💾 Archived View for gemini.spam.works › mirrors › textfiles › phreak › BIOCAGENT › bioc003.004 captured on 2022-07-17 at 10:29:24.
⬅️ Previous capture (2022-06-12)
-=-=-=-=-=-=-
BIOC.V
BIOC AGENT 003'S COURSE IN [BASIC TELECOMMUNICATIONS] Part V
Revised 08-Aug-84 Word Processed by Tharrys Ridenow
[PREFACE]:
Previous installments of this series were focused on telephony from a net-
work point of view. Part V will deal with telephone electronics focusing pri-
marily on the subscriber's telephone (hereinafter simply referred to as
"fone.")
WIRING:
Assuming a standard one-line fone, there are usually 4 wires that lead out
of the fone set. These are standardly colored red, green, yellow, and black.
The red and green wires are the two that are actually hooked up to your CO.
The yellow wire is sometimes used to ring different fones on a party line (ie,
one #, several families--found primarily in rural areas where they pay less for
the service and they don't use the fone as much); otherwise, the yellow is usu-
ally just ignored. On some two-line fones, the red and green wires are used
--More--(5%)
for the first fone # and the yellow and black are used for the second line. In
this case there must be an internal or external device that switches between
the two lines and provides a hold function (such as Radio Shack's outrageously
priced 2 line and hold module- a better one would be the 2-line Silver Box fone
[yes, it has keys A, B, C, and D, along with 2-line capability for only about
$60] found in a DAK catalog).
In telephony, the green and red wires are often referred to as Tip (T) and
Ring (R), respectively. This naming goes back to the old operator cord boards
where one of the wires was the tip of the plug and the other was the ring (of
the barrel).
A rotary fone (aka dial or pulse) will work fine regardless of whether the
red (or green) wire is connected to the Tip (+) or Ring (-). A Touch-Tone (TM)
fone is a different story, though. It will not work unless the Tip (+) is the
green wire. [Although, some of the more expensive DTMF fones do have a bridge
rectifier which compensates for polarity reversal.] This is why under certain
(non-digital) equipment you can reverse the red and green wires on a touch-tone
fone and receive free DTMF service. Even though it won't break dial tone, rev-
ersing the wires on a rotary line on a digital switch will cause the tones to
be generated.
VOLTAGES, ETC.:
When your telepone is on-hook (ie, hung up) there is approximately 48
--More--(13%)
volts of DC potential across the tip and ring. When the handset of a fone is
lifted a few switches close which causes a loop to be connected (known as the
"local loop") between your fone and the CO. Once this happens DC current is
able to flow through the fone with less resistance, causing a relay to energize
which then causes other CO equipment to realise that you want service. Eventu-
ally, you should end up with a dial tone. This also causes the 48VDC to drop
down into the vicinity of 12V. The resistance of the loop also drops below the
2500 ohm level, though FCC licensed telephone equipment must have an off-hook
impedance of 600 ohms.
As of now, you are probably saying "This is all nice and technical, but
what the hell good is the information?" Well, also consider that this voltage
(& resistance) drop is how the CO detects that a fone was taken off hook
(picked up). In this way, they know when to start billing the called number.
Now what do you suppose would happen if a device such as a resistor or a zener
diode was placed on the CALLED party's line so that the voltage would drop just
enough to allow talking but not enough to start billing? First off, the cal-
ling party would not be billed for the call but conversation could be persued.
Secondly, the CO equipment would think that the fone just kept on ringing. The
Telco calls this a "no-no" (toll fraud to be specific) while phone phreaks af-
fectionately call this mute a black box.
The following are instructions on how to build a simple black box. Of
course, anything that prevents the voltage from dropping would work.
--More--(22%)
You only need two parts: An SPST toggle switch and a 10,000 ohm (10 K) 1/2
watt resistor. Any electronics store should stock these parts.
Now, cut 2 pieces of wire (about 6 inches long) and attach one end of each
wire to one of the terminals on the switch. Now turn your K500 (standard desk
fone) upside down and take off the cover. Locate wire (disconnect from its
terminal). Now bring the switch out the rear of the fone and replace the cov-
er.
Put the switch in a position where you receive a dial tone. Mark this po-
sition NORMAL and the other side FREE.
When your phriends call (at a prearranged time), quickly lift and drop the
receiver as fast as possible. This will stop the ringing (do it again if it
doesn't) without starting the billing. It is important that you do it quickly
(less than one second). Then put the switch in the FREE position, pick up the
fone, and you have a phree incoming call. Keep all calls short and preferably
under 15 minutes.
NOTE: If someone picks up an extension in the called party's house and that
fone is not set for FREE then billing will start.
NOTE: An old way of signalling a phriend that you are about to call is mak-
ing a collect call to a non-existant person in the house. Since your
friend will not accept the charges, he will know that you are about to
call and thus prepare the black box (or vice versa).
WARNING: The Telco can detect black boxes if they suspect one on your line.
--More--(30%)
This is done due to the presence of AC voice signal at the wrong DC
level!
Pictoral diagram (standard rotary K500 fone):
--------------------------------------------------------------
| |
******BLUE WIRE****>>>>F<<< |
| * * |
****WHITE WIRE**** * |
| * |
| RESISTOR |
| * |
| * |
| >>>RR<<<**************SWITCH******** |
| * |
**********************************GREEN*WIRE*************** |
| |
--------------------------------------------------------------
NOTE: The black box will not work under ESS or similar digital switches
since ESS does not connect the voice circuits until the fone is picked
up (and billing starts). Instead, ESS uses an "artificial" computer
--More--(37%)
generated ring.
RINGING:
To inform a subscriber of an incoming call, the Telco sends 90 volts (RMS)
of pulsing AC down the line (at around 15 to 60 Hz; usually 20 Hz). In most
fones this causes a metal armature to be attracted alternately between two
electromagnets thus striking 2 bells. Of course, the standard bell (patented
in 1878 by Tom A. Watson) can be replaced by a more modern electronic bell or
signaling device.
Also, you can have lights and other similar devices in lieu of (or in con-
junction with) the bell. A simple neon light (with its corresponding resistor)
can simply be connected between the red and green wires (usually L1 and L2 on
the network box) so that it lights up on incoming calls.
WARNING: 90 VDC can give quite a shock. Exercise extreme caution if you
wish to further pursue these topics.
Also included in the ringing circuit is a capacitor to prevent the DC
current from interfering with the bell [a capacitor will pass AC current while
it will prevent DC current from flowing (by storing it)]. Another reason that
the telco hates black boxes is because ringing uses a lot of common-control
equipment, in the CO, which use a lot of electricity. Thus the ringing genera-
tors are being tied up while a free call is being made. Usually calls that are
allowed to ring for a long period of time may be construed as suspicious. Some
--More--(45%)
offices may be set up to drop a trouble card for long periods of ringing, then
a "no-no" detection device may be placed on the line.
Incidentally, the term "ring trip" refers to the CO process involved to
stop the AC ringing signal when the calling fone goes off hook.
NOTE: It is suggested that you actually dissect fones to help you better
understand them. It will also help you to better understand the
concepts if you actually prove them to yourself. For example, actual-
ly take the voltage readings on your fone line (any simple multi-test-
er [a must] will do). Phreaking is an interactive process, not a pas- sive one!
DIALING:
On a standard fone, there are two common types of dialing: pulse and DTMF.
Of course, some people insist on being different and don't use DT thus leaving
them with MF (Multi Frequency, aka operator, aka Blue Box!) tones. This is
another "no-no" and the Telco security gentlemen have a special knack for deal-
ing with such "phreaks" on the Network.
When you dial rotary, you are actually rapidly breaking and reconnecting
(breaking and making) the local loop once for each digit dialed. Since the
physical connection must be broken, you cannot dial if another extension is
off-hook. Neither of the fones will be able to dial pulse unless the other
hangs up.
--More--(52%)
Another term often referred to in telephone electronics is the break ratio.
In the US, the standard is 10 pulses per second. When the circuit is opened it
is called the break interval, when it is closed it is called the make interval.
In th US, there is a 60 millisecond (ms) make period and a 40 ms break period.
(60+40=100 ms = 1/10 s). This is referred to as a 60% make interval. Some of
the more sophisticated electronic fones can switch between a 60% and a 67% make
interval. This is due to the fact that many foreign nation use a 67% break in-
terval. <Editor's note: I have a rather interesting GE fone that switches
between a strange form of DTMF and pulse dialing. It seems that Telco equip-
ment will take 20 pulses per second as well for pulse dialing, and you don't
have to pay extra (I had been experimenting with a line that didn't subscribe
to touchtone). This fone (from GE: 2-9260A) is ideal for the phone phreak as
it has 12 number memory and redial of last number in addition to the ability to
work on a non-DTMF line.>
Have you ever been in an office or a similar facility and saw a fone wait-
ing to be used for a phree call but some asshole put a lock on it to prevent
outgoing calls?
Well, don't fret phellow phreaks, you can simulate pulse dialing by rapidly
depressing the switchhook. (If you depress it for longer than a second it will
be construed as a disconnect.) By rapidly switchhooking you are causing the
local loop to be broken and made again similar to rotary dialing! Thus, if you
can manage to switchhook rapidly 10 times you can reach an operator to place
--More--(61%)
any call you want! This takes a lot of practice, though. You might want to
practice on your own fone dialing a friend's # or something else. Incidental-
ly, this method will work with DTMF fones since all DTMF lines can also handle
rotary.
Another problem with pulse dialing is that it produces high-voltage spikes
that make loud clicks in the earpiece and cause the bell to "tinkle". If you
never noticed this then your fone has a special "anti-tinkle" and earpiece
shorting circuit (most do). If you have ever disconnected a rotary fone (a
must for any serious phreak) you would notice that there are 2 sets of contacts
that open and close during pulsing (on the back of the rotary dial under the
plastic cover). One of these actually opens and closes the loop while the oth-
er mutes the earpiece by shorting it out. The second contacts also activate a
special anti-tinkle circuit that puts a 340 ohm resistor across the ringing
circuit which prevents the high voltage spikes from interfering with the bell.
Dual Tone Multi Frequency (DTMF) is a modern day improvement on pulse dialing
in several ways. First of all, it is more convenient for the user since it is
faster and can be used for signalling after the call is completed (i.e. SCC's,
computers, etc.). Also, it is more up to par with modern day switching equip-
ment (such as ESS) since pulse dialing was designed to actually move relays by
the number of digits dialed (in SXS offices). Each key on a DTMF keypad pro-
duces 2 frequencies simultaneously (one from the high group and another from
--More--(70%)
the low group).
---------------------------------
| Q | ABC | DEF | |
697 Hz-| 1 | 2 | 3 | A |
---------------------------------
| GHI | JKL | MNO | |
770 Hz-| 4 | 5 | 6 | B |
---------------------------------
| PRS | TUV | WXY | |
852 Hz-| 7 | 8 | 9 | C |
---------------------------------
| |Z OPER| | |
952 Hz-| * | 0 | # | D |
---------------------------------
1209 Hz 1336 Hz 1477 Hz 1633 Hz
A portable DTMF keypad is known as a white box. The fourth column (1633 Hz) is
not normally found on regular phones but it does have several special uses. (A
fone modified to use these 1633 Hz tones is called a silver box, and a portable
full DTMF keypad is called a gray box.) For one, it is used to designate the
priority of calls on AUTOVON, the military phone network. The keys are called
--More--(75%)
Flash, Immediate, Priority, and Routine (with variations) instead of ABCD.
Secondly, these keys are used for testing purposes by the telco. In some areas
you can find loops as well as other neat tests (see part II) on the 555-1212
directory assistance exchange. For this, you would call up a DA in certain
areas [that have an Automatic Call Distributor (ACD)] and hold down the D key
which should blow the operator off. You will then hear a pulsing dial tone
which indicates that you are in the ACD internal testing mode. You can get on
one side of a loop by dialling a 6. You can get on the other side by dialling
a 7. Some phreaks claim that if the person on side 6 hangs up, occasionally
the equipment will screw up and start routing directory assistance calls to the
other side of the loop. Another alleged test is called REMOB which allows you
to tap into lines by entering a special code followed by the 7 digit number you
want to monitor. Then there is the possibility of mass conferencing. ACD's
are becoming rare, though. You will probably have to make several NPA-555-1212
calls before you find one. You can modify regular fones quite readily so that
they have a switch to change between the 3rd and 4th columns. The plans can be
found in TAP as well as on many BBS's.
TRANSMITTER/RECIEVER:
When you talk into the transmitter, the sound waves from your voice cause
a diaphragm to vibrate and press against the carbon granules (or another simi-
lar substance). This causes the carbon granules to compress and contract, thus
--More--(84%)
changing the resistance of the DC current flowing through it. Therefore, your
AC voice signal is superimposed over the DC current of the local loop. The re-
ciever works in a similar fashion where the simple types utilise a magnet, ar-
mature, and diaphragm.
HYBRID/INDUCTION COIL:
As you may have noticed, there are two wires for the reciever and two for
the transmitter in the phone, yet the local loop consists of 2 wires instead of
4. This 4 wire to 2 wire conversion is done inside the phone by a device known
as an induction coil which uses coupling transformers. The reason 2 wires are
used on the local loops are because it is a lot cheaper for the Telco. All of
the interoffice trunks utilise 4 wires. This is necessary for full duplex
(i.e. simultaneous conversation on both sides) and for amplification devices.
There are similar devices in the CO's, known as a hybrid, that couple the 4
wire trunks to the 2 wire local loops and vice versa.
MISCELLANEOUS:
In the telephone, there is also a balancing network consisting of a few
capacitors and resistors which provide sidetone. Sidetone allows the caller to
hear his own volume in the reciever. He can then adjust his own voice accord-
ingly. This prevents people from shouting or speaking too softly without not-
icing it.
--More--(91%)
Hold: When a telephone goes off hook, the resistance drops below 2500 ohms. At
this point, the Telco will send a dial tone. To put someone on hold you must
put a 1000 ohm resistor (1 watt) across the tip and ring before it reaches the
switchhook. In this way, when the phone is hung up (for hold) the resistance
remains below 2500 ohms which causes the CO to believe you are still off-hook.
You can build a simple hold device using the following pictorial diagram:
/
(RED) O--------------------------/
| | |
| | |
1000 Ohm | |
Resistor Ringing |
| Circuit |
| | Switch
/ | hook
/ SPST switch | |
/ | |
| | |
| | |/
--More--(97%)
(GREEN) O------------------------/
The hold device will only work if you hang up the phone. To make a hold/mute
switch, run a short wire across to create a short circuit (who cares if you
damage CO equipment?).
CONCLUSION:
I hope that you have enjoyed this installment of Basic Telecommunications.
I have assumed that you have read the first four in this series, and also that
you have a basic knowledge of electronics. In Basic Telecommuications Part VI,
we will discuss fortress fones (pay phones).
{G-Files} Command <?>:
Please enter either [file-name], [l], [h], [q], or [?]