|
THE IC'S RULES OF PHREAKING These are the standards of hacking employed by the Inner Core. The text comes from a data file written by and for IC members. HACK YOUR OWN CODES. Don't leech from someone else. Having codes is like having sex, if you don't protect yourself you'll end up with a venereal disease. You have no idea where a code has been before you got your hands on it, when it was hacked or how long it's been in circulation. Time is a very important factor, the longer a code has been in use, the greater the risk. DON'T STAY ON A CODE MORE THAN THREE DAYS. Don't give the suckers an even break. To run a trace, MCI needs to shuffle a lot of papers. Ain't that nice. Paper work takes time, and it's highly unlikely they could accomplish the feat in three days. It's even more unlikely they would even know they've been phreaked for at least a week. All company's have thirty day billing cycles, if you started using the code the day after the bills went out, you'd have twenty nine days left to play with it. The customer gets his billing and bitches up a storm. The company now has the option of setting up a trap, but alas, they notice you haven't used the code in three weeks and have no destination number to PIN. If you phreaked the code one day before the billing cycle ends, the customer may notice right away. Figure you have two days for it to reach the customer. If he yells right away it takes a few more days for the security department to process the paperwork for the trace. By that time you're long gone. DON'T STAY ON A NODE MORE THAN THREE DAYS. If you insist on burning the same company, you're going to develop a pattern. You call your girl friend in Alaska every damned day using the same company. It doesn't take a genius to predict what you're going to do tomorrow. They know where you enter their system and where you're going to. You've given them everything they need to run a good trace. Spread the wealth a little. Use US Telecom, then ITT, Lexitel, Skyline, Metro and a few of the 800's if you like. Spread it out. These people have no way of comparing. So you can screw Peter, Paul and the rest of the Apostles with no worry. Just don't be a dip stick and get lazy. Everyone is worried about THE TRACE. Don't be. It's no big deal for AT&T, after all it is their network, but for the leech services it's an entirely different matter. This is why we don't mess around with AT&T except through secondary accesses like PBX's or Diverters. This is the scenario MCI's security department will run down. They call up a number you've called....... "Hello, this is Inspector Bullshit with MCI. Did you receive a phone call from the 212 area code on November 22, 1945 at 4:00 A. M.? " "You didn't?" "We've traced fourteen calls to this number in the last two weeks, by the way, who am I speaking with?" "Well Mrs. Blabbermouth, perhaps someone else in your household received the calls? " "I see, your daughter has a boyfriend in New York. "I'm afraid he's in some serious trouble Mrs. B. If you'll cooperate with me we won't pursue this matter with your daughter." "That's correct, little Susie Blabbermouth won't be involved. It would be a shame to cause you folks trouble, after all she didn't actually make the calls."" All I need is the boy's name and phone number." "Let me see if I have that right."Jimmy Phreaker at 212-555-1212?" "Thank you Mrs. B you've been very helpful." The point is, if Bullshit had really run traces he wouldn't be calling to con the information. The exchange is typical of those used by most phone companys and illustrate several important issues. Make sure the person you're calling is cool and there's no chance someone else could rat on you. It is very unlikely MCI will make such a call if you use the IC's Rules of Phreaking. Yet, if it were to occur these are your friend's options... 1. HANGUP 2. "FUCK YOU"...THEN HANG UP 3. "I WAS WATCHING MIAMI VICE AND YOU INTERRUPT ME WITH THIS CRAP. FUCK YOU"....HANG UP. 4. If you want to be nice about it; "I don't know what you're talking about.....HANG UP. The problem is now resolved. Remember these guys are like rabid dogs in heat, they're excellent con artists. Believe nothing you hear. You don't have to talk to them. If they had anything on you they'd be standing at your door with a search warrant. Their abilities in this area are very restricted. They operate by manipulating your fear and you have nothing to fear but your own fear. Don't try to come up with some lame explanation, you know you received the call and they know it. So don't make an ass out of yourself trying to explain away the obvious - HANG UP! What happens if your are caught? Congratulate yourself on being an asshole. The number of phreaks caught are so small you have now qualified for membership in a really elite group of jerks. Inspector Bullshit now has several options. Grab your computer......... this will be done no matter what. Grab your data files and any hard copy you have laying around. This to help identify other subversives and also to supply incriminating information about you. Try to scare you into a confession. Standard operating procedure - keep your fucking mouth shut. You have nothing to gain by talking and a much to lose. If you're a minor you can forget about jail time, an adult is looking at a couple of weeks in the slam - may-be. Realize this, they don't really want your ass as much as they want THE MONEY. That's right boys and girls the buck talks loud and clear. If you're caught, you've broken every one of the IC's rules. At worst you're looking at a couple of thousand in phone bills. Get a lawyer to do your talking for you, that'll be about a five hundred dollar retainer. If the company is willing to settle for the money, and your computer, pay it - it's cheaper in the long run. If they want you in the calaboose then fight it. As a first time offender the odds of you actually getting time are slim. Incidentally, Inspector Bullshit will drop a little extra on the bill for good measure. Have the attorney demand they produce their records of all "alleged phone conversations". In fighting a phreaking case you'll want to have a jury trial. The technology behind the running of a trace is so complicated even a halfassed lawyer could confuse the average layman. He can make Inspector Bullshit describe switching down to atomic subparticles if he wants and by the time he gets to how a trace works the jury would be so confused you'd skate on a "reasonable doubt". It would be interesting to see if a sharp shark could subpoena the actual equipment used to run the trace. I don't think MCI would care to have one of their computers offline for the time it would take to have "independent" examiners checking out the functionality of the switching mechanisms. To phreak or not to phreak. It's a question only you can answer for yourself. The following are electronic BBS conversations at a Hacker Bulletin Board. They have been left intact (misspellings too)with the exception of codes and phone numbers which could conceiveably get my ass in hot water. The Hacker network of communication is loosely knit but extremely effective in getting information circulated quickly. Lady G (Lady Godiva) is the only female I've ever seen on a hack board. Amazingly she conned her way inside, yet turned out not to be a threat to hackers even though she is employed by government. Numb. --> 72 Title --> JUST A LITTLE CODE From --> BIG BYTE Left --> 19-Apr-86 2:30 am While not to much to say just heres a sprint (Code Deleted) Also Bill the Cat do you know some people down in Florida like Blackbeard or been on some off my Conferences?? Let me know. .s opps /s shit B17> --> Next bulletin Numb. --> 73 Title --> Fed trap From --> BIG BYTE Left --> 19-Apr-86 3:05 am Where i live here in Green Bay Wi, they are busting our town for illegal use of the phone. The number they are getting kids (leeches on) is 1-800-437-7010 it is GCI of Ancrage <-spelled wrong Alaska and so far they have busted 400 people from one school and have questioned 1500 its like a bad dream oh who cares not me. Just be careful and dont use it unless you fell lucky. All the codes used are in the 467xxxxx area so may be other areas are safe. later bb B17> --> Next bulletin Numb. --> 74 Title --> Bobo.. From --> THE ARABIAN KNIGHT Left --> 19-Apr-86 11:10 am Bobo, Leave me mail. Id like to get a sprint Code(New). I got a new Pbx, maybe old. but it works fine.. Ak Bobo- Why are you so worried About Lady G? Does she know alot about you or something? B17> --> Next bulletin Numb. --> 75 Title --> [ Lady G. ] ? From --> THE D MEN TOR Left --> 19-Apr-86 1:23 pm I can run CNA's in 415, Give me e-mail and I'll find out whatever you want to find out about her BOBO. Have you spoken with her? How do you really know this person is over 30 etc...... later, The D men tor...Confused. B17>W Enter the name of the person you wish to send mail to: >THE D MEN TOR What is the subject of this letter? >Lady G Mail: You may enter up to 100 lines of text. Press CTRL-A or CTRL-Q when done. D men The numbers for Lady G are 415-(Deleted) and 415-(Deleted). She is over 30 because 1. She's uses expressions that are 15 years out of date. 2. I recoginize this becuase I too am 15 years out of date. I don't like people getting busted. She pirates but that's about it. I wonder why she's on so many hack boards. Motor City went down right about the time she logged on. I might be totally wrong, BUT, I want to check it out just to be safe. You can call me Mr. Paranoia. She rattles my cage and it makes me nervous. Let me know what pops. Bobo E>S Filing mail for THE D MEN TOR... B17> B17>7 --> Telecommunications Today (7)... --> 60 bulletins posted; some new! B7>N Numb. --> 59 Title --> Police Sting From --> CHARLIE SMITH Left --> 19-Apr-86 6:29 am Here is an interesting story: AUSTIN,TX--Law enforcement officials here have joined a growing number of police agencies nationwide running "sting" operations to catch persons using bulletin boards for illegal purposes. Based on information posted on a bulletin board it operated, The Austin Police Department said it has been able to turn off two pirate boards here and expects shortly to make a number of arrests for misdemeanor violations of Texas' newly enacted computer crime law. For more than two years, the police department secretly ran a board called the Underground Tunnel, which was set up to appear as a normal BBS run by a Sysop called "Pluto". But late last month - to the surprise of the board's more than 1,000 users - Pluto was revealed as Sgt. Robert Ansley, a seven-year veteran of the Austin Police Department! "Most of the users were people interested primarily in several on-line fantasy games or in electronic messaging." Ansley said. "To get to the levels where people posted information on how to crash corporate sysems, the user had to ask for increased access. We were very careful not to solicit or entrap anyone into leaving illegal information." The Austin Police Department disclosure caught most of the BBS's users by surprise. "I liked the board's electronic messaging capabilities," said user Michael Whalen, the managing editor of the Daily Texan, the student newspaper of the University of Texas, here. "I was really surprised at how the officer was able to pull this off." What the police found, according to Ansley, included access codes belonging to the world's largest credit reporting organization, TRW Information Services Systems Division of Orange, California. "Most offenders seem to be real big on TRW," said Ansley. Sting and intelligence gathering bulletin board operations are on the rise throughout the country, according to law enforcement officials. Several police departments nationwide have already used bulletin boards to track down and arrest microcomputer users who post illegally obtained calling card codes, mainframe access procedures and passwords, or other confidential information. According to one high-level West Coast law enforcement officer who declined to be identified, federal officials are now joining local authorities in running b5lletin boards (BBSs) in several key metropolitan areas. "You better believe law enforcement agencies are interested and in in some cases, running bulletin boards," said Dan Pasquale, a sergeant with the Fremont, California, police department. Last month, police in Fremont, capped three and a half months of bulletin board operations by arresting eight individuals for alleged credit card fraud, misuse of telephone credit card operations, and technical trespass. Pasquale said most corporations whose passwords or calling card numbers were posted on Fremont's BBS were unaware that their information had been compromised. ** Hackers Note Here** Pasquale actively solicited the posting of codes, passwords, credit cards. Qualifying as entrapment. More experienced hacks pulled out before he sprang his trap. More than 200 people were arrested coast to coast. Only one was elite and he beat the rap. The rest were rodents. Although police are pleased with their results, some users say they feel the sting bulletin boards are unfair to both the innocent users and the suspected criminals alike. Whalen said students at the University of Texas used the board extensively, andhe claimed that some people accused of posting access codes and other information on the board felt they had been entrapped when they discovered that the BBS was a police sting operation. Whalen also said that some users were concerned about the privacy and sanctity of electronic mail left on the board. "Ansley said users are foolish if they don't think a sysop reads the mail on the board," he added. Indeed, as police turn increasingly to bulletin boards to catch suspected criminals, the issue of entrapment has also become a growing concern, one to which police are sensitive. "At no time did the police department urge users to leave access codes, applications, or passwords for corporate computers on The Tunnel," Ansley said. To prove entrapment, a suspect would have to clearly show that the government agent offered some type of inducement to promote criminal activity, said Jim Harrington, the legal director of the Texas Civil Liberties Union here. "The whole area of police gaining information on [criminal activities] by reading electronic mail is very interesting." Fremont police held a series of meetings with a district attorney before they started a board, according to Pasquale. "We established a point where entrapment began and made sure we never crossed that point, and in fact, messages on the board were scripted in conjunction with the district attorney's of Ahem, let me hasten to point out the Gemini System is NOT a police BBS! Charlie Numb. --> 60 Title --> Infocom From --> ATILLA THE HUN Left --> 19-Apr-86 11:37 pm Well I don't know if anyone has heard this but, I have heard that Infocom will start (or may have started) calling AE lines to see if they contain any infocom software. If so they download it and check the serials, and bingo if a pirated version then plain and simple YOU IS BUSTED! oh well anyone else know of anything more, I picked it up under discussion at a bbs. atilla the hun -<*----- B7>OFF In The News Press reports of hacker misdeeds seem to be written in flavors which border upon awe to contempt. It depends on the publication. Newspapers ten to permit more editorializing. Between the two extremes there is a point of reason. I've often wondered, "If a fifteen year old kid can break into a 'secure' government computer, what could a fully trained enemy agent do?" It's a reasonable question. Virginia - A fourteen year old hacker who called himself Phineas Phreak was the first to be prosecuted under the state's computer trespassing law. Arrested for hacking at a Bulletin Board, he was placed on one year's probation and ordered to pay $300.00 in compensation to the board's operator, Allen Knapp. Milwaukee - A hacker group who called themselves the 414's after their area code were arrested by FBI agents and found to have access to more than 60 computer databases. These included a California Bank, a cancer center and the Los Alamos Scientific Laboratory. California - Stanley Rifkin a computer consultant for Security Pacific Bank, stole the bank's passwords and liberated 10 million dollars from the institution. He then erased the electronic records of the transactions. While Rifkin was not a hacker, he hold the distinction of being the country's number one computer thief. His arrest was not the result of his computerized misdeeds, but instead, his lack of expertise at being a thief. Washington - The United States Government has become the nation's leading user of computers. As such, they are a target of internal thieves who have used their systems to divert funds for their own uses. A number of arrests of computer related theft has led the government to believe they haven't scratched the surface yet. It's estimated that only one in 22,000 computers crimes will ever be prosecuted. San Diego - A computer hacker, Bill Landreth pleaded guilty to tapping the GTE Telemail network in Vienna, Virginia. Known as "The Cracker" he agreed to cooperate with Federal Investigators in a larger investigation. Four teenagers from Irvine, California were subsequently arrested and named Landreth as their source of information on hacking. Landreth has since written a book "Out of the Inner Circle". The four kids from Irvine don't receive royalties. TRW - Hackers armed with stolen passwords broke into the TRW credit system and reviewed information on employment records, bankruptcies, loans, social security numbers and credit cards. The password was stolen from a Sears and Roebuck and was reportedly in circulation for the better part of a year. The credit card numbers, expiration dates and credit limits of card holders were used to make fraudulent purchases. TRW changed the password. Atlanta - Edward Johnson took exception to Jerry Falwell's fund raising activities. His mother had a thing for T.V. preachers and often gave money to Falwell's Liberty Foundation. Mr. Falwell's collectors were oblivious to the fact the elderly lady lived on social security and couldn't afford the donations. On a previous occasion she had attempted to give the family farm to Jimmy Swaggart. Johnson adjusted his phreaker program into a phone cranker to auto dial Falwell's 800 and tie up the line for 30 seconds a call. Falwell's people reported they lost one million in donations from the activity. Southern Bell finally trace the calls and gave Johnson two choices, stop or lose his phone line - he stopped. After all, it was "God's will". Washington - Representative William Hughes from New Jersey has introduced a bill to make computer theft of data and certain "kinds of hacking activities" federal felonies. New Jersey - Seven teenagers were arrested on charges of credit card fraud, phreaking and hacking. An investigation into credit card purchases led local police to the operator of a hacker bbs. Armed with a search warrant the police seized his computer and all related data. Inspection of same led to the arrests of the other six. Now known in hack circles as the New Jersey Seven, they reportedly had the ability to change the attitude of a government satellite. The Inner Core reports they consider it unlikely the kids knew they had the capability. In my research, I've noted government and business to be at greater risk from their own employees than from hackers. Credit card fraud is the leading hacker crime. The pales beside the reported cases of computer theft from internal sources. The Rifkin case is the most noted. However, thousand of unreported thefts occur every year. MAKING MONEY WITH YOUR CODES Ok, phreaking will save you money, that's fine. Wouldn't you rather make some bucks off these jokers? No biggy. You sell your codes. Is it illegal? You bet, but your the adverturesome type with avarice in your heart...this is how it works. Abdul wants to call the Middle East so he can talk with his camel. No problem. Call the international operator and ask how much it costs for an hour to Jordon. Charge the raghead fifty percent of the cost for hooking him up and let him talk as long as he likes. MCI and Sprint both access the Middle East so you're in business. Foreigners are good to deal with. They're extremely paranoid anyway so tell them you have to make the calls from a phone booth. This isn't true BUT, you're covering your own ass. There are a variety of good reasons why a phone booth is called a fortress, this is one. DO NOT SELL THE CODES. Abdul knows nothing about phreaking. The dumbshit will stay on the code too long and will end up getting his ass traced. The telcos don't give two shits about this guy. THEY WANT YOU!. You're the guy costing them the big bucks. Abdul will make a deal and your tit will be in the ringer. So keep control of the codes. If you want to be a nice guy and hand out codes to your phriends fine. Just be sure they don't have big mouths and that they know the IC's Rules of Phreaking. You'll find a list of the countrys MCI and Sprint access in the appendix. You'll also notice there are a lot of places that they don't go. India for one. The only way to book passage to India is on AT&T. You'll need to bag a PBX or a Diverter for that action. Equal Access What does equal access mean to you? Not much. Access was the issue that permitted Mci to break up At&t. The result was the sudden emergence of the companies you'll find listed in this chapter. At&t still retains an 85%+ share of the telecommunications market. The rest of the business enterprises are basically parasites attempting to feed off of Ma Bell's network. Equal Access means you get to pay 2 to 5 dollars a month for "access" to the long distance network, whether you want it or not. It means your local telco can go begging to the Public Utilities commissions claiming the need for rate increases in the wake of the break up. Pacfic Tel was hurt so much they posted sales recently of one billion dollars. I first in the company's history. There is one small advantage to equal access. Ustel (950-1033) customers can crossover to the Sprint Network (950-0777) and make international calls. By appending the equal access code to the customer code the call will be cross connected. In short, equal access means this..."Bend over and smile America". If you thought you were getting screwed before, well you ain't seen nothing yet. Equal Access Codes 10824 ATC Directline 10482 Access America 10939 Access Long Distance 10282 Action Telecom 10444 Allnet Americall 10002 Americall LDC Inc. 10053 American Network 10366 American Telco 10050 American Telephone Exchange 10080 Amtel Amertel 10824 ATC Communications 10287 ATS Communications 10272 Bell of Pa 10606 Biz-Tel 10300 Call America 10221 Capitol Telecommunications Inc. 10987 Clay Desta Communications 10266 Com Systems 10885 Communigroup of Kansas City 10733 Comp-Data Communications Compute a Call Comtel of Pine Bluff 10203 Cytel10233 Delta Communications 10339 Dial USA Directline Discount Long Distance EO Tech10054 Eastern Telephone Systems 10634 Econo Line of Midland Econo-line of Waco 10256 Execuline 10393 Execulines of Florida Garden State Telco 10235 Inteleplex 10884 ITI 10488 Itt 10535 LDL - Long Distance for Less 10084 LDS LDX LTS 10066 Lexitel 10852 Line One 10036 Long Distance Savers 10537 Long Distance Service of Washington Long Distance Telephone Savers Max Long Distance 10222 Mci 10021 Mercury Long Distance 10622 Metro America Communications National Telecommunications of Austin Network I/Metromedia 10855 Network Plus 10638 Northwest Telecom Ltd. 10785 Olympia Telecom 10808 Phone America of Colorado 10936 R - Comm 10211 RCI 10787 STS/Star Tel 10800 Satelco 10888 Skyline 10087 Southernnet 10321 Southland Systems 10777 Sprint 10889 St. Joseph10787 STS/Star Tel 10007 TMC of Arkansas 10021 TMC of Chattanooga 10007 TMC of El Paso 10007 TMC of Miami 10007 TMC of S.E. Florida TMI of Oklahoma 10826 Tel AMCO Tel-Central Inc of Oklahoma 10330 Tel-Share 10626 Tel/man 10007 Telemarketing Communications 10899 Telephone Express 10331 Texustel 10850 Tollkall 10824 Transcall 10333 US Telecom 10859 Valu-Line of Longview Valu-Line of Wichita Falls 10687 WTS Communicatons 10085 Westel 10220 Western Union 10995 Wylon ESS The following is a file taken from a Hack Board. I think it is intellegently written and accurate. +====================================+ + ELECTRONIC SWITCHING SERVICE V1. + + EXERT FROM 2600 MAGAZINE FEB '84 + +FROM THE RADIO STATION: 718-xxx-xxxx+ +====================================+ THERE WAS OF COURSE NO WAY OF KNOWING WETHER YOU WERE BEING WATCHED AT ANY GIVEN MOMENT. HOW OFTEN, OR ON WHAT SYSTEM, THE THOUGHT POLICE PLUGGED IN ON ANY INDIVIDUAL WIRE WAS GUESSWORK. IT WAS EVEN CONCEIVABLE THAT THEY WATCHED EVERYBODY ALL THE TIME. BUT AT ANY RAT E THEY COULD PLUG IN YOUR WIRE WHENEVER THEY WANTED TO. YOU HAD TO LIVE--DID L IVE, FROM HABIT THAT BECAME INSTICT--IN THE ASSUMPTION THAT EVERY SOUND YOU MAD E WAS OVERHEARD, AND, EXCEPT IN DARKNESS, EVERY MOVEMENT SCRUTINIZED. 'FROM NINETEEN EIGHTY-FOUR' ESS IS THE BIG BROTHER OF THE BELL FAMILY. ITS VERY NAME STRIKES FEAR AND APPREHENSION INTO THE HEARTS OF MOST PHREAKERS, AND FOR A VERY GOOD REASON. ESS (ELECTRONIC SWITCHING SYSTEM) KNOWS THE FULL STORY ON EVERY TELEPHONE HOOKED INTO IT. WHILE IT MAY BE PARANO ID TO SAY THAT ALL PHREAKING WILL COME TO A SCREECHING HALT UNDER ESS, IT'S CERTAINLY REALISTIC TO ADMIT THAT ANY PHREAK WHOSE CENTRAL OFFICE TURNS TO ESS WILL HAVE TO BA A LOT MORE CAREFUL. HERE'S WHY. WITH ELECTRONIC SWITCHING, EVERY SINGLE DIGIT DIALED IS RECORDED. THIS IS USEFUL NOT ONLY FOR NAILING PHREAKS BUT FOR SETTLING BILLING DISPUTES. IN THE PAST, THERE HAS BEEN NO EASY WAY FOR THE PHONE COMPANY TO SHOW YOU WHAT NUMBERS YOU DIALED LOCALLY. IF YOU PROTESTED LONG ENOUGH AND LOUD ENOUGH, THEY MIGHT HAVE PUT A PEN REGISTER ON YOUR LINE TO RECORD EVERYTHING AND PROVE IT TO YOU. UNDER ESS, THE ACTUAL PRINTOUT (WHICH WILL BE DUG OUT OF A VAULT SOMEWHERE IF NEEDED) SHOWS EVERY LAST DIGIT DIALED. EVERY 800 CALL, EVERY CALL TO DIRECTORY ASSISTANCE, REPAIR SERVICE, THE OPERATOR, EVERY RENDITION OF THE 1812 OVERTURE, EVERYTHING! HERE IS AN EXAMPLE OF A TYPICAL PRINTOUT, WHICH SHOWS TIME OF CONNECT, LENGTH OF CONNECT, AND NUMBER CALLED. DATE TIME LENGTH UNITS NUMBER 0603 1518 3 1 456-7890 0603 1525 5 3 345-6789 0603 1602 1 0 000-4011 0603 1603 1 0 800-555-1212 0603 1603 10 2.35* 212-345-6789 0603 1624 1 0 000-000-0000 (TSPS) A THOUSAND CALLS TO "800" WILL SHOW UP AS JUST THAT--A THOUSAND CALLS TO "800"! EVERY TOUCH TONE OR PULSE IS KEPT TRACK OF AND FOR MOST PHREAKS, THIS IN ITSELF WON'T BE VERY PRETTY. SOMEWHERE IN THE HALLOWED HALLS OF 19 5 BROADWAY, A TRAFFIC ENGINEER DID AN EXHAUSTIVE STUDY OF ALL 800 CALLS OVER THE PAST FEW YEARS, AND REACHED THE FOLLOWING CONCLUSIONS: (1) LEGITIMATE CALLS TO 800 NUMBERS LAST AN AVERAGE OF 3 MINUTES OR LESS. OF THE ILLEGAL (I.E PHREAKERS) CALLS MADE VIA 800 LINES, MORE THAN 80% LASTED 5 MINUTES/LONGER; (2) THE AVERAGE RESIDENTIAL TELEPHONE SUBSCRIBER MAKES FIVE SUCH CALLS TO AN 800 NUMBER PER MONTH. WHENEVER PHREAKERS ARE BEING WATCHED, THAT NUMBER WAS SIGNIFICANTLY HIGHER. AS A RESULT OF THIS STUDY, ONE FEATURE OF ESS IS A DAILY LOG CALLED THE "800 EXCEPTIONAL CALLING REPORT." UNDER ESS, ONE SIMPLY DOES NOT PLACE A 2600 HZ TONE ON THE LINE, UNLESS OF COURSE, THEY WANT A TELCO SECURITY REPRESENTATIVE AND A POLICEMAN AT THEIR DOORWITHIN AN HOUR! THE NEW GENERICS OF ESS (THE #5) NOW IN PRODUCTION, WITH AN OPERATING PROTOTYPE IN GDNZFA, nILL, ALLOW THE SYSTEM TO SILENTLY DETECT ALL "FOREIGN" TONES NOT AVALABLE ON THE CUSTOMER'S PHONE. YOU HAVE EXACTLY 12 BUTTONS ON YOUR TOUCH-TONE (R) PHONE. ESS KNOWS WHAT THEY ARE, AND YOU HAD BEST NOT SOUND ANY OTHER TONES ON THE LINE, SINCE THE NEW #5 IS PROGRAMMED TO SILENTLY NOTIFY A HUMAN BEING IN THE CENTRAL OFFICE, WHILE CONTINUING WITH YOUR CALL AS THOUGH NOTHING WERE WRONG! SOMEONE WILL JUST PUNCH A FEW KEYS ON THEIR TERMINAL, AND THE WHOLE SORDID STORY WILL BE RIGHT IN FRONT OF THEM, & PRINTED OUT FOR ACTION BY THE SECURITY REPRESENTATIVES AS NEEDED. TRACING OF CALLS FOR WHATEVER REASON (ABUSIVE CALLS, FRAUD CALLS, ETC.) IS DONE BY MERELY ASKING THE COMPUTER RIGHT FROM A TERMINAL IN THE SECURITY DEPARTMENT. WITH ESS, EVERYTHING IS RI GHT UP FRONT, NOTHING HIDDEN OR CONCEALED IN ELECTROMECHANICAL FRAMES, ETC. IT'S MERELY A SOFTWARE PROGRAM! AND A PROGRAM DESIGNED FOR EASE IN OPERATION BY THE PHONE COMPANY. CALL TRACING HAS BECOME VERY SOPHISTICATED A ND IMMEDIATE. THERE'S NO MORE RUNNING IN THE FRAMES AND LOOKING FOR LONG PERI ODS OF TIME. ROM CHIPS IN COMPUTERS WORK FAST, AND THAT IS WHAT ESS IS ALL ABOUT. PHONE PHREAKS ARE NOT THE ONLY REASON FOR ESS, BUT IT WAS ONE VERY IMPORTANT ONE. THE FIRST AND FOREMOST REASON FOR ESS IS TO PROVIDE THE PHONE COMPANY WITH BETTER CONTROL ON BILLING AND EQUIPMENT RECORDS, FASTER HANDLING OF CALLS (I.E. LESS EQUIPMENT TIED UP IN THE OFF ICE AT ANY ONE TIME), & TO HELP AGENCIES SUCH AS THE FBI KEEP BETTER ACCOUNT OF WHO WAS CALLING WHO FROM WHERE,ETC. WHEN THE FBI FINDS OUT THAT SOMEONE WHOSE CALLS THEY WANT TO TRACE IS ON A ESS EXCHANGE, THEY ARE THRILLED BECAUSE IT'S SO MUCH EASIER FOR THEM THEN. THE UNITED STATES WON'T BE 100% ESS UNTIL SOMETIME IN THE MID 1990'S. BUT IN REAL PRACTICE, ALL PHONE OFFICES IN ALMOST EVERY CITY ARE GETTING SOME OF THE MOST BASIC MODIFICATIONS BROUGHT ABOUT BY ESS. "911" SERVICE IS AN ESS FUNCTION. SO IS ANI (AUTOMATIC NUMBER IDENTIFICATION) ON LONG DISTANCE CALLS. "DIAL TONE FIRST" PAY PHONES ARE ALSO AN ESS FUNCTION. NONE OF THESE THINGS WERE AVAILABLE PRIOR TO ESS. THE AMOUNT OF PURE FRAUD CALLING VIA BOGUS CREDIT CARD, THIRD NUMBER BILLING, ETC. ON BELL'S LINES LED TO THE DECISION TO RAPIDLY INSTALL THE ANI, FOR EXAMPLE, EVEN IF THE REST OF THE ESS WAS SEVERAL YEARS AWAY IN SOME CASES. DEPENDING ON HOW YOU CHOOSE TO LOOK AT THE WHOLE CONCEPT OF ESS, IT CAN BE EITHER ONE OF THE MOST ADVANTAGEOUS INNOVATIONS OF ALL TIME OR ONE OF THE SCARIEST. THE SYSTEM IS GOOD FOR CONSUMERS IN THAT IT CAN TAKE A LOT OF ACTIVITY AND DO LOTS OF THINGS THAT OLD ER SYSTEMS COULD NEVER DO. FEATURES SUCH AS DIRECT DIALING OVERSEAS, CALL FORWARDING (BOTH OF WHICH OPEN UP NEW WORLDS OF PHREAKING WHICH WE'LL EXPLORE IN LATER ISSUES), AND CALL HOLDING ARE STEPS FORWARD, WITHOUT QUESTION. BUT AT THE SAME TIME, WHAT DO ALL OF THE NASTY IMPLICATIONS MENTIONED FURTHER BACK MEAN TO THE AVERAGE PERSON ON THE SIDEWALK? THE SYSTEM IS PERFECTLY CAPABLE OF MONITORING ANYONE, NOT JUST PHONE PHREAKS! WHAT WOULD HAPPEN IF THE NICE FRIENDLY GOVERNMENT WE HAVE SOMEHOW GOT OVERTHROWN AND A MEAN NASTY ONE TOOK ITS PLACE? WITH ESS, THEY WOULDN'T HAVE TO DO TOO MUCH WORK, JUST COME UP WITH SOME NEW SOFTWARE. IMAGINE A PHONE SYSTEM THAT COULD TELL AUTHORITIES HOW MANY CALLS YOU PLACED TO CERTAIN TYPES OF PEOPLE, I.E. BLACKS COMMUNISTS, LAUNDROMAT SERVICE EMPLOYEES... ESS COULD DO IT, IF SO PROGRAMMED. *** BIOC FROM WHACKOLAND BBS: *** AGENT THE RADIO STATION BBS 300/1200 BAUD --------------------------------------- GAMES PHONE COMPANIES PLAY Some phone companies have come up with clever little tricks to fuck up the phreaks hacking activities. One of these is the CARRIER BLAST. Simply put, they shoot a 300/1200 baud answer tone across the phone line right before you connect with your destination. This move makes your computer THINK it's connected with the computer you're calling. The attempt is laughable. All you need do is to take the modem offline for that period of seconds when the carrier is blasting. For the Hayes and the Hayes compatible modems you work this command into the dialing sequence, "+++,". Each modem in the AT mode permits you to take the modem offline and "idle". The function is programable so you can use any keyboard character. The "+++" puts the modem in idle, the comma is a timing element you've preprogrammed. If you want a five second delay, you will have programmed "ATS8=5" or "ATS8=10" for a ten second delay. After your delay the modem will continue to execute the dialing sequence. You'll now use "ATO" to put the modem back on line. The whole routine will look like this,"+++,ATO". Consult your modem manuals if you don't have a Hayes Compatible. Each manufacturer has "borrowed" the same features from Hayes. The result will be the same even if your commands may differ. Another little gimmick has been borrowed from the PBX. After entering your code you have to enter "9" to get out. No big deal. Just use nine as a suffix. If you've ever tried hacking an AT&T credit card (and I recommend that you don't) you'd notice that you can dump the entire dialing sequence all at once. This is a classy system. Not so with MCI or UStel. After you've entered the 0 and the area code of your destination the system beeps you that it has received the proper format. While this beeping is going on you can't dial over it. The solution is simple, insert the "comma delay to wait for the "beeper" to get done. The one problem you may encounter depends on the size of you modem's buffer. The Hayes compatible can accept forty five digits. The MCI/UStel format requires a full 44 digits. You have one to spare. If your buffer size is smaller, you'll have to break the dialing sequence in two separate routines. A bit of a bitch but liveable for the return. Code format bastardizations are a nice change. The telco's hope that in deviating from the norm, it will be less advantageous for the hacker, who like anyone else develops habits, to whack away at their systems. Itt's reverse arrangement is a prime example. The Pbx The Pbx (Public Branch Exchange) is a switching station. In the old days an operator would stick a plug into a slot and connect with an incoming call and another plug to a second slot to establish a connection with the destination. The equipment is the same in theory except, today the microchip has eliminated the human operator. The phreak is interested in the board's dial in/out capability. The legitimate users of the Pbx can call into a number, enter a code + a routing number and have an At&t line to dial out with. Pbx's afford the hack indirect access to Ma Bell without exposing him to the risk of a trace. There are two principle uses, Teleconferencing and Overseas calls to area only At&t services. To find a Pbx the hack scans a local prefix. This is also known as War Dialing after the movie War Games. To find the unit the hack must be equipped with a modem capable of recognizing a dial tone. The Hayes modem can not. The Apple Cat is considered the ideal phreaking modem. Not only can it recognize dial tones it can generate the frequencies needed to emulate a blue box. The Cat is not one of Ma Bell's favorites. The Hayes user is forced to sit and listen to the dialing if he wants a Pbx. Most phreaks will usually make a deal with a cat owner for pbx locations. The phreak will recognize the Pbx when he hears a second dial tone. He'll now start playing around looking for the code. Many switchboards have simple and easy to remember 4 digit codes like 1234. The hack will always go for the obvious. Code lengths can be any where from zero to eight digits. Pbx's are very user friendly. When you screw up it'll beep at you to let you know. This is a worksheet for Pbx hacking 1 1 1 1 1 1 1 1 2 2 2 2 2 2 2 2 3 3 3 3 3 3 3 3 4 4 4 4 4 4 4 4 5 5 5 5 5 5 5 5 6 6 6 6 6 6 6 6 7 7 7 7 7 7 7 7 8 8 8 8 8 8 8 8 9 9 9 9 9 9 9 9 The hack will now enter a number from the far left column. If it beeps at him he knows he's guessed wrong so he disconnects and redials. With an autodialer that's no big deal. He goes back to work on the first column. He will eventually it a number which doesn't generate an error message. He circles it and proceeds to the next column. When he's succeeded in hacking out the code, he will hear another dial tone. This is his At&t line out. Most phreaks will test the line by dialing information, local to the Pbx. Some units require an additional out code. Would you believe 9 ? Actually the Pbx will accept any preprogrammed 2 digit code, like 85. Nine has become a habit and many virgins have lost their cherry to a phreak by doing the obvious. I've seen units that required no code, only the 9 to get outside. It's impossible to make a Pbx secure. If a hacker want's it, and he's willing to work on it, he'll get it. The only option available to the business is to disconnect the in/out dialups and supply their outside personnel with long distance travel cards. Loops Loops are mildly interesting in the hack/phreak world. They consist of two telephone numbers that, when connected, permit callers to hold conversations with strangers or friends whom they've met by appointment. A loop has a high side and a low side, meaning one of the pair of numbers emits a tone while the other is quiet. Loops in 213 and 818 areas can be found by dialing any prefix and 1118 or 1119. Pacific Telephone has injected a rather annoying "click" into the line which makes data transfers impossible and voice communication tedious. This situation doesn't exist in other areas of the country. At first glance, loops may not appear to have any practical value. To the hacker it has two uses. It enables him to voice with people he doesn't want to have his phone number and it's useful in conferencing (see Alliance). Many hacks refuse to make their personal information available to those who are not long standing bbs acquaintances. Loops make safe voicing possible. A Few Loops 201-531-9929,9930 201-938-9929,9930 206-827-0018,0019 206-988-0020,0022 212-283-9977,9997 208-862-9996,9997 209-732-0044,0045 212-529-9900,9906 212-283-9977,9979 212-352-9900,9906 212-220-9977,9979 212-365-9977,9979 212-562-9977,9979 212-986-9977,9979 213-549-1118,1119 214-299-4759,4757 214-291-4759,4757 307-468-9999,9998 308-357-0004,0005 402-779-0004,0007 406-225-9902,9903 714-884-1118,1119 These loops were taken from a Hack Board and are for the 808 area. ((((((((((((((((((((((((((((((((((( ( ( ( ( ( ( ( Here are some loops for ya. ( ( ( ( ( ( ( ( (808) = 1 ( ( (9907)= Loud ( ( (9908)= Silent ( ( ( ( ( ( ( ( ( ( 1 328 (Loud) (Silent) ( ( " 322 """"""""""""""" ( ( " 572 """"""""""""""" ( ( " 261 """"""""""""""" ( ( " 239 """"""""""""""" ( ( " 668 """"""""""""""" ( ( " 885 """"""""""""""" ( ( " 961 """"""""""""""" ( ( " 245 """"""""""""""" ( ( " 332 """"""""""""""" ( ( " 335 """"""""""""""" ( ( " 623 """"""""""""""" ( ( " 624 """"""""""""""" ( ( " 959 """"""""""""""" ( ( " 742 """"""""""""""" ( ( " 879 """"""""""""""" ( ( " 882 """"""""""""""" ( ( " 329 """"""""""""""" ( ( " 247 """"""""""""""" ( ( " 235 """"""""""""""" ( (((((((((((((((((((((((((((((((((((((( The Loop master (Merauge) was here DIVERTERS Diverters are privately owned call forwarding machines. They'll be found almost exclusively in areas that don't have call forwarding. This also means ESS isn't operational in your area. This is how it works... You may not realize it, but the sounds of a call connecting are permanently etched on your subconscience mind. Whether it's the sounds of tones or clicks, you know when your call has connected. Pay attention next time, you'll see what I mean. A call going to a diverter makes two connections. First to the number you called and second to the number that the diverter called. When you hear this second connection, you'll know that you've bagged a diverter. The call will be connected to a person you have absolutely no interest in talking to. Tell the person that you have the wrong number, click the rocker on your phone, and wait for HIM to hang up. Your call is now in a never never land between the first number you dialed and the number that the diverter called. Wait about two minutes. You'll hear a faint dial tone in the back ground. That's your AT&T line out. You can now dial anywhere in the world. Since you're dealing with a real human on the other end, be prepared for the unexpected. I called one diverter recently and had a fellow answer the phone. I used the wrong number routine and clicked the rocker, but HE DIDN'T HANG UP. Hey, I'm cool, a dummied up and waited. After five minutes HE STILL WOULDN'T HANG UP. Not only that, he started making lewd suggestions that he and I get together for a date. I like girls and this joker was grossing me out. I said,"Jesus fucking Christ" very disgustedly (for emphasis) and clicked the rocker arm again. THE SON OF A BITCH STILL WOULDN'T HANG UP. I gave up and went to a PBX. This is the moral of this story. This fellow had been burned before. He knew the flaw in his diverter and he knew what to do about it. Plus the guy gets 10 points for have some style. He knew what I was trying to do to him and he played the game out all the way. A good show. Manufacturers of diverters are hip to the game. Their newer machines have disconnect features that restrict a phreaks call out abilities. Never the less, there are hundreds of thousands of the older machines still out there with their cherries intact. Firms that use a diverter are too cheap to hire and answering service. For this reason alone they won't be too quick to upgrade their systems. They'll get a little incentive after they receive a several thousand dollar phone bill. I spoke with a phreak not too long ago who received a 2 thousand dollar phone bill for conferance calls he'd made with a diverter. Explained the steps he'd taken in its use. I asked him if the second dial tone he received was as loud as the first. I informed him as kindly as possible, "You dumb shit, that was your dial tone not the diverter". There's a moral in there somewhere. The Black Box Another credible file on box building. Note the black will work under Crossbar or Step by Step but not with ESS. *************************************** * * * HOW TO BUILD A BLACK BOX * * * *************************************** A BLACK BOX IS A DEVICE THAT IS HOOKED UP TO YOUR FONE THAT FIXES YOUR FONE SO THAT WHEN YOU GET A CALL, THE CALLER DOESN'T GET CHARGED FOR THE CALL. THIS IS GOOD FOR CALLS UP TO 1/2 HOUR, AFTER 1/2 HOUR THE FONE CO. GETS SUSPICOUS, AND THEN YOU CAN GUESS WHAT HAPPENS. THE WAY IT WORKS: WHAT THIS LITTLE BEAUTY DOES IS KEEP THE LINE VOLTAGE FROM DROPPING TO 10V WHEN YOU ANSWER YOUR FONE. THE LINE IS INSTED KEPT AT 36V AND IT WILL MAKE THE FONE THINK THAT IT IS STILL RINGING WHILE YOUR TALKING. THE REASON FOR THE 1/2 HOUR TIME LIMIT IS THAT THE FONE CO. THINKS THAT SOMETHING IS WRONG AFTER 1/2 AN HOUR OF RINGING. ALL PRTS ARE AVAILABLE RADIO SHACK. USING THE LEAST POSSIBLE PARTS AND ARANGEMENT, THE COST IS $0.98 !!!! AND THAT IS PARTS FOR TWO OF THEM! TALK ABOUT A DEAL! IF YOU WANT TO SPLURGE THEN YOU CAN GET A SMALL PC BOARD, AND A SWITCH. THERE ARE TWO SCHEMATICS FOR THIS BOX, ONE IS FOR MOST NORMAL FONES. THE SECOND ONE IS FOR FONES THAT DON'T WORK WITH THE FIRST. IT WAS MADE FOR USE WITH A BELL TRIMLINE TOUCH TONE FONE. ** SCHEMATIC 1 FOR MOST FONES ** ** LED ON: BOX ON ** FROM >--------------------GREEN-> TO LINE >--! 1.8K LED !---RED--> FONE !--/\/\/\--!>--! ! ! ------>/<------- SPST PARTS: 1 1.8K 1/2 WATT RESISTOR 1 1.5V LED 1 SPST SWITCH YOU MAY JUST HAVE TWO WIRES WHICH YOU CONNECT TOGETHER FOR THE SWITCH. ** SCHEMATIC 2 FOR ALL FONES ** ** LED ON: BOX OFF ** FROM >---------------GREEN-> TO LINE >------- ---RED--> FONE ! LED ! -->/<--!>-- ! ! ---/\/\/--- 1.8K PARTS: 1 1.8K 1/2 WATT RESISTOR 1 1.5V LED 1 DPST SWITCH HERE IS THE PC BOARD LAYOUT THAT I RECOMMEND USING. IT IS NEAT AND IS VERY EASY TO HOOK UP. SCHEMATIC #1 SCHEMATIC #2 ************** **************** * * * ------- * * --<LED>--- * * ! ! * * ! ! * * ! <SWITCH> * * RESISTOR ! * * ! ! ! * * ! ! * * ! ! / * * -------- ! * * ! ! \ * * ! ! * * ! <LED>! / * * --SWITCH-- * * ! ! \ * * ! ! * * ! ! / * L * ! ! * F L * ! ! ! * F I>RED- -RED>O I>RED- ---RED>O N>-----GREEN---->N N>-----GREEN------>N E * H * E E * * E ************** **************** ONCE YOU HAVE HOOKED UP ALL THE PARTS, YOU MUST FIGURE OUT WHAT SET OF WIRES GO TO THE LINE AND WHICH GO TO THE FONE. THIS IS BECAUSE OF THE FACT THAT LED'S MUST BE PUT IN, IN A CERTAIN DIRECTION. DEPENDING ON WHICH WAY YOU PUT THE LED IS WHAT CONTROLS WHAT WIRES ARE FOR THE LINE & FONE. HOW TO FIND OUT: HOOK UP THE BOX IN ONE DIRECTION USING ONE SET OF WIRES FOR LINE AND THE OTHER FOR FONE. *NOTE* FOR MODEL I SWITCH SHOULD BE OFF. *NOTE* FOR MODEL ][ SWITCH SHOULD BE SET TO SIDE CONNECTING THE LED. ONCE YOU HAVE HOOKED IT UP, THEN PICK UP THE FONE AND SEE IF THE LED IS ON. IF IT IS, THE LED WILL BE LIT. IF IS DOESN'T LIGHT THEN SWITCH THE WIRES AND TRY AGAIN. ONCE YOU KNOW WHICH ARE WHICH THEN LABEL THEM. *NOTE* - IF NEITHER DIRECTIONS WORKED THEN YOUR SWITCH WAS IN THE WRONG POSITION. NOW LABLE THE SWITCH IN ITS CURRENT POSITION AS BOX ON. HOW TO USE IT: THE PURPOSE OF THIS BOX IS NOT TO POEPLE WHO CALL YOU SO IT WOULD MAKE SENCE THAT IT CAN ONLY BE USED TO RECEIVE! CALLS. WHEN THE BOX IS *ON* THEN YOU MAY ONLY RECIEVE CALLS. YOUR FONE WILL RING LIKE NORMAL AND THE LED ON THE BOX WILL FLASH. IF YOU ANSWER THE FONE NOW, THEN THE LED WILL LIGHT AND THE CALLER WILL NOT BE CHARGED. HANG UP THE FONE AFTER YOU ARE DONE TALKING LIKE NORMAL. YOU WILL NOT BE ABLE TO GET A DIAL-TONE OR CALL WHEN THE BOX IS ON, SO TURN THE BOX *OFF* FOR NORMAL CALLS. I DON'T RECOMMEND YOU DON'T WANT IT TO ANSWER WHEN MA BELL CALLS! Incidentally, never let it be said that all hackers are literate. Just knowing thieves. The Infamous Blue Box The follwoing appears to be a credible set of plans for the Captain Crunch machine. $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ $ $ $ BLUE BOX PLANS! $ $ --------------- $ $ $ $ Edited and Uploaded by: $ $ $ $ $ $$$$$$$->The Spirit Of Radio<-$$$$$$$ $ $ $ Written by: $ $ $ $ Mr. America from Osuny BBS $ $ $ $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ This file will explain the construction, troubleshooting, andadjustmentof a Blue Box. We all know that the touch tone frequencies are composed of 2 tones (2 different freqs.) so that is the reason why we have 2 VCO's (Voltage Controlled Oscilators). We'll call them VCO#1 and VCO#2.If you have noticed VCO#1 and VCO#2 are exactly the same type of circuits. That is why only 1 was drawn. But remember that whatever goes for VCO#1 also goes for VCO#2. Both VCO'S are composed of a handfull of parts. One chip, two capacitors,2 resistors and five potentionmeters. All of this will give you (when properly calibrated) one of the freqencies necessary (the other one will come fromVCO#2) for the operation of $ the Blue Box. Both of these freqs. will bemixed in the speaker to form the required tone. This is one of the most sophisticated designs I have ever made. Why? Because other designs will drain the battery after 10 calls. This design will make them last 10 months!!!!!! But nevertheless, don'tforget to put in aswitch for on and off. Ok let's build the two VCO'S andcalibrate the unit before we get to the keyboard construction. VCO CONSTRUCTION TOOLS REQUIRED 1 ocilliscope(optional but not req) 1 Freq. counter (REQUIRED) 1 Volt meter " " " Electronics tools (Pliers, drll, screwdrivers, etc.) PARTS R1 1.5K RESISTOR 5% R2 1K RESISTOR 5% C1 .1uf ELECTROLYTIC CAPACITOR 16VDC C2 .01uf " " (MYLQR) 16VDC C1 2207 VCO CHIP BY EXAR ELECTRONICS Remember the above only says VCO#1 but the same is for VCO#2 R3-R4 150 OHM RESISTORS 5% . C3-C4 .1 uf ELECTROLITIC CAPACITOR . 10VDC . P1-P10 200K TRIMMER POT - 20 TURNS DIODES USED IN THE KEYBOARD ARE 1N914 TYPE(40 OF THEM) & 13 SWITCHES FOR THE KEYBOARD SPST MOMENTARY. SPKR YOU CAN USE A TELEPHONE SPEAKER FOR THIS (IT WORKS BEST) BUT REMEMBER TOTAKE OUT THE DIODE THAT IS CONNECTED ACCROSS IT. IMPORTANT NOTES 1. DO NOT USE ANYTHING ELSE OTHER THAN A MYLAR CAPACITOR FORC2. 2. PINS 10,9,8 SHOULD BE TIED TOGETHER AND BE LEFT FLOATING. 3. ALL RESISTORS SHOULD BE 5%! NOTHING ELSE! 4. A TELEPHONE SPEAKER GIVES THE BEST RESULTS. TROUBLE SHOOTING By now you should have constructed the two VCO'S on a bread board or anything that pleases you. Check for cold solder joints,broken wires,polarity of the battery, etc. Before we apply power to the VCO'S we have to adjust the pots for their half way travel point. This is done by turning them 21 turns to the right and then 10 turns to the left. Do the same for all ten of them. Now apply power to the unit check to see that you have power in the chips by putting the positive lead of your volt meter on pin 7 andthe negative lead on pin 12. If you do not have anything there turn off the unit and RECHECK THE WIRING. When you get the right voltages on the chips, connect a diode to a piece of wire (look at fig. 2 for the orientation of the diode) from round to any pot at point T (look carefully at the schematic for point T it is labeled T1-T10 for all pots). You should be able to hear a tone, if not disconnect the lead and place the speaker close to your ear and if you hear a chirp-like sound, this means that the two VCO'S are working if you don't, it means that either one or both of the VCO'S are dead. So in this case it is always good to have an ocilloscope on hand. Disconnect the speaker from the circuit and hook the ocilliscope to 1 of the leads of the speaker & the ground from the scope to the ground of the battery. Connect again the ground lead with the diode connected to it from ground to any pot on the VCO that you are checking and you should see a triangle wave if not turn the pot in which you are applying the ground to until you see it. When you do see it do the the same for the other VCO to makesure it is working. (amplitude is about 2VAC). When you get the two VCO's working you are set for the adjustment of the individual spots. ADJUSTMENT Disconnect the speaker from the circuit and connect a freq. counter (the positive lead of the counter to one of the speakers leads that belongs to VCO#1 or connect it to pin 14. Connect the negative lead to the battery negative and connect the jumperlead with the diode from ground to pot number 1.T1 (the first pot number 1 point T1). If you got it working you should hear a tone and get a reading on the counter. Adjust the pot for a freq. of 1700hz and continue doing the same for pots 2-5 except that they get different freqs. which are: : $$$$$$$$$$$$$$ : : $ $ : : $ P1 1700hz $ : : $ P2 1300hz $ : : $ P3 1100hz $ : : $ P4 900hz $ : : $ P5 1500hz $ : : $ $ : : $$$$$$$$$$$$$$ : Now disconnect the freq. counter from the speaker lead of VCO#1 or from pin (which ever you had it attached to at the beginning) and connect it to the speaker lead of VCO#2 or to pin 14 of VCO#2 and make the same adjustments toP6-10.: : $$$$$$$$$$$$$$$ : : $ $ : : $ P6 1100hz $ : : $ P7 700hz $ : : $ P8 900hz $ : : $ P9 2600hz $ : : $ P10 1500hz $ : : $ $ : : $$$$$$$$$$$$$$$ : When you finish doing all of the pots go back and re-check them. KEYBOARD IF YOU LOOK AT FIG-2 YOU WILL SEE THAT THE KEYS ARE SIMPLE SWITCHES. CONNECTED TO A GROUND AND TWO DIODES ON THE OTHER END. THESE DIODES ARE USED TO SIMPLIFY THE CONSTRUCTION OF THE KEYBOARD BECAUSE OTHERWISE THE DISTRIBUTION OF THE GROUND SIGNAL FOR BOTH VCO'S WOULD HAVE BEEN DONE MECHANICALLY. THE DIODE WILL GO TO VCO#1 AND THE OTHER WILL GO TO VCO#2. FIG-3 SHOWS THE ARRANGEMENT OF THE KEYS ON THE KEYBOARD. BELOW IS A TABLE THAT WILL HELP YOU CONNECT THE KEYS TO THE REQUIRED VCO'SPOTS. <-------------------------------------> < > < (-FIG 2-) > < > <-----!-----!--------!--------!-------> < ! ! ! ! > < TO ! TO ! FREQ ! FREQ ! KEY > < POT ! POT ! OUT: ! OUT: ! > < ON ! ON ! ! ! > < VCO1! VCO2! ! ! > <-----!-----!--------!--------!-------> < 1 ! 06 ! 1700hz ! 1100hz ! C > < 2 ! 10 ! 1300hz ! 1500hz ! 0 > < 1 ! 10 ! 1700hz ! 1100hz ! E > < 4 ! 07 ! 0900hz ! 0700hz ! 1 > < 3 ! 07 ! 1100hz ! 0700hz ! 2 > < 3 ! 08 ! 1100hz ! 0900hz ! 3 > < 2 ! 07 ! 1300hz ! 0700hz ! 4 > < 2 ! 08 ! 1300hz ! 0900hz ! 5 > < 2 ! 06 ! 1300hz ! 1100hz ! 6 > < 5 ! 07 ! 1500hz ! 0700hz ! 7 > < 5 ! 08 ! 1500hz ! 0900hz ! 8 > < 5 ! 06 ! 1500hz ! 1100hz ! 9 > < - ! 09 ! ------ ! 2600hz ! X > < ! ! ! ! > <-------------------------------------> REMEMBER THAT IN FIG-2 IT'S THE SAME FOR EACH KEY EXCEPT THE "X" KEY, WHICH ONLY TAKES ONE DIODE.