informis/textfiles
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
textfiles/phreak/BOXES/redbox.txt
root@procul 278a90f7ce Initial commit
2021-04-15 13:31:59 -05:00

296 lines
22 KiB
Plaintext
Raw Permalink Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

DTMF Generators, White Boxing, and Red Boxing
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
I've seen before me way too many fabrications of red boxes; the H/P
community enjoys to talk about it a lot, and fantasize about its abilities.
But seldom do I see an accurate example of any box construction. Perhaps
I'm simply in the wrong circle? Nevertheless I did a little research on
the actual structure of an DTMF Generator and on how to convert this into
a red and white Box. 2600 Enterprises did have the BEST red box example to
pass before me, however in Canada legislation differs quite a lot, and
any kit or package that can be hacked is not tolerated; so therefore the
famous Radio-Shack Pocket Dialer is not available here, and I would say
many other places, such as Europe or Australia, where Radio Shack is not
as widely established as in the USA. Our Radio Shacks are no bigger than a
local corner candy store, and the only useful products they sell are
calculators. Pathetic is the scene I run into everywhere I go in lovely
Canada. So since the Radio-Shack Pocket Dialer WITH MEMORY is not available
I guess we must build the actual device from scratch. It's fairly simple,
and I've already succeeded in building the DTMF Generator. It's very
easy -- it consists of one IC, a crystal to control the oscillator (in
the IC) and a key-pad.
The construction of the DTMF Tone Generator is perhaps the hardest part of
this project, and yet that is quite fairly simple. Anyhow this project does
require you to know the basics of kit building, and hopefully you know how
to use a soldering iron, as you will need to solder the IC and Crystal onto
a simple board. Now the DTMF tones are generated internally inside the IC,
but the timing depends on an external crystal oscillator. And the only
external component we have is the 3.579545 MHz crystal: right here we have
a "white box," as a white box is suppose to generate the DTMF "Touch-Tone"
tones. Now if we replaced the 3.579545 MHz crystal with an 6.5536 MHz one,
our "*" key on the key-pad will actually be DARN close to 3900 Hertz, the
EXACT frequency that a coin stimulates when being entered inside the pay-
phone. So in reality instead of putting $0.25 you can put theses tones on
the mouth piece and fool the Bell System.
Brief Operation
~~~~~~~~~~~~~~~
When entering a $0.25 into a payphone the only way the phone company knows
that you entered money by a tone which consists of a 700 Hz + 2200 Hz
(3900 Hz) being flushed into the line. For quarter you will need 3900 Hz
for 35ms in length and a pause for 35ms and then 3900hz for 35ms then a
pause...etc. This must be produced exactly FIVE times, so you should have
five tones of 3900hz of 35ms with pauses of 35ms between each.
Our DTMF generator contains a ten-number memory. When we save a number into
the DTMF memory and replay it, the redial timing will play the tone for
72.3ms and pause for 72.3ms before going to the next tone and playing that
for 72.3ms! Now the tones will be played at this speed ONLY with the
3.579545 MHz crystal, as the crystal controls ALL LOGIC and TONE GENERATING
TIMING! So when this is replaced with a 6.5535 Mhz crystal it naturally
will be alot faster and the timing will be faster. As a matter of fact the
timing is NOW 34.3ms! So anything redialled by the DTMF generator will come
out at 34.3ms and a pause for 34.3ms. Our "*" key will also sound very
close to the 700 + 2200 Hz, and therefore saving "*" 5 times in a memory
and redialling it will result into sounding like a $0.25, all one has to do
is put red box to the payphone mouth piece and the phone system will think
you entered a valid $0.25.
_____________________
/ General Description \____________________________________________________
Features
~~~~~~~~
<20> 2.5V-12V operation when generating tones, which is A LOT
less voltage needed, compared to several white boxes I've
seen which ask for 16V-24V.
<20> Stores and auto-dials ten 16-digit numbers.
<20> Last number redial.
<20> Scratchpad, meaning number storage without dialling.
<20> 14 Keys, separate storage and redial buttons.
<20> 2-digit overwrite for PBX access codes.
<20> Low harmonic distortion.
<20> Single-contact or negative-common (2-of-8) key-pad inputs.
Well, before we begin I must say that replacing the 3.57545 Mhz crystal
with an 6.5536 will give us the 3900 Hertz tone ONLY by the "*" key. With
this information the same is true for any key, on the keypad! In fact my
calculations proved that in order to get an EXACT 3900 Hertz by the "*"
key we would need a crystal of about 6.4857 Mhz. However chances of
production of an 6.4857 Mhz crystal is asking for a little too much, so
naturally we settle for the closest one possible to it; besides analog
signals are quite difficult to simulate exactly, compared to digital,
which is always exact!
This IC is from "National Semiconductor Corporation" model number TP5660.
Perhaps even the exact IC in the Radio-Shack Pocket Dialer with Memory,
as the one without memory uses the TP5650 which is this exact IC but
without memory! The Operating temperature is -30<33>C to +60<36>C. This IC
looks like so:
1<><31><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ŀ16
Vdd<64>Ĵ <20><><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD>TONE OUT
2<> National <20>15
Vm<56>Ĵ Semiconductor <20><><EFBFBD><EFBFBD>Row 5
3<> (Linear <20>14
Col 1<>Ĵ Databook) <20><><EFBFBD><EFBFBD>Row 1
4<> <20>13
Col 2<>Ĵ <20><><EFBFBD><EFBFBD>Row 2
5<> TP5660 <20>12
Col 3<>Ĵ <20><><EFBFBD><EFBFBD>Row 3
6<> <20>11
Vss<73>Ĵ <20><><EFBFBD><EFBFBD>Row 4
7<> <20>10
<20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>OSC<53>IN<49>Ĵ <20><><EFBFBD><EFBFBD>MUTE OUT
<EFBFBD><EFBFBD><EFBFBD> 3.579545 Mhz Crystal 8<> <20>9
<EFBFBD><EFBFBD><EFBFBD> Control OSC. <20>OSC<53>OUT<55>Ĵ <20><><EFBFBD><EFBFBD>Col 4
<20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>

Replace above with the below to have both Red & White Boxes in one.
<20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
<20><><EFBFBD> <20><><EFBFBD>  3.579545 Mhz
<20><><EFBFBD> <20><><EFBFBD>
<20> <20> <20>  If you put a two-way switch you can switch from crystal,
 <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> to crystal, and you'll have a red and white (combo) box!
Your new crystal should be 6.5536 for "*" Key
Pin Description
~~~~~~~~~~~~~~~
Vdd (Pin 1): The positive supply to the device, referenced to
Vss. A power-on reset circuit ensures correct operation
following initial power-up.
Vm (Pin 2): The negative terminal of the back-up battery for on-hook
memory retention. A low-voltage detect circuit prevents
missoperation of the circuit in the event of a reduction in
the on-hook supply voltage below that required to retain
stored data.
COLUMN & ROW Scans (Pins 3, 4, 5, 9, 11, 12, 13, 14, 15): When no key is
closed, pull-up resistors are active on COLUMN inputs and
pull-down resistors are active on ROW inputs. Therefore
after a key is pressed the ROW pull-down resistors cause a
negative-true on COLUMN inputs (for standard telephone
key-pads negative-common).
Vss (pin 6): The negative supply to the device in the off-hook
state.
OSC IN, OSC OUT (pin 7, 8): All logic and tone generator timing is
derived from the on-chip oscillator circuit.
MUTE OUT (pin 10) This is a CMOS output which sinks current to
Vss when no tones are being generated and sources current
from Vdd when tones are being generated.
TONE OUT (pin 16): This output is the open emitter of an NPN
transistor. The other pin (collector) is connected with the
Vdd.
Well, this is the exact pin description according to the abilities and
limitations of this IC. Now this Integrated Circuit (IC) was designed to
be powered by the telephone line and a battery to keep the memory intact.
Well, due to the fact that we are powering this circuit by battery you can
feed both Vm and Vss to the same negative supply, the battery, of course.
Now the MUTE OUT pin is perhaps also bothering you; well, this circuit was
designed to drive a simple interface circuit to mute the receiver when any
key is depressed. Again this is NOT needed as you will be connecting your
DTMF generator to a small speaker rather than putting it directly into the
line, as this circuit was designed for that, so all that MUTE does is when
you start depressing keys it mutes of the receiver so that it will not
interfere with other incoming sounds misstated as DTMF tones. However you
can avoid adding a speaker by un-screwing the mouth piece and feed the
TONE-OUT and Vdd supply directly into the conventional payphones, however
this may attract unwanted glances, so you'll be better off with a
speaker.
The next part is about the key-pad, perhaps complex if you plan to design
your own. Frankly, I found that time consuming; you can buy key-pads in
several electronics stores, as Radio Shack, but I did find it in a local
electronics store. Then again, if you have an old phone I guess you can
take it from there. Now I must warn you there are TWO types of key-pads
that are widely used, and both will work on this circuit, but you need
to know which one you have in order to make corrections.
The key-pad found in most telephones are what we call STANDARD KEYPADs.
This has to do on the way the switch is connected inside.
<20> Simply, when a key is depressed, it closes the
<20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Row switch but also comes in contact with the
<20>ٳ negative power supply. Thus we call this method
<20>Ĵ <20> NEGATIVE-COMMON or/and standard key-pad.
Vss<73>Ĵ
Col
<20> As you can see, this method consists of the row
<20><>Ŀ and column coming to contact (a closing of a
<20>  switch). This type of keypad we call
<20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Row SINGLE-CONTACT key-pad.
<20>
Col
If you plan to build your key-pad certainly the single key-pad is the way
to go, it's a lot simpler. So if your using a standard key-pad remember to
connect the negative supply to the key-pad! All that's left now is to
connect the key-pad to the circuit, very easy and fast; you just connect
Col 1 to Col 1, Row 1 to Row 1, etc... You may notice that this is a
military-style key-pad, as it includes the A, B, C, D keys which you don't
find in your everyday phone key-pads. You really don't need them, so if
you don't have them don't alarm yourself, just don't connect them!
However you will need TWO extra keys, one for STORE command and the other
for the REDIAL, so either add an extra key or switch or whatever you wish
and connect it, like so.
<20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Col 1
<20> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Col 2
<20> <20> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Col 3
<20> <20> <20> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Col 4
<20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ŀ
<20> 1 <20> 2 <20> 3 <20> A <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Row 1
<20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ĵ
<20> 4 <20> 5 <20> 6 <20> B <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Row 2
<20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ĵ
<20> 7 <20> 8 <20> 9 <20> C <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Row 3
<20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ĵ
<20> * <20> 0 <20> # <20> D <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Row 4
<20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ĵ
<20>Store<72> <20>Redial<61> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Row 5
<20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
Ahh, congrads, your DTMF Generator is now completed! If you were like
myself and added an extra switch to go from white box to red box mode,
GREAT! The only difference is that a white box needs the 3.57545 Mhz
crystal and the red box needs the corresponding crystal, so simply put a
switch and move from mode to mode. Now for the red box to work we need five
3900 hertz at 33 milliseconds apart and 33 milliseconds long, so you'll
need to save your key five times in memory and then simply put the box to
the mouthpiece end of the payphone and press the memory key, you have just
enter $0.25 into the payphone.
NOTE: I only have this working with the 6.5536 Mhz crystal. I cannot say
that the timing interval will be exact with the other crystals; chances
are that taking a crystal of 7.XXXXXX or 5.XXXXXX Mhz is simply too far
from the 700 + 2200 hertz tone. Try to get the closest value to 6.50 Mhz.
I didn't include the way to save the red box tone into the memory,
as you get a nice little paper when you buy the IC, but in case you don't
you first power up the unit, press "*" (or your valid red box tone key)
five times and then you press STORE and a number in which to store it in.
And to dial the stored key, press REDIAL and the number in which you
stored the red box tone! Remember the NEW crystal should be installed at
ALL times to generate the RED BOX tone! If you save the tone with your
6.XXXX Mhz intact and redial it with the 3.57545 Mhz it will not work!
Lastly, I recommend an "A-Cut Crystal (NTSC TV color-burst)" for both the
3.57545 and your red box crystal. Try local components stores. You should
find the crystal, or else look around, ask around; I did leave you with a
few references near here where I got most of my stuff so you can try them
out if you can't find them on your own.
REFERENCE
Addison Ltd/Ltee
8018 20th Avenue
Montreal, Canada, H1Z-3S7
tel: 1-514-376-1740
Active Electronic Components
6080 Metropolitan East
Montreal, Canada, H1S-1A9
tel: 1-514-256-7538
1-800-363-7601 (Outside Quebec)
Hamilton Avnet International Canada
2570 Sabourin St., St-Laurent
Montreal, Canada, H4S-1M2
tel: 1-514-331-6443
1-800-361-7129 (Outside Quebec)
National Semiconductors Corporation
2900 Semiconductuctor Drive
Santa Clara, California 95051, USA
ALSO: Try out Motorola and RCA dealers. They carry lots of
crystals that go into TV decoders/scramblers, so there's a
very good chance they should have it.
The crystals don't cost more than $1.00, kaypads can be bought for $0.75,
PCBoard under $1.00, the IC goes for $2.00. The project should cost under
$5 if you can find the supplies in local stores -- if I did in lonely
Canada then you should have no trouble! If they don't have it, ask them to
order it, if they ask "why?" tell them it's for a TV component, as TVs and
related works like decoders and scramblers use NTSC TV color-burst
crystals!
NOTE: For the next InfoJournal I should have a DTMF Generator for "Caller
IDs" (yep, you can send your own DTMF Caller ID tones), and how the
number/name is received. So call up your local BBS with Caller ID and make
it display 666-6666 and logon as your favourite Death-Angel character name.
Those interested in the actual project can contact myself anytime soon, of
course you have must have a grasp of electronics!
Reference in New Issue View Git Blame Copy Permalink