is muted, and make a few minor
modifications before you can use the box. You will need a pair of tin snips,
a pocket knife, and needle nose pliers for this procedure.
Lift the handset and look underneath the mouthpiece. Look for the blue cord
protector directly under it. This tube covers the hole where the sheath runs
into the handset. Take your pocket knife and cut the top of the tube off so
it becomes free. You should now be able to slide the tube up and down the
sheath easily. Now take your tin snips and make a cut where the blue tube
was located. Do not cut too far into the sheath because you may damage the
wires inside. Once you have made the cut, use the needle nose pliers to pull
out the wires inside. There should be five wires. One of the wires is air
craft cable which is difficult to cut. Obviously this is done to deter theft.
Ignore this wire and turn your attention to the other four wires. Two of
them should be white. These wires lead to the ear piece of the handset and
are of no use to you. The remaining two wires should be colored RED and
BLACK. These wires run to the mouthpiece. Pull out the Red and Black wires
and strip them. In case you haven't noticed the wires are the same color as
those on the 9 volt connector. Attach the Red gator clip to the core of red
wire and the black clip to the core of the black wire. Now plug in the
battery and lift the handset. If all went well the mouthpiece will be clear!
If the piece is still muted, adjust the clips until you hear a quiet
crackling noise in the ear piece. Blow into the mouthpiece, and you should
be able to hear the side tone. If not, keep adjusting the clips. Making a
clear connection is probably the hardest part of the procedure.
The mute inside the pay phone is controlled by voltages. When the handset
is lifted, current is allowed to flow freely from the phone to the ear piece.
However, the current running to the mouthpiece is stopped by a capacitor.
This creates the "mute" so commonly described by phreaks. When a ring tone
is detected by equipment in the phone, the voltage is increased making
conversation possible. So, essentially the Battery Box works by compensating
for the voltage loss caused by the capacitor.
------------------------------------------------------------------------------
Beige Boxes
The Beige Box is simply a homemade lineman's handset or "butt set". It is
easy to construct. Head over to your local Radio Shack and pick up these
inexpensive items...
(1) Modular plug to spade lugs connector Cat# 279-391 (1 foot)
279-310 (12 foot).
(2) Alligator clips with screw terminals. Cat# 270-375
(1) Small Phillips Head Screwdriver.
(1) Phone with mute button and keypad on the handset (optional).
The next three items are not needed for construction but could be useful.
(varies) modular to modular connection jack. Cat# 279-358
(varies) 25ft phone cord with standard modular plugs. Cat# 279-356
(varies) New 100ft phone cord with standard modular plugs. Cat# 279-460
Take two alligator clips (preferably red and green) and use the screwdriver
to loosen the screw terminals. Look at the spade lug to modular plug set.
It should have four wires, red, green, black, and yellow. We will be
working with the red and green wires. The black and yellow wires are of no
use to you, and can be cut off. Now take the spade lug to modular plug set
and place the prong of the red wire under the screw terminal on the red
alligator clip. Tighten the screw. Now, place the prong of the green wire
under the screw terminal on the green alligator clip. Tighten the screw.
Attach the modular plug to your phone. You now have a Beige Box!
A phone with a mute button is highly recommended because you would not
want your victim to hear you eavesdropping on their conversation. I also
recommend using a phone that has the keypad and the hang up button on the
handset because this will make your life easier. You could also buy some
25-100 foot phone extension cords to create distance between you and your
terminal box. You will need the modular to modular connector jacks if you
use more then one extension cord. All of this and more can be found at
your local Radio Shack.
Adding a mute switch
You may wish to add a mute switch to your Beige Box. This makes remote
eavesdropping more convenient. Open your phone and locate the hot lead
running to the microphone. This is usually the red wire. Cut this wire and
solder one end to a pole on an SPDT switch. Solder the other end to the
second unused pole. Drill or melt a hole in the handset and mount the
switch. You should now be able to toggle between mouthpiece on and off.
Adding a Black Box
Traditionally the Black Box is a device used to deceive Bell's billing
equipment. However, it can be rather useful when used in conjunction with a
Beige Box. Check out the Black Box plans in the next chapter and follow
the installation instructions. However, you will need to use a 10K 1/2 watt
resistor as opposed to the 1.8K 1/2 watt resistor prescribed in the plans.
This will keep the voltage low so you can safely eavesdrop on conversations
without detection. Turn on the Black Box prior to hooking up your Beige
Box clips. Lift the handset and you should hear a faint dial tone. If you
hear someone talking, feel free to listen in. If you get the dial tone, hang
up, turn off the Black Box and lift the handset again. You'll get a
normal dial tone. You are now free to dial out!
Adding more portability
Here are plans for making a Beige Box from a cordless phone. This is an
excellent idea because it allows you to remain a safe distance away from
the terminal box while placing your calls. This is an excerpt from a file
written by PISS (People Into Serious Shit).
First, go get yourself a cordless phone (the smaller the better) at a
garage sale--make sure it works. Open the base unit up and take out
all the stuff inside--keep it intact. Now if you found a reasonably
small cordless the pile of electronics you pulled out should fit
comfortably into the palm of your hand. Get yourself an empty coke
can...use a can opener or the like, to cut out the top of the can
where the drinking hole is. With any luck you will wash and dry the
inside of the can. Place the ball of electronics into the can. Now
rig a line with alligator clips...just like you would if you were using
a beige box....By now you are probably wondering what you are going to
do about the little power cord and transformer that are also attached
to the little bundle.....there are a few possibilities.
1) Look at the manufacturer's marking on the case of the phone...and
the transformer...find the voltage the phone uses...usually around
6 volts or so...now go buy/steal (whatever you do) a battery that is
the same voltage that the base unit uses. Connect it to the base unit
end of story...but the second one is better.
2) If you prefer a more permanent arrangement you can hard wire the
power from the house along with the phone wires.
Water proofing the box
Some of you may wish to leave your Beige Box at the location once you
have successfully connected, and called from it. If you are planning
on this you have to be sure that your Beige Box can withstand rain, snow,
hurricanes, tornadoes, freak storms, tidal waves, and any other problems
that may arise before your next visit. At this time, I'll let Deviant take
over so he may describe his ultimate water proof Beige Box design in
detail.....
Materials:
---------
1 Sucrets box (plastic, with the little round window on it)
2 alligator clips (bigger the better)
2 wires (preferably red/green)
1 wall jack (smaller the better)
1 roll of electrical tape
----------------------------
| | \
| SUCRETS | \
| | |
| ----- | |
| | | | |
| ----- | |
\--------------------------\ |
\ \ |
----------------------------
1. Open the lid, you must punch out the round clear plastic disc with a
knife. This hole will be where you plug your phone into.
2. Take your wall jack, and take the electronics part out of it. Connect
the red wire of yours to the screw with the red lead, and the green one
to the green lead. Attach the alligator clips to the loose ends of
your wires.
3. Tape the wall jack (with out the wall plate of course!) to the lid of
the box. The hole where the phone is inserted is to be facing the hole
on the lid. You want your wires to be facing the far end of the box
(opposite end of the hole). On the other end you will need to cut a small
little hole so that the wires can leave the box with the lid closed.
side view (opposite end)
-------------------------------
| cut here |
|-----------------------------|
| ~~~~ <-------|----cut here so that the wires can come
------------------------------- out to be plugged into the house.
4. If you've done everything correctly, you can plug your phone into the
view hole, into the phone jack. Then you plug the 2 wires into the house
(assuming you already know how to beige box)
5. As a last step, we wrap the box in electrical tape (black) so that it
stays shut, and is harder to be seen...
In addition I would like to add that you may also want to consider
wrapping your cord as well as your phone in duct tape. Another trick
is to find some Tupperware large enough to fit the phone. Drill a small hole
on the side and run the cord through it while the phone is safely concealed
inside. You may want to wrap this in tape too, or bury/hide it well.
Before you start making those free calls you'll have to know where and
how to connect your Beige Box. First you'll need to locate a master terminal
box. A terminal box is usually a gray or blue colored box that can be found
either on a telephone pole or the side of a house. Most boxes can be easily
opened by gripping the bottom half of the lid and pulling up. Some boxes
have protection but most don't so you shouldn't have to worry about it.
You could also throw on a pair of gloves if you are concerned about the
Gestapo finding your finger prints. Once inside, you should see tons of
wires and some bolts in a square pattern that looks something like
this...
* *
*
* *
The bolts may be labeled. If they are, one bolt will be labeled "R" or
"Ring". Another bolt will probably say "T" or "Tip". The Ring is the bolt
on the BOTTOM RIGHT. You will connect your red alligator clip to this bolt.
Now, connect your green alligator clip to the bolt on the BOTTOM LEFT, this
is the Tip. Memorize this saying; "Right, Red, Ring". This will help you
remember which bolt to connect your red clip to. At this point lift the
handset and you should have a dial tone. If not, try adjusting the clips
so they are not touching each other, or any other wires. If you still don't
get a dial tone you could try attaching your green clip (tip) to the other
bolts (the red clip always stays in the same place). If you get a fuzzy dial
tone a quick adjustment of your clips should solve the problem. It is
recommended that you disconnect the phone before connecting the alligator
clips. This will reduce static.
Another target of Beige Boxers is the Bridging Head. Bridging heads are
those little green or gray boxes on the side of the road every few miles.
Like terminal boxes, bridging heads are also easy to open. If it is unlocked
(most are) simply take a 7/16 inch hex driver and turn the security bolts
1/8 of a turn to the right. Hold the bolt, and turn the handle to the left
while pulling upward. The box should open. If the bridging head is locked,
put a hammer or crowbar in the slot above the top hinge of the right door
and pull hard. Once inside you should see a mess of wires and bolts. You may
connect your alligator clips in the same fashion described above.
Once you have a clean dial tone, dial an ANAC number and listen carefully
to the information provided. The purpose of dialing the ANAC number is to
find out whose line you are on (you wouldn't want to use your own)!
At this point you are free to do whatever you like. Here are a few
suggestions in case you're still clue less......
* Blue Boxing with a reduced risk
* Conference calling through the Alliance
* Eavesdropping
* Free Internet and BBS access
* Free Long Distance and International Calls
* Free Calls to 1-900 numbers
* Harassing your Enemies
* Harassing the Operator
* Prank calling with a reduced risk
* Scanning with a reduced risk
I don't think this list needs much explanation. Just remember that Beige
Boxing is nothing more than adding another extension to someone's line.
Once you're on the extension you can do what you wish.
Here are some helpful phone numbers...
0-700-456-1000 Alliance Conference
1-800-346-0152 ANAC
1-888-324-8686 ANAC
1-561-780-2411 ANAC
Watch out for terminal alarms
If a terminal or bridging head is abused severely the telco may add an
alarm to it. The alarm system usually consists of two or three wires that
run inside and around the outside of the terminal. You'll know the terminal
is trapped if you can't open it without cutting or moving the wires. Don't
cut the wires! Doing so will activate a silent alarm at Bell's office.
Instead, find another terminal or go to Radio Shack and pick up some 30
gauge wire. Cut a piece of wire several feet long. Strip both ends of the
wire and attach insulated gator clips to each end. When finished the wire
should look like this...
Gator clip }------\\\\\\\\\\\\\\\\\\\\\------{ Gator clip
30 gauge wire
Count how many alarm wires are on the terminal and make your own special
wire for each one. Now, take a pocket knife and strip the first alarm wire
in two places. If the wires run vertically make one cut below the terminal
and another above it. If they run horizontally, make one cut to the
left of the terminal and another cut to the right. Make sure to strip the
SAME wire in two places. Attach one of the gator clips to the first cut,
and the second gator clip to the second cut ON THE SAME WIRE. Repeat this
procedure for each additional alarm wire. Once all the wires are rerouted,
cut the alarm wires between the clip connection that prevent you from
opening the terminal. The alarm should not go off.
Safety first!
Here are some safety tips that will make your next venture a success...
1. Use a cordless Beige Box or one with an extension cord.
2. Use more then one terminal. It is a good idea to use other terminals
randomly, and never overuse any terminal.
3. Choose a secluded spot to do your Beige Boxing. In other words find a
place where it is unlikely you will be seen or interrupted by others.
4. Keep a low profile, never use your real name when writing or telling
other hackers about your adventures.
5. Place a piece of tape between the door and frame of your terminal
before you leave. Check to make sure no one tampered with it during your
absence.
6. If confronted by a police officer, or anyone else, cover your face and
run like hell!
7. Schedule most of your activities late at night. I would recommend
starting no earlier then 12:30am and ending no latter then 4:30am.
8. If you find one of your terminals has been tampered with in anyway, leave
immediately and do not use that terminal ever again.
9. If someone picks up the phone during one of your conversations, say in a
stern voice "This is xyz phone company. We are testing this line,
please hang up immediately." (Replace the xyz with the name of your local
telco).
------------------------------------------------------------------------------
Black Boxes
The purpose of the Black Box is to make free calls. When a Black Box is
on a line, all calls TO that line are free. Traditional Black Boxes only
work under Crossbar and Step by Step. They will not function under ESS or
DMS. Most Black Boxes consist of a switch and a resistor. More sophisticated
versions have LEDs, ring stoppers, and other features.
The following plans came from an anonymous source. They outline simple
construction and testing. The first schematic will work with most phones.
The second schematic is for phones that did not work with the first mod.
Schematic One
** LED ON: BOX ON **
FROM >--------------------GREEN-> TO
LINE >--! 1..8k LED !---RED--> PHONE
!--/\/\/\--!>--!
! !
------>/<-------
SPST
Parts: 1 1.8k 1/2 watt resistor
1 1.5v LED
1 SPST switch
You may just have two wires which you connect together for the switch.
Schematic Two
** LED ON: BOX OFF **
FROM >---------------GREEN-> TO
LINE >------- ---RED--> PHONE
! LED !
-->/<--!>--
! !
---/\/\/---
1.8k
Parts: 1 1.8k 1/2 watt resistor
1 1.5v LED
1 DPST switch
Here is the PC board layout for the schematics above. This is optional.
Schematic 1 Schematic 2
************** ****************
* * * ------- *
* --<LED>--- * * ! ! *
* ! ! * * ! <SWITCH> *
* RESISTOR ! * * ! ! ! *
* ! ! * * ! ! / *
* -------- ! * * ! ! \ *
* ! ! * * ! <LED>! / *
* --SWITCH-- * * ! ! \ *
* ! ! * * ! ! / *
L * ! ! * P L * ! ! ! * P
I>RED- -RED>H I>RED- ---RED>H
N>-----GREEN---->O N>-----GREEN------>O
E * h * N E * * N
************** E **************** E
Testing the Box
Once you have hooked up all the parts, you must figure out what set of
wires go to the line and which go to the phone. This is because of the fact
that LED's must be put in, in a certain direction. Depending on which way
you put the LED is what controls what wires are for the line & phone.
Hook up the box in one direction using one set of wires for line and the
other for phone.
NOTE: For Model 1 switch should be OFF.
NOTE: For Model 2 switch should be set to side connecting the led.
Once you have hooked it up, then pick up the phone and see if the LED is
on. If it is, the LED will be lit. If it doesn't light then switch the wires
and try again. Once you know which are which then label them.
NOTE: If neither directions worked then your switch was in the wrong
position. Now label the switch in its current position as BOX ON.
Once your Black Box is complete, you can test it. Have a friend call you
long distance. When the phone rings, flip the switch from the Normal
position to the "free" position or Black Box on. Answer the phone and chat
for awhile. If everything was done correctly, the caller should not get
charged.
The reason the Black Box works is voltages. When a phone call is received
the voltage on your line raises to 48 volts DC to activate the ringer.
If you choose to answer the phone, the voltage drops to 10 volts DC.. The
telco monitors this and billing starts when the voltage drops. The Black Box
keeps the line voltage above 10 volts so the billing process is delayed. As
long as the box is on the caller won't be billed. Since the old Crossbar and
Step by Step systems have a direct audio connection prior to the billing,
the caller can talk without being charged.
This brings up a few problems. Foremost, you are at risk of discovery if
the call is operator assisted. For this reason you should NEVER leave your
Black Box on continuously. Tell your long distance friend to call you
collect with a special code name. Refuse to accept the charges and hang up.
Then have them call you direct while the Black Box is on.
Another problem is the fact that the box gives the appearance to the telco
that the phone was never answered. Two hours of ringing is definently not
a normal occurrence. Therefore, I recommend that you keep your calls short.
Anywhere under thirty minutes should do.
It has also been documented that the box will cause a disconnection if a
local call is made while it is on. So, be sure that the call is long
distance before you activate the box. Remember that any extension phones
on the same line must be disconnected or equipped with boxes in order
to fool the billing equipment. Even if one phone has the Black Box feature
disabled, billing will start.
Unfortunately, Black Boxing, like so many other forms of phreaking, is
becoming obsolete. This is due largely to the quick expansion of ESS, DMS,
and other computer controlled switches. Black Boxes will not work under ESS
because there is no direct audio connection between the two parties until
the receiver is lifted. By this time, billing has already begun. To find out
if ESS has been implemented in your area, answer these four simple
questions:
1. Do the pay phones in your area give a dial tone first?
2. Do you dial 911 for emergencies?
3. Does your phone company offer services such as call forwarding,
call waiting, voice mail, and Caller ID?
4. When the handset is lifted on your phone, is the dial tone
immediate?
If you answered yes to most or all of these questions, ESS is operational
in your area. Traditional Black, Blue, and Green Boxes will be useless.
However, it will be beyond 2000 before ESS is fully implemented world wide.
Until then, some boxing will be possible. If your local toll switch is
electromechanical, and audio is passed before the handset is lifted, the
Black Box will still work. Otherwise pack up and go home.
In the Phone Color Box Addendum version 1.0, we discussed the reasons Black
Boxing no longer works. However, some recent findings indicate that it is
very much alive in more places then we expected. The following plans were
emailed to me four months ago...
Materials
1] A 36 VOLT ZENER DIODE.
2] A CERAMIC OR MYLAR CAPACITOR OF 0.1 MICROFARAD.
3] A ELECTROLYTIC CAPACITOR OF 1.0 MICROFARAD.
YOU CAN GET THESE AT YOUR LOCAL RADIO SHACK DEALER.
FIRST YOU HAVE TO OPEN UP YOUR PHONE. YOU SHOULD NOTICE THREE WIRES COMING
IN FROM THE BACK OF THE PHONE, A GREEN, RED, AND YELLOW. MOST OF THE TIME
THEY CAN DIFFER. DON'T WORRY ABOUT THE YELLOW WIRE, WE WILL NOT BE USING
THIS. YOU WILL NEED TO FIND THE MOST POSITIVE OF THE REMAINING TWO WIRES.
(ALMOST ALWAYS THE GREEN WIRE). NOW CONNECT THE BANDED END OF THE ZENER
DIODE TO THE MORE POSITIVE OF THESE TWO WIRES. "IN SERIES". YOU HAVE JUST
COMPLETED THE FIRST STEP.
FOR THE SECOND STEP YOU NEED A CERAMIC OR MYLAR CAPACITOR OF 0.1
MICROFARAD. YOU CONNECT THIS "IN PARALLEL" ACROSS THE DIODE. THIS IS NEEDED
TO ALLOW THE DIODE TO PASS VOICE SIGNALS.
NOW FOR THE FINAL STEP TAKE YOUR ELECTROLYTIC CAPACITOR OF UP TO ONE
MICROFARAD WITH ITS '+' END CONNECTED TO THE BANDED END OF THE DIODE AND THE
OTHER END SHOULD BE CONNECTED TO THE ANODE END OF THE DIODE.
According to some sources these are plans for an improved Black Box that
WILL function under ESS and DMS. Unfortunately, I have not had the
opportunity to test them, but I have since spoken with a number of
individuals who swear they work. If you have any additional information on
improved Black Box designs please get in touch with me. Believe me, I'll
make it worth your while.
------------------------------------------------------------------------------
Blue Boxes
Blue Boxing is the manipulation of the phone system using supervisory
MF (Multi-Frequency) tones. Blue Boxes have several illegal applications
but are most often used to make free long distance and international calls.
Bell first discovered Blue Boxes were being used in 1961. They implemented
countermeasures to control it in 1964. Since that time, Blue Box usage has
declined rapidly and is pretty much non-existent today.
Note: Unless you're interested in learning about a historic method of
phreaking, I suggest you skip this section since you won't be able to
put any of these techniques to use now.
Now that those people are gone, let's continue. I imagine you'll want to
know how to build the box. Construction is complicated so I'll let Jester
Sluggo field this one...
This Blue Box is based on the Exar 2207 Voltage Controlled Oscillator.
It does not support CCITT.
+---------------------------------------+
| Items needed to construct a Blue Box. |
+---------------------------------------+
Here is the list of items you will need and where you can get them. It
may be a good idea to gather some of the key parts (the chips, and especially
the potentiometers, they took about 6 months to back order through Digi-key. A
whole 6 fucking months!) before you start this project. Electronics tools
will be necessary, and you might want to test the circuit on a bread board,
then wire-wrap the final project. Also, you will need a box of some sort to
put it in (like the blue plastic kind at Radio Shack that cost around $5.00).
Note: An oscilloscope should be used when tuning in the
potentiometers because the Bell system allows
only a 7-10% tolerance in the precision of the
frequencies.
Qty. Item Part No. Place
---------------------------------------------------
1 | 4 x 4 Keypad | | Digi-Key
6 | Inverter Chip | 74C04 |
32 | Potentiometer | |
1 | 4-16 Converter Chip| 74LS154 |
1 | 16 Key Decoder | 74C922 |
2 | 2207 VCO | XR2207CP | Exar Corp.
3 | .01 uf Capacitor | 272-1051 | Radio Shack
5 | .1 uf Capacitor | 272-135 | Radio Shack
2 | 1.5K Ohm Resistor | | Radio Shack
2 | 1.0K Ohm Resistor | | Radio Shack
1 | Speaker | | From an old Autovon phone.
1 | 9 Volt Battery | | Anywhere
The resistors should be a +/- 5% tolerance.
The speaker can be from a regular telephone (mine just happened to be from
an old Autovon phone). But make sure that you remove the diode.
The Potentiometers should have a 100K Ohm range (but you may want to make
the calculations yourself to double check).
The Exar 2207 VCO can be found if you call the Exar Corp. located in
Sunnyvale, California. Call them, and tell them the state you live in, and
they'll give the name and phone number to the distributor that is located
closest to you. The 2207 will vary from about $3.00 for the silicon-grade
(which is the one you'll want to use) to about $12.00 for the high-grade
Military chip.
Note: When you call Exar, you may want to ask them to send you the
spec-sheets that gives greater detail as to the operation and construction of
the chip.
+-------------------+
| Schematic Diagram |
+-------------------+
+--------------+ +-------------+
| 1 2 3 A | | Figure #1 |
| 4 5 6 B | +-------------+
| 7 8 9 C | | Logic Side |
| * 0 # D | +-------------+
++-+-+-+-+-+-+-+
1 | 3 | 5 | 7 | (VCC)
| 2 | 4 | 6 | 8 (+5 Volts) +----+
| | | < u | | | [+] | _|_
| | | | | | | | | | \_/GND
+--+-+-+-+-+-+-+-+----+ +--+----------+---+
| 2 | 11| 10| 7 | | | 14 7 |
(.01C) | | 3 | 4 | 8 | 1 12+------+1 |
+--||---+5 13+------+2 (*74C04*) |
_|_ | | | |
\_/GND | (*74C922*) | +-----------------+
+--||-+6 |
|(.1C)| |
_|_ | |
\_/GND | 9 17 16 15 14 18|
+--+--+--+--+--+---+--+
| | | | | |
_|_ A B C D |
GND\_/ | | | | [+] (VCC) [+] (VCC)
| | | | (+5 volts) | (+5 volts)
| | | | |
-------+--+--+--+------------------+-----------------
| 23 22 21 20 24 18+-+
+-----+12 | +--+
| | (*74LS154*) 19+-+ _|_
_|_ | | \_/
\_/GND | 1 2 3 4 5 6 7 8 9 10 11 13 14 15 16 17 | GND
+--+--+--+--+--+--+--+--+--+-+--+--+--+--+--+--+----+
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16
| | | | | | | | | | | | | | | |
| (Connects)
| +---------->
+------------------------+ | (Figure 2)
| +--+ +-------+
| | | |
+--+-------+--+-------+---+
| 3--|>o--4 5--|>o--6 |
| (Invtr.) (Invtr.) |
+---------------+7 |
_|_ | (*74C04*) |
GND\_/ (VCC) [+]--+14 |
(+5 volts) | |
+-------------------------+
+-------------+ _
| Figure #2 | / |
+---+-------------+----+ +----------------+ |
| Tone Generation Side | _|_ | | SPKR
+----------------------+ GND\_/ +---+--+---+ |
| | \_|
| |
| | +---------------+
+-------+ | | | |
| _|_ | +--+14 |
| \_/GND | | (Repeat of) |
| | | (First) |
----- (.1C) | | (Circuit) |
----- | | |
| | | (*XR2207CP*) |
| +-----------------+ | +--+6 |
| | | | | | |
[+]-----+-------+1 14+--+ | +---------------+
(VCC) | | +--------------------+
(+9 Volts) +----+2 | |
| | 12+---------------------+ |
(.01C) ----- | | _|_ |
----- | (*XR2207CP*) | \_/GND |
| | | 1.5K Ohms |
+----+3 11+---+---\/\Rx/\/---+--+ |
| | | | _|_ |
| | +---\/\Rx/\/---+ \_/GND |
| | 1.0K Ohms |
| 10+----+ |
+-------------+6 9+----+---+ |
| | 8+----+ | |
| | | ----- (.1C) |
| +-----------------+ ----- |
+---------+ _|_ +----------+
| | Pot. GND\_/ Pot. | |
| \/\/\/\/--+-----------------------\/\/\/\/ |
| 1400 Hz. | 1600 Hz. |
+---------+ | +----------+
| | Pot. | Pot. | |
| \/\/\/\/--+----------------+------\/\/\/\/ |
| 1500 Hz. | | 900 Hz. |
| | | |
| 14 more | | 14 More |
| Potentiometers | | Potentiometers |
| in this | | in this |
| area left out | | area left out |
| for simplicity | | for simplicity |
| | | |
| | | |
|
(Connects) |
<-------------+
(Figure 1)
+-------------------------+
| Multiplex Keypad System |
+-------------------------+
First, the multiplex pattern used in the 4x4 keypad layout. I suggest that
keys 0-9 be used as the Blue Box's 0-9 keys, and then you can assign A-D, *, #
keys to your comfort (ie. * = Kp, # = St, D = 2600, and A-C as Kp1, Kp2 or
however you want).
Note: On your 2600 Hz. key (The D key in example above)
it may be a good idea to tune in a second
potentiometer to 3700 Hz. (Pink Noise).
Keypad Key Assignments Multiplex Pattern
+---------+ +-------------+ +------------+
| 1 2 3 A | | 1 2 3 4 | | 1 2 3 A |----Y1=8 X1=3
| 4 5 6 B | | 5 6 7 8 | | 4 5 6 B |----Y2=1 X2=5
| 7 8 9 C | | 9 10 11 12 | | 7 8 9 C |----Y3=2 X3=6
| * 0 # D | | 13 14 15 16 | | * 0 # D |----Y4=4 X4=7
+---------+ +-------------+ +------------+
| | | |
X1 X2 X3 X4
+----------------------+
| Blue Box Frequencies |
+----------------------+
This section is taken directly from Mark Tabas's "Better Homes and Blue
Boxing" file Part 1.
Frequencies (Hz) Domestic Int'l
----------------------------------
700+900 1 1
700+1100 2 2
900+1100 3 3
700+1300 4 4
900+1300 5 5
1100+1300 6 6
700+1500 7 7
900+1500 8 8
1100+1500 9 9
1300+1500 0 0
700+1700 ST3p Code 11
900+1700 STp Code 12
1100+1700 KP KP1
1300+1700 ST2p KP2
1500+1700 ST ST
2600+3700 *Trunking Frequency*
+----------------+
| Schematic Help |
+----------------+
This is the Key to the diagrams in the schematic.
_|_
\_/GND is the Ground symbol
| |
---| |-- is the Capacitor symbol
| | (.1C) stands for a .1 uf Capacitor
(.01C) stands for a .01 uf Capacitor
|
-----
----- is another Capacitor symbol
|
--\/\Rx/\/-- is the Resistor symbol (The 1.5K Ohm and 1.0K Ohm
Resistors are at +/- 5% )
---+
|
\/\/\/\/-- is the Potentiometer symbol (The frequencies I supplied
above are just examples.)
--|>o-- is the Inverter symbol
I would like to thank the United States government for furnishing
federal grants to this project. Without their financial help, I would have
had to dish out the money from my own pocket (Approximately $80.00. Egads!)
To understand how Blue Boxes are used to make free calls, you must first
understand how long distance and international calls are placed.
When one dials a long distance or international number, the central office
interprets the numbers dialed and uses this info to determine the
destination of the call. It then searches relevant trunk lines for a trunk
that is not being used. A non busy trunk emits a steady 2600Hz tone.
(If no empty trunk lines can be found the caller receives a busy signal).
When the central office locates an empty trunk line, it latches onto it and
disables the 2600Hz. The routing info for the call is now sent through the
trunk to the destination toll office. To send the routing info, the central
office first sends the KP (key pulse) tone followed by the number and
finally the ST (start) tone telling the toll office that the instructions
are finished. Thus to call the White House (202-456-1414) the following
information is sent: KP+2024561414+ST. All tones sent are not DTMF (dual
tone multi frequency), but MF (multi frequency) tones. Sometimes you can
hear these tones when placing a long distance call (in areas utilizing In
Band Signaling), but most of the time they are filtered out. When the called
party hangs up, the central office again sends the 2600Hz tone to indicate
a disconnection at the destination end.
Blue Box Usage to Place Fraudulent Calls
Blue Boxes simulate these tones to make free calls. The phreak would
usually start out by calling a toll free 1-800 number, a local number,
directory assistance, the operator, or a Black Box equipped line and
emitting the 2600Hz tone on his/her Blue Box when the phone is answered.
This makes the destination toll office believe the called party has hung
up. However, the trunk line is still open. Injecting 2600Hz for this purpose
is sometimes called "offing". The phreak now has about ten seconds to enter
the routing instructions in the form of KP+#+ST. The central office equipment
generally thinks these instructions originate from another office so they
are executed without question. Since there are no records of the MF tones
being dialed, the caller is not billed. When the call is eventually
disconnected the central office believes the caller hung up on a toll free
call.
The end is near....
Blue Boxing is almost completely obsolete in the United States, and is
rapidly declining in other parts of the world. This decline is due in large
part to the feature of ESS known as Common Channel Interoffice Signaling or
Out Band Signaling. Blue Boxing doesn't work under Out Band Signaling because
the MF tones are carried on special data lines not accessible to the boxer.
In the old days, supervisory tones were carried on the speech path along with
the conversation. This was known as In Band Signaling. There are virtually
no such in band switches left in the U.S. that still respond to MF tones.
However, it should be noted that in foreign countries in band signaling is
abundant. Unfortunately, one feature of CCIS called the forward audio mute
prevents boxing on foreign exchanges. The forward audio mute works much like
a kick back or 2600Hz detector. When a loss of supervision is detected at
the destination end (the injection of pure 2600Hz) the speech path is cut off
to prevent the phreaker from utilizing further MF tones. It was the
implementation of CCIS and the forward audio mute that ultimately sealed the
fate of the Blue Box. If a call is routed through an area using out band
signaling, the mute will be functional. In order to box successfully you must
dial out from an Inwats exchange or one of the few exchanges left that lack
the security features of CCIS. Until these holes are fixed, some U.S. boxing
will be possible.
Other countermeasures
Despite the non believers 2600Hz detectors do exist. Such devices routinely
sweep customer lines in search of the 2600Hz tone. If any abnormal activity
is detected, the call is disconnected and the phreak is notified that he/she
has been caught. In some cases, the police rush to the location and arrest
the phreak right in the middle of his/her call! This can usually be avoided
by adding pink noise to the tone. Most of the time frequencies between 3150
and 3700Hz are used to create the effects of pink noise. This method prevents
detection because the scanners check for pure 2600Hz tones only. If tone
mixtures were allowed, extraneous noise might set off the detection
equipment. The phreak modifies his/her box to produce the new tone which is
sent through the phone line upon calling a toll free number. The tone makes
it up to the central office where the Blue Box detection is taking place,
but goes unnoticed by the scanner. By the time the tone reaches it's intended
destination however, much of the pink noise is gone and it is clearly
recognized as a 2600Hz tone. A simpler trick would be to use a pay phone
or other phone where the fraud could not be easily traced back.
It is also important to keep in mind that some Blue Box calls are
discovered purely by accident. Remember that phone company personnel have
the legal right to listen to the call if they think it was boxed. So the
next time you tell your girlfriend how you would like to prove your love to
her, you'll know what at least one hand of a telco employee is doing.
Another common problem is the fact that the phreak must switch
from an unsupervised (free) line to a supervised (pay) line. Most of the
time a record will be generated of the switch because it is considered
abnormal. When the records are reviewed the fraud is easily detected.
Due to these and other countermeasures boxing is much less safer to perform.
------------------------------------------------------------------------------
Clear Boxes
The purpose of the Clear Box is to make free calls on post pay phones.
In post pay phones the mouthpiece is muted until coins are deposited.
Using inductive coupling techniques the caller's voice can be magically
placed in the ear piece allowing the conversation to proceed normally without
the deposit of coins.
Construction is fairly simply. Head down to your local Rat Shack and
pick up the following items...
(1) Dynamic Cassette Recorder Microphone Cat# 33-1067
(1) Mini Audio Amplifier Cat# 277-1008
(1) Telephone Induction Pickup Cat# 44-533
(1) 9 volt battery to run the amplifier
First put the battery in the amplifier. Second, plug the microphone into
the input of the amplifier. Lastly, plug the induction pickup into
the output (earphone jack) of the amplifier. You now have a Clear Box!
Testing
Find a phone with a mute button or switch. Attach the induction pickup
to the back of the ear piece. Turn the mute switch on, or hold the
button down. Call someone and speak into the microphone of your Clear Box.
To effectively use your Clear Box you must find a post pay phone. I've
never seen one personally, but supposedly they still exist in some rural
areas and in Canada. Attach your induction pickup to the back of the ear
piece. Pick up the phone and dial the number. You'll hear ringing and
hopefully the person you're calling will be home to answer the phone. Speak
into the microphone and they should be able to hear you.
On post pay phones you call the person and deposit your coins after they
answer. The mouthpiece is cut off until you insert the money. However, your
Clear Box uses inductive coupling to put your voice into the ear piece.
So, basically you can have a conversation without depositing money. This
method works because the phone will wait forever for the coins to be
deposited, and never time out.
Beige Boxing on Post Pay Phones
Unlike most telco owned phones, post pay phones are set up on a regular
line and require no extra equipment to operate. The billing is handled by
the phone itself not the Central Office as is the case with modern ACTS pay
phones. Many phreaks take advantage of this by attaching a Beige Box
(see section 2) to the line BEFORE the pay phone connection. Then they use
the line normally without having to mess with a Clear Box!
As far as I know Clear Boxing is relatively safe. Although, you might look
a little stupid talking into a microphone instead of the handset. I've never
heard of any countermeasures for Clear Boxing, although I imagine programming
the phone to disconnect after a specified time would "clear up" the problem of
the Clear Box.
------------------------------------------------------------------------------
Clockwork Orange Boxes
Not much can be said on the Clockwork Orange Box besides it doesn't
exist. The Clockwork Orange Box is a device which will supposedly steal
Caller ID service. Some crackpots claim that the box will also function in
areas where Caller ID is not offered. Even a basic understanding of modern
switching will tell you that this is nonsense. If you don't subscribe to the
service the CLID data is not on your line. If it was, then this would be a
real box and gray market companies would make a fortune selling
"Caller ID Grabbers".
------------------------------------------------------------------------------
Conference Boxes
The Conference or Brown Box is a real device that ties two lines together
to provide free conference calling. Although a two line phone would be a
better solution, not all of us have the bucks to afford one. Here are the
Conference Box plans typed up by Madd Max. Most of the parts are available
at your local Rat Shack...
Item Description
---- -----------
C1 10-uF, 50-volt electrolytic capacitor
C2 Another 10-uF, 50,volt electrolytic capacitor
C3 10-uF, 15-volt tantalum capacitor
R1 10K, 1/4 watt, 10% composition resistor
R2 100-ohm, 1/4 watt, 10% composition resistor
Q1 2N3904 npn silicon transistor
S1 Dpst toggle switch
S2 Another Dpst toggle switch
T0 Telephone coupling transformer, Microtran T2110 or equivalent
Some wire or a circuit board (Design your own)
Some electronic equipment
A box
A little patience
Notes:
The 'Item' is used to indicate where it goes in the diagram. You can
use any transformer which is rated at about 900 ohms both primary and
secondary, over the frequency range of about 300 to 3000 Hz.
Schematic
+ / C1 C2 / +
----,----* *------*------$-----@ @---------$----*----*----* *----------,-
Line 1 ' ! + @ @ + ! ! ' Line 2
' ! @ @ ! R1# '
' ! @ @ ! ! '
S1 ! @ @ \: ! S2
' Telephone @T0@ Q1 :--* '
' Set @ @ /: ! '
' ! @ @ ! !+ '
' ! @ @ R2# $C3 '
/ ! @ @ ! ! /
---------* *------*------------@ @--------------*----*---* *-------------
Key
Symbol Meaning
------ -------
- Horizontal Wire
! Vertical Wire
* Point where wire splits, separates, merges, etc.
/
* *
'
'
' A Dpst toggle switch
'
'
/
* *
$ Capacitor
# Resistor
@ To the Transformer
+ Positive end (of line or capacitor)
- Negative end
\:
:-- Transistor
/:
Usage
Pick up the telephone set and flip the first switch on. You should get a
dial tone. Dial someone and tell them to hang on. Flip the second switch and
you should get another dial tone. Dial another number. After they answer, you
should be able to talk to both of them and they should be able to talk to one
another. If you have 3-Way on one (or both lines) you can flip the switch
corresponding to that line on and off (RAPIDLY) to switch the 3-Way.
Notes: Because you went to all the trouble of making this with a transformer,
it should sound PERFECT!
Conference Boxes are legal devices so they should still work everywhere!
------------------------------------------------------------------------------
Diverter Boxes
The Diverter Box is a neat legal device that transfers an incoming call
to another phone line. Although the phone company offers similar services,
it is always cool to do it yourself. It essentially works like this: the
device is connected between two telephones. You call telephone A and are
connected to the dial tone of telephone B. Thus, you can make outgoing
calls on telephone B. A good Diverter Box is also capable of hanging up
both phones when the call is finished. There are several malicious uses for
such a device which we won't get in to (use your imagination). Here are the
plans typed up by Mavicon M.D. and the Ear....
Materials
RLY1 DPDT relay
T1 1:1 audio transformer
D1 1N914 or similar diode
D2 large LED
LMP1 neon lamp
R1 10 k
R2 photocell
R3 22 k
R4 47 k
Q1 2N2222, 2N3904, 2N4401, most any other NPN switching trans.
1 9 volt battery. The negative terminal goes to ground on the
schematic. Positive terminal to +9 volts.
The best way to assemble the design is to grab one of those small copper
lined perfboards from Radio Shack. They are nice to work on, and can easily
be trimmed down to a minimum size once everything is soldered in. The
process is the same as any other. Solder all the parts in per the schematic.
The photocell must be in a position so that the light from the neon lamp
(LMP1) and the LED(D2) both shine on it. All the polarity must be observed.
Whichever direction you put the led in, you must remember (color code your
wires, green is positive, red is negative, yellow is positive, black is
negative) the negative side of the line must go to its negative side. The
same goes for the transformer. The positive side of each line has to be
connected to the correct pair on the transformer. On the Radio Shack
transformers, put positive of both lines on the Red and Black pairs, the
negative on Yellow and White. Our prototypes have reached less that 1" x
1" in size.
NOTE: The entire thing MUST be wrapped in black tape. IT must be
light tight or you will have a relay that turns on with the sunrise.
The diverter works on some basic electronic principals. Step by step. The
phone rings. The neon lamp is activated by the high voltage(88 p-p) ac and
flashes. This light shines on the photocell, decreasing its resistance. When
this happens, the positive voltage flowing through the photocell and the
10k resistor exceed the breakdown voltage of the base of the transistor and
switches that transistor on. Once the transistor is on, current flows freely
from emitter to collector, energizing the relay. The relay's two sets of
switches connect both lines to the 1:1 audio transformer, effectively taking
both lines off the hook and coupling any audio signals from either line to
the other one. Once this happens, current is now flowing through the
transformer, relay/led loop. This current lights the led and that light
shines on the photocell. This keeps the device latched. The light from
the led keeps the photocell resistance low enough to keep the transistor on.
Now, you make your call and get on with your business. You hang up. Now, the
local CO keeps current flowing through the indial line for about 5 seconds,
at which point it drops down for a second or so and then goes back up. This
is the signal the device uses to determine when you've hung up. When the
current drops down, there is no light, & the photocell resistance raises
enough to turn the transistor off and delatch the entire system.
Schematic
+------------------------------------+
| | o +9V
| L1+ T1 | |
| o-------wwwww----------+ | |
| | | |
| L1- | | |
| o-------------+ | | o--------+
| | | | | |
| | | | | |
| | | | | |
| L2- | +---l----------l---------l--+ _____
o-------\ LMP1 | | | \| | | w | /^\ D1
R4 47k * | | | | |\ | w | /---\
--\/\/--/ | | | | | | | w | |
| | +-l----------l-----------l--+ |
| | | RY1 | | |
o L2+ +------+ | | |
| | o--------+
| | |
| | +------+
| D2 | /
| |\ | T1 | /
+----------| >|-----wwwwww---------+ /
|/ | 000
+--------- 000 Q1
| 000
oooo | \
o o 10k | \
o-------o-/\/\/o------------/\/\/---+ \
+9V o o R2 \ R1 |
oooo / 22k -----
\ R3 ---
| -
|
-----
---
-
------------------------------------------------------------------------------
Green Boxes
We learned in geometry class that every square is a rhombus but not every
rhombus is a square. The same holds true for the Blue and Green Boxes.
Every Blue Box is a Green Box, but not every Green Box is a Blue Box.
Since the Green Box is nothing more than selected Blue Box tones I was
reluctant to include it in the book. However, I decided not to omit it
because I've seen a lot of questions on the subject.
Supposedly the Green Box produces three pay phone control tones. The coin
collect, coin return, and ring back are the features currently supported.
In reality, they are just Blue Box tones used in a different context.
Green Tones Blue Tones
From fake@address.com Sun Nov 14 16:48:59 1999
Newsgroups: alt.phreaking
Subject: Phone Color Box Addendum V. 2.00 -Extended - pcba2e.txt [2/2]
From: fake@address.com (Pen 15)
Date: 15 Nov 1999 00:48:59 GMT
Coin Collect: 700 + 1100 = MF digit "2"
Coin Return: 1100 + 1700 = MF Key Pulse
Ring back: 700 + 1700 = MF ST3P
Since these are MF (Multi Frequency) tones, Green Boxers run the risk of
discovery since most switches now have anti-Blue Box MF detectors set up.
According to some text files the risk of MF detection can be eliminated by
emulating a 900 + 1500Hz or single 2600Hz "wink" prior to sending the
appropriate green tones. The "wink" is held for 90ms (milliseconds) followed
by a 60ms pause and finally the green tone for 900ms. The files never speak
of the risks of using pure 2600Hz. They also fail to inform the reader that
99.9% of the United States no longer uses In Band Signaling. Plus, most
modern pay phones collect the coinage after the call is successfully
connected rendering the Green Box useless. To make a long story short,
Green Boxes are obsolete. They are also dangerous. Playing green tones over
your line could set off MF detectors landing you in jail. Don't fuck with
this box. You'll just get in shit for nothing.
------------------------------------------------------------------------------
Red Boxes
The purpose of the Red Box is to make free pay phone calls. The Red Box
works by emitting tone bursts similar to those used by ACTS pay phones to
verify coin deposits.
There are probably a hundred and one ways one could build a Red Box. The
easiest way would be to modify the little tone dialer sold at Radio Shack.
Materials
(1) 33 Memory Pocket Tone Dialer. Cat# 43-146
(1) 6.5Mhz Quartz Crystal.
(1) Small Phillips Head Screwdriver.
(1) Flat Head Screwdriver.
(1) Soldering Iron
1. Put the tone dialer face down on a hard flat surface.
2. Remove the two screws at the top.
3. Remove the battery compartment cover and the four screws underneath it.
4. Slide the flat head screwdriver into the seam on the side of the dialer
and carefully separate the two halves. Be sure not to break the speaker
wires that hold the two halves of the dialer together.
5. Locate the crystal. In the older models it was a round silver cylinder.
In the newer models it is harder to locate. Look on the left hand side
of the dialer. You should see a square tan colored component labeled
"Z358M". This is the crystal we will be removing, which I might add is
exactly 3.579545Mhz.
6. Pull the crystal up and away from the circuit board. Break the glue that
is holding it down. Desolder this crystal and throw it away since it has
no real use in life.
7. Bend the leads of the new crystal so they fit exactly with the leads on
the board. Solder the crystal in place, and be sure both leads are
touching the leads on the circuit board.
8. You may want to place a piece of electric tape over the crystal to
prevent it from touching other components on the board.
9. Put the dialer back together carefully and replace the batteries.
Programming your Red Box
1. Turn the dialer on and flip the store/dial switch into STORE mode.
2. Now press MEMORY , * * * * * , MEMORY , P1. This is your quarter tone.
3. You can now program in additional quarters. You could also use the pause
feature to create a temporary silence between each set of tones. On my
Red Box P1 is one quarter, P2 is two quarters, and P3 is four quarters.
4. You could also program in the nickel and dime tones. For the nickel hit
MEMORY , * , MEMORY , P#. For the dime hit MEMORY , * * , MEMORY , P#.
Some Notes on Construction:
* If you want your Red Box to be REALLY accurate you could purchase a
non-VCO (voltage controlled oscillator) and use an oscilloscope to tune
it to 6.49Mhz.
* You may notice that the Red Box tones are a little slower than the real
pay phone tones. Although this doesn't matter. They are accurate enough
for the computer.
* I've heard some people insist that the 43-146 dialer CAN NOT be modified,
or is "hack proof". I know for a fact this is bullshit because my Red Box
is a 43-146 model constructed after 1996!
* The value of the crystal varies between 6.49 and 6.5536Mhz.
6.5536Mhz is more commonly used because it is widely available.
Although the tones produced by it are not very accurate. You will
encounter more operators if you use it.
6.49Mhz would be the IDEAL crystal to use, although they are
extremely rare. If you know someone who can make custom crystals,
go for it.
6.50Mhz is also difficult to find but it is much more accurate then
the 6.5536Mhz crystal. You can obtain a 6.50Mhz crystal from Mouser
and DigiKey.
Once the dialer has been converted, it can no longer be used as a standard
touch tone keypad. However, if you still want to use the touch tone features,
you can build a Combo Box. Here are the plans...
Materials
(1) 33 Memory Pocket Tone Dialer Cat # 43-146
(1) 6.49, 6.50, or 6.5536Mhz Crystal
(1) Tiny Phillips Head Screwdriver
(1) Flat Head Screwdriver
(1) Soldering Iron
(2) Pieces of wire
(1) Mini slide switch Cat # 275-407
(1) Pair of scissors
(1) Pocket knife
(1) Roll of electric tape
Procedure
--------
1. Put the tone dialer face down on a hard flat surface.
2. Remove the two Phillips Head screws at the top.
3. Remove the battery compartment cover and the four Phillips Head screws
underneath it.
4. Slide the flat head screwdriver into the seam on the side of the dialer
and carefully separate the two halves. Be sure not to break the speaker
wires that hold the two halves of the dialer together.
5. Locate the crystal. In the older models it was a round silver cylinder.
In the newer models it is harder to locate. Look on the left hand side
of the dialer. You should see a square tan colored component labeled
"Z3.58M". This is the crystal we will be removing, which I might add is
exactly 3.579545Mhz.
6. Pull the crystal up and away from the circuit board. Break the glue that
is holding it down. Desolder this crystal and DO NOT throw it away since
it has a use in this project.
7. Now cut two pieces of wire about four inches long, and use a pocket knife
to strip both ends.
8. Solder both of these wires to the leads on the circuit board where the
original crystal used to be. Route the other ends out through the vent
holes on the back of the dialer.
9. Now reassemble the dialer.
10. Look at the bottom of your switch. See the six prongs? Good. On one end
solder the 6.50Mhz crystal and on the other solder the tone dialer
crystal. Now solder the two wires from the dialer to the two remaining
prongs. When finished the switch should look something like this....
/
/ Wires
/
| / |
|-------|--------0 0 0--------|------|
White Box | Z3.58M| | | |6.50 | Red Box Crystal
Crystal |-------|--------0 0 0--------|------|
|______/_______|
/
/ Wires
/
11. Now finish the job by taping the switch down. On my Red Box the switch
is secured to the battery compartment cover. Although the wires are long
enough so the cover can still be removed to access the batteries.
If everything was done correctly you should be able to generate both ACTS
and DTMF tones.
There are three types of calls that can be made with a Red Box.
Local Calls
1. Dial 10-10-321 followed by 1-NPA-#. After the ACTS announcement, use the
appropriate Red Box tones to complete the call.
2. Dial "0" and ask the operator if she'll dial for you. If she asks why,
tell her one of the keypad buttons is broken. Put in one real coin
followed by the Red Box tones.
3. Dial 411 and have them look up the person you want to call. After you
are told the number, the operator will say she can put you through
for an additional 50 cents. Agree to this and use your Red Box tones.
Long Distance Calls
1. Dial 1-NPA-#. After ACTS tells you the rate, use your Red Box.
International Calls
1. Dial the number and use the Red Box when the operator prompts you to put
in money. It may be a good idea to toss in a few real coins too.
By the way, hold the speaker of your Red Box flush with the mouthpiece when
using it.
Countermeasures, Quirks, and other Problems
So, you've tried making a call only to find it does not work. What is the
hold up? My first question would be, have you had any success with it all?
If not, it could be a faulty Red Box. If you have, it could be the pay
phone you are using...
Cocots and Bocots
COCOT is an acronym for Customer Owned Coin Operated Telephone. In other
words, a COCOT is a phone owned by a telephone company customer. Cocot
pay phones are commonly found in restaurants and other business
establishments. The business will pay a Cocot provider to set up a phone
and a special pay phone loop. All profits made from the Cocot are awarded
to the owner as opposed to the phone company. It is a good way to make an
extra few bucks if you own a store or small restaurant. Cocots are notorious
for their security.
A similar variation is the Bocot. These are a new breed of pay phones that
have proved very effective in preventing Red Box fraud. Bocot stands for
Bell Owned Coin Operated Telephone. These phones get most of their security
from the features found in Cocots. Since Cocots are notorious for their
security efforts, the telephone companies adopted some of the features of
the Cocot phones. Cocots and Bocots are not susceptible to Red Boxes because
they do not use tones to verify the coin deposits. Most Bocots use a ground
check or other method to verify the presence of money.
Digital Pay Phones
Many companies have already begun to upgrade their pay phones to use
digital verification. This means that a digital signal is sent as opposed
to a tone. Unfortunately, digital pay phones are starting to become
popular as they replace the older analog phones.
ECMs
ECM stands for electronic countermeasure. These are countermeasures
implemented by Bell to stop the use of Red Boxes. ECMs are very common on
older pay phones, especially those in high crime areas.
Types of ECMs
Band Pass and Notch Filters - A band pass filter is a device that cuts out
a specified frequency range while passing others. The band pass filters used
in modern pay phones are preset to cut frequencies of 1700 + 2200Hz only.
These filters are usually found in the mouthpiece. This placement is done
intentionally to prevent filtering of the real tones (which are produced
inside the pay phone) but allow blocking of tones from the handset. Band
pass filters render your Red Box useless because whatever tones you send
to ACTS won't make it.
Distortion Circuits - A few pay phones have a distortion circuit in the
mouthpiece that makes voice communication difficult and the transmission of
tones next to impossible. This is because a lot of crap is heard by ACTS
while you play your Red Box tones causing it to disregard them or an
operator to intercept.
Echo Cancelers - Echo Cancelers are very similar to band pass filters. The
purpose is to weaken sounds that fall within a certain frequency range. In
this case, the tones from the Red Box are affected.
Mouthpiece Mute - Some pay phones cut off the mouthpiece prior to coin
deposits. This prevents tone transmissions during the ACTS billing
procedure. Needless to say, your Red Box won't work if the mouthpiece is
muted.
Many of the above mentioned ECMs can be circumvented. However, we're
getting side tracked from the issue at hand. So, I'll only say that
bypassing the pay phone with a Beige Box (*hint*) will solve 99.9% of your
problems when faced with an electronic countermeasure.
Operators
Sometimes while attempting to Red Box, an operator will come on the line
and say "Why don't you put in some REAL coins?" or "What the hell was that?"
If this happens, you have been busted. Don't worry, they can't do anything
to you. It just means the operator is wise to your game. Hang up the phone
and walk away. But, why does this happen in the first place? How can we
prevent this from happening? There are two reasons why this happens...
The first is noise. When a coin is deposited, the mouthpiece is cut off to
prevent ambient sounds (not fraud) from interfering with the coin tone
detection process. Bell operators know this, and if they hear noise while
the Red Box tones are playing, fraud will most likely be suspected.
The best way to eliminate this problem is to make sure the speaker of your
Red Box (I use a modified tone dialer) covers the entire mouthpiece. In
addition you may wish to cup your hands around the piece as well. This won't
always work, but it muffles most of the immediate background noise that
could lead to suspicion.
The second reason one would encounter an operator is the lack of an initial
coin deposit. Remember that pay phones use anti-fraud tests to ensure that
some real money has been deposited. These tests usually include a ground
check on the coin deposited first. If one were to dial a number and start
playing Red Box tones, the fraud would be noticed right away when the ground
check indicates no coins are in the hopper.
The easiest way to avoid this situation is to deposit at least one real
coin before using the Red Box beeps. This way the ground check indicates
that some money is in the hopper. But, the operator won't know how much was
deposited until she hears the coin tones which will be simulated by your Red
Box (what she doesn't know can't hurt YOU)!
Oh yeah, one other thing, it is very important to play your tones SLOWLY.
Take a brief pause in between each beep. If the beeps are too fast, the
operator will suspect Red Box fraud and you can guess what will happen next!
Anyway, once you've gotten past ALL those things, you should be able to
Red Box successfully. I've heard a lot of people complain that it doesn't
work, but it DOES still work. Believe me, I know from experience. If it
does not work for you, try again. Keep your Red Box with you at all times,
and try it at different pay phones. Eventually you'll get it right. Remember,
practice makes perfect!
------------------------------------------------------------------------------
Silver Boxes
The Silver Box is yet another device often filed in the "useless box"
category. It is a simple modification that can be made to a standard touch
tone phone which will enable it to produce an extra "column" of tones.
These tones are normally used by military personal in the Autovon phone
networks. An Autovon touch tone keypad would look something like this...
1 2 3 A = 697 + 1633 = Flash
4 5 6 B = 770 + 1633 = Flash Override
7 8 9 C = 852 + 1633 = Priority Communication
* 0 # D = 941 + 1633 = Priority Override
The A,B,C, and D buttons make up the "fourth column".
Since most modern phones can no longer be converted, I'm including plans
that will describe how to construct your own tone generator. My hat goes
off to Explorer Cat 033 for the original idea.
THESE ARE THE INSTRUCTIONS ON HOW TO BUILD A WHITE BOX/SILVER BOX. MOST OF
THE PARTS REQUIRED CAN BE FOUND AT YOUR NEAREST RADIO SHACK. THE ONLY REAL
IMPORTANT PART REQUIRED NOT SOLD AT RADIO SHACK IS THE KEYPAD. THIS CAN BE
PICKED UP AT ANY ELECTRONIC STORE SUCH AS CARDINAL ELECTRONICS. THESE
INSTRUCTIONS ARE FOR A 12 BUTTON KEYPAD. A TOGGLE SWITCH IS ADDED FOR THE
SILVER BOX APPLICATION. IF YOU HAVE A 16 BUTTON KEYPAD THEN THE TOGGLE
SWITCH ISN'T NEEDED.
THE POWER REQUIRED BY A KEYPAD IS ABOUT 25 VOLTS, BUT THEY WILL WORK WITH
AS LITTLE AS 15, THEREBY ALLOWING THE USE OF TWO 9 VOLT BATTERIES. THIS
DESIGN ALLOWS YOU TO USE A STANDARD 8OHM SPEAKER INSTEAD OF A TELEPHONE
SPEAKER. TO ACCOMPLISH THIS WE USE A MATCHING TRANSFORMER.
HOW TO CONSTRUCT IT:
A FEW CONSTRUCTION NOTES. I SUGGEST THAT YOU SOLDER AND TAPE ALL
CONNECTIONS.
[1] CONNECT THE RED WIRE OF THE TRANSFORMER TO EITHER TERMINAL ON THE
SPEAKER.
[2] CONNECT THE WHITE WIRE FROM THE TRANSFORMER TO THE OTHER TERMINAL ON
THE SPEAKER.
[3] CONNECT THE RED (POSITIVE) WIRE OF ONE BATTERY CLIP TO THE BLACK WIRE
OF THE OTHER BATTERY CLIP.
[4] CONNECT THE REMAINING RED WIRE ON THE BATTERY CLIP TO PIN #1 ON THE IC.
[5] CONNECT THE CRYSTAL TO PIN #7 AND PIN #8 ON THE IC.
[6] CONNECT THE BLUE WIRE FROM THE TRANSFORMER TO PIN #16 ON THE IC.
[7] CONNECT THE GREEN WIRE FROM THE TRANSFORMER AND THE OTHER BLACK WIRE
FROM THE BATTERY CLIP TO PIN #6.
[8] CONNECT ONE SIDE OF THE SWITCH TO PIN #9. CONNECT THE OTHER SIDE OF THE
SWITCH TO PIN #5 (ONLY FOR 12 BUTTON PADS).
[9] SINCE KEYPADS MAY DIFFER, TRY TO GET A PINOUT OF THE PAD YOU ARE USING.
THE PAD I HAVE HAS 8 PINOUTS. ONE IS A GROUND (THIS GOES TO PIN #6 ON
THE IC). 1,4,7,* KEYS CONNECT TO PIN #3. 2,5,8,0 KEYS CONNECT TO PIN #4.
3,6,9,# KEYS CONNECT TO THE CENTER OF THE SWITCH. 1,2,3 KEYS CONNECT TO
PIN #14. 4,5,6 KEYS CONNECT TO PIN #13. 7,8,9 KEYS CONNECT TO PIN #12.
*,0,# KEYS CONNECT TO PIN #11.
[10] CHECK ALL CONNECTIONS TO MAKE SURE NONE ARE TOUCHING EACH OTHER.
[11] CONNECT THE TWO NINE VOLT BATTERIES AND YOUR KEYPAD IS COMPLETE.
NOTE: THE REMAINING PINS ON THE IC ARE NOT USED. THE BLACK WIRE ON THE
TRANSFORMER IS ALSO NOT USED. WHEN NONE OF THE BUTTONS ARE PRESSED,
THIS UNIT USES NO POWER, THEREBY ELIMINATING THE NEED FOR A POWER
SWITCH.
PARTS REQUIRED:
1) 5089 DTMF TONE ENCODER (RS 276-1301)
2) AUDIO TRANSFORMER (RS 273-1380)
3) TV COLORBURST CRYSTAL 3.579545 MHZ (RS 272-1310)
4) 9V BATTERY STRAPS X2 (RS 270-325)
5) 9V BATTERY X2 (RS 23-464)
6) WIRE WRAP SOCKET (RS 276-1994)
7) SWITCH DPDT (RS 275-663)
8) KEYPAD (CARDINAL ELECTRONICS)
9) SPEAKER 8OHM (RS 40-245)
10) CIRCUIT BOARD (OPTIONAL)
11) CONNECTING WIRE OR WIRE WRAP
12) BOX (OPTIONAL)
CRYSTAL (3.579545 MHZ)
+-#-+
! +-+ +--------------------------------------------------- +18V --+
! ! ! !
! ! +---------!----------------+--------------------+ ---
+----------------+ ! +--+ -
!. . . . . . . . ! --- !
!8 7 6 5 4 3 2 1 / - !
! ! NOTCH RED WIRE OF !
!9 0 \ \ TRANSFORMER !
!. . . . . . . . ! SPEAKER -> !]============ ! <-GREEN WIRE OF
+----------------+ / WHITE WIRE OF TRANSFORMER
! TRANSFORMER
+----------------------------------------+
! <-BLUE WIRE OF
#3 #4 +----------------------------+ TRANSFORMER
! ! ! !
!
[ ] [ ] [ ] -> #14 #5 <-+ ! +-> #9
! ! !
[ ] [ ] [ ] -> #13 +--+--+
/ SWITCH
[ ] [ ] [ ] -> #12 /
[ ] [ ] [ ] -> #11
KEYPAD
There are few uses for the Silver Box under the modern phone system. Years
ago, someone discovered that the "D" tone served as a password which led
into a back door of the ACD (Automatic Call Distribution) Center of
directory assistance. Apparently the tone was used to access some basic
maintenance features. One of those features included a loop. So, if two
phreakers called directory assistance in the same city and pressed the right
buttons, they could talk to each other. AT+T discovered the glitch soon
after, and it has since been remedied.
According to many sources the Silver Box tones can be used to hack into
some of the older versions of Centigram Voice mail. If you log onto the
administrator’s box with an incorrect password the system usually disconnects
your call. However, if you play the "C" tone you'll be rewarded with a
friendly "Welcome to the Voice Messaging System!" greeting. The A, B, C, and
D tones are also recognized as valid password override codes on some
mailboxes. Although, I highly doubt such antiquated systems are still in use
today.
Besides the two functions mentioned above (which are both obsolete I may
add), the Silver Box really has no practical use as a phreak tool.
------------------------------------------------------------------------------
Tape Boxes
The Tape Box is simply a home made device that allows you to record phone
conversations. Some people refer to these as Tan or Slug Boxes. However,
I prefer to call this device a Tape Box. It makes more sense.
Materials
(1) Small length of phone cord.
(1) Pair of old headphones.
(1) Pair of scissors.
(1) Tape recorder.
1. Cut one end off the phone cord.
2. Strip the red and green wires inside the cord.
3. Cut the plug off the headphones. Be sure to leave a small piece of the
cord attached to the plug.
4. Strip the insulation off the wires.
5. Solder the red and green wires on the phone cord to the two wires on the
headphone cord.
6. Secure your connections with electric tape.
In order to use this, you'll have to procure a two line connector. You can
pick one up at Radio Shack for $5.00. Plug the connector into the jack and
plug your phone line into one of the two jacks on the connector. Now plug
your special "cord" into the other jack. Plug the headphone part into the
microphone jack on your tape recorder. You are now ready to record
conversations, tones, or what have you, off the phone line. Just remember
to unplug the thing before the phone rings. If you don't, the high voltages
will fry your tape recorder!
------------------------------------------------------------------------------
White Boxes
The White Box or Jack Box, is a portable keypad that produces the DTMF
tones found on any normal phone. White Boxes are commonly used to make
free calls on Cocot or privately owned pay phones. They are also useful
for dialing out on some service/utility phones.
The easiest way to get a White Box is to buy one from Rat Shack.
The cheapest dialer they have is around $16.00 which is pretty reasonable.
Rat Shack also carries the infamous 43-146 dialer ($24.00) that can be
easily converted into a Red Box which we discussed in a previous chapter.
Here are the catalog numbers...
43-145 Pocket Tone Dialer...$16.99
43-146 33 Memory Pocket Tone Dialer...$24.99
For those of you brave enough to accept the challenge, here are the plans
for a White Box typed up by Agrajag the Prolonged...
First of all, the tones made by a touch tone telephone are not single
tones, they are a combination of two tones, making "DTMF" (dual tone
multi-frequency). The normal telephone dials 12 different signals, but is
capable of dialing 16 different signals (The ABCD tones on Silver Boxes).
The power required by a keypad is about 25 volts, but they will work with
as little as 15, thereby allowing the use of two 9-volt radio batteries.
As you may have guessed, they are also designed to operate with a telephone
type speaker (and phone line), and not the standard 8-ohm speaker which
needs to be used for adequate volume. To accomplish this, we use a matching
transformer, this is one of those miniature ones available at Radio Shack.
Enough of the theory, now for the circuit...
Materials:
A touch tone keypad
A miniature 1000 to 8 ohm transformer (Radio Shack # 273-1380)
A standard 8-ohm speaker
Two 9-volt radio batteries
Two 9-volt battery clips
A case to put it all in (optional)
A few construction notes, I suggest that you solder and tape all connections.
It is also important to read this entire bulletin before attempting to
construct this.
First, connect the RED wire of the transformer to either terminal on the
speaker. Now connect the WHITE wire from the transformer to the other
terminal on the speaker. Next, connect the RED (positive) wire of one
battery clip to the black wire of the other battery clip. Now connect the
remaining RED wire on the second battery clip to the GREEN wire from the
touch tone pad. Connect the BLUE wire from the touch tone pad to the
ORANGE-and-BLACK striped wire from the touch tone pad. To these two wires,
now connect the remaining black lead from first battery clip. You have now
finished the power connection to the keypad. Connect the BLACK wire from the
keypad to the BLUE wire on the transformer. Next connect the RED-and-GREEN
striped wire from the keypad to the GREEN wire on the transformer. The BLACK
wire on the transformer should not be connected to anything, along with
quite a few wires from the keypad. The connection of the keypad is now
complete. All you have to do is connect two nine volt batteries to the
battery clips, and you'll be ready to go. You may want to mount it in a case
for easy portability. Note that the silver box modification CAN be made to
this unit, allowing complete remote phreaking. When none of the buttons are
pressed, this unit uses NO power, thereby eliminating the need for a power
switch, and extending the life of the batteries.
DTMF/White Box Frequencies
Here are the approximate frequencies used in telephones and White Boxes...
1 = 697+1209Hz
2 = 697+1336Hz
3 = 697+1477Hz
4 = 770+1209Hz
5 = 770+1336Hz
6 = 770+1477Hz
7 = 852+1209Hz
8 = 852+1336Hz
9 = 852+1477Hz
* = 941+1209Hz
0 = 941+1336Hz
# = 941+1477Hz
By this time many of you may be asking "what is the purpose of a portable
DTMF keypad?" Believe it or not, the White Box has many applications as
we'll soon see.
Cocots and Other Privately Owned Pay Phones:
Not all pay phones are owned by your local telco. Many businesses will
install their own phones called Cocots (Customer Owned Coin Operated
Telephones), on the premises. The main reason for doing this is MONEY.
Let's face it, Cocots exist because of greed. If the phone company
can make a profit by selling calls then why shouldn't Mcdonalds, Dunkin
Doughnuts, Dominoes Pizza etc. be able to do the same? As one might expect,
companies who install Cocots make BIG profits so it's not unusual to
encounter more Cocots then telco phones these days.
Cocots are notorious for their extensive security efforts. The coin
verification system alone makes it impossible to place calls unless you
actually insert coins. When the handset is lifted on a Cocot, the dial tone
heard is fake. When a coin is inserted, the fake dial tone disappears only
to be replaced by the real dial tone at which point calling is possible.
Most Cocots have a fifteen minute time limit, and some do not even accept
incoming calls which leaves you no choice but to deposit more coins when
time runs out. You can dial long distance numbers on Cocots, but the
rates are about five times higher then AT+T which is pretty bad. All in all,
Cocots are nothing but a rip off, a gimmick geared towards taking your
money.
Because Cocots suck, many phreaks found themselves purchasing or
building White Boxes. The White Box takes advantage of one of the most
obvious flaws of the Cocot. The law says that 1-800 numbers must always be
accessible for free from any phone. So, the first step to defeating a
Cocot's security is to dial a toll free 800 number. When your call is
answered, you have two options, you can either cuss the person out, or
sit quietly and say nothing. Either way they should hang up. Now wait a few
seconds and listen carefully. If all goes well you should hear a dial tone.
Yes, this dial tone is real! So, you push a button on the keypad only to
find there is no tone. Why is that? It is just another security feature of
the Cocot. The keypad is intentionally disabled to prevent people like you
from taking advantage of the situation. Although this is no problem if you
have a White Box. Hold the speaker of the box flush with the mouthpiece and
dial away! You now have total unrestricted access to the line, cool eh?
Cocots are protected in two main ways. In some Cocots, the mouthpiece is
cut off after the called party hangs up. This prevents the use of a White
Box all together.
However, some Cocots automatically reset themselves after the
disconnection occurs. I've heard there is a way around this. On some phones,
you can whistle or blow into the mouthpiece until you hear the dial tone
click on. It is best to have your White Box ready so you can quickly hit
the first digit of the number upon hearing the dial tone. Once the first
digit has been entered, you should hear silence. At this point you may
finish dialing.
Another trick that supposedly works is to find two Cocots next to each
other. For a better understanding we'll call them Phone A and Phone B.
First, find out the number of Phone B either by dialing an ANAC number
you know, or looking on the card and finding the number listed for it
(if it allows incoming calls). Next, put some money in Phone A and call
up Phone B. When Phone B rings, answer it and hang up Phone A quickly.
Supposedly you will get an unrestricted dial tone on Phone B. Your money
will also be returned on Phone A because the call was too short or some
crap. Unfortunately I haven't tried this one yet so I don't know for sure
if it really works.
Department Store Phones
Some department stores have special phones strategically placed inside the
building. Although the exact purpose of these phones is not known for sure,
they can be used to place free calls. Most of these phones can only dial
memory preset numbers. Only a few of them have keypads, and most of the time
the keypad won't work. However, there is a way to circumvent this problem.
Use the keypad on your White Box to dial out. On some phones you may have to
push "9" first to access an outside line, but you can call anything you want
once you have that control.
Elevator Phones
Have you ever been in an elevator and noticed the funny red phone under
all the buttons? These phones are usually preprogrammed to dial an
emergency number in case the elevator gets stuck, falls, or if some other
catastrophe takes place. In most cases, the phone does not have a keypad.
Obviously this is done to prevent people from placing free calls to
Budapest, Iraq, Africa, or those sleazy 1-900 numbers. However, this is not
a problem if you have a White Box. When the handset is lifted, you'll hear a
dial tone at which point you can dial out by using your White Box's keypad.
On some phones I've seen, the emergency number is automatically dialed upon
lifting the handset. However, this can usually be prevented by promptly
pushing one of the buttons on your White Box at the start of the dial tone.
Also, in some places, you may have to dial "9" before attempting to access
an outside line.
Highway Call Boxes
Call boxes are a common site on highways these days. The strategically
placed phones have helped motorists contact the authorities when they are
having car troubles or other emergencies. Like service phones, call boxes
are only capable of dialing special preset numbers. Most don't have keypads,
and some are programmed to dial automatically upon lifting the handset.
None the less, highway call boxes are phones. So, if you have access to a
White Box it is possible to dial other numbers for free. However, it is NOT
recommended that you do this often as the Gestapo has really started
cracking down on people who abuse the boxes!
Service and Utility Phones
Service or utility phones are commonly found in many places including
airports, hotels, and some ATM stations. Although the exact function of the
mysterious phones is not known for sure, they are susceptible to White
Boxing. These phones are easy to identify since they have no keypad and
can only dial special preprogrammed numbers. On most service phones you can
use a White Box to enter a number (even long distance!) before the phone has
a chance to dial the preset telephone number. On some phones, after the
programmed number has been called, or an error message is heard, an
unrestricted dial tone clicks on thus allowing a White Box to be used.
------------------------------------------------------------------------------
Conclusion
Well, that about raps it up for this version of Phone Color Box Addendum.
I trust many of you have found this information useful. At this point I
would like to thank those individuals who contributed information...
Adolph 69
Agrajag the Prolonged
Batman
Beta 2
Bioc Agent 003
Captain America
Captain Crunch
Catch 22
Colonel Mustard
Count Zero
Cyber Cow
Danny D.
Danny K.
Deviant
Digital
Dip Man
Dr. Nick Riviera
Ear
Explorer Cat 033
Exterminator
Fixer aka Death Meow
Guro Kaniv
J. Allen
Jagger
Jackson
Jennifer Martino
Jester Sluggo
Lord Krang
Lord Narayana
Luvox Phreak
Madd Max
Marine 513
Mavicon M.D.
Maxwell Smart Secret Agent "86"
Mike Dante
Mr. Sandman
Mr. Segundo
Mr. Todd
Ms. Chaos
Napalmoliv
Noah Clayton
Pee Wee
Peter Destructo!
Phuzzy Logic aka "Legend"
PISS
RedBoxChiliPepper aka RBCP
Rex Savage
Saddam 666
Santa Clause X
SHYSTER
Steve
Terminal Man
Thingg
THXv1138
Toxic Avenger
T.S.C.
And finally, thanks to anyone I forgot to mention. If you feel the insane
desire to contact me, you can do so by using one of the following methods...
Email: cyberthief@deathsdoor.com
Homepage: http://nettrash.com/users/cyberthief/
Telephone: 1-800-553-2112 Extension 1104
--*- Boundary RALxMe_ZRHLIBVcyn_4sŽm
--
TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2025 AOH
