Shout-outs to: Bluebird, Shambala & the ASU, Silicon Toad, Vladimir, Peach,
Dr Seuss, Lord Somer, naPALM Death, DaSniffer, Active Matrix,
AbBaDdon, Da Grouch, iGNATIUS, #macwarez DALnet,
The guys at CIS alpha, Kronix, and the good 'ole LOD..
Introduction
=========
It's a busy world out there..
In the US of A alone, over 12 Million AT&T answering machines are in use today,
and that is only an estimate, considering there are over brands not included in that sum..
It's a busy world out there..
Everyone's heard the good 'ole,
"We are not in right now, please leave your name, number and message after the beep".
Becuase of it's poplarity, and vast numbers, Answering Machines became yet another exploit to hackers around the globe..
Why Hack an Answering Machine?
========================
Why would a hacker, or anyone for that matter, want to seize control of an answering machine? Well, there are many reasons, but the major ones are as follows:
If for some reason you need to spy on a business, or person, you can hack their machine and take control using the information for your own personal use.
There is also the 'ole "change the message" secret to make it say something to the effect of
this line accepts all toll charges so you can bill third party calls to that number. You can also use an answering machine for your own personal use, as in making it your own voice mail type system for people to call. I advise not to do this, unless you know the person/victim is out of town, as it is a wee bit fishy if they arrive back from shopping etc.. etc..
You get my point. With these few basic ideas in mind you can see why hacking an answering machine could be very useful to certain individuals, or businesses..
How do I hack an Answering Machine?
===========================
Many answering machines these days are built with 'Remote Access',
this is, the owner can dial-in from anywhere, type in their security code,
and hear their messages. Older machines, (1970's and older..),
will not have this built in, so they are untouchable.
(Why anyone would HAVE an answering machine THAT old is beyond me..)
With this in mind, think to yourself. You've probably guesses it already,
if not, don't fret. O'le Uncie Wabbit will explain.
Ok.. Firstly, find a friend who has a machine. Any extra info, ie model, is also helpfull.
If you do not have friends, I pity you.. Get a life looser!
Now that you have a target, let's play.
Dial there number. IF the answering machine doesn't respond, let it ring 15 times.
This tells the machine to wake the fuck up, and turn itself on. ( haha.. There is no escape )
The security code of the machine varies from machine to machine, the model itself defines whether it is a 2 digit number, or a 3. Some are 1 digit, but that's just way stupid.
Mine, is a Panasonic PhoneMate with a 3 digit code. Not bad eh?
I tend to accept 2 digit security codes as the most common.
Models
=====
To practice hackin' the machines, I've included my list 'o machines, info on them,
and how many digits are in the security code.
Record a Call- Model 2120
--------------------------------
Code : 3 digits
Commands: Call in and during the message or after the beep tone toleave a message enter the 3 digit security code. This will rewind the tape and play all new messages.
Press 2 to backspace and repeat the last message. Press 3 to foward the tape.
Changing your message from remote. Call your phone and enterthe secret code. After several rapid beeps enter your secretcode again. After a short delay you will hear a long tone. After the tone ends begin speaking your message which may be 17 seconds in length. When finished press the second digit of your secret code to end. The machine will then save your message and play it back. To turn the unit on from remote let it ring 11 times then hangup. Or stay on and it will answer so you can access the machine. For express calls or frequent calls hit the second digit for two seconds to skip the out going message announcement.
Cobra Model AN-8521
----------------------------
Code : 2 digits
Commands : For this machine there are 2 codes. Both are one digit in length. The first one is the play code. The second is to erase messages from remote. After the outgoing message and beeptone press the play code for 2 seconds to play messages. After each message ends there will be a single beep. At the end of all message it will beep twice. You may then do the following. Replay by pressing the play code again. Erase messages by pressing the erase code. Hang-up and save messages and continue to take additional calls. To turn this
unit on from remote you must let it ring 16 times before it will activate. If it rings 10 times then you hear 3 beeps it is full and messages need to be erased.
Unisonic Model 8720
--------------------------
Code : 1 digit!
Commands : One digit code entered after the outgoing message and tone will allow you to hear messages. To change message wait till all new messages have been played 2 beep tones will be heard. Press code for four seconds. Two beeps will be heard then the
tape will rewind and beep again. Now leave the new message. Press your code when finished to save new outgoing message. New message will play for you to hear.
I hate this machine...
Panasonic Model KX-T2427
-----------------------------------
Code : 3 digit
Commands: Call and enter the three digit code during the outgoing message. Machine will beep once, then beep amount of times equal to messages. Then rewind and play messages. There will be three beeps after the last message. Six beeps means the tape is full. Press 2 to foward. Press 1 to rewind. Press 3 to reset machine and erase messages. To monitor the room press 5 after the beeps indicating the number of messages the machine has. Press 7 to change the outgoing message, it will beep a few quick times rewind then a long beep will be heard. Leave new message press 9 when finished. Press 0 right after the beep tones to shut the machine off. To turn the machine on let it ring 15 times then hangup after machine turns on.
Panasonic Model KX-T2385d
-------------------------------------
Code : 1 digit!
Commands: During the outgoing message enter the 1 digit code. This willplayback messages. Press the code again to rewind. After the messages have played the machine will beep three times. Press your code again and it will reset the machine. For remote turn on let phone ring 15 times. Then after the outgoing message hangup.
Phonemate Model 4050 <-- My Machine..
----------------------------
Code : 3 digits
Commands: Enter your 3 digit code during the outgoing message. Pressing * or # will allow you to scan through the messages. When finished pressing 1 will replay the messages. Pressing 2 will erase them. To turn on from remote let ring for 15 times.
Then proceed with remote operations.
Phonemate Model 7200
----------------------------
Code : 1 digit!
Commands: Enter 1 digit code during of after the outgoing message. A voice will tell you how many messages you have, then play them back for you. To rewind press your code and hold it for however long you want to rewind. Let go and it will resume playing. After the last message a voice will prompt you with a list of options. You have five seconds to respond or it will proceed to the next option. These are as follows. The first is hanging up to save messages. Next is enter code to replay messages. Next enter code to erase messages. Last is enter code to change greeting. Follow the voice and it will give you complete directions on exact steps to follow. To turn on from remote let ring ten times then hang up. If tape is full it will say sorry tape is full, enter code and erase messages.
Spectra Phone Model ITD300
------------------------------------
Code : 1 digit!
Commands: Enter your 1 digit code after the greeting. Messages will play back. Hanging up will save them. Or wait for four beeps and press your code to replay them. To erase press your code after 2 beeps. To turn the machine on from remote let it ring 10 times.
AT&T Models
-----------------
Code : 2 digit
Commands: Enter 2 digit code before or after announcement.
Listen to messages: 7
Listen to new messages: 6
Stop/Pause: #
Rewind Tape: 2
Advance Tape: 5
Clear Messages: 3,3
Record memo: *
Record Announcement: 4,*
Play Announcement: 4,1
Turn System On: 0
Turn System Off: 8,8
<<< Hacking The Code >>>
Ok, now that we know how the machine works, we need to crack the code.
This is farily simple. I use a different method to the one here, but more on that later.
To crack 1 digit code, I don't need to explain. If you don't understand how to crack them,
I'm suprised you managed to read this document.
Cracking 2 Digit Codes
>------------------------<
To crack 2 digit security codes, when the machine gives the tone, quickly press:
12345678987654321357924686429731474193366994488552 ( This is the shortest )
