💾 Archived View for gemini.spam.works › mirrors › textfiles › hacking › rowdy_dl.man captured on 2021-12-04 at 18:04:22.
-=-=-=-=-=-=-
MANUAL TO VERSION 1.1 OF THE ROWDY DIALER (By RowdyB) 1st Release: April '93 ------------------------------------------------------------------------- Please don't hesitate to bother me at either: at073@cleveland.freenet.edu or: RowdyB@utopia.hacktic.nl for bug reports, comments, bad poetry etc. Take note that the latter address may yield slower responses! - RowdyB - ------------------------------------------------------------------------- INDEX 1 INTRODUCTION 1.1 About the dialer 1.2 Features 1.3 About this manual 1.4 Disclaimer 2 USING YOUR DIALER 2.1 Alpha-numerical editing in general 2.2 Usage and editing of the Multi-Frequency keys 2.3 Usage and editing of songs 2.4 Number scanning 2.5 Guard banding 2.6 Sweep test 2.7 Key logging 2.8 Miscellaneous functions 2.8.1 Doorbell mode 2.8.2 Adapting key buffers 2.8.3 Program execution 2.8.4 Resetting your dialer 2.8.5 Saving your modifications 3 PROGRAMMING EXAMPLES 3.1 A word on the presets 3.2 Programming examples 3.2.1 Some signalling sequences 3.2.2 Pulse signalling 3.2.3 Dividing phreak stages 3.2.4 Auto-phreaking 3.2.5 Scanning country codes APPENDICES A: Trouble shooting B: Where to get the Demon Dialer? C: Acknowledgements 1 INTRODUCTION 1.1 About the dialer Early '92 I programmed a quick and dirty tool to play around a bit with C5 only. Shortly after that I came in touch with an ingenious hardware multi-box; the Demon Dialer (aka Bill's Box) by Hack-Tic Technologies. It offers a maximum of flexible control over all types of phreaking through easy to learn and smart keycombinations, giving audio feedback whenever needed. It features DTMF, C3, C4, C5/R1, R2 (forward/backward), ATF1, tone slots, a palette of other frequencies to be found in automatic telephony and datacommunication, as well as guard banding, advanced (nested) macro programming, user-definable mark/space timings and frequencies, tone sweep and stepping, number- scanning, password protection, RAM battery backup, auto shut off, hookswitch control and an RS232 interface. It's about the size of a pack of cigarettes. I understood I either had to buy it or add some of its features to my C5-thingy. Due to a cashflow problem ''at the time'' I chose the latter option. As time passed it sort of became most of the features, since I started all over again programming an empty, programmable box that afterwards could be divided to my personal taste. It again offers a maximum of flexible support to phreaking, since basically phreaking is a lot of work which one is more inclined to perform when well supported (especially when one confuses laziness and life-style, as yours truly does). For information on how to order a Demon Dialer ($250 US or 350 DM/Gld for a very complete do-it-yourself package) see Appendix B. This is a =PIZZAWARE= program, meaning that if you enjoy working with it, I'd like you to send a Pizza Salame Xtra cheese (no anchovy) to the following adress: Rowdy Blokland Schotdeuren 52 4241 BS ARKEL The Netherlands (Bank-account: PostBank (ING) 3366741, The Netherlands) If it's likely to arrive cold, I'd rather have *oh surprise* the cash equivalent. (Advice: Get 'm cheap!) In the tradition of all xxx-WARE clauses I should now waste a few lines on a fruitless effort to convince you, the potential user, what's so smart about sending money to a total and utter (quite probably bad-breathed and perverted as well) stranger. As a matter of fact, I don't even know this myself. French kissing an AT&T operator sounds like a smarter thing to do. Rather than crippling features, withholding manuals or promising surprisingly uninteresting sourcecodes or an occasional successive version I simply trust you to go bananas completely during a possible adrenaline-boost that correct appliance of this program may inflict on your body which will make your local pizza-dealer cry happy tears. You'll regret it though. 1.2 Features The Rowdy Dialer (RD) offers in short 10 fields of 16 Multi-Frequency keys, to be applied in up to 99 songs. All values and attributes with respect to songs and MF-keys are fully user-definable, thus allowing you to program anything ranging from Morsecode to your national anthem. Initially you'd be satisfied with the following concerts your RD is already composed with: * DTMF * CCITT 3 (audio), 4 and 5 (/R1) * R2 forward/backward * Red-/greenbox * ATF1 * Tone slots * Several line- and other signals and features a.o. * Number scanning * Guard banding * Sweeptest * Frequency stepping * Song programming and invocation * Preprogrammable songkeys (10*10) * User-definable timings/frequencies per song/MF-key * Direct marktime/volume stepping * (Password protected) key logging * Program execution presented through a macho and informative graphical interphace. 1.3 About this manual This manual is NOT a manual on phreaking as such. There's already a truckload of files out there supplying information on history, folklore, terminology, box-schemes etcetera w.r.t. this, and your local technical library can also be of help. In this textfile your dialer's various functions and possibilities are described step-by- step and how to make good use of them. All keycombinations have been chosen with some logic and all input is made foolproof - or so I'd like to think .. Btw: don't bother to memorize what keypress goes with what function, it's all runtime available in short under <HELP>. 1.4 Disclaimer "The amount of time people waste to get something for nothing is highly remarkable" - Robert Lynd The user of this program is solely responsible for his or her use of it - legal or illegal. I'm merely a poor toolmaker and simply cannot and will not take any responsibility. This argument works for the arms industry, so why wouldn't it do the job for me! (Of course, I do lack relevance in the highest echolons of any government.) As a matter of fact, I would strongly advice against use of this tool at all. It has rumour that getting a job and paying your bills might work as well, but I wouldn't know. 2 USING YOUR DIALER 2.1 Alpha-numerical editing in general All alpha-numerical editing is taken care of by GFA's standard formatted-input routine. Unfortunately it is not fit for a graphical environment and has the irritating habit of adding 1 or 2 blanks when entering/editing fullsized input; temporarily giving the interface a rather silly look. On the other hand it's quite a luxurious input routine and making one of my own just to meet this would be too big an effort. DO NOT report this to me as a bug! After entering your string all possible damage will be restored. The editing commands are: <ARROW LEFT/RIGHT> Move cursor left/right <ARROW UP/DOWN> Move cursor to begin/end <CTRL><ARROW LEFT/RIGHT> Move cursor to begin/end <INSERT> Toggle insert/replace mode <BACKSPACE> Delete character left of cursor <DELETE> Delete character right of cursor <ESCAPE> Clear string <ENTER/RETURN> Enter string Don't worry about entering incorrect, out-of-range or no data. Depending on the situation the data will be mapped in range (absolute value or bottom/top of range etc.), replaced by the last value (e.g. when entering nothing) or an error message will appear. Accidentally including control-codes in your comments on songs, MF- keys or fields however can sometimes fuck up the look of the interface; so don't. If you did, remove them. When needed, you can redraw the entire screen by pressing <CONTROL><R> Redraw screen 2.2 Usage and editing of the Multi-Frequency keys The use of the MF-keys is to both define (interregister-)signals for use in songs and to (a.o.) provide a way to explore line signalling directly. Especially immediate marktime- and volumestepping can be of great help w.r.t. the latter. The attributes of each Multi-Frequency key (MF-key) are two frequen- cies, its duration or marktime, its volume and a twelve character comment. Each MF-key corresponds to the numerical keyboard as shown. The frequencies and marktime are printed on each key, the volume and comment show up in the infobox at the right when pressing an MF-key. As said before, there are 10 fields of 'em. Simply use the <ARROW LEFT/RIGHT> keys to change to a previous or next field. When you get to know the fields it's often handier to jump directly to the one you need. For this press <CLR HOME> and enter the desired fieldnumber. Different signalling systems are spread over different fields when- ever possible to facilitate simple field-usage in songs (see below). For clarity each field is commented upon in the upper infobox to the right. How to change an MF-key's attributes: Frequencies: Can be changed by entering a value directly or by frequency stepping. First press <CTRL> together with the MF-key you wish to edit to enter the MF-key editing box at the left. Freq1 can now be changed. Press <ENTER> or <RETURN> to enter a new value. The allowed range is 31 .. 4000 Hz; from the lowest frequency the ST can produce to the upper border in outband signalling (voiceband 300-3400, outband 3400- 4000). Entering 0 Hz is also allowed and interpreted as silence. Pressing <CTRL><ARROW LEFT/RIGHT> swaps from freq1 to freq2 and back. This swapping takes place automatically when entering values directly, in order to facilitate entering lengthy multi-frequency tables. To decrease/increase a frequency with a certain stepsize (default 10 Hz) press <ARROW LEFT/RIGHT>. This frequency stepping can be made audible by pressing <A> which toggles audio on/off, using the MF-key's volume. Press <S> to change the current frequency's stepsize (Range: 1 .. 999 Hz). Btw: Make sure the two frequencies are not identical - soundwave interference may muffle the volume from time to time. Marktime: Can be changed in three ways: Entering a value via the MF-key editing box, entering a new value directly or changing it according to a desired stepsize. When already editing frequencies in the MF-key edit box, changing the marktime as well can be done by pressing <CTRL><ARROW DOWN> (Range: 1 .. 999 milliseconds). Entering a new value directly is done by pressing <SHIFT><MF-key>. When exploring the timing required for a certain line signal (e.g. starting low and increasing with a certain step) it's best to use the <+/-> keys to achieve fast results. The MF-key you pressed last (actually: about which info is updated in the info box - eventual field changes are taken into account as well) will be affec- ted. Initially the <+/-> keys are switched off. Activate them by pressing <CTRL><+/->. This toggles them on/off, indicated by the bold or grey look of 'em. (ADVICE: When you don't need them, switch them OFF. You don't want to accidentally change timings unseen). Default the stepsize of the <+/-> marktimes is 5 ms. Press <RIGHT SHIFT><+/-> to change either one (Range: 1 .. 99 ms). Volume: Can only be altered by use of the <+/-> keys. Press <LEFT SHIFT><+/-> to toggle between MARK or VOLUME stepping (only when they're active). As with markstep- ping the MF-key last pressed is affected. Range is 0 .. 15 (logarithmically scaled of course, to match human hearing). Comment: The comments on both a single MF-key and a field of MF- keys can be changed. Press <ALT><MF-key> to change the former or <CTRL><ARROW LEFT/RIGHT> to change the latter. Comments can be up to 12 characters. Range is technotalk to sexual explicits, yet unnecessary and gross abuse is recommended. ONE IMPORTANT EXCEPTION: If one wishes to play C4 signals one should formally use songs under preprogrammed keys (see below), since those signals are combined ones. Nevertheless, an obscure option has been added to enable you to play C4 signals comfortably via MF-keys: * When the first three characters of the comment field match 'C4:', the RD will overrule the timing and frequencies belonging to that MF-key. Instead, the following characters immediately after 'C4:' will be examined and played: Char: Freq1: Freq2: Marktime: P 2040 2400 150 X 2040 0 100 Y 0 2400 100 Q 2040 0 350 R 0 2400 350 x 2040 0 35 y 0 2400 35 (Actually, Q and R should read XX and YY to match the notation used in CCITT Rec. Q.121; I prefer straightforward parsing though.) The interpretation of these C4 strings is, of course, case-sensi- tive. The first character not matching one in the table marks the end of the sequence. To improve readability, this can e.g. be a blank followed by a remark, as done in field #1. (Btw: MF- characters in a song still refer to the normally specified frequencies and timing of an MF-key (see below).) Intervals are 35 ms and the MF-key's volume still applies. Of course, unless low-cost timetravel is added to the list of human rights real soon, I could have saved myself the trouble of implemen- ting this. 2.3 Usage and editing of songs To create and play strings of (combined) signalling systems the use of macro's or songs is provided. In the songbox at the bottom of the screen you'll find the songlist. You can scroll it using the <ARROW UP/DOWN> keys. Scrolling 10 songs up/down at once is done by pressing <CTRL><ARROW UP/DOWN>, and jumping directly to the top or bottom of the songlist by pressing <SHIFT><ARROW UP/DOWN>. Each song can contain up to 25 characters that may refer to the MF- keys, indicate song invocation(s), song expansion or field overruling (see below). Attributes per song are a fieldnumber (FLD:), mark- (MRK:) and spacetiming (SPC:) and an 18 character comment. The fieldnumber indicates the field the MF-characters correspond with, the mark- and spacetime indicate the duration of the signals and their intervals (in milliseconds). If FLD: or MRK: are printed grey instead of bold, their specifications do not apply. Instead, the currently displayed field or the marktimes of the MF-keys themselves are used, respecti- vely. Playing the current song can be done by pressing <INSERT>. It's also possible to preprogram keys 1 .. 0 on the main keyboard with your favorite songs. This way you can directly play songs without having to look them up first in the songlist: - Scroll to the song you wish to preprogram. Now simply press <CTRL> and one of the <1 .. 0> keys you want to store it under. - When pressing <1 .. 0>, the stored song is jumped to and played immediately. If you just want to check what song is under what key and don't want to hear a (possibly lengthy, e.g. ATF1-) song; press <CTRL><D>. This toggles Direct play on/off. Songs will now only be played by either pressing the <1 .. 0> key again (after the jump), or by pressing <INSERT>. - Actually, there are 10 groups of keys <1 .. 0>, each keygroup again indexed by <1 .. 0>. To change from one keygroup to another just press <ALT><1 .. 0>. Initially keygroup 0 is active. Of course one most likely won't need 10*10 preprogrammable keys as such. The idea is to spread several phreakstages over a few keys, in order to facilitate repeating a stage whenever needed, (e.g. Key 1: DTMF sequence; Key 2: Line signal A; Key 3: Line signal B; Key 4: Interregister signal sequence (Keys 5 .. 0: as Key 4)) and several of these (possibly similarly looking) phreakstages can in turn be divided among different keygroups. Changing a song's attributes: Fieldnumber: To toggle specified field usage on/off press <CTRL><F>. When off, the currently displayed field applies instead of the specified fieldnumber. To change the fieldnumber press <F> (Range 0 .. 9). Marktime: To toggle specified marktime usage on/off press <CTRL><M>. Press <M> to change the marktime (Range 1 .. 999 ms). When switched on you can easily adapt the mark time of signals needing a uniform length only, otherwise you'd rather switch it off and use the MF-key mark times instead. Spacetime: Press <S> to change the spacetime (Range 7 .. 999 ms). Information: Press <I> to change the information on a song. Up to 18 characters can be entered (For range see MF-key's comment attribute). Song itself: To change the contents of a song press <RETURN>, after which up to 25 characters may be entered. Allowed entries are: - All MF-key characters, where an E represents the ENTER-key. - Song invocation: is established by entering an 's' followed by a two-digit song number (Range 01 .. 99). Invocations can be inserted repeatedly and anywhere within a string. As with playing an MF-character, the invoked song is bordered by the space times of the invoking song. Invocations allow you to e.g. combine different signalling systems with different timings, to create pulse signals with an interval of their own within a sequence having larger intervals, to invoke a stringpart that is subject to number scanning (see below) etcetera. Invoking an undefined song has the same effect as leaving the invocation out. - Song expansion: To expand a song simply enter a ';' at the end of your (possibly empty) string (in fact, it'll always be at the end - what tails it is removed). The song is now concatenated to the next one. Effectively this is parsed up to 4 times. Apart from possibly using this as an alternative to song invocation, it's main purpose is to enable you to enter up to 5*25 characters. If those are e.g. 40 successive invocations (8 times 'sXX' plus a ';' in 5 concatenated songs) this yields up to 5*8*25 or 1000 characters (plus one, if you end the last song with a character instead of a ';') - especially of use to ATF1. When concatenated, the space time between the last signal of song N and the first signal of song N+1 is equal to the space time of song N. An empty song containing only the expansion character transparently glues the previous and next song together. - Field overruling: To pick an MF-character from a field different from the specified (or current, when FLD: is switched off) field, enter an 'f' followed by the desired fieldnumber (0 .. 9) and the MF-character. Everything following this will be subject to the normal field specification again. This allows you to use signals not included in the same field, such as signals not fitting the 16 MF-key field or pauses to be found in line signalling field #8. Of course, this can also be solved by use of invoca- tion, expansion, or even reprogramming a field, pen- ding the situation. Overruling will come in handy though. Restrictions with respect to song programming are: - Songs may not invoke themselves, simply to avoid loops. - Nesting may only be 1 level deep, i.e. an invoked song may not contain further invocations, and - An invoked song may not be expanded. Since a song is parsed and transformed to a bunch of arrays just before playing, these restrictions make sure there's a predictable limit to the sequence to be played (1001 signals). Apart from that, you'll have a hard time making up a phreaksequence that couldn't be realized using the offered flexibility - if at all ! You DON'T need to bother memorizing these restrictions yourself; your RD keeps track of whether a song is invoked by others and howmany times, whether a song may be invoked, expanded or invoke others etcetera. If you enter out-of-range, invalid or conflicting data the RD will display the erratic input within the string in grey and sing a two-tone beep alert. Pressing <HELP> will show a few tiny helpscreens recapitulating the correct songformat, and removes the erratic parts upon exiting; pressing <RETURN> will simply remove the errors at once. (Btw: Input is not case-sensitive, solely to improve readability an e/E is always mapped to uppercase and f/F, s/S to lowercase.) TWO IMPORTANT EXCEPTIONS: As mentioned before, a song's minimum spacetime is 7 ms. This is simply the smallest amount of time the compiled code uses to initialize the next signal's frequency, volume and timer routines. Shorter, say near-zero spacetimes would involve a totally different approach by use of an assembler. In practice, you'll never need spacetimes even close to 7 ms. Only ATF1 and tone slots (100 baud and 70ms marktime respectively) don't need a spacetime whatsoever. For those two the following exceptions have been implemented: * To play a song at 100 baud (10ms mark, no intervals), make sure the first five characters of the information on a song match 'ATF1:'. Mark and spacetiming are now overruled, and only freq1 of an MF- character is taken into account - all other parameters still apply. * To play tone slots, simply type 'TSL:' at the beginning of the information field. Marktime is now 70ms with zero spacetime, songs are further dealt with as with 'ATF1:'. 2.4 Number scanning Songs that consist of digits only can be sequentially in- or decreased with a specified stepsize for scanning purposes. Also a part of a (not necessarily numerical) song can be made subject to scanning, in behalf of e.g. scanning interregister subscriber num- bers, countrycodes, routingcodes etc. When pressing <N>, number scanning is applied to the current song. The songparameters above the songbox are now replaced by the current play song number and stepsize. The play song number indicates the song that is played during scanning. This can be a song different from the one to be scanned, in which case the latter should be part of the play song by means of invocation or expansion. (Btw: the scanned song may contain max. 12 digits (and an eventual semi-colon at the end); this in connection with straightforward integer calculus - dealing with larger numbers would be useless anyhow, until automatic interplanetary telephony is a fact.) During this mode the following controls rule: <ARROW LEFT/RIGHT> Decrease/increase number with the current stepsize. This never affects the amount of digits in a number; 000..0 is followed by 999..9 and vice versa. Initially, the play song is played each time as well. <A> When you wish to in- or decrease the number several times without playing the play song, toggle <A>udio on/off. <ARROW DOWN> or <INSERT> both play the current number again, in case it needs to be repeated. <INSERT> simply matches the usual play key - see what suits you. <P> Enter a new play song number (Range 1 .. 99). Initially the play song number always matches the song number of the song subject to scanning. Having changed this number once will fix it on your own choice perma- nently. <S> Enter a new stepsize. Range is 0 .. 999, yet the number of digits can never exceed those of the scanned number. The stepsize remains fixed unless you'll scan another song with lesser digits - the stepsize will then be adjusted accordingly. <1 .. 0> To combine scanning and phreaking, the preprogrammable keys of the currently active keygroup are also available. (This of course implicitly offers a second way to define a play song.) When exiting this mode, the number song is fixed at the last scan value. 2.5 Guard banding Adding an extra tone when signalling may fool filters into believing you are speaking rather than signalling, and thus will not disconnect your link. Such a tone is called a guard tone. You can choose from and redefine up to three guard tones (G1, G2 and G3) by means of frequency stepping or entering the desired value, each having its own volume. A guard tone can be played either continuously or only when signalling. To toggle the current guard tone on/off press <G>. The field in the infobox at the right above which 'CURR. GUARD:' is printed displays which guard tone is active. Also the GUARD switch is set Y/N accordingly. Initially the tone will be played continuously, indica- ted by a (C) between brackets tailing the GUARD switch. Playing it only during an MF-key's marktime or a song's mark- and spacetime is achieved by pressing <CTRL><G>. This toggles between continuous or marktime play of a guard tone, indicated by a (C) or an (M) behind the GUARD switch respectively. Picking or redefining a guard tone: <C> is pressed to enter the guard tone editing pop-up box, and must be read as <C>hoose guard tone. <G> still applies and toggles guard tone on/off, and <CTRL><G> still toggles continuous/marktime play. <ARROW UP/DOWN> keys make you choose between G1, G2 or G3. The currently active guard tone changes accordingly. <ARROW LEFT/RIGHT> de-/increases the current guard tone with the step size shown in the upper-right corner. Each guard tone has its own step size. Press <S> to enter a new step size (Range 1 .. 999 Hz). Default G1, G2 and G3 have step sizes 25, 50 and 100 HZ respectively. <ENTER> / <RETURN> allows you to enter a new guard tone frequency. Range is 31 .. 4000 Hz. <V> toggles between the frequency- and volume list of G1, G2 and G3. When the latter is shown, <ARROW LEFT/RIGHT> keys de-/increase the current guard's volume (ranging from 0 to 15) with step 1. 2.6 Sweep test To scan a line for filters the full ST's in- and out-band range (31 to 4000 Hz) can be sounded, during which the callee should listen for gaps. Pressing <T> makes the sweep-test box appear. The following controls now apply: <ARROW LEFT/RIGHT> changes the direction of the sweep. When the upper or lower border is reached the direction always swaps. <ARROW DOWN> holds the sweep at the current frequency. <+/-> in-/decreases the sweep delay (Range: 0 to 99) both when sweeping and when holding the sweep. Default is 3, yielding a sweep that takes about 16 seconds back and forth. * As the sweep increases the frequency resolution displays conside- rable gaps. This is due to the way the ST's soundchip (Yamaha YM 2149 or the identical AY-3-8910 from General Instruments) generates its frequencies. The three voices or sound-generators each have an output frequency of 125 Khz that can be divided by a 12 bit period. This yields a frequency range of 31 to 125000 Hz, with a rather restricted resolution of (125000/1 .. 4095) Hz ; part of which are the ones used during the sweep. As a result of this, any desired frequency is actually 125000/ROUND(125000/frequency) Hz. Pending the desired frequency, deviations under 1000 Hz can range from 0 to 5 Hz (10 is the largest step, and frequencies in between are automatically rounded to the nearest (higher or lower) resolution point); deviations in the 1000-2000 Hz can range from 0 to 16 Hz and at the upper border of 4000 hz the highest step is 118 Hz (deviation up to 59 hz). This need not be a problem for phreaking purposes. Central Offices (CO's) can theoretically deal with deviations of up to 1.5 %, whereas e.g. the ST's C5 signals have deviations 0.11 to 0.64 % and R2 has deviations 0.11 to 0.43 %. To have an MF-key's frequency deviation displayed press <V> to toggle this display on/off. Now each time an MF-key is played the deviations in [+/- Hz] of freq1 and freq2 are printed in the MF-key edit box. Note that it is useless to attempt to use the actual ST's frequen- cies: desired frequencies are automatically mapped to the nearest (higher or lower) resolution point and readability would just be unnecessarily compromised. 2.7 Key logging Suppose you guessed a Voice Mail Box access right, stumbled upon a phun number, hacked an answering machine or phreaked a CO success- fully by chance - and forgot what exactly it was you did. Logging your key strokes would come in handy then, which is exactly what happens when the 'LOGGING' switch is set to 'Y' (default). The last 256 MF-key strokes or song plays (whether via the songlist, a preprogrammed keygroup or during number scanning) are recorded, as well as the idle times in between. (Btw: In case you wonder why 256: Don't. I chose this size at random, found it to be not too cheap nor overabundant, and gave it a power-of-two-touch to make dyed-in-the- wool users nod with mundane understanding rather than ask embarassing questions.) Let's have a look at the log report: <R> is pressed to enter the report, which has log entries numbered from 0 to 255. When entering the report, always the most recent log entry is displayed. <ARROW UP/DOWN> keys scroll the report one entry up/down. <CTRL><ARROW UP/DOWN> scrolls the report ten entries up/down. <SHFT><ARROW UP/DOWN> jumps to the tail or head of the report. <ESC> exits (- as it does from all subroutines). As you can see the standard format of a log entry is: "LOG: KEY: FLD: FRQ1: FRQ2: MARK: VOL: IDLE:" which actually is the format of a logged MF-key, and indicates from left to right: LOG : the number of the log entry, ranging from 000 to 255, where lower numbers mean going back in history, KEY : the symbol of the pressed MF-key, FLD : the active fieldnumber during the keystroke, FRQ1: the value of freq1 at the time, in case it's been altered meanwhile, FRQ2: ditto for freq2, MARK: the MF-key's mark time, e.g. of interest when stepping mark times of a line signal (btw: when doorbell mode is active then the doorbell time is recorded - see below), VOL : the MF-key's volume at the time, concluded by IDLE: the idle time between log entry n and log entry n+1, formatted as "seconds:milliseconds", e.g. of use to check the timings you used when phreaking using a preprogrammed keygroup or other- wise. The largest interval measured is 99:999 ms; everything exceeding that is fixed at that number. When phreaking, intervals are never that big - if a CO allows you to play around with an uncompleted line longer dan 1.5 minutes at all. To convert MF-key strokes to songs according to the logged data in a straightforward manner, the actual silences ('space times') between the signals are measured, NOT the key stroke intervals. In the following situations this precise format does not apply and is treated otherwise: - MF-keys instructed to play C4 signals as demonstrated at the end of paragraph 2.2 do not sound freq1 and freq2, nor do they use the MF- key's mark time. Therefore information on FRQ1:, FRQ2: and MARK: for these log entries is replaced by the contents of the MF-key's comment field, which contains the used C4 string. - Played songs are indicated under KEY: as SXX, with XX being the song number. FLD: is filled in pending the type of field specifica- tion used (see paragraph 2.3). Since a song has no specific frequencies or volume only the mark and space time are recorded (unless mark time specification is switched off, in which case that log entry field reads 'OFF'). - Songs with timings overruled by an ATF1 or tone slot timing, as discussed at the end of paragraph 2.3, have a log entry matching 'ATF1 Timing [100 bit/s]' and 'Tone Slots [70ms MARK]' respec- tively. Switching logging on/off: Suppose you wish to complete a few international calls but don't want the phreakholes you worked so hard for displayed on the screen, e.g. in case your younger brother - always seeking for a way to become immensely popular at high school - pretends to string his shoes right behind your back. Unless he has perfect hearing, pressing <L> may offer some minimal protection. This toggles logging on/off, and causes the following to happen: - The MF-key editing box, the information fields on MF-keys in the info box at the right and the information in the song box will no longer be updated and therefore turn grey. All editing functions with respect to this information are now blocked. - MF-keys no longer light up when pressed. - Dialer reset, disk I/O, exiting the RD, calling the log report and program execution (for some of these, see below) are blocked as well, to prevent your relative from saving your ROWDY_DL.DAT datafile on a disk of his own, checking it under GEM, nosing about your logged activities or simply executing your dialer again through program execution respectively. Instead, the two-tone beep alert is sung. - And last but not least, the log report itself is no longer updated. Functions with respect to preprogrammable keygroups etcetera are still active, allowing you to phreak as usual yet without visual feedback. In case you need to leave your ST you can switch logging off pressing <CTRL><L> instead. You are now prompted for a case-sensitive, alpha- numerical password that can contain up to 15 characters, echoed as X's. Only <BACKSPACE> applies as an edit key. Avoid typo's and remember what you entered, since you won't be asked twice or anything - way to annoying. When switching logging on again pressing <L>, you'll be prompted for it again. Upon forgetting your password, reset your ST or ask your brother in detail how his crack-patch works. Again, this only offers a minimal run-time protection. Having your harddisk password protected or encrypting your disks to make your datafile unaccessible would still be necessary. (I've elaborated a bit on a possible encryption of the datafile to go with the password and concluded it'd be best not to wind up in a tiresome and fruitless arms race with my fellow c0de hackers.) The most recently played MF-key and song information are updated when switching logging on again. 2.8 Miscellaneous functions 2.8.1 Doorbell mode Pressing <D> toggles the doorbell mode on/off (default off). When on, all MF-keys are played whilst pressed. The time you held down an MF-key is counted in the 'D.TIME:' field at the right, in milliseconds. (In combination with a silent (0 Herz or volume) MF- key this could also be used as a simple stopwatch, e.g. when measuring CO responses - of use only for those who can afford a watch NOT having that function.) This allows you to signal longer then 999 ms whenever needed. * During the doorbell mode all keypresses are scanned about 50 times a second (thus giving the D.TIME a resolution of about 20 ms) without a pause after the first hit. As an unfortunate result of this, all input routines that prompt for input directly after a single keypress or -combination would immediately be filled to the brim with a (control-)character. Changing the keyboard rate and clearing the buffer can't meet this problem - the keyboard processor only takes the new parameters into account with respect to keypresses following the current one. Rather than facing this irritating side effect I chose to unele- gantly BLOCK all input routines yielding a prompt after a single keypress. Those comprise song editing, comment editing, direct mark time editing and changing the <+/-> mark steps. Remember this when using the doorbell mode ! All two-step input (e.g. via the MF-key edit box or other pop-up boxes) is not affected by this side effect and thus normally available. All other functions as <+/-> stepping, switching func- tions Y/N etc. are buffered from the high sample rate, resulting in a slightly different 'feel'. Preferrably, you'd switch the doorbell mode off when not needed. Changes made to an MF-key's mark time will of course only be effective when leaving this mode. 2.8.2 Adapting key buffers Controls with respect to MF-key and song usage can be influenced by toggling the BUFFER switch Y/N by pressing <B>. Swapping between BUFFER1 and BUFFER2 to reach their setting is done by pressing <CTRL><B>. BUFFER1: is the MF-key buffer. Subsequently playing MF-keys or ploughing through MF-key fields is buffered when switched on. BUFFER2: is the song buffer. Playing preprogrammed keygroups or the current song, as well as in-/decreasing, repeating and playing keygroups during number scanning are buffered. The settings of those two is totally subject to personal taste. Usually buffering commands gives a smooth feel, but if you haven't grown used to the controls yet and find yourself repeating signals by mistake too frequently, switch either one off. The buffers are switched off automatically when the doorbell mode is switched on - the direct and high key sample rate would just stuff them beyond reason. Their original switch settings are restored upon quitting the doorbell mode. Both buffers are active by default. 2.8.3 Program execution In case you wish to possibly read/update a scanlist when phreaking or control your modem after hooking up to a carrier, executing an editor or a terminal program whilst keeping the RD resident is possible by means of program execution. Pressing <E> makes a fileselector box pop up, showing the contents of the current drive's root directory. Simply seek your favorite executable and double-click it. (The created path will be stored for later use.) Upon finishing you'll return to the RD as it was. (Using a Kuma Switch-oid tool can of course do the same for you !) Executing resident programs is not allowed. 2.8.4 Resetting your dialer Pressing <F2> shows the reset box. Use the <ARROW UP/DOWN> keys to choose the data set you wish to reset, and confirm with <RETURN>. By doing so your RD resets to (part of) the data it initializes with when starting up. ALL CHANGES you made with respect to the chosen data set WILL BE *LOST*; if needed SAVE your changes first (see below). The three data sets comprise: ALL : current field 0, field comment, MF-key attributes: freq1, freq2, mark times, volumes, comment, song attributes: songs, their fields and mark times (plus setting on/off), space times, song comment, current song 01, preprogrammed keygroups, current keygroup 0, guard attributes: frequen- cies, volumes, step sizes and current guard G3. SONGS : Song attributes: songs, fields and mark times, space times, song comment, current song 01, preprogrammed keygroups, current keygroup 0. MFKEYS: current field 0, field comment, MF-key attributes: freq1, freq2, mark times, volumes, comment. The values of 'ALL' match those in the initial 'ROWDY_DL.DAT' datafile that came with the dialer. (I furnished the dialer according to my own taste using the various editing functions described, then saved and merged it with the source in the same format.) For comments upon these presets see chapter 3. 2.8.5 Saving your modifications The disk I/O box pops up by pressing <F1>. As with resetting the <ARROW UP/DOWN> keys apply for choosing, and <RETURN> for executing a disk command. The choices are: LOAD : Loads all data from the datafile 'ROWDY_DL.DAT', to be present in the (sub)directory you executed the RD from. When it's missing the beep alert will sound whilst printing 'NO.DAT'. The restored data equals the summary concerning data set 'ALL' in paragraph 2.8.4., except the information on current field, current song, current guard and current keygroup. Those four parameters contain the values active when you last saved your changes; thus allowing you to pick up phreaking exactly where you left it. SAVE : Saves all data as described above to 'ROWDY_DL.DAT'. Your last save (if present) will be moved to a last but one version named 'ROWDY_DL.BCK' for eventual backup recovery. VERIFY: Compares the contents of the datafile with the current settings, except for the relatively unimportant (cosmetic) parameters: current field, current song and current guard. 'NO.DAT' appears when the datafile is missing, 'NOT OK' when the datafile doesn't completely match the settings and 'OK' when it does. 3 PROGRAMMING EXAMPLES 3.1 A word on the presets This section comments upon the initial values your RD starts up with or was resetted to. Since the various frequencies and their meanings are displayed quite clearly through the user interface, frequency tables and redundant commentary have been left out. Though subject to my personal taste, you'll find the current division quite workable. FIELD 0: Contains CCITT #5 signals. 14 Interregister and 2 line signals are present. The missing 'code 12' signal (delay operator) can be found in field 4, and could (when program- ming a song) be invoked by means of field overruling. FIELD 1: Is programmed with CCITT #4 forward signals as demonstrated in paragraph 2.2. Again the four missing (interregister) signals (two space codes, code 12 and incoming half-echo suppressor required) are stored at field 4. Backward signals are not included. For those interested they are: Proceed-to-send (Terminal) X Proceed-to-send (International transit) Y Number-received P Busy-flash PX Answer PY Clear-back PX Release-guard PR (read: PYY) Blocking PX Unblocking PR (read: PYY) The specified single frequencies on these MF-keys (overruled by the C4 specification and thus for use in songs only) are the tone slot frequencies. FIELD 2: Contains all R2 forward interregister signals, and FIELD 3: contains all R2 backward interregister signals. The forward signals can have three and the backward two possible meanings (group 0, I or II and group A, B respectively), pending the phase of the quite talkative protocol (which is way too comprehensive to elaborate on in this document). FIELD 4: Apart from the missing C4 and C5 signals as mentioned above, this field contains the C4 signal elements as shown in the table in paragraph 2.2 for use in songs, a 2280 Hz MF-key for use in C3 sequences and the bit 0 and 1 frequencies for use in ATF1 (B-Netz) bitstrings. FIELD 5: Contains three types of redbox frequencies for different systems (named ACTS, IPTS and non ACTS) and the greenbox frequencies alert, coin collect, coin return and ringback. The remainder of this field as well as both FIELD 6 and FIELD 7 are filled with modem tones, subscriber information tones and several other frequencies that may be of use to fool operators (some should be combined first), make shy modems answer, reprogram private switches or whatever use you would have for them. When for some reason you feel like 'adding' other signalling systems (better: shuffling the current division on behalf of e.g. Italian OOB-MFC, French SOCOTEL, German IKZ 50 or C4 backward stuff), field 6 and 7 are probably most appro- priate. You can always regain the original values by resetting your RD as illustrated in section 2.8.4. FIELD 8: is filled with several line signals, to be used in various signalling systems. To fill the comment fields highly uncreative and straightforward meanings have been added. FIELD 9: concludes this summary and contains all DTMF (or Touch Tone) frequencies. The use of A, B, C and D tones can be stumbled upon in a number of occasions. In military networks their meanings are Flash Override, Flash, Immediate and Priority. In contrast with all volume settings elsewhere applied, the DTMF volumes are default 13 instead of 15. This is done to avoid recognition problems that easily occur when DTMF-ing too loud. The following songs are preprogrammed with systems using signals consisting of several signal elements rather than a single signal: 38 .. 40: Redbox payphone coin signals indicating a nickel, dime and quarter (non ACTS system). 41 .. 43: Same as 38 .. 40, using the ACTS system MF-tone. 44 .. 46: Same as 38 .. 40, using the IPTS system MF-tone. 47 .. 61: CCITT #3 pulse signals. 66 .. 85: CCITT #4 forward signals. 86 .. 99: ATF1 signals. To sequence these signals by means of song invocation more comfor- tably, effort has been made to make digits match the second digit of the song number. 3.2 Programming examples To illustrate a few practical appliances of your RD some programming examples have been added. They are commented upon in the next paragraphs. Realizing a desired sequence can of course be performed in a variety of ways given the flexibility w.r.t. song programming; the examples only display one possible way to do so. Songs that are still '-- undefined --' will play strings from field 0, using MF-key mark times and 50 ms space times by default; i.e. the popular C5 interregister signals and timings. Filled with both educational and possibly useful songs as it is, the songlist initially contains only 25 undefined entries. Don't hesitate to overwrite all songs you have no use for, since resetting your RD (see 2.8.4) will restore them whenever needed. After discussing all functions in detail as I have by now, the following better be a blunt insult to your intelligence. 3.2.1 Some signalling sequences Song 01: To turn an undefined (FLD: 0, MRK: 50, SPC: 50) song into a DTMF number press: <F> <9> <RETURN> to use field 9 DTMF tones, and <CTRL> <M> to overrule the MF-keys' 80 ms mark times (smooth when dialing manually) with speedier 50 ms mark times, <RETURN> to edit / enter your (DTMF) string, and <I> to eventually add a comment. Song 27: plays a C5 string and thus uses the default parameters. Song 28 and 29: song 28 invokes its country code part in song 29; together they equal song 27. Song 37: To play tone slots press <F> <1> <RETURN> to use field 1 tone slot frequencies, <I> <'TSL: ..'> to overrule the timings with tone slot timings as mentioned in paragraph 2.3. <RETURN> to edit / enter tone slots. 3.2.2 Pulse signalling Song invocation can a.o. be of use to play pulses with an interval of their own within a sequence having a different (larger) interval: Song 30: Plays C3 pulses by means of invocations. Each C3 digit (song 51 through 56) has its own field specification and timings - only the space time of song 30 applies and spaces the digits. The space time was enlarged by pressing <S> <500> <RETURN>. Song 31: Plays C4 signals (song 71 through 76) spaced by 140 ms. Song 62 .. 65: Use invocations to play an ATF1 string. Since one song can contain 8 invocations only, extra songs are concatenated by use of the song expansion character ';'. The 600 ms preamble can not fit one song (25 ATF1 0-bits on a row only last 250 ms) and is realized by three times invoking a 200 ms preamble (song 86). To extend this ATF1 string song 66 could be added as well (e.g. to make a double ATF1 string; not to add 8 more digits to the bogus 22-digit phone number in this example), since expansion is parsed effectively up to 4 times as mentioned in paragraph 2.3. To program an ATF1 string, make sure the timings of the first song are overruled by the 100 baud ATF1 timing by pressing <I> <'ATF1: ..'> (again: see 2.3 for more detail). This overrules the timings of both invoked and concatenated songs, so you'll only have to enter it once. 3.2.3 Dividing phreak stages Four typical C5 phreak stages have been split up under keys <1 .. 4> on the main keyboard, belonging to keygroup 0 (which is active by default). They illustrate the generic idea w.r.t. keygroup usage as mentioned in paragraph 2.3. When pressed, they jump to and play song 01 (DTMF number), song 32 (clear forward signal), song 33 (seize signal) and song 28 (C5 string) respectively. This way you can repeat a stage whenever needed, e.g. by using your left hand's little- through forefinger whilst stretching a nostril with the right one. Song 32 and 33 have their specified mark time switched off, so that the MF-key's mark time they refer to can be altered by means of the <+/-> keys as shown in paragraph 2.2. Preprogramming these keys was done by first scrolling to the desired song, followed by pressing <CTRL> <1 .. 0>. All other preprogrammable keys will initially jump to and play song 'XY', where X is the number of the current keygroup and Y is the digit of the pressed key (e.g. pressing <ALT><3> and <7> reaches song 37). (Necessary exception: key 0 of keygroup 0 is mapped to song 01.) 3.2.4 Auto-phreaking When a phreakhole has stable responses and you know the intervals and timings, you can easily combine several signalling systems in order to phreak by means of a single keypress. Song 34 shows one possible way to do this. This song first plays a DTMF number followed by a 12.5 second pause, three clear forwards of 120 ms with intervals of 0.5 second, a 120 ms seize, another 0.5 second pause and ends with a C5 string. In detail this song reads: s01 : invokes the 50 ms mark and space timed DTMF number in song 01. ........ : plays eight times the dot MF-key in field 8, which is a 999 ms pause (silence), spaced by nine times the song's 500 ms space time. This adds up to an almost 12.5 second pause. f0(f0(f0( : plays the '(' MF-key of field 0 three times (a 120 ms clear forward) by temporarily overruling the song's field specification. Intervals are still 500 ms. f0); : plays the ')' MF-key of field 0 (a 120 ms seize) using field overruling as well. The expansion character ';' concatenates song 34 to song 35, spaced by song 34's 500 ms space time. s27 : invokes the C5 string in song 27 which uses MF-key mark times and 50 ms space times. In this example, completing calls to different destinations using the same phreakhole can be done by invoking different C5 songs in song 35 rather than changing the contents of song 27. 3.2.5 Scanning country codes If you wish to examine what countries you can reach via a certain CO using C5, number scanning combined with song invocation comes in handy. As an example, song 28 and song 29 contain C5 strings with identical timings. Song 28 plays its country code part by invoking song 29. Simply scroll to the latter and press <N> to make it subject to number scanning. All controls as explained in paragraph 2.4 now apply. When in-/decreasing the country code the complete C5 string can be played by pressing <P> <28>, which redefines the play song to song 28. When using the preprogrammed phreak stages under keys <1 .. 4> on the main keyboard as demonstrated in paragraph 3.2.3, it is handier to use key <4> to play the play song. In that case you should toggle <A>udio off to in-/decrease the country code silently. APPENDICES A: Trouble shooting Some of your RD's features can have puzzling side effects, e.g. functions overruling standard procedure. They have already been described in detail in this manual, which is probably the reason you missed them: * Some songs don't seem to respond to the specified mark and space timings. Remove the 'ATF1:' or 'TSL:' string heading their comment fields. These overrule the specified timings as discussed at the end of paragraph 2.3. * Editing song parameters, comments, mark times or the <+/-> mark steps suddenly seems impossible. These functions are blocked when the doorbell mode is active. See 2.8.1 for an explanation, or just toggle it off by pressing <D>. * The volume of an MF-key varies now and then. Make sure that freq1 and freq2 have different values. If not, soundwave interference may muffle the volume. * Some MF-keys persistently play C4 signals, no matter what frequen- cies or mark times I enter. Remove the 'C4:' string heading their comment fields. These make them signal C4 strings as mentioned at the end of paragraph 2.2. In songs the specified frequencies and mark time still apply. * The user interface looks like a mess since tear-gas bombs are fired through the window. Burn your notes and deny everything. B: Where to get the Demon Dialer? For ordering Demon Dialers dial Hack-Tic's Voice Mail Box number: +31-20-6001480 The do-it-yourself package includes a preprogrammed MC68HC705C8P/DD chip, a keyboard print, a processor print (both 65 x 72 mm), keys, all necessary analogue parts, a battery holder, an operation and reference manual and a very clear construction manual. Hack-Tic's address is: Hack-Tic (Technologies) P.O. Box 22953 1100 DL Amsterdam The Netherlands Fax: +31-20-6900968 C: Acknowledgements I would like to thank CarloKid for his (sounder than GFA's) sound routines, Hackbear for his (non-loop) timer routine, Arie for his scanning gear, the Hack-Tic illustrator KoHo who's fun drawings I digitized without asking, Troed and Zaphod for their excellent BBS- services, ItsMe for making me go astray and Pieter for pretending sincere interest during the development of this program. Thanks guys!