home *** CD-ROM | disk | FTP | other *** search
- 13
-
- ---------------------------------------
- [Ctrl-S pauses/Space=quit]
-
- BLUE BOXING--WHY IT WORKS
- by THE RESEARCHER
-
- The most common form of signaling between toll offices uses multifrequency
- tones (MF). Multifrequency signaling uses six frequencies placed in that part
- of the voice spectrum where different channels have the smallest deviation in
- loss. On the Bell System the frequencies used are 700, 900, 1100, 1300, 1500,
- and 1700 Hz. Digits are coded as two out of the first five of these frequencies
- and are sent between start-of-digit-transmission and end-of-digit-transmission
- codes. The following table shows the combinations of frequencies used in North
- America and on CCITT Signaling System No. 5:
-
- . Signal Frequency pair
- . ------------------------------------
- . KP1 (start-of-digit 1100+1700
- . transmission for a
- . national call)
- . KP2 (start-of-digit 1300+1700
- . transmimission for an
- . international call from
- . an intermediate (transist) exchange)
- . Digits: 1 700+900
- . 2 700+1100
- . 3 900+1100
- . 4 700+1300
- . 5 900+1300
- . 6 1100+1300
- . 7 700+1500
- . 8 900+1500
- . 9 1100+1500
- . 0 1300+1500
- . ST (End of digit 1500+1700
- . transmission)
-
- The MF signals are sent over the normal voice channels and are transmitted like
- speech. They may be sent either by a switchboard operator or, by automatic
- equipment. The reader may possibly have heard these interoffice signals. On
- some systems the operator's signaling is occasionally audible, and sometimes
- the automatic signaling can be faintly heard due to crosstalk. The quiet
- listener may hear a faraway flurry of faint discordant notes. The frequency
- 2600 Hz is transmitted continuously on all voice channels between toll offices
- when the channel is free. This frequency also acts as a disconnect signal,
- indicating that the voice channel should return to its unused status. When the
- subscriber dials the number it reaches his local central office and possibly
- toll office by dc pulsing (unless touch-tone dialing was used). The toll office
- selects a free voice channel in an appropriate trunk and stops the 2600 Hz
- tone. The office at the end of that trunk detects the break in the 2600 Hz
- signal and is alerted to receive a toll telephone number. The number is sent in
- the MF code listed above. One toll office passes the number to another until
- the called central office is reached. The central office rings the called
- telephone. When either party replaces his receiver the call is disconnected and
- the toll offices tell each other this by transmitting the 2600 Hz tone again.
- It is possible to interfere with the telephone trunking mechanism by
- transmitting the 2600 Hz tone from the subscriber's telephone. An AT&T story
- has it that a New York shirt manufacturer once broke his front tooth in such a
- way that he transmitted a brief 2600 Hz whistle every time he said the word
- "shirt" on the telephone. An Eastern Airline office in Atlanta was plagued by
- telephone disconnects for seven years and then discovered that they were caused
- by the shrieks of exotic birds in the hotel lobby cocktail lounge. Captain
- Crunch breakfast cereal packets were once delivered with a toy whistle which
- produced a pure 2600 Hz tone. A brief 2600 Hz tone received by a toll office
- causes it to free the voice channel in question and place a 2600 Hz tone on the
- channel to the next toll office. A blue box call is started by
- placing a long distance call in the normal way either to a free number
- (information or a valid 800 series number) or else to a close-by destination
- which is cheap to call. This is the call which will appear on the CAMA tape.
- Once dialing is completed, your nearby tandem (toll office) routes the call to
- the tandem office at the destination, possibly through intermediate tandems
- along the way. As soon as you hear ringing from the other end, you feed 2600 Hz
- into your phone for one second. Your local CO is unaccustomed to getting 2600
- Hz and so simply ignores it, but passes it on to the nearby tandem. This
- tandem can recognize 2600 Hz as a disconnect idle from other tandems, but is
- not built to react to the signal coming from a CO. So it ignores it and passes
- it on. But the next tandem, thinking you hung up, cancels the call. This leaves
- you hanging, still connected to a toll line between tandems. After one second
- of 2600 Hz, you remove it. The distant tandem now sees that the line is no
- longer idle, and so it connects an incoming sender. As soon as you hear the
- click signifying this, you have ten seconds to dial the desired number,
- preceded by KP and followed by ST. When the number answers, a signal is sent
- back and the CAMA tape punched to indicate the connection time. At the end of
- the call, the CAMA tape is again punched with your number, the time and the
- number you originally dialed. This is the call and time for which you will be
- billed (unless it is free) and the number actually reached with the Blue Box is
- not recorded. Because of the widespread use of 2600 Hz detectors and ESS which
- can trace in seconds, blue boxing is a high risk method of phreaking.
-
- ---------------------------------------
-
- Enter (1-69, M=Menu, Q=Quit) :
-
-
-