💾 Archived View for clemat.is › saccophore › library › ezines › textfiles › ezines › HIR › hir04.txt captured on 2022-01-08 at 15:55:32.
View Raw
More Information
⬅️ Previous capture (2021-12-03)
-=-=-=-=-=-=-
�� �� ������ ������
�� �� �� �� ��
������� �� ������
�� �� ackers �� nformation �� �� eport
�� �� ������ �� ��
��� �Ŀ �Ŀ � � ��Ŀ ����� � �
� �Ŀ �Ŀ � � �� ����� ��Ĵ
��� ���� ���� ���� ���� �
(March 1, 1998: Special Ascii Edition)
Welcome, reader, to our Special Ascii Edition of Hackers Information Report.
You guys using graphical browsers to look at this will simply NOT get it.
Use a real browser (like lynx or Minuet), or download the files and look at
them with a real text viewer (none of this NOTEPAD.EXE stuff...that'll make
it look even worse). HiR is best viewed in vi under unix, or EDIT in dos.
For those of you who have just joined us, our mag can be found at the
following places:
(Original Site) HTTP://www.jccc.net/~ndunker/hir.html (Note the new URL)
(New Mexico Mirror) HTTP://azure.rcn.nmt.edu:2007/hir/
(TwistedinterneT) HTTP://www.twistedinternet.com/ (look at the newz file!)
HiR is proud to announce yet another way to get ahold of the mag, as well as
a bunch of other kick-ass information. We're working with TwistedinterneT
services to bring you not only another place to find HiR, but grab TONS of
other goodies, information, and toolz while yer there! See the newz file for
more information!!!
HiR is an electronic magazine devoted to the freedom of information and
technology. We do not condone ripping people off for the sake of passing
boredom. We are here to share the wealth of information that exists out
there, that we have either learned, or come up with on our own. HiR makes
the best attempt to keep the content of the mag ethical.
Typically, hack walk-throughs are not provided, but information pertentant to
a systems inner workings are often discussed, allowing individuals to
deduce for themselves any other options that can be pursued with the
information. ONLY Hacking and Phreaking issues are discussed here. There is
no death and destructuction, no warez sites, or even virii, and especially, NO
CARDING. These are activities which are extremely questionable when it comes
to the educational/informative side. (We're sorry to disappoint the people
who like to blow things up...some of us like to do that too, we just don't
cover it)
ڿ ���Ŀ ڿ ���Ŀ ڿ ���Ŀ ڿ ���Ŀ ڿ ���Ŀ ڿ ���Ŀ ڿ ���Ŀ ڿ ���
������ ������� ������� ������� ������� ������� ������� �������
HiR is written and assembled by the following people:
Name E-Mail Function
------- ----------------------- -------------------------------------------
Axon Axon@compfind.com Writer, Webmaster, Compiles final product
Asmodian X asmodianx@hotmail.com Writer, Insane insomniac psycho philosopher
kminor pairsnarfer@gotmail.com Writer, kodiene phiend, Ascii g0d
Dr.Freeze foodstamp.man@juno.com Writer
ڿ ���Ŀ ڿ ���Ŀ ڿ ���Ŀ ڿ ���Ŀ ڿ ���Ŀ ڿ ���Ŀ ڿ ���Ŀ ڿ ���
������ ������� ������� ������� ������� ������� ������� �������
Articles You'll Find In This Issue of HiR
Number Title Author
------ ------------------------------------------------------ --------------
1 Introduction/Table of Contentz
2 Hacking Around With Meridian Voice Mail and PBX Axon
3 More HPC Hijinks Asmodian X
4 Mobile Hackers Guide to Phreaking (Article contains Axon
instructions and skemz for the GoldBox)
5 The mysteries of the Dumb Terminal Axon
6 HiR Hacker Newz
HaCKeRS iNFoRMaTioN RePoRT
H a c k i n g A r o u n d W i t h
�����Ŀ ��Ŀ ��Ŀ ��� ��Ŀ ��� ��Ŀ ��Ŀ
� � � �� ���� � � � � ��Ĵ � �
� � � ���� � � ��� ���� ��� � � � �
� � � Voice Mail and PBX Systems
� � � by Axon
The Meridian Telephone system is becoming very popular for mid-size and large
companies. Basically, all that the Meridian system is, is a PBX with Voice-
mail and outdial capabilities. It's very flexible, and easily programmed.
Almost all user-definable functions can be utilized via a standard DTMF phone
keypad, from listening to your voice mail, to changing the mailbox greeting,
and changing passwords, allowing off-site access to voice-mail and other
functions. I've seen this phone system at two of my three places of employ-
ment, as well as others. Chances are, you'll have no choice but to run
across these systems once in your lifetime, simply because of their
popularity. I am in no way saying that this is the BEST PBX or Voice-mail
system, I'm just going to go over some basic information.
Stations-
Like any PBX, there are trunks (outdial lines) and stations (Phones hooked up
to the PBX). The Meridian Mail System is a Digital PBX, and I don't think any
phones other than the ones Meridian distributes, will work on it. I'll cover
three types of meridian phones, which are the most popular, and the only ones
I have seen.
Meridian M2006 Telephone:
The M2006 is a digital telephone that offers a standard DTMF keypad, Volume
control, Release, and Hold buttons. It features Five programmable buttons
along the right side of the phone, a one way speaker for on-hook dialing, plus
a red light that indicates a voice-mail message. Alongside the programmable
keys is an LCD status display bar. Below is a picture:
���������������������������������������Ŀ Note that the status Bar uses
� ������Ŀ ����� ���� ��Ŀ �������� � Little black arrows to indicate
� � � �HOLD �RLS � >� � P1 � if a programmable function is
� � � � � �������� � active, such as forwarding,
� �Ŀ ��� ��� ��� ��� � >� � P2 � a conference call, etc. The
� � � �1 �2 �3 � � �������� � xNNNN button, typicaly is labeled
� � � ��� ��� ��� � >� � P3 � with the extension/mailbox number,
� � � �4 �5 �6 � � �������� � such as "x1023". Pressing this
� � � ��� ��� ��� � >� � P4 � button when the handset is on-hook
� � � �7 �8 �9 � � �������� � will pick up the line and you'll
� ��� �Ŀ ��� ��� ��� � >� � P5 � hear your dial tone and dialing
� � � �* �0 �# � � �������� � on the one-way speaker. The Ascii
� � � � >� � xNNNN � drawing on the left is not exactly
� �������� ������������� ���� � how the phone looks. It's just how
� � �<<<| |>>> � the keypad is layed out. There is
����ij����������������������������������� a Speaker above the keypad, and
� � the keypad is about half as tall as
� � It appears to be in the drawing. The <<< >>> bar, is the volume
/ � control. It's one solid button, but it rocks to the left or right,
/ � to decrease or increase volume, respectively. The programmable keys
� � can be programmed various ways. I have seen the following functions
��� assigned to programmable keys: Intercom, Conference, Transfer,
Speed Call, Forward, Auto Dial, Program*, Call Pick-Up, and Message.
Most of those functions are self-explanatory. I'll explain the ones that are
not.
Speed Call-
Similar to speed-dialing on a normal telephone. Program numbers into 10
memory allocations, 0-9, and then just press [Speed Call] [x].
Auto Dial-
Works in the same manner as Speed Call, but it calls one pre-programmed
number, at the touch of this button.
Program-
This is only available on the other phone, and some of the larger phones
that i will talk about, not the M2006. It is used for adjusting Volume of
the speakerphone, Contrast of the status scren (which I'll talk about when i
get to the next section), Call Timer enable, Idle Screen Format, and key
clicks.
Call Pick-UP-
This is a function that allows a user to answer another phone in the same
office. It's fairly useless, unless you feel like intercepting your boss's
phone calls (I've tried it. fun.)
The M2616 Telephone-
Features include all of the ones found on the M2006 Telephone, plus a two-way
speakerphone, 16 Programmable keys instead of five, and allows for modular
options such as a status display (2 line Alphanumeric LCD display that shows
number dialed, length of call, time, and other things). This phone also has
a female DB25 port on the back of it. Materials i have acquired speak of the
2616's ability to support a programmable data adapter. I assume that's what
the port is for, although I really don't know what the precise function of the
programmable data adapter is.
I won't bother showing a second picture. Just imagine the first picture with
2 rows of programmable buttons, 8 on each side of the status bar. Most of
the programmale buttons i've sen on these phones are dedicated to AUTO-DIAL
buttons, so typically these phones are found in supervisor offices, with pre-
programmed numbers to all the stations of their underlings.
The M2617 Telephone-
The most luxurious and feature-rich phone I've seen is the M2617. While it
has all of the funtions of the 2616, it has only 11 programmable buttons, and
5 "soft keys" across the top of the phone, under the display, which is, again,
an alphanumeric LCD screen. The soft keys' functions can be programmed to
change with the status of the phone. These keys can display the last number
called, forwarding functions, speed dialing programmability, and a host of
other options. The keys are used to navigate the whole menu Subsystem of the
phone itself. The only place I've ever seen this phone was at the operator's
desk, and it was hooked up to several modular adapters that were for
transferring calls to different stations. I do not know all of the modular
options that are available for these phones, but i do know that there are
options for display screens, and additional programmable buttons.
In addidtion, the 2617 (and I believe the 2616) are capable of handling
multiple incoming phone lines. Remember the xNNNN button on the 2006? Well
the 2617 is capable of handling many incoming lines, which take up one prog-
rammable key per line, so you can press one of the incoming line buttons to
connect to that line.
The Voice mail System-
The following information may be system specific to the location for which
i found the informative literature. If this doesn't work with all meridian
systems, so sue me.
If you're actually at the place where the system is, this is a lot easier, if
you have access to a station (a phone hooked up to the PBX). To enter the
voice mail system, press the [MESSAGE] programmable button. If the phone does
not have one of these, try dialing 4444. This may or may not work properly.
If it does not, you're shot out of luck, or you can try to find a phone with
a message button on it. Some way or another, though, there is an extension
that can be dialed that will allow some of the phones to access messaging and
setup options. Ceretain stations can be programmed from the console as to not
allow mailbox setup on that station. Keep trying, I guess.
Some phones may not have a mailbox set up. IF this is the case, you MAY be in
extreme luck, as usually the system will begin prompting you for all the
information it needs to CREATE a voice-mail box for that extension. You may
hear a menu for how to play messages, or you may be told that there are no
messages at all. There is also the possibility that you will be asked for a
password. There is a VERY neat trick with meridian mail systems passwords...
by default, ALL, that's right, EVERY SINGLE mailbox has a password, and ALL of
the passwords, unless the default configuration was altered before set-up, is
the same as the extension number, so if you see the number "x3125" on the
programmable button on your phone, then try that as the password. It will
probably work unless that mailbox is someone's personal mailbox and they have
changed the password.
Once you've entered the password, you're ready to do one of a few things.
The most interesting of these, is obviousely TAKING OVER the mailbox, since
that's probably one of the things you want to learn about. Rest assured,
though, that your efforts in this stage could be taken the wrong way by the
big corporate people, and also, it's nothing more than a few lousy keystrokes
and maybe 5-10 minutes of work to completely wipe out the mailbox, or to
change the password on it again and give control of the mailbox back to whom-
ever it originally belonged.
After the password has been entered, There are all sorts of things you may
want to do.
���������������
�Enter Password
�
���������������������������������������������������������������������Ŀ
������������� ������������� ������������ ��������� ����������� ����������� �
�[2] Reply to �[3] Discard �[4] Forward �[5] Keep �[6] Make �[7] Play �
�Last message �last message �message to �message. �message to �Messages �
�Listened to. �Listened to. �other phone �send later �
�����������������������������������������������������������������������
������������������ ������������������
�[8] User Options. �[9] Exit (hang up
�(Passwords, Voice
�Greeting, etc.)
�This is FUN!
I'm really only going to focus on the User Options menu in this article,
because the rest is mundane, and can be easily explored by simply listening
to voice prompts. The User Options menu is the most powerful menu that any
normal person will have access to.
�������������
�User Options
�
���������������������������������������������Ŀ
����������� ����������� ������������ ��������� �������������
�[4] Record �[6] Record �[7] Change/ �[8] Help �[5] Make
�Personal �your name. �assign your �Distribution
�greeting. �passcode. �List. (We
�won't cover
�this)
Pressing 9 from this menu will take you back to the previous menu.
Obviousely, taking overthe mailbox can be done simply by changing the
passcode. If you want, you can leave the greeting and name the same,
or you can scream something obscene. When you are recording, remember
to hit the # key to stop the recording. For the love of god and hackers,
please don't mess with the distribution list. It's not very user-friendly
and I personally think it's the lamest thing since the 1960's phone phreaks
designed 200 different colors of "boxes", all of which were different ways
to put someone on hold or tie up their phone line.
Have phun with all the meridians you can find!
Hpc's Part Deux
By. |\smodian ><
It's me again, once again writing another fun filled with HPC's.
To those of us who have one of those handy dandy portable devices.
I have done a bit more studying about These wonderful devices, and
have some more facts to bring to light. Tonights highlights will
be Alternate power sources and hidden doodads and menus.
-=- Alternate power supplys when using PCMCIA modem w/o AC power -=-
One problem with HPC's is the inability to sustain a PCMCIA modem
connection for more than 1 hour. When you go over one hour the
batteries usually die. for those of you not familliar with HPc's they
usually take 2 "AA" batteries. Rechargeable batteries work fine under
normal load, however do not have the same staying power of regular alkaline
batteries.
A simple solution is to get High Capacity NiCad batteries. They
will probably out last the Regular NiCads by a bit, but not by too much.
A better solution is to use those expensive Energizer High Energy
Lithium cells. It might be a good idea to have some as a spare for
emergencies, but if you're on the road alot I would suggest an external
power pack. Most manufacturers sell a NiMh Battery for roughly 30 to 50$.
and would be a good idea if you got the cash. If you dont have the cash
but you have an old 7.2 V NiCad "racing battery" along with the charger,
and have a few bucks for parts and enclosures you can build your own
rechargeable power supply. To knock the 7.2 v battery down to a useable
voltage, simply make a Voltage regulator box via a LM309k 5V regulator.
run a coaxial lead to a matching plug for yer power input and volia! Keep
in mind that each HPc is different and yours may require a different
voltage/current. Also Keep in mind what happens when a person screws up
the power input <ZZZZT!!!> no more HPC. Also keep in mind that I ain't
responsible for what you fuch up... so don't come cryin to me about your
deep fried investment. If it were up to me I'd use the mail order one!!!
Another novel idea was utilized by Axon during the last 2600 meeting.
Axon took an un interuptable power supply <an UPS> and plugged his
HPC into it via a power cord. By the same token, if a person had an
external modem and a Null modem adaptor, and hooked it up with the
special propritary serial cables that come with the HPC. the person
wouldn't have to worry about the drain on the batteries. OF course you
could just bring a big spool of extention cord and a power strip but
thats too obvious.
<NOTE> Due to the low cost of purchasing the extended rechargeable battery
usually about 50$ and the startup cost of building a box would be about
the same. So unless your really straped for a battery I really suggest
you use the manufacturers battery. Hince no schim, unless some one can
get me a schem on the LM309k chip.
Another Note, a company called Modem Express carries special battery
powered modems. They supposedly can be reached at (612)-553-2075.
-=- Secret Menu of Cassiopia/Pc Comp. death-=-
Heres a neeto thing to destroy a Compaq/cassiopia's memory. Some time
A HPC will lock up so bad it wont even boot. The solution to that is
killing everything on the HPC. This fix is simply an alternative to
pulling out the memory batteries and the work batteries.
step 0: back up everything!
step 1: Turn Off HPC
step 2: press all at once Ctrl,Caps, Shift, On, and RESET
from the menu you can blow the ram away to a factory state.
to exit the menu press reset.
..
well thats in in the way of neeto factoids...
I'd like to point out some items from the previous article I did about
palm tops. The RED box aspect was feild tested by an anonymous being,
and they communicated to me that the method worked. In addition, I have
found several telnet clients and ftp clients, as well s a FTP and WEB Sever.
Both the Telnet Client and the Ftp Client are available from Ruksun
software technologies. (http://www.corus.com) I picked up the Ftp from
a Win CE web page. Some good pages to look at are
ce.computra.net
www.windowsce.com
www.jimmy.com
and some stuff like that... I found some of the kewlest stuff on a
japanese page which is run by Eiichiroh Itoh.
http://www.oohito.com/
-=- Kewl stuph in da werks for hpc's!!! -=-
- Theres a 80186 Emulator in the works for the sh3 & the mips
in the pre-alpha-nonexistant state
<see http://www.pyram-id.demon.co.uk>
-=- Projects under way by |\smo -=-
- PPP'ing to a linux box via the Serial Port
<The linux alternative to Syncing with WIn 9x>
any way, Happy New year and safe driving!
-=- |\smodian >< -=-
<EOF>
�������������������������������������������������������������������������������������������������������������������������
������� ��� ��� ������� ������� ������� ������ ����� ��� �������
������� ������� ������� ������� ������� ������� ����� ��� �������
��� ������� ������� ������� ������� ������� ����� ������� �������
��� ��� ��� ������� ������� ������� ������� ����� ������� �������
��� ��� ������� ������� ������� ������� ������� �������
������� ������� ������� ������� ������� ������� �������
������� ������� ������� ������� ������� ������� �������
��� ��� ��� ��� ������� ������� ������� ������� �������
������� ��� ��� ����� ������ ������� ������� �������
������� ��� ��� ����� ������� ������� ������� �������
������� ������� ����� ������� ������� ��� �������
������� ������� ����� ������� ������� ��� �������
������� ��� ��� ������� ������� ������� ������� ����� ��� ��� �������
������� ������� ������� ������� ������� ������� ����� ������� �������
������� ������� ������� ������� ������� ������� ����� ������� �������
��� ��� ��� ������� ������� ��� ��� ������� ����� ������� �������
Sometimes it is necessary for a hacker to rely on techniques that have been
developed by the close colleagues of ours, known as the phreakers. Hacking
usually takes place, but is not limited to, electronic communications, such
as the internet, bulletin boards, voice mail, packet radio, and other serv-
ices. Almost always, where electronic communication is involved, so is the
phone company. Enter the knowledge held by the phreaks. The original phone
phreaks built elaborate devices such as the blue box, to explore billing proc
edures, switches, and just "how does that voice on the other end get to where
I'm standing?" Anymore, phreaking is more and more about exploiting holes in
the telephone company, either physical or electronic, to gain "something for
nothing", or, stealing service. Some of these techniques are extremely bord-
erline legal issues, if not completely illegal. I don't necessarily condone
these actions, but if there is a need, a hacking directive that cannot be
achieved without using such measures, sometimes certain things have to be
done. Maybe you need to make sure no one can pinpoint you as the hacker.
Maybe you just feel like going outside to hack, who knows. Everyone has their
reasons. I, myself am not a phreaker, but I learn from them, and can put their
knowledge and power to use for my own purposes as a hacker. So, here's my
guide to using phreaking to aid in hacking.
There will be quite a bit covered here, I have broken it up into sections:
1) Your Mobile Platform
2) General Equipment
3) Preparing for the event
4) Keeping On your Guard
5) Hacking it Up!
6) UH-OH! We've got company!
7) Making a BeigeCord
8) Complete plans on making and using a GoldBox (Schems included!)
9) Tips for use with the Acoustic Coupler
------------------------------------------------------------------------------
Your Mobile Platform
=-=-=-=-=-=-=-=-=-=-
Surely you'll want a laptop with a good sum of battery life, or a palmtop,
anything with a terminal program, and a modem. Without these, mobile hacking
(at least via electronic means) is not very likely. If choosing a laptop or
other portable hacking platform, look for something that's light, yet durable.
I personally have two platforms for field hacking: An NEC laptop with a 540Meg
hard drive, 8 megs of ram, and a wonderful terminal emulator called Telemate.
I also have a Hewlett Packard 300LX palmtop with 2 megs of overall storage,
and a built in VT-100 and TTY terminal emulator. Both of them have their good
and bad sides. Both of the devices support PCMCIA modems. I have 2 modems,
an Eiger Labs 28.8 faxmodem, which is powered by the telephone line to reduce
battery drain, and a Megahertz 14.4 faxmodem which is Battery powered, so it
will work with an acoustic coupler for payphone (or other) use, but will
reduce my laptop's run time by 15 minutes or so, and kills my palmtop in a
half-hour flat.
Whereas the palmtop is small, weighs under 3/4 of a pound, and is rugged like
you wouldn't believe (I dropped it in the mud when i was using it at a payfone
once and it didn't so much as complain!), it has no backlight, and the letters
are very small and hard to read in low-light conditions. Battery life is
limited to about 45 minutes when using a modem, and that's if i use VERY
expensive alkaline batteries. Cheap batteries won't even last half an hour
with a modem, and NiCd batteries last 5-10 minutes. Not a great choice, but
for hit-and-runs, it's a winner, at least if u got a good flashlight. Oh yah,
no logging or file transfer capability with the built-in software, either.
I've seen some software for Windows CE that has A few transfer protocols, but
that's about it, still no logging. They even expect you to PAY for it. Yuck.
The laptop is a different story though. It is full-featured when it comes to
communications. Compared to the palmtop, it's a battle control center. With
my current setup, I can emulate anything i would ever want to, 3270, VT-xxx
(a lot of the VT's), and I can even program my own emulation rules in, if i
get very bored. Logging, no problem. File transfer, no problem. Scripting
is beautiful. The only problem is that the device weighs in at almost 6 lbs
and on top of that, takes up a lot of space. Having close to 3 hours of
battery life while online is a bonus though, even longer if you remove the
power-leaching modem from the slot.
I *ALWAYS* carry a spare set of batteries, for both my palmtop and the laptop,
even when I'm not hacking. If you're using some electronic device (like the
REALLY old laptops) that takes normal sized batteries such as AA, C, D, or 9v,
you'd really be wise to get the expensive kind to use while you hack,
especially if you don't know how long you'll be running your equipment. The
last thing you want is a low battery warning before you have time to cover
your tracks.
------------------------------------------------------------------------------
General Phreaking Equipment and Misc Stuff
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
(Ones marked with * are optional, maybe overkill, yet still fun)
----------------------------------------------------------------
Backpack to cram the equipment into
Ratchet or Bolt-Driver set (you can get cheap 14 pc sets at computer stores,
be sure to get 7/16 and 3/8 inch sockets. They'll be the most useful)
A decent pocket knife (to strip/cut wires, wire ties, etc)
Screwdrivers, various sizes, flat and philips head (for taking out screws,
and prying)
Pliers, slip notch, and needle-nose (for pulling out stuff, limitless uses)
Small penlight (for reading stuff up-close, etc)
Flashlight (when you need some major light for working)
Notepad and paper (to write stuff down with. Don't always rely on electronic
storage when field hacking. Sometimes jotting is more convenient
than typing)
BeigeCord (Will tell how to make this later)
Suitable phone to go along with the BeigeCord (Later, as well)
Pair of cheap-ass light cotton or thin leather gloves (Fingerprints. Period.)
No-DoZ (Available in small packages at convenience stores, just in case you're
out later than you thought you'd be)
- Battery operated camera flash (See more details later)
- Acoustic coupler (for payphones or anywhere you can find phones but no jack)
- Walkie-Talkies (if you've got more than one person)
- Goldboxes (depending on directives to be achieved, and application
- Fake Telco ID tags (These are often capable of fooling normal people,
especially at 2am if they've just woken up)
------------------------------------------------------------------------------
Preparing for the event
=-=-=-=-=-=-=-=-=-=-=-=
Before you decide to go out hacking with your mobile platform, you need to
decide where you're going to hack from. This may be a telco can out in the
middle of farmer bob's field, or it might be the Fortress fone hanging off
the wall of a 7-Eleven! HEH! Anyhow, once you've found out where you're going
to be doing this from, you need to scope it out in both broad daylight, and in
darkness as well. Get familiar with this place, as you will need to be
comfortable with your surroundings. At night, let some cars drive by if at
all possible. (If no cars drive by, have a friend cruise up and down the
adjacant roadway or paths). You need to be able to stay out of their sight,
but still be able to see them coming.
------------------------------------------------------------------------------
Keeping on your guard
=-=-=-=-=-=-=-=-=-=-=
You should have a backpack or other carryable bag that will allow you to store
all the stuff in it, in a well-organized and easily accessible manner. I
usually advise you venture out in small groups. NEVER have more than 5 people
and NEVER use more than one vehicle when traveling via car/van/truck etc.
At least one person should be watching out for cops, telco people, bystanders
or others. Use walkie-talkies when there will be more than 20 feet between
the watchmen and the people doing the phreaking/hacking.
------------------------------------------------------------------------------
Hacking it up!
=-=-=-=-=-=-=-=
As far as hacking, standard procedures need to take place. You hack just like
you normally would, except maybe you'll get a little chilly. The only thing
you really want to do is find a phone line to use, and use it for hacking.
The main purpose I've found for this is sheer anonymity. If they can't trace
a call back to you, you won't be found guilty. Make sure when ripping telco
cans/boxes apart, you don't leave any fingerprints. It's sometimes advisable
to wear light leather or thin cloth gloves when partaking in such activities.
As far as opening cans/boxes, that's why you need the sockets. Most of them
are secured by 3/8 and 7/16 inch bolts. sometimes you need the screwdrivers
too. You can kind of figure out what to do once inside. (More tips in the
beigecord section)
------------------------------------------------------------------------------
UH-OH! We've got company!
=-=-=-=-=-=-=-=-=-=-=-=-=-=
When and if you encounter a person who seems to be unfriendly, you need to
have a plan. In the case of stupid laymen, I'd say it's wise to try to
convince them that you belong there, either you're analyzing their phone lines
because service was knocked out randomly and you're trying to find which areas
are affected and fix it, or something. This is where the fake telco ID
tag comes in handy. Just make sure you're not showing it to an actual telco
guy or someone who would know any better. Bullshitting is good. If it's a cop
or telco guy, or if you just can't tell if u can fool the person or not, you
need to whip out your already charged camera flash, close your eyes tight,
flash it (blinding them for about 10-45 seconds), and get the hell out! One
alternative that's a lot cheaper, is buying those cheap-ass flashbars (or
cubes You know, for those cheesy 10-millimeter point-and-shoot cameras) at the
general store or Wal-Mart, and tearing them apart CAREFULLY. remove all the
bulbs and store them in something soft and non-flammable. When broken (such
as thrown on the ground), they will go off like they normally would, also
blinding anyone who didn't have their eyes closed). Some flash bars' bulbs
don't work like this. So slam one of the bulbs onto the pavement as a test,
before relying on them to be used for this purpose.
------------------------------------------------------------------------------
Making a BeigeCord
=-=-=-=-=-=-=-=-=-=
Around here, phreaks use beigeboxes all the time. Typicaly they use them to
tap into residential phone lines and call 900 numbers to purchase online time
on BBS's and sometimes for personal amusement. A beigebox is just a telephone
with alligator clips instead of a modular plug. I think you know that. Well,
a BeigeCord, is just what i call a telephone wire with a modular jack on one
end to plug your modem or phone into, and alligators on the other, to tap into
lines with. This is simple: Buy a telephone cord (between 3 and 6 feet long)
and cut off one of the plugs, and wire up 2 alligator clips to the middle 2
wires. Hook your mobile platform or phone up to the modular jack, and the
other end up to the line. Look for red and green pairs of wires, and hook the
alligators onto the screws, or strip the insulation off of a wire and spread
it far apart enough to leave unprotected wire to hook your alligator onto.
Example:
================---------===================
Insulation^^^ ^^^ ^^^Insulation
BARE WIRE
If you still have some problems, (heck, even if you don't), I would advise you
to read some other phreaking articles. Once you've done this, your computer
will act just it does at home as far as communications. It's also nice to
have a phone for voice communication. a cheap, one-piece phone that accepts
a modular plug is all you need (some one piece fones have a hard-wired cord.
bletch.)
------------------------------------------------------------------------------
Gold Boxes
=-=-=-=-=-=
Gold box...fun! The gold box is an electronic device that links two phone
lines together. When the first line is called, it picks up the line, and
gives you the dial tone for the second line, which you dial another number
from. when the call is traced, it's traced to the second line your goldbox
was on.
You really need to find a telco box that has many lines in it, in order to use
this. Try to make sure that the "first" line, is not a main line that is used
for any incoming calls. What you're looking for is a telephone line that only
carries outgoing phone calls, like the line used for credit card verification.
Chances are, you will want to make sure your goldbox fits inside the telco box
nicely. With a goldbox, you can call from home, and not have to be worried
about a trace. The only drawback is that most gold-boxes I've seen will stay
off-hook for a set amount of time, like 45 minutes. So if your call lasts 45
minutes it will hang up on you, but if your call lasts less than that, it will
stay off-hook till the 45 minutes are up, and you can't use it till it hangs
up again.
Hooking up a goldbox is a lot like hooking up a beigebox, except that you have
to wire two lines up, instead of one. This works best for business phone
lines, because most small residential boxes only have 1 line, and even if they
have 2 lines, calling one of them might wake someone up, because even though
the goldbox picks up the line very quickly, the phone still rings for a short
amount of time. Businesses, there will be less likely that the ringing is
heard, and if it is, it will probably be by a janitor, who will dismiss it
easily. (I did mention that you only gold-box at NIGHT when people are home
and asleep didn't I???)
This is a better model I found on the internet though. This one's cool
because it hangs up shortly after you hang up (Actually when the line
voltage drops on line 1...Have you ever gotten hung up on, then waited for
30 seconds, and heard that static noise drop out, hear some clicks, and then
hear the fast busy signal? The dead part is what resets the goldbox)
Here's the ASCII SCHEM for this beast!
Photo1^^
���(/\/\)���Ŀ
����������Ĵ �(|<)Ŀ b���Transistor1
Red Line 1 ����LED1 ���� �����������������������������������
� � e c � Green Line 2
� LED2 �/\/\���/\/\���/\/\���/\/\�
���(|<)���10k 10k 1.4k 1.4k
Photo2-> �(/\/\)�
Trans2--> ���b �
������������ �����������������������������������������������
Green � c e � Red Line 2
Line 2 � �
�/\/\/�
1.4K
����������������������������������������������������������������Ŀ
� Legend (All parts can be found at radioShack Easily!) �
� �
� ��� 2N3904 Transistors Labels: b=Base c=collector e=emitter�
� � � �
� /\/\ Resistor. Labels: Value in ohms noted under each symbol�
� �
� (|<) LED. Note: Try to use high output LED's. �
� �
� (/\/\) Photocell �����������������������������������������������
I usually put this whole chunk of equipment into one of the small or medium
radio shack project cases. You'll want to make sure that your LED's are
REALLY bright, and you may want to use some tape to make them touch the photo-
cell. Drill 2 holes in the case, one in either side, and when assembling your
goldbox, run both of the Line1 wires out one hole, and label that hole "Line1"
and the line2 wires through the other hole, labeling it "Line2". You can not
get the greens or reds confused here. I usually use green and red wire when
creating my goldbox, so that i won't get confused, I'd advise that you did the
same! Once you have the wires poking out of the holes (make sure there's at
least 5 inches of wire on each so you have something to work with), put some
electrical tape over the inside of the holes. If any light gets into this
box, the victim's fone lines will go batty. The only light in this box that
we are wanting is the light being produced by the LEDs!
An optional design i heard mention of one time by a colleague of mine was
using an optocoupler... you may look into that, but i've yet to see plans for
such a device...feel like making 'em? If you successfully do it and do a nice
write-up on it, make good skems to go along with it, go ahead and send it to
us and we'll probably publish it!
This design will not hang up after a given amount of time. Instead it hangs
up when YOU hang up. That's good news for you. You may want to build 3 or 4
of these little guys if ya got the cash to do so. Chances are once ma bell is
onto ya (that is traces it to the boxed number), you may never see this thing
again. Also, if they DO see this box, they might see what phone numbers have
called the other line it was hooked up to at or around the time the traced
calls were made. that would point to you. that's not good. Goldboxes can be
used in conjunction with payphones and an acoustic coupler. This is a safer
method, because ma bell probably won't physically search the site where the
gold box is for maybe 2 weeks, then they'll see what phones were calling that
number at that time and date, and it's a payphone. could be ANYONE!
Seriousely, and sadly enough, I must say that you should count each gold box
you install as money spent to achieve a hacking directive. It's not wise to
go back to the site and retrieve it, unless you have a lot of balls. I know
of at least one person who went back to get the box, only to find out that
pacific bell employees had found it when activating another line for the
victim establishment, and called in the authorities, who were roughing it in
van across the street. Luckily, only the trespassing charges held up in court
but not everyone may be that lucky. Retrieving a goldbox should take as much
(if not more) planning and effort as it took to plant it. Keep an eye on the
area for a few days, in broad daylight, and at night. Take note of vehicle
positions, people, everything, especially everything you can see from near the
boxes location.
How do you know what number to call to activate your gold box? Well, that's
where the phone and beigecord come in. Hook up the biegecord to the phone
line you are using for line1. This is the line you will be calling from your
modem or phone. When you get a dialtone through your handset, dial an ANI.
(All the ANI's I have are now deactivated...growl! Keep an eye on 2600
magazine, in the letters section, there's almost always some ANI numbers in
there). The ANI will spout off a 10 digit number (area code and 7 digit phone
number. Use your pencil and note pad now...WRITE DOWN THAT NUMBER! Go call
it from another phone somewhere. You should get a dial tone VERY quickly,
usually it doesn't even get through a full ring for me. Dial a local number
just to see if it works, a BBS, see if you get a carrier tone, or if your
best friend would be awake at this hour, call and brag...erk... no. don't
brag. Bragging is the bane of hacking, to a degree.
When using a payphone to hack, Redboxing is not the way to go.
Most payphones i've ran into let you stay on a local call indefinitely with
the initial change (25, 35 cents). You might as well pay, then dial the gold
box, which is local, then dial the long distance number from there. That way
you won't get an operator asking for more money halfway through your hacking.
(computerized voices cause pretty good amounts of line noise!) If this method
is used, you have unlimited length long distance phone call for 25 or 35 cents
depending on your phone company. Your victim may not see things the same way!
------------------------------------------------------------------------------
Acoustic Couplers
=-=-=-=-=-=-=-=-=
An acoustic coupler is just a device that is strapped to a phone, and then
plugged into your modem. It basically just makes an audio connection to the
phone line that the phone is on. This is good for payphones, phones that are
on digital PBX's, or any phone where the wall jack is not accessible, but an
outside line is! You may be able to find an acoustic coupler in computer
stores in your area (I bought mine at a CompUSA in June, 1997) and sometimes
you can find old ones at garage sales, used computer stores, and other places.
I have seen them in 1-800-batteries catalogs (GREAT Catalog for people with
laptops and cell phones...Call 1-800-batteries (I don't know how they did it,
but just dialing the first 7 numbers of "betteries" doesn't work...gotta dial
tha whole thing), and ask them to be put on the catalog list. it's free!
The instructions (if any) that come with the coupler are always screwed up.
Here is what i always do when dialing acoustic...
1) Power up my laptop.
2) While it's booting up, I unpack the coupler from my backpack
3) I insert my PCMCIA modem into my laptop
4) I pick up the handset, and strap the acoustic coupler to it. (make sure
that both the coupler's on the right direction, speaker to microphone!)
And plug the RJ-11 Plug into the jack on my modem.
5) I enter my terminal program, and manually use the command ATX0.
(All this does is makes sure it won't hang up if there is a faint or absent
dial tone. When you dial with the phone's keypad, it won't get a dial tone
and most modems would hang up unless this was done first.)
6) I Manually enter the command to lock my modem to a specific baud rate
For high quality phones, I keep it at 14.4 (on a coupler compatible 33.6
modem I managed to get 26.4kbps out of it, but my modem's just 14.4)
For cheap phones i use 4800
For payphones i stoop down to 1200
(To see how to do this, read your modem manual. IT's ATF<x> for my 14.4
My 28.8 is hard to force the baud rate on)
7) I Type "ATD" into the terminal program, but DON'T hit enter
8) I press down on the hook for 5 seconds to get a new dial tone
9) I Use the keypad of the phone I'm using to do all my dialing. If you're
gonna dial through a Goldbox, dial the redbox number first, wait 10 seconds
or so, Dial the other number.
10)Before the carrier starts, hit enter on the computer so that it picks up,
waiting for a carrier.
The connection will be like any other connection. Once you've disconnected,
take it apart any way you want. I pretty much take it apart differently each
time.
------------------------------------------------------------------------------
This concludes the phreaking techniques to manifest hacking. Codes could have
been covered but that is an area that i know very little about, and haven't
personally tried to use. Remember, if nothing else, you guys in Jr. and Sr.
high school could use some of this as a science project! <wink>. Happy haqn!
Dumb Terminals
Dumb terminals have been used with computers since the advent of mainframe
computers. All that a dumb terminal is, is an input/output device that is
attached to a larger, more powerful computer via a serial connection, modem,
or other network connection. There have been many different kinds of
terminals created since the idea first came into play. Some of the more
popular ones were the Televideo Terminal, and Digital (DEC)'s VT 100, 102, and
400 terminals. You can still find these terminals in libraries, stores,
colleges, and some offices. Essentially, all that these terminals contain
is a CRT (Screen), a keyboard, and inside the body of the monitor, is a
circuitboard, which contains some ROM chips with some hard-coded programs
(This included information for some specific emulation functions, the setup
program, and the standard boot-up, connection, and self-test functions), as
well as a small amount of RAM (used for Input, Communication, and print
buffers), but there is also an area of EEPROM. This, in conjunction with
the setup program, is going to be a major part of this article.
Why would you want to mess with these terminals?
Well, there are many reasons why one would want to mess with them, or at least
get familiar with them. At stores, you might see one of these just out in the
open, and unattended. Some stores i know of (such as Comp-USA), they have the
terminals on the sales floor so that sales people can look up prices, quantity
in-stock, and other information about the merchandise, in case a customer has
a question, or if they can't find what the customer wants (which happens so
often that you stand a better chance of finding it yourself). Now, if only
you knew how to use it... Well, every place has their own software, and i can
not spend my time telling you the ins and outs of each individual software.
I've also seen these terminals in libraries, used for electronic card
catalogs. Dumb terminals are easily distinguished by either a nasty Green,
amber, or white/grey screen, attached directly to a keyboard. You can find out
about each terminal and what kind of software is being run once you find one
of them logged in.
You need to find the set-up hotkey sequence. Some of the DEC terminals just
use F3. (if there's an F-key or other non-alpha-numeric key that seems to
have been torn off, there's a good chance that's the one you're looking for.
This was the case in a blockbuster video i was at a few weeks ago, where they
had a terminal up and running for Blockbuster patrons to look up rental
availability, new releases, up-and coming rental release dates, etc). On
Televideo Terminals, There's always (or at least I've always seen) a key close
to the upper right hand corner of the keyboard, kind of where the F-keys are,
and it's labeled:
Set Up
-----------
<something>
I can't remember what the option on the bottom of the key is, but you just
have to hit the Shift Key, and that key at the same time.
The Set-Up Menus
----------------
These vary drastically from one terminal to the next. You're almost always
guaranteed to find out more about the software that the establishment you're
messing with is using, just by looking at the programmed macros. If you're
feeling evil, write the settings down, and change them on that terminal.
You can usually change some normal system settings, such as Reverse Video
mode, Connection Speed, printing (if there's a printer), and in some cases,
you can access a log of keystrokes (hee hee!). A very few terminals allow the
user to define their own custom emulation settings, allowing an advanced, and
properly informed user to set a Televideo terminal to handle VT, 3270, Prism,
and many others.
Dumb terminals are great if you just want to hit some dial-up unix shell
accounts or get on bulletin boards. You can usually hook a modem up directly
to it and go to town. This works best with VT series terminals, because the
VT-100 + emulation settings are very similar to the ANSI codes that many BBSes
use. If you don't have a VT terminal, most unix systems allow the user to
define the terminal type, and it will slip into that emulation mode.
This article doesn't really cover many specifics, other than to point out that
these pieces of equipment which have been labeled completely obsolete, still
have value and function, and not only to the hacker. I wish it was possible
for me to show exactly how to get into setup (and what you can do once you're
in there) on as many different models as possible, but I can't, simply because
it's different for each brand, and between models. Sometimes it's just fun
to hack around trying to find the cool little "secret" menus.
HiR NeWZ!
Mirror Sites:
As you may have read in the first file (intro/ToC) to this issue of HiR,
We're now working in conjunction with the people at TwistedinterneT services
(www.twistedinternet.com), a site that impressed the hell out of Axon while
he net surfed one day. HiR can be found in the library, under the magazines,
on their web site. Make sure to check out their files too (especially some
of the unix and phreaking stuph!) As far as the spread of information is
concerned, I haven't seen this much stuff in one place at the same time since
the death of silicon toad's page (if it's still around, mail us the URL!!! We
miss that place too!). Proof that there is still a glimmer of hope for the
freedom of information!
The Man in Black/Rosencrantz has also provided a mirror for the southwestern
region of the united states (Physical server location is socorro, New mexico).
This is a full mirror site of the official HiR page, and contains nearly the
exact same content.
What's with the ASCII!!??
This issue has been deemed the "Special ASCII Edition" of HiR. All of the
article titles are ascii-ized, and some of the other parts have been created
in that wonderful high-bit character set. If you're trying to view this in
netscape, MSIE, wordpad, notepad, or anything else graphical, it probably will
look like crap, and that's because your veiwer sucks! Use a real text viewer
like vi or something...hell, use EDIT in dos, or pico (shudder) under unix.
If you really knew what you were doing, you'd be using lynx as your browser,
and you could read ALL this stuff online, isn't that nice?!
As usual, we need writers. While we won't nessecarily take everything that
comes our way, I'm sure that there are plenty of hackers out there willing
to share their knowledge with others. If you're into (or used to be into)
the H/P scene, and consider yourself a decent writer, then by all means send
some of your work to H_i_R@Hotmail.com, with your article submission attached.
The more info, the better!
Recently, while digging around in dumpsters, Axon and his friend Frogman ran
across this book that blows the motorola bible out of the water. It was a
training book used for an employee education seminar. Held within its 300+
pages is such a wealth of information, from programming instructions for each
motorola phone, to troubleshooting tips, a frequency / channel table for both
AMPS and N-AMPS, and ever so much more than that. Over the next few issues,
you can expect to find quite a few articles dealing with cellular. We will
attempt to unravel the mysteries that are clarified within it's pages. The
original owner of the manual was even kind enough to jot down some notes in
the margins that provide even more detail. We'll keep you posted.
This pretty much concludes HiR 4. Keep your eyes peeled on our sites for new
and exciting things happening, as well as an update on how the newest HiR is
coming along. Tentative release date for HiR 5 is May 1, 1998.