TAP YIPL

home *** CD-ROM | disk | FTP | other *** search

/ TAP YIPL / TAP_and_YIPL_Collection_CD.iso / PHREAK / BOXES / GOLDGOOD.TXT < prev next >

Wrap

Text File | 2000-01-15 | 17KB | 390 lines

> Anyone out there remember the Cheese Box. It's a device that will allow > you to dial in on one phone line and connect with, and dial out on another. > I remember a schematic for one many years ago in Tap or Yipl. (Cheese Box > were commonly used by bookies) Here are two schematics I have for diverters... enjoy. *-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-* ! ! ! The Dark Side Research Group ! ! ! ! Proudly Presents: ! ! The DARK BOX: Multi-Purpose Network Manipulation Unit ! ! ! ! By: Cablecast 0perator ! ! ! ! (]<)0PYWR0NGDE 1987, 1990 DSR/ATR All Rights Fucked ! ! ! *-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-* -=> Introduction <=- The Dark Box is the newest device to enter the "colored box" market and is guaranteed to rerevoloutionize the art of telecommunications fraud. The device's inventor, Cablecast 0perator, became quite bored with the old forms of phreaking, having to worry about codes dying, or being traced. The unit you are about to build was spawned by the need for a more versitle, safe and interesting way to phreak. You don't need any special tones or attack dialers, just your good old every-day DTMF pushbutton phone. The box's basic design allows you to call anywhere on earth (or elsewhere for all we care) without fear of being billed or traced. But it's uses do not stop there! When hooked up properly, it can be used to emulate multi-line bridges, loop lines and direct in-dials. It's really quite simple. The device is plugged into two phone lines, other than your own, or one end into a phone line and the other into another box. When there is an incoming call, the device senses this and picks up the phone. Your call is then transferred to the other line or onto the loop. When you hang up, the device senses this, too, and it hangs up also, waiting for the next caller. To illustrate this, whip out your good old analog multimeter and hook it up to your phone line. See that nice, juicy voltage on there? Now call it on your other line. The voltage will jump and the polarity will go all to hell. This version of the Dark Box uses an alternating current detector to tell if the phone is ringing because sensing voltage is unreliable and not entirely universal. Now pick up your second line. There is a momentary blackout on it and then the voltage becomes constant. Now hang up the phone you called in on. There will be another blackout on your other line ans then the voltage will pop back up again. On the box, hangup is detected by the line current passing through an optoisolator that is holding the relay open. When it is cut off for the split second the blackout occurs, the relay is cut off and the phone hangs up. NOTE: With the rapid expansion of digital ESS's, the little phone company quirks that are essential for the device's operation might not be available in your area. Check your line with the meter as directed to be sure! -=> Trip To Radio Snack <=- On your next trip out to your friendly neighborhood Radio Shack, get yourself these: 1:1 Audio Isolation Transformer 555 IC Timer Optoisolator (Transistor Output) (2) NPN Transistors (2N3904 or 6 Will Do Nicely) (2) 100k 1/4w Resistors (2) Normal Diodes 1k 1/4w Resistor 10mF Electrolytic Capacitor Disc Capacitor (.01mF) DPST Relay 9v Battery or Likewise AC Adapter and Timer It'll run you about five or six bucks, unless of course you get a five finger discount...It can be mounted on a small IC perfboard, or whatever you like depending on how small you want it. If you can't display the schematic that goes along with this, we'll do it like connect the dots, it'll be fun!! + O P Q _________ ________ ___|_____|_____|_____|___ A -|o |- H I -|o |- N | C | B -| 555 |- G J -| OptoIs |- M | O DPDT/DPST | C -| ICTimer |- F K -|________|- L | I Relay | D -|_________|- E |___L_____________________| | | | | - R S T This is the wiring diagram for X1, the 1:1 Audio Transformer: RED --(white)--------O||O--------------(red)-- YEL O||O GRN --(black)--------O||O-----------(yellow)-- BLK They don't have to be paired exactly like that, just remember that white goes with black, and red goes with yellow. Text coding of the schematic is very simple. If you have ever assembled one of those 1,000,000,000,000-in-1 electronics kits from Shack, you can do this... I will guide you with TO and THRU. There is a difference: A ----*---- B A ----- R1 ----- B | R1 "A TO R1 TO B" "A THRU R1 TO B" Parallel Circuit Series Circuit These are the abbreviations for the components: RED, GRN, YEL, BLK = Phone line red and green respectively Dx(Anode/Cathode) = The Diodes Where x={1,2} Qx(Emitter/Base/Collector) = Transistors x={1,2} C1(+/-) = Electrolytic Capacitor (observe polarity!) C2 = Disc Capacitor R1 = 1k Resistor Rx = 100k Resistor x={2,3} Ya dig it, mon? If this is too complex for you, try and view the schematic through Generic Software's CADD, or try to draw your own out from the directions below. Sometimes it helps to do this in visual terms! Ok, let's go to it... <-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-> 1: GRN thru R3 to Q1(Emitter) to GND 2: RED thru D1(Anaode) to Q1(Base) 3: Q1(Collector) to B 4: +V thru R1 to B 5: +V to M to D to H to Q2(Collector) 6: H thru R2 to G to F thru C1(+) to GND 7: E thru C2 to A to GND 8: C thru D2(Anode) to Q2(Base) to L 9: Q2(Emitter) thru COIL to GND 10: RED to I 11: J thru X1 to T 12: GRN to R 13: BLK thru X1 to Q 14: YEL to O <-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-> There. That wasn't too hard now, was it? Now let's test it. A word to the wise: Do not substitute batteries or other power supplies in place of the telephone line. If you do, then you risk blowing the transformer and the optoisolator. -=> Testing The Puppy <=- Now that you have it built, double check and make sure everything is OK before you apply power to it. If everything you have is right, there might be some wierd, uncaught error in the file, or you have bad parts. Contact us or try again. A voltmeter and a logic probe can come in handy here... Connect the battery, but not the phone line yet. Your relay should not throw. If it does, check the 555 and the transistor triggering it. If that's ok, short out the emitter and collector on Q1 momentarily. The relay should throw for about two or three seconds then shut off. If not, check that trigger circuit again. Now plug in RED and GRN. If your relay trips, you might have the RED and GRN reversed, or Q1 is not wired properly. If you're ok, call it on your other line. It should ring once and then pick up. If it's busy, perhaps D1 is not right. If it doesn't answer the phone, check Q1 to make sure all contacts are right. Ok, FINAL TEST! Connect YEL and BLK and call the line that RED and GRN are on. It should pick up and you should hear a steady dial tone and be able to dial DTMF on it, etc etc etc. There are several problems that could arise here. 1) No dial tone means it's either not hooked up right, or the transformer is bad. 2) If you only get it for about three seconds before it hangs up on you, you are not getting complete isolation from the other line. Check the transformer. 3) If the dial tone you hear is "bobbled" then you have a major voltage spillover, isolate the second line from the rest of the circuit. If everything checks out, you have just built a DARK BOX!! Now let's have fun with it... -=> Applications And Operations <=- You already have the basic unit constructed. This is sort of a Pseudo-Extender or Pseudo-Diverter. Place it on any two phone lines (other than your own) and be sure you know the number for the RED- GRN pair. Now when you call the line that's hooked up to RED and GRN, you get the dial tone from the YEL/BLK pair, and it's just like you were at that person's house using THEIR phone! But you're not, you could be in Tahiti if you want! This is, basically, how you avoid billing of calls. If you want to use this box from long distance without having to pay for it yourself, you could wire a black box resistor onto the RED/GRN pair. It's not your phone line, what do you care? For loop lines and cheese boxes, wire two Dark Boxes back to back on any two phone lines. For a multiple line bridge, you need as many boxes as you want dial- ins. Loop all the YEL's and BLK's together respectively and plug the RED/GRN's into a hunt group (You know, call 555-0000 and if it's busy, you'll be transferred to 555-0001, etc etc), this way, hackers can drop in and out at will. Didn't Cap'n Crunch do something like this? If you want to make credit card calls instead of dialing direct, attach the box to two payphones that are next to each other. That way, you don't have to freeze your ass off to avoid having your phone number put on the guy's card bill. Make sure the payphones will accept incoming calls! Patch YEL/BLK into an audio amplifier and into the paging system at someplace like K-Mart. Imagine the riot you can start by paging "INS! Stay where you are!" The xfrmer should push out a line level audio, so interfacing to most sound applications should be a snap. A word about Caller ID. CI has been introduced scince the invention of the box. The box can bypass CI to an extent, being that if the box calls someone who caller ID's you, they'll get the second phone line of the box, and not you. However, if the indialing line for the box has CI and you call directly into it and someone happens to be there to get it, you could be in serious trouble. A soloution to this would be to use the box on a payphone that will accept incoming calls. Scince noone gives a fuck who calls a pay phone, chances are it won't CI'd. You could also place the box in an area that doesn't have CI, whereas in order for CI to work, both the caller and the callee must be in service areas. Don't be limited by only these suggestions! Be creative and let us know how you use it! Make a DID for your school's PABX, or get your VICModem to autoanswer! There HUNDREDS of uses for this revoloutionary device waiting to be discovered! -=> One Final Word <=- The staff of Dark Side Research would like to thank our friend, Rebecca, who has encouraged us to press on in the Box's development even during times when it seemed hopeless. Enjoy you new toy.... Cablecast 0perator --- Cheshire Catalyst Research Productions present... Diverter 1992. An alternative to the DARK BOX. Design: Mavicon M.D., The Ear, Cheshire Catalyst and 2 that shall remain nameless. Plans: Mavicon M.D. Diverter Plans Parts List: Everything can be obtained at your local Radio-Shack. As much as i hate that store, they are convenient... RLY1 DPDT relay T1 1:1 audio transformer D1 1N914 or similar diode D2 large LED LMP1 neon lamp R1 10 k R2 photocell R3 22 k R4 47 k Q1 2N2222, 2N3904, 2N4401, most any other NPN switching transistor 1 nine volt battery. The negative terminal goes to ground on the schematic. Positive terminal to +9 volts. Assembly: The best way to assemble the design is to grab one of those small copper lined perfboards from Radio-Shack. They are nice to work on, and can easily be trimmed down to a minimum size once everything is soldered in. The process is the same as any other. Solder all the parts in per the schematic. The photocell must be in a position so that the light from the neon lamp(LMP1) and the LED(D2) both shine on it. All the polarity must be observed. Whichever direction you put the led in, you must remember (color code your wires, green is positive, red is negative, yellow is positive, black is negative) the negative side of the line must go to its negative side. The same goes for the transformer. the positive side of each line has to be connected to the correct pair on the transformer. On the Radio-Shack transformers, put positive of both lines on the Red and Black pairs, The negative on Yellow and White. Our prototypes have reached less that 1" x 1" in size. NOTE: The entire thing MUST be wrapped in black tape. IT must be light tight or you will have a relay that turns on with the sunrise. Theory of Operation: The diverter works on some basic electronic principals. Step by step. The phone rings. The neon lamp is activated by the high voltage(88 p-p) ac and flashes. This light shines on the photocell, decreasing its resistance. When this happens, the positive voltage flowing through the photocell and the 10k resistor exceed the breakdown voltage of the base of the transistor and switches that transistor on. Once the transistor is on, current flows freely from emitter to collector, energizing the relay. The relay's two sets of switches connect both lines to the 1:1 audio transformer, effectively taking both lines off the hook and coupling any audio signals from either line to the other one. Once this happens, current is now flowing through the transformer,relay,led loop. This current lights the led and that light shines on the photocell. This is what keeps the device latched. The light from the led keeps the photocell resistance low enough to keep the transistor on. Now, you make you call and get on with your business. You hang up. Now, the local CO keeps current flowing through the indial line for about 5 seconds, at which point it drops down for a second or so and then goes back up. This is the signal the device uses to determine when you've hung up. When the current drops down, there is no light, and the photocell resistance raises enough to turn the transistor off and delatch the entire system. Applications: The applications are relatively obvious. Hook it up to two unused lines and make free calls. Hook it up to two payphones, and red box calls. The only thing to watch out for is ringing. If you hook it up to a residential line for the indial a small (maybe 1/8) of a ring occurs when you call, tipping off people inside the house. |------------------------------------- | | o +9V | L1+ T1 | | | o-------wwwww----------| | | | | | | | L1- | | | | o-------------| | | o--------| | | | | | | | | | | | | | | | | | | | L2- | |---l----------l---------l--| _____ o-------\ LMP1 | | | \| | | w | /^\ D1 R4 47k * | | | | |\ | w | /---\ --\/\/--/ | | | | | | | w | | | | |-l----------l-----------l--| | | | | RY1 | | | o L2+ |------| | | | | | o--------- | | | | | ----| | D2 | / | |\ | T1 | / |----------| >|-----wwwwww---------- / |/ | 000 |--------- 000 Q1 | 000 oooo | \ o o 10k | \ o-------o-/\/\/o------------/\/\/---| \ +9V o o R2 \ R1 | oooo / 22k ----- \ R3 --- | - | ----- --- -