home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
Master Hacker
/
Master_Hacker_Internet_and_Computer_Security_and_Terrorism_Core_Publishing_Group_2001.iso
/
phreaking
/
box
/
blue boxing3.txt
< prev
next >
Wrap
Text File
|
2000-01-15
|
10KB
|
327 lines
The Mark Tabas encounter series
presents...
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Better Homes and Blue Boxing
Part iii
Advanced Signalling
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
(It is assumed that the reader has read
and$understood parts i & ii before
proceeding to this part).
In parts i & ii, I covered basic
theory and domestic singalling and
operators. In this part I will explain
overseas direct boxing, the IOCC, the
RQS, and some basic scanning methods.
Overseas Dipect Boxing.
Calling outside of the United States
and Canada is accomplished by using an
"overseas gateway." There are 7 over-
seas gateways in the Bell System,
and each one is designated to serve a
certain region of the world. To
initiate an overseas call, one must
first access the gateway that the call
is to be sent on. To do this auto-
matically, decide which country you are
calling and find its country code.
Then, pad it to the left with zeros as
required so it is three digits. [Add
1, 2, or 3 zeros as required].
Examples:
Luxembourg (352) is 352 (stays the
same)
Spain (34) becomes 034 (1 zero added)
U.S.S.R. (7) becomes 007 (2 zeros added)
Next, seize a trunk and dial KP+011+
CC+ST. Note that CC is the three digit
padded country code that you just
determined by the above method. [For
Luxembourg, dial KP+011+352+ST, Spain
KP+011+034+ST, and the U.S.S.R. KP+011+
007+ST]. This is done to route you to
the appropriate overseas gateway that
handles the country you are dialing.
Even though every gateway will allow
you to dial every dialable country, it
is good practice to use the gateway
that is designated for the country you
are calling.
After dialing KP+011+CC+ST (as CC is
defined above) you should"be connected
to an overseas gateway. It will
acknowledge by sending a wink (which
is audible as a <beep><kerchink> and a
dial tone. Once you receive internat-
ional dial tone, you may route your
call one of two ways: a) as an
operator-originated call, or b) as a
customer-originated call. To go as a
operator-originated call, key KP+
country code (NOT padded with zeros)+
city code+number+ST. You will then be
connected, providing the country you
are calling can receive direct-dialed
calls. The U.S.S.R. is an example of
a country that cannot.
Example of a boxed int'l call:
To make a call to the Pope (Rome,
Italy), first obtain the country code,
which is 39. Pad it with zeros so that
it is 039. Seize a trunk and dial
KP+011+039+ST. Wait for sender dial
tone anf then dial KP+39+6+6982+ST.
39 is the country code, 6 is the city
code, and 6982 is the Pope's number in
Rome. To go as an operator-originated
call, simply place a zero in front of
the country code when dialing on the
gateway. Thus, KP+0+39+6+6982+ST woulf
be dialed at sender dial tone. Routing
your call as operator-originated does
not affect much unless you are dialing
an operator in a foreign country
To dial an operator in a foreign
country, you must first obtain the
operator routing from rate & route for
that country. Dial rate & route and if
you're trying to get an operator in
Yugoslavia, say nicely, "IOTC
Operator's route, please, for
Yugoslavia." [In larger countries it
may be necessary to specify a city].
Rate & route will respond with,
"38 plus 11229". So, dial your over-
seas gateway, KP+011+038+ST, wait for
sender dial tone, and key KP+0+38+
11029+ST. You should then get an
operator in Yugoslavia. Note that you
must prefix the country code on the
sender with a 0 because presumably
only an operator here can dial an
operator in a foreign country.
When you dial KP+011+CC+ST for an
overseas gateway, it is translated to
a 3-digit sender code of the format
18X, depending on which sender is
designated to handle the country you
are dialing. The overseas$gateways and
their 3-digit codes are listed below.
182 ..... White Plains, NY
183 ..... New York, NY
184 ..... Pittsburg, PA
185 ..... Orlando, FL
186 ..... Oakland, CA
187 ..... Denver, CO
188 ..... New York, NY
Dialing KP+182+ST would get you the
sender in White Plains, and KP+183+ST
would get the sender in NYC, etc., but
the KP+011+CC+ST is highly suggested
(as previously mentioned). To find out
what sender you were routed to after
dialing KP+011+CC+ST, dial (at int'l
dial tone): KP+0020000+ST.
If you have difficulty in reaching
a sender, call rate and route and ask
for a numbers route for the country
you're dialing. Sometimes, KP+011+
padded country code+ST will not work.
I have found this in many 3-digit
country codes. Lexembourg, country
code 352, for example, should be
KP+011+352+ST theoretically. But it
is not. In this case, dial KP+011+
003+ST for the overseas gateway. If
you have trouble, try dialing KP+00+
first digit of country code+ST, or
call rate The IOCC.
Sometimes when"you call rate and
route and ask for an "IOTC numbers
route" or "IOTC operators route" for
a foreign country, you will get
something like "160+700" (as in the
case of the Soviet Union). This means
that the country is not dialable
directly and must be handled through
the International Overseas Completion
Centre (IOCC). For an IOCC routing,
pad the country code to the RIGHT with
zeros until it is 3 digits. Then KP+160
is dialed, plus the padded country
code, plus ST.
Examples:
The U.S.S.R. (7) ...... KP+160+700+ST
Japan (81) ............ KP+160+810+ST
Uraguay (598) ......... KP+160+598+ST
You will then be routed to the IOCC
in Pittsburg, PA, who will ask for
country, city, and number being dialed.
Many times they will ask for a ringback
[thanks to Telenet"Bob] so have a loop
ready. They will then place the call
and call you back (or sometimes put
you through directly). Some calls, such
as to Moscow, take several hours.
The Rate Quote System (RQS).
The RQS is the operator's rate/quote
system. It is a computer used by TSPS
(0+) operators to get rate and route
information without having to dial the
rate and route operator. In Part ii,
I discussed getting an inward routing
for dialing-assistance and emergency
interrupts from the rate and route
operators (KP+800+141+1212+ST). The
same information is available from
RQS. Say you want the inward routing
for 305-994. You would sieze a trunk
and dial KP+009+ST (to access the RQS).
Sometimes, if you seize a trunk in an
NPA not equipped with RQS, you need to
dial an NPA that is equipped with RQS
first, such as 303. Anyway, after you
dial KP+009+ST or KP+303+009+ST, you
will receive a wink (<beep><kerchink>)
and then RQS dial tone. At RQS dial
tone, for an inward routing for 305-994
you would dial KP+06+305+994+ST. That
is, KP+06+NPA+exchange+ST. RQS will
respond with "305 plus 033 plus". This
means you would dial KP+305+033+121+ST
for an inward that services 305-994.
If no special routing were required,
RQS would have responded with "305
plus" and you would simply dian:
KP+305+121+ST for an inward.
Another RQS feature is the echo
feature. You can use it to test your
blue box. Dial RQS (KP+009+ST) and
then key KP+07+1234567890+ST. RQS will
respond with voice identification of
the digits it recognized, between the
KP+07 and ST.
RQS can also be used for rates and
directory routings, but those are
seldom needed, so they have been
omitted here.
Simple Scanning.
If you're interested in scanning,
try dialing on a trunk, routings in the
format of KP+11XX1+ST. Begin with"11001
and scan to 11991. There are lots of
interesting things to be found there,
as Doctor Who (413 area) can tell you.
Those 11XX1 routings can also be
prefixed with an NPA, so if you want
to scan area code 212, dial KP+212+
11XX1+ST.
There, now you know as much about
blue boxing as most phreaks. If you
read and understand the material, and
put aside preconceived ideas of what
blue boxing is that you may have
aquired from inexperienced people or
other bulletin boards, you should be
well on you way to an enlightening
career in blue boxing. If you follow
the guidelines in Part i to box, you
should have no problem with the fone
company. Comments made by "phreaks" on
bulletin boards that proclaim "tracing"
of blue boxers are nonsense and should
be ignored (except for a passing
chuckle).
NOTE 1: CCIS and the downfall of blue
boxing.
CCIS stands for Common Channel Inter-
office Signalling. It is a signalling
method used between electronic
switching systems that eminiates the
use of 2600Hz and 3700Hz"supervisory
signals, and MF pulsing. This is why
many places cannot be boxed off of;
they employ CCIS, or out-of-band
signalling, which will not respond to
any tones that you generate on the
line. Eventually, all existing toll
equipment will be upgraded or replaced
with CCIS or T-carrier. In this case,
we'll all be boxing with microwave
dishes. Until then (about 1995 by
current BOC/AT&T estimates), have fun!
If you have ANY questions about this
text, please feel free to drop me a
line. I will respond to anl mail,
messages, etc. Insults are also
welcomed. And if you discover anything
interesting scanning, be sure to let
me know.
Mark Tabas
$LOD$
This text was prepared in full by Mark
Tabas for:
K.A.O.S.
Philadelphia, PA.
[215-xxx-xxxx].
Any sysop may freely download this text
and use it on his/her BBS, provided
that none of it be altered in any way.
Technical acknowledgements:
Karl Marx, X-Man, High-Rise Joe,
Telenet Bob, Lex Luthor, TUC, John Doe,
Doctor Who (413 area), The Tone Sweep,
Mr. Silicon, K00L KAT, The Glump.
References:
1. Notes on the BOC Intra-LATA Networks
Bell System publication, 1983.
2. Notes on the Network
Bell System publication, 1983.
3. Engineering and Operations in the
Bell System
Bell System publication, 1983.
4. Notes on Distance Dialing
Bell System publication, 1968.
5. Early Medieval Architecture.
.......................................
(c) February 6, 1900 Mark Tabas
.......................................
Call 1-305-xxx-xxxx now.
