Amiga ISO Collection

home *** CD-ROM | disk | FTP | other *** search

/ Amiga ISO Collection / AmigaDemoCD2.iso / ASCII / TEXTE / SCENE / HPA / PHREAKING / BLUE.LHA / blue.txt

Wrap

Text File | 1980-01-01 | 40.2 KB | 819 lines

____ _____ _____ ______ _____ _____ ______ / __/\ / _ /\ / __/\ /_ __/\ / _ /\ / _ /\ / / /\ / __/\/ / _ / / /__ /\/ \/ /\_\/ / _/ / / _ / / /~ _/ / /_/\_\/ /_//_/ / /____/ / /_/ / /_/\_/\/ /_//_/ / /__/__/\/ \_\/ \_\\_\/ \____\/ \_\/ \_\/\\/ \_\\_\/ \__\__\/ _______________________________________________________________________ / DUAL STANDARDS \ / * * * * * * * * * * * * \ /__ HS AA CD OH RD SD TR MR RS CS ARQ SYN 5 NODES 16.8k __\ \---------------------------------------------------------------------/ \ AMIGA / IBM / BSL 2091 CONSOLE USHQ / \____ ___________________________________________________ ____/ \_/ Operating At : 9600 / 57600 1.5 Gigz Online \_/ RuNNiNG oN : aMiGa 2ooo + GvP 68o3o/68882/50MHz Sysops : VOYAGER / SNOW QUEEN Cosys : SKOL / RAZOR BLADE CALL.. NODE1 NODE2 NODE3 NODE4 NODE5 PRIVATE PRIVATE PRIVATE PRIVATE PRIVATE ----------------------------------------------------------------------------- © _________________________________________________________________________ \_____________________ _______________________________________________/ _________ ___|! | ________ / __ | / /: || __ \ -%*] THE HOLE / LSD USHQ! [*%- o _(___( |! |/ /|o || |_)___) /\ |: / __ ||! ______/ SYSOPS: OLDMAN, ETRON, HIGHLANDER o o |o ( ( | ||: |_) ) D-MAN, ZANDOR, XL __________ | \___\ |___||o _____/_______________________ __ \________ \|___|__________|___|____/ ______________________> (__) ________\________ ____________/__________ _ _ \ __ !| | | /__/\__\ | | \ __ __ \ __ _)\ (_) \ \| :|_| |/ \ OO / \| !|____\ \|! |_)___) \ \/ o\ O \/| ___ / /_\/_\ \ :|\ \\/|: ______/ ) /|\__). o / | |! ( \/ ) o|_) )/ o |_) ) /_/\___/ /_____| |: \__________/________//__ _____/ __________|o |______________________| |__ /______________________PZ!___________________> NODE0 NODE 1 (RINGDOWN) NODE 2 PRIVATE 419-899-2754 419-899-2765 ### FIDO to PCE posting. ### Originally 03/18/93 in Hamburg ### Originally to [cut] ### Name: Collected Infos about Bluebox //////// ------------------------------uuu-(O O)-uuu------------------------------- ! U ! ! ! ! Diese Datei ist eine planlose Ansammlung von Texten, die ich so zum Thema ! ! Blueboxing hab, z. T. deutsch, z. T. englisch, zum Teil informativ, ! ! lustig etc.pp ... aber keine echten Infos wie man's macht - wer wirklich ! ! blueboxen will, kann mit diesem File wenig anfangen. ! ! ! ! //////// ! ------------------------------uuu-(O O)-uuu------------------------------- U ******************************CUT*HERE****************************** Mittlerweile (ich betreibe DFUe seit August) ist mir aufgegangen, warum hier jeder dritte nach BlueBoxing fragt: Er will in den erlauchten Kreis der Wissenden aufgenommen werden! Ist doch klar: Der PC-Besitzer liest etwas von Hackern und solchen Sachen. Er findet's interessant und kauft sich ein Modem. Dann hat er noch irgendwann mal davon gehoert, dass Hacker, wenn sie nicht hacken, blueboxen. Hoechstwahrscheinlich weiss er sogar ganz genau, wie's geht. Aber er muss ja erstmal aufgenommen werden. Und da er nicht belanglos fragen kann: "Hey, weiss hier einer wie spaet es ist?" oder "Hast Du mal Feuer?", sucht er sich etwas heraus, mit dem er Kontakt aufnehmen kann: "Weiss einer, was BlueBoxen ist?". Sicher, er haette es auch nachlesen koennen, aber dann waere er ja nicht in die Diskussion einbezogen worden. Wenn er dann gemerkt hat, dass jedem hier bei dieser Frage Klauen und Reisszaehne wachsen, macht er etwas ganz gerissenes: Er macht die Leute an, die nach BB fragen! Dann weiss ja jeder, dass er bescheid weiss. Und so gliedert er sich ganz automatisch in dieses Area ein. Was folgern wir daraus? Dass diese Leute unser Mitgefuehl verdienen. Also, beim naechsten Mal, nicht antworten: "Nicht schon wieder!" sondern "Mach Dir nichts draus, xxxxx, ich kenne Deine Probleme und kann den Hintergrund fuer Deine Frage vollkommen verstehen." Denn wir sind doch freundliche Menschen. Peace, Lars ******************************CUT*HERE****************************** Hier nun das erste der versprochenen Postings. Zu beachten ist noch folgendes: Die Texte beziehen sich auf das US-Telefonsystem und sind schon etwas veraltet. Die Frequenzen funktionieren m.W. nicht mehr. Aber zum Verstaendnis des BlueBox-Prinzips reichts ja, und war doch der Sinn der Sache, gell ;). #INCLUDE Standard_Disclaimer: Neee, ich blueboxe nicht. Sonst haette ich nicht jeden Monat so ne horrende Telefonrechnung. Ausserdem sind die Schweizer Zentralen zu intelligent und groesstenteils digitron (d.h. gefaeeeeeehrlich)... So, und los geht's: THE BLUEBOX The "blue box" was so named because of the color of the first one found. The design and hardware used in the blue box is fairly sophisticated, and its size varies from a large piece of equipment to the size of a pack of cigarettes. The blue box contains 12 or 13 buttons or switches that emit multi- frequency tones characteristic of the tones used in the normal operation of the telephone toll (long distance) switching network. The blue box enables the user to place phree long distance calls by circumventing toll billing equipment. The blue box may be directly connected to a phone line, or it may be acoustically coupled to a telephone handset by placing the blue box's speaker next to the transmitter or the telephone handset. To understand the nature of a fraudulent blue box call, it is necessary to understand the basic operation of the direct distance dialing (DDD) telephone network. When a DDD call is properly originated, the calling number is identified as an integral part of establishing the connection. This may be done either automatically or, in some cases, by an operator asking the calling party for his telephone number. This information is entered on a tape in the automatic message accounting (AMA) office. This tape also contains the number assigned to the trunk line over which the call is to be sent. The information relating to the call contained on the tape includes: called number indentification, time of origination of call, and info that the called number answered the call and time of disconnect at the end of the call. Although the tape contains info with respect to many different calls, the various data entries with respect to a single call are eventually correlated to provide billing info for use by your BELL's accounting department. The typical blue box user usually dials a number that will route the call into the telephone network without charge. For example, the user will very often call a well-known INWATS (toll-free) customer's number. The blue box user, after gaining this access to the network and, in effect, "seizing" control and complete dominion over the line, operates a key on the blue box which emits a 2600 hertz (cycles per second) tone. This tone causes the switching equipment to release the connection to the INWATS customer's line. the 2600HZ tone is a signal that the calling party has hung up. The blue box simulates this condition. However, in fact the local trunk on the calling party's end is still connected to the toll network. The blue box user now operates the "KP" (key pulse) key on the blue box to notify the toll switch- ing equipment that switching signals are about to be emitted. The user then pushes the "number" buttons on the blue box corresponding to the telephone # being called. After doing so he/she uses the "ST" (start) key to tell the switching equipment that signalling is complete. If the call is completed, only the portion of the original call prior to the 'blast' of 2600HZ tone is recorded on the AMA tape. The tones emitted by the blue box are not recorded on the AMA tape. Although the above is a description of a typical blue box call using a common way of getting into the network, the operation of a blue box may vary in any one or all of the following respects: (A) The blue box may include a rotary dial to apply the 2600HZ tone and the switching signals. this type of blue box is called a "dial pulser" or "rotary SF" blue box. (B) Getting into the ddd toll network may be done by calling any other toll-free # such as universal directory assistance (555-1212) or any number in the INWATS network, either inter-state or intra- state, working or non-working. (C) Entrance into the ddd toll network may also be in the form of "short haul" calling. A "short haul" call is a call to any # which will result in a lesser amount of toll charges than the charges for the call to be completed by the blue box. For example, a call to Birmingham from Atlanta may cost $.80 for the first 3 minutes while a call from Atlanta to Los Angeles is $1.85 for 3 minutes. thus, a short haul, 3-minute call to Birmingham from Atlanta, switched by use of a blue box to Los Angeles, would result in a net fraud of $1.05 for a 3 minute call. (D) a blue box may be wired into the telephone line or acoustically coupled by placing the speaker of the blue box near the transmitter of the phone handset. The blue box may even be built inside a regular touch-tone phone, using the phone's pushbuttons for the blue box's signalling tone. (E) A magnetic tape recording may be used to record the blue box tones for certain phone numbers. This way, it's less conspicous to use since you just make it look like a Walkman or whatever, instead of a box. All blue boxes, except "dial pulse" or "rotary SF" blue boxes, must have the following 4 common operating capabilities: (A) it must have signalling capability in the form of a 2600HZ tone. this tone is used by the toll network to indicate, either by its presence or its absence, an "on hook" (idle) or "off hook" (busy) condition of the trunk. (B) The blue box must have a "KP" tones that unlocks or readies the multi-frequency reciever at the called end to receive the tones corresponding to the called phone #. (C) The typical blue box must be able to emit MF tones which are used to transmit phone #'s over the toll network. each digit of a phone # is represented by a combination of 2 tones. For example, the digit 2 is transmitted by a combination of 700HZ and 1100HZ. (D) The blue box must have an "ST" key which consists of a combina- tion of 2 tones that tell the equipment at the called end that all digits have been sent and that the equipment should start switching the call to the called number. The "dial pulser" or "rotary SF" blue box requires only a dial with a signalling capability to produce a 2600HZ tone. The most common form of signaling between toll officed uses multifrequency tones (MF). Multifrequency signaling uses six frequencies placed in that part of the voice spectrum where different channels have the smallest deviation in loss. On the bell system the frequencies used are 700, 900, 1100, 1300, 1500, and 1700 HZ. Digits are coded as two out of the first five of these frequencies and are sent between start-of-digit-transmission and end-of-digit-transmission codes. The following table shows the combinations of frequencies used in north america and on CCITT signaling system No. 5: . SIGNAL FREQUENCY PAIR . ------------------------------------ . KP1 (start-of-digit 1100+1700 . transmission for a . national call) . KP2 (start-of-digit 1300+1700 . transmimission for an . international call from . an intermediate (transist) exchange) . Digits: 1 700+900 . 2 700+1100 . s 900+1100 . 4 700+1300 . 5 900+1300 . 6 1100+1300 . 7 700+1500 . 8 900+1500 . 9 1100+1500 . 0 1300+1500 . ST (end of digit 1500+1700 . transmission) The mf signals are sent over the normal voice channels and are transmitted like speech. They may be sent either by a switchboard operator or, by automatic equipment. The reader may possibly have heard these interoffice signals. On some systems the operator's signaling is occasionally audible, and sometimes the automatic signaling can be faintly heard due to Crosstalk. The quiet listener may hear a faraway flurry of faint discordant notes. The frequency 2600 HZ is transmitted continuously on all voice channels between toll offices when the channel is free. This frequency also acts as a disconnect signal, indicating that the voice channel should return to its unused status. When the subscriber dials the number it reaches his local central office and possibly toll office by DC pulsing (unless touch-tone dialing was used). The toll office selects a free voice channel in an appropriate trunk and stops the 2600 HZ tone. The office at the end of that trunk detects the break in the 2600 HZ signal and is alerted to receive a toll telephone number. The number is sent in the MF code listed above. One toll office passes the number to another until the called central office is reached. The central office rings the called telephone. When either party replaces his receiver the call is disconnected and the toll offices tell each other this by transmitting the 2600 HZ tone again. It is possible to interfere with the telephone trunking mechanism by transmitting the 2600 HZ tone from the subscriber's telephone. An AT&T story has it that a New York shirt manufacturer once broke his front tooth in such a way that he transmitted a brief 2600 HZ whistle every time he said the word "shirt" on the telephone. An Eastern airline office in Atlanta was plagued by telephone disconnects for seven years and then discovered that they were caused by the shrieks of exotic birds in the hotel lobby cocktail lounge. Captain Crunch breakfast cereal packets were once delivered with a toy whistle which produced a pure 2600 HZ tone. A brief 2600 HZ tone received by a toll office causes it to free the voice channel in question and place a 2600 HZ tone on the channel to the next toll office. A blue box call is started by placing a long distance call in the normal way either to a free number (information or a valid 800 series number) or else to a close-by destination which is cheap to call. This is the call which will appear on the CAMA tape. Once dialing is completed, your nearby tandem (toll office) routes the call to the tandem office at the destination, possibly through intermediate tandems along the way. As soon as you hear ringing from the other end, you feed 2600 HZ into your phone for one second. Your local Co is unaccustomed to getting 2600 HZ and so simply ignores it, but passes it on to the nearby tandem. This tandem can recognize 2600 HZ as a disconnect idle from other tandems, but is not built to react to the signal coming from a Co. so it ignores it and passes it on. But the next tandem, thinking you hung up, cancels the call. This leaves you hanging, still connected to a toll line between tandems. After one second of 2600 HZ, you remove it. The distant tandem now sees that the line is no longer idle, and so it connects an incoming sender. As soon as you hear the click signifying this, you have ten seconds to dial the desired number, preceded by KP and followed by ST. when the number answers, a signal is sent back and the CAMA tape punched to indicate the connection time. At the end of the call, the CAMA tape is again punched with your number, the time and the number you originally dialed. This is the call and time for which you will be billed (unless it is free) and the number actually reached with the blue box is not recorded. Because of the widespread use of 2600 HZ detectors and ess which can trace in seconds, blue boxing is a high risk method of phreaking. [Mein Kommentar: Lest den letzten Satz nochmal und fragt Euch, ob die Post hier nicht auch schon lange drauf gekommen ist...] ******************************CUT*HERE****************************** Hi, Es geht hier um die verschiedenen Fragen zum Thema BlueBoxing und wie das ganze klappert. Warum will niemand der Ahnung von der Materie hat damit heraus rcken ?? Mitlerweile kann jeder der nen Amiga und einen Kopfhrer hat umsonst telefonieren (jedenfalls bis vor ca. 1/2 Jahr, da seit dem die Frequenzen hufiger gendert werden). Das hieá "jeder Ars... konnte mit der entsprechenden Soft und ohne einen Funken Ahnung BlueBoxing betreiben. Blueboxing war einmal eine Sache, welche nur von Phreaks ausgebt werden konnte. Zur Zeit ist es so, das nur Szene Kenner sprich Trader oder Freaks und diejenigen mit einer Engelsgeduld (pro- bieren bis es raucht) in besitzt der jeweiligen Frequenzen sind. Das heiát gleichzeitig, viele dieser lstigen Kidz sind nicht mehr in der Lage jeden Tag in Ihre US Stammbox zu schauen und die neueste Soft zu saugen. Vorteile fr die "ELITE" liegen natrlich klar auf der Hand. Weniger Rummel= ruhigeres Arbeiten. Bei den wachsenden Anstrengungen der Post diese von den meiáten als Kavaliersdelikt angesehene Straftat zu unterbinden, ist ja wohl die logische Schluáfolgerung : Je weniger desto besser :-) Damit drfte ja auch klar sein, daá niemand der wirklich Ahnung hat hier ffentlich irgendetwas bekanntgibt. bye Ralph ******************************CUT*HERE****************************** Wie schon versprochen einige weitere Texte aus den USA ueber das Blueboxen und Telefontechnik. Damit sich nicht einige dieser Uralt-Mailer verschlucken, sind die Texte jeweils in mehrere Msgs aufgeteilt. Zu beachten ist wie bei den vorigen und den noch kommenden Postings noch folgendes: Die Texte beziehen sich auf das US-Telefonsystem und sind schon etwas veraltet. Die Frequenzen funktionieren m.W. nicht mehr. Aber zum Verstaendnis der ganzen Box-Prinzipien reichts ja, und war doch der Sinn der Sache, gell ;). #INCLUDE Standard_Disclaimer: Neee, ich blueboxe nicht. Sonst haette ich nicht jeden Monat so ne horrende Telefonrechnung. Ausserdem sind die Schweizer Zentralen zu intelligent und groesstenteils digitron (d.h. gefaeeeeeehrlich)... So, und los geht's: preface: previous installments of this series were focused on telephony from a network point-of-view. part v will deal with telephone electronics focusing primarily on the subscriber's telephone. here-in-after simply referred to as "fone." wiring: ____________________________________________________________ assuming a standard one-line fone, there are usually 4 wires that lead out of the fone set. these are standardly colored red, green, yellow, & black. the red & green sires are the two that are actually hooked up to your co. the yellow wire is sometimes used to ring different fones on a party line (ie, one #, several families--found primarily in rural areas where they pay less for the service and they don't use the fone as much); otherwise, the yellow is usually just ignored. on some two-line fones, the red & green wires are used for the first fone # and the yellow & black are used for the second line. in this case there must be an internal or external de unction. (such as radio shack's outrageously priced 2 line & hold module-9. in telephony, the red & green wires are often referred to as tip (t) & ring (r). the tip is usually the more positive of the two wires. this naming goes back to the old operator cord boards where one of the wires was the tip of the plug and the other was the ring (of the barrel). a rotary fone (aka dial or pulse) will work fine regardless whether the red (or green) wire is connected the tip(+) or ring(-). a touch-tone (tm) fone is a different story, though. it will not work except if the tip(+) is the green wire. [although, some of the more expensive dtmf fones do have a rectifier bridge which compensates for polarity reversal.] this i why under certain (non-digital) switching equipment you can reverse the red & green wires on a touch-tone fone and receive free dtmf service. even though it won't break dial tone, reversing the wires on a rotary line on a digital switch will cause the tones to be generated. voltages, etc. ____________________________________________________________ when your telephone is on-hook (ie, hung up) there is approximately 48 volts of dc current (vdc) flowing through the tip & ring. when the handset of a fone is lifted a few switches close which cause a loop to be connected (known as the "local loop") between your fone & the co. once this happens dc current is able to flow through the fone with less resistance. this causes a relay to energize which causes other co equipment to realize that you want service. eventually, you should end up with a dial tone. this also causes the 48 vdc to drop down into the vicinity of 13 volts. the resistance of the loop also drops below the 2500 ohm level. as of now, you are probably saying to yourself that this is all nice and technical but what the hell good is the information. well, also consider that this voltage (& resistance) drop is how the co detects that a fone was taken off hook (picked up). in this way, they know when to start billing the calling number. now what do you suppose would happen if a device such as a resistor or a zener diode was placed on the called parties line so that the voltage would drop just enough to allow talking but not enough to start billing? first off, the calling party would not be billed for the call but conversation could be pursued. secondly, the co equipment would think that the fone just kept on ringing. the telco calls this a "no-no" (toll fraud to be more specific) while phone phreaks affectionately call this mute a black box. the following are instructions on how to build a simple black box. of course, anything that prevents the voltage from dropping would work. you one or two parts: a spst toggle switch and a 10,000 ohm (10 k), 1/2 watt resistor. any electronics store should stock these parts. now, cut 2 pieces of wire (about 6 inches long) and attach one end of each wire to one of the terminals on the switch. now turn your k500 (standard desk fone) upside down and take off the cover. locate the 2 screws on the network box labeled >f< and >rr<. wrap the resistor between the 2 screws making sure that it doesn't touch any other terminals!. now connect one wire from the switch to the rr terminal. finally, attach the remaining wire to the green wire (disconnect it from its terminal). now bring the switch out the rear of the fone and replace the cover. put the switch in a position where you receive a dial tone. mark this position normal. mark the other side free. when your phriends call (at a prearranged time), quickly lift & drop the receiver as fast a possible. this will stop the ringing (do it again if it doesn't) with out starting the billing. it is important that you do it quickly (less than one second then put the switch in the free position and pick up the fone. keep all call short and preferably under 15 minutes. note: if anyone picks up an extension in the called parties house and that fone is not set for free then billing will start. note: an old way of signaling a phriend that you are about to call is making a collect call to a non-existent person in the house. since your friend will not accept the charges, he will know that you are about to call and thus prepare the black box (or visa versa). warning: the telco can detect black boxes if they suspect one on your line. this is done due to the presence of ac voice signal at the wrong dc level! pictorial diagram: (standard rotary k500 fone) ____________________________________________________________ _____________________________________ | | ***blue wire**>>f< | | * * | **white wire** * | | * | | resistor | | * | | * | | >rr<*******switch**** | | * | ****green wire********************** | | | |_____________________________________| note: the black box will not work under ess or other similar digital switches since ess does not connect the voice circuits until the fone is picked up (& billing starts). instead, ess uses an "artificial" computer generated ring. ringing: ____________________________________________________________ to inform a subscriber of an incoming call, the telco sends 90 volts (rms) of ac current down the line (at around 15 to 60 hz) in standard fones, this causes a metal armature to be attracted alternately between two electro-magnets thus striking 2 bells. of course, the standard bell (patented in 1878 by tom a. watson) can be replaced by a more modern electronic bell or signaling device. also, you can have lights and other similar devices in lieu of (or in conjunction with) the bell. a simple neon light (with its corresponding resistor) can simply be connected between the red & green wires (usually l1 & l2 on the network box) so that it lights up on incoming calls. a regular 60 watt light bulb can also be hooked up using a simple (120 vac) relay. warning: 90 & 120 vac can give quite a shock. exercise extreme caution if you wish to further pursue these topics. also included in the ringing circuit is a capacitor to prevent the dc current from interfering with the bell [a capacitor will pass ac current while it will prevent dc current from flowing (by storing it)]. another reason that the telco hates black boxes is because ringing uses alot of common-control equipment, in the co, which use alot of electricity. thus the ringing generators are being tied up while a free call is being made. usually calls that are allowed to ring for a long period of time may be construed as suspicious. some offices may be set up to drop a trouble card for long periods of ringing then a "no-no" detection device may be placed on the line. incidentally, the term "ring trip" refers to the co process involved to stop the ac ringing signal when the calling fone goes off hook. note: it is suggested that you actually dissect fones to help you better understand them. it will also help you to better understand the concepts here if you actually prove them to yourself. for example, actually take the voltage readings on your fone line [any simple multi-tester (a must) will do.] phreaking is an interactive process not a passive one! dialing: ____________________________________________________________ on a standard fone, there are two common types of dialing: pulse & dtmf. of course, some people insist upon being different and don't use the dt thus leaving them with mf (multi frequency, aka operator, blue box) tones. this is another "no-no" and the telco security gentlemen have a special knack for dealing with such "phreaks" on the network. when you dial rotary, you are actually rapidly breaking & reconnecting (making) the local loop once for every digit dialed. since the physical connection must be broken, you cannot dial if another extension (of that #) is off-hook. neither of the fones will be able to dial pulse unless the other hangs up. another term often referred to in telephone electronics is the break ratio. in the us, there are 10 pulses per second (max). when the circuit is opened it is called the break interval. when it is closed it is called the make interval. in the us, there is a 60 millisecond (ms) break period and a 40 ms make period. (60+40=100 ms = 1/10 minute). this is referred to as a 60% break interval. some of the more sophisticated electronic fones can switch between a 60% & a 67% break interval. this is due to the fact that many foreign nations use a 67% break interval. have you ever been in an office or a similar facility and saw a fone waiting to be used for a free call but some asshole put a lock on it to prevent outgoing calls? well, don't fret phellow phreaks, you can simulate pulse dialing by rapidly depressing the switchook. (if you depress it for longer than a second it will be construed as a disconnect.) by rapidly switchooking you are causing the local loop to be broken & made similar to rotary dialing! thus if you can manage to switchook rapidly 10 times you can reach an operator to place any call you want! this takes alot of practice, though. you might want to practice on your own fone dialing a friend's # or something else. incidentally, this method will also work with dtmf fones since all dtmf lines can also handle rotary. another problem with pulse dialing is that it produces high-voltage spikes that make loud noises in the earpiece and cause the bell to "tinkle." if you never noticed this then your fone has a special "anti-tinkle" & earpiece shorting circuit (most do). if you have ever dissected a rotary fone (a must for any serious phreak) you would have noticed that there are 2 sets of contact that open and close during pulsing (on the back of the rotary dial under the plastic cover). one of these actually opens and closes the loop while the other mutes the earpiece by shorting it out. the second contacts also activates a special anti-tinkle circuit that puts a 340 ohm resistor across the ringing circuit which prevents the high voltage spikes from interfering with the bell. dual tone multi frequency (dtmf) is a modern day improvement on pulse dialing in several ways. first of all, it is more convenient for the user since it is faster and can be used for signaling after the call is completed (ie, scc's, computers, etc.). also, it is more upto par with modern day switching equipment (such as ess) since pulse dialing was designed to actually move relays by the number of digits dialed (in sxs offices). each key on a dtmf keypad produces 2 frequencies simultaneously (one from the high group and another from the low group). _______________________________________________ low group | | | | | 697 hz-| q | abc | def | | | 1 | 2 | 3 | a | |___________|___________|___________|___________| | | | | | 770 hz-| ghi | jkl | mno | | | 1 | 2 | 3 | b | |___________|___________|___________|___________| | | | | | 852 hz-| prs | tuv | wxy | | | 1 | 2 | 3 | c | |___________|___________|___________|___________| | | operator | | | 941 hz-| | z | | | | * | 0 | # | d | |___________|___________|___________|___________| | | | | 1209 hz 1336 hz 1477 hz 1633 hz high group a portable dtmf keypad is known as a white box. the fourth column (1633 hz) is not normally found on regular fones but it does have several special uses. for one, it is used to designate the priority of calls on autovon, the military fone network. these key are called: flash, immediate, priority, & routine (with variations) instead of abcd. secondly, these keys are used for testing purposes by the telco. in some area you can find loops as well as other neat tests (see part ii) on the 555-1212 directory assistance exchange. for this, you would call up an da in certain areas [that have an automatic call distributor (acd)] and hold down the "d" key which should blow the operator off. you will then hear a pulsing dial tone which indicates that you are in the acd internal testing mode. you can get on one side of a loop by dialing a 6. the other side is 7. some phreaks claim that if the person on side 6 hangs up, occasionally the equipment will screw up ad start directing directory assistance calls to the other side of the loop. another alleged test is called remob which allows you to tap into lines by entering a special code followed by the 7 digit number you want to monitor. then there is the possibility of mass conferencing. acd's are become rare though. you will probably have to make several npa-555- 1212 calls before you find one. you can modify regular fones quite readily so that they have a switch to change between the 3rd and 4th columns. this is called a silver box (aka grey box) ad plans can be found in tap as well as on many bbs's. transmitter/receiver: ____________________________________________________________ when you talk into the transmitter, the sound waves from your voice cause a diaphragm to vibrate and press against the carbon granules (or another similar substance). this causes the carbon granules to compress and contract thus changing the resistance of the dc current flowing through it. therefore, your ac voice signal is superimposed over the dc current of the local loop. the receiver works in a similar fashion where the simple types utilize a magnet, armature, & diaphragm. hybrid/induction coil: ____________________________________________________________ as you may have noticed, there are two wires for the receiver and two for the transmitter in the fone, yet the local loop consists of 2 wires instead of 4. this 4-wire to 2-wire conversion is done inside the fone by a device known as an induction coil which uses coupling transformers. the reason 2 sires are used on the local loops are because it is alot cheaper for the telco. although, all of the inter-office trunks utilize 4 wires. this is necessary for full duplex (ie, simultaneous conversation on both sides) and for amplification devices. there are similar devices in the co's, known as a hybrid, that couple the 4-wire trunks to the 2-wire local loops and visa-versa. miscellaneous: ____________________________________________________________ in the telephone, there is also a balancing network consisting of a few capacitors & resistors which provide sidetone. sidetone allows the caller to hear his own volume in the receiver. he can then adjust his voice accordingly. this prevents people from shouting or speaking too softly without noticing it. hold: ____________________________________________________________ when a telephone goes off hook, the resistance drops below 2500 ohms. at this point, the telco will send a dial tone. to put someone on hold you must put a 1000 ohm resistor (1 watt) across the tip & ring before it reaches the switchook. in this way, when the fone is hung up (for hold) the resistance remains below 2500 ohms which causes the co to believe that you are still off-hook. you can build a simple hold device using the following pictorial diagram: (red) o_________________________ [l1] | | | | | | 1000 ohm | \ | | \ resistor ringing | | circuit | -switch | | | hook / | | / spst switch | \ | | \ | | | | | | (green) o__|_____________|______| [l2] --> to rest of fone conclusion: ____________________________________________________________ note: many of the electronics components of normal fones (k500) are enclosed in the network box (which shouldn't be opened). i have assumed that the reader has a basic knowledge of electronics. also, i have assumed that you have read the 4 previous installments of this series (and hopefully enjoyed them). IN THE NETWORK, THERE ARE 3 MAJOR TYPES OF SWITCHING EQUIPMENT. THEY ARE KNOWN AS: STEP, CROSSBAR, & ESS. STEP-BY-STEP (SXS) ____________________________________________________________ THE STEP-BY-STEP, A/K/A THE STROWGER SWITCH OR TWO-MOTION SWITCH, WAS INVENTED IN 1889 BY AN UNDERTAKER NAMED ALMON STROWGER. HE INVENTED THIS MECHANICAL SWITCHING EQUIPMENT BECAUSE HE FELT THAT THE BIASED OPERATOR WAS ROUTING ALL REQUESTS FOR AN 'UNDERTAKER' TO HER HUSBAND'S BUSINESS. BELL STARTED USING THIS SYSTEM IN 1918 AS OF 1978, OVER 53% OF THE BELL EXCHANGES USED THIS METHOD OF SWITCHING. STEP-BY-STEP SWITCHING IS CONTROLLED DIRECTLY BY THE DIAL PULSES WHICH MOVE A SERIES OF SWITCHES (CALLED THE SWITCH TRAIN) IN ORDER. WHEN YOU FIRST PICK UP THE FONE UNDER SXS, A LINEFINDER ACKNOWLEDGES THE REQUEST (SOONER OR LATER) BY SENDING A DIAL TONE. IF YOU THEN DIALED 1234, THE EQUIPMENT WOULD FIRST FIND AN IDLE SELECTOR SWITCH. IT WOULD THEN MOVE VERTICALLY 1 PULSE, IT WOULD THEN MOVE HORIZONTALLY TO FIND A FREE SECOND SELECTOR, IT WOULD THEN MOVE 2 VERTICAL PULSES, STEP HORIZONTALLY TO FIND THE NEXT SELECTOR, ETC. THUS THE FIRST SWITCH IN THE TRAIN TAKES NO DIGITS, THE SECOND SWITCH TAKES 1 DIGIT, THE THIRD SWITCH TAKES 1 DIGIT, & THE LAST SWITCH IN THE TRAIN (CALLED THE CONNECTOR) TAKES THE LAST 2 DIGITS & CONNECTS YOUR CALLS. A NORMAL (10,000 LINE) EXCHANGE REQUIRES 4 DIGITS (0000-9999) TO CONNECT A LOCAL CALL & THUS IT TAKES 4 SWITCHES TO CONNECT EVERY CALL (LINEFINDER, 1ST & 2ND SELECTORS, & THE CONNECTOR) . WHILE IT WAS THE FIRST, SXS SUCKS FOR THE FOLLOWING REASONS: [1] THE SWITCHED OFTEN BECOME JAMMED THUS THE CALLS OFTEN BECOME BLOCKED. [2] YOU CAN'T USE DTMF (DUAL-TONE MULTI-FREQUENCY A/K/A TOUCH-TONE) DIRECTLY. IT IS POSSIBLE THAT THE TELCO MAY HAVE INSTALLED A CONVERSION KIT BUT THEN THE CALLS WILL GO THROUGH JUST AS SLOW AS PULSE, ANYWAY! [3] THEY USE A LOT OF ELECTRICITY & MECHANICAL MAINTENANCE. (BAD FROM TELCO POINT OF VIEW) [4] EVERYTHING IS HARDWIRED. THEY CAN STILL HOOK UP PEN REGISTERS & OTHER SHIT ON THE LINE SO IT IS NOT EXACTLY A PHREAK HAVEN. YOU CAN IDENTIFY SXS OFFICES BY: (1) LACK OF DTMF OR PULSING DIGITS AFTER DIALING DTMF. (2) IF YOU GO NEAR THE CO, IT WILL SOUND LIKE A TYPEWRITER TESTING FACTORY. (3) LACK OF SPEED CALLING, CALL FORWARDING, & OTHER CUSTOMER SERVICES. (4) FORTRESS FONES THAT WANT YOUR MONEY FIRST (AS OPPOSED TO DIAL TONE FIRST ONES). THE PRECEDING DON'T NECESSARILY IMPLY THAT YOU HAVE SXS BUT THEY SURELY GIVE EVIDENCE THAT IT MIGHT BE. ALSO, IF ANY OF THE ABOVE CHARACTERISTICS EXIST, IT CERTAINLY ISN'T ESS! ALSO, SXS HAVE PRETTY MUCH BEEN ERADICATED FROM LARGE METROPOLITAN AREAS SUCH AS NYC (212). CROSSBAR: ____________________________________________________________ THERE ARE 3 MAJOR TYPES OF CROSSBAR SYSTEMS CALLED: NO. 1 CROSSBAR (1XB), NO. 4 CROSSBAR (4XB), & NO. 5 CROSSBAR (5XB). 5XB HAS BEEN THE PRIMARY END OFFICE SWITCH OF BELL SINCE THE 60'S AND THUS IT IS IN WIDE-USE. CROSSBAR USES A COMMON CONTROL SWITCHING METHOD. WHEN THERE IS AN INCOMING CALL, A STORED PROGRAM DETERMINES ITS ROUTE THROUGH THE SWITCHING MATRIX. IN CROSSBAR, THE BASIC OPERATION PRINCIPLE IS THAT A HORIZONTAL &&HPC!U Uj* . ____________________________________________________________________ / / / T H I S F I L E W A S L E E C H E D F R O M : / / / / --*X* I C E S T A T I O N Z E B R A *X*-- / / Ministry World HeadQuarters / / 5 NODES, 16.8k bps, 3 GIGABYTES ON A 50MHZ AMIGA! (206)927-5211 / /___________________________________________________________________/