323 lines
17 KiB
Plaintext
323 lines
17 KiB
Plaintext
|
|
ÜÛßßßßßßßßßßßßßÛÜ ÜßßßßßßÜ ÜßßßßßßßßßßÜ ÛßßßßßßßßßßÜ
|
|
Û.ÅÄijÄÄ¿³ÀijÄø Û Û Ä¿úÀ¿ ßÜ Üß ÚÄÄijÄÄÄÄ Û Û .ÃÄÄÄÂÄÂÄ ßÜ
|
|
ÛÜÜÜÜÜ Ä³ÙúÜÜÜÜÜÛ Û ³ÚÄÄÄ¿ ßÜ Üß ³ú ÜÜÜÜÜÜÜß Û Ä³ÄÄÙ. ÀÄ¿ Û
|
|
Û Ú³Ä Û Û úÀÅijÄÁ úßÜ Û ÄÁ ³ Û Û Ä³ ÛßßÜ ¿³úÛ
|
|
Û À³Ä Û Û ÄijÂÁÄÄÄÂÄÄ Û Û ÄÄÂÙ ßßßßßßßÜ Û Ã Û Û ³³ Û
|
|
Û úÃÄ Û Û ÄÄÙ³ ÚÄÁÄ¿ .Û Û ÄÄÀÄijÄÄÁÄ¿³ Û Û Ä´ Û Û ³À Û
|
|
Û ÄÙÄ.ÛÝ Û ÄÂÄÙúÀÄijÃÄ Û ÛÜÜÜÜÜÜÜÜ ÄijÙ.Û Û ³úÛ Û ÀÄ Û
|
|
ÜÛßßßÜÜßßúßÜ Û .³ ÞÛßÛ Ã³ú ÛÜ ÜÜÜÜÜÜÜÜÛúÄÄÁÄ Û ÛÝÄÁÄÛ Û ÂÄ.Û
|
|
ßÛ° Þß ßß ÛÛßÜ ÜßÜ.ÛÜ Þß ßÝ ÜÜ°ßÛÜ ÛÜ ÜÜÜ ÜÜß ÜÛÝ ÛßÜ ÜÝÜÜß ³ÜßÛÜ
|
|
ß .Û±ß ß .ß þÜÝÛ Ûßß±ß úßßÛ°ÛþÛß ßßÝÛßÝÛß úÛÛÛÛ.ÛÛ ÞÜ ßßÜÜß ßßÝÛ.ÛÝ
|
|
ß ÞßßÛÛÛÛß ßÛÛßÛÛþÛÛÛßßßßÜ ßßÛ. ßßßÞ ßÛÜß ßÛ. ÛúÝ ÛþÛÛÛ ÛÛ
|
|
ú Þßßß Ý ß ßÛÛÜßßßÛ.ÛÜß
|
|
. . ß ßÝ
|
|
ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ
|
|
ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ[ The Association of Social Disorder Presents : ]ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ
|
|
The TASD newsletter number 002
|
|
ÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍ
|
|
|
|
Contents of this newsletter -
|
|
|
|
CELLULAR PHREAKING
|
|
CARDING SCAMS/PROBLEMS
|
|
QUICK 'N EASY BOMBING PART 2
|
|
HACKING SYSTEM 75/85 PBX'S
|
|
|
|
CELLULAR PHREAKING -
|
|
|
|
This is an area that has brought up some serious questions about how on
|
|
earth can we scam the people who thought having a phone to call and order
|
|
pizza from their car would be 'neat'. Cellular phreaking is a fairly new area
|
|
and should continue to grow with the large number of people now buying their
|
|
very own mobile phones, I mean they have to eat pizza too you know. Anyhow,
|
|
there are some basic ideas in the way that a car phone works that would
|
|
allow a person to be able to scam some free air time if so desired.
|
|
|
|
1) Changing of the actual data within the phone and calling with someone
|
|
else's phone number and letting them get billed.
|
|
|
|
2) Making your area's cellular carrier believe that you are from another
|
|
area code and that you are a valid number, regardless if you are or are not.
|
|
|
|
Ok, lets assume here that you would wish to do number one, and that you
|
|
are not dumb enough to still use a blue box. Now, still assuming the previous,
|
|
you would need to be able to have some sort of ability to scan the higher
|
|
800-900 mghtz radio freq range where cellular phones operate, blank PROMs 256
|
|
bit capacity, PROM programmer, and the ability to decode the phase-key shifted
|
|
information passed from the phone to the receiving station. The information
|
|
is sent in the following order :
|
|
|
|
1 The caller's ESN (serial number)
|
|
2 Caller's home system number (2 digits long)
|
|
3 Caller's AC+N
|
|
4 Number caller wishes to dial
|
|
|
|
When the cellular system recieve's the caller's data it will check and
|
|
make sure that the ESN and caller's ACN match, if not, no go. If so, then the
|
|
call will go through and the bill is later sent to the home system of the
|
|
caller. Now with this information you are wondering how on earth you could
|
|
change the ESN and home system number in your own car phone, that now
|
|
follows.
|
|
|
|
[ THE FOLLOWING DATA LOCATIONS ORIGINALY COMPILED BY THE MAD PHONE MAN ]
|
|
|
|
NOTE - NAM = PROM
|
|
|
|
The NAM contains the subscriber number and lock code, the home system
|
|
identification and other system required information. You may wonder how this
|
|
info is arranged. The NAM is organized into 32 rows and 8 columns. It is
|
|
32 words of 8 bits each. (256 bits total) Starting from the top of the NAM
|
|
(address 00) you will find the abreviation SIDH, This means "system id number
|
|
home" , a number starting at 0001 assigned by the FCC. Each market allows two
|
|
systems. Even for the wire-line and odd for the non-wireline.
|
|
|
|
At address 03 we find LU (Local use) on the left and MIN on the right these
|
|
are usualy set to 1. Locations with zeros are reserved. Going down the map,
|
|
there's MIN1 and MIN2 the subscriber number and the area code respectivly
|
|
Dont try to read them from a raw printout of the NAM data, they are scrambled
|
|
beond recognition. The reason? The way they are arranged is the way they must
|
|
be transmitted to the cellular systems receivers. The programmer does this to
|
|
make the radio's job easier.
|
|
|
|
Next is the station class mark, which identifys the class and power
|
|
capability of the phone. The system will treat a handheld (low power) differently
|
|
than a standard 3 watt mobile.
|
|
|
|
- IPCH is the inital paging channel. The radio listens for a page on this
|
|
channel. Wirelines use 334 and non-wirelines use 333.
|
|
|
|
- ACCOLC (ACCess Overload Class) is designed in throwing off customers in
|
|
the event of an overload. Thru neglect this standard has been largely unused.
|
|
(A class 15 station is supposed to be police, fire, or military)
|
|
Usualy its set to 0 plus the last digit of the phone number to provide random
|
|
loading.
|
|
PS- Prefered system. This is always 1 in non-wireline and 0 in wireline.
|
|
|
|
The lock code is about the only thing you can read directly by studying
|
|
the NAM data. The "spare" bit must be a 0 if the radio contains a 3 digit code.
|
|
Because the number of clicks when you dial 0 on a (dial) phone equals 10
|
|
zeros in the lock code are represented by an "A" the hexadecimal equiv of 10.
|
|
|
|
EE,REP,HA, and HF correspond to end-to-end signaling (DTMF tones possible
|
|
you talk) REPeratory dialing (provision for 10 or more numbers in memory)
|
|
|
|
Horn Alert and hands free. Like all options, they are 1, if turned on and
|
|
0 if (all these numbers are in hex) are supposed to be used
|
|
by radio mfgrs to store option switches. Usualy 13 is used, 14 sometimes and
|
|
the rest less often.
|
|
|
|
Last you will find checksum adjustment and checksum. These numbers are
|
|
calculated automaticly after the data has been edited for the NAM. The sum
|
|
of all words in the nam plus these last two must equal a number with 0's
|
|
in the last two digits. The radio checks this sum and if it isnt correct
|
|
the radio assumes the NAM is bad or tampered with. In the case the radio
|
|
refuses to operate until a legal NAM is installed.
|
|
|
|
|
|
MARK most BIT SIGNIFICANCE least Hex
|
|
DEFINITION address
|
|
----------------------------------------------------------------------------
|
|
| 0 SIDH (14-8) | 00
|
|
----------------------------------------------------------------------------
|
|
| SIDH (7-0) | 01
|
|
----------------------------------------------------------------------------
|
|
LU=Local use | LU | 0 0 0 0 0 0 | MIN | 02
|
|
----------------------------------------------------------------------------
|
|
| 0 0 MIN2 (33-28) | 03
|
|
----------------------------------------------------------------------------
|
|
| MIN2 (27-24) | 0 0 0 0 | 04
|
|
----------------------------------------------------------------------------
|
|
| 0 0 0 0 | MIN1 (23-20) | 05
|
|
----------------------------------------------------------------------------
|
|
| MIN1 (19-12) | 06
|
|
----------------------------------------------------------------------------
|
|
| MIN1 (11-4) | 07
|
|
----------------------------------------------------------------------------
|
|
| MIN1 (3-0) | 0 0 0 0 | 08
|
|
----------------------------------------------------------------------------
|
|
| 0 0 0 0 | SCM (3-0) | 09
|
|
----------------------------------------------------------------------------
|
|
| 0 0 0 0 0 | IPCH (10-8) | 0A
|
|
----------------------------------------------------------------------------
|
|
| ICPH (7-0) | 0B
|
|
----------------------------------------------------------------------------
|
|
| 0 0 0 0 | ACCOLC (3-0) | 0C
|
|
----------------------------------------------------------------------------
|
|
PS=Perf Syst | 0 0 0 0 0 0 0 | PS | 0D
|
|
----------------------------------------------------------------------------
|
|
| 0 0 0 0 | GIM (3-0) | 0E
|
|
----------------------------------------------------------------------------
|
|
| LOCK DIGIT 1 | LOCK DIGIT 2 | 0F
|
|
----------------------------------------------------------------------------
|
|
| LOCK DIGIT 3 LOCK SPARE BITS | 10
|
|
----------------------------------------------------------------------------
|
|
EE=End/End | EE | 0 0 0 0 0 0 | REP | 11
|
|
----------------------------------------------------------------------------
|
|
REP=Reprity | HA | 0 0 0 0 0 0 | HF | 12
|
|
----------------------------------------------------------------------------
|
|
HF=Handsfree | |
|
|
HA=Horn Alt | Spare Locations (13-1D) |
|
|
| contain all 0's | 13
|
|
| | to
|
|
| | 1D
|
|
----------------------------------------------------------------------------
|
|
| NAM CHECKSUM ADJUSTMENT | 1E
|
|
----------------------------------------------------------------------------
|
|
| NAM CHECKSUM | 1F
|
|
----------------------------------------------------------------------------
|
|
|
|
[ END DATA ADDRESSING ]
|
|
|
|
Now that we know soooo much about how the cellular phones work, what else
|
|
could we come up with? Well this is where we talk about number two scam idea
|
|
from up above. Lets say you didn't feel like scamming someone in particular,
|
|
so instead of putting the real phone number and ESN of someone, just put a
|
|
fake one in and make it from a diffferent area code. The cellular services
|
|
don't have a way of checking the validity of outside area code phones. Use
|
|
this to your advantage. The number you put has to be a real exchange, the
|
|
companys DO have this information. Anyway, go have fun ordering some pizza's.
|
|
|
|
|
|
|
|
CARDING SCAMS/PROBLEMS -
|
|
|
|
Well something that most everyone should at least know a little bit about is
|
|
carding. Now, there are plenty of text files out there on the subject of making
|
|
fraudulant credit card orders, so I won't get into that part of it. What I will
|
|
talk about it the way that some of the companies are now checking cards better,
|
|
and faster than ever.
|
|
|
|
Lets say you were thumbing through your new issue of the PC Mag, and there is
|
|
a brand new 17.3 Terrabyte hard drive you really want. Ok, you call up the
|
|
company and you have credit slip in hand and tell them all your info. First
|
|
problem, they won't ship to anything but the card's billing address. Next
|
|
thing you run into, they want to have lots of the card owner's information
|
|
that you don't have. Now if you manage to give that to 'em in a few hours, they
|
|
CALL the call holder's billing number and confirm the order. Plus many other
|
|
little 'tactics and tricks' that you have to deal with. So what is a carder
|
|
to do?
|
|
|
|
First choice, call somewhere else that looks a little easier, but if that is
|
|
not an option this is some things you can do to get around little annoyances.
|
|
|
|
P> Won't ship to non-billing address
|
|
A> Tell them it is a gift or is for your brother or something, this is where
|
|
you get to have a good chance to "Social Engineer"
|
|
|
|
P> Need card owner's address and phone number
|
|
A> Call directory assistance, and hope ther are not unlisted, if they are,
|
|
look around for a text file about info on anyone, and try some of those
|
|
tactics
|
|
|
|
P> They call the card owner later
|
|
A> You can try a few things here, give them the phone number to something that
|
|
never answers, or is always busy. Or really give them the phone number for
|
|
the card owner and call right after you know no one will be home at the card
|
|
owner's place and hope they try to call when no one is home.
|
|
|
|
P> They want the bank that issued the card.
|
|
A> This is usually bull shit, and you can just tell them a bank in your area,
|
|
most of the time they don't have a clue. There is a listing of bank numbers
|
|
around, so look if you really want them.
|
|
|
|
|
|
Few other hints : Don't order overnight, sound older than 10, act like you
|
|
know what the hell you are doing, and always dial up from
|
|
a payphone or PBX, etc.
|
|
|
|
|
|
|
|
QUICK 'N EASY BOMBS PART 2
|
|
|
|
[Bomb installment number 2 Written by Dark Illusion]
|
|
|
|
OK, well here are a few bombs, that are simple to make, and can be fun to
|
|
use on enemies or just for the fuck of it..
|
|
|
|
[The Flaming Smoke Bomb]
|
|
|
|
Take an empty ketchup bottle and wash it out. Now add
|
|
in about 2/3 of saflower oil. Next add about 1/4 (vol)
|
|
of gasoline. Now, with the top to the ketchup bottle,
|
|
make a fuse. I perfer to use those nice ketchup
|
|
|
|
the best fuse holder and all. After you made the fuse,
|
|
screw the cap back onto the bottle. Give the bottle a
|
|
little shake to mix the gas and saflower combo. Then
|
|
light the fuse and throw it. Once the gas catches, and
|
|
burns off, you'll end up with the saflower. Salflower
|
|
wont cause a "flaming" effect, but will smoke like hell.
|
|
|
|
[Car Tire Bomb]
|
|
|
|
Mix some solid nitric iodine with your every day household
|
|
ammonia. Let the mixture sit for at least 24hrs. After that,
|
|
pour off the liquidy top. And what you'll have left is a mud
|
|
like substance. Take that mud substance, and place it on your
|
|
enimies car tires. Make sure that the substance will have a
|
|
time to dry. So do it at night. The next day when when he
|
|
starts his car and rolls a few few. The tires with that
|
|
will blow out. Pretty nice.
|
|
|
|
Another trick to do is, make little golf ball size bricks of
|
|
the mixture. Then once it drys out, throw it off the roof of
|
|
a building or throw it into a crowd of people.
|
|
|
|
'Just be creative and careful, and don't sue me if you lose a hand!'
|
|
|
|
|
|
|
|
HACKING SYSTEM 75/85 PBX'S
|
|
|
|
This is not going to go into any great detail about the workings of a
|
|
system 75/85 as they have some really good on-line help features that
|
|
should allow you to play with most anything. A system 75/85 is a relativly
|
|
popular system to run PBX's off of and most are quite hackable.
|
|
|
|
First step in this process is to find a system 75/85, you can achieve this
|
|
using any number of the prefix scanners availible today, I prefer ToneLoc. A
|
|
system 75/85 is almost always a 1200 BPS connect, and will usually have an
|
|
8N1 setting. Identifiable also if the prompt you recieve is a "Login:" with
|
|
an upper case L. It is at this point you rely on the system default password
|
|
and user names to get you into the system. I am not going to tell you any
|
|
except the following - User name "browse", password "looker". This is usually
|
|
a low level account allowed to look around and not much else. Use this to
|
|
figure things out. I will leave it up to you to get the system default
|
|
passwords, as not many people wish to give them out.
|
|
|
|
After you log in, it will ask for a terminal type, I recommend using the
|
|
4410 terminal, as I like it the best. The following is the terminal emulation
|
|
keys that you must know to operate within the system...
|
|
|
|
(Turn caps lock on at this point to enter in the codes)
|
|
|
|
ESC OP - CANCEL ESC OT - HELP ESC OR - SAVE
|
|
ESC OV - Next page ESC OW - Back page ESC OQ - Refresh
|
|
ESC OS - Clear fields
|
|
|
|
Once you know this, use help when you need it, and look around. I recommend
|
|
looking at the "Change Rem Acc" command for setting/changing/looking at the
|
|
outdial barrier code that you must know to use the PBX to call out. I will
|
|
cover more of the actual system 75/85 operations in a future edition, so until
|
|
then, use this to your advantage.
|
|
|
|
ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ
|
|
|
|
The previous was a TASD production....
|
|
|
|
For the latest TASD articles/textfiles you can call
|
|
|
|
Realm of Warriors [201] 728.0941 NUP:DARKNESS (14.4k)
|
|
Countdown to Extinction [212] 765.1701 (14.4k)
|
|
|
|
If you would like to get in touch with the TASD team, you can call the above
|
|
boards and leave mail to Wilco.
|
|
|
|
ÉÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍ»
|
|
º º
|
|
º If you would like to become a TASD courier/distro/writer please look at º
|
|
º the included TASD.APP file. º
|
|
º º
|
|
ÈÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍͼ
|