167 lines
8.9 KiB
Plaintext
167 lines
8.9 KiB
Plaintext
This is in reply to a thread that was going on a while back, and here is the
|
||
basic meat of the thing:
|
||
|
||
> Silver boxes produce extended DTMF tones, A,B,C,D etc. You can do this
|
||
> with a modem. That why they're safe?
|
||
> Blue boxes don't work any more. And anyways, the phone company switching
|
||
> tone will no longer be 2600 eventually.
|
||
> Red boxes work. At the moment. There are easy, cheap, ways to filter them
|
||
> out. (The tones they produce) Basically, when the telco fix a phone, they
|
||
> add a filter.
|
||
> Yeah, i think it's the cyberden guys, they sell that kind of stuff.
|
||
> Easier and cheaper to make/obtain it yourself though.
|
||
|
||
|
||
Just to add a few random thoughts?:
|
||
|
||
1) Silver Boxes revisited:
|
||
|
||
As the message above points out, the "Silver Box" allows the user to
|
||
generate the extended DTMF keytones, these are also called by some:
|
||
"The Autovon tones", since you all know they were originally developed
|
||
and used on the military Autovon network, allowing Autovon users
|
||
various levels of "precedence" for a given call on that network. They
|
||
were as follows:
|
||
|
||
Flash Overide
|
||
Flash
|
||
Interrupt
|
||
Priority
|
||
|
||
Those of you who are interested, can find any number of old "G-Files"
|
||
written on the use and abuse of Autovon. In my opinion let us suffice
|
||
to say that utilization of the Autovon network was limited by most
|
||
phone Phreaks, since it really didn't allow you to access much of
|
||
anything. Sure you could prioritize yourself all along the trunk
|
||
network and in the process maybe raise a few eyebrows, but not much
|
||
else. I played with it a bit, got bored and moved on to more
|
||
interesting things.
|
||
|
||
We come now to the second (more useful & fun) use of the "silver box",
|
||
which relied on the fact that a particular brand of Automatic Call
|
||
Distributor (ACD), once used quite frequently by AT&T Directory
|
||
Assistance (DA) positions, just happened to utilize the same set of
|
||
keytones (ABCD) to place the ACD into a maintenance mode. Knowledge of
|
||
this allowed us to manipulate said ACD from a remote location (home).
|
||
Once the ACD was placed into its maintenance mode, the phone Phreak
|
||
could, by use of various DTMF key combinations, access many
|
||
interesting features, one in particular was quite useful, this was the
|
||
ACD Loop feature, by pressing a DTMF 7 one would be placed on one side
|
||
of a testing loop incorporated into the ACD itself, Another "Silver
|
||
Boxer" calling the Same DA position, could enter maintenance mode and
|
||
Send a DTMF 6, and be placed on the other side of the same loop. Since
|
||
Pre-divestiture calls to DA positions were for the most part free,
|
||
this enabled silver boxers essentially "free" calls to each other,
|
||
especially since (800) DA would for a long time allow this. Another
|
||
interesting feature was the ability to place ones self in a position
|
||
to Intercept, and thus "Answer" incoming calls to that DA position, It
|
||
essentially let you become a DA operator!, you can imagine the hours
|
||
of fun one could have here. Unfortunately, this method of "Silver
|
||
Boxing" was long ago "corrected" by the various BOCS/RBOCS/etc., and
|
||
the last "Silver Boxable" DA position I knew of was Alaska's (907)
|
||
NPA.
|
||
|
||
|
||
2) Red Boxing:
|
||
|
||
In my opinion, Redboxing should simply be called toll fraud, since
|
||
doing it requires little, or no understanding of the phone system
|
||
whatsoever. I place it on about the same level as using a Sprint, or
|
||
MCI code to make a free call. There are a few ways to go about getting
|
||
yourself a red box, the first and easiest is to make yourself a "Poor
|
||
man's Redbox" ("King Blotto" - was the first I saw use this term),
|
||
which is to simply have someone call you from a fortress fone and
|
||
deposit 5 or 6 quarters whilst you record them, and then playing them
|
||
back when you want to "box" a coin call. The second method involves
|
||
building yourself one either from scratch, or by modifying some other
|
||
piece of hardware, again plans for this abound all over the place.
|
||
Lastly, you can get yourself a fortress fone and disassemble it, and
|
||
grab the "Redbox" built into it. (It's interesting to note that on
|
||
"Northern Telecom" Coinstations (which are by far the best made), the
|
||
"Redbox" is an actual "Mechanical Device", which consists of a tone
|
||
producing circuit, and a mechanical "interrupter wheel" to space the
|
||
tonepair bursts.) This method is generally more trouble than it's
|
||
worth, but it does produce the most reliable source tones. A little
|
||
bit on the "workings" of a Coin call, and why a Redbox works. When one
|
||
places a toll call from a coin station the system buffers the dialed
|
||
digits, and forwards them to ACTS (Automated Coin Toll System). ACTS,
|
||
Using the calling number and the called number, Consults a Toll
|
||
database, computes the amounts of money required to place the call,
|
||
and Prompts the caller to deposit the required amount. ACTS then
|
||
listens for the "Coin Deposit" tones, tallies them until the initial
|
||
deposit amount has been reached, and then releases the buffered digits
|
||
and allows the call to progress as normal. an OSPS/TOPS operator can
|
||
also provide you with the same service, however ACTS was developed to
|
||
relieve the TSPS (predecessor to todays OSPS position) of exactly
|
||
this. This is the reason a Redbox does not "simply" work for a local
|
||
call. ACTS is not required for a local call since all calls within the
|
||
coin stations calling area are a flat 25 cents, there is no reason to
|
||
even utilize ACTS, and the coin station/CO utilize a ground test to
|
||
determine if a coin has been deposited. (ala David Lightman in
|
||
wargames). In effect, on local coin originated calls the system is
|
||
"Not listening" for the coin deposit tones to determine coin entry
|
||
(even though the coin station dutifully produces them). Lastly the
|
||
second party vendor coin stations (called by some: COCOTS), use an
|
||
entirely different (internal) method for handling toll billing, and
|
||
generally a red box would be useless against them.
|
||
|
||
|
||
3) Blue Boxing, 1993:
|
||
|
||
Contrary to popular belief, blue boxing is still possible. Most surely
|
||
it is not the easy game it once was, however the enterprising Phreak
|
||
can still sniff out a few holes in the network that would allow
|
||
him/her to utilize inband (MF) call signalling procedures. The reason
|
||
90% of would be blue boxers are done in, is due a feature of Common
|
||
Channel Interoffice Signalling (CCIS), or "out of band" signaling.
|
||
Briefly; CCIS is a system in which the call routing information is
|
||
sent on a separate "data channel", than the voice (or Audio) portion
|
||
of the call. The pre CCIS or "old" method, had both voice/audio AND
|
||
call routing information being sent on the same pair. Not only does
|
||
CCIS totally ignore any "MF" tones sent down an associated Voice
|
||
circuit, it has the "VICIOUS" habit of muting Forward audio on the
|
||
Voice circuit when it detects a loss of supervision at the destination
|
||
end. (however it allows the distant end to continue to pass audio to
|
||
you, so you can hear the various "call progress" tones, such as busy,
|
||
Intercepts, etc..) This "little" feature is (mainly) what spells
|
||
disaster for todays Blueboxer, and the reason is this: There are
|
||
plenty of non-CCIS exchanges left in the United States, and thus will
|
||
respond nicely to MF signalling, however when you dial directly to one
|
||
of these, you are 99% assured of crossing some portion of the TOLL
|
||
network that is CCIS equipped, and in doing so you are faced with the
|
||
"problem" of the audio muting. I'm sure several of you have met with:
|
||
Placing a call to a rural exchange, blowing the "infamous" 2600hz to
|
||
be rewarded with the reassuring "kerchink!", "oh man, TRUNK! you say
|
||
to yourself", and then, no matter what you send at it, you end up with
|
||
a reorder, damn! - why? As soon as you applied 2600hz, supervision
|
||
at some point "PAST" the CCIS link was lost, CCIS "sees" this, and
|
||
Mutes further audio from your end. So your trunk is sitting there
|
||
nicely awaiting "KP+all kinds 'o fun stuff+ST", but you, unfortunately
|
||
can not get them to it. This by no means is the ONLY problem that
|
||
todays boxers are faced with, just one of the bigger ones. There is
|
||
also the _DEADLY_ "BLUE BOX REPORT", ( of which my old friend "Phantom
|
||
Phreaker", first pointed out to me). This report is generated
|
||
regularly by SCCS, and forwarded to the Corporate Security Center for
|
||
evaluation. This "system" is constantly looking for strange behavior,
|
||
odd tones, strange supervisory conditions, etc.. They WILL catch you
|
||
eventually, in fact "they" are pretty good at catching boxers in
|
||
general.
|
||
|
||
|
||
Things have changed greatly since the days that I, and my friends
|
||
explored the telephone system, and discovered some of its many
|
||
wonders. Security is downright _MEAN_, laws have been written,
|
||
programs are better, etc. I would not trade for anything, the memories
|
||
I have, nor the friends I have made over the years pursuing my
|
||
"hobby". Today though, things are changing so rapidly that I sadly,
|
||
cannot even hope to keep up with it all. To me at least, the telephone
|
||
system will always remain a most interesting beast.
|
||
|
||
April 21, 1993
|
||
|
||
The Marauder
|
||
Legion of Doom!
|
||
|
||
|
||
V<EFBFBD><EFBFBD>R<EFBFBD><EFBFBD>T.813
|