1423 lines
56 KiB
Plaintext
1423 lines
56 KiB
Plaintext
|
|
³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³
|
|
ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ
|
|
|
|
ÚÄÄ°±²ÛÛÛ²±°Ä°±²ÛÛÛÛÜÄÛ²±°Ä°±²ÛÛÛÛÛ²±°Ä°±²ÛÛÛÛÛÛÛ²±°Ä°±²ÛÛÛ²±°ÄÄ¿
|
|
ÚÄÄ°±²ÛÛÛ²±°Ä°±²ÛÛÄÛÛÛÄÛÛ²±°Ä°±²ÛÛÛ²±°Ä°±²ÛÛÛßÄßÛÛÛ²±°Ä°±²ÛÛÛ²±°ÄÄ¿
|
|
ÄÄÄ°±²ÛÛÛ²±°Ä°±²ÛÛÛÄÛÛÛÄÛÛÛ²±°Ä°±²Û²±°Ä°±²ÛÛÛÄÄÄÄÄÄÄÄÄÄÄÄ°±²ÛÛÛ²±°ÄÄÄ
|
|
ÀÄÄ°±²ÛÛÛ²±°Ä°±²ÛÛÄÛÛÛÄÛÛ²±°Ä°±²ÛÛÛ²±°Ä°±²ÛÛÛÜÄÜÛÛÛ²±°Ä°±²ÛÛÛ²±°ÄÄÙ
|
|
ÀÄÄ°±²ÛÛÛ²±°Ä°±²ÛÄßÛÛÛÛ²±°Ä°±²ÛÛÛÛÛ²±°Ä°±²ÛÛÛÛÛÛÛ²±°Ä°±²ÛÛÛ²±°ÄÄÙ
|
|
|
|
³ "Optik surfer is not a hero!" ³
|
|
ÀÅÙ NeuroCactus Bulletin Number Six ÀÅÙ
|
|
- BLaDe - FRaCTaL iNSaNiTY - RiPMaX - DaTa KiNG -
|
|
|
|
³ ³ ³ N ³ E ³ U ³ R ³ O ³ ³ ³ C ³ A ³ C ³ T ³ U ³ S ³ ³ ³
|
|
ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ
|
|
|
|
[6.1] - Contents and Disclaimer
|
|
ÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍ
|
|
[6.1] - Contents and Disclaimer ................... Fractal Insanity
|
|
[6.2] - Neurocactus News ................. Fractal Insanity & Ripmax
|
|
[6.3] - VoiceMail, The Final Frontier .... Fractal Insanity & Ripmax
|
|
[6.4] - Crimes Act 1914: Electronic Crimes ........ Fractal Insanity
|
|
[6.5] - Scanning PBX's ................................... Anonymous
|
|
[6.6] - Perth Payphone Update ............................... Ripmax
|
|
[6.7] - Canning for Dollars ............................. Bad Sector
|
|
[6.8] - The Crunch Man ................................... Data King
|
|
[6.9] - Cellular Reprogramming ........................... Data King
|
|
[6.10] - Greets and Contacting us .................. Neurocactus Team
|
|
|
|
|
|
Disclaimer: The content of this magazine (NC-006) isfor informational
|
|
purposes only and the articles described below cannot be condoned by
|
|
NeuroCactus and NeuroCactus does not partake in any of the succeeding
|
|
activities. The authors accept no responsibility for loss of friends,
|
|
loss of freedom or loss of life due to the illegal use of the
|
|
activities described beyond. We do NOT do ANYTHING ILLEGAL!!! If you
|
|
think you have malicious intentions towards the law or any other
|
|
establishment, please do not read this file.
|
|
|
|
This magazine in its electronic form can not be sold without prior
|
|
permission from the authors. It also may not be spread via any sort
|
|
of Public Domain, Shareware or CD-ROM package.
|
|
|
|
|
|
³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³
|
|
ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ
|
|
|
|
- [6.2] - NeuroCactus News - [6.2] -
|
|
- Written by Fractal Insanity and Ripmax -
|
|
|
|
³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³
|
|
ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ
|
|
|
|
Well where do we start? Welcome to Issue 6. Since the last issue alot
|
|
of stuff has been happening.
|
|
|
|
Busts! Well it seems to be a growing trend! Perth has had its share
|
|
recently all to do with VMB hacking though (LAME!) and also a few
|
|
guys for Kiddie Porn (LAME!).
|
|
|
|
Also we have seen what one Hacker with a Big Ego can do to the
|
|
internet community with the recent AUSNET hack by OPTIC SURFER.There
|
|
has been several people accused of being this weird person whos
|
|
handles wont be mentioned for obvious reasons.
|
|
|
|
In the other states, there are busts of a very high magnitude. Proff
|
|
and Traxx currently in legal proceedings for hacking and phreaking in
|
|
the 80's and now being accused of hacking the AFP and leaving a
|
|
rather vile message telling the fedz to "Get off our backs". This
|
|
rumor has not been substantiated as Proff, wisely I might add, does
|
|
not want to comment over the net or phone... By hearsay, Proff is
|
|
looking at oZ's largest sentence yet with regards to computer crimes.
|
|
|
|
For all you people who are VERY behind the times, Captain Crunch was
|
|
in oZ and has visited all the states. By the way, later in this issue
|
|
we have some humours information about his tour. <g>
|
|
|
|
Also with all the official specs on cable / microwave tv being
|
|
released, expect all the info we can get within the next episode or
|
|
two. Hopefully with some work NC can discover how to scam oZ cable
|
|
cheaply and effectively.
|
|
|
|
Unofficially, DS][ has a data tap on the line and this information
|
|
is based solely on rumor and some security incidents which have
|
|
occurred. As a precaution, use PGP on vital messages unless you want
|
|
to send the fedz on a wild goose chase (heheheheheh).
|
|
|
|
Scene wise, Perth has been in a slump with very little activity BBS
|
|
wise or action-wise. It appears that Perth is in a recession in
|
|
regards to knowledge... We haven't seen any new up-comers that show
|
|
that 'knack' to become a successful AFP hurter.
|
|
|
|
There also has been a change to the Neurocactus membership.
|
|
Data King has joined the ranks after a debut with some interesting
|
|
articles, and a humourous stint... Also Grudge has resigned his
|
|
commission along with Dataphobia.
|
|
|
|
So read on and enjoy this issue. Remember, information is power.
|
|
|
|
|
|
³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³
|
|
ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ
|
|
|
|
- [6.3] - VoiceMail... the Next Generation - [6.3] -
|
|
- Written by Fractal Insanity and Ripmax -
|
|
|
|
³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³
|
|
ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ
|
|
|
|
Commanders log, stardate 1800022999.4237.We are currently en-route to
|
|
a secret meeting between Admiral T. Pick and Captain Ripmax. I am
|
|
trying to organise the ship while we are still cruising the BHP steel
|
|
hotline system,to try to hack some of the remaining boxes left behind
|
|
after the destruction of the starship HARDCORE DESIGN. Consequently,
|
|
we found the ships captain, Unique-oNE in a jettisoned escape pod and
|
|
have put him to work fixing the chicken soup dispenser.
|
|
|
|
ABOARD THE R2
|
|
|
|
"Thanks for saving me guys, a few minutes longer and they would have
|
|
got me", cried the Unique-one.
|
|
|
|
"Who would have 'got' you Unique-one?", asked Commander FRaC.
|
|
|
|
"I think his name was Captain Buttner aboard the fed class starship
|
|
the UNDERCOVER!", squealed Unique-one.
|
|
|
|
<Red alert onboard the R2, various sirens are blaring>
|
|
|
|
"Captain, we have numerous fed class starships approaching from all
|
|
directions!", shouted Ensign Grudge frantically.
|
|
|
|
<The R2 is hit by several CLI attacks lowering shields long enoughfor
|
|
a small security party to board>
|
|
|
|
"Captain, alert intruders have beamed onboard", yelled Commander FRaC
|
|
|
|
<At that moment three officers in suits burst through from the
|
|
turbolift shooting phasers>
|
|
|
|
"Fire at will, crew", screamed Captain Ripmax
|
|
|
|
<After a short phaser fight the enemy officers lay dead on the floor,
|
|
unfortunately so to did Ensign Grudge>
|
|
|
|
"Warp factor 9, Officer Blade. Get us out of here and cover our
|
|
tracks", ordered Captain Ripmax.
|
|
|
|
ABOARD THE FLAGSHIP 2600
|
|
|
|
<Welcome all to the crowning of a new admiral inthe United Federation
|
|
of Neurocactii>
|
|
|
|
"Captain Ripmax please step forward onto the stage", called Fleet
|
|
Admiral Theodore Pick.
|
|
|
|
<Captain Ripmax steps forward and looks rather worried, probably
|
|
thinking he is being reprimanded>
|
|
|
|
"Ripmax, we recognise that you have been a long time scene member and
|
|
have brought many young officers into the ranks of the UFNC. And we
|
|
also realise that you have served NC and the whole HPA universe with
|
|
your BBS, through thick and thin.", said a very enthusiastic Admiral
|
|
Pick.
|
|
|
|
"Well i dont really know what to say! Ummm do I get a pay rise or
|
|
something?", questioned Captain Ripmax.
|
|
|
|
"Yes, i think you do Captain... On behalf of Neurocactus oZ, you are
|
|
hereby promoted to the rank of Admiral to accept all priviliges and
|
|
responsibilities from hereafter", said Admiral Pick.
|
|
|
|
"You are now in command charge of the R2 and the LSD. Your first
|
|
officer aboard the R2 who is not present will receive promotion to
|
|
captain upon your return to the vessel", exclaimed Admiral Pick.
|
|
|
|
"But sir, what is the LSD?", asked a confused Ripmax.
|
|
|
|
"The LSD is a new ship to be commissioned for the next generation of
|
|
scene members, the crew is being assembled as we speak, it is your
|
|
job to pick a fine crew that will be able to take on the Missing Link
|
|
with its new technology like SxS, Crossbar and ARE", mentioned
|
|
Admiral Pick.
|
|
|
|
"I would like you all to have a minutes silence for the brave Ensign
|
|
Grudge, who died fighting against the enemys of UFNC"
|
|
|
|
|
|
³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³
|
|
ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ
|
|
|
|
- [6.4] - Crimes Act 1914: Electronic Crimes - [6.4] -
|
|
- Written by Fractal Insanity -
|
|
|
|
³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³
|
|
ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ
|
|
|
|
CRIMES ACT 1914 - Part VIA
|
|
|
|
SECTION 76A
|
|
|
|
(1) In this Part, unless the contrary intention appears:
|
|
|
|
"carrier" means:
|
|
|
|
(a) a general carrier within the meaning of the
|
|
Telecommunications Act 1994; or
|
|
|
|
(b) a mobile carrier within the meaning of that Act; or
|
|
|
|
(c) a person who supplies eligible services within
|
|
the meaning of that Act under a class licence
|
|
issued under section 209 of that Act;
|
|
|
|
"Commonwealth" includes a public authority under the Commonwealth;
|
|
|
|
"Commonwealth computer" means a computer, a computer, a
|
|
computer system or a part of a computer system, owned,
|
|
leased or operated by the Commonwealth;
|
|
|
|
"data" includes information, a computer program or part of
|
|
a computer program.
|
|
|
|
(2) In this Part:
|
|
|
|
(a) a reference to data stored in a computer includes a
|
|
reference to data entered or copied into a computer; and
|
|
|
|
(b) a reference to data stored on behalf of the
|
|
Commonwealth in the computer includes a reference to:
|
|
|
|
(i) data stored in the computer at the direction or
|
|
request of the Commonwealth; and
|
|
|
|
(ii) data supplied by the Commonwealth that is stored
|
|
in the computer under, or in the course of
|
|
performing, a contract with the Commonwealth.
|
|
|
|
|
|
SECTION 76B
|
|
|
|
(1) A person who intentionally and without authority obtains access to:
|
|
|
|
(a) data stored in a Commonwealth computer; or
|
|
|
|
(b) data stored on behalf of the Commonwealth in a
|
|
computer that is not a Commonwealth computer;
|
|
|
|
is guilty of an offence.
|
|
|
|
Penalty: Imprisonment for 6 months
|
|
|
|
(2) A person who:
|
|
|
|
(a) with intent to defraud any person and without
|
|
authority obtains access to data stored in a
|
|
Commonwealth computer, or to data stored on behalf of
|
|
the Commonwealth in a computer that is not a
|
|
Commonwealth computer; or
|
|
|
|
(b) intentionally and without authority obtains access to
|
|
data stored in a Commonwealth computer, or to data
|
|
stored on behalf of the Commonwealth in a computer
|
|
that is not a Commonwealth computer, being data that
|
|
the person knows or ought reasonably to know relates to:
|
|
|
|
(i) the security, defence or international
|
|
relations of Australia;
|
|
|
|
(ii) the existence or identity of a confidential
|
|
source of information relating to the
|
|
enforcement of a criminal law of the
|
|
Commonwealth or of a State or Territory;
|
|
|
|
(iii) the enforcement of a law of the Commonwealth
|
|
or of a State or Territory;
|
|
|
|
(iv) the protection of public safety;
|
|
|
|
(v) the personal affairs of any person;
|
|
|
|
(vi) trade Secrets;
|
|
|
|
(vii) records of a financial institution; or
|
|
|
|
(viii) commercial Information the disclosure of
|
|
which could cause advantage or disadvantage to any person.
|
|
|
|
is guilty of an offence
|
|
|
|
Penalty: Imprisonment for 2 years
|
|
|
|
(3) A person who:
|
|
|
|
(a) has intentionally and without authority obtained
|
|
access to data stored in a Commonwealth computer, or
|
|
to data stored on behalf of the Commonwealth in a
|
|
computer that is not a Commonwealth computer;
|
|
|
|
(b) after examining part of that data, knows or ought
|
|
reasonably to know that the part of the data which the
|
|
person examined relates wholly or partly to any of the
|
|
matters referred to in paragraph (2) (b); and
|
|
|
|
(c) continues to examine that data;
|
|
|
|
is guilty of an offence.
|
|
|
|
Penalty for a contravention of this subsection:
|
|
Imprisonment for 2 years
|
|
|
|
|
|
SECTION 76C
|
|
|
|
A person who intentionally and without authority or lawful excuse:
|
|
|
|
(a) destroys, erases or alters data stored in, or inserts
|
|
data into a Commonwealth computer;
|
|
|
|
(b) interferes with, or interrupts or obstructs the lawful
|
|
use of, a Commonwealth computer;
|
|
|
|
(c) destroys, erases, alters or adds data stored on behalf
|
|
of the Commonwealth in a computer that is not a
|
|
Commonwealth computer; or
|
|
|
|
(d) impedes or prevents access to, or impairs the
|
|
usefulness or effectiveness of, data stored in a
|
|
Commonwealth computer or data stored on behalf of the
|
|
Commonwealth in a computer that is not a Commonwealth computer;
|
|
|
|
is guilty of an offence.
|
|
|
|
Penalty: Imprisonment for 10 years
|
|
|
|
|
|
SECTION 76D
|
|
|
|
(1) A person who, by means of a facility operated or provided
|
|
by the Commonwealth or by a carrier, intentionally and
|
|
without authority obtains access to data stored in a
|
|
computer, is guilty of an offence.
|
|
|
|
Penalty: Imprisonment for 6 months
|
|
|
|
(2) A person who:
|
|
|
|
(a) by means of a facility operated or provided by the
|
|
Commonwealth or by a carrier, with intent to defraud
|
|
any person and without authority obtains access to
|
|
data stored in a computer; or
|
|
|
|
(b) by means of such a facility, intentionally and without
|
|
authority obtains access to data stored in a computer,
|
|
being data that the person knows or ought reasonably
|
|
to know relates to:
|
|
|
|
(i) the security, defence or international
|
|
relations of Australia;
|
|
|
|
(ii) the existence or identity of a confidential
|
|
source of information relating to the
|
|
enforcement of a criminal law of the
|
|
Commonwealth or of a State or Territory;
|
|
|
|
(iii) the enforcement of a law of the Commonwealth
|
|
or of a State or Territory;
|
|
|
|
(iv) the protection of public safety;
|
|
|
|
(v) the personal affairs of any person;
|
|
|
|
(vi) trade Secrets;
|
|
|
|
(vii) records of a financial institution; or
|
|
|
|
(viii) commercial Information the disclosure of
|
|
which could cause advantage or disadvantage to any person.
|
|
|
|
is guilty of an offence
|
|
|
|
Penalty: Imprisonment for 2 years
|
|
|
|
(3) A person who:
|
|
|
|
(a) by means of a facility operated or provided by the
|
|
Commonwealth or by a carrier, has intentionally and
|
|
without authority obtained access to data stored in a
|
|
computer;
|
|
|
|
(b) after examining part of that data, knows or ought
|
|
reasonably to know that the part of the data which the
|
|
person examined relates wholly or partly to any of the
|
|
matters referred to in paragraph (2) (b); and
|
|
|
|
(c) continues to examine that data;
|
|
|
|
is guilty of an offence.
|
|
|
|
Penalty for a contravention of this subsection:
|
|
Imprisonment for 2 years
|
|
|
|
|
|
SECTION 76E
|
|
|
|
A person who, by means of a facility operated or provided
|
|
by the Commonwealth or by a carrier, intentionally and
|
|
without authority or lawful excuse:
|
|
|
|
(a) destroys, erases or alters data stored in, or inserts
|
|
data into a computer;
|
|
|
|
(b) interferes with, or interrupts or obstructs the lawful
|
|
use of, a computer;
|
|
|
|
(c) impedes or prevents access to, or impairs the
|
|
usefulness or effectiveness of, data stored in a computer;
|
|
|
|
is guilty of an offence.
|
|
|
|
Penalty: Imprisonment for 10 years
|
|
|
|
|
|
³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³
|
|
ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ
|
|
|
|
- [6.5] - Scanning PBX's - [6.5] -
|
|
- Written by Anonymous Author -
|
|
|
|
³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³
|
|
ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ
|
|
|
|
The Author of this article has now left the scene, and would like to
|
|
sever all ties with it. Given this, this article has now become the
|
|
intellectual property of NeuroCactus (with the author's consent). Nuff
|
|
Said.
|
|
|
|
What is a PBX?
|
|
--------------
|
|
A PBX comes in many varieties. There are ones with codes, ones without
|
|
codes. There are automated front ends on some of them, and some are
|
|
just a back door into a companies phone system.
|
|
|
|
There are two ways to hack a PBX. The first is to dial into it by modem
|
|
and re-program them. The other way is to brute force them by dialling
|
|
into the front-end. I will mainly deal with hacking the front end.
|
|
|
|
When you dial a front-end of a PBX, you'll either get some variant of a
|
|
dial-tone, or something like 'Please enter the extension number and
|
|
press pound'.
|
|
|
|
Code based PBX's
|
|
----------------
|
|
A code-based PBX is normally one where you dial a number, get a
|
|
dial-tone, then dial a code of a specific length (normally 4-6 digits).
|
|
Then you dial the number you want and bingo! If you want more info on
|
|
this type of PBX, check out a code-hacking proggy such as CodeTheif.
|
|
Automated front ends Again, rather basic. All you need do with these is
|
|
scan out all the extensions on it. Also, try combinations including *,
|
|
# & 0 first. You'll be looking for voice-mail, dial tones & carriers.
|
|
If you get a carrier, it may just be a dial-in to hack the PBX using
|
|
your modem. This is common for PBX's such as IBM's ROLM and Nortel's
|
|
MERIDIAN, as well as ASPEN's that are connected to a switch (PBX).
|
|
|
|
Back door, front-ends (BDFE)
|
|
----------------------------
|
|
Ok, this brings me to the main part of this file. Back-door type PBX's,
|
|
with a dial-tone based front-end. These are the type I love, and you
|
|
can find all sorts of shit on them. Hacking a BDFE PBX requires a
|
|
brute-force method of hacking them, that is, dialling them repetitively
|
|
belting different combinations of DTMF (touch-tones) at them each time
|
|
you ring. On BDFE PBX's, there are certain messages you get from 'em,
|
|
in the form of tones, such as a ring or busy tone. This can vary
|
|
greatly but on the majority of them, it is rather straight forward.
|
|
|
|
Usually, when you pick up the phone, and start dialling, you will get a
|
|
'busy' tone if you stop dialling before you give the exchange enough
|
|
digits. Well, this is also the case with a BDFE PBX. If you haven't
|
|
dialled enough digits, you'll get (after a pause) a busy signal. Again,
|
|
when you pick up the phone normally, and dial a disconnected number,
|
|
you get a message saying that the number is wrong. Well, this is also
|
|
the case with BDFE PBX's, except instead of the message, you normally
|
|
get an error tone, normally something like <bing><bong><bing><bong>....
|
|
There are other things you can get on a BDFE PBX. Things such as a
|
|
dial-tone (no shit) on an extension. When you get a dial-tone, it can
|
|
be one of 3 things: loopback, sub-PBX or fake.
|
|
|
|
A loopback dialtone will loopback to the beginning again, so say you
|
|
rung a PBX and dialled *0 to get a loopback dialtone. At the second
|
|
dialtone you can again dial *0 to get the same dialtone again.
|
|
ad-finitum. The dialtone on a loopback is normally the same as the
|
|
original dialtone, but don't take that literally - there are always
|
|
exceptions to the rule.
|
|
|
|
A sub-PBX dialtone could be one of two things again. It could be a
|
|
code-based PBX, or it could be yet another BDFE PBX.
|
|
|
|
A fake dialtone won't accept tones at all. I am yet to discover what
|
|
the deep and inner meaning behind these are, other than pointless.
|
|
(any suggestions are welcome).
|
|
|
|
Ok, now you got the basics, lets got to the important bit.
|
|
|
|
Scanning/Hacking BDFE PBX's
|
|
---------------------------
|
|
|
|
This normally takes fucking ages. Bad luck, you wanna phreak right? To
|
|
hack a BDFE PBX, I suggest you find a good text editor that makes good
|
|
use of the enter, tab and cursor keys. MS-DOS Editor I have found also
|
|
need a phone with big buttons, a comfortable handset and at least one
|
|
programmable memory button. Program the number of the BDFE PBX into
|
|
the memory button, along with a code if it costs money to call it.
|
|
|
|
Now, what your going to need to do is dial the PBX over and over again,
|
|
trying patterns of numbers, incriminated slightly each time you call.
|
|
The best way for me to explain this is with a case study. Ok, we've
|
|
got an imaginary PBX, with the phone number 1-800-IMA-HACKER
|
|
(Compliments of *****). Ok dial the number, you get a dialtone. hit 0.
|
|
You get an error tone. Write this down, eg:
|
|
-- SCAN.TXT -- 0 err
|
|
----
|
|
|
|
Hang up & ring back. This time hit a 9. nothing happens, silence. Hit
|
|
another number, 0. You get an error. so...
|
|
-- SCAN.TXT -- 0 err
|
|
9; 0 err
|
|
----
|
|
|
|
Ok, where gonna check out the rest of the 9X range. Ring back, belt 9,
|
|
then another number, 9. you get an error. so...
|
|
-- SCAN.TXT -- 0 err
|
|
9; 0 err
|
|
9 err
|
|
----
|
|
|
|
Ring back, belt 9, 1. error.
|
|
-- SCAN.TXT -- 0 err
|
|
9; 0 err
|
|
9 err
|
|
1 err
|
|
----
|
|
|
|
Ring back, belt 9, 2. it start's ringing. Joe Blow picks up the phone.
|
|
-- SCAN.TXT -- 0 err
|
|
9; 0 err
|
|
9 err
|
|
1 err
|
|
2 Joe Blow's Extension
|
|
----
|
|
|
|
Ring back, belt 9, 3. error.
|
|
-- SCAN.TXT -- 0 err
|
|
9; 0 err
|
|
9 err
|
|
1 err
|
|
2 Joe Blow's Extension
|
|
3 err
|
|
----
|
|
|
|
Ring back, belt 9, 4. Nothing but silence. After a while you get a busy
|
|
so it wants another dig it. so...
|
|
-- SCAN.TXT -- 0 err
|
|
9; 0 err
|
|
9 err
|
|
1 err
|
|
2 Joe Blow's Extension
|
|
3 err
|
|
4;
|
|
----
|
|
|
|
Notice the semi-colons? They mean there are more digits needed. Ring
|
|
back, belt 9, 4, 0. Dialtone.
|
|
-- SCAN.TXT -- 0 err
|
|
9; 0 err
|
|
9 err
|
|
1 err
|
|
2 Joe Blow's Extension
|
|
3 err
|
|
4; 0 Dialtone
|
|
----
|
|
|
|
Ok, while your still on the phone, belt another tone at it. Nothing
|
|
happens, the dialtone still remains, belt lots a tones. Nothing.
|
|
Obviously a dead tone. lets skip the 9, 4, X bit for now and continue
|
|
onto 9, 5.
|
|
-- SCAN.TXT -- 0 err
|
|
9; 0 err
|
|
9 err
|
|
1 err
|
|
2 Joe Blow's Extension
|
|
3 err
|
|
4; 0 Dead Dial
|
|
----
|
|
|
|
Ring back, belt 9, 5. Dialtone. so...
|
|
-- SCAN.TXT -- 0 err
|
|
9; 0 err
|
|
9 err
|
|
1 err
|
|
2 Joe Blow's Extension
|
|
3 err
|
|
4; 0 Dead Dial
|
|
5 Dial
|
|
----
|
|
|
|
belt 0. error. so...
|
|
-- SCAN.TXT -- 0 err
|
|
9; 0 err
|
|
9 err
|
|
1 err
|
|
2 Joe Blow's Extension
|
|
3 err
|
|
4; 0 Dead Dial
|
|
5; 0 err
|
|
----
|
|
|
|
Ring back, belt 9, 5, 9. 0. Error again. Seems similar to the first
|
|
dialtone. Ringback, try Joe Blows extension. so belt 9, 5, 9, 5 for a
|
|
dialtone, then hit 9, 5, 9, 2. You get Joe Blow. So...
|
|
-- SCAN.TXT -- 0 err
|
|
9; 0 err
|
|
9 err
|
|
1 err
|
|
2 Joe Blow's Extension
|
|
3 err
|
|
4; 0 Dead Dial
|
|
5; 0 err
|
|
9 loopback
|
|
----
|
|
|
|
Get the picture? I'll finish off the scan list.
|
|
-- SCAN.TXT -- 0 err
|
|
9; 0 err
|
|
. 9 err
|
|
. 1 err
|
|
. 2 Joe Blow's Extension
|
|
. 3 err
|
|
. 4; 0 Dead Dial
|
|
. . 9 err
|
|
. . 1 err
|
|
. . 2 err
|
|
. . 3 err
|
|
. . 4; 0 Dead Dial
|
|
. . 9 dialout (accepts 1-800-XXX-XXX only)
|
|
. . 1 err
|
|
. . 2 err
|
|
. . 3 err
|
|
. . 4 err
|
|
. . 5 err
|
|
. . 6 err
|
|
. . 7 err
|
|
. . 8 err
|
|
. . * busy
|
|
. . # busy
|
|
. 5 err
|
|
. 6 err
|
|
. 7 err
|
|
. 8 err
|
|
. * err
|
|
. # err
|
|
. 5; 0 err
|
|
. 9 loopback
|
|
. 1 err
|
|
. 2 err
|
|
. 3 operator
|
|
. 4 operator
|
|
. 5 err
|
|
. 6 operator
|
|
. 7 err
|
|
. 8 err
|
|
. * busy
|
|
. # busy
|
|
. 6; 0 err
|
|
. 9; 0; 0; (Dial 6-900-XXX-XXX for 1-900-XXX-XXX)
|
|
. . 9 err
|
|
. . 1 err
|
|
. . 2 err
|
|
. . 3 err
|
|
. . 4 err
|
|
. . 5 err
|
|
. . 6 err
|
|
. . 7 err
|
|
. . 8 err
|
|
. . * busy
|
|
. . # busy
|
|
. . 9 err
|
|
. . 1 err
|
|
. . 2 err
|
|
. . 3 err
|
|
. . 4 err
|
|
. . 5 err
|
|
. . 6 err
|
|
. . 7 err
|
|
. . 8 err
|
|
. . * busy
|
|
. . # busy
|
|
. 1 err
|
|
. 2 err
|
|
. 3 err
|
|
. 4 err
|
|
. 5 err
|
|
. 6 err
|
|
. 7 err
|
|
. 8 err
|
|
. * busy
|
|
. # busy
|
|
. 7 err
|
|
. 8 'Please enter the mail-box number, and press
|
|
. hash'. Voicemail system, default=1234.
|
|
. *; Dial tone
|
|
. 0 err
|
|
. 9 err
|
|
. 1; 0 err
|
|
. . 9 err
|
|
. . 1; 0 err
|
|
. . 9 err
|
|
. . 1; 0 err
|
|
. . 9 err
|
|
. . 1 Modem - Looks like PBX dial-in
|
|
. . 2 err
|
|
. . 3 err
|
|
. . 4 err
|
|
. . 5 err
|
|
. . 6 err
|
|
. . 7 err
|
|
. . 8 err
|
|
. . * err
|
|
. . # err
|
|
. . 2 err
|
|
. . 3 err
|
|
. . 4 err
|
|
. . 5 err
|
|
. . 6 err
|
|
. . 7 err
|
|
. . 8 err
|
|
. . * busy
|
|
. . # busy
|
|
. . 2 err
|
|
. . 3 err
|
|
. . 4 err
|
|
. . 5 err
|
|
. . 6 err
|
|
. . 7 err
|
|
. . 8 err
|
|
. . * busy
|
|
. . # busy
|
|
. 2 err
|
|
. 3 err
|
|
. 4 err
|
|
. 5 err
|
|
. 6 err
|
|
. 7 err
|
|
. 8 err
|
|
. * busy
|
|
. # busy
|
|
. # Operator
|
|
1 err
|
|
2 err
|
|
3 err
|
|
4 'Please enter the mailbox number, and press hash'
|
|
- Voicemail
|
|
5 err
|
|
6 err
|
|
7 err
|
|
8 err
|
|
* Operator
|
|
# Operator
|
|
----
|
|
|
|
Ok, so this PBX has now been scanned out. Here's a list of what was
|
|
found. Dial For
|
|
|
|
92 Joe Blow's Extension
|
|
94 Fake/Dead Dialtone
|
|
9440 Fake/Dead Dialtone
|
|
9449 Dialout to 1-800-XXX-XXX
|
|
959 Loopback to beginning
|
|
953 Operator/Switch Board
|
|
954 Operator/Switch Board
|
|
956 Operator/Switch Board
|
|
96900... For 1-900-XXX-XXX
|
|
98 For Voicemail - Default = 1234
|
|
9*,1111 For PBX Dial-In
|
|
9# Operator/Switch Board
|
|
4 For Voicemail - Default = 1234
|
|
* Operator
|
|
# Operator
|
|
|
|
It's as simple as that. Oh, and use common sense when doing this shit,
|
|
that way, you'll find a hell of a lot more.
|
|
|
|
|
|
³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³
|
|
ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ
|
|
|
|
- [6.6] - Perth Payphone Update - [6.6] -
|
|
- Written by Ripmax -
|
|
|
|
³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³
|
|
ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ
|
|
|
|
Ok people heres a few more payphones in West Australia which those of
|
|
you who know what they are for will appreciate. I also grabbed a
|
|
South Australia number on my recent journey to South Australia. All
|
|
new numbers for this issue are marked with a *. We'll continue to
|
|
bring you more numbers in future issues.
|
|
|
|
West Australia
|
|
~~~~~~~~~~~~~~
|
|
|
|
09-490-3530 Telecom Payphone
|
|
Gosnells Shopping Centre Carpark, Ashburton Road,Gosnells
|
|
|
|
09-322-4510 Telecom Payphone 1
|
|
Murry St Perth (Opposite Fast Eddies/Zone3)
|
|
321-061P2
|
|
|
|
09-322-4512 Telecom Card Phone 2
|
|
Murry St Perth (Opposite Fast Eddies/Zone3)
|
|
321-060S2
|
|
|
|
09-339-8054 Private Blue Phone
|
|
Action Food Barns East Fremantle Foyer
|
|
|
|
09-300-0419 Telecom Payphone 1 (Closest to Ticket Counter)
|
|
Joondalup Train Station
|
|
|
|
09-300-0417 Telecom Payphone 2
|
|
Joondalup Train Station
|
|
|
|
09-276-7645 Cant Remember
|
|
Morley Area
|
|
*
|
|
09-384-7799 Telecom Payphone
|
|
Outside Red Rooster at Robinson Pavillion , Perth Royal Show
|
|
*
|
|
09-221-3427 Telecom Payphone
|
|
Outside Sinatras Pub, Perth Train Station
|
|
*
|
|
09-221-2748 Telecom Payphone
|
|
Next to vending Machine at Perth Train Station Main Platform
|
|
*
|
|
09-325-8686 Telecom Payphone
|
|
Hay St Mall (Cinema City End)
|
|
*
|
|
09-221-5886 Telecom Payphone
|
|
Hay St Mall (Opposite Hoyts Cinema)
|
|
*
|
|
09-316-2160 Telecom Payphone
|
|
Garden City Shopping Centre (Food Hall)
|
|
*
|
|
09-339-5277 Telecom Payphone
|
|
Outside Red Rooster in East Fremantle
|
|
|
|
South Australia
|
|
~~~~~~~~~~~~~~~
|
|
*
|
|
08-642-3447 Private Blue Phone
|
|
BP Port Augusta (The Right One)
|
|
|
|
|
|
³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³
|
|
ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ
|
|
|
|
- [6.7] - Canning for Dollars - [6.7] -
|
|
- Written by Bad Sector -
|
|
|
|
³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³
|
|
ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ
|
|
|
|
Ok, cans are almost always on exposed areas next to roads, no buts
|
|
about it. This is because they are easily spotted and a piece of
|
|
veritable piss to phreak off once in.
|
|
|
|
Equipment:
|
|
|
|
1 - Telecom Can Key or facsimile
|
|
2 - Hex wrench or Crescent (Adjustable wrench)
|
|
|
|
Ok cans come in a few varieties, most common are 1 meter high or so
|
|
cans, there are also 1.5meter monsters with handles to lift off the
|
|
cylinder. Frac states that hardly any are pressurised anymore and that
|
|
telco probably never bother chasing down depressurizations on cans, as
|
|
they have a small alarm switch, so you are basically safe as houses,
|
|
well maybe.
|
|
|
|
_______
|
|
/ \
|
|
|___[o]___| <-- Lid with keyhole
|
|
| .|
|
|
| '.|
|
|
| '.|
|
|
| '.| <-- Cylinder, grey in color
|
|
| '.|
|
|
| '.|
|
|
| '.|
|
|
| '.| _________
|
|
| '.| | \ <-- Bit like a telco
|
|
| '.| |o --\/\/ key. <g>
|
|
| '.| |___/
|
|
| ' |
|
|
\ '/
|
|
|
|
Locate a can that is in a well hidden spot, bit of a search but worth
|
|
finding. I suggest a small one as they are easier to handle. Use your
|
|
telco key or a fake to turn the can lid lock and take the lid off.
|
|
Then with the hex wrench or adjustable spanner just unscrew the bignut
|
|
while holding the cylinder down, as it may fly up when depressurized.
|
|
Ok, once in then you will see a number of racks of terminals, bit
|
|
like pie segments all around the can.
|
|
|
|
Rack diagram may be a bit incorrect.
|
|
|
|
Front View Top View
|
|
______
|
|
_oooo_ <--- Subscriber terminals ___________
|
|
_oooo_ \ /
|
|
_oooo_ \_______/
|
|
_oooo_
|
|
_oooo_
|
|
_oooo_ Metal spacers are also
|
|
_oooo_ thoughtfully provided :)
|
|
_oooo_ Same sorta shape.
|
|
_oooo_
|
|
_oooo_
|
|
_oooo_
|
|
_oooo_
|
|
_oooo_
|
|
|
|
Simple really, hook up your alligator clips to the correct terminals.
|
|
They are arranged horizontally I think. You might be able to listen
|
|
to people chatting etc. depending on the hour, but according to all
|
|
intelligence people most phone conversations are dead boring so don't
|
|
bother.
|
|
|
|
The disadvantage of cans is they are usually almost next to a road
|
|
and are a bit difficult to reassemble in a hurry as the NC crew found,
|
|
but there is no chopping/damage involved so your chances of detection
|
|
are minimal. Remember some poor suck picks up the bill for your calls
|
|
so always use different pits and cans for safety, as they WILL
|
|
complain to Telco about that $90 phone call to Upper Tanzania, and
|
|
telco will probably check there first.
|
|
|
|
Ok, that concludes the canning/pitting tutorial I guess. I've been as
|
|
accurate as memory serves, no doubt I've made mistakes, but I don't
|
|
take tape measures into pits and cans. I know there is new information
|
|
there for ya all. :)
|
|
|
|
|
|
³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³
|
|
ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ
|
|
|
|
- [6.8] - The Crunch Man - [6.8] -
|
|
- Written by Data King -
|
|
|
|
³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³
|
|
ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ
|
|
|
|
26 hundred I found how to blow
|
|
With a toy whistle dont you know
|
|
|
|
Now I live by my reputation
|
|
Treated like a God by every nation
|
|
|
|
These days even my radio confuses me
|
|
Its probably from all this L S D
|
|
|
|
Cum, cum and do the crunchman with me
|
|
It's the kewlest dance you ever will see
|
|
|
|
A step to the left, a shimmy to the right
|
|
I could dance like this all fuqing night
|
|
|
|
I hear that dewd FRaC from the land down under
|
|
Is pissed coz my smell made his mum chunder
|
|
|
|
I'm too kewl to keep myself clean
|
|
I wash only after sex and not in between
|
|
|
|
Wont you be my friend, be my pal
|
|
Bend over and let me learn your anus well
|
|
|
|
I meet someone and demand gimme a socket, gimme a fone
|
|
I gotta check my mail, a guy might want to suck my bone
|
|
|
|
I'm unique, I'm definitely one of a kind
|
|
For some reason the doctors say I'm outta my mind
|
|
|
|
It could be the drugz, don't you see
|
|
I've been high since nineteen seventy three
|
|
|
|
Let me tune you up, no no do as I say
|
|
If your really good we'll have sex all day
|
|
|
|
With FRaC I went raving, thats the guy from WA
|
|
But that stoopid club, they wouldn't let me stay
|
|
|
|
They said I couldn't get naked out on the floor
|
|
When I did, the bouncer threw me out the door
|
|
|
|
I'll sue them, I'll take them down
|
|
Don't they know I'm the Kewlest in town
|
|
|
|
I met the man himself, Ripmax is his name
|
|
At his house where Amber babe said I was lame
|
|
|
|
There is this dewd, Deicidal was his nick
|
|
I didn't get him, damn I wanted his prick
|
|
|
|
Down in Old Melbourne Town Slogic I did meet
|
|
He talked tech, his body, Oh boy, what a treat
|
|
|
|
I lie on the floor with my hand up my ass
|
|
Sucking on some guys dick, oh man what class
|
|
|
|
Now I'm back in the good old usa
|
|
Its just not fair they wouldnt let me stay
|
|
|
|
Some day I want to go back
|
|
Coz those dewds over there, boy they can hack
|
|
|
|
Their so kewl and know their stuff, I'm in awe
|
|
Please explain why they showed me the door
|
|
|
|
I'm a druggie, a raver, a pedophile
|
|
I guess those dewds didn't like my style
|
|
|
|
If your young and male, call my 1-800
|
|
Then I can fuq you over, so you'll look one hundred
|
|
|
|
I'm The Crunchman, and I'm no fewl
|
|
Let me teach you how to be so kewl
|
|
|
|
|
|
³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³
|
|
ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ
|
|
|
|
- [6.9] - Cellular Reprogramming - [6.9] -
|
|
- Written by Data King -
|
|
|
|
³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³
|
|
ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ
|
|
|
|
In the Australian Scene there has been quite a bit of interest
|
|
recently in Cellular Telephones. There is a lot of confusion and
|
|
mis-information out there on this subject.
|
|
|
|
What follows is the result of quite a bit of work, by myself and
|
|
several other people, We did this not for any illegal purpose, but
|
|
purely in an effort to proove Telecom wrong and show that it is
|
|
possible.
|
|
|
|
Usage of Cellular Telephones
|
|
~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
|
|
|
I do not condone or encourage any person, living or dead, to use the
|
|
information contained with in this article for any illegal purpose.
|
|
(See NeuroCactus Main Disclaimer)
|
|
|
|
If you are considering reprogramming a cellular phone with another
|
|
persons details and then fraudulently calling your friends all over
|
|
the world, forget it!
|
|
|
|
Every number you call will show up in their records as well as the
|
|
cellular cell that you called from and any subsequent cells you moved
|
|
to. You will get caught, don't do it.
|
|
|
|
|
|
Equipment Used
|
|
~~~~~~~~~~~~~~
|
|
|
|
The following equipment is a list of the equipment that I have
|
|
personally used to reprogram a Motorola Bag Fone.
|
|
|
|
1 x Motorola Bag Fone
|
|
1 x Reprogramming Cable (See next Section)
|
|
1 x Mot911 Software (Motorola V9.11 Reprogramming SW)
|
|
1 x 386sx 16 PC running MS-DOS
|
|
1 x 9 Volt DC Powerpack (I used a Smart2 500mA Regulated Unit)
|
|
1 x Pre 9122 Motorola EPROM (I used v9023 of the EPROM)
|
|
|
|
|
|
Building a Reprogramming Cable
|
|
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
|
|
|
A reprogramming cable is not difficult to make, I used the following
|
|
components:
|
|
|
|
1 x Male D Connector (25 Pin)
|
|
1 x Female D Connector (25 Pin)
|
|
2 x D Shells (25 Pin)
|
|
1 x 30cm of 9 Core Cable
|
|
3 x Short Pieces of Insulated Wire.
|
|
1 x Power Connector Lead (Female Version of the connector on the
|
|
Power Supply)
|
|
|
|
|
|
The diagram of the cable I used is slightly different to what is
|
|
commonly available on the net:
|
|
|
|
Computer Transceiver
|
|
Printer Port Port
|
|
(Male DB 25) (Female DB 25)
|
|
|
|
3 ------------ (-9 Volt Supply)
|
|
|
|
4 -\
|
|
5 -------------(+9 Volt Supply)
|
|
|
|
1 --------------- 18
|
|
2 --------------- 21
|
|
/- 3
|
|
| 4 --------------- 1
|
|
| 12 --------------- 12
|
|
| 13 --------------- 11
|
|
\- 14 --------------- 17
|
|
17 --------------- 20
|
|
18 --------------- 14--\
|
|
20 --------------- 23--/
|
|
|
|
Once I had everything correctly assembled, I spent sometime testing
|
|
the connections, as my computer wouldnt like 9 volts pumped into its
|
|
printer port.
|
|
|
|
Hardware Modifications
|
|
~~~~~~~~~~~~~~~~~~~~~~
|
|
|
|
With this type of transceiver there is no need for any fancy
|
|
modifications to the unit, although my phone had a post 9122 eprom so
|
|
I had to find and burn an earlier version of the eprom, this was not a
|
|
difficult task as the unit uses a standard 27c512, which I obtained
|
|
from my local electronics shop.
|
|
|
|
To identify what version of the ROM I had in the phone, I hooked
|
|
everything up and then had the MOT911 software read the unit, The
|
|
software reported that my ROM version was post 9122, so I had to
|
|
change the ROM.
|
|
|
|
This then presented me with problem to solve, getting the cover off of
|
|
the unit, as I didn't have the correct driver for the screw, I simply
|
|
drilled the heads off of the screws with a power drill on the low
|
|
speed setting, the cover then lifted straight off, allowing me access
|
|
to the circuit board.
|
|
|
|
To reattach the cover, I went through my screw draw and found some
|
|
screws with the same thread, removed the headless screws from the base
|
|
and screwed the lid back on using the new screws.
|
|
|
|
Interestingly enough once the unit has been reprogrammed I found that
|
|
I could remove the 9023 version of the rom and put the post 9122
|
|
version back in and the unit continued to operate correctly.
|
|
|
|
Reprogramming
|
|
~~~~~~~~~~~~~
|
|
|
|
Now that I had everything correctly set, it was time to attempt to
|
|
reprogram the phone, so I connected it all up and started the motorola
|
|
software on my PC, I followed the instructions and then selected the
|
|
last option from the type of fone to reprogram (any black/silver box).
|
|
|
|
The program read the NAM details from the phone, displayed them on the
|
|
screen and it wouldnt allow me to edit any of the options, interesting
|
|
I thought to myself, and then I remembered that the earlier version of
|
|
the program had a batch file to start the program.
|
|
|
|
I got the old version and unzipped it, viewed the batch file, it
|
|
contained a single line:
|
|
|
|
MOTOROLA /NAM /ESN /NVR /LPT1 /E7
|
|
|
|
Using these command line options allowed the software to go into edit
|
|
mode and I could now edit all of the fields displayed on the screen.
|
|
|
|
/NAM - Allow edit of the NAM table
|
|
|
|
/ESN - Allow edit of the ESN details
|
|
|
|
/NVR - Non Volatile RAM Clearing
|
|
|
|
/LPT1 - Use parallel port number 1
|
|
|
|
/E7 - I believe this to be which IRQ the parallel port is on,
|
|
but I am not certain.
|
|
|
|
Before going into what I did to reprogram the unit, I will first
|
|
briefly explain some of the terms and also give examples of the common
|
|
settings for them. Not having any technical manuals from Australian
|
|
Cellular Carriers has meant that I have had to gather this information
|
|
from trial and error based on what people overseas have done or have
|
|
found from their cellular carriers.
|
|
|
|
ESN: Electronic Serial Number
|
|
|
|
This is what they use to identify whether a unit is stolen or
|
|
not. There should never be more than one phone with the same ESN.
|
|
Each ESN is unique. The ESN is represented by a hexadecimal
|
|
number.
|
|
|
|
The first two digits of the ESN represent the manufacturer of that
|
|
phone, This is a complete list of all the manufacturers and their
|
|
codes that I currently know.
|
|
|
|
Company Decimal Hex
|
|
|
|
AudioVox 138 8A (Toshiba)
|
|
Alpine 150 96
|
|
Antel 146 92
|
|
Antel 175 AF
|
|
ARA 146 92
|
|
AstroTEL 129 81 (Oki)
|
|
AT&T 132 84 (Hitachi)
|
|
AT&T 129 81 (Oki)
|
|
Cellquest 174 AE
|
|
Clarion 140 8C
|
|
CM Telecom 153 99
|
|
Colt 174 AE
|
|
DiamonTel 134 86
|
|
Ericcson 143 8F
|
|
General Electric 146 92
|
|
General Electric 134 86 (Mitsubishi)
|
|
General Electric 157 9D
|
|
Goldstar 141 8D
|
|
Hitachi 132 84
|
|
Infa 152 98
|
|
MEI 167 A7
|
|
Mitsubishi 134 86
|
|
Mobira 156 9C
|
|
Motorola 130 82
|
|
NEC 135 87
|
|
Nokia 165 A5
|
|
Nokia 142 8E
|
|
Novatel 142 8E
|
|
Oki 129 81
|
|
Panasonic 136 88
|
|
Pioneer 130 82 (Motorola)
|
|
Quantum 176 B0
|
|
Radio Shack 165 A5
|
|
Radio Shack 172 AC (Uniden)
|
|
Sanyo 175 AF
|
|
Shintom 174 AE
|
|
Sony 154 9A
|
|
Sun Moon Star 178 B2
|
|
Technophone 162 A5
|
|
Uniden 172 AC
|
|
Walker 162 A5 (Technophone)
|
|
|
|
You will notice that in this list there are several manufacturers
|
|
who have the same number, this is due to one company badge
|
|
engineering another companies phones, if I know which is the
|
|
true manufacturer of the unit I have put their name in brackets
|
|
after the hex code.
|
|
|
|
|
|
MIN: Mobile Identification Number.
|
|
|
|
This is the telephone number of the phone, BUT it is not exactly
|
|
the same as they number you know for your phone, the actual area
|
|
code part of this field is represented differently. In Australia
|
|
we currently have 3 area codes for analog mobile phones 015, 018,
|
|
& 019. The machine versions of these numbers are 5050, 5060, and
|
|
5070. So for example if my telephone number was 018-123-456, in
|
|
the MIN field it would be entered as 5050-123-456.
|
|
|
|
5050 is the equivalent of 018 and not 015 due to the order of use
|
|
of the mobile prefix's. 018 was the first to be used, hence the
|
|
5050 number is it's machine representation, followed by 015
|
|
(5060) and then 019 (5070).
|
|
|
|
SIDH: System Identification (for) Home System
|
|
|
|
This is a five digit number that is provided by carrier. The last
|
|
digit should match the Preferred System Mark (0 or 1)
|
|
|
|
AOIC: Access Overload Class
|
|
|
|
This is not used like it was designed to be, but its purpose is
|
|
to allow the system to decide who should be dropped in an
|
|
overload situation. Usually the last number of you phone number
|
|
preceeded by a 0, In America 15 in this field identifies your
|
|
phone as Military/Police and your phone is the last to be dropped
|
|
in an overload situation.
|
|
|
|
I am still trying to find out if here in Australia there is an
|
|
equivalent of 15, I suspect if there is it maybe 01 as this seems
|
|
to give the clearest and least number of "drop outs".
|
|
|
|
PS: Preferred System
|
|
|
|
A single digit that determines which set of channels the mobile
|
|
scans. The A system (Channels 1-333) or the B system (334-666).
|
|
This should match the last digit of the SIDH.
|
|
|
|
SCM: Station Class Mark
|
|
|
|
This 4 bit binary field specifies the power output, number of
|
|
channels, and vox capabilities of the unit. Some of the common
|
|
settings are:
|
|
|
|
Number of Power
|
|
|
|
Binary Decimal Channels Output Vox
|
|
|
|
0000 00 666 3.0 NO
|
|
0010 02 666 0.6 NO
|
|
0100 04 666 3.0 YES
|
|
0110 06 666 0.6 YES
|
|
1000 08 832 3.0 NO
|
|
1010 10 832 0.6 NO
|
|
1100 12 832 3.0 YES
|
|
1110 14 832 0.6 YES
|
|
|
|
The power output is measured in watts. Generally your in Car
|
|
phones are 3 watts and your hand helds are 0.6 watts. This is
|
|
what makes Motorola bag phones so attractive, they are portable,
|
|
and they are 3 watts.
|
|
|
|
|
|
The part of the reprogramming procedure that is of most interest was
|
|
changing the phone to look like another, as I did not want to do
|
|
anything illegal I wrote down the current ESN & MIN and then replaced
|
|
them with garbage numbers.
|
|
|
|
Once I had done this, I pressed escape to tell the software I had
|
|
finished changes, at this point it is VITAL that nothing prevents the
|
|
software from completing its calculations and writing to the phone.
|
|
|
|
If such an interruption was to occur, then the phone would end up with
|
|
bad data stored in its table, and will not work.
|
|
|
|
This happened to me several times, and I found that there is no
|
|
permanent damage, if you correct the fields that are corrupt and write
|
|
everything out to the phone successfully then everything will be ok.
|
|
|
|
Once this step had completed, the software asked me several questions
|
|
about altering defaults and clearing the NVR, as this was not to be a
|
|
permanent change I left them as they were.
|
|
|
|
After the above questions were answered, the software disconnects
|
|
itself from the phone and informs you that you can now remove the
|
|
phone from the programming adapter.
|
|
|
|
I now had a reprogrammed phone, however I had no way to test it as the
|
|
information contained in it was deliberately bogus, so I repeated the
|
|
programming steps above, this time removing the bogus data, and in its
|
|
place entering the correct details that I had written down earlier.
|
|
|
|
After completion of the programming I disconnected the telephone from
|
|
the programming adapter, reconnected it to it's battery and
|
|
successfully called people on it under its original ESN and MIN, which
|
|
I had just programmed into the unit.
|
|
|
|
|
|
Conclusion
|
|
~~~~~~~~~~
|
|
|
|
The title of this section could be "Yes, Telstra are lying when the
|
|
say it is not possible", but then we all know from past experience
|
|
that Telstra lie about anything to do with "phreaking".
|
|
|
|
To reprogram a Motorola cellular telephone is quite easy once you know
|
|
how, however it is highly illegal to change the ESN & MIN for
|
|
fraudulent purposes, take my advice and do not do it.
|
|
|
|
To the best of my knowledge however there is nothing to stop you
|
|
changing the other details within the phone, so long as you do not
|
|
change an option that causes any problems with the cellular network.
|
|
|
|
One of the things that can be done using this software and programming
|
|
adapter is inform your telephone of any new accessories that you get,
|
|
for example you might buy a VOX kit.
|
|
|
|
Normally you would have to pay your local dealer a fee to change the
|
|
option within your telephone so that the VOX kit would work, now you
|
|
can do it yourself, save the cash, and buy me a scotch with it if we
|
|
ever meet!
|
|
|
|
|
|
³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³
|
|
ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ
|
|
|
|
- [6.10] - Greets and Contacting us - [6.10] -
|
|
|
|
³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³
|
|
ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ
|
|
|
|
If you would like to contact us call any of the following places :
|
|
|
|
Bulletins Boards
|
|
----------------
|
|
|
|
Destiny Stone II (+61-9) -=- (+61-8) The Temple
|
|
Jesta's BBS (+61-7) -=- (+61-3) Rewted LogiK
|
|
|
|
Voicemail
|
|
---------
|
|
|
|
Destiny Stone II Voice Mail System +61-9-246-2553 Box No 2
|
|
|
|
WWW Homepage
|
|
------------
|
|
|
|
http://suburbia.apana.org.au/~dking
|
|
|
|
Our Special Regards go out to (In Alphabetical Order)
|
|
|
|
Anubis : Thanks for the accommodation!
|
|
Bad Sector : Come out of hiding yet?
|
|
Captain Crunch : How weird can one guy be?
|
|
Cairo : Lets see you out and about more
|
|
Enigma : Ready for another NCR?
|
|
Freestyle : See you on the Net again soon!
|
|
Hook : Good to see you around still
|
|
Jesta : Advertising in Phrack are we?
|
|
Slash : kh89775jkhgk! (Comment PGP encrypted)
|
|
Stylemaster DJ : Welcome back to Perth!
|
|
Xstatic : Nice to meet you in SA, Rave on!
|
|
|
|
|
|
³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³
|
|
ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ
|
|
|