💾 Archived View for gemini.spam.works › mirrors › textfiles › phreak › BOXES › boxes.nph captured on 2022-06-12 at 17:15:09.

View Raw

More Information

-=-=-=-=-=-=-

 
   Instuctional phile

   Topic ..................... Creating Various Phun Fone Toys
   Author .................... Compilation phrom several sources
   Compiler .................. Nocturnal Phoenix

       This is one of a series of compilations I am creating of the
       various techniques used to perphorm actions that aught not be
       perphormed (but will be done anyway, so why not do it right?).
       I am expecting to have maybe ten or so of these compilations
       by the time I am done.  I realized the need phor some phorm of
       organization of this sort of inphormation when I came across
       phour meg of shit like this.  Out of that phour meg, two meg was
       totaly redundant, one meg was corrupted to the point of not
       being able to read it, and of the other meg, everything that
       was actually usephul was scattered everywhere in bits and pieces.
       Now I personally am a strong proponant of peacephul world Anarchy,
       but I would really rather not try to make something phun like
       nitroglycerin (to use something extremely dangerous that I saw
       phrequently in all that shit) without having a complete set of
       instructions.  Whenever it was possible, I have given credit to
       the author of the original article, although I phound many
       articles which were the same, word phor word, but with dipherent
       authors, phorcing me to chose one of them.  Sorry if I chose
       wrong.

       The compiler of this phile apologizes to the authors of the
       articles within phor any alterations done to their documents.
       This was unavoidable, as most of these texts were nearly 
       unreadable by the time I got them.  I assume this is due to
       various changes made by people who had been in possesion of
       them bephore me, and to the slow corruption of the data as it
       was sent over innumerable fone lines phrom modem to modem. To
       avoid the phurther corruption of this very usephul inphormation,
       I would ask two things:

          1. That any comments, notes, additions, etc. be placed at
             the very end of this phile, not just stuck wherever you
             pheel like it.  I have put a sample addition in at the
             end of this file for convenience.  Please leave:
                -  Your name (your phake name that would be used phor
                   BBS' and such, not your real name)
                -  The date
                -  Where you can be reached (BBS' etc.)
                -  The inphormation you wish to leave
          2. That any random corruptions phound while reading (such
             as the word "TELEPHONE" appearing as "TELEPH?NE") are
             phixed (I'm sure that some smartass will be tempted to
             phix the example I have just given.  Please don't).

       Thank you phor your cooperation in this matter.  Please give
       this phile to whoever you can, knowing that it will probably
       have grown substantially by the next time you phind it.  Also,
       when you do phind it again, and it is a newer version than you
       have, delete the older version and only distribute the newer
       one. 

                                                 - Nocturnal Phoenix

------------------------------------------------------------------------------

)()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()(
)(        How To Listen In On Cordless Telephone Conversations              )(
)(                                                                          )(
)(        An Original 'Phile' By:        Beowulf                            )(
)(                                                                          )(
)(        Call The Outhouse BBS         201-756-9575                        )(
)(                                                                          )(
)()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()(


           Have you ever wanted to know what your brother/sister/parents/
friends/enemies were saying as they hid somewhere, cordless phone in hand?
With this phile, now you can!  Just follow the simple instructions outlined
inside.
           First some information about cordless telephones:

           The original cordless telephones (1978-about late 1983) were made
to be used on the 1.6 to 1.8 MHz band.  If you will notice, 1.6 MHz is also
the top end of the AM broadcast band.  These phones operate on AM (just like
the radio stations) and use the wiring in your house for an antenna.  The
power of these phones is 1/10 of a watt in most cases, or about 1/50th of the
power that your average CB radio will put out.  So, not having a lot of power,
it is tough to hear these phones.  You know how they say '500 foot range'?
Sure, that's the range of the handset to the base, but not of the signals
emitted by the base!   Which means that on good nights you can hear them for
many miles (I live in NJ an have heard telephones VERY loudly from NY City,
35 MILES away!).
           The newer phones, however, are not as easy to hear.  They operate
on FM on the 49 MHz band, which is the same frequency which your little
walkie-talkies that you loved as a ten year old operate on.  These phones
require a little bit more effort to be heard than do the old ones (and a
little $$).   Never fear, however, because about 1 out of 10 phones is the
old style, and they are still being made and sold today.

           How To Do It:

           For the old style phones, you will need to get a pocket size AM
transistor radio.   The one I used was an AM/FM Realistic (bought for $9 at
Radio Shack).  There should be a small plastic box inside the radio.  This
little 'box' is the VFO (Variable Frequency Oscillator) which controlls the
frequency of the radio.  Now of course, you aren't going to have a digital
frequency counter (they only cost $400, so everyone should have at least
two of them) so before you do anything, turn on the radio and tune to the
top of the band and find the station which is closest to the top of the
broadcast band.  Write down the frequency so you have something to compare
to later.
           Now, turn off the radio, get a small size screwdriver, and
adjust the small screw(s) on the back of the little plastic box.  Don't turn
them more than a quarter turn at a time.  Now, when you have done your first
'tweak' of the screws, turn on the radio and see where that station at the
top of the band is now on the frequency dial.  When you have gotten the
station 150-200 kHz down from where it was, (like if the frequency was 1600,
get it down between 1400 and 1450), you are all set to recieve cordless
telephones at the top end of the radio!  Note: this little 'trick' may not
work as well on all radios, but it is worth a try.  If worse comes to worse,
you can turn them back.
           The ideal distance is a close to the base as you can get, but this
sucker should pull in signals from up to 500 feet away with no problem.
Simply go near someones house with this, and then have fun!

            Another way:  Another way to do this, if the VFO adjustment trick
does'nt work, is to adjust the small metal boxes that have little colored
screws in them.  These are the tuning coils for the reciever circuit, and they
affect the frequency also.  Another possibility is a combination of turning
the VFO screws and the coils to try to get the desired effect.  Good Luck!

           Now for the tough ones, the new phones.  The new phones work on
the 49 MHz band.  You are going to need one of the 'new' walkie talkies that
operate on 49 MHz     ===- FM -===    (the cheap shit ones are AM).  If you
decide to invest in one at Radio Shack or similar store, make damn sure you
get FM walkie talkies.  If you get AM, you're screwed, unless you have a
friend who is killer into electronics or ham radio who has the knowledge to
convert AM to FM.  (Yes, it can be done.  I have done it with CB's, and it is
great for CB because no one can understand what you are saying unless they
have a FM-converted CB.....Hmm.....that may be my next text phile...look for
it!!)  Anyway.....when you get your FM walkie talkie, you can do one of two
things:
        A)  You can play the adjust the coils trick as mentioned in the last
            article (there is no VFO because walkie talkies are crystal
            controlled).
        B)  You can change the crystal.  Popular frequencies for cordless
            phones are 49.830, 49.860 and 49.890 MHz.  These crystals can
            be obtained from electronic supply houses (like ones that sell
            chips for your Apple) for about $2 or less each.

           And that just about concludes this phile.  There are two other
shortcut methods that can be used to bypass this mess and get you listening
in right away.
          1)  Get a general coverage receiver.  They cover all frequencies
              from 100 kHz to 30 MHz, and will provide you with 'armchair'
              reception because you can hook up a monster antenna. (I have
              a 1964 vintage model that I got for $10 sitting on my desk
              with a 600 foot long piece of wire for an antenna....boy,
              I know everything in my neighborhood before the ladies start
              gossiping!)

           2)  If you play guitar or bass, and have a 'wireless' system for
               your guitar like the Nagy 49R, you can hook up a 12 volt
               lantern battery and go prowling around listening for the
               phones.  (Bass rules!)

            Method 1 only works on the old phones because of the frequency
limitations of the reciever, and method 2 is for new phones only because
the 'wireless' systems only work on 49 MHz FM.

            Have phun with your new knowledge, and look for more philes
from me in the future (that CB FM is a good idea.....hmmmm...)

------------------------------------------------------------------------------

                        The basics of phone anarchy


        This phile will teach you the basics of Phucking people up with
  simple eletronic telephone terrorism!

        1) Silent Phone Killer

        This is a device , easy to make, that will take a persons phone off
        the hook WITHOUT that phucking Alert noise!!

                1) Aquire a wall mount, NOT FLUSH MOUNT, phone jack block.
                   This is a square box about 2" X 2" X 1/2" and has a
                   modular jack in the middle (or about).

                2) Get a peice of thin wire (not unlike that used in the box)

                3) Run the wire from the red to the green terminals as so to
                   connect them.  Then Recover the box.
                   .
                   SIMPLE HUH?!

                4) Now, Plug this baby into the wall via a telephone type
                   wire with a modular plug at each end. ZAP.
                   .
                   Until the device is deteted and removed, it will do 2
                   things:
                      a) Put the circut off hook.
                      b) MUTE all other phone devices in the house by drawing
                         all the phone line current.  So it they pick up the
                         phone to try to dial, even IF the alert tone is on,
                         it will not be herd on the phone.



                         __________________________
    Diag. # 1           I                          I
                        I  MODULAR ####            I
                        I  PLUG -->####            I
                        I        /      \          I
                        I     |/          \|       I
                        I    =|============|=WIRE  I
                        I     |            |       I
                        I    RED         GREEN     I
                         --------------------------




        2)  Loss of hearing!!!


                   This one will make the victim HARD of HEARING.

                        1) Take a medium strength resistor.

                        2) Go outside their house.  Open the phone connection
                           Box on the side of their house.  Wire the resistor
                           in between the red in from the streen and the red
                           going to the home. HEHEHEHE. this will reduce
                           audio, along with causing nemerous other SMALL
                           bugs....




Diag. # 2

                         ---------------------------
                         I___________              I
                         I           I             I
                MODULAR --->####-----I -----^^^-R  I
                PLUG     I  ####-----I ---------G  I
                         I  \ \------I-\________Y  I
                         I    \----- I-\________B  I     ^^^ = RESISTOR
                         I           I             I
                         I           I             I
                         ---------------------------
                     (THIS IS WHAT MOST MODERN ONES LOOK LIKE)
                     (CHECK YOU TARGETS HOME FOR EXACT LAYOUT)



                          Well, That should keep ya busy

------------------------------------------------------------------------------

                         Making your own test set

                                
So, you want a lineman's test set, but are too scared to steal one and
don't want to pay $200.00 for one. Well, this file will tell you how.


        You will need :

                      3 aligator clips. (The extra for if you screw up one)
                      1 ONE PEICE phone (the kind you set down on a table to
                        hang up)


                     Optional:
                     1 wall mount phone jack (For noise-less conecting)

Ok. Now you have your shit, what do you do?

1. slice off the modular plug off the phone. KEEP THE PHONE CORD LONG!!
2. expose about 1/2 an inch of the conductor of the RED and GREEN wires.
2a If there is an black and yellow wire on the phone cord, cut them down to
   get them out of the way. You don't need them
3. Attach the alligator clips to the exposed wires (Try to color cordnate the
   clips so you know what is green and what is red)

easy huh?
                            ____phone
here is s diagram:         /
                          /
#######################################                      red
#                                     #                     /
#       # # # #              #   ###  #==================------==\= \___Clips
#       # # # #              #   ###  #==================------==\= /
#       # # # #                       #                    \
#######################################                     green



Optional modifications:

1) Keep the phone intact.  use the wall mount phone outlet and a peice of 2
 conductor wire (or phone cord type wire). Attach the wire to the block, and
 attach the clips to the wire as shown above.

2) If you have a little money and the phone line to tap has a close by AC
   outlet, use a cordless phone insted of the regular one.  This allows for
   you to be away from the base and still use the target line. Try to get a
   phone that uses CH 10. This ,I have found, is the clearest signal.


  Here is a diagram of the box method:
                         box
                        /
         _____________ /      red
        |             |      /
        |  __         |---------------===\=
        | |__|        |---------------===\=
        |             |    \
        |_____________|     green

------------------------------------------------------------------------------

OoOoOoOoOoOoOoOoOoOoOoOoOoOoOoOoOoOoOoOoOoOoOoOoOoOoOoOoOoOoOoOoOoOoOoOoOoOoO
oO                                                                         Oo
Oo                         Building a Diverter Box                         oO
oO                              Designed by:                               Oo
Oo                            Digital Deviant                              oO
oO                                                                         Oo
OoOoOoOoOoOoOoOoOoOoOoOoOoOoOoOoOoOoOoOoOoOoOoOoOoOoOoOoOoOoOoOo 5/12/91 oOoO


Does the Menace of ESS have you down?Tired of worrying about getting nabbed
everytime you phreak?Well then the Diverter Box is for you.A few years back I
got plans for a box called the Gold Box.Most hackers soon found out that the
Gold Box did not work after trying to construct it.The Gold Box design was
totally fucked.I still see the plans on many boards to this day.Even though
they don't work.But it is those plans inspired me to design the Diverter Box.
The construction is fairly simple and cheap.You can get all of the needed
parts at your local Radio shack.


PARTS NEEDED:

=QTY=========ITEM====================================CAT NO======PRICE=======
  3          SPDT MICROMINIATURE PC RELAY            275-240     $1.99 EACH
  2          NEON LAMPS                              272-1100    $ .89 EACH
  2          PHOTOCELLS                              276-1657    $1.98 FOR 5
  1          200V SILICON CONTROLLED RECTIFIER (SCR) 276-1067    $ .99
  1          1:1 AUDIO TRANSFORMER                   273-1374    $3.59
  1          9V BATTERY SNAP CONNECTOR               270-325     $1.19 FOR 5
  1          9V BATTERY
  -          SOME WIRE, ELEC TAPE AND SOLDER
=============================================================================


CONSTRUCTION/ PLANS:

Ok,take the Neon Lamps and the Photocells and tape them together with the
electrical tape or any tape that will not allow light in.Tape them together
so that the Neon Lamp will shine directly on the photocell.Make sure that no
light can get in.Ok,now you will have two separate Optocouplers.In the plans
they will be labeled MOC1,and MOC2.It would be best to print the plans out,
so you can see the whole thing at one time.


     BLACK                                                 RED
?????????????????????????????????????????????????????????????????????????????
                           ? AUDIO     ?
Connect Wires to FONE #1   ? TRANSFORMR?            Connect Wires to FONE #2
?????????????              ?????????????              ???????????????????????
     WHITE  ?             W?        ????              ?    YELLOW
            ?             H?        ?Y                ?
            ?             I?????    ?E                ?
            ?             T    ?    ?L                ?
            ?             E    ?    ?L                ?
            ? ??????????????   ?    ?W ?????????????? ?
            ????oNO    NCo ?   ?    ?????oNO    NCo ? ?
           ?????o  COIL  o???????????????o  COIL  o?????????????
           ?  ?            ?   ?       ?            ? ?        ?
           ?  ?            ?   ?       ?            ? ?  +      ?
           ?  ? o  COM   o??????       ? o  COM   o????        ?
           ?  ??????????????           ??????????????          ?
           ?    RELAY #1                 RELAY #2              ?   - NEGATIVE
           ???????????????????                                 ??????????????
              ?????????????? ?                                     ?   9V   ?
              ? oNO    NCo????                                     ? BATTERY?
         ???????o  COIL  o??????        ?????????????????????    ????????????
         ?    ?            ?   ?        ?    ?????????????  ?    ? + POSITIVE
         ?    ?            ?   ?        ?    ?     ??o?? ?  ?    ?
         ?    ? o  COM   o?????+?????????    ? SCR ????? ?  ?    ??
         ?    ??????????????                 ?     ????? ?  ?     ?
         ?      RELAY #3                     ?     ? ? ? ?  ?     ?
         ?                           -       ?     1 2 3??  ?     ?
         ?       Connect wire to the ?       ?     ? ?      ?     ?
         ?       NEGATIVE terminal on?       ?     ??????????     ?
         ?       Battery             ?       ?       ?            ?
         ?       ?????????????????????       ?       ?????????????+
         ?       ?                           ?                    ?
         ?       ? PHOTOCELL                 ?                    ?
         ?       ? LEADS                     ??????????????       ?
         ?????????                                        ?       ?
         ? MOC1  ?                                        ?       ? PHOTOCELL
         ?????????                                        ?       ? LEADS
         ?Connect? NEON LAMP                              ?       ?
         ?  to   ? LEADS                                  ?       ?
         ?FONE #3?                                        ?????????
         ?       ?                                        ? MOC1  ?
                                                          ?????????
                                                          ?Connect? NEON LAMP
                                                          ?  to   ? LEADS
                                                          ?FONE #1?
                                                          ?       ?

USAGE/ TIPS:

You can probably find a better way to connect everything.I just drew the
schematics like that so they would be easy to understand.In the areas where a
wire crosses over another wire DO NOT connect them, UNLESS there is a "+" sign
where the wires cross.Now solder all the shit together.The polarity on the
Fone lines doesn't matter.So you won't have to spend time and frustration
trying to get the proper polarity connections.As you may have noticed you will
need three fone lines.FONE #1 will be the number you call to get a dial tone.
FONE #2 is the fone line that you will be dialing out from.You will call
FONE #3 to disconnect FONE #1 and FONE #2,in other words you will call this
number to cause them to hang up.If you know anything about electronics you
could hook up a tone detecting chip that would activate RELAY #3 when a
certain tone is played.This would cause the fones to hang up.FONE #2 MUST be a
regular fone line.FONE #1 and FONE #3 can be a Pay Fone Line or a regular Fone
Line.
A good place to hook this up would be at a Jiffy that has two pay fones.But
you would not be able to use your box until they close.Your best bet would be
to hook it up at a big hotel or motel.They have plenty of pay fones.You may
have to run some wire to connect to their PBX,but it can be done.After you've
got the device hooked up ANI Fone #1 and Fone #3...Now your all set.Dial with
care, but dial any where.Have phun!


DISCLAIMER:

This file is for INFORMATIONAL Purposes ONLY.The Diverter Box is not to be
used in any illegal manner(Yeah, thats it).I do NOT take any responsibility
for your actions!

------------------------------------------------------------------------------

                       HOW TO BUILD A BLACK BOX
                       ------------------------


A BLACK BOX IS A DEVICE THAT IS HOOKED UP TO YOUR FONE THAT FIXES YOUR FONE
SO THAT WHEN YOU GET A CALL, THE CALLER DOESN'T GET CHARGED FOR THE CALL.
THIS IS GOOD FOR CALLS UP TO 1/2 HOUR, AFTER 1/2 HOUR THE FONE CO. GETS
SUSPICOUS, AND THEN YOU CAN GUESS WHAT HAPPENS.

THE WAY IT WORKS:

WHAT THIS LITTLE BEAUTY DOES IS KEEP THE LINE VOLTAGE FROM DROPPING TO 10V
WHEN YOU ANSWER YOUR FONE.  THE LINE IS INSTEAD KEPT AT 36V AND IT WILL MAKE
THE FONE THINK THAT IT IS STILL RINGING WHILE YOU'RE TALKING.  THE REASON FOR
THE 1/2 HOUR TIME LIMIT IS THAT THE FONE CO. THINKS THAT SOMETHING IS WRONG
AFTER 1/2 AN HOUR OF RINGING.

ALL PARTS ARE AVAILABLE AT RADIO SHACK.  USING THE LEAST POSSIBLE PARTS AND
ARANGEMENT,  THE COST IS $0.98, AND THAT IS PARTS FOR TWO OF THEM!  TALK
ABOUT A DEAL!  IF YOU WANT TO SPLURGE THEN YOU CAN GET A SMALL PC BOARD,
AND A SWITCH.  THERE ARE TWO SCHEMATICS FOR THIS BOX, ONE IS FOR MOST NORMAL
FONES.  THE SECOND ONE IS FOR FONES THAT DON'T WORK WITH THE FIRST.  IT WAS
MADE FOR USE WITH A BELL TRIMLINE TOUCH TONE FONE.


                   **  SCHEMATIC 1 FOR MOST FONES  **
                   **         LED ON: BOX ON       **

                   PARTS: 1 1.8K 1/2 WATT RESISTOR
                   1 1.5V LED
                   1 SPST SWITCH

                   YOU MAY JUST HAVE TWO WIRES WHICH YOU
                   CONNECT TOGETHER FOR THE SWITCH.

                   FROM >--------------------GREEN->  TO
                   LINE >--!   1.8K  LED  !---RED--> FONE
                   !--/\/\/\--!>--!
                   !              !
                   ------>/<-------
                   SPST


                   **  SCHEMATIC 2 FOR ALL FONES  **
                   **        LED ON: BOX OFF      **

                   PARTS: 1 1.8K 1/2 WATT RESISTOR
                   1 1.5V LED
                   1 DPST SWITCH

                   FROM >---------------GREEN->  TO
                   LINE >-------      ---RED--> FONE
                   !  LED !
                   -->/<--!>--
                   !         !
                   ---/\/\/---
                   1.8K



                   HERE IS THE PC BOARD LAYOUT THAT I
                   RECOMMEND USING.  IT IS NEAT AND IS
                   VERY EASY TO HOOK UP.

                   SCHEMATIC #1        SCHEMATIC #2

                   **************      ****************
                   *            *      *  -------     *
                   * --<LED>--- *      *  !     !     *
                   * !        ! *      *  ! <SWITCH>  *
                   * RESISTOR ! *      *  ! !      !  *
                   *        ! ! *      *  ! !      /  *
                   * -------- ! *      *  ! !      \  *
                   * !        ! *      *  ! <LED>! /  *
                   * --SWITCH-- *      *  !      ! \  *
                   *  !      !  *      *  !      ! /  *
                   L *  !      !  * F  L *  !      ! !  * F
                   I>RED-      -RED>O  I>RED-      ---RED>O
                   N>-----GREEN---->N  N>-----GREEN------>N
                   E * H          * E  E *              * E
                   **************      ****************

ONCE YOU HAVE HOOKED UP ALL THE PARTS, YOU MUST FIGURE OUT WHAT SET OF WIRES
GO TO THE LINE AND WHICH GO TO THE FONE.  THIS IS BECAUSE OF THE FACT THAT
LED'S MUST BE PUT IN IN A CERTAIN DIRECTION.  DEPENDING ON WHICH WAY YOU PUT
THE LED IS WHAT CONTROLS WHAT WIRES ARE FOR THE LINE & FONE.

HOW TO FIND OUT:

HOOK UP THE BOX IN ONE DIRECTION USING ONE SET OF WIRES FOR LINE AND THE 
OTHER FOR FONE.



ONCE YOU HAVE HOOKED IT UP, THEN PICK UP THE FONE AND SEE IF THE LED IS ON.
IF IT IS, THE LED WILL BE LIT.  IF IT DOESN'T LIGHT THEN SWITCH THE WIRES AND
TRY AGAIN.  ONCE YOU KNOW WHICH ARE WHICH THEN LABEL THEM.


        POSITION.  NOW LABLE THE SWITCH IN ITS CURRENT POSITION AS BOX ON.

HOW TO USE IT:

THE PURPOSE OF THIS BOX IS TO PEOPLE WHO CALL YOU SO IT WOULD MAKE
SENCE THAT IT CAN ONLY BE USED TO RECEIVE! CALLS.  WHEN THE BOX IS *ON*
THEN YOU MAY ONLY RECIEVE CALLS.  YOUR PHONE WILL RING LIKE NORMAL AND
THE LED ON THE BOX WILL FLASH.  IF YOU ANSWER THE FONE NOW, THEN THE LED
WILL LIGHT AND THE CALLER WILL NOT BE CHARGED.  HANG UP THE FONE AFTER
YOU ARE DONE TALKING LIKE NORMAL.  YOU WILL NOT BE ABLE TO GET A DIAL
TONE OR CALL WHEN THE BOX IS ON, SO TURN THE BOX *OFF* FOR NORMAL CALLS.
I DON'T RECOMMEND YOU DON'T WANT IT TO ANSWER WHEN MA BELL CALLS!

------------------------------------------------------------------------------

From : THE PHREAKER'S HANDBOOK
       Issue #1, Volume 1
       July 3, 1989
       By DOCTOR DISSECTOR
 

      aqua  box  -  A  box  designed to drain the voltage of the FBI lock-in-
 trace/trap-trace  so  you  can  hang  up  your  fone  in  an  emergency  and 
 phrustrate  the  Pheds  some more. The apparatus is simple, just connect the 
 two  middle wires of a phone wire and plug, which would be the red and green 
 wires  if  in  the jack, to the cord of some electrical appliance; ie, light 
 bulb  or  radio.  KEEP  THE  APPLIANCE  OFF.  Then,  get  one  of those line 
 splitters  that  will  let  you hook two phone plugs into one jack. Plug the 
 end  of  the  modified  cord into one jack and your fone into the other. THE 
 APPLIANCE  MUST  BE  OFF! Then, when the Pheds turn their lame tracer on and 
 you  find  that  you  can't hang up, remove your fone from the jack and turn 
 the  appliance ON and keep it ON until you feel safe; it may be awhile. Then 
 turn  it  off,  plug  your fone back in, and start phreaking again. Invented 
 by: Captain Xerox and The Traveler.
 
      beige  box  - An apparatus that is a home-made lineman's handset. It is 
 a  regular  fone  that  has  clips  where  the  red and green wires normally 
 connect  to  in  a  fone jack. These clips will attach to the rings and tips 
 found  in  many  of  MA's output devices. These are highly portable and VERY 
 useful  when  messing  around  with  cans  and other output devices the fone 
 company has around. Invented by: The Exterminator and The Terminal Man.
 
      black  box  -  The infamous box that allows the calling party to not be 
 billed  for  the call placed. We won't go in depth right now, most plans can 
 be  found on many phreak oriented BBS's. The telco can detect black boxes if 
 they suspect one on the line. Also, these will not work under ESS.
 
      bleeper  boxes  -  The  United  Kingdom's  own version of the blue box, 
 modified  to  work  with the UK's fone system. Based on the same principles. 
 However, they use two sets of frequencies, foreword and backwards.
 
      Blotto  box  -  This  box  supposedly  shorts  every  fone  out  in the 
 immediate  area,  and  I  don't  doubt  it. It should kill every fone in the 
 immediate  area,  until  the  voltage reaches the fone company, and the fone 
 company  filters  it.  I  won't  cover  this  one  in  this issue, cuz it is 
 dangerous,  and  phreaks shouldn't destroy MA's equipment, just phuck it up. 
 Look  for  this  on your phavorite BBS or ask your phavorite phreak for info 
 if you really are serious about seriously phucking some fones in some area.
 
      blue  box  -  An  old  piece of equipment that emulated a true operator 
 placing  calls,  and  operators  get  calls for free. The blue box seizes an 
 open  trunk  by  blasting  a  2600  Hz tone through the line after dialing a 
 party  that  is  local  or in the 800 NPA so calls will be local or free for 
 the  blue boxer. Then, when the blue boxer has seized a trunk, the boxer may 
 then,  within the next 10-15 seconds, dial another fone number via MF tones. 
 These  MF  tones  must be preceded by a KP tone and followed with a ST tone. 
 All of these tones are standardized by Bell. The tones as well as the inter-
 digit  intervals  are around 75ms. It may vary with the equipment used since 
 ESS  can  handle higher speeds and doesn't need inter-digit intervals. There 
 are  many  uses to a blue box, and we will not cover any more here. See your 
 local  phreak or phreak oriented BBS for in depth info concerning blue boxes 
 and  blue  boxing.  Incidentally, blue boxes are not considered safe anymore 
 because  ESS  detects  "foreign"  tones,  such as the 2600 Hz tone, but this 
 detection  may  be  delayed  by  mixing pink noise of above 3000 Hz with the 
 2600  Hz  tone. To hang up, the 2600 Hz tone is played again. Also, all blue 
 boxes  are  green  boxes because MF "2" corresponds to the Coin Collect tone 
 on  the  green box, and the "KP" tone corresponds to the Coin Return tone on 
 the  green  box.  See  green  box  for  more  information.  Blue  boxing  is 
 IMPOSSIBLE  under  the new CCIS system slowly being integrated into the Bell 
 system.
 
      blue  box  tones  -  The MF tones generated by the blue box in order to 
 place  calls,  emulating  a  true operator. These dual tones must be entered 
 during  the  10-15 second period after you have seized a trunk with the 2600 
 Hz tone.                                                                   
                         700:  1 :  2 :  4 :  7 : 11 :    KP= Key Pulse     
  Parallel Frequencies   900: ** :  3 :  5 :  8 : 12 :    ST= STop          
    2= Coin Collect     1100: ** : ** :  6 :  9 : KP :   KP2= Key Pulse 2   
   KP= Coin Return      1300: ** : ** : ** : 10 :KP2 :    **= None          
   (green box tones)    1500: ** : ** : ** : ** : ST :                      
                            : 900:1100:1300:1500:1700:   75ms pulse/pause   
 
      bridge - I don't really understand  this  one, but  these  are important
phreak toys. I'll cover them more in the next issue of TPH.

      busy  box  - Box that will cause the fone to be busy, without taking it 
 OFF-HOOK.  Just  get a piece of fone wire with a plug on the end, cut it off 
 so  there  is a plug and about two inches of fone line. Then, strip the wire 
 so  the  two middle wires, the tip and the ring, are exposed. Then, wrap the 
 ring  and  the  tip  together,  tape with electrical tape, and plug into the 
 fone jack. The fone will be busy until the box is removed.
 
      cheese  box  -  Another  type  of  box  which,  when  coupled with call 
 forwarding  services, will allow one to place free fone calls. The safety of 
 this  box  is unknown. See references for information concerning text philes 
 on this box.
 
      clear  box  - Piece of equipment that compromises of a telephone pickup 
 coil  and  a  small  amp. This works on the principal that all receivers are 
 also  weak  transmitters.  So,  you amplify your signal on PP fortress fones 
 and spare yourself some change.
 
      diverter  - This is a nice phreak tool. What a diverter is is a type of 
 call  forwarding  system done externally, apart from the fone company, which 
 is  a piece of hardware that will foreword the call to somewhere else. These 
 can  be  found  on  many  24 hour plumbers, doctors, etc. When you call, you 
 will  often  hear  a  click  and then ringing, or a ring, then a click, then 
 another  ring,  the second ring often sounds different from the first. Then, 
 the  other  side  picks  the  fone  up  and  you  ask about their company or 
 something  stupid, but DO NOT ANNOY them. Then eventually, let them hang up, 
 DO  NOT  HANG  UP  YOURSELF.  Wait  for the dial tone, then dial ANI. If the 
 number  ANI  reads  is different from the one you are calling from, then you 
 have  a  diverter.  Call  anywhere you want, for all calls will be billed to 
 the  diverter.  Also,  if  someone uses a tracer on you, then they trace the 
 diverter  and  you  are safe. Diverters can, however, hang up on you after a 
 period  of  time; some companies make diverters that can be set to clear the 
 line  after  a  set period of time, or click every once in a while, which is 
 super  annoying, but it will still work. Diverters are usually safer than LD 
 extenders,  but  there are no guarantees. Diverters can also be accessed via 
 phortress  fones.  Dial  the  credit  operator  and  ask for the AT&T CREDIT 
 OPERATOR.  They  will  put on some lame recording that is pretty long. Don't 
 say  anything  and  the  recording will hang up. LET IT HANG UP, DO NOT HANG 
 UP.  Then  the  line will clear and you will get a dial tone. Place any call 
 you  want  with  the following format: 9+1+NPA+Nxx+xxxx, or for local calls, 
 just  9+Nxx+xxxx. I'd advise that you call ANI first as a local call to make 
 sure you have a diverter.
 
      green  box - Equipment that will emulate the Coin Collect, Coin Return, 
 and  Ringback  tones.  This  means  that if you call someone with a fortress 
 fone  and  they  have  a  green  box,  by  activating it, your money will be 
 returned.   The   tones   are,   in   hertz,   Coin  Collect=700+1100,  Coin 
 Return=1100+1700,  and  Ringback=700+1700.  However,  before these tones are 
 sent,  the  MF  detectors  at  the  CO  must be alerted, this can be done by 
 sending  a  900+1500  Hz  or  single 2600 Hz wink of 90ms followed by a 60ms 
 gap, and then the appropriate signal for at least 900ms.
 
      gold  box  -  This  box  will  trace  calls,  tell if the call is being 
 traced, and can change a trace. 
 
      grey box - Also known as a silver box. See silver box.
 
      output  device  -  Any  type  of interface such as cans, terminal sets, 
 remote  switching centers, bridging heads, etc., where the fone lines of the 
 immediate  area are relayed to before going to the fone company. These often 
 are  those  cases  painted light green and stand up from the ground. Most of 
 these  can  be  opened  with a 7/16 hex driver, turning the security bolt(s) 
 1/8  of  an  inch  counter-clockwise,  and  opening. Terminals on the inside 
 might  be  labeled "T" for tip and "R" for ring. Otherwise, the ring side is 
 usually on the right and the tip side is on the left.
 
      purple  box  -  This one would be nice. Free calls to anywhere via blue 
 boxing,  become  an  operator  via  blue box, conference calling, disconnect 
 fone  line(s),  tap  fones,  detect  traces,  intercept directory assistance 
 calls. Has all red box tones. This one may not be available under ESS.
 
      rainbow  box  -  An  ultimate  box. You can become an operator. You get 
 free  calls,  blue  box. You can set up conference calls. You can forcefully 
 disconnect  lines.  You can tap lines. You can detect traces, change traces, 
 and  trace as well. All incoming calls are free. You can intercept directory 
 assistance.  You have a generator for all MF tones. You can mute and redial. 
 You  have  all  the  red-box tones. This is an awesome box. However, it does 
 not exist under ESS.
 
      red  box  -  Equipment that will emulate the red box tone generated for 
 coin recognition in all phortress fones.
 
      red  box  tones - Tones that tell the phortress fone how much money was 
 inserted  in  the  fone  to make the required call. In one slot fones, these 
 are  beeps in pulses; the pulse is a 2200+1700 Hz tone. For quarters, 5 beep 
 tones  at 12-17 PPS, for dimes it is 2 beep tones at 5-8.5 PPS, and a nickel 
 causes  1  beep  tone  at  5-8.5  PPS.  For  three slot fones, the tones are 
 different.  Instead of beeps, they are straight dual tones. For a nickel, it 
 is  one  bell  at 1050-1100 Hz, two bells for a dime, and one gong at 800 Hz 
 for  a  quarter.  When  using  red  box  tones, you must insert at least one 
 nickel  before playing the tones, cuz a ground test takes place to make sure 
 some  money  has  been  inserted. The ground test may be fooled by the Paper 
 Clip  Method.  Also,  it has been known that TSPS can detect certain red box 
 tones, and will record all data on AMA or CAMA of fraudulent activity.
 
      ring  -  The  red wire found in fone jacks and most fone equipment. The 
 ring  also is less positive than the tip. When looking at a fone plug on the 
 end  of typical 4 wire fone line from the top, let's say the top is the side 
 with  the  hook,  the ring will be the middle-right wire. Remember, the ring 
 is red, and to the right. The three "R's" revived!
 
      silver  box  -  Equipment that will allow you to emulate the DTMF tones 
 A,B,C,D.  The  MF  tones  are, in hertz, A=697+1633, B=770+1633, C=852+1633, 
 D=941+1633.  These  allow  special functions from regular fones, such as ACD 
 Testing Mode.
 
      switchhook  -  The  button on your fone that, when depressed, hangs the 
 fone up. These can be used to emulate rotary dial fones if used correctly.
 
      tip  -  The green wire found in fone jacks and most fone equipment. The 
 tip  is  the more positive wire compared to the ring. When looking at a fone 
 plug  from  the  top, lets say the hook side is the top, the tip will be the 
 middle wire on the left.
 
      white box - This is a portable DTMF keypad.

------------------------------------------------------------------------------

High Tech Revenge:  The Beigebox                by The BHU

The beigebox is simply a consumer lineman's handset  which is a
phone that can be attached to the outside of a person's house.  To
fabricate a beigebox  follow along.

Making a beigebox:

Obtain an old phone  and cut off the plug on the end.  Solder an
alligator clip onto the red wire  and the green wire.

Now  imagine the possibilities:  a $2000 dollar phone bill for
that special person  976 numbers galore  even harassing the
operator at no risk to you!  Think of it as walking into an
enemies house  and using their phone to your heart's content.

Connecting the beigebox:

Look on the outside of your victim's house  taking note of any
wires leading from a telephone pole to the exterior of their
house.  Follow the wires  and find where they connect.  The
telephone wire should be black  and about the width of your small
finger.  You do NOT want the 220 volt house current  unless you
like having a permanent orange afro.

When the telephone wire connects to the victim's house  it should
run down their wall  and into a small beige or grey box.  Some
boxes have a bolt in the dead center  and some have even gone as
far as to have a lock (smashing them open is no problem).  Now
you must open the box  and observe:  you should see three bolts
each with wires attached.  Connect the two alligator clips to the
two outside bolts  and then you should get a dial tone.  If you
do not get a dial tone  experiment with the connections.  By the
way  don't worry about getting electrocuted;  there is not enough
power in the phone lines to harm you.

After placing a few phone calls  if you really want to get even
pull all the wires out of the box.  This will result in about a
$100 dollar service charge for your enemy.

Use your imagination!

------------------------------------------------------------------------------
  P/HUN Newsletter #1         Phile 1.8 of 1.14
              -=-=<*   Red and Green boxes revived   *>=-=-
                       ---------------------------
                           By: Pink Panther

        Probably most of the information I am about to tell you, you
probably already know or have it stored somewhere.  But I have seen
quite a lot of questions on the subject lately, and thought to
explain a couple of things.
        Blue boxing has been dead for quite some time since
everything went to ESS, and the same with black boxing.  The
latest form of boxing is red and green boxing.  They both deal
with fortress phones and can only be used with a fortress phone.
        With a red box, you dial a number at a fortress, insert
a nickel, which is the ground check, and play the tape.  It will
emulate coins being dropped into the fortress.  Since there is
also questions on what are and how to get these tones, I've
created a simple step process:

     1)  Obtain a recorder that you can directly hook into
         a fone line.  If you use a regular recorder, you will
         need some modification on it.  If you have an answering
         machine, then you have it made.

     2)  Find a fortress, and follow the metal pipe (usually
         metal) from the fortress to where ever it ends up.
         At somepoint on the pipe, there will be a small box which
         is held together by two screws.  Unscrew the box.

     3)  You now should find two bolts with wires connected
         to them.  The wires are 22 gauge (which is fairly
         thin wire).  If you see thicker wires, such
         as 12 gauge wires, these are 220 volt AC lines,
         usually connected to the light in the phone booth.
         Do not touch the AC lines, unless you are stupid.
         Connect the tape recorder to the proper bolts, which
         means the 22 gauge wire.

     4)  Now dial a long distance fone number, and you will
         get a recordering to insert some money.  Insert about
         $6.00 in quarters, then hang up and your money will
         be returned.  The tones should have been recorded
         with a normal tape with no dolby.

     5)  Obtain a recorder with a built in speaker, or
         rip apart a phone set and obtain the earpiece.  If
         there is a diode across the earpiece, remove it.
         Connect the earpiece to the output of the recorder.
         (I recommend using an earpiece rather than a built
         in speaker).

     6)  To test your tones, dial 0-959-1230 from a fortress,
         and you should get 'Coin Test ... Please Deposit ... .'
         Play back the tones you recorded and if everything
         goes well, you should hear 'Quarter' everytime a tone
         is played.  Remember you only recorded quarter tones.
         You can record any tones you want by inserting different
         coins at the recording stage.  If you are having problems,
         try adjusting the volume.

     7)  To use, dial a non-local number, insert a real nickel,
         and play the tones.  Make sure you have enough tones
         on the recorder to complete the call.

        Now I will explain a little about what exactly happens
when you deposit coins.  When you deposit a coin, it goes through
a series of tests, determining what type of coin it is.  It
will be deposited in various coin slots within the fortress itself
if everything goes right.  But before it is deposited in the
right slot it will cause a wheel to be turned.  A nickel will
turn the wheel once, a dime twice, and quarter five times.  This
will cause a frequency to be generated which is sent to a
operator or computer.  A capacitor is placed across the
speech circuit while these tones are generated so that the
customer does not here them.  Here are the tones and PPS (pules
per second):
                 Nickel:  1 beep   5-8.5 PPS
                   Dime:  2 beeps  5-8.5 PPS
                Quarter:  5 beeps  12-17 PPS

        A green box allows the caller on the fortress to get his
money back.  It will generate the tones for coin collect, coin
return, and ringback.  This is basically what an operator uses.
A green box cannot be used on a fortress, but must be used by the
called party.  An operator release signal must be sent before
any tones from the green box are sent.  This contains of
a 2600hz tone for 90ms, then 60ms silence, then 2600hz for
900ms.  This all must be done within the three minute collect
period.  Anyway, here are the tones:
                Ringback:  700hz+1700hz
             Coin Return:  1100hz+1700hz
            Coin Collect:  700hz+1700hz

        I hope this has enlighted the few without such knowledge.
If you are confused, then don't phuck with this stuff, and get
out of phreaking.

------------------------------------------------------------------------------

                                ==Phrack Inc.==

                     Volume Three, Issue 25, File 7 of 11

      ^*^ ^*^ ^*^ ^*^ ^*^ ^*^ ^*^ ^*^ ^*^ ^*^ ^*^ ^*^ ^*^ ^*^ ^*^ ^*^ ^*^
      ^*^                                                             ^*^
      ^*^                  The Blue Box And Ma Bell                   ^*^
      ^*^                                                             ^*^
      ^*^                 Brought To You by The Noid                  ^*^
      ^*^                                                             ^*^
      ^*^ ^*^ ^*^ ^*^ ^*^ ^*^ ^*^ ^*^ ^*^ ^*^ ^*^ ^*^ ^*^ ^*^ ^*^ ^*^ ^*^


        "...The user placed the speaker over the telephone handset's
         transmitter and simply pressed the buttons that corresponded
         to the desired CCITT tones.  It was just that simple."


                          THE BLUE BOX AND MA BELL
                          ~~~~~~~~~~~~~~~~~~~~~~~~

Before the breakup of AT&T, Ma Bell was everyone's favorite enemy.  So it was
not surprising that so many people worked so hard and so successfully at
perfecting various means of making free and untraceable telephone calls.
Whether it was a BLACK BOX used by Joe and Jane College to call home, or a
BLUE BOX used by organized crime to lay off untraceable bets, the technology
that provided the finest telephone system in the world contained the seeds of
its own destruction.

The fact of the matter is that the Blue Box was so effective at making
untraceable calls that there is no estimate as to how many calls were made
or lost revenues of $100, $100-million, or $1-billion on the Blue Box.  Blue
Boxes were so effective at making free, untraceable calls that Ma Bell didn't
want anyone to know about them, and for many years denied their existence.
They even went as far as strongarming a major consumer-science magazine into
killing an article that had already been prepared on the Blue and Black
boxes.  Furthermore, the police records of a major city contain a report
concerning a break-in at the residence of the author of that article.  The
only item missing following the break-in was the folder containing copies of
one of the earliest Blue-Box designs and a Bell-System booklet that described
how subscriber billing was done by the AMA machine -- a booklet that Ma Bell
denied ever existed.  Since the AMA (Automatic Message Accounting) machine
was the means whereby Ma Bell eventually tracked down both the Blue and Black
Boxes, I'll take time out to explain it.  Besides, knowing how the AMA
machine works will help you to better understand Blue and Black Box "phone
phreaking."


Who Made The Call?
~~~~~~~~~~~~~~~~~~
Back in the early days of the telephone, a customer's billing originated in a
mechanical counting device, which was usually called a "register" or a
"meter." Each subscriber's line was connected to a meter that was part of a
wall of meters.  The meter clicked off the message units, and once a month
someone simply wrote down the meter's reading, which was later interpolated
into message-unit billing for those subscriber's who were charged by the
message unit.  (Flat-rate subscriber's could make unlimited calls only within
a designated geographic area.  The meter clicked off message units for calls
outside that area.)  Because eventually there were too many meters to read
individually, and because more subscribers started questioning their monthly
bills, the local telephone companies turned to photography.  A photograph of a
large number of meters served as an incontestable record of their reading at a
given date and time, and was much easier to convert to customer billing by the
accounting department.

As you might imagine, even with photographs, billing was cumbersome and did
not reflect the latest technical developments.  A meter didn't provide any
indication of what the subscriber was doing with the telephone, nor did it
indicate how the average subscriber made calls or the efficiency of the
information service (how fast the operators could handle requests).  So the
meters were replaced by the AMA machine.  One machine handled up to 20,000
subscribers.  It produced a punched tape for a 24-hour period that showed,
among other things, the time a phone was picked up (went off-hook), the number
dialed, the time the called party answered, and the time the originating phone
was hung up (placed on-hook).

One other point, which will answer some questions that you're certain to think
of as we discuss the Black & Blue boxes:  Ma Bell did not want persons outside
their system to know about the AMA machine.  The reason:  Almost everyone
had complaints -- usually unjustified -- about their billing.  Had the public
been aware of the AMA machine they would have asked for a monthly list of
their telephone calls.  It wasn't that Ma Bell feared errors in billing;
rather, they were fearful of being buried under any avalanche of paperwork
and customer complaints.  Also, the public believed their telephone calls
were personal and untraceable, and Ma Bell didn't want to admit that they
knew about the who, when, and where of every call.  And so Ma Bell always
insisted that billing was based on a meter that simply "clicked" for each
message unit; that there was no record, other than for long-distance as to
who called whom.  Long distance was handled by, and the billing information
was done by an operator, so there was a written record Ma Bell could not
deny.

The secrecy surrounding the AMA machine was so pervasive that local, state,
and even federal police were told that local calls made by criminals were
untraceable, and that people who made obscene telephone calls could not be
tracked down unless the person receiving the call could keep the caller on the
line for some 30 to 50 minutes so the connections could be physically traced
by technicians.  Imagine asking a woman or child to put up with almost an
hour's worth of the most horrendous obscenities in the hope someone could
trace the line.  Yet in areas where the AMA machine had replaced the meters,
it would have been a simple, though perhaps time-consuming task, to track
down the numbers called by any telephone during a 24 hour period.  But Ma
Bell wanted the AMA machine kept as secret as possible, and so many a
criminal was not caught, and many a woman was harassed by the obscene calls
of a potential rapist, because existence of the AMA machine was denied.

As a sidelight as to the secrecy surrounding the AMA machine, someone at Ma
Bell or the local operating company decided to put the squeeze on the author
of the article on Blue Boxes, and reported to the Treasury Department that he
was, in fact, manufacturing them for organized crime -- the going rate in the
mid 1960's was supposedly $20,000 a box.  (Perhaps Ma Bell figured the author
would get the obvious message:  Forget about the Blue Box and the AMA machine
or you'll spend lots of time, and much money on lawyer's fees to get out of
the hassles it will cause.)  The author was suddenly visited at his place of
employment by a Treasury agent.

Fortunately, it took just a few minutes to convince the agent that the author
was really just that, and not a technical wizard working for the mob.  But one
conversation led to another, and the Treasury agent was astounded to learn
about the AMA machine.  (Wow! Can an author whose story is squelched spill his
guts.)  According to the Treasury agent, his department had been told that it
was impossible to get a record of local calls made by gangsters:  The Treasury
department had never been informed of the existence of automatic message
accounting.  Needless to say, the agent left with his own copy of the Bell
System publication about the AMA machine, and the author had an appointment
with the local Treasury-Bureau director to fill him in on the AMA machine.
That information eventually ended up with Senator Dodd, who was conducting a
congressional investigation into, among other things, telephone company
surveillance of subscriber lines -- which was a common practice for which
there was detailed instructions, Ma Bell's own switching equipment 
("crossbar") manual.

The Blue Box
~~~~~~~~~~~~
The Blue Box permitted free telephone calls because it used Ma Bell's own
internal frequency-sensitive circuits.  When direct long-distance dialing was
introduced, the crossbar equipment knew a long-distance call was being dialed
by the three-digit area code.  The crossbar then converted the dial pulses to
the CCITT tone groups, shown in the attached table (at the end of this file),
that are used for international and trunkline signaling.  (Note that those do
not correspond to Touch-Tone frequencies.)  As you will see in that table, the
tone groups represent more than just numbers; among other things there are
tone groups identified as 2600 hertz, KP (prime), and ST (start) -- keep them
in mind.

When a subscriber dialed an area code and a telephone number on a rotary-dial
telephone, the crossbar automatically connected the subscriber's telephone to a
long-distance trunk, converted the dial pulses to CCITT tones, set up
electronic cross-country signaling equipment, and recorded the originating
number and the called number on the AMA machine.  The CCITT tones sent out on
the long-distance trunk lines activated special equipment that set up or
selected the routing and caused electro-mechanical equipment in the target
city to dial the called telephone.

Operator-assisted long-distance calls worked the same way.  The operator
simply logged into a long-distance trunk and pushed the appropriate buttons,
which generated the same tones as direct-dial equipment.  The button sequence
was 2600 hertz, KP (which activated the long-distance equipment), then the
complete area code and telephone number.  At the target city, the connection
was made to the called number but ringing did not occur until the operator
there pressed the ST button.

The sequence of events of early Blue Boxes went like this:  The caller dialed
information in a distant city, which caused his AMA machine to record a free
call to information.  When the information operator answered, he pressed the
2600 hertz key on the Blue Box, which disconnected the operator and gave him
access to a long-distance trunk.  He then dialed KP and the desired number and
ended with an ST, which caused the target phone to ring.  For as long as the
conversation took place, the AMA machine indicated a free call to an
information operator.  The technique required a long-distance information
operator because the local operator, not being on a long distance trunk, was
accessed through local wire switching, not the CCITT tones.

Call Anywhere
~~~~~~~~~~~~~
Now imagine the possibilities.  Assume the Blue Box user was in Philadelphia.
He would call Chicago information, disconnect from the operator with a KP
tone, and then dial anywhere that was on direct-dial service:  Los Angeles,
Dallas, or anywhere in the world if the Blue Boxer could get the international
codes.

The legend is often told of one Blue Boxer who, in the 1960's, lived in New
York and had a girl friend at a college near Boston. Now back in the 1960's,
making a telephone call to a college town on the weekend was even more
difficult than it is today to make a call from New York to Florida on a
reduced-rate holiday using one of the cut-rate long-distance carriers.  So our
Blue Boxer got on an international operator's circuit to Rome, Blue Boxed
through to a Hamburg operator, and asked Hamburg to patch through to Boston.
The Hamburg operator thought the call originated in Rome and inquired as to the
"operator's" good English, to which the Blue Boxer replied that he was an
expatriate hired to handle calls by American tourists back to their homeland.
Every weekend, while the Northeast was strangled by reduced-rate long-distance
calls, our Blue Boxer had no trouble sending his voice almost 7,000 miles for
free.

...The user placed the speaker over the telephone handset's transmitter and
simply pressed the buttons that corresponded to the desired CCITT tones.  It
was just that simple.

Actually, it was even easier than it reads because Blue Boxers discovered they
did not need the operator.  If they dialed an active telephone located in
certain nearby, but different, area codes, they could Blue Box just as if they
had Blue Boxed through an information operator's circuit.  The subscriber
whose line was Blue Boxed simply found his phone was dead when it was picked
up.  But if the Blue Box conversation was short, the "dead" phone suddenly
came to life the next time it was picked up.  Using a list of "distant"
numbers, a Blue Boxer would never hassle anyone enough times to make them
complain to the telephone company.

The difference between Blue Boxing off of a subscriber rather than an
information operator was that the AMA tape indicated a real long-distance
telephone call perhaps costing 15 or 25 cents -- instead of a freebie.  Of
course that is the reason why when Ma Bell finally decided to go public with
"assisted" newspaper articles about the Blue Box users they had apprehended,
it was usually about some college kid or "phone phreak."  One never read of a
mobster being caught.  Greed and stupidity were the reasons why the kid's were
caught.

It was the transistor that led to Ma Bell going public with the Blue Box.  By
using transistors and RC phase-shift networks for the oscillators, a portable
Blue Box could be made inexpensively, and small enough to be used
unobtrusively from a public telephone.  The college crowd in many technical
schools went crazy with the portable Blue Box; they could call the folks
back home, their friends, or get a free network (the Alberta and Carolina
connections -- which could be a topic for a whole separate file) and never
pay a dime to Ma Bell.

Unlike the mobsters who were willing to pay a small long-distance charge when
Blue Boxing, the kids wanted it, wanted it all free, and so they used the
information operator routing, and would often talk "free-of-charge" for hours
on end.

Ma Bell finally realized that Blue Boxing was costing them Big Bucks, and
decided a few articles on the criminal penalties might scare the Blue Boxers
enough to cease and desist.  But who did Ma Bell catch?  The college kids and
the greedies.  When Ma Bell decided to catch the Blue Boxers she simply
examined the AMA tapes for calls to an information operator that were
excessively long.  No one talked to an operator for 5, 10, 30 minutes, or
several hours.  Once a long call to an operator appeared several times on an
AMA tape, Ma Bell simply monitored the line and the Blue Boxer was caught.
(Now you should understand why I opened with an explanation of the AMA
machine.)  If the Blue Boxer worked from a telephone booth, Ma Bell simply
monitored the booth.  Ma Bell might not have known who originated the call,
but she did know who got the call and getting that party to spill their guts
was no problem.

The mob and a few Blue Box hobbyists (maybe even thousands) knew of the AMA
machine, and so they used a real telephone number for the KP skip.  Their AMA
tapes looked perfectly legitimate.  Even if Ma Bell had told the authorities
they could provide a list of direct-dialed calls made by local mobsters, the
AMA tapes would never show who was called through a Blue Box.  For example, if
a bookmaker in New York wanted to lay off some action in Chicago, he could
make a legitimate call to a phone in New Jersey and then Blue Box to Chicago.
His AMA tape would show a call to New Jersey.  Nowhere would there be a record
of the call to Chicago.  Of course, automatic tone monitoring, computerized
billing, and ESS (Electronic Switching System) now makes that virtually
impossible, but that's the way it was.

You might wonder how Ma Bell discovered the tricks of Blue Boxers.  Simple,
they hired the perpetrators as consultants.  While the initial newspaper
articles detailed a potential jail penalties for apprehended blue boxers,
except for Ma Bell employees who assisted a blue boxer, it is almost
impossible to find an article on the resolution of the cases because most
hobbyist blue boxers got suspended sentences and/or probation if they
assisted Ma Bell in developing anti-blue box techniques.  It is asserted,
although it can't be easily proven, that cooperating ex-blue boxers were
paid as consultants.  (If you can't beat them, hire them to work for you.)

Should you get any ideas about Blue Boxing, keep in mind that modern switching
equipment has the capacity to recognize unauthorized tones.  It's the reason
why a local office can leave their subscriber Touch-Tone circuits active,
almost inviting you to use the Touch-Tone service.  A few days after you use
an unauthorized Touch-Tone service, the business office will call and inquire
whether you'd like to pay for the service or have it disconnected.  The very
same central-office equipment that knows you're using Touch-Tone frequencies
knows if your line is originating CCITT signals

The Black Box
~~~~~~~~~~~~~
The Black Box was primarily used by the college crowd to avoid charges when
frequent calls were made between two particular locations, say the college and
a student's home.  Unlike the somewhat complex circuitry of a Blue Box, a
Black Box was nothing more than a capacitor, a momentary switch, and a
battery.

As you recall from our discussion of the Blue Box, a telephone circuit is
really established before the target phone ever rings, and the circuit is
capable of carrying an AC signal in either direction.  When the caller hears
the ringing in his or her handset, nothing is happening at the receiving end
because the ringing signal he hears is really a tone generator at his local
telephone office.  The target (called) telephone actually gets its 20
pulses-per-second ringing voltage when the person who dialed hears nothing in
the "dead" spaces between hearing the ringing tone.  When the called phone is
answered and taken off hook, the telephone completes a local-office DC loop
that is the signal to stop the ringing voltage.  About three seconds later the
DC loop results in a signal being sent all the way back to the caller's AMA
machine that the called telephone was answered.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

                            CCITT NUMERICAL CODE
                            ~~~~~~~~~~~~~~~~~~~~
    Digit      Frequencies (Hz)

    1          700+900
    2          700+1100
    3          900+1100
    4          700+1300
    5          900+1300
    6          1100+1300
    7          700+1500
    8          900+1500
    9          1100+1500
    0          1300+1500
    Code 11    700+1700  for inward
    Code 12    900+1700  operators
    KP         1100+1700  Prime (Start of pulsing)
    KP2        1300+1700  Transit traffic
    ST         1500+1700  Start (End of pulsing)

------------------------------------------------------------------------------

The LOD/H Technical Journal: File #6 of 12
Volume 1, Issue 1  Released:  Jan. 1, 1987


                 +--------------------------------+
                 |   Building Your Own Blue Box   |
                 +--------------------------------+
                 |               By               |
                 |          Jester Sluggo         |
                 |     Released: Nov. 27, 1986    |
                 +--------------------------------+



     This Blue Box is based on the Exar 2207 Voltage Controlled Oscillator.
There are other ways to build Blue Boxes, some being better and some not as
good, but I chose to do it this way.  My reason for doing so: because at the
time I started this project, about the only schematic available on BBS's was
the one written by Mr. America and Nickie Halflinger.  Those plans soon (in
about 90 seconds) became very vague in their context with a couple in-
consistencies, but I decided to "rough it out" using those plans (based on the
Exar 2207 VCO) and build the Blue Box using that as my guide.  During the
construction of the Blue Box, I decided to type-up a "more complete and clear"
set of Blue Box schematics than the file that I based mine on, in order to
help others who may be trying/thinking of building a Blue Box.  I hope these
help.

     Note:  You should get a copy of the Mr. America/Nickie Halflinger Blue
Box plans.  Those plans may be of help to anyone who may have difficulty
understanding these plans.  Also, these plans currently do not support CCITT.

+---------------------------------+
| Why should I build a Blue Box ? |
+---------------------------------+

    Many of you may have that question, and here's my answer. Blue Boxing was
the origin of phreaking (excluding whistling). Without the advent of Blue
Boxes, I feel that some of the advances in the telecommunications industry
would've taken longer to develop (The need to stop the phone phreaks forced
AT+T Bell Laboratories to "step up" their development to stop those thieves!).
     There is no harm in building a Blue Box (except the knowledge you will
gain in the field of electronics).  Although there are software programs (Soft
Blue Boxes) available for many micro's that will produce the Blue Box
Multi-Frequency (MF) tones, they are not as portable as an actual Blue Box
(you can't carry your computer to a telephone, so you must use it from home
which could possibly lead to danger).
     Many phreaks are announcing the end of the Blue Box Era, but due to
discoveries I have made (even on ESS 1A and possibly ESS 5), I do not believe
this to be true.  Although many people consider Blue Boxing "a pain in the
ass", I consider Blue Boxing to be "phreaking in its' purest form".  There is
much to learn on the current fone network that has not been written about, and
Blue Boxes are necessary for some of these discoveries.  The gift of free fone
calls tends to be a bonus.

     Note: Blue Boxes also make great Christmas gifts!

+---------------------------------------+
| Items needed to construct a Blue Box. |
+---------------------------------------+
     Here is the list of items you will need and where you can get them.  It
may be a good idea to gather some of the key parts (the chips, and especially
the potentiometers, they took about 6 months to back order through Digi-key.  A
whole 6 fucking months!) before you start this project.  Also, basic
electronics tools will be necessary, and you might want to test the circuit on
a bread board, then wire-wrap the final project. Also, you will need a box of
some sort to put it in (like the blue plastic kind at Radio Shack that cost
around $5.00).

     Note: An oscilliscope should be used when tuning in the
           potentiometers because the Bell system allows
           only a 7-10% tolerance in the precision of the
           frequencies.

Qty.  Item                 Part No.      Place
---------------------------------------------------
 1  | 4 x 4 Keypad       |             | Digi-Key
 6  | Inverter Chip      | 74C04       |
 32 | Potentiometer      |             |
 1  | 4-16 Converter Chip| 74LS154     |
 1  | 16 Key Decoder     | 74C922      |
 2  | 2207 VCO           | XR2207CP    | Exar Corp.
 3  | .01 uf Capacitor   | 272-1051    | Radio Shack
 5  | .1 uf Capacitor    | 272-135     | Radio Shack
 2  | 1.5K Ohn Resistor  |             | Radio Shack
 2  | 1.0K Ohm Resistor  |             | Radio Shack
 1  | Speaker            |             | From an old Autovon fone.
 1  | 9 Volt Battery     |             | Anywhere

     The resistors should be a +/- 5% tolerance.
     The speaker can be from a regular telephone (mine just happened to be
from an old Autovon phone).  But make sure that you remove the diode.
     The Potentiometers should have a 100K Ohm range (but you may want to
make the calculations yourself to double check).
     The 9-volt battery can be obtained for free if you use your Radio Shack
Free Battery Club card.
     The Exar 2207 VCO can be found if you call the Exar Corp. located in
Sunnyvale, California.  Call them, and tell them the state you live in, and
they'll give the name and phone number to the distributor that is located
closest to you. The 2207 will vary from about $3.00 for the silicon-grade
(which is the one you'll want to use) to about $12.00 for the high-grade
Military chip.
     Note:  When you call Exar, you may want to ask them to send you the
spec-sheets that gives greater detail as to the operation and construction of
the chip.

                     +-------------------+
                     | Schematic Diagram |
                     +-------------------+

             +--------------+            +-------------+
             |  1  2  3  A  |            |  Figure #1  |
             |  4  5  6  B  |            +-------------+
             |  7  8  9  C  |            | Logic Side  |
             |  *  0  #  D  |            +-------------+
             ++-+-+-+-+-+-+-+
              1 | 3 | 5 | 7 |           (VCC)
              | 2 | 4 | 6 | 8           (+5 Volts)    +----+
              | | | < u | | |             [+]         |   _|_
              | | | | | | | |              |          |   \_/GND
           +--+-+-+-+-+-+-+-+----+      +--+----------+---+
           |  2 | 11| 10| 7 |    |      |  14         7   |
   (.01C)  |  | 3 | 4 | 8 | 1  12+------+1                |
   +--||---+5                  13+------+2   (*74C04*)    |
  _|_      |                     |      |                 |
  \_/GND   |     (*74C922*)      |      +-----------------+
     +--||-+6                    |
     |(.1C)|                     |
    _|_    |                    |
    \_/GND |   9  17 16 15 14  18|
           +--+--+--+--+--+---+--+
              |  |  |  |  |   |
             _|_ A  B  C  D   |
          GND\_/ |  |  |  |  [+] (VCC)      [+] (VCC)
                 |  |  |  |      (+5 volts)  |  (+5 volts)
                 |  |  |  |                  |
          -------+--+--+--+------------------+-----------------
          |      23 22 21 20                 24             18+-+
    +-----+12                                                 | +--+
    |     |                 (*74LS154*)                     19+-+ _|_
   _|_    |                                                   |   \_/
   \_/GND |  1  2  3  4  5  6  7  8  9 10 11 13 14 15 16 17   |   GND
          +--+--+--+--+--+--+--+--+--+-+--+--+--+--+--+--+----+
             1  2  3  4  5  6  7  8  9 10 11 12 13 14 15 16
             |  |  |  |  |  |  |  |  | |  |  |  |  |  |  |
                                                         |    (Connects)
                                                         | +---------->
                                +------------------------+ |  (Figure 2)
                                |       +--+       +-------+
                                |       |  |       |
                             +--+-------+--+-------+---+
                             |  3--|>o--4  5--|>o--6   |
                             |   (Invtr.)   (Invtr.)   |
             +---------------+7                        |
            _|_              |        (*74C04*)        |
         GND\_/   (VCC) [+]--+14                       |
                (+5 volts)   |                         |
                             +-------------------------+



    +-------------+                                  _
    |  Figure #2  |                                 / |
+---+-------------+----+          +----------------+  |
| Tone Generation Side |         _|_               |  | SPKR
+----------------------+      GND\_/    +---+--+---+  |
                                        |   |       \_|
                                        |   |
                                        |   |  +---------------+
           +-------+                    |   |  |               |
           |      _|_                   |   +--+14             |
           |      \_/GND                |      |  (Repeat of)  |
           |                            |      |    (First)    |
         ----- (.1C)                    |      |   (Circuit)   |
         -----                          |      |               |
           |                            |      | (*XR2207CP*)  |
           |       +-----------------+  |   +--+6              |
           |       |                 |  |   |  |               |
   [+]-----+-------+1              14+--+   |  +---------------+
  (VCC)            |                 |      +--------------------+
 (+9 Volts)   +----+2                |                           |
              |    |               12+---------------------+     |
     (.01C) -----  |                 |                    _|_    |
            -----  |  (*XR2207CP*)   |                    \_/GND |
              |    |                 |       1.5K Ohms           |
              +----+3              11+---+---\/\Rx/\/---+--+     |
                   |                 |   |              | _|_    |
                   |                 |   +---\/\Rx/\/---+ \_/GND |
                   |                 |       1.0K Ohms           |
                   |               10+----+                      |
     +-------------+6               9+----+---+                  |
     |             |                8+----+   |                  |
     |             |                 |      ----- (.1C)          |
     |             +-----------------+      -----                |
     +---------+                             _|_      +----------+
     |         | Pot.                     GND\_/ Pot. |          |
     |        \/\/\/\/--+-----------------------\/\/\/\/         |
     |         1400 Hz. |                        1600 Hz.        |
     +---------+        |                             +----------+
     |         | Pot.   |                        Pot. |          |
     |        \/\/\/\/--+----------------+------\/\/\/\/         |
     |         1500 Hz. |                |       900 Hz.         |
     |                  |                |                       |
     |     14 more      |                |       14 More         |
     |   Potentiometers |                |     Potentiometers    |
     |     in this      |                |       in this         |
     |   area left out  |                |     area left out     |
     |   for simplicity |                |     for simplicity    |
     |                  |                |                       |
     |                  |                |                       |
                        |
            (Connects)  |
          <-------------+
            (Figure 1)


+-------------------------+
| Multiplex Keypad System |
+-------------------------+

     First, the multiplex pattern used in the 4x4 keypad layout. I suggest
that keys 0-9 be used as the Blue Box's 0-9 keys, and then you can assign
A-D, *, # keys to your comfort (ie. * = Kp, # = St, D = 2600, and A-C as
Kp1, Kp2   or however you want).

     Note: On your 2600 Hz. key (The D key in example above)
           it may be a good idea to tune in a second
           potentiometer to 3700 Hz. (Pink Noise).

    Keypad      Key Assignments   Multiplex Pattern
  +---------+   +-------------+    +------------+
  | 1 2 3 A |   | 1  2  3  4  |    | 1  2  3  A |----Y1=8   X1=3
  | 4 5 6 B |   | 5  6  7  8  |    | 4  5  6  B |----Y2=1   X2=5
  | 7 8 9 C |   | 9  10 11 12 |    | 7  8  9  C |----Y3=2   X3=6
  | * 0 # D |   | 13 14 15 16 |    | *  0  #  D |----Y4=4   X4=7
  +---------+   +-------------+    +------------+
                                     |  |  |  |
                                     X1 X2 X3 X4

+----------------------+
| Blue Box Frequencies |
+----------------------+

     This section is taken directly from Mark Tabas's "Better Homes and Blue
Boxing" file Part 1.

Frequenies (Hz)  Domestic  Int'l
----------------------------------
 700+900            1        1
 700+1100           2        2
 900+1100           3        3
 700+1300           4        4
 900+1300           5        5
1100+1300           6        6
 700+1500           7        7
 900+1500           8        8
1100+1500           9        9
1300+1500           0        0

 700+1700          ST3p     Code 11
 900+1700          STp      Code 12
1100+1700          KP       KP1
1300+1700          ST2p     KP2
1500+1700          ST       ST
2600+3700      *Trunking Frequency*

     Note: For any further information about the uses or duration of the
frequencies, read the Mark Tabas files.

+----------------+
| Schematic Help |
+----------------+

     This is the Key to the diagrams in the schematic.  I hope that they help
more then they might hurt.

    _|_
    \_/GND   is the Ground symbol

     | |
  ---| |--   is the Capacitor symbol
     | |     (.1C)  stands for a .1 uf Capacitor
             (.01C) stands for a .01 uf Capacitor
     |
   -----
   -----     is another Capacitor symbol
     |

--\/\Rx/\/-- is the Resistor symbol (The 1.5K Ohm and 1.0K Ohm
                                     Resistors are at +/- 5% )
---+
   |
  \/\/\/\/-- is the Potentiometer symbol (The frequncies I supplied
                                          above are just examples.)
 --|>o--     is the Inverter symbol

+------------+
| Conclusion |
+------------+

     This is just one way to build a Blue Box.  If you choose this way, then I
hope this file is adequate enough to aid you in the construction.  Although
these are not the best plans, they do work. This file does not tell you how to
use it or what to do once it's built.  For that information I mention that you
read Mark Tabas's "Better Homes and Blue Boxing" files, or any other files/BBS
subboards that deal with that realm.
     If you need help, I sluggest (thanks for that one Taran) that you ask a
close friend, possibly an electronics teacher, or a phreak friend to help you.
Also, if you need help or have questions or comments about this file, you can
address them to me.  I can be contacted through the LOD/H Technical Journal
Staff account on the boards listed in the Intro, or on the few boards I call.

+-------------+
! Credentials !
+-------------+

     At last, this article would not be possible without the help of the
following people/places whom contributed to it in one way or another (it may
not be apparent to them, but every minute bit helps).

Deserted Surfer   (Who helped immensly from Day 1 of this project.)
                  (Without his help this file would not be.)
Mark Tabas        (For the BHBB files which inspired my interests.)
Nickie Halflinger (For the original Blue Box plans I used.)
Mr. America       (For the original Blue Box plans I used.)
Lex Luthor
Cheap Shades
Exar Corp.

Lastly, I would like to thank the United States government for furnishing
federal grants to this project. Without their financial help, I would have had
to dish out the money from my own pocket (Approximately $80.00. Egads!)



    Jester Sluggo

------------------------------------------------------------------------------

                            <Example Comment>


Name - Nocturnal Phoenix
Date - October 25, 1992
I can be reached on GENERIC BBS, (555)-555-5555, 1200/9600

                            <assorted inphormation>

------------------------------------------------------------------------------