117 lines
5.6 KiB
Plaintext
117 lines
5.6 KiB
Plaintext
ÚÄÁÄ¿ ÚÁ¿ ÚÄ¿ ÚÄ¿ ÚÄ¿ Ú¿ ô ô 1-FEB--89
|
|
Ú¿ ÉÍÏÍÍÍÏÍÏÍÏÍÏÍÏÍÏÍÏÍÏÍÏÍÏÍ»ÀÂÙ
|
|
³ÃÄÄĶ THE DNA BOX ÇÄÙ
|
|
ô³³ Ú¶ Hacking Cellular Phones ÇÄÄÄÄ¿
|
|
ÀÁ´ õÈÑÍÑÍÑÍÑÍÑÍÑÍÑÍÑÍÑÍÑÍÑÍÑÍѼ ÚÁ¿
|
|
õ ' ` ' ` ' ` ' ` ' ` ' ` ø ÀÄÙ
|
|
 P A R T T H R E E ô
|
|
ÀÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÙ
|
|
Previous DNA files discussed the possibility of using Japanese handheld
|
|
HAM radios and personal computers, or tape recorders to hack Cellular Phone
|
|
codes, and possible uses for investment & business info obtained by
|
|
hacking executive and corporate phone calls, and investment info services,
|
|
as well as approaches to modifying the Cellular Phones themselves for use as
|
|
hacking tools and pirate communication devices.
|
|
|
|
Here using and modifying UHF-band radio scanners to hack and monitor
|
|
Cellular and Mobile telephone systems will be dealt with.
|
|
|
|
Radio Shack, Uniden, and several other manufacturers make scanners
|
|
for use by amateur radio hobbyists. Most of these will intercept mobile
|
|
radiotelephone calls without modification by tuning in frequencies in the
|
|
156 MHz and 475 MHz regions. Most of these scanners have line-level
|
|
audio outputs that can feed a tape recorder or demodulator/tone decoder
|
|
chip which can then interface directly to a computer for analyzing codes.
|
|
Mobile phones use a tone-pulse dialing protocol that should be simple to decode
|
|
and emulate using standard handheld ham radio gear. You can almost count
|
|
the dialing beeps without any special equipment. Phone channels are easy to
|
|
find: they usually broadcast a standard busy signal or an idle tone
|
|
(a fixed audio sine wave) when waiting for the next call. You will also hear
|
|
conversations, ringing, and mobile phone operators on these channels.
|
|
|
|
Here's a partial list of frequencies used by mobile phones:
|
|
(frequencies in MHz)
|
|
|
|
152.51 154.57 152.66 152.69 152.72 152.78 154.54
|
|
475.45 475.475 475.55 475.6 475.8 475.825 475.85 475.9 476.05
|
|
|
|
As you can see, many of the frequencies are spaced 30KHz or 25KHz apart,
|
|
so there are probably more channels in the gaps at those intervals.
|
|
|
|
These frequencies were gathered in a few minutes of casual listening using
|
|
an unmodified Radio Shack Pro-2021 scanner in search mode.
|
|
|
|
SCANNING CELLULAR FREQUENCIES:
|
|
|
|
Hobby scanners capable of monitoring Cellular Phones are prohibited in the US.
|
|
To save money on the production line, many international scanner manufacturers
|
|
make only one kind of scanning chip which they use in both US and foreign
|
|
models. These chips are capable of scanning in the 800MHz range but this
|
|
feature is diabled by grounding certain pins in the US models.
|
|
Often restoring Cellular scanning functions is merely a matter of cutting
|
|
a circuit trace or removing a single diode from a scanner's printed circuit
|
|
board.
|
|
|
|
For instance, removing diode 513 from a Radio Shack Pro-2004 Scanner will
|
|
enable the 870MHz Cellular range. Installing diode 510 will increase the
|
|
number of scanning channels from 300 to 400. Installing diode 514 will
|
|
increase the scanning rate from 16 to 20 channels per second.
|
|
These are located on the printed circuit board labeled PC-3.
|
|
|
|
The Uniden Bearcat 200/205XLT can be modified for Cellular scanning
|
|
by cutting or removing the 10K-ohm resisitor located on the printed circuit
|
|
above the letters "DEN" on the microprocessor chip labeled "UNIDEN UC-1147".
|
|
|
|
The Regency Electronics MX7000 Scanner reportedly scans Cellular Phones
|
|
without modification.
|
|
|
|
An additional scanner rumored to be modifiable is the Realistic Pro-32.
|
|
|
|
Another source of useful radio gear are "Export Only" manufacturers.
|
|
One of these is currently rumored to be offering a handheld cellular phone
|
|
that does it's own routing and has an operating radius of 160 kilometers!
|
|
|
|
CELLULAR PHONE FREQUENCIES:
|
|
Here are the frequency range assignments for Cellular Telephones:
|
|
|
|
Repeater Input (Phone transmissions) 825.03 - 844.98 Megahertz
|
|
Repeater Output (Tower transmissions) 870.03 - 889.98 Megahertz
|
|
|
|
There are 666 Channels. Phones transmit 45 MHz below the corresponding
|
|
Tower channel. The channels are spaced every 30 KHz.
|
|
|
|
CORDLESS PHONE FREQUENCIES:
|
|
It's also possible to hack the popular cordless phones. These use the 49MHz
|
|
band used by baby monitors and toy FM walkie talkies. Scanners can be used
|
|
to monitor these without modification, and FM handheld transceivers will
|
|
allow 2-way hacking of these frequencies, which some may find amusing.
|
|
|
|
Channel Handset Transmit Base Transmit
|
|
------- ---------------- -------------
|
|
1 49.67 46.61 (frequencies in Megahertz)
|
|
2 49.845 46.63
|
|
3 49.86 46.67
|
|
4 49.77 46.71
|
|
5 49.875 46.73
|
|
6 49.83 46.77
|
|
7 49.89 46.83
|
|
8 49.93 46.87
|
|
9 49.99 46.93
|
|
10 49.97 46.97
|
|
|
|
Business Update:
|
|
As of January 1989 there are legal maneuvers going on to lift the
|
|
ban on portable phones by traders at the NY Stock Exchange.
|
|
|
|
ÚÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ¿
|
|
³ The DNA BOX - Striking at the Nucleus of Corporate Communications. ³
|
|
õ A current project of... Á
|
|
|
|
Outlaw
|
|
Telecommandos
|
|
º³Ý³³Þº³Ýݳ³Þ³Ý³º
|
|
º³Ý³³Þº³Ýݳ³Þ³Ý³º
|
|
º01-213-376-0111º
|
|
|
|
Downloaded From P-80 International Information Systems 304-744-2253
|